1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.eclipse.jetty.http.ssl;
18
19 import java.io.ByteArrayInputStream;
20 import java.io.ByteArrayOutputStream;
21 import java.io.File;
22 import java.io.IOException;
23 import java.io.InputStream;
24 import java.security.InvalidParameterException;
25 import java.security.KeyStore;
26 import java.security.SecureRandom;
27 import java.security.Security;
28 import java.security.cert.CRL;
29 import java.security.cert.CertStore;
30 import java.security.cert.Certificate;
31 import java.security.cert.CollectionCertStoreParameters;
32 import java.security.cert.PKIXBuilderParameters;
33 import java.security.cert.X509CertSelector;
34 import java.util.Arrays;
35 import java.util.Collection;
36 import java.util.Collections;
37 import java.util.HashSet;
38 import java.util.List;
39 import java.util.Set;
40 import javax.net.ssl.CertPathTrustManagerParameters;
41 import javax.net.ssl.KeyManager;
42 import javax.net.ssl.KeyManagerFactory;
43 import javax.net.ssl.SSLContext;
44 import javax.net.ssl.SSLEngine;
45 import javax.net.ssl.SSLSessionContext;
46 import javax.net.ssl.TrustManager;
47 import javax.net.ssl.TrustManagerFactory;
48 import javax.net.ssl.X509KeyManager;
49 import javax.net.ssl.X509TrustManager;
50
51 import org.eclipse.jetty.http.security.Password;
52 import org.eclipse.jetty.util.IO;
53 import org.eclipse.jetty.util.component.AbstractLifeCycle;
54 import org.eclipse.jetty.util.resource.Resource;
55 import org.eclipse.jetty.util.security.CertificateUtils;
56 import org.eclipse.jetty.util.security.CertificateValidator;
57
58
59
60
61
62
63
64
65
66 public class SslContextFactory extends AbstractLifeCycle
67 {
68 public static final String DEFAULT_KEYMANAGERFACTORY_ALGORITHM =
69 (Security.getProperty("ssl.KeyManagerFactory.algorithm") == null ?
70 "SunX509" : Security.getProperty("ssl.KeyManagerFactory.algorithm"));
71 public static final String DEFAULT_TRUSTMANAGERFACTORY_ALGORITHM =
72 (Security.getProperty("ssl.TrustManagerFactory.algorithm") == null ?
73 "SunX509" : Security.getProperty("ssl.TrustManagerFactory.algorithm"));
74
75
76 public static final String DEFAULT_KEYSTORE_PATH =
77 System.getProperty("user.home") + File.separator + ".keystore";
78
79
80 public static final String KEYPASSWORD_PROPERTY = "org.eclipse.jetty.ssl.keypassword";
81
82
83 public static final String PASSWORD_PROPERTY = "org.eclipse.jetty.ssl.password";
84
85
86 private Set<String> _excludeCipherSuites = null;
87
88 private Set<String> _includeCipherSuites = null;
89
90
91 private String _keyStorePath;
92
93 private String _keyStoreProvider;
94
95 private String _keyStoreType = "JKS";
96
97 private InputStream _keyStoreInputStream;
98
99
100 private String _certAlias;
101
102
103 private String _trustStorePath;
104
105 private String _trustStoreProvider;
106
107 private String _trustStoreType = "JKS";
108
109 private InputStream _trustStoreInputStream;
110
111
112 private boolean _needClientAuth = false;
113
114 private boolean _wantClientAuth = false;
115
116
117 private boolean _allowRenegotiate = true;
118
119
120 private transient Password _keyStorePassword;
121
122 private transient Password _keyManagerPassword;
123
124 private transient Password _trustStorePassword;
125
126
127 private String _sslProvider;
128
129 private String _sslProtocol = "TLS";
130
131
132 private String _secureRandomAlgorithm;
133
134 private String _keyManagerFactoryAlgorithm = DEFAULT_KEYMANAGERFACTORY_ALGORITHM;
135
136 private String _trustManagerFactoryAlgorithm = DEFAULT_TRUSTMANAGERFACTORY_ALGORITHM;
137
138
139 private boolean _validateCerts;
140
141 private boolean _validatePeerCerts;
142
143 private int _maxCertPathLength = -1;
144
145 private String _crlPath;
146
147 private boolean _enableCRLDP = false;
148
149 private boolean _enableOCSP = false;
150
151 private String _ocspResponderURL;
152
153
154 private KeyStore _keyStore;
155
156 private KeyStore _trustStore;
157
158 private boolean _sessionCachingEnabled = true;
159
160 private int _sslSessionCacheSize;
161
162 private int _sslSessionTimeout;
163
164
165 private SSLContext _context;
166
167
168
169
170
171
172 public SslContextFactory()
173 {
174 }
175
176
177
178
179
180
181 public SslContextFactory(String keyStorePath)
182 {
183 _keyStorePath = keyStorePath;
184 }
185
186
187
188
189
190
191 @Override
192 protected void doStart() throws Exception
193 {
194 if (_context == null)
195 {
196 if (_keyStoreInputStream == null && _keyStorePath == null &&
197 _trustStoreInputStream == null && _trustStorePath == null )
198 {
199
200 TrustManager trustAllCerts = new X509TrustManager()
201 {
202 public java.security.cert.X509Certificate[] getAcceptedIssuers()
203 {
204 return null;
205 }
206
207 public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType)
208 {
209 }
210
211 public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType)
212 {
213 }
214 };
215
216 _context = SSLContext.getInstance(_sslProtocol);
217 _context.init(null, new TrustManager[]{trustAllCerts}, null);
218 }
219 else
220 {
221 createSSLContext();
222 }
223 }
224 }
225
226
227
228
229
230
231 public String[] getExcludeCipherSuites()
232 {
233 return _excludeCipherSuites.toArray(new String[_excludeCipherSuites.size()]);
234 }
235
236
237
238
239
240
241
242 public void setExcludeCipherSuites(String[] cipherSuites)
243 {
244 checkStarted();
245
246 _excludeCipherSuites = new HashSet<String>(Arrays.asList(cipherSuites));
247 }
248
249
250
251
252
253
254 public String[] getIncludeCipherSuites()
255 {
256 return _includeCipherSuites.toArray(new String[_includeCipherSuites.size()]);
257 }
258
259
260
261
262
263
264
265 public void setIncludeCipherSuites(String[] cipherSuites)
266 {
267 checkStarted();
268
269 _includeCipherSuites = new HashSet<String>(Arrays.asList(cipherSuites));
270 }
271
272
273
274
275
276 public String getKeyStore()
277 {
278 return _keyStorePath;
279 }
280
281
282
283
284
285
286 public void setKeyStore(String keyStorePath)
287 {
288 checkStarted();
289
290 _keyStorePath = keyStorePath;
291 }
292
293
294
295
296
297 public String getKeyStoreProvider()
298 {
299 return _keyStoreProvider;
300 }
301
302
303
304
305
306
307 public void setKeyStoreProvider(String keyStoreProvider)
308 {
309 checkStarted();
310
311 _keyStoreProvider = keyStoreProvider;
312 }
313
314
315
316
317
318 public String getKeyStoreType()
319 {
320 return (_keyStoreType);
321 }
322
323
324
325
326
327
328 public void setKeyStoreType(String keyStoreType)
329 {
330 checkStarted();
331
332 _keyStoreType = keyStoreType;
333 }
334
335
336
337
338
339
340
341 @Deprecated
342 public InputStream getKeyStoreInputStream()
343 {
344 checkConfig();
345
346 return _keyStoreInputStream;
347 }
348
349
350
351
352
353
354
355 @Deprecated
356 public void setKeyStoreInputStream(InputStream keyStoreInputStream)
357 {
358 checkStarted();
359
360 _keyStoreInputStream = keyStoreInputStream;
361 }
362
363
364
365
366
367 public String getCertAlias()
368 {
369 return _certAlias;
370 }
371
372
373
374
375
376
377 public void setCertAlias(String certAlias)
378 {
379 checkStarted();
380
381 _certAlias = certAlias;
382 }
383
384
385
386
387
388 public String getTrustStore()
389 {
390 return _trustStorePath;
391 }
392
393
394
395
396
397
398 public void setTrustStore(String trustStorePath)
399 {
400 checkStarted();
401
402 _trustStorePath = trustStorePath;
403 }
404
405
406
407
408
409 public String getTrustStoreProvider()
410 {
411 return _trustStoreProvider;
412 }
413
414
415
416
417
418
419 public void setTrustStoreProvider(String trustStoreProvider)
420 {
421 checkStarted();
422
423 _trustStoreProvider = trustStoreProvider;
424 }
425
426
427
428
429
430 public String getTrustStoreType()
431 {
432 return _trustStoreType;
433 }
434
435
436
437
438
439
440 public void setTrustStoreType(String trustStoreType)
441 {
442 checkStarted();
443
444 _trustStoreType = trustStoreType;
445 }
446
447
448
449
450
451
452
453 @Deprecated
454 public InputStream getTrustStoreInputStream()
455 {
456 checkConfig();
457
458 return _trustStoreInputStream;
459 }
460
461
462
463
464
465
466
467 @Deprecated
468 public void setTrustStoreInputStream(InputStream trustStoreInputStream)
469 {
470 checkStarted();
471
472 _trustStoreInputStream = trustStoreInputStream;
473 }
474
475
476
477
478
479
480 public boolean getNeedClientAuth()
481 {
482 return _needClientAuth;
483 }
484
485
486
487
488
489
490
491 public void setNeedClientAuth(boolean needClientAuth)
492 {
493 checkStarted();
494
495 _needClientAuth = needClientAuth;
496 }
497
498
499
500
501
502
503 public boolean getWantClientAuth()
504 {
505 return _wantClientAuth;
506 }
507
508
509
510
511
512
513
514 public void setWantClientAuth(boolean wantClientAuth)
515 {
516 checkStarted();
517
518 _wantClientAuth = wantClientAuth;
519 }
520
521
522
523
524
525
526 @Deprecated
527 public boolean getValidateCerts()
528 {
529 return _validateCerts;
530 }
531
532
533
534
535
536 public boolean isValidateCerts()
537 {
538 return _validateCerts;
539 }
540
541
542
543
544
545
546 public void setValidateCerts(boolean validateCerts)
547 {
548 checkStarted();
549
550 _validateCerts = validateCerts;
551 }
552
553
554
555
556
557 public boolean isValidatePeerCerts()
558 {
559 return _validatePeerCerts;
560 }
561
562
563
564
565
566
567 public void setValidatePeerCerts(boolean validatePeerCerts)
568 {
569 checkStarted();
570
571 _validatePeerCerts = validatePeerCerts;
572 }
573
574
575
576
577
578 public boolean isAllowRenegotiate()
579 {
580 return _allowRenegotiate;
581 }
582
583
584
585
586
587
588
589
590
591
592
593
594 public void setAllowRenegotiate(boolean allowRenegotiate)
595 {
596 checkStarted();
597
598 _allowRenegotiate = allowRenegotiate;
599 }
600
601
602
603
604
605
606 public void setKeyStorePassword(String password)
607 {
608 checkStarted();
609
610 _keyStorePassword = Password.getPassword(PASSWORD_PROPERTY,password,null);
611 }
612
613
614
615
616
617
618 public void setKeyManagerPassword(String password)
619 {
620 checkStarted();
621
622 _keyManagerPassword = Password.getPassword(KEYPASSWORD_PROPERTY,password,null);
623 }
624
625
626
627
628
629
630 public void setTrustStorePassword(String password)
631 {
632 checkStarted();
633
634 _trustStorePassword = Password.getPassword(PASSWORD_PROPERTY,password,null);
635 }
636
637
638
639
640
641
642 public String getProvider()
643 {
644 return _sslProvider;
645 }
646
647
648
649
650
651
652
653 public void setProvider(String provider)
654 {
655 checkStarted();
656
657 _sslProvider = provider;
658 }
659
660
661
662
663
664
665 public String getProtocol()
666 {
667 return _sslProtocol;
668 }
669
670
671
672
673
674
675
676 public void setProtocol(String protocol)
677 {
678 checkStarted();
679
680 _sslProtocol = protocol;
681 }
682
683
684
685
686
687
688
689 public String getSecureRandomAlgorithm()
690 {
691 return _secureRandomAlgorithm;
692 }
693
694
695
696
697
698
699
700
701 public void setSecureRandomAlgorithm(String algorithm)
702 {
703 checkStarted();
704
705 _secureRandomAlgorithm = algorithm;
706 }
707
708
709
710
711
712 public String getSslKeyManagerFactoryAlgorithm()
713 {
714 return (_keyManagerFactoryAlgorithm);
715 }
716
717
718
719
720
721
722 public void setSslKeyManagerFactoryAlgorithm(String algorithm)
723 {
724 checkStarted();
725
726 _keyManagerFactoryAlgorithm = algorithm;
727 }
728
729
730
731
732
733 public String getTrustManagerFactoryAlgorithm()
734 {
735 return (_trustManagerFactoryAlgorithm);
736 }
737
738
739
740
741
742
743 public void setTrustManagerFactoryAlgorithm(String algorithm)
744 {
745 checkStarted();
746
747 _trustManagerFactoryAlgorithm = algorithm;
748 }
749
750
751
752
753
754 public String getCrlPath()
755 {
756 return _crlPath;
757 }
758
759
760
761
762
763
764 public void setCrlPath(String crlPath)
765 {
766 checkStarted();
767
768 _crlPath = crlPath;
769 }
770
771
772
773
774
775
776 public int getMaxCertPathLength()
777 {
778 return _maxCertPathLength;
779 }
780
781
782
783
784
785
786
787 public void setMaxCertPathLength(int maxCertPathLength)
788 {
789 checkStarted();
790
791 _maxCertPathLength = maxCertPathLength;
792 }
793
794
795
796
797
798 public SSLContext getSslContext()
799 {
800 return _context;
801 }
802
803
804
805
806
807
808 public void setSslContext(SSLContext sslContext)
809 {
810 checkStarted();
811
812 _context = sslContext;
813 }
814
815
816
817
818
819 protected void createSSLContext() throws Exception
820 {
821
822
823 checkConfig();
824
825 KeyStore keyStore = loadKeyStore();
826 KeyStore trustStore = loadTrustStore();
827
828 Collection<? extends CRL> crls = loadCRL(_crlPath);
829
830 if (_validateCerts && keyStore != null)
831 {
832 if (_certAlias == null)
833 {
834 List<String> aliases = Collections.list(keyStore.aliases());
835 _certAlias = aliases.size() == 1 ? aliases.get(0) : null;
836 }
837
838 Certificate cert = _certAlias == null?null:keyStore.getCertificate(_certAlias);
839 if (cert == null)
840 {
841 throw new Exception("No certificate found in the keystore" + (_certAlias==null ? "":" for alias " + _certAlias));
842 }
843
844 CertificateValidator validator = new CertificateValidator(trustStore, crls);
845 validator.setMaxCertPathLength(_maxCertPathLength);
846 validator.setEnableCRLDP(_enableCRLDP);
847 validator.setEnableOCSP(_enableOCSP);
848 validator.setOcspResponderURL(_ocspResponderURL);
849 validator.validate(keyStore, cert);
850 }
851
852 KeyManager[] keyManagers = getKeyManagers(keyStore);
853 TrustManager[] trustManagers = getTrustManagers(trustStore,crls);
854
855 SecureRandom secureRandom = (_secureRandomAlgorithm == null)?null:SecureRandom.getInstance(_secureRandomAlgorithm);
856 _context = (_sslProvider == null)?SSLContext.getInstance(_sslProtocol):SSLContext.getInstance(_sslProtocol,_sslProvider);
857 _context.init(keyManagers,trustManagers,secureRandom);
858
859 SSLSessionContext sslSessionContext = _context.getServerSessionContext();
860 sslSessionContext.setSessionCacheSize(_sslSessionCacheSize);
861 sslSessionContext.setSessionTimeout(_sslSessionTimeout);
862 }
863
864
865
866
867
868
869
870
871 protected KeyStore loadKeyStore() throws Exception
872 {
873 return _keyStore != null ? _keyStore : getKeyStore(_keyStoreInputStream,
874 _keyStorePath, _keyStoreType, _keyStoreProvider,
875 _keyStorePassword==null? null: _keyStorePassword.toString());
876 }
877
878
879
880
881
882
883
884
885 protected KeyStore loadTrustStore() throws Exception
886 {
887 return _trustStore != null ? _trustStore : getKeyStore(_trustStoreInputStream,
888 _trustStorePath, _trustStoreType, _trustStoreProvider,
889 _trustStorePassword==null? null: _trustStorePassword.toString());
890 }
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910 @Deprecated
911 protected KeyStore getKeyStore(InputStream storeStream, String storePath, String storeType, String storeProvider, String storePassword) throws Exception
912 {
913 return CertificateUtils.getKeyStore(storeStream, storePath, storeType, storeProvider, storePassword);
914 }
915
916
917
918
919
920
921
922
923
924
925
926
927 protected Collection<? extends CRL> loadCRL(String crlPath) throws Exception
928 {
929 return CertificateUtils.loadCRL(crlPath);
930 }
931
932
933 protected KeyManager[] getKeyManagers(KeyStore keyStore) throws Exception
934 {
935 KeyManager[] managers = null;
936
937 if (keyStore != null)
938 {
939 KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(_keyManagerFactoryAlgorithm);
940 keyManagerFactory.init(keyStore,_keyManagerPassword == null?(_keyStorePassword == null?null:_keyStorePassword.toString().toCharArray()):_keyManagerPassword.toString().toCharArray());
941 managers = keyManagerFactory.getKeyManagers();
942
943 if (_certAlias != null)
944 {
945 for (int idx = 0; idx < managers.length; idx++)
946 {
947 if (managers[idx] instanceof X509KeyManager)
948 {
949 managers[idx] = new AliasedX509ExtendedKeyManager(_certAlias,(X509KeyManager)managers[idx]);
950 }
951 }
952 }
953 }
954
955 return managers;
956 }
957
958
959 protected TrustManager[] getTrustManagers(KeyStore trustStore, Collection<? extends CRL> crls) throws Exception
960 {
961 TrustManager[] managers = null;
962 if (trustStore != null)
963 {
964
965 if (_validatePeerCerts && _trustManagerFactoryAlgorithm.equalsIgnoreCase("PKIX"))
966 {
967 PKIXBuilderParameters pbParams = new PKIXBuilderParameters(trustStore,new X509CertSelector());
968
969
970 pbParams.setMaxPathLength(_maxCertPathLength);
971
972
973 pbParams.setRevocationEnabled(true);
974
975 if (crls != null && !crls.isEmpty())
976 {
977 pbParams.addCertStore(CertStore.getInstance("Collection",new CollectionCertStoreParameters(crls)));
978 }
979
980 if (_enableCRLDP)
981 {
982
983 System.setProperty("com.sun.security.enableCRLDP","true");
984 }
985
986 if (_enableOCSP)
987 {
988
989 Security.setProperty("ocsp.enable","true");
990
991 if (_ocspResponderURL != null)
992 {
993
994 Security.setProperty("ocsp.responderURL", _ocspResponderURL);
995 }
996 }
997
998 TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(_trustManagerFactoryAlgorithm);
999 trustManagerFactory.init(new CertPathTrustManagerParameters(pbParams));
1000
1001 managers = trustManagerFactory.getTrustManagers();
1002 }
1003 else
1004 {
1005 TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(_trustManagerFactoryAlgorithm);
1006 trustManagerFactory.init(trustStore);
1007
1008 managers = trustManagerFactory.getTrustManagers();
1009 }
1010 }
1011
1012 return managers;
1013 }
1014
1015
1016
1017
1018
1019
1020
1021
1022 public boolean checkConfig()
1023 {
1024 boolean check = true;
1025 if (_keyStore == null && _keyStoreInputStream == null && _keyStorePath == null)
1026 {
1027
1028 check = false;
1029 }
1030 else
1031 {
1032
1033
1034 if (_trustStore == null && _trustStoreInputStream == null && _trustStorePath == null)
1035 {
1036 _trustStore = _keyStore;
1037 _trustStorePath = _keyStorePath;
1038 _trustStoreInputStream = _keyStoreInputStream;
1039 _trustStoreType = _keyStoreType;
1040 _trustStoreProvider = _keyStoreProvider;
1041 _trustStorePassword = _keyStorePassword;
1042 _trustManagerFactoryAlgorithm = _keyManagerFactoryAlgorithm;
1043 }
1044 }
1045
1046
1047 if (_keyStoreInputStream != null && _keyStoreInputStream == _trustStoreInputStream)
1048 {
1049 try
1050 {
1051 ByteArrayOutputStream baos = new ByteArrayOutputStream();
1052 IO.copy(_keyStoreInputStream, baos);
1053 _keyStoreInputStream.close();
1054
1055 _keyStoreInputStream = new ByteArrayInputStream(baos.toByteArray());
1056 _trustStoreInputStream = new ByteArrayInputStream(baos.toByteArray());
1057 }
1058 catch (Exception ex)
1059 {
1060 throw new RuntimeException(ex);
1061 }
1062 }
1063
1064 return check;
1065 }
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076 public String[] selectCipherSuites(String[] enabledCipherSuites, String[] supportedCipherSuites)
1077 {
1078 Set<String> selectedCipherSuites = null;
1079 if (enabledCipherSuites != null)
1080 {
1081 selectedCipherSuites = new HashSet<String>(Arrays.asList(enabledCipherSuites));
1082 }
1083 else
1084 {
1085 selectedCipherSuites = new HashSet<String>();
1086 }
1087
1088 if ((supportedCipherSuites != null && supportedCipherSuites.length > 0) &&
1089 (_includeCipherSuites != null && _includeCipherSuites.size() > 0))
1090 {
1091 Set<String> supportedCSList = new HashSet<String>(Arrays.asList(supportedCipherSuites));
1092
1093 for (String cipherName : _includeCipherSuites)
1094 {
1095 if ((!selectedCipherSuites.contains(cipherName)) &&
1096 supportedCSList.contains(cipherName))
1097 {
1098 selectedCipherSuites.add(cipherName);
1099 }
1100 }
1101 }
1102
1103 if (_excludeCipherSuites != null && _excludeCipherSuites.size() > 0)
1104 {
1105 for (String cipherName : _excludeCipherSuites)
1106 {
1107 if (selectedCipherSuites.contains(cipherName))
1108 {
1109 selectedCipherSuites.remove(cipherName);
1110 }
1111 }
1112 }
1113
1114 return selectedCipherSuites.toArray(new String[selectedCipherSuites.size()]);
1115 }
1116
1117
1118
1119
1120
1121 protected void checkStarted()
1122 {
1123 if (isStarted())
1124 {
1125 throw new IllegalStateException("Cannot modify configuration after SslContextFactory was started");
1126 }
1127 }
1128
1129
1130
1131
1132
1133 public boolean isEnableCRLDP()
1134 {
1135 return _enableCRLDP;
1136 }
1137
1138
1139
1140
1141
1142 public void setEnableCRLDP(boolean enableCRLDP)
1143 {
1144 checkStarted();
1145
1146 _enableCRLDP = enableCRLDP;
1147 }
1148
1149
1150
1151
1152
1153 public boolean isEnableOCSP()
1154 {
1155 return _enableOCSP;
1156 }
1157
1158
1159
1160
1161
1162 public void setEnableOCSP(boolean enableOCSP)
1163 {
1164 checkStarted();
1165
1166 _enableOCSP = enableOCSP;
1167 }
1168
1169
1170
1171
1172
1173 public String getOcspResponderURL()
1174 {
1175 return _ocspResponderURL;
1176 }
1177
1178
1179
1180
1181
1182 public void setOcspResponderURL(String ocspResponderURL)
1183 {
1184 checkStarted();
1185
1186 _ocspResponderURL = ocspResponderURL;
1187 }
1188
1189
1190
1191
1192
1193 public void setKeyStore(KeyStore keyStore)
1194 {
1195 checkStarted();
1196
1197 _keyStore = keyStore;
1198 }
1199
1200
1201
1202
1203
1204 public void setTrustStore(KeyStore trustStore)
1205 {
1206 checkStarted();
1207
1208 _trustStore = trustStore;
1209 }
1210
1211
1212
1213
1214
1215 public void setKeyStoreResource(Resource resource)
1216 {
1217 checkStarted();
1218
1219 try
1220 {
1221 _keyStoreInputStream = resource.getInputStream();
1222 }
1223 catch (IOException e)
1224 {
1225 throw new InvalidParameterException("Unable to get resource "+
1226 "input stream for resource "+resource.toString());
1227 }
1228 }
1229
1230
1231
1232
1233
1234 public void setTrustStore(Resource resource)
1235 {
1236 checkStarted();
1237
1238 try
1239 {
1240 _trustStoreInputStream = resource.getInputStream();
1241 }
1242 catch (IOException e)
1243 {
1244 throw new InvalidParameterException("Unable to get resource "+
1245 "input stream for resource "+resource.toString());
1246 }
1247 }
1248
1249
1250
1251
1252
1253 public boolean isSessionCachingEnabled()
1254 {
1255 return _sessionCachingEnabled;
1256 }
1257
1258
1259
1260
1261
1262 public void setSessionCachingEnabled(boolean enableSessionCaching)
1263 {
1264 _sessionCachingEnabled = enableSessionCaching;
1265 }
1266
1267
1268
1269
1270
1271 public int getSslSessionCacheSize()
1272 {
1273 return _sslSessionCacheSize;
1274 }
1275
1276
1277
1278
1279
1280 public void setSslSessionCacheSize(int sslSessionCacheSize)
1281 {
1282 _sslSessionCacheSize = sslSessionCacheSize;
1283 }
1284
1285
1286
1287
1288
1289 public int getSslSessionTimeout()
1290 {
1291 return _sslSessionTimeout;
1292 }
1293
1294
1295
1296
1297
1298 public void setSslSessionTimeout(int sslSessionTimeout)
1299 {
1300 _sslSessionTimeout = sslSessionTimeout;
1301 }
1302 }