com.gemalto.idp.mobile.core.net

Class DskppTlsConfiguration

java.lang.Object

com.gemalto.idp.mobile.core.net.DskppTlsConfiguration

public final class DskppTlsConfiguration
extends Object

The class DSKPP Tls Configuration

Since:

4.1

Field Summary

Fields

Modifier and Type	Field and Description
static int	DEFAULT_TIMEOUT Default timeout for a connection is 30 seconds.

Constructor Summary

Constructors

Constructor and Description
DskppTlsConfiguration() Constructor for DskppTlsConfiguration
DskppTlsConfiguration(int timeout) Constructs a DskppTlsConfiguration object whose timeout is configured in this constructor and no TlsConfiguration.Permit values specified.
DskppTlsConfiguration(int timeout, X509Certificate[] certificates, TlsConfiguration.Permit... permits) Constructs a DskppTlsConfiguration object whose settings are configured in this constructor.
DskppTlsConfiguration(TlsConfiguration.Permit... permits) Constructs a DskppTlsConfiguration object whose settings are configured in this constructor.
DskppTlsConfiguration(X509Certificate[] certificates, TlsConfiguration.Permit... permits) Constructs a DskppTlsConfiguration object whose settings are configured in this constructor.

Method Summary

Modifier and Type	Method and Description
X509Certificate[]	getCertificates() Get the Pins set.
TlsConfiguration.Permit[]	getPermits() Get the Permits for this connection.
int	getTimeout() Get the timeout of the connection.
boolean	isHostnameMismatchPermitted() Is a server certificates whose common name (CN) that does not match the domain name of the URL being connected to permitted?
boolean	isInsecureConnectionsPermitted() Is an insecure connection permitted?
boolean	isSelfSignedServerCertificatesPermitted() Is a self signed certificate permitted?

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_TIMEOUT

public static final int DEFAULT_TIMEOUT

Default timeout for a connection is 30 seconds.

See Also:

Constant Field Values

Constructor Detail

DskppTlsConfiguration

public DskppTlsConfiguration()

Constructor for DskppTlsConfiguration

Since:

4.1

DskppTlsConfiguration

public DskppTlsConfiguration(TlsConfiguration.Permit... permits)

Constructs a DskppTlsConfiguration object whose settings are configured in this constructor. Warning! It is not recommended to override these settings in a production environment. Allowing any of these configurations will reduce the security of the communication link with the server.

Parameters:

permits - Allow Self Signed certificates and Hostname mismatch.Not a recommended approach

Since:

4.1

DskppTlsConfiguration

public DskppTlsConfiguration(X509Certificate[] certificates,
                             TlsConfiguration.Permit... permits)

Constructs a DskppTlsConfiguration object whose settings are configured in this constructor. Array of certificate(s) is/are required to be passed for validating the certificate path with respect to Server presented certificate. From these certificates, pinning is matched with SPKI(Subject Public Key Info) of server presented certificates during a TLS session. It is required that at least SPKI info matches for at least 1 certificate. Warning! It is not recommended to override these settings in a production environment. Allowing any of these configurations will reduce the security of the communication link with the server.

Parameters:

certificates - Array of X.509 Certificates generated from Base64 encoded DER format. CertificateFactory.getInstance("X.509").generateCertificate(InputStream) can be used to generate X.509 Certificate Certificate list should be set, if Permit.SELF_SIGNED_CERTIFICATES is passed.

permits - Allow Self Signed certificates and Hostname Mismatch. Insecure connection cannot be set in release mode. This is optional field from 4.2.1, to allow certificate pinning check for trusted certificates.

Since:

4.1

DskppTlsConfiguration

public DskppTlsConfiguration(int timeout,
                             X509Certificate[] certificates,
                             TlsConfiguration.Permit... permits)

Constructs a DskppTlsConfiguration object whose settings are configured in this constructor. Array of certificate(s) is/are required to be passed for validating the chain of trust and at least 1 public key pin matches with the server presented certificate during a TLS session. Warning! It is not recommended to override these settings in a production environment. Allowing any of these configurations will reduce the security of the communication link with the server.

Parameters:

timeout - The timeout of the connection in milliseconds.

certificates - Array of X.509 Certificates generated from Base64 encoded DER format. CertificateFactory.getInstance("X.509").generateCertificate(InputStream) can be used to generate X.509 Certificate Certifcate list should be set, if Permit.SELF_SIGNED_CERTIFICATES is passed.

permits - Allow Self Signed certificates and Host name mismatch. Insecure connection cannot be set in release mode

Since:

4.1

DskppTlsConfiguration

public DskppTlsConfiguration(int timeout)

Constructs a DskppTlsConfiguration object whose timeout is configured in this constructor and no TlsConfiguration.Permit values specified.

Parameters:

timeout - The timeout of the connection in milliseconds.

Since:

4.1

Method Detail

getTimeout

public int getTimeout()

Get the timeout of the connection.

Returns:

Returns the timeout in milliseconds.

Since:

4.1

getPermits

public TlsConfiguration.Permit[] getPermits()

Get the Permits for this connection.

Returns:

Returns the Permits.

Since:

4.1

getCertificates

public X509Certificate[] getCertificates()

Get the Pins set.

Returns:

Returns the public key Pins set.

Since:

4.1

isInsecureConnectionsPermitted

public boolean isInsecureConnectionsPermitted()

Is an insecure connection permitted?

Returns:

If true, then either an unencrypted (http) or an encrypted (https) connection is permitted. If false, then only an encrypted connection is permitted.

Since:

4.1

isSelfSignedServerCertificatesPermitted

public boolean isSelfSignedServerCertificatesPermitted()

Is a self signed certificate permitted?

Returns:

If true, then a connection will accept a self signed server certificate. If false, then a connection whose server certificate is not signed by a certificate authority on the device is rejected.

Since:

4.1

isHostnameMismatchPermitted

public boolean isHostnameMismatchPermitted()

Is a server certificates whose common name (CN) that does not match the domain name of the URL being connected to permitted?

Returns:

If true, then a connection will accept a server certificate whose common name (CN) does not match the URL's domain. If false, then a connection whose server certificate's CN does not match the URL's domain is rejected. This setting returns true if either TlsConfiguration.Permit.HOSTNAME_MISMATCH or TlsConfiguration.Permit.SELF_SIGNED_CERTIFICATES is permitted.

Since:

4.1