|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object com.novell.zos.tls.TlsConfiguration
public class TlsConfiguration
TLS Configuration Parameters for ZOS clients.
This class holds various TLS-related configuration parameters used by ZOS clients to connect to the server. By passing an instance of this class to the ZOS client API upon login, or by setting global defaults, the behavior and usage of Transport Layer Security (TLS) can be modified by client writers.
The factory default behavior for ZOS clients and agents is to enable TLS, with the level of encryption specified by the server upon client connection. By default, "client" (as opposed to "agent") connection mode is assumed.
This class is fully cloneable and serializable. It is recommended
that the type-safe TlsConfiguration.copy()
method be used for cloning.
The following is a simple example of the usage of this class to configure TLS support on a client connection to a ZOS server:
import com.novell.zos.tls.TlsConfiguration; import com.novell.zos.grid.ClientAgent; import com.novell.zos.grid.Credential; import com.novell.zos.toolkit.CredentialFactory; ... TlsConfiguration tlsConfig = new TlsConfiguration(); tlsConfig.setCertificatePath("/tmp"); Credential cred = CredentialFactory.newPasswordCredential("user", "pass".toCharArray()); ClientAgent client = ClientAgentFactory.newClientAgent("127.0.0.1"); client.setTlsConfiguration(tlsConfig); client.login(cred); System.out.println("Logged In");
If custom handling of unknown or mismatched server certificates is
required by the client, then add a call to TlsConfiguration.setCallbacks(TlsCallbacks)
with an instance of TlsCallbacks
providing methods for handling
each of those cases.
If certain TLS parameters will always be the same for all instances (i.e. they were specified on a global command line at JVM launch) then those parameters can be specified as "global defaults" using the "setDefault*" versions of the various methods of this class. This may be used to avoid passing global configuration parameters among many different objects.
Field Summary | |
---|---|
static int |
TLS_LEVEL_DISABLED
TLS level indicating that TLS will not be used by the client. |
static int |
TLS_LEVEL_ENABLED
TLS level indicating that TLS will be used by the client. |
static int |
TLS_LEVEL_SERVER
TLS level indicating that TLS usage will be specified by the server. |
Constructor Summary | |
---|---|
TlsConfiguration()
Create a new TlsConfiguration instance with default parameters. |
Method Summary | |
---|---|
Object |
clone()
Implement the Cloneable interface. |
TlsConfiguration |
copy()
Create a new clone of the current instance. |
TlsCallbacks |
getCallbacks()
Get the global default callbacks. |
String |
getCertificateFile()
Return the certificate file base name for this instance. |
String |
getCertificatePath()
Return the certificate directory path for this instance. |
long |
getConnectionTimeout()
Set the connection timeout for this instance. |
static TlsCallbacks |
getDefaultCallbacks()
Get the global default callbacks. |
static String |
getDefaultCertificateFile()
Return the global default certificate file base name. |
static String |
getDefaultCertificatePath()
Get the global default TLS certificate directory. |
static long |
getDefaultConnectionTimeout()
Return the global default connection timeout. |
static int |
getDefaultTlsLevel()
Return the global default TLS configuration level. |
static int |
getDefaultTlsPort()
Return the global default TCP port for TLS connections. |
int |
getTlsLevel()
Return the TLS configuration level for this instance. |
int |
getTlsPort()
Return the TCP port to use for connections established via this instance. |
boolean |
isAgentMode()
Return the agent mode flag for this instance. |
static boolean |
isDefaultAgentMode()
Return the global default agent mode. |
static boolean |
isDefaultTlsAware()
Returns the global default "TLS Aware" flag. |
boolean |
isTlsAware()
Return the "TLS Aware" flag for this instance. |
void |
setAgentMode(boolean mode)
Set the agent mode flag for this instance. |
void |
setCallbacks(TlsCallbacks callbacks)
Set the global default callbacks. |
void |
setCertificateFile(String filename)
Set the certificate file base name for this instance. |
void |
setCertificatePath(String pathname)
Set the certificate directory path for this instance. |
void |
setConnectionTimeout(long timeout)
Set the connection timeout for this instance. |
static void |
setDefaultAgentMode(boolean mode)
Set the global default agent mode. |
static void |
setDefaultCallbacks(TlsCallbacks callbacks)
Set the global default callbacks. |
static void |
setDefaultCertificateFile(String filename)
Set the global default certificate file base name. |
static void |
setDefaultCertificatePath(String pathname)
Set the global default TLS certificate directory. |
static void |
setDefaultConnectionTimeout(long timeout)
Set the global default connection timeout. |
static void |
setDefaultTlsAware(boolean aware)
Set the global default "TLS Aware" flag. |
static void |
setDefaultTlsLevel(int level)
Set the global default TLS configuration level. |
static void |
setDefaultTlsPort(int port)
Set the global default TCP port for TLS connections. |
void |
setTlsAware(boolean aware)
Set the "TLS Aware" flag for this instance. |
void |
setTlsLevel(int level)
Set the TLS configuration level for this instance. |
void |
setTlsPort(int port)
Set the TCP port to use for connections established via this instance. |
Methods inherited from class java.lang.Object |
---|
equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final int TLS_LEVEL_DISABLED
public static final int TLS_LEVEL_ENABLED
public static final int TLS_LEVEL_SERVER
Constructor Detail |
---|
public TlsConfiguration()
TlsConfiguration
instance with default parameters.
The new instance will be populated with the current global defaults.
Method Detail |
---|
public TlsConfiguration copy()
Returns a new TlsConfiguration
instance containing the
same parameter values as the current instance.
public Object clone()
Cloneable
interface.
Calls the TlsConfiguration.copy()
method and returns the cloned copy
as an Object
instance. The preferred method to clone an
instance is to call TlsConfiguration.copy()
, since it is type-safe.
clone
in class Object
public static void setDefaultCallbacks(TlsCallbacks callbacks)
Sets the TlsCallbacks
instance to use by default for
certificate callbacks. TlsConfiguration.setCallbacks(TlsCallbacks)
overrides this
value on a per-instance basis.
If the callbacks instance is set to null
, then no
default callbacks are made on certificate exceptions.
callbacks
- New global default callbacks instance.public static TlsCallbacks getDefaultCallbacks()
Returns the TlsCallbacks
instance used by default for
certificate callbacks. TlsConfiguration.setCallbacks(TlsCallbacks)
overrides this
value on a per-instance basis.
If the callbacks instance is set to null
, then no
default callbacks are made on certificate exceptions.
public void setCallbacks(TlsCallbacks callbacks)
Sets the TlsCallbacks
instance to use by default for
certificate callbacks. TlsConfiguration.setCallbacks(TlsCallbacks)
overrides this
value on a per-instance basis.
If the callbacks instance is set to null
, then no
default callbacks are made on certificate exceptions.
callbacks
- New global default callbacks instance.public TlsCallbacks getCallbacks()
Returns the TlsCallbacks
instance used by default for
certificate callbacks. TlsConfiguration.setCallbacks(TlsCallbacks)
overrides this
value on a per-instance basis.
If the callbacks instance is set to null
, then no
default callbacks are made on certificate exceptions.
public static void setDefaultCertificatePath(String pathname)
Sets the static global default certificate directory path to
pathname
. The specified directory becomes the default
certificate path for all new TlsConfiguration
instances
created after this static method is called.
pathname
- The new global default certificate directory path.public static String getDefaultCertificatePath()
Returns the static global default certificate directory path
set via a previous call to TlsConfiguration.setDefaultCertificatePath(String)
.
If a default path has not yet been set then this method returns
null
. The global default certificate path is assigned as
the certificate path for all new instances of this class.
public void setCertificatePath(String pathname)
Sets the path name of the directory in which TLS certificates
are found and stored. Filenames specified via the
TlsConfiguration.setCertificateFile(String)
method are relative to this
path.
pathname
- The certificate directory path for this instance.public String getCertificatePath()
Returns the path name of the directory in which TLS certificates
are found and stored. Filenames specified via the
TlsConfiguration.setCertificateFile(String)
method are relative to this
path.
If neither an instance certificate path nor a global default
certificate path have been set, then this method returns
null
.
public static void setDefaultCertificateFile(String filename)
Sets the default base name for certificate files. This base name
will be set as the default certificate file base name for all new
instances of TlsConfiguration
created after the call to this
method.
filename
- The default basename for certificate files.TlsConfiguration.setCertificateFile(String)
,
TlsConfiguration.getCertificateFile()
public static String getDefaultCertificateFile()
Returns the default base name for certificate files. All new
instances of TlsConfiguration
use the base name returned
by this method as the default certificate file base name.
TlsConfiguration.setCertificateFile(String)
,
TlsConfiguration.getCertificateFile()
public void setCertificateFile(String filename)
Sets the base name of the server certificate file to use when
establishing connections to the remote host. The full path to the
certificate file may be obtained by concatenating the return value of
TlsConfiguration.getCertificatePath()
and TlsConfiguration.getCertificateFile()
.
filename
- The new certificate base filename for this instance.public String getCertificateFile()
Returns the base name of the server certificate file to use when
establishing connections to the remote host. The full path to the
certificate file may be obtained by concatenating the return value of
TlsConfiguration.getCertificatePath()
and TlsConfiguration.getCertificateFile()
.
This method may return null
if default or instance value of
the certificate file name has yet been specified.
public static void setDefaultTlsPort(int port) throws IllegalArgumentException
Sets the global port number to be used for all new instances of
TlsConfiguration
created after calling this method.
port
- The global default TCP port number for TLS connections.
IllegalArgumentException
- Thrown if port
is not a valid TCP/IP port number in the range
[0..65535].public static int getDefaultTlsPort()
Returns the global port number to be used for all new instances of
TlsConfiguration
.
public void setTlsPort(int port) throws IllegalArgumentException
Sets the TCP to be used when establishing a new TLS socket using
this TlsConfiguration
instance.
port
- The TCP port to use for connections established via this instance.
IllegalArgumentException
- Thrown if port
is not a valid TCP/IP port number in the range
[0..65535].public int getTlsPort()
Returns the TCP to be used when establishing a new TLS socket using
this TlsConfiguration
instance.
public static void setDefaultConnectionTimeout(long timeout)
Sets the default connection timeout to use for all new instances of
TlsConfiguration
after the call to this method.
The connection timeout is used when creating a socket to place a hard limit on the time spent waiting for a connection to an unreachable remote host before aborting the connection attempt.
timeout
- The global default connection timeout.public static long getDefaultConnectionTimeout()
Returns the default connection timeout to use for all new instances of
TlsConfiguration
.
The connection timeout is used when creating a socket to place a hard limit on the time spent waiting for a connection to an unreachable remote host before aborting the connection attempt.
public void setConnectionTimeout(long timeout)
Sets the socket connection timeout for this instance.
The connection timeout is used when creating a socket to place a hard limit on the time spent waiting for a connection to an unreachable remote host before aborting the connection attempt.
timeout
- The connection timeout for this instance.public long getConnectionTimeout()
Sets the socket connection timeout for this instance.
The connection timeout is used when creating a socket to place a hard limit on the time spent waiting for a connection to an unreachable remote host before aborting the connection attempt.
public static void setDefaultTlsLevel(int level) throws IllegalArgumentException
Sets the default TLS configuration level to use for all new instances
of TlsConfiguration
created after the call to this method.
The TLS configuration level is one of: TlsConfiguration.TLS_LEVEL_DISABLED
,
TlsConfiguration.TLS_LEVEL_ENABLED
, or TlsConfiguration.TLS_LEVEL_SERVER
.
level
- The global default TLS configuration level.
IllegalArgumentException
- Thrown if an unknown value is supplied for level
public static int getDefaultTlsLevel()
Returns the default TLS configuration level to use for all new instances
of TlsConfiguration
.
The TLS configuration level is one of: TlsConfiguration.TLS_LEVEL_DISABLED
,
TlsConfiguration.TLS_LEVEL_ENABLED
, or TlsConfiguration.TLS_LEVEL_SERVER
.
public void setTlsLevel(int level) throws IllegalArgumentException
Sets the TLS configuration level for sockets established via this instance.
The TLS configuration level is one of: TlsConfiguration.TLS_LEVEL_DISABLED
,
TlsConfiguration.TLS_LEVEL_ENABLED
, or TlsConfiguration.TLS_LEVEL_SERVER
.
level
- The TLS configuration level for this instance.
IllegalArgumentException
- Thrown if an unknown value is supplied for level
public int getTlsLevel()
Returns the TLS configuration level for sockets established via this instance.
The TLS configuration level is one of: TlsConfiguration.TLS_LEVEL_DISABLED
,
TlsConfiguration.TLS_LEVEL_ENABLED
, or TlsConfiguration.TLS_LEVEL_SERVER
.
public static void setDefaultTlsAware(boolean aware)
Sets the global "TLS Aware" flag to be used by all new instances of
TlsConfiguration
after the call to this method.
This flag can be used to enable and/or disable TLS functionality while also preserving user-specified TLS configuration parameters.
aware
- Boolean value which, if true, indicates that the client is "TLS Aware".public static boolean isDefaultTlsAware()
Returns the global "TLS Aware" flag to be used by all new instances of
TlsConfiguration
This flag can be used to enable and/or disable TLS functionality while also preserving user-specified TLS configuration parameters.
public void setTlsAware(boolean aware)
Sets the "TLS Aware" flag for this instance.
This flag can be used to enable and/or disable TLS functionality while also preserving user-specified TLS configuration parameters.
aware
- If true
, indicates that the client is "TLS Aware".public boolean isTlsAware()
Returns the "TLS Aware" flag for this instance.
This flag can be used to enable and/or disable TLS functionality while also preserving user-specified TLS configuration parameters.
true
, indicates that the client is "TLS Aware".public static void setDefaultAgentMode(boolean mode)
Sets the global default agent mode to be used by all new instances
of TlsConfiguration
created after the call to this method.
The agent mode flag should only be set to true
for the
ZOS Agent. All other clients should use the default value of
false
to indicate ZOS "client mode".
mode
- If true
then the client is a ZOS node/agent.public static boolean isDefaultAgentMode()
Returns the global default agent mode to be used by all new instances
of TlsConfiguration
The agent mode flag should only be set to true
for the
ZOS Agent. All other clients should use the default value of
false
to indicate ZOS "client mode".
true
then the client is a ZOS node/agent.public void setAgentMode(boolean mode)
Sets agent mode flag for this instance to indicate whether the client is a normal ZOS client or an agent/node.
The agent mode flag should only be set to true
for the
ZOS Agent/Node. All other clients should use the default value of
false
to indicate ZOS "client mode".
mode
- If true
then the client is a ZOS node/agent.public boolean isAgentMode()
Returns agent mode flag for this instance to indicate whether the client is a normal ZOS client or an agent/node.
The agent mode flag should only be set to true
for the
ZOS Agent/Node. All other clients should use the default value of
false
to indicate ZOS "client mode".
true
then the client is a ZOS node/agent.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |