private void configureSslClientAuth(AbstractHttp11JsseProtocol<?> protocol, Ssl ssl) {
if (ssl.getClientAuth() == ClientAuth.NEED) {
protocol.setClientAuth(Boolean.TRUE.toString());
} else if (ssl.getClientAuth() == ClientAuth.WANT) {
protocol.setClientAuth("want");
}
}
private void configureSslKeyStore(AbstractHttp11JsseProtocol<?> protocol, Ssl ssl) {
try {
protocol.setKeystoreFile(ResourceUtils.getURL(ssl.getKeyStore()).toString());
} catch (FileNotFoundException ex) {
throw new EmbeddedServletContainerException(
"Could not load key store: " + ex.getMessage(), ex);
}
if (ssl.getKeyStoreType() != null) {
protocol.setKeystoreType(ssl.getKeyStoreType());
}
if (ssl.getKeyStoreProvider() != null) {
protocol.setKeystoreProvider(ssl.getKeyStoreProvider());
}
}
/**
* Configure Tomcat's {@link AbstractHttp11JsseProtocol} for SSL.
*
* @param protocol the protocol
* @param ssl the ssl details
*/
protected void configureSsl(AbstractHttp11JsseProtocol<?> protocol, Ssl ssl) {
protocol.setSSLEnabled(true);
protocol.setSslProtocol(ssl.getProtocol());
configureSslClientAuth(protocol, ssl);
protocol.setKeystorePass(ssl.getKeyStorePassword());
protocol.setKeyPass(ssl.getKeyPassword());
protocol.setKeyAlias(ssl.getKeyAlias());
protocol.setCiphers(StringUtils.arrayToCommaDelimitedString(ssl.getCiphers()));
if (ssl.getEnabledProtocols() != null) {
protocol.setProperty(
"sslEnabledProtocols",
StringUtils.arrayToCommaDelimitedString(ssl.getEnabledProtocols()));
}
if (getSslStoreProvider() != null) {
configureSslStoreProvider(protocol, getSslStoreProvider());
} else {
configureSslKeyStore(protocol, ssl);
configureSslTrustStore(protocol, ssl);
}
}