org.apache.tomcat.jni.SSLContext Java Examples

@Test
public void testOpenSSLConfCmdCipher() throws Exception {
    log.info("Found OpenSSL version 0x" + Integer.toHexString(OPENSSL_VERSION));
    SSLHostConfig sslHostConfig;
    if (hasTLS13()) {
        // Ensure TLSv1.3 ciphers aren't returned
        sslHostConfig = initOpenSSLConfCmd("CipherString", ENABLED_CIPHER,
                                           "CipherSuites", "");
    } else {
        sslHostConfig = initOpenSSLConfCmd("CipherString", ENABLED_CIPHER);
    }
    String[] ciphers = sslHostConfig.getEnabledCiphers();
    Assert.assertThat("Wrong HostConfig ciphers", ciphers,
            CoreMatchers.is(EXPECTED_CIPHERS));
    ciphers = SSLContext.getCiphers(sslHostConfig.getOpenSslContext().longValue());
    Assert.assertThat("Wrong native SSL context ciphers", ciphers,
            CoreMatchers.is(EXPECTED_CIPHERS));
}
 

@Override
@SuppressWarnings("FinalizeDeclaration")
protected final void finalize() throws Throwable {
    super.finalize();
    synchronized (OpenSslContext.class) {
        if (ctx != 0) {
            SSLContext.free(ctx);
        }
    }

    destroyPools();
}
 

/**
 * Sets the SSL session ticket keys of this context.
 *
 * @param keys The session ticket keys
 */
public void setTicketKeys(byte[] keys) {
    if (keys == null) {
        throw new IllegalArgumentException(sm.getString("sessionContext.nullTicketKeys"));
    }
    SSLContext.setSessionTicketKeys(contextID, keys);
}
 

/**
 * Sets the SSL session ticket keys of this context.
 */
public void setTicketKeys(byte[] keys) {
    if (keys == null) {
        throw new NullPointerException("keys");
    }
    SSLContext.setSessionTicketKeys(context, keys);
}
 

@Override
public void setSessionCacheSize(int size) {
    if (size < 0) {
        throw new IllegalArgumentException();
    }
    SSLContext.setSessionCacheSize(context, size);
}
 

@Override
public void setSessionTimeout(int seconds) {
    if (seconds < 0) {
        throw new IllegalArgumentException();
    }
    SSLContext.setSessionCacheTimeout(context, seconds);
}
 

@Override
public synchronized void destroy() {
    // Guard against multiple destroyPools() calls triggered by construction exception and finalize() later
    if (aprPoolDestroyed.compareAndSet(0, 1)) {
        if (ctx != 0) {
            SSLContext.free(ctx);
        }
        if (cctx != 0) {
            SSLConf.free(cctx);
        }
        if (aprPool != 0) {
            Pool.destroy(aprPool);
        }
    }
}
 

@Override
public void setSessionTimeout(int seconds) {
    if (seconds < 0) {
        throw new IllegalArgumentException();
    }
    SSLContext.setSessionCacheTimeout(contextID, seconds);
}
 

@Override
public void setSessionCacheSize(int size) {
    if (size < 0) {
        throw new IllegalArgumentException();
    }
    SSLContext.setSessionCacheSize(contextID, size);
}
 

/**
 * @return The current number of sessions in the internal session cache.
 */
public long number() {
    return SSLContext.sessionNumber(context);
}
 

@Override
public boolean isSessionCacheEnabled() {
    return SSLContext.getSessionCacheMode(context) == SSL.SSL_SESS_CACHE_SERVER;
}
 

@Override
public void setSessionCacheEnabled(boolean enabled) {
    long mode = enabled ? SSL.SSL_SESS_CACHE_SERVER : SSL.SSL_SESS_CACHE_OFF;
    SSLContext.setSessionCacheMode(context, mode);
}
 

@Override
public int getSessionCacheSize() {
    return (int) SSLContext.getSessionCacheSize(context);
}
 

@Override
public int getSessionTimeout() {
    return (int) SSLContext.getSessionCacheTimeout(context);
}
 

@Override
public int getSessionTimeout() {
    return (int) SSLContext.getSessionCacheTimeout(contextID);
}
 

/**
 * Returns the number of sessions that were removed because the maximum session cache size was exceeded.
 */
public long cacheFull() {
    return SSLContext.sessionCacheFull(context);
}
 

/**
 * Returns the number of successfully retrieved sessions from the external session cache in server mode.
 */
public long cbHits() {
    return SSLContext.sessionCbHits(context);
}
 

/**
 * Returns the number of start renegotiations in server mode.
 */
public long acceptRenegotiate() {
    return SSLContext.sessionAcceptRenegotiate(context);
}
 

/**
 * Returns the number of successfully established SSL/TLS sessions in server mode.
 */
public long acceptGood() {
    return SSLContext.sessionAcceptGood(context);
}
 

/**
 * Returns the number of started SSL/TLS handshakes in server mode.
 */
public long accept() {
    return SSLContext.sessionAccept(context);
}
 

/**
 * Returns the number of start renegotiations in client mode.
 */
public long connectRenegotiate() {
    return SSLContext.sessionConnectRenegotiate(context);
}
 

/**
 * Returns the number of successfully established SSL/TLS sessions in client mode.
 */
public long connectGood() {
    return SSLContext.sessionConnectGood(context);
}
 

/**
 * Returns the number of started SSL/TLS handshakes in client mode.
 */
public long connect() {
    return SSLContext.sessionConnect(context);
}
 

public void addCertificate(SSLHostConfigCertificate certificate) throws Exception {
    // Load Server key and certificate
    if (certificate.getCertificateFile() != null) {
        // Set certificate
        SSLContext.setCertificate(ctx,
                SSLHostConfig.adjustRelativePath(certificate.getCertificateFile()),
                SSLHostConfig.adjustRelativePath(certificate.getCertificateKeyFile()),
                certificate.getCertificateKeyPassword(), getCertificateIndex(certificate));
        // Set certificate chain file
        SSLContext.setCertificateChainFile(ctx,
                SSLHostConfig.adjustRelativePath(certificate.getCertificateChainFile()), false);
        // Set revocation
        SSLContext.setCARevocation(ctx,
                SSLHostConfig.adjustRelativePath(
                        sslHostConfig.getCertificateRevocationListFile()),
                SSLHostConfig.adjustRelativePath(
                        sslHostConfig.getCertificateRevocationListPath()));
    } else {
        String alias = certificate.getCertificateKeyAlias();
        X509KeyManager x509KeyManager = certificate.getCertificateKeyManager();
        if (alias == null) {
            alias = "tomcat";
        }
        X509Certificate[] chain = x509KeyManager.getCertificateChain(alias);
        if (chain == null) {
            alias = findAlias(x509KeyManager, certificate);
            chain = x509KeyManager.getCertificateChain(alias);
        }
        PrivateKey key = x509KeyManager.getPrivateKey(alias);
        StringBuilder sb = new StringBuilder(BEGIN_KEY);
        String encoded = BASE64_ENCODER.encodeToString(key.getEncoded());
        if (encoded.endsWith("\n")) {
            encoded = encoded.substring(0, encoded.length() - 1);
        }
        sb.append(encoded);
        sb.append(END_KEY);
        SSLContext.setCertificateRaw(ctx, chain[0].getEncoded(),
                sb.toString().getBytes(StandardCharsets.US_ASCII),
                getCertificateIndex(certificate));
        for (int i = 1; i < chain.length; i++) {
            SSLContext.addChainCertificateRaw(ctx, chain[i].getEncoded());
        }
    }
}
 

@Override
public int getSessionCacheSize() {
    return (int) SSLContext.getSessionCacheSize(contextID);
}
 

/**
 * Returns the current number of sessions in the internal session cache.
 */
public long number() {
    return SSLContext.sessionNumber(context);
}
 

/**
 * @return The number of started SSL/TLS handshakes in client mode.
 */
public long connect() {
    return SSLContext.sessionConnect(context);
}
 

/**
 * @return The number of successfully established SSL/TLS sessions in client mode.
 */
public long connectGood() {
    return SSLContext.sessionConnectGood(context);
}
 

/**
 * @return The number of start renegotiations in client mode.
 */
public long connectRenegotiate() {
    return SSLContext.sessionConnectRenegotiate(context);
}
 

/**
 * @return The number of started SSL/TLS handshakes in server mode.
 */
public long accept() {
    return SSLContext.sessionAccept(context);
}