Package org.apache.tomcat.util.net
Class SSLHostConfig
- java.lang.Object
-
- org.apache.tomcat.util.net.SSLHostConfig
-
- All Implemented Interfaces:
java.io.Serializable
public class SSLHostConfig extends java.lang.Object implements java.io.SerializableRepresents the TLS configuration for a virtual host.- See Also:
- Serialized Form
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classSSLHostConfig.CertificateVerificationstatic classSSLHostConfig.Type
-
Field Summary
Fields Modifier and Type Field Description protected static java.lang.StringDEFAULT_SSL_HOST_NAMEstatic java.lang.StringDEFAULT_TLS_CIPHERSDeprecated.Replaced byDEFAULT_TLS_CIPHERS_12static java.lang.StringDEFAULT_TLS_CIPHERS_12static java.lang.StringDEFAULT_TLS_CIPHERS_13protected static java.util.Set<java.lang.String>SSL_PROTO_ALL_SET
-
Constructor Summary
Constructors Constructor Description SSLHostConfig()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description voidaddCertificate(SSLHostConfigCertificate certificate)static java.lang.StringadjustRelativePath(java.lang.String path)java.util.Set<java.security.cert.X509Certificate>certificatesExpiringBefore(java.util.Date date)java.lang.StringgetCaCertificateFile()java.lang.StringgetCaCertificatePath()java.lang.StringgetCertificateRevocationListFile()java.lang.StringgetCertificateRevocationListPath()java.util.Set<SSLHostConfigCertificate>getCertificates()java.util.Set<SSLHostConfigCertificate>getCertificates(boolean createDefaultIfEmpty)SSLHostConfig.CertificateVerificationgetCertificateVerification()java.lang.StringgetCertificateVerificationAsString()intgetCertificateVerificationDepth()java.util.LinkedHashSet<Cipher>getCipherList()java.lang.StringgetCiphers()java.lang.StringgetCipherSuites()Obtain the current cipher suite (TLSv1.3) configuration.java.lang.StringgetConfigType()booleangetDisableCompression()booleangetDisableSessionTickets()java.lang.String[]getEnabledCiphers()java.lang.String[]getEnabledProtocols()java.util.LinkedHashSet<Group>getGroupList()java.lang.StringgetGroups()booleangetHonorCipherOrder()java.lang.StringgetHostName()booleangetInsecureRenegotiation()java.util.List<java.lang.String>getJsseCipherNames()Obtain the list of JSSE cipher names for the current configuration.java.lang.StringgetKeyManagerAlgorithm()javax.management.ObjectNamegetObjectName()booleangetOcspEnabled()booleangetOcspSoftFail()intgetOcspTimeout()intgetOcspVerifyFlags()OpenSSLConfgetOpenSslConf()java.lang.LonggetOpenSslConfContext()java.lang.LonggetOpenSslContext()java.util.Set<java.lang.String>getProtocols()booleangetRevocationEnabled()intgetSessionCacheSize()intgetSessionTimeout()java.lang.StringgetSslProtocol()java.lang.StringgetTrustManagerClassName()java.security.KeyStoregetTruststore()java.lang.StringgetTruststoreAlgorithm()java.lang.StringgetTruststoreFile()java.lang.StringgetTruststorePassword()java.lang.StringgetTruststoreProvider()java.lang.StringgetTruststoreType()booleanisCertificateVerificationDepthConfigured()booleanisTls13RenegotiationAvailable()voidsetCaCertificateFile(java.lang.String caCertificateFile)voidsetCaCertificatePath(java.lang.String caCertificatePath)voidsetCertificateRevocationListFile(java.lang.String certificateRevocationListFile)voidsetCertificateRevocationListPath(java.lang.String certificateRevocationListPath)voidsetCertificateVerification(java.lang.String certificateVerification)voidsetCertificateVerificationAsString(java.lang.String certificateVerification)voidsetCertificateVerificationDepth(int certificateVerificationDepth)voidsetCiphers(java.lang.String ciphersList)Set the new cipher (TLSv1.2 and below) configuration.voidsetCipherSuites(java.lang.String cipherSuites)Set the cipher suite (TLSv1.3) configuration.voidsetDisableCompression(boolean disableCompression)voidsetDisableSessionTickets(boolean disableSessionTickets)voidsetEnabledCiphers(java.lang.String[] enabledCiphers)voidsetEnabledProtocols(java.lang.String[] enabledProtocols)voidsetGroups(java.lang.String groups)Set the enabled named groups.voidsetHonorCipherOrder(boolean honorCipherOrder)voidsetHostName(java.lang.String hostName)voidsetInsecureRenegotiation(boolean insecureRenegotiation)voidsetKeyManagerAlgorithm(java.lang.String keyManagerAlgorithm)voidsetObjectName(javax.management.ObjectName oname)voidsetOcspEnabled(boolean ocspEnabled)voidsetOcspSoftFail(boolean ocspSoftFail)voidsetOcspTimeout(int ocspTimeout)voidsetOcspVerifyFlags(int ocspVerifyFlags)voidsetOpenSslConf(OpenSSLConf conf)voidsetOpenSslConfContext(java.lang.Long openSslConfContext)voidsetOpenSslContext(java.lang.Long openSslContext)voidsetProtocols(java.lang.String input)voidsetRevocationEnabled(boolean revocationEnabled)voidsetSessionCacheSize(int sessionCacheSize)voidsetSessionTimeout(int sessionTimeout)voidsetSslProtocol(java.lang.String sslProtocol)voidsetTls13RenegotiationAvailable(boolean tls13RenegotiationAvailable)voidsetTrustManagerClassName(java.lang.String trustManagerClassName)voidsetTrustStore(java.security.KeyStore truststore)voidsetTruststoreAlgorithm(java.lang.String truststoreAlgorithm)voidsetTruststoreFile(java.lang.String truststoreFile)voidsetTruststorePassword(java.lang.String truststorePassword)voidsetTruststoreProvider(java.lang.String truststoreProvider)voidsetTruststoreType(java.lang.String truststoreType)
-
-
-
Field Detail
-
DEFAULT_SSL_HOST_NAME
protected static final java.lang.String DEFAULT_SSL_HOST_NAME
- See Also:
- Constant Field Values
-
SSL_PROTO_ALL_SET
protected static final java.util.Set<java.lang.String> SSL_PROTO_ALL_SET
-
DEFAULT_TLS_CIPHERS_12
public static final java.lang.String DEFAULT_TLS_CIPHERS_12
- See Also:
- Constant Field Values
-
DEFAULT_TLS_CIPHERS_13
public static final java.lang.String DEFAULT_TLS_CIPHERS_13
- See Also:
- Constant Field Values
-
DEFAULT_TLS_CIPHERS
@Deprecated public static final java.lang.String DEFAULT_TLS_CIPHERS
Deprecated.Replaced byDEFAULT_TLS_CIPHERS_12Default cipher list for TLS 1.2 and below.- See Also:
- Constant Field Values
-
-
Method Detail
-
isTls13RenegotiationAvailable
public boolean isTls13RenegotiationAvailable()
-
setTls13RenegotiationAvailable
public void setTls13RenegotiationAvailable(boolean tls13RenegotiationAvailable)
-
getOpenSslConfContext
public java.lang.Long getOpenSslConfContext()
-
setOpenSslConfContext
public void setOpenSslConfContext(java.lang.Long openSslConfContext)
-
getOpenSslContext
public java.lang.Long getOpenSslContext()
-
setOpenSslContext
public void setOpenSslContext(java.lang.Long openSslContext)
-
getConfigType
public java.lang.String getConfigType()
-
getEnabledProtocols
public java.lang.String[] getEnabledProtocols()
- Returns:
- The protocols enabled for this TLS virtual host
- See Also:
SSLUtil.getEnabledProtocols()
-
setEnabledProtocols
public void setEnabledProtocols(java.lang.String[] enabledProtocols)
-
getEnabledCiphers
public java.lang.String[] getEnabledCiphers()
- Returns:
- The ciphers enabled for this TLS virtual host
- See Also:
SSLUtil.getEnabledCiphers()
-
setEnabledCiphers
public void setEnabledCiphers(java.lang.String[] enabledCiphers)
-
getObjectName
public javax.management.ObjectName getObjectName()
-
setObjectName
public void setObjectName(javax.management.ObjectName oname)
-
addCertificate
public void addCertificate(SSLHostConfigCertificate certificate)
-
getOpenSslConf
public OpenSSLConf getOpenSslConf()
-
setOpenSslConf
public void setOpenSslConf(OpenSSLConf conf)
-
getCertificates
public java.util.Set<SSLHostConfigCertificate> getCertificates()
-
getCertificates
public java.util.Set<SSLHostConfigCertificate> getCertificates(boolean createDefaultIfEmpty)
-
setCertificateRevocationListFile
public void setCertificateRevocationListFile(java.lang.String certificateRevocationListFile)
-
getCertificateRevocationListFile
public java.lang.String getCertificateRevocationListFile()
-
setCertificateVerification
public void setCertificateVerification(java.lang.String certificateVerification)
-
getCertificateVerification
public SSLHostConfig.CertificateVerification getCertificateVerification()
-
setCertificateVerificationAsString
public void setCertificateVerificationAsString(java.lang.String certificateVerification)
-
getCertificateVerificationAsString
public java.lang.String getCertificateVerificationAsString()
-
setCertificateVerificationDepth
public void setCertificateVerificationDepth(int certificateVerificationDepth)
-
getCertificateVerificationDepth
public int getCertificateVerificationDepth()
-
isCertificateVerificationDepthConfigured
public boolean isCertificateVerificationDepthConfigured()
-
setCiphers
public void setCiphers(java.lang.String ciphersList)
Set the new cipher (TLSv1.2 and below) configuration. Note: Regardless of the format used to set the configuration, it is always stored in OpenSSL format.- Parameters:
ciphersList- The new cipher configuration in OpenSSL or JSSE format
-
getCiphers
public java.lang.String getCiphers()
- Returns:
- An OpenSSL cipher string for the current configuration.
-
getCipherList
public java.util.LinkedHashSet<Cipher> getCipherList()
-
getJsseCipherNames
public java.util.List<java.lang.String> getJsseCipherNames()
Obtain the list of JSSE cipher names for the current configuration. Ciphers included in the configuration but not supported by JSSE will be excluded from this list. TLS 1.3 ciphers will be first in the list.- Returns:
- A list of the JSSE cipher names
-
setCipherSuites
public void setCipherSuites(java.lang.String cipherSuites)
Set the cipher suite (TLSv1.3) configuration.- Parameters:
cipherSuites- The cipher suites to use in a colon-separated, preference order list
-
getCipherSuites
public java.lang.String getCipherSuites()
Obtain the current cipher suite (TLSv1.3) configuration.- Returns:
- An OpenSSL cipher suite string for the current configuration.
-
setHonorCipherOrder
public void setHonorCipherOrder(boolean honorCipherOrder)
-
getHonorCipherOrder
public boolean getHonorCipherOrder()
-
setHostName
public void setHostName(java.lang.String hostName)
-
getHostName
public java.lang.String getHostName()
- Returns:
- The host name associated with this SSL configuration - always in lower case.
-
getOcspEnabled
public boolean getOcspEnabled()
-
setOcspEnabled
public void setOcspEnabled(boolean ocspEnabled)
-
getOcspSoftFail
public boolean getOcspSoftFail()
-
setOcspSoftFail
public void setOcspSoftFail(boolean ocspSoftFail)
-
getOcspTimeout
public int getOcspTimeout()
-
setOcspTimeout
public void setOcspTimeout(int ocspTimeout)
-
getOcspVerifyFlags
public int getOcspVerifyFlags()
-
setOcspVerifyFlags
public void setOcspVerifyFlags(int ocspVerifyFlags)
-
setProtocols
public void setProtocols(java.lang.String input)
-
getProtocols
public java.util.Set<java.lang.String> getProtocols()
-
setSessionCacheSize
public void setSessionCacheSize(int sessionCacheSize)
-
getSessionCacheSize
public int getSessionCacheSize()
-
setSessionTimeout
public void setSessionTimeout(int sessionTimeout)
-
getSessionTimeout
public int getSessionTimeout()
-
getGroups
public java.lang.String getGroups()
- Returns:
- the configured named groups
-
setGroups
public void setGroups(java.lang.String groups)
Set the enabled named groups.- Parameters:
groups- the case sensitive comma separated list of groups
-
getGroupList
public java.util.LinkedHashSet<Group> getGroupList()
- Returns:
- the groupList
-
setKeyManagerAlgorithm
public void setKeyManagerAlgorithm(java.lang.String keyManagerAlgorithm)
-
getKeyManagerAlgorithm
public java.lang.String getKeyManagerAlgorithm()
-
setRevocationEnabled
public void setRevocationEnabled(boolean revocationEnabled)
-
getRevocationEnabled
public boolean getRevocationEnabled()
-
setSslProtocol
public void setSslProtocol(java.lang.String sslProtocol)
-
getSslProtocol
public java.lang.String getSslProtocol()
-
setTrustManagerClassName
public void setTrustManagerClassName(java.lang.String trustManagerClassName)
-
getTrustManagerClassName
public java.lang.String getTrustManagerClassName()
-
setTruststoreAlgorithm
public void setTruststoreAlgorithm(java.lang.String truststoreAlgorithm)
-
getTruststoreAlgorithm
public java.lang.String getTruststoreAlgorithm()
-
setTruststoreFile
public void setTruststoreFile(java.lang.String truststoreFile)
-
getTruststoreFile
public java.lang.String getTruststoreFile()
-
setTruststorePassword
public void setTruststorePassword(java.lang.String truststorePassword)
-
getTruststorePassword
public java.lang.String getTruststorePassword()
-
setTruststoreProvider
public void setTruststoreProvider(java.lang.String truststoreProvider)
-
getTruststoreProvider
public java.lang.String getTruststoreProvider()
-
setTruststoreType
public void setTruststoreType(java.lang.String truststoreType)
-
getTruststoreType
public java.lang.String getTruststoreType()
-
setTrustStore
public void setTrustStore(java.security.KeyStore truststore)
-
getTruststore
public java.security.KeyStore getTruststore() throws java.io.IOException- Throws:
java.io.IOException
-
setCertificateRevocationListPath
public void setCertificateRevocationListPath(java.lang.String certificateRevocationListPath)
-
getCertificateRevocationListPath
public java.lang.String getCertificateRevocationListPath()
-
setCaCertificateFile
public void setCaCertificateFile(java.lang.String caCertificateFile)
-
getCaCertificateFile
public java.lang.String getCaCertificateFile()
-
setCaCertificatePath
public void setCaCertificatePath(java.lang.String caCertificatePath)
-
getCaCertificatePath
public java.lang.String getCaCertificatePath()
-
setDisableCompression
public void setDisableCompression(boolean disableCompression)
-
getDisableCompression
public boolean getDisableCompression()
-
setDisableSessionTickets
public void setDisableSessionTickets(boolean disableSessionTickets)
-
getDisableSessionTickets
public boolean getDisableSessionTickets()
-
setInsecureRenegotiation
public void setInsecureRenegotiation(boolean insecureRenegotiation)
-
getInsecureRenegotiation
public boolean getInsecureRenegotiation()
-
certificatesExpiringBefore
public java.util.Set<java.security.cert.X509Certificate> certificatesExpiringBefore(java.util.Date date)
-
adjustRelativePath
public static java.lang.String adjustRelativePath(java.lang.String path) throws java.io.FileNotFoundException- Throws:
java.io.FileNotFoundException
-
-