Package io.undertow.server

Interface SSLSessionInfo

All Known Implementing Classes:

BasicSSLSessionInfo, ConnectionSSLSessionInfo

public interface SSLSessionInfo

SSL session information.

Author:

Stuart Douglas

Method Summary

Modifier and Type	Method	Description
static int	calculateKeySize(java.lang.String cipherSuite)	Given the name of a TLS/SSL cipher suite, return an int representing it effective stream cipher key strength.
java.lang.String	getCipherSuite()
default int	getKeySize()
javax.security.cert.X509Certificate[]	getPeerCertificateChain()	Deprecated. in favor of getPeerCertificates() because SSLSession.getPeerCertificateChain() throws java 15.
java.security.cert.Certificate[]	getPeerCertificates()	Gets the peer certificates.
byte[]	getSessionId()
javax.net.ssl.SSLSession	getSSLSession()
void	renegotiate(HttpServerExchange exchange, org.xnio.SslClientAuthMode sslClientAuthMode)	Renegotiate in a blocking manner.

Method Detail

calculateKeySize

static int calculateKeySize(java.lang.String cipherSuite)

Given the name of a TLS/SSL cipher suite, return an int representing it effective stream cipher key strength. i.e. How much entropy material is in the key material being fed into the encryption routines.

TLS 1.3 https://wiki.openssl.org/index.php/TLS1.3

https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4

Parameters:

cipherSuite - String name of the TLS cipher suite.

Returns:

int indicating the effective key entropy bit-length.

getSessionId

byte[] getSessionId()

Returns:

The SSL session ID, or null if this could not be determined.

getCipherSuite

java.lang.String getCipherSuite()

getKeySize

default int getKeySize()

getPeerCertificates

java.security.cert.Certificate[] getPeerCertificates()
                                              throws javax.net.ssl.SSLPeerUnverifiedException,
                                                     RenegotiationRequiredException

Gets the peer certificates. This may force SSL renegotiation.

Returns:

The peer certificates

Throws:

javax.net.ssl.SSLPeerUnverifiedException

RenegotiationRequiredException - If the session

getPeerCertificateChain

@Deprecated(since="2.2.3",
            forRemoval=false)
javax.security.cert.X509Certificate[] getPeerCertificateChain()
                                                       throws javax.net.ssl.SSLPeerUnverifiedException,
                                                              RenegotiationRequiredException

Deprecated.

in favor of getPeerCertificates() because SSLSession.getPeerCertificateChain() throws java 15.

This method is no longer supported on java 15 and should be avoided.

Throws:

javax.net.ssl.SSLPeerUnverifiedException

RenegotiationRequiredException

See Also:

SSLSession.getPeerCertificateChain()

renegotiate

void renegotiate(HttpServerExchange exchange,
                 org.xnio.SslClientAuthMode sslClientAuthMode)
          throws java.io.IOException

Renegotiate in a blocking manner. This will set the client aut TODO: we also need a non-blocking version

Parameters:

exchange - The exchange

sslClientAuthMode - The client cert mode to use when renegotiating

Throws:

java.io.IOException

getSSLSession

javax.net.ssl.SSLSession getSSLSession()

Returns:

The SSL session, or null if it is not applicable