com.solace.messaging.config

Interface SolaceProperties.TransportLayerSecurityProperties

Enclosing interface:

SolaceProperties

@ProviderType
public static interface SolaceProperties.TransportLayerSecurityProperties

An interface that defines the configurable transport layer security properties for MessagingService instances. The properties are for use with MessagingServiceClientBuilder.fromProperties(Properties).

Example usage:

     final Properties transportSecProperties = new Properties();
     transportSecProperties.setProperty(TransportLayerSecurityProperties.CERT_VALIDATE_SERVERNAME, "true");
     transportSecProperties.setProperty(TransportLayerSecurityProperties.CERT_VALIDATED, "true");
     transportSecProperties.setProperty(TransportLayerSecurityProperties.CERT_REJECT_EXPIRED, "true");

     final MessagingServiceClientBuilder serviceBuilder = new MessagingServiceClientBuilder(ConfigurationProfile.V1);
     final MessagingService service = serviceBuilder.fromProperties(transportSecProperties).build();
 

Carefully review of settings is advised for the potential security risks.

Warning: Setting this value to false exposes a client and the data being sent to a high-security risks.

Since:

1.0

See Also:

MessagingServiceClientBuilder.fromProperties(Properties)

Field Summary

Fields

Modifier and Type	Field and Description
static String	CERT_REJECT_EXPIRED A property key to specify if the server certificate's expiration date should be validated.
static String	CERT_VALIDATE_SERVERNAME A property key to specify if the connection to a messaging broker should fail when a certificate with an invalid host is received.
static String	CERT_VALIDATED A property key to specify if the server certificate's should be validated.
static String	CIPHER_SUITES A property key to specify a comma-separated list of cipher suites in order of preference used for SSL connections.
static String	EXCLUDED_PROTOCOLS A property key to specify a comma-delimited list of Secure Socket Layer (SSL) protocols not to use.
static String	PROTOCOL_DOWNGRADE_TO A property key to specify transport protocol that the (Secure Socket Layer SSL) session connection will be downgraded to after client authentication.
static String	TRUST_STORE_PASSWORD A property key to specify the truststore password.
static String	TRUST_STORE_PATH A property key to specify location of a truststore file.
static String	TRUST_STORE_TYPE A property key to specify type of truststore file.
static String	TRUSTED_COMMON_NAME_LIST This property is used to specify a comma separated list of acceptable common names for matching with server certificates.

Field Detail

CERT_REJECT_EXPIRED

@PropertiesKeyMapping(mappedClass=com.solacesystems.jcsmp.JCSMPProperties.class,
                      mappedFieldName="SSL_VALIDATE_CERTIFICATE_DATE",
                      valueType=boolean.class)
static final String CERT_REJECT_EXPIRED

A property key to specify if the server certificate's expiration date should be validated.

Warning: Setting this value to false exposes a client and the data being sent to a high-security risks.

Since:

1.0

See Also:

Constant Field Values

CERT_VALIDATE_SERVERNAME

@PropertiesKeyMapping(mappedClass=com.solacesystems.jcsmp.JCSMPProperties.class,
                      mappedFieldName="SSL_VALIDATE_CERTIFICATE_HOST",
                      valueType=boolean.class)
static final String CERT_VALIDATE_SERVERNAME

A property key to specify if the connection to a messaging broker should fail when a certificate with an invalid host is received. When enabled (by default), and connecting to a named host, the certificate Subject Alternative Name must contain a DNS entry that matches the host string. When enabled, and connecting to a host by IP address, the certificate Subject Alternative Name must contain an IP Address that matches. If there is no Subject Alternate Name the certificate common name (CN) must match the named host.

This property has effect only when SolaceProperties.TransportLayerSecurityProperties.CERT_VALIDATED property is enabled/set to true

Disabling of this property IS NOT RECOMMENDED

Since:

1.1

See Also:

Constant Field Values

CERT_VALIDATED

@PropertiesKeyMapping(mappedClass=com.solacesystems.jcsmp.JCSMPProperties.class,
                      mappedFieldName="SSL_VALIDATE_CERTIFICATE",
                      valueType=boolean.class)
static final String CERT_VALIDATED

A property key to specify if the server certificate's should be validated.

Warning: Setting this value to false exposes a client and the data being sent to a high-security risks.

Since:

1.0

See Also:

Constant Field Values

CIPHER_SUITES

@PropertiesKeyMapping(mappedClass=com.solacesystems.jcsmp.JCSMPProperties.class,
                      mappedFieldName="SSL_CIPHER_SUITES",
                      valueType=java.lang.String.class)
static final String CIPHER_SUITES

A property key to specify a comma-separated list of cipher suites in order of preference used for SSL connections. See TransportSecurityStrategy.TLS.withCipherSuites(String) for more details.

Since:

1.0

See Also:

Constant Field Values

EXCLUDED_PROTOCOLS

@PropertiesKeyMapping(mappedClass=com.solacesystems.jcsmp.JCSMPProperties.class,
                      mappedFieldName="SSL_EXCLUDED_PROTOCOLS",
                      valueType=java.lang.String.class)
static final String EXCLUDED_PROTOCOLS

A property key to specify a comma-delimited list of Secure Socket Layer (SSL) protocols not to use. Allowed values for this property are SSLv3, TLSv1, TLSv1.1, TLSv1.2, or some combination thereof.

Since:

1.0

See Also:

Constant Field Values

PROTOCOL_DOWNGRADE_TO

@PropertiesKeyMapping(mappedClass=com.solacesystems.jcsmp.JCSMPProperties.class,
                      mappedFieldName="SSL_CONNECTION_DOWNGRADE_TO",
                      valueType=java.lang.String.class)
static final String PROTOCOL_DOWNGRADE_TO

A property key to specify transport protocol that the (Secure Socket Layer SSL) session connection will be downgraded to after client authentication. The supported value SolaceConstants.TransportLayerSecurityConstants.TRANSPORT_SECURITY_DOWNGRADED_TO_PLAIN_TEXT can be used.

Since:

1.0

See Also:

Constant Field Values

TRUST_STORE_PASSWORD

@PropertiesKeyMapping(mappedClass=com.solacesystems.jcsmp.JCSMPProperties.class,
                      mappedFieldName="SSL_TRUST_STORE_PASSWORD",
                      valueType=java.lang.String.class)
static final String TRUST_STORE_PASSWORD

A property key to specify the truststore password.

Since:

1.0

See Also:

Constant Field Values

TRUST_STORE_PATH

@PropertiesKeyMapping(mappedClass=com.solacesystems.jcsmp.JCSMPProperties.class,
                      mappedFieldName="SSL_TRUST_STORE",
                      valueType=java.lang.String.class)
static final String TRUST_STORE_PATH

A property key to specify location of a truststore file.

Since:

1.0

See Also:

Constant Field Values

TRUST_STORE_TYPE

@PropertiesKeyMapping(mappedClass=com.solacesystems.jcsmp.JCSMPProperties.class,
                      mappedFieldName="SSL_TRUST_STORE_FORMAT",
                      valueType=java.lang.String.class)
static final String TRUST_STORE_TYPE

A property key to specify type of truststore file. The supported value is jks.

Since:

1.0

See Also:

Constant Field Values

TRUSTED_COMMON_NAME_LIST

@PropertiesKeyMapping(mappedClass=com.solacesystems.jcsmp.JCSMPProperties.class,
                      mappedFieldName="SSL_TRUSTED_COMMON_NAME_LIST",
                      valueType=java.lang.String.class)
static final String TRUSTED_COMMON_NAME_LIST

This property is used to specify a comma separated list of acceptable common names for matching with server certificates. The API performs a case insensitive comparison of the common names provided in this property with the common name in the server certificate. Note that leading and trailing whitespaces are considered to be part of the common names and are not ignored. An empty string means accept all common names. No common name validation will be performed (overriding this property) if CERT_VALIDATED is set to false.

Since:

1.0

See Also:

Constant Field Values