Class SslUtils
java.lang.Object
io.netty.handler.ssl.SslUtils
Constants for SSL packets.
-
Field Summary
FieldsModifier and TypeFieldDescription(package private) static final String[](package private) static final String[](package private) static final short(package private) static final short(package private) static final short(package private) static final short(package private) static final intGMSSL Protocol Version(package private) static final Stringprivate static final InternalLogger(package private) static final intdata is not encrypted(package private) static final intNot enough data in buffer to parse the record length(package private) static final String(package private) static final String(package private) static final intalert(package private) static final intapplication data(package private) static final intchange cipher spec(package private) static final intHeartBeat Extension(package private) static final inthandshake(package private) static final intthe length of the ssl record header (in bytes)private static final booleanprivate static final boolean(package private) static final String[] -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescription(package private) static voidAdd elements fromnamesintoenabledif they are insupported.(package private) static booleanarrayContains(String[] array, String value) (package private) static intgetEncryptedPacketLength(ByteBuf buffer, int offset, boolean probeSSLv2) Return how much bytes can be read out of the encrypted data.private static intgetEncryptedPacketLength(ByteBuffer buffer) (package private) static intgetEncryptedPacketLength(ByteBuffer[] buffers, int offset) (package private) static SSLContextgetSSLContext(Provider provider) (package private) static SSLContextgetSSLContext(Provider provider, SecureRandom secureRandom) private static String(package private) static voidhandleHandshakeFailure(ChannelHandlerContext ctx, Throwable cause, boolean notify) (package private) static booleanisTLSv13Cipher(String cipher) Returnstrueif the given cipher (in openssl format) is for TLSv1.3,falseotherwise.(package private) static booleanisTLSv13EnabledByJDK(Provider provider) Returnstrueif the JDK itself supports TLSv1.3 and enabled it by default,falseotherwise.private static booleanisTLSv13EnabledByJDK0(Provider provider) (package private) static booleanisTLSv13SupportedByJDK(Provider provider) Returnstrueif the JDK itself supports TLSv1.3,falseotherwise.private static booleanisTLSv13SupportedByJDK0(Provider provider) (package private) static booleanisValidHostNameForSNI(String hostname) Validate that the given hostname can be used in SNI extension.private static SSLContextnewInitContext(Provider provider) private static shortprivate static shortshortBE(ByteBuffer buffer, int offset) (package private) static ByteBuftoBase64(ByteBufAllocator allocator, ByteBuf src) Same asBase64.encode(ByteBuf, boolean)but allows the use of a customByteBufAllocator.(package private) static SSLHandshakeExceptionConverts the given exception to aSSLHandshakeException, if it isn't already.private static shortunsignedByte(byte b) private static intunsignedShortBE(ByteBuf buffer, int offset) private static intunsignedShortBE(ByteBuffer buffer, int offset) (package private) static voiduseFallbackCiphersIfDefaultIsEmpty(List<String> defaultCiphers, Iterable<String> fallbackCiphers) (package private) static voiduseFallbackCiphersIfDefaultIsEmpty(List<String> defaultCiphers, String... fallbackCiphers) (package private) static voidFills theByteBufwith zero bytes.(package private) static voidzerooutAndRelease(ByteBuf buffer) Fills theByteBufwith zero bytes and releases it.
-
Field Details
-
logger
-
TLSV13_CIPHERS
-
DTLS_1_0
static final short DTLS_1_0- See Also:
-
DTLS_1_2
static final short DTLS_1_2- See Also:
-
DTLS_1_3
static final short DTLS_1_3- See Also:
-
DTLS_RECORD_HEADER_LENGTH
static final short DTLS_RECORD_HEADER_LENGTH- See Also:
-
GMSSL_PROTOCOL_VERSION
static final int GMSSL_PROTOCOL_VERSIONGMSSL Protocol Version- See Also:
-
INVALID_CIPHER
- See Also:
-
SSL_CONTENT_TYPE_CHANGE_CIPHER_SPEC
static final int SSL_CONTENT_TYPE_CHANGE_CIPHER_SPECchange cipher spec- See Also:
-
SSL_CONTENT_TYPE_ALERT
static final int SSL_CONTENT_TYPE_ALERTalert- See Also:
-
SSL_CONTENT_TYPE_HANDSHAKE
static final int SSL_CONTENT_TYPE_HANDSHAKEhandshake- See Also:
-
SSL_CONTENT_TYPE_APPLICATION_DATA
static final int SSL_CONTENT_TYPE_APPLICATION_DATAapplication data- See Also:
-
SSL_CONTENT_TYPE_EXTENSION_HEARTBEAT
static final int SSL_CONTENT_TYPE_EXTENSION_HEARTBEATHeartBeat Extension- See Also:
-
SSL_RECORD_HEADER_LENGTH
static final int SSL_RECORD_HEADER_LENGTHthe length of the ssl record header (in bytes)- See Also:
-
NOT_ENOUGH_DATA
static final int NOT_ENOUGH_DATANot enough data in buffer to parse the record length- See Also:
-
NOT_ENCRYPTED
static final int NOT_ENCRYPTEDdata is not encrypted- See Also:
-
DEFAULT_CIPHER_SUITES
-
DEFAULT_TLSV13_CIPHER_SUITES
-
TLSV13_CIPHER_SUITES
-
PROBING_CERT
- See Also:
-
PROBING_KEY
- See Also:
-
TLSV1_3_JDK_SUPPORTED
private static final boolean TLSV1_3_JDK_SUPPORTED -
TLSV1_3_JDK_DEFAULT_ENABLED
private static final boolean TLSV1_3_JDK_DEFAULT_ENABLED
-
-
Constructor Details
-
SslUtils
private SslUtils()
-
-
Method Details
-
isTLSv13SupportedByJDK
Returnstrueif the JDK itself supports TLSv1.3,falseotherwise. -
isTLSv13SupportedByJDK0
-
isTLSv13EnabledByJDK
Returnstrueif the JDK itself supports TLSv1.3 and enabled it by default,falseotherwise. -
isTLSv13EnabledByJDK0
-
newInitContext
private static SSLContext newInitContext(Provider provider) throws NoSuchAlgorithmException, KeyManagementException -
getSSLContext
static SSLContext getSSLContext(Provider provider) throws NoSuchAlgorithmException, KeyManagementException, NoSuchProviderException -
getSSLContext
static SSLContext getSSLContext(Provider provider, SecureRandom secureRandom) throws NoSuchAlgorithmException, KeyManagementException, NoSuchProviderException -
getTlsVersion
-
arrayContains
-
addIfSupported
-
useFallbackCiphersIfDefaultIsEmpty
-
useFallbackCiphersIfDefaultIsEmpty
-
toSSLHandshakeException
Converts the given exception to aSSLHandshakeException, if it isn't already. -
getEncryptedPacketLength
Return how much bytes can be read out of the encrypted data. Be aware that this method will not increase the readerIndex of the givenByteBuf.- Parameters:
buffer- TheByteBufto read from.offset- The offset to start from.probeSSLv2-trueif the inputbuffermight be SSLv2.- Returns:
- The length of the encrypted packet that is included in the buffer or
} if not enough data is present in the
invalid @link
{@link #SslUtils#NOT_ENOUGH_DATAByteBuf. This will returnNOT_ENCRYPTEDif the givenByteBufis not encrypted at all.
-
unsignedShortBE
-
shortBE
-
unsignedByte
private static short unsignedByte(byte b) -
unsignedShortBE
-
shortBE
-
getEncryptedPacketLength
-
getEncryptedPacketLength
-
handleHandshakeFailure
-
zeroout
-
zerooutAndRelease
-
toBase64
Same asBase64.encode(ByteBuf, boolean)but allows the use of a customByteBufAllocator.- See Also:
-
isValidHostNameForSNI
Validate that the given hostname can be used in SNI extension. -
isTLSv13Cipher
Returnstrueif the given cipher (in openssl format) is for TLSv1.3,falseotherwise.
-