Package org.wildfly.security.ssl

Class SNISSLExplorer

  • final class SNISSLExplorer
extends Object
    Instances of this class acts as an explorer of the network data of an SSL/TLS connection.

    • Field Detail

      • RECORD_HEADER_SIZE

        public static final int RECORD_HEADER_SIZE
        The header size of TLS/SSL records.

        The value of this constant is 5.

        See Also:
        Constant Field Values

    • Constructor Detail

      • SNISSLExplorer

        private SNISSLExplorer()

    • Method Detail

      • getRequiredSize

        public static int getRequiredSize​(ByteBuffer source)
        Returns the required number of bytes in the source ByteBuffer necessary to explore SSL/TLS connection.

        This method tries to parse as few bytes as possible from source byte buffer to get the length of an SSL/TLS record.

        This method accesses the source parameter in read-only mode, and does not update the buffer's properties such as capacity, limit, position, and mark values.

        Parameters:
        source - a ByteBuffer containing inbound or outbound network data for an SSL/TLS connection.
        Returns:
        the required size in byte to explore an SSL/TLS connection
        Throws:
        BufferUnderflowException - if less than RECORD_HEADER_SIZE bytes remaining in source

      • getRequiredSize

        public static int getRequiredSize​(byte[] source,
                                  int offset,
                                  int length)
                           throws IOException
        Returns the required number of bytes in the source byte array necessary to explore SSL/TLS connection.

        This method tries to parse as few bytes as possible from source byte array to get the length of an SSL/TLS record.

        Parameters:
        source - a byte array containing inbound or outbound network data for an SSL/TLS connection.
        offset - the start offset in array source at which the network data is read from.
        length - the maximum number of bytes to read.
        Returns:
        the required size in byte to explore an SSL/TLS connection
        Throws:
        BufferUnderflowException - if less than RECORD_HEADER_SIZE bytes remaining in source
        IOException

      • explore

        public static List<SNIServerName> explore​(ByteBuffer source)
                                   throws SSLException
        Launch and explore the security capabilities from byte buffer.

        This method tries to parse as few records as possible from source byte buffer to get the capabilities of an SSL/TLS connection.

        Please NOTE that this method must be called before any handshaking occurs. The behavior of this method is not defined in this release if the handshake has begun, or has completed.

        This method accesses the source parameter in read-only mode, and does not update the buffer's properties such as capacity, limit, position, and mark values.

        Parameters:
        source - a ByteBuffer containing inbound or outbound network data for an SSL/TLS connection.
        Returns:
        the explored capabilities of the SSL/TLS connection
        Throws:
        IOException - on network data error
        BufferUnderflowException - if not enough source bytes available to make a complete exploration.
        SSLException

      • explore

        public static List<SNIServerName> explore​(byte[] source,
                                          int offset,
                                          int length)
                                   throws IOException
        Launch and explore the security capabilities from byte array.

        Please NOTE that this method must be called before any handshaking occurs. The behavior of this method is not defined in this release if the handshake has begun, or has completed. Once handshake has begun, or has completed, the security capabilities can not and should not be launched with this method.

        Parameters:
        source - a byte array containing inbound or outbound network data for an SSL/TLS connection.
        offset - the start offset in array source at which the network data is read from.
        length - the maximum number of bytes to read.
        Returns:
        the explored capabilities of the SSL/TLS connection
        Throws:
        IOException - on network data error
        BufferUnderflowException - if not enough source bytes available to make a complete exploration.
        See Also:
        explore(ByteBuffer)

      • getInt8

        private static int getInt8​(ByteBuffer input)

      • getInt16

        private static int getInt16​(ByteBuffer input)

      • getInt24

        private static int getInt24​(ByteBuffer input)

      • ignoreByteVector8

        private static void ignoreByteVector8​(ByteBuffer input)

      • ignoreByteVector

        private static void ignoreByteVector​(ByteBuffer input,
                                     int length)