BoringSSLCertificateCallback Class — netty Architecture
Architecture documentation for the BoringSSLCertificateCallback class in BoringSSLCertificateCallback.java from the netty codebase.
Entity Profile
Dependency Diagram
graph TD 0fd0c2dd_82bc_1c80_9d13_1c23c790e939["BoringSSLCertificateCallback"] 0f11d429_b2b8_837b_879c_1570e9e30158["BoringSSLCertificateCallback.java"] 0fd0c2dd_82bc_1c80_9d13_1c23c790e939 -->|defined in| 0f11d429_b2b8_837b_879c_1570e9e30158 856ced2a_99b2_46d0_40d9_b871c0201aa2["BoringSSLCertificateCallback()"] 0fd0c2dd_82bc_1c80_9d13_1c23c790e939 -->|method| 856ced2a_99b2_46d0_40d9_b871c0201aa2 1ae3bf29_f26e_95be_f9d3_d5dc2a258dbf["handle()"] 0fd0c2dd_82bc_1c80_9d13_1c23c790e939 -->|method| 1ae3bf29_f26e_95be_f9d3_d5dc2a258dbf 044e02ff_832f_7528_120e_8b7fef7bceac["removeMappingIfNeeded()"] 0fd0c2dd_82bc_1c80_9d13_1c23c790e939 -->|method| 044e02ff_832f_7528_120e_8b7fef7bceac 59a02504_ab5b_7b5b_8310_539c93c5a317["selectKeyMaterialServerSide()"] 0fd0c2dd_82bc_1c80_9d13_1c23c790e939 -->|method| 59a02504_ab5b_7b5b_8310_539c93c5a317 252b7f62_56c7_6714_7ef3_718b8db1a936["selectKeyMaterialClientSide()"] 0fd0c2dd_82bc_1c80_9d13_1c23c790e939 -->|method| 252b7f62_56c7_6714_7ef3_718b8db1a936 917a7e9a_6d50_2b66_3dc7_6c4921049701["selectMaterial()"] 0fd0c2dd_82bc_1c80_9d13_1c23c790e939 -->|method| 917a7e9a_6d50_2b66_3dc7_6c4921049701 2249a005_a520_0ea3_b34b_2249ecad6a65["toPemEncoded()"] 0fd0c2dd_82bc_1c80_9d13_1c23c790e939 -->|method| 2249a005_a520_0ea3_b34b_2249ecad6a65 af9b356c_ba5b_075b_dd65_5afa6e2ab070["String()"] 0fd0c2dd_82bc_1c80_9d13_1c23c790e939 -->|method| af9b356c_ba5b_075b_dd65_5afa6e2ab070 a44defb1_f866_cc20_d5c6_0d9d7dd5d76d["supportedClientKeyTypes()"] 0fd0c2dd_82bc_1c80_9d13_1c23c790e939 -->|method| a44defb1_f866_cc20_d5c6_0d9d7dd5d76d
Relationship Graph
Source Code
codec-classes-quic/src/main/java/io/netty/handler/codec/quic/BoringSSLCertificateCallback.java lines 40–291
final class BoringSSLCertificateCallback {
private static final byte[] BEGIN_PRIVATE_KEY = "-----BEGIN PRIVATE KEY-----\n".getBytes(CharsetUtil.US_ASCII);
private static final byte[] END_PRIVATE_KEY = "\n-----END PRIVATE KEY-----\n".getBytes(CharsetUtil.US_ASCII);
/**
* The types contained in the {@code keyTypeBytes} array.
*/
// Extracted from https://github.com/openssl/openssl/blob/master/include/openssl/tls1.h
private static final byte TLS_CT_RSA_SIGN = 1;
private static final byte TLS_CT_DSS_SIGN = 2;
private static final byte TLS_CT_RSA_FIXED_DH = 3;
private static final byte TLS_CT_DSS_FIXED_DH = 4;
private static final byte TLS_CT_ECDSA_SIGN = 64;
private static final byte TLS_CT_RSA_FIXED_ECDH = 65;
private static final byte TLS_CT_ECDSA_FIXED_ECDH = 66;
// Code in this class is inspired by code of conscrypts:
// - https://android.googlesource.com/platform/external/
// conscrypt/+/master/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
// - https://android.googlesource.com/platform/external/
// conscrypt/+/master/src/main/java/org/conscrypt/SSLParametersImpl.java
//
static final String KEY_TYPE_RSA = "RSA";
static final String KEY_TYPE_DH_RSA = "DH_RSA";
static final String KEY_TYPE_EC = "EC";
static final String KEY_TYPE_EC_EC = "EC_EC";
static final String KEY_TYPE_EC_RSA = "EC_RSA";
// key type mappings for types.
private static final Map<String, String> DEFAULT_SERVER_KEY_TYPES = new HashMap<String, String>();
static {
DEFAULT_SERVER_KEY_TYPES.put("RSA", KEY_TYPE_RSA);
DEFAULT_SERVER_KEY_TYPES.put("DHE_RSA", KEY_TYPE_RSA);
DEFAULT_SERVER_KEY_TYPES.put("ECDHE_RSA", KEY_TYPE_RSA);
DEFAULT_SERVER_KEY_TYPES.put("ECDHE_ECDSA", KEY_TYPE_EC);
DEFAULT_SERVER_KEY_TYPES.put("ECDH_RSA", KEY_TYPE_EC_RSA);
DEFAULT_SERVER_KEY_TYPES.put("ECDH_ECDSA", KEY_TYPE_EC_EC);
DEFAULT_SERVER_KEY_TYPES.put("DH_RSA", KEY_TYPE_DH_RSA);
}
private static final Set<String> DEFAULT_CLIENT_KEY_TYPES = Collections.unmodifiableSet(new LinkedHashSet<>(
Arrays.asList(KEY_TYPE_RSA,
KEY_TYPE_DH_RSA,
KEY_TYPE_EC,
KEY_TYPE_EC_RSA,
KEY_TYPE_EC_EC)));
// Directly returning this is safe as we never modify it within our JNI code.
private static final long[] NO_KEY_MATERIAL_CLIENT_SIDE = new long[] { 0, 0 };
private final QuicheQuicSslEngineMap engineMap;
private final X509ExtendedKeyManager keyManager;
private final String password;
private final Map<String, String> serverKeyTypes;
private final Set<String> clientKeyTypes;
BoringSSLCertificateCallback(QuicheQuicSslEngineMap engineMap,
@Nullable X509ExtendedKeyManager keyManager,
String password,
Map<String, String> serverKeyTypes,
Set<String> clientKeyTypes) {
this.engineMap = engineMap;
this.keyManager = keyManager;
this.password = password;
this.serverKeyTypes = serverKeyTypes != null ? serverKeyTypes : DEFAULT_SERVER_KEY_TYPES;
this.clientKeyTypes = clientKeyTypes != null ? clientKeyTypes : DEFAULT_CLIENT_KEY_TYPES;
}
@SuppressWarnings("unused")
long @Nullable [] handle(long ssl, byte[] keyTypeBytes, byte @Nullable [][] asn1DerEncodedPrincipals,
String[] authMethods) {
QuicheQuicSslEngine engine = engineMap.get(ssl);
if (engine == null) {
return null;
}
try {
if (keyManager == null) {
if (engine.getUseClientMode()) {
return NO_KEY_MATERIAL_CLIENT_SIDE;Defined In
Source
Frequently Asked Questions
What is the BoringSSLCertificateCallback class?
BoringSSLCertificateCallback is a class in the netty codebase, defined in codec-classes-quic/src/main/java/io/netty/handler/codec/quic/BoringSSLCertificateCallback.java.
Where is BoringSSLCertificateCallback defined?
BoringSSLCertificateCallback is defined in codec-classes-quic/src/main/java/io/netty/handler/codec/quic/BoringSSLCertificateCallback.java at line 40.
Analyze Your Own Codebase
Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.
Try Supermodel Free