Package org.apache.synapse.transport.http.conn

Class ClientSSLSetupHandler

java.lang.Object
org.apache.synapse.transport.http.conn.ClientSSLSetupHandler
All Implemented Interfaces:
org.apache.http.nio.reactor.ssl.SSLSetupHandler
public class ClientSSLSetupHandler extends Object implements org.apache.http.nio.reactor.ssl.SSLSetupHandler

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final org.apache.http.conn.ssl.X509HostnameVerifier
    ALLOW_ALL
    The ALLOW_ALL HostnameVerifier essentially turns hostname verification off.
    static final org.apache.http.conn.ssl.X509HostnameVerifier
    DEFAULT
    The DEFAULT HostnameVerifier works the same way as Curl and Firefox.
    static final org.apache.http.conn.ssl.X509HostnameVerifier
    DEFAULT_AND_LOCALHOST
    The DEFAULT_AND_LOCALHOST HostnameVerifier works like the DEFAULT one with one additional relaxation: a host of "localhost", "localhost.localdomain", "127.0.0.1", "::1" will always pass, no matter what is in the server's certificate.
    static final org.apache.http.conn.ssl.X509HostnameVerifier
    STRICT
    The STRICT HostnameVerifier works the same way as java.net.URL in Sun Java 1.4, Sun Java 5, Sun Java 6.

  • Constructor Summary

    Constructors
    Constructor
    Description
    ClientSSLSetupHandler(org.apache.http.conn.ssl.X509HostnameVerifier hostnameVerifier, CertificateVerificationManager verificationManager)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    initalize(SSLEngine sslengine)
     
    void
    setHttpsProtocols(String[] httpsProtocols)
    Set HTTPS protocols if mentioned in axis2 configuration
    void
    setPreferredCiphers(String[] enabledCiphers)
    Set the enabled Cipher suites.
    void
    verify(org.apache.http.nio.reactor.IOSession iosession, SSLSession sslsession)
     

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • DEFAULT

      public static final org.apache.http.conn.ssl.X509HostnameVerifier DEFAULT
      The DEFAULT HostnameVerifier works the same way as Curl and Firefox.

      The hostname must match either the first CN, or any of the subject-alts. A wildcard can occur in the CN, and in any of the subject-alts.

      The only difference between DEFAULT and STRICT is that a wildcard (such as "*.foo.com") with DEFAULT matches all subdomains, including "a.b.foo.com".

    • DEFAULT_AND_LOCALHOST

      public static final org.apache.http.conn.ssl.X509HostnameVerifier DEFAULT_AND_LOCALHOST
      The DEFAULT_AND_LOCALHOST HostnameVerifier works like the DEFAULT one with one additional relaxation: a host of "localhost", "localhost.localdomain", "127.0.0.1", "::1" will always pass, no matter what is in the server's certificate.

    • STRICT

      public static final org.apache.http.conn.ssl.X509HostnameVerifier STRICT
      The STRICT HostnameVerifier works the same way as java.net.URL in Sun Java 1.4, Sun Java 5, Sun Java 6. It's also pretty close to IE6. This implementation appears to be compliant with RFC 2818 for dealing with wildcards.

      The hostname must match either the first CN, or any of the subject-alts. A wildcard can occur in the CN, and in any of the subject-alts. The one divergence from IE6 is how we only check the first CN. IE6 allows a match against any of the CNs present. We decided to follow in Sun Java 1.4's footsteps and only check the first CN.

      A wildcard such as "*.foo.com" matches only subdomains in the same level, for example "a.foo.com". It does not match deeper subdomains such as "a.b.foo.com".

    • ALLOW_ALL

      public static final org.apache.http.conn.ssl.X509HostnameVerifier ALLOW_ALL
      The ALLOW_ALL HostnameVerifier essentially turns hostname verification off. This implementation is a no-op, and never throws the SSLException.

  • Constructor Details

    • ClientSSLSetupHandler

      public ClientSSLSetupHandler(org.apache.http.conn.ssl.X509HostnameVerifier hostnameVerifier, CertificateVerificationManager verificationManager)

  • Method Details

    • initalize

      public void initalize(SSLEngine sslengine)
      Specified by:
      initalize in interface org.apache.http.nio.reactor.ssl.SSLSetupHandler

    • verify

      public void verify(org.apache.http.nio.reactor.IOSession iosession, SSLSession sslsession) throws SSLException
      Specified by:
      verify in interface org.apache.http.nio.reactor.ssl.SSLSetupHandler
      Throws:
      SSLException

    • setHttpsProtocols

      public void setHttpsProtocols(String[] httpsProtocols)
      Set HTTPS protocols if mentioned in axis2 configuration
      Parameters:
      httpsProtocols - Array of protocols

    • setPreferredCiphers

      public void setPreferredCiphers(String[] enabledCiphers)
      Set the enabled Cipher suites. All the ciphers will be enabled if not specified
      Parameters:
      enabledCiphers - Array of ciphers