Class ClientSSLSetupHandler
- java.lang.Object
-
- org.apache.synapse.transport.http.conn.ClientSSLSetupHandler
-
- All Implemented Interfaces:
org.apache.http.nio.reactor.ssl.SSLSetupHandler
public class ClientSSLSetupHandler extends Object implements org.apache.http.nio.reactor.ssl.SSLSetupHandler
-
-
Field Summary
Fields Modifier and Type Field Description static org.apache.http.conn.ssl.X509HostnameVerifier
ALLOW_ALL
The ALLOW_ALL HostnameVerifier essentially turns hostname verification off.static org.apache.http.conn.ssl.X509HostnameVerifier
DEFAULT
The DEFAULT HostnameVerifier works the same way as Curl and Firefox.static org.apache.http.conn.ssl.X509HostnameVerifier
DEFAULT_AND_LOCALHOST
The DEFAULT_AND_LOCALHOST HostnameVerifier works like the DEFAULT one with one additional relaxation: a host of "localhost", "localhost.localdomain", "127.0.0.1", "::1" will always pass, no matter what is in the server's certificate.static org.apache.http.conn.ssl.X509HostnameVerifier
STRICT
The STRICT HostnameVerifier works the same way as java.net.URL in Sun Java 1.4, Sun Java 5, Sun Java 6.
-
Constructor Summary
Constructors Constructor Description ClientSSLSetupHandler(org.apache.http.conn.ssl.X509HostnameVerifier hostnameVerifier, CertificateVerificationManager verificationManager)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
initalize(SSLEngine sslengine)
void
setHttpsProtocols(String[] httpsProtocols)
Set HTTPS protocols if mentioned in axis2 configurationvoid
setPreferredCiphers(String[] enabledCiphers)
Set the enabled Cipher suites.void
verify(org.apache.http.nio.reactor.IOSession iosession, SSLSession sslsession)
-
-
-
Field Detail
-
DEFAULT
public static final org.apache.http.conn.ssl.X509HostnameVerifier DEFAULT
The DEFAULT HostnameVerifier works the same way as Curl and Firefox. The hostname must match either the first CN, or any of the subject-alts. A wildcard can occur in the CN, and in any of the subject-alts. The only difference between DEFAULT and STRICT is that a wildcard (such as "*.foo.com") with DEFAULT matches all subdomains, including "a.b.foo.com".
-
DEFAULT_AND_LOCALHOST
public static final org.apache.http.conn.ssl.X509HostnameVerifier DEFAULT_AND_LOCALHOST
The DEFAULT_AND_LOCALHOST HostnameVerifier works like the DEFAULT one with one additional relaxation: a host of "localhost", "localhost.localdomain", "127.0.0.1", "::1" will always pass, no matter what is in the server's certificate.
-
STRICT
public static final org.apache.http.conn.ssl.X509HostnameVerifier STRICT
The STRICT HostnameVerifier works the same way as java.net.URL in Sun Java 1.4, Sun Java 5, Sun Java 6. It's also pretty close to IE6. This implementation appears to be compliant with RFC 2818 for dealing with wildcards. The hostname must match either the first CN, or any of the subject-alts. A wildcard can occur in the CN, and in any of the subject-alts. The one divergence from IE6 is how we only check the first CN. IE6 allows a match against any of the CNs present. We decided to follow in Sun Java 1.4's footsteps and only check the first CN. A wildcard such as "*.foo.com" matches only subdomains in the same level, for example "a.foo.com". It does not match deeper subdomains such as "a.b.foo.com".
-
ALLOW_ALL
public static final org.apache.http.conn.ssl.X509HostnameVerifier ALLOW_ALL
The ALLOW_ALL HostnameVerifier essentially turns hostname verification off. This implementation is a no-op, and never throws the SSLException.
-
-
Constructor Detail
-
ClientSSLSetupHandler
public ClientSSLSetupHandler(org.apache.http.conn.ssl.X509HostnameVerifier hostnameVerifier, CertificateVerificationManager verificationManager)
-
-
Method Detail
-
initalize
public void initalize(SSLEngine sslengine)
- Specified by:
initalize
in interfaceorg.apache.http.nio.reactor.ssl.SSLSetupHandler
-
verify
public void verify(org.apache.http.nio.reactor.IOSession iosession, SSLSession sslsession) throws SSLException
- Specified by:
verify
in interfaceorg.apache.http.nio.reactor.ssl.SSLSetupHandler
- Throws:
SSLException
-
setHttpsProtocols
public void setHttpsProtocols(String[] httpsProtocols)
Set HTTPS protocols if mentioned in axis2 configuration- Parameters:
httpsProtocols
- Array of protocols
-
setPreferredCiphers
public void setPreferredCiphers(String[] enabledCiphers)
Set the enabled Cipher suites. All the ciphers will be enabled if not specified- Parameters:
enabledCiphers
- Array of ciphers
-
-