Class SSLUtilBase

  • All Implemented Interfaces:
    SSLUtil
    Direct Known Subclasses:
    JSSEUtil, OpenSSLUtil

    public abstract class SSLUtilBase
    extends java.lang.Object
    implements SSLUtil
    Common base class for SSLUtil implementations.
    • Method Summary

      All Methods Instance Methods Abstract Methods Concrete Methods 
      Modifier and Type Method Description
      void configureSessionContext​(javax.net.ssl.SSLSessionContext sslSessionContext)
      Configures the given SSL session context.
      SSLContext createSSLContext​(java.util.List<java.lang.String> negotiableProtocols)
      Creates an SSL context for the given negotiable protocols.
      protected abstract SSLContext createSSLContextInternal​(java.util.List<java.lang.String> negotiableProtocols)
      Creates an SSL context with the given negotiable protocols.
      protected java.util.Collection<? extends java.security.cert.CRL> getCRLs​(java.lang.String crlf)
      Load the collection of CRLs.
      java.lang.String[] getEnabledCiphers()
      The set of enabled ciphers is the intersection of the implemented ciphers and the configured ciphers.
      java.lang.String[] getEnabledProtocols()
      The set of enabled protocols is the intersection of the implemented protocols and the configured protocols.
      protected abstract java.util.Set<java.lang.String> getImplementedCiphers()
      Returns the set of implemented SSL/TLS ciphers.
      protected abstract java.util.Set<java.lang.String> getImplementedProtocols()
      Returns the set of implemented SSL/TLS protocols.
      javax.net.ssl.KeyManager[] getKeyManagers()
      Returns the key managers.
      protected abstract Log getLog()
      Returns the log for this utility.
      protected java.security.cert.CertPathParameters getParameters​(java.lang.String crlf, java.security.KeyStore trustStore, boolean revocationEnabled)
      Return the initialization parameters for the TrustManager.
      javax.net.ssl.TrustManager[] getTrustManagers()
      Returns the trust managers.
      protected abstract boolean isTls13RenegAuthAvailable()
      Returns whether TLS 1.3 renegotiation authentication is available.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • DEFAULT_KEY_ALIAS

        public static final java.lang.String DEFAULT_KEY_ALIAS
        Default key alias.
        See Also:
        Constant Field Values
      • sslHostConfig

        protected final SSLHostConfig sslHostConfig
        The SSL host configuration.
    • Constructor Detail

      • SSLUtilBase

        protected SSLUtilBase​(SSLHostConfigCertificate certificate)
        Constructor.
        Parameters:
        certificate - The SSL host configuration certificate
      • SSLUtilBase

        protected SSLUtilBase​(SSLHostConfigCertificate certificate,
                              boolean warnTls13)
        Constructor.
        Parameters:
        certificate - The SSL host configuration certificate
        warnTls13 - Whether to warn about TLS 1.3 issues
    • Method Detail

      • createSSLContext

        public final SSLContext createSSLContext​(java.util.List<java.lang.String> negotiableProtocols)
                                          throws java.lang.Exception
        Description copied from interface: SSLUtil
        Creates an SSL context for the given negotiable protocols.
        Specified by:
        createSSLContext in interface SSLUtil
        Parameters:
        negotiableProtocols - The negotiable protocols
        Returns:
        the SSL context
        Throws:
        java.lang.Exception - if an error occurs
      • configureSessionContext

        public void configureSessionContext​(javax.net.ssl.SSLSessionContext sslSessionContext)
        Description copied from interface: SSLUtil
        Configures the given SSL session context.
        Specified by:
        configureSessionContext in interface SSLUtil
        Parameters:
        sslSessionContext - The SSL session context to configure
      • getKeyManagers

        public javax.net.ssl.KeyManager[] getKeyManagers()
                                                  throws java.lang.Exception
        Description copied from interface: SSLUtil
        Returns the key managers.
        Specified by:
        getKeyManagers in interface SSLUtil
        Returns:
        The key managers
        Throws:
        java.lang.Exception - if an error occurs
      • getEnabledProtocols

        public java.lang.String[] getEnabledProtocols()
        Description copied from interface: SSLUtil
        The set of enabled protocols is the intersection of the implemented protocols and the configured protocols. If no protocols are explicitly configured, then all of the implemented protocols will be included in the returned array.
        Specified by:
        getEnabledProtocols in interface SSLUtil
        Returns:
        The protocols currently enabled and available for clients to select from for the associated connection
      • getEnabledCiphers

        public java.lang.String[] getEnabledCiphers()
        Description copied from interface: SSLUtil
        The set of enabled ciphers is the intersection of the implemented ciphers and the configured ciphers. If no ciphers are explicitly configured, then the default ciphers will be included in the returned array.

        The ciphers used during the TLS handshake may be further restricted by the SSLUtil.getEnabledProtocols() and the certificates.

        Specified by:
        getEnabledCiphers in interface SSLUtil
        Returns:
        The ciphers currently enabled and available for clients to select from for the associated connection
      • getTrustManagers

        public javax.net.ssl.TrustManager[] getTrustManagers()
                                                      throws java.lang.Exception
        Description copied from interface: SSLUtil
        Returns the trust managers.
        Specified by:
        getTrustManagers in interface SSLUtil
        Returns:
        The trust managers
        Throws:
        java.lang.Exception - if an error occurs
      • getParameters

        protected java.security.cert.CertPathParameters getParameters​(java.lang.String crlf,
                                                                      java.security.KeyStore trustStore,
                                                                      boolean revocationEnabled)
                                                               throws java.lang.Exception
        Return the initialization parameters for the TrustManager. Currently, only the default PKIX is supported.
        Parameters:
        crlf - The path to the CRL file.
        trustStore - The configured TrustStore.
        revocationEnabled - Should the JSSE provider perform revocation checks? Ignored if crlf is non-null. Configuration of revocation checks are expected to be via proprietary JSSE provider methods.
        Returns:
        The parameters including the CRLs and TrustStore.
        Throws:
        java.lang.Exception - An error occurred
      • getCRLs

        protected java.util.Collection<? extends java.security.cert.CRL> getCRLs​(java.lang.String crlf)
                                                                          throws java.io.IOException,
                                                                                 java.security.cert.CRLException,
                                                                                 java.security.cert.CertificateException
        Load the collection of CRLs.
        Parameters:
        crlf - The path to the CRL file.
        Returns:
        the CRLs collection
        Throws:
        java.io.IOException - Error reading CRL file
        java.security.cert.CRLException - CRL error
        java.security.cert.CertificateException - Error processing certificate
      • getImplementedProtocols

        protected abstract java.util.Set<java.lang.String> getImplementedProtocols()
        Returns the set of implemented SSL/TLS protocols.
        Returns:
        the implemented protocols
      • getImplementedCiphers

        protected abstract java.util.Set<java.lang.String> getImplementedCiphers()
        Returns the set of implemented SSL/TLS ciphers.
        Returns:
        the implemented ciphers
      • getLog

        protected abstract Log getLog()
        Returns the log for this utility.
        Returns:
        the log
      • isTls13RenegAuthAvailable

        protected abstract boolean isTls13RenegAuthAvailable()
        Returns whether TLS 1.3 renegotiation authentication is available.
        Returns:
        true if TLS 1.3 renegotiation authentication is available
      • createSSLContextInternal

        protected abstract SSLContext createSSLContextInternal​(java.util.List<java.lang.String> negotiableProtocols)
                                                        throws java.lang.Exception
        Creates an SSL context with the given negotiable protocols.
        Parameters:
        negotiableProtocols - The negotiable protocols
        Returns:
        the SSL context
        Throws:
        java.lang.Exception - if creation fails