/** * To SslHostConfig info. * * @param sslHostConfig the SslHostConfig * @return the SslHostConfig info * @throws IllegalAccessException the illegal access exception * @throws InvocationTargetException the invocation target exception */ private SslHostConfigInfo toSslHostConfigInfo(SSLHostConfig sslHostConfig) throws IllegalAccessException, InvocationTargetException { SslHostConfigInfo sslHostConfigInfo = new SslHostConfigInfo(); BeanUtils.copyProperties(sslHostConfigInfo, sslHostConfig); Set<SSLHostConfigCertificate> certificates = sslHostConfig.getCertificates(); List<CertificateInfo> certificateInfos = new ArrayList<>(certificates.size()); sslHostConfigInfo.setCertificateInfos(certificateInfos); for (SSLHostConfigCertificate sslHostConfigCertificate : certificates) { certificateInfos.add(toCertificateInfo(sslHostConfigCertificate)); } return sslHostConfigInfo; }
public Set<SSLHostConfigCertificate> getCertificates() { return getCertificates(false); }
@Override public void unbind() throws Exception { for (SSLHostConfig sslHostConfig : sslHostConfigs.values()) { for (SSLHostConfigCertificate certificate : sslHostConfig.getCertificates(true)) { certificate.setSslContext(null); } } }
public String getTruststoreProvider() { if (truststoreProvider == null) { Set<SSLHostConfigCertificate> certificates = getCertificates(); if (certificates.size() == 1) { return certificates.iterator().next().getCertificateKeystoreProvider(); } return SSLHostConfigCertificate.DEFAULT_KEYSTORE_PROVIDER; } else { return truststoreProvider; } }
public String getTruststoreType() { if (truststoreType == null) { Set<SSLHostConfigCertificate> certificates = getCertificates(); if (certificates.size() == 1) { String keystoreType = certificates.iterator().next().getCertificateKeystoreType(); // Don't use keystore type as the default if we know it is not // going to be used as a trust store type if (!"PKCS12".equalsIgnoreCase(keystoreType)) { return keystoreType; } } return SSLHostConfigCertificate.DEFAULT_KEYSTORE_TYPE; } else { return truststoreType; } }
private SSLHostConfigCertificate selectCertificate( SSLHostConfig sslHostConfig, List<Cipher> clientCiphers) { Set<SSLHostConfigCertificate> certificates = sslHostConfig.getCertificates(true); if (certificates.size() == 1) { return certificates.iterator().next(); } LinkedHashSet<Cipher> serverCiphers = sslHostConfig.getCipherList(); List<Cipher> candidateCiphers = new ArrayList<>(); if (sslHostConfig.getHonorCipherOrder()) { candidateCiphers.addAll(serverCiphers); candidateCiphers.retainAll(clientCiphers); } else { candidateCiphers.addAll(clientCiphers); candidateCiphers.retainAll(serverCiphers); } for (Cipher candidate : candidateCiphers) { for (SSLHostConfigCertificate certificate : certificates) { if (certificate.getType().isCompatibleWith(candidate.getAu())) { return certificate; } } } // No matches. Just return the first certificate. The handshake will // then fail due to no matching ciphers. return certificates.iterator().next(); }
@Override protected void releaseSSLContext(SSLHostConfig sslHostConfig) { for (SSLHostConfigCertificate certificate : sslHostConfig.getCertificates(true)) { if (certificate.getSslContext() != null) { SSLContext sslContext = certificate.getSslContext(); if (sslContext != null) { sslContext.destroy(); } } } }
List<String> certList = new ArrayList<>(); SSLContext sslContext = sslHostConfig.getCertificates().iterator().next().getSslContext(); X509Certificate[] certs = sslContext.getAcceptedIssuers(); if (certs == null) {
sslHostConfig.getCertificates().iterator().next().getSslContext(); X509Certificate[] certs = sslContext.getAcceptedIssuers(); if (certs == null) {
private void unregisterJmx(SSLHostConfig sslHostConfig) { Registry registry = Registry.getRegistry(null, null); registry.unregisterComponent(sslHostConfig.getObjectName()); for (SSLHostConfigCertificate sslHostConfigCert : sslHostConfig.getCertificates()) { registry.unregisterComponent(sslHostConfigCert.getObjectName()); } }
for (SSLHostConfig sslHostConfig : sslHostConfigs) { Set<SSLHostConfigCertificate> sslHostConfigCerts = sslHostConfig.getCertificates(); for (SSLHostConfigCertificate sslHostConfigCert : sslHostConfigCerts) { String name = connector.toString() + "-" + sslHostConfig.getHostName() +
sslHostConfig.getCertificates(); for (SSLHostConfigCertificate sslHostConfigCert : sslHostConfigCerts) { String name = connector.toString() + "-" + sslHostConfig.getHostName() +
@Override protected void createSSLContext(SSLHostConfig sslHostConfig) throws IllegalArgumentException { boolean firstCertificate = true; for (SSLHostConfigCertificate certificate : sslHostConfig.getCertificates(true)) { SSLUtil sslUtil = sslImplementation.getSSLUtil(certificate); if (firstCertificate) { firstCertificate = false; sslHostConfig.setEnabledProtocols(sslUtil.getEnabledProtocols()); sslHostConfig.setEnabledCiphers(sslUtil.getEnabledCiphers()); } SSLContext sslContext; try { sslContext = sslUtil.createSSLContext(negotiableProtocols); sslContext.init(sslUtil.getKeyManagers(), sslUtil.getTrustManagers(), null); } catch (Exception e) { throw new IllegalArgumentException(e.getMessage(), e); } SSLSessionContext sessionContext = sslContext.getServerSessionContext(); if (sessionContext != null) { sslUtil.configureSessionContext(sessionContext); } certificate.setSslContext(sslContext); } }
@Override protected void createSSLContext(SSLHostConfig sslHostConfig) throws Exception { Set<SSLHostConfigCertificate> certificates = sslHostConfig.getCertificates(true); boolean firstCertificate = true; for (SSLHostConfigCertificate certificate : certificates) { for (SSLHostConfigCertificate certificate : sslHostConfig.getCertificates(true)) { SSLContext.setCertificate(ctx, SSLHostConfig.adjustRelativePath(certificate.getCertificateFile()),
for (SSLHostConfigCertificate sslHostConfigCert : sslHostConfig.getCertificates()) { ObjectName sslCertOname = null; try {