Package org.apache.tomcat.util.net
Class SSLUtilBase
- java.lang.Object
-
- org.apache.tomcat.util.net.SSLUtilBase
-
- All Implemented Interfaces:
SSLUtil
- Direct Known Subclasses:
JSSEUtil,OpenSSLUtil
public abstract class SSLUtilBase extends java.lang.Object implements SSLUtil
Common base class forSSLUtilimplementations.
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.apache.tomcat.util.net.SSLUtil
SSLUtil.ProtocolInfo
-
-
Field Summary
Fields Modifier and Type Field Description protected SSLHostConfigCertificatecertificateThe SSL host configuration certificate.static java.lang.StringDEFAULT_KEY_ALIASDefault key alias.protected SSLHostConfigsslHostConfigThe SSL host configuration.
-
Constructor Summary
Constructors Modifier Constructor Description protectedSSLUtilBase(SSLHostConfigCertificate certificate)Constructor.protectedSSLUtilBase(SSLHostConfigCertificate certificate, boolean warnTls13)Constructor.
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description voidconfigureSessionContext(javax.net.ssl.SSLSessionContext sslSessionContext)Configures the given SSL session context.SSLContextcreateSSLContext(java.util.List<java.lang.String> negotiableProtocols)Creates an SSL context for the given negotiable protocols.protected abstract SSLContextcreateSSLContextInternal(java.util.List<java.lang.String> negotiableProtocols)Creates an SSL context with the given negotiable protocols.protected java.util.Collection<? extends java.security.cert.CRL>getCRLs(java.lang.String crlf)Load the collection of CRLs.java.lang.String[]getEnabledCiphers()The set of enabled ciphers is the intersection of the implemented ciphers and the configured ciphers.java.lang.String[]getEnabledProtocols()The set of enabled protocols is the intersection of the implemented protocols and the configured protocols.protected abstract java.util.Set<java.lang.String>getImplementedCiphers()Returns the set of implemented SSL/TLS ciphers.protected abstract java.util.Set<java.lang.String>getImplementedProtocols()Returns the set of implemented SSL/TLS protocols.javax.net.ssl.KeyManager[]getKeyManagers()Returns the key managers.protected abstract LoggetLog()Returns the log for this utility.protected java.security.cert.CertPathParametersgetParameters(java.lang.String crlf, java.security.KeyStore trustStore, boolean revocationEnabled)Return the initialization parameters for the TrustManager.javax.net.ssl.TrustManager[]getTrustManagers()Returns the trust managers.protected abstract booleanisTls13RenegAuthAvailable()Returns whether TLS 1.3 renegotiation authentication is available.
-
-
-
Field Detail
-
DEFAULT_KEY_ALIAS
public static final java.lang.String DEFAULT_KEY_ALIAS
Default key alias.- See Also:
- Constant Field Values
-
sslHostConfig
protected final SSLHostConfig sslHostConfig
The SSL host configuration.
-
certificate
protected final SSLHostConfigCertificate certificate
The SSL host configuration certificate.
-
-
Constructor Detail
-
SSLUtilBase
protected SSLUtilBase(SSLHostConfigCertificate certificate)
Constructor.- Parameters:
certificate- The SSL host configuration certificate
-
SSLUtilBase
protected SSLUtilBase(SSLHostConfigCertificate certificate, boolean warnTls13)
Constructor.- Parameters:
certificate- The SSL host configuration certificatewarnTls13- Whether to warn about TLS 1.3 issues
-
-
Method Detail
-
createSSLContext
public final SSLContext createSSLContext(java.util.List<java.lang.String> negotiableProtocols) throws java.lang.Exception
Description copied from interface:SSLUtilCreates an SSL context for the given negotiable protocols.- Specified by:
createSSLContextin interfaceSSLUtil- Parameters:
negotiableProtocols- The negotiable protocols- Returns:
- the SSL context
- Throws:
java.lang.Exception- if an error occurs
-
configureSessionContext
public void configureSessionContext(javax.net.ssl.SSLSessionContext sslSessionContext)
Description copied from interface:SSLUtilConfigures the given SSL session context.- Specified by:
configureSessionContextin interfaceSSLUtil- Parameters:
sslSessionContext- The SSL session context to configure
-
getKeyManagers
public javax.net.ssl.KeyManager[] getKeyManagers() throws java.lang.ExceptionDescription copied from interface:SSLUtilReturns the key managers.- Specified by:
getKeyManagersin interfaceSSLUtil- Returns:
- The key managers
- Throws:
java.lang.Exception- if an error occurs
-
getEnabledProtocols
public java.lang.String[] getEnabledProtocols()
Description copied from interface:SSLUtilThe set of enabled protocols is the intersection of the implemented protocols and the configured protocols. If no protocols are explicitly configured, then all of the implemented protocols will be included in the returned array.- Specified by:
getEnabledProtocolsin interfaceSSLUtil- Returns:
- The protocols currently enabled and available for clients to select from for the associated connection
-
getEnabledCiphers
public java.lang.String[] getEnabledCiphers()
Description copied from interface:SSLUtilThe set of enabled ciphers is the intersection of the implemented ciphers and the configured ciphers. If no ciphers are explicitly configured, then the default ciphers will be included in the returned array.The ciphers used during the TLS handshake may be further restricted by the
SSLUtil.getEnabledProtocols()and the certificates.- Specified by:
getEnabledCiphersin interfaceSSLUtil- Returns:
- The ciphers currently enabled and available for clients to select from for the associated connection
-
getTrustManagers
public javax.net.ssl.TrustManager[] getTrustManagers() throws java.lang.ExceptionDescription copied from interface:SSLUtilReturns the trust managers.- Specified by:
getTrustManagersin interfaceSSLUtil- Returns:
- The trust managers
- Throws:
java.lang.Exception- if an error occurs
-
getParameters
protected java.security.cert.CertPathParameters getParameters(java.lang.String crlf, java.security.KeyStore trustStore, boolean revocationEnabled) throws java.lang.ExceptionReturn the initialization parameters for the TrustManager. Currently, only the defaultPKIXis supported.- Parameters:
crlf- The path to the CRL file.trustStore- The configured TrustStore.revocationEnabled- Should the JSSE provider perform revocation checks? Ignored ifcrlfis non-null. Configuration of revocation checks are expected to be via proprietary JSSE provider methods.- Returns:
- The parameters including the CRLs and TrustStore.
- Throws:
java.lang.Exception- An error occurred
-
getCRLs
protected java.util.Collection<? extends java.security.cert.CRL> getCRLs(java.lang.String crlf) throws java.io.IOException, java.security.cert.CRLException, java.security.cert.CertificateExceptionLoad the collection of CRLs.- Parameters:
crlf- The path to the CRL file.- Returns:
- the CRLs collection
- Throws:
java.io.IOException- Error reading CRL filejava.security.cert.CRLException- CRL errorjava.security.cert.CertificateException- Error processing certificate
-
getImplementedProtocols
protected abstract java.util.Set<java.lang.String> getImplementedProtocols()
Returns the set of implemented SSL/TLS protocols.- Returns:
- the implemented protocols
-
getImplementedCiphers
protected abstract java.util.Set<java.lang.String> getImplementedCiphers()
Returns the set of implemented SSL/TLS ciphers.- Returns:
- the implemented ciphers
-
getLog
protected abstract Log getLog()
Returns the log for this utility.- Returns:
- the log
-
isTls13RenegAuthAvailable
protected abstract boolean isTls13RenegAuthAvailable()
Returns whether TLS 1.3 renegotiation authentication is available.- Returns:
trueif TLS 1.3 renegotiation authentication is available
-
createSSLContextInternal
protected abstract SSLContext createSSLContextInternal(java.util.List<java.lang.String> negotiableProtocols) throws java.lang.Exception
Creates an SSL context with the given negotiable protocols.- Parameters:
negotiableProtocols- The negotiable protocols- Returns:
- the SSL context
- Throws:
java.lang.Exception- if creation fails
-
-