COM.claymoresystems.ptls
public class SSLContext extends SSLContextInt
For clients, it is legal to merely create an SSLContext and use it immediately, though it is advisable to set the SSLPolicy.
Since servers must have keying material to operate, all SSLContexts which are to be used for servers must be initialized using loadEAYKeyFile() or loadPKS12KeyFile().
Currently, SSLContext supports only one key at a time and loading a new keyfile overrides any exiting keys/certificates. Future implementations may support multiple keys automatically selected based on the cipherSuite.
Method Summary | |
---|---|
protected void | destroySession(String sessionLookupKey) |
protected SSLSessionData | findSession(String key) |
void | loadDHParams(String path) Load the DH parameters structure from a file |
void | loadDHParams(InputStream is) Load a DH parameters structure from disk.
|
void | loadEAYKeyFile(String path, String passphrase) Load a subset of SSLeay keyfiles.
|
void | loadEAYKeyFile(InputStream is, String passphrase) Load a subset of SSLeay keyfiles.
|
void | loadPKCS12File(String path, String passphrase) Load keying material from the indicated PKCS12/PFX keyfile,
using the passphrase passed in |
void | loadRootCertificates(String path) Load a list of acceptable roots.
|
void | loadRootCertificates(InputStream is) Load a list of acceptable roots.
|
void | saveDHParams(String path, int size, boolean sophieGermainPrimes) Save DH parameters to disk, generating them if necessary |
void | saveEAYKeyFile(String path, String passphrase) |
void | seedRNG(byte[] seed) Build new RNG based on the indicated seed, or
update current RNG |
protected void | storeSession(String key, SSLSessionData sd) |
void | useRandomnessFile(String file, String passphrase) use the indicated file for randomness
If the file does not exist, it is created. |
Parameters: path the file
Parameters: is the params file
We assume that the first key is bound to the first group of certificates
We assume that any certificates we find are strictly ordered from the user's certificate to the root.
Parameters: path the filename for the fiel passphrase the passphrase needed to decrypt the private key
Throws: IOException if the keyfile is badly formatted FileNotFoundException if the keyfile doesn't exist
We assume that the first key is bound to the first group of certificates
We assume that any certificates we find are strictly ordered from the user's certificate to the root.
Parameters: is the file passphrase the passphrase needed to decrypt the private key
Throws: IOException if the keyfile is badly formatted FileNotFoundException if the keyfile doesn't exist
Parameters: path the filename for the keyfile passphrase the passphrase needed to decrypt/verify the keyfile Currently not implemented
Roots are not used for verifying the keys found in the keyfile. They are only used for verifying the certificates of peer entities.
Roots are formatted in SSLeay "PEM" style
Parameters: path the filename containing the root list
Roots are not used for verifying the keys found in the keyfile. They are only used for verifying the certificates of peer entities.
Roots are formatted in SSLeay "PEM" style
Parameters: path the filename containing the root list
Parameters: path the file to save to sophieGermainPrimes generate sophieGermainPrimes (VERY slow)
Parameters: seed the seed
Parameters: path the file name passphrase the passphrase needed to decrypt/verify the keyfile
Throws: IOException if something goes wrong FileNotFoundException if we're unable to update the file