Package io.netty.handler.ssl
Class CipherSuiteConverter
java.lang.Object
io.netty.handler.ssl.CipherSuiteConverter
Converts a Java cipher suite string to an OpenSSL cipher suite string and vice versa.
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionprivate static final class
Used to store nullable values in a CHM -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate static final ConcurrentMap
<String, CipherSuiteConverter.CachedValue> Java-to-OpenSSL cipher suite conversion map Note that the Java cipher suite has the protocol prefix (TLS_, SSL_)private static final Pattern
private static final Pattern
private static final Pattern
A_B_WITH_C_D, where: A - TLS or SSL (protocol) B - handshake algorithm (key exchange and authentication algorithms to be precise) C - bulk cipher D - HMAC algorithm This regular expression assumes that: 1) A is always TLS or SSL, and 2) D is always a single word.private static final InternalLogger
private static final ConcurrentMap
<String, Map<String, String>> OpenSSL-to-Java cipher suite conversion map.private static final Pattern
private static final Pattern
private static final Pattern
A-B-C, where: A - handshake algorithm (key exchange and authentication algorithms to be precise) B - bulk cipher C - HMAC algorithm This regular expression assumes that: 1) A has some deterministic pattern as shown below, and 2) C is always a single word -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprivate static String
cacheFromJava
(String javaCipherSuite, boolean boringSSL) cacheFromOpenSsl
(String openSslCipherSuite) (package private) static void
Clears the cache for testing purpose.(package private) static void
convertToCipherStrings
(Iterable<String> cipherSuites, StringBuilder cipherBuilder, StringBuilder cipherTLSv13Builder, boolean boringSSL) Convert the given ciphers if needed to OpenSSL format and append them to the correctStringBuilder
depending on if its a TLSv1.3 cipher or not.(package private) static boolean
isJ2OCached
(String key, String value) Tests if the specified key-value pair has been cached in Java-to-OpenSSL cache.(package private) static boolean
isO2JCached
(String key, String protocol, String value) Tests if the specified key-value pair has been cached in OpenSSL-to-Java cache.static String
Convert from OpenSSL cipher suite name convention to java cipher suite name convention.private static String
toJavaBulkCipher
(String bulkCipher, boolean export) private static String
toJavaHandshakeAlgo
(String handshakeAlgo, boolean export) private static String
toJavaHmacAlgo
(String hmacAlgo) (package private) static String
toJavaUncached
(String openSslCipherSuite) private static String
toJavaUncached0
(String openSslCipherSuite, boolean checkTls13) static String
Converts the specified Java cipher suite to its corresponding OpenSSL cipher suite name.private static String
toOpenSslBulkCipher
(String bulkCipher) private static String
toOpenSslHandshakeAlgo
(String handshakeAlgo) private static String
toOpenSslHmacAlgo
(String hmacAlgo) (package private) static String
toOpenSslUncached
(String javaCipherSuite, boolean boringSSL)
-
Field Details
-
logger
-
JAVA_CIPHERSUITE_PATTERN
A_B_WITH_C_D, where: A - TLS or SSL (protocol) B - handshake algorithm (key exchange and authentication algorithms to be precise) C - bulk cipher D - HMAC algorithm This regular expression assumes that: 1) A is always TLS or SSL, and 2) D is always a single word. -
OPENSSL_CIPHERSUITE_PATTERN
A-B-C, where: A - handshake algorithm (key exchange and authentication algorithms to be precise) B - bulk cipher C - HMAC algorithm This regular expression assumes that: 1) A has some deterministic pattern as shown below, and 2) C is always a single word -
JAVA_AES_CBC_PATTERN
-
JAVA_AES_PATTERN
-
OPENSSL_AES_CBC_PATTERN
-
OPENSSL_AES_PATTERN
-
j2o
Java-to-OpenSSL cipher suite conversion map Note that the Java cipher suite has the protocol prefix (TLS_, SSL_) -
o2j
OpenSSL-to-Java cipher suite conversion map. Note that one OpenSSL cipher suite can be converted to more than one Java cipher suites because a Java cipher suite has the protocol name prefix (TLS_, SSL_) -
j2oTls13
-
o2jTls13
-
-
Constructor Details
-
CipherSuiteConverter
private CipherSuiteConverter()
-
-
Method Details
-
clearCache
static void clearCache()Clears the cache for testing purpose. -
isJ2OCached
Tests if the specified key-value pair has been cached in Java-to-OpenSSL cache. -
isO2JCached
Tests if the specified key-value pair has been cached in OpenSSL-to-Java cache. -
toOpenSsl
Converts the specified Java cipher suite to its corresponding OpenSSL cipher suite name.- Returns:
null
if the conversion has failed
-
cacheFromJava
-
toOpenSslUncached
-
toOpenSslHandshakeAlgo
-
toOpenSslBulkCipher
-
toOpenSslHmacAlgo
-
toJava
Convert from OpenSSL cipher suite name convention to java cipher suite name convention.- Parameters:
openSslCipherSuite
- An OpenSSL cipher suite name.protocol
- The cryptographic protocol (i.e. SSL, TLS, ...).- Returns:
- The translated cipher suite name according to java conventions. This will not be
null
.
-
cacheFromOpenSsl
-
toJavaUncached
-
toJavaUncached0
-
toJavaHandshakeAlgo
-
toJavaBulkCipher
-
toJavaHmacAlgo
-
convertToCipherStrings
static void convertToCipherStrings(Iterable<String> cipherSuites, StringBuilder cipherBuilder, StringBuilder cipherTLSv13Builder, boolean boringSSL) Convert the given ciphers if needed to OpenSSL format and append them to the correctStringBuilder
depending on if its a TLSv1.3 cipher or not. If this methods returns without throwing an exception its guaranteed that at least one of theStringBuilder
s contain some ciphers that can be used to configure OpenSSL.
-