ReferenceCountedOpenSslServerContext Class — netty Architecture
Architecture documentation for the ReferenceCountedOpenSslServerContext class in ReferenceCountedOpenSslServerContext.java from the netty codebase.
Entity Profile
Dependency Diagram
graph TD debe5c29_a96c_0d49_eeb8_ba27d9d9b49c["ReferenceCountedOpenSslServerContext"] cc6da83e_c7b0_fd91_b2fe_e5c2bbaf3047["ReferenceCountedOpenSslServerContext.java"] debe5c29_a96c_0d49_eeb8_ba27d9d9b49c -->|defined in| cc6da83e_c7b0_fd91_b2fe_e5c2bbaf3047 421e7e30_98a0_22b8_d79c_612decf41068["ReferenceCountedOpenSslServerContext()"] debe5c29_a96c_0d49_eeb8_ba27d9d9b49c -->|method| 421e7e30_98a0_22b8_d79c_612decf41068 4f45101f_83e6_0150_80b9_6d36a81eeda0["OpenSslServerSessionContext()"] debe5c29_a96c_0d49_eeb8_ba27d9d9b49c -->|method| 4f45101f_83e6_0150_80b9_6d36a81eeda0 dae5257b_c1e0_90ba_5a06_d6692fdfc2a0["setVerifyCallback()"] debe5c29_a96c_0d49_eeb8_ba27d9d9b49c -->|method| dae5257b_c1e0_90ba_5a06_d6692fdfc2a0
Relationship Graph
Source Code
handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslServerContext.java lines 47–311
public final class ReferenceCountedOpenSslServerContext extends ReferenceCountedOpenSslContext {
private static final InternalLogger logger =
InternalLoggerFactory.getInstance(ReferenceCountedOpenSslServerContext.class);
private static final byte[] ID = {'n', 'e', 't', 't', 'y'};
private final OpenSslServerSessionContext sessionContext;
ReferenceCountedOpenSslServerContext(
X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory,
X509Certificate[] keyCertChain, PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory,
Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn,
long sessionCacheSize, long sessionTimeout, ClientAuth clientAuth, String[] protocols, boolean startTls,
boolean enableOcsp, String keyStore, ResumptionController resumptionController,
Map.Entry<SslContextOption<?>, Object>... options) throws SSLException {
this(trustCertCollection, trustManagerFactory, keyCertChain, key, keyPassword, keyManagerFactory, ciphers,
cipherFilter, toNegotiator(apn), sessionCacheSize, sessionTimeout, clientAuth, protocols, startTls,
enableOcsp, keyStore, resumptionController, options);
}
ReferenceCountedOpenSslServerContext(
X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory,
X509Certificate[] keyCertChain, PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory,
Iterable<String> ciphers, CipherSuiteFilter cipherFilter, OpenSslApplicationProtocolNegotiator apn,
long sessionCacheSize, long sessionTimeout, ClientAuth clientAuth, String[] protocols, boolean startTls,
boolean enableOcsp, String keyStore, ResumptionController resumptionController,
Map.Entry<SslContextOption<?>, Object>... options) throws SSLException {
super(ciphers, cipherFilter, apn, SSL.SSL_MODE_SERVER, keyCertChain,
clientAuth, protocols, startTls,
null, // No endpoint validation for servers.
enableOcsp, true, null, resumptionController, options);
// Create a new SSL_CTX and configure it.
boolean success = false;
try {
sessionContext = newSessionContext(this, ctx, engines, trustCertCollection, trustManagerFactory,
keyCertChain, key, keyPassword, keyManagerFactory, keyStore,
sessionCacheSize, sessionTimeout, resumptionController, isJdkSignatureFallbackEnabled(options));
if (SERVER_ENABLE_SESSION_TICKET) {
sessionContext.setTicketKeys();
}
success = true;
} finally {
if (!success) {
release();
}
}
}
@Override
public OpenSslServerSessionContext sessionContext() {
return sessionContext;
}
static OpenSslServerSessionContext newSessionContext(ReferenceCountedOpenSslContext thiz, long ctx,
Map<Long, ReferenceCountedOpenSslEngine> engines,
X509Certificate[] trustCertCollection,
TrustManagerFactory trustManagerFactory,
X509Certificate[] keyCertChain, PrivateKey key,
String keyPassword, KeyManagerFactory keyManagerFactory,
String keyStore, long sessionCacheSize, long sessionTimeout,
ResumptionController resumptionController,
boolean fallbackToJdkSignatureProviders)
throws SSLException {
OpenSslKeyMaterialProvider keyMaterialProvider = null;
try {
try {
SSLContext.setVerify(ctx, SSL.SSL_CVERIFY_NONE, VERIFY_DEPTH);
// Check if we have an alternative key that requires special handling
// Only detect alternative keys when we have an actual key object that can't be accessed directly
if (keyManagerFactory == null && key != null && key.getEncoded() == null) {
if (!fallbackToJdkSignatureProviders) {
// Alternative key without fallback enabled
throw new SSLException("Private key requiring alternative signature provider detected " +
"(such as hardware security key, smart card, or remote signing service) but " +
"alternative key fallback is disabled.");
}
keyMaterialProvider = setupSecurityProviderSignatureSource(thiz, ctx, keyCertChain, key,
manager -> new OpenSslServerCertificateCallback(engines, manager));
} else if (!OpenSsl.useKeyManagerFactory()) {
if (keyManagerFactory != null) {
throw new IllegalArgumentException(
"KeyManagerFactory not supported with external keys");Source
Frequently Asked Questions
What is the ReferenceCountedOpenSslServerContext class?
ReferenceCountedOpenSslServerContext is a class in the netty codebase, defined in handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslServerContext.java.
Where is ReferenceCountedOpenSslServerContext defined?
ReferenceCountedOpenSslServerContext is defined in handler/src/main/java/io/netty/handler/ssl/ReferenceCountedOpenSslServerContext.java at line 47.
Analyze Your Own Codebase
Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.
Try Supermodel Free