private void configureSslClientAuth(AbstractHttp11JsseProtocol<?> protocol, Ssl ssl) { if (ssl.getClientAuth() == Ssl.ClientAuth.NEED) { protocol.setClientAuth(Boolean.TRUE.toString()); } else if (ssl.getClientAuth() == Ssl.ClientAuth.WANT) { protocol.setClientAuth("want"); } }
protocol.setSSLEnabled(true); protocol.setSslProtocol(ssl.getProtocol()); configureSslClientAuth(protocol, ssl); protocol.setKeystorePass(ssl.getKeyStorePassword()); protocol.setKeyPass(ssl.getKeyPassword()); protocol.setKeyAlias(ssl.getKeyAlias()); String ciphers = StringUtils.arrayToCommaDelimitedString(ssl.getCiphers()); if (StringUtils.hasText(ciphers)) { protocol.setCiphers(ciphers); for (SSLHostConfig sslHostConfig : protocol.findSslHostConfigs()) { sslHostConfig.setProtocols(StringUtils .arrayToCommaDelimitedString(ssl.getEnabledProtocols()));
protected void configureSslStoreProvider(AbstractHttp11JsseProtocol<?> protocol, SslStoreProvider sslStoreProvider) { Assert.isInstanceOf(Http11NioProtocol.class, protocol, "SslStoreProvider can only be used with Http11NioProtocol"); TomcatURLStreamHandlerFactory instance = TomcatURLStreamHandlerFactory .getInstance(); instance.addUserFactory( new SslStoreProviderUrlStreamHandlerFactory(sslStoreProvider)); try { if (sslStoreProvider.getKeyStore() != null) { protocol.setKeystorePass(""); protocol.setKeystoreFile( SslStoreProviderUrlStreamHandlerFactory.KEY_STORE_URL); } if (sslStoreProvider.getTrustStore() != null) { protocol.setTruststorePass(""); protocol.setTruststoreFile( SslStoreProviderUrlStreamHandlerFactory.TRUST_STORE_URL); } } catch (Exception ex) { throw new WebServerException("Could not load store: " + ex.getMessage(), ex); } }
private void configureSslKeyStore(AbstractHttp11JsseProtocol<?> protocol, Ssl ssl) { try { protocol.setKeystoreFile(ResourceUtils.getURL(ssl.getKeyStore()).toString()); } catch (FileNotFoundException ex) { throw new WebServerException("Could not load key store: " + ex.getMessage(), ex); } if (ssl.getKeyStoreType() != null) { protocol.setKeystoreType(ssl.getKeyStoreType()); } if (ssl.getKeyStoreProvider() != null) { protocol.setKeystoreProvider(ssl.getKeyStoreProvider()); } }
public void build(AbstractHttp11JsseProtocol<?> protocol,SSLProperties sslProperties) { protocol.setKeystoreFile(sslProperties.getKeyStoreFile()); // contains server keypair protocol.setKeyPass(sslProperties.getKeyStorePass()); sslProperties.getKeyStoreType().ifPresent(type->protocol.setKeystoreType(type)); sslProperties.getKeyStoreProvider().ifPresent(provider->protocol.setKeystoreProvider(provider)); sslProperties.getTrustStoreFile().ifPresent(file->protocol.setTruststoreFile(file)); // contains client certificate sslProperties.getTrustStorePass().ifPresent(pass->protocol.setTruststorePass(pass)); sslProperties.getTrustStoreType().ifPresent(type->protocol.setTruststoreType(type)); sslProperties.getTrustStoreProvider().ifPresent(provider->protocol.setTruststoreProvider(provider)); sslProperties.getClientAuth().ifPresent(auth->protocol.setClientAuth(auth)); protocol.setSSLEnabled(true); sslProperties.getCiphers().ifPresent(ciphers->protocol.setCiphers(ciphers)); sslProperties.getProtocol().ifPresent(pr->protocol.setSslProtocol(pr)); } }
AbstractHttp11JsseProtocol<?> jsseProtocolHandler = (AbstractHttp11JsseProtocol<?>) protocolHandler; if (jsseProtocolHandler.isSSLEnabled() && jsseProtocolHandler.getSslImplementationName() == null) { jsseProtocolHandler.setSslImplementationName(OpenSSLImplementation.class.getName());
/** * Instantiates a new SSL host config helper. * * @param protocol the protocol * @param info the info * @throws IllegalAccessException the illegal access exception * @throws InvocationTargetException the invocation target exception */ public SslHostConfigHelper(AbstractHttp11JsseProtocol<?> protocol, ConnectorInfo info) throws IllegalAccessException, InvocationTargetException { SSLHostConfig[] sslHostConfigs = protocol.findSslHostConfigs(); List<SslHostConfigInfo> sslHostConfigInfos = new ArrayList<>(sslHostConfigs.length); info.setSslHostConfigInfos(sslHostConfigInfos); for (SSLHostConfig sslHostConfig : sslHostConfigs) { sslHostConfigInfos.add(toSslHostConfigInfo(sslHostConfig)); } }
protected String getSslImplementationShortName() { if (OpenSSLImplementation.class.getName().equals(getSslImplementationName())) { return "openssl"; } return "jsse"; }
AbstractHttp11JsseProtocol<?> jsseProtocolHandler = (AbstractHttp11JsseProtocol<?>) protocolHandler; if (jsseProtocolHandler.isSSLEnabled() && jsseProtocolHandler.getSslImplementationName() == null) { jsseProtocolHandler.setSslImplementationName(OpenSSLImplementation.class.getName());
public void setClientAuth(Connector connector, String clientAuth) { ((AbstractHttp11JsseProtocol)connector.getProtocolHandler()).setClientAuth(clientAuth); }