public abstract class SslMasterKeyHandler extends ChannelInboundHandlerAdapter
SslMasterKeyHandler is a channel-handler you can include in your pipeline to consume the master key
& session identifier for a TLS session.
This can be very useful, for instance the WiresharkSslMasterKeyHandler implementation will
log the secret & identifier in a format that is consumable by Wireshark -- allowing easy decryption of pcap/tcpdumps.ChannelHandler.Sharable| 限定符和类型 | 字段和说明 |
|---|---|
static java.lang.String |
SYSTEM_PROP_KEY
A system property that can be used to turn on/off the
SslMasterKeyHandler dynamically without having
to edit your pipeline. |
| 限定符 | 构造器和说明 |
|---|---|
protected |
SslMasterKeyHandler()
Constructor.
|
| 限定符和类型 | 方法和说明 |
|---|---|
protected abstract void |
accept(javax.crypto.SecretKey masterKey,
javax.net.ssl.SSLSession session)
Consume the master key for the session and the sessionId
|
static void |
ensureSunSslEngineAvailability()
Ensure that SSLSessionImpl is available.
|
static boolean |
isSunSslEngineAvailable() |
protected boolean |
masterKeyHandlerEnabled()
Checks if the handler is set up to actually handle/accept the event.
|
static SslMasterKeyHandler |
newWireSharkSslMasterKeyHandler()
Create a
WiresharkSslMasterKeyHandler instance. |
static java.lang.Throwable |
sunSslEngineUnavailabilityCause()
Returns the cause of unavailability.
|
void |
userEventTriggered(ChannelHandlerContext ctx,
java.lang.Object evt)
Calls
ChannelHandlerContext.fireUserEventTriggered(Object) to forward
to the next ChannelInboundHandler in the ChannelPipeline. |
channelActive, channelInactive, channelRead, channelReadComplete, channelRegistered, channelUnregistered, channelWritabilityChanged, exceptionCaughtensureNotSharable, handlerAdded, handlerRemoved, isSharableclone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waithandlerAdded, handlerRemovedpublic static final java.lang.String SYSTEM_PROP_KEY
SslMasterKeyHandler dynamically without having
to edit your pipeline.
-Dio.netty.ssl.masterKeyHandler=truepublic static void ensureSunSslEngineAvailability()
java.lang.UnsatisfiedLinkError - if unavailablepublic static java.lang.Throwable sunSslEngineUnavailabilityCause()
null if available.public static boolean isSunSslEngineAvailable()
protected abstract void accept(javax.crypto.SecretKey masterKey,
javax.net.ssl.SSLSession session)
masterKey - A 48-byte secret shared between the client and server.session - The current TLS sessionpublic final void userEventTriggered(ChannelHandlerContext ctx, java.lang.Object evt)
ChannelInboundHandlerAdapterChannelHandlerContext.fireUserEventTriggered(Object) to forward
to the next ChannelInboundHandler in the ChannelPipeline.
Sub-classes may override this method to change behavior.protected boolean masterKeyHandlerEnabled()
SYSTEM_PROP_KEY property is checked, but any implementations of this class are
free to override if they have different mechanisms of checking.public static SslMasterKeyHandler newWireSharkSslMasterKeyHandler()
WiresharkSslMasterKeyHandler instance.
This TLS master key handler logs the master key and session-id in a format
understood by Wireshark -- this can be especially useful if you need to ever
decrypt a TLS session and are using perfect forward secrecy (i.e. Diffie-Hellman)
The key and session identifier are forwarded to the log named 'io.netty.wireshark'.