1 /*
2 * Copyright 2014 The Netty Project
3 *
4 * The Netty Project licenses this file to you under the Apache License,
5 * version 2.0 (the "License"); you may not use this file except in compliance
6 * with the License. You may obtain a copy of the License at:
7 *
8 * https://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13 * License for the specific language governing permissions and limitations
14 * under the License.
15 */
16
17 package io.netty.handler.ssl;
18
19 import io.netty.util.ReferenceCounted;
20 import io.netty.util.internal.UnstableApi;
21
22 import java.security.Provider;
23
24 /**
25 * An enumeration of SSL/TLS protocol providers.
26 */
27 public enum SslProvider {
28 /**
29 * JDK's default implementation.
30 */
31 JDK,
32 /**
33 * OpenSSL-based implementation.
34 */
35 OPENSSL,
36 /**
37 * OpenSSL-based implementation which does not have finalizers and instead implements {@link ReferenceCounted}.
38 */
39 @UnstableApi
40 OPENSSL_REFCNT;
41
42 /**
43 * Returns {@code true} if the specified {@link SslProvider} supports
44 * <a href="https://tools.ietf.org/html/rfc7301#section-6">TLS ALPN Extension</a>, {@code false} otherwise.
45 */
46 @SuppressWarnings("deprecation")
47 public static boolean isAlpnSupported(final SslProvider provider) {
48 switch (provider) {
49 case JDK:
50 return JdkAlpnApplicationProtocolNegotiator.isAlpnSupported();
51 case OPENSSL:
52 case OPENSSL_REFCNT:
53 return OpenSsl.isAlpnSupported();
54 default:
55 throw new Error("Unknown SslProvider: " + provider);
56 }
57 }
58
59 /**
60 * Returns {@code true} if the specified {@link SslProvider} supports
61 * <a href="https://tools.ietf.org/html/rfc8446">TLS 1.3</a>, {@code false} otherwise.
62 */
63 public static boolean isTlsv13Supported(final SslProvider sslProvider) {
64 return isTlsv13Supported(sslProvider, null);
65 }
66
67 /**
68 * Returns {@code true} if the specified {@link SslProvider} supports
69 * <a href="https://tools.ietf.org/html/rfc8446">TLS 1.3</a>, {@code false} otherwise.
70 */
71 public static boolean isTlsv13Supported(final SslProvider sslProvider, Provider provider) {
72 switch (sslProvider) {
73 case JDK:
74 return SslUtils.isTLSv13SupportedByJDK(provider);
75 case OPENSSL:
76 case OPENSSL_REFCNT:
77 return OpenSsl.isTlsv13Supported();
78 default:
79 throw new Error("Unknown SslProvider: " + sslProvider);
80 }
81 }
82
83 /**
84 * Returns {@code true} if the specified {@link SslProvider} supports the specified {@link SslContextOption},
85 * {@code false} otherwise.
86 */
87 public static boolean isOptionSupported(SslProvider sslProvider, SslContextOption<?> option) {
88 switch (sslProvider) {
89 case JDK:
90 // We currently don't support any SslContextOptions when using the JDK implementation
91 return false;
92 case OPENSSL:
93 case OPENSSL_REFCNT:
94 return OpenSsl.isOptionSupported(option);
95 default:
96 throw new Error("Unknown SslProvider: " + sslProvider);
97 }
98 }
99
100 /**
101 * Returns {@code true} if the specified {@link SslProvider} enables
102 * <a href="https://tools.ietf.org/html/rfc8446">TLS 1.3</a> by default, {@code false} otherwise.
103 */
104 static boolean isTlsv13EnabledByDefault(final SslProvider sslProvider, Provider provider) {
105 switch (sslProvider) {
106 case JDK:
107 return SslUtils.isTLSv13EnabledByJDK(provider);
108 case OPENSSL:
109 case OPENSSL_REFCNT:
110 return OpenSsl.isTlsv13Supported();
111 default:
112 throw new Error("Unknown SslProvider: " + sslProvider);
113 }
114 }
115 }