Package org.jboss.security
Class JBossJSSESecurityDomain
- java.lang.Object
-
- org.jboss.security.JBossJSSESecurityDomain
-
- All Implemented Interfaces:
BaseSecurityManager
,JSSESecurityDomain
public class JBossJSSESecurityDomain extends Object implements JSSESecurityDomain
A security domain used to configure SSL.- Author:
- Marcus Moyses
-
-
Constructor Summary
Constructors Constructor Description JBossJSSESecurityDomain(String securityDomainName)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Properties
getAdditionalProperties()
Returns the additional properties mapCertificate
getCertificate(String alias)
Returns the certificate with the given alias or null if no such certificate exists, from the trust store this security domain delegates to.String[]
getCipherSuites()
Returns the cipher suites that should be enabled on SSLSocketsString
getClientAlias()
Get the preferred client alias nameKey
getKey(String alias, String serviceAuthToken)
Returns the key with the given alias from the key store this security domain delegates to.String
getKeyManagerFactoryAlgorithm()
String
getKeyManagerFactoryProvider()
KeyManager[]
getKeyManagers()
Get the KeyManagers created by the configured KeyManagerFactoryKeyStore
getKeyStore()
Get the keystore associated with the security domainString
getKeyStoreProvider()
String
getKeyStoreProviderArgument()
String
getKeyStoreType()
String
getKeyStoreURL()
String[]
getProtocols()
Returns the protocols that should be enabled on SSLSocketsString
getSecurityDomain()
Get the security domain from which the security manager is from.String
getServerAlias()
Get the preferred server alias nameString
getTrustManagerFactoryAlgorithm()
String
getTrustManagerFactoryProvider()
TrustManager[]
getTrustManagers()
Get the TrustManagers created by the configured TrustManagerFactoryKeyStore
getTrustStore()
Get the truststore associated with the security domain.String
getTrustStoreProvider()
String
getTrustStoreProviderArgument()
String
getTrustStoreType()
String
getTrustStoreURL()
boolean
isClientAuth()
Get the client auth flagvoid
reloadKeyAndTrustStore()
Reload/initialize keystore and truststore using the attributes set in the security domainvoid
setAdditionalProperties(Properties properties)
void
setCipherSuites(String cipherSuites)
void
setClientAlias(String clientAlias)
void
setClientAuth(boolean clientAuth)
void
setKeyManagerFactoryAlgorithm(String keyManagerFactoryAlgorithm)
void
setKeyManagerFactoryProvider(String keyManagerFactoryProvider)
void
setKeyStorePassword(String keyStorePassword)
void
setKeyStoreProvider(String keyStoreProvider)
void
setKeyStoreProviderArgument(String keyStoreProviderArgument)
void
setKeyStoreType(String keyStoreType)
void
setKeyStoreURL(String keyStoreURL)
void
setProtocols(String protocols)
void
setServerAlias(String serverAlias)
void
setServiceAuthToken(String serviceAuthToken)
void
setTrustManagerFactoryAlgorithm(String trustManagerFactoryAlgorithm)
void
setTrustManagerFactoryProvider(String trustManagerFactoryProvider)
void
setTrustStorePassword(String trustStorePassword)
void
setTrustStoreProvider(String trustStoreProvider)
void
setTrustStoreProviderArgument(String trustStoreProviderArgument)
void
setTrustStoreType(String trustStoreType)
void
setTrustStoreURL(String trustStoreURL)
-
-
-
Constructor Detail
-
JBossJSSESecurityDomain
public JBossJSSESecurityDomain(String securityDomainName)
-
-
Method Detail
-
getKeyStoreType
public String getKeyStoreType()
-
setKeyStoreType
public void setKeyStoreType(String keyStoreType)
-
getKeyStoreURL
public String getKeyStoreURL()
-
setKeyStoreURL
public void setKeyStoreURL(String keyStoreURL) throws IOException
- Throws:
IOException
-
getKeyStoreProvider
public String getKeyStoreProvider()
-
setKeyStoreProvider
public void setKeyStoreProvider(String keyStoreProvider)
-
getKeyManagerFactoryProvider
public String getKeyManagerFactoryProvider()
-
getKeyStoreProviderArgument
public String getKeyStoreProviderArgument()
-
setKeyStoreProviderArgument
public void setKeyStoreProviderArgument(String keyStoreProviderArgument)
-
setKeyManagerFactoryProvider
public void setKeyManagerFactoryProvider(String keyManagerFactoryProvider)
-
getKeyManagerFactoryAlgorithm
public String getKeyManagerFactoryAlgorithm()
-
setKeyManagerFactoryAlgorithm
public void setKeyManagerFactoryAlgorithm(String keyManagerFactoryAlgorithm)
-
getTrustStoreType
public String getTrustStoreType()
-
setTrustStoreType
public void setTrustStoreType(String trustStoreType)
-
getTrustStoreURL
public String getTrustStoreURL()
-
setTrustStoreURL
public void setTrustStoreURL(String trustStoreURL) throws IOException
- Throws:
IOException
-
getTrustStoreProvider
public String getTrustStoreProvider()
-
setTrustStoreProvider
public void setTrustStoreProvider(String trustStoreProvider)
-
getTrustStoreProviderArgument
public String getTrustStoreProviderArgument()
-
setTrustStoreProviderArgument
public void setTrustStoreProviderArgument(String trustStoreProviderArgument)
-
getTrustManagerFactoryProvider
public String getTrustManagerFactoryProvider()
-
setTrustManagerFactoryProvider
public void setTrustManagerFactoryProvider(String trustManagerFactoryProvider)
-
getTrustManagerFactoryAlgorithm
public String getTrustManagerFactoryAlgorithm()
-
setTrustManagerFactoryAlgorithm
public void setTrustManagerFactoryAlgorithm(String trustManagerFactoryAlgorithm)
-
getClientAlias
public String getClientAlias()
Description copied from interface:JSSESecurityDomain
Get the preferred client alias name- Specified by:
getClientAlias
in interfaceJSSESecurityDomain
- Returns:
- the preferred client alias, in case the underlying keystore contains multiple client aliases that can be used, and we wish to have more control over picking a specific one. Will return null if no preferred client alias is configured.
-
setClientAlias
public void setClientAlias(String clientAlias)
-
getServerAlias
public String getServerAlias()
Description copied from interface:JSSESecurityDomain
Get the preferred server alias name- Specified by:
getServerAlias
in interfaceJSSESecurityDomain
- Returns:
- the preferred server alias, in case the underlying keystore contains multiple server aliases that can be used, and we wish to have more control over picking a specific one. Will return null if no preferred server alias is configured.
-
setServerAlias
public void setServerAlias(String serverAlias)
-
isClientAuth
public boolean isClientAuth()
Description copied from interface:JSSESecurityDomain
Get the client auth flag- Specified by:
isClientAuth
in interfaceJSSESecurityDomain
- Returns:
- true to instruct callers into the implementations of this interface to require client authentication during the SSL handshake. If this flag is "true", the SSL handshake is supposed to fail if a client does not provide a valid certificate.
-
setClientAuth
public void setClientAuth(boolean clientAuth)
-
getKeyStore
public KeyStore getKeyStore()
Description copied from interface:JSSESecurityDomain
Get the keystore associated with the security domain- Specified by:
getKeyStore
in interfaceJSSESecurityDomain
- Returns:
- the keystore
-
getTrustStore
public KeyStore getTrustStore()
Description copied from interface:JSSESecurityDomain
Get the truststore associated with the security domain. This may be the same as the keystore- Specified by:
getTrustStore
in interfaceJSSESecurityDomain
- Returns:
- the truststore
-
setKeyStorePassword
public void setKeyStorePassword(String keyStorePassword) throws Exception
- Throws:
Exception
-
setTrustStorePassword
public void setTrustStorePassword(String trustStorePassword) throws Exception
- Throws:
Exception
-
setServiceAuthToken
public void setServiceAuthToken(String serviceAuthToken) throws Exception
- Throws:
Exception
-
getKeyManagers
public KeyManager[] getKeyManagers() throws SecurityException
Description copied from interface:JSSESecurityDomain
Get the KeyManagers created by the configured KeyManagerFactory- Specified by:
getKeyManagers
in interfaceJSSESecurityDomain
- Returns:
- the initialized KeyManagers
- Throws:
SecurityException
-
getTrustManagers
public TrustManager[] getTrustManagers() throws SecurityException
Description copied from interface:JSSESecurityDomain
Get the TrustManagers created by the configured TrustManagerFactory- Specified by:
getTrustManagers
in interfaceJSSESecurityDomain
- Returns:
- the initialized TrustManagers
- Throws:
SecurityException
-
getSecurityDomain
public String getSecurityDomain()
Description copied from interface:BaseSecurityManager
Get the security domain from which the security manager is from. Every security manager belongs to a named domain. The meaning of the security domain name depends on the implementation. Examples range from as fine grained as the name of EJBs to J2EE application names to DNS domain names.- Specified by:
getSecurityDomain
in interfaceBaseSecurityManager
- Returns:
- the security domain name. May be null in which case the security manager belongs to the logical default domain.
-
getKey
public Key getKey(String alias, String serviceAuthToken) throws Exception
Description copied from interface:JSSESecurityDomain
Returns the key with the given alias from the key store this security domain delegates to. All keys except public keys require a service authentication token. In case of a public key the authentication token will be ignored, and it can be safely null.- Specified by:
getKey
in interfaceJSSESecurityDomain
- Parameters:
alias
- - the alias corresponding to the key to be retrieved.serviceAuthToken
- - the authentication token that establishes whether the calling service has the permission to retrieve the key. If no authentication token provided, or invalid authentication token is provided, the method will throw SecurityException- Returns:
- the requested key, or null if the given alias does not exist or does not identify a key-related entry.
- Throws:
SecurityException
- for missing or invalid serviceAuthToken.IllegalStateException
- if sensitive information is requested, but no service authorization token is configured on security domain.Exception
- See Also:
KeyStore.getKey(String, char[])
-
getCertificate
public Certificate getCertificate(String alias) throws Exception
Description copied from interface:JSSESecurityDomain
Returns the certificate with the given alias or null if no such certificate exists, from the trust store this security domain delegates to.- Specified by:
getCertificate
in interfaceJSSESecurityDomain
- Parameters:
alias
- - the alias corresponding to the certificate to be retrieved.- Returns:
- the requested certificate, or null if the given alias does not exist or does not identify a certificate-related entry.
- Throws:
Exception
- See Also:
KeyStore.getKey(String, char[])
-
reloadKeyAndTrustStore
public void reloadKeyAndTrustStore() throws Exception
Description copied from interface:JSSESecurityDomain
Reload/initialize keystore and truststore using the attributes set in the security domain- Specified by:
reloadKeyAndTrustStore
in interfaceJSSESecurityDomain
- Throws:
Exception
- if an error occurs
-
getCipherSuites
public String[] getCipherSuites()
Description copied from interface:JSSESecurityDomain
Returns the cipher suites that should be enabled on SSLSockets- Specified by:
getCipherSuites
in interfaceJSSESecurityDomain
- Returns:
- array of cipher suite names
-
setCipherSuites
public void setCipherSuites(String cipherSuites)
-
getProtocols
public String[] getProtocols()
Description copied from interface:JSSESecurityDomain
Returns the protocols that should be enabled on SSLSockets- Specified by:
getProtocols
in interfaceJSSESecurityDomain
- Returns:
- array of protocol names
-
setProtocols
public void setProtocols(String protocols)
-
getAdditionalProperties
public Properties getAdditionalProperties()
Description copied from interface:JSSESecurityDomain
Returns the additional properties map- Specified by:
getAdditionalProperties
in interfaceJSSESecurityDomain
- Returns:
- map with additional properties
-
setAdditionalProperties
public void setAdditionalProperties(Properties properties)
-
-