public final class SslContextBuilder
extends java.lang.Object
Modifier and Type | Method and Description |
---|---|
SslContextBuilder |
applicationProtocolConfig(ApplicationProtocolConfig apn)
Application protocol negotiation configuration.
|
SslContext |
build()
Create new
SslContext instance with configured settings. |
SslContextBuilder |
ciphers(java.lang.Iterable<java.lang.String> ciphers)
The cipher suites to enable, in the order of preference.
|
SslContextBuilder |
ciphers(java.lang.Iterable<java.lang.String> ciphers,
CipherSuiteFilter cipherFilter)
The cipher suites to enable, in the order of preference.
|
SslContextBuilder |
clientAuth(ClientAuth clientAuth)
Sets the client authentication mode.
|
SslContextBuilder |
enableOcsp(boolean enableOcsp)
Enables OCSP stapling.
|
static SslContextBuilder |
forClient()
Creates a builder for new client-side
SslContext . |
static SslContextBuilder |
forServer(java.io.File keyCertChainFile,
java.io.File keyFile)
Creates a builder for new server-side
SslContext . |
static SslContextBuilder |
forServer(java.io.File keyCertChainFile,
java.io.File keyFile,
java.lang.String keyPassword)
Creates a builder for new server-side
SslContext . |
static SslContextBuilder |
forServer(java.io.InputStream keyCertChainInputStream,
java.io.InputStream keyInputStream)
Creates a builder for new server-side
SslContext . |
static SslContextBuilder |
forServer(java.io.InputStream keyCertChainInputStream,
java.io.InputStream keyInputStream,
java.lang.String keyPassword)
Creates a builder for new server-side
SslContext . |
static SslContextBuilder |
forServer(javax.net.ssl.KeyManagerFactory keyManagerFactory)
Creates a builder for new server-side
SslContext . |
static SslContextBuilder |
forServer(java.security.PrivateKey key,
java.lang.String keyPassword,
java.security.cert.X509Certificate... keyCertChain)
Creates a builder for new server-side
SslContext . |
static SslContextBuilder |
forServer(java.security.PrivateKey key,
java.security.cert.X509Certificate... keyCertChain)
Creates a builder for new server-side
SslContext . |
SslContextBuilder |
keyManager(java.io.File keyCertChainFile,
java.io.File keyFile)
Identifying certificate for this host.
|
SslContextBuilder |
keyManager(java.io.File keyCertChainFile,
java.io.File keyFile,
java.lang.String keyPassword)
Identifying certificate for this host.
|
SslContextBuilder |
keyManager(java.io.InputStream keyCertChainInputStream,
java.io.InputStream keyInputStream)
Identifying certificate for this host.
|
SslContextBuilder |
keyManager(java.io.InputStream keyCertChainInputStream,
java.io.InputStream keyInputStream,
java.lang.String keyPassword)
Identifying certificate for this host.
|
SslContextBuilder |
keyManager(javax.net.ssl.KeyManagerFactory keyManagerFactory)
Identifying manager for this host.
|
SslContextBuilder |
keyManager(java.security.PrivateKey key,
java.lang.String keyPassword,
java.security.cert.X509Certificate... keyCertChain)
Identifying certificate for this host.
|
SslContextBuilder |
keyManager(java.security.PrivateKey key,
java.security.cert.X509Certificate... keyCertChain)
Identifying certificate for this host.
|
SslContextBuilder |
protocols(java.lang.String... protocols)
The TLS protocol versions to enable.
|
SslContextBuilder |
sessionCacheSize(long sessionCacheSize)
Set the size of the cache used for storing SSL session objects.
|
SslContextBuilder |
sessionTimeout(long sessionTimeout)
Set the timeout for the cached SSL session objects, in seconds.
|
SslContextBuilder |
sslContextProvider(java.security.Provider sslContextProvider)
The SSLContext
Provider to use. |
SslContextBuilder |
sslProvider(SslProvider provider)
The
SslContext implementation to use. |
SslContextBuilder |
startTls(boolean startTls)
true if the first write request shouldn't be encrypted. |
SslContextBuilder |
trustManager(java.io.File trustCertCollectionFile)
Trusted certificates for verifying the remote endpoint's certificate.
|
SslContextBuilder |
trustManager(java.io.InputStream trustCertCollectionInputStream)
Trusted certificates for verifying the remote endpoint's certificate.
|
SslContextBuilder |
trustManager(javax.net.ssl.TrustManagerFactory trustManagerFactory)
Trusted manager for verifying the remote endpoint's certificate.
|
SslContextBuilder |
trustManager(java.security.cert.X509Certificate... trustCertCollection)
Trusted certificates for verifying the remote endpoint's certificate,
null uses the system default. |
public static SslContextBuilder forClient()
SslContext
.public static SslContextBuilder forServer(java.io.File keyCertChainFile, java.io.File keyFile)
SslContext
.keyCertChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyManager(File, File)
public static SslContextBuilder forServer(java.io.InputStream keyCertChainInputStream, java.io.InputStream keyInputStream)
SslContext
.keyCertChainInputStream
- an input stream for an X.509 certificate chain in PEM formatkeyInputStream
- an input stream for a PKCS#8 private key in PEM formatkeyManager(InputStream, InputStream)
public static SslContextBuilder forServer(java.security.PrivateKey key, java.security.cert.X509Certificate... keyCertChain)
SslContext
.key
- a PKCS#8 private keykeyCertChain
- the X.509 certificate chainkeyManager(PrivateKey, X509Certificate[])
public static SslContextBuilder forServer(java.io.File keyCertChainFile, java.io.File keyFile, java.lang.String keyPassword)
SslContext
.keyCertChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of the keyFile
, or null
if it's not
password-protectedkeyManager(File, File, String)
public static SslContextBuilder forServer(java.io.InputStream keyCertChainInputStream, java.io.InputStream keyInputStream, java.lang.String keyPassword)
SslContext
.keyCertChainInputStream
- an input stream for an X.509 certificate chain in PEM formatkeyInputStream
- an input stream for a PKCS#8 private key in PEM formatkeyPassword
- the password of the keyFile
, or null
if it's not
password-protectedkeyManager(InputStream, InputStream, String)
public static SslContextBuilder forServer(java.security.PrivateKey key, java.lang.String keyPassword, java.security.cert.X509Certificate... keyCertChain)
SslContext
.key
- a PKCS#8 private keykeyCertChain
- the X.509 certificate chainkeyPassword
- the password of the keyFile
, or null
if it's not
password-protectedkeyManager(File, File, String)
public static SslContextBuilder forServer(javax.net.ssl.KeyManagerFactory keyManagerFactory)
SslContext
.keyManagerFactory
- non-null
factory for server's private keykeyManager(KeyManagerFactory)
public SslContextBuilder sslProvider(SslProvider provider)
SslContext
implementation to use. null
uses the default one.public SslContextBuilder sslContextProvider(java.security.Provider sslContextProvider)
public SslContextBuilder trustManager(java.io.File trustCertCollectionFile)
null
uses the system default.public SslContextBuilder trustManager(java.io.InputStream trustCertCollectionInputStream)
null
uses the system default.public SslContextBuilder trustManager(java.security.cert.X509Certificate... trustCertCollection)
null
uses the system default.public SslContextBuilder trustManager(javax.net.ssl.TrustManagerFactory trustManagerFactory)
null
uses the system default.public SslContextBuilder keyManager(java.io.File keyCertChainFile, java.io.File keyFile)
keyCertChainFile
and keyFile
may
be null
for client contexts, which disables mutual authentication.keyCertChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatpublic SslContextBuilder keyManager(java.io.InputStream keyCertChainInputStream, java.io.InputStream keyInputStream)
keyCertChainInputStream
and keyInputStream
may
be null
for client contexts, which disables mutual authentication.keyCertChainInputStream
- an input stream for an X.509 certificate chain in PEM formatkeyInputStream
- an input stream for a PKCS#8 private key in PEM formatpublic SslContextBuilder keyManager(java.security.PrivateKey key, java.security.cert.X509Certificate... keyCertChain)
keyCertChain
and key
may
be null
for client contexts, which disables mutual authentication.key
- a PKCS#8 private keykeyCertChain
- an X.509 certificate chainpublic SslContextBuilder keyManager(java.io.File keyCertChainFile, java.io.File keyFile, java.lang.String keyPassword)
keyCertChainFile
and keyFile
may
be null
for client contexts, which disables mutual authentication.keyCertChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of the keyFile
, or null
if it's not
password-protectedpublic SslContextBuilder keyManager(java.io.InputStream keyCertChainInputStream, java.io.InputStream keyInputStream, java.lang.String keyPassword)
keyCertChainInputStream
and keyInputStream
may
be null
for client contexts, which disables mutual authentication.keyCertChainInputStream
- an input stream for an X.509 certificate chain in PEM formatkeyInputStream
- an input stream for a PKCS#8 private key in PEM formatkeyPassword
- the password of the keyInputStream
, or null
if it's not
password-protectedpublic SslContextBuilder keyManager(java.security.PrivateKey key, java.lang.String keyPassword, java.security.cert.X509Certificate... keyCertChain)
keyCertChain
and key
may
be null
for client contexts, which disables mutual authentication.key
- a PKCS#8 private key filekeyPassword
- the password of the key
, or null
if it's not
password-protectedkeyCertChain
- an X.509 certificate chainpublic SslContextBuilder keyManager(javax.net.ssl.KeyManagerFactory keyManagerFactory)
keyManagerFactory
may be null
for
client contexts, which disables mutual authentication. Using a KeyManagerFactory
is only supported for SslProvider.JDK
or SslProvider.OPENSSL
/ SslProvider.OPENSSL_REFCNT
if the used openssl version is 1.0.1+. You can check if your openssl version supports using a
KeyManagerFactory
by calling OpenSsl.supportsKeyManagerFactory()
. If this is not the case
you must use keyManager(File, File)
or keyManager(File, File, String)
.public SslContextBuilder ciphers(java.lang.Iterable<java.lang.String> ciphers)
null
to use default
cipher suites.public SslContextBuilder ciphers(java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter)
cipherFilter
will be
applied to the ciphers before use. If ciphers
is null
, then the default
cipher suites will be used.public SslContextBuilder applicationProtocolConfig(ApplicationProtocolConfig apn)
null
disables support.public SslContextBuilder sessionCacheSize(long sessionCacheSize)
0
to use the
default value.public SslContextBuilder sessionTimeout(long sessionTimeout)
0
to use the
default value.public SslContextBuilder clientAuth(ClientAuth clientAuth)
public SslContextBuilder protocols(java.lang.String... protocols)
protocols
- The protocols to enable, or null
to enable the default protocols.SSLEngine.setEnabledCipherSuites(String[])
public SslContextBuilder startTls(boolean startTls)
true
if the first write request shouldn't be encrypted.@UnstableApi public SslContextBuilder enableOcsp(boolean enableOcsp)
SslProvider
implementations support OCSP
stapling and an exception will be thrown upon build()
.OpenSsl.isOcspSupported()
public SslContext build() throws javax.net.ssl.SSLException
SslContext
instance with configured settings.
If sslProvider(SslProvider)
is set to SslProvider.OPENSSL_REFCNT
then the caller is
responsible for releasing this object, or else native memory may leak.
javax.net.ssl.SSLException
Copyright © 2008–2018 The Netty Project. All rights reserved.