Package com.netflix.zuul.netty.server.psk

Class ZuulPskServer

java.lang.Object
org.bouncycastle.tls.AbstractTlsPeer
org.bouncycastle.tls.AbstractTlsServer
com.netflix.zuul.netty.server.psk.ZuulPskServer
All Implemented Interfaces:
org.bouncycastle.tls.TlsPeer, org.bouncycastle.tls.TlsServer
public class ZuulPskServer extends org.bouncycastle.tls.AbstractTlsServer

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final io.netty.util.AttributeKey<Boolean>
    TLS_HANDSHAKE_USING_EXTERNAL_PSK
     

    Fields inherited from class org.bouncycastle.tls.AbstractTlsServer

    certificateStatusRequest, cipherSuites, clientExtensions, clientProtocolNames, clientSentECPointFormats, context, encryptThenMACOffered, maxFragmentLengthOffered, offeredCipherSuites, protocolVersions, selectedCipherSuite, selectedProtocolName, serverExtensions, statusRequestV2, truncatedHMacOffered, trustedCAKeys

  • Constructor Summary

    Constructors
    Constructor
    Description
    ZuulPskServer(org.bouncycastle.tls.crypto.TlsCrypto crypto, com.netflix.spectator.api.Registry registry, ExternalTlsPskProvider externalTlsPskProvider, io.netty.channel.ChannelHandlerContext ctx, Set<org.bouncycastle.tls.ProtocolName> supportedApplicationProtocols)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    String
    getApplicationProtocol()
     
    org.bouncycastle.tls.TlsCredentials
    getCredentials()
     
    org.bouncycastle.tls.TlsPSKExternal
    getExternalPSK(Vector clientPskIdentities)
    TODO: Ask BC folks to see if getExternalPSK can throw a checked exception https://github.com/bcgit/bc-java/issues/1673 We are using SneakyThrows here because getExternalPSK is an override and we cant have throws in the method signature and we dont want to catch and wrap in RuntimeException.
    protected Vector
    getProtocolNames()
     
    Hashtable
    getServerExtensions()
     
    void
    getServerExtensionsForConnection(Hashtable serverExtensions)
     
    org.bouncycastle.tls.ProtocolVersion
    getServerVersion()
     
    protected int[]
    getSupportedCipherSuites()
     
    protected org.bouncycastle.tls.ProtocolVersion[]
    getSupportedVersions()
     
    void
    notifyAlertRaised(short alertLevel, short alertDescription, String message, Throwable cause)
     
    void
    notifyAlertReceived(short alertLevel, short alertDescription)
     
    void
    notifyHandshakeBeginning()
     
    void
    notifyHandshakeComplete()
     
    void
    processClientExtensions(Hashtable clientExtensions)
     

    Methods inherited from class org.bouncycastle.tls.AbstractTlsServer

    allowCertificateStatus, allowEncryptThenMAC, allowMultiCertStatus, allowTruncatedHMac, allowTrustedCAIndication, checkServerExtensions, getAllowedClientCertificateTypes, getCertificateRequest, getCertificateStatus, getCipherSuites, getDetailMessageNoCipherSuite, getDHConfig, getECDHConfig, getMaximumNegotiableCurveBits, getMaximumNegotiableFiniteFieldBits, getNewConnectionID, getNewSessionID, getNewSessionTicket, getProtocolVersions, getPSKIdentityManager, getSelectedCipherSuite, getServerSupplementalData, getSessionToResume, getSRPLoginParameters, getSupportedGroups, init, isSelectableCipherSuite, notifyClientCertificate, notifyClientVersion, notifyFallback, notifyOfferedCipherSuites, notifySession, preferLocalCipherSuites, preferLocalClientCertificateTypes, processClientSupplementalData, selectCipherSuite, selectDH, selectDHDefault, selectECDH, selectECDHDefault, selectProtocolName, selectProtocolName, shouldSelectProtocolNameEarly

    Methods inherited from class org.bouncycastle.tls.AbstractTlsPeer

    allowLegacyResumption, cancel, getCrypto, getHandshakeResendTimeMillis, getHandshakeTimeoutMillis, getHeartbeat, getHeartbeatPolicy, getKeyExchangeFactory, getMaxCertificateChainLength, getMaxHandshakeMessageSize, getPskKeyExchangeModes, getRenegotiationPolicy, notifyCloseHandle, notifyConnectionClosed, notifySecureRenegotiation, requiresCloseNotify, requiresExtendedMasterSecret, shouldCheckSigAlgOfPeerCerts, shouldUseExtendedMasterSecret, shouldUseExtendedPadding, shouldUseGMTUnixTime

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface org.bouncycastle.tls.TlsPeer

    allowLegacyResumption, cancel, getCrypto, getHandshakeResendTimeMillis, getHandshakeTimeoutMillis, getHeartbeat, getHeartbeatPolicy, getKeyExchangeFactory, getMaxCertificateChainLength, getMaxHandshakeMessageSize, getPskKeyExchangeModes, getRenegotiationPolicy, notifyCloseHandle, notifyConnectionClosed, notifySecureRenegotiation, requiresCloseNotify, requiresExtendedMasterSecret, shouldCheckSigAlgOfPeerCerts, shouldUseExtendedMasterSecret, shouldUseExtendedPadding, shouldUseGMTUnixTime

  • Field Details

    • TLS_HANDSHAKE_USING_EXTERNAL_PSK

      public static final io.netty.util.AttributeKey<Boolean> TLS_HANDSHAKE_USING_EXTERNAL_PSK

  • Constructor Details

    • ZuulPskServer

      public ZuulPskServer(org.bouncycastle.tls.crypto.TlsCrypto crypto, com.netflix.spectator.api.Registry registry, ExternalTlsPskProvider externalTlsPskProvider, io.netty.channel.ChannelHandlerContext ctx, Set<org.bouncycastle.tls.ProtocolName> supportedApplicationProtocols)

  • Method Details

    • getCredentials

      public org.bouncycastle.tls.TlsCredentials getCredentials()

    • getProtocolNames

      protected Vector getProtocolNames()
      Overrides:
      getProtocolNames in class org.bouncycastle.tls.AbstractTlsServer

    • notifyHandshakeBeginning

      public void notifyHandshakeBeginning() throws IOException
      Specified by:
      notifyHandshakeBeginning in interface org.bouncycastle.tls.TlsPeer
      Overrides:
      notifyHandshakeBeginning in class org.bouncycastle.tls.AbstractTlsServer
      Throws:
      IOException

    • notifyHandshakeComplete

      public void notifyHandshakeComplete() throws IOException
      Specified by:
      notifyHandshakeComplete in interface org.bouncycastle.tls.TlsPeer
      Overrides:
      notifyHandshakeComplete in class org.bouncycastle.tls.AbstractTlsPeer
      Throws:
      IOException

    • getSupportedVersions

      protected org.bouncycastle.tls.ProtocolVersion[] getSupportedVersions()
      Overrides:
      getSupportedVersions in class org.bouncycastle.tls.AbstractTlsPeer

    • getSupportedCipherSuites

      protected int[] getSupportedCipherSuites()
      Specified by:
      getSupportedCipherSuites in class org.bouncycastle.tls.AbstractTlsPeer

    • getServerVersion

      public org.bouncycastle.tls.ProtocolVersion getServerVersion() throws IOException
      Specified by:
      getServerVersion in interface org.bouncycastle.tls.TlsServer
      Overrides:
      getServerVersion in class org.bouncycastle.tls.AbstractTlsServer
      Throws:
      IOException

    • getExternalPSK

      public org.bouncycastle.tls.TlsPSKExternal getExternalPSK(Vector clientPskIdentities)
      TODO: Ask BC folks to see if getExternalPSK can throw a checked exception https://github.com/bcgit/bc-java/issues/1673 We are using SneakyThrows here because getExternalPSK is an override and we cant have throws in the method signature and we dont want to catch and wrap in RuntimeException. SneakyThrows allows up to compile and it will throw the exception at runtime.
      Specified by:
      getExternalPSK in interface org.bouncycastle.tls.TlsServer
      Overrides:
      getExternalPSK in class org.bouncycastle.tls.AbstractTlsServer

    • notifyAlertRaised

      public void notifyAlertRaised(short alertLevel, short alertDescription, String message, Throwable cause)
      Specified by:
      notifyAlertRaised in interface org.bouncycastle.tls.TlsPeer
      Overrides:
      notifyAlertRaised in class org.bouncycastle.tls.AbstractTlsPeer

    • notifyAlertReceived

      public void notifyAlertReceived(short alertLevel, short alertDescription)
      Specified by:
      notifyAlertReceived in interface org.bouncycastle.tls.TlsPeer
      Overrides:
      notifyAlertReceived in class org.bouncycastle.tls.AbstractTlsPeer

    • processClientExtensions

      public void processClientExtensions(Hashtable clientExtensions) throws IOException
      Specified by:
      processClientExtensions in interface org.bouncycastle.tls.TlsServer
      Overrides:
      processClientExtensions in class org.bouncycastle.tls.AbstractTlsServer
      Throws:
      IOException

    • getServerExtensions

      public Hashtable getServerExtensions() throws IOException
      Specified by:
      getServerExtensions in interface org.bouncycastle.tls.TlsServer
      Overrides:
      getServerExtensions in class org.bouncycastle.tls.AbstractTlsServer
      Throws:
      IOException

    • getServerExtensionsForConnection

      public void getServerExtensionsForConnection(Hashtable serverExtensions) throws IOException
      Specified by:
      getServerExtensionsForConnection in interface org.bouncycastle.tls.TlsServer
      Overrides:
      getServerExtensionsForConnection in class org.bouncycastle.tls.AbstractTlsServer
      Throws:
      IOException

    • getApplicationProtocol

      public String getApplicationProtocol()