Class CipherSuiteConverter

java.lang.Object

io.netty.handler.ssl.CipherSuiteConverter

@UnstableApi
public final class CipherSuiteConverter
extends Object

Converts a Java cipher suite string to an OpenSSL cipher suite string and vice versa.

See Also:

• Wikipedia page about cipher suite

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
private static final class	CipherSuiteConverter.CachedValue	Used to store nullable values in a CHM

Field Summary

Fields

Modifier and Type	Field	Description
private static final ConcurrentMap<String, CipherSuiteConverter.CachedValue>	j2o	Java-to-OpenSSL cipher suite conversion map Note that the Java cipher suite has the protocol prefix (TLS_, SSL_)
private static final Map<String,String>	j2oTls13
private static final Pattern	JAVA_AES_CBC_PATTERN
private static final Pattern	JAVA_AES_PATTERN
private static final Pattern	JAVA_CIPHERSUITE_PATTERN	A_B_WITH_C_D, where: A - TLS or SSL (protocol) B - handshake algorithm (key exchange and authentication algorithms to be precise) C - bulk cipher D - HMAC algorithm This regular expression assumes that: 1) A is always TLS or SSL, and 2) D is always a single word.
private static final InternalLogger	logger
private static final ConcurrentMap<String, Map<String,String>>	o2j	OpenSSL-to-Java cipher suite conversion map.
private static final Map<String, Map<String,String>>	o2jTls13
private static final Pattern	OPENSSL_AES_CBC_PATTERN
private static final Pattern	OPENSSL_AES_PATTERN
private static final Pattern	OPENSSL_CIPHERSUITE_PATTERN	A-B-C, where: A - handshake algorithm (key exchange and authentication algorithms to be precise) B - bulk cipher C - HMAC algorithm This regular expression assumes that: 1) A has some deterministic pattern as shown below, and 2) C is always a single word

Constructor Summary

Constructors

Modifier	Constructor	Description
private	CipherSuiteConverter()

Method Summary

Modifier and Type	Method	Description
private static String	cacheFromJava(String javaCipherSuite, boolean boringSSL)
private static Map<String,String>	cacheFromOpenSsl(String openSslCipherSuite)
(package private) static void	clearCache()	Clears the cache for testing purpose.
(package private) static void	convertToCipherStrings(Iterable<String> cipherSuites, StringBuilder cipherBuilder, StringBuilder cipherTLSv13Builder, boolean boringSSL)	Convert the given ciphers if needed to OpenSSL format and append them to the correct StringBuilder depending on if its a TLSv1.3 cipher or not.
(package private) static boolean	isJ2OCached(String key, String value)	Tests if the specified key-value pair has been cached in Java-to-OpenSSL cache.
(package private) static boolean	isO2JCached(String key, String protocol, String value)	Tests if the specified key-value pair has been cached in OpenSSL-to-Java cache.
static String	toJava(String openSslCipherSuite, String protocol)	Convert from OpenSSL cipher suite name convention to java cipher suite name convention.
private static String	toJavaBulkCipher(String bulkCipher, boolean export)
private static String	toJavaHandshakeAlgo(String handshakeAlgo, boolean export)
private static String	toJavaHmacAlgo(String hmacAlgo)
(package private) static String	toJavaUncached(String openSslCipherSuite)
private static String	toJavaUncached0(String openSslCipherSuite, boolean checkTls13)
static String	toOpenSsl(String javaCipherSuite, boolean boringSSL)	Converts the specified Java cipher suite to its corresponding OpenSSL cipher suite name.
private static String	toOpenSslBulkCipher(String bulkCipher)
private static String	toOpenSslHandshakeAlgo(String handshakeAlgo)
private static String	toOpenSslHmacAlgo(String hmacAlgo)
(package private) static String	toOpenSslUncached(String javaCipherSuite, boolean boringSSL)

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

logger

private static final InternalLogger logger

JAVA_CIPHERSUITE_PATTERN

private static final Pattern JAVA_CIPHERSUITE_PATTERN

A_B_WITH_C_D, where: A - TLS or SSL (protocol) B - handshake algorithm (key exchange and authentication algorithms to be precise) C - bulk cipher D - HMAC algorithm This regular expression assumes that: 1) A is always TLS or SSL, and 2) D is always a single word.

OPENSSL_CIPHERSUITE_PATTERN

private static final Pattern OPENSSL_CIPHERSUITE_PATTERN

A-B-C, where: A - handshake algorithm (key exchange and authentication algorithms to be precise) B - bulk cipher C - HMAC algorithm This regular expression assumes that: 1) A has some deterministic pattern as shown below, and 2) C is always a single word

JAVA_AES_CBC_PATTERN

private static final Pattern JAVA_AES_CBC_PATTERN

JAVA_AES_PATTERN

private static final Pattern JAVA_AES_PATTERN

OPENSSL_AES_CBC_PATTERN

private static final Pattern OPENSSL_AES_CBC_PATTERN

OPENSSL_AES_PATTERN

private static final Pattern OPENSSL_AES_PATTERN

j2o

private static final ConcurrentMap<String, CipherSuiteConverter.CachedValue> j2o

Java-to-OpenSSL cipher suite conversion map Note that the Java cipher suite has the protocol prefix (TLS_, SSL_)

o2j

private static final ConcurrentMap<String, Map<String,String>> o2j

OpenSSL-to-Java cipher suite conversion map. Note that one OpenSSL cipher suite can be converted to more than one Java cipher suites because a Java cipher suite has the protocol name prefix (TLS_, SSL_)

j2oTls13

private static final Map<String,String> j2oTls13

o2jTls13

private static final Map<String, Map<String,String>> o2jTls13

Constructor Details

CipherSuiteConverter

private CipherSuiteConverter()

Method Details

clearCache

static void clearCache()

Clears the cache for testing purpose.

isJ2OCached

static boolean isJ2OCached(String key,
 String value)

Tests if the specified key-value pair has been cached in Java-to-OpenSSL cache.

isO2JCached

static boolean isO2JCached(String key,
 String protocol,
 String value)

Tests if the specified key-value pair has been cached in OpenSSL-to-Java cache.

toOpenSsl

public static String toOpenSsl(String javaCipherSuite,
 boolean boringSSL)

Converts the specified Java cipher suite to its corresponding OpenSSL cipher suite name.

Returns:

null if the conversion has failed

cacheFromJava

private static String cacheFromJava(String javaCipherSuite,
 boolean boringSSL)

toOpenSslUncached

static String toOpenSslUncached(String javaCipherSuite,
 boolean boringSSL)

toOpenSslHandshakeAlgo

private static String toOpenSslHandshakeAlgo(String handshakeAlgo)

toOpenSslBulkCipher

private static String toOpenSslBulkCipher(String bulkCipher)

toOpenSslHmacAlgo

private static String toOpenSslHmacAlgo(String hmacAlgo)

toJava

public static String toJava(String openSslCipherSuite,
 String protocol)

Convert from OpenSSL cipher suite name convention to java cipher suite name convention.

Parameters:

openSslCipherSuite - An OpenSSL cipher suite name.

protocol - The cryptographic protocol (i.e. SSL, TLS, ...).

Returns:

The translated cipher suite name according to java conventions (or null if translation was not possible).

cacheFromOpenSsl

private static Map<String,String> cacheFromOpenSsl(String openSslCipherSuite)

toJavaUncached

static String toJavaUncached(String openSslCipherSuite)

toJavaUncached0

private static String toJavaUncached0(String openSslCipherSuite,
 boolean checkTls13)

toJavaHandshakeAlgo

private static String toJavaHandshakeAlgo(String handshakeAlgo,
 boolean export)

toJavaBulkCipher

private static String toJavaBulkCipher(String bulkCipher,
 boolean export)

toJavaHmacAlgo

private static String toJavaHmacAlgo(String hmacAlgo)

convertToCipherStrings

static void convertToCipherStrings(Iterable<String> cipherSuites,
 StringBuilder cipherBuilder,
 StringBuilder cipherTLSv13Builder,
 boolean boringSSL)

Convert the given ciphers if needed to OpenSSL format and append them to the correct StringBuilder depending on if its a TLSv1.3 cipher or not. If this methods returns without throwing an exception its guaranteed that at least one of the StringBuilders contain some ciphers that can be used to configure OpenSSL.