Class OpenSSLContext

java.lang.Object

org.apache.tomcat.util.net.openssl.OpenSSLContext

All Implemented Interfaces:

SSLContext

public class OpenSSLContext
extends Object
implements SSLContext

OpenSSL implementation of the SSL context.

Constructor Summary

Constructors

Constructor	Description
OpenSSLContext(SSLHostConfigCertificate certificate, List<String> negotiableProtocols)	Constructs an OpenSSLContext for the given certificate and protocols.

Method Summary

Modifier and Type	Method	Description
void	addCertificate(SSLHostConfigCertificate certificate)	Adds a certificate to this SSL context.
protected static boolean	applyConf(OpenSSLConf conf, long cctx, long ctx)	Applies the OpenSSL configuration commands to the given context.
protected static boolean	checkConf(OpenSSLConf conf, long cctx)	Checks the OpenSSL configuration commands against the given context.
SSLEngine	createSSLEngine()	Creates a new SSL engine.
void	destroy()	Destroys this SSL context and releases any associated resources.
X509Certificate[]	getAcceptedIssuers()	Returns the accepted issuers.
X509Certificate[]	getCertificateChain(String alias)	Returns the certificate chain for the given alias.
String	getEnabledProtocol()	Returns the currently enabled SSL/TLS protocol.
SSLSessionContext	getServerSessionContext()	Returns the server session context.
SSLServerSocketFactory	getServerSocketFactory()	Returns the server socket factory.
SSLParameters	getSupportedSSLParameters()	Returns the supported SSL parameters.
void	init(KeyManager[] kms, TrustManager[] tms, SecureRandom sr)	Setup the SSL_CTX.
void	setEnabledProtocol(String protocol)	Sets the enabled SSL/TLS protocol.

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

OpenSSLContext

public OpenSSLContext(SSLHostConfigCertificate certificate,
 List<String> negotiableProtocols)
               throws SSLException

Constructs an OpenSSLContext for the given certificate and protocols.

Parameters:

certificate - The SSL host config certificate

negotiableProtocols - The list of negotiable protocols

Throws:

SSLException - if initialization fails

Method Details

getEnabledProtocol

public String getEnabledProtocol()

Returns the currently enabled SSL/TLS protocol.

Returns:

The enabled protocol

setEnabledProtocol

public void setEnabledProtocol(String protocol)

Sets the enabled SSL/TLS protocol.

Parameters:

protocol - The protocol to enable, or null for the default

destroy

public void destroy()

Description copied from interface: SSLContext

Destroys this SSL context and releases any associated resources.

Specified by:

destroy in interface SSLContext

checkConf

protected static boolean checkConf(OpenSSLConf conf,
 long cctx)
                            throws Exception

Checks the OpenSSL configuration commands against the given context.

Parameters:

conf - The OpenSSL configuration

cctx - The OpenSSL context

Returns:

true if all commands are valid

Throws:

Exception - if an error occurs

applyConf

protected static boolean applyConf(OpenSSLConf conf,
 long cctx,
 long ctx)
                            throws Exception

Applies the OpenSSL configuration commands to the given context.

Parameters:

conf - The OpenSSL configuration

cctx - The OpenSSL context

ctx - The SSL context

Returns:

true if all commands were applied successfully

Throws:

Exception - if an error occurs

init

public void init(KeyManager[] kms,
 TrustManager[] tms,
 SecureRandom sr)
          throws KeyManagementException

Setup the SSL_CTX.

Specified by:

init in interface SSLContext

Parameters:

kms - Must contain a KeyManager of the type OpenSSLKeyManager

tms - Must contain a TrustManager of the type X509TrustManager

sr - Is not used for this implementation.

Throws:

KeyManagementException - if an error occurs

addCertificate

public void addCertificate(SSLHostConfigCertificate certificate)
                    throws Exception

Adds a certificate to this SSL context.

Parameters:

certificate - The certificate to add

Throws:

Exception - if an error occurs

getServerSessionContext

public SSLSessionContext getServerSessionContext()

Description copied from interface: SSLContext

Returns the server session context.

Specified by:

getServerSessionContext in interface SSLContext

Returns:

The server session context

createSSLEngine

public SSLEngine createSSLEngine()

Description copied from interface: SSLContext

Creates a new SSL engine.

Specified by:

createSSLEngine in interface SSLContext

Returns:

The new SSL engine

getServerSocketFactory

public SSLServerSocketFactory getServerSocketFactory()

Description copied from interface: SSLContext

Returns the server socket factory.

Specified by:

getServerSocketFactory in interface SSLContext

Returns:

The server socket factory

getSupportedSSLParameters

public SSLParameters getSupportedSSLParameters()

Description copied from interface: SSLContext

Returns the supported SSL parameters.

Specified by:

getSupportedSSLParameters in interface SSLContext

Returns:

The supported SSL parameters

getCertificateChain

public X509Certificate[] getCertificateChain(String alias)

Description copied from interface: SSLContext

Returns the certificate chain for the given alias.

Specified by:

getCertificateChain in interface SSLContext

Parameters:

alias - The alias

Returns:

The certificate chain

getAcceptedIssuers

public X509Certificate[] getAcceptedIssuers()

Description copied from interface: SSLContext

Returns the accepted issuers.

Specified by:

getAcceptedIssuers in interface SSLContext

Returns:

The accepted issuers