uk.gov.dwp.tls

Class TLSConnectionBuilder

java.lang.Object

uk.gov.dwp.tls.TLSConnectionBuilder

public class TLSConnectionBuilder
extends Object

Constructor Summary

Constructors

Constructor and Description
TLSConnectionBuilder(String trustStoreFilename, String trustStorePassword) Constructor for one way server authentication.
TLSConnectionBuilder(String trustStoreFilename, String trustStorePassword, String keyStoreFilename, String keyStorePassword) Constructor for 2 way secure TLS connection using a trust store (with associated password) to verify the server certificate and a keystore (with password) to pass back to the server for server-based mutual certificate trust authentication

Method Summary

Modifier and Type	Method and Description
org.apache.http.impl.client.CloseableHttpClient	configureSSLConnection() Builds and configures the TLS connection based on the available set-up parameters
SSLContext	createAndPopulateContext() Builds and configures the sslContext using the class properties and settings
String	getKeyStoreFile()
String	getKeyStorePassword()
String	getTrustStoreFile()
String	getTrustStorePassword()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

TLSConnectionBuilder

public TLSConnectionBuilder(String trustStoreFilename,
                            String trustStorePassword,
                            String keyStoreFilename,
                            String keyStorePassword)

Constructor for 2 way secure TLS connection using a trust store (with associated password) to verify the server certificate and a keystore (with password) to pass back to the server for server-based mutual certificate trust authentication

Parameters:

trustStoreFilename - - relative or fully qualified path and name of the trust store

trustStorePassword - - trust store password

keyStoreFilename - - relative or fully qualified path and name of the key store

keyStorePassword - - the key store password

TLSConnectionBuilder

public TLSConnectionBuilder(String trustStoreFilename,
                            String trustStorePassword)

Constructor for one way server authentication. This connection verifies the endpoint is trust worthy by checking the trust store for known certificates or signing authorities against

Parameters:

trustStoreFilename - - relative or fully qualified path and name of the trust store

trustStorePassword - - trust store password

Method Detail

createAndPopulateContext

public SSLContext createAndPopulateContext()
                                    throws NoSuchAlgorithmException,
                                           KeyStoreException,
                                           TLSGeneralException,
                                           IOException,
                                           CertificateException,
                                           UnrecoverableKeyException,
                                           KeyManagementException

Builds and configures the sslContext using the class properties and settings

If the keystore file path or the truststore file path are null or empty they will not be included as part of the SSL context setup. If the path is not null it will be checked for validity with a TLS exception being thrown if the path does not point to a real file.

Returns:

The configured sslContext object

Throws:

KeyStoreException - - keystore is not correctly configured

IOException - - truststore/keystore files do not exist

CertificateException - - bad cert

NoSuchAlgorithmException - - bad cert

UnrecoverableKeyException - - keystore internal error

KeyManagementException - - general keystore exception

TLSGeneralException - - TLSConnectionBuilder exception

configureSSLConnection

public org.apache.http.impl.client.CloseableHttpClient configureSSLConnection()
                                                                       throws KeyStoreException,
                                                                              IOException,
                                                                              CertificateException,
                                                                              NoSuchAlgorithmException,
                                                                              UnrecoverableKeyException,
                                                                              KeyManagementException,
                                                                              TLSGeneralException

Builds and configures the TLS connection based on the available set-up parameters

If the keystore file path or the truststore file path are null or empty they will not be included as part of the SSL context setup. If the path is not null it will be checked for validity with a TLS exception being thrown if the path does not point to a real file. s

Returns:

The configured secure Https client connection

Throws:

KeyStoreException - - keystore is not correctly configured

IOException - - truststore/keystore files do not exist

CertificateException - - bad cert

NoSuchAlgorithmException - - bad cert

UnrecoverableKeyException - - keystore internal error

KeyManagementException - - general keystore exception

TLSGeneralException - - TLSConnectionBuilder exception

getTrustStoreFile

public String getTrustStoreFile()

getTrustStorePassword

public String getTrustStorePassword()

getKeyStorePassword

public String getKeyStorePassword()

getKeyStoreFile

public String getKeyStoreFile()