Package io.netty.handler.ssl
Class SslUtils
java.lang.Object
io.netty.handler.ssl.SslUtils
Constants for SSL packets.
-
Field Summary
FieldsModifier and TypeFieldDescription(package private) static final String[]
(package private) static final String[]
(package private) static final short
(package private) static final short
(package private) static final short
(package private) static final short
(package private) static final int
GMSSL Protocol Version(package private) static final String
private static final InternalLogger
(package private) static final int
data is not encrypted(package private) static final int
Not enough data in buffer to parse the record length(package private) static final String
(package private) static final String
(package private) static final int
alert(package private) static final int
application data(package private) static final int
change cipher spec(package private) static final int
HeartBeat Extension(package private) static final int
handshake(package private) static final int
the length of the ssl record header (in bytes)private static final boolean
private static final boolean
(package private) static final String[]
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescription(package private) static void
Add elements fromnames
intoenabled
if they are insupported
.(package private) static boolean
arrayContains
(String[] array, String value) (package private) static int
getEncryptedPacketLength
(ByteBuf buffer, int offset, boolean probeSSLv2) Return how much bytes can be read out of the encrypted data.private static int
getEncryptedPacketLength
(ByteBuffer buffer) (package private) static int
getEncryptedPacketLength
(ByteBuffer[] buffers, int offset) (package private) static SSLContext
getSSLContext
(String provider) private static String
(package private) static void
handleHandshakeFailure
(ChannelHandlerContext ctx, Throwable cause, boolean notify) (package private) static boolean
isTLSv13Cipher
(String cipher) Returnstrue
if the given cipher (in openssl format) is for TLSv1.3,false
otherwise.(package private) static boolean
isTLSv13EnabledByJDK
(Provider provider) Returnstrue
if the JDK itself supports TLSv1.3 and enabled it by default,false
otherwise.private static boolean
isTLSv13EnabledByJDK0
(Provider provider) (package private) static boolean
isTLSv13SupportedByJDK
(Provider provider) Returnstrue
if the JDK itself supports TLSv1.3,false
otherwise.private static boolean
isTLSv13SupportedByJDK0
(Provider provider) (package private) static boolean
isValidHostNameForSNI
(String hostname) Validate that the given hostname can be used in SNI extension.private static SSLContext
newInitContext
(Provider provider) private static short
private static short
shortBE
(ByteBuffer buffer, int offset) (package private) static ByteBuf
toBase64
(ByteBufAllocator allocator, ByteBuf src) Same asBase64.encode(ByteBuf, boolean)
but allows the use of a customByteBufAllocator
.(package private) static SSLHandshakeException
Converts the given exception to aSSLHandshakeException
, if it isn't already.private static short
unsignedByte
(byte b) private static int
unsignedShortBE
(ByteBuf buffer, int offset) private static int
unsignedShortBE
(ByteBuffer buffer, int offset) (package private) static void
useFallbackCiphersIfDefaultIsEmpty
(List<String> defaultCiphers, Iterable<String> fallbackCiphers) (package private) static void
useFallbackCiphersIfDefaultIsEmpty
(List<String> defaultCiphers, String... fallbackCiphers) (package private) static void
Fills theByteBuf
with zero bytes.(package private) static void
zerooutAndRelease
(ByteBuf buffer) Fills theByteBuf
with zero bytes and releases it.
-
Field Details
-
logger
-
TLSV13_CIPHERS
-
DTLS_1_0
static final short DTLS_1_0- See Also:
-
DTLS_1_2
static final short DTLS_1_2- See Also:
-
DTLS_1_3
static final short DTLS_1_3- See Also:
-
DTLS_RECORD_HEADER_LENGTH
static final short DTLS_RECORD_HEADER_LENGTH- See Also:
-
GMSSL_PROTOCOL_VERSION
static final int GMSSL_PROTOCOL_VERSIONGMSSL Protocol Version- See Also:
-
INVALID_CIPHER
- See Also:
-
SSL_CONTENT_TYPE_CHANGE_CIPHER_SPEC
static final int SSL_CONTENT_TYPE_CHANGE_CIPHER_SPECchange cipher spec- See Also:
-
SSL_CONTENT_TYPE_ALERT
static final int SSL_CONTENT_TYPE_ALERTalert- See Also:
-
SSL_CONTENT_TYPE_HANDSHAKE
static final int SSL_CONTENT_TYPE_HANDSHAKEhandshake- See Also:
-
SSL_CONTENT_TYPE_APPLICATION_DATA
static final int SSL_CONTENT_TYPE_APPLICATION_DATAapplication data- See Also:
-
SSL_CONTENT_TYPE_EXTENSION_HEARTBEAT
static final int SSL_CONTENT_TYPE_EXTENSION_HEARTBEATHeartBeat Extension- See Also:
-
SSL_RECORD_HEADER_LENGTH
static final int SSL_RECORD_HEADER_LENGTHthe length of the ssl record header (in bytes)- See Also:
-
NOT_ENOUGH_DATA
static final int NOT_ENOUGH_DATANot enough data in buffer to parse the record length- See Also:
-
NOT_ENCRYPTED
static final int NOT_ENCRYPTEDdata is not encrypted- See Also:
-
DEFAULT_CIPHER_SUITES
-
DEFAULT_TLSV13_CIPHER_SUITES
-
TLSV13_CIPHER_SUITES
-
PROBING_CERT
- See Also:
-
PROBING_KEY
- See Also:
-
TLSV1_3_JDK_SUPPORTED
private static final boolean TLSV1_3_JDK_SUPPORTED -
TLSV1_3_JDK_DEFAULT_ENABLED
private static final boolean TLSV1_3_JDK_DEFAULT_ENABLED
-
-
Constructor Details
-
SslUtils
private SslUtils()
-
-
Method Details
-
isTLSv13SupportedByJDK
Returnstrue
if the JDK itself supports TLSv1.3,false
otherwise. -
isTLSv13SupportedByJDK0
-
isTLSv13EnabledByJDK
Returnstrue
if the JDK itself supports TLSv1.3 and enabled it by default,false
otherwise. -
isTLSv13EnabledByJDK0
-
newInitContext
private static SSLContext newInitContext(Provider provider) throws NoSuchAlgorithmException, KeyManagementException -
getSSLContext
static SSLContext getSSLContext(String provider) throws NoSuchAlgorithmException, KeyManagementException, NoSuchProviderException -
getTlsVersion
-
arrayContains
-
addIfSupported
Add elements fromnames
intoenabled
if they are insupported
. -
useFallbackCiphersIfDefaultIsEmpty
-
useFallbackCiphersIfDefaultIsEmpty
-
toSSLHandshakeException
Converts the given exception to aSSLHandshakeException
, if it isn't already. -
getEncryptedPacketLength
Return how much bytes can be read out of the encrypted data. Be aware that this method will not increase the readerIndex of the givenByteBuf
.- Parameters:
buffer
- TheByteBuf
to read from.offset
- The offset to start from.probeSSLv2
-true
if the inputbuffer
might be SSLv2.- Returns:
- The length of the encrypted packet that is included in the buffer or
invalid @link
{@link #SslUtils#NOT_ENOUGH_DATA
ByteBuf
. This will returnNOT_ENCRYPTED
if the givenByteBuf
is not encrypted at all.
-
unsignedShortBE
-
shortBE
-
unsignedByte
private static short unsignedByte(byte b) -
unsignedShortBE
-
shortBE
-
getEncryptedPacketLength
-
getEncryptedPacketLength
-
handleHandshakeFailure
-
zeroout
Fills theByteBuf
with zero bytes. -
zerooutAndRelease
Fills theByteBuf
with zero bytes and releases it. -
toBase64
Same asBase64.encode(ByteBuf, boolean)
but allows the use of a customByteBufAllocator
.- See Also:
-
isValidHostNameForSNI
Validate that the given hostname can be used in SNI extension. -
isTLSv13Cipher
Returnstrue
if the given cipher (in openssl format) is for TLSv1.3,false
otherwise.
-