Package org.opensaml.security.httpclient.impl

Class SecurityEnhancedHttpClientSupport

java.lang.Object
org.opensaml.security.httpclient.impl.SecurityEnhancedHttpClientSupport
public final class SecurityEnhancedHttpClientSupport extends Object
Support class for working with security-enhanced components related to use of HttpClient.

  • Constructor Details

    • SecurityEnhancedHttpClientSupport

      private SecurityEnhancedHttpClientSupport()
      Constructor.

  • Method Details

    • buildTLSSocketFactory

      @Nonnull public static org.apache.hc.client5.http.socket.LayeredConnectionSocketFactory buildTLSSocketFactory()
      Build an instance of TLS-capable LayeredConnectionSocketFactory wrapped by SecurityEnhancedTLSSocketFactory, configured for server TLS based on a mandatory TrustEngine supplied at runtime.

      Equivalent to buildTLSSocketFactory(boolean, boolean) called with true, false.

      Returns:
      a new instance of security-enhanced TLS socket factory

    • buildTLSSocketFactoryWithClientTLS

      @Nonnull public static org.apache.hc.client5.http.socket.LayeredConnectionSocketFactory buildTLSSocketFactoryWithClientTLS()
      Build an instance of TLS-capable LayeredConnectionSocketFactory wrapped by SecurityEnhancedTLSSocketFactory, configured for server TLS based on a mandatory TrustEngine supplied at runtime, and additionally configured for optional client TLS support via context client TLS credential.

      Equivalent to buildTLSSocketFactory(boolean, boolean) called with true, true.

      Returns:
      a new instance of security-enhanced TLS socket factory

    • buildTLSSocketFactoryWithClientTLSOnly

      @Nonnull public static org.apache.hc.client5.http.socket.LayeredConnectionSocketFactory buildTLSSocketFactoryWithClientTLSOnly()
      Build an instance of TLS-capable LayeredConnectionSocketFactory wrapped by SecurityEnhancedTLSSocketFactory, configured for optional client TLS support via context client TLS credential.

      Server TLS will be based on the default JSSE trust mechanism.

      Equivalent to buildTLSSocketFactory(boolean, boolean) called with false, true.

      Returns:
      a new instance of security-enhanced TLS socket factory

    • buildTLSSocketFactory

      @Nonnull public static org.apache.hc.client5.http.socket.LayeredConnectionSocketFactory buildTLSSocketFactory(boolean supportTrustEngine, boolean supportClientTLS)
      Build an instance of TLS-capable LayeredConnectionSocketFactory.

      If either supportTrustEngine or supportClientTLS are true, the returned factory will be a instance of SecurityEnhancedTLSSocketFactory wrapping an instance of LayeredConnectionSocketFactory.

      If supportTrustEngine is true, then the wrapped factory will be configured with a X509TrustManager that supports per-request specification of a mandatory server TLS TrustEngine and optional CriteriaSet, as documented in SecurityEnhancedTLSSocketFactory.

      If supportTrustEngine is false, then the wrapped factory will be configured for server TLS based on the default JSSE trust mechanism.

      If supportClientTLS is true, then the wrapped factory will be configured with a X509KeyManager that supports per-request specification of a client TLS credential, as documented in SecurityEnhancedTLSSocketFactory.

      Parameters:
      supportTrustEngine - whether to support server TLS via a context trust engine
      supportClientTLS - whether to support client TLS via a context client credential
      Returns:
      a TLS socket factory