Class SSLHostConfig

java.lang.Object
org.apache.tomcat.util.net.SSLHostConfig
All Implemented Interfaces:
Serializable
public class SSLHostConfig extends Object implements Serializable
Represents the TLS configuration for a virtual host.
See Also:

  • Field Details

  • Constructor Details

    • SSLHostConfig

      public SSLHostConfig()
      Default constructor.

  • Method Details

    • isTls13RenegotiationAvailable

      public boolean isTls13RenegotiationAvailable()
      Returns whether TLS 1.3 renegotiation is available.
      Returns:
      true if TLS 1.3 renegotiation is available

    • setTls13RenegotiationAvailable

      public void setTls13RenegotiationAvailable(boolean tls13RenegotiationAvailable)
      Sets whether TLS 1.3 renegotiation is available.
      Parameters:
      tls13RenegotiationAvailable - true if TLS 1.3 renegotiation is available

    • getOpenSslConfContext

      public Long getOpenSslConfContext()
      Returns the OpenSSL configuration context pointer.
      Returns:
      the OpenSSL configuration context pointer

    • setOpenSslConfContext

      public void setOpenSslConfContext(Long openSslConfContext)
      Sets the OpenSSL configuration context pointer.
      Parameters:
      openSslConfContext - the OpenSSL configuration context pointer

    • getOpenSslContext

      public Long getOpenSslContext()
      Returns the OpenSSL context pointer.
      Returns:
      the OpenSSL context pointer

    • setOpenSslContext

      public void setOpenSslContext(Long openSslContext)
      Sets the OpenSSL context pointer.
      Parameters:
      openSslContext - the OpenSSL context pointer

    • getConfigType

      public String getConfigType()
      Expose in String form for JMX.
      Returns:
      the configuration type as a string

    • getEnabledProtocols

      public String[] getEnabledProtocols()
      Returns the protocols enabled for this TLS virtual host.
      Returns:
      The protocols enabled for this TLS virtual host
      See Also:

    • setEnabledProtocols

      public void setEnabledProtocols(String[] enabledProtocols)
      Sets the protocols enabled for this TLS virtual host.
      Parameters:
      enabledProtocols - the protocols to enable

    • getEnabledCiphers

      public String[] getEnabledCiphers()
      Returns the ciphers enabled for this TLS virtual host.
      Returns:
      The ciphers enabled for this TLS virtual host
      See Also:

    • setEnabledCiphers

      public void setEnabledCiphers(String[] enabledCiphers)
      Sets the ciphers enabled for this TLS virtual host.
      Parameters:
      enabledCiphers - the ciphers to enable

    • getObjectName

      public ObjectName getObjectName()
      Returns the JMX object name.
      Returns:
      the object name

    • setObjectName

      public void setObjectName(ObjectName oname)
      Sets the JMX object name.
      Parameters:
      oname - the object name

    • addCertificate

      public void addCertificate(SSLHostConfigCertificate certificate)
      Adds a certificate to this SSL host configuration.
      Parameters:
      certificate - the certificate to add

    • getOpenSslConf

      public OpenSSLConf getOpenSslConf()
      Returns the OpenSSL configuration.
      Returns:
      the OpenSSL configuration

    • setOpenSslConf

      public void setOpenSslConf(OpenSSLConf conf)
      Sets the OpenSSL configuration.
      Parameters:
      conf - the OpenSSL configuration

    • getCertificates

      public Set<SSLHostConfigCertificate> getCertificates()
      Returns the set of certificates.
      Returns:
      the certificates

    • getCertificates

      public Set<SSLHostConfigCertificate> getCertificates(boolean createDefaultIfEmpty)
      Returns the set of certificates, optionally creating a default if empty.
      Parameters:
      createDefaultIfEmpty - true to create a default certificate if the set is empty
      Returns:
      the certificates

    • setCertificateRevocationListFile

      public void setCertificateRevocationListFile(String certificateRevocationListFile)
      Sets the certificate revocation list file.
      Parameters:
      certificateRevocationListFile - the certificate revocation list file

    • getCertificateRevocationListFile

      public String getCertificateRevocationListFile()
      Returns the certificate revocation list file.
      Returns:
      the certificate revocation list file

    • setCertificateVerification

      public void setCertificateVerification(String certificateVerification)
      Sets the certificate verification mode.
      Parameters:
      certificateVerification - the certificate verification mode

    • getCertificateVerification

      public SSLHostConfig.CertificateVerification getCertificateVerification()
      Returns the certificate verification mode.
      Returns:
      the certificate verification mode

    • setCertificateVerificationAsString

      public void setCertificateVerificationAsString(String certificateVerification)
      Sets the certificate verification mode as a string.
      Parameters:
      certificateVerification - the certificate verification mode

    • getCertificateVerificationAsString

      public String getCertificateVerificationAsString()
      Returns the certificate verification mode as a string.
      Returns:
      the certificate verification mode as a string

    • setCertificateVerificationDepth

      public void setCertificateVerificationDepth(int certificateVerificationDepth)
      Sets the certificate verification depth.
      Parameters:
      certificateVerificationDepth - the certificate verification depth

    • getCertificateVerificationDepth

      public int getCertificateVerificationDepth()
      Returns the certificate verification depth.
      Returns:
      the certificate verification depth

    • isCertificateVerificationDepthConfigured

      public boolean isCertificateVerificationDepthConfigured()
      Returns whether the certificate verification depth has been configured.
      Returns:
      true if the certificate verification depth has been configured

    • setCiphers

      public void setCiphers(String ciphersList)
      Set the new cipher (TLSv1.2 and below) configuration. Note: Regardless of the format used to set the configuration, it is always stored in OpenSSL format.
      Parameters:
      ciphersList - The new cipher configuration in OpenSSL or JSSE format

    • getCiphers

      public String getCiphers()
      Returns the cipher (TLSv1.2 and below) configuration.
      Returns:
      An OpenSSL cipher string for the current configuration.

    • getCipherList

      public LinkedHashSet<Cipher> getCipherList()
      Returns the list of configured ciphers.
      Returns:
      the cipher list

    • getJsseCipherNames

      public List<String> getJsseCipherNames()
      Obtain the list of JSSE cipher names for the current configuration. Ciphers included in the configuration but not supported by JSSE will be excluded from this list. TLS 1.3 ciphers will be first in the list.
      Returns:
      A list of the JSSE cipher names

    • setCipherSuites

      public void setCipherSuites(String cipherSuites)
      Set the cipher suite (TLSv1.3) configuration.
      Parameters:
      cipherSuites - The cipher suites to use in a colon-separated, preference order list

    • getCipherSuites

      public String getCipherSuites()
      Obtain the current cipher suite (TLSv1.3) configuration.
      Returns:
      An OpenSSL cipher suite string for the current configuration.

    • setHonorCipherOrder

      public void setHonorCipherOrder(boolean honorCipherOrder)
      Sets whether to honor the cipher order.
      Parameters:
      honorCipherOrder - true to honor the cipher order

    • getHonorCipherOrder

      public boolean getHonorCipherOrder()
      Returns whether to honor the cipher order.
      Returns:
      true to honor the cipher order

    • setHostName

      public void setHostName(String hostName)
      Sets the host name.
      Parameters:
      hostName - the host name

    • getHostName

      public String getHostName()
      Returns the host name associated with this SSL configuration.
      Returns:
      The host name associated with this SSL configuration - always in lower case.

    • getOcspEnabled

      public boolean getOcspEnabled()
      Returns whether OCSP is enabled.
      Returns:
      true if OCSP is enabled

    • setOcspEnabled

      public void setOcspEnabled(boolean ocspEnabled)
      Sets whether OCSP is enabled.
      Parameters:
      ocspEnabled - true if OCSP is enabled

    • getOcspSoftFail

      public boolean getOcspSoftFail()
      Returns whether OCSP soft fail is enabled.
      Returns:
      true if OCSP soft fail is enabled

    • setOcspSoftFail

      public void setOcspSoftFail(boolean ocspSoftFail)
      Sets whether OCSP soft fail is enabled.
      Parameters:
      ocspSoftFail - true if OCSP soft fail is enabled

    • getOcspTimeout

      public int getOcspTimeout()
      Returns the OCSP timeout.
      Returns:
      the OCSP timeout

    • setOcspTimeout

      public void setOcspTimeout(int ocspTimeout)
      Sets the OCSP timeout.
      Parameters:
      ocspTimeout - the OCSP timeout

    • getOcspVerifyFlags

      public int getOcspVerifyFlags()
      Returns the OCSP verify flags.
      Returns:
      the OCSP verify flags

    • setOcspVerifyFlags

      public void setOcspVerifyFlags(int ocspVerifyFlags)
      Sets the OCSP verify flags.
      Parameters:
      ocspVerifyFlags - the OCSP verify flags

    • setProtocols

      public void setProtocols(String input)
      Sets the protocols to be used.
      Parameters:
      input - the protocol string

    • getProtocols

      public Set<String> getProtocols()
      Returns the configured protocols.
      Returns:
      the protocols

    • setSessionCacheSize

      public void setSessionCacheSize(int sessionCacheSize)
      Sets the session cache size.
      Parameters:
      sessionCacheSize - the session cache size

    • getSessionCacheSize

      public int getSessionCacheSize()
      Returns the session cache size.
      Returns:
      the session cache size

    • setSessionTimeout

      public void setSessionTimeout(int sessionTimeout)
      Sets the session timeout.
      Parameters:
      sessionTimeout - the session timeout

    • getSessionTimeout

      public int getSessionTimeout()
      Returns the session timeout.
      Returns:
      the session timeout

    • getGroups

      public String getGroups()
      Returns the configured named groups.
      Returns:
      the configured named groups

    • setGroups

      public void setGroups(String groups)
      Set the enabled named groups.
      Parameters:
      groups - the case sensitive comma separated list of groups

    • getGroupList

      public LinkedHashSet<Group> getGroupList()
      Returns the parsed group list.
      Returns:
      the groupList

    • setKeyManagerAlgorithm

      public void setKeyManagerAlgorithm(String keyManagerAlgorithm)
      Sets the key manager algorithm.
      Parameters:
      keyManagerAlgorithm - the key manager algorithm

    • getKeyManagerAlgorithm

      public String getKeyManagerAlgorithm()
      Returns the key manager algorithm.
      Returns:
      the key manager algorithm

    • setRevocationEnabled

      public void setRevocationEnabled(boolean revocationEnabled)
      Sets whether revocation checking is enabled.
      Parameters:
      revocationEnabled - true if revocation checking is enabled

    • getRevocationEnabled

      public boolean getRevocationEnabled()
      Returns whether revocation checking is enabled.
      Returns:
      true if revocation checking is enabled

    • setSslProtocol

      public void setSslProtocol(String sslProtocol)
      Sets the SSL protocol.
      Parameters:
      sslProtocol - the SSL protocol

    • getSslProtocol

      public String getSslProtocol()
      Returns the SSL protocol.
      Returns:
      the SSL protocol

    • setTrustManagerClassName

      public void setTrustManagerClassName(String trustManagerClassName)
      Sets the trust manager class name.
      Parameters:
      trustManagerClassName - the trust manager class name

    • getTrustManagerClassName

      public String getTrustManagerClassName()
      Returns the trust manager class name.
      Returns:
      the trust manager class name

    • setTruststoreAlgorithm

      public void setTruststoreAlgorithm(String truststoreAlgorithm)
      Sets the truststore algorithm.
      Parameters:
      truststoreAlgorithm - the truststore algorithm

    • getTruststoreAlgorithm

      public String getTruststoreAlgorithm()
      Returns the truststore algorithm.
      Returns:
      the truststore algorithm

    • setTruststoreFile

      public void setTruststoreFile(String truststoreFile)
      Sets the truststore file.
      Parameters:
      truststoreFile - the truststore file

    • getTruststoreFile

      public String getTruststoreFile()
      Returns the truststore file.
      Returns:
      the truststore file

    • setTruststorePassword

      public void setTruststorePassword(String truststorePassword)
      Sets the truststore password.
      Parameters:
      truststorePassword - the truststore password

    • getTruststorePassword

      public String getTruststorePassword()
      Returns the truststore password.
      Returns:
      the truststore password

    • setTruststoreProvider

      public void setTruststoreProvider(String truststoreProvider)
      Sets the truststore provider.
      Parameters:
      truststoreProvider - the truststore provider

    • getTruststoreProvider

      public String getTruststoreProvider()
      Returns the truststore provider.
      Returns:
      the truststore provider

    • setTruststoreType

      public void setTruststoreType(String truststoreType)
      Sets the truststore type.
      Parameters:
      truststoreType - the truststore type

    • getTruststoreType

      public String getTruststoreType()
      Returns the truststore type.
      Returns:
      the truststore type

    • setTrustStore

      public void setTrustStore(KeyStore truststore)
      Sets the truststore.
      Parameters:
      truststore - the truststore

    • getTruststore

      public KeyStore getTruststore() throws IOException
      Returns the truststore.
      Returns:
      the truststore
      Throws:
      IOException - if an I/O error occurs

    • setCertificateRevocationListPath

      public void setCertificateRevocationListPath(String certificateRevocationListPath)
      Sets the certificate revocation list path.
      Parameters:
      certificateRevocationListPath - the certificate revocation list path

    • getCertificateRevocationListPath

      public String getCertificateRevocationListPath()
      Returns the certificate revocation list path.
      Returns:
      the certificate revocation list path

    • setCaCertificateFile

      public void setCaCertificateFile(String caCertificateFile)
      Sets the CA certificate file.
      Parameters:
      caCertificateFile - the CA certificate file

    • getCaCertificateFile

      public String getCaCertificateFile()
      Returns the CA certificate file.
      Returns:
      the CA certificate file

    • setCaCertificatePath

      public void setCaCertificatePath(String caCertificatePath)
      Sets the CA certificate path.
      Parameters:
      caCertificatePath - the CA certificate path

    • getCaCertificatePath

      public String getCaCertificatePath()
      Returns the CA certificate path.
      Returns:
      the CA certificate path

    • setDisableCompression

      public void setDisableCompression(boolean disableCompression)
      Sets whether compression is disabled.
      Parameters:
      disableCompression - true if compression is disabled

    • getDisableCompression

      public boolean getDisableCompression()
      Returns whether compression is disabled.
      Returns:
      true if compression is disabled

    • setDisableSessionTickets

      public void setDisableSessionTickets(boolean disableSessionTickets)
      Sets whether session tickets are disabled.
      Parameters:
      disableSessionTickets - true if session tickets are disabled

    • getDisableSessionTickets

      public boolean getDisableSessionTickets()
      Returns whether session tickets are disabled.
      Returns:
      true if session tickets are disabled

    • setInsecureRenegotiation

      public void setInsecureRenegotiation(boolean insecureRenegotiation)
      Sets whether insecure renegotiation is allowed.
      Parameters:
      insecureRenegotiation - true if insecure renegotiation is allowed

    • getInsecureRenegotiation

      public boolean getInsecureRenegotiation()
      Returns whether insecure renegotiation is allowed.
      Returns:
      true if insecure renegotiation is allowed

    • certificatesExpiringBefore

      public Set<X509Certificate> certificatesExpiringBefore(Date date)
      Returns the set of certificates that expire before the given date.
      Parameters:
      date - the date to check against
      Returns:
      the set of certificates expiring before the given date

    • adjustRelativePath

      public static String adjustRelativePath(String path) throws FileNotFoundException
      Adjusts a relative path to an absolute path based on the CATALINA_BASE property.
      Parameters:
      path - the path to adjust
      Returns:
      the adjusted path
      Throws:
      FileNotFoundException - if the file does not exist