Package org.eclipse.jetty.util.ssl

Class SslContextFactory.Server

    • Constructor Detail

      • Server

        public Server()

    • Method Detail

      • getWantClientAuth

        public boolean getWantClientAuth()
        Overrides:
        getWantClientAuth in class SslContextFactory
        Returns:
        True if SSL wants client authentication.
        See Also:
        SSLEngine.getWantClientAuth()

      • setWantClientAuth

        public void setWantClientAuth​(boolean wantClientAuth)
        Overrides:
        setWantClientAuth in class SslContextFactory
        Parameters:
        wantClientAuth - True if SSL wants client authentication.
        See Also:
        SSLEngine.getWantClientAuth()

      • getNeedClientAuth

        public boolean getNeedClientAuth()
        Overrides:
        getNeedClientAuth in class SslContextFactory
        Returns:
        True if SSL needs client authentication.
        See Also:
        SSLEngine.getNeedClientAuth()

      • setNeedClientAuth

        public void setNeedClientAuth​(boolean needClientAuth)
        Overrides:
        setNeedClientAuth in class SslContextFactory
        Parameters:
        needClientAuth - True if SSL needs client authentication.
        See Also:
        SSLEngine.getNeedClientAuth()

      • isSniRequired

        @ManagedAttribute("Whether the TLS handshake is rejected if there is no SNI host match")
public boolean isSniRequired()
        Does the default sniSelect(String, Principal[], SSLSession, String, Collection) implementation require an SNI match? Note that if a non SNI handshake is accepted, requests may still be rejected at the HTTP level for incorrect SNI (see SecureRequestCustomizer).
        Returns:
        true if no SNI match is handled as no certificate match, false if no SNI match is handled by delegation to the non SNI matching methods.

      • setSNISelector

        public void setSNISelector​(SniX509ExtendedKeyManager.SniSelector sniSelector)

        Sets a custom function to select certificates based on SNI information.

        Parameters:
        sniSelector - the selection function

      • sniSelect

        public java.lang.String sniSelect​(java.lang.String keyType,
                                  java.security.Principal[] issuers,
                                  javax.net.ssl.SSLSession session,
                                  java.lang.String sniHost,
                                  java.util.Collection<X509> certificates)
                           throws javax.net.ssl.SSLHandshakeException
        Description copied from interface: SniX509ExtendedKeyManager.SniSelector

        Selects a certificate based on SNI information.

        This method may be invoked multiple times during the TLS handshake, with different parameters. For example, the keyType could be different, and subsequently the collection of certificates (because they need to match the keyType.

        Specified by:
        sniSelect in interface SniX509ExtendedKeyManager.SniSelector
        Parameters:
        keyType - the key algorithm type name
        issuers - the list of acceptable CA issuer subject names or null if it does not matter which issuers are used
        session - the TLS handshake session or null if not known.
        sniHost - the server name indication sent by the client, or null if the client did not send the server name indication
        certificates - the list of certificates matching keyType and issuers known to this SslContextFactory
        Returns:
        the alias of the certificate to return to the client, from the certificates list, or SniX509ExtendedKeyManager.SniSelector.DELEGATE if the certificate choice should be delegated to the nested key manager or null for no match.
        Throws:
        javax.net.ssl.SSLHandshakeException - if the TLS handshake should be aborted