/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.tomcat.util.net;
import java.util.List;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
/**
* Provides a common interface for {@link SSLImplementation}s to create the necessary JSSE implementation objects for
* TLS connections created via the JSSE API.
*/
public interface SSLUtil {
/**
* Creates an instance of Tomcat's {@code SSLContext} from the provided inputs. Typically used when the user wants
* to provide a pre-configured {@code javax.net.ssl.SSLContext} instance. There is no need to call
* {@link SSLContext#init(KeyManager[], TrustManager[], java.security.SecureRandom)} on the returned value.
*
* @param sslContext The JSSE SSL context
* @param keyManager The JSSE key manager
* @param trustManager The JSSE trust manager
*
* @return An instance of Tomcat's {@code SSLContext} formed from the provided inputs.
*/
static SSLContext createSSLContext(javax.net.ssl.SSLContext sslContext, X509KeyManager keyManager,
X509TrustManager trustManager) {
return new SSLContextWrapper(sslContext, keyManager, trustManager);
}
SSLContext createSSLContext(List<String> negotiableProtocols) throws Exception;
KeyManager[] getKeyManagers() throws Exception;
TrustManager[] getTrustManagers() throws Exception;
void configureSessionContext(SSLSessionContext sslSessionContext);
/**
* The set of enabled protocols is the intersection of the implemented protocols and the configured protocols. If no
* protocols are explicitly configured, then all of the implemented protocols will be included in the returned
* array.
*
* @return The protocols currently enabled and available for clients to select from for the associated connection
*
* @throws IllegalArgumentException If there is no intersection between the implemented and configured protocols
*/
String[] getEnabledProtocols() throws IllegalArgumentException;
/**
* The set of enabled ciphers is the intersection of the implemented ciphers and the configured ciphers. If no
* ciphers are explicitly configured, then the default ciphers will be included in the returned array.
* <p>
* The ciphers used during the TLS handshake may be further restricted by the {@link #getEnabledProtocols()} and the
* certificates.
*
* @return The ciphers currently enabled and available for clients to select from for the associated connection
*
* @throws IllegalArgumentException If there is no intersection between the implemented and configured ciphers
*/
String[] getEnabledCiphers() throws IllegalArgumentException;
/**
* Optional interface that can be implemented by {@link javax.net.ssl.SSLEngine}s to indicate that they support ALPN
* and can provide the protocol agreed with the client.
*/
interface ProtocolInfo {
/**
* ALPN information.
*
* @return the protocol selected using ALPN
*/
String getNegotiatedProtocol();
}
}