Package org.apache.tomcat.util.net
Class SSLUtilBase
- java.lang.Object
-
- org.apache.tomcat.util.net.SSLUtilBase
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.apache.tomcat.util.net.SSLUtil
SSLUtil.ProtocolInfo
-
-
Field Summary
Fields Modifier and Type Field Description protected SSLHostConfigCertificate
certificate
static String
DEFAULT_KEY_ALIAS
protected SSLHostConfig
sslHostConfig
-
Constructor Summary
Constructors Modifier Constructor Description protected
SSLUtilBase(SSLHostConfigCertificate certificate)
protected
SSLUtilBase(SSLHostConfigCertificate certificate, boolean warnTls13)
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description void
configureSessionContext(SSLSessionContext sslSessionContext)
SSLContext
createSSLContext(List<String> negotiableProtocols)
protected abstract SSLContext
createSSLContextInternal(List<String> negotiableProtocols)
protected Collection<? extends CRL>
getCRLs(String crlf)
Load the collection of CRLs.String[]
getEnabledCiphers()
The set of enabled ciphers is the intersection of the implemented ciphers and the configured ciphers.String[]
getEnabledProtocols()
The set of enabled protocols is the intersection of the implemented protocols and the configured protocols.protected abstract Set<String>
getImplementedCiphers()
protected abstract Set<String>
getImplementedProtocols()
KeyManager[]
getKeyManagers()
protected abstract Log
getLog()
protected CertPathParameters
getParameters(String crlf, KeyStore trustStore, boolean revocationEnabled)
Return the initialization parameters for the TrustManager.TrustManager[]
getTrustManagers()
protected abstract boolean
isTls13RenegAuthAvailable()
-
-
-
Field Detail
-
DEFAULT_KEY_ALIAS
public static final String DEFAULT_KEY_ALIAS
- See Also:
- Constant Field Values
-
sslHostConfig
protected final SSLHostConfig sslHostConfig
-
certificate
protected final SSLHostConfigCertificate certificate
-
-
Constructor Detail
-
SSLUtilBase
protected SSLUtilBase(SSLHostConfigCertificate certificate)
-
SSLUtilBase
protected SSLUtilBase(SSLHostConfigCertificate certificate, boolean warnTls13)
-
-
Method Detail
-
createSSLContext
public final SSLContext createSSLContext(List<String> negotiableProtocols) throws Exception
- Specified by:
createSSLContext
in interfaceSSLUtil
- Throws:
Exception
-
configureSessionContext
public void configureSessionContext(SSLSessionContext sslSessionContext)
- Specified by:
configureSessionContext
in interfaceSSLUtil
-
getKeyManagers
public KeyManager[] getKeyManagers() throws Exception
- Specified by:
getKeyManagers
in interfaceSSLUtil
- Throws:
Exception
-
getEnabledProtocols
public String[] getEnabledProtocols()
Description copied from interface:SSLUtil
The set of enabled protocols is the intersection of the implemented protocols and the configured protocols. If no protocols are explicitly configured, then all of the implemented protocols will be included in the returned array.- Specified by:
getEnabledProtocols
in interfaceSSLUtil
- Returns:
- The protocols currently enabled and available for clients to select from for the associated connection
-
getEnabledCiphers
public String[] getEnabledCiphers()
Description copied from interface:SSLUtil
The set of enabled ciphers is the intersection of the implemented ciphers and the configured ciphers. If no ciphers are explicitly configured, then the default ciphers will be included in the returned array.The ciphers used during the TLS handshake may be further restricted by the
SSLUtil.getEnabledProtocols()
and the certificates.- Specified by:
getEnabledCiphers
in interfaceSSLUtil
- Returns:
- The ciphers currently enabled and available for clients to select from for the associated connection
-
getTrustManagers
public TrustManager[] getTrustManagers() throws Exception
- Specified by:
getTrustManagers
in interfaceSSLUtil
- Throws:
Exception
-
getParameters
protected CertPathParameters getParameters(String crlf, KeyStore trustStore, boolean revocationEnabled) throws Exception
Return the initialization parameters for the TrustManager. Currently, only the defaultPKIX
is supported.- Parameters:
crlf
- The path to the CRL file.trustStore
- The configured TrustStore.revocationEnabled
- Should the JSSE provider perform revocation checks? Ignored ifcrlf
is non-null. Configuration of revocation checks are expected to be via proprietary JSSE provider methods.- Returns:
- The parameters including the CRLs and TrustStore.
- Throws:
Exception
- An error occurred
-
getCRLs
protected Collection<? extends CRL> getCRLs(String crlf) throws IOException, CRLException, CertificateException
Load the collection of CRLs.- Parameters:
crlf
- The path to the CRL file.- Returns:
- the CRLs collection
- Throws:
IOException
- Error reading CRL fileCRLException
- CRL errorCertificateException
- Error processing certificate
-
getLog
protected abstract Log getLog()
-
isTls13RenegAuthAvailable
protected abstract boolean isTls13RenegAuthAvailable()
-
createSSLContextInternal
protected abstract SSLContext createSSLContextInternal(List<String> negotiableProtocols) throws Exception
- Throws:
Exception
-
-