|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object iaik.security.ssl.Extension iaik.security.ssl.ClientCertificateURL
public class ClientCertificateURL
This class implements the client_certificate_url TLS extension.
In constrained environments a client may want to not store his
certificates. In this case he may send an empty
client_certificate_url extension to the server to indicate
that he will send a CertificateURL
handshake message
(instead of a Certificate message) containing a list of urls from where the
server may download the client certificate(s). If the server
agrees to use client certificate urls he responds with an -- also empty --
client_certificate_url extension in his extended ServerHello
message.
Since the "extension_data" field of the client_certificate_url
extension is always empty, you only must put an (empty)
ClientCertificateURL
object into your client/server
ExtensionList
to tell your iSaSiLk
SSLClientContext
/SSLServerContext
that client certificates maybe used (e.g, on the client side):
// create ClientCertificateURL ClientCertificateURL clientCertificateURL = new ClientCertificateURL(); // add to ExtensionList ExtensionList extensions = new ExtensionList(); ... extensions.addExtension(clientCertificateURL); ... // set extensions for the SSLClientContext configuration: SSLClientContext clientContext = new SSLClientContext(); // extensions are only defined for TLS clientContext.setAllowedProtocolVersions(SSLContext.VERSION_TLS10, SSLContext.VERSION_TLS12); ... clientContext.setExtensions(extensions); ...If you set the
critical
flag of a client-side ClientCertificateURL
to true
(client-side default), the handshake will be aborted if the server does
not respond with a client_certificate_url extension.
On the server side the proceeding is quite the same:
// create ClientCertificateURL ClientCertificateURL clientCertificateURL = new ClientCertificateURL(); // add to ExtensionList ExtensionList extensions = new ExtensionList(); ... extensions.addExtension(clientCertificateURL); ... // set extensions for the SSLServerContext configuration: SSLServerContext serverContext = new SSLServerContext(); ... serverContext.setExtensions(extensions); ...If you set the
critical
flag of a server-side client_certificate_url extension to true
, the
handshake will be aborted if the client does not send a client_certificate_url
extension within the extended ClientHello message.
For using client certificate urls no additional configuration is required
on the server side. However, on the client side you must configure your
SSLClientContext
with client credentials of type KeyAndCertURL
to tell iSaSiLk which url(s) shall be
sent to the server (see (see javadoc
of class
KeyAndCertUrl
for a detailed desciption and an usage example).
From the configured KeyAndCertUrl
credentials iSaSiLk then
will take the url(s) to be sent to the server within a CertificateURL
handshake message (instead of sending a Certificate message).
If you have configured your iSaSiLk client to use client certificate urls
(and the server has agreed to use it), but you did not have set client
KeyAndCertURL credentials (but only common KeyAndCert credentials) the
the client will send a full Certificate message (instead
of a CertificateURL message) of you have configured your
ClientCertificateURL
extension as being NOT critical.
Extension
,
ExtensionList
,
KeyAndCertURL
,
URLAndOptionalHash
Field Summary | |
---|---|
static ExtensionType |
TYPE
The type (2) of the client_certificate_url extension. |
Constructor Summary | |
---|---|
ClientCertificateURL()
Creates a new ClientCertificateURL extension object. |
Method Summary | |
---|---|
java.lang.Object |
clone()
Returns a clone of this ClientCertificateURL extension object. |
java.lang.String |
toString()
Gets a String representation of this ClientCertificateURL. |
Methods inherited from class iaik.security.ssl.Extension |
---|
getAllowedProtocolVersions, getExtensionType, getName, getType, setCritical |
Methods inherited from class java.lang.Object |
---|
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Field Detail |
---|
public static final ExtensionType TYPE
Constructor Detail |
---|
public ClientCertificateURL()
client_certificate_url
extension support for
the SSLClientContext
/SSLServerContext
configuration:
Client-side:
// create ClientCertificateURL ClientCertificateURL clientCertificateURL = new ClientCertificateURL(); // add to ExtensionList ExtensionList extensions = new ExtensionList(); ... extensions.addExtension(clientCertificateURL); ... // set extensions for the SSLClientContext configuration: SSLClientContext clientContext = new SSLClientContext(); ... clientContext.setExtensions(extensions); ...If you set the
critical
flag of a client-side extension to true
(client-side default),
the handshake will be aborted if the server does not respond with a
client_certificate_url extension.
Server-side:
// create ClientCertificateURL ClientCertificateURL clientCertificateURL = new ClientCertificateURL(); // add to ExtensionList ExtensionList extensions = new ExtensionList(); ... extensions.addExtension(clientCertificateURL); ... // set extensions for the SSLServerContext configuration: SSLServerContext serverContext = new SSLServerContext(); ... serverContext.setExtensions(extensions); ...If you set the
critical
flag of this extension to true
, the handshake will be aborted
if the client does not send a client_certificate_url extension within the
extended ClientHello message.
If the client has sent a client_certificate_url extension, the server will respond with a client_certificate_url extension if he is willing to process (is configured to) use client certificate urls.
Method Detail |
---|
public java.lang.Object clone()
clone
in class Extension
public java.lang.String toString()
toString
in class Extension
|
This Javadoc may contain text parts from text parts from IETF Internet Standard specifications (see copyright note). | ||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |