Class ReferenceCountedOpenSslContext

java.lang.Object

io.netty.handler.ssl.SslContext

io.netty.handler.ssl.ReferenceCountedOpenSslContext

All Implemented Interfaces:

ReferenceCounted

Direct Known Subclasses:

OpenSslContext, ReferenceCountedOpenSslClientContext, ReferenceCountedOpenSslServerContext

public abstract class ReferenceCountedOpenSslContext
extends SslContext
implements ReferenceCounted

An implementation of SslContext which works with libraries that support the OpenSsl C library API.

Instances of this class must be released or else native memory will leak!

Instances of this class must not be released before any ReferenceCountedOpenSslEngine which depends upon the instance of this class is released. Otherwise if any method of ReferenceCountedOpenSslEngine is called which uses this class's JNI resources the JVM may crash.

Field Summary

Fields

Modifier and Type	Field	Description
protected long	ctx	The OpenSSL SSL_CTX object.
protected static final int	VERIFY_DEPTH

Method Summary

Modifier and Type	Method	Description
ApplicationProtocolNegotiator	applicationProtocolNegotiator()	Returns the object responsible for negotiating application layer protocols for the TLS NPN/ALPN extensions.
protected static X509Certificate[]	certificates(byte[][] chain)
protected static X509TrustManager	chooseTrustManager(TrustManager[] managers)	Deprecated. This method is kept for API backwards compatibility.
protected static X509KeyManager	chooseX509KeyManager(KeyManager[] kms)
final List<String>	cipherSuites()	Returns the list of enabled cipher suites, in the order of preference.
final long	context()	Deprecated. this method is considered unsafe as the returned pointer may be released later.
int	getBioNonApplicationBufferSize()	Returns the size of the buffer used by the BIO for non-application based writes
boolean	getRejectRemoteInitiatedRenegotiation()	Deprecated.
final boolean	isClient()	Returns the true if and only if this context is for client-side.
final SSLEngine	newEngine(ByteBufAllocator alloc)	Returns a new server-side SSLEngine with the current configuration.
final SSLEngine	newEngine(ByteBufAllocator alloc, String peerHost, int peerPort)	Creates a new SSLEngine using advisory peer information.
protected final SslHandler	newHandler(ByteBufAllocator alloc, boolean startTls)	Create a new SslHandler.
protected SslHandler	newHandler(ByteBufAllocator alloc, boolean startTls, Executor executor)	Create a new SslHandler.
protected final SslHandler	newHandler(ByteBufAllocator alloc, String peerHost, int peerPort, boolean startTls)	Create a new SslHandler.
protected SslHandler	newHandler(ByteBufAllocator alloc, String peerHost, int peerPort, boolean startTls, Executor executor)
final int	refCnt()	Returns the reference count of this object.
final boolean	release()	Decreases the reference count by 1 and deallocates this object if the reference count reaches at 0.
final boolean	release(int decrement)	Decreases the reference count by the specified decrement and deallocates this object if the reference count reaches at 0.
final ReferenceCounted	retain()	Increases the reference count by 1.
final ReferenceCounted	retain(int increment)	Increases the reference count by the specified increment.
abstract OpenSslSessionContext	sessionContext()	Returns the SSLSessionContext object held by this context.
void	setBioNonApplicationBufferSize(int bioNonApplicationBufferSize)	Set the size of the buffer used by the BIO for non-application based writes (e.g. handshake, renegotiation, etc...).
final void	setPrivateKeyMethod(OpenSslPrivateKeyMethod method)	Deprecated. use SslContextBuilder.option(SslContextOption, Object) with OpenSslContextOption.PRIVATE_KEY_METHOD.
void	setRejectRemoteInitiatedRenegotiation(boolean rejectRemoteInitiatedRenegotiation)	Deprecated.
final void	setTicketKeys(byte[] keys)	Deprecated. use OpenSslSessionContext.setTicketKeys(byte[])
final void	setUseTasks(boolean useTasks)	Deprecated. use SslContextBuilder.option(SslContextOption, Object) with OpenSslContextOption.USE_TASKS.
final long	sslCtxPointer()	Deprecated. this method is considered unsafe as the returned pointer may be released later.
final OpenSslSessionStats	stats()	Deprecated. use invalid @link {@link #sessionContext#stats() }
final ReferenceCounted	touch()	Records the current access location of this object for debugging purposes.
final ReferenceCounted	touch(Object hint)	Records the current access location of this object with an additional arbitrary information for debugging purposes.

Methods inherited from class SslContext

attributes, buildKeyManagerFactory, buildKeyStore, buildTrustManagerFactory, buildTrustManagerFactory, buildTrustManagerFactory, defaultClientProvider, defaultServerProvider, generateKeySpec, isServer, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newHandler, newHandler, newHandler, newHandler, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, nextProtocols, sessionCacheSize, sessionTimeout, toPrivateKey, toPrivateKey, toX509Certificates, toX509Certificates

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

VERIFY_DEPTH

protected static final int VERIFY_DEPTH

See Also:

• Constant Field Values

ctx

protected long ctx

The OpenSSL SSL_CTX object. ctxLock must be hold while using ctx!

Method Details

cipherSuites

public final List<String> cipherSuites()

Description copied from class: SslContext

Returns the list of enabled cipher suites, in the order of preference.

Specified by:

cipherSuites in class SslContext

applicationProtocolNegotiator

public ApplicationProtocolNegotiator applicationProtocolNegotiator()

Description copied from class: SslContext

Returns the object responsible for negotiating application layer protocols for the TLS NPN/ALPN extensions.

Specified by:

applicationProtocolNegotiator in class SslContext

isClient

public final boolean isClient()

Description copied from class: SslContext

Returns the true if and only if this context is for client-side.

Specified by:

isClient in class SslContext

newEngine

public final SSLEngine newEngine(ByteBufAllocator alloc,
 String peerHost,
 int peerPort)

Description copied from class: SslContext

Creates a new SSLEngine using advisory peer information.

If SslProvider.OPENSSL_REFCNT is used then the object must be released. One way to do this is to wrap in a SslHandler and insert it into a pipeline. See SslContext.newHandler(ByteBufAllocator, String, int).

Specified by:

newEngine in class SslContext

Parameters:

peerHost - the non-authoritative name of the host

peerPort - the non-authoritative port

Returns:

a new SSLEngine

newHandler

protected final SslHandler newHandler(ByteBufAllocator alloc,
 boolean startTls)

Description copied from class: SslContext

Create a new SslHandler.

Overrides:

newHandler in class SslContext

See Also:

• SslContext.newHandler(ByteBufAllocator)

newHandler

protected final SslHandler newHandler(ByteBufAllocator alloc,
 String peerHost,
 int peerPort,
 boolean startTls)

Description copied from class: SslContext

Create a new SslHandler.

Overrides:

newHandler in class SslContext

See Also:

• SslContext.newHandler(ByteBufAllocator, String, int, boolean, Executor)

newHandler

protected SslHandler newHandler(ByteBufAllocator alloc,
 boolean startTls,
 Executor executor)

Description copied from class: SslContext

Create a new SslHandler.

Overrides:

newHandler in class SslContext

See Also:

• SslContext.newHandler(ByteBufAllocator, String, int, boolean, Executor)

newHandler

protected SslHandler newHandler(ByteBufAllocator alloc,
 String peerHost,
 int peerPort,
 boolean startTls,
 Executor executor)

Overrides:

newHandler in class SslContext

newEngine

public final SSLEngine newEngine(ByteBufAllocator alloc)

Returns a new server-side SSLEngine with the current configuration.

Specified by:

newEngine in class SslContext

Returns:

a new SSLEngine

context

@Deprecated
public final long context()

Deprecated.

this method is considered unsafe as the returned pointer may be released later. Dont use it!

Returns the pointer to the SSL_CTX object for this ReferenceCountedOpenSslContext. Be aware that it is freed as soon as the Object.finalize() method is called. At this point 0 will be returned.

stats

@Deprecated
public final OpenSslSessionStats stats()

Deprecated.

use

invalid @link

{@link #sessionContext#stats()

}

Returns the stats of this context.

setRejectRemoteInitiatedRenegotiation

@Deprecated
public void setRejectRemoteInitiatedRenegotiation(boolean rejectRemoteInitiatedRenegotiation)

Deprecated.

Specify if remote initiated renegotiation is supported or not. If not supported and the remote side tries to initiate a renegotiation a SSLHandshakeException will be thrown during decoding.

getRejectRemoteInitiatedRenegotiation

@Deprecated
public boolean getRejectRemoteInitiatedRenegotiation()

Deprecated.

Returns:

true because renegotiation is not supported.

setBioNonApplicationBufferSize

public void setBioNonApplicationBufferSize(int bioNonApplicationBufferSize)

Set the size of the buffer used by the BIO for non-application based writes (e.g. handshake, renegotiation, etc...).

getBioNonApplicationBufferSize

public int getBioNonApplicationBufferSize()

Returns the size of the buffer used by the BIO for non-application based writes

setTicketKeys

@Deprecated
public final void setTicketKeys(byte[] keys)

Deprecated.

use OpenSslSessionContext.setTicketKeys(byte[])

Sets the SSL session ticket keys of this context.

sessionContext

public abstract OpenSslSessionContext sessionContext()

Description copied from class: SslContext

Returns the SSLSessionContext object held by this context.

Specified by:

sessionContext in class SslContext

sslCtxPointer

@Deprecated
public final long sslCtxPointer()

Deprecated.

this method is considered unsafe as the returned pointer may be released later. Dont use it!

Returns the pointer to the SSL_CTX object for this ReferenceCountedOpenSslContext. Be aware that it is freed as soon as the release() method is called. At this point 0 will be returned.

setPrivateKeyMethod

@Deprecated
@UnstableApi
public final void setPrivateKeyMethod(OpenSslPrivateKeyMethod method)

Deprecated.

use SslContextBuilder.option(SslContextOption, Object) with OpenSslContextOption.PRIVATE_KEY_METHOD.

Set the OpenSslPrivateKeyMethod to use. This allows to offload private-key operations if needed. This method is currently only supported when BoringSSL is used.

Parameters:

method - method to use.

setUseTasks

@Deprecated
public final void setUseTasks(boolean useTasks)

Deprecated.

use SslContextBuilder.option(SslContextOption, Object) with OpenSslContextOption.USE_TASKS.

certificates

protected static X509Certificate[] certificates(byte[][] chain)

chooseTrustManager

@Deprecated
protected static X509TrustManager chooseTrustManager(TrustManager[] managers)

Deprecated.

This method is kept for API backwards compatibility.

chooseX509KeyManager

protected static X509KeyManager chooseX509KeyManager(KeyManager[] kms)

refCnt

public final int refCnt()

Description copied from interface: ReferenceCounted

Returns the reference count of this object. If 0, it means this object has been deallocated.

Specified by:

refCnt in interface ReferenceCounted

retain

public final ReferenceCounted retain()

Description copied from interface: ReferenceCounted

Increases the reference count by 1.

Specified by:

retain in interface ReferenceCounted

retain

public final ReferenceCounted retain(int increment)

Description copied from interface: ReferenceCounted

Increases the reference count by the specified increment.

Specified by:

retain in interface ReferenceCounted

touch

public final ReferenceCounted touch()

Description copied from interface: ReferenceCounted

Records the current access location of this object for debugging purposes. If this object is determined to be leaked, the information recorded by this operation will be provided to you via ResourceLeakDetector. This method is a shortcut to touch(null).

Specified by:

touch in interface ReferenceCounted

touch

public final ReferenceCounted touch(Object hint)

Description copied from interface: ReferenceCounted

Records the current access location of this object with an additional arbitrary information for debugging purposes. If this object is determined to be leaked, the information recorded by this operation will be provided to you via ResourceLeakDetector.

Specified by:

touch in interface ReferenceCounted

release

public final boolean release()

Description copied from interface: ReferenceCounted

Decreases the reference count by 1 and deallocates this object if the reference count reaches at 0.

Specified by:

release in interface ReferenceCounted

Returns:

true if and only if the reference count became 0 and this object has been deallocated

release

public final boolean release(int decrement)

Description copied from interface: ReferenceCounted

Decreases the reference count by the specified decrement and deallocates this object if the reference count reaches at 0.

Specified by:

release in interface ReferenceCounted

Returns:

true if and only if the reference count became 0 and this object has been deallocated