AbstractCertificateVerifier Class — netty Architecture
Architecture documentation for the AbstractCertificateVerifier class in ReferenceCountedOpenSslContext.java from the netty codebase.
Entity Profile
Dependency Diagram
graph TD bd6cb3cd_28ba_9556_fe33_80dfb47504fa["AbstractCertificateVerifier"] ec821021_8733_8627_194f_15d27e6d1f67["ReferenceCountedOpenSslContext.java"] bd6cb3cd_28ba_9556_fe33_80dfb47504fa -->|defined in| ec821021_8733_8627_194f_15d27e6d1f67 c95ec1ac_c496_1ec1_6241_915e65960634["AbstractCertificateVerifier()"] bd6cb3cd_28ba_9556_fe33_80dfb47504fa -->|method| c95ec1ac_c496_1ec1_6241_915e65960634 88eaa78d_7923_5b08_eaca_7292b4cd8e6a["verify()"] bd6cb3cd_28ba_9556_fe33_80dfb47504fa -->|method| 88eaa78d_7923_5b08_eaca_7292b4cd8e6a df831a92_239f_6192_640e_8a708e1ffa88["translateToError()"] bd6cb3cd_28ba_9556_fe33_80dfb47504fa -->|method| df831a92_239f_6192_640e_8a708e1ffa88
Relationship Graph
Source Code
handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslContext.java lines 842–910
abstract static class AbstractCertificateVerifier extends CertificateVerifier {
private final Map<Long, ReferenceCountedOpenSslEngine> engines;
AbstractCertificateVerifier(Map<Long, ReferenceCountedOpenSslEngine> engines) {
this.engines = engines;
}
@Override
public final int verify(long ssl, byte[][] chain, String auth) {
final ReferenceCountedOpenSslEngine engine = engines.get(ssl);
if (engine == null) {
// May be null if it was destroyed in the meantime.
return CertificateVerifier.X509_V_ERR_UNSPECIFIED;
}
X509Certificate[] peerCerts = certificates(chain);
try {
verify(engine, peerCerts, auth);
return CertificateVerifier.X509_V_OK;
} catch (Throwable cause) {
logger.debug("verification of certificate failed", cause);
engine.initHandshakeException(cause);
// Try to extract the correct error code that should be used.
if (cause instanceof OpenSslCertificateException) {
// This will never return a negative error code as its validated when constructing the
// OpenSslCertificateException.
return ((OpenSslCertificateException) cause).errorCode();
}
if (cause instanceof CertificateExpiredException) {
return CertificateVerifier.X509_V_ERR_CERT_HAS_EXPIRED;
}
if (cause instanceof CertificateNotYetValidException) {
return CertificateVerifier.X509_V_ERR_CERT_NOT_YET_VALID;
}
return translateToError(cause);
}
}
private static int translateToError(Throwable cause) {
if (cause instanceof CertificateRevokedException) {
return CertificateVerifier.X509_V_ERR_CERT_REVOKED;
}
// The X509TrustManagerImpl uses a Validator which wraps a CertPathValidatorException into
// an CertificateException. So we need to handle the wrapped CertPathValidatorException to be
// able to send the correct alert.
Throwable wrapped = cause.getCause();
while (wrapped != null) {
if (wrapped instanceof CertPathValidatorException) {
CertPathValidatorException ex = (CertPathValidatorException) wrapped;
CertPathValidatorException.Reason reason = ex.getReason();
if (reason == CertPathValidatorException.BasicReason.EXPIRED) {
return CertificateVerifier.X509_V_ERR_CERT_HAS_EXPIRED;
}
if (reason == CertPathValidatorException.BasicReason.NOT_YET_VALID) {
return CertificateVerifier.X509_V_ERR_CERT_NOT_YET_VALID;
}
if (reason == CertPathValidatorException.BasicReason.REVOKED) {
return CertificateVerifier.X509_V_ERR_CERT_REVOKED;
}
}
wrapped = wrapped.getCause();
}
return CertificateVerifier.X509_V_ERR_UNSPECIFIED;
}
abstract void verify(ReferenceCountedOpenSslEngine engine, X509Certificate[] peerCerts,
String auth) throws Exception;
}
Source
Frequently Asked Questions
What is the AbstractCertificateVerifier class?
AbstractCertificateVerifier is a class in the netty codebase, defined in handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslContext.java.
Where is AbstractCertificateVerifier defined?
AbstractCertificateVerifier is defined in handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslContext.java at line 842.
Analyze Your Own Codebase
Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.
Try Supermodel Free