Spring Security SAML

org.springframework.security.saml.trust.httpclient
Class TLSProtocolSocketFactory

java.lang.Object
  extended by org.springframework.security.saml.trust.httpclient.TLSProtocolSocketFactory
All Implemented Interfaces:
org.apache.commons.httpclient.protocol.ProtocolSocketFactory, org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory

public class TLSProtocolSocketFactory
extends Object
implements org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory

Socket factory can be used with HTTP Client for creation of SSL/TLS sockets. Implementation uses internal KeyManager for loading of all public keys. Trust is verified using PKIX algorithm based on trust anchors defined as trusted with property trustedKeys (all all keys on KeyManager when trustKeys are null). Implementation uses hostname verification algorithm.


Constructor Summary
TLSProtocolSocketFactory(KeyManager keyManager, Set<String> trustedKeys, String sslHostnameVerification)
          Default constructor, which initializes socket factory to trust all keys with alias from the trusted keys as found in the keyManager.
 
Method Summary
 Socket createSocket(Socket socket, String host, int port, boolean autoClose)
           
 Socket createSocket(String host, int port)
           
 Socket createSocket(String host, int port, InetAddress localHost, int clientPort)
           
 Socket createSocket(String host, int port, InetAddress localHost, int localPort, org.apache.commons.httpclient.params.HttpConnectionParams connParams)
           
protected  org.opensaml.xml.security.x509.PKIXValidationInformationResolver getPKIXResolver()
          Method is expected to construct information resolver with all trusted data available for the given provider.
protected  org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory initializeDelegate()
          Initializes internal SocketFactory used to create all sockets.
protected  boolean isHostnameVerificationSupported()
          Check for the latest OpenSAML library.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

TLSProtocolSocketFactory

public TLSProtocolSocketFactory(KeyManager keyManager,
                                Set<String> trustedKeys,
                                String sslHostnameVerification)
Default constructor, which initializes socket factory to trust all keys with alias from the trusted keys as found in the keyManager.

Parameters:
keyManager - key manager includes all cryptography material for the SAML instance
trustedKeys - when not set all certificates included in the keystore will be used as trusted certificate authorities. When specified, only keys with the defined aliases will be used for trust evaluation.
sslHostnameVerification - type of hostname verification
Method Detail

createSocket

public Socket createSocket(String host,
                           int port)
                    throws IOException
Specified by:
createSocket in interface org.apache.commons.httpclient.protocol.ProtocolSocketFactory
Throws:
IOException

createSocket

public Socket createSocket(String host,
                           int port,
                           InetAddress localHost,
                           int clientPort)
                    throws IOException
Specified by:
createSocket in interface org.apache.commons.httpclient.protocol.ProtocolSocketFactory
Throws:
IOException

createSocket

public Socket createSocket(Socket socket,
                           String host,
                           int port,
                           boolean autoClose)
                    throws IOException
Specified by:
createSocket in interface org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory
Throws:
IOException

createSocket

public Socket createSocket(String host,
                           int port,
                           InetAddress localHost,
                           int localPort,
                           org.apache.commons.httpclient.params.HttpConnectionParams connParams)
                    throws IOException
Specified by:
createSocket in interface org.apache.commons.httpclient.protocol.ProtocolSocketFactory
Throws:
IOException

initializeDelegate

protected org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory initializeDelegate()
Initializes internal SocketFactory used to create all sockets. By default uses PKIX algorithm with configured trusted keys as trust anchors.

Returns:
socket factory

getPKIXResolver

protected org.opensaml.xml.security.x509.PKIXValidationInformationResolver getPKIXResolver()
Method is expected to construct information resolver with all trusted data available for the given provider.

Returns:
information resolver

isHostnameVerificationSupported

protected boolean isHostnameVerificationSupported()
Check for the latest OpenSAML library. Support for HostnameVerification was added in openws-1.5.1 and customers might use previous versions of OpenSAML.

Returns:
true when OpenSAML library support hostname verification

Spring Security SAML