Class OpenSSLContext
- java.lang.Object
-
- org.apache.tomcat.util.net.openssl.OpenSSLContext
-
- All Implemented Interfaces:
SSLContext
public class OpenSSLContext extends java.lang.Object implements SSLContext
OpenSSL implementation of the SSL context.
-
-
Constructor Summary
Constructors Constructor Description OpenSSLContext(SSLHostConfigCertificate certificate, java.util.List<java.lang.String> negotiableProtocols)Constructs an OpenSSLContext for the given certificate and protocols.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description voidaddCertificate(SSLHostConfigCertificate certificate)Adds a certificate to this SSL context.protected static booleanapplyConf(OpenSSLConf conf, long cctx, long ctx)Applies the OpenSSL configuration commands to the given context.protected static booleancheckConf(OpenSSLConf conf, long cctx)Checks the OpenSSL configuration commands against the given context.javax.net.ssl.SSLEnginecreateSSLEngine()Creates a new SSL engine.voiddestroy()Destroys this SSL context and releases any associated resources.java.security.cert.X509Certificate[]getAcceptedIssuers()Returns the accepted issuers.java.security.cert.X509Certificate[]getCertificateChain(java.lang.String alias)Returns the certificate chain for the given alias.java.lang.StringgetEnabledProtocol()Returns the currently enabled SSL/TLS protocol.javax.net.ssl.SSLSessionContextgetServerSessionContext()Returns the server session context.javax.net.ssl.SSLServerSocketFactorygetServerSocketFactory()Returns the server socket factory.javax.net.ssl.SSLParametersgetSupportedSSLParameters()Returns the supported SSL parameters.voidinit(javax.net.ssl.KeyManager[] kms, javax.net.ssl.TrustManager[] tms, java.security.SecureRandom sr)Setup the SSL_CTX.voidsetEnabledProtocol(java.lang.String protocol)Sets the enabled SSL/TLS protocol.
-
-
-
Constructor Detail
-
OpenSSLContext
public OpenSSLContext(SSLHostConfigCertificate certificate, java.util.List<java.lang.String> negotiableProtocols) throws javax.net.ssl.SSLException
Constructs an OpenSSLContext for the given certificate and protocols.- Parameters:
certificate- The SSL host config certificatenegotiableProtocols- The list of negotiable protocols- Throws:
javax.net.ssl.SSLException- if initialization fails
-
-
Method Detail
-
getEnabledProtocol
public java.lang.String getEnabledProtocol()
Returns the currently enabled SSL/TLS protocol.- Returns:
- The enabled protocol
-
setEnabledProtocol
public void setEnabledProtocol(java.lang.String protocol)
Sets the enabled SSL/TLS protocol.- Parameters:
protocol- The protocol to enable, or null for the default
-
destroy
public void destroy()
Description copied from interface:SSLContextDestroys this SSL context and releases any associated resources.- Specified by:
destroyin interfaceSSLContext
-
checkConf
protected static boolean checkConf(OpenSSLConf conf, long cctx) throws java.lang.Exception
Checks the OpenSSL configuration commands against the given context.- Parameters:
conf- The OpenSSL configurationcctx- The OpenSSL context- Returns:
- true if all commands are valid
- Throws:
java.lang.Exception- if an error occurs
-
applyConf
protected static boolean applyConf(OpenSSLConf conf, long cctx, long ctx) throws java.lang.Exception
Applies the OpenSSL configuration commands to the given context.- Parameters:
conf- The OpenSSL configurationcctx- The OpenSSL contextctx- The SSL context- Returns:
- true if all commands were applied successfully
- Throws:
java.lang.Exception- if an error occurs
-
init
public void init(javax.net.ssl.KeyManager[] kms, javax.net.ssl.TrustManager[] tms, java.security.SecureRandom sr) throws java.security.KeyManagementExceptionSetup the SSL_CTX.- Specified by:
initin interfaceSSLContext- Parameters:
kms- Must contain a KeyManager of the typeOpenSSLKeyManagertms- Must contain a TrustManager of the typeX509TrustManagersr- Is not used for this implementation.- Throws:
java.security.KeyManagementException- if an error occurs
-
addCertificate
public void addCertificate(SSLHostConfigCertificate certificate) throws java.lang.Exception
Adds a certificate to this SSL context.- Parameters:
certificate- The certificate to add- Throws:
java.lang.Exception- if an error occurs
-
getServerSessionContext
public javax.net.ssl.SSLSessionContext getServerSessionContext()
Description copied from interface:SSLContextReturns the server session context.- Specified by:
getServerSessionContextin interfaceSSLContext- Returns:
- The server session context
-
createSSLEngine
public javax.net.ssl.SSLEngine createSSLEngine()
Description copied from interface:SSLContextCreates a new SSL engine.- Specified by:
createSSLEnginein interfaceSSLContext- Returns:
- The new SSL engine
-
getServerSocketFactory
public javax.net.ssl.SSLServerSocketFactory getServerSocketFactory()
Description copied from interface:SSLContextReturns the server socket factory.- Specified by:
getServerSocketFactoryin interfaceSSLContext- Returns:
- The server socket factory
-
getSupportedSSLParameters
public javax.net.ssl.SSLParameters getSupportedSSLParameters()
Description copied from interface:SSLContextReturns the supported SSL parameters.- Specified by:
getSupportedSSLParametersin interfaceSSLContext- Returns:
- The supported SSL parameters
-
getCertificateChain
public java.security.cert.X509Certificate[] getCertificateChain(java.lang.String alias)
Description copied from interface:SSLContextReturns the certificate chain for the given alias.- Specified by:
getCertificateChainin interfaceSSLContext- Parameters:
alias- The alias- Returns:
- The certificate chain
-
getAcceptedIssuers
public java.security.cert.X509Certificate[] getAcceptedIssuers()
Description copied from interface:SSLContextReturns the accepted issuers.- Specified by:
getAcceptedIssuersin interfaceSSLContext- Returns:
- The accepted issuers
-
-