Class SSLUtilBase

java.lang.Object
org.apache.tomcat.util.net.SSLUtilBase
All Implemented Interfaces:
SSLUtil
Direct Known Subclasses:
JSSEUtil, OpenSSLUtil

public abstract class SSLUtilBase extends Object implements SSLUtil
Common base class for SSLUtil implementations.
  • Field Details

  • Constructor Details

  • Method Details

    • createSSLContext

      public final SSLContext createSSLContext(List<String> negotiableProtocols) throws Exception
      Specified by:
      createSSLContext in interface SSLUtil
      Throws:
      Exception
    • configureSessionContext

      public void configureSessionContext(SSLSessionContext sslSessionContext)
      Specified by:
      configureSessionContext in interface SSLUtil
    • getKeyManagers

      public KeyManager[] getKeyManagers() throws Exception
      Specified by:
      getKeyManagers in interface SSLUtil
      Throws:
      Exception
    • getEnabledProtocols

      public String[] getEnabledProtocols()
      Description copied from interface: SSLUtil
      The set of enabled protocols is the intersection of the implemented protocols and the configured protocols. If no protocols are explicitly configured, then all of the implemented protocols will be included in the returned array.
      Specified by:
      getEnabledProtocols in interface SSLUtil
      Returns:
      The protocols currently enabled and available for clients to select from for the associated connection
    • getEnabledCiphers

      public String[] getEnabledCiphers()
      Description copied from interface: SSLUtil
      The set of enabled ciphers is the intersection of the implemented ciphers and the configured ciphers. If no ciphers are explicitly configured, then the default ciphers will be included in the returned array.

      The ciphers used during the TLS handshake may be further restricted by the SSLUtil.getEnabledProtocols() and the certificates.

      Specified by:
      getEnabledCiphers in interface SSLUtil
      Returns:
      The ciphers currently enabled and available for clients to select from for the associated connection
    • getTrustManagers

      public TrustManager[] getTrustManagers() throws Exception
      Specified by:
      getTrustManagers in interface SSLUtil
      Throws:
      Exception
    • getParameters

      protected CertPathParameters getParameters(String crlf, KeyStore trustStore, boolean revocationEnabled) throws Exception
      Return the initialization parameters for the TrustManager. Currently, only the default PKIX is supported.
      Parameters:
      crlf - The path to the CRL file.
      trustStore - The configured TrustStore.
      revocationEnabled - Should the JSSE provider perform revocation checks? Ignored if crlf is non-null. Configuration of revocation checks are expected to be via proprietary JSSE provider methods.
      Returns:
      The parameters including the CRLs and TrustStore.
      Throws:
      Exception - An error occurred
    • getCRLs

      protected Collection<? extends CRL> getCRLs(String crlf) throws IOException, CRLException, CertificateException
      Load the collection of CRLs.
      Parameters:
      crlf - The path to the CRL file.
      Returns:
      the CRLs collection
      Throws:
      IOException - Error reading CRL file
      CRLException - CRL error
      CertificateException - Error processing certificate
    • getImplementedProtocols

      protected abstract Set<String> getImplementedProtocols()
    • getImplementedCiphers

      protected abstract Set<String> getImplementedCiphers()
    • getLog

      protected abstract Log getLog()
    • isTls13RenegAuthAvailable

      protected abstract boolean isTls13RenegAuthAvailable()
    • createSSLContextInternal

      protected abstract SSLContext createSSLContextInternal(List<String> negotiableProtocols) throws Exception
      Throws:
      Exception