public class JdkSslContext extends SslContext
SslContext which uses JDK's SSL/TLS implementation.| Constructor and Description |
|---|
JdkSslContext(SSLContext sslContext,
boolean isClient,
ClientAuth clientAuth)
|
JdkSslContext(SSLContext sslContext,
boolean isClient,
Iterable<String> ciphers,
CipherSuiteFilter cipherFilter,
ApplicationProtocolConfig apn,
ClientAuth clientAuth)
|
JdkSslContext(SSLContext sslContext,
boolean isClient,
Iterable<String> ciphers,
CipherSuiteFilter cipherFilter,
ApplicationProtocolConfig apn,
ClientAuth clientAuth,
String[] protocols,
boolean startTls)
Creates a new
JdkSslContext from a pre-configured SSLContext. |
| Modifier and Type | Method and Description |
|---|---|
JdkApplicationProtocolNegotiator |
applicationProtocolNegotiator()
Returns the object responsible for negotiating application layer protocols for the TLS NPN/ALPN extensions.
|
protected static KeyManagerFactory |
buildKeyManagerFactory(File certChainFile,
File keyFile,
String keyPassword,
KeyManagerFactory kmf)
Deprecated.
will be removed.
|
protected static KeyManagerFactory |
buildKeyManagerFactory(File certChainFile,
String keyAlgorithm,
File keyFile,
String keyPassword,
KeyManagerFactory kmf)
Deprecated.
will be removed.
|
List<String> |
cipherSuites()
Returns the list of enabled cipher suites, in the order of preference.
|
SSLContext |
context()
Returns the JDK
SSLContext object held by this context. |
boolean |
isClient()
Returns the
true if and only if this context is for client-side. |
SSLEngine |
newEngine(ByteBufAllocator alloc)
Creates a new
SSLEngine. |
SSLEngine |
newEngine(ByteBufAllocator alloc,
String peerHost,
int peerPort)
Creates a new
SSLEngine using advisory peer information. |
SSLSessionContext |
sessionContext()
Returns the JDK
SSLSessionContext object held by this context. |
attributes, buildKeyManagerFactory, buildKeyStore, buildTrustManagerFactory, buildTrustManagerFactory, buildTrustManagerFactory, defaultClientProvider, defaultServerProvider, generateKeySpec, isServer, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newHandler, newHandler, newHandler, newHandler, newHandler, newHandler, newHandler, newHandler, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, nextProtocols, sessionCacheSize, sessionTimeout, toPrivateKey, toPrivateKey, toX509Certificates, toX509Certificates@Deprecated public JdkSslContext(SSLContext sslContext, boolean isClient, ClientAuth clientAuth)
JdkSslContext(SSLContext, boolean, Iterable, CipherSuiteFilter,
ApplicationProtocolConfig, ClientAuth, String[], boolean)JdkSslContext from a pre-configured SSLContext.sslContext - the SSLContext to use.isClient - true if this context should create SSLEngines for client-side usage.clientAuth - the ClientAuth to use. This will only be used when is false.@Deprecated public JdkSslContext(SSLContext sslContext, boolean isClient, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, ClientAuth clientAuth)
JdkSslContext(SSLContext, boolean, Iterable, CipherSuiteFilter,
ApplicationProtocolConfig, ClientAuth, String[], boolean)JdkSslContext from a pre-configured SSLContext.sslContext - the SSLContext to use.isClient - true if this context should create SSLEngines for client-side usage.ciphers - the ciphers to use or null if the standard should be used.cipherFilter - the filter to use.apn - the ApplicationProtocolConfig to use.clientAuth - the ClientAuth to use. This will only be used when is false.public JdkSslContext(SSLContext sslContext, boolean isClient, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, ClientAuth clientAuth, String[] protocols, boolean startTls)
JdkSslContext from a pre-configured SSLContext.sslContext - the SSLContext to use.isClient - true if this context should create SSLEngines for client-side usage.ciphers - the ciphers to use or null if the standard should be used.cipherFilter - the filter to use.apn - the ApplicationProtocolConfig to use.clientAuth - the ClientAuth to use. This will only be used when is false.protocols - the protocols to enable, or null to enable the default protocols.startTls - true if the first write request shouldn't be encryptedpublic final SSLContext context()
SSLContext object held by this context.public final boolean isClient()
SslContexttrue if and only if this context is for client-side.isClient in class SslContextpublic final SSLSessionContext sessionContext()
SSLSessionContext object held by this context.sessionContext in class SslContextpublic final List<String> cipherSuites()
SslContextcipherSuites in class SslContextpublic final SSLEngine newEngine(ByteBufAllocator alloc)
SslContextSSLEngine.
If SslProvider.OPENSSL_REFCNT is used then the object must be released. One way to do this is to
wrap in a SslHandler and insert it into a pipeline. See SslContext.newHandler(ByteBufAllocator).
newEngine in class SslContextSSLEnginepublic final SSLEngine newEngine(ByteBufAllocator alloc, String peerHost, int peerPort)
SslContextSSLEngine using advisory peer information.
If SslProvider.OPENSSL_REFCNT is used then the object must be released. One way to do this is to
wrap in a SslHandler and insert it into a pipeline.
See SslContext.newHandler(ByteBufAllocator, String, int).
newEngine in class SslContextpeerHost - the non-authoritative name of the hostpeerPort - the non-authoritative portSSLEnginepublic final JdkApplicationProtocolNegotiator applicationProtocolNegotiator()
SslContextapplicationProtocolNegotiator in class SslContext@Deprecated protected static KeyManagerFactory buildKeyManagerFactory(File certChainFile, File keyFile, String keyPassword, KeyManagerFactory kmf) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, CertificateException, KeyException, IOException
KeyManagerFactory based upon a key file, key file password, and a certificate chain.certChainFile - an X.509 certificate chain file in PEM formatkeyFile - a PKCS#8 private key file in PEM formatkeyPassword - the password of the keyFile.
null if it's not password-protected.kmf - The existing KeyManagerFactory that will be used if not nullKeyManagerFactory based upon a key file, key file password, and a certificate chain.UnrecoverableKeyExceptionKeyStoreExceptionNoSuchAlgorithmExceptionNoSuchPaddingExceptionInvalidKeySpecExceptionInvalidAlgorithmParameterExceptionCertificateExceptionKeyExceptionIOException@Deprecated protected static KeyManagerFactory buildKeyManagerFactory(File certChainFile, String keyAlgorithm, File keyFile, String keyPassword, KeyManagerFactory kmf) throws KeyStoreException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, IOException, CertificateException, KeyException, UnrecoverableKeyException
KeyManagerFactory based upon a key algorithm, key file, key file password,
and a certificate chain.certChainFile - an buildKeyManagerFactory X.509 certificate chain file in PEM formatkeyAlgorithm - the standard name of the requested algorithm. See the Java Secure Socket Extension
Reference Guide for information about standard algorithm names.keyFile - a PKCS#8 private key file in PEM formatkeyPassword - the password of the keyFile.
null if it's not password-protected.kmf - The existing KeyManagerFactory that will be used if not nullKeyManagerFactory based upon a key algorithm, key file, key file password,
and a certificate chain.KeyStoreExceptionNoSuchAlgorithmExceptionNoSuchPaddingExceptionInvalidKeySpecExceptionInvalidAlgorithmParameterExceptionIOExceptionCertificateExceptionKeyExceptionUnrecoverableKeyExceptionCopyright © 2008–2025 The Netty Project. All rights reserved.