Package org.jivesoftware.openfire.spi
Class EncryptionArtifactFactory
java.lang.Object
org.jivesoftware.openfire.spi.EncryptionArtifactFactory
Instances of this class will be able to generate various encryption-related artifacts based on a specific connection
configuration.
This implementation intends to centralize the implementation for generating the artifacts produced, which in earlier
versions of the code-base was scattered (and duplicated) over various connection-type-specific implementations.
- Author:
- Guus der Kinderen, guus.der.kinderen@gmail.com
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final SystemProperty<Boolean>static final SystemProperty<String>static final SystemProperty<Class> -
Constructor Summary
ConstructorsConstructorDescriptionEncryptionArtifactFactory(ConnectionConfiguration configuration) Creates a new instance of the factory. -
Method Summary
Modifier and TypeMethodDescriptionio.netty.handler.ssl.SslContextCreate and configure a new SslContext instance for a Netty client.Creates an SSL Engine that is configured to use client mode when handshaking.io.netty.handler.ssl.SslContextcreateServerModeSslContext(boolean directTLS) Create and configure a new SslContext instance for a Netty server.Creates a new SSL Engine that is configured to use server mode when handshaking.Returns the names of all encryption cipher suites that are enabled by default.Returns the names of all encryption protocols that are enabled by default.Generates a KeyManager factory suitable for connections that are created based on a particular configuration.Generates KeyManager instances suitable for connections that are created based on a particular configuration.Generates a new, initialized SSLContext instance that is suitable for connections that are created based on a particular configuration.org.eclipse.jetty.util.ssl.SslContextFactory.ServerReturns the names of all encryption cipher suites that are supported (but not necessarily enabled).Returns the names of all encryption protocols that are supported (but not necessarily enabled).Generates TrustManager instances suitable for connections that are created based on a particular configuration.static SSLContextGenerates a new, uninitialized SSLContext instance.
-
Field Details
-
TRUST_MANAGER_CLASS
-
SSLCONTEXT_PROTOCOL
-
SNI_ENABLED
-
-
Constructor Details
-
EncryptionArtifactFactory
Creates a new instance of the factory.- Parameters:
configuration- the configuration for which this factory generates artifacts (cannot be null).
-
-
Method Details
-
getKeyManagerFactory
public KeyManagerFactory getKeyManagerFactory() throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreExceptionGenerates a KeyManager factory suitable for connections that are created based on a particular configuration.- Returns:
- KeyManagers applicable to a connection that is established using the provided configuration.
- Throws:
UnrecoverableKeyException- if the key could not be recoveredNoSuchAlgorithmException- if the algorithm was unrecognisedKeyStoreException- if there was a problem loading the keystore
-
getKeyManagers
public KeyManager[] getKeyManagers() throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreExceptionGenerates KeyManager instances suitable for connections that are created based on a particular configuration.- Returns:
- KeyManagers applicable to a connection that is established using the provided configuration.
- Throws:
UnrecoverableKeyException- if the key could not be recoveredNoSuchAlgorithmException- if the algorithm was unrecognisedKeyStoreException- if there was a problem loading the keystore
-
getTrustManagers
Generates TrustManager instances suitable for connections that are created based on a particular configuration.- Returns:
- TrustManagers applicable to a connection that is established using the provided configuration.
- Throws:
KeyStoreException- if there was a problem accessing the keystoreNoSuchAlgorithmException- if the algorithm is not supported
-
getUninitializedSSLContext
Generates a new, uninitialized SSLContext instance. The SSLContext will use the protocol as defined bySSLCONTEXT_PROTOCOL, or, if that's null, uses the best available protocol from the default configuration of the JVM.- Returns:
- An uninitialized SSLContext (never null)
- Throws:
NoSuchAlgorithmException- if the protocol is not supported.
-
getSSLContext
public SSLContext getSSLContext() throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyExceptionGenerates a new, initialized SSLContext instance that is suitable for connections that are created based on a particular configuration.- Returns:
- TrustManagers applicable to a connection that is established using the provided configuration.
- Throws:
NoSuchAlgorithmException- if the algorithm is not supportedKeyManagementException- if there was problem manging the ketKeyStoreException- if there was a problem accessing the keystoreUnrecoverableKeyException- if the key could not be recovered
-
createServerModeSSLEngine
public SSLEngine createServerModeSSLEngine() throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementExceptionCreates a new SSL Engine that is configured to use server mode when handshaking. For Openfire, an engine is of this mode used for most purposes (as Openfire is a server by nature).- Returns:
- A new, initialized SSLEngine instance (never null).
- Throws:
UnrecoverableKeyException- if the key could not be recoveredNoSuchAlgorithmException- if the algorithm is not supportedKeyStoreException- if there was a problem accessing the keystoreKeyManagementException- if there was problem manging the ket
-
createClientModeSSLEngine
public SSLEngine createClientModeSSLEngine() throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementExceptionCreates an SSL Engine that is configured to use client mode when handshaking. For Openfire, an engine of this mode is typically used when the server tries to connect to another server. These SSLEngines never send SSLV2 ClientHello messages.- Returns:
- An initialized SSLEngine instance (never null).
- Throws:
UnrecoverableKeyException- if the key could not be recoveredNoSuchAlgorithmException- if the algorithm is not supportedKeyStoreException- if there was a problem accessing the keystoreKeyManagementException- if there was problem manging the ket
-
getSslContextFactory
public org.eclipse.jetty.util.ssl.SslContextFactory.Server getSslContextFactory() -
createServerModeSslContext
public io.netty.handler.ssl.SslContext createServerModeSslContext(boolean directTLS) throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, SSLException Create and configure a new SslContext instance for a Netty server.- Parameters:
directTLS- if the first write request should be encrypted.- Returns:
- A secure socket protocol implementation which acts as a factory for
SSLContextandSslHandler - Throws:
UnrecoverableKeyExceptionNoSuchAlgorithmExceptionKeyStoreExceptionSSLException
-
createClientModeSslContext
public io.netty.handler.ssl.SslContext createClientModeSslContext() throws SSLException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreExceptionCreate and configure a new SslContext instance for a Netty client.Used when the Openfire server is acting as a client when making S2S connections.
- Returns:
- A secure socket protocol implementation which acts as a factory for
SSLContextandSslHandler - Throws:
SSLExceptionUnrecoverableKeyExceptionNoSuchAlgorithmExceptionKeyStoreException
-
getSupportedProtocols
public static List<String> getSupportedProtocols() throws NoSuchAlgorithmException, KeyManagementExceptionReturns the names of all encryption protocols that are supported (but not necessarily enabled).- Returns:
- An array of protocol names. Not expected to be empty.
- Throws:
NoSuchAlgorithmException- if the algorithm is not supportedKeyManagementException- if there was problem manging the ket
-
getDefaultProtocols
public static List<String> getDefaultProtocols() throws NoSuchAlgorithmException, KeyManagementExceptionReturns the names of all encryption protocols that are enabled by default.- Returns:
- An array of protocol names. Not expected to be empty.
- Throws:
NoSuchAlgorithmException- if the algorithm is not supportedKeyManagementException- if there was problem manging the ket
-
getSupportedCipherSuites
public static List<String> getSupportedCipherSuites() throws NoSuchAlgorithmException, KeyManagementExceptionReturns the names of all encryption cipher suites that are supported (but not necessarily enabled).- Returns:
- An array of cipher suite names. Not expected to be empty.
- Throws:
NoSuchAlgorithmException- if the algorithm is not supportedKeyManagementException- if there was problem manging the ket
-
getDefaultCipherSuites
public static List<String> getDefaultCipherSuites() throws NoSuchAlgorithmException, KeyManagementExceptionReturns the names of all encryption cipher suites that are enabled by default.- Returns:
- An array of cipher suite names. Not expected to be empty.
- Throws:
NoSuchAlgorithmException- if the algorithm is not supportedKeyManagementException- if there was problem manging the ket
-