OpenSslKeyMaterialManager Class — netty Architecture

Architecture documentation for the OpenSslKeyMaterialManager class in OpenSslKeyMaterialManager.java from the netty codebase.

Class java

Entity Profile

Dependency Diagram

graph TD
  11ae770e_feee_981d_8065_927b3b5d177e["OpenSslKeyMaterialManager"]
  cfd6f163_db32_f08f_083b_eafc92bae5e8["OpenSslKeyMaterialManager.java"]
  11ae770e_feee_981d_8065_927b3b5d177e -->|defined in| cfd6f163_db32_f08f_083b_eafc92bae5e8
  13e06824_be11_6a38_4a24_c23302b23061["OpenSslKeyMaterialManager()"]
  11ae770e_feee_981d_8065_927b3b5d177e -->|method| 13e06824_be11_6a38_4a24_c23302b23061
  3b01879e_82cd_3256_f2aa_3ebac0487795["setKeyMaterialServerSide()"]
  11ae770e_feee_981d_8065_927b3b5d177e -->|method| 3b01879e_82cd_3256_f2aa_3ebac0487795
  3154b46f_de9b_ad12_1688_71a3cf3d3625["resolveKeyTypeBit()"]
  11ae770e_feee_981d_8065_927b3b5d177e -->|method| 3154b46f_de9b_ad12_1688_71a3cf3d3625
  0cf78ca6_47f3_71c0_6905_809b10d8e516["String()"]
  11ae770e_feee_981d_8065_927b3b5d177e -->|method| 0cf78ca6_47f3_71c0_6905_809b10d8e516
  8fc0e878_dd08_3919_d7a7_8883dc3bb47e["setKeyMaterialClientSide()"]
  11ae770e_feee_981d_8065_927b3b5d177e -->|method| 8fc0e878_dd08_3919_d7a7_8883dc3bb47e
  df75439f_1a1d_ea9c_9698_ca6c0b10cef2["setKeyMaterial()"]
  11ae770e_feee_981d_8065_927b3b5d177e -->|method| df75439f_1a1d_ea9c_9698_ca6c0b10cef2

Relationship Graph

Source Code

handler/src/main/java/io/netty/handler/ssl/OpenSslKeyMaterialManager.java lines 32–170

final class OpenSslKeyMaterialManager {

    // Code in this class is inspired by code of conscrypts:
    // - https://android.googlesource.com/platform/external/
    //   conscrypt/+/master/src/main/java/org/conscrypt/OpenSSLEngineImpl.java
    // - https://android.googlesource.com/platform/external/
    //   conscrypt/+/master/src/main/java/org/conscrypt/SSLParametersImpl.java
    //
    static final String KEY_TYPE_RSA = "RSA";
    static final String KEY_TYPE_DH_RSA = "DH_RSA";
    static final String KEY_TYPE_EC = "EC";
    static final String KEY_TYPE_EC_EC = "EC_EC";
    static final String KEY_TYPE_EC_RSA = "EC_RSA";

    private static final int TYPE_RSA     = 1;      // 00001
    private static final int TYPE_DH_RSA  = 1 << 1; // 00010
    private static final int TYPE_EC      = 1 << 2; // 00100
    private static final int TYPE_EC_EC   = 1 << 3; // 01000
    private static final int TYPE_EC_RSA  = 1 << 4; // 10000

    private final OpenSslKeyMaterialProvider provider;
    private final boolean hasTmpDhKeys;

    OpenSslKeyMaterialManager(OpenSslKeyMaterialProvider provider, boolean hasTmpDhKeys) {
        this.provider = provider;
        this.hasTmpDhKeys = hasTmpDhKeys;
    }

    void setKeyMaterialServerSide(ReferenceCountedOpenSslEngine engine) throws SSLException {
        String[] authMethods = engine.authMethods();
        if (authMethods.length == 0) {
            throw new SSLHandshakeException("Unable to find key material");
        }

        // authMethods may contain duplicates or may result in the same type
        // but call chooseServerAlias(...) may be expensive. So let's ensure
        // we filter out duplicates.

        int seenTypes = 0;
        for (String authMethod : authMethods) {
            int typeBit = resolveKeyTypeBit(authMethod);
            if (typeBit == 0 || (seenTypes & typeBit) != 0) {
                continue;
            }

            seenTypes |= typeBit; // mark as seen

            String keyType = keyTypeString(typeBit);
            String alias = chooseServerAlias(engine, keyType);
            if (alias != null) {
                setKeyMaterial(engine, alias);
                return;
            }
        }

        if (hasTmpDhKeys && authMethods.length == 1 &&
                ("DH_anon".equals(authMethods[0]) || "ECDH_anon".equals(authMethods[0]))) {
            return; // These auth methods don't require certificates.
        }
        throw new SSLHandshakeException("Unable to find key material for auth method(s): "
                + Arrays.toString(authMethods));
    }

    private static int resolveKeyTypeBit(String authMethod) {
        switch (authMethod) {
            case "RSA":
            case "DHE_RSA":
            case "ECDHE_RSA":
                return TYPE_RSA;
            case "DH_RSA":
                return TYPE_DH_RSA;
            case "ECDHE_ECDSA":
                return TYPE_EC;
            case "ECDH_ECDSA":
                return TYPE_EC_EC;
            case "ECDH_RSA":
                return TYPE_EC_RSA;
            default:
                return 0;
        }
    }

Defined In

handler/src/main/java/io/netty/handler/ssl/OpenSslKeyMaterialManager.java

Source

View on GitHub

Frequently Asked Questions

What is the OpenSslKeyMaterialManager class?

OpenSslKeyMaterialManager is a class in the netty codebase, defined in handler/src/main/java/io/netty/handler/ssl/OpenSslKeyMaterialManager.java.

Where is OpenSslKeyMaterialManager defined?

OpenSslKeyMaterialManager is defined in handler/src/main/java/io/netty/handler/ssl/OpenSslKeyMaterialManager.java at line 32.

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free