Package org.apache.tomcat.util.net
Class SSLUtilBase
- java.lang.Object
-
- org.apache.tomcat.util.net.SSLUtilBase
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.apache.tomcat.util.net.SSLUtil
SSLUtil.ProtocolInfo
-
-
Field Summary
Fields Modifier and Type Field Description protected SSLHostConfigCertificatecertificateprotected SSLHostConfigsslHostConfig
-
Constructor Summary
Constructors Modifier Constructor Description protectedSSLUtilBase(SSLHostConfigCertificate certificate)protectedSSLUtilBase(SSLHostConfigCertificate certificate, boolean warnTls13)
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description voidconfigureSessionContext(SSLSessionContext sslSessionContext)SSLContextcreateSSLContext(List<String> negotiableProtocols)protected abstract SSLContextcreateSSLContextInternal(List<String> negotiableProtocols)protected Collection<? extends CRL>getCRLs(String crlf)Load the collection of CRLs.String[]getEnabledCiphers()The set of enabled ciphers is the intersection of the implemented ciphers and the configured ciphers.String[]getEnabledProtocols()The set of enabled protocols is the intersection of the implemented protocols and the configured protocols.protected abstract Set<String>getImplementedCiphers()protected abstract Set<String>getImplementedProtocols()KeyManager[]getKeyManagers()protected abstract LoggetLog()protected CertPathParametersgetParameters(String crlf, KeyStore trustStore, boolean revocationEnabled)Return the initialization parameters for the TrustManager.TrustManager[]getTrustManagers()protected abstract booleanisTls13RenegAuthAvailable()
-
-
-
Field Detail
-
sslHostConfig
protected final SSLHostConfig sslHostConfig
-
certificate
protected final SSLHostConfigCertificate certificate
-
-
Constructor Detail
-
SSLUtilBase
protected SSLUtilBase(SSLHostConfigCertificate certificate)
-
SSLUtilBase
protected SSLUtilBase(SSLHostConfigCertificate certificate, boolean warnTls13)
-
-
Method Detail
-
createSSLContext
public final SSLContext createSSLContext(List<String> negotiableProtocols) throws Exception
- Specified by:
createSSLContextin interfaceSSLUtil- Throws:
Exception
-
configureSessionContext
public void configureSessionContext(SSLSessionContext sslSessionContext)
- Specified by:
configureSessionContextin interfaceSSLUtil
-
getKeyManagers
public KeyManager[] getKeyManagers() throws Exception
- Specified by:
getKeyManagersin interfaceSSLUtil- Throws:
Exception
-
getEnabledProtocols
public String[] getEnabledProtocols()
Description copied from interface:SSLUtilThe set of enabled protocols is the intersection of the implemented protocols and the configured protocols. If no protocols are explicitly configured, then all of the implemented protocols will be included in the returned array.- Specified by:
getEnabledProtocolsin interfaceSSLUtil- Returns:
- The protocols currently enabled and available for clients to select from for the associated connection
-
getEnabledCiphers
public String[] getEnabledCiphers()
Description copied from interface:SSLUtilThe set of enabled ciphers is the intersection of the implemented ciphers and the configured ciphers. If no ciphers are explicitly configured, then the default ciphers will be included in the returned array.The ciphers used during the TLS handshake may be further restricted by the
SSLUtil.getEnabledProtocols()and the certificates.- Specified by:
getEnabledCiphersin interfaceSSLUtil- Returns:
- The ciphers currently enabled and available for clients to select from for the associated connection
-
getTrustManagers
public TrustManager[] getTrustManagers() throws Exception
- Specified by:
getTrustManagersin interfaceSSLUtil- Throws:
Exception
-
getParameters
protected CertPathParameters getParameters(String crlf, KeyStore trustStore, boolean revocationEnabled) throws Exception
Return the initialization parameters for the TrustManager. Currently, only the defaultPKIXis supported.- Parameters:
crlf- The path to the CRL file.trustStore- The configured TrustStore.revocationEnabled- Should the JSSE provider perform revocation checks? Ignored ifcrlfis non-null. Configuration of revocation checks are expected to be via proprietary JSSE provider methods.- Returns:
- The parameters including the CRLs and TrustStore.
- Throws:
Exception- An error occurred
-
getCRLs
protected Collection<? extends CRL> getCRLs(String crlf) throws IOException, CRLException, CertificateException
Load the collection of CRLs.- Parameters:
crlf- The path to the CRL file.- Returns:
- the CRLs collection
- Throws:
IOException- Error reading CRL fileCRLException- CRL errorCertificateException- Error processing certificate
-
getLog
protected abstract Log getLog()
-
isTls13RenegAuthAvailable
protected abstract boolean isTls13RenegAuthAvailable()
-
createSSLContextInternal
protected abstract SSLContext createSSLContextInternal(List<String> negotiableProtocols) throws Exception
- Throws:
Exception
-
-