Package org.opensaml.security.httpclient.impl

Class SecurityEnhancedHttpClientSupport

  • public final class SecurityEnhancedHttpClientSupport
extends Object
    Support class for working with security-enhanced components related to use of HttpClient.

    • Constructor Detail

      • SecurityEnhancedHttpClientSupport

        private SecurityEnhancedHttpClientSupport()
        Constructor.

    • Method Detail

      • buildTLSSocketFactory

        @Nonnull
public static org.apache.http.conn.socket.LayeredConnectionSocketFactory buildTLSSocketFactory()
        Build an instance of TLS-capable LayeredConnectionSocketFactory wrapped by SecurityEnhancedTLSSocketFactory, configured for server TLS based on a mandatory TrustEngine supplied at runtime.

        Equivalent to buildTLSSocketFactory(boolean, boolean) called with true, false.

        Returns:
        a new instance of security-enhanced TLS socket factory

      • buildTLSSocketFactoryWithClientTLS

        @Nonnull
public static org.apache.http.conn.socket.LayeredConnectionSocketFactory buildTLSSocketFactoryWithClientTLS()
        Build an instance of TLS-capable LayeredConnectionSocketFactory wrapped by SecurityEnhancedTLSSocketFactory, configured for server TLS based on a mandatory TrustEngine supplied at runtime, and additionally configured for optional client TLS support via context client TLS credential.

        Equivalent to buildTLSSocketFactory(boolean, boolean) called with true, true.

        Returns:
        a new instance of security-enhanced TLS socket factory

      • buildTLSSocketFactoryWithClientTLSOnly

        @Nonnull
public static org.apache.http.conn.socket.LayeredConnectionSocketFactory buildTLSSocketFactoryWithClientTLSOnly()
        Build an instance of TLS-capable LayeredConnectionSocketFactory wrapped by SecurityEnhancedTLSSocketFactory, configured for optional client TLS support via context client TLS credential.

        Server TLS will be based on the default JSSE trust mechanism.

        Equivalent to buildTLSSocketFactory(boolean, boolean) called with false, true.

        Returns:
        a new instance of security-enhanced TLS socket factory

      • buildTLSSocketFactory

        @Nonnull
public static org.apache.http.conn.socket.LayeredConnectionSocketFactory buildTLSSocketFactory​(boolean supportTrustEngine,
                                                                                               boolean supportClientTLS)
        Build an instance of TLS-capable LayeredConnectionSocketFactory.

        If either supportTrustEngine or supportClientTLS are true, the returned factory will be a instance of SecurityEnhancedTLSSocketFactory wrapping an instance of LayeredConnectionSocketFactory.

        If supportTrustEngine is true, then the wrapped factory will be configured with a X509TrustManager that supports per-request specification of a mandatory server TLS TrustEngine and optional CriteriaSet, as documented in SecurityEnhancedTLSSocketFactory.

        If supportTrustEngine is false, then the wrapped factory will be configured for server TLS based on the default JSSE trust mechanism.

        If supportClientTLS is true, then the wrapped factory will be configured with a X509KeyManager that supports per-request specification of a client TLS credential, as documented in SecurityEnhancedTLSSocketFactory.

        Parameters:
        supportTrustEngine - whether to support server TLS via a context trust engine
        supportClientTLS - whether to support client TLS via a context client credential
        Returns:
        a TLS socket factory