Package com.verisign.epp.transport.client

Class EPPSSLConfig

java.lang.Object
com.verisign.epp.transport.client.EPPSSLConfig
public class EPPSSLConfig extends Object
The EPPSSLConfig class contains SSL configuration properties that can be used in conjunction with EPPSSLImpl.initialize(EPPSSLConfig) to initialize an EPPSSLContext. The required properties include:

  1. sslProtocol that defines the SSL protocol to use. For example, "TLS".
  2. identityStoreType that defines the type of the identity KeyStore. For example, "JKS".
  3. identityFileName that defines the name of the identity KeyStore file. For example, "identity.jks".
  4. identityPassPhrase that defines the passphrase/password to access the identity KeyStore file defined by the identityFileName property.

The optional properties include:

  1. identityKeyPassPhrase that defines the passphrase/password for the private key stored in the identity KeyStore. If not defined, the value of the identityPassPhrase will be used.
  2. trustStoreType that defines the KeyStore type of the Trust Store. This is only required if the Trust Store is defined by the trustStoreFileName property. For example, "JKS".
  3. trustStoreFileName that defines the name of the Trust Store file. For example, "trust.jks". If note defined, the default JDK Trust Store will be used that is located at the path $JAVA_HOME/lib/security/cacerts.
  4. trustStorePassPhrase that defines the passphrase/password to access the identity KeyStore file defined by the trustStoreFileName property. This is only required if the Trust Store is defined by the trustStoreFileName property.
  5. sslDebug that defines that value of the SSL debug Java system property javax.net.debug. If not set, than the javax.net.debug system property will not set. The possible values include "none" and "all" and since it sets a Java system property it will global apply across all SSL connections om the Java process.
  6. sslEnabledProtocols that defines the support SSL protocols supported. If not defined, the default protocols provided by the JSSE provider will be used. For example, {"TLSv1", "SSLv3"}.
  7. sslEnabledCipherSuites that defines the support SSL cipher suites supported. If not defined, the default cipher suites provided by the JSSE provider will be used. For example, SSL_RSA_WITH_RC4_128_MD5 SSL_RSA_WITH_RC4_128_SHA.
See Also:

  • Constructor Details

    • EPPSSLConfig

      public EPPSSLConfig()
      Default constructor.

    • EPPSSLConfig

      public EPPSSLConfig(String aSslProtocol, String aIdentityStoreType, String aIdentityFileName, String aIdentityPassPhrase)
      Creates an instance of EPPSSLConfig that takes the required set of attributes.
      Parameters:
      aSslProtocol - SSL Protocol like "TLS"
      aIdentityStoreType - Identity store type like "JKS"
      aIdentityFileName - Identity store file name
      aIdentityPassPhrase - Identity store passphrase/password

  • Method Details

    • getIdentityFileName

      public String getIdentityFileName()
      Gets the Identity File Name String.
      Returns:
      String if set; null otherwise.

    • setIdentityFileName

      public void setIdentityFileName(String aIdentityFileName)
      Sets the Identity File Name String.
      Parameters:
      aIdentityFileName - String.

    • getIdentityKeyPassPhrase

      public String getIdentityKeyPassPhrase()
      Gets the Identity Key Pass Phrase String using the Identity Pass Phrase as the default value.
      Returns:
      Identity Key Pass Phrase if set; otherwise the Identity Pass Phrase

    • getIdentityKeyPassPhraseCharArray

      public char[] getIdentityKeyPassPhraseCharArray()
      Gets the Identity Key Pass Phrase as char[] using the Identity Pass Phrase as the default value.
      Returns:
      Identity Key Pass Phrase if set; otherwise the Identity Pass Phrase as char[]

    • setIdentityKeyPassPhrase

      public void setIdentityKeyPassPhrase(String aIdentityKeyPassPhrase)
      Sets the Identity Key Pass Phrase String.
      Parameters:
      aIdentityKeyPassPhrase - String.

    • getIdentityPassPhrase

      public String getIdentityPassPhrase()
      Gets the Identity Pass Phrase String.
      Returns:
      Identity Pass Phrase if set; null otherwise.

    • getIdentityPassPhraseCharArray

      public char[] getIdentityPassPhraseCharArray()
      Gets the Identity Pass Phrase as a char[].
      Returns:
      Identity Pass Phrase if set; null otherwise.

    • setIdentityPassPhrase

      public void setIdentityPassPhrase(String aIdentityPassPhrase)
      Sets the Identity Pass Phrase String.
      Parameters:
      aIdentityPassPhrase - String.

    • getIdentityStoreType

      public String getIdentityStoreType()
      Gets the Identity Store Type String.
      Returns:
      String if set; null otherwise.

    • setIdentityStoreType

      public void setIdentityStoreType(String aIdentityStoreType)
      Sets the Identity Store Type String.
      Parameters:
      aIdentityStoreType - String.

    • getSslDebug

      public String getSslDebug()
      Gets the SSL Debug String.
      Returns:
      String if set; null otherwise.

    • setSslDebug

      public void setSslDebug(String aSslDebug)
      Sets the SSL Debug String.
      Parameters:
      aSslDebug - String.

    • getSslProtocol

      public String getSslProtocol()
      Gets the SSL Protocol String.
      Returns:
      String if set; null otherwise.

    • setSslProtocol

      public void setSslProtocol(String aSslProtocol)
      Sets the SSL Protocol String.
      Parameters:
      aSslProtocol - String.

    • setTrustStore

      public void setTrustStore(String aTrustStoreType, String aTrustStoreFileName, String aTrustStorePassPhrase)
      Sets the required Trust Store properties if the Trust Store is explicitely set.
      Parameters:
      aTrustStoreType - Keystore type of the Trust Store like "JKS"
      aTrustStoreFileName - Trust Store file name
      aTrustStorePassPhrase - Trust Store passphrase/password

    • getTrustStoreType

      public String getTrustStoreType()
      Gets the Trust Store Type String.
      Returns:
      String if set; null otherwise.

    • setTrustStoreType

      public void setTrustStoreType(String aTrustStoreType)
      Sets the Trust Store Type String.
      Parameters:
      aTrustStoreType - String.

    • getTrustStoreFileName

      public String getTrustStoreFileName()
      Gets the Trust Store File Name String.
      Returns:
      String if set; null otherwise.

    • setTrustStoreFileName

      public void setTrustStoreFileName(String aTrustStoreFileName)
      Sets the Trust Store File Name String.
      Parameters:
      aTrustStoreFileName - String.

    • getTrustStorePassPhrase

      public String getTrustStorePassPhrase()
      Gets the Trust Store Pass Phrase String.
      Returns:
      Trust Store Pass Phrase if set; null otherwise.

    • getTrustStorePassPhraseCharArray

      public char[] getTrustStorePassPhraseCharArray()
      Gets the Trust Store Pass Phrase as char[].
      Returns:
      Trust Store Pass Phrase if set; null otherwise.

    • setTrustStorePassPhrase

      public void setTrustStorePassPhrase(String aTrustStorePassPhrase)
      Sets the Trust Store Pass Phrase String.
      Parameters:
      aTrustStorePassPhrase - String.

    • getSSLEnabledProtocols

      public String[] getSSLEnabledProtocols()
      Gets the optional SSL enabled protocols String array.
      Returns:
      String array if set; null otherwise.

    • setSSLEnabledProtocols

      public void setSSLEnabledProtocols(String[] aSslEnabledProtocols)
      Sets the optional SSL enabled protocols String array.
      Parameters:
      aSslEnabledProtocols - String array of enabled SSL protocols

    • setSSLEnabledProtocols

      public void setSSLEnabledProtocols(String aSslEnabledProtocols)
      Sets the optional SSL enabled protocols using a space delimited list of protocols.
      Parameters:
      aSslEnabledProtocols - space delimited list of enabled SSL protocols

    • getSSLEnabledCipherSuites

      public String[] getSSLEnabledCipherSuites()
      Gets the optional SSL enabled cipher suites String array.
      Returns:
      >String array if set; null otherwise.

    • setSSLEnabledCipherSuites

      public void setSSLEnabledCipherSuites(String[] aSslEnabledCipherSuites)
      Sets the optional SSL enabled cipher suites String array.
      Parameters:
      aSslEnabledCipherSuites - String array of enabled SSL cipher suites

    • setSSLEnabledCipherSuites

      public void setSSLEnabledCipherSuites(String aSslEnabledCipherSuites)
      Sets the optional SSL enabled cipher suites using a space delimited list of cipher suites.
      Parameters:
      aSslEnabledCipherSuites - space delimited list of enabled SSL cipher suites

    • validate

      public void validate() throws EPPException
      Validates the properties of the EPPSSLConfig by checking that the required properties are set.
      Throws:
      EPPException - On error

    • toString

      public String toString()
      Output the contents of the EPPSSLConfig instance which includes a comma seperated list of EPPSSLConfig properties with the values. For example, "sslProtocol = <value>".
      Overrides:
      toString in class Object
      Returns:
      String containing the EPPSSLConfig properties and values

    • getSslEnabledProtocols

      public String[] getSslEnabledProtocols()
      Gets the enabled SSL protocols.
      Returns:
      enabled SSL protocols if set; null otherwise

    • setSslEnabledProtocols

      public void setSslEnabledProtocols(String[] aSslEnabledProtocols)
      Sets the enabled SSL protocols.
      Parameters:
      aSslEnabledProtocols - The enabled SSL protocols

    • getSslEnabledCipherSuites

      public String[] getSslEnabledCipherSuites()
      Gets the enabled SSL cipher suites.
      Returns:
      enabled SSL cipher suites if set; null otherwise

    • setSslEnabledCipherSuites

      public void setSslEnabledCipherSuites(String[] aSslEnabledCipherSuites)
      Sets the enabled SSL cipher suites.
      Parameters:
      aSslEnabledCipherSuites - the enabled SSL cipehr suites

    • isSSLDisableHostnameVerification

      public boolean isSSLDisableHostnameVerification()
      Disable host name verification? This should only be set to true in Development and is set by default to false.
      Returns:
      true to disable host name verification of the server certificate; false otherwise

    • setSSLDisableHostnameVerification

      public void setSSLDisableHostnameVerification(boolean aDisableHostnameVerification)
      Sets the disable host name verification property, which defaults to false and should only be set to true in Development.
      Parameters:
      aDisableHostnameVerification - Disable the host name verification?

    • isSslDisableHostnameVerification

      public boolean isSslDisableHostnameVerification()
      is host name verification disabled, which should only be used in Development.
      Returns:
      the sslDisableHostnameVerification

    • setSslDisableHostnameVerification

      public void setSslDisableHostnameVerification(boolean sslDisableHostnameVerification)
      Disable host name verification, which should only be used in Development.
      Parameters:
      sslDisableHostnameVerification - the sslDisableHostnameVerification to set

    • getSslServerEKUs

      public List<String> getSslServerEKUs()
      Gets the list of trusted X.509 Extended Key Usage (EKU) values, where at least one of the values must exist in the server certificate. A null value means that the EKU values in the server certificate will be ignored. These values are The values are integer values, as defined in the PKIX Extended Key Purpose registry.
      Returns:
      the trust server EKU values or null to ignore the EKU settings

    • setSslClientEKUs

      public void setSslClientEKUs(List<String> clientEKUs)
      Sets the list of trusted X.509 Extended Key Usage (EKU) values, where at least one of the values must exist in the client certificate. A null value means that the EKU values in the client certificate will be ignored. These values are The values are integer values, as defined in the PKIX Extended Key Purpose registry.
      Parameters:
      clientEKUs - Set to a list of EKU Object Identifier (OID) values or null to ignore the EKU extension

    • setSslClientEKUsFromPropValue

      public void setSslClientEKUsFromPropValue(String aClientEKUPropValue)
      Sets the list of trusted X.509 Extended Key Usage (EKU) values from an EPP configuration property value, where at least one of the values must exist in the client certificate. A null value means that the EKU values in the client certificate will be ignored. These values are The values are integer values, as defined in the PKIX Extended Key Purpose registry.
      Parameters:
      aClientEKUPropValue - EPP configuration property value to use to load the client EKUs

    • getSslClientEKUs

      public List<String> getSslClientEKUs()
      Gets the list of trusted X.509 Extended Key Usage (EKU) values, where at least one of the values must exist in the client certificate. A null value means that the EKU values in the client certificate will be ignored. These values are The values are integer values, as defined in the PKIX Extended Key Purpose registry.
      Returns:
      the trusted client EKU values or null to ignore the EKU settings

    • setSslServerEKUs

      public void setSslServerEKUs(List<String> serverEKUs)
      Sets the list of trusted X.509 Extended Key Usage (EKU) values, where at least one of the values must exist in the server certificate. A null value means that the EKU values in the server certificate will be ignored. These values are The values are integer values, as defined in the PKIX Extended Key Purpose registry.
      Parameters:
      serverEKUs - Set to a list of EKU Object Identifier (OID) values or null to ignore the EKU extension

    • setSslServerEKUsFromPropValue

      public void setSslServerEKUsFromPropValue(String aServerEKUPropValue)
      Sets the list of trusted X.509 Extended Key Usage (EKU) values from an EPP configuration property value, where at least one of the values must exist in the server certificate. A null value means that the EKU values in the server certificate will be ignored. These values are The values are integer values, as defined in the PKIX Extended Key Purpose registry.
      Parameters:
      aServerEKUPropValue - EPP configuration property value to use to load the server EKUs