001: /*
002: * Copyright 1999-2004 The Apache Software Foundation
003: *
004: * Licensed under the Apache License, Version 2.0 (the "License");
005: * you may not use this file except in compliance with the License.
006: * You may obtain a copy of the License at
007: *
008: * http://www.apache.org/licenses/LICENSE-2.0
009: *
010: * Unless required by applicable law or agreed to in writing, software
011: * distributed under the License is distributed on an "AS IS" BASIS,
012: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013: * See the License for the specific language governing permissions and
014: * limitations under the License.
015: */
016:
017: package org.apache.tomcat.util.net;
018:
019: import java.io.IOException;
020:
021: /* SSLSupport
022:
023: Interface for SSL-specific functions
024:
025: @author EKR
026: */
027:
028: public interface SSLSupport {
029: /**
030: * The Request attribute key for the cipher suite.
031: */
032: public static final String CIPHER_SUITE_KEY = "javax.servlet.request.cipher_suite";
033:
034: /**
035: * The Request attribute key for the key size.
036: */
037: public static final String KEY_SIZE_KEY = "javax.servlet.request.key_size";
038:
039: /**
040: * The Request attribute key for the client certificate chain.
041: */
042: public static final String CERTIFICATE_KEY = "javax.servlet.request.X509Certificate";
043:
044: /**
045: * The Request attribute key for the session id.
046: * This one is a Tomcat extension to the Servlet spec.
047: */
048: public static final String SESSION_ID_KEY = "javax.servlet.request.ssl_session";
049:
050: /**
051: * A mapping table to determine the number of effective bits in the key
052: * when using a cipher suite containing the specified cipher name. The
053: * underlying data came from the TLS Specification (RFC 2246), Appendix C.
054: */
055: static final CipherData ciphers[] = {
056: new CipherData("_WITH_NULL_", 0),
057: new CipherData("_WITH_IDEA_CBC_", 128),
058: new CipherData("_WITH_RC2_CBC_40_", 40),
059: new CipherData("_WITH_RC4_40_", 40),
060: new CipherData("_WITH_RC4_128_", 128),
061: new CipherData("_WITH_DES40_CBC_", 40),
062: new CipherData("_WITH_DES_CBC_", 56),
063: new CipherData("_WITH_3DES_EDE_CBC_", 168) };
064:
065: /**
066: * The cipher suite being used on this connection.
067: */
068: public String getCipherSuite() throws IOException;
069:
070: /**
071: * The client certificate chain (if any).
072: */
073: public Object[] getPeerCertificateChain() throws IOException;
074:
075: /**
076: * The client certificate chain (if any).
077: * @param force If <code>true</code>, then re-negotiate the
078: * connection if necessary.
079: */
080: public Object[] getPeerCertificateChain(boolean force)
081: throws IOException;
082:
083: /**
084: * Get the keysize.
085: *
086: * What we're supposed to put here is ill-defined by the
087: * Servlet spec (S 4.7 again). There are at least 4 potential
088: * values that might go here:
089: *
090: * (a) The size of the encryption key
091: * (b) The size of the MAC key
092: * (c) The size of the key-exchange key
093: * (d) The size of the signature key used by the server
094: *
095: * Unfortunately, all of these values are nonsensical.
096: **/
097: public Integer getKeySize() throws IOException;
098:
099: /**
100: * The current session Id.
101: */
102: public String getSessionId() throws IOException;
103:
104: /**
105: * Simple data class that represents the cipher being used, along with the
106: * corresponding effective key size. The specified phrase must appear in the
107: * name of the cipher suite to be recognized.
108: */
109:
110: final class CipherData {
111:
112: public String phrase = null;
113:
114: public int keySize = 0;
115:
116: public CipherData(String phrase, int keySize) {
117: this.phrase = phrase;
118: this.keySize = keySize;
119: }
120:
121: }
122:
123: }
|