org.opensaml.security.httpclient.impl

Class BasicHttpClientSecurityConfiguration

java.lang.Object

org.opensaml.security.httpclient.impl.BasicHttpClientSecurityConfiguration

All Implemented Interfaces:

HttpClientSecurityConfiguration

public class BasicHttpClientSecurityConfiguration
extends Object
implements HttpClientSecurityConfiguration

Basic implementation of HttpClientSecurityConfiguration.

Field Summary

Fields

Modifier and Type	Field and Description
private X509Credential	clientTLSCredential The X509 credential used for client TLS.
private CredentialsProvider	credentialsProvider HttpClient credentials provider.
private X509HostnameVerifier	hostnameVerifier The hostname verifier.
private Boolean	serverTLSFailureFatal Flag indicating whether failure of server TLS trust engine evaluation should be treated as a fatal error.
private List<String>	tlsCipherSuites TLS cipher suites.
private List<String>	tlsProtocols TLS Protocols.
private TrustEngine<? super X509Credential>	tlsTrustEngine Optional trust engine used in evaluating server TLS credentials.

Constructor Summary

Constructors

Constructor and Description
BasicHttpClientSecurityConfiguration()

Method Summary

Methods

Modifier and Type	Method and Description
X509Credential	getClientTLSCredential() Get the optional client TLS credential.
CredentialsProvider	getCredentialsProvider() Get an instance of CredentialsProvider used for authentication by the HttpClient instance.
X509HostnameVerifier	getHostnameVerifier() Get the optional hostname verifier.
List<String>	getTLSCipherSuites() Get the optional list of TLS cipher suites.
List<String>	getTLSProtocols() Get the optional list of TLS protocols.
TrustEngine<? super X509Credential>	getTLSTrustEngine() Sets the optional trust engine used in evaluating server TLS credentials.
Boolean	isServerTLSFailureFatal() Get the flag indicating whether failure of server TLS trust engine evaluation should be treated as a fatal error.
void	setBasicCredentials(UsernamePasswordCredentials credentials) A convenience method to set a (single) username and password used for BASIC authentication.
void	setBasicCredentialsWithScope(UsernamePasswordCredentials credentials, AuthScope scope) A convenience method to set a (single) username and password used for BASIC authentication.
void	setClientTLSCredential(X509Credential credential) Set the optional client TLS credential.
void	setCredentialsProvider(CredentialsProvider provider) Set an instance of CredentialsProvider used for authentication by the HttpClient instance.
void	setHostnameVerifier(X509HostnameVerifier verifier) Set the optional hostname verifier.
void	setServerTLSFailureFatal(Boolean flag) Set the flag indicating whether failure of server TLS trust engine evaluation should be treated as a fatal error.
void	setTLSCipherSuites(Collection<String> cipherSuites) Set the optional list of TLS cipher suites.
void	setTLSProtocols(Collection<String> protocols) Set the optional list of TLS protocols.
void	setTLSTrustEngine(TrustEngine<? super X509Credential> engine) Sets the optional trust engine used in evaluating server TLS credentials.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

credentialsProvider

@Nullable
private CredentialsProvider credentialsProvider

HttpClient credentials provider.

tlsTrustEngine

@Nullable
private TrustEngine<? super X509Credential> tlsTrustEngine

Optional trust engine used in evaluating server TLS credentials.

tlsProtocols

@Nullable
private List<String> tlsProtocols

TLS Protocols.

tlsCipherSuites

@Nullable
private List<String> tlsCipherSuites

TLS cipher suites.

hostnameVerifier

@Nullable
private X509HostnameVerifier hostnameVerifier

The hostname verifier.

clientTLSCredential

@Nullable
private X509Credential clientTLSCredential

The X509 credential used for client TLS.

serverTLSFailureFatal

@Nullable
private Boolean serverTLSFailureFatal

Flag indicating whether failure of server TLS trust engine evaluation should be treated as a fatal error.

Constructor Detail

BasicHttpClientSecurityConfiguration

public BasicHttpClientSecurityConfiguration()

Method Detail

getCredentialsProvider

@Nullable
public CredentialsProvider getCredentialsProvider()

Get an instance of CredentialsProvider used for authentication by the HttpClient instance.

Specified by:

getCredentialsProvider in interface HttpClientSecurityConfiguration

Returns:

the credentials provider, or null

setCredentialsProvider

public void setCredentialsProvider(@Nullable
                          CredentialsProvider provider)

Set an instance of CredentialsProvider used for authentication by the HttpClient instance.

Parameters:

provider - the credentials provider

setBasicCredentials

public void setBasicCredentials(@Nullable
                       UsernamePasswordCredentials credentials)

A convenience method to set a (single) username and password used for BASIC authentication. To disable BASIC authentication pass null for the credentials instance.

An AuthScope will be generated which specifies any host, port, scheme and realm.

To specify multiple usernames and passwords for multiple host, port, scheme, and realm combinations, instead provide an instance of CredentialsProvider via setCredentialsProvider(CredentialsProvider).

Parameters:

credentials - the username and password credentials

setBasicCredentialsWithScope

public void setBasicCredentialsWithScope(@Nullable
                                UsernamePasswordCredentials credentials,
                                @Nullable
                                AuthScope scope)

A convenience method to set a (single) username and password used for BASIC authentication. To disable BASIC authentication pass null for the credentials instance.

If the authScope is null, an AuthScope will be generated which specifies any host, port, scheme and realm.

To specify multiple usernames and passwords for multiple host, port, scheme, and realm combinations, instead provide an instance of CredentialsProvider via setCredentialsProvider(CredentialsProvider).

Parameters:

credentials - the username and password credentials

scope - the HTTP client auth scope with which to scope the credentials, may be null

getTLSTrustEngine

@Nullable
public TrustEngine<? super X509Credential> getTLSTrustEngine()

Sets the optional trust engine used in evaluating server TLS credentials.

Specified by:

getTLSTrustEngine in interface HttpClientSecurityConfiguration

Returns:

the trust engine instance to use, or null

setTLSTrustEngine

public void setTLSTrustEngine(@Nullable
                     TrustEngine<? super X509Credential> engine)

Sets the optional trust engine used in evaluating server TLS credentials.

Parameters:

engine - the trust engine instance to use

getTLSProtocols

@Nullable
public List<String> getTLSProtocols()

Get the optional list of TLS protocols.

Specified by:

getTLSProtocols in interface HttpClientSecurityConfiguration

Returns:

the TLS protocols, or null

setTLSProtocols

public void setTLSProtocols(@Nullable
                   Collection<String> protocols)

Set the optional list of TLS protocols.

Parameters:

protocols - the TLS protocols or null

getTLSCipherSuites

@Nullable
public List<String> getTLSCipherSuites()

Get the optional list of TLS cipher suites.

Specified by:

getTLSCipherSuites in interface HttpClientSecurityConfiguration

Returns:

the list of TLS cipher suites, or null

setTLSCipherSuites

public void setTLSCipherSuites(@Nullable
                      Collection<String> cipherSuites)

Set the optional list of TLS cipher suites.

Parameters:

cipherSuites - the TLS cipher suites, or null

getHostnameVerifier

@Nullable
public X509HostnameVerifier getHostnameVerifier()

Get the optional hostname verifier.

Specified by:

getHostnameVerifier in interface HttpClientSecurityConfiguration

Returns:

the hostname verifier, or null

setHostnameVerifier

public void setHostnameVerifier(@Nullable
                       X509HostnameVerifier verifier)

Set the optional hostname verifier.

Parameters:

verifier - the hostname verifier, or null

getClientTLSCredential

@Nullable
public X509Credential getClientTLSCredential()

Get the optional client TLS credential.

Specified by:

getClientTLSCredential in interface HttpClientSecurityConfiguration

Returns:

the client TLS credential, or null

setClientTLSCredential

public void setClientTLSCredential(@Nullable
                          X509Credential credential)

Set the optional client TLS credential.

Parameters:

credential - the client TLS credential, or null

isServerTLSFailureFatal

@Nullable
public Boolean isServerTLSFailureFatal()

Get the flag indicating whether failure of server TLS trust engine evaluation should be treated as a fatal error.

Note: a Boolean is used here rather than boolean to explicitly allow a non-configured value, allowing consuming components to implement their own internal defaults.

Specified by:

isServerTLSFailureFatal in interface HttpClientSecurityConfiguration

Returns:

true if fatal, false if non-fatal, null if not explicitly configured

setServerTLSFailureFatal

public void setServerTLSFailureFatal(@Nullable
                            Boolean flag)

Set the flag indicating whether failure of server TLS trust engine evaluation should be treated as a fatal error.

Note: a Boolean is used here rather than boolean to explicitly allow a non-configured value, allowing consuming components to implement their own internal defaults.

Parameters:

flag - true if fatal, false if non-fatal, null if not explicitly configured