Class CipherSuiteConverter

java.lang.Object
io.netty.handler.ssl.CipherSuiteConverter

@UnstableApi public final class CipherSuiteConverter extends Object
Converts a Java cipher suite string to an OpenSSL cipher suite string and vice versa.
See Also:
  • Field Details

    • logger

      private static final InternalLogger logger
    • JAVA_CIPHERSUITE_PATTERN

      private static final Pattern JAVA_CIPHERSUITE_PATTERN
      A_B_WITH_C_D, where: A - TLS or SSL (protocol) B - handshake algorithm (key exchange and authentication algorithms to be precise) C - bulk cipher D - HMAC algorithm This regular expression assumes that: 1) A is always TLS or SSL, and 2) D is always a single word.
    • OPENSSL_CIPHERSUITE_PATTERN

      private static final Pattern OPENSSL_CIPHERSUITE_PATTERN
      A-B-C, where: A - handshake algorithm (key exchange and authentication algorithms to be precise) B - bulk cipher C - HMAC algorithm This regular expression assumes that: 1) A has some deterministic pattern as shown below, and 2) C is always a single word
    • JAVA_AES_CBC_PATTERN

      private static final Pattern JAVA_AES_CBC_PATTERN
    • JAVA_AES_PATTERN

      private static final Pattern JAVA_AES_PATTERN
    • OPENSSL_AES_CBC_PATTERN

      private static final Pattern OPENSSL_AES_CBC_PATTERN
    • OPENSSL_AES_PATTERN

      private static final Pattern OPENSSL_AES_PATTERN
    • j2o

      Java-to-OpenSSL cipher suite conversion map Note that the Java cipher suite has the protocol prefix (TLS_, SSL_)
    • o2j

      private static final ConcurrentMap<String,Map<String,String>> o2j
      OpenSSL-to-Java cipher suite conversion map. Note that one OpenSSL cipher suite can be converted to more than one Java cipher suites because a Java cipher suite has the protocol name prefix (TLS_, SSL_)
    • j2oTls13

      private static final Map<String,String> j2oTls13
    • o2jTls13

      private static final Map<String,Map<String,String>> o2jTls13
  • Constructor Details

    • CipherSuiteConverter

      private CipherSuiteConverter()
  • Method Details

    • clearCache

      static void clearCache()
      Clears the cache for testing purpose.
    • isJ2OCached

      static boolean isJ2OCached(String key, String value)
      Tests if the specified key-value pair has been cached in Java-to-OpenSSL cache.
    • isO2JCached

      static boolean isO2JCached(String key, String protocol, String value)
      Tests if the specified key-value pair has been cached in OpenSSL-to-Java cache.
    • toOpenSsl

      public static String toOpenSsl(String javaCipherSuite, boolean boringSSL)
      Converts the specified Java cipher suite to its corresponding OpenSSL cipher suite name.
      Returns:
      null if the conversion has failed
    • cacheFromJava

      private static String cacheFromJava(String javaCipherSuite, boolean boringSSL)
    • toOpenSslUncached

      static String toOpenSslUncached(String javaCipherSuite, boolean boringSSL)
    • toOpenSslHandshakeAlgo

      private static String toOpenSslHandshakeAlgo(String handshakeAlgo)
    • toOpenSslBulkCipher

      private static String toOpenSslBulkCipher(String bulkCipher)
    • toOpenSslHmacAlgo

      private static String toOpenSslHmacAlgo(String hmacAlgo)
    • toJava

      public static String toJava(String openSslCipherSuite, String protocol)
      Convert from OpenSSL cipher suite name convention to java cipher suite name convention.
      Parameters:
      openSslCipherSuite - An OpenSSL cipher suite name.
      protocol - The cryptographic protocol (i.e. SSL, TLS, ...).
      Returns:
      The translated cipher suite name according to java conventions (or null if translation was not possible).
    • cacheFromOpenSsl

      private static Map<String,String> cacheFromOpenSsl(String openSslCipherSuite)
    • toJavaUncached

      static String toJavaUncached(String openSslCipherSuite)
    • toJavaUncached0

      private static String toJavaUncached0(String openSslCipherSuite, boolean checkTls13)
    • toJavaHandshakeAlgo

      private static String toJavaHandshakeAlgo(String handshakeAlgo, boolean export)
    • toJavaBulkCipher

      private static String toJavaBulkCipher(String bulkCipher, boolean export)
    • toJavaHmacAlgo

      private static String toJavaHmacAlgo(String hmacAlgo)
    • convertToCipherStrings

      static void convertToCipherStrings(Iterable<String> cipherSuites, StringBuilder cipherBuilder, StringBuilder cipherTLSv13Builder, boolean boringSSL)
      Convert the given ciphers if needed to OpenSSL format and append them to the correct StringBuilder depending on if its a TLSv1.3 cipher or not. If this methods returns without throwing an exception its guaranteed that at least one of the StringBuilders contain some ciphers that can be used to configure OpenSSL.