ReferenceCountedOpenSslClientContext Class — netty Architecture
Architecture documentation for the ReferenceCountedOpenSslClientContext class in ReferenceCountedOpenSslClientContext.java from the netty codebase.
Entity Profile
Dependency Diagram
graph TD 83d6329d_6707_0ba7_b929_d52e1cc5dcf0["ReferenceCountedOpenSslClientContext"] f8d0d0ad_c92a_c95d_60dc_9e28ea2de269["ReferenceCountedOpenSslClientContext.java"] 83d6329d_6707_0ba7_b929_d52e1cc5dcf0 -->|defined in| f8d0d0ad_c92a_c95d_60dc_9e28ea2de269 54f7736a_adfd_654c_b011_9beb1ef5362e["ReferenceCountedOpenSslClientContext()"] 83d6329d_6707_0ba7_b929_d52e1cc5dcf0 -->|method| 54f7736a_adfd_654c_b011_9beb1ef5362e 3ade9400_a85f_1392_29c8_dd4562bef618["OpenSslSessionContext()"] 83d6329d_6707_0ba7_b929_d52e1cc5dcf0 -->|method| 3ade9400_a85f_1392_29c8_dd4562bef618 a68e950c_c9f8_4196_ac2e_bfaf6daff7c0["setVerifyCallback()"] 83d6329d_6707_0ba7_b929_d52e1cc5dcf0 -->|method| a68e950c_c9f8_4196_ac2e_bfaf6daff7c0
Relationship Graph
Source Code
handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslClientContext.java lines 46–328
public final class ReferenceCountedOpenSslClientContext extends ReferenceCountedOpenSslContext {
private static final String[] SUPPORTED_KEY_TYPES = {
OpenSslKeyMaterialManager.KEY_TYPE_RSA,
OpenSslKeyMaterialManager.KEY_TYPE_DH_RSA,
OpenSslKeyMaterialManager.KEY_TYPE_EC,
OpenSslKeyMaterialManager.KEY_TYPE_EC_RSA,
OpenSslKeyMaterialManager.KEY_TYPE_EC_EC
};
private final OpenSslSessionContext sessionContext;
ReferenceCountedOpenSslClientContext(X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory,
X509Certificate[] keyCertChain, PrivateKey key, String keyPassword,
KeyManagerFactory keyManagerFactory, Iterable<String> ciphers,
CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn,
String[] protocols, long sessionCacheSize, long sessionTimeout,
boolean enableOcsp, String keyStore, String endpointIdentificationAlgorithm,
List<SNIServerName> serverNames, ResumptionController resumptionController,
Map.Entry<SslContextOption<?>, Object>... options) throws SSLException {
super(ciphers, cipherFilter, toNegotiator(apn), SSL.SSL_MODE_CLIENT, keyCertChain,
ClientAuth.NONE, protocols, false, endpointIdentificationAlgorithm, enableOcsp, true,
serverNames, resumptionController, options);
boolean success = false;
try {
sessionContext = newSessionContext(this, ctx, engines, trustCertCollection, trustManagerFactory,
keyCertChain, key, keyPassword, keyManagerFactory, keyStore,
sessionCacheSize, sessionTimeout, resumptionController,
isJdkSignatureFallbackEnabled(options));
success = true;
} finally {
if (!success) {
release();
}
}
}
@Override
public OpenSslSessionContext sessionContext() {
return sessionContext;
}
static OpenSslSessionContext newSessionContext(ReferenceCountedOpenSslContext thiz, long ctx,
Map<Long, ReferenceCountedOpenSslEngine> engines,
X509Certificate[] trustCertCollection,
TrustManagerFactory trustManagerFactory,
X509Certificate[] keyCertChain, PrivateKey key,
String keyPassword, KeyManagerFactory keyManagerFactory,
String keyStore, long sessionCacheSize, long sessionTimeout,
ResumptionController resumptionController,
boolean fallbackToJdkProviders)
throws SSLException {
if (key == null && keyCertChain != null || key != null && keyCertChain == null) {
throw new IllegalArgumentException(
"Either both keyCertChain and key needs to be null or none of them");
}
OpenSslKeyMaterialProvider keyMaterialProvider = null;
try {
try {
// Check if we have an alternative key that requires special handling
// Only detect alternative keys when we have an actual key object that can't be accessed directly
if (keyManagerFactory == null && key != null && key.getEncoded() == null) {
if (!fallbackToJdkProviders) {
throw new SSLException("Private key requiring alternative signature provider detected " +
"(such as hardware security key, smart card, or remote signing service) but " +
"alternative key fallback is disabled.");
}
keyMaterialProvider = setupSecurityProviderSignatureSource(thiz, ctx, keyCertChain, key,
materialManager -> new OpenSslClientCertificateCallback(
engines, materialManager));
} else if (!OpenSsl.useKeyManagerFactory()) {
if (keyManagerFactory != null) {
throw new IllegalArgumentException(
"KeyManagerFactory not supported");
}
if (keyCertChain != null/* && key != null*/) {
setKeyMaterial(ctx, keyCertChain, key, keyPassword);
}
} else {
// javadocs state that keyManagerFactory has precedent over keyCertChain
if (keyManagerFactory == null && keyCertChain != null) {Source
Frequently Asked Questions
What is the ReferenceCountedOpenSslClientContext class?
ReferenceCountedOpenSslClientContext is a class in the netty codebase, defined in handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslClientContext.java.
Where is ReferenceCountedOpenSslClientContext defined?
ReferenceCountedOpenSslClientContext is defined in handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslClientContext.java at line 46.
Analyze Your Own Codebase
Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.
Try Supermodel Free