init

java/org/apache/tomcat/util/net/SSLUtil.java

@@ -0,0 +1,82 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.tomcat.util.net;
+
+import java.util.List;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLSessionContext;
+import javax.net.ssl.TrustManager;
+
+/**
+ * Provides a common interface for {@link SSLImplementation}s to create the
+ * necessary JSSE implementation objects for TLS connections created via the
+ * JSSE API.
+ */
+public interface SSLUtil {
+
+    public SSLContext createSSLContext(List<String> negotiableProtocols) throws Exception;
+
+    public KeyManager[] getKeyManagers() throws Exception;
+
+    public TrustManager[] getTrustManagers() throws Exception;
+
+    public void configureSessionContext(SSLSessionContext sslSessionContext);
+
+    /**
+     * The set of enabled protocols is the intersection of the implemented
+     * protocols and the configured protocols. If no protocols are explicitly
+     * configured, then all of the implemented protocols will be included in the
+     * returned array.
+     *
+     * @return The protocols currently enabled and available for clients to
+     *         select from for the associated connection
+     *
+     * @throws IllegalArgumentException  If there is no intersection between the
+     *         implemented and configured protocols
+     */
+    public String[] getEnabledProtocols() throws IllegalArgumentException;
+
+    /**
+     * The set of enabled ciphers is the intersection of the implemented ciphers
+     * and the configured ciphers. If no ciphers are explicitly configured, then
+     * the default ciphers will be included in the returned array.
+     * <p>
+     * The ciphers used during the TLS handshake may be further restricted by
+     * the {@link #getEnabledProtocols()} and the certificates.
+     *
+     * @return The ciphers currently enabled and available for clients to select
+     *         from for the associated connection
+     *
+     * @throws IllegalArgumentException  If there is no intersection between the
+     *         implemented and configured ciphers
+     */
+    public String[] getEnabledCiphers() throws IllegalArgumentException;
+
+    /**
+     * Optional interface that can be implemented by
+     * {@link javax.net.ssl.SSLEngine}s to indicate that they support ALPN and
+     * can provided the protocol agreed with the client.
+     */
+    public interface ProtocolInfo {
+        /**
+         * ALPN information.
+         * @return the protocol selected using ALPN
+         */
+        public String getNegotiatedProtocol();
+    }
+}