io.netty.handler.ssl

Class SslMasterKeyHandler

java.lang.Object

io.netty.channel.ChannelHandlerAdapter

io.netty.channel.ChannelInboundHandlerAdapter

io.netty.handler.ssl.SslMasterKeyHandler

All Implemented Interfaces:

ChannelHandler, ChannelInboundHandler

public abstract class SslMasterKeyHandler
extends ChannelInboundHandlerAdapter

The SslMasterKeyHandler is a channel-handler you can include in your pipeline to consume the master key & session identifier for a TLS session. This can be very useful, for instance the WiresharkSslMasterKeyHandler implementation will log the secret & identifier in a format that is consumable by Wireshark -- allowing easy decryption of pcap/tcpdumps.

Nested Class Summary

Nested classes/interfaces inherited from interface io.netty.channel.ChannelHandler

ChannelHandler.Sharable

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	SYSTEM_PROP_KEY A system property that can be used to turn on/off the SslMasterKeyHandler dynamically without having to edit your pipeline.

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	SslMasterKeyHandler() Constructor.

Method Summary

Modifier and Type	Method and Description
protected abstract void	accept(javax.crypto.SecretKey masterKey, javax.net.ssl.SSLSession session) Consume the master key for the session and the sessionId
static void	ensureSunSslEngineAvailability() Ensure that SSLSessionImpl is available.
static boolean	isSunSslEngineAvailable()
static SslMasterKeyHandler	newWireSharkSslMasterKeyHandler() Create a WiresharkSslMasterKeyHandler instance.
static java.lang.Throwable	sunSslEngineUnavailabilityCause() Returns the cause of unavailability.
void	userEventTriggered(ChannelHandlerContext ctx, java.lang.Object evt) Calls ChannelHandlerContext.fireUserEventTriggered(Object) to forward to the next ChannelInboundHandler in the ChannelPipeline.

Methods inherited from class io.netty.channel.ChannelInboundHandlerAdapter

channelActive, channelInactive, channelRead, channelReadComplete, channelRegistered, channelUnregistered, channelWritabilityChanged, exceptionCaught

Methods inherited from class io.netty.channel.ChannelHandlerAdapter

ensureNotSharable, handlerAdded, handlerRemoved, isSharable

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface io.netty.channel.ChannelHandler

handlerAdded, handlerRemoved

Field Detail

SYSTEM_PROP_KEY

public static final java.lang.String SYSTEM_PROP_KEY

A system property that can be used to turn on/off the SslMasterKeyHandler dynamically without having to edit your pipeline. -Dio.netty.ssl.masterKeyHandler=true

See Also:

Constant Field Values

Constructor Detail

SslMasterKeyHandler

protected SslMasterKeyHandler()

Constructor.

Method Detail

ensureSunSslEngineAvailability

public static void ensureSunSslEngineAvailability()

Ensure that SSLSessionImpl is available.

Throws:

java.lang.UnsatisfiedLinkError - if unavailable

sunSslEngineUnavailabilityCause

public static java.lang.Throwable sunSslEngineUnavailabilityCause()

Returns the cause of unavailability.

Returns:

the cause if unavailable. null if available.

isSunSslEngineAvailable

public static boolean isSunSslEngineAvailable()

accept

protected abstract void accept(javax.crypto.SecretKey masterKey,
                               javax.net.ssl.SSLSession session)

Consume the master key for the session and the sessionId

Parameters:

masterKey - A 48-byte secret shared between the client and server.

session - The current TLS session

userEventTriggered

public final void userEventTriggered(ChannelHandlerContext ctx,
                                     java.lang.Object evt)

Description copied from class: ChannelInboundHandlerAdapter

Calls ChannelHandlerContext.fireUserEventTriggered(Object) to forward to the next ChannelInboundHandler in the ChannelPipeline. Sub-classes may override this method to change behavior.

Specified by:

userEventTriggered in interface ChannelInboundHandler

Overrides:

userEventTriggered in class ChannelInboundHandlerAdapter

newWireSharkSslMasterKeyHandler

public static SslMasterKeyHandler newWireSharkSslMasterKeyHandler()

Create a WiresharkSslMasterKeyHandler instance. This TLS master key handler logs the master key and session-id in a format understood by Wireshark -- this can be especially useful if you need to ever decrypt a TLS session and are using perfect forward secrecy (i.e. Diffie-Hellman) The key and session identifier are forwarded to the log named 'io.netty.wireshark'.