COM.claymoresystems.ptls

Class SSLContext


public class SSLContext
extends SSLContextInt

SSLContext holds all state relevant to more than one SSL Session/ Connection. In particular, it's the access point for user keying material, user policy settings, and the session cache.

For clients, it is legal to merely create an SSLContext and use it immediately, though it is advisable to set the SSLPolicy.

Since servers must have keying material to operate, all SSLContexts which are to be used for servers must be initialized using loadEAYKeyFile() or loadPKS12KeyFile().

Currently, SSLContext supports only one key at a time and loading a new keyfile overrides any exiting keys/certificates. Future implementations may support multiple keys automatically selected based on the cipherSuite.

Field Summary

Fields inherited from class COM.claymoresystems.sslg.SSLContextInt

policy

Method Summary

protected void
destroySession(String sessionLookupKey)
protected COM.claymoresystems.ptls.SSLSessionData
findSession(String key)
void
loadDHParams(InputStream is)
Load a DH parameters structure from disk.
void
loadDHParams(String path)
Load the DH parameters structure from a file
void
loadEAYKeyFile(InputStream is, String passphrase)
Load a subset of SSLeay keyfiles.
void
loadEAYKeyFile(String path, String passphrase)
Load a subset of SSLeay keyfiles.
void
loadPKCS12File(String path, String passphrase)
Load keying material from the indicated PKCS12/PFX keyfile, using the passphrase passed in
void
loadRootCertificates(InputStream is)
Load a list of acceptable roots.
void
loadRootCertificates(String path)
Load a list of acceptable roots.
void
saveDHParams(String path, int size, boolean sophieGermainPrimes)
Save DH parameters to disk, generating them if necessary
void
saveEAYKeyFile(String path, String passphrase)
void
seedRNG(byte[] seed)
Build new RNG based on the indicated seed, or update current RNG
protected void
storeSession(String key, COM.claymoresystems.ptls.SSLSessionData sd)
void
useRandomnessFile(String file, String passphrase)
use the indicated file for randomness If the file does not exist, it is created.

Methods inherited from class COM.claymoresystems.sslg.SSLContextInt

getPolicy, loadDHParams, loadDHParams, loadEAYKeyFile, loadEAYKeyFile, loadPKCS12File, loadRootCertificates, loadRootCertificates, saveDHParams, saveEAYKeyFile, setPolicy, useRandomnessFile

Method Details

destroySession

protected void destroySession(String sessionLookupKey)

findSession

protected COM.claymoresystems.ptls.SSLSessionData findSession(String key)

loadDHParams

public void loadDHParams(InputStream is)
            throws java.io.IOException
Load a DH parameters structure from disk. This saves the time consuming prime generation phase
Overrides:
loadDHParams in interface SSLContextInt
Parameters:
is - the params file

loadDHParams

public void loadDHParams(String path)
            throws FileNotFoundException,
                   IOException
Load the DH parameters structure from a file
Overrides:
loadDHParams in interface SSLContextInt
Parameters:
path - the file

loadEAYKeyFile

public void loadEAYKeyFile(InputStream is,
                           String passphrase)
            throws IOException
Load a subset of SSLeay keyfiles.

We assume that the first key is bound to the first group of certificates

We assume that any certificates we find are strictly ordered from the user's certificate to the root.

Overrides:
loadEAYKeyFile in interface SSLContextInt
Parameters:
is - the file
passphrase - the passphrase needed to decrypt the private key

loadEAYKeyFile

public void loadEAYKeyFile(String path,
                           String passphrase)
            throws FileNotFoundException,
                   IOException
Load a subset of SSLeay keyfiles.

We assume that the first key is bound to the first group of certificates

We assume that any certificates we find are strictly ordered from the user's certificate to the root.

Overrides:
loadEAYKeyFile in interface SSLContextInt
Parameters:
path - the filename for the fiel
passphrase - the passphrase needed to decrypt the private key

loadPKCS12File

public void loadPKCS12File(String path,
                           String passphrase)
Load keying material from the indicated PKCS12/PFX keyfile, using the passphrase passed in
Overrides:
loadPKCS12File in interface SSLContextInt
Parameters:
path - the filename for the keyfile
passphrase - the passphrase needed to decrypt/verify the keyfile Currently not implemented

loadRootCertificates

public void loadRootCertificates(InputStream is)
            throws java.io.IOException
Load a list of acceptable roots.

Roots are not used for verifying the keys found in the keyfile. They are only used for verifying the certificates of peer entities.

Roots are formatted in SSLeay "PEM" style

Overrides:
loadRootCertificates in interface SSLContextInt
Parameters:

loadRootCertificates

public void loadRootCertificates(String path)
            throws FileNotFoundException,
                   IOException
Load a list of acceptable roots.

Roots are not used for verifying the keys found in the keyfile. They are only used for verifying the certificates of peer entities.

Roots are formatted in SSLeay "PEM" style

Overrides:
loadRootCertificates in interface SSLContextInt
Parameters:
path - the filename containing the root list

saveDHParams

public void saveDHParams(String path,
                         int size,
                         boolean sophieGermainPrimes)
            throws java.io.IOException,
                   FileNotFoundException
Save DH parameters to disk, generating them if necessary
Overrides:
saveDHParams in interface SSLContextInt
Parameters:
path - the file to save to
sophieGermainPrimes - generate sophieGermainPrimes (VERY slow)

saveEAYKeyFile

public void saveEAYKeyFile(String path,
                           String passphrase)
            throws IOException,
                   FileNotFoundException
Overrides:
saveEAYKeyFile in interface SSLContextInt

seedRNG

public void seedRNG(byte[] seed)
Build new RNG based on the indicated seed, or update current RNG
Parameters:
seed - the seed

storeSession

protected void storeSession(String key,
                            COM.claymoresystems.ptls.SSLSessionData sd)

useRandomnessFile

public void useRandomnessFile(String file,
                              String passphrase)
            throws IOException,
                   FileNotFoundException
use the indicated file for randomness If the file does not exist, it is created.
Overrides:
useRandomnessFile in interface SSLContextInt
Parameters:
passphrase - the passphrase needed to decrypt/verify the keyfile

Copyright (c) 1999-2001 Claymore Systems, Inc., All Rights Reserved.