Class SecurityEnhancedHttpClientSupport
- java.lang.Object
-
- org.opensaml.security.httpclient.impl.SecurityEnhancedHttpClientSupport
-
public final class SecurityEnhancedHttpClientSupport extends Object
Support class for working with security-enhanced components related to use ofHttpClient.
-
-
Constructor Summary
Constructors Modifier Constructor Description privateSecurityEnhancedHttpClientSupport()Constructor.
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static LayeredConnectionSocketFactorybuildTLSSocketFactory()Build an instance of TLS-capableLayeredConnectionSocketFactorywrapped bySecurityEnhancedTLSSocketFactory, configured for server TLS based on a mandatoryTrustEnginesupplied at runtime.static LayeredConnectionSocketFactorybuildTLSSocketFactory(boolean supportTrustEngine, boolean supportClientTLS)Build an instance of TLS-capableLayeredConnectionSocketFactory.static LayeredConnectionSocketFactorybuildTLSSocketFactoryWithClientTLS()Build an instance of TLS-capableLayeredConnectionSocketFactorywrapped bySecurityEnhancedTLSSocketFactory, configured for server TLS based on a mandatoryTrustEnginesupplied at runtime, and additionally configured for optional client TLS support via context client TLS credential.static LayeredConnectionSocketFactorybuildTLSSocketFactoryWithClientTLSOnly()Build an instance of TLS-capableLayeredConnectionSocketFactorywrapped bySecurityEnhancedTLSSocketFactory, configured for optional client TLS support via context client TLS credential.
-
-
-
Method Detail
-
buildTLSSocketFactory
@Nonnull public static LayeredConnectionSocketFactory buildTLSSocketFactory()
Build an instance of TLS-capableLayeredConnectionSocketFactorywrapped bySecurityEnhancedTLSSocketFactory, configured for server TLS based on a mandatoryTrustEnginesupplied at runtime.Equivalent to
buildTLSSocketFactory(boolean, boolean)called with true, false.- Returns:
- a new instance of security-enhanced TLS socket factory
-
buildTLSSocketFactoryWithClientTLS
@Nonnull public static LayeredConnectionSocketFactory buildTLSSocketFactoryWithClientTLS()
Build an instance of TLS-capableLayeredConnectionSocketFactorywrapped bySecurityEnhancedTLSSocketFactory, configured for server TLS based on a mandatoryTrustEnginesupplied at runtime, and additionally configured for optional client TLS support via context client TLS credential.Equivalent to
buildTLSSocketFactory(boolean, boolean)called with true, true.- Returns:
- a new instance of security-enhanced TLS socket factory
-
buildTLSSocketFactoryWithClientTLSOnly
@Nonnull public static LayeredConnectionSocketFactory buildTLSSocketFactoryWithClientTLSOnly()
Build an instance of TLS-capableLayeredConnectionSocketFactorywrapped bySecurityEnhancedTLSSocketFactory, configured for optional client TLS support via context client TLS credential.Server TLS will be based on the default JSSE trust mechanism.
Equivalent to
buildTLSSocketFactory(boolean, boolean)called with false, true.- Returns:
- a new instance of security-enhanced TLS socket factory
-
buildTLSSocketFactory
@Nonnull public static LayeredConnectionSocketFactory buildTLSSocketFactory(boolean supportTrustEngine, boolean supportClientTLS)
Build an instance of TLS-capableLayeredConnectionSocketFactory.If either
supportTrustEngineorsupportClientTLSare true, the returned factory will be a instance ofSecurityEnhancedTLSSocketFactorywrapping an instance ofLayeredConnectionSocketFactory.If
supportTrustEngineis true, then the wrapped factory will be configured with a "no trust"X509TrustManager, to allow the actual server TLS trust evaluation to be performed by a mandatoryTrustEnginesupplied at runtime, as documented inSecurityEnhancedTLSSocketFactory.If
supportClientTLSis true, then the wrapped factory will be configured with aX509KeyManagerthat supports per-request specification of a client TLS credential, as documented inSecurityEnhancedTLSSocketFactory.- Parameters:
supportTrustEngine- whether to support server TLS via a context trust enginesupportClientTLS- whether to support client TLS via a context client credential- Returns:
- a TLS socket factory
-
-