Package org.apache.tomcat.util.net
Class SSLUtilBase
java.lang.Object
org.apache.tomcat.util.net.SSLUtilBase
- All Implemented Interfaces:
SSLUtil
- Direct Known Subclasses:
JSSEUtil
,OpenSSLUtil
Common base class for
SSLUtil
implementations.-
Nested Class Summary
Nested classes/interfaces inherited from interface org.apache.tomcat.util.net.SSLUtil
SSLUtil.ProtocolInfo
-
Field Summary
Modifier and TypeFieldDescriptionprotected final SSLHostConfigCertificate
static final String
protected final SSLHostConfig
-
Constructor Summary
ModifierConstructorDescriptionprotected
SSLUtilBase
(SSLHostConfigCertificate certificate) protected
SSLUtilBase
(SSLHostConfigCertificate certificate, boolean warnTls13) -
Method Summary
Modifier and TypeMethodDescriptionvoid
configureSessionContext
(SSLSessionContext sslSessionContext) final SSLContext
createSSLContext
(List<String> negotiableProtocols) protected abstract SSLContext
createSSLContextInternal
(List<String> negotiableProtocols) protected Collection<? extends CRL>
Load the collection of CRLs.String[]
The set of enabled ciphers is the intersection of the implemented ciphers and the configured ciphers.String[]
The set of enabled protocols is the intersection of the implemented protocols and the configured protocols.protected abstract Log
getLog()
protected CertPathParameters
getParameters
(String crlf, KeyStore trustStore, boolean revocationEnabled) Return the initialization parameters for the TrustManager.protected abstract boolean
-
Field Details
-
DEFAULT_KEY_ALIAS
- See Also:
-
sslHostConfig
-
certificate
-
-
Constructor Details
-
SSLUtilBase
-
SSLUtilBase
-
-
Method Details
-
createSSLContext
- Specified by:
createSSLContext
in interfaceSSLUtil
- Throws:
Exception
-
configureSessionContext
- Specified by:
configureSessionContext
in interfaceSSLUtil
-
getKeyManagers
- Specified by:
getKeyManagers
in interfaceSSLUtil
- Throws:
Exception
-
getEnabledProtocols
Description copied from interface:SSLUtil
The set of enabled protocols is the intersection of the implemented protocols and the configured protocols. If no protocols are explicitly configured, then all of the implemented protocols will be included in the returned array.- Specified by:
getEnabledProtocols
in interfaceSSLUtil
- Returns:
- The protocols currently enabled and available for clients to select from for the associated connection
-
getEnabledCiphers
Description copied from interface:SSLUtil
The set of enabled ciphers is the intersection of the implemented ciphers and the configured ciphers. If no ciphers are explicitly configured, then the default ciphers will be included in the returned array.The ciphers used during the TLS handshake may be further restricted by the
SSLUtil.getEnabledProtocols()
and the certificates.- Specified by:
getEnabledCiphers
in interfaceSSLUtil
- Returns:
- The ciphers currently enabled and available for clients to select from for the associated connection
-
getTrustManagers
- Specified by:
getTrustManagers
in interfaceSSLUtil
- Throws:
Exception
-
getParameters
protected CertPathParameters getParameters(String crlf, KeyStore trustStore, boolean revocationEnabled) throws Exception Return the initialization parameters for the TrustManager. Currently, only the defaultPKIX
is supported.- Parameters:
crlf
- The path to the CRL file.trustStore
- The configured TrustStore.revocationEnabled
- Should the JSSE provider perform revocation checks? Ignored ifcrlf
is non-null. Configuration of revocation checks are expected to be via proprietary JSSE provider methods.- Returns:
- The parameters including the CRLs and TrustStore.
- Throws:
Exception
- An error occurred
-
getCRLs
protected Collection<? extends CRL> getCRLs(String crlf) throws IOException, CRLException, CertificateException Load the collection of CRLs.- Parameters:
crlf
- The path to the CRL file.- Returns:
- the CRLs collection
- Throws:
IOException
- Error reading CRL fileCRLException
- CRL errorCertificateException
- Error processing certificate
-
getImplementedProtocols
-
getImplementedCiphers
-
getLog
-
isTls13RenegAuthAvailable
protected abstract boolean isTls13RenegAuthAvailable() -
createSSLContextInternal
protected abstract SSLContext createSSLContextInternal(List<String> negotiableProtocols) throws Exception - Throws:
Exception
-