Package org.opensaml.security.httpclient

Class HttpClientSecurityParameters

  • public class HttpClientSecurityParameters
extends Object
    Parameters related to HttpClient request security features.

    • Field Detail

      • credentialsProvider

        @Nullable
private org.apache.http.client.CredentialsProvider credentialsProvider
        HttpClient credentials provider.

      • authCache

        @Nullable
private org.apache.http.client.AuthCache authCache
        HttpClient AuthCache to allow pre-emptive authentication.

      • tlsTrustEngine

        @Nullable
private TrustEngine<? super X509Credential> tlsTrustEngine
        Optional trust engine used in evaluating server TLS credentials.

      • tlsCriteriaSet

        @Nullable
private net.shibboleth.utilities.java.support.resolver.CriteriaSet tlsCriteriaSet
        Optional criteria set used in evaluating server TLS credentials.

      • tlsProtocols

        @Nullable
private List<String> tlsProtocols
        TLS Protocols.

      • tlsCipherSuites

        @Nullable
private List<String> tlsCipherSuites
        TLS cipher suites.

      • hostnameVerifier

        @Nullable
private HostnameVerifier hostnameVerifier
        The hostname verifier.

      • clientTLSCredential

        @Nullable
private X509Credential clientTLSCredential
        The X509 credential used for client TLS.

      • serverTLSFailureFatal

        @Nullable
private Boolean serverTLSFailureFatal
        Flag indicating whether failure of server TLS trust engine evaluation should be treated as a fatal error.

    • Constructor Detail

      • HttpClientSecurityParameters

        public HttpClientSecurityParameters()

    • Method Detail

      • getCredentialsProvider

        @Nullable
public org.apache.http.client.CredentialsProvider getCredentialsProvider()
        Get an instance of CredentialsProvider used for authentication by the HttpClient instance.
        Returns:
        the credentials provider, or null

      • setCredentialsProvider

        public void setCredentialsProvider​(@Nullable
                                   org.apache.http.client.CredentialsProvider provider)
        Set an instance of CredentialsProvider used for authentication by the HttpClient instance.
        Parameters:
        provider - the credentials provider

      • getAuthCache

        @Nullable
public org.apache.http.client.AuthCache getAuthCache()
        Get an instance of AuthCache used for authentication by the HttpClient instance.
        Returns:
        the cache, or null
        Since:
        3.4.0

      • setAuthCache

        public void setAuthCache​(@Nullable
                         org.apache.http.client.AuthCache cache)
        Set an instance of AuthCache used for authentication by the HttpClient instance.
        Parameters:
        cache - the auth cache
        Since:
        3.4.0

      • setBasicCredentials

        public void setBasicCredentials​(@Nullable
                                org.apache.http.auth.UsernamePasswordCredentials credentials)
        A convenience method to set a (single) username and password used for BASIC authentication. To disable BASIC authentication pass null for the credentials instance.

        An AuthScope will be generated which specifies any host, port, scheme and realm.

        To specify multiple usernames and passwords for multiple host, port, scheme, and realm combinations, instead provide an instance of CredentialsProvider via setCredentialsProvider(CredentialsProvider).

        Parameters:
        credentials - the username and password credentials

      • setBasicCredentialsWithScope

        public void setBasicCredentialsWithScope​(@Nullable
                                         org.apache.http.auth.UsernamePasswordCredentials credentials,
                                         @Nullable
                                         org.apache.http.auth.AuthScope scope)
        A convenience method to set a (single) username and password used for BASIC authentication. To disable BASIC authentication pass null for the credentials instance.

        If the authScope is null, an AuthScope will be generated which specifies any host, port, scheme and realm.

        To specify multiple usernames and passwords for multiple host, port, scheme, and realm combinations, instead provide an instance of CredentialsProvider via setCredentialsProvider(CredentialsProvider).

        Parameters:
        credentials - the username and password credentials
        scope - the HTTP client auth scope with which to scope the credentials, may be null

      • getTLSTrustEngine

        @Nullable
public TrustEngine<? super X509Credential> getTLSTrustEngine()
        Sets the optional trust engine used in evaluating server TLS credentials.
        Returns:
        the trust engine instance to use, or null

      • setTLSTrustEngine

        public void setTLSTrustEngine​(@Nullable
                              TrustEngine<? super X509Credential> engine)
        Sets the optional trust engine used in evaluating server TLS credentials.
        Parameters:
        engine - the trust engine instance to use

      • getTLSCriteriaSet

        @Nullable
public net.shibboleth.utilities.java.support.resolver.CriteriaSet getTLSCriteriaSet()
        Get the optional criteria set used in evaluating server TLS credentials.
        Returns:
        the criteria set instance to use

      • setTLSCriteriaSet

        public void setTLSCriteriaSet​(@Nullable
                              net.shibboleth.utilities.java.support.resolver.CriteriaSet criteriaSet)
        Set the optional criteria set used in evaluating server TLS credentials.
        Parameters:
        criteriaSet - the new criteria set instance to use

      • getTLSProtocols

        @Nullable
public List<String> getTLSProtocols()
        Get the optional list of TLS protocols.
        Returns:
        the TLS protocols, or null

      • setTLSProtocols

        public void setTLSProtocols​(@Nullable
                            Collection<String> protocols)
        Set the optional list of TLS protocols.
        Parameters:
        protocols - the TLS protocols or null

      • getTLSCipherSuites

        @Nullable
public List<String> getTLSCipherSuites()
        Get the optional list of TLS cipher suites.
        Returns:
        the list of TLS cipher suites, or null

      • setTLSCipherSuites

        public void setTLSCipherSuites​(@Nullable
                               Collection<String> cipherSuites)
        Set the optional list of TLS cipher suites.
        Parameters:
        cipherSuites - the TLS cipher suites, or null

      • getHostnameVerifier

        @Nullable
public HostnameVerifier getHostnameVerifier()
        Get the optional hostname verifier.
        Returns:
        the hostname verifier, or null

      • setHostnameVerifier

        public void setHostnameVerifier​(@Nullable
                                HostnameVerifier verifier)
        Set the optional hostname verifier.
        Parameters:
        verifier - the hostname verifier, or null

      • getClientTLSCredential

        @Nullable
public X509Credential getClientTLSCredential()
        Get the optional client TLS credential.
        Returns:
        the client TLS credential, or null

      • setClientTLSCredential

        public void setClientTLSCredential​(@Nullable
                                   X509Credential credential)
        Set the optional client TLS credential.
        Parameters:
        credential - the client TLS credential, or null

      • isServerTLSFailureFatal

        @Nullable
public Boolean isServerTLSFailureFatal()
        Get the flag indicating whether failure of server TLS trust engine evaluation should be treated as a fatal error.

        Note: a Boolean is used here rather than boolean to explicitly allow a non-configured value, allowing consuming components to implement their own internal defaults.

        Returns:
        true if fatal, false if non-fatal, null if not explicitly configured

      • setServerTLSFailureFatal

        public void setServerTLSFailureFatal​(@Nullable
                                     Boolean flag)
        Set the flag indicating whether failure of server TLS trust engine evaluation should be treated as a fatal error.

        Note: a Boolean is used here rather than boolean to explicitly allow a non-configured value, allowing consuming components to implement their own internal defaults.

        Parameters:
        flag - true if fatal, false if non-fatal, null if not explicitly configured