org.bouncycastle.est.jcajce.JsseESTServiceBuilder Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of bcpkix-jdk15on Show documentation
Show all versions of bcpkix-jdk15on Show documentation
The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.
The newest version!
package org.bouncycastle.est.jcajce;
import java.net.Socket;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import javax.net.ssl.KeyManager;
import javax.net.ssl.X509TrustManager;
import org.bouncycastle.est.ESTClientProvider;
import org.bouncycastle.est.ESTService;
import org.bouncycastle.est.ESTServiceBuilder;
/**
* Build an RFC7030 (EST) service based on the JSSE.
*/
public class JsseESTServiceBuilder
extends ESTServiceBuilder
{
protected SSLSocketFactoryCreator socketFactoryCreator;
protected JsseHostnameAuthorizer hostNameAuthorizer = new JsseDefaultHostnameAuthorizer(null);
protected int timeoutMillis = 0;
protected ChannelBindingProvider bindingProvider;
protected Set supportedSuites = new HashSet();
protected Long absoluteLimit;
protected SSLSocketFactoryCreatorBuilder sslSocketFactoryCreatorBuilder;
protected boolean filterCipherSuites = true;
/**
* Create a builder for a client using a custom SSLSocketFactoryCreator.
*
* @param server name of the server to talk to (URL format).
* @param socketFactoryCreator a custom creator of socket factories.
*/
public JsseESTServiceBuilder(String server, SSLSocketFactoryCreator socketFactoryCreator)
{
super(server);
if (socketFactoryCreator == null)
{
throw new NullPointerException("No socket factory creator.");
}
this.socketFactoryCreator = socketFactoryCreator;
}
/**
* Create a builder for a client talking to a server that is not yet trusted.
*
* @param server name of the server to talk to (URL format).
*/
public JsseESTServiceBuilder(String server)
{
super(server);
sslSocketFactoryCreatorBuilder = new SSLSocketFactoryCreatorBuilder(JcaJceUtils.getTrustAllTrustManager());
}
/**
* Create a builder for a client talking to a trusted server.
*
* @param server name of the server to talk to (URL format).
* @param trustManager
*/
public JsseESTServiceBuilder(String server, X509TrustManager trustManager)
{
super(server);
sslSocketFactoryCreatorBuilder = new SSLSocketFactoryCreatorBuilder(trustManager);
}
/**
* Create a builder for a client talking to a trusted server.
*
* @param server name of the server to talk to (URL format).
* @param trustManager
*/
public JsseESTServiceBuilder(String server, X509TrustManager[] trustManager)
{
super(server);
sslSocketFactoryCreatorBuilder = new SSLSocketFactoryCreatorBuilder(trustManager);
}
public JsseESTServiceBuilder withHostNameAuthorizer(JsseHostnameAuthorizer hostNameAuthorizer)
{
this.hostNameAuthorizer = hostNameAuthorizer;
return this;
}
public JsseESTServiceBuilder withClientProvider(ESTClientProvider clientProvider)
{
this.clientProvider = clientProvider;
return this;
}
public JsseESTServiceBuilder withTimeout(int timeoutMillis)
{
this.timeoutMillis = timeoutMillis;
return this;
}
public JsseESTServiceBuilder withReadLimit(long absoluteLimit)
{
this.absoluteLimit = absoluteLimit;
return this;
}
public JsseESTServiceBuilder withChannelBindingProvider(ChannelBindingProvider channelBindingProvider)
{
this.bindingProvider = channelBindingProvider;
return this;
}
public JsseESTServiceBuilder addCipherSuites(String name)
{
this.supportedSuites.add(name);
return this;
}
public JsseESTServiceBuilder addCipherSuites(String[] names)
{
this.supportedSuites.addAll(Arrays.asList(names));
return this;
}
public JsseESTServiceBuilder withTLSVersion(String tlsVersion)
{
if (this.socketFactoryCreator != null)
{
throw new IllegalStateException("Socket Factory Creator was defined in the constructor.");
}
this.sslSocketFactoryCreatorBuilder.withTLSVersion(tlsVersion);
return this;
}
public JsseESTServiceBuilder withSecureRandom(SecureRandom secureRandom)
{
if (this.socketFactoryCreator != null)
{
throw new IllegalStateException("Socket Factory Creator was defined in the constructor.");
}
this.sslSocketFactoryCreatorBuilder.withSecureRandom(secureRandom);
return this;
}
/**
* Configure this builder to use the provider with the passed in name.
*
* @param tlsProviderName the name JSSE Provider to use.
* @return the current builder instance.
* @throws NoSuchProviderException if the specified provider does not exist.
*/
public JsseESTServiceBuilder withProvider(String tlsProviderName)
throws NoSuchProviderException
{
if (this.socketFactoryCreator != null)
{
throw new IllegalStateException("Socket Factory Creator was defined in the constructor.");
}
this.sslSocketFactoryCreatorBuilder.withProvider(tlsProviderName);
return this;
}
/**
* Configure this builder to use the passed in provider.
*
* @param tlsProvider the JSSE Provider to use.
* @return the current builder instance.
*/
public JsseESTServiceBuilder withProvider(Provider tlsProvider)
{
if (this.socketFactoryCreator != null)
{
throw new IllegalStateException("Socket Factory Creator was defined in the constructor.");
}
this.sslSocketFactoryCreatorBuilder.withProvider(tlsProvider);
return this;
}
public JsseESTServiceBuilder withKeyManager(KeyManager keyManager)
{
if (this.socketFactoryCreator != null)
{
throw new IllegalStateException("Socket Factory Creator was defined in the constructor.");
}
this.sslSocketFactoryCreatorBuilder.withKeyManager(keyManager);
return this;
}
public JsseESTServiceBuilder withKeyManagers(KeyManager[] keyManagers)
{
if (this.socketFactoryCreator != null)
{
throw new IllegalStateException("Socket Factory Creator was defined in the constructor.");
}
this.sslSocketFactoryCreatorBuilder.withKeyManagers(keyManagers);
return this;
}
/**
* Filter cipher suites with supported before passing to JSSE provider.
*
* @param filter true, supplied cipher suites will be filtered with supported before passing to the JSSE provider.
* @return this;
*/
public JsseESTServiceBuilder withFilterCipherSuites(boolean filter)
{
this.filterCipherSuites = filter;
return this;
}
public ESTService build()
{
if (bindingProvider == null)
{
bindingProvider = new ChannelBindingProvider()
{
public boolean canAccessChannelBinding(Socket sock)
{
return false;
}
public byte[] getChannelBinding(Socket sock, String binding)
{
return null;
}
};
}
if (socketFactoryCreator == null)
{
socketFactoryCreator = sslSocketFactoryCreatorBuilder.build();
}
if (clientProvider == null)
{
clientProvider = new DefaultESTHttpClientProvider(
hostNameAuthorizer,
socketFactoryCreator,
timeoutMillis,
bindingProvider,
supportedSuites,
absoluteLimit, filterCipherSuites);
}
return super.build();
}
}