Package org.jivesoftware.openfire.spi
Class EncryptionArtifactFactory
- java.lang.Object
-
- org.jivesoftware.openfire.spi.EncryptionArtifactFactory
-
public class EncryptionArtifactFactory extends Object
Instances of this class will be able to generate various encryption-related artifacts based on a specific connection configuration. This implementation intends to centralize the implementation for generating the artifacts produced, which in earlier versions of the code-base was scattered (and duplicated) over various connection-type-specific implementations.- Author:
- Guus der Kinderen, guus.der.kinderen@gmail.com
-
-
Field Summary
Fields Modifier and Type Field Description static SystemProperty<Boolean>
SNI_ENABLED
static SystemProperty<String>
SSLCONTEXT_PROTOCOL
static SystemProperty<Class>
TRUST_MANAGER_CLASS
-
Constructor Summary
Constructors Constructor Description EncryptionArtifactFactory(ConnectionConfiguration configuration)
Creates a new instance of the factory.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description io.netty.handler.ssl.SslContext
createClientModeSslContext()
Create and configure a new SslContext instance for a Netty client.SSLEngine
createClientModeSSLEngine()
Creates an SSL Engine that is configured to use client mode when handshaking.io.netty.handler.ssl.SslContext
createServerModeSslContext(boolean directTLS)
Create and configure a new SslContext instance for a Netty server.SSLEngine
createServerModeSSLEngine()
Creates a new SSL Engine that is configured to use server mode when handshaking.static List<String>
getDefaultCipherSuites()
Returns the names of all encryption cipher suites that are enabled by default.static List<String>
getDefaultProtocols()
Returns the names of all encryption protocols that are enabled by default.KeyManagerFactory
getKeyManagerFactory()
Generates a KeyManager factory suitable for connections that are created based on a particular configuration.KeyManager[]
getKeyManagers()
Generates KeyManager instances suitable for connections that are created based on a particular configuration.SSLContext
getSSLContext()
Generates a new, initialized SSLContext instance that is suitable for connections that are created based on a particular configuration.org.eclipse.jetty.util.ssl.SslContextFactory.Server
getSslContextFactory()
static List<String>
getSupportedCipherSuites()
Returns the names of all encryption cipher suites that are supported (but not necessarily enabled).static List<String>
getSupportedProtocols()
Returns the names of all encryption protocols that are supported (but not necessarily enabled).TrustManager[]
getTrustManagers()
Generates TrustManager instances suitable for connections that are created based on a particular configuration.static SSLContext
getUninitializedSSLContext()
Generates a new, uninitialized SSLContext instance.
-
-
-
Field Detail
-
TRUST_MANAGER_CLASS
public static final SystemProperty<Class> TRUST_MANAGER_CLASS
-
SSLCONTEXT_PROTOCOL
public static final SystemProperty<String> SSLCONTEXT_PROTOCOL
-
SNI_ENABLED
public static final SystemProperty<Boolean> SNI_ENABLED
-
-
Constructor Detail
-
EncryptionArtifactFactory
public EncryptionArtifactFactory(ConnectionConfiguration configuration)
Creates a new instance of the factory.- Parameters:
configuration
- the configuration for which this factory generates artifacts (cannot be null).
-
-
Method Detail
-
getKeyManagerFactory
public KeyManagerFactory getKeyManagerFactory() throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException
Generates a KeyManager factory suitable for connections that are created based on a particular configuration.- Returns:
- KeyManagers applicable to a connection that is established using the provided configuration.
- Throws:
UnrecoverableKeyException
- if the key could not be recoveredNoSuchAlgorithmException
- if the algorithm was unrecognisedKeyStoreException
- if there was a problem loading the keystore
-
getKeyManagers
public KeyManager[] getKeyManagers() throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException
Generates KeyManager instances suitable for connections that are created based on a particular configuration.- Returns:
- KeyManagers applicable to a connection that is established using the provided configuration.
- Throws:
UnrecoverableKeyException
- if the key could not be recoveredNoSuchAlgorithmException
- if the algorithm was unrecognisedKeyStoreException
- if there was a problem loading the keystore
-
getTrustManagers
public TrustManager[] getTrustManagers() throws KeyStoreException, NoSuchAlgorithmException
Generates TrustManager instances suitable for connections that are created based on a particular configuration.- Returns:
- TrustManagers applicable to a connection that is established using the provided configuration.
- Throws:
KeyStoreException
- if there was a problem accessing the keystoreNoSuchAlgorithmException
- if the algorithm is not supported
-
getUninitializedSSLContext
public static SSLContext getUninitializedSSLContext() throws NoSuchAlgorithmException
Generates a new, uninitialized SSLContext instance. The SSLContext will use the protocol as defined bySSLCONTEXT_PROTOCOL
, or, if that's null, uses the best available protocol from the default configuration of the JVM.- Returns:
- An uninitialized SSLContext (never null)
- Throws:
NoSuchAlgorithmException
- if the protocol is not supported.
-
getSSLContext
public SSLContext getSSLContext() throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException
Generates a new, initialized SSLContext instance that is suitable for connections that are created based on a particular configuration.- Returns:
- TrustManagers applicable to a connection that is established using the provided configuration.
- Throws:
NoSuchAlgorithmException
- if the algorithm is not supportedKeyManagementException
- if there was problem manging the ketKeyStoreException
- if there was a problem accessing the keystoreUnrecoverableKeyException
- if the key could not be recovered
-
createServerModeSSLEngine
public SSLEngine createServerModeSSLEngine() throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException
Creates a new SSL Engine that is configured to use server mode when handshaking. For Openfire, an engine is of this mode used for most purposes (as Openfire is a server by nature).- Returns:
- A new, initialized SSLEngine instance (never null).
- Throws:
UnrecoverableKeyException
- if the key could not be recoveredNoSuchAlgorithmException
- if the algorithm is not supportedKeyStoreException
- if there was a problem accessing the keystoreKeyManagementException
- if there was problem manging the ket
-
createClientModeSSLEngine
public SSLEngine createClientModeSSLEngine() throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException
Creates an SSL Engine that is configured to use client mode when handshaking. For Openfire, an engine of this mode is typically used when the server tries to connect to another server. These SSLEngines never send SSLV2 ClientHello messages.- Returns:
- An initialized SSLEngine instance (never null).
- Throws:
UnrecoverableKeyException
- if the key could not be recoveredNoSuchAlgorithmException
- if the algorithm is not supportedKeyStoreException
- if there was a problem accessing the keystoreKeyManagementException
- if there was problem manging the ket
-
getSslContextFactory
public org.eclipse.jetty.util.ssl.SslContextFactory.Server getSslContextFactory()
-
createServerModeSslContext
public io.netty.handler.ssl.SslContext createServerModeSslContext(boolean directTLS) throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, SSLException
Create and configure a new SslContext instance for a Netty server.- Parameters:
directTLS
- if the first write request should be encrypted.- Returns:
- A secure socket protocol implementation which acts as a factory for
SSLContext
andSslHandler
- Throws:
UnrecoverableKeyException
NoSuchAlgorithmException
KeyStoreException
SSLException
-
createClientModeSslContext
public io.netty.handler.ssl.SslContext createClientModeSslContext() throws SSLException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException
Create and configure a new SslContext instance for a Netty client.Used when the Openfire server is acting as a client when making S2S connections.
- Returns:
- A secure socket protocol implementation which acts as a factory for
SSLContext
andSslHandler
- Throws:
SSLException
UnrecoverableKeyException
NoSuchAlgorithmException
KeyStoreException
-
getSupportedProtocols
public static List<String> getSupportedProtocols() throws NoSuchAlgorithmException, KeyManagementException
Returns the names of all encryption protocols that are supported (but not necessarily enabled).- Returns:
- An array of protocol names. Not expected to be empty.
- Throws:
NoSuchAlgorithmException
- if the algorithm is not supportedKeyManagementException
- if there was problem manging the ket
-
getDefaultProtocols
public static List<String> getDefaultProtocols() throws NoSuchAlgorithmException, KeyManagementException
Returns the names of all encryption protocols that are enabled by default.- Returns:
- An array of protocol names. Not expected to be empty.
- Throws:
NoSuchAlgorithmException
- if the algorithm is not supportedKeyManagementException
- if there was problem manging the ket
-
getSupportedCipherSuites
public static List<String> getSupportedCipherSuites() throws NoSuchAlgorithmException, KeyManagementException
Returns the names of all encryption cipher suites that are supported (but not necessarily enabled).- Returns:
- An array of cipher suite names. Not expected to be empty.
- Throws:
NoSuchAlgorithmException
- if the algorithm is not supportedKeyManagementException
- if there was problem manging the ket
-
getDefaultCipherSuites
public static List<String> getDefaultCipherSuites() throws NoSuchAlgorithmException, KeyManagementException
Returns the names of all encryption cipher suites that are enabled by default.- Returns:
- An array of cipher suite names. Not expected to be empty.
- Throws:
NoSuchAlgorithmException
- if the algorithm is not supportedKeyManagementException
- if there was problem manging the ket
-
-