Package com.nimbusds.oauth2.sdk.util.tls
Class TLSUtils
java.lang.Object
com.nimbusds.oauth2.sdk.util.tls.TLSUtils
TLS / SSL utilities.
-
Method Summary
Modifier and TypeMethodDescriptionstatic SSLSocketFactorycreateSSLSocketFactory(KeyStore trustStore) Creates a new SSL socket factory with with a custom trust store for server or CA root X.509 certificates / certificate chains.static SSLSocketFactorycreateSSLSocketFactory(KeyStore trustStore, TLSVersion tlsVersion) Creates a new SSL socket factory with with a custom trust store for server or CA root X.509 certificates / certificate chains.static SSLSocketFactorycreateSSLSocketFactory(KeyStore trustStore, KeyStore keyStore, char[] keyPw, TLSVersion tlsVersion) Creates a new SSL socket factory with with a custom trust store for server (or CA) certificates and / or custom key store for client keys and certificates.
-
Method Details
-
createSSLSocketFactory
public static SSLSocketFactory createSSLSocketFactory(KeyStore trustStore) throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException, UnrecoverableKeyException Creates a new SSL socket factory with with a custom trust store for server or CA root X.509 certificates / certificate chains.The SSL socket factory is created using TLS 1.3, the default JCA provider and the default secure random generator.
- Parameters:
trustStore- The trust store to use. Must be initialised / loaded. Ifnullthe default trust store for resolving the server certificates will be used.- Returns:
- The SSL socket factory.
- Throws:
NoSuchAlgorithmException- On a unsupported TLS algorithm.KeyStoreException- On a trust store exception.KeyManagementException- On a key management exception.UnrecoverableKeyException- On a key retrieval exception.
-
createSSLSocketFactory
public static SSLSocketFactory createSSLSocketFactory(KeyStore trustStore, TLSVersion tlsVersion) throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException, UnrecoverableKeyException Creates a new SSL socket factory with with a custom trust store for server or CA root X.509 certificates / certificate chains.The SSL socket factory is created using the default JCA provider and the default secure random generator.
- Parameters:
trustStore- The trust store to use. Must be initialised / loaded. Ifnullthe default trust store for resolving the server certificates will be used.tlsVersion- The TLS version to use.TLSVersion.TLS_1_3is recommended. Must not benull.- Returns:
- The SSL socket factory.
- Throws:
NoSuchAlgorithmException- On a unsupported TLS algorithm.KeyStoreException- On a trust store exception.KeyManagementException- On a key management exception.UnrecoverableKeyException- On a key retrieval exception.
-
createSSLSocketFactory
public static SSLSocketFactory createSSLSocketFactory(KeyStore trustStore, KeyStore keyStore, char[] keyPw, TLSVersion tlsVersion) throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException, UnrecoverableKeyException Creates a new SSL socket factory with with a custom trust store for server (or CA) certificates and / or custom key store for client keys and certificates.If a trust store is specified it should contain the required server or CA root X.509 certificates / certificate chains.
If a key store is specified it should contain the required one more private client keys with matching X.509 certificates.
The SSL socket factory is created using the default JCA provider and the default secure random generator.
- Parameters:
trustStore- The trust store to use. Must be initialised / loaded. Ifnullthe default trust store for resolving the server certificates will be used.keyStore- The key store to use. Must be initialised / loaded. Ifnullno client certificates will be presented.keyPw- The password protecting the private client key(s), empty array ornullif none or not applicable.tlsVersion- The TLS version to use.TLSVersion.TLS_1_3is recommended. Must not benull.- Returns:
- The SSL socket factory.
- Throws:
NoSuchAlgorithmException- On a unsupported TLS algorithm.KeyStoreException- On a trust store exception.KeyManagementException- On a key management exception.UnrecoverableKeyException- On a key retrieval exception.
-