Package org.apache.tomcat.util.net

Interface SSLSupport

All Known Implementing Classes:

JSSESupport

public interface SSLSupport

Defines an interface to interact with SSL sessions.

Field Summary

Fields

Modifier and Type	Field	Description
static final String	CERTIFICATE_KEY	The Request attribute key for the client certificate chain.
static final String	CIPHER_SUITE_KEY	The Request attribute key for the cipher suite.
static final String	KEY_SIZE_KEY	The Request attribute key for the key size.
static final String	PROTOCOL_VERSION_KEY	Deprecated. Replaced by SECURE_PROTOCOL_KEY.
static final String	REQUESTED_CIPHERS_KEY	The request attribute key under which the String indicating the ciphers requested by the client are recorded.
static final String	REQUESTED_PROTOCOL_VERSIONS_KEY	The request attribute key under which the String indicating the protocols requested by the client are recorded.
static final String	SECURE_PROTOCOL_KEY	The Request attribute key for the cipher suite.
static final String	SESSION_ID_KEY	The Request attribute key for the session id.
static final String	SESSION_MGR	The request attribute key for the session manager.

Method Summary

Modifier and Type	Method	Description
String	getCipherSuite()	The cipher suite being used on this connection.
Integer	getKeySize()	Get the keysize.
default X509Certificate[]	getLocalCertificateChain()	The server certificate chain (if any) that were sent to the peer.
X509Certificate[]	getPeerCertificateChain()	The client certificate chain (if any).
String	getProtocol()
String	getRequestedCiphers()
String	getRequestedProtocols()
String	getSessionId()	The current session Id.

Field Details

SECURE_PROTOCOL_KEY

static final String SECURE_PROTOCOL_KEY

The Request attribute key for the cipher suite.

See Also:

• Constant Field Values

CIPHER_SUITE_KEY

static final String CIPHER_SUITE_KEY

The Request attribute key for the cipher suite.

See Also:

• Constant Field Values

KEY_SIZE_KEY

static final String KEY_SIZE_KEY

The Request attribute key for the key size.

See Also:

• Constant Field Values

CERTIFICATE_KEY

static final String CERTIFICATE_KEY

The Request attribute key for the client certificate chain.

See Also:

• Constant Field Values

SESSION_ID_KEY

static final String SESSION_ID_KEY

The Request attribute key for the session id. This one is a Tomcat extension to the Servlet spec.

See Also:

• Constant Field Values

SESSION_MGR

static final String SESSION_MGR

The request attribute key for the session manager. This one is a Tomcat extension to the Servlet spec.

See Also:

• Constant Field Values

PROTOCOL_VERSION_KEY

@Deprecated
static final String PROTOCOL_VERSION_KEY

Deprecated.

Replaced by SECURE_PROTOCOL_KEY. This constant will be removed in Tomcat 12.

The request attribute key under which the String indicating the protocol that created the SSL socket is recorded - e.g. TLSv1 or TLSv1.2 etc.

See Also:

• Constant Field Values

REQUESTED_CIPHERS_KEY

static final String REQUESTED_CIPHERS_KEY

The request attribute key under which the String indicating the ciphers requested by the client are recorded.

See Also:

• Constant Field Values

REQUESTED_PROTOCOL_VERSIONS_KEY

static final String REQUESTED_PROTOCOL_VERSIONS_KEY

The request attribute key under which the String indicating the protocols requested by the client are recorded.

See Also:

• Constant Field Values

Method Details

getCipherSuite

String getCipherSuite()
               throws IOException

The cipher suite being used on this connection.

Returns:

The name of the cipher suite as returned by the SSL/TLS implementation

Throws:

IOException - If an error occurs trying to obtain the cipher suite

getPeerCertificateChain

X509Certificate[] getPeerCertificateChain()
                                   throws IOException

The client certificate chain (if any).

Returns:

The certificate chain presented by the client with the peer's certificate first, followed by those of any certificate authorities

Throws:

IOException - If an error occurs trying to obtain the certificate chain

getLocalCertificateChain

default X509Certificate[] getLocalCertificateChain()

The server certificate chain (if any) that were sent to the peer.

Returns:

The certificate chain sent with the server certificate first, followed by those of any certificate authorities

getKeySize

Integer getKeySize()
            throws IOException

Get the keysize. What we're supposed to put here is ill-defined by the Servlet spec (S 4.7 again). There are at least 4 potential values that might go here: (a) The size of the encryption key (b) The size of the MAC key (c) The size of the key-exchange key (d) The size of the signature key used by the server Unfortunately, all of these values are nonsensical.

Returns:

The effective key size for the current cipher suite

Throws:

IOException - If an error occurs trying to obtain the key size

getSessionId

String getSessionId()
             throws IOException

The current session Id.

Returns:

The current SSL/TLS session ID

Throws:

IOException - If an error occurs trying to obtain the session ID

getProtocol

String getProtocol()
            throws IOException

Returns:

the protocol String indicating how the SSL socket was created e.g. TLSv1 or TLSv1.2 etc.

Throws:

IOException - If an error occurs trying to obtain the protocol information from the socket

getRequestedProtocols

String getRequestedProtocols()
                      throws IOException

Returns:

the list of SSL/TLS protocol versions requested by the client

Throws:

IOException - If an error occurs trying to obtain the client requested protocol information from the socket

getRequestedCiphers

String getRequestedCiphers()
                    throws IOException

Returns:

the list of SSL/TLS ciphers requested by the client

Throws:

IOException - If an error occurs trying to obtain the client request cipher information from the socket