/* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.tomcat.util.net; import java.util.List; import javax.net.ssl.KeyManager; import javax.net.ssl.SSLSessionContext; import javax.net.ssl.TrustManager; import javax.net.ssl.X509KeyManager; import javax.net.ssl.X509TrustManager; /** * Provides a common interface for {@link SSLImplementation}s to create the necessary JSSE implementation objects for * TLS connections created via the JSSE API. */ public interface SSLUtil { /** * Creates an instance of Tomcat's {@code SSLContext} from the provided inputs. Typically used when the user wants * to provide a pre-configured {@code javax.net.ssl.SSLContext} instance. There is no need to call * {@link SSLContext#init(KeyManager[], TrustManager[], java.security.SecureRandom)} on the returned value. * * @param sslContext The JSSE SSL context * @param keyManager The JSSE key manager * @param trustManager The JSSE trust manager * * @return An instance of Tomcat's {@code SSLContext} formed from the provided inputs. */ static SSLContext createSSLContext(javax.net.ssl.SSLContext sslContext, X509KeyManager keyManager, X509TrustManager trustManager) { return new SSLContextWrapper(sslContext, keyManager, trustManager); } SSLContext createSSLContext(List negotiableProtocols) throws Exception; KeyManager[] getKeyManagers() throws Exception; TrustManager[] getTrustManagers() throws Exception; void configureSessionContext(SSLSessionContext sslSessionContext); /** * The set of enabled protocols is the intersection of the implemented protocols and the configured protocols. If no * protocols are explicitly configured, then all of the implemented protocols will be included in the returned * array. * * @return The protocols currently enabled and available for clients to select from for the associated connection * * @throws IllegalArgumentException If there is no intersection between the implemented and configured protocols */ String[] getEnabledProtocols() throws IllegalArgumentException; /** * The set of enabled ciphers is the intersection of the implemented ciphers and the configured ciphers. If no * ciphers are explicitly configured, then the default ciphers will be included in the returned array. *

* The ciphers used during the TLS handshake may be further restricted by the {@link #getEnabledProtocols()} and the * certificates. * * @return The ciphers currently enabled and available for clients to select from for the associated connection * * @throws IllegalArgumentException If there is no intersection between the implemented and configured ciphers */ String[] getEnabledCiphers() throws IllegalArgumentException; /** * Optional interface that can be implemented by {@link javax.net.ssl.SSLEngine}s to indicate that they support ALPN * and can provide the protocol agreed with the client. */ interface ProtocolInfo { /** * ALPN information. * * @return the protocol selected using ALPN */ String getNegotiatedProtocol(); } }