Package org.jivesoftware.openfire.spi

Class EncryptionArtifactFactory

java.lang.Object

org.jivesoftware.openfire.spi.EncryptionArtifactFactory

public class EncryptionArtifactFactory
extends Object

Instances of this class will be able to generate various encryption-related artifacts based on a specific connection configuration. This implementation intends to centralize the implementation for generating the artifacts produced, which in earlier versions of the code-base was scattered (and duplicated) over various connection-type-specific implementations.

Author:

Guus der Kinderen, guus.der.kinderen@gmail.com

Field Summary

Fields

Modifier and Type	Field	Description
static SystemProperty<String>	SSLCONTEXT_PROTOCOL
static SystemProperty<Class>	TRUST_MANAGER_CLASS

Constructor Summary

Constructors

Constructor	Description
EncryptionArtifactFactory(ConnectionConfiguration configuration)	Creates a new instance of the factory.

Method Summary

Modifier and Type	Method	Description
SSLEngine	createClientModeSSLEngine()	Creates an SSL Engine that is configured to use client mode when handshaking.
org.apache.mina.filter.ssl.SslFilter	createClientModeSslFilter()	Creates an Apache MINA SslFilter that is configured to use client mode when handshaking.
SSLEngine	createServerModeSSLEngine()	Creates a new SSL Engine that is configured to use server mode when handshaking.
org.apache.mina.filter.ssl.SslFilter	createServerModeSslFilter()	Creates an Apache MINA SslFilter that is configured to use server mode when handshaking.
static List<String>	getDefaultCipherSuites()	Returns the names of all encryption cipher suites that are enabled by default.
static List<String>	getDefaultProtocols()	Returns the names of all encryption protocols that are enabled by default.
KeyManager[]	getKeyManagers()	Generates KeyManager instances suitable for connections that are created based on a particular configuration.
SSLContext	getSSLContext()	Generates a new, initialized SSLContext instance that is suitable for connections that are created based on a particular configuration.
org.eclipse.jetty.util.ssl.SslContextFactory	getSslContextFactory()
static List<String>	getSupportedCipherSuites()	Returns the names of all encryption cipher suites that are supported (but not necessarily enabled).
static List<String>	getSupportedProtocols()	Returns the names of all encryption protocols that are supported (but not necessarily enabled).
TrustManager[]	getTrustManagers()	Generates KeyManager instances suitable for connections that are created based on a particular configuration.
static SSLContext	getUninitializedSSLContext()	Generates a new, uninitialized SSLContext instance.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

TRUST_MANAGER_CLASS

public static final SystemProperty<Class> TRUST_MANAGER_CLASS

SSLCONTEXT_PROTOCOL

public static final SystemProperty<String> SSLCONTEXT_PROTOCOL

Constructor Detail

EncryptionArtifactFactory

public EncryptionArtifactFactory(ConnectionConfiguration configuration)

Creates a new instance of the factory.

Parameters:

configuration - the configuration for which this factory generates artifacts (cannot be null).

Method Detail

getKeyManagers

public KeyManager[] getKeyManagers()
                            throws UnrecoverableKeyException,
                                   NoSuchAlgorithmException,
                                   KeyStoreException

Generates KeyManager instances suitable for connections that are created based on a particular configuration.

Returns:

KeyManagers applicable to a connection that is established using the provided configuration.

Throws:

UnrecoverableKeyException - if the key could not be recovered

NoSuchAlgorithmException - if the algorithm was unrecognised

KeyStoreException - if there was a problem loading the keystore

getTrustManagers

public TrustManager[] getTrustManagers()
                                throws KeyStoreException,
                                       NoSuchAlgorithmException

Generates KeyManager instances suitable for connections that are created based on a particular configuration.

Returns:

TrustManagers applicable to a connection that is established using the provided configuration.

Throws:

KeyStoreException - if there was a problem accessing the keystore

NoSuchAlgorithmException - if the algorithm is not supported

getUninitializedSSLContext

public static SSLContext getUninitializedSSLContext()
                                             throws NoSuchAlgorithmException

Generates a new, uninitialized SSLContext instance. The SSLContext will use the protocol as defined by SSLCONTEXT_PROTOCOL, or, if that's null, uses the best available protocol from the default configuration of the JVM.

Returns:

An uninitialized SSLContext (never null)

Throws:

NoSuchAlgorithmException - if the protocol is not supported.

getSSLContext

public SSLContext getSSLContext()
                         throws NoSuchAlgorithmException,
                                KeyManagementException,
                                KeyStoreException,
                                UnrecoverableKeyException

Generates a new, initialized SSLContext instance that is suitable for connections that are created based on a particular configuration.

Returns:

TrustManagers applicable to a connection that is established using the provided configuration.

Throws:

NoSuchAlgorithmException - if the algorithm is not supported

KeyManagementException - if there was problem manging the ket

KeyStoreException - if there was a problem accessing the keystore

UnrecoverableKeyException - if the key could not be recovered

createServerModeSSLEngine

public SSLEngine createServerModeSSLEngine()
                                    throws UnrecoverableKeyException,
                                           NoSuchAlgorithmException,
                                           KeyStoreException,
                                           KeyManagementException

Creates a new SSL Engine that is configured to use server mode when handshaking. For Openfire, an engine is of this mode used for most purposes (as Openfire is a server by nature).

Returns:

A new, initialized SSLEngine instance (never null).

Throws:

UnrecoverableKeyException - if the key could not be recovered

NoSuchAlgorithmException - if the algorithm is not supported

KeyStoreException - if there was a problem accessing the keystore

KeyManagementException - if there was problem manging the ket

createClientModeSSLEngine

public SSLEngine createClientModeSSLEngine()
                                    throws UnrecoverableKeyException,
                                           NoSuchAlgorithmException,
                                           KeyStoreException,
                                           KeyManagementException

Creates an SSL Engine that is configured to use client mode when handshaking. For Openfire, an engine of this mode is typically used when the server tries to connect to another server. These SSLEngines never send SSLV2 ClientHello messages.

Returns:

An initialized SSLEngine instance (never null).

Throws:

UnrecoverableKeyException - if the key could not be recovered

NoSuchAlgorithmException - if the algorithm is not supported

KeyStoreException - if there was a problem accessing the keystore

KeyManagementException - if there was problem manging the ket

getSslContextFactory

public org.eclipse.jetty.util.ssl.SslContextFactory getSslContextFactory()

createServerModeSslFilter

public org.apache.mina.filter.ssl.SslFilter createServerModeSslFilter()
                                                               throws KeyManagementException,
                                                                      NoSuchAlgorithmException,
                                                                      KeyStoreException,
                                                                      UnrecoverableKeyException

Creates an Apache MINA SslFilter that is configured to use server mode when handshaking. For Openfire, an engine is of this mode used for most purposes (as Openfire is a server by nature). Instead of an SSLContext or SSLEngine, Apache MINA uses an SslFilter instance. It is generally not needed to create both SSLContext/SSLEngine as well as SslFilter instances.

Returns:

An initialized SslFilter instance (never null)

Throws:

KeyManagementException - if there was problem manging the ket

NoSuchAlgorithmException - if the algorithm is not supported

KeyStoreException - if there was a problem accessing the keystore

UnrecoverableKeyException - if the key could not be recovered

createClientModeSslFilter

public org.apache.mina.filter.ssl.SslFilter createClientModeSslFilter()
                                                               throws KeyManagementException,
                                                                      NoSuchAlgorithmException,
                                                                      KeyStoreException,
                                                                      UnrecoverableKeyException

Creates an Apache MINA SslFilter that is configured to use client mode when handshaking. For Openfire, a filter of this mode is typically used when the server tries to connect to another server. Instead of an SSLContext or SSLEngine, Apache MINA uses an SslFilter instance. It is generally not needed to create both SSLContext/SSLEngine as well as SslFilter instances.

Returns:

An initialized SslFilter instance (never null)

Throws:

KeyManagementException - if there was problem manging the ket

NoSuchAlgorithmException - if the algorithm is not supported

KeyStoreException - if there was a problem accessing the keystore

UnrecoverableKeyException - if the key could not be recovered

getSupportedProtocols

public static List<String> getSupportedProtocols()
                                          throws NoSuchAlgorithmException,
                                                 KeyManagementException

Returns the names of all encryption protocols that are supported (but not necessarily enabled).

Returns:

An array of protocol names. Not expected to be empty.

Throws:

NoSuchAlgorithmException - if the algorithm is not supported

KeyManagementException - if there was problem manging the ket

getDefaultProtocols

public static List<String> getDefaultProtocols()
                                        throws NoSuchAlgorithmException,
                                               KeyManagementException

Returns the names of all encryption protocols that are enabled by default.

Returns:

An array of protocol names. Not expected to be empty.

Throws:

NoSuchAlgorithmException - if the algorithm is not supported

KeyManagementException - if there was problem manging the ket

getSupportedCipherSuites

public static List<String> getSupportedCipherSuites()
                                             throws NoSuchAlgorithmException,
                                                    KeyManagementException

Returns the names of all encryption cipher suites that are supported (but not necessarily enabled).

Returns:

An array of cipher suite names. Not expected to be empty.

Throws:

NoSuchAlgorithmException - if the algorithm is not supported

KeyManagementException - if there was problem manging the ket

getDefaultCipherSuites

public static List<String> getDefaultCipherSuites()
                                           throws NoSuchAlgorithmException,
                                                  KeyManagementException

Returns the names of all encryption cipher suites that are enabled by default.

Returns:

An array of cipher suite names. Not expected to be empty.

Throws:

NoSuchAlgorithmException - if the algorithm is not supported

KeyManagementException - if there was problem manging the ket