netty Architecture Docs
Home / Class/ QuicheQuicSslContext Class — netty Architecture

QuicheQuicSslContext Class — netty Architecture

Architecture documentation for the QuicheQuicSslContext class in QuicheQuicSslContext.java from the netty codebase.

Class java

Entity Profile

Dependency Diagram

graph TD
  ea71e2fc_ba66_6542_2be3_948d21522ebd["QuicheQuicSslContext"]
  7b815335_75fd_a659_f30a_67478cd8f044["QuicheQuicSslContext.java"]
  ea71e2fc_ba66_6542_2be3_948d21522ebd -->|defined in| 7b815335_75fd_a659_f30a_67478cd8f044
  4c11817f_e3df_d049_1a15_4c91d56786ee["QuicheQuicSslContext()"]
  ea71e2fc_ba66_6542_2be3_948d21522ebd -->|method| 4c11817f_e3df_d049_1a15_4c91d56786ee
  c3a3e7d9_22f1_ee4d_2f18_8275226cc5ef["X509ExtendedKeyManager()"]
  ea71e2fc_ba66_6542_2be3_948d21522ebd -->|method| c3a3e7d9_22f1_ee4d_2f18_8275226cc5ef
  9fa60750_2c45_2c2d_d415_6b6d37f5552a["X509TrustManager()"]
  ea71e2fc_ba66_6542_2be3_948d21522ebd -->|method| 9fa60750_2c45_2c2d_d415_6b6d37f5552a
  8c155c70_1599_79bd_a2d6_563cb3d38e10["toX509Certificates0()"]
  ea71e2fc_ba66_6542_2be3_948d21522ebd -->|method| 8c155c70_1599_79bd_a2d6_563cb3d38e10
  c10e7eea_b9d7_5bb1_ce0d_2b7158de4a4a["PrivateKey()"]
  ea71e2fc_ba66_6542_2be3_948d21522ebd -->|method| c10e7eea_b9d7_5bb1_ce0d_2b7158de4a4a
  18d10522_a845_2342_d8a2_9be62eb82454["TrustManagerFactory()"]
  ea71e2fc_ba66_6542_2be3_948d21522ebd -->|method| 18d10522_a845_2342_d8a2_9be62eb82454
  7aa1baed_7f72_e9ff_a127_01873d1e70f8["boringSSLVerifyModeForServer()"]
  ea71e2fc_ba66_6542_2be3_948d21522ebd -->|method| 7aa1baed_7f72_e9ff_a127_01873d1e70f8
  06da7763_abb6_4cbd_09a4_a19e536c592e["QuicheQuicConnection()"]
  ea71e2fc_ba66_6542_2be3_948d21522ebd -->|method| 06da7763_abb6_4cbd_09a4_a19e536c592e
  f51fe718_2235_ebd0_fc8b_48e726612e61["add()"]
  ea71e2fc_ba66_6542_2be3_948d21522ebd -->|method| f51fe718_2235_ebd0_fc8b_48e726612e61
  e71cf020_2ddf_a517_7c0b_c409f20980cc["remove()"]
  ea71e2fc_ba66_6542_2be3_948d21522ebd -->|method| e71cf020_2ddf_a517_7c0b_c409f20980cc
  c847f4c9_fcd2_70a9_1528_191d4644c2b6["QuicClientSessionCache()"]
  ea71e2fc_ba66_6542_2be3_948d21522ebd -->|method| c847f4c9_fcd2_70a9_1528_191d4644c2b6
  dca8ae31_17df_6dbd_0591_33072f803abc["isClient()"]
  ea71e2fc_ba66_6542_2be3_948d21522ebd -->|method| dca8ae31_17df_6dbd_0591_33072f803abc
  918c19b3_46cc_4b72_9e43_2c060893ec1d["cipherSuites()"]
  ea71e2fc_ba66_6542_2be3_948d21522ebd -->|method| 918c19b3_46cc_4b72_9e43_2c060893ec1d

Relationship Graph

Source Code

codec-classes-quic/src/main/java/io/netty/handler/codec/quic/QuicheQuicSslContext.java lines 62–640

final class QuicheQuicSslContext extends QuicSslContext {

    private static final InternalLogger LOGGER = InternalLoggerFactory.getInstance(QuicheQuicSslContext.class);

    // Use default that is supported in java 11 and earlier and also in OpenSSL / BoringSSL.
    // See https://github.com/netty/netty-tcnative/issues/567
    // See https://www.java.com/en/configure_crypto.html for ordering
    private static final String[] DEFAULT_NAMED_GROUPS = { "x25519", "secp256r1", "secp384r1", "secp521r1" };
    private static final String[] NAMED_GROUPS;

    static {
        String[] namedGroups = DEFAULT_NAMED_GROUPS;
        Set<String> defaultConvertedNamedGroups = new LinkedHashSet<>(namedGroups.length);
        for (int i = 0; i < namedGroups.length; i++) {
            defaultConvertedNamedGroups.add(GroupsConverter.toBoringSSL(namedGroups[i]));
        }

        // Call Quic.isAvailable() first to ensure native lib is loaded.
        // See https://github.com/netty/netty-incubator-codec-quic/issues/759
        if (Quic.isAvailable()) {
            final long sslCtx = BoringSSL.SSLContext_new();
            try {
                // Let's filter out any group that is not supported from the default.
                Iterator<String> defaultGroupsIter = defaultConvertedNamedGroups.iterator();
                while (defaultGroupsIter.hasNext()) {
                    if (BoringSSL.SSLContext_set1_groups_list(sslCtx, defaultGroupsIter.next()) == 0) {
                        // Not supported, let's remove it. This could for example be the case if we use
                        // fips and the configure group is not supported when using FIPS.
                        // See https://github.com/netty/netty-tcnative/issues/883
                        defaultGroupsIter.remove();
                    }
                }

                String groups = SystemPropertyUtil.get("jdk.tls.namedGroups", null);
                if (groups != null) {
                    String[] nGroups = groups.split(",");
                    Set<String> supportedNamedGroups = new LinkedHashSet<>(nGroups.length);
                    Set<String> supportedConvertedNamedGroups = new LinkedHashSet<>(nGroups.length);

                    Set<String> unsupportedNamedGroups = new LinkedHashSet<>();
                    for (String namedGroup : nGroups) {
                        String converted = GroupsConverter.toBoringSSL(namedGroup);
                        // Will return 0 on failure.
                        if (BoringSSL.SSLContext_set1_groups_list(sslCtx, converted) == 0) {
                            unsupportedNamedGroups.add(namedGroup);
                        } else {
                            supportedConvertedNamedGroups.add(converted);
                            supportedNamedGroups.add(namedGroup);
                        }
                    }

                    if (supportedNamedGroups.isEmpty()) {
                        namedGroups = defaultConvertedNamedGroups.toArray(EmptyArrays.EMPTY_STRINGS);
                        LOGGER.info("All configured namedGroups are not supported: {}. Use default: {}.",
                                Arrays.toString(unsupportedNamedGroups.toArray(EmptyArrays.EMPTY_STRINGS)),
                                Arrays.toString(DEFAULT_NAMED_GROUPS));
                    } else {
                        String[] groupArray = supportedNamedGroups.toArray(EmptyArrays.EMPTY_STRINGS);
                        if (unsupportedNamedGroups.isEmpty()) {
                            LOGGER.info("Using configured namedGroups -D 'jdk.tls.namedGroup': {} ",
                                    Arrays.toString(groupArray));
                        } else {
                            LOGGER.info("Using supported configured namedGroups: {}. Unsupported namedGroups: {}. ",
                                    Arrays.toString(groupArray),
                                    Arrays.toString(unsupportedNamedGroups.toArray(EmptyArrays.EMPTY_STRINGS)));
                        }
                        namedGroups = supportedConvertedNamedGroups.toArray(EmptyArrays.EMPTY_STRINGS);
                    }
                } else {
                    namedGroups = defaultConvertedNamedGroups.toArray(EmptyArrays.EMPTY_STRINGS);
                }
            } finally {
                BoringSSL.SSLContext_free(sslCtx);
            }
        }
        NAMED_GROUPS = namedGroups;
    }

    final ClientAuth clientAuth;
    private final boolean server;
    @SuppressWarnings("deprecation")

Defined In

Source

Frequently Asked Questions

What is the QuicheQuicSslContext class?
QuicheQuicSslContext is a class in the netty codebase, defined in codec-classes-quic/src/main/java/io/netty/handler/codec/quic/QuicheQuicSslContext.java.
Where is QuicheQuicSslContext defined?
QuicheQuicSslContext is defined in codec-classes-quic/src/main/java/io/netty/handler/codec/quic/QuicheQuicSslContext.java at line 62.

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free