org.jboss.netty.handler.ssl

Class SslContext

java.lang.Object

org.jboss.netty.handler.ssl.SslContext

Direct Known Subclasses:

JdkSslContext, OpenSslServerContext

public abstract class SslContext
extends Object

A secure socket protocol implementation which acts as a factory for SSLEngine and SslHandler. Internally, it is implemented via JDK's SSLContext or OpenSSL's SSL_CTX.

Making your server support SSL/TLS

 // In your ChannelPipelineFactory:
 ChannelPipeline p = Channels.pipeline();
 SslContext sslCtx = SslContext.newServerContext(...);
 p.addLast("ssl", sslCtx.newEngine());
 ...
 

Making your client support SSL/TLS

 // In your ChannelPipelineFactory:
 ChannelPipeline p = Channels.pipeline();
 SslContext sslCtx = SslContext.newClientContext(...);
 p.addLast("ssl", sslCtx.newEngine(host, port));
 ...
 

Method Summary

Methods

Modifier and Type	Method and Description
SslBufferPool	bufferPool() Returns the SslBufferPool used by the SSLEngine and SslHandler created by this context.
abstract List<String>	cipherSuites() Returns the list of enabled cipher suites, in the order of preference.
static SslProvider	defaultClientProvider() Returns the default client-side implementation provider currently in use.
static SslProvider	defaultServerProvider() Returns the default server-side implementation provider currently in use.
abstract boolean	isClient() Returns the true if and only if this context is for client-side.
boolean	isServer() Returns true if and only if this context is for server-side.
static SslContext	newClientContext() Creates a new client-side SslContext.
static SslContext	newClientContext(File certChainFile) Creates a new client-side SslContext.
static SslContext	newClientContext(File certChainFile, TrustManagerFactory trustManagerFactory) Creates a new client-side SslContext.
static SslContext	newClientContext(SslBufferPool bufPool, File certChainFile, TrustManagerFactory trustManagerFactory, Iterable<String> ciphers, Iterable<String> nextProtocols, long sessionCacheSize, long sessionTimeout) Creates a new client-side SslContext.
static SslContext	newClientContext(SslProvider provider) Creates a new client-side SslContext.
static SslContext	newClientContext(SslProvider provider, File certChainFile) Creates a new client-side SslContext.
static SslContext	newClientContext(SslProvider provider, File certChainFile, TrustManagerFactory trustManagerFactory) Creates a new client-side SslContext.
static SslContext	newClientContext(SslProvider provider, SslBufferPool bufPool, File certChainFile, TrustManagerFactory trustManagerFactory, Iterable<String> ciphers, Iterable<String> nextProtocols, long sessionCacheSize, long sessionTimeout) Creates a new client-side SslContext.
static SslContext	newClientContext(SslProvider provider, TrustManagerFactory trustManagerFactory) Creates a new client-side SslContext.
static SslContext	newClientContext(TrustManagerFactory trustManagerFactory) Creates a new client-side SslContext.
abstract SSLEngine	newEngine() Creates a new SSLEngine.
abstract SSLEngine	newEngine(String peerHost, int peerPort) Creates a new SSLEngine using advisory peer information.
SslHandler	newHandler() Creates a new SslHandler.
SslHandler	newHandler(String peerHost, int peerPort) Creates a new SslHandler with advisory peer information.
static SslContext	newServerContext(File certChainFile, File keyFile) Creates a new server-side SslContext.
static SslContext	newServerContext(File certChainFile, File keyFile, String keyPassword) Creates a new server-side SslContext.
static SslContext	newServerContext(SslBufferPool bufPool, File certChainFile, File keyFile, String keyPassword, Iterable<String> ciphers, Iterable<String> nextProtocols, long sessionCacheSize, long sessionTimeout) Creates a new server-side SslContext.
static SslContext	newServerContext(SslProvider provider, File certChainFile, File keyFile) Creates a new server-side SslContext.
static SslContext	newServerContext(SslProvider provider, File certChainFile, File keyFile, String keyPassword) Creates a new server-side SslContext.
static SslContext	newServerContext(SslProvider provider, SslBufferPool bufPool, File certChainFile, File keyFile, String keyPassword, Iterable<String> ciphers, Iterable<String> nextProtocols, long sessionCacheSize, long sessionTimeout) Creates a new server-side SslContext.
abstract List<String>	nextProtocols() Returns the list of application layer protocols for the TLS NPN/ALPN extension, in the order of preference.
abstract long	sessionCacheSize() Returns the size of the cache used for storing SSL session objects.
abstract long	sessionTimeout() Returns the timeout for the cached SSL session objects, in seconds.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

defaultServerProvider

public static SslProvider defaultServerProvider()

Returns the default server-side implementation provider currently in use.

Returns:

SslProvider.OPENSSL if OpenSSL is available. SslProvider.JDK otherwise.

defaultClientProvider

public static SslProvider defaultClientProvider()

Returns the default client-side implementation provider currently in use.

Returns:

SslProvider.JDK, because it is the only implementation at the moment

newServerContext

public static SslContext newServerContext(File certChainFile,
                          File keyFile)
                                   throws SSLException

Creates a new server-side SslContext.

Parameters:

certChainFile - an X.509 certificate chain file in PEM format

keyFile - a PKCS#8 private key file in PEM format

Returns:

a new server-side SslContext

Throws:

SSLException

newServerContext

public static SslContext newServerContext(File certChainFile,
                          File keyFile,
                          String keyPassword)
                                   throws SSLException

Creates a new server-side SslContext.

Parameters:

certChainFile - an X.509 certificate chain file in PEM format

keyFile - a PKCS#8 private key file in PEM format

keyPassword - the password of the keyFile. null if it's not password-protected.

Returns:

a new server-side SslContext

Throws:

SSLException

newServerContext

public static SslContext newServerContext(SslBufferPool bufPool,
                          File certChainFile,
                          File keyFile,
                          String keyPassword,
                          Iterable<String> ciphers,
                          Iterable<String> nextProtocols,
                          long sessionCacheSize,
                          long sessionTimeout)
                                   throws SSLException

Creates a new server-side SslContext.

Parameters:

bufPool - the buffer pool which will be used by the returned SslContext. null to use the default buffer pool.

certChainFile - an X.509 certificate chain file in PEM format

keyFile - a PKCS#8 private key file in PEM format

keyPassword - the password of the keyFile. null if it's not password-protected.

ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.

nextProtocols - the application layer protocols to accept, in the order of preference. null to disable TLS NPN/ALPN extension.

sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.

sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.

Returns:

a new server-side SslContext

Throws:

SSLException

newServerContext

public static SslContext newServerContext(SslProvider provider,
                          File certChainFile,
                          File keyFile)
                                   throws SSLException

Creates a new server-side SslContext.

Parameters:

provider - the SslContext implementation to use. null to use the current default one.

certChainFile - an X.509 certificate chain file in PEM format

keyFile - a PKCS#8 private key file in PEM format

Returns:

a new server-side SslContext

Throws:

SSLException

newServerContext

public static SslContext newServerContext(SslProvider provider,
                          File certChainFile,
                          File keyFile,
                          String keyPassword)
                                   throws SSLException

Creates a new server-side SslContext.

Parameters:

provider - the SslContext implementation to use. null to use the current default one.

certChainFile - an X.509 certificate chain file in PEM format

keyFile - a PKCS#8 private key file in PEM format

keyPassword - the password of the keyFile. null if it's not password-protected.

Returns:

a new server-side SslContext

Throws:

SSLException

newServerContext

public static SslContext newServerContext(SslProvider provider,
                          SslBufferPool bufPool,
                          File certChainFile,
                          File keyFile,
                          String keyPassword,
                          Iterable<String> ciphers,
                          Iterable<String> nextProtocols,
                          long sessionCacheSize,
                          long sessionTimeout)
                                   throws SSLException

Creates a new server-side SslContext.

Parameters:

provider - the SslContext implementation to use. null to use the current default one.

bufPool - the buffer pool which will be used by the returned SslContext. null to use the default buffer pool.

certChainFile - an X.509 certificate chain file in PEM format

keyFile - a PKCS#8 private key file in PEM format

keyPassword - the password of the keyFile. null if it's not password-protected.

ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.

nextProtocols - the application layer protocols to accept, in the order of preference. null to disable TLS NPN/ALPN extension.

sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.

sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.

Returns:

a new server-side SslContext

Throws:

SSLException

newClientContext

public static SslContext newClientContext()
                                   throws SSLException

Creates a new client-side SslContext.

Returns:

a new client-side SslContext

Throws:

SSLException

newClientContext

public static SslContext newClientContext(File certChainFile)
                                   throws SSLException

Creates a new client-side SslContext.

Parameters:

certChainFile - an X.509 certificate chain file in PEM format

Returns:

a new client-side SslContext

Throws:

SSLException

newClientContext

public static SslContext newClientContext(TrustManagerFactory trustManagerFactory)
                                   throws SSLException

Creates a new client-side SslContext.

Parameters:

trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default.

Returns:

a new client-side SslContext

Throws:

SSLException

newClientContext

public static SslContext newClientContext(File certChainFile,
                          TrustManagerFactory trustManagerFactory)
                                   throws SSLException

Creates a new client-side SslContext.

Parameters:

certChainFile - an X.509 certificate chain file in PEM format. null to use the system default

trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default.

Returns:

a new client-side SslContext

Throws:

SSLException

newClientContext

public static SslContext newClientContext(SslBufferPool bufPool,
                          File certChainFile,
                          TrustManagerFactory trustManagerFactory,
                          Iterable<String> ciphers,
                          Iterable<String> nextProtocols,
                          long sessionCacheSize,
                          long sessionTimeout)
                                   throws SSLException

Creates a new client-side SslContext.

Parameters:

bufPool - the buffer pool which will be used by the returned SslContext. null to use the default buffer pool.

certChainFile - an X.509 certificate chain file in PEM format. null to use the system default

trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default.

ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.

nextProtocols - the application layer protocols to accept, in the order of preference. null to disable TLS NPN/ALPN extension.

sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.

sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.

Returns:

a new client-side SslContext

Throws:

SSLException

newClientContext

public static SslContext newClientContext(SslProvider provider)
                                   throws SSLException

Creates a new client-side SslContext.

Parameters:

provider - the SslContext implementation to use. null to use the current default one.

Returns:

a new client-side SslContext

Throws:

SSLException

newClientContext

public static SslContext newClientContext(SslProvider provider,
                          File certChainFile)
                                   throws SSLException

Creates a new client-side SslContext.

Parameters:

provider - the SslContext implementation to use. null to use the current default one.

certChainFile - an X.509 certificate chain file in PEM format. null to use the system default

Returns:

a new client-side SslContext

Throws:

SSLException

newClientContext

public static SslContext newClientContext(SslProvider provider,
                          TrustManagerFactory trustManagerFactory)
                                   throws SSLException

Creates a new client-side SslContext.

Parameters:

provider - the SslContext implementation to use. null to use the current default one.

trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default.

Returns:

a new client-side SslContext

Throws:

SSLException

newClientContext

public static SslContext newClientContext(SslProvider provider,
                          File certChainFile,
                          TrustManagerFactory trustManagerFactory)
                                   throws SSLException

Creates a new client-side SslContext.

Parameters:

provider - the SslContext implementation to use. null to use the current default one.

certChainFile - an X.509 certificate chain file in PEM format. null to use the system default

trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default.

Returns:

a new client-side SslContext

Throws:

SSLException

newClientContext

public static SslContext newClientContext(SslProvider provider,
                          SslBufferPool bufPool,
                          File certChainFile,
                          TrustManagerFactory trustManagerFactory,
                          Iterable<String> ciphers,
                          Iterable<String> nextProtocols,
                          long sessionCacheSize,
                          long sessionTimeout)
                                   throws SSLException

Creates a new client-side SslContext.

Parameters:

provider - the SslContext implementation to use. null to use the current default one.

bufPool - the buffer pool which will be used by the returned SslContext. null to use the default buffer pool.

certChainFile - an X.509 certificate chain file in PEM format. null to use the system default

trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default.

ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.

nextProtocols - the application layer protocols to accept, in the order of preference. null to disable TLS NPN/ALPN extension.

sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.

sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.

Returns:

a new client-side SslContext

Throws:

SSLException

isServer

public final boolean isServer()

Returns true if and only if this context is for server-side.

bufferPool

public final SslBufferPool bufferPool()

Returns the SslBufferPool used by the SSLEngine and SslHandler created by this context.

isClient

public abstract boolean isClient()

Returns the true if and only if this context is for client-side.

cipherSuites

public abstract List<String> cipherSuites()

Returns the list of enabled cipher suites, in the order of preference.

sessionCacheSize

public abstract long sessionCacheSize()

Returns the size of the cache used for storing SSL session objects.

sessionTimeout

public abstract long sessionTimeout()

Returns the timeout for the cached SSL session objects, in seconds.

nextProtocols

public abstract List<String> nextProtocols()

Returns the list of application layer protocols for the TLS NPN/ALPN extension, in the order of preference.

Returns:

the list of application layer protocols. null if NPN/ALPN extension has been disabled.

newEngine

public abstract SSLEngine newEngine()

Creates a new SSLEngine.

Returns:

a new SSLEngine

newEngine

public abstract SSLEngine newEngine(String peerHost,
                  int peerPort)

Creates a new SSLEngine using advisory peer information.

Parameters:

peerHost - the non-authoritative name of the host

peerPort - the non-authoritative port

Returns:

a new SSLEngine

newHandler

public final SslHandler newHandler()

Creates a new SslHandler.

Returns:

a new SslHandler

newHandler

public final SslHandler newHandler(String peerHost,
                    int peerPort)

Creates a new SslHandler with advisory peer information.

Parameters:

peerHost - the non-authoritative name of the host

peerPort - the non-authoritative port

Returns:

a new SslHandler