Package org.apache.tomcat.util.net

Class SSLHostConfig

  • All Implemented Interfaces:
    java.io.Serializable
    public class SSLHostConfig
extends java.lang.Object
implements java.io.Serializable
    Represents the TLS configuration for a virtual host.
    See Also:
    Serialized Form

    • Field Detail

      • DEFAULT_SSL_HOST_NAME

        protected static final java.lang.String DEFAULT_SSL_HOST_NAME
        See Also:
        Constant Field Values

      • SSL_PROTO_ALL_SET

        protected static final java.util.Set<java.lang.String> SSL_PROTO_ALL_SET

      • DEFAULT_TLS_CIPHERS_12

        public static final java.lang.String DEFAULT_TLS_CIPHERS_12
        See Also:
        Constant Field Values

      • DEFAULT_TLS_CIPHERS_13

        public static final java.lang.String DEFAULT_TLS_CIPHERS_13
        See Also:
        Constant Field Values

    • Constructor Detail

      • SSLHostConfig

        public SSLHostConfig()

    • Method Detail

      • isTls13RenegotiationAvailable

        public boolean isTls13RenegotiationAvailable()

      • setTls13RenegotiationAvailable

        public void setTls13RenegotiationAvailable​(boolean tls13RenegotiationAvailable)

      • getOpenSslConfContext

        public java.lang.Long getOpenSslConfContext()

      • setOpenSslConfContext

        public void setOpenSslConfContext​(java.lang.Long openSslConfContext)

      • getOpenSslContext

        public java.lang.Long getOpenSslContext()

      • setOpenSslContext

        public void setOpenSslContext​(java.lang.Long openSslContext)

      • getConfigType

        public java.lang.String getConfigType()

      • getEnabledProtocols

        public java.lang.String[] getEnabledProtocols()
        Returns:
        The protocols enabled for this TLS virtual host
        See Also:
        SSLUtil.getEnabledProtocols()

      • setEnabledProtocols

        public void setEnabledProtocols​(java.lang.String[] enabledProtocols)

      • getEnabledCiphers

        public java.lang.String[] getEnabledCiphers()
        Returns:
        The ciphers enabled for this TLS virtual host
        See Also:
        SSLUtil.getEnabledCiphers()

      • setEnabledCiphers

        public void setEnabledCiphers​(java.lang.String[] enabledCiphers)

      • getObjectName

        public javax.management.ObjectName getObjectName()

      • setObjectName

        public void setObjectName​(javax.management.ObjectName oname)

      • setOpenSslConf

        public void setOpenSslConf​(OpenSSLConf conf)

      • getCertificateKeyPassword

        @Deprecated
public java.lang.String getCertificateKeyPassword()
        Deprecated.
        Obtain the prefered Certificate and call this method, there.
        Returns:
        The default certificate key password.

      • setCertificateKeyPassword

        @Deprecated
public void setCertificateKeyPassword​(java.lang.String certificateKeyPassword)
        Deprecated.
        Obtain the prefered Certificate and call this method, there.
        Parameters:
        certificateKeyPassword - The password for the default certificate's key.

      • getCertificateKeyPasswordFile

        @Deprecated
public java.lang.String getCertificateKeyPasswordFile()
        Deprecated.
        Obtain the prefered Certificate and call this method, there.
        Returns:
        The password for the default certificate's key.

      • setCertificateKeyPasswordFile

        @Deprecated
public void setCertificateKeyPasswordFile​(java.lang.String certificateKeyPasswordFile)
        Deprecated.
        Obtain the prefered Certificate and call this method, there.
        Parameters:
        certificateKeyPasswordFile - The file containing the password for the default certificate's key.

      • setCertificateRevocationListFile

        public void setCertificateRevocationListFile​(java.lang.String certificateRevocationListFile)

      • getCertificateRevocationListFile

        public java.lang.String getCertificateRevocationListFile()

      • setCertificateVerification

        public void setCertificateVerification​(java.lang.String certificateVerification)

      • setCertificateVerificationAsString

        public void setCertificateVerificationAsString​(java.lang.String certificateVerification)

      • getCertificateVerificationAsString

        public java.lang.String getCertificateVerificationAsString()

      • setCertificateVerificationDepth

        public void setCertificateVerificationDepth​(int certificateVerificationDepth)

      • getCertificateVerificationDepth

        public int getCertificateVerificationDepth()

      • isCertificateVerificationDepthConfigured

        public boolean isCertificateVerificationDepthConfigured()

      • setCiphers

        public void setCiphers​(java.lang.String ciphersList)
        Set the new cipher (TLSv1.2 and below) configuration. Note: Regardless of the format used to set the configuration, it is always stored in OpenSSL format.
        Parameters:
        ciphersList - The new cipher configuration in OpenSSL or JSSE format

      • getCiphers

        public java.lang.String getCiphers()
        Returns:
        An OpenSSL cipher string for the current configuration.

      • getCipherList

        public java.util.LinkedHashSet<Cipher> getCipherList()

      • getJsseCipherNames

        public java.util.List<java.lang.String> getJsseCipherNames()
        Obtain the list of JSSE cipher names for the current configuration. Ciphers included in the configuration but not supported by JSSE will be excluded from this list.
        Returns:
        A list of the JSSE cipher names

      • setCipherSuites

        public void setCipherSuites​(java.lang.String cipherSuites)
        Set the cipher suite (TLSv1.3) configuration.
        Parameters:
        cipherSuites - The cipher suites to use in a colon-separated, preference order list

      • getCipherSuites

        public java.lang.String getCipherSuites()
        Obtain the current cipher suite (TLSv1.3) configuration.
        Returns:
        An OpenSSL cipher suite string for the current configuration.

      • setHonorCipherOrder

        public void setHonorCipherOrder​(boolean honorCipherOrder)

      • getHonorCipherOrder

        public boolean getHonorCipherOrder()

      • setHostName

        public void setHostName​(java.lang.String hostName)

      • getHostName

        public java.lang.String getHostName()
        Returns:
        The host name associated with this SSL configuration - always in lower case.

      • getOcspEnabled

        public boolean getOcspEnabled()

      • setOcspEnabled

        public void setOcspEnabled​(boolean ocspEnabled)

      • getOcspSoftFail

        public boolean getOcspSoftFail()

      • setOcspSoftFail

        public void setOcspSoftFail​(boolean ocspSoftFail)

      • getOcspTimeout

        public int getOcspTimeout()

      • setOcspTimeout

        public void setOcspTimeout​(int ocspTimeout)

      • getOcspVerifyFlags

        public int getOcspVerifyFlags()

      • setOcspVerifyFlags

        public void setOcspVerifyFlags​(int ocspVerifyFlags)

      • setProtocols

        public void setProtocols​(java.lang.String input)

      • getProtocols

        public java.util.Set<java.lang.String> getProtocols()

      • setSessionCacheSize

        public void setSessionCacheSize​(int sessionCacheSize)

      • getSessionCacheSize

        public int getSessionCacheSize()

      • setSessionTimeout

        public void setSessionTimeout​(int sessionTimeout)

      • getSessionTimeout

        public int getSessionTimeout()

      • getGroups

        public java.lang.String getGroups()
        Returns:
        the configured named groups

      • setGroups

        public void setGroups​(java.lang.String groupsString)
        Set the enabled named groups.
        Parameters:
        groupsString - the case sensitive comma separated list of groups

      • getGroupList

        public java.util.LinkedHashSet<Group> getGroupList()
        Returns:
        the groupList

      • getCertificateKeyAlias

        @Deprecated
public java.lang.String getCertificateKeyAlias()
        Deprecated.
        Obtain the prefered Certificate and call this method, there.
        Returns:
        The key alias for the default certificate key.

      • setCertificateKeyAlias

        @Deprecated
public void setCertificateKeyAlias​(java.lang.String certificateKeyAlias)
        Deprecated.
        Obtain the prefered Certificate and call this method, there.
        Parameters:
        certificateKeyAlias - The alias of the certificate key.

      • getCertificateKeystoreFile

        @Deprecated
public java.lang.String getCertificateKeystoreFile()
        Deprecated.
        Obtain the prefered Certificate and call this method, there.
        Returns:
        The keystore file for the default certificate.

      • setCertificateKeystoreFile

        @Deprecated
public void setCertificateKeystoreFile​(java.lang.String certificateKeystoreFile)
        Deprecated.
        Obtain the prefered Certificate and call this method, there.
        Parameters:
        certificateKeystoreFile - The file containing the certificate keystore.

      • getCertificateKeystorePassword

        @Deprecated
public java.lang.String getCertificateKeystorePassword()
        Deprecated.
        Obtain the prefered Certificate and call this method, there.
        Returns:
        The password for the default certificate's keystore.

      • setCertificateKeystorePassword

        @Deprecated
public void setCertificateKeystorePassword​(java.lang.String certificateKeystorePassword)
        Deprecated.
        Obtain the prefered Certificate and call this method, there.
        Parameters:
        certificateKeystorePassword - The password for the certificate keystore.

      • getCertificateKeystorePasswordFile

        @Deprecated
public java.lang.String getCertificateKeystorePasswordFile()
        Deprecated.
        Obtain the prefered Certificate and call this method, there.
        Returns:
        The file containing the default certificate's keystore password.

      • setCertificateKeystorePasswordFile

        @Deprecated
public void setCertificateKeystorePasswordFile​(java.lang.String certificateKeystorePasswordFile)
        Deprecated.
        Obtain the prefered Certificate and call this method, there.
        Parameters:
        certificateKeystorePasswordFile - The file containing the default certificate's keystore password.

      • getCertificateKeystoreProvider

        @Deprecated
public java.lang.String getCertificateKeystoreProvider()
        Deprecated.
        Obtain the prefered Certificate and call this method, there.
        Returns:
        The provider for the default certificate's keystore.

      • setCertificateKeystoreProvider

        @Deprecated
public void setCertificateKeystoreProvider​(java.lang.String certificateKeystoreProvider)
        Deprecated.
        Obtain the prefered Certificate and call this method, there.
        Parameters:
        certificateKeystoreProvider - The provider for the default certificate's keystore.

      • getCertificateKeystoreType

        @Deprecated
public java.lang.String getCertificateKeystoreType()
        Deprecated.
        Obtain the prefered Certificate and call this method, there.
        Returns:
        The type of the default certificate's keystore.

      • setCertificateKeystoreType

        @Deprecated
public void setCertificateKeystoreType​(java.lang.String certificateKeystoreType)
        Deprecated.
        Obtain the prefered Certificate and call this method, there.
        Parameters:
        certificateKeystoreType - The type of the default certificate's keystore.

      • setKeyManagerAlgorithm

        public void setKeyManagerAlgorithm​(java.lang.String keyManagerAlgorithm)

      • getKeyManagerAlgorithm

        public java.lang.String getKeyManagerAlgorithm()

      • setRevocationEnabled

        public void setRevocationEnabled​(boolean revocationEnabled)

      • getRevocationEnabled

        public boolean getRevocationEnabled()

      • setSslProtocol

        public void setSslProtocol​(java.lang.String sslProtocol)

      • getSslProtocol

        public java.lang.String getSslProtocol()

      • setTrustManagerClassName

        public void setTrustManagerClassName​(java.lang.String trustManagerClassName)

      • getTrustManagerClassName

        public java.lang.String getTrustManagerClassName()

      • setTruststoreAlgorithm

        public void setTruststoreAlgorithm​(java.lang.String truststoreAlgorithm)

      • getTruststoreAlgorithm

        public java.lang.String getTruststoreAlgorithm()

      • setTruststoreFile

        public void setTruststoreFile​(java.lang.String truststoreFile)

      • getTruststoreFile

        public java.lang.String getTruststoreFile()

      • setTruststorePassword

        public void setTruststorePassword​(java.lang.String truststorePassword)

      • getTruststorePassword

        public java.lang.String getTruststorePassword()

      • setTruststoreProvider

        public void setTruststoreProvider​(java.lang.String truststoreProvider)

      • getTruststoreProvider

        public java.lang.String getTruststoreProvider()

      • setTruststoreType

        public void setTruststoreType​(java.lang.String truststoreType)

      • getTruststoreType

        public java.lang.String getTruststoreType()

      • setTrustStore

        public void setTrustStore​(java.security.KeyStore truststore)

      • getTruststore

        public java.security.KeyStore getTruststore()
                                     throws java.io.IOException
        Throws:
        java.io.IOException

      • getCertificateChainFile

        public java.lang.String getCertificateChainFile()

      • setCertificateChainFile

        public void setCertificateChainFile​(java.lang.String certificateChainFile)

      • getCertificateFile

        public java.lang.String getCertificateFile()

      • setCertificateFile

        public void setCertificateFile​(java.lang.String certificateFile)

      • getCertificateKeyFile

        public java.lang.String getCertificateKeyFile()

      • setCertificateKeyFile

        public void setCertificateKeyFile​(java.lang.String certificateKeyFile)

      • setCertificateRevocationListPath

        public void setCertificateRevocationListPath​(java.lang.String certificateRevocationListPath)

      • getCertificateRevocationListPath

        public java.lang.String getCertificateRevocationListPath()

      • setCaCertificateFile

        public void setCaCertificateFile​(java.lang.String caCertificateFile)

      • getCaCertificateFile

        public java.lang.String getCaCertificateFile()

      • setCaCertificatePath

        public void setCaCertificatePath​(java.lang.String caCertificatePath)

      • getCaCertificatePath

        public java.lang.String getCaCertificatePath()

      • setDisableCompression

        public void setDisableCompression​(boolean disableCompression)

      • getDisableCompression

        public boolean getDisableCompression()

      • setDisableSessionTickets

        public void setDisableSessionTickets​(boolean disableSessionTickets)

      • getDisableSessionTickets

        public boolean getDisableSessionTickets()

      • setInsecureRenegotiation

        public void setInsecureRenegotiation​(boolean insecureRenegotiation)

      • getInsecureRenegotiation

        public boolean getInsecureRenegotiation()

      • certificatesExpiringBefore

        public java.util.Set<java.security.cert.X509Certificate> certificatesExpiringBefore​(java.util.Date date)

      • adjustRelativePath

        public static java.lang.String adjustRelativePath​(java.lang.String path)
                                           throws java.io.FileNotFoundException
        Throws:
        java.io.FileNotFoundException