Package io.netty.handler.ssl

Class SslUtils

  • final class SslUtils
extends java.lang.Object
    Constants for SSL packets.

    • Field Detail

      • TLSV13_CIPHERS

        static final java.util.Set<java.lang.String> TLSV13_CIPHERS

      • DTLS_RECORD_HEADER_LENGTH

        static final short DTLS_RECORD_HEADER_LENGTH
        See Also:
        Constant Field Values

      • GMSSL_PROTOCOL_VERSION

        static final int GMSSL_PROTOCOL_VERSION
        GMSSL Protocol Version
        See Also:
        Constant Field Values

      • SSL_CONTENT_TYPE_CHANGE_CIPHER_SPEC

        static final int SSL_CONTENT_TYPE_CHANGE_CIPHER_SPEC
        change cipher spec
        See Also:
        Constant Field Values

      • SSL_CONTENT_TYPE_HANDSHAKE

        static final int SSL_CONTENT_TYPE_HANDSHAKE
        handshake
        See Also:
        Constant Field Values

      • SSL_CONTENT_TYPE_APPLICATION_DATA

        static final int SSL_CONTENT_TYPE_APPLICATION_DATA
        application data
        See Also:
        Constant Field Values

      • SSL_CONTENT_TYPE_EXTENSION_HEARTBEAT

        static final int SSL_CONTENT_TYPE_EXTENSION_HEARTBEAT
        HeartBeat Extension
        See Also:
        Constant Field Values

      • SSL_RECORD_HEADER_LENGTH

        static final int SSL_RECORD_HEADER_LENGTH
        the length of the ssl record header (in bytes)
        See Also:
        Constant Field Values

      • NOT_ENOUGH_DATA

        static final int NOT_ENOUGH_DATA
        Not enough data in buffer to parse the record length
        See Also:
        Constant Field Values

      • DEFAULT_CIPHER_SUITES

        static final java.lang.String[] DEFAULT_CIPHER_SUITES

      • DEFAULT_TLSV13_CIPHER_SUITES

        static final java.lang.String[] DEFAULT_TLSV13_CIPHER_SUITES

      • TLSV13_CIPHER_SUITES

        static final java.lang.String[] TLSV13_CIPHER_SUITES

      • TLSV1_3_JDK_SUPPORTED

        private static final boolean TLSV1_3_JDK_SUPPORTED

      • TLSV1_3_JDK_DEFAULT_ENABLED

        private static final boolean TLSV1_3_JDK_DEFAULT_ENABLED

    • Constructor Detail

      • SslUtils

        private SslUtils()

    • Method Detail

      • isTLSv13SupportedByJDK

        static boolean isTLSv13SupportedByJDK​(java.security.Provider provider)
        Returns true if the JDK itself supports TLSv1.3, false otherwise.

      • isTLSv13SupportedByJDK0

        private static boolean isTLSv13SupportedByJDK0​(java.security.Provider provider)

      • isTLSv13EnabledByJDK

        static boolean isTLSv13EnabledByJDK​(java.security.Provider provider)
        Returns true if the JDK itself supports TLSv1.3 and enabled it by default, false otherwise.

      • isTLSv13EnabledByJDK0

        private static boolean isTLSv13EnabledByJDK0​(java.security.Provider provider)

      • newInitContext

        private static javax.net.ssl.SSLContext newInitContext​(java.security.Provider provider)
                                                throws java.security.NoSuchAlgorithmException,
                                                       java.security.KeyManagementException
        Throws:
        java.security.NoSuchAlgorithmException
        java.security.KeyManagementException

      • getSSLContext

        static javax.net.ssl.SSLContext getSSLContext​(java.security.Provider provider)
                                       throws java.security.NoSuchAlgorithmException,
                                              java.security.KeyManagementException,
                                              java.security.NoSuchProviderException
        Throws:
        java.security.NoSuchAlgorithmException
        java.security.KeyManagementException
        java.security.NoSuchProviderException

      • getSSLContext

        static javax.net.ssl.SSLContext getSSLContext​(java.security.Provider provider,
                                              java.security.SecureRandom secureRandom)
                                       throws java.security.NoSuchAlgorithmException,
                                              java.security.KeyManagementException,
                                              java.security.NoSuchProviderException
        Throws:
        java.security.NoSuchAlgorithmException
        java.security.KeyManagementException
        java.security.NoSuchProviderException

      • getTlsVersion

        private static java.lang.String getTlsVersion()

      • arrayContains

        static boolean arrayContains​(java.lang.String[] array,
                             java.lang.String value)

      • addIfSupported

        static void addIfSupported​(java.util.Set<java.lang.String> supported,
                           java.util.List<java.lang.String> enabled,
                           java.lang.String... names)
        Add elements from names into enabled if they are in supported.

      • useFallbackCiphersIfDefaultIsEmpty

        static void useFallbackCiphersIfDefaultIsEmpty​(java.util.List<java.lang.String> defaultCiphers,
                                               java.lang.Iterable<java.lang.String> fallbackCiphers)

      • useFallbackCiphersIfDefaultIsEmpty

        static void useFallbackCiphersIfDefaultIsEmpty​(java.util.List<java.lang.String> defaultCiphers,
                                               java.lang.String... fallbackCiphers)

      • toSSLHandshakeException

        static javax.net.ssl.SSLHandshakeException toSSLHandshakeException​(java.lang.Throwable e)
        Converts the given exception to a SSLHandshakeException, if it isn't already.

      • getEncryptedPacketLength

        static int getEncryptedPacketLength​(ByteBuf buffer,
                                    int offset,
                                    boolean probeSSLv2)
        Return how much bytes can be read out of the encrypted data. Be aware that this method will not increase the readerIndex of the given ByteBuf.
        Parameters:
        buffer - The ByteBuf to read from.
        offset - The offset to start from.
        probeSSLv2 - true if the input buffer might be SSLv2.
        Returns:
        The length of the encrypted packet that is included in the buffer or {@link #SslUtils#NOT_ENOUGH_DATA} if not enough data is present in the ByteBuf. This will return NOT_ENCRYPTED if the given ByteBuf is not encrypted at all.

      • unsignedShortBE

        private static int unsignedShortBE​(ByteBuf buffer,
                                   int offset)

      • shortBE

        private static short shortBE​(ByteBuf buffer,
                             int offset)

      • unsignedByte

        private static short unsignedByte​(byte b)

      • unsignedShortBE

        private static int unsignedShortBE​(java.nio.ByteBuffer buffer,
                                   int offset)

      • shortBE

        private static short shortBE​(java.nio.ByteBuffer buffer,
                             int offset)

      • getEncryptedPacketLength

        static int getEncryptedPacketLength​(java.nio.ByteBuffer[] buffers,
                                    int offset)

      • getEncryptedPacketLength

        private static int getEncryptedPacketLength​(java.nio.ByteBuffer buffer)

      • handleHandshakeFailure

        static void handleHandshakeFailure​(ChannelHandlerContext ctx,
                                   java.lang.Throwable cause,
                                   boolean notify)

      • zeroout

        static void zeroout​(ByteBuf buffer)
        Fills the ByteBuf with zero bytes.

      • zerooutAndRelease

        static void zerooutAndRelease​(ByteBuf buffer)
        Fills the ByteBuf with zero bytes and releases it.

      • isValidHostNameForSNI

        static boolean isValidHostNameForSNI​(java.lang.String hostname)
        Validate that the given hostname can be used in SNI extension.

      • isTLSv13Cipher

        static boolean isTLSv13Cipher​(java.lang.String cipher)
        Returns true if the given cipher (in openssl format) is for TLSv1.3, false otherwise.