Package io.netty.handler.ssl

Class SslMasterKeyHandler

java.lang.Object
io.netty.channel.ChannelHandlerAdapter
io.netty.channel.ChannelInboundHandlerAdapter
io.netty.handler.ssl.SslMasterKeyHandler
All Implemented Interfaces:
ChannelHandler, ChannelInboundHandler
Direct Known Subclasses:
SslMasterKeyHandler.WiresharkSslMasterKeyHandler
public abstract class SslMasterKeyHandler extends ChannelInboundHandlerAdapter
The SslMasterKeyHandler is a channel-handler you can include in your pipeline to consume the master key invalid input: '&' session identifier for a TLS session. This can be very useful, for instance the SslMasterKeyHandler.WiresharkSslMasterKeyHandler implementation will log the secret invalid input: '&' identifier in a format that is consumable by Wireshark -- allowing easy decryption of pcap/tcpdumps.

  • Field Details

    • logger

      private static final InternalLogger logger

    • SSL_SESSIONIMPL_CLASS

      private static final Class<?> SSL_SESSIONIMPL_CLASS
      The JRE SSLSessionImpl cannot be imported

    • SSL_SESSIONIMPL_MASTER_SECRET_FIELD

      private static final Field SSL_SESSIONIMPL_MASTER_SECRET_FIELD
      The master key field in the SSLSessionImpl

    • SYSTEM_PROP_KEY

      public static final String SYSTEM_PROP_KEY
      A system property that can be used to turn on/off the SslMasterKeyHandler dynamically without having to edit your pipeline. -Dio.netty.ssl.masterKeyHandler=true
      See Also:

    • UNAVAILABILITY_CAUSE

      private static final Throwable UNAVAILABILITY_CAUSE
      The unavailability cause of whether the private Sun implementation of SSLSessionImpl is available.

  • Constructor Details

    • SslMasterKeyHandler

      protected SslMasterKeyHandler()
      Constructor.

  • Method Details

    • ensureSunSslEngineAvailability

      public static void ensureSunSslEngineAvailability()
      Ensure that SSLSessionImpl is available.
      Throws:
      UnsatisfiedLinkError - if unavailable

    • sunSslEngineUnavailabilityCause

      public static Throwable sunSslEngineUnavailabilityCause()
      Returns the cause of unavailability.
      Returns:
      the cause if unavailable. null if available.

    • isSunSslEngineAvailable

      public static boolean isSunSslEngineAvailable()

    • accept

      protected abstract void accept(SecretKey masterKey, SSLSession session)
      Consume the master key for the session and the sessionId
      Parameters:
      masterKey - A 48-byte secret shared between the client and server.
      session - The current TLS session

    • userEventTriggered

      public final void userEventTriggered(ChannelHandlerContext ctx, Object evt)
      Description copied from class: ChannelInboundHandlerAdapter
      Calls ChannelHandlerContext.fireUserEventTriggered(Object) to forward to the next ChannelInboundHandler in the ChannelPipeline. Sub-classes may override this method to change behavior.
      Specified by:
      userEventTriggered in interface ChannelInboundHandler
      Overrides:
      userEventTriggered in class ChannelInboundHandlerAdapter

    • masterKeyHandlerEnabled

      protected boolean masterKeyHandlerEnabled()
      Checks if the handler is set up to actually handle/accept the event. By default the SYSTEM_PROP_KEY property is checked, but any implementations of this class are free to override if they have different mechanisms of checking.
      Returns:
      true if it should handle, false otherwise.

    • newWireSharkSslMasterKeyHandler

      public static SslMasterKeyHandler newWireSharkSslMasterKeyHandler()
      Create a SslMasterKeyHandler.WiresharkSslMasterKeyHandler instance. This TLS master key handler logs the master key and session-id in a format understood by Wireshark -- this can be especially useful if you need to ever decrypt a TLS session and are using perfect forward secrecy (i.e. Diffie-Hellman) The key and session identifier are forwarded to the log named 'io.netty.wireshark'.