Package io.netty.handler.ssl
Class SslMasterKeyHandler
- java.lang.Object
-
- io.netty.channel.ChannelHandlerAdapter
-
- io.netty.channel.ChannelInboundHandlerAdapter
-
- io.netty.handler.ssl.SslMasterKeyHandler
-
- All Implemented Interfaces:
ChannelHandler,ChannelInboundHandler
- Direct Known Subclasses:
SslMasterKeyHandler.WiresharkSslMasterKeyHandler
public abstract class SslMasterKeyHandler extends ChannelInboundHandlerAdapter
TheSslMasterKeyHandleris a channel-handler you can include in your pipeline to consume the master key & session identifier for a TLS session. This can be very useful, for instance theSslMasterKeyHandler.WiresharkSslMasterKeyHandlerimplementation will log the secret & identifier in a format that is consumable by Wireshark -- allowing easy decryption of pcap/tcpdumps.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description private static classSslMasterKeyHandler.WiresharkSslMasterKeyHandlerRecord the session identifier and master key to theInternalLoggernamedio.netty.wireshark.-
Nested classes/interfaces inherited from interface io.netty.channel.ChannelHandler
ChannelHandler.Sharable
-
-
Field Summary
Fields Modifier and Type Field Description private static InternalLoggerloggerprivate static java.lang.Class<?>SSL_SESSIONIMPL_CLASSThe JRE SSLSessionImpl cannot be importedprivate static java.lang.reflect.FieldSSL_SESSIONIMPL_MASTER_SECRET_FIELDThe master key field in the SSLSessionImplstatic java.lang.StringSYSTEM_PROP_KEYA system property that can be used to turn on/off theSslMasterKeyHandlerdynamically without having to edit your pipeline.private static java.lang.ThrowableUNAVAILABILITY_CAUSEThe unavailability cause of whether the private Sun implementation of SSLSessionImpl is available.
-
Constructor Summary
Constructors Modifier Constructor Description protectedSslMasterKeyHandler()Constructor.
-
Method Summary
All Methods Static Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description protected abstract voidaccept(javax.crypto.SecretKey masterKey, javax.net.ssl.SSLSession session)Consume the master key for the session and the sessionIdstatic voidensureSunSslEngineAvailability()Ensure that SSLSessionImpl is available.static booleanisSunSslEngineAvailable()static SslMasterKeyHandlernewWireSharkSslMasterKeyHandler()Create aSslMasterKeyHandler.WiresharkSslMasterKeyHandlerinstance.static java.lang.ThrowablesunSslEngineUnavailabilityCause()Returns the cause of unavailability.voiduserEventTriggered(ChannelHandlerContext ctx, java.lang.Object evt)CallsChannelHandlerContext.fireUserEventTriggered(Object)to forward to the nextChannelInboundHandlerin theChannelPipeline.-
Methods inherited from class io.netty.channel.ChannelInboundHandlerAdapter
channelActive, channelInactive, channelRead, channelReadComplete, channelRegistered, channelUnregistered, channelWritabilityChanged, exceptionCaught
-
Methods inherited from class io.netty.channel.ChannelHandlerAdapter
ensureNotSharable, handlerAdded, handlerRemoved, isSharable
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface io.netty.channel.ChannelHandler
handlerAdded, handlerRemoved
-
-
-
-
Field Detail
-
logger
private static final InternalLogger logger
-
SSL_SESSIONIMPL_CLASS
private static final java.lang.Class<?> SSL_SESSIONIMPL_CLASS
The JRE SSLSessionImpl cannot be imported
-
SSL_SESSIONIMPL_MASTER_SECRET_FIELD
private static final java.lang.reflect.Field SSL_SESSIONIMPL_MASTER_SECRET_FIELD
The master key field in the SSLSessionImpl
-
SYSTEM_PROP_KEY
public static final java.lang.String SYSTEM_PROP_KEY
A system property that can be used to turn on/off theSslMasterKeyHandlerdynamically without having to edit your pipeline.-Dio.netty.ssl.masterKeyHandler=true- See Also:
- Constant Field Values
-
UNAVAILABILITY_CAUSE
private static final java.lang.Throwable UNAVAILABILITY_CAUSE
The unavailability cause of whether the private Sun implementation of SSLSessionImpl is available.
-
-
Method Detail
-
ensureSunSslEngineAvailability
public static void ensureSunSslEngineAvailability()
Ensure that SSLSessionImpl is available.- Throws:
java.lang.UnsatisfiedLinkError- if unavailable
-
sunSslEngineUnavailabilityCause
public static java.lang.Throwable sunSslEngineUnavailabilityCause()
Returns the cause of unavailability.- Returns:
- the cause if unavailable.
nullif available.
-
isSunSslEngineAvailable
public static boolean isSunSslEngineAvailable()
-
accept
protected abstract void accept(javax.crypto.SecretKey masterKey, javax.net.ssl.SSLSession session)Consume the master key for the session and the sessionId- Parameters:
masterKey- A 48-byte secret shared between the client and server.session- The current TLS session
-
userEventTriggered
public final void userEventTriggered(ChannelHandlerContext ctx, java.lang.Object evt)
Description copied from class:ChannelInboundHandlerAdapterCallsChannelHandlerContext.fireUserEventTriggered(Object)to forward to the nextChannelInboundHandlerin theChannelPipeline. Sub-classes may override this method to change behavior.- Specified by:
userEventTriggeredin interfaceChannelInboundHandler- Overrides:
userEventTriggeredin classChannelInboundHandlerAdapter
-
newWireSharkSslMasterKeyHandler
public static SslMasterKeyHandler newWireSharkSslMasterKeyHandler()
Create aSslMasterKeyHandler.WiresharkSslMasterKeyHandlerinstance. This TLS master key handler logs the master key and session-id in a format understood by Wireshark -- this can be especially useful if you need to ever decrypt a TLS session and are using perfect forward secrecy (i.e. Diffie-Hellman) The key and session identifier are forwarded to the log named 'io.netty.wireshark'.
-
-