Package io.netty.handler.ssl

Class CipherSuiteConverter

java.lang.Object

io.netty.handler.ssl.CipherSuiteConverter

@UnstableApi
public final class CipherSuiteConverter
extends java.lang.Object

Converts a Java cipher suite string to an OpenSSL cipher suite string and vice versa.

See Also:

Wikipedia page about cipher suite

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
private static class	CipherSuiteConverter.CachedValue	Used to store nullable values in a CHM

Field Summary

Fields

Modifier and Type	Field	Description
private static java.util.concurrent.ConcurrentMap<java.lang.String,CipherSuiteConverter.CachedValue>	j2o	Java-to-OpenSSL cipher suite conversion map Note that the Java cipher suite has the protocol prefix (TLS_, SSL_)
private static java.util.Map<java.lang.String,java.lang.String>	j2oTls13
private static java.util.regex.Pattern	JAVA_AES_CBC_PATTERN
private static java.util.regex.Pattern	JAVA_AES_PATTERN
private static java.util.regex.Pattern	JAVA_CIPHERSUITE_PATTERN	A_B_WITH_C_D, where: A - TLS or SSL (protocol) B - handshake algorithm (key exchange and authentication algorithms to be precise) C - bulk cipher D - HMAC algorithm This regular expression assumes that: 1) A is always TLS or SSL, and 2) D is always a single word.
private static InternalLogger	logger
private static java.util.concurrent.ConcurrentMap<java.lang.String,java.util.Map<java.lang.String,java.lang.String>>	o2j	OpenSSL-to-Java cipher suite conversion map.
private static java.util.Map<java.lang.String,java.util.Map<java.lang.String,java.lang.String>>	o2jTls13
private static java.util.regex.Pattern	OPENSSL_AES_CBC_PATTERN
private static java.util.regex.Pattern	OPENSSL_AES_PATTERN
private static java.util.regex.Pattern	OPENSSL_CIPHERSUITE_PATTERN	A-B-C, where: A - handshake algorithm (key exchange and authentication algorithms to be precise) B - bulk cipher C - HMAC algorithm This regular expression assumes that: 1) A has some deterministic pattern as shown below, and 2) C is always a single word

Constructor Summary

Constructors

Modifier	Constructor	Description
private	CipherSuiteConverter()

Method Summary

Modifier and Type	Method	Description
private static java.lang.String	cacheFromJava(java.lang.String javaCipherSuite, boolean boringSSL)
private static java.util.Map<java.lang.String,java.lang.String>	cacheFromOpenSsl(java.lang.String openSslCipherSuite)
(package private) static void	clearCache()	Clears the cache for testing purpose.
(package private) static void	convertToCipherStrings(java.lang.Iterable<java.lang.String> cipherSuites, java.lang.StringBuilder cipherBuilder, java.lang.StringBuilder cipherTLSv13Builder, boolean boringSSL)	Convert the given ciphers if needed to OpenSSL format and append them to the correct StringBuilder depending on if its a TLSv1.3 cipher or not.
(package private) static boolean	isJ2OCached(java.lang.String key, java.lang.String value)	Tests if the specified key-value pair has been cached in Java-to-OpenSSL cache.
(package private) static boolean	isO2JCached(java.lang.String key, java.lang.String protocol, java.lang.String value)	Tests if the specified key-value pair has been cached in OpenSSL-to-Java cache.
static java.lang.String	toJava(java.lang.String openSslCipherSuite, java.lang.String protocol)	Convert from OpenSSL cipher suite name convention to java cipher suite name convention.
private static java.lang.String	toJavaBulkCipher(java.lang.String bulkCipher, boolean export)
private static java.lang.String	toJavaHandshakeAlgo(java.lang.String handshakeAlgo, boolean export)
private static java.lang.String	toJavaHmacAlgo(java.lang.String hmacAlgo)
(package private) static java.lang.String	toJavaUncached(java.lang.String openSslCipherSuite)
private static java.lang.String	toJavaUncached0(java.lang.String openSslCipherSuite, boolean checkTls13)
static java.lang.String	toOpenSsl(java.lang.String javaCipherSuite, boolean boringSSL)	Converts the specified Java cipher suite to its corresponding OpenSSL cipher suite name.
private static java.lang.String	toOpenSslBulkCipher(java.lang.String bulkCipher)
private static java.lang.String	toOpenSslHandshakeAlgo(java.lang.String handshakeAlgo)
private static java.lang.String	toOpenSslHmacAlgo(java.lang.String hmacAlgo)
(package private) static java.lang.String	toOpenSslUncached(java.lang.String javaCipherSuite, boolean boringSSL)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

private static final InternalLogger logger

JAVA_CIPHERSUITE_PATTERN

private static final java.util.regex.Pattern JAVA_CIPHERSUITE_PATTERN

A_B_WITH_C_D, where: A - TLS or SSL (protocol) B - handshake algorithm (key exchange and authentication algorithms to be precise) C - bulk cipher D - HMAC algorithm This regular expression assumes that: 1) A is always TLS or SSL, and 2) D is always a single word.

OPENSSL_CIPHERSUITE_PATTERN

private static final java.util.regex.Pattern OPENSSL_CIPHERSUITE_PATTERN

A-B-C, where: A - handshake algorithm (key exchange and authentication algorithms to be precise) B - bulk cipher C - HMAC algorithm This regular expression assumes that: 1) A has some deterministic pattern as shown below, and 2) C is always a single word

JAVA_AES_CBC_PATTERN

private static final java.util.regex.Pattern JAVA_AES_CBC_PATTERN

JAVA_AES_PATTERN

private static final java.util.regex.Pattern JAVA_AES_PATTERN

OPENSSL_AES_CBC_PATTERN

private static final java.util.regex.Pattern OPENSSL_AES_CBC_PATTERN

OPENSSL_AES_PATTERN

private static final java.util.regex.Pattern OPENSSL_AES_PATTERN

j2o

private static final java.util.concurrent.ConcurrentMap<java.lang.String,CipherSuiteConverter.CachedValue> j2o

Java-to-OpenSSL cipher suite conversion map Note that the Java cipher suite has the protocol prefix (TLS_, SSL_)

o2j

private static final java.util.concurrent.ConcurrentMap<java.lang.String,java.util.Map<java.lang.String,java.lang.String>> o2j

OpenSSL-to-Java cipher suite conversion map. Note that one OpenSSL cipher suite can be converted to more than one Java cipher suites because a Java cipher suite has the protocol name prefix (TLS_, SSL_)

j2oTls13

private static final java.util.Map<java.lang.String,java.lang.String> j2oTls13

o2jTls13

private static final java.util.Map<java.lang.String,java.util.Map<java.lang.String,java.lang.String>> o2jTls13

Constructor Detail

CipherSuiteConverter

private CipherSuiteConverter()

Method Detail

clearCache

static void clearCache()

Clears the cache for testing purpose.

isJ2OCached

static boolean isJ2OCached(java.lang.String key,
                           java.lang.String value)

Tests if the specified key-value pair has been cached in Java-to-OpenSSL cache.

isO2JCached

static boolean isO2JCached(java.lang.String key,
                           java.lang.String protocol,
                           java.lang.String value)

Tests if the specified key-value pair has been cached in OpenSSL-to-Java cache.

toOpenSsl

public static java.lang.String toOpenSsl(java.lang.String javaCipherSuite,
                                         boolean boringSSL)

Converts the specified Java cipher suite to its corresponding OpenSSL cipher suite name.

Returns:

null if the conversion has failed

cacheFromJava

private static java.lang.String cacheFromJava(java.lang.String javaCipherSuite,
                                              boolean boringSSL)

toOpenSslUncached

static java.lang.String toOpenSslUncached(java.lang.String javaCipherSuite,
                                          boolean boringSSL)

toOpenSslHandshakeAlgo

private static java.lang.String toOpenSslHandshakeAlgo(java.lang.String handshakeAlgo)

toOpenSslBulkCipher

private static java.lang.String toOpenSslBulkCipher(java.lang.String bulkCipher)

toOpenSslHmacAlgo

private static java.lang.String toOpenSslHmacAlgo(java.lang.String hmacAlgo)

toJava

public static java.lang.String toJava(java.lang.String openSslCipherSuite,
                                      java.lang.String protocol)

Convert from OpenSSL cipher suite name convention to java cipher suite name convention.

Parameters:

openSslCipherSuite - An OpenSSL cipher suite name.

protocol - The cryptographic protocol (i.e. SSL, TLS, ...).

Returns:

The translated cipher suite name according to java conventions (or null if translation was not possible).

cacheFromOpenSsl

private static java.util.Map<java.lang.String,java.lang.String> cacheFromOpenSsl(java.lang.String openSslCipherSuite)

toJavaUncached

static java.lang.String toJavaUncached(java.lang.String openSslCipherSuite)

toJavaUncached0

private static java.lang.String toJavaUncached0(java.lang.String openSslCipherSuite,
                                                boolean checkTls13)

toJavaHandshakeAlgo

private static java.lang.String toJavaHandshakeAlgo(java.lang.String handshakeAlgo,
                                                    boolean export)

toJavaBulkCipher

private static java.lang.String toJavaBulkCipher(java.lang.String bulkCipher,
                                                 boolean export)

toJavaHmacAlgo

private static java.lang.String toJavaHmacAlgo(java.lang.String hmacAlgo)

convertToCipherStrings

static void convertToCipherStrings(java.lang.Iterable<java.lang.String> cipherSuites,
                                   java.lang.StringBuilder cipherBuilder,
                                   java.lang.StringBuilder cipherTLSv13Builder,
                                   boolean boringSSL)

Convert the given ciphers if needed to OpenSSL format and append them to the correct StringBuilder depending on if its a TLSv1.3 cipher or not. If this methods returns without throwing an exception its guaranteed that at least one of the StringBuilders contain some ciphers that can be used to configure OpenSSL.