Class SSLUtilBase

java.lang.Object
org.apache.tomcat.util.net.SSLUtilBase
All Implemented Interfaces:
SSLUtil
Direct Known Subclasses:
JSSEUtil, OpenSSLUtil
public abstract class SSLUtilBase extends Object implements SSLUtil
Common base class for SSLUtil implementations.

  • Field Details

  • Constructor Details

    • SSLUtilBase

      protected SSLUtilBase(SSLHostConfigCertificate certificate)
      Constructor.
      Parameters:
      certificate - The SSL host configuration certificate

    • SSLUtilBase

      protected SSLUtilBase(SSLHostConfigCertificate certificate, boolean warnTls13)
      Constructor.
      Parameters:
      certificate - The SSL host configuration certificate
      warnTls13 - Whether to warn about TLS 1.3 issues

  • Method Details

    • createSSLContext

      public final SSLContext createSSLContext(List<String> negotiableProtocols) throws Exception
      Description copied from interface: SSLUtil
      Creates an SSL context for the given negotiable protocols.
      Specified by:
      createSSLContext in interface SSLUtil
      Parameters:
      negotiableProtocols - The negotiable protocols
      Returns:
      the SSL context
      Throws:
      Exception - if an error occurs

    • configureSessionContext

      public void configureSessionContext(SSLSessionContext sslSessionContext)
      Description copied from interface: SSLUtil
      Configures the given SSL session context.
      Specified by:
      configureSessionContext in interface SSLUtil
      Parameters:
      sslSessionContext - The SSL session context to configure

    • getKeyManagers

      public KeyManager[] getKeyManagers() throws Exception
      Description copied from interface: SSLUtil
      Returns the key managers.
      Specified by:
      getKeyManagers in interface SSLUtil
      Returns:
      The key managers
      Throws:
      Exception - if an error occurs

    • getEnabledProtocols

      public String[] getEnabledProtocols()
      Description copied from interface: SSLUtil
      The set of enabled protocols is the intersection of the implemented protocols and the configured protocols. If no protocols are explicitly configured, then all of the implemented protocols will be included in the returned array.
      Specified by:
      getEnabledProtocols in interface SSLUtil
      Returns:
      The protocols currently enabled and available for clients to select from for the associated connection

    • getEnabledCiphers

      public String[] getEnabledCiphers()
      Description copied from interface: SSLUtil
      The set of enabled ciphers is the intersection of the implemented ciphers and the configured ciphers. If no ciphers are explicitly configured, then the default ciphers will be included in the returned array.

      The ciphers used during the TLS handshake may be further restricted by the SSLUtil.getEnabledProtocols() and the certificates.

      Specified by:
      getEnabledCiphers in interface SSLUtil
      Returns:
      The ciphers currently enabled and available for clients to select from for the associated connection

    • getTrustManagers

      public TrustManager[] getTrustManagers() throws Exception
      Description copied from interface: SSLUtil
      Returns the trust managers.
      Specified by:
      getTrustManagers in interface SSLUtil
      Returns:
      The trust managers
      Throws:
      Exception - if an error occurs

    • getParameters

      protected CertPathParameters getParameters(String crlf, KeyStore trustStore, boolean revocationEnabled) throws Exception
      Return the initialization parameters for the TrustManager. Currently, only the default PKIX is supported.
      Parameters:
      crlf - The path to the CRL file.
      trustStore - The configured TrustStore.
      revocationEnabled - Should the JSSE provider perform revocation checks? Ignored if crlf is non-null. Configuration of revocation checks are expected to be via proprietary JSSE provider methods.
      Returns:
      The parameters including the CRLs and TrustStore.
      Throws:
      Exception - An error occurred

    • getCRLs

      protected Collection<? extends CRL> getCRLs(String crlf) throws IOException, CRLException, CertificateException
      Load the collection of CRLs.
      Parameters:
      crlf - The path to the CRL file.
      Returns:
      the CRLs collection
      Throws:
      IOException - Error reading CRL file
      CRLException - CRL error
      CertificateException - Error processing certificate

    • getImplementedProtocols

      protected abstract Set<String> getImplementedProtocols()
      Returns the set of implemented SSL/TLS protocols.
      Returns:
      the implemented protocols

    • getImplementedCiphers

      protected abstract Set<String> getImplementedCiphers()
      Returns the set of implemented SSL/TLS ciphers.
      Returns:
      the implemented ciphers

    • getLog

      protected abstract Log getLog()
      Returns the log for this utility.
      Returns:
      the log

    • isTls13RenegAuthAvailable

      protected abstract boolean isTls13RenegAuthAvailable()
      Returns whether TLS 1.3 renegotiation authentication is available.
      Returns:
      true if TLS 1.3 renegotiation authentication is available

    • createSSLContextInternal

      protected abstract SSLContext createSSLContextInternal(List<String> negotiableProtocols) throws Exception
      Creates an SSL context with the given negotiable protocols.
      Parameters:
      negotiableProtocols - The negotiable protocols
      Returns:
      the SSL context
      Throws:
      Exception - if creation fails