View Javadoc
1   /*
2    * Copyright 2014 The Netty Project
3    *
4    * The Netty Project licenses this file to you under the Apache License,
5    * version 2.0 (the "License"); you may not use this file except in compliance
6    * with the License. You may obtain a copy of the License at:
7    *
8    *   https://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13   * License for the specific language governing permissions and limitations
14   * under the License.
15   */
16  
17  package io.netty.handler.ssl;
18  
19  import io.netty.util.ReferenceCounted;
20  import io.netty.util.internal.UnstableApi;
21  
22  import java.security.Provider;
23  
24  /**
25   * An enumeration of SSL/TLS protocol providers.
26   */
27  public enum SslProvider {
28      /**
29       * JDK's default implementation.
30       */
31      JDK,
32      /**
33       * OpenSSL-based implementation.
34       */
35      OPENSSL,
36      /**
37       * OpenSSL-based implementation which does not have finalizers and instead implements {@link ReferenceCounted}.
38       */
39      @UnstableApi
40      OPENSSL_REFCNT;
41  
42      /**
43       * Returns {@code true} if the specified {@link SslProvider} supports
44       * <a href="https://tools.ietf.org/html/rfc7301#section-6">TLS ALPN Extension</a>, {@code false} otherwise.
45       */
46      @SuppressWarnings("deprecation")
47      public static boolean isAlpnSupported(final SslProvider provider) {
48          switch (provider) {
49              case JDK:
50                  return JdkAlpnApplicationProtocolNegotiator.isAlpnSupported();
51              case OPENSSL:
52              case OPENSSL_REFCNT:
53                  return OpenSsl.isAlpnSupported();
54              default:
55                  throw new Error("Unknown SslProvider: " + provider);
56          }
57      }
58  
59      /**
60       * Returns {@code true} if the specified {@link SslProvider} supports
61       * <a href="https://tools.ietf.org/html/rfc8446">TLS 1.3</a>, {@code false} otherwise.
62       */
63      public static boolean isTlsv13Supported(final SslProvider sslProvider) {
64          return isTlsv13Supported(sslProvider, null);
65      }
66  
67      /**
68       * Returns {@code true} if the specified {@link SslProvider} supports
69       * <a href="https://tools.ietf.org/html/rfc8446">TLS 1.3</a>, {@code false} otherwise.
70       */
71      public static boolean isTlsv13Supported(final SslProvider sslProvider, Provider provider) {
72          switch (sslProvider) {
73              case JDK:
74                  return SslUtils.isTLSv13SupportedByJDK(provider);
75              case OPENSSL:
76              case OPENSSL_REFCNT:
77                  return OpenSsl.isTlsv13Supported();
78              default:
79                  throw new Error("Unknown SslProvider: " + sslProvider);
80          }
81      }
82  
83      /**
84       * Returns {@code true} if the specified {@link SslProvider} supports the specified {@link SslContextOption},
85       * {@code false} otherwise.
86       */
87      public static boolean isOptionSupported(SslProvider sslProvider, SslContextOption<?> option) {
88          switch (sslProvider) {
89              case JDK:
90                  // We currently don't support any SslContextOptions when using the JDK implementation
91                  return false;
92              case OPENSSL:
93              case OPENSSL_REFCNT:
94                  return OpenSsl.isOptionSupported(option);
95              default:
96                  throw new Error("Unknown SslProvider: " + sslProvider);
97          }
98      }
99  
100     /**
101      * Returns {@code true} if the specified {@link SslProvider} enables
102      * <a href="https://tools.ietf.org/html/rfc8446">TLS 1.3</a> by default, {@code false} otherwise.
103      */
104     static boolean isTlsv13EnabledByDefault(final SslProvider sslProvider, Provider provider) {
105         switch (sslProvider) {
106             case JDK:
107                 return SslUtils.isTLSv13EnabledByJDK(provider);
108             case OPENSSL:
109             case OPENSSL_REFCNT:
110                 return OpenSsl.isTlsv13Supported();
111             default:
112                 throw new Error("Unknown SslProvider: " + sslProvider);
113         }
114     }
115 }