CipherSuiteCanaryTest Class — netty Architecture

Architecture documentation for the CipherSuiteCanaryTest class in CipherSuiteCanaryTest.java from the netty codebase.

Class java

Entity Profile

Dependency Diagram

graph TD
  ab6381a6_f969_6ff9_7dc9_1144730032e7["CipherSuiteCanaryTest"]
  f51186da_1384_f576_a051_e4e7122da87a["CipherSuiteCanaryTest.java"]
  ab6381a6_f969_6ff9_7dc9_1144730032e7 -->|defined in| f51186da_1384_f576_a051_e4e7122da87a
  44b07d4c_2068_b4d7_05ba_751ff01ee03c["parameters()"]
  ab6381a6_f969_6ff9_7dc9_1144730032e7 -->|method| 44b07d4c_2068_b4d7_05ba_751ff01ee03c
  83593002_91f8_cc02_30f2_815493bcb31d["init()"]
  ab6381a6_f969_6ff9_7dc9_1144730032e7 -->|method| 83593002_91f8_cc02_30f2_815493bcb31d
  02afd213_588b_ac6f_8314_fa884362518b["destroy()"]
  ab6381a6_f969_6ff9_7dc9_1144730032e7 -->|method| 02afd213_588b_ac6f_8314_fa884362518b
  03e9881c_2c51_2a77_b993_13603c2ccfda["assumeCipherAvailable()"]
  ab6381a6_f969_6ff9_7dc9_1144730032e7 -->|method| 03e9881c_2c51_2a77_b993_13603c2ccfda
  15f7e73f_64ef_09bc_e6dd_29172b83eb3d["SslHandler()"]
  ab6381a6_f969_6ff9_7dc9_1144730032e7 -->|method| 15f7e73f_64ef_09bc_e6dd_29172b83eb3d
  87f631b4_7f6e_b2c2_60d6_d3e0f574ee13["testHandshake()"]
  ab6381a6_f969_6ff9_7dc9_1144730032e7 -->|method| 87f631b4_7f6e_b2c2_60d6_d3e0f574ee13
  3098a28b_4d57_89ea_fcd4_2cb8e46f8fbe["Channel()"]
  ab6381a6_f969_6ff9_7dc9_1144730032e7 -->|method| 3098a28b_4d57_89ea_fcd4_2cb8e46f8fbe
  0f136b83_1558_aa90_a492_aab10b15897b["expand()"]
  ab6381a6_f969_6ff9_7dc9_1144730032e7 -->|method| 0f136b83_1558_aa90_a492_aab10b15897b

Relationship Graph

Source Code

handler/src/test/java/io/netty/handler/ssl/CipherSuiteCanaryTest.java lines 67–295

public class CipherSuiteCanaryTest {

    private static EventLoopGroup GROUP;

    private static X509Bundle CERT;

    static Collection<Object[]> parameters() {
       List<Object[]> dst = new ArrayList<Object[]>();
       dst.addAll(expand("TLS_DHE_RSA_WITH_AES_128_GCM_SHA256")); // DHE-RSA-AES128-GCM-SHA256
       return dst;
    }

    @BeforeAll
    public static void init() throws Exception {
        GROUP = new MultiThreadIoEventLoopGroup(LocalIoHandler.newFactory());
        CERT = new CertificateBuilder()
                .rsa2048()
                .subject("cn=localhost")
                .setIsCertificateAuthority(true)
                .buildSelfSigned();
    }

    @AfterAll
    public static void destroy() {
        GROUP.shutdownGracefully();
    }

    private static void assumeCipherAvailable(SslProvider provider, String cipher) throws NoSuchAlgorithmException {
        boolean cipherSupported = false;
        if (provider == SslProvider.JDK) {
            SSLEngine engine = SSLContext.getDefault().createSSLEngine();
            for (String c: engine.getSupportedCipherSuites()) {
               if (cipher.equals(c)) {
                   cipherSupported = true;
                   break;
               }
            }
        } else {
            cipherSupported = OpenSsl.isCipherSuiteAvailable(cipher);
        }
        assumeTrue(cipherSupported, "Unsupported cipher: " + cipher);
    }

    private static SslHandler newSslHandler(SslContext sslCtx, ByteBufAllocator allocator, Executor executor) {
        if (executor == null) {
            return sslCtx.newHandler(allocator);
        } else {
            return sslCtx.newHandler(allocator, executor);
        }
    }

    @ParameterizedTest(
            name = "{index}: serverSslProvider = {0}, clientSslProvider = {1}, rfcCipherName = {2}, delegate = {3}")
    @MethodSource("parameters")
    public void testHandshake(SslProvider serverSslProvider, SslProvider clientSslProvider,
                              String rfcCipherName, boolean delegate) throws Exception {
        // Check if the cipher is supported at all which may not be the case for various JDK versions and OpenSSL API
        // implementations.
        assumeCipherAvailable(serverSslProvider, rfcCipherName);
        assumeCipherAvailable(clientSslProvider, rfcCipherName);

        List<String> ciphers = Collections.singletonList(rfcCipherName);

        PrivateKey privateKey = CERT.getKeyPair().getPrivate();
        X509Certificate[] certChain = CERT.getCertificatePath();
        final SslContext sslServerContext = SslContextBuilder.forServer(privateKey, certChain)
                .sslProvider(serverSslProvider)
                .ciphers(ciphers)
                // As this is not a TLSv1.3 cipher we should ensure we talk something else.
                .protocols(SslProtocols.TLS_v1_2)
                .build();

        final ExecutorService executorService = delegate ? Executors.newCachedThreadPool() : null;

        try {
            final SslContext sslClientContext = SslContextBuilder.forClient()
                    .sslProvider(clientSslProvider)
                    .ciphers(ciphers)
                    // As this is not a TLSv1.3 cipher we should ensure we talk something else.
                    .protocols(SslProtocols.TLS_v1_2)
                    .trustManager(InsecureTrustManagerFactory.INSTANCE)

Defined In

handler/src/test/java/io/netty/handler/ssl/CipherSuiteCanaryTest.java

Source

View on GitHub

Frequently Asked Questions

What is the CipherSuiteCanaryTest class?

CipherSuiteCanaryTest is a class in the netty codebase, defined in handler/src/test/java/io/netty/handler/ssl/CipherSuiteCanaryTest.java.

Where is CipherSuiteCanaryTest defined?

CipherSuiteCanaryTest is defined in handler/src/test/java/io/netty/handler/ssl/CipherSuiteCanaryTest.java at line 67.

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free