Package org.jivesoftware.util.channelbinding

Class ChannelBindingProviderManager

java.lang.Object
org.jivesoftware.util.channelbinding.ChannelBindingProviderManager
public class ChannelBindingProviderManager extends Object
Manages a set of providers that can extract channel binding data of various types from SSL engines. This class offers a best-effort mechanism to obtain channel binding values as defined in RFC 5705, RFC 5929, RFC 9266, etc. It dynamically detects, at runtime, whether the underlying TLS implementation supports exporting keying material for the requested channel binding type, without requiring a hard dependency on any particular provider or JDK version. Providers are tried in order of registration until one succeeds or all fail.
Author:
Guus der Kinderen, guus@goodbytes.nl
See Also:

  • Constructor Details

    • ChannelBindingProviderManager

      public ChannelBindingProviderManager()
      Constructs a new manager instance. Intended primarily for testing; typical usage should prefer the singleton returned by getInstance().

  • Method Details

    • getInstance

      public static ChannelBindingProviderManager getInstance()
      Returns the singleton instance of the manager.
      Returns:
      the singleton ChannelBindingProviderManager instance

    • addProvider

      public void addProvider(@Nonnull ChannelBindingProvider provider)
      Registers a provider for its declared channel binding type (RFC-defined unique prefix) at the tail (end) of the list. Multiple providers can be registered for the same type; they are tried in registration order (head to tail).
      Parameters:
      provider - the provider to register

    • addProviderToHead

      public void addProviderToHead(@Nonnull ChannelBindingProvider provider)
      Registers a provider for its declared channel binding type (RFC-defined unique prefix) at the head (start) of the list. Multiple providers can be registered for the same type; they are tried in registration order (head to tail).
      Parameters:
      provider - the provider to register

    • removeProvider

      public boolean removeProvider(@Nonnull ChannelBindingProvider provider)
      Removes a specific provider instance for the given channel binding type prefix, if present. When multiple instances are registered, only the first instance is removed.
      Parameters:
      provider - the provider instance to remove
      Returns:
      if this manager contained the specified provider

    • getChannelBinding

      public Optional<byte[]> getChannelBinding(@Nonnull String cbPrefix, @Nonnull SSLEngine engine)
      Attempts to obtain the channel binding data for the given type prefix and SSL engine by delegating to registered providers in order. Returns the first successful result, or an empty Optional if none succeed.
      Parameters:
      cbPrefix - the RFC-defined unique prefix for the channel binding type (must not be null or empty)
      engine - the SSL engine from which to extract channel binding data
      Returns:
      an Optional containing the channel binding data, or empty if unavailable

    • supportsChannelBinding

      public boolean supportsChannelBinding(@Nonnull String cbPrefix)
      Checks if there is at least one provider registered for the given channel binding type prefix.
      Parameters:
      cbPrefix - the RFC-defined unique prefix for the channel binding type (must not be null or empty)
      Returns:
      true if at least one provider is registered for the prefix, false otherwise

    • getSupportedChannelBindingTypes

      public Set<String> getSupportedChannelBindingTypes()
      Returns an unmodifiable set of all supported channel binding type prefixes for which at least one provider is registered.
      Returns:
      a set of RFC-defined unique prefixes for supported channel binding types

    • getSASLChannelBindingTypeCapabilityElement

      public Optional<org.dom4j.Element> getSASLChannelBindingTypeCapabilityElement(@Nonnull org.dom4j.Element saslMechanisms)
      Returns an XML element that describes the supported SASL channel binding types, if applicable. This method inspects the provided SASL mechanisms element. If at least one mechanism ends with "-PLUS" and the server supports one or more channel binding types, it returns an element that advertises these types. Otherwise, it returns an empty Optional.
      Parameters:
      saslMechanisms - The XML element containing SASL mechanisms to inspect.
      Returns:
      An Optional containing the capability element if channel binding types should be advertised, or empty otherwise.
      See Also: