Tomcat JSS API

From Dogtag
Revision as of 04:48, 2 February 2022 by Edewata (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

SSLImplementation

The SSL implementation needs to extend the org.apache.tomcat.util.net.SSLImplementation class which is defined as follows:

package org.apache.tomcat.util.net;

public class SSLImplementation {

    SSLImplementation();

    static SSLImplementation getInstance(String className);

    abstract SSLSupport getSSLSupport(SSLSession session);
    abstract SSLUtil getSSLUtil(SSLHostConfigCertificate certificate);
}

SSLEngine

SSLEngine is used by AbstractJsseEndpoint.createSSLEngine():

        SSLHostConfig sslHostConfig = getSSLHostConfig(sniHostName);

        SSLHostConfigCertificate certificate = selectCertificate(sslHostConfig, clientRequestedCiphers);

        SSLContext sslContext = certificate.getSslContext();
        if (sslContext == null) {
            throw new IllegalStateException(
                    sm.getString("endpoint.jsse.noSslContext", sniHostName));
        }

        SSLEngine engine = sslContext.createSSLEngine();
        switch (sslHostConfig.getCertificateVerification()) {
        case NONE:
            engine.setNeedClientAuth(false);
            engine.setWantClientAuth(false);
            break;
        case OPTIONAL:
        case OPTIONAL_NO_CA:
            engine.setWantClientAuth(true);
            break;
        case REQUIRED:
            engine.setNeedClientAuth(true);
            break;
        }
        engine.setUseClientMode(false);
        engine.setEnabledCipherSuites(sslHostConfig.getEnabledCiphers());
        engine.setEnabledProtocols(sslHostConfig.getEnabledProtocols());

Socket Listener

See Tomcat JSS Socket Listener.

References