001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017:
018: package org.apache.tomcat.util.net;
019:
020: import java.io.IOException;
021:
022: /* SSLSupport
023:
024: Interface for SSL-specific functions
025:
026: @author EKR
027: */
028:
029: public interface SSLSupport {
030: /**
031: * The Request attribute key for the cipher suite.
032: */
033: public static final String CIPHER_SUITE_KEY = "javax.servlet.request.cipher_suite";
034:
035: /**
036: * The Request attribute key for the key size.
037: */
038: public static final String KEY_SIZE_KEY = "javax.servlet.request.key_size";
039:
040: /**
041: * The Request attribute key for the client certificate chain.
042: */
043: public static final String CERTIFICATE_KEY = "javax.servlet.request.X509Certificate";
044:
045: /**
046: * The Request attribute key for the session id.
047: * This one is a Tomcat extension to the Servlet spec.
048: */
049: public static final String SESSION_ID_KEY = "javax.servlet.request.ssl_session";
050:
051: /**
052: * A mapping table to determine the number of effective bits in the key
053: * when using a cipher suite containing the specified cipher name. The
054: * underlying data came from the TLS Specification (RFC 2246), Appendix C.
055: */
056: static final CipherData ciphers[] = {
057: new CipherData("_WITH_NULL_", 0),
058: new CipherData("_WITH_IDEA_CBC_", 128),
059: new CipherData("_WITH_RC2_CBC_40_", 40),
060: new CipherData("_WITH_RC4_40_", 40),
061: new CipherData("_WITH_RC4_128_", 128),
062: new CipherData("_WITH_DES40_CBC_", 40),
063: new CipherData("_WITH_DES_CBC_", 56),
064: new CipherData("_WITH_3DES_EDE_CBC_", 168) };
065:
066: /**
067: * The cipher suite being used on this connection.
068: */
069: public String getCipherSuite() throws IOException;
070:
071: /**
072: * The client certificate chain (if any).
073: */
074: public Object[] getPeerCertificateChain() throws IOException;
075:
076: /**
077: * The client certificate chain (if any).
078: * @param force If <code>true</code>, then re-negotiate the
079: * connection if necessary.
080: */
081: public Object[] getPeerCertificateChain(boolean force)
082: throws IOException;
083:
084: /**
085: * Get the keysize.
086: *
087: * What we're supposed to put here is ill-defined by the
088: * Servlet spec (S 4.7 again). There are at least 4 potential
089: * values that might go here:
090: *
091: * (a) The size of the encryption key
092: * (b) The size of the MAC key
093: * (c) The size of the key-exchange key
094: * (d) The size of the signature key used by the server
095: *
096: * Unfortunately, all of these values are nonsensical.
097: **/
098: public Integer getKeySize() throws IOException;
099:
100: /**
101: * The current session Id.
102: */
103: public String getSessionId() throws IOException;
104:
105: /**
106: * Simple data class that represents the cipher being used, along with the
107: * corresponding effective key size. The specified phrase must appear in the
108: * name of the cipher suite to be recognized.
109: */
110:
111: final class CipherData {
112:
113: public String phrase = null;
114:
115: public int keySize = 0;
116:
117: public CipherData(String phrase, int keySize) {
118: this.phrase = phrase;
119: this.keySize = keySize;
120: }
121:
122: }
123:
124: }
|