Package uk.gov.dwp.tls
Class TLSConnectionBuilder
- java.lang.Object
-
- uk.gov.dwp.tls.TLSConnectionBuilder
-
public class TLSConnectionBuilder extends Object
-
-
Constructor Summary
Constructors Constructor Description TLSConnectionBuilder(String trustStoreFilename, String trustStorePassword)Constructor for one way server authentication.TLSConnectionBuilder(String trustStoreFilename, String trustStorePassword, String keyStoreFilename, String keyStorePassword)Constructor for 2 way secure TLS connection using a trust store (with associated password) to verify the server certificate and a keystore (with password) to pass back to the server for server-based mutual certificate trust authentication.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description org.apache.http.impl.client.CloseableHttpClientconfigureSSLConnection()Builds and configures the TLS connection based on the available set-up parametersSSLContextcreateAndPopulateContext()Builds and configures the sslContext using the class properties and settingsStringgetKeyStoreFile()StringgetKeyStorePassword()StringgetTrustStoreFile()StringgetTrustStorePassword()
-
-
-
Constructor Detail
-
TLSConnectionBuilder
public TLSConnectionBuilder(String trustStoreFilename, String trustStorePassword, String keyStoreFilename, String keyStorePassword) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IOException, IllegalBlockSizeException
Constructor for 2 way secure TLS connection using a trust store (with associated password) to verify the server certificate and a keystore (with password) to pass back to the server for server-based mutual certificate trust authentication.- Parameters:
trustStoreFilename- - relative or fully qualified path and name of the trust storetrustStorePassword- - trust store passwordkeyStoreFilename- - relative or fully qualified path and name of the key storekeyStorePassword- - the key store password- Throws:
NoSuchPaddingException- - cipher init errorNoSuchAlgorithmException- - cipher init errorInvalidKeyException- - invalid key typeIOException- - cipher init errorIllegalBlockSizeException- - cipher init error
-
TLSConnectionBuilder
public TLSConnectionBuilder(String trustStoreFilename, String trustStorePassword) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IOException, IllegalBlockSizeException
Constructor for one way server authentication. This connection verifies the endpoint is trust worthy by checking the trust store for known certificates or signing authorities against- Parameters:
trustStoreFilename- - relative or fully qualified path and name of the trust storetrustStorePassword- - trust store password- Throws:
NoSuchPaddingException- - cipher init errorNoSuchAlgorithmException- - cipher init errorInvalidKeyException- - invalid key typeIOException- - cipher init errorIllegalBlockSizeException- - cipher init error
-
-
Method Detail
-
createAndPopulateContext
public SSLContext createAndPopulateContext() throws NoSuchAlgorithmException, KeyStoreException, TLSGeneralException, IOException, CertificateException, UnrecoverableKeyException, KeyManagementException
Builds and configures the sslContext using the class properties and settingsIf the keystore file path or the truststore file path are null or empty they will not be included as part of the SSL context setup. If the path is not null it will be checked for validity with a TLS exception being thrown if the path does not point to a real file.
- Returns:
- The configured sslContext object
- Throws:
KeyStoreException- - keystore is not correctly configuredIOException- - truststore/keystore files do not existCertificateException- - bad certNoSuchAlgorithmException- - bad certUnrecoverableKeyException- - keystore internal errorKeyManagementException- - general keystore exceptionTLSGeneralException- - TLSConnectionBuilder exception
-
configureSSLConnection
public org.apache.http.impl.client.CloseableHttpClient configureSSLConnection() throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException, TLSGeneralExceptionBuilds and configures the TLS connection based on the available set-up parametersIf the keystore file path or the truststore file path are null or empty they will not be included as part of the SSL context setup. If the path is not null it will be checked for validity with a TLS exception being thrown if the path does not point to a real file. s
- Returns:
- The configured secure Https client connection
- Throws:
KeyStoreException- - keystore is not correctly configuredIOException- - truststore/keystore files do not existCertificateException- - bad certNoSuchAlgorithmException- - bad certUnrecoverableKeyException- - keystore internal errorKeyManagementException- - general keystore exceptionTLSGeneralException- - TLSConnectionBuilder exception
-
getTrustStoreFile
public String getTrustStoreFile()
-
getTrustStorePassword
public String getTrustStorePassword()
-
getKeyStorePassword
public String getKeyStorePassword()
-
getKeyStoreFile
public String getKeyStoreFile()
-
-