package ssl

Linear Supertypes
AnyRef, Any
Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. ssl
  2. AnyRef
  3. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. All

Package Members

  1. package debug

Type Members

  1. class AlgorithmChecker extends PKIXCertPathChecker

    Looks for disabled algorithms in the certificate.

    Looks for disabled algorithms in the certificate. This is because some certificates are signed with forgable hashes such as MD2 or MD5, so we can't be certain of their authenticity.

    This class is needed because the JDK 1.6 Algorithm checker doesn't give us any way to customize the list of disabled algorithms, and we need to be able to support that.

    Also note that we need to check the trust anchor for disabled key sizes, and the CertPath explicitly removes the trust anchor from the chain of certificates. This means we need to check the trust anchor explicitly in the through the CompositeTrustManager.

  2. case class AlgorithmConstraint(algorithm: String, constraint: Option[ExpressionSymbol] = None) extends Product with Serializable
  3. sealed abstract class ClientAuth extends AnyRef

    An SSLEngine can either demand, allow or ignore its peer’s authentication (via certificates), where Need will fail the handshake if the peer does not provide valid credentials, Want allows the peer to send credentials and verifies them if provided, and None disables peer certificate verification.

    An SSLEngine can either demand, allow or ignore its peer’s authentication (via certificates), where Need will fail the handshake if the peer does not provide valid credentials, Want allows the peer to send credentials and verifies them if provided, and None disables peer certificate verification.

    See the documentation for SSLEngine::setWantClientAuth for more information.

  4. class CompositeCertificateException extends CertificateException

    A certificate exception that contains underlying exceptions.

  5. class CompositeX509KeyManager extends X509ExtendedKeyManager

    A keymanager that wraps other X509 key managers.

  6. class CompositeX509TrustManager extends X509TrustManager

    A trust manager that is a composite of several smaller trust managers.

    A trust manager that is a composite of several smaller trust managers. It is responsible for verifying the credentials received from a peer.

  7. class ConfigSSLContextBuilder extends SSLContextBuilder

    Creates an SSL context builder from info objects.

  8. class DefaultKeyManagerFactoryWrapper extends KeyManagerFactoryWrapper
  9. class DefaultTrustManagerFactoryWrapper extends TrustManagerFactoryWrapper
  10. class DisabledComplainingHostnameVerifier extends HostnameVerifier

    Add a disabled but complaining hostname verifier.

  11. case class Equal(x: Int) extends ExpressionSymbol with Product with Serializable
  12. sealed abstract class ExpressionSymbol extends AnyRef
  13. final class FakeChainedKeyStore extends AnyRef

    A fake key store

    A fake key store

    Was: play.core.server.ssl.FakeKeyStore

  14. final class FakeKeyStore extends AnyRef

    A fake key store

    A fake key store

    Was: play.core.server.ssl.FakeKeyStore

  15. class FileBasedKeyStoreBuilder extends KeyStoreBuilder

    Builds a keystore from a file containing PEM encoded certificates, using CertificateFactory internally.

    Builds a keystore from a file containing PEM encoded certificates, using CertificateFactory internally.

    See also

    java.security.cert.CertificateFactory

  16. class FileOnClasspathBasedKeyStoreBuilder extends KeyStoreBuilder
  17. final class KeyManagerConfig extends AnyRef

    The key manager config.

  18. trait KeyManagerFactoryWrapper extends AnyRef
  19. trait KeyStoreBuilder extends AnyRef
  20. final class KeyStoreConfig extends AnyRef

    Configuration for a keystore.

    Configuration for a keystore.

    A key store must either provide a file path, or a data String.

    Either key store path or data must be defined, but not both.

  21. case class LessThan(x: Int) extends ExpressionSymbol with Product with Serializable
  22. case class LessThanOrEqual(x: Int) extends ExpressionSymbol with Product with Serializable
  23. case class MoreThan(x: Int) extends ExpressionSymbol with Product with Serializable
  24. case class MoreThanOrEqual(x: Int) extends ExpressionSymbol with Product with Serializable
  25. final class NoopHostnameVerifier extends HostnameVerifier
  26. case class NotEqual(x: Int) extends ExpressionSymbol with Product with Serializable
  27. class SSLConfigParser extends AnyRef
  28. final class SSLConfigSettings extends AnyRef

    The SSL configuration.

  29. trait SSLContextBuilder extends AnyRef
  30. final class SSLDebugConfig extends AnyRef

    SSL debug configuration.

  31. final class SSLLooseConfig extends AnyRef

    Configuration for specifying loose (potentially dangerous) ssl config.

  32. final class SSLParametersConfig extends AnyRef

    Carries values which will be later set on an SSLParameters object.

  33. class SimpleSSLContextBuilder extends SSLContextBuilder

    A simple SSL context builder.

    A simple SSL context builder. If the keyManagers or trustManagers are empty, then null is used in the init method. Likewise, if secureRandom is None then null is used.

  34. class StringBasedKeyStoreBuilder extends KeyStoreBuilder

    Builds a keystore from a string containing PEM encoded certificates, using CertificateFactory internally.

    Builds a keystore from a string containing PEM encoded certificates, using CertificateFactory internally.

    See also

    java.security.cert.CertificateFactory

  35. class SystemConfiguration extends AnyRef

    Configures global system properties on the JSSE implementation, if defined.

    Configures global system properties on the JSSE implementation, if defined.

    WARNING: This class sets system properties to configure JSSE code which typically uses static initialization on load. Because of this, if classes are loaded in BEFORE this code has a chance to operate, you may find that this code works inconsistently. The solution is to set the system properties on the command line explicitly (or in the case of "ocsp.enable", in the security property file).

  36. final class TrustManagerConfig extends AnyRef

    The trust manager config.

  37. trait TrustManagerFactoryWrapper extends AnyRef
  38. final class TrustStoreConfig extends AnyRef

    Configuration for a trust store.

    Configuration for a trust store.

    A trust store must either provide a file path, or a data String.

Deprecated Type Members

  1. class DefaultHostnameVerifier extends HostnameVerifier
    Annotations
    @deprecated
    Deprecated

    (Since version 0.4.0) DefaultHostnameVerifier has been deprecated and does nothing. Please use the javax.net.debug system property.

  2. class JavaSecurityDebugBuilder extends AnyRef

    Annotations
    @deprecated
    Deprecated

    (Since version 0.4.0) Setting system properties in JSSE after JVM initialization is unreliable. Please set the java.security.debug system property at startup.

    See also

    http://docs.oracle.com/javase/8/docs/technotes/guides/security/certpath/CertPathProgGuide.html

  3. class JavaxNetDebugBuilder extends AnyRef

    A builder for setting the system property options in "javax.net.debug" and in "java.security.debug' (in the case of "certpath").

    A builder for setting the system property options in "javax.net.debug" and in "java.security.debug' (in the case of "certpath").

    Annotations
    @deprecated
    Deprecated

    (Since version 0.4.0) Setting system properties in JSSE after JVM initialization is unreliable. Please set the javax.net.debug system property at startup.

    See also

    http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#Debug

    http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/ReadDebug.html

  4. trait MonkeyPatcher extends AnyRef
    Annotations
    @deprecated
    Deprecated

    (Since version 0.4.0) MonkeyPatcher has been deprecated and does nothing. Please use the javax.net.debug system property.

  5. final class SSLDebugHandshakeOptions extends AnyRef

    SSL handshake debugging options.

    SSL handshake debugging options.

    Annotations
    @deprecated
    Deprecated

    (Since version 0.4.0) not operative

  6. final class SSLDebugRecordOptions extends AnyRef

    SSL record debugging options.

    SSL record debugging options.

    Annotations
    @deprecated
    Deprecated

    (Since version 0.4.0) not operative

Value Members

  1. implicit def arrayCertsToListCerts(chain: Array[Certificate]): List[Certificate]
  2. implicit def certResult2PKIXResult(result: CertPathValidatorResult): PKIXCertPathValidatorResult
  3. implicit def certificate2X509Certificate(cert: Certificate): X509Certificate
  4. def debugChain(chain: Array[X509Certificate]): Seq[String]
  5. def isOpenJdk: Boolean
  6. object AlgorithmConstraintsParser extends RegexParsers

    Parser based on the jdk.certpath.disabledAlgorithm BNF.

    Parser based on the jdk.certpath.disabledAlgorithm BNF.

    See also

    http://sim.ivi.co/2011/07/java-se-7-release-security-enhancements.html

  7. object Algorithms

    This singleton object provides the code needed to check for minimum standards of an X.509 certificate.

    This singleton object provides the code needed to check for minimum standards of an X.509 certificate. Over 95% of trusted leaf certificates and 95% of trusted signing certificates use NIST recommended key sizes. Play supports Java 1.6, which does not have built in certificate strength checking, so we roll our own here.

    The default settings here are based off NIST SP 800-57, using Dates for Phasing out MD5-based signatures and 1024-bit moduli as a practical guide.

    Note that the key sizes are checked on root CA certificates in the trust store. As the Mozilla document says:

    The other concern that needs to be addressed is that of RSA1024 being too small a modulus to be robust against faster computers. Unlike a signature algorithm, where only intermediate and end-entity certificates are impacted, fast math means we have to disable or remove all instances of 1024-bit moduli, including the root certificates.

    Relevant key sizes:

    According to NIST SP 800-57 the recommended algorithms and minimum key sizes are as follows: Through 2010 (minimum of 80 bits of strength) FFC (e.g., DSA, D-H) Minimum: L=1024; N=160 IFC (e.g., RSA) Minimum: k=1024 ECC (e.g. ECDSA) Minimum: f=160 Through 2030 (minimum of 112 bits of strength) FFC (e.g., DSA, D-H) Minimum: L=2048; N=224 IFC (e.g., RSA) Minimum: k=2048 ECC (e.g. ECDSA) Minimum: f=224 Beyond 2030 (minimum of 128 bits of strength) FFC (e.g., DSA, D-H) Minimum: L=3072; N=256 IFC (e.g., RSA) Minimum: k=3072 ECC (e.g. ECDSA) Minimum: f=256

    Relevant signature algorithms:

    The known weak signature algorithms are "MD2, MD4, MD5".

    SHA-1 is considered too weak for new certificates, but is still allowed for verifying old certificates in the chain. The TLS and NIST'S Policy on Hash Functions blog post by one of the JSSE authors has more details, in particular the "Put it into practice" section.

  8. object Ciphers

    This class contains sets of recommended and deprecated TLS cipher suites.

    This class contains sets of recommended and deprecated TLS cipher suites.

    The JSSE list of cipher suites is different from the RFC defined list, with some cipher suites prefixed with "SSL_" instead of "TLS_". A full list is available from the SunJSSE provider list

    Please see https://www.playframework.com/documentation/current/CipherSuites for more details.

  9. object ClientAuth
  10. object CompositeCertificateException extends Serializable
  11. object FakeChainedKeyStore

    A fake key store with a selfsigned CA and a certificate issued by that CA.

    A fake key store with a selfsigned CA and a certificate issued by that CA. Includes a trustedCertEntry for each of the two certificates.

    Your keystore contains 4 entries

sslconfig-user-trust, Oct 4, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): 19:2D:20:F0:36:59:E3:AD:C1:AA:55:82:0D:D2:94:5D:B3:75:3F:F8
sslconfig-user, Oct 4, 2018, PrivateKeyEntry,
Certificate fingerprint (SHA1): 19:2D:20:F0:36:59:E3:AD:C1:AA:55:82:0D:D2:94:5D:B3:75:3F:F8
sslconfig-CA-trust, Oct 4, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): 9B:78:6B:4F:E4:B6:4D:EF:3E:3E:06:32:7A:53:83:28:96:7F:12:C7
sslconfig-CA, Oct 4, 2018, PrivateKeyEntry,
Certificate fingerprint (SHA1): 9B:78:6B:4F:E4:B6:4D:EF:3E:3E:06:32:7A:53:83:28:96:7F:12:C7

    Was: play.core.server.ssl.FakeKeyStore

  12. object FakeKeyStore

    A fake key store with a single, selfsigned certificate and keypair.

    A fake key store with a single, selfsigned certificate and keypair. Includes also a trustedCertEntry for that certificate.

    Your keystore contains 2 entries

sslconfig-selfsigned-trust, Oct 4, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): 19:2D:20:F0:36:59:E3:AD:C1:AA:55:82:0D:D2:94:5D:B3:75:3F:F8
sslconfig-selfsigned, Oct 4, 2018, PrivateKeyEntry,
Certificate fingerprint (SHA1): 19:2D:20:F0:36:59:E3:AD:C1:AA:55:82:0D:D2:94:5D:B3:75:3F:F8

    Was: play.core.server.ssl.FakeKeyStore

  13. object FakeSSLTools
  14. object KeyManagerConfig
  15. object KeyStoreConfig
  16. object KeystoreFormats
  17. object Protocols
  18. object SSLConfigFactory

    Factory for creating SSL config (for use from Java).

  19. object SSLConfigSettings
  20. object SSLDebugConfig
  21. object SSLLooseConfig
  22. object SSLParametersConfig
  23. object TrustManagerConfig
  24. object TrustStoreConfig

Deprecated Value Members

  1. object SSLDebugHandshakeOptions
    Annotations
    @deprecated
    Deprecated

    (Since version 0.4.0) not operative

  2. object SSLDebugRecordOptions
    Annotations
    @deprecated
    Deprecated

    (Since version 0.4.0) not operative

Inherited from AnyRef

Inherited from Any

Ungrouped