org.apache.tomcat.util.net

Class SSLUtilBase

java.lang.Object

org.apache.tomcat.util.net.SSLUtilBase

All Implemented Interfaces:

SSLUtil

Direct Known Subclasses:

JSSEUtil, OpenSSLUtil

public abstract class SSLUtilBase
extends Object
implements SSLUtil

Common base class for SSLUtil implementations.

Nested Class Summary

Nested classes/interfaces inherited from interface org.apache.tomcat.util.net.SSLUtil

SSLUtil.ProtocolInfo

Field Summary

Fields

Modifier and Type	Field and Description
protected SSLHostConfigCertificate	certificate
protected SSLHostConfig	sslHostConfig

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	SSLUtilBase(SSLHostConfigCertificate certificate)
protected	SSLUtilBase(SSLHostConfigCertificate certificate, boolean warnTls13)

Method Summary

Modifier and Type	Method and Description
void	configureSessionContext(SSLSessionContext sslSessionContext)
SSLContext	createSSLContext(List<String> negotiableProtocols)
protected abstract SSLContext	createSSLContextInternal(List<String> negotiableProtocols)
protected Collection<? extends CRL>	getCRLs(String crlf) Load the collection of CRLs.
String[]	getEnabledCiphers() The set of enabled ciphers is the intersection of the implemented ciphers and the configured ciphers.
String[]	getEnabledProtocols() The set of enabled protocols is the intersection of the implemented protocols and the configured protocols.
protected abstract Set<String>	getImplementedCiphers()
protected abstract Set<String>	getImplementedProtocols()
KeyManager[]	getKeyManagers()
protected abstract Log	getLog()
protected CertPathParameters	getParameters(String crlf, KeyStore trustStore, boolean revocationEnabled) Return the initialization parameters for the TrustManager.
TrustManager[]	getTrustManagers()
protected abstract boolean	isTls13RenegAuthAvailable()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

sslHostConfig

protected final SSLHostConfig sslHostConfig

certificate

protected final SSLHostConfigCertificate certificate

Constructor Detail

SSLUtilBase

protected SSLUtilBase(SSLHostConfigCertificate certificate)

SSLUtilBase

protected SSLUtilBase(SSLHostConfigCertificate certificate,
                      boolean warnTls13)

Method Detail

createSSLContext

public final SSLContext createSSLContext(List<String> negotiableProtocols)
                                  throws Exception

Specified by:

createSSLContext in interface SSLUtil

Throws:

Exception

configureSessionContext

public void configureSessionContext(SSLSessionContext sslSessionContext)

Specified by:

configureSessionContext in interface SSLUtil

getKeyManagers

public KeyManager[] getKeyManagers()
                            throws Exception

Specified by:

getKeyManagers in interface SSLUtil

Throws:

Exception

getEnabledProtocols

public String[] getEnabledProtocols()

Description copied from interface: SSLUtil

The set of enabled protocols is the intersection of the implemented protocols and the configured protocols. If no protocols are explicitly configured, then all of the implemented protocols will be included in the returned array.

Specified by:

getEnabledProtocols in interface SSLUtil

Returns:

The protocols currently enabled and available for clients to select from for the associated connection

getEnabledCiphers

public String[] getEnabledCiphers()

Description copied from interface: SSLUtil

The set of enabled ciphers is the intersection of the implemented ciphers and the configured ciphers. If no ciphers are explicitly configured, then the default ciphers will be included in the returned array.

The ciphers used during the TLS handshake may be further restricted by the SSLUtil.getEnabledProtocols() and the certificates.

Specified by:

getEnabledCiphers in interface SSLUtil

Returns:

The ciphers currently enabled and available for clients to select from for the associated connection

getTrustManagers

public TrustManager[] getTrustManagers()
                                throws Exception

Specified by:

getTrustManagers in interface SSLUtil

Throws:

Exception

getParameters

protected CertPathParameters getParameters(String crlf,
                                           KeyStore trustStore,
                                           boolean revocationEnabled)
                                    throws Exception

Return the initialization parameters for the TrustManager. Currently, only the default PKIX is supported.

Parameters:

crlf - The path to the CRL file.

trustStore - The configured TrustStore.

revocationEnabled - Should the JSSE provider perform revocation checks? Ignored if crlf is non-null. Configuration of revocation checks are expected to be via proprietary JSSE provider methods.

Returns:

The parameters including the CRLs and TrustStore.

Throws:

Exception - An error occurred

getCRLs

protected Collection<? extends CRL> getCRLs(String crlf)
                                     throws IOException,
                                            CRLException,
                                            CertificateException

Load the collection of CRLs.

Parameters:

crlf - The path to the CRL file.

Returns:

the CRLs collection

Throws:

IOException - Error reading CRL file

CRLException - CRL error

CertificateException - Error processing certificate

getImplementedProtocols

protected abstract Set<String> getImplementedProtocols()

getImplementedCiphers

protected abstract Set<String> getImplementedCiphers()

getLog

protected abstract Log getLog()

isTls13RenegAuthAvailable

protected abstract boolean isTls13RenegAuthAvailable()

createSSLContextInternal

protected abstract SSLContext createSSLContextInternal(List<String> negotiableProtocols)
                                                throws Exception

Throws:

Exception