1 /*
2 * Licensed to the Apache Software Foundation (ASF) under one or more
3 * contributor license agreements. See the NOTICE file distributed with
4 * this work for additional information regarding copyright ownership.
5 * The ASF licenses this file to You under the Apache License, Version 2.0
6 * (the "License"); you may not use this file except in compliance with
7 * the License. You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 */
17
18 package org.apache.tomcat.util.net;
19
20 import java.io.IOException;
21
22 /* SSLSupport
23
24 Interface for SSL-specific functions
25
26 @author EKR
27 */
28
29 public interface SSLSupport {
30 /**
31 * The Request attribute key for the cipher suite.
32 */
33 public static final String CIPHER_SUITE_KEY = "javax.servlet.request.cipher_suite";
34
35 /**
36 * The Request attribute key for the key size.
37 */
38 public static final String KEY_SIZE_KEY = "javax.servlet.request.key_size";
39
40 /**
41 * The Request attribute key for the client certificate chain.
42 */
43 public static final String CERTIFICATE_KEY = "javax.servlet.request.X509Certificate";
44
45 /**
46 * The Request attribute key for the session id.
47 * This one is a Tomcat extension to the Servlet spec.
48 */
49 public static final String SESSION_ID_KEY = "javax.servlet.request.ssl_session";
50
51 /**
52 * A mapping table to determine the number of effective bits in the key
53 * when using a cipher suite containing the specified cipher name. The
54 * underlying data came from the TLS Specification (RFC 2246), Appendix C.
55 */
56 static final CipherData ciphers[] = {
57 new CipherData("_WITH_NULL_", 0),
58 new CipherData("_WITH_IDEA_CBC_", 128),
59 new CipherData("_WITH_RC2_CBC_40_", 40),
60 new CipherData("_WITH_RC4_40_", 40),
61 new CipherData("_WITH_RC4_128_", 128),
62 new CipherData("_WITH_DES40_CBC_", 40),
63 new CipherData("_WITH_DES_CBC_", 56),
64 new CipherData("_WITH_3DES_EDE_CBC_", 168),
65 new CipherData("_WITH_AES_128_CBC_", 128),
66 new CipherData("_WITH_AES_256_CBC_", 256)
67 };
68
69 /**
70 * The cipher suite being used on this connection.
71 */
72 public String getCipherSuite() throws IOException;
73
74 /**
75 * The client certificate chain (if any).
76 */
77 public Object[] getPeerCertificateChain()
78 throws IOException;
79
80 /**
81 * The client certificate chain (if any).
82 * @param force If <code>true</code>, then re-negotiate the
83 * connection if necessary.
84 */
85 public Object[] getPeerCertificateChain(boolean force)
86 throws IOException;
87
88 /**
89 * Get the keysize.
90 *
91 * What we're supposed to put here is ill-defined by the
92 * Servlet spec (S 4.7 again). There are at least 4 potential
93 * values that might go here:
94 *
95 * (a) The size of the encryption key
96 * (b) The size of the MAC key
97 * (c) The size of the key-exchange key
98 * (d) The size of the signature key used by the server
99 *
100 * Unfortunately, all of these values are nonsensical.
101 **/
102 public Integer getKeySize()
103 throws IOException;
104
105 /**
106 * The current session Id.
107 */
108 public String getSessionId()
109 throws IOException;
110 /**
111 * Simple data class that represents the cipher being used, along with the
112 * corresponding effective key size. The specified phrase must appear in the
113 * name of the cipher suite to be recognized.
114 */
115
116 final class CipherData {
117
118 public String phrase = null;
119
120 public int keySize = 0;
121
122 public CipherData(String phrase, int keySize) {
123 this.phrase = phrase;
124 this.keySize = keySize;
125 }
126
127 }
128
129 }
130