public final class TlsConfiguration extends Object
Modifier and Type | Class and Description |
---|---|
static class |
TlsConfiguration.Permit
Attributes of a TLS connection that can be overridden to permit the
specified behavior.
|
Modifier and Type | Field and Description |
---|---|
static int |
DEFAULT_TIMEOUT
Default timeout for a connection is 30 seconds.
|
Constructor and Description |
---|
TlsConfiguration()
Constructs a
TlsConfiguration object whose timeout is set
to the value of DEFAULT_TIMEOUT and no TlsConfiguration.Permit values specified. |
TlsConfiguration(int timeout)
Constructs a
TlsConfiguration object whose timeout is
configured in this constructor and no TlsConfiguration.Permit
values specified. |
TlsConfiguration(int timeout,
TlsConfiguration.Permit... permits)
Constructs a
TlsConfiguration object whose settings are
configured in this constructor. |
TlsConfiguration(int timeout,
X509Certificate[] certificates,
TlsConfiguration.Permit... permits)
Constructs a
TlsConfiguration object whose settings are
configured in this constructor. |
TlsConfiguration(TlsConfiguration.Permit... permits)
Constructs a
TlsConfiguration object whose settings are
configured in this constructor. |
TlsConfiguration(X509Certificate[] certificates,
TlsConfiguration.Permit... permits)
Constructs a
TlsConfiguration object whose settings are
configured in this constructor. |
Modifier and Type | Method and Description |
---|---|
X509Certificate[] |
getCertificates()
Get the Pins set.
|
TlsConfiguration.Permit[] |
getPermits()
Get the Permits for this connection.
|
int |
getTimeout()
Get the timeout of the connection.
|
boolean |
isHostnameMismatchPermitted()
Is a server certificates whose common name (CN) that does not match the
domain name of the URL being connected to permitted?
|
boolean |
isInsecureConnectionsPermitted()
Is an insecure connection permitted?
|
boolean |
isSelfSignedServerCertificatesPermitted()
Is a self signed certificate permitted?
|
public static final int DEFAULT_TIMEOUT
public TlsConfiguration()
TlsConfiguration
object whose timeout is set
to the value of DEFAULT_TIMEOUT
and no TlsConfiguration.Permit
values specified.
This is the most secure configuration for the communication link.public TlsConfiguration(TlsConfiguration.Permit... permits)
TlsConfiguration
object whose settings are
configured in this constructor.
Warning! It is not recommended to override these settings in a
production environment. Allowing any of these configurations will
reduce the security of the communication link with the server.permits
- The caller may request certain attributes of a TLS
connection to be permitted.public TlsConfiguration(int timeout)
TlsConfiguration
object whose timeout is
configured in this constructor and no TlsConfiguration.Permit
values specified.timeout
- The timeout of the connection in milliseconds.public TlsConfiguration(int timeout, TlsConfiguration.Permit... permits)
TlsConfiguration
object whose settings are
configured in this constructor.
Warning! It is not recommended to override these settings in a
production environment. Allowing any of these configurations will
reduce the security of the communication link with the server.
Warning! The insecure permits could only be used in debug mode
for test purpose. They were not allowed to be used in release mode.timeout
- The timeout of the connection in milliseconds.permits
- The caller may request certain attributes of a TLS
connection to be permitted.public TlsConfiguration(X509Certificate[] certificates, TlsConfiguration.Permit... permits)
TlsConfiguration
object whose settings are
configured in this constructor.
Array of certificate(s) is/are required to be passed for validating the certificate
path with respect to Server presented certificate. From these certificates, pinning
is matched with SPKI(Subject Public Key Info) of server presented certificates
during a TLS session. It is required that at least SPKI info matches for at least 1
certificate.
Warning! It is not recommended to override these settings in a
production environment. Allowing any of these configurations will
reduce the security of the communication link with the server.certificates
- Array of X.509 Certificates generated from Base64 encoded DER format.
CertificateFactory.getInstance("X.509").generateCertificate(InputStream)
can be used to generate X.509 Certificate
Certificate list should be set, if Permit.SELF_SIGNED_CERTIFICATES is passed.permits
- Allow Self Signed certificates and Hostname Mismatch. Insecure connection cannot be set in release mode.
This is optional field from 4.2.1, to allow certificate pinning check for trusted certificates.public TlsConfiguration(int timeout, X509Certificate[] certificates, TlsConfiguration.Permit... permits)
TlsConfiguration
object whose settings are
configured in this constructor.
Array of certificate(s) is/are required to be passed for validating the chain of
trust and at least 1 public key pin matches with the server presented certificate
during a TLS session.
Warning! It is not recommended to override these settings in a
production environment. Allowing any of these configurations will
reduce the security of the communication link with the server.timeout
- The timeout of the connection in milliseconds.certificates
- Array of X.509 Certificates generated from Base64 encoded DER format.
CertificateFactory.getInstance("X.509").generateCertificate(InputStream)
can be used to generate X.509 Certificate
Certifcate list should be set, if Permit.SELF_SIGNED_CERTIFICATES is passed.permits
- Allow Self Signed certificates and Host name mismatch. Insecure connection cannot be set in release modepublic boolean isInsecureConnectionsPermitted()
public boolean isSelfSignedServerCertificatesPermitted()
public boolean isHostnameMismatchPermitted()
TlsConfiguration.Permit.HOSTNAME_MISMATCH
or TlsConfiguration.Permit.SELF_SIGNED_CERTIFICATES
is permitted.public int getTimeout()
public TlsConfiguration.Permit[] getPermits()
public X509Certificate[] getCertificates()