public final class DskppTlsConfiguration extends Object
Modifier and Type | Field and Description |
---|---|
static int |
DEFAULT_TIMEOUT
Default timeout for a connection is 30 seconds.
|
Constructor and Description |
---|
DskppTlsConfiguration()
Constructor for DskppTlsConfiguration
|
DskppTlsConfiguration(int timeout)
Constructs a
DskppTlsConfiguration object whose timeout is
configured in this constructor and no TlsConfiguration.Permit
values specified. |
DskppTlsConfiguration(int timeout,
X509Certificate[] certificates,
TlsConfiguration.Permit... permits)
Constructs a
DskppTlsConfiguration object whose settings are
configured in this constructor. |
DskppTlsConfiguration(TlsConfiguration.Permit... permits)
Constructs a
DskppTlsConfiguration object whose settings are
configured in this constructor. |
DskppTlsConfiguration(X509Certificate[] certificates,
TlsConfiguration.Permit... permits)
Constructs a
DskppTlsConfiguration object whose settings are
configured in this constructor. |
Modifier and Type | Method and Description |
---|---|
X509Certificate[] |
getCertificates()
Get the Pins set.
|
TlsConfiguration.Permit[] |
getPermits()
Get the Permits for this connection.
|
int |
getTimeout()
Get the timeout of the connection.
|
boolean |
isHostnameMismatchPermitted()
Is a server certificates whose common name (CN) that does not match the
domain name of the URL being connected to permitted?
|
boolean |
isInsecureConnectionsPermitted()
Is an insecure connection permitted?
|
boolean |
isSelfSignedServerCertificatesPermitted()
Is a self signed certificate permitted?
|
public static final int DEFAULT_TIMEOUT
public DskppTlsConfiguration()
public DskppTlsConfiguration(TlsConfiguration.Permit... permits)
DskppTlsConfiguration
object whose settings are
configured in this constructor.
Warning! It is not recommended to override these settings in a
production environment. Allowing any of these configurations will
reduce the security of the communication link with the server.permits
- Allow Self Signed certificates and Hostname mismatch.Not a recommended approachpublic DskppTlsConfiguration(X509Certificate[] certificates, TlsConfiguration.Permit... permits)
DskppTlsConfiguration
object whose settings are
configured in this constructor.
Array of certificate(s) is/are required to be passed for validating the certificate
path with respect to Server presented certificate. From these certificates, pinning
is matched with SPKI(Subject Public Key Info) of server presented certificates
during a TLS session. It is required that at least SPKI info matches for at least 1
certificate.
Warning! It is not recommended to override these settings in a
production environment. Allowing any of these configurations will
reduce the security of the communication link with the server.certificates
- Array of X.509 Certificates generated from Base64 encoded DER format.
CertificateFactory.getInstance("X.509").generateCertificate(InputStream)
can be used to generate X.509 Certificate
Certificate list should be set, if Permit.SELF_SIGNED_CERTIFICATES is passed.permits
- Allow Self Signed certificates and Hostname Mismatch. Insecure connection cannot be set in release mode.
This is optional field from 4.2.1, to allow certificate pinning check for trusted certificates.public DskppTlsConfiguration(int timeout, X509Certificate[] certificates, TlsConfiguration.Permit... permits)
DskppTlsConfiguration
object whose settings are
configured in this constructor.
Array of certificate(s) is/are required to be passed for validating the chain of
trust and at least 1 public key pin matches with the server presented certificate
during a TLS session.
Warning! It is not recommended to override these settings in a
production environment. Allowing any of these configurations will
reduce the security of the communication link with the server.timeout
- The timeout of the connection in milliseconds.certificates
- Array of X.509 Certificates generated from Base64 encoded DER format.
CertificateFactory.getInstance("X.509").generateCertificate(InputStream)
can be used to generate X.509 Certificate
Certifcate list should be set, if Permit.SELF_SIGNED_CERTIFICATES is passed.permits
- Allow Self Signed certificates and Host name mismatch. Insecure connection cannot be set in release modepublic DskppTlsConfiguration(int timeout)
DskppTlsConfiguration
object whose timeout is
configured in this constructor and no TlsConfiguration.Permit
values specified.timeout
- The timeout of the connection in milliseconds.public int getTimeout()
public TlsConfiguration.Permit[] getPermits()
public X509Certificate[] getCertificates()
public boolean isInsecureConnectionsPermitted()
public boolean isSelfSignedServerCertificatesPermitted()
public boolean isHostnameMismatchPermitted()
TlsConfiguration.Permit.HOSTNAME_MISMATCH
or TlsConfiguration.Permit.SELF_SIGNED_CERTIFICATES
is permitted.