JdkSslServerContext Class — netty Architecture

Architecture documentation for the JdkSslServerContext class in JdkSslServerContext.java from the netty codebase.

Class java

Entity Profile

Dependency Diagram

graph TD
  1676fcd7_94de_c9b5_7ee8_e94f94ffeb21["JdkSslServerContext"]
  4f6a283d_bf7f_0e7a_7823_749e63166590["JdkSslServerContext.java"]
  1676fcd7_94de_c9b5_7ee8_e94f94ffeb21 -->|defined in| 4f6a283d_bf7f_0e7a_7823_749e63166590
  407086cf_aa80_f2b9_7e8a_ab4da5103a62["checkIfWrappingTrustManagerIsSupported()"]
  1676fcd7_94de_c9b5_7ee8_e94f94ffeb21 -->|method| 407086cf_aa80_f2b9_7e8a_ab4da5103a62
  8f358a14_c40b_d879_32f2_214e2512d92b["JdkSslServerContext()"]
  1676fcd7_94de_c9b5_7ee8_e94f94ffeb21 -->|method| 8f358a14_c40b_d879_32f2_214e2512d92b
  9b49a65c_7f5f_3927_e295_319aa12bf09d["SSLContext()"]
  1676fcd7_94de_c9b5_7ee8_e94f94ffeb21 -->|method| 9b49a65c_7f5f_3927_e295_319aa12bf09d
  721d1894_07ae_4ae6_a7d5_54627c557712["wrapTrustManagerIfNeeded()"]
  1676fcd7_94de_c9b5_7ee8_e94f94ffeb21 -->|method| 721d1894_07ae_4ae6_a7d5_54627c557712

Relationship Graph

Source Code

handler/src/main/java/io/netty/handler/ssl/JdkSslServerContext.java lines 55–371

@Deprecated
public final class JdkSslServerContext extends JdkSslContext {

    private static final boolean WRAP_TRUST_MANAGER;
    static {
        boolean wrapTrustManager = false;
        try {
            checkIfWrappingTrustManagerIsSupported();
            wrapTrustManager = true;
        } catch (Throwable ignore) {
            // Just don't wrap as we might not be able to do so because of FIPS:
            // See https://github.com/netty/netty/issues/13840
        }
        WRAP_TRUST_MANAGER = wrapTrustManager;
    }

    // Package-private for testing.
    static void checkIfWrappingTrustManagerIsSupported() throws CertificateException,
            InvalidAlgorithmParameterException, NoSuchPaddingException, NoSuchAlgorithmException,
            InvalidKeySpecException, IOException, KeyException, KeyStoreException, UnrecoverableKeyException {
        X509Certificate[] certs = toX509Certificates(
                new ByteArrayInputStream(PROBING_CERT.getBytes(CharsetUtil.US_ASCII)));
        PrivateKey privateKey = toPrivateKey(new ByteArrayInputStream(
                PROBING_KEY.getBytes(CharsetUtil.UTF_8)), null);
        char[] keyStorePassword = keyStorePassword(null);
        KeyStore ks = buildKeyStore(certs, privateKey, keyStorePassword, null);
        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        kmf.init(ks, keyStorePassword);

        SSLContext ctx = SSLContext.getInstance(PROTOCOL);
        TrustManagerFactory tm = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tm.init((KeyStore) null);
        TrustManager[] managers = tm.getTrustManagers();

        ctx.init(kmf.getKeyManagers(), wrapTrustManagerIfNeeded(managers, null), null);
    }

    /**
     * Creates a new instance.
     *
     * @param certChainFile an X.509 certificate chain file in PEM format
     * @param keyFile a PKCS#8 private key file in PEM format
     * @deprecated use {@link SslContextBuilder}
     */
    @Deprecated
    public JdkSslServerContext(File certChainFile, File keyFile) throws SSLException {
        this(null, certChainFile, keyFile, null, null, IdentityCipherSuiteFilter.INSTANCE,
                JdkDefaultApplicationProtocolNegotiator.INSTANCE, 0, 0, null);
    }

    /**
     * Creates a new instance.
     *
     * @param certChainFile an X.509 certificate chain file in PEM format
     * @param keyFile a PKCS#8 private key file in PEM format
     * @param keyPassword the password of the {@code keyFile}.
     *                    {@code null} if it's not password-protected.
     * @deprecated use {@link SslContextBuilder}
     */
    @Deprecated
    public JdkSslServerContext(File certChainFile, File keyFile, String keyPassword) throws SSLException {
        this(certChainFile, keyFile, keyPassword, null, IdentityCipherSuiteFilter.INSTANCE,
                JdkDefaultApplicationProtocolNegotiator.INSTANCE, 0, 0);
    }

    /**
     * Creates a new instance.
     *
     * @param certChainFile an X.509 certificate chain file in PEM format
     * @param keyFile a PKCS#8 private key file in PEM format
     * @param keyPassword the password of the {@code keyFile}.
     *                    {@code null} if it's not password-protected.
     * @param ciphers the cipher suites to enable, in the order of preference.
     *                {@code null} to use the default cipher suites.
     * @param nextProtocols the application layer protocols to accept, in the order of preference.
     *                      {@code null} to disable TLS NPN/ALPN extension.
     * @param sessionCacheSize the size of the cache used for storing SSL session objects.
     *                         {@code 0} to use the default value.
     * @param sessionTimeout the timeout for the cached SSL session objects, in seconds.
     *                       {@code 0} to use the default value.
     * @deprecated use {@link SslContextBuilder}

Defined In

handler/src/main/java/io/netty/handler/ssl/JdkSslServerContext.java

Source

View on GitHub

Frequently Asked Questions

What is the JdkSslServerContext class?

JdkSslServerContext is a class in the netty codebase, defined in handler/src/main/java/io/netty/handler/ssl/JdkSslServerContext.java.

Where is JdkSslServerContext defined?

JdkSslServerContext is defined in handler/src/main/java/io/netty/handler/ssl/JdkSslServerContext.java at line 55.

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free