Class SslUtils

java.lang.Object
io.netty.handler.ssl.SslUtils

final class SslUtils extends Object
Constants for SSL packets.
  • Field Details

    • logger

      private static final InternalLogger logger
    • TLSV13_CIPHERS

      static final Set<String> TLSV13_CIPHERS
    • DTLS_1_0

      static final short DTLS_1_0
      See Also:
    • DTLS_1_2

      static final short DTLS_1_2
      See Also:
    • DTLS_1_3

      static final short DTLS_1_3
      See Also:
    • DTLS_RECORD_HEADER_LENGTH

      static final short DTLS_RECORD_HEADER_LENGTH
      See Also:
    • GMSSL_PROTOCOL_VERSION

      static final int GMSSL_PROTOCOL_VERSION
      GMSSL Protocol Version
      See Also:
    • INVALID_CIPHER

      static final String INVALID_CIPHER
      See Also:
    • SSL_CONTENT_TYPE_CHANGE_CIPHER_SPEC

      static final int SSL_CONTENT_TYPE_CHANGE_CIPHER_SPEC
      change cipher spec
      See Also:
    • SSL_CONTENT_TYPE_ALERT

      static final int SSL_CONTENT_TYPE_ALERT
      alert
      See Also:
    • SSL_CONTENT_TYPE_HANDSHAKE

      static final int SSL_CONTENT_TYPE_HANDSHAKE
      handshake
      See Also:
    • SSL_CONTENT_TYPE_APPLICATION_DATA

      static final int SSL_CONTENT_TYPE_APPLICATION_DATA
      application data
      See Also:
    • SSL_CONTENT_TYPE_EXTENSION_HEARTBEAT

      static final int SSL_CONTENT_TYPE_EXTENSION_HEARTBEAT
      HeartBeat Extension
      See Also:
    • SSL_RECORD_HEADER_LENGTH

      static final int SSL_RECORD_HEADER_LENGTH
      the length of the ssl record header (in bytes)
      See Also:
    • NOT_ENOUGH_DATA

      static final int NOT_ENOUGH_DATA
      Not enough data in buffer to parse the record length
      See Also:
    • NOT_ENCRYPTED

      static final int NOT_ENCRYPTED
      data is not encrypted
      See Also:
    • DEFAULT_CIPHER_SUITES

      static final String[] DEFAULT_CIPHER_SUITES
    • DEFAULT_TLSV13_CIPHER_SUITES

      static final String[] DEFAULT_TLSV13_CIPHER_SUITES
    • TLSV13_CIPHER_SUITES

      static final String[] TLSV13_CIPHER_SUITES
    • PROBING_CERT

      static final String PROBING_CERT
      See Also:
    • PROBING_KEY

      static final String PROBING_KEY
      See Also:
    • TLSV1_3_JDK_SUPPORTED

      private static final boolean TLSV1_3_JDK_SUPPORTED
    • TLSV1_3_JDK_DEFAULT_ENABLED

      private static final boolean TLSV1_3_JDK_DEFAULT_ENABLED
  • Constructor Details

    • SslUtils

      private SslUtils()
  • Method Details

    • isTLSv13SupportedByJDK

      static boolean isTLSv13SupportedByJDK(Provider provider)
      Returns true if the JDK itself supports TLSv1.3, false otherwise.
    • isTLSv13SupportedByJDK0

      private static boolean isTLSv13SupportedByJDK0(Provider provider)
    • isTLSv13EnabledByJDK

      static boolean isTLSv13EnabledByJDK(Provider provider)
      Returns true if the JDK itself supports TLSv1.3 and enabled it by default, false otherwise.
    • isTLSv13EnabledByJDK0

      private static boolean isTLSv13EnabledByJDK0(Provider provider)
    • newInitContext

      private static SSLContext newInitContext(Provider provider) throws NoSuchAlgorithmException, KeyManagementException
      Throws:
      NoSuchAlgorithmException
      KeyManagementException
    • getSSLContext

      Throws:
      NoSuchAlgorithmException
      KeyManagementException
      NoSuchProviderException
    • getTlsVersion

      private static String getTlsVersion()
    • arrayContains

      static boolean arrayContains(String[] array, String value)
    • addIfSupported

      static void addIfSupported(Set<String> supported, List<String> enabled, String... names)
      Add elements from names into enabled if they are in supported.
    • useFallbackCiphersIfDefaultIsEmpty

      static void useFallbackCiphersIfDefaultIsEmpty(List<String> defaultCiphers, Iterable<String> fallbackCiphers)
    • useFallbackCiphersIfDefaultIsEmpty

      static void useFallbackCiphersIfDefaultIsEmpty(List<String> defaultCiphers, String... fallbackCiphers)
    • toSSLHandshakeException

      static SSLHandshakeException toSSLHandshakeException(Throwable e)
      Converts the given exception to a SSLHandshakeException, if it isn't already.
    • getEncryptedPacketLength

      static int getEncryptedPacketLength(ByteBuf buffer, int offset)
      Return how much bytes can be read out of the encrypted data. Be aware that this method will not increase the readerIndex of the given ByteBuf.
      Parameters:
      buffer - The ByteBuf to read from.
      Returns:
      length The length of the encrypted packet that is included in the buffer or
      invalid @link
      {@link #SslUtils#NOT_ENOUGH_DATA
      } if not enough data is present in the ByteBuf. This will return NOT_ENCRYPTED if the given ByteBuf is not encrypted at all.
    • unsignedShortBE

      private static int unsignedShortBE(ByteBuf buffer, int offset)
    • shortBE

      private static short shortBE(ByteBuf buffer, int offset)
    • unsignedByte

      private static short unsignedByte(byte b)
    • unsignedShortBE

      private static int unsignedShortBE(ByteBuffer buffer, int offset)
    • shortBE

      private static short shortBE(ByteBuffer buffer, int offset)
    • getEncryptedPacketLength

      static int getEncryptedPacketLength(ByteBuffer[] buffers, int offset)
    • getEncryptedPacketLength

      private static int getEncryptedPacketLength(ByteBuffer buffer)
    • handleHandshakeFailure

      static void handleHandshakeFailure(ChannelHandlerContext ctx, Throwable cause, boolean notify)
    • zeroout

      static void zeroout(ByteBuf buffer)
      Fills the ByteBuf with zero bytes.
    • zerooutAndRelease

      static void zerooutAndRelease(ByteBuf buffer)
      Fills the ByteBuf with zero bytes and releases it.
    • toBase64

      static ByteBuf toBase64(ByteBufAllocator allocator, ByteBuf src)
      Same as Base64.encode(ByteBuf, boolean) but allows the use of a custom ByteBufAllocator.
      See Also:
    • isValidHostNameForSNI

      static boolean isValidHostNameForSNI(String hostname)
      Validate that the given hostname can be used in SNI extension.
    • isTLSv13Cipher

      static boolean isTLSv13Cipher(String cipher)
      Returns true if the given cipher (in openssl format) is for TLSv1.3, false otherwise.