ResumptionController Class — netty Architecture

Architecture documentation for the ResumptionController class in ResumptionController.java from the netty codebase.

Class java

Entity Profile

Dependency Diagram

graph TD
  49bf5aad_8689_2271_b5e4_1894e1632471["ResumptionController"]
  b53e744f_3d38_f8c0_f481_1a76a9c8e664["ResumptionController.java"]
  49bf5aad_8689_2271_b5e4_1894e1632471 -->|defined in| b53e744f_3d38_f8c0_f481_1a76a9c8e664
  6830e93a_6aa0_b5a3_2acd_1f10d6b74c25["ResumptionController()"]
  49bf5aad_8689_2271_b5e4_1894e1632471 -->|method| 6830e93a_6aa0_b5a3_2acd_1f10d6b74c25
  9f96930e_5a04_0ce9_5bdd_a373b70ea350["TrustManager()"]
  49bf5aad_8689_2271_b5e4_1894e1632471 -->|method| 9f96930e_5a04_0ce9_5bdd_a373b70ea350
  38219bc2_8214_b6d3_3263_9bb76cf45502["remove()"]
  49bf5aad_8689_2271_b5e4_1894e1632471 -->|method| 38219bc2_8214_b6d3_3263_9bb76cf45502
  3faf428b_0589_02f1_21e7_4c3539989627["validateResumeIfNeeded()"]
  49bf5aad_8689_2271_b5e4_1894e1632471 -->|method| 3faf428b_0589_02f1_21e7_4c3539989627
  efb6172f_0f28_8d73_cd71_fcce70be8be1["SSLEngine()"]
  49bf5aad_8689_2271_b5e4_1894e1632471 -->|method| efb6172f_0f28_8d73_cd71_fcce70be8be1
  2b92ff86_9233_1f1d_3951_75debf87f0b2["chainOf()"]
  49bf5aad_8689_2271_b5e4_1894e1632471 -->|method| 2b92ff86_9233_1f1d_3951_75debf87f0b2

Relationship Graph

Source Code

handler/src/main/java/io/netty/handler/ssl/ResumptionController.java lines 32–187

final class ResumptionController {
    private final Set<SSLEngine> confirmedValidations;
    private final AtomicReference<ResumableX509ExtendedTrustManager> resumableTm;

    ResumptionController() {
        confirmedValidations = Collections.synchronizedSet(
                Collections.newSetFromMap(new WeakHashMap<SSLEngine, Boolean>()));
        resumableTm = new AtomicReference<ResumableX509ExtendedTrustManager>();
    }

    public TrustManager wrapIfNeeded(TrustManager tm) {
        if (tm instanceof ResumableX509ExtendedTrustManager) {
            if (!(tm instanceof X509ExtendedTrustManager)) {
                throw new IllegalStateException("ResumableX509ExtendedTrustManager implementation must be a " +
                        "subclass of X509ExtendedTrustManager, found: " + (tm == null ? null : tm.getClass()));
            }
            if (!resumableTm.compareAndSet(null, (ResumableX509ExtendedTrustManager) tm)) {
                throw new IllegalStateException(
                        "Only one ResumableX509ExtendedTrustManager can be configured for resumed sessions");
            }
            return new X509ExtendedWrapTrustManager((X509ExtendedTrustManager) tm, confirmedValidations);
        }
        return tm;
    }

    public void remove(SSLEngine engine) {
        if (resumableTm.get() != null) {
            confirmedValidations.remove(unwrapEngine(engine));
        }
    }

    public boolean validateResumeIfNeeded(SSLEngine engine)
            throws CertificateException, SSLPeerUnverifiedException {
        ResumableX509ExtendedTrustManager tm;
        SSLSession session = engine.getSession();
        boolean valid = session.isValid();

        // Look for resumption if the session is valid, and we expect to authenticate our peer:
        //   1.   Clients always authenticate the server.
        //   2.a. Servers only authenticate the client if they need auth,
        //   2.b. or if they requested auth and the client provided.
        //
        // If a server only "want" but don't "need" auth (ClientAuth.OPTIONAL) and the client didn't provide
        // any certificates, then `session.getPeerCertificates()` will throw `SSLPeerUnverifiedException`.
        if (valid && (engine.getUseClientMode() || engine.getNeedClientAuth() || engine.getWantClientAuth()) &&
                (tm = resumableTm.get()) != null) {
            // Unwrap JdkSslEngines because they add their inner JDK SSLEngine objects to the set.
            engine = unwrapEngine(engine);

            if (!confirmedValidations.remove(engine)) {
                Certificate[] peerCertificates;
                try {
                    peerCertificates = session.getPeerCertificates();
                } catch (SSLPeerUnverifiedException e) {
                    if (engine.getUseClientMode() || engine.getNeedClientAuth()) {
                        // Auth is required, and we got none.
                        throw e;
                    }
                    // Auth is optional, and none were provided. Skip out; session resumed but nothing to authenticate.
                    return false;
                }

                // This is a resumed session.
                if (engine.getUseClientMode()) {
                    // We are the client, resuming a session trusting the server
                    tm.resumeServerTrusted(chainOf(peerCertificates), engine);
                } else {
                    // We are the server, resuming a session trusting the client
                    tm.resumeClientTrusted(chainOf(peerCertificates), engine);
                }
                return true;
            }
        }
        return false;
    }

    private static SSLEngine unwrapEngine(SSLEngine engine) {
        if (engine instanceof JdkSslEngine) {
            return ((JdkSslEngine) engine).getWrappedEngine();
        }
        return engine;

Defined In

handler/src/main/java/io/netty/handler/ssl/ResumptionController.java

Source

View on GitHub

Frequently Asked Questions

What is the ResumptionController class?

ResumptionController is a class in the netty codebase, defined in handler/src/main/java/io/netty/handler/ssl/ResumptionController.java.

Where is ResumptionController defined?

ResumptionController is defined in handler/src/main/java/io/netty/handler/ssl/ResumptionController.java at line 32.

Analyze Your Own Codebase

Get architecture documentation, dependency graphs, and domain analysis for your codebase in minutes.

Try Supermodel Free