Module aeonics.core
Package aeonics.manager

Class Network.SecurityOptions

  • Enclosing class:
    Network
    public static class Network.SecurityOptions
extends java.lang.Object
    This class represents a set of security options that can be applied to secure a Network.Connection. Some methods are only meaningful in case of a client or server connection, they are named accordingly. If some options are not specified, defaults will be used.

    A server certificate is mandatory in case of a server connection.

    A client certificate is optional in case of a client connection.

    A server or client certificate that does not match the connection type will not be used.

    • Constructor Summary

      Constructors 
      Constructor Description
      SecurityOptions()  

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      Network.SecurityOptions withAlpn​(java.util.List<java.lang.String> alpn)
      Specified the list of accepted Application-Layer Protocol Names (ALPN)
      Network.SecurityOptions withCiphers​(java.util.List<java.lang.String> accepted)
      Specifies the list of accepted cryptographic ciphers.
      Network.SecurityOptions withClientCertificate​(java.security.cert.X509Certificate certificate, java.security.PrivateKey key)
      Forces the client connection to authenticate with the provided certificate against the server.
      Network.SecurityOptions withClientVerifier​(java.util.function.Consumer<java.security.cert.X509Certificate> verifier)
      Sets a certificate verifier that can be used by the server to validate client certificates.
      Network.SecurityOptions withProtocols​(java.util.List<java.lang.String> accepted)
      Specifies the list of accepted cryptographic protocols.
      Network.SecurityOptions withServerCertificate​(java.lang.String certificate, java.lang.String key, java.lang.String chain)
      Exposes the server connection with the provided PEM-encoded certificate to all clients.
      Network.SecurityOptions withServerCertificate​(java.security.cert.X509Certificate certificate, java.security.PrivateKey key, java.security.cert.X509Certificate[] chain)
      Exposes the server connection with the provided certificate to all clients.
      Network.SecurityOptions withServerCertificate​(java.util.function.Function<java.lang.String,​Tuples.Tuple<java.security.cert.X509Certificate[],​java.security.PrivateKey>> selector)
      Sets a certificate selection function for the server based on the Server Name Indication (SNI) sent by the client.
      Network.SecurityOptions withServerVerifier​(java.util.function.Consumer<java.security.cert.X509Certificate> verifier)
      Sets a certificate verifier that can be used by the client to validate the server certificate.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • SecurityOptions

        public SecurityOptions()

    • Method Detail

      • withClientCertificate

        public Network.SecurityOptions withClientCertificate​(java.security.cert.X509Certificate certificate,
                                                     java.security.PrivateKey key)
        Forces the client connection to authenticate with the provided certificate against the server.
        Parameters:
        certificate - the client certificate
        key - the matching private key
        Returns:
        this

      • withServerCertificate

        public Network.SecurityOptions withServerCertificate​(java.security.cert.X509Certificate certificate,
                                                     java.security.PrivateKey key,
                                                     java.security.cert.X509Certificate[] chain)
        Exposes the server connection with the provided certificate to all clients.
        Parameters:
        certificate - the server certificate
        key - the matching private key
        chain - the complete certificate chain. If null, or if the chain does not start with the original certificate, it will be prepended to the chain.
        Returns:
        this

      • withServerCertificate

        public Network.SecurityOptions withServerCertificate​(java.lang.String certificate,
                                                     java.lang.String key,
                                                     java.lang.String chain)
                                              throws java.lang.Exception
        Exposes the server connection with the provided PEM-encoded certificate to all clients.
        Parameters:
        certificate - the PEM-encoded server certificate, or a valid 'storage://' URL
        key - the matching PEM-encoded private key, or a valid 'storage://' URL
        chain - the PEM-encoded server certificate, or a valid 'storage://' URL. If null, or if the chain does not start with the original certificate, it will be prepended to the chain.
        Returns:
        this
        Throws:
        java.lang.Exception - if the provided arguments cannot be converted to valid X509Certificate and PrivateKey

      • withServerCertificate

        public Network.SecurityOptions withServerCertificate​(java.util.function.Function<java.lang.String,​Tuples.Tuple<java.security.cert.X509Certificate[],​java.security.PrivateKey>> selector)
        Sets a certificate selection function for the server based on the Server Name Indication (SNI) sent by the client. The SNI may be null if it was not provided by the client.
        Parameters:
        selector - the selection function that accepts the SNI and returns a tuple with the server certificate chain and its key
        Returns:
        this

      • withClientVerifier

        public Network.SecurityOptions withClientVerifier​(java.util.function.Consumer<java.security.cert.X509Certificate> verifier)
        Sets a certificate verifier that can be used by the server to validate client certificates. The client certificate may be null if the client did not authenticate. If the client certificate is not admissible, the verifier must throw an exception.
        Parameters:
        verifier - the verifier function that accepts the client certificate (or null)
        Returns:
        this

      • withServerVerifier

        public Network.SecurityOptions withServerVerifier​(java.util.function.Consumer<java.security.cert.X509Certificate> verifier)
        Sets a certificate verifier that can be used by the client to validate the server certificate. If the server certificate is not admissible, the verifier must throw an exception.
        Parameters:
        verifier - the verifier function that accepts the server certificate
        Returns:
        this

      • withCiphers

        public Network.SecurityOptions withCiphers​(java.util.List<java.lang.String> accepted)
        Specifies the list of accepted cryptographic ciphers. The list will be matched with SSLEngine.getSupportedCipherSuites() and only common entries will be exposed. If the list of retained elements is empty, then the defaults are used instead.
        Parameters:
        accepted - the list of accepted ciphers
        Returns:
        this

      • withProtocols

        public Network.SecurityOptions withProtocols​(java.util.List<java.lang.String> accepted)
        Specifies the list of accepted cryptographic protocols. The list will be matched with SSLEngine.getSupportedProtocols() and only common entries will be exposed. If the list of retained elements is empty, then the defaults are used instead.
        Parameters:
        accepted - the list of accepted protocols
        Returns:
        this

      • withAlpn

        public Network.SecurityOptions withAlpn​(java.util.List<java.lang.String> alpn)
        Specified the list of accepted Application-Layer Protocol Names (ALPN)
        Parameters:
        alpn - the list of alpn
        Returns:
        this