public final class SecurityEnhancedHttpClientSupport extends Object
HttpClient
.Modifier | Constructor and Description |
---|---|
private |
SecurityEnhancedHttpClientSupport()
Constructor.
|
Modifier and Type | Method and Description |
---|---|
static LayeredConnectionSocketFactory |
buildTLSSocketFactory()
Build an instance of TLS-capable
LayeredConnectionSocketFactory
wrapped by SecurityEnhancedTLSSocketFactory , configured for
server TLS based on a TrustEngine . |
static LayeredConnectionSocketFactory |
buildTLSSocketFactory(boolean supportTrustEngine,
boolean supportClientTLS)
Build an instance of TLS-capable
LayeredConnectionSocketFactory . |
static LayeredConnectionSocketFactory |
buildTLSSocketFactoryWithClientTLS()
Build an instance of TLS-capable
LayeredConnectionSocketFactory
wrapped by SecurityEnhancedTLSSocketFactory , configured for
server TLS based on a TrustEngine and additionally configured for
client TLS support via context client TLS credential. |
private SecurityEnhancedHttpClientSupport()
@Nonnull public static LayeredConnectionSocketFactory buildTLSSocketFactory()
LayeredConnectionSocketFactory
wrapped by SecurityEnhancedTLSSocketFactory
, configured for
server TLS based on a TrustEngine
.
Equivalent to #buildTLSSocketFactory(true, false)
.
@Nonnull public static LayeredConnectionSocketFactory buildTLSSocketFactoryWithClientTLS()
LayeredConnectionSocketFactory
wrapped by SecurityEnhancedTLSSocketFactory
, configured for
server TLS based on a TrustEngine
and additionally configured for
client TLS support via context client TLS credential.
Equivalent to #buildTLSSocketFactory(true, true)
.
@Nonnull public static LayeredConnectionSocketFactory buildTLSSocketFactory(boolean supportTrustEngine, boolean supportClientTLS)
LayeredConnectionSocketFactory
.
If either supportTrustEngine
or supportClientTLS
are true,
the returned factory will be a instance of SecurityEnhancedTLSSocketFactory
wrapping an instance of LayeredConnectionSocketFactory
.
If supportTrustEngine
is true, then the wrapped factory will be configured
with a "no trust" X509TrustManager
, to allow the actual server TLS trust evaluation
to be performed by a TrustEngine
, as documented in SecurityEnhancedTLSSocketFactory
.
If supportClientTLS
is true, then the wrapped factory will be configured
with a X509KeyManager
that supports per-request specification of a client TLS
credential, as documented in SecurityEnhancedTLSSocketFactory
.
supportTrustEngine
- whether to support server TLS via a context trust enginesupportClientTLS
- whether to support client TLS via a context client credentialCopyright © 1999–2018 Shibboleth Consortium. All rights reserved.