Package io.undertow.server

Interface SSLSessionInfo

All Known Implementing Classes:

BasicSSLSessionInfo, ConnectionSSLSessionInfo

public interface SSLSessionInfo

SSL session information.

Author:

Stuart Douglas

Method Summary

Modifier and Type	Method	Description
static int	calculateKeySize(java.lang.String cipherSuite)	Given the name of a TLS/SSL cipher suite, return an int representing it effective stream cipher key strength.
java.lang.String	getCipherSuite()
default int	getKeySize()
javax.security.cert.X509Certificate[]	getPeerCertificateChain()	Deprecated. in favor of getPeerCertificates() because SSLSession.getPeerCertificateChain() throws java 15.
java.security.cert.Certificate[]	getPeerCertificates()	Gets the peer certificates.
byte[]	getSessionId()
javax.net.ssl.SSLSession	getSSLSession()
void	renegotiate(HttpServerExchange exchange, org.xnio.SslClientAuthMode sslClientAuthMode)	Renegotiate in a blocking manner.

Method Detail

calculateKeySize

static int calculateKeySize(java.lang.String cipherSuite)

Given the name of a TLS/SSL cipher suite, return an int representing it effective stream cipher key strength. i.e. How much entropy material is in the key material being fed into the encryption routines.

http://www.thesprawl.org/research/tls-and-ssl-cipher-suites/

Parameters:

cipherSuite - String name of the TLS cipher suite.

Returns:

int indicating the effective key entropy bit-length.

getSessionId

byte[] getSessionId()

Returns:

The SSL session ID, or null if this could not be determined.

getCipherSuite

java.lang.String getCipherSuite()

getKeySize

default int getKeySize()

getPeerCertificates

java.security.cert.Certificate[] getPeerCertificates()
                                              throws javax.net.ssl.SSLPeerUnverifiedException,
                                                     RenegotiationRequiredException

Gets the peer certificates. This may force SSL renegotiation.

Returns:

The peer certificates

Throws:

javax.net.ssl.SSLPeerUnverifiedException

RenegotiationRequiredException - If the session

getPeerCertificateChain

@Deprecated
javax.security.cert.X509Certificate[] getPeerCertificateChain()
                                                       throws javax.net.ssl.SSLPeerUnverifiedException,
                                                              RenegotiationRequiredException

Deprecated.

in favor of getPeerCertificates() because SSLSession.getPeerCertificateChain() throws java 15.

This method is no longer supported on java 15 and should be avoided.

Throws:

javax.net.ssl.SSLPeerUnverifiedException

RenegotiationRequiredException

See Also:

SSLSession.getPeerCertificateChain()

renegotiate

void renegotiate(HttpServerExchange exchange,
                 org.xnio.SslClientAuthMode sslClientAuthMode)
          throws java.io.IOException

Renegotiate in a blocking manner. This will set the client aut TODO: we also need a non-blocking version

Parameters:

exchange - The exchange

sslClientAuthMode - The client cert mode to use when renegotiating

Throws:

java.io.IOException

getSSLSession

javax.net.ssl.SSLSession getSSLSession()

Returns:

The SSL session, or null if it is not applicable