Package io.netty.handler.ssl

Class ReferenceCountedOpenSslContext

    • Field Detail

      • DEFAULT_BIO_NON_APPLICATION_BUFFER_SIZE

        private static final int DEFAULT_BIO_NON_APPLICATION_BUFFER_SIZE

      • USE_TASKS

        static final boolean USE_TASKS

      • DH_KEY_LENGTH

        private static final java.lang.Integer DH_KEY_LENGTH

      • CLIENT_ENABLE_SESSION_TICKET

        static final boolean CLIENT_ENABLE_SESSION_TICKET

      • CLIENT_ENABLE_SESSION_TICKET_TLSV13

        static final boolean CLIENT_ENABLE_SESSION_TICKET_TLSV13

      • SERVER_ENABLE_SESSION_TICKET

        static final boolean SERVER_ENABLE_SESSION_TICKET

      • SERVER_ENABLE_SESSION_TICKET_TLSV13

        static final boolean SERVER_ENABLE_SESSION_TICKET_TLSV13

      • SERVER_ENABLE_SESSION_CACHE

        static final boolean SERVER_ENABLE_SESSION_CACHE

      • CLIENT_ENABLE_SESSION_CACHE

        static final boolean CLIENT_ENABLE_SESSION_CACHE

      • ctx

        protected long ctx
        The OpenSSL SSL_CTX object. ctxLock must be hold while using ctx!

      • unmodifiableCiphers

        private final java.util.List<java.lang.String> unmodifiableCiphers

      • mode

        private final int mode

      • keyCertChain

        final java.security.cert.Certificate[] keyCertChain

      • protocols

        final java.lang.String[] protocols

      • endpointIdentificationAlgorithm

        final java.lang.String endpointIdentificationAlgorithm

      • hasTLSv13Cipher

        final boolean hasTLSv13Cipher

      • hasTmpDhKeys

        final boolean hasTmpDhKeys

      • enableOcsp

        final boolean enableOcsp

      • ctxLock

        final java.util.concurrent.locks.ReadWriteLock ctxLock

      • bioNonApplicationBufferSize

        private volatile int bioNonApplicationBufferSize

      • tlsFalseStart

        final boolean tlsFalseStart

    • Constructor Detail

      • ReferenceCountedOpenSslContext

        ReferenceCountedOpenSslContext​(java.lang.Iterable<java.lang.String> ciphers,
                               CipherSuiteFilter cipherFilter,
                               OpenSslApplicationProtocolNegotiator apn,
                               int mode,
                               java.security.cert.Certificate[] keyCertChain,
                               ClientAuth clientAuth,
                               java.lang.String[] protocols,
                               boolean startTls,
                               java.lang.String endpointIdentificationAlgorithm,
                               boolean enableOcsp,
                               boolean leakDetection,
                               ResumptionController resumptionController,
                               java.util.Map.Entry<SslContextOption<?>,​java.lang.Object>... ctxOptions)
                        throws javax.net.ssl.SSLException
        Throws:
        javax.net.ssl.SSLException

    • Method Detail

      • cipherSuites

        public final java.util.List<java.lang.String> cipherSuites()
        Description copied from class: SslContext
        Returns the list of enabled cipher suites, in the order of preference.
        Specified by:
        cipherSuites in class SslContext

      • isClient

        public final boolean isClient()
        Description copied from class: SslContext
        Returns the true if and only if this context is for client-side.
        Specified by:
        isClient in class SslContext

      • newEngine0

        javax.net.ssl.SSLEngine newEngine0​(ByteBufAllocator alloc,
                                   java.lang.String peerHost,
                                   int peerPort,
                                   boolean jdkCompatibilityMode)

      • newEngine

        public final javax.net.ssl.SSLEngine newEngine​(ByteBufAllocator alloc)
        Returns a new server-side SSLEngine with the current configuration.
        Specified by:
        newEngine in class SslContext
        Returns:
        a new SSLEngine

      • context

        @Deprecated
public final long context()
        Deprecated.
        this method is considered unsafe as the returned pointer may be released later. Dont use it!
        Returns the pointer to the SSL_CTX object for this ReferenceCountedOpenSslContext. Be aware that it is freed as soon as the Object.finalize() method is called. At this point 0 will be returned.

      • stats

        @Deprecated
public final OpenSslSessionStats stats()
        Deprecated.
        use {@link #sessionContext#stats()}
        Returns the stats of this context.

      • setRejectRemoteInitiatedRenegotiation

        @Deprecated
public void setRejectRemoteInitiatedRenegotiation​(boolean rejectRemoteInitiatedRenegotiation)
        Deprecated.
        {@deprecated Renegotiation is not supported} Specify if remote initiated renegotiation is supported or not. If not supported and the remote side tries to initiate a renegotiation a SSLHandshakeException will be thrown during decoding.

      • getRejectRemoteInitiatedRenegotiation

        @Deprecated
public boolean getRejectRemoteInitiatedRenegotiation()
        Deprecated.
        {@deprecated Renegotiation is not supported}
        Returns:
        true because renegotiation is not supported.

      • setBioNonApplicationBufferSize

        public void setBioNonApplicationBufferSize​(int bioNonApplicationBufferSize)
        Set the size of the buffer used by the BIO for non-application based writes (e.g. handshake, renegotiation, etc...).

      • getBioNonApplicationBufferSize

        public int getBioNonApplicationBufferSize()
        Returns the size of the buffer used by the BIO for non-application based writes

      • sslCtxPointer

        @Deprecated
public final long sslCtxPointer()
        Deprecated.
        this method is considered unsafe as the returned pointer may be released later. Dont use it!
        Returns the pointer to the SSL_CTX object for this ReferenceCountedOpenSslContext. Be aware that it is freed as soon as the release() method is called. At this point 0 will be returned.

      • destroy

        private void destroy()

      • certificates

        protected static java.security.cert.X509Certificate[] certificates​(byte[][] chain)

      • chooseTrustManager

        @Deprecated
protected static javax.net.ssl.X509TrustManager chooseTrustManager​(javax.net.ssl.TrustManager[] managers)
        Deprecated.
        This method is kept for API backwards compatibility.

      • chooseTrustManager

        static javax.net.ssl.X509TrustManager chooseTrustManager​(javax.net.ssl.TrustManager[] managers,
                                                         ResumptionController resumptionController)

      • chooseX509KeyManager

        protected static javax.net.ssl.X509KeyManager chooseX509KeyManager​(javax.net.ssl.KeyManager[] kms)

      • useExtendedTrustManager

        static boolean useExtendedTrustManager​(javax.net.ssl.X509TrustManager trustManager)

      • refCnt

        public final int refCnt()
        Description copied from interface: ReferenceCounted
        Returns the reference count of this object. If 0, it means this object has been deallocated.
        Specified by:
        refCnt in interface ReferenceCounted

      • touch

        public final ReferenceCounted touch​(java.lang.Object hint)
        Description copied from interface: ReferenceCounted
        Records the current access location of this object with an additional arbitrary information for debugging purposes. If this object is determined to be leaked, the information recorded by this operation will be provided to you via ResourceLeakDetector.
        Specified by:
        touch in interface ReferenceCounted

      • release

        public final boolean release()
        Description copied from interface: ReferenceCounted
        Decreases the reference count by 1 and deallocates this object if the reference count reaches at 0.
        Specified by:
        release in interface ReferenceCounted
        Returns:
        true if and only if the reference count became 0 and this object has been deallocated

      • release

        public final boolean release​(int decrement)
        Description copied from interface: ReferenceCounted
        Decreases the reference count by the specified decrement and deallocates this object if the reference count reaches at 0.
        Specified by:
        release in interface ReferenceCounted
        Returns:
        true if and only if the reference count became 0 and this object has been deallocated

      • setKeyMaterial

        static void setKeyMaterial​(long ctx,
                           java.security.cert.X509Certificate[] keyCertChain,
                           java.security.PrivateKey key,
                           java.lang.String keyPassword)
                    throws javax.net.ssl.SSLException
        Throws:
        javax.net.ssl.SSLException

      • freeBio

        static void freeBio​(long bio)

      • toBIO

        static long toBIO​(ByteBufAllocator allocator,
                  java.security.PrivateKey key)
           throws java.lang.Exception
        Return the pointer to a in-memory BIO or 0 if the key is null. The BIO contains the content of the key.
        Throws:
        java.lang.Exception

      • toBIO

        static long toBIO​(ByteBufAllocator allocator,
                  java.security.cert.X509Certificate... certChain)
           throws java.lang.Exception
        Return the pointer to a in-memory BIO or 0 if the certChain is null. The BIO contains the content of the certChain.
        Throws:
        java.lang.Exception

      • toBIO

        static long toBIO​(ByteBufAllocator allocator,
                  PemEncoded pem)
           throws java.lang.Exception
        Throws:
        java.lang.Exception

      • newBIO

        private static long newBIO​(ByteBuf buffer)
                    throws java.lang.Exception
        Throws:
        java.lang.Exception

      • providerFor

        static OpenSslKeyMaterialProvider providerFor​(javax.net.ssl.KeyManagerFactory factory,
                                              java.lang.String password)
        Returns the OpenSslKeyMaterialProvider that should be used for OpenSSL. Depending on the given KeyManagerFactory this may cache the OpenSslKeyMaterial for better performance if it can ensure that the same material is always returned for the same alias.

      • verifyResult

        private static byte[] verifyResult​(byte[] result)
                            throws java.security.SignatureException
        Throws:
        java.security.SignatureException