com.vmware.cxfrestclient

Class CxfClientSecurityContext

java.lang.Object

com.vmware.cxfrestclient.CxfClientSecurityContext

public final class CxfClientSecurityContext
extends Object

A security context for AbstractCxfRestClient to control select SSL connection and https verification parameters

An object of this class can be created using one of the public factory methods:

• getCxfClientSecurityContext(KeyStore, char[], KeyStore, Collection, boolean)
• getDefaultCxfClientSecurityContext()

AbstractCxfRestClient uses an object of this class to determine:

• Overriding KeyManagers, if any
• Overriding TrustManagers, if any
• Overriding Collection of Protocols, if any
• Overriding Collection of Ciphers, if any
• Whether hostname must be verified when initiating an HTTPS session. If yes, hostname will be verified using platform HostnameVerifier

Field Summary

Fields

Modifier and Type	Field and Description
static Collection<String>	DEFAULT_CIPHER_LIST
static Collection<String>	DEFAULT_PROTOCOL_LIST

Method Summary

Modifier and Type	Method and Description
boolean	equals(Object obj)
static CxfClientSecurityContext	getCxfClientSecurityContext(KeyStore keystore, char[] keyPassword, KeyStore truststore, Collection<String> ciphers, boolean enableHostnameVerification) Factory method to get a context that will configure AbstractCxfRestClient's SSL Handshake context and hostname verifier as specified by the input provided
static CxfClientSecurityContext	getCxfClientSecurityContext(KeyStore keystore, char[] keyPassword, KeyStore truststore, Collection<String> protocols, Collection<String> ciphers, boolean enableHostnameVerification) Factory method to get a context that will configure AbstractCxfRestClient's SSL Handshake context and hostname verifier as specified by the input provided
static CxfClientSecurityContext	getCxfClientSecurityContext(SSLSocketFactory sslSocketFactory, boolean enableHostnameVerification) Factory method to get a context that will configure AbstractCxfRestClient's SSL Handshake context and hostname verifier as specified by the input provided
static CxfClientSecurityContext	getDefaultCxfClientSecurityContext() Factory method to get a context that will configure AbstractCxfRestClient to use system default key managers, trust managers and cipher suites for SSL Handshake and system default hostname verifier for https
SSLSocketFactory	getSSLSocketFactory()
int	hashCode()
String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

DEFAULT_PROTOCOL_LIST

public static final Collection<String> DEFAULT_PROTOCOL_LIST

DEFAULT_CIPHER_LIST

public static final Collection<String> DEFAULT_CIPHER_LIST

Method Detail

getDefaultCxfClientSecurityContext

public static CxfClientSecurityContext getDefaultCxfClientSecurityContext()

Factory method to get a context that will configure AbstractCxfRestClient to use system default key managers, trust managers and cipher suites for SSL Handshake and system default hostname verifier for https

getCxfClientSecurityContext

public static CxfClientSecurityContext getCxfClientSecurityContext(KeyStore keystore,
                                                                   char[] keyPassword,
                                                                   KeyStore truststore,
                                                                   Collection<String> ciphers,
                                                                   boolean enableHostnameVerification)
                                                            throws GeneralSecurityException

Factory method to get a context that will configure AbstractCxfRestClient's SSL Handshake context and hostname verifier as specified by the input provided

Parameters:

keystore - KeyStore that contains key material to configure client's KeyManager. null input means use system default key manager

keyPassword - Password to decrypt information in provided keystore. Ignored if no keystore provided

truststore - KeyStore that contains trust material to configure client's TrustManager. null means use system default trust manager

ciphers - List of ciphers that are permitted for use by the client during SSL Handshake. DEFAULT_CIPHER_LIST means use system default cipher suite

enableHostnameVerification - true would indicate using system default hostname verifier for https. false indicates do not use an all-permitting hostname verifier

Returns:

CxfClientSecurityContext that will help AbstractCxfRestClient to pick up configuration as described.

Throws:

GeneralSecurityException - if either the keystore or the truststore could not be used to set up necessary managers

getCxfClientSecurityContext

public static CxfClientSecurityContext getCxfClientSecurityContext(KeyStore keystore,
                                                                   char[] keyPassword,
                                                                   KeyStore truststore,
                                                                   Collection<String> protocols,
                                                                   Collection<String> ciphers,
                                                                   boolean enableHostnameVerification)
                                                            throws GeneralSecurityException

Factory method to get a context that will configure AbstractCxfRestClient's SSL Handshake context and hostname verifier as specified by the input provided

Parameters:

keystore - KeyStore that contains key material to configure client's KeyManager. null input means use system default key manager

keyPassword - Password to decrypt information in provided keystore. Ignored if no keystore provided

truststore - KeyStore that contains trust material to configure client's TrustManager. null means use system default trust manager

protocols - List of protocols that are permitted for use by the client during SSL Handshake. DEFAULT_PROTOCOL_LIST means use system default cipher suite

ciphers - List of ciphers that are permitted for use by the client during SSL Handshake. DEFAULT_CIPHER_LIST means use system default cipher suite

enableHostnameVerification - true would indicate using system default hostname verifier for https. false indicates do not use an all-permitting hostname verifier

Returns:

CxfClientSecurityContext that will help AbstractCxfRestClient to pick up configuration as described.

Throws:

GeneralSecurityException - if either the keystore or the truststore could not be used to set up necessary managers

getCxfClientSecurityContext

public static CxfClientSecurityContext getCxfClientSecurityContext(SSLSocketFactory sslSocketFactory,
                                                                   boolean enableHostnameVerification)

Factory method to get a context that will configure AbstractCxfRestClient's SSL Handshake context and hostname verifier as specified by the input provided

Parameters:

sslSocketFactory - SSLSocketFactory to use when connecting to vCD/vCTA

enableHostnameVerification - whether hostname verification should be enabled or disabled

Returns:

CxfClientSecurityContext that will help AbstractCxfRestClient to pick up the SSLSocketFactory provided and configure hostname verification as specified.

getSSLSocketFactory

public final SSLSocketFactory getSSLSocketFactory()

hashCode

public int hashCode()

Overrides:

hashCode in class Object

equals

public boolean equals(Object obj)

Overrides:

equals in class Object

toString

public String toString()

Overrides:

toString in class Object