public abstract class SslContext extends Object
SSLEngine and SslHandler.
Internally, it is implemented via JDK's SSLContext or OpenSSL's SSL_CTX.
// In yourChannelInitializer:ChannelPipelinep = channel.pipeline();SslContextsslCtx =SslContextBuilder.forServer(...).build(); p.addLast("ssl",sslCtx.newHandler(channel.alloc())); ...
// In yourChannelInitializer:ChannelPipelinep = channel.pipeline();SslContextsslCtx =SslContextBuilder.forClient().build(); p.addLast("ssl",sslCtx.newHandler(channel.alloc(), host, port)); ...
| Modifier | Constructor and Description |
|---|---|
protected |
SslContext()
Creates a new instance (startTls set to
false). |
protected |
SslContext(boolean startTls)
Creates a new instance.
|
| Modifier and Type | Method and Description |
|---|---|
abstract ApplicationProtocolNegotiator |
applicationProtocolNegotiator()
Returns the object responsible for negotiating application layer protocols for the TLS NPN/ALPN extensions.
|
AttributeMap |
attributes()
Returns the
AttributeMap that belongs to this SslContext . |
protected static KeyManagerFactory |
buildKeyManagerFactory(X509Certificate[] certChainFile,
String keyAlgorithm,
PrivateKey key,
String keyPassword,
KeyManagerFactory kmf,
String keyStore) |
protected static KeyStore |
buildKeyStore(X509Certificate[] certChain,
PrivateKey key,
char[] keyPasswordChars,
String keyStoreType)
Generates a new
KeyStore. |
protected static TrustManagerFactory |
buildTrustManagerFactory(File certChainFile,
TrustManagerFactory trustManagerFactory)
Deprecated.
|
protected static TrustManagerFactory |
buildTrustManagerFactory(File certChainFile,
TrustManagerFactory trustManagerFactory,
String keyType)
Build a
TrustManagerFactory from a certificate chain file. |
protected static TrustManagerFactory |
buildTrustManagerFactory(X509Certificate[] certCollection,
TrustManagerFactory trustManagerFactory,
String keyStoreType) |
abstract List<String> |
cipherSuites()
Returns the list of enabled cipher suites, in the order of preference.
|
static SslProvider |
defaultClientProvider()
Returns the default client-side implementation provider currently in use.
|
static SslProvider |
defaultServerProvider()
Returns the default server-side implementation provider currently in use.
|
protected static PKCS8EncodedKeySpec |
generateKeySpec(char[] password,
byte[] key)
Deprecated.
|
abstract boolean |
isClient()
Returns the
true if and only if this context is for client-side. |
boolean |
isServer()
Returns
true if and only if this context is for server-side. |
static SslContext |
newClientContext()
Deprecated.
Replaced by
SslContextBuilder |
static SslContext |
newClientContext(File certChainFile)
Deprecated.
Replaced by
SslContextBuilder |
static SslContext |
newClientContext(File certChainFile,
TrustManagerFactory trustManagerFactory)
Deprecated.
Replaced by
SslContextBuilder |
static SslContext |
newClientContext(File certChainFile,
TrustManagerFactory trustManagerFactory,
Iterable<String> ciphers,
CipherSuiteFilter cipherFilter,
ApplicationProtocolConfig apn,
long sessionCacheSize,
long sessionTimeout)
Deprecated.
Replaced by
SslContextBuilder |
static SslContext |
newClientContext(File certChainFile,
TrustManagerFactory trustManagerFactory,
Iterable<String> ciphers,
Iterable<String> nextProtocols,
long sessionCacheSize,
long sessionTimeout)
Deprecated.
Replaced by
SslContextBuilder |
static SslContext |
newClientContext(SslProvider provider)
Deprecated.
Replaced by
SslContextBuilder |
static SslContext |
newClientContext(SslProvider provider,
File certChainFile)
Deprecated.
Replaced by
SslContextBuilder |
static SslContext |
newClientContext(SslProvider provider,
File certChainFile,
TrustManagerFactory trustManagerFactory)
Deprecated.
Replaced by
SslContextBuilder |
static SslContext |
newClientContext(SslProvider provider,
File trustCertCollectionFile,
TrustManagerFactory trustManagerFactory,
File keyCertChainFile,
File keyFile,
String keyPassword,
KeyManagerFactory keyManagerFactory,
Iterable<String> ciphers,
CipherSuiteFilter cipherFilter,
ApplicationProtocolConfig apn,
long sessionCacheSize,
long sessionTimeout)
Deprecated.
Replaced by
SslContextBuilder |
static SslContext |
newClientContext(SslProvider provider,
File certChainFile,
TrustManagerFactory trustManagerFactory,
Iterable<String> ciphers,
CipherSuiteFilter cipherFilter,
ApplicationProtocolConfig apn,
long sessionCacheSize,
long sessionTimeout)
Deprecated.
Replaced by
SslContextBuilder |
static SslContext |
newClientContext(SslProvider provider,
File certChainFile,
TrustManagerFactory trustManagerFactory,
Iterable<String> ciphers,
Iterable<String> nextProtocols,
long sessionCacheSize,
long sessionTimeout)
Deprecated.
Replaced by
SslContextBuilder |
static SslContext |
newClientContext(SslProvider provider,
TrustManagerFactory trustManagerFactory)
Deprecated.
Replaced by
SslContextBuilder |
static SslContext |
newClientContext(TrustManagerFactory trustManagerFactory)
Deprecated.
Replaced by
SslContextBuilder |
abstract SSLEngine |
newEngine(ByteBufAllocator alloc)
Creates a new
SSLEngine. |
abstract SSLEngine |
newEngine(ByteBufAllocator alloc,
String peerHost,
int peerPort)
Creates a new
SSLEngine using advisory peer information. |
SslHandler |
newHandler(ByteBufAllocator alloc)
Create a new SslHandler.
|
protected SslHandler |
newHandler(ByteBufAllocator alloc,
boolean startTls)
Create a new SslHandler.
|
protected SslHandler |
newHandler(ByteBufAllocator alloc,
boolean startTls,
Executor executor)
Create a new SslHandler.
|
SslHandler |
newHandler(ByteBufAllocator alloc,
Executor delegatedTaskExecutor)
Creates a new
SslHandler. |
SslHandler |
newHandler(ByteBufAllocator alloc,
String peerHost,
int peerPort)
Creates a new
SslHandler |
protected SslHandler |
newHandler(ByteBufAllocator alloc,
String peerHost,
int peerPort,
boolean startTls)
Create a new SslHandler.
|
protected SslHandler |
newHandler(ByteBufAllocator alloc,
String peerHost,
int peerPort,
boolean startTls,
Executor delegatedTaskExecutor) |
SslHandler |
newHandler(ByteBufAllocator alloc,
String peerHost,
int peerPort,
Executor delegatedTaskExecutor)
Creates a new
SslHandler with advisory peer information. |
static SslContext |
newServerContext(File certChainFile,
File keyFile)
Deprecated.
Replaced by
SslContextBuilder |
static SslContext |
newServerContext(File certChainFile,
File keyFile,
String keyPassword)
Deprecated.
Replaced by
SslContextBuilder |
static SslContext |
newServerContext(File certChainFile,
File keyFile,
String keyPassword,
Iterable<String> ciphers,
CipherSuiteFilter cipherFilter,
ApplicationProtocolConfig apn,
long sessionCacheSize,
long sessionTimeout)
Deprecated.
Replaced by
SslContextBuilder |
static SslContext |
newServerContext(File certChainFile,
File keyFile,
String keyPassword,
Iterable<String> ciphers,
Iterable<String> nextProtocols,
long sessionCacheSize,
long sessionTimeout)
Deprecated.
Replaced by
SslContextBuilder |
static SslContext |
newServerContext(SslProvider provider,
File certChainFile,
File keyFile)
Deprecated.
Replaced by
SslContextBuilder |
static SslContext |
newServerContext(SslProvider provider,
File certChainFile,
File keyFile,
String keyPassword)
Deprecated.
Replaced by
SslContextBuilder |
static SslContext |
newServerContext(SslProvider provider,
File certChainFile,
File keyFile,
String keyPassword,
Iterable<String> ciphers,
CipherSuiteFilter cipherFilter,
ApplicationProtocolConfig apn,
long sessionCacheSize,
long sessionTimeout)
Deprecated.
Replaced by
SslContextBuilder |
static SslContext |
newServerContext(SslProvider provider,
File certChainFile,
File keyFile,
String keyPassword,
Iterable<String> ciphers,
Iterable<String> nextProtocols,
long sessionCacheSize,
long sessionTimeout)
Deprecated.
Replaced by
SslContextBuilder |
static SslContext |
newServerContext(SslProvider provider,
File certChainFile,
File keyFile,
String keyPassword,
TrustManagerFactory trustManagerFactory,
Iterable<String> ciphers,
Iterable<String> nextProtocols,
long sessionCacheSize,
long sessionTimeout)
Deprecated.
Replaced by
SslContextBuilder |
static SslContext |
newServerContext(SslProvider provider,
File trustCertCollectionFile,
TrustManagerFactory trustManagerFactory,
File keyCertChainFile,
File keyFile,
String keyPassword,
KeyManagerFactory keyManagerFactory,
Iterable<String> ciphers,
CipherSuiteFilter cipherFilter,
ApplicationProtocolConfig apn,
long sessionCacheSize,
long sessionTimeout)
Deprecated.
Replaced by
SslContextBuilder |
List<String> |
nextProtocols()
Deprecated.
Use
applicationProtocolNegotiator() instead. |
long |
sessionCacheSize()
Returns the size of the cache used for storing SSL session objects.
|
abstract SSLSessionContext |
sessionContext()
Returns the
SSLSessionContext object held by this context. |
long |
sessionTimeout()
Returns the timeout for the cached SSL session objects, in seconds.
|
protected static PrivateKey |
toPrivateKey(File keyFile,
String keyPassword) |
protected static PrivateKey |
toPrivateKey(InputStream keyInputStream,
String keyPassword) |
protected static X509Certificate[] |
toX509Certificates(File file) |
protected static X509Certificate[] |
toX509Certificates(InputStream in) |
protected SslContext()
false).protected SslContext(boolean startTls)
public static SslProvider defaultServerProvider()
SslProvider.OPENSSL if OpenSSL is available. SslProvider.JDK otherwise.public static SslProvider defaultClientProvider()
SslProvider.OPENSSL if OpenSSL is available. SslProvider.JDK otherwise.@Deprecated public static SslContext newServerContext(File certChainFile, File keyFile) throws SSLException
SslContextBuilderSslContext.certChainFile - an X.509 certificate chain file in PEM formatkeyFile - a PKCS#8 private key file in PEM formatSslContextSSLException@Deprecated public static SslContext newServerContext(File certChainFile, File keyFile, String keyPassword) throws SSLException
SslContextBuilderSslContext.certChainFile - an X.509 certificate chain file in PEM formatkeyFile - a PKCS#8 private key file in PEM formatkeyPassword - the password of the keyFile.
null if it's not password-protected.SslContextSSLException@Deprecated public static SslContext newServerContext(File certChainFile, File keyFile, String keyPassword, Iterable<String> ciphers, Iterable<String> nextProtocols, long sessionCacheSize, long sessionTimeout) throws SSLException
SslContextBuilderSslContext.certChainFile - an X.509 certificate chain file in PEM formatkeyFile - a PKCS#8 private key file in PEM formatkeyPassword - the password of the keyFile.
null if it's not password-protected.ciphers - the cipher suites to enable, in the order of preference.
null to use the default cipher suites.nextProtocols - the application layer protocols to accept, in the order of preference.
null to disable TLS NPN/ALPN extension.sessionCacheSize - the size of the cache used for storing SSL session objects.
0 to use the default value.sessionTimeout - the timeout for the cached SSL session objects, in seconds.
0 to use the default value.SslContextSSLException@Deprecated public static SslContext newServerContext(File certChainFile, File keyFile, String keyPassword, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout) throws SSLException
SslContextBuilderSslContext.certChainFile - an X.509 certificate chain file in PEM formatkeyFile - a PKCS#8 private key file in PEM formatkeyPassword - the password of the keyFile.
null if it's not password-protected.ciphers - the cipher suites to enable, in the order of preference.
null to use the default cipher suites.cipherFilter - a filter to apply over the supplied list of ciphersapn - Provides a means to configure parameters related to application protocol negotiation.sessionCacheSize - the size of the cache used for storing SSL session objects.
0 to use the default value.sessionTimeout - the timeout for the cached SSL session objects, in seconds.
0 to use the default value.SslContextSSLException@Deprecated public static SslContext newServerContext(SslProvider provider, File certChainFile, File keyFile) throws SSLException
SslContextBuilderSslContext.provider - the SslContext implementation to use.
null to use the current default one.certChainFile - an X.509 certificate chain file in PEM formatkeyFile - a PKCS#8 private key file in PEM formatSslContextSSLException@Deprecated public static SslContext newServerContext(SslProvider provider, File certChainFile, File keyFile, String keyPassword) throws SSLException
SslContextBuilderSslContext.provider - the SslContext implementation to use.
null to use the current default one.certChainFile - an X.509 certificate chain file in PEM formatkeyFile - a PKCS#8 private key file in PEM formatkeyPassword - the password of the keyFile.
null if it's not password-protected.SslContextSSLException@Deprecated public static SslContext newServerContext(SslProvider provider, File certChainFile, File keyFile, String keyPassword, Iterable<String> ciphers, Iterable<String> nextProtocols, long sessionCacheSize, long sessionTimeout) throws SSLException
SslContextBuilderSslContext.provider - the SslContext implementation to use.
null to use the current default one.certChainFile - an X.509 certificate chain file in PEM formatkeyFile - a PKCS#8 private key file in PEM formatkeyPassword - the password of the keyFile.
null if it's not password-protected.ciphers - the cipher suites to enable, in the order of preference.
null to use the default cipher suites.nextProtocols - the application layer protocols to accept, in the order of preference.
null to disable TLS NPN/ALPN extension.sessionCacheSize - the size of the cache used for storing SSL session objects.
0 to use the default value.sessionTimeout - the timeout for the cached SSL session objects, in seconds.
0 to use the default value.SslContextSSLException@Deprecated public static SslContext newServerContext(SslProvider provider, File certChainFile, File keyFile, String keyPassword, TrustManagerFactory trustManagerFactory, Iterable<String> ciphers, Iterable<String> nextProtocols, long sessionCacheSize, long sessionTimeout) throws SSLException
SslContextBuilderSslContext.provider - the SslContext implementation to use.
null to use the current default one.certChainFile - an X.509 certificate chain file in PEM formatkeyFile - a PKCS#8 private key file in PEM formatkeyPassword - the password of the keyFile.
null if it's not password-protected.trustManagerFactory - the TrustManagerFactory that provides the TrustManagers
that verifies the certificates sent from servers.
null to use the default.ciphers - the cipher suites to enable, in the order of preference.
null to use the default cipher suites.nextProtocols - the application layer protocols to accept, in the order of preference.
null to disable TLS NPN/ALPN extension.sessionCacheSize - the size of the cache used for storing SSL session objects.
0 to use the default value.sessionTimeout - the timeout for the cached SSL session objects, in seconds.
0 to use the default value.SslContextSSLException@Deprecated public static SslContext newServerContext(SslProvider provider, File certChainFile, File keyFile, String keyPassword, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout) throws SSLException
SslContextBuilderSslContext.provider - the SslContext implementation to use.
null to use the current default one.certChainFile - an X.509 certificate chain file in PEM formatkeyFile - a PKCS#8 private key file in PEM formatkeyPassword - the password of the keyFile.
null if it's not password-protected.ciphers - the cipher suites to enable, in the order of preference.
null to use the default cipher suites.cipherFilter - a filter to apply over the supplied list of ciphers
Only required if provider is SslProvider.JDKapn - Provides a means to configure parameters related to application protocol negotiation.sessionCacheSize - the size of the cache used for storing SSL session objects.
0 to use the default value.sessionTimeout - the timeout for the cached SSL session objects, in seconds.
0 to use the default value.SslContextSSLException@Deprecated public static SslContext newServerContext(SslProvider provider, File trustCertCollectionFile, TrustManagerFactory trustManagerFactory, File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout) throws SSLException
SslContextBuilderSslContext.provider - the SslContext implementation to use.
null to use the current default one.trustCertCollectionFile - an X.509 certificate collection file in PEM format.
This provides the certificate collection used for mutual authentication.
null to use the system defaulttrustManagerFactory - the TrustManagerFactory that provides the TrustManagers
that verifies the certificates sent from clients.
null to use the default or the results of parsing
trustCertCollectionFile.
This parameter is ignored if provider is not SslProvider.JDK.keyCertChainFile - an X.509 certificate chain file in PEM formatkeyFile - a PKCS#8 private key file in PEM formatkeyPassword - the password of the keyFile.
null if it's not password-protected.keyManagerFactory - the KeyManagerFactory that provides the KeyManagers
that is used to encrypt data being sent to clients.
null to use the default or the results of parsing
keyCertChainFile and keyFile.
This parameter is ignored if provider is not SslProvider.JDK.ciphers - the cipher suites to enable, in the order of preference.
null to use the default cipher suites.cipherFilter - a filter to apply over the supplied list of ciphers
Only required if provider is SslProvider.JDKapn - Provides a means to configure parameters related to application protocol negotiation.sessionCacheSize - the size of the cache used for storing SSL session objects.
0 to use the default value.sessionTimeout - the timeout for the cached SSL session objects, in seconds.
0 to use the default value.SslContextSSLException@Deprecated public static SslContext newClientContext() throws SSLException
SslContextBuilderSslContext.SslContextSSLException@Deprecated public static SslContext newClientContext(File certChainFile) throws SSLException
SslContextBuilderSslContext.certChainFile - an X.509 certificate chain file in PEM formatSslContextSSLException@Deprecated public static SslContext newClientContext(TrustManagerFactory trustManagerFactory) throws SSLException
SslContextBuilderSslContext.trustManagerFactory - the TrustManagerFactory that provides the TrustManagers
that verifies the certificates sent from servers.
null to use the default.SslContextSSLException@Deprecated public static SslContext newClientContext(File certChainFile, TrustManagerFactory trustManagerFactory) throws SSLException
SslContextBuilderSslContext.certChainFile - an X.509 certificate chain file in PEM format.
null to use the system defaulttrustManagerFactory - the TrustManagerFactory that provides the TrustManagers
that verifies the certificates sent from servers.
null to use the default.SslContextSSLException@Deprecated public static SslContext newClientContext(File certChainFile, TrustManagerFactory trustManagerFactory, Iterable<String> ciphers, Iterable<String> nextProtocols, long sessionCacheSize, long sessionTimeout) throws SSLException
SslContextBuilderSslContext.certChainFile - an X.509 certificate chain file in PEM format.
null to use the system defaulttrustManagerFactory - the TrustManagerFactory that provides the TrustManagers
that verifies the certificates sent from servers.
null to use the default.ciphers - the cipher suites to enable, in the order of preference.
null to use the default cipher suites.nextProtocols - the application layer protocols to accept, in the order of preference.
null to disable TLS NPN/ALPN extension.sessionCacheSize - the size of the cache used for storing SSL session objects.
0 to use the default value.sessionTimeout - the timeout for the cached SSL session objects, in seconds.
0 to use the default value.SslContextSSLException@Deprecated public static SslContext newClientContext(File certChainFile, TrustManagerFactory trustManagerFactory, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout) throws SSLException
SslContextBuilderSslContext.certChainFile - an X.509 certificate chain file in PEM format.
null to use the system defaulttrustManagerFactory - the TrustManagerFactory that provides the TrustManagers
that verifies the certificates sent from servers.
null to use the default.ciphers - the cipher suites to enable, in the order of preference.
null to use the default cipher suites.cipherFilter - a filter to apply over the supplied list of ciphersapn - Provides a means to configure parameters related to application protocol negotiation.sessionCacheSize - the size of the cache used for storing SSL session objects.
0 to use the default value.sessionTimeout - the timeout for the cached SSL session objects, in seconds.
0 to use the default value.SslContextSSLException@Deprecated public static SslContext newClientContext(SslProvider provider) throws SSLException
SslContextBuilderSslContext.provider - the SslContext implementation to use.
null to use the current default one.SslContextSSLException@Deprecated public static SslContext newClientContext(SslProvider provider, File certChainFile) throws SSLException
SslContextBuilderSslContext.provider - the SslContext implementation to use.
null to use the current default one.certChainFile - an X.509 certificate chain file in PEM format.
null to use the system defaultSslContextSSLException@Deprecated public static SslContext newClientContext(SslProvider provider, TrustManagerFactory trustManagerFactory) throws SSLException
SslContextBuilderSslContext.provider - the SslContext implementation to use.
null to use the current default one.trustManagerFactory - the TrustManagerFactory that provides the TrustManagers
that verifies the certificates sent from servers.
null to use the default.SslContextSSLException@Deprecated public static SslContext newClientContext(SslProvider provider, File certChainFile, TrustManagerFactory trustManagerFactory) throws SSLException
SslContextBuilderSslContext.provider - the SslContext implementation to use.
null to use the current default one.certChainFile - an X.509 certificate chain file in PEM format.
null to use the system defaulttrustManagerFactory - the TrustManagerFactory that provides the TrustManagers
that verifies the certificates sent from servers.
null to use the default.SslContextSSLException@Deprecated public static SslContext newClientContext(SslProvider provider, File certChainFile, TrustManagerFactory trustManagerFactory, Iterable<String> ciphers, Iterable<String> nextProtocols, long sessionCacheSize, long sessionTimeout) throws SSLException
SslContextBuilderSslContext.provider - the SslContext implementation to use.
null to use the current default one.certChainFile - an X.509 certificate chain file in PEM format.
null to use the system defaulttrustManagerFactory - the TrustManagerFactory that provides the TrustManagers
that verifies the certificates sent from servers.
null to use the default.ciphers - the cipher suites to enable, in the order of preference.
null to use the default cipher suites.nextProtocols - the application layer protocols to accept, in the order of preference.
null to disable TLS NPN/ALPN extension.sessionCacheSize - the size of the cache used for storing SSL session objects.
0 to use the default value.sessionTimeout - the timeout for the cached SSL session objects, in seconds.
0 to use the default value.SslContextSSLException@Deprecated public static SslContext newClientContext(SslProvider provider, File certChainFile, TrustManagerFactory trustManagerFactory, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout) throws SSLException
SslContextBuilderSslContext.provider - the SslContext implementation to use.
null to use the current default one.certChainFile - an X.509 certificate chain file in PEM format.
null to use the system defaulttrustManagerFactory - the TrustManagerFactory that provides the TrustManagers
that verifies the certificates sent from servers.
null to use the default.ciphers - the cipher suites to enable, in the order of preference.
null to use the default cipher suites.cipherFilter - a filter to apply over the supplied list of ciphersapn - Provides a means to configure parameters related to application protocol negotiation.sessionCacheSize - the size of the cache used for storing SSL session objects.
0 to use the default value.sessionTimeout - the timeout for the cached SSL session objects, in seconds.
0 to use the default value.SslContextSSLException@Deprecated public static SslContext newClientContext(SslProvider provider, File trustCertCollectionFile, TrustManagerFactory trustManagerFactory, File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout) throws SSLException
SslContextBuilderSslContext.provider - the SslContext implementation to use.
null to use the current default one.trustCertCollectionFile - an X.509 certificate collection file in PEM format.
null to use the system defaulttrustManagerFactory - the TrustManagerFactory that provides the TrustManagers
that verifies the certificates sent from servers.
null to use the default or the results of parsing
trustCertCollectionFile.
This parameter is ignored if provider is not SslProvider.JDK.keyCertChainFile - an X.509 certificate chain file in PEM format.
This provides the public key for mutual authentication.
null to use the system defaultkeyFile - a PKCS#8 private key file in PEM format.
This provides the private key for mutual authentication.
null for no mutual authentication.keyPassword - the password of the keyFile.
null if it's not password-protected.
Ignored if keyFile is null.keyManagerFactory - the KeyManagerFactory that provides the KeyManagers
that is used to encrypt data being sent to servers.
null to use the default or the results of parsing
keyCertChainFile and keyFile.
This parameter is ignored if provider is not SslProvider.JDK.ciphers - the cipher suites to enable, in the order of preference.
null to use the default cipher suites.cipherFilter - a filter to apply over the supplied list of ciphersapn - Provides a means to configure parameters related to application protocol negotiation.sessionCacheSize - the size of the cache used for storing SSL session objects.
0 to use the default value.sessionTimeout - the timeout for the cached SSL session objects, in seconds.
0 to use the default value.SslContextSSLExceptionpublic final AttributeMap attributes()
AttributeMap that belongs to this SslContext .public final boolean isServer()
true if and only if this context is for server-side.public abstract boolean isClient()
true if and only if this context is for client-side.public abstract List<String> cipherSuites()
public long sessionCacheSize()
public long sessionTimeout()
@Deprecated public final List<String> nextProtocols()
applicationProtocolNegotiator() instead.public abstract ApplicationProtocolNegotiator applicationProtocolNegotiator()
public abstract SSLEngine newEngine(ByteBufAllocator alloc)
SSLEngine.
If SslProvider.OPENSSL_REFCNT is used then the object must be released. One way to do this is to
wrap in a SslHandler and insert it into a pipeline. See newHandler(ByteBufAllocator).
SSLEnginepublic abstract SSLEngine newEngine(ByteBufAllocator alloc, String peerHost, int peerPort)
SSLEngine using advisory peer information.
If SslProvider.OPENSSL_REFCNT is used then the object must be released. One way to do this is to
wrap in a SslHandler and insert it into a pipeline.
See newHandler(ByteBufAllocator, String, int).
peerHost - the non-authoritative name of the hostpeerPort - the non-authoritative portSSLEnginepublic abstract SSLSessionContext sessionContext()
SSLSessionContext object held by this context.public final SslHandler newHandler(ByteBufAllocator alloc)
newHandler(ByteBufAllocator, Executor)protected SslHandler newHandler(ByteBufAllocator alloc, boolean startTls)
newHandler(ByteBufAllocator)public SslHandler newHandler(ByteBufAllocator alloc, Executor delegatedTaskExecutor)
SslHandler.
If SslProvider.OPENSSL_REFCNT is used then the returned SslHandler will release the engine
that is wrapped. If the returned SslHandler is not inserted into a pipeline then you may leak native
memory!
Beware: the underlying generated SSLEngine won't have
hostname verification enabled by default.
If you create SslHandler for the client side and want proper security, we advice that you configure
the SSLEngine (see SSLParameters.setEndpointIdentificationAlgorithm(String)):
SSLEngine sslEngine = sslHandler.engine();
SSLParameters sslParameters = sslEngine.getSSLParameters();
// only available since Java 7
sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
sslEngine.setSSLParameters(sslParameters);
The underlying SSLEngine may not follow the restrictions imposed by the
SSLEngine javadocs which
limits wrap/unwrap to operate on a single SSL/TLS packet.
alloc - If supported by the SSLEngine then the SSLEngine will use this to allocate ByteBuf objects.delegatedTaskExecutor - the Executor that will be used to execute tasks that are returned by
SSLEngine.getDelegatedTask().SslHandlerprotected SslHandler newHandler(ByteBufAllocator alloc, boolean startTls, Executor executor)
public final SslHandler newHandler(ByteBufAllocator alloc, String peerHost, int peerPort)
SslHandlerprotected SslHandler newHandler(ByteBufAllocator alloc, String peerHost, int peerPort, boolean startTls)
public SslHandler newHandler(ByteBufAllocator alloc, String peerHost, int peerPort, Executor delegatedTaskExecutor)
SslHandler with advisory peer information.
If SslProvider.OPENSSL_REFCNT is used then the returned SslHandler will release the engine
that is wrapped. If the returned SslHandler is not inserted into a pipeline then you may leak native
memory!
Beware: the underlying generated SSLEngine won't have
hostname verification enabled by default.
If you create SslHandler for the client side and want proper security, we advice that you configure
the SSLEngine (see SSLParameters.setEndpointIdentificationAlgorithm(String)):
SSLEngine sslEngine = sslHandler.engine();
SSLParameters sslParameters = sslEngine.getSSLParameters();
// only available since Java 7
sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
sslEngine.setSSLParameters(sslParameters);
The underlying SSLEngine may not follow the restrictions imposed by the
SSLEngine javadocs which
limits wrap/unwrap to operate on a single SSL/TLS packet.
alloc - If supported by the SSLEngine then the SSLEngine will use this to allocate ByteBuf objects.peerHost - the non-authoritative name of the hostpeerPort - the non-authoritative portdelegatedTaskExecutor - the Executor that will be used to execute tasks that are returned by
SSLEngine.getDelegatedTask().SslHandlerprotected SslHandler newHandler(ByteBufAllocator alloc, String peerHost, int peerPort, boolean startTls, Executor delegatedTaskExecutor)
@Deprecated protected static PKCS8EncodedKeySpec generateKeySpec(char[] password, byte[] key) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidKeyException, InvalidAlgorithmParameterException
password - characters, if null an unencrypted key is assumedkey - bytes of the DER encoded private keyIOException - if parsing key failsNoSuchAlgorithmException - if the algorithm used to encrypt key is unknownNoSuchPaddingException - if the padding scheme specified in the decryption algorithm is unknownInvalidKeySpecException - if the decryption key based on password cannot be generatedInvalidKeyException - if the decryption key based on password cannot be used to decrypt
keyInvalidAlgorithmParameterException - if decryption algorithm parameters are somehow faultyprotected static KeyStore buildKeyStore(X509Certificate[] certChain, PrivateKey key, char[] keyPasswordChars, String keyStoreType) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException
KeyStore.certChain - an X.509 certificate chainkey - a PKCS#8 private keykeyPasswordChars - the password of the keyFile.
null if it's not password-protected.keyStoreType - The KeyStore Type you want to useKeyStore.KeyStoreExceptionNoSuchAlgorithmExceptionCertificateExceptionIOExceptionprotected static PrivateKey toPrivateKey(File keyFile, String keyPassword) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, KeyException, IOException
protected static PrivateKey toPrivateKey(InputStream keyInputStream, String keyPassword) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, KeyException, IOException
@Deprecated protected static TrustManagerFactory buildTrustManagerFactory(File certChainFile, TrustManagerFactory trustManagerFactory) throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException
TrustManagerFactory from a certificate chain file.certChainFile - The certificate file to build from.trustManagerFactory - The existing TrustManagerFactory that will be used if not null.TrustManagerFactory which contains the certificates in certChainFileNoSuchAlgorithmExceptionCertificateExceptionKeyStoreExceptionIOExceptionprotected static TrustManagerFactory buildTrustManagerFactory(File certChainFile, TrustManagerFactory trustManagerFactory, String keyType) throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException
TrustManagerFactory from a certificate chain file.certChainFile - The certificate file to build from.trustManagerFactory - The existing TrustManagerFactory that will be used if not null.keyType - The KeyStore Type you want to useTrustManagerFactory which contains the certificates in certChainFileNoSuchAlgorithmExceptionCertificateExceptionKeyStoreExceptionIOExceptionprotected static X509Certificate[] toX509Certificates(File file) throws CertificateException
CertificateExceptionprotected static X509Certificate[] toX509Certificates(InputStream in) throws CertificateException
CertificateExceptionprotected static TrustManagerFactory buildTrustManagerFactory(X509Certificate[] certCollection, TrustManagerFactory trustManagerFactory, String keyStoreType) throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException
protected static KeyManagerFactory buildKeyManagerFactory(X509Certificate[] certChainFile, String keyAlgorithm, PrivateKey key, String keyPassword, KeyManagerFactory kmf, String keyStore) throws KeyStoreException, NoSuchAlgorithmException, IOException, CertificateException, UnrecoverableKeyException
Copyright © 2008–2024 The Netty Project. All rights reserved.