Interface SSLConfigurationService

  • public interface SSLConfigurationService
    The SSLConfigurationService allows verifying whether a valid SSL configuration is present.
    • Field Detail


        static final String SSL_SERVICE_USER_ID
        The id of the service user holding the key store.
        See Also:
        Constant Field Values

        static final String KEYSTORE_ALIAS
        The name of the alias under which key and certificate are stored in the key store.
        See Also:
        Constant Field Values
    • Method Detail

      • isSSLConfigured

        boolean isSSLConfigured​(ResourceResolver resolver)
                         throws SecurityException
        Verifies whether an HTTPs listener is configured and available. The method must be called with the resource resolver of the admin user itself. Membership of the administrators group is insufficient.
        The configuration is considered valid in the following circumstances:
        • An OSGi configuration for the Granite SSL Connector Factory is present
        • The "Keystore User" (SSL_SERVICE_USER_ID normally) from the Granite SSL Connector Factory configuration exists and its key store contains a valid private key and certificate (chain) under the correct alias (KEYSTORE_ALIAS normally)
        • The SSLConfigurationService is able to perform an HTTPS request upon its own instance and the return code is <400 or 401. Note: invalid (i.e. self-signed) SSL certificates are silently accepted. Note: The hostname to connect to is derived from the Sling Topology local endpoint property.
        resolver - The admin-user resource resolver to access configuration and key store.
        true if the SSL configuration is present and valid.
        SecurityException - If the resolver is not the one of the admin user.