Package org.apache.tomcat.util.net
Interface SSLUtil
-
- All Known Implementing Classes:
JSSEUtil,OpenSSLUtil,SSLUtilBase
public interface SSLUtilProvides a common interface forSSLImplementations to create the necessary JSSE implementation objects for TLS connections created via the JSSE API.
-
-
Nested Class Summary
Nested Classes Modifier and Type Interface Description static interfaceSSLUtil.ProtocolInfoOptional interface that can be implemented bySSLEngines to indicate that they support ALPN and can provide the protocol agreed with the client.
-
Method Summary
All Methods Static Methods Instance Methods Abstract Methods Modifier and Type Method Description voidconfigureSessionContext(javax.net.ssl.SSLSessionContext sslSessionContext)Configures the given SSL session context.SSLContextcreateSSLContext(java.util.List<java.lang.String> negotiableProtocols)Creates an SSL context for the given negotiable protocols.static SSLContextcreateSSLContext(javax.net.ssl.SSLContext sslContext, javax.net.ssl.X509KeyManager keyManager, javax.net.ssl.X509TrustManager trustManager)Creates an instance of Tomcat'sSSLContextfrom the provided inputs.java.lang.String[]getEnabledCiphers()The set of enabled ciphers is the intersection of the implemented ciphers and the configured ciphers.java.lang.String[]getEnabledProtocols()The set of enabled protocols is the intersection of the implemented protocols and the configured protocols.javax.net.ssl.KeyManager[]getKeyManagers()Returns the key managers.javax.net.ssl.TrustManager[]getTrustManagers()Returns the trust managers.
-
-
-
Method Detail
-
createSSLContext
static SSLContext createSSLContext(javax.net.ssl.SSLContext sslContext, javax.net.ssl.X509KeyManager keyManager, javax.net.ssl.X509TrustManager trustManager)
Creates an instance of Tomcat'sSSLContextfrom the provided inputs. Typically used when the user wants to provide a pre-configuredjavax.net.ssl.SSLContextinstance. There is no need to callSSLContext.init(KeyManager[], TrustManager[], java.security.SecureRandom)on the returned value.- Parameters:
sslContext- The JSSE SSL contextkeyManager- The JSSE key managertrustManager- The JSSE trust manager- Returns:
- An instance of Tomcat's
SSLContextformed from the provided inputs.
-
createSSLContext
SSLContext createSSLContext(java.util.List<java.lang.String> negotiableProtocols) throws java.lang.Exception
Creates an SSL context for the given negotiable protocols.- Parameters:
negotiableProtocols- The negotiable protocols- Returns:
- the SSL context
- Throws:
java.lang.Exception- if an error occurs
-
getKeyManagers
javax.net.ssl.KeyManager[] getKeyManagers() throws java.lang.ExceptionReturns the key managers.- Returns:
- The key managers
- Throws:
java.lang.Exception- if an error occurs
-
getTrustManagers
javax.net.ssl.TrustManager[] getTrustManagers() throws java.lang.ExceptionReturns the trust managers.- Returns:
- The trust managers
- Throws:
java.lang.Exception- if an error occurs
-
configureSessionContext
void configureSessionContext(javax.net.ssl.SSLSessionContext sslSessionContext)
Configures the given SSL session context.- Parameters:
sslSessionContext- The SSL session context to configure
-
getEnabledProtocols
java.lang.String[] getEnabledProtocols() throws java.lang.IllegalArgumentExceptionThe set of enabled protocols is the intersection of the implemented protocols and the configured protocols. If no protocols are explicitly configured, then all of the implemented protocols will be included in the returned array.- Returns:
- The protocols currently enabled and available for clients to select from for the associated connection
- Throws:
java.lang.IllegalArgumentException- If there is no intersection between the implemented and configured protocols
-
getEnabledCiphers
java.lang.String[] getEnabledCiphers() throws java.lang.IllegalArgumentExceptionThe set of enabled ciphers is the intersection of the implemented ciphers and the configured ciphers. If no ciphers are explicitly configured, then the default ciphers will be included in the returned array.The ciphers used during the TLS handshake may be further restricted by the
getEnabledProtocols()and the certificates.- Returns:
- The ciphers currently enabled and available for clients to select from for the associated connection
- Throws:
java.lang.IllegalArgumentException- If there is no intersection between the implemented and configured ciphers
-
-