OpenSslClientCertificateCallback Class — netty Architecture

Architecture documentation for the OpenSslClientCertificateCallback class in ReferenceCountedOpenSslClientContext.java from the netty codebase.

Class java

Entity Profile

Dependency Diagram

graph TD
  5410a3e2_d64e_83db_1710_aeece8d7bcc5["OpenSslClientCertificateCallback"]
  f8d0d0ad_c92a_c95d_60dc_9e28ea2de269["ReferenceCountedOpenSslClientContext.java"]
  5410a3e2_d64e_83db_1710_aeece8d7bcc5 -->|defined in| f8d0d0ad_c92a_c95d_60dc_9e28ea2de269
  5ddfe2db_f794_824d_7909_30c1d80f123b["OpenSslClientCertificateCallback()"]
  5410a3e2_d64e_83db_1710_aeece8d7bcc5 -->|method| 5ddfe2db_f794_824d_7909_30c1d80f123b
  9846d54e_a7e6_2212_28f9_fe3cc6fa3750["handle()"]
  5410a3e2_d64e_83db_1710_aeece8d7bcc5 -->|method| 9846d54e_a7e6_2212_28f9_fe3cc6fa3750
  88af137d_bee6_ae66_136d_4f1d8a744b88["supportedClientKeyTypes()"]
  5410a3e2_d64e_83db_1710_aeece8d7bcc5 -->|method| 88af137d_bee6_ae66_136d_4f1d8a744b88
  94d0a30a_7272_4577_5516_0dd389d52a67["String()"]
  5410a3e2_d64e_83db_1710_aeece8d7bcc5 -->|method| 94d0a30a_7272_4577_5516_0dd389d52a67

Relationship Graph

Source Code

handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslClientContext.java lines 247–327

    private static final class OpenSslClientCertificateCallback implements CertificateCallback {
        private final Map<Long, ReferenceCountedOpenSslEngine> engines;
        private final OpenSslKeyMaterialManager keyManagerHolder;

        OpenSslClientCertificateCallback(Map<Long, ReferenceCountedOpenSslEngine> engines,
                                         OpenSslKeyMaterialManager keyManagerHolder) {
            this.engines = engines;
            this.keyManagerHolder = keyManagerHolder;
        }

        @Override
        public void handle(long ssl, byte[] keyTypeBytes, byte[][] asn1DerEncodedPrincipals) throws Exception {
            final ReferenceCountedOpenSslEngine engine = engines.get(ssl);
            // May be null if it was destroyed in the meantime.
            if (engine == null) {
                return;
            }
            try {
                final String[] keyTypes = supportedClientKeyTypes(keyTypeBytes);
                final X500Principal[] issuers;
                if (asn1DerEncodedPrincipals == null) {
                    issuers = null;
                } else {
                    issuers = new X500Principal[asn1DerEncodedPrincipals.length];
                    for (int i = 0; i < asn1DerEncodedPrincipals.length; i++) {
                        issuers[i] = new X500Principal(asn1DerEncodedPrincipals[i]);
                    }
                }
                keyManagerHolder.setKeyMaterialClientSide(engine, keyTypes, issuers);
            } catch (Throwable cause) {
                engine.initHandshakeException(cause);
                if (cause instanceof Exception) {
                    throw (Exception) cause;
                }
                throw new SSLException(cause);
            }
        }

        /**
         * Gets the supported key types for client certificates.
         *
         * @param clientCertificateTypes {@code ClientCertificateType} values provided by the server.
         *        See https://www.ietf.org/assignments/tls-parameters/tls-parameters.xml.
         * @return supported key types that can be used in {@code X509KeyManager.chooseClientAlias} and
         *         {@code X509ExtendedKeyManager.chooseEngineClientAlias}.
         */
        private static String[] supportedClientKeyTypes(byte[] clientCertificateTypes) {
            if (clientCertificateTypes == null) {
                // Try all of the supported key types.
                return SUPPORTED_KEY_TYPES.clone();
            }
            Set<String> result = new HashSet<>(clientCertificateTypes.length);
            for (byte keyTypeCode : clientCertificateTypes) {
                String keyType = clientKeyType(keyTypeCode);
                if (keyType == null) {
                    // Unsupported client key type -- ignore
                    continue;
                }
                result.add(keyType);
            }
            return result.toArray(EmptyArrays.EMPTY_STRINGS);
        }

        private static String clientKeyType(byte clientCertificateType) {
            // See also https://www.ietf.org/assignments/tls-parameters/tls-parameters.xml
            switch (clientCertificateType) {
                case CertificateCallback.TLS_CT_RSA_SIGN:
                    return OpenSslKeyMaterialManager.KEY_TYPE_RSA; // RFC rsa_sign
                case CertificateCallback.TLS_CT_RSA_FIXED_DH:
                    return OpenSslKeyMaterialManager.KEY_TYPE_DH_RSA; // RFC rsa_fixed_dh
                case CertificateCallback.TLS_CT_ECDSA_SIGN:
                    return OpenSslKeyMaterialManager.KEY_TYPE_EC; // RFC ecdsa_sign
                case CertificateCallback.TLS_CT_RSA_FIXED_ECDH:
                    return OpenSslKeyMaterialManager.KEY_TYPE_EC_RSA; // RFC rsa_fixed_ecdh
                case CertificateCallback.TLS_CT_ECDSA_FIXED_ECDH:
                    return OpenSslKeyMaterialManager.KEY_TYPE_EC_EC; // RFC ecdsa_fixed_ecdh
                default:
                    return null;
            }
        }
    }

Defined In

handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslClientContext.java

Source

View on GitHub

Frequently Asked Questions

What is the OpenSslClientCertificateCallback class?

OpenSslClientCertificateCallback is a class in the netty codebase, defined in handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslClientContext.java.

Where is OpenSslClientCertificateCallback defined?

OpenSslClientCertificateCallback is defined in handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslClientContext.java at line 247.

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free