public abstract class SslContext extends Object
SSLEngine
and SslHandler
.
Internally, it is implemented via JDK's SSLContext
or OpenSSL's SSL_CTX
.
// In yourChannelPipelineFactory
:ChannelPipeline
p =Channels.pipeline()
;SslContext
sslCtx =SslContext.newServerContext(...)
; p.addLast("ssl",sslCtx.newEngine()
); ...
// In yourChannelPipelineFactory
:ChannelPipeline
p =Channels.pipeline()
;SslContext
sslCtx =SslContext.newClientContext(...)
; p.addLast("ssl",sslCtx.newEngine(host, port)
); ...
Modifier and Type | Method and Description |
---|---|
SslBufferPool |
bufferPool()
|
abstract List<String> |
cipherSuites()
Returns the list of enabled cipher suites, in the order of preference.
|
static SslProvider |
defaultClientProvider()
Returns the default client-side implementation provider currently in use.
|
static SslProvider |
defaultServerProvider()
Returns the default server-side implementation provider currently in use.
|
abstract boolean |
isClient()
Returns the
true if and only if this context is for client-side. |
boolean |
isServer()
Returns
true if and only if this context is for server-side. |
static SslContext |
newClientContext()
Creates a new client-side
SslContext . |
static SslContext |
newClientContext(File certChainFile)
Creates a new client-side
SslContext . |
static SslContext |
newClientContext(File certChainFile,
TrustManagerFactory trustManagerFactory)
Creates a new client-side
SslContext . |
static SslContext |
newClientContext(SslBufferPool bufPool,
File certChainFile,
TrustManagerFactory trustManagerFactory,
Iterable<String> ciphers,
Iterable<String> nextProtocols,
long sessionCacheSize,
long sessionTimeout)
Creates a new client-side
SslContext . |
static SslContext |
newClientContext(SslProvider provider)
Creates a new client-side
SslContext . |
static SslContext |
newClientContext(SslProvider provider,
File certChainFile)
Creates a new client-side
SslContext . |
static SslContext |
newClientContext(SslProvider provider,
File certChainFile,
TrustManagerFactory trustManagerFactory)
Creates a new client-side
SslContext . |
static SslContext |
newClientContext(SslProvider provider,
SslBufferPool bufPool,
File certChainFile,
TrustManagerFactory trustManagerFactory,
Iterable<String> ciphers,
Iterable<String> nextProtocols,
long sessionCacheSize,
long sessionTimeout)
Creates a new client-side
SslContext . |
static SslContext |
newClientContext(SslProvider provider,
TrustManagerFactory trustManagerFactory)
Creates a new client-side
SslContext . |
static SslContext |
newClientContext(TrustManagerFactory trustManagerFactory)
Creates a new client-side
SslContext . |
abstract SSLEngine |
newEngine()
Creates a new
SSLEngine . |
abstract SSLEngine |
newEngine(String peerHost,
int peerPort)
Creates a new
SSLEngine using advisory peer information. |
SslHandler |
newHandler()
Creates a new
SslHandler . |
SslHandler |
newHandler(String peerHost,
int peerPort)
Creates a new
SslHandler with advisory peer information. |
static SslContext |
newServerContext(File certChainFile,
File keyFile)
Creates a new server-side
SslContext . |
static SslContext |
newServerContext(File certChainFile,
File keyFile,
String keyPassword)
Creates a new server-side
SslContext . |
static SslContext |
newServerContext(SslBufferPool bufPool,
File certChainFile,
File keyFile,
String keyPassword,
Iterable<String> ciphers,
Iterable<String> nextProtocols,
long sessionCacheSize,
long sessionTimeout)
Creates a new server-side
SslContext . |
static SslContext |
newServerContext(SslProvider provider,
File certChainFile,
File keyFile)
Creates a new server-side
SslContext . |
static SslContext |
newServerContext(SslProvider provider,
File certChainFile,
File keyFile,
String keyPassword)
Creates a new server-side
SslContext . |
static SslContext |
newServerContext(SslProvider provider,
SslBufferPool bufPool,
File certChainFile,
File keyFile,
String keyPassword,
Iterable<String> ciphers,
Iterable<String> nextProtocols,
long sessionCacheSize,
long sessionTimeout)
Creates a new server-side
SslContext . |
abstract List<String> |
nextProtocols()
Returns the list of application layer protocols for the TLS NPN/ALPN extension, in the order of preference.
|
abstract long |
sessionCacheSize()
Returns the size of the cache used for storing SSL session objects.
|
abstract long |
sessionTimeout()
Returns the timeout for the cached SSL session objects, in seconds.
|
public static SslProvider defaultServerProvider()
SslProvider.OPENSSL
if OpenSSL is available. SslProvider.JDK
otherwise.public static SslProvider defaultClientProvider()
SslProvider.JDK
, because it is the only implementation at the momentpublic static SslContext newServerContext(File certChainFile, File keyFile) throws SSLException
SslContext
.certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatSslContext
SSLException
public static SslContext newServerContext(File certChainFile, File keyFile, String keyPassword) throws SSLException
SslContext
.certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of the keyFile
.
null
if it's not password-protected.SslContext
SSLException
public static SslContext newServerContext(SslBufferPool bufPool, File certChainFile, File keyFile, String keyPassword, Iterable<String> ciphers, Iterable<String> nextProtocols, long sessionCacheSize, long sessionTimeout) throws SSLException
SslContext
.bufPool
- the buffer pool which will be used by the returned SslContext
.
null
to use the default buffer pool.certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of the keyFile
.
null
if it's not password-protected.ciphers
- the cipher suites to enable, in the order of preference.
null
to use the default cipher suites.nextProtocols
- the application layer protocols to accept, in the order of preference.
null
to disable TLS NPN/ALPN extension.sessionCacheSize
- the size of the cache used for storing SSL session objects.
0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.
0
to use the default value.SslContext
SSLException
public static SslContext newServerContext(SslProvider provider, File certChainFile, File keyFile) throws SSLException
SslContext
.provider
- the SslContext
implementation to use.
null
to use the current default one.certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatSslContext
SSLException
public static SslContext newServerContext(SslProvider provider, File certChainFile, File keyFile, String keyPassword) throws SSLException
SslContext
.provider
- the SslContext
implementation to use.
null
to use the current default one.certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of the keyFile
.
null
if it's not password-protected.SslContext
SSLException
public static SslContext newServerContext(SslProvider provider, SslBufferPool bufPool, File certChainFile, File keyFile, String keyPassword, Iterable<String> ciphers, Iterable<String> nextProtocols, long sessionCacheSize, long sessionTimeout) throws SSLException
SslContext
.provider
- the SslContext
implementation to use.
null
to use the current default one.bufPool
- the buffer pool which will be used by the returned SslContext
.
null
to use the default buffer pool.certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of the keyFile
.
null
if it's not password-protected.ciphers
- the cipher suites to enable, in the order of preference.
null
to use the default cipher suites.nextProtocols
- the application layer protocols to accept, in the order of preference.
null
to disable TLS NPN/ALPN extension.sessionCacheSize
- the size of the cache used for storing SSL session objects.
0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.
0
to use the default value.SslContext
SSLException
public static SslContext newClientContext() throws SSLException
SslContext
.SslContext
SSLException
public static SslContext newClientContext(File certChainFile) throws SSLException
SslContext
.certChainFile
- an X.509 certificate chain file in PEM formatSslContext
SSLException
public static SslContext newClientContext(TrustManagerFactory trustManagerFactory) throws SSLException
SslContext
.trustManagerFactory
- the TrustManagerFactory
that provides the TrustManager
s
that verifies the certificates sent from servers.
null
to use the default.SslContext
SSLException
public static SslContext newClientContext(File certChainFile, TrustManagerFactory trustManagerFactory) throws SSLException
SslContext
.certChainFile
- an X.509 certificate chain file in PEM format.
null
to use the system defaulttrustManagerFactory
- the TrustManagerFactory
that provides the TrustManager
s
that verifies the certificates sent from servers.
null
to use the default.SslContext
SSLException
public static SslContext newClientContext(SslBufferPool bufPool, File certChainFile, TrustManagerFactory trustManagerFactory, Iterable<String> ciphers, Iterable<String> nextProtocols, long sessionCacheSize, long sessionTimeout) throws SSLException
SslContext
.bufPool
- the buffer pool which will be used by the returned SslContext
.
null
to use the default buffer pool.certChainFile
- an X.509 certificate chain file in PEM format.
null
to use the system defaulttrustManagerFactory
- the TrustManagerFactory
that provides the TrustManager
s
that verifies the certificates sent from servers.
null
to use the default.ciphers
- the cipher suites to enable, in the order of preference.
null
to use the default cipher suites.nextProtocols
- the application layer protocols to accept, in the order of preference.
null
to disable TLS NPN/ALPN extension.sessionCacheSize
- the size of the cache used for storing SSL session objects.
0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.
0
to use the default value.SslContext
SSLException
public static SslContext newClientContext(SslProvider provider) throws SSLException
SslContext
.provider
- the SslContext
implementation to use.
null
to use the current default one.SslContext
SSLException
public static SslContext newClientContext(SslProvider provider, File certChainFile) throws SSLException
SslContext
.provider
- the SslContext
implementation to use.
null
to use the current default one.certChainFile
- an X.509 certificate chain file in PEM format.
null
to use the system defaultSslContext
SSLException
public static SslContext newClientContext(SslProvider provider, TrustManagerFactory trustManagerFactory) throws SSLException
SslContext
.provider
- the SslContext
implementation to use.
null
to use the current default one.trustManagerFactory
- the TrustManagerFactory
that provides the TrustManager
s
that verifies the certificates sent from servers.
null
to use the default.SslContext
SSLException
public static SslContext newClientContext(SslProvider provider, File certChainFile, TrustManagerFactory trustManagerFactory) throws SSLException
SslContext
.provider
- the SslContext
implementation to use.
null
to use the current default one.certChainFile
- an X.509 certificate chain file in PEM format.
null
to use the system defaulttrustManagerFactory
- the TrustManagerFactory
that provides the TrustManager
s
that verifies the certificates sent from servers.
null
to use the default.SslContext
SSLException
public static SslContext newClientContext(SslProvider provider, SslBufferPool bufPool, File certChainFile, TrustManagerFactory trustManagerFactory, Iterable<String> ciphers, Iterable<String> nextProtocols, long sessionCacheSize, long sessionTimeout) throws SSLException
SslContext
.provider
- the SslContext
implementation to use.
null
to use the current default one.bufPool
- the buffer pool which will be used by the returned SslContext
.
null
to use the default buffer pool.certChainFile
- an X.509 certificate chain file in PEM format.
null
to use the system defaulttrustManagerFactory
- the TrustManagerFactory
that provides the TrustManager
s
that verifies the certificates sent from servers.
null
to use the default.ciphers
- the cipher suites to enable, in the order of preference.
null
to use the default cipher suites.nextProtocols
- the application layer protocols to accept, in the order of preference.
null
to disable TLS NPN/ALPN extension.sessionCacheSize
- the size of the cache used for storing SSL session objects.
0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.
0
to use the default value.SslContext
SSLException
public final boolean isServer()
true
if and only if this context is for server-side.public final SslBufferPool bufferPool()
public abstract boolean isClient()
true
if and only if this context is for client-side.public abstract List<String> cipherSuites()
public abstract long sessionCacheSize()
public abstract long sessionTimeout()
public abstract List<String> nextProtocols()
null
if NPN/ALPN extension has been disabled.public abstract SSLEngine newEngine(String peerHost, int peerPort)
SSLEngine
using advisory peer information.peerHost
- the non-authoritative name of the hostpeerPort
- the non-authoritative portSSLEngine
public final SslHandler newHandler()
SslHandler
.SslHandler
public final SslHandler newHandler(String peerHost, int peerPort)
SslHandler
with advisory peer information.peerHost
- the non-authoritative name of the hostpeerPort
- the non-authoritative portSslHandler
Copyright © 2008-2015 The Netty Project. All Rights Reserved.