COM.claymoresystems.ptls
Class SSLContext

java.lang.Object
  extended by COM.claymoresystems.sslg.SSLContextInt
      extended by COM.claymoresystems.ptls.SSLContext

public class SSLContext
extends SSLContextInt

SSLContext holds all state relevant to more than one SSL Session/ Connection. In particular, it's the access point for user keying material, user policy settings, and the session cache.

For clients, it is legal to merely create an SSLContext and use it immediately, though it is advisable to set the SSLPolicy.

Since servers must have keying material to operate, all SSLContexts which are to be used for servers must be initialized using loadEAYKeyFile() or loadPKS12KeyFile().

Currently, SSLContext supports only one key at a time and loading a new keyfile overrides any exiting keys/certificates. Future implementations may support multiple keys automatically selected based on the cipherSuite.


Field Summary
 
Fields inherited from class COM.claymoresystems.sslg.SSLContextInt
policy
 
Constructor Summary
SSLContext()
           
 
Method Summary
protected  void destroySession(java.lang.String sessionLookupKey)
           
protected  COM.claymoresystems.ptls.SSLSessionData findSession(java.lang.String key)
           
 void loadDHParams(java.io.InputStream is)
          Load a DH parameters structure from disk.
 void loadDHParams(java.lang.String path)
          Load the DH parameters structure from a file
 void loadEAYKeyFile(java.io.InputStream is, java.lang.String passphrase)
          Load a subset of SSLeay keyfiles.
 void loadEAYKeyFile(java.lang.String path, java.lang.String passphrase)
          Load a subset of SSLeay keyfiles.
 void loadPKCS12File(java.lang.String path, java.lang.String passphrase)
          Load keying material from the indicated PKCS12/PFX keyfile, using the passphrase passed in
 void loadRootCertificates(java.io.InputStream is)
          Load a list of acceptable roots.
 void loadRootCertificates(java.lang.String path)
          Load a list of acceptable roots.
 void saveDHParams(java.lang.String path, int size, boolean sophieGermainPrimes)
          Save DH parameters to disk, generating them if necessary
 void saveEAYKeyFile(java.lang.String path, java.lang.String passphrase)
           
 void seedRNG(byte[] seed)
          Build new RNG based on the indicated seed, or update current RNG
protected  void storeSession(java.lang.String key, COM.claymoresystems.ptls.SSLSessionData sd)
           
 void useRandomnessFile(java.lang.String file, java.lang.String passphrase)
          use the indicated file for randomness If the file does not exist, it is created.
 
Methods inherited from class COM.claymoresystems.sslg.SSLContextInt
getPolicy, setPolicy
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SSLContext

public SSLContext()
Method Detail

seedRNG

public void seedRNG(byte[] seed)
Build new RNG based on the indicated seed, or update current RNG

Parameters:
seed - the seed

useRandomnessFile

public void useRandomnessFile(java.lang.String file,
                              java.lang.String passphrase)
                       throws java.io.IOException,
                              java.io.FileNotFoundException
use the indicated file for randomness If the file does not exist, it is created.

Specified by:
useRandomnessFile in class SSLContextInt
Parameters:
path - the file name
passphrase - the passphrase needed to decrypt/verify the keyfile
Throws:
java.io.IOException - if something goes wrong
java.io.FileNotFoundException - if we're unable to update the file

loadPKCS12File

public void loadPKCS12File(java.lang.String path,
                           java.lang.String passphrase)
Load keying material from the indicated PKCS12/PFX keyfile, using the passphrase passed in

Specified by:
loadPKCS12File in class SSLContextInt
Parameters:
path - the filename for the keyfile
passphrase - the passphrase needed to decrypt/verify the keyfile Currently not implemented

loadEAYKeyFile

public void loadEAYKeyFile(java.lang.String path,
                           java.lang.String passphrase)
                    throws java.io.FileNotFoundException,
                           java.io.IOException
Load a subset of SSLeay keyfiles.

We assume that the first key is bound to the first group of certificates

We assume that any certificates we find are strictly ordered from the user's certificate to the root.

Specified by:
loadEAYKeyFile in class SSLContextInt
Parameters:
path - the filename for the fiel
passphrase - the passphrase needed to decrypt the private key
Throws:
java.io.IOException - if the keyfile is badly formatted
java.io.FileNotFoundException - if the keyfile doesn't exist

loadEAYKeyFile

public void loadEAYKeyFile(java.io.InputStream is,
                           java.lang.String passphrase)
                    throws java.io.IOException
Load a subset of SSLeay keyfiles.

We assume that the first key is bound to the first group of certificates

We assume that any certificates we find are strictly ordered from the user's certificate to the root.

Specified by:
loadEAYKeyFile in class SSLContextInt
Parameters:
is - the file
passphrase - the passphrase needed to decrypt the private key
Throws:
java.io.IOException - if the keyfile is badly formatted
java.io.FileNotFoundException - if the keyfile doesn't exist

saveEAYKeyFile

public void saveEAYKeyFile(java.lang.String path,
                           java.lang.String passphrase)
                    throws java.io.IOException,
                           java.io.FileNotFoundException
Specified by:
saveEAYKeyFile in class SSLContextInt
Throws:
java.io.IOException
java.io.FileNotFoundException

loadRootCertificates

public void loadRootCertificates(java.lang.String path)
                          throws java.io.FileNotFoundException,
                                 java.io.IOException
Load a list of acceptable roots.

Roots are not used for verifying the keys found in the keyfile. They are only used for verifying the certificates of peer entities.

Roots are formatted in SSLeay "PEM" style

Specified by:
loadRootCertificates in class SSLContextInt
Parameters:
path - the filename containing the root list
Throws:
java.io.FileNotFoundException
java.io.IOException

loadRootCertificates

public void loadRootCertificates(java.io.InputStream is)
                          throws java.io.IOException
Load a list of acceptable roots.

Roots are not used for verifying the keys found in the keyfile. They are only used for verifying the certificates of peer entities.

Roots are formatted in SSLeay "PEM" style

Specified by:
loadRootCertificates in class SSLContextInt
Parameters:
path - the filename containing the root list
Throws:
java.io.IOException

loadDHParams

public void loadDHParams(java.lang.String path)
                  throws java.io.FileNotFoundException,
                         java.io.IOException
Load the DH parameters structure from a file

Specified by:
loadDHParams in class SSLContextInt
Parameters:
path - the file
Throws:
java.io.FileNotFoundException
java.io.IOException

loadDHParams

public void loadDHParams(java.io.InputStream is)
                  throws java.io.IOException
Load a DH parameters structure from disk. This saves the time consuming prime generation phase

Specified by:
loadDHParams in class SSLContextInt
Parameters:
is - the params file
Throws:
java.io.IOException

saveDHParams

public void saveDHParams(java.lang.String path,
                         int size,
                         boolean sophieGermainPrimes)
                  throws java.io.IOException,
                         java.io.FileNotFoundException
Save DH parameters to disk, generating them if necessary

Specified by:
saveDHParams in class SSLContextInt
Parameters:
path - the file to save to
sophieGermainPrimes - generate sophieGermainPrimes (VERY slow)
Throws:
java.io.IOException
java.io.FileNotFoundException

storeSession

protected void storeSession(java.lang.String key,
                            COM.claymoresystems.ptls.SSLSessionData sd)

findSession

protected COM.claymoresystems.ptls.SSLSessionData findSession(java.lang.String key)

destroySession

protected void destroySession(java.lang.String sessionLookupKey)


Copyright (c) 1999-2001 Claymore Systems, Inc., All Rights Reserved.