Package io.netty.handler.ssl
Class SslUtils
- java.lang.Object
-
- io.netty.handler.ssl.SslUtils
-
final class SslUtils extends java.lang.Object
Constants for SSL packets.
-
-
Field Summary
Fields Modifier and Type Field Description (package private) static java.lang.String[]
DEFAULT_CIPHER_SUITES
(package private) static java.lang.String[]
DEFAULT_TLSV13_CIPHER_SUITES
(package private) static int
GMSSL_PROTOCOL_VERSION
GMSSL Protocol Version(package private) static java.lang.String
INVALID_CIPHER
private static InternalLogger
logger
(package private) static int
NOT_ENCRYPTED
data is not encrypted(package private) static int
NOT_ENOUGH_DATA
Not enough data in buffer to parse the record length(package private) static int
SSL_CONTENT_TYPE_ALERT
alert(package private) static int
SSL_CONTENT_TYPE_APPLICATION_DATA
application data(package private) static int
SSL_CONTENT_TYPE_CHANGE_CIPHER_SPEC
change cipher spec(package private) static int
SSL_CONTENT_TYPE_EXTENSION_HEARTBEAT
HeartBeat Extension(package private) static int
SSL_CONTENT_TYPE_HANDSHAKE
handshake(package private) static int
SSL_RECORD_HEADER_LENGTH
the length of the ssl record header (in bytes)private static boolean
TLSV1_3_JDK_DEFAULT_ENABLED
private static boolean
TLSV1_3_JDK_SUPPORTED
(package private) static java.lang.String[]
TLSV13_CIPHER_SUITES
(package private) static java.util.Set<java.lang.String>
TLSV13_CIPHERS
-
Constructor Summary
Constructors Modifier Constructor Description private
SslUtils()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description (package private) static void
addIfSupported(java.util.Set<java.lang.String> supported, java.util.List<java.lang.String> enabled, java.lang.String... names)
Add elements fromnames
intoenabled
if they are insupported
.(package private) static boolean
arrayContains(java.lang.String[] array, java.lang.String value)
(package private) static int
getEncryptedPacketLength(ByteBuf buffer, int offset)
Return how much bytes can be read out of the encrypted data.private static int
getEncryptedPacketLength(java.nio.ByteBuffer buffer)
(package private) static int
getEncryptedPacketLength(java.nio.ByteBuffer[] buffers, int offset)
(package private) static javax.net.ssl.SSLContext
getSSLContext(java.lang.String provider)
private static java.lang.String
getTlsVersion()
(package private) static void
handleHandshakeFailure(ChannelHandlerContext ctx, java.lang.Throwable cause, boolean notify)
(package private) static boolean
isTLSv13Cipher(java.lang.String cipher)
Returnstrue
if the given cipher (in openssl format) is for TLSv1.3,false
otherwise.(package private) static boolean
isTLSv13EnabledByJDK(java.security.Provider provider)
Returnstrue
if the JDK itself supports TLSv1.3 and enabled it by default,false
otherwise.private static boolean
isTLSv13EnabledByJDK0(java.security.Provider provider)
(package private) static boolean
isTLSv13SupportedByJDK(java.security.Provider provider)
Returnstrue
if the JDK itself supports TLSv1.3,false
otherwise.private static boolean
isTLSv13SupportedByJDK0(java.security.Provider provider)
(package private) static boolean
isValidHostNameForSNI(java.lang.String hostname)
Validate that the given hostname can be used in SNI extension.private static javax.net.ssl.SSLContext
newInitContext(java.security.Provider provider)
private static short
shortBE(ByteBuf buffer, int offset)
private static short
shortBE(java.nio.ByteBuffer buffer, int offset)
(package private) static ByteBuf
toBase64(ByteBufAllocator allocator, ByteBuf src)
Same asBase64.encode(ByteBuf, boolean)
but allows the use of a customByteBufAllocator
.(package private) static javax.net.ssl.SSLHandshakeException
toSSLHandshakeException(java.lang.Throwable e)
Converts the given exception to aSSLHandshakeException
, if it isn't already.private static short
unsignedByte(byte b)
private static int
unsignedShortBE(ByteBuf buffer, int offset)
private static int
unsignedShortBE(java.nio.ByteBuffer buffer, int offset)
(package private) static void
useFallbackCiphersIfDefaultIsEmpty(java.util.List<java.lang.String> defaultCiphers, java.lang.Iterable<java.lang.String> fallbackCiphers)
(package private) static void
useFallbackCiphersIfDefaultIsEmpty(java.util.List<java.lang.String> defaultCiphers, java.lang.String... fallbackCiphers)
(package private) static void
zeroout(ByteBuf buffer)
Fills theByteBuf
with zero bytes.(package private) static void
zerooutAndRelease(ByteBuf buffer)
Fills theByteBuf
with zero bytes and releases it.
-
-
-
Field Detail
-
logger
private static final InternalLogger logger
-
TLSV13_CIPHERS
static final java.util.Set<java.lang.String> TLSV13_CIPHERS
-
GMSSL_PROTOCOL_VERSION
static final int GMSSL_PROTOCOL_VERSION
GMSSL Protocol Version- See Also:
- Constant Field Values
-
INVALID_CIPHER
static final java.lang.String INVALID_CIPHER
- See Also:
- Constant Field Values
-
SSL_CONTENT_TYPE_CHANGE_CIPHER_SPEC
static final int SSL_CONTENT_TYPE_CHANGE_CIPHER_SPEC
change cipher spec- See Also:
- Constant Field Values
-
SSL_CONTENT_TYPE_ALERT
static final int SSL_CONTENT_TYPE_ALERT
alert- See Also:
- Constant Field Values
-
SSL_CONTENT_TYPE_HANDSHAKE
static final int SSL_CONTENT_TYPE_HANDSHAKE
handshake- See Also:
- Constant Field Values
-
SSL_CONTENT_TYPE_APPLICATION_DATA
static final int SSL_CONTENT_TYPE_APPLICATION_DATA
application data- See Also:
- Constant Field Values
-
SSL_CONTENT_TYPE_EXTENSION_HEARTBEAT
static final int SSL_CONTENT_TYPE_EXTENSION_HEARTBEAT
HeartBeat Extension- See Also:
- Constant Field Values
-
SSL_RECORD_HEADER_LENGTH
static final int SSL_RECORD_HEADER_LENGTH
the length of the ssl record header (in bytes)- See Also:
- Constant Field Values
-
NOT_ENOUGH_DATA
static final int NOT_ENOUGH_DATA
Not enough data in buffer to parse the record length- See Also:
- Constant Field Values
-
NOT_ENCRYPTED
static final int NOT_ENCRYPTED
data is not encrypted- See Also:
- Constant Field Values
-
DEFAULT_CIPHER_SUITES
static final java.lang.String[] DEFAULT_CIPHER_SUITES
-
DEFAULT_TLSV13_CIPHER_SUITES
static final java.lang.String[] DEFAULT_TLSV13_CIPHER_SUITES
-
TLSV13_CIPHER_SUITES
static final java.lang.String[] TLSV13_CIPHER_SUITES
-
TLSV1_3_JDK_SUPPORTED
private static final boolean TLSV1_3_JDK_SUPPORTED
-
TLSV1_3_JDK_DEFAULT_ENABLED
private static final boolean TLSV1_3_JDK_DEFAULT_ENABLED
-
-
Method Detail
-
isTLSv13SupportedByJDK
static boolean isTLSv13SupportedByJDK(java.security.Provider provider)
Returnstrue
if the JDK itself supports TLSv1.3,false
otherwise.
-
isTLSv13SupportedByJDK0
private static boolean isTLSv13SupportedByJDK0(java.security.Provider provider)
-
isTLSv13EnabledByJDK
static boolean isTLSv13EnabledByJDK(java.security.Provider provider)
Returnstrue
if the JDK itself supports TLSv1.3 and enabled it by default,false
otherwise.
-
isTLSv13EnabledByJDK0
private static boolean isTLSv13EnabledByJDK0(java.security.Provider provider)
-
newInitContext
private static javax.net.ssl.SSLContext newInitContext(java.security.Provider provider) throws java.security.NoSuchAlgorithmException, java.security.KeyManagementException
- Throws:
java.security.NoSuchAlgorithmException
java.security.KeyManagementException
-
getSSLContext
static javax.net.ssl.SSLContext getSSLContext(java.lang.String provider) throws java.security.NoSuchAlgorithmException, java.security.KeyManagementException, java.security.NoSuchProviderException
- Throws:
java.security.NoSuchAlgorithmException
java.security.KeyManagementException
java.security.NoSuchProviderException
-
getTlsVersion
private static java.lang.String getTlsVersion()
-
arrayContains
static boolean arrayContains(java.lang.String[] array, java.lang.String value)
-
addIfSupported
static void addIfSupported(java.util.Set<java.lang.String> supported, java.util.List<java.lang.String> enabled, java.lang.String... names)
Add elements fromnames
intoenabled
if they are insupported
.
-
useFallbackCiphersIfDefaultIsEmpty
static void useFallbackCiphersIfDefaultIsEmpty(java.util.List<java.lang.String> defaultCiphers, java.lang.Iterable<java.lang.String> fallbackCiphers)
-
useFallbackCiphersIfDefaultIsEmpty
static void useFallbackCiphersIfDefaultIsEmpty(java.util.List<java.lang.String> defaultCiphers, java.lang.String... fallbackCiphers)
-
toSSLHandshakeException
static javax.net.ssl.SSLHandshakeException toSSLHandshakeException(java.lang.Throwable e)
Converts the given exception to aSSLHandshakeException
, if it isn't already.
-
getEncryptedPacketLength
static int getEncryptedPacketLength(ByteBuf buffer, int offset)
Return how much bytes can be read out of the encrypted data. Be aware that this method will not increase the readerIndex of the givenByteBuf
.- Parameters:
buffer
- TheByteBuf
to read from. Be aware that it must have at leastSSL_RECORD_HEADER_LENGTH
bytes to read, otherwise it will throw anIllegalArgumentException
.- Returns:
- length
The length of the encrypted packet that is included in the buffer or
{@link #SslUtils#NOT_ENOUGH_DATA} if not enough data is present in the
ByteBuf
. This will returnNOT_ENCRYPTED
if the givenByteBuf
is not encrypted at all. - Throws:
java.lang.IllegalArgumentException
- Is thrown if the givenByteBuf
has not at leastSSL_RECORD_HEADER_LENGTH
bytes to read.
-
unsignedShortBE
private static int unsignedShortBE(ByteBuf buffer, int offset)
-
shortBE
private static short shortBE(ByteBuf buffer, int offset)
-
unsignedByte
private static short unsignedByte(byte b)
-
unsignedShortBE
private static int unsignedShortBE(java.nio.ByteBuffer buffer, int offset)
-
shortBE
private static short shortBE(java.nio.ByteBuffer buffer, int offset)
-
getEncryptedPacketLength
static int getEncryptedPacketLength(java.nio.ByteBuffer[] buffers, int offset)
-
getEncryptedPacketLength
private static int getEncryptedPacketLength(java.nio.ByteBuffer buffer)
-
handleHandshakeFailure
static void handleHandshakeFailure(ChannelHandlerContext ctx, java.lang.Throwable cause, boolean notify)
-
zerooutAndRelease
static void zerooutAndRelease(ByteBuf buffer)
Fills theByteBuf
with zero bytes and releases it.
-
toBase64
static ByteBuf toBase64(ByteBufAllocator allocator, ByteBuf src)
Same asBase64.encode(ByteBuf, boolean)
but allows the use of a customByteBufAllocator
.- See Also:
Base64.encode(ByteBuf, boolean)
-
isValidHostNameForSNI
static boolean isValidHostNameForSNI(java.lang.String hostname)
Validate that the given hostname can be used in SNI extension.
-
isTLSv13Cipher
static boolean isTLSv13Cipher(java.lang.String cipher)
Returnstrue
if the given cipher (in openssl format) is for TLSv1.3,false
otherwise.
-
-