private void configureSslClientAuth(AbstractHttp11JsseProtocol<?> protocol, Ssl ssl) { if (ssl.getClientAuth() == ClientAuth.NEED) { protocol.setClientAuth(Boolean.TRUE.toString()); } else if (ssl.getClientAuth() == ClientAuth.WANT) { protocol.setClientAuth("want"); } }
private void configureSslKeyStore(AbstractHttp11JsseProtocol<?> protocol, Ssl ssl) { try { protocol.setKeystoreFile(ResourceUtils.getURL(ssl.getKeyStore()).toString()); } catch (FileNotFoundException ex) { throw new EmbeddedServletContainerException( "Could not load key store: " + ex.getMessage(), ex); } if (ssl.getKeyStoreType() != null) { protocol.setKeystoreType(ssl.getKeyStoreType()); } if (ssl.getKeyStoreProvider() != null) { protocol.setKeystoreProvider(ssl.getKeyStoreProvider()); } }
protected void configureSslStoreProvider( AbstractHttp11JsseProtocol<?> protocol, SslStoreProvider sslStoreProvider) { Assert.isInstanceOf( Http11NioProtocol.class, protocol, "SslStoreProvider can only be used with Http11NioProtocol"); ((Http11NioProtocol) protocol).getEndpoint().setAttribute("sslStoreProvider", sslStoreProvider); protocol.setSslImplementationName(TomcatEmbeddedJSSEImplementation.class.getName()); }
/** * Configure Tomcat's {@link AbstractHttp11JsseProtocol} for SSL. * * @param protocol the protocol * @param ssl the ssl details */ protected void configureSsl(AbstractHttp11JsseProtocol<?> protocol, Ssl ssl) { protocol.setSSLEnabled(true); protocol.setSslProtocol(ssl.getProtocol()); configureSslClientAuth(protocol, ssl); protocol.setKeystorePass(ssl.getKeyStorePassword()); protocol.setKeyPass(ssl.getKeyPassword()); protocol.setKeyAlias(ssl.getKeyAlias()); protocol.setCiphers(StringUtils.arrayToCommaDelimitedString(ssl.getCiphers())); if (ssl.getEnabledProtocols() != null) { protocol.setProperty( "sslEnabledProtocols", StringUtils.arrayToCommaDelimitedString(ssl.getEnabledProtocols())); } if (getSslStoreProvider() != null) { configureSslStoreProvider(protocol, getSslStoreProvider()); } else { configureSslKeyStore(protocol, ssl); configureSslTrustStore(protocol, ssl); } }