Package io.netty.handler.ssl
Class SslContextBuilder
- java.lang.Object
-
- io.netty.handler.ssl.SslContextBuilder
-
public final class SslContextBuilder extends java.lang.ObjectBuilder for configuring a new SslContext for creation.
-
-
Field Summary
Fields Modifier and Type Field Description private ApplicationProtocolConfigapnprivate CipherSuiteFiltercipherFilterprivate java.lang.Iterable<java.lang.String>ciphersprivate ClientAuthclientAuthprivate booleanenableOcspprivate booleanforServerprivate java.security.PrivateKeykeyprivate java.security.cert.X509Certificate[]keyCertChainprivate javax.net.ssl.KeyManagerFactorykeyManagerFactoryprivate java.lang.StringkeyPasswordprivate java.lang.StringkeyStoreTypeprivate java.lang.String[]protocolsprivate SslProviderproviderprivate longsessionCacheSizeprivate longsessionTimeoutprivate java.security.ProvidersslContextProviderprivate booleanstartTlsprivate java.security.cert.X509Certificate[]trustCertCollectionprivate javax.net.ssl.TrustManagerFactorytrustManagerFactory
-
Constructor Summary
Constructors Modifier Constructor Description privateSslContextBuilder(boolean forServer)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description SslContextBuilderapplicationProtocolConfig(ApplicationProtocolConfig apn)Application protocol negotiation configuration.SslContextbuild()Create newSslContextinstance with configured settings.SslContextBuilderciphers(java.lang.Iterable<java.lang.String> ciphers)The cipher suites to enable, in the order of preference.SslContextBuilderciphers(java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter)The cipher suites to enable, in the order of preference.SslContextBuilderclientAuth(ClientAuth clientAuth)Sets the client authentication mode.SslContextBuilderenableOcsp(boolean enableOcsp)Enables OCSP stapling.static SslContextBuilderforClient()Creates a builder for new client-sideSslContext.static SslContextBuilderforServer(java.io.File keyCertChainFile, java.io.File keyFile)Creates a builder for new server-sideSslContext.static SslContextBuilderforServer(java.io.File keyCertChainFile, java.io.File keyFile, java.lang.String keyPassword)Creates a builder for new server-sideSslContext.static SslContextBuilderforServer(java.io.InputStream keyCertChainInputStream, java.io.InputStream keyInputStream)Creates a builder for new server-sideSslContext.static SslContextBuilderforServer(java.io.InputStream keyCertChainInputStream, java.io.InputStream keyInputStream, java.lang.String keyPassword)Creates a builder for new server-sideSslContext.static SslContextBuilderforServer(java.security.PrivateKey key, java.lang.Iterable<? extends java.security.cert.X509Certificate> keyCertChain)Creates a builder for new server-sideSslContext.static SslContextBuilderforServer(java.security.PrivateKey key, java.lang.String keyPassword, java.lang.Iterable<? extends java.security.cert.X509Certificate> keyCertChain)Creates a builder for new server-sideSslContext.static SslContextBuilderforServer(java.security.PrivateKey key, java.lang.String keyPassword, java.security.cert.X509Certificate... keyCertChain)Creates a builder for new server-sideSslContext.static SslContextBuilderforServer(java.security.PrivateKey key, java.security.cert.X509Certificate... keyCertChain)Creates a builder for new server-sideSslContext.static SslContextBuilderforServer(javax.net.ssl.KeyManager keyManager)Creates a builder for new server-sideSslContextwithKeyManager.static SslContextBuilderforServer(javax.net.ssl.KeyManagerFactory keyManagerFactory)Creates a builder for new server-sideSslContext.SslContextBuilderkeyManager(java.io.File keyCertChainFile, java.io.File keyFile)Identifying certificate for this host.SslContextBuilderkeyManager(java.io.File keyCertChainFile, java.io.File keyFile, java.lang.String keyPassword)Identifying certificate for this host.SslContextBuilderkeyManager(java.io.InputStream keyCertChainInputStream, java.io.InputStream keyInputStream)Identifying certificate for this host.SslContextBuilderkeyManager(java.io.InputStream keyCertChainInputStream, java.io.InputStream keyInputStream, java.lang.String keyPassword)Identifying certificate for this host.SslContextBuilderkeyManager(java.security.PrivateKey key, java.lang.Iterable<? extends java.security.cert.X509Certificate> keyCertChain)Identifying certificate for this host.SslContextBuilderkeyManager(java.security.PrivateKey key, java.lang.String keyPassword, java.lang.Iterable<? extends java.security.cert.X509Certificate> keyCertChain)Identifying certificate for this host.SslContextBuilderkeyManager(java.security.PrivateKey key, java.lang.String keyPassword, java.security.cert.X509Certificate... keyCertChain)Identifying certificate for this host.SslContextBuilderkeyManager(java.security.PrivateKey key, java.security.cert.X509Certificate... keyCertChain)Identifying certificate for this host.SslContextBuilderkeyManager(javax.net.ssl.KeyManager keyManager)A single key manager managing the identity information of this host.SslContextBuilderkeyManager(javax.net.ssl.KeyManagerFactory keyManagerFactory)Identifying manager for this host.SslContextBuilderkeyStoreType(java.lang.String keyStoreType)Sets theKeyStoretype that should be used.SslContextBuilderprotocols(java.lang.Iterable<java.lang.String> protocols)The TLS protocol versions to enable.SslContextBuilderprotocols(java.lang.String... protocols)The TLS protocol versions to enable.SslContextBuildersessionCacheSize(long sessionCacheSize)Set the size of the cache used for storing SSL session objects.SslContextBuildersessionTimeout(long sessionTimeout)Set the timeout for the cached SSL session objects, in seconds.SslContextBuildersslContextProvider(java.security.Provider sslContextProvider)The SSLContextProviderto use.SslContextBuildersslProvider(SslProvider provider)TheSslContextimplementation to use.SslContextBuilderstartTls(boolean startTls)trueif the first write request shouldn't be encrypted.private static <T> T[]toArray(java.lang.Iterable<? extends T> iterable, T[] prototype)SslContextBuildertrustManager(java.io.File trustCertCollectionFile)Trusted certificates for verifying the remote endpoint's certificate.SslContextBuildertrustManager(java.io.InputStream trustCertCollectionInputStream)Trusted certificates for verifying the remote endpoint's certificate.SslContextBuildertrustManager(java.lang.Iterable<? extends java.security.cert.X509Certificate> trustCertCollection)Trusted certificates for verifying the remote endpoint's certificate,nulluses the system default.SslContextBuildertrustManager(java.security.cert.X509Certificate... trustCertCollection)Trusted certificates for verifying the remote endpoint's certificate,nulluses the system default.SslContextBuildertrustManager(javax.net.ssl.TrustManager trustManager)A single trusted manager for verifying the remote endpoint's certificate.SslContextBuildertrustManager(javax.net.ssl.TrustManagerFactory trustManagerFactory)Trusted manager for verifying the remote endpoint's certificate.
-
-
-
Field Detail
-
forServer
private final boolean forServer
-
provider
private SslProvider provider
-
sslContextProvider
private java.security.Provider sslContextProvider
-
trustCertCollection
private java.security.cert.X509Certificate[] trustCertCollection
-
trustManagerFactory
private javax.net.ssl.TrustManagerFactory trustManagerFactory
-
keyCertChain
private java.security.cert.X509Certificate[] keyCertChain
-
key
private java.security.PrivateKey key
-
keyPassword
private java.lang.String keyPassword
-
keyManagerFactory
private javax.net.ssl.KeyManagerFactory keyManagerFactory
-
ciphers
private java.lang.Iterable<java.lang.String> ciphers
-
cipherFilter
private CipherSuiteFilter cipherFilter
-
apn
private ApplicationProtocolConfig apn
-
sessionCacheSize
private long sessionCacheSize
-
sessionTimeout
private long sessionTimeout
-
clientAuth
private ClientAuth clientAuth
-
protocols
private java.lang.String[] protocols
-
startTls
private boolean startTls
-
enableOcsp
private boolean enableOcsp
-
keyStoreType
private java.lang.String keyStoreType
-
-
Method Detail
-
forClient
public static SslContextBuilder forClient()
Creates a builder for new client-sideSslContext.
-
forServer
public static SslContextBuilder forServer(java.io.File keyCertChainFile, java.io.File keyFile)
Creates a builder for new server-sideSslContext.- Parameters:
keyCertChainFile- an X.509 certificate chain file in PEM formatkeyFile- a PKCS#8 private key file in PEM format- See Also:
keyManager(File, File)
-
forServer
public static SslContextBuilder forServer(java.io.InputStream keyCertChainInputStream, java.io.InputStream keyInputStream)
Creates a builder for new server-sideSslContext.- Parameters:
keyCertChainInputStream- an input stream for an X.509 certificate chain in PEM formatkeyInputStream- an input stream for a PKCS#8 private key in PEM format- See Also:
keyManager(InputStream, InputStream)
-
forServer
public static SslContextBuilder forServer(java.security.PrivateKey key, java.security.cert.X509Certificate... keyCertChain)
Creates a builder for new server-sideSslContext.- Parameters:
key- a PKCS#8 private keykeyCertChain- the X.509 certificate chain- See Also:
keyManager(PrivateKey, X509Certificate[])
-
forServer
public static SslContextBuilder forServer(java.security.PrivateKey key, java.lang.Iterable<? extends java.security.cert.X509Certificate> keyCertChain)
Creates a builder for new server-sideSslContext.- Parameters:
key- a PKCS#8 private keykeyCertChain- the X.509 certificate chain- See Also:
keyManager(PrivateKey, X509Certificate[])
-
forServer
public static SslContextBuilder forServer(java.io.File keyCertChainFile, java.io.File keyFile, java.lang.String keyPassword)
Creates a builder for new server-sideSslContext.- Parameters:
keyCertChainFile- an X.509 certificate chain file in PEM formatkeyFile- a PKCS#8 private key file in PEM formatkeyPassword- the password of thekeyFile, ornullif it's not password-protected- See Also:
keyManager(File, File, String)
-
forServer
public static SslContextBuilder forServer(java.io.InputStream keyCertChainInputStream, java.io.InputStream keyInputStream, java.lang.String keyPassword)
Creates a builder for new server-sideSslContext.- Parameters:
keyCertChainInputStream- an input stream for an X.509 certificate chain in PEM formatkeyInputStream- an input stream for a PKCS#8 private key in PEM formatkeyPassword- the password of thekeyFile, ornullif it's not password-protected- See Also:
keyManager(InputStream, InputStream, String)
-
forServer
public static SslContextBuilder forServer(java.security.PrivateKey key, java.lang.String keyPassword, java.security.cert.X509Certificate... keyCertChain)
Creates a builder for new server-sideSslContext.- Parameters:
key- a PKCS#8 private keykeyCertChain- the X.509 certificate chainkeyPassword- the password of thekeyFile, ornullif it's not password-protected- See Also:
keyManager(File, File, String)
-
forServer
public static SslContextBuilder forServer(java.security.PrivateKey key, java.lang.String keyPassword, java.lang.Iterable<? extends java.security.cert.X509Certificate> keyCertChain)
Creates a builder for new server-sideSslContext.- Parameters:
key- a PKCS#8 private keykeyCertChain- the X.509 certificate chainkeyPassword- the password of thekeyFile, ornullif it's not password-protected- See Also:
keyManager(File, File, String)
-
forServer
public static SslContextBuilder forServer(javax.net.ssl.KeyManagerFactory keyManagerFactory)
Creates a builder for new server-sideSslContext. If you useSslProvider#OPENSSLorSslProvider#OPENSSL_REFCNTconsider usingOpenSslX509KeyManagerFactoryorOpenSslCachingX509KeyManagerFactory.- Parameters:
keyManagerFactory- non-nullfactory for server's private key- See Also:
keyManager(KeyManagerFactory)
-
forServer
public static SslContextBuilder forServer(javax.net.ssl.KeyManager keyManager)
Creates a builder for new server-sideSslContextwithKeyManager.- Parameters:
KeyManager- non-nullKeyManager for server's private key
-
sslProvider
public SslContextBuilder sslProvider(SslProvider provider)
TheSslContextimplementation to use.nulluses the default one.
-
keyStoreType
public SslContextBuilder keyStoreType(java.lang.String keyStoreType)
Sets theKeyStoretype that should be used.nulluses the default one.
-
sslContextProvider
public SslContextBuilder sslContextProvider(java.security.Provider sslContextProvider)
-
trustManager
public SslContextBuilder trustManager(java.io.File trustCertCollectionFile)
Trusted certificates for verifying the remote endpoint's certificate. The file should contain an X.509 certificate collection in PEM format.nulluses the system default.
-
trustManager
public SslContextBuilder trustManager(java.io.InputStream trustCertCollectionInputStream)
Trusted certificates for verifying the remote endpoint's certificate. The input stream should contain an X.509 certificate collection in PEM format.nulluses the system default.
-
trustManager
public SslContextBuilder trustManager(java.security.cert.X509Certificate... trustCertCollection)
Trusted certificates for verifying the remote endpoint's certificate,nulluses the system default.
-
trustManager
public SslContextBuilder trustManager(java.lang.Iterable<? extends java.security.cert.X509Certificate> trustCertCollection)
Trusted certificates for verifying the remote endpoint's certificate,nulluses the system default.
-
trustManager
public SslContextBuilder trustManager(javax.net.ssl.TrustManagerFactory trustManagerFactory)
Trusted manager for verifying the remote endpoint's certificate.nulluses the system default.
-
trustManager
public SslContextBuilder trustManager(javax.net.ssl.TrustManager trustManager)
A single trusted manager for verifying the remote endpoint's certificate. This is helpful when custom implementation ofTrustManageris needed. Internally, a simple wrapper ofTrustManagerFactorythat only produces this specifiedTrustManagerwill be created, thus all the requirements specified intrustManager(TrustManagerFactory trustManagerFactory)also apply here.
-
keyManager
public SslContextBuilder keyManager(java.io.File keyCertChainFile, java.io.File keyFile)
Identifying certificate for this host.keyCertChainFileandkeyFilemay benullfor client contexts, which disables mutual authentication.- Parameters:
keyCertChainFile- an X.509 certificate chain file in PEM formatkeyFile- a PKCS#8 private key file in PEM format
-
keyManager
public SslContextBuilder keyManager(java.io.InputStream keyCertChainInputStream, java.io.InputStream keyInputStream)
Identifying certificate for this host.keyCertChainInputStreamandkeyInputStreammay benullfor client contexts, which disables mutual authentication.- Parameters:
keyCertChainInputStream- an input stream for an X.509 certificate chain in PEM formatkeyInputStream- an input stream for a PKCS#8 private key in PEM format
-
keyManager
public SslContextBuilder keyManager(java.security.PrivateKey key, java.security.cert.X509Certificate... keyCertChain)
Identifying certificate for this host.keyCertChainandkeymay benullfor client contexts, which disables mutual authentication.- Parameters:
key- a PKCS#8 private keykeyCertChain- an X.509 certificate chain
-
keyManager
public SslContextBuilder keyManager(java.security.PrivateKey key, java.lang.Iterable<? extends java.security.cert.X509Certificate> keyCertChain)
Identifying certificate for this host.keyCertChainandkeymay benullfor client contexts, which disables mutual authentication.- Parameters:
key- a PKCS#8 private keykeyCertChain- an X.509 certificate chain
-
keyManager
public SslContextBuilder keyManager(java.io.File keyCertChainFile, java.io.File keyFile, java.lang.String keyPassword)
Identifying certificate for this host.keyCertChainFileandkeyFilemay benullfor client contexts, which disables mutual authentication.- Parameters:
keyCertChainFile- an X.509 certificate chain file in PEM formatkeyFile- a PKCS#8 private key file in PEM formatkeyPassword- the password of thekeyFile, ornullif it's not password-protected
-
keyManager
public SslContextBuilder keyManager(java.io.InputStream keyCertChainInputStream, java.io.InputStream keyInputStream, java.lang.String keyPassword)
Identifying certificate for this host.keyCertChainInputStreamandkeyInputStreammay benullfor client contexts, which disables mutual authentication.- Parameters:
keyCertChainInputStream- an input stream for an X.509 certificate chain in PEM formatkeyInputStream- an input stream for a PKCS#8 private key in PEM formatkeyPassword- the password of thekeyInputStream, ornullif it's not password-protected
-
keyManager
public SslContextBuilder keyManager(java.security.PrivateKey key, java.lang.String keyPassword, java.security.cert.X509Certificate... keyCertChain)
Identifying certificate for this host.keyCertChainandkeymay benullfor client contexts, which disables mutual authentication.- Parameters:
key- a PKCS#8 private key filekeyPassword- the password of thekey, ornullif it's not password-protectedkeyCertChain- an X.509 certificate chain
-
keyManager
public SslContextBuilder keyManager(java.security.PrivateKey key, java.lang.String keyPassword, java.lang.Iterable<? extends java.security.cert.X509Certificate> keyCertChain)
Identifying certificate for this host.keyCertChainandkeymay benullfor client contexts, which disables mutual authentication.- Parameters:
key- a PKCS#8 private key filekeyPassword- the password of thekey, ornullif it's not password-protectedkeyCertChain- an X.509 certificate chain
-
keyManager
public SslContextBuilder keyManager(javax.net.ssl.KeyManagerFactory keyManagerFactory)
Identifying manager for this host.keyManagerFactorymay benullfor client contexts, which disables mutual authentication. Using aKeyManagerFactoryis only supported forSslProvider.JDKorSslProvider#OPENSSL/SslProvider#OPENSSL_REFCNTif the used openssl version is 1.0.1+. You can check if your openssl version supports using aKeyManagerFactoryby callingOpenSsl#supportsKeyManagerFactory(). If this is not the case you must usekeyManager(File, File)orkeyManager(File, File, String). If you useSslProvider#OPENSSLorSslProvider#OPENSSL_REFCNTconsider usingOpenSslX509KeyManagerFactoryorOpenSslCachingX509KeyManagerFactory.
-
keyManager
public SslContextBuilder keyManager(javax.net.ssl.KeyManager keyManager)
A single key manager managing the identity information of this host. This is helpful when custom implementation ofKeyManageris needed. Internally, a wrapper ofKeyManagerFactorythat only produces this specifiedKeyManagerwill be created, thus all the requirements specified inkeyManager(KeyManagerFactory keyManagerFactory)also apply here.
-
ciphers
public SslContextBuilder ciphers(java.lang.Iterable<java.lang.String> ciphers)
The cipher suites to enable, in the order of preference.nullto use default cipher suites.
-
ciphers
public SslContextBuilder ciphers(java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter)
The cipher suites to enable, in the order of preference.cipherFilterwill be applied to the ciphers before use. Ifciphersisnull, then the default cipher suites will be used.
-
applicationProtocolConfig
public SslContextBuilder applicationProtocolConfig(ApplicationProtocolConfig apn)
Application protocol negotiation configuration.nulldisables support.
-
sessionCacheSize
public SslContextBuilder sessionCacheSize(long sessionCacheSize)
Set the size of the cache used for storing SSL session objects.0to use the default value.
-
sessionTimeout
public SslContextBuilder sessionTimeout(long sessionTimeout)
Set the timeout for the cached SSL session objects, in seconds.0to use the default value.
-
clientAuth
public SslContextBuilder clientAuth(ClientAuth clientAuth)
Sets the client authentication mode.
-
protocols
public SslContextBuilder protocols(java.lang.String... protocols)
The TLS protocol versions to enable.- Parameters:
protocols- The protocols to enable, ornullto enable the default protocols.- See Also:
SSLEngine.setEnabledCipherSuites(String[])
-
protocols
public SslContextBuilder protocols(java.lang.Iterable<java.lang.String> protocols)
The TLS protocol versions to enable.- Parameters:
protocols- The protocols to enable, ornullto enable the default protocols.- See Also:
SSLEngine.setEnabledCipherSuites(String[])
-
startTls
public SslContextBuilder startTls(boolean startTls)
trueif the first write request shouldn't be encrypted.
-
enableOcsp
@UnstableApi public SslContextBuilder enableOcsp(boolean enableOcsp)
Enables OCSP stapling. Please note that not allSslProviderimplementations support OCSP stapling and an exception will be thrown uponbuild().- See Also:
OpenSsl#isOcspSupported()
-
build
public SslContext build() throws javax.net.ssl.SSLException
Create newSslContextinstance with configured settings.If
sslProvider(SslProvider)is set toSslProvider#OPENSSL_REFCNTthen the caller is responsible for releasing this object, or else native memory may leak.- Throws:
javax.net.ssl.SSLException
-
toArray
private static <T> T[] toArray(java.lang.Iterable<? extends T> iterable, T[] prototype)
-
-