Package com.bloomberglp.blpapi

Class TlsOptions

java.lang.Object
com.bloomberglp.blpapi.TlsOptions
public abstract class TlsOptions extends Object
TlsOptions instances are sources of client credentials and trust material used by a session to establish secure mutually authenticated connections to endpoints.

The client credentials comprise an encrypted private key with a client certificate. The trust material comprises one or more certificates.

The favoured way to create TlsOptions objects is using the methods TlsOptions#createFromBlobs and TlsOptions#createFromFiles; both accept the DER encoded client credentials in PKCS#12 format and the DER encoded trusted material in PKCS#7 format. While these methods are expected to cover the vast majority of use cases, the TlsOptions#create method is provided for maximum flexibility. TlsOptions#create allows direct specification of a SSLContext that will be used in establishing secure connections.

  • Constructor Details

    • TlsOptions

      public TlsOptions()

  • Method Details

    • createFromFiles

      public static TlsOptions createFromFiles(String clientCredentialsFileName, char[] clientCredentialsPassword, String trustedCertificatesFileName) throws TlsOptions.TlsInitializationException
      Creates TlsOptions using client credentials and trust material from the specified files.
      Parameters:
      clientCredentialsFileName - DER encoded PKCS#12 file with client credentials
      clientCredentialsPassword - password for client credentials file
      trustedCertificatesFileName - DER encoded PKCS#7 file with trusted certificates
      Returns:
      a new TlsOptions object
      Throws:
      NullPointerException - if any argument is null
      IllegalArgumentException - if either file exceeds 100 MB in size
      TlsOptions.TlsInitializationException - if there was a problem retrieving the client credentials or trust material

    • createFromBlobs

      public static TlsOptions createFromBlobs(byte[] clientCredentialsRawData, char[] clientCredentialsPassword, byte[] trustedCertificatesRawData) throws TlsOptions.TlsInitializationException
      Creates TlsOptions using client credentials and trust material from the specified byte arrays.
      Parameters:
      clientCredentialsRawData - byte array containing DER encoded PKCS#12 store with client credentials
      clientCredentialsPassword - password for the client credentials
      trustedCertificatesRawData - byte array containing DER encoded PKCS#7 store with trusted certificates
      Returns:
      a new TlsOptions object
      Throws:
      NullPointerException - if any argument is null
      TlsOptions.TlsInitializationException - if there was a problem retrieving the client credentials or trust material

    • create

      public static TlsOptions create(SSLContext sslContext)
      Creates a TlsOptions object with the specified sslContext.
      Parameters:
      sslContext - a context configured with DER encoded client credentials and DER encoded trusted material
      Returns:
      a new TlsOptions object
      Throws:
      NullPointerException - if argument is null

    • getSslContext

      public abstract SSLContext getSslContext()
      Returns the SSLContext object that will be used in establishing secure connections.
      Returns:
      SSLContext

    • getTlsHandshakeTimeout

      public abstract int getTlsHandshakeTimeout()
      Returns TLS handshake timeout, which by default is 10 seconds.
      Returns:
      TLS handshake timeout value in milliseconds

    • setTlsHandshakeTimeout

      public abstract void setTlsHandshakeTimeout(int tlsHandshakeTimeout)
      Sets TLS handshake timeout.
      Parameters:
      tlsHandshakeTimeout - new timeout duration, a strictly positive number of milliseconds
      Throws:
      IllegalArgumentException - if the new timeout is not strictly positive

    • getCrlTimeout

      public abstract int getCrlTimeout()
      Returns CRL timeout, which by default is 20 seconds.
      Returns:
      CRL fetch timeout in milliseconds

    • setCrlTimeout

      public abstract void setCrlTimeout(int crlTimeout)
      Sets CRL fetch timeout.
      Parameters:
      crlTimeout - new timeout duration, a strictly positive number of milliseconds
      Throws:
      IllegalArgumentException - if the new timeout is not strictly positive