Class SSLHostConfig

  • All Implemented Interfaces:
    java.io.Serializable

    public class SSLHostConfig
    extends java.lang.Object
    implements java.io.Serializable
    Represents the TLS configuration for a virtual host.
    See Also:
    Serialized Form
    • Field Detail

      • DEFAULT_SSL_HOST_NAME

        protected static final java.lang.String DEFAULT_SSL_HOST_NAME
        Default SSL host name.
        See Also:
        Constant Field Values
      • SSL_PROTO_ALL_SET

        protected static final java.util.Set<java.lang.String> SSL_PROTO_ALL_SET
        Set of all SSL protocols.
      • DEFAULT_TLS_CIPHERS_12

        public static final java.lang.String DEFAULT_TLS_CIPHERS_12
        Default cipher list for TLS 1.2 and below.
        See Also:
        Constant Field Values
      • DEFAULT_TLS_CIPHERS_13

        public static final java.lang.String DEFAULT_TLS_CIPHERS_13
        Default cipher suite list for TLS 1.3.
        See Also:
        Constant Field Values
    • Constructor Detail

      • SSLHostConfig

        public SSLHostConfig()
        Default constructor.
    • Method Detail

      • isTls13RenegotiationAvailable

        public boolean isTls13RenegotiationAvailable()
        Returns whether TLS 1.3 renegotiation is available.
        Returns:
        true if TLS 1.3 renegotiation is available
      • setTls13RenegotiationAvailable

        public void setTls13RenegotiationAvailable​(boolean tls13RenegotiationAvailable)
        Sets whether TLS 1.3 renegotiation is available.
        Parameters:
        tls13RenegotiationAvailable - true if TLS 1.3 renegotiation is available
      • getOpenSslConfContext

        public java.lang.Long getOpenSslConfContext()
        Returns the OpenSSL configuration context pointer.
        Returns:
        the OpenSSL configuration context pointer
      • setOpenSslConfContext

        public void setOpenSslConfContext​(java.lang.Long openSslConfContext)
        Sets the OpenSSL configuration context pointer.
        Parameters:
        openSslConfContext - the OpenSSL configuration context pointer
      • getOpenSslContext

        public java.lang.Long getOpenSslContext()
        Returns the OpenSSL context pointer.
        Returns:
        the OpenSSL context pointer
      • setOpenSslContext

        public void setOpenSslContext​(java.lang.Long openSslContext)
        Sets the OpenSSL context pointer.
        Parameters:
        openSslContext - the OpenSSL context pointer
      • getConfigType

        public java.lang.String getConfigType()
        Expose in String form for JMX.
        Returns:
        the configuration type as a string
      • getEnabledProtocols

        public java.lang.String[] getEnabledProtocols()
        Returns the protocols enabled for this TLS virtual host.
        Returns:
        The protocols enabled for this TLS virtual host
        See Also:
        SSLUtil.getEnabledProtocols()
      • setEnabledProtocols

        public void setEnabledProtocols​(java.lang.String[] enabledProtocols)
        Sets the protocols enabled for this TLS virtual host.
        Parameters:
        enabledProtocols - the protocols to enable
      • getEnabledCiphers

        public java.lang.String[] getEnabledCiphers()
        Returns the ciphers enabled for this TLS virtual host.
        Returns:
        The ciphers enabled for this TLS virtual host
        See Also:
        SSLUtil.getEnabledCiphers()
      • setEnabledCiphers

        public void setEnabledCiphers​(java.lang.String[] enabledCiphers)
        Sets the ciphers enabled for this TLS virtual host.
        Parameters:
        enabledCiphers - the ciphers to enable
      • getObjectName

        public javax.management.ObjectName getObjectName()
        Returns the JMX object name.
        Returns:
        the object name
      • setObjectName

        public void setObjectName​(javax.management.ObjectName oname)
        Sets the JMX object name.
        Parameters:
        oname - the object name
      • addCertificate

        public void addCertificate​(SSLHostConfigCertificate certificate)
        Adds a certificate to this SSL host configuration.
        Parameters:
        certificate - the certificate to add
      • getOpenSslConf

        public OpenSSLConf getOpenSslConf()
        Returns the OpenSSL configuration.
        Returns:
        the OpenSSL configuration
      • setOpenSslConf

        public void setOpenSslConf​(OpenSSLConf conf)
        Sets the OpenSSL configuration.
        Parameters:
        conf - the OpenSSL configuration
      • getCertificates

        public java.util.Set<SSLHostConfigCertificate> getCertificates()
        Returns the set of certificates.
        Returns:
        the certificates
      • getCertificates

        public java.util.Set<SSLHostConfigCertificate> getCertificates​(boolean createDefaultIfEmpty)
        Returns the set of certificates, optionally creating a default if empty.
        Parameters:
        createDefaultIfEmpty - true to create a default certificate if the set is empty
        Returns:
        the certificates
      • setCertificateRevocationListFile

        public void setCertificateRevocationListFile​(java.lang.String certificateRevocationListFile)
        Sets the certificate revocation list file.
        Parameters:
        certificateRevocationListFile - the certificate revocation list file
      • getCertificateRevocationListFile

        public java.lang.String getCertificateRevocationListFile()
        Returns the certificate revocation list file.
        Returns:
        the certificate revocation list file
      • setCertificateVerification

        public void setCertificateVerification​(java.lang.String certificateVerification)
        Sets the certificate verification mode.
        Parameters:
        certificateVerification - the certificate verification mode
      • getCertificateVerification

        public SSLHostConfig.CertificateVerification getCertificateVerification()
        Returns the certificate verification mode.
        Returns:
        the certificate verification mode
      • setCertificateVerificationAsString

        public void setCertificateVerificationAsString​(java.lang.String certificateVerification)
        Sets the certificate verification mode as a string.
        Parameters:
        certificateVerification - the certificate verification mode
      • getCertificateVerificationAsString

        public java.lang.String getCertificateVerificationAsString()
        Returns the certificate verification mode as a string.
        Returns:
        the certificate verification mode as a string
      • setCertificateVerificationDepth

        public void setCertificateVerificationDepth​(int certificateVerificationDepth)
        Sets the certificate verification depth.
        Parameters:
        certificateVerificationDepth - the certificate verification depth
      • getCertificateVerificationDepth

        public int getCertificateVerificationDepth()
        Returns the certificate verification depth.
        Returns:
        the certificate verification depth
      • isCertificateVerificationDepthConfigured

        public boolean isCertificateVerificationDepthConfigured()
        Returns whether the certificate verification depth has been configured.
        Returns:
        true if the certificate verification depth has been configured
      • setCiphers

        public void setCiphers​(java.lang.String ciphersList)
        Set the new cipher (TLSv1.2 and below) configuration. Note: Regardless of the format used to set the configuration, it is always stored in OpenSSL format.
        Parameters:
        ciphersList - The new cipher configuration in OpenSSL or JSSE format
      • getCiphers

        public java.lang.String getCiphers()
        Returns the cipher (TLSv1.2 and below) configuration.
        Returns:
        An OpenSSL cipher string for the current configuration.
      • getCipherList

        public java.util.LinkedHashSet<Cipher> getCipherList()
        Returns the list of configured ciphers.
        Returns:
        the cipher list
      • getJsseCipherNames

        public java.util.List<java.lang.String> getJsseCipherNames()
        Obtain the list of JSSE cipher names for the current configuration. Ciphers included in the configuration but not supported by JSSE will be excluded from this list. TLS 1.3 ciphers will be first in the list.
        Returns:
        A list of the JSSE cipher names
      • setCipherSuites

        public void setCipherSuites​(java.lang.String cipherSuites)
        Set the cipher suite (TLSv1.3) configuration.
        Parameters:
        cipherSuites - The cipher suites to use in a colon-separated, preference order list
      • getCipherSuites

        public java.lang.String getCipherSuites()
        Obtain the current cipher suite (TLSv1.3) configuration.
        Returns:
        An OpenSSL cipher suite string for the current configuration.
      • setHonorCipherOrder

        public void setHonorCipherOrder​(boolean honorCipherOrder)
        Sets whether to honor the cipher order.
        Parameters:
        honorCipherOrder - true to honor the cipher order
      • getHonorCipherOrder

        public boolean getHonorCipherOrder()
        Returns whether to honor the cipher order.
        Returns:
        true to honor the cipher order
      • setHostName

        public void setHostName​(java.lang.String hostName)
        Sets the host name.
        Parameters:
        hostName - the host name
      • getHostName

        public java.lang.String getHostName()
        Returns the host name associated with this SSL configuration.
        Returns:
        The host name associated with this SSL configuration - always in lower case.
      • getOcspEnabled

        public boolean getOcspEnabled()
        Returns whether OCSP is enabled.
        Returns:
        true if OCSP is enabled
      • setOcspEnabled

        public void setOcspEnabled​(boolean ocspEnabled)
        Sets whether OCSP is enabled.
        Parameters:
        ocspEnabled - true if OCSP is enabled
      • getOcspSoftFail

        public boolean getOcspSoftFail()
        Returns whether OCSP soft fail is enabled.
        Returns:
        true if OCSP soft fail is enabled
      • setOcspSoftFail

        public void setOcspSoftFail​(boolean ocspSoftFail)
        Sets whether OCSP soft fail is enabled.
        Parameters:
        ocspSoftFail - true if OCSP soft fail is enabled
      • getOcspTimeout

        public int getOcspTimeout()
        Returns the OCSP timeout.
        Returns:
        the OCSP timeout
      • setOcspTimeout

        public void setOcspTimeout​(int ocspTimeout)
        Sets the OCSP timeout.
        Parameters:
        ocspTimeout - the OCSP timeout
      • getOcspVerifyFlags

        public int getOcspVerifyFlags()
        Returns the OCSP verify flags.
        Returns:
        the OCSP verify flags
      • setOcspVerifyFlags

        public void setOcspVerifyFlags​(int ocspVerifyFlags)
        Sets the OCSP verify flags.
        Parameters:
        ocspVerifyFlags - the OCSP verify flags
      • setProtocols

        public void setProtocols​(java.lang.String input)
        Sets the protocols to be used.
        Parameters:
        input - the protocol string
      • getProtocols

        public java.util.Set<java.lang.String> getProtocols()
        Returns the configured protocols.
        Returns:
        the protocols
      • setSessionCacheSize

        public void setSessionCacheSize​(int sessionCacheSize)
        Sets the session cache size.
        Parameters:
        sessionCacheSize - the session cache size
      • getSessionCacheSize

        public int getSessionCacheSize()
        Returns the session cache size.
        Returns:
        the session cache size
      • setSessionTimeout

        public void setSessionTimeout​(int sessionTimeout)
        Sets the session timeout.
        Parameters:
        sessionTimeout - the session timeout
      • getSessionTimeout

        public int getSessionTimeout()
        Returns the session timeout.
        Returns:
        the session timeout
      • getGroups

        public java.lang.String getGroups()
        Returns the configured named groups.
        Returns:
        the configured named groups
      • setGroups

        public void setGroups​(java.lang.String groups)
        Set the enabled named groups.
        Parameters:
        groups - the case sensitive comma separated list of groups
      • getGroupList

        public java.util.LinkedHashSet<Group> getGroupList()
        Returns the parsed group list.
        Returns:
        the groupList
      • setKeyManagerAlgorithm

        public void setKeyManagerAlgorithm​(java.lang.String keyManagerAlgorithm)
        Sets the key manager algorithm.
        Parameters:
        keyManagerAlgorithm - the key manager algorithm
      • getKeyManagerAlgorithm

        public java.lang.String getKeyManagerAlgorithm()
        Returns the key manager algorithm.
        Returns:
        the key manager algorithm
      • setRevocationEnabled

        public void setRevocationEnabled​(boolean revocationEnabled)
        Sets whether revocation checking is enabled.
        Parameters:
        revocationEnabled - true if revocation checking is enabled
      • getRevocationEnabled

        public boolean getRevocationEnabled()
        Returns whether revocation checking is enabled.
        Returns:
        true if revocation checking is enabled
      • setSslProtocol

        public void setSslProtocol​(java.lang.String sslProtocol)
        Sets the SSL protocol.
        Parameters:
        sslProtocol - the SSL protocol
      • getSslProtocol

        public java.lang.String getSslProtocol()
        Returns the SSL protocol.
        Returns:
        the SSL protocol
      • setTrustManagerClassName

        public void setTrustManagerClassName​(java.lang.String trustManagerClassName)
        Sets the trust manager class name.
        Parameters:
        trustManagerClassName - the trust manager class name
      • getTrustManagerClassName

        public java.lang.String getTrustManagerClassName()
        Returns the trust manager class name.
        Returns:
        the trust manager class name
      • setTruststoreAlgorithm

        public void setTruststoreAlgorithm​(java.lang.String truststoreAlgorithm)
        Sets the truststore algorithm.
        Parameters:
        truststoreAlgorithm - the truststore algorithm
      • getTruststoreAlgorithm

        public java.lang.String getTruststoreAlgorithm()
        Returns the truststore algorithm.
        Returns:
        the truststore algorithm
      • setTruststoreFile

        public void setTruststoreFile​(java.lang.String truststoreFile)
        Sets the truststore file.
        Parameters:
        truststoreFile - the truststore file
      • getTruststoreFile

        public java.lang.String getTruststoreFile()
        Returns the truststore file.
        Returns:
        the truststore file
      • setTruststorePassword

        public void setTruststorePassword​(java.lang.String truststorePassword)
        Sets the truststore password.
        Parameters:
        truststorePassword - the truststore password
      • getTruststorePassword

        public java.lang.String getTruststorePassword()
        Returns the truststore password.
        Returns:
        the truststore password
      • setTruststoreProvider

        public void setTruststoreProvider​(java.lang.String truststoreProvider)
        Sets the truststore provider.
        Parameters:
        truststoreProvider - the truststore provider
      • getTruststoreProvider

        public java.lang.String getTruststoreProvider()
        Returns the truststore provider.
        Returns:
        the truststore provider
      • setTruststoreType

        public void setTruststoreType​(java.lang.String truststoreType)
        Sets the truststore type.
        Parameters:
        truststoreType - the truststore type
      • getTruststoreType

        public java.lang.String getTruststoreType()
        Returns the truststore type.
        Returns:
        the truststore type
      • setTrustStore

        public void setTrustStore​(java.security.KeyStore truststore)
        Sets the truststore.
        Parameters:
        truststore - the truststore
      • getTruststore

        public java.security.KeyStore getTruststore()
                                             throws java.io.IOException
        Returns the truststore.
        Returns:
        the truststore
        Throws:
        java.io.IOException - if an I/O error occurs
      • setCertificateRevocationListPath

        public void setCertificateRevocationListPath​(java.lang.String certificateRevocationListPath)
        Sets the certificate revocation list path.
        Parameters:
        certificateRevocationListPath - the certificate revocation list path
      • getCertificateRevocationListPath

        public java.lang.String getCertificateRevocationListPath()
        Returns the certificate revocation list path.
        Returns:
        the certificate revocation list path
      • setCaCertificateFile

        public void setCaCertificateFile​(java.lang.String caCertificateFile)
        Sets the CA certificate file.
        Parameters:
        caCertificateFile - the CA certificate file
      • getCaCertificateFile

        public java.lang.String getCaCertificateFile()
        Returns the CA certificate file.
        Returns:
        the CA certificate file
      • setCaCertificatePath

        public void setCaCertificatePath​(java.lang.String caCertificatePath)
        Sets the CA certificate path.
        Parameters:
        caCertificatePath - the CA certificate path
      • getCaCertificatePath

        public java.lang.String getCaCertificatePath()
        Returns the CA certificate path.
        Returns:
        the CA certificate path
      • setDisableCompression

        public void setDisableCompression​(boolean disableCompression)
        Sets whether compression is disabled.
        Parameters:
        disableCompression - true if compression is disabled
      • getDisableCompression

        public boolean getDisableCompression()
        Returns whether compression is disabled.
        Returns:
        true if compression is disabled
      • setDisableSessionTickets

        public void setDisableSessionTickets​(boolean disableSessionTickets)
        Sets whether session tickets are disabled.
        Parameters:
        disableSessionTickets - true if session tickets are disabled
      • getDisableSessionTickets

        public boolean getDisableSessionTickets()
        Returns whether session tickets are disabled.
        Returns:
        true if session tickets are disabled
      • setInsecureRenegotiation

        public void setInsecureRenegotiation​(boolean insecureRenegotiation)
        Sets whether insecure renegotiation is allowed.
        Parameters:
        insecureRenegotiation - true if insecure renegotiation is allowed
      • getInsecureRenegotiation

        public boolean getInsecureRenegotiation()
        Returns whether insecure renegotiation is allowed.
        Returns:
        true if insecure renegotiation is allowed
      • certificatesExpiringBefore

        public java.util.Set<java.security.cert.X509Certificate> certificatesExpiringBefore​(java.util.Date date)
        Returns the set of certificates that expire before the given date.
        Parameters:
        date - the date to check against
        Returns:
        the set of certificates expiring before the given date
      • adjustRelativePath

        public static java.lang.String adjustRelativePath​(java.lang.String path)
                                                   throws java.io.FileNotFoundException
        Adjusts a relative path to an absolute path based on the CATALINA_BASE property.
        Parameters:
        path - the path to adjust
        Returns:
        the adjusted path
        Throws:
        java.io.FileNotFoundException - if the file does not exist