Package org.apache.tomcat.util.net

Class SSLUtilBase

  • All Implemented Interfaces:
    SSLUtil
    Direct Known Subclasses:
    JSSEUtil, OpenSSLUtil
    public abstract class SSLUtilBase
extends java.lang.Object
implements SSLUtil
    Common base class for SSLUtil implementations.

    • Method Detail

      • createSSLContext

        public final SSLContext createSSLContext​(java.util.List<java.lang.String> negotiableProtocols)
                                  throws java.lang.Exception
        Specified by:
        createSSLContext in interface SSLUtil
        Throws:
        java.lang.Exception

      • configureSessionContext

        public void configureSessionContext​(javax.net.ssl.SSLSessionContext sslSessionContext)
        Specified by:
        configureSessionContext in interface SSLUtil

      • getKeyManagers

        public javax.net.ssl.KeyManager[] getKeyManagers()
                                          throws java.lang.Exception
        Specified by:
        getKeyManagers in interface SSLUtil
        Throws:
        java.lang.Exception

      • getEnabledProtocols

        public java.lang.String[] getEnabledProtocols()
        Description copied from interface: SSLUtil
        The set of enabled protocols is the intersection of the implemented protocols and the configured protocols. If no protocols are explicitly configured, then all of the implemented protocols will be included in the returned array.
        Specified by:
        getEnabledProtocols in interface SSLUtil
        Returns:
        The protocols currently enabled and available for clients to select from for the associated connection

      • getEnabledCiphers

        public java.lang.String[] getEnabledCiphers()
        Description copied from interface: SSLUtil
        The set of enabled ciphers is the intersection of the implemented ciphers and the configured ciphers. If no ciphers are explicitly configured, then the default ciphers will be included in the returned array.

        The ciphers used during the TLS handshake may be further restricted by the SSLUtil.getEnabledProtocols() and the certificates.

        Specified by:
        getEnabledCiphers in interface SSLUtil
        Returns:
        The ciphers currently enabled and available for clients to select from for the associated connection

      • getTrustManagers

        public javax.net.ssl.TrustManager[] getTrustManagers()
                                              throws java.lang.Exception
        Specified by:
        getTrustManagers in interface SSLUtil
        Throws:
        java.lang.Exception

      • getParameters

        protected java.security.cert.CertPathParameters getParameters​(java.lang.String crlf,
                                                              java.security.KeyStore trustStore,
                                                              boolean revocationEnabled)
                                                       throws java.lang.Exception
        Return the initialization parameters for the TrustManager. Currently, only the default PKIX is supported.
        Parameters:
        crlf - The path to the CRL file.
        trustStore - The configured TrustStore.
        revocationEnabled - Should the JSSE provider perform revocation checks? Ignored if crlf is non-null. Configuration of revocation checks are expected to be via proprietary JSSE provider methods.
        Returns:
        The parameters including the CRLs and TrustStore.
        Throws:
        java.lang.Exception - An error occurred

      • getCRLs

        protected java.util.Collection<? extends java.security.cert.CRL> getCRLs​(java.lang.String crlf)
                                                                  throws java.io.IOException,
                                                                         java.security.cert.CRLException,
                                                                         java.security.cert.CertificateException
        Load the collection of CRLs.
        Parameters:
        crlf - The path to the CRL file.
        Returns:
        the CRLs collection
        Throws:
        java.io.IOException - Error reading CRL file
        java.security.cert.CRLException - CRL error
        java.security.cert.CertificateException - Error processing certificate

      • getImplementedProtocols

        protected abstract java.util.Set<java.lang.String> getImplementedProtocols()

      • getImplementedCiphers

        protected abstract java.util.Set<java.lang.String> getImplementedCiphers()

      • getLog

        protected abstract Log getLog()

      • isTls13RenegAuthAvailable

        protected abstract boolean isTls13RenegAuthAvailable()

      • createSSLContextInternal

        protected abstract SSLContext createSSLContextInternal​(java.util.List<java.lang.String> negotiableProtocols)
                                                throws java.lang.Exception
        Throws:
        java.lang.Exception