Package org.apache.tomcat.util.net

Class SSLHostConfig

java.lang.Object

org.apache.tomcat.util.net.SSLHostConfig

All Implemented Interfaces:

Serializable

public class SSLHostConfig
extends Object
implements Serializable

Represents the TLS configuration for a virtual host.

See Also:

• Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static enum	SSLHostConfig.CertificateVerification
static enum	SSLHostConfig.Type

Field Summary

Fields

Modifier and Type	Field	Description
protected static final String	DEFAULT_SSL_HOST_NAME
static final String	DEFAULT_TLS_CIPHERS
protected static final Set<String>	SSL_PROTO_ALL_SET

Constructor Summary

Constructors

Constructor	Description
SSLHostConfig()

Method Summary

Modifier and Type	Method	Description
void	addCertificate(SSLHostConfigCertificate certificate)
static String	adjustRelativePath(String path)
Set<X509Certificate>	certificatesExpiringBefore(Date date)
String	getCaCertificateFile()
String	getCaCertificatePath()
String	getCertificateRevocationListFile()
String	getCertificateRevocationListPath()
Set<SSLHostConfigCertificate>	getCertificates()
Set<SSLHostConfigCertificate>	getCertificates(boolean createDefaultIfEmpty)
SSLHostConfig.CertificateVerification	getCertificateVerification()
String	getCertificateVerificationAsString()
int	getCertificateVerificationDepth()
LinkedHashSet<Cipher>	getCipherList()
String	getCiphers()
String	getConfigType()
boolean	getDisableCompression()
boolean	getDisableSessionTickets()
String[]	getEnabledCiphers()
String[]	getEnabledProtocols()
boolean	getHonorCipherOrder()
String	getHostName()
boolean	getInsecureRenegotiation()
List<String>	getJsseCipherNames()	Obtain the list of JSSE cipher names for the current configuration.
String	getKeyManagerAlgorithm()
ObjectName	getObjectName()
OpenSSLConf	getOpenSslConf()
Long	getOpenSslConfContext()
Long	getOpenSslContext()
Set<String>	getProtocols()
boolean	getRevocationEnabled()
int	getSessionCacheSize()
int	getSessionTimeout()
String	getSslProtocol()
String	getTrustManagerClassName()
KeyStore	getTruststore()
String	getTruststoreAlgorithm()
String	getTruststoreFile()
String	getTruststorePassword()
String	getTruststoreProvider()
String	getTruststoreType()
boolean	isCertificateVerificationDepthConfigured()
boolean	isTls13RenegotiationAvailable()
void	setCaCertificateFile(String caCertificateFile)
void	setCaCertificatePath(String caCertificatePath)
void	setCertificateRevocationListFile(String certificateRevocationListFile)
void	setCertificateRevocationListPath(String certificateRevocationListPath)
void	setCertificateVerification(String certificateVerification)
void	setCertificateVerificationAsString(String certificateVerification)
void	setCertificateVerificationDepth(int certificateVerificationDepth)
void	setCiphers(String ciphersList)	Set the new cipher configuration.
void	setDisableCompression(boolean disableCompression)
void	setDisableSessionTickets(boolean disableSessionTickets)
void	setEnabledCiphers(String[] enabledCiphers)
void	setEnabledProtocols(String[] enabledProtocols)
void	setHonorCipherOrder(boolean honorCipherOrder)
void	setHostName(String hostName)
void	setInsecureRenegotiation(boolean insecureRenegotiation)
void	setKeyManagerAlgorithm(String keyManagerAlgorithm)
void	setObjectName(ObjectName oname)
void	setOpenSslConf(OpenSSLConf conf)
void	setOpenSslConfContext(Long openSslConfContext)
void	setOpenSslContext(Long openSslContext)
void	setProtocols(String input)
void	setRevocationEnabled(boolean revocationEnabled)
void	setSessionCacheSize(int sessionCacheSize)
void	setSessionTimeout(int sessionTimeout)
void	setSslProtocol(String sslProtocol)
void	setTls13RenegotiationAvailable(boolean tls13RenegotiationAvailable)
void	setTrustManagerClassName(String trustManagerClassName)
void	setTrustStore(KeyStore truststore)
void	setTruststoreAlgorithm(String truststoreAlgorithm)
void	setTruststoreFile(String truststoreFile)
void	setTruststorePassword(String truststorePassword)
void	setTruststoreProvider(String truststoreProvider)
void	setTruststoreType(String truststoreType)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

DEFAULT_SSL_HOST_NAME

protected static final String DEFAULT_SSL_HOST_NAME

See Also:

• Constant Field Values

SSL_PROTO_ALL_SET

protected static final Set<String> SSL_PROTO_ALL_SET

DEFAULT_TLS_CIPHERS

public static final String DEFAULT_TLS_CIPHERS

See Also:

• Constant Field Values

Constructor Details

SSLHostConfig

public SSLHostConfig()

Method Details

isTls13RenegotiationAvailable

public boolean isTls13RenegotiationAvailable()

setTls13RenegotiationAvailable

public void setTls13RenegotiationAvailable(boolean tls13RenegotiationAvailable)

getOpenSslConfContext

public Long getOpenSslConfContext()

setOpenSslConfContext

public void setOpenSslConfContext(Long openSslConfContext)

getOpenSslContext

public Long getOpenSslContext()

setOpenSslContext

public void setOpenSslContext(Long openSslContext)

getConfigType

public String getConfigType()

getEnabledProtocols

public String[] getEnabledProtocols()

Returns:

The protocols enabled for this TLS virtual host

See Also:

• SSLUtil.getEnabledProtocols()

setEnabledProtocols

public void setEnabledProtocols(String[] enabledProtocols)

getEnabledCiphers

public String[] getEnabledCiphers()

Returns:

The ciphers enabled for this TLS virtual host

See Also:

• SSLUtil.getEnabledCiphers()

setEnabledCiphers

public void setEnabledCiphers(String[] enabledCiphers)

getObjectName

public ObjectName getObjectName()

setObjectName

public void setObjectName(ObjectName oname)

addCertificate

public void addCertificate(SSLHostConfigCertificate certificate)

getOpenSslConf

public OpenSSLConf getOpenSslConf()

setOpenSslConf

public void setOpenSslConf(OpenSSLConf conf)

getCertificates

public Set<SSLHostConfigCertificate> getCertificates()

getCertificates

public Set<SSLHostConfigCertificate> getCertificates(boolean createDefaultIfEmpty)

setCertificateRevocationListFile

public void setCertificateRevocationListFile(String certificateRevocationListFile)

getCertificateRevocationListFile

public String getCertificateRevocationListFile()

setCertificateVerification

public void setCertificateVerification(String certificateVerification)

getCertificateVerification

public SSLHostConfig.CertificateVerification getCertificateVerification()

setCertificateVerificationAsString

public void setCertificateVerificationAsString(String certificateVerification)

getCertificateVerificationAsString

public String getCertificateVerificationAsString()

setCertificateVerificationDepth

public void setCertificateVerificationDepth(int certificateVerificationDepth)

getCertificateVerificationDepth

public int getCertificateVerificationDepth()

isCertificateVerificationDepthConfigured

public boolean isCertificateVerificationDepthConfigured()

setCiphers

public void setCiphers(String ciphersList)

Set the new cipher configuration. Note: Regardless of the format used to set the configuration, it is always stored in OpenSSL format.

Parameters:

ciphersList - The new cipher configuration in OpenSSL or JSSE format

getCiphers

public String getCiphers()

Returns:

An OpenSSL cipher string for the current configuration.

getCipherList

public LinkedHashSet<Cipher> getCipherList()

getJsseCipherNames

public List<String> getJsseCipherNames()

Obtain the list of JSSE cipher names for the current configuration. Ciphers included in the configuration but not supported by JSSE will be excluded from this list.

Returns:

A list of the JSSE cipher names

setHonorCipherOrder

public void setHonorCipherOrder(boolean honorCipherOrder)

getHonorCipherOrder

public boolean getHonorCipherOrder()

setHostName

public void setHostName(String hostName)

getHostName

public String getHostName()

Returns:

The host name associated with this SSL configuration - always in lower case.

setProtocols

public void setProtocols(String input)

getProtocols

public Set<String> getProtocols()

setSessionCacheSize

public void setSessionCacheSize(int sessionCacheSize)

getSessionCacheSize

public int getSessionCacheSize()

setSessionTimeout

public void setSessionTimeout(int sessionTimeout)

getSessionTimeout

public int getSessionTimeout()

setKeyManagerAlgorithm

public void setKeyManagerAlgorithm(String keyManagerAlgorithm)

getKeyManagerAlgorithm

public String getKeyManagerAlgorithm()

setRevocationEnabled

public void setRevocationEnabled(boolean revocationEnabled)

getRevocationEnabled

public boolean getRevocationEnabled()

setSslProtocol

public void setSslProtocol(String sslProtocol)

getSslProtocol

public String getSslProtocol()

setTrustManagerClassName

public void setTrustManagerClassName(String trustManagerClassName)

getTrustManagerClassName

public String getTrustManagerClassName()

setTruststoreAlgorithm

public void setTruststoreAlgorithm(String truststoreAlgorithm)

getTruststoreAlgorithm

public String getTruststoreAlgorithm()

setTruststoreFile

public void setTruststoreFile(String truststoreFile)

getTruststoreFile

public String getTruststoreFile()

setTruststorePassword

public void setTruststorePassword(String truststorePassword)

getTruststorePassword

public String getTruststorePassword()

setTruststoreProvider

public void setTruststoreProvider(String truststoreProvider)

getTruststoreProvider

public String getTruststoreProvider()

setTruststoreType

public void setTruststoreType(String truststoreType)

getTruststoreType

public String getTruststoreType()

setTrustStore

public void setTrustStore(KeyStore truststore)

getTruststore

public KeyStore getTruststore()
                       throws IOException

Throws:

IOException

setCertificateRevocationListPath

public void setCertificateRevocationListPath(String certificateRevocationListPath)

getCertificateRevocationListPath

public String getCertificateRevocationListPath()

setCaCertificateFile

public void setCaCertificateFile(String caCertificateFile)

getCaCertificateFile

public String getCaCertificateFile()

setCaCertificatePath

public void setCaCertificatePath(String caCertificatePath)

getCaCertificatePath

public String getCaCertificatePath()

setDisableCompression

public void setDisableCompression(boolean disableCompression)

getDisableCompression

public boolean getDisableCompression()

setDisableSessionTickets

public void setDisableSessionTickets(boolean disableSessionTickets)

getDisableSessionTickets

public boolean getDisableSessionTickets()

setInsecureRenegotiation

public void setInsecureRenegotiation(boolean insecureRenegotiation)

getInsecureRenegotiation

public boolean getInsecureRenegotiation()

certificatesExpiringBefore

public Set<X509Certificate> certificatesExpiringBefore(Date date)

adjustRelativePath

public static String adjustRelativePath(String path)
                                 throws FileNotFoundException

Throws:

FileNotFoundException