org.openeuler.tomcat

类 GMJSSEUtil

java.lang.Object

org.apache.tomcat.util.net.SSLUtilBase

org.apache.tomcat.util.net.jsse.JSSEUtil

org.openeuler.tomcat.GMJSSEUtil

所有已实现的接口:

org.apache.tomcat.util.net.SSLUtil

public class GMJSSEUtil
extends org.apache.tomcat.util.net.jsse.JSSEUtil

嵌套类概要

从接口继承的嵌套类/接口 org.apache.tomcat.util.net.SSLUtil

org.apache.tomcat.util.net.SSLUtil.ProtocolInfo

字段概要

字段

限定符和类型	字段和说明
private static Method	getCRLsMethod
private static Method	getRevocationEnabledMethod
private static Method	getStoreMethod
private static Method	isCertificateVerificationDepthConfiguredMethod
private static org.apache.juli.logging.Log	log
private static org.apache.tomcat.util.res.StringManager	sm
private org.apache.tomcat.util.net.SSLHostConfig	sslHostConfig
private Set<String>	VALIDATE_GM_KEYSTORE_TYPE

从类继承的字段 org.apache.tomcat.util.net.SSLUtilBase

certificate, DEFAULT_KEY_ALIAS

构造器概要

构造器

构造器和说明
GMJSSEUtil(org.apache.tomcat.util.net.SSLHostConfigCertificate certificate)

方法概要

限定符和类型	方法和说明
private void	checkTrustStoreEntries(KeyStore trustStore)
private static Map<String,Integer>	createKeyAliasMap(String[] keyAliases) Create key alias map , the key is alias and value is index of alias in the keyAliases.
private String[]	getAttrValues(String attrKey, String attrValue)
private String[]	getAttrValues(String attrKey, String attrValue, boolean checkEmpty)
private String[]	getAttrValues(String attrKey, String attrValue, int count)
private String[]	getAttrValues(String attrKey, String attrValue, int count, boolean checkEmpty)
private Collection<? extends CRL>	getCertCRLs(String crlf)
private String[]	getCertificateChainFiles(int certCount) Verify and obtain the split certificateChainFile value.
private String[]	getCertificateFiles() Verify and obtain the split certificateFile value.
private String[]	getCertificateKeyFiles(int certCount) Verify and obtain the split certificateKeyFile value.
private String[]	getCertificateKeyPasswords(int keyAliasCount, boolean checkEmpty) Verify and obtain the split certificateKeyPassword value.
private String[]	getCertificateKeystoreFiles() Verify and obtain the split certificateKeystoreFile value.
private String[]	getCertificateKeystorePasswords(int keyStoreCount, boolean checkEmpty) Verify and obtain the split certificateKeystorePassword value.
private String[]	getCertificateKeystoreProviders(int keyStoreCount) Verify and obtain the split certificateKeystoreProvider value.
private String[]	getCertificateKeystoreType(int keyStoreCount) Verify and obtain the split certificateKeystoreType value.
private String[]	getCertificatePassword(int count, String keyPass) Verify and obtain the split certificateKeyPassword or certificateKeystorePassword value.
private CertPathParameters	getCertPathParameters(String crlf, KeyStore trustStore, boolean revocationEnabled)
private static Method	getCRLsMethod()
private KeyManager[]	getGMKeyManagers(String keyAlias) Get the GM keyManagers.
KeyManager[]	getKeyManagers()
private boolean	getRevocationEnabled(org.apache.tomcat.util.net.SSLHostConfig sslHostConfig)
private static Method	getRevocationEnabledMethod()
private KeyStore	getStore(String type, String provider, String path, String pass) Load store according to store type , provider , path and password.
private static Method	getStoreMethod()
TrustManager[]	getTrustManagers()
private String[]	getTruststoreFiles() Verify and obtain the split truststoreFile value.
private String[]	getTruststoreProviders(int trustStoreCount) Verify and obtain the split truststoreProvider value.
private String[]	getTruststoreTypes(int trustStoreCount) Verify and obtain the split truststoreType value.
private static void	importKeyStore(KeyStore srcStore, String srcStorePassword, Map<String,Integer> keyAliasMap, String[] keyPasswords, KeyStore destStore, char[] destKeyPassword) Import the key of the specified entry in the source store to the destination store
private static void	importTrustStore(KeyStore srcStore, char[] srcStorePassword, KeyStore destStore, char[] destStorePassword) Import the source trust store to the dest trust store.
private static void	initReflectionMethod() Obtain the following methods through reflection: SSLUtilBase#getStore SSLHostConfig#getRevocationEnabled SSLHostConfig#isCertificateVerificationDepthConfigured
private boolean	isCertificateVerificationDepthConfigured(org.apache.tomcat.util.net.SSLHostConfig sslHostConfig)
private static Method	isCertificateVerificationDepthConfiguredMethod()
private boolean	isEmpty(String str)
private boolean	isGMKey(String keyAlias) Determine whether to configure GM secret key.
private boolean	isValidateGMCertificateKeystoreType(String keystoreType) Determine whether it is a valid keystore type.
private KeyStore	loadEmptyKeyStore(String keyStoreType) Load a empty key store.
private KeyStore	loadKeyStoreByKeyStoreFile(String[] keyAliases) Load the configured keystore file, obtain the entry of the specified key alias from the keystore and save it to a newly created keystore.
private KeyStore	loadKeyStoreByPEMFile(String[] keyAliases) Parse the configured PEM file, get the privateKey and certificates and the certificate chain, and then save it in the newly created keystore.
private KeyStore	loadTrustStore()
private void	setKeyEntryByPEMFile(KeyStore ks, String keyAlias, String certificateKeyFile, String certificateFile, String certificateChainFile, String certificatePassword, char[] destKeyPassword)
private String[]	truststorePassword(int trustStoreCount) Verify and obtain the split truststoreType value.
private boolean	usePEMFile() Determine whether to use the PEM file to generate the keystore.

从类继承的方法 org.apache.tomcat.util.net.jsse.JSSEUtil

createSSLContextInternal, getImplementedCiphers, getImplementedProtocols, getLog, isTls13RenegAuthAvailable

从类继承的方法 org.apache.tomcat.util.net.SSLUtilBase

configureSessionContext, createSSLContext, getCRLs, getEnabledCiphers, getEnabledProtocols, getParameters

从类继承的方法 java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

字段详细资料

log

private static final org.apache.juli.logging.Log log

sm

private static final org.apache.tomcat.util.res.StringManager sm

VALIDATE_GM_KEYSTORE_TYPE

private final Set<String> VALIDATE_GM_KEYSTORE_TYPE

getStoreMethod

private static Method getStoreMethod

getRevocationEnabledMethod

private static Method getRevocationEnabledMethod

isCertificateVerificationDepthConfiguredMethod

private static Method isCertificateVerificationDepthConfiguredMethod

getCRLsMethod

private static Method getCRLsMethod

sslHostConfig

private final org.apache.tomcat.util.net.SSLHostConfig sslHostConfig

构造器详细资料

GMJSSEUtil

public GMJSSEUtil(org.apache.tomcat.util.net.SSLHostConfigCertificate certificate)

方法详细资料

initReflectionMethod

private static void initReflectionMethod()

Obtain the following methods through reflection: SSLUtilBase#getStore SSLHostConfig#getRevocationEnabled SSLHostConfig#isCertificateVerificationDepthConfigured

getStoreMethod

private static Method getStoreMethod()

getRevocationEnabledMethod

private static Method getRevocationEnabledMethod()

isCertificateVerificationDepthConfiguredMethod

private static Method isCertificateVerificationDepthConfiguredMethod()

getCRLsMethod

private static Method getCRLsMethod()

getKeyManagers

public KeyManager[] getKeyManagers()
                            throws Exception

指定者:

getKeyManagers 在接口中 org.apache.tomcat.util.net.SSLUtil

覆盖:

getKeyManagers 在类中 org.apache.tomcat.util.net.SSLUtilBase

抛出:

Exception

isGMKey

private boolean isGMKey(String keyAlias)

Determine whether to configure GM secret key. If multiple certificateKeyAlias values are configured, it means that GM key is used.

参数:

keyAlias - certificateKeyAlias

getGMKeyManagers

private KeyManager[] getGMKeyManagers(String keyAlias)
                               throws Exception

Get the GM keyManagers.

参数:

keyAlias - certificateKeyAlias

抛出:

Exception

usePEMFile

private boolean usePEMFile()

Determine whether to use the PEM file to generate the keystore.

loadKeyStoreByPEMFile

private KeyStore loadKeyStoreByPEMFile(String[] keyAliases)
                                throws IOException

Parse the configured PEM file, get the privateKey and certificates and the certificate chain, and then save it in the newly created keystore.

参数:

keyAliases - Multiple values obtained after separating the certificateKeyAlias attribute value with a comma

抛出:

IOException

setKeyEntryByPEMFile

private void setKeyEntryByPEMFile(KeyStore ks,
                                  String keyAlias,
                                  String certificateKeyFile,
                                  String certificateFile,
                                  String certificateChainFile,
                                  String certificatePassword,
                                  char[] destKeyPassword)
                           throws IOException

抛出:

IOException

loadKeyStoreByKeyStoreFile

private KeyStore loadKeyStoreByKeyStoreFile(String[] keyAliases)
                                     throws IOException

Load the configured keystore file, obtain the entry of the specified key alias from the keystore and save it to a newly created keystore.

参数:

keyAliases - Multiple values obtained after separating the certificateKeyAlias attribute value with a comma

抛出:

IOException

loadEmptyKeyStore

private KeyStore loadEmptyKeyStore(String keyStoreType)
                            throws IOException

Load a empty key store.

抛出:

IOException

isValidateGMCertificateKeystoreType

private boolean isValidateGMCertificateKeystoreType(String keystoreType)

Determine whether it is a valid keystore type.

createKeyAliasMap

private static Map<String,Integer> createKeyAliasMap(String[] keyAliases)

Create key alias map , the key is alias and value is index of alias in the keyAliases.

参数:

keyAliases - Array of key aliases

返回:

Key alias map

importKeyStore

private static void importKeyStore(KeyStore srcStore,
                                   String srcStorePassword,
                                   Map<String,Integer> keyAliasMap,
                                   String[] keyPasswords,
                                   KeyStore destStore,
                                   char[] destKeyPassword)
                            throws IOException

Import the key of the specified entry in the source store to the destination store

参数:

srcStore - The source store

srcStorePassword - The source store password

keyAliasMap - The configured key aliases map

keyPasswords - The source store

destStore - The dest store key password

destKeyPassword - The dest store key password

抛出:

IOException

importTrustStore

private static void importTrustStore(KeyStore srcStore,
                                     char[] srcStorePassword,
                                     KeyStore destStore,
                                     char[] destStorePassword)
                              throws IOException

Import the source trust store to the dest trust store.

参数:

srcStore - The source trust store

srcStorePassword - The source trust store password

destStore - The dest trust store

destStorePassword - The dest trust store password

抛出:

IOException

getStore

private KeyStore getStore(String type,
                          String provider,
                          String path,
                          String pass)
                   throws IOException

Load store according to store type , provider , path and password.

参数:

type - The store type

provider - The store provider

path - The store path

pass - The store password

抛出:

IOException

getCertificatePassword

private String[] getCertificatePassword(int count,
                                        String keyPass)

Verify and obtain the split certificateKeyPassword or certificateKeystorePassword value.

getCertificateKeystorePasswords

private String[] getCertificateKeystorePasswords(int keyStoreCount,
                                                 boolean checkEmpty)

Verify and obtain the split certificateKeystorePassword value.

getCertificateKeyPasswords

private String[] getCertificateKeyPasswords(int keyAliasCount,
                                            boolean checkEmpty)

Verify and obtain the split certificateKeyPassword value.

getCertificateKeystoreFiles

private String[] getCertificateKeystoreFiles()

Verify and obtain the split certificateKeystoreFile value.

getCertificateKeystoreType

private String[] getCertificateKeystoreType(int keyStoreCount)

Verify and obtain the split certificateKeystoreType value.

getCertificateKeystoreProviders

private String[] getCertificateKeystoreProviders(int keyStoreCount)

Verify and obtain the split certificateKeystoreProvider value.

getCertificateFiles

private String[] getCertificateFiles()

Verify and obtain the split certificateFile value.

getCertificateKeyFiles

private String[] getCertificateKeyFiles(int certCount)

Verify and obtain the split certificateKeyFile value.

getCertificateChainFiles

private String[] getCertificateChainFiles(int certCount)

Verify and obtain the split certificateChainFile value. If certificateChainFile.length is more than certCount , throw IllegalArgumentException. If certificateChainFile.length is equal to certCount , just return. If certificateChainFile.length is less than certCount , create a new array and copy the old array to the new arraythe , rest of the array elements are filled with null.

getAttrValues

private String[] getAttrValues(String attrKey,
                               String attrValue)

getAttrValues

private String[] getAttrValues(String attrKey,
                               String attrValue,
                               boolean checkEmpty)

getAttrValues

private String[] getAttrValues(String attrKey,
                               String attrValue,
                               int count)

getAttrValues

private String[] getAttrValues(String attrKey,
                               String attrValue,
                               int count,
                               boolean checkEmpty)

isEmpty

private boolean isEmpty(String str)

getTrustManagers

public TrustManager[] getTrustManagers()
                                throws Exception

指定者:

getTrustManagers 在接口中 org.apache.tomcat.util.net.SSLUtil

覆盖:

getTrustManagers 在类中 org.apache.tomcat.util.net.SSLUtilBase

抛出:

Exception

getRevocationEnabled

private boolean getRevocationEnabled(org.apache.tomcat.util.net.SSLHostConfig sslHostConfig)

isCertificateVerificationDepthConfigured

private boolean isCertificateVerificationDepthConfigured(org.apache.tomcat.util.net.SSLHostConfig sslHostConfig)

getCertPathParameters

private CertPathParameters getCertPathParameters(String crlf,
                                                 KeyStore trustStore,
                                                 boolean revocationEnabled)
                                          throws Exception

抛出:

Exception

getCertCRLs

private Collection<? extends CRL> getCertCRLs(String crlf)
                                       throws InvocationTargetException,
                                              IllegalAccessException

抛出:

InvocationTargetException

IllegalAccessException

loadTrustStore

private KeyStore loadTrustStore()
                         throws IOException

抛出:

IOException

getTruststoreFiles

private String[] getTruststoreFiles()

Verify and obtain the split truststoreFile value.

getTruststoreTypes

private String[] getTruststoreTypes(int trustStoreCount)

Verify and obtain the split truststoreType value.

truststorePassword

private String[] truststorePassword(int trustStoreCount)

Verify and obtain the split truststoreType value.

getTruststoreProviders

private String[] getTruststoreProviders(int trustStoreCount)

Verify and obtain the split truststoreProvider value.

checkTrustStoreEntries

private void checkTrustStoreEntries(KeyStore trustStore)
                             throws Exception

抛出:

Exception