Package org.apache.tomcat.util.net

Class SSLHostConfig

  • All Implemented Interfaces:
    java.io.Serializable
    public class SSLHostConfig
extends java.lang.Object
implements java.io.Serializable
    Represents the TLS configuration for a virtual host.
    See Also:
    Serialized Form

    • Field Detail

      • DEFAULT_SSL_HOST_NAME

        protected static final java.lang.String DEFAULT_SSL_HOST_NAME
        See Also:
        Constant Field Values

      • SSL_PROTO_ALL_SET

        protected static final java.util.Set<java.lang.String> SSL_PROTO_ALL_SET

      • DEFAULT_TLS_CIPHERS_12

        public static final java.lang.String DEFAULT_TLS_CIPHERS_12
        See Also:
        Constant Field Values

      • DEFAULT_TLS_CIPHERS_13

        public static final java.lang.String DEFAULT_TLS_CIPHERS_13
        See Also:
        Constant Field Values

    • Constructor Detail

      • SSLHostConfig

        public SSLHostConfig()

    • Method Detail

      • isTls13RenegotiationAvailable

        public boolean isTls13RenegotiationAvailable()

      • setTls13RenegotiationAvailable

        public void setTls13RenegotiationAvailable​(boolean tls13RenegotiationAvailable)

      • getOpenSslConfContext

        public java.lang.Long getOpenSslConfContext()

      • setOpenSslConfContext

        public void setOpenSslConfContext​(java.lang.Long openSslConfContext)

      • getOpenSslContext

        public java.lang.Long getOpenSslContext()

      • setOpenSslContext

        public void setOpenSslContext​(java.lang.Long openSslContext)

      • getConfigType

        public java.lang.String getConfigType()

      • getEnabledProtocols

        public java.lang.String[] getEnabledProtocols()
        Returns:
        The protocols enabled for this TLS virtual host
        See Also:
        SSLUtil.getEnabledProtocols()

      • setEnabledProtocols

        public void setEnabledProtocols​(java.lang.String[] enabledProtocols)

      • getEnabledCiphers

        public java.lang.String[] getEnabledCiphers()
        Returns:
        The ciphers enabled for this TLS virtual host
        See Also:
        SSLUtil.getEnabledCiphers()

      • setEnabledCiphers

        public void setEnabledCiphers​(java.lang.String[] enabledCiphers)

      • getObjectName

        public javax.management.ObjectName getObjectName()

      • setObjectName

        public void setObjectName​(javax.management.ObjectName oname)

      • setOpenSslConf

        public void setOpenSslConf​(OpenSSLConf conf)

      • getCertificateKeyPassword

        @Deprecated
public java.lang.String getCertificateKeyPassword()
        Deprecated.
        Obtain the prefered Certificate and call this method, there.
        Returns:
        The default certificate key password.

      • setCertificateKeyPassword

        @Deprecated
public void setCertificateKeyPassword​(java.lang.String certificateKeyPassword)
        Deprecated.
        Obtain the prefered Certificate and call this method, there.
        Parameters:
        certificateKeyPassword - The password for the default certificate's key.

      • getCertificateKeyPasswordFile

        @Deprecated
public java.lang.String getCertificateKeyPasswordFile()
        Deprecated.
        Obtain the prefered Certificate and call this method, there.
        Returns:
        The password for the default certificate's key.

      • setCertificateKeyPasswordFile

        @Deprecated
public void setCertificateKeyPasswordFile​(java.lang.String certificateKeyPasswordFile)
        Deprecated.
        Obtain the prefered Certificate and call this method, there.
        Parameters:
        certificateKeyPasswordFile - The file containing the password for the default certificate's key.

      • setCertificateRevocationListFile

        public void setCertificateRevocationListFile​(java.lang.String certificateRevocationListFile)

      • getCertificateRevocationListFile

        public java.lang.String getCertificateRevocationListFile()

      • setCertificateVerification

        public void setCertificateVerification​(java.lang.String certificateVerification)

      • setCertificateVerificationAsString

        public void setCertificateVerificationAsString​(java.lang.String certificateVerification)

      • getCertificateVerificationAsString

        public java.lang.String getCertificateVerificationAsString()

      • setCertificateVerificationDepth

        public void setCertificateVerificationDepth​(int certificateVerificationDepth)

      • getCertificateVerificationDepth

        public int getCertificateVerificationDepth()

      • isCertificateVerificationDepthConfigured

        public boolean isCertificateVerificationDepthConfigured()

      • setCiphers

        public void setCiphers​(java.lang.String ciphersList)
        Set the new cipher (TLSv1.2 and below) configuration. Note: Regardless of the format used to set the configuration, it is always stored in OpenSSL format.
        Parameters:
        ciphersList - The new cipher configuration in OpenSSL or JSSE format

      • getCiphers

        public java.lang.String getCiphers()
        Returns:
        An OpenSSL cipher string for the current configuration.

      • getCipherList

        public java.util.LinkedHashSet<Cipher> getCipherList()

      • getJsseCipherNames

        public java.util.List<java.lang.String> getJsseCipherNames()
        Obtain the list of JSSE cipher names for the current configuration. Ciphers included in the configuration but not supported by JSSE will be excluded from this list. TLS 1.3 ciphers will be first in the list.
        Returns:
        A list of the JSSE cipher names

      • setCipherSuites

        public void setCipherSuites​(java.lang.String cipherSuites)
        Set the cipher suite (TLSv1.3) configuration.
        Parameters:
        cipherSuites - The cipher suites to use in a colon-separated, preference order list

      • getCipherSuites

        public java.lang.String getCipherSuites()
        Obtain the current cipher suite (TLSv1.3) configuration.
        Returns:
        An OpenSSL cipher suite string for the current configuration.

      • setHonorCipherOrder

        public void setHonorCipherOrder​(boolean honorCipherOrder)

      • getHonorCipherOrder

        public boolean getHonorCipherOrder()

      • setHostName

        public void setHostName​(java.lang.String hostName)

      • getHostName

        public java.lang.String getHostName()
        Returns:
        The host name associated with this SSL configuration - always in lower case.

      • getOcspEnabled

        public boolean getOcspEnabled()

      • setOcspEnabled

        public void setOcspEnabled​(boolean ocspEnabled)

      • getOcspSoftFail

        public boolean getOcspSoftFail()

      • setOcspSoftFail

        public void setOcspSoftFail​(boolean ocspSoftFail)

      • getOcspTimeout

        public int getOcspTimeout()

      • setOcspTimeout

        public void setOcspTimeout​(int ocspTimeout)

      • getOcspVerifyFlags

        public int getOcspVerifyFlags()

      • setOcspVerifyFlags

        public void setOcspVerifyFlags​(int ocspVerifyFlags)

      • setProtocols

        public void setProtocols​(java.lang.String input)

      • getProtocols

        public java.util.Set<java.lang.String> getProtocols()

      • setSessionCacheSize

        public void setSessionCacheSize​(int sessionCacheSize)

      • getSessionCacheSize

        public int getSessionCacheSize()

      • setSessionTimeout

        public void setSessionTimeout​(int sessionTimeout)

      • getSessionTimeout

        public int getSessionTimeout()

      • getGroups

        public java.lang.String getGroups()
        Returns:
        the configured named groups

      • setGroups

        public void setGroups​(java.lang.String groups)
        Set the enabled named groups.
        Parameters:
        groups - the case sensitive comma separated list of groups

      • getGroupList

        public java.util.LinkedHashSet<Group> getGroupList()
        Returns:
        the groupList

      • getCertificateKeyAlias

        @Deprecated
public java.lang.String getCertificateKeyAlias()
        Deprecated.
        Obtain the prefered Certificate and call this method, there.
        Returns:
        The key alias for the default certificate key.

      • setCertificateKeyAlias

        @Deprecated
public void setCertificateKeyAlias​(java.lang.String certificateKeyAlias)
        Deprecated.
        Obtain the prefered Certificate and call this method, there.
        Parameters:
        certificateKeyAlias - The alias of the certificate key.

      • getCertificateKeystoreFile

        @Deprecated
public java.lang.String getCertificateKeystoreFile()
        Deprecated.
        Obtain the prefered Certificate and call this method, there.
        Returns:
        The keystore file for the default certificate.

      • setCertificateKeystoreFile

        @Deprecated
public void setCertificateKeystoreFile​(java.lang.String certificateKeystoreFile)
        Deprecated.
        Obtain the prefered Certificate and call this method, there.
        Parameters:
        certificateKeystoreFile - The file containing the certificate keystore.

      • getCertificateKeystorePassword

        @Deprecated
public java.lang.String getCertificateKeystorePassword()
        Deprecated.
        Obtain the prefered Certificate and call this method, there.
        Returns:
        The password for the default certificate's keystore.

      • setCertificateKeystorePassword

        @Deprecated
public void setCertificateKeystorePassword​(java.lang.String certificateKeystorePassword)
        Deprecated.
        Obtain the prefered Certificate and call this method, there.
        Parameters:
        certificateKeystorePassword - The password for the certificate keystore.

      • getCertificateKeystorePasswordFile

        @Deprecated
public java.lang.String getCertificateKeystorePasswordFile()
        Deprecated.
        Obtain the prefered Certificate and call this method, there.
        Returns:
        The file containing the default certificate's keystore password.

      • setCertificateKeystorePasswordFile

        @Deprecated
public void setCertificateKeystorePasswordFile​(java.lang.String certificateKeystorePasswordFile)
        Deprecated.
        Obtain the prefered Certificate and call this method, there.
        Parameters:
        certificateKeystorePasswordFile - The file containing the default certificate's keystore password.

      • getCertificateKeystoreProvider

        @Deprecated
public java.lang.String getCertificateKeystoreProvider()
        Deprecated.
        Obtain the prefered Certificate and call this method, there.
        Returns:
        The provider for the default certificate's keystore.

      • setCertificateKeystoreProvider

        @Deprecated
public void setCertificateKeystoreProvider​(java.lang.String certificateKeystoreProvider)
        Deprecated.
        Obtain the prefered Certificate and call this method, there.
        Parameters:
        certificateKeystoreProvider - The provider for the default certificate's keystore.

      • getCertificateKeystoreType

        @Deprecated
public java.lang.String getCertificateKeystoreType()
        Deprecated.
        Obtain the prefered Certificate and call this method, there.
        Returns:
        The type of the default certificate's keystore.

      • setCertificateKeystoreType

        @Deprecated
public void setCertificateKeystoreType​(java.lang.String certificateKeystoreType)
        Deprecated.
        Obtain the prefered Certificate and call this method, there.
        Parameters:
        certificateKeystoreType - The type of the default certificate's keystore.

      • setKeyManagerAlgorithm

        public void setKeyManagerAlgorithm​(java.lang.String keyManagerAlgorithm)

      • getKeyManagerAlgorithm

        public java.lang.String getKeyManagerAlgorithm()

      • setRevocationEnabled

        public void setRevocationEnabled​(boolean revocationEnabled)

      • getRevocationEnabled

        public boolean getRevocationEnabled()

      • setSslProtocol

        public void setSslProtocol​(java.lang.String sslProtocol)

      • getSslProtocol

        public java.lang.String getSslProtocol()

      • setTrustManagerClassName

        public void setTrustManagerClassName​(java.lang.String trustManagerClassName)

      • getTrustManagerClassName

        public java.lang.String getTrustManagerClassName()

      • setTruststoreAlgorithm

        public void setTruststoreAlgorithm​(java.lang.String truststoreAlgorithm)

      • getTruststoreAlgorithm

        public java.lang.String getTruststoreAlgorithm()

      • setTruststoreFile

        public void setTruststoreFile​(java.lang.String truststoreFile)

      • getTruststoreFile

        public java.lang.String getTruststoreFile()

      • setTruststorePassword

        public void setTruststorePassword​(java.lang.String truststorePassword)

      • getTruststorePassword

        public java.lang.String getTruststorePassword()

      • setTruststoreProvider

        public void setTruststoreProvider​(java.lang.String truststoreProvider)

      • getTruststoreProvider

        public java.lang.String getTruststoreProvider()

      • setTruststoreType

        public void setTruststoreType​(java.lang.String truststoreType)

      • getTruststoreType

        public java.lang.String getTruststoreType()

      • setTrustStore

        public void setTrustStore​(java.security.KeyStore truststore)

      • getTruststore

        public java.security.KeyStore getTruststore()
                                     throws java.io.IOException
        Throws:
        java.io.IOException

      • getCertificateChainFile

        public java.lang.String getCertificateChainFile()

      • setCertificateChainFile

        public void setCertificateChainFile​(java.lang.String certificateChainFile)

      • getCertificateFile

        public java.lang.String getCertificateFile()

      • setCertificateFile

        public void setCertificateFile​(java.lang.String certificateFile)

      • getCertificateKeyFile

        public java.lang.String getCertificateKeyFile()

      • setCertificateKeyFile

        public void setCertificateKeyFile​(java.lang.String certificateKeyFile)

      • setCertificateRevocationListPath

        public void setCertificateRevocationListPath​(java.lang.String certificateRevocationListPath)

      • getCertificateRevocationListPath

        public java.lang.String getCertificateRevocationListPath()

      • setCaCertificateFile

        public void setCaCertificateFile​(java.lang.String caCertificateFile)

      • getCaCertificateFile

        public java.lang.String getCaCertificateFile()

      • setCaCertificatePath

        public void setCaCertificatePath​(java.lang.String caCertificatePath)

      • getCaCertificatePath

        public java.lang.String getCaCertificatePath()

      • setDisableCompression

        public void setDisableCompression​(boolean disableCompression)

      • getDisableCompression

        public boolean getDisableCompression()

      • setDisableSessionTickets

        public void setDisableSessionTickets​(boolean disableSessionTickets)

      • getDisableSessionTickets

        public boolean getDisableSessionTickets()

      • setInsecureRenegotiation

        public void setInsecureRenegotiation​(boolean insecureRenegotiation)

      • getInsecureRenegotiation

        public boolean getInsecureRenegotiation()

      • certificatesExpiringBefore

        public java.util.Set<java.security.cert.X509Certificate> certificatesExpiringBefore​(java.util.Date date)

      • adjustRelativePath

        public static java.lang.String adjustRelativePath​(java.lang.String path)
                                           throws java.io.FileNotFoundException
        Throws:
        java.io.FileNotFoundException