Search in sources :

Example 1 with SSLContext

use of org.apache.tomcat.util.net.SSLContext in project tomcat by apache.

the class ManagerServlet method getConnectorTrustedCerts.

protected Map<String, List<String>> getConnectorTrustedCerts(StringManager smClient) {
    Map<String, List<String>> result = new HashMap<>();
    Connector[] connectors = getConnectors();
    for (Connector connector : connectors) {
        if (Boolean.TRUE.equals(connector.getProperty("SSLEnabled"))) {
            SSLHostConfig[] sslHostConfigs = connector.getProtocolHandler().findSslHostConfigs();
            for (SSLHostConfig sslHostConfig : sslHostConfigs) {
                String name = connector.toString() + "-" + sslHostConfig.getHostName();
                List<String> certList = new ArrayList<>();
                if (sslHostConfig.getOpenSslContext().longValue() == 0) {
                    // Not set. Must be JSSE based.
                    SSLContext sslContext = sslHostConfig.getCertificates().iterator().next().getSslContext();
                    X509Certificate[] certs = sslContext.getAcceptedIssuers();
                    if (certs == null) {
                        certList.add(smClient.getString("managerServlet.certsNotAvailable"));
                    } else if (certs.length == 0) {
                        certList.add(smClient.getString("managerServlet.trustedCertsNotConfigured"));
                    } else {
                        for (Certificate cert : certs) {
                            certList.add(cert.toString());
                        }
                    }
                } else {
                    certList.add(smClient.getString("managerServlet.certsNotAvailable"));
                }
                result.put(name, certList);
            }
        } else {
            List<String> certList = new ArrayList<>(1);
            certList.add(smClient.getString("managerServlet.notSslConnector"));
            result.put(connector.toString(), certList);
        }
    }
    return result;
}
Also used : Connector(org.apache.catalina.connector.Connector) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) SSLContext(org.apache.tomcat.util.net.SSLContext) X509Certificate(java.security.cert.X509Certificate) List(java.util.List) ArrayList(java.util.ArrayList) SSLHostConfig(org.apache.tomcat.util.net.SSLHostConfig) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) SSLHostConfigCertificate(org.apache.tomcat.util.net.SSLHostConfigCertificate)

Example 2 with SSLContext

use of org.apache.tomcat.util.net.SSLContext in project tomcat by apache.

the class ManagerServlet method getConnectorCerts.

protected Map<String, List<String>> getConnectorCerts(StringManager smClient) {
    Map<String, List<String>> result = new HashMap<>();
    Connector[] connectors = getConnectors();
    for (Connector connector : connectors) {
        if (Boolean.TRUE.equals(connector.getProperty("SSLEnabled"))) {
            SSLHostConfig[] sslHostConfigs = connector.getProtocolHandler().findSslHostConfigs();
            for (SSLHostConfig sslHostConfig : sslHostConfigs) {
                if (sslHostConfig.getOpenSslContext().longValue() == 0) {
                    // Not set. Must be JSSE based.
                    Set<SSLHostConfigCertificate> sslHostConfigCerts = sslHostConfig.getCertificates();
                    for (SSLHostConfigCertificate sslHostConfigCert : sslHostConfigCerts) {
                        String name = connector.toString() + "-" + sslHostConfig.getHostName() + "-" + sslHostConfigCert.getType();
                        List<String> certList = new ArrayList<>();
                        SSLContext sslContext = sslHostConfigCert.getSslContext();
                        String alias = sslHostConfigCert.getCertificateKeyAlias();
                        if (alias == null) {
                            alias = "tomcat";
                        }
                        X509Certificate[] certs = sslContext.getCertificateChain(alias);
                        if (certs == null) {
                            certList.add(smClient.getString("managerServlet.certsNotAvailable"));
                        } else {
                            for (Certificate cert : certs) {
                                certList.add(cert.toString());
                            }
                        }
                        result.put(name, certList);
                    }
                } else {
                    List<String> certList = new ArrayList<>();
                    certList.add(smClient.getString("managerServlet.certsNotAvailable"));
                    String name = connector.toString() + "-" + sslHostConfig.getHostName();
                    result.put(name, certList);
                }
            }
        } else {
            List<String> certList = new ArrayList<>(1);
            certList.add(smClient.getString("managerServlet.notSslConnector"));
            result.put(connector.toString(), certList);
        }
    }
    return result;
}
Also used : Connector(org.apache.catalina.connector.Connector) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) SSLContext(org.apache.tomcat.util.net.SSLContext) X509Certificate(java.security.cert.X509Certificate) SSLHostConfigCertificate(org.apache.tomcat.util.net.SSLHostConfigCertificate) List(java.util.List) ArrayList(java.util.ArrayList) SSLHostConfig(org.apache.tomcat.util.net.SSLHostConfig) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) SSLHostConfigCertificate(org.apache.tomcat.util.net.SSLHostConfigCertificate)

Example 3 with SSLContext

use of org.apache.tomcat.util.net.SSLContext in project tomcat by apache.

the class JSSEUtil method initialise.

private void initialise() {
    if (!initialized) {
        synchronized (this) {
            if (!initialized) {
                SSLContext context;
                try {
                    context = new JSSESSLContext(sslHostConfig.getSslProtocol());
                    context.init(null, null, null);
                } catch (NoSuchAlgorithmException | KeyManagementException e) {
                    // it from starting
                    throw new IllegalArgumentException(e);
                }
                String[] implementedProtocolsArray = context.getSupportedSSLParameters().getProtocols();
                implementedProtocols = new HashSet<>(implementedProtocolsArray.length);
                // still have a requirement for it.
                for (String protocol : implementedProtocolsArray) {
                    String protocolUpper = protocol.toUpperCase(Locale.ENGLISH);
                    if (!"SSLV2HELLO".equals(protocolUpper) && !"SSLV3".equals(protocolUpper)) {
                        if (protocolUpper.contains("SSL")) {
                            log.debug(sm.getString("jsseUtil.excludeProtocol", protocol));
                            continue;
                        }
                    }
                    implementedProtocols.add(protocol);
                }
                if (implementedProtocols.size() == 0) {
                    log.warn(sm.getString("jsseUtil.noDefaultProtocols"));
                }
                String[] implementedCipherSuiteArray = context.getSupportedSSLParameters().getCipherSuites();
                // IBM JRE.
                if (JreVendor.IS_IBM_JVM) {
                    implementedCiphers = new HashSet<>(implementedCipherSuiteArray.length * 2);
                    for (String name : implementedCipherSuiteArray) {
                        implementedCiphers.add(name);
                        if (name.startsWith("SSL")) {
                            implementedCiphers.add("TLS" + name.substring(3));
                        }
                    }
                } else {
                    implementedCiphers = new HashSet<>(Arrays.asList(implementedCipherSuiteArray));
                }
                initialized = true;
            }
        }
    }
}
Also used : SSLContext(org.apache.tomcat.util.net.SSLContext) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyManagementException(java.security.KeyManagementException)

Aggregations

SSLContext (org.apache.tomcat.util.net.SSLContext)3 Certificate (java.security.cert.Certificate)2 X509Certificate (java.security.cert.X509Certificate)2 ArrayList (java.util.ArrayList)2 HashMap (java.util.HashMap)2 List (java.util.List)2 Connector (org.apache.catalina.connector.Connector)2 SSLHostConfig (org.apache.tomcat.util.net.SSLHostConfig)2 SSLHostConfigCertificate (org.apache.tomcat.util.net.SSLHostConfigCertificate)2 KeyManagementException (java.security.KeyManagementException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1