Class ClientTlsOptionsHeaplet
- java.lang.Object
-
- org.forgerock.openig.heap.GenericHeaplet
-
- org.forgerock.openig.security.ClientTlsOptionsHeaplet
-
- All Implemented Interfaces:
Heaplet
- Direct Known Subclasses:
ServerTlsOptionsHeaplet
public class ClientTlsOptionsHeaplet extends GenericHeaplet
Creates and initializes client-side TLS options in a heap environment.{ "type": "TlsOptions", "config": { "sslContextAlgorithm" : String [OPTIONAL] "keyManager" : list of KeyManagers [OPTIONAL] "trustManager" : list of TrustManagers [OPTIONAL] "sslEnabledProtocols" : list of enabled protocols [OPTIONAL] "sslCipherSuites" : list of cipher suites [OPTIONAL] "alpn" : { "enabled" : boolean [OPTIONAL] } } }The sslContextAlgorithm optional attribute used to set the SSL Context Algorithm for SSL/TLS connections, it defaults to TLS. See the JavaSE docs for the full list of supported values.
The keyManager and trustManager optional attributes are referencing a list of
KeyManager(andTrustManagerrespectively). They support singleton value (use a single reference) as well as multi-valued references (a list):"keyManager": "SingleKeyManagerReference", "trustManager": [ "RefOne", "RefTwo" ]The sslEnabledProtocols optional attribute specifies the protocol versions to be enabled for use on the connection.
The sslCipherSuites optional attribute specifies cipher suite names used by the SSL connection.
The section alpn will hold the configuration for the ALPN (Application Layer Protocol Negotiation) TLS extension. The enabled optional attribute specifies if the ALPN TLS extension has to be enabled or not (default is
true).
-
-
Constructor Summary
Constructors Constructor Description ClientTlsOptionsHeaplet()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description Objectcreate()Called to request the heaplet create an object.protected ClientTlsOptionstlsOptions​(String algorithm, KeyManager[] keyManagers, TrustManager[] trustManagers, List<String> ciphers, List<String> protocols, boolean enableAlpn)Factory method creating appropriateClientTlsOptions.-
Methods inherited from class org.forgerock.openig.heap.GenericHeaplet
create, destroy, endpointRegistry, evaluatedWithHeapProperties, expression, getConfig, getHeap, getSecretService, getType, meterRegistryHolder, start
-
-
-
-
Method Detail
-
create
public Object create() throws HeapException
Description copied from class:GenericHeapletCalled to request the heaplet create an object. Called byHeaplet.create(Name, JsonValue, Heap)after initializing the protected field members. Implementations should parse configuration but not acquire resources, start threads, or log any initialization messages. These tasks should be performed by theGenericHeaplet.start()method.- Specified by:
createin classGenericHeaplet- Returns:
- The created object.
- Throws:
HeapException- if an exception occurred during creation of the heap object or any of its dependencies.
-
tlsOptions
protected ClientTlsOptions tlsOptions​(String algorithm, KeyManager[] keyManagers, TrustManager[] trustManagers, List<String> ciphers, List<String> protocols, boolean enableAlpn) throws HeapException
Factory method creating appropriateClientTlsOptions.- Parameters:
algorithm- the SSL context algorithm namekeyManagers- the array ofKeyManagers to usetrustManagers- the array ofTrustManagers to useciphers- the array of cipher suites to be enabledprotocols- the array of protocols to be enabledenableAlpn- indicate if ALPN (Application Layer Protocol Negotiation, a TLS extension) enabled- Returns:
- new
ClientTlsOptionssubtype - Throws:
HeapException- should there be a configuration error
-
-