Interface SSLUtil

All Known Implementing Classes:
JSSEUtil, OpenSSLUtil, SSLUtilBase
public interface SSLUtil
Provides a common interface for SSLImplementations to create the necessary JSSE implementation objects for TLS connections created via the JSSE API.

  • Method Details

    • createSSLContext

      static SSLContext createSSLContext(SSLContext sslContext, X509KeyManager keyManager, X509TrustManager trustManager)
      Creates an instance of Tomcat's SSLContext from the provided inputs. Typically used when the user wants to provide a pre-configured javax.net.ssl.SSLContext instance. There is no need to call SSLContext.init(KeyManager[], TrustManager[], java.security.SecureRandom) on the returned value.
      Parameters:
      sslContext - The JSSE SSL context
      keyManager - The JSSE key manager
      trustManager - The JSSE trust manager
      Returns:
      An instance of Tomcat's SSLContext formed from the provided inputs.

    • createSSLContext

      SSLContext createSSLContext(List<String> negotiableProtocols) throws Exception
      Creates an SSL context for the given negotiable protocols.
      Parameters:
      negotiableProtocols - The negotiable protocols
      Returns:
      the SSL context
      Throws:
      Exception - if an error occurs

    • getKeyManagers

      KeyManager[] getKeyManagers() throws Exception
      Returns the key managers.
      Returns:
      The key managers
      Throws:
      Exception - if an error occurs

    • getTrustManagers

      TrustManager[] getTrustManagers() throws Exception
      Returns the trust managers.
      Returns:
      The trust managers
      Throws:
      Exception - if an error occurs

    • configureSessionContext

      void configureSessionContext(SSLSessionContext sslSessionContext)
      Configures the given SSL session context.
      Parameters:
      sslSessionContext - The SSL session context to configure

    • getEnabledProtocols

      String[] getEnabledProtocols() throws IllegalArgumentException
      The set of enabled protocols is the intersection of the implemented protocols and the configured protocols. If no protocols are explicitly configured, then all of the implemented protocols will be included in the returned array.
      Returns:
      The protocols currently enabled and available for clients to select from for the associated connection
      Throws:
      IllegalArgumentException - If there is no intersection between the implemented and configured protocols

    • getEnabledCiphers

      String[] getEnabledCiphers() throws IllegalArgumentException
      The set of enabled ciphers is the intersection of the implemented ciphers and the configured ciphers. If no ciphers are explicitly configured, then the default ciphers will be included in the returned array.

      The ciphers used during the TLS handshake may be further restricted by the getEnabledProtocols() and the certificates.

      Returns:
      The ciphers currently enabled and available for clients to select from for the associated connection
      Throws:
      IllegalArgumentException - If there is no intersection between the implemented and configured ciphers