public abstract class SslMasterKeyHandler extends ChannelInboundHandlerAdapter
SslMasterKeyHandler is a channel-handler you can include in your pipeline to consume the master key
& session identifier for a TLS session.
This can be very useful, for instance the WiresharkSslMasterKeyHandler implementation will
log the secret & identifier in a format that is consumable by Wireshark -- allowing easy decryption of pcap/tcpdumps.ChannelHandler.Sharable| Modifier and Type | Field and Description |
|---|---|
static String |
SYSTEM_PROP_KEY
A system property that can be used to turn on/off the
SslMasterKeyHandler dynamically without having
to edit your pipeline. |
| Modifier | Constructor and Description |
|---|---|
protected |
SslMasterKeyHandler()
Constructor.
|
| Modifier and Type | Method and Description |
|---|---|
protected abstract void |
accept(SecretKey masterKey,
SSLSession session)
Consume the master key for the session and the sessionId
|
static void |
ensureSunSslEngineAvailability()
Ensure that SSLSessionImpl is available.
|
static boolean |
isSunSslEngineAvailable() |
protected boolean |
masterKeyHandlerEnabled()
Checks if the handler is set up to actually handle/accept the event.
|
static SslMasterKeyHandler |
newWireSharkSslMasterKeyHandler()
Create a
WiresharkSslMasterKeyHandler instance. |
static Throwable |
sunSslEngineUnavailabilityCause()
Returns the cause of unavailability.
|
void |
userEventTriggered(ChannelHandlerContext ctx,
Object evt)
Calls
ChannelHandlerContext.fireUserEventTriggered(Object) to forward
to the next ChannelInboundHandler in the ChannelPipeline. |
channelActive, channelInactive, channelRead, channelReadComplete, channelRegistered, channelUnregistered, channelWritabilityChanged, exceptionCaughtensureNotSharable, handlerAdded, handlerRemoved, isSharableclone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waithandlerAdded, handlerRemovedpublic static final String SYSTEM_PROP_KEY
SslMasterKeyHandler dynamically without having
to edit your pipeline.
-Dio.netty.ssl.masterKeyHandler=truepublic static void ensureSunSslEngineAvailability()
UnsatisfiedLinkError - if unavailablepublic static Throwable sunSslEngineUnavailabilityCause()
null if available.public static boolean isSunSslEngineAvailable()
protected abstract void accept(SecretKey masterKey, SSLSession session)
masterKey - A 48-byte secret shared between the client and server.session - The current TLS sessionpublic final void userEventTriggered(ChannelHandlerContext ctx, Object evt)
ChannelInboundHandlerAdapterChannelHandlerContext.fireUserEventTriggered(Object) to forward
to the next ChannelInboundHandler in the ChannelPipeline.
Sub-classes may override this method to change behavior.userEventTriggered in interface ChannelInboundHandleruserEventTriggered in class ChannelInboundHandlerAdapterprotected boolean masterKeyHandlerEnabled()
SYSTEM_PROP_KEY property is checked, but any implementations of this class are
free to override if they have different mechanisms of checking.public static SslMasterKeyHandler newWireSharkSslMasterKeyHandler()
WiresharkSslMasterKeyHandler instance.
This TLS master key handler logs the master key and session-id in a format
understood by Wireshark -- this can be especially useful if you need to ever
decrypt a TLS session and are using perfect forward secrecy (i.e. Diffie-Hellman)
The key and session identifier are forwarded to the log named 'io.netty.wireshark'.Copyright © 2008–2024 The Netty Project. All rights reserved.