Package org.apache.tomcat.util.net
Class SSLUtilBase
- java.lang.Object
-
- org.apache.tomcat.util.net.SSLUtilBase
-
- All Implemented Interfaces:
SSLUtil
- Direct Known Subclasses:
JSSEUtil,OpenSSLUtil
public abstract class SSLUtilBase extends java.lang.Object implements SSLUtil
Common base class forSSLUtilimplementations.
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.apache.tomcat.util.net.SSLUtil
SSLUtil.ProtocolInfo
-
-
Field Summary
Fields Modifier and Type Field Description protected SSLHostConfigCertificatecertificateprotected SSLHostConfigsslHostConfig
-
Constructor Summary
Constructors Modifier Constructor Description protectedSSLUtilBase(SSLHostConfigCertificate certificate)protectedSSLUtilBase(SSLHostConfigCertificate certificate, boolean warnTls13)
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description voidconfigureSessionContext(javax.net.ssl.SSLSessionContext sslSessionContext)SSLContextcreateSSLContext(java.util.List<java.lang.String> negotiableProtocols)protected abstract SSLContextcreateSSLContextInternal(java.util.List<java.lang.String> negotiableProtocols)protected java.util.Collection<? extends java.security.cert.CRL>getCRLs(java.lang.String crlf)Load the collection of CRLs.java.lang.String[]getEnabledCiphers()The set of enabled ciphers is the intersection of the implemented ciphers and the configured ciphers.java.lang.String[]getEnabledProtocols()The set of enabled protocols is the intersection of the implemented protocols and the configured protocols.protected abstract java.util.Set<java.lang.String>getImplementedCiphers()protected abstract java.util.Set<java.lang.String>getImplementedProtocols()javax.net.ssl.KeyManager[]getKeyManagers()protected abstract LoggetLog()protected java.security.cert.CertPathParametersgetParameters(java.lang.String crlf, java.security.KeyStore trustStore, boolean revocationEnabled)Return the initialization parameters for the TrustManager.javax.net.ssl.TrustManager[]getTrustManagers()protected abstract booleanisTls13RenegAuthAvailable()
-
-
-
Field Detail
-
sslHostConfig
protected final SSLHostConfig sslHostConfig
-
certificate
protected final SSLHostConfigCertificate certificate
-
-
Constructor Detail
-
SSLUtilBase
protected SSLUtilBase(SSLHostConfigCertificate certificate)
-
SSLUtilBase
protected SSLUtilBase(SSLHostConfigCertificate certificate, boolean warnTls13)
-
-
Method Detail
-
createSSLContext
public final SSLContext createSSLContext(java.util.List<java.lang.String> negotiableProtocols) throws java.lang.Exception
- Specified by:
createSSLContextin interfaceSSLUtil- Throws:
java.lang.Exception
-
configureSessionContext
public void configureSessionContext(javax.net.ssl.SSLSessionContext sslSessionContext)
- Specified by:
configureSessionContextin interfaceSSLUtil
-
getKeyManagers
public javax.net.ssl.KeyManager[] getKeyManagers() throws java.lang.Exception- Specified by:
getKeyManagersin interfaceSSLUtil- Throws:
java.lang.Exception
-
getEnabledProtocols
public java.lang.String[] getEnabledProtocols()
Description copied from interface:SSLUtilThe set of enabled protocols is the intersection of the implemented protocols and the configured protocols. If no protocols are explicitly configured, then all of the implemented protocols will be included in the returned array.- Specified by:
getEnabledProtocolsin interfaceSSLUtil- Returns:
- The protocols currently enabled and available for clients to select from for the associated connection
-
getEnabledCiphers
public java.lang.String[] getEnabledCiphers()
Description copied from interface:SSLUtilThe set of enabled ciphers is the intersection of the implemented ciphers and the configured ciphers. If no ciphers are explicitly configured, then the default ciphers will be included in the returned array.The ciphers used during the TLS handshake may be further restricted by the
SSLUtil.getEnabledProtocols()and the certificates.- Specified by:
getEnabledCiphersin interfaceSSLUtil- Returns:
- The ciphers currently enabled and available for clients to select from for the associated connection
-
getTrustManagers
public javax.net.ssl.TrustManager[] getTrustManagers() throws java.lang.Exception- Specified by:
getTrustManagersin interfaceSSLUtil- Throws:
java.lang.Exception
-
getParameters
protected java.security.cert.CertPathParameters getParameters(java.lang.String crlf, java.security.KeyStore trustStore, boolean revocationEnabled) throws java.lang.ExceptionReturn the initialization parameters for the TrustManager. Currently, only the defaultPKIXis supported.- Parameters:
crlf- The path to the CRL file.trustStore- The configured TrustStore.revocationEnabled- Should the JSSE provider perform revocation checks? Ignored ifcrlfis non-null. Configuration of revocation checks are expected to be via proprietary JSSE provider methods.- Returns:
- The parameters including the CRLs and TrustStore.
- Throws:
java.lang.Exception- An error occurred
-
getCRLs
protected java.util.Collection<? extends java.security.cert.CRL> getCRLs(java.lang.String crlf) throws java.io.IOException, java.security.cert.CRLException, java.security.cert.CertificateExceptionLoad the collection of CRLs.- Parameters:
crlf- The path to the CRL file.- Returns:
- the CRLs collection
- Throws:
java.io.IOException- Error reading CRL filejava.security.cert.CRLException- CRL errorjava.security.cert.CertificateException- Error processing certificate
-
getImplementedProtocols
protected abstract java.util.Set<java.lang.String> getImplementedProtocols()
-
getImplementedCiphers
protected abstract java.util.Set<java.lang.String> getImplementedCiphers()
-
getLog
protected abstract Log getLog()
-
isTls13RenegAuthAvailable
protected abstract boolean isTls13RenegAuthAvailable()
-
createSSLContextInternal
protected abstract SSLContext createSSLContextInternal(java.util.List<java.lang.String> negotiableProtocols) throws java.lang.Exception
- Throws:
java.lang.Exception
-
-