COM.claymoresystems.ptls

Class SSLContext

public class SSLContext extends SSLContextInt

SSLContext holds all state relevant to more than one SSL Session/ Connection. In particular, it's the access point for user keying material, user policy settings, and the session cache.

For clients, it is legal to merely create an SSLContext and use it immediately, though it is advisable to set the SSLPolicy.

Since servers must have keying material to operate, all SSLContexts which are to be used for servers must be initialized using loadEAYKeyFile() or loadPKS12KeyFile().

Currently, SSLContext supports only one key at a time and loading a new keyfile overrides any exiting keys/certificates. Future implementations may support multiple keys automatically selected based on the cipherSuite.

Method Summary
protected voiddestroySession(String sessionLookupKey)
protected SSLSessionDatafindSession(String key)
voidloadDHParams(String path)
Load the DH parameters structure from a file
voidloadDHParams(InputStream is)
Load a DH parameters structure from disk.
voidloadEAYKeyFile(String path, String passphrase)
Load a subset of SSLeay keyfiles.
voidloadEAYKeyFile(InputStream is, String passphrase)
Load a subset of SSLeay keyfiles.
voidloadPKCS12File(String path, String passphrase)
Load keying material from the indicated PKCS12/PFX keyfile, using the passphrase passed in
voidloadRootCertificates(String path)
Load a list of acceptable roots.
voidloadRootCertificates(InputStream is)
Load a list of acceptable roots.
voidsaveDHParams(String path, int size, boolean sophieGermainPrimes)
Save DH parameters to disk, generating them if necessary
voidsaveEAYKeyFile(String path, String passphrase)
voidseedRNG(byte[] seed)
Build new RNG based on the indicated seed, or update current RNG
protected voidstoreSession(String key, SSLSessionData sd)
voiduseRandomnessFile(String file, String passphrase)
use the indicated file for randomness If the file does not exist, it is created.

Method Detail

destroySession

protected void destroySession(String sessionLookupKey)

findSession

protected SSLSessionData findSession(String key)

loadDHParams

public void loadDHParams(String path)
Load the DH parameters structure from a file

Parameters: path the file

loadDHParams

public void loadDHParams(InputStream is)
Load a DH parameters structure from disk. This saves the time consuming prime generation phase

Parameters: is the params file

loadEAYKeyFile

public void loadEAYKeyFile(String path, String passphrase)
Load a subset of SSLeay keyfiles.

We assume that the first key is bound to the first group of certificates

We assume that any certificates we find are strictly ordered from the user's certificate to the root.

Parameters: path the filename for the fiel passphrase the passphrase needed to decrypt the private key

Throws: IOException if the keyfile is badly formatted FileNotFoundException if the keyfile doesn't exist

loadEAYKeyFile

public void loadEAYKeyFile(InputStream is, String passphrase)
Load a subset of SSLeay keyfiles.

We assume that the first key is bound to the first group of certificates

We assume that any certificates we find are strictly ordered from the user's certificate to the root.

Parameters: is the file passphrase the passphrase needed to decrypt the private key

Throws: IOException if the keyfile is badly formatted FileNotFoundException if the keyfile doesn't exist

loadPKCS12File

public void loadPKCS12File(String path, String passphrase)
Load keying material from the indicated PKCS12/PFX keyfile, using the passphrase passed in

Parameters: path the filename for the keyfile passphrase the passphrase needed to decrypt/verify the keyfile Currently not implemented

loadRootCertificates

public void loadRootCertificates(String path)
Load a list of acceptable roots.

Roots are not used for verifying the keys found in the keyfile. They are only used for verifying the certificates of peer entities.

Roots are formatted in SSLeay "PEM" style

Parameters: path the filename containing the root list

loadRootCertificates

public void loadRootCertificates(InputStream is)
Load a list of acceptable roots.

Roots are not used for verifying the keys found in the keyfile. They are only used for verifying the certificates of peer entities.

Roots are formatted in SSLeay "PEM" style

Parameters: path the filename containing the root list

saveDHParams

public void saveDHParams(String path, int size, boolean sophieGermainPrimes)
Save DH parameters to disk, generating them if necessary

Parameters: path the file to save to sophieGermainPrimes generate sophieGermainPrimes (VERY slow)

saveEAYKeyFile

public void saveEAYKeyFile(String path, String passphrase)

seedRNG

public void seedRNG(byte[] seed)
Build new RNG based on the indicated seed, or update current RNG

Parameters: seed the seed

storeSession

protected void storeSession(String key, SSLSessionData sd)

useRandomnessFile

public void useRandomnessFile(String file, String passphrase)
use the indicated file for randomness If the file does not exist, it is created.

Parameters: path the file name passphrase the passphrase needed to decrypt/verify the keyfile

Throws: IOException if something goes wrong FileNotFoundException if we're unable to update the file

Copyright (c) 1999-2001 Claymore Systems, Inc., All Rights Reserved.