Package io.netty.handler.ssl
Class JdkSslContext
- java.lang.Object
-
- io.netty.handler.ssl.SslContext
-
- io.netty.handler.ssl.JdkSslContext
-
- Direct Known Subclasses:
JdkSslClientContext,JdkSslServerContext
public class JdkSslContext extends SslContext
AnSslContextwhich uses JDK's SSL/TLS implementation.
-
-
Field Summary
Fields Modifier and Type Field Description private JdkApplicationProtocolNegotiatorapnprivate java.lang.String[]cipherSuitesprivate ClientAuthclientAuthprivate static java.util.List<java.lang.String>DEFAULT_CIPHERSprivate static java.util.List<java.lang.String>DEFAULT_CIPHERS_NON_TLSV13private static java.lang.String[]DEFAULT_PROTOCOLSprivate static java.security.ProviderDEFAULT_PROVIDERprivate booleanisClientprivate static InternalLoggerlogger(package private) static java.lang.StringPROTOCOLprivate java.lang.String[]protocolsprivate javax.net.ssl.SSLContextsslContextprivate static java.util.Set<java.lang.String>SUPPORTED_CIPHERSprivate static java.util.Set<java.lang.String>SUPPORTED_CIPHERS_NON_TLSV13private java.util.List<java.lang.String>unmodifiableCipherSuites-
Fields inherited from class io.netty.handler.ssl.SslContext
ALIAS, X509_CERT_FACTORY
-
-
Constructor Summary
Constructors Constructor Description JdkSslContext(javax.net.ssl.SSLContext sslContext, boolean isClient, ClientAuth clientAuth)JdkSslContext(javax.net.ssl.SSLContext sslContext, boolean isClient, java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, ClientAuth clientAuth)JdkSslContext(javax.net.ssl.SSLContext sslContext, boolean isClient, java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, ClientAuth clientAuth, java.lang.String[] protocols, boolean startTls)Creates a newJdkSslContextfrom a pre-configuredSSLContext.JdkSslContext(javax.net.ssl.SSLContext sslContext, boolean isClient, java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter, JdkApplicationProtocolNegotiator apn, ClientAuth clientAuth, java.lang.String[] protocols, boolean startTls)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description JdkApplicationProtocolNegotiatorapplicationProtocolNegotiator()Returns the object responsible for negotiating application layer protocols for the TLS NPN/ALPN extensions.protected static javax.net.ssl.KeyManagerFactorybuildKeyManagerFactory(java.io.File certChainFile, java.io.File keyFile, java.lang.String keyPassword, javax.net.ssl.KeyManagerFactory kmf)Deprecated.will be removed.(package private) static javax.net.ssl.KeyManagerFactorybuildKeyManagerFactory(java.io.File certChainFile, java.io.File keyFile, java.lang.String keyPassword, javax.net.ssl.KeyManagerFactory kmf, java.lang.String keyStore)Build aKeyManagerFactorybased upon a key file, key file password, and a certificate chain.protected static javax.net.ssl.KeyManagerFactorybuildKeyManagerFactory(java.io.File certChainFile, java.lang.String keyAlgorithm, java.io.File keyFile, java.lang.String keyPassword, javax.net.ssl.KeyManagerFactory kmf)Deprecated.will be removed.(package private) static javax.net.ssl.KeyManagerFactorybuildKeyManagerFactory(java.io.File certChainFile, java.lang.String keyAlgorithm, java.io.File keyFile, java.lang.String keyPassword, javax.net.ssl.KeyManagerFactory kmf, java.lang.String keyStore)Build aKeyManagerFactorybased upon a key algorithm, key file, key file password, and a certificate chain.java.util.List<java.lang.String>cipherSuites()Returns the list of enabled cipher suites, in the order of preference.private javax.net.ssl.SSLEngineconfigureAndWrapEngine(javax.net.ssl.SSLEngine engine, ByteBufAllocator alloc)javax.net.ssl.SSLContextcontext()Returns the JDKSSLContextobject held by this context.private static java.util.List<java.lang.String>defaultCiphers(javax.net.ssl.SSLEngine engine, java.util.Set<java.lang.String> supportedCiphers)private static java.lang.String[]defaultProtocols(javax.net.ssl.SSLContext context, javax.net.ssl.SSLEngine engine)booleanisClient()Returns thetrueif and only if this context is for client-side.private static booleanisTlsV13Supported(java.lang.String[] protocols)javax.net.ssl.SSLEnginenewEngine(ByteBufAllocator alloc)Creates a newSSLEngine.javax.net.ssl.SSLEnginenewEngine(ByteBufAllocator alloc, java.lang.String peerHost, int peerPort)Creates a newSSLEngineusing advisory peer information.longsessionCacheSize()Returns the size of the cache used for storing SSL session objects.javax.net.ssl.SSLSessionContextsessionContext()Returns the JDKSSLSessionContextobject held by this context.longsessionTimeout()Returns the timeout for the cached SSL session objects, in seconds.private static java.util.Set<java.lang.String>supportedCiphers(javax.net.ssl.SSLEngine engine)(package private) static JdkApplicationProtocolNegotiatortoNegotiator(ApplicationProtocolConfig config, boolean isServer)Translate aApplicationProtocolConfigobject to aJdkApplicationProtocolNegotiatorobject.-
Methods inherited from class io.netty.handler.ssl.SslContext
attributes, buildKeyManagerFactory, buildKeyManagerFactory, buildKeyManagerFactory, buildKeyManagerFactory, buildKeyStore, buildTrustManagerFactory, buildTrustManagerFactory, buildTrustManagerFactory, defaultClientProvider, defaultServerProvider, generateKeySpec, isServer, keyStorePassword, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContextInternal, newHandler, newHandler, newHandler, newHandler, newHandler, newHandler, newHandler, newHandler, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContextInternal, nextProtocols, toApplicationProtocolConfig, toPrivateKey, toPrivateKey, toPrivateKeyInternal, toX509Certificates, toX509Certificates, toX509CertificatesInternal
-
-
-
-
Field Detail
-
logger
private static final InternalLogger logger
-
PROTOCOL
static final java.lang.String PROTOCOL
- See Also:
- Constant Field Values
-
DEFAULT_PROTOCOLS
private static final java.lang.String[] DEFAULT_PROTOCOLS
-
DEFAULT_CIPHERS
private static final java.util.List<java.lang.String> DEFAULT_CIPHERS
-
DEFAULT_CIPHERS_NON_TLSV13
private static final java.util.List<java.lang.String> DEFAULT_CIPHERS_NON_TLSV13
-
SUPPORTED_CIPHERS
private static final java.util.Set<java.lang.String> SUPPORTED_CIPHERS
-
SUPPORTED_CIPHERS_NON_TLSV13
private static final java.util.Set<java.lang.String> SUPPORTED_CIPHERS_NON_TLSV13
-
DEFAULT_PROVIDER
private static final java.security.Provider DEFAULT_PROVIDER
-
protocols
private final java.lang.String[] protocols
-
cipherSuites
private final java.lang.String[] cipherSuites
-
unmodifiableCipherSuites
private final java.util.List<java.lang.String> unmodifiableCipherSuites
-
apn
private final JdkApplicationProtocolNegotiator apn
-
clientAuth
private final ClientAuth clientAuth
-
sslContext
private final javax.net.ssl.SSLContext sslContext
-
isClient
private final boolean isClient
-
-
Constructor Detail
-
JdkSslContext
@Deprecated public JdkSslContext(javax.net.ssl.SSLContext sslContext, boolean isClient, ClientAuth clientAuth)Deprecated.Creates a newJdkSslContextfrom a pre-configuredSSLContext.- Parameters:
sslContext- theSSLContextto use.isClient-trueif this context should createSSLEngines for client-side usage.clientAuth- theClientAuthto use. This will only be used when {@param isClient} isfalse.
-
JdkSslContext
@Deprecated public JdkSslContext(javax.net.ssl.SSLContext sslContext, boolean isClient, java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, ClientAuth clientAuth)Deprecated.Creates a newJdkSslContextfrom a pre-configuredSSLContext.- Parameters:
sslContext- theSSLContextto use.isClient-trueif this context should createSSLEngines for client-side usage.ciphers- the ciphers to use ornullif the standard should be used.cipherFilter- the filter to use.apn- theApplicationProtocolConfigto use.clientAuth- theClientAuthto use. This will only be used when {@param isClient} isfalse.
-
JdkSslContext
public JdkSslContext(javax.net.ssl.SSLContext sslContext, boolean isClient, java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, ClientAuth clientAuth, java.lang.String[] protocols, boolean startTls)Creates a newJdkSslContextfrom a pre-configuredSSLContext.- Parameters:
sslContext- theSSLContextto use.isClient-trueif this context should createSSLEngines for client-side usage.ciphers- the ciphers to use ornullif the standard should be used.cipherFilter- the filter to use.apn- theApplicationProtocolConfigto use.clientAuth- theClientAuthto use. This will only be used when {@param isClient} isfalse.protocols- the protocols to enable, ornullto enable the default protocols.startTls-trueif the first write request shouldn't be encrypted
-
JdkSslContext
JdkSslContext(javax.net.ssl.SSLContext sslContext, boolean isClient, java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter, JdkApplicationProtocolNegotiator apn, ClientAuth clientAuth, java.lang.String[] protocols, boolean startTls)
-
-
Method Detail
-
defaultProtocols
private static java.lang.String[] defaultProtocols(javax.net.ssl.SSLContext context, javax.net.ssl.SSLEngine engine)
-
supportedCiphers
private static java.util.Set<java.lang.String> supportedCiphers(javax.net.ssl.SSLEngine engine)
-
defaultCiphers
private static java.util.List<java.lang.String> defaultCiphers(javax.net.ssl.SSLEngine engine, java.util.Set<java.lang.String> supportedCiphers)
-
isTlsV13Supported
private static boolean isTlsV13Supported(java.lang.String[] protocols)
-
context
public final javax.net.ssl.SSLContext context()
Returns the JDKSSLContextobject held by this context.
-
isClient
public final boolean isClient()
Description copied from class:SslContextReturns thetrueif and only if this context is for client-side.- Specified by:
isClientin classSslContext
-
sessionContext
public final javax.net.ssl.SSLSessionContext sessionContext()
Returns the JDKSSLSessionContextobject held by this context.- Specified by:
sessionContextin classSslContext
-
cipherSuites
public final java.util.List<java.lang.String> cipherSuites()
Description copied from class:SslContextReturns the list of enabled cipher suites, in the order of preference.- Specified by:
cipherSuitesin classSslContext
-
sessionCacheSize
public final long sessionCacheSize()
Description copied from class:SslContextReturns the size of the cache used for storing SSL session objects.- Specified by:
sessionCacheSizein classSslContext
-
sessionTimeout
public final long sessionTimeout()
Description copied from class:SslContextReturns the timeout for the cached SSL session objects, in seconds.- Specified by:
sessionTimeoutin classSslContext
-
newEngine
public final javax.net.ssl.SSLEngine newEngine(ByteBufAllocator alloc)
Description copied from class:SslContextCreates a newSSLEngine.If
SslProvider#OPENSSL_REFCNTis used then the object must be released. One way to do this is to wrap in aSslHandlerand insert it into a pipeline. SeeSslContext.newHandler(ByteBufAllocator).- Specified by:
newEnginein classSslContext- Returns:
- a new
SSLEngine
-
newEngine
public final javax.net.ssl.SSLEngine newEngine(ByteBufAllocator alloc, java.lang.String peerHost, int peerPort)
Description copied from class:SslContextCreates a newSSLEngineusing advisory peer information.If
SslProvider#OPENSSL_REFCNTis used then the object must be released. One way to do this is to wrap in aSslHandlerand insert it into a pipeline. SeeSslContext.newHandler(ByteBufAllocator, String, int).- Specified by:
newEnginein classSslContextpeerHost- the non-authoritative name of the hostpeerPort- the non-authoritative port- Returns:
- a new
SSLEngine
-
configureAndWrapEngine
private javax.net.ssl.SSLEngine configureAndWrapEngine(javax.net.ssl.SSLEngine engine, ByteBufAllocator alloc)
-
applicationProtocolNegotiator
public final JdkApplicationProtocolNegotiator applicationProtocolNegotiator()
Description copied from class:SslContextReturns the object responsible for negotiating application layer protocols for the TLS NPN/ALPN extensions.- Specified by:
applicationProtocolNegotiatorin classSslContext
-
toNegotiator
static JdkApplicationProtocolNegotiator toNegotiator(ApplicationProtocolConfig config, boolean isServer)
Translate aApplicationProtocolConfigobject to aJdkApplicationProtocolNegotiatorobject.- Parameters:
config- The configuration which defines the translationisServer-trueif a serverfalseotherwise.- Returns:
- The results of the translation
-
buildKeyManagerFactory
static javax.net.ssl.KeyManagerFactory buildKeyManagerFactory(java.io.File certChainFile, java.io.File keyFile, java.lang.String keyPassword, javax.net.ssl.KeyManagerFactory kmf, java.lang.String keyStore) throws java.security.UnrecoverableKeyException, java.security.KeyStoreException, java.security.NoSuchAlgorithmException, javax.crypto.NoSuchPaddingException, java.security.spec.InvalidKeySpecException, java.security.InvalidAlgorithmParameterException, java.security.cert.CertificateException, java.security.KeyException, java.io.IOExceptionBuild aKeyManagerFactorybased upon a key file, key file password, and a certificate chain.- Parameters:
certChainFile- an X.509 certificate chain file in PEM formatkeyFile- a PKCS#8 private key file in PEM formatkeyPassword- the password of thekeyFile.nullif it's not password-protected.kmf- The existingKeyManagerFactorythat will be used if notnullkeyStore- theKeyStorethat should be used in theKeyManagerFactory- Returns:
- A
KeyManagerFactorybased upon a key file, key file password, and a certificate chain. - Throws:
java.security.UnrecoverableKeyExceptionjava.security.KeyStoreExceptionjava.security.NoSuchAlgorithmExceptionjavax.crypto.NoSuchPaddingExceptionjava.security.spec.InvalidKeySpecExceptionjava.security.InvalidAlgorithmParameterExceptionjava.security.cert.CertificateExceptionjava.security.KeyExceptionjava.io.IOException
-
buildKeyManagerFactory
@Deprecated protected static javax.net.ssl.KeyManagerFactory buildKeyManagerFactory(java.io.File certChainFile, java.io.File keyFile, java.lang.String keyPassword, javax.net.ssl.KeyManagerFactory kmf) throws java.security.UnrecoverableKeyException, java.security.KeyStoreException, java.security.NoSuchAlgorithmException, javax.crypto.NoSuchPaddingException, java.security.spec.InvalidKeySpecException, java.security.InvalidAlgorithmParameterException, java.security.cert.CertificateException, java.security.KeyException, java.io.IOExceptionDeprecated.will be removed.Build aKeyManagerFactorybased upon a key file, key file password, and a certificate chain.- Parameters:
certChainFile- an X.509 certificate chain file in PEM formatkeyFile- a PKCS#8 private key file in PEM formatkeyPassword- the password of thekeyFile.nullif it's not password-protected.kmf- The existingKeyManagerFactorythat will be used if notnull- Returns:
- A
KeyManagerFactorybased upon a key file, key file password, and a certificate chain. - Throws:
java.security.UnrecoverableKeyExceptionjava.security.KeyStoreExceptionjava.security.NoSuchAlgorithmExceptionjavax.crypto.NoSuchPaddingExceptionjava.security.spec.InvalidKeySpecExceptionjava.security.InvalidAlgorithmParameterExceptionjava.security.cert.CertificateExceptionjava.security.KeyExceptionjava.io.IOException
-
buildKeyManagerFactory
static javax.net.ssl.KeyManagerFactory buildKeyManagerFactory(java.io.File certChainFile, java.lang.String keyAlgorithm, java.io.File keyFile, java.lang.String keyPassword, javax.net.ssl.KeyManagerFactory kmf, java.lang.String keyStore) throws java.security.KeyStoreException, java.security.NoSuchAlgorithmException, javax.crypto.NoSuchPaddingException, java.security.spec.InvalidKeySpecException, java.security.InvalidAlgorithmParameterException, java.io.IOException, java.security.cert.CertificateException, java.security.KeyException, java.security.UnrecoverableKeyExceptionBuild aKeyManagerFactorybased upon a key algorithm, key file, key file password, and a certificate chain.- Parameters:
certChainFile- an X.509 certificate chain file in PEM formatkeyAlgorithm- the standard name of the requested algorithm. See the Java Secure Socket Extension Reference Guide for information about standard algorithm names.keyFile- a PKCS#8 private key file in PEM formatkeyPassword- the password of thekeyFile.nullif it's not password-protected.kmf- The existingKeyManagerFactorythat will be used if notnullkeyStore- theKeyStorethat should be used in theKeyManagerFactory- Returns:
- A
KeyManagerFactorybased upon a key algorithm, key file, key file password, and a certificate chain. - Throws:
java.security.KeyStoreExceptionjava.security.NoSuchAlgorithmExceptionjavax.crypto.NoSuchPaddingExceptionjava.security.spec.InvalidKeySpecExceptionjava.security.InvalidAlgorithmParameterExceptionjava.io.IOExceptionjava.security.cert.CertificateExceptionjava.security.KeyExceptionjava.security.UnrecoverableKeyException
-
buildKeyManagerFactory
@Deprecated protected static javax.net.ssl.KeyManagerFactory buildKeyManagerFactory(java.io.File certChainFile, java.lang.String keyAlgorithm, java.io.File keyFile, java.lang.String keyPassword, javax.net.ssl.KeyManagerFactory kmf) throws java.security.KeyStoreException, java.security.NoSuchAlgorithmException, javax.crypto.NoSuchPaddingException, java.security.spec.InvalidKeySpecException, java.security.InvalidAlgorithmParameterException, java.io.IOException, java.security.cert.CertificateException, java.security.KeyException, java.security.UnrecoverableKeyExceptionDeprecated.will be removed.Build aKeyManagerFactorybased upon a key algorithm, key file, key file password, and a certificate chain.- Parameters:
certChainFile- an buildKeyManagerFactory X.509 certificate chain file in PEM formatkeyAlgorithm- the standard name of the requested algorithm. See the Java Secure Socket Extension Reference Guide for information about standard algorithm names.keyFile- a PKCS#8 private key file in PEM formatkeyPassword- the password of thekeyFile.nullif it's not password-protected.kmf- The existingKeyManagerFactorythat will be used if notnull- Returns:
- A
KeyManagerFactorybased upon a key algorithm, key file, key file password, and a certificate chain. - Throws:
java.security.KeyStoreExceptionjava.security.NoSuchAlgorithmExceptionjavax.crypto.NoSuchPaddingExceptionjava.security.spec.InvalidKeySpecExceptionjava.security.InvalidAlgorithmParameterExceptionjava.io.IOExceptionjava.security.cert.CertificateExceptionjava.security.KeyExceptionjava.security.UnrecoverableKeyException
-
-