Interface SSLUtil

  • All Known Implementing Classes:
    JSSEUtil, OpenSSLUtil, SSLUtilBase

    public interface SSLUtil
    Provides a common interface for SSLImplementations to create the necessary JSSE implementation objects for TLS connections created via the JSSE API.
    • Nested Class Summary

      Nested Classes 
      Modifier and Type Interface Description
      static interface  SSLUtil.ProtocolInfo
      Optional interface that can be implemented by SSLEngines to indicate that they support ALPN and can provide the protocol agreed with the client.
    • Method Summary

      All Methods Static Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      void configureSessionContext​(javax.net.ssl.SSLSessionContext sslSessionContext)
      Configures the given SSL session context.
      SSLContext createSSLContext​(java.util.List<java.lang.String> negotiableProtocols)
      Creates an SSL context for the given negotiable protocols.
      static SSLContext createSSLContext​(javax.net.ssl.SSLContext sslContext, javax.net.ssl.X509KeyManager keyManager, javax.net.ssl.X509TrustManager trustManager)
      Creates an instance of Tomcat's SSLContext from the provided inputs.
      java.lang.String[] getEnabledCiphers()
      The set of enabled ciphers is the intersection of the implemented ciphers and the configured ciphers.
      java.lang.String[] getEnabledProtocols()
      The set of enabled protocols is the intersection of the implemented protocols and the configured protocols.
      javax.net.ssl.KeyManager[] getKeyManagers()
      Returns the key managers.
      javax.net.ssl.TrustManager[] getTrustManagers()
      Returns the trust managers.
    • Method Detail

      • createSSLContext

        static SSLContext createSSLContext​(javax.net.ssl.SSLContext sslContext,
                                           javax.net.ssl.X509KeyManager keyManager,
                                           javax.net.ssl.X509TrustManager trustManager)
        Creates an instance of Tomcat's SSLContext from the provided inputs. Typically used when the user wants to provide a pre-configured javax.net.ssl.SSLContext instance. There is no need to call SSLContext.init(KeyManager[], TrustManager[], java.security.SecureRandom) on the returned value.
        Parameters:
        sslContext - The JSSE SSL context
        keyManager - The JSSE key manager
        trustManager - The JSSE trust manager
        Returns:
        An instance of Tomcat's SSLContext formed from the provided inputs.
      • createSSLContext

        SSLContext createSSLContext​(java.util.List<java.lang.String> negotiableProtocols)
                             throws java.lang.Exception
        Creates an SSL context for the given negotiable protocols.
        Parameters:
        negotiableProtocols - The negotiable protocols
        Returns:
        the SSL context
        Throws:
        java.lang.Exception - if an error occurs
      • getKeyManagers

        javax.net.ssl.KeyManager[] getKeyManagers()
                                           throws java.lang.Exception
        Returns the key managers.
        Returns:
        The key managers
        Throws:
        java.lang.Exception - if an error occurs
      • getTrustManagers

        javax.net.ssl.TrustManager[] getTrustManagers()
                                               throws java.lang.Exception
        Returns the trust managers.
        Returns:
        The trust managers
        Throws:
        java.lang.Exception - if an error occurs
      • configureSessionContext

        void configureSessionContext​(javax.net.ssl.SSLSessionContext sslSessionContext)
        Configures the given SSL session context.
        Parameters:
        sslSessionContext - The SSL session context to configure
      • getEnabledProtocols

        java.lang.String[] getEnabledProtocols()
                                        throws java.lang.IllegalArgumentException
        The set of enabled protocols is the intersection of the implemented protocols and the configured protocols. If no protocols are explicitly configured, then all of the implemented protocols will be included in the returned array.
        Returns:
        The protocols currently enabled and available for clients to select from for the associated connection
        Throws:
        java.lang.IllegalArgumentException - If there is no intersection between the implemented and configured protocols
      • getEnabledCiphers

        java.lang.String[] getEnabledCiphers()
                                      throws java.lang.IllegalArgumentException
        The set of enabled ciphers is the intersection of the implemented ciphers and the configured ciphers. If no ciphers are explicitly configured, then the default ciphers will be included in the returned array.

        The ciphers used during the TLS handshake may be further restricted by the getEnabledProtocols() and the certificates.

        Returns:
        The ciphers currently enabled and available for clients to select from for the associated connection
        Throws:
        java.lang.IllegalArgumentException - If there is no intersection between the implemented and configured ciphers