use of org.apache.tomcat.util.net.SSLContext in project tomcat by apache.
the class ManagerServlet method getConnectorTrustedCerts.
protected Map<String, List<String>> getConnectorTrustedCerts(StringManager smClient) {
Map<String, List<String>> result = new HashMap<>();
Connector[] connectors = getConnectors();
for (Connector connector : connectors) {
if (Boolean.TRUE.equals(connector.getProperty("SSLEnabled"))) {
SSLHostConfig[] sslHostConfigs = connector.getProtocolHandler().findSslHostConfigs();
for (SSLHostConfig sslHostConfig : sslHostConfigs) {
String name = connector.toString() + "-" + sslHostConfig.getHostName();
List<String> certList = new ArrayList<>();
if (sslHostConfig.getOpenSslContext().longValue() == 0) {
// Not set. Must be JSSE based.
SSLContext sslContext = sslHostConfig.getCertificates().iterator().next().getSslContext();
X509Certificate[] certs = sslContext.getAcceptedIssuers();
if (certs == null) {
certList.add(smClient.getString("managerServlet.certsNotAvailable"));
} else if (certs.length == 0) {
certList.add(smClient.getString("managerServlet.trustedCertsNotConfigured"));
} else {
for (Certificate cert : certs) {
certList.add(cert.toString());
}
}
} else {
certList.add(smClient.getString("managerServlet.certsNotAvailable"));
}
result.put(name, certList);
}
} else {
List<String> certList = new ArrayList<>(1);
certList.add(smClient.getString("managerServlet.notSslConnector"));
result.put(connector.toString(), certList);
}
}
return result;
}
use of org.apache.tomcat.util.net.SSLContext in project tomcat by apache.
the class ManagerServlet method getConnectorCerts.
protected Map<String, List<String>> getConnectorCerts(StringManager smClient) {
Map<String, List<String>> result = new HashMap<>();
Connector[] connectors = getConnectors();
for (Connector connector : connectors) {
if (Boolean.TRUE.equals(connector.getProperty("SSLEnabled"))) {
SSLHostConfig[] sslHostConfigs = connector.getProtocolHandler().findSslHostConfigs();
for (SSLHostConfig sslHostConfig : sslHostConfigs) {
if (sslHostConfig.getOpenSslContext().longValue() == 0) {
// Not set. Must be JSSE based.
Set<SSLHostConfigCertificate> sslHostConfigCerts = sslHostConfig.getCertificates();
for (SSLHostConfigCertificate sslHostConfigCert : sslHostConfigCerts) {
String name = connector.toString() + "-" + sslHostConfig.getHostName() + "-" + sslHostConfigCert.getType();
List<String> certList = new ArrayList<>();
SSLContext sslContext = sslHostConfigCert.getSslContext();
String alias = sslHostConfigCert.getCertificateKeyAlias();
if (alias == null) {
alias = "tomcat";
}
X509Certificate[] certs = sslContext.getCertificateChain(alias);
if (certs == null) {
certList.add(smClient.getString("managerServlet.certsNotAvailable"));
} else {
for (Certificate cert : certs) {
certList.add(cert.toString());
}
}
result.put(name, certList);
}
} else {
List<String> certList = new ArrayList<>();
certList.add(smClient.getString("managerServlet.certsNotAvailable"));
String name = connector.toString() + "-" + sslHostConfig.getHostName();
result.put(name, certList);
}
}
} else {
List<String> certList = new ArrayList<>(1);
certList.add(smClient.getString("managerServlet.notSslConnector"));
result.put(connector.toString(), certList);
}
}
return result;
}
use of org.apache.tomcat.util.net.SSLContext in project tomcat by apache.
the class JSSEUtil method initialise.
private void initialise() {
if (!initialized) {
synchronized (this) {
if (!initialized) {
SSLContext context;
try {
context = new JSSESSLContext(sslHostConfig.getSslProtocol());
context.init(null, null, null);
} catch (NoSuchAlgorithmException | KeyManagementException e) {
// it from starting
throw new IllegalArgumentException(e);
}
String[] implementedProtocolsArray = context.getSupportedSSLParameters().getProtocols();
implementedProtocols = new HashSet<>(implementedProtocolsArray.length);
// still have a requirement for it.
for (String protocol : implementedProtocolsArray) {
String protocolUpper = protocol.toUpperCase(Locale.ENGLISH);
if (!"SSLV2HELLO".equals(protocolUpper) && !"SSLV3".equals(protocolUpper)) {
if (protocolUpper.contains("SSL")) {
log.debug(sm.getString("jsseUtil.excludeProtocol", protocol));
continue;
}
}
implementedProtocols.add(protocol);
}
if (implementedProtocols.size() == 0) {
log.warn(sm.getString("jsseUtil.noDefaultProtocols"));
}
String[] implementedCipherSuiteArray = context.getSupportedSSLParameters().getCipherSuites();
// IBM JRE.
if (JreVendor.IS_IBM_JVM) {
implementedCiphers = new HashSet<>(implementedCipherSuiteArray.length * 2);
for (String name : implementedCipherSuiteArray) {
implementedCiphers.add(name);
if (name.startsWith("SSL")) {
implementedCiphers.add("TLS" + name.substring(3));
}
}
} else {
implementedCiphers = new HashSet<>(Arrays.asList(implementedCipherSuiteArray));
}
initialized = true;
}
}
}
}
Aggregations