Class QuicSslContextBuilder

java.lang.Object
io.netty.handler.codec.quic.QuicSslContextBuilder
public final class QuicSslContextBuilder extends Object
Builder for configuring a new SslContext for creation.

  • Method Details

    • forClient

      public static QuicSslContextBuilder forClient()
      Creates a builder for new client-side QuicSslContext that can be used for QUIC.

    • forServer

      public static QuicSslContextBuilder forServer(File keyFile, @Nullable @Nullable String keyPassword, File certChainFile)
      Creates a builder for new server-side QuicSslContext that can be used for QUIC.
      Parameters:
      keyFile - a PKCS#8 private key file in PEM format
      keyPassword - the password of the keyFile, or null if it's not password-protected
      certChainFile - an X.509 certificate chain file in PEM format
      See Also:

    • forServer

      public static QuicSslContextBuilder forServer(PrivateKey key, @Nullable @Nullable String keyPassword, X509Certificate... certChain)
      Creates a builder for new server-side QuicSslContext that can be used for QUIC.
      Parameters:
      key - a PKCS#8 private key
      keyPassword - the password of the keyFile, or null if it's not password-protected
      certChain - the X.509 certificate chain
      See Also:

    • forServer

      public static QuicSslContextBuilder forServer(KeyManagerFactory keyManagerFactory, @Nullable @Nullable String password)
      Creates a builder for new server-side QuicSslContext that can be used for QUIC.
      Parameters:
      keyManagerFactory - non-null factory for server's private key
      See Also:

    • forServer

      public static QuicSslContextBuilder forServer(KeyManager keyManager, @Nullable @Nullable String keyPassword)
      Creates a builder for new server-side QuicSslContext with KeyManager that can be used for QUIC.
      Parameters:
      keyManager - non-null KeyManager for server's private key
      keyPassword - the password of the keyFile, or null if it's not password-protected

    • buildForServerWithSni

      public static QuicSslContext buildForServerWithSni(Mapping<? super String, ? extends QuicSslContext> mapping)
      Enables support for SNI on the server side.
      Parameters:
      mapping - the Mapping that is used to map names to the QuicSslContext to use. Usually using DomainWildcardMappingBuilder should be used to create the Mapping.

    • option

      public <T> QuicSslContextBuilder option(SslContextOption<T> option, T value)
      Configure a SslContextOption.

    • earlyData

      public QuicSslContextBuilder earlyData(boolean enabled)
      Enable / disable the usage of early data.

    • keylog

      public QuicSslContextBuilder keylog(boolean enabled)
      Enable / disable keylog. When enabled, TLS keys are logged to an internal logger named "io.netty.handler.codec.quic.BoringSSLLogginKeylog" with DEBUG level, see BoringSSLKeylog for detail, logging keys are following NSS Key Log Format. This is intended for debugging use with tools like Wireshark.

    • keylog

      public QuicSslContextBuilder keylog(@Nullable @Nullable BoringSSLKeylog keylog)
      Enable / disable keylog. When enabled, TLS keys are logged to BoringSSLKeylog.logKey(SSLEngine, String) logging keys are following NSS Key Log Format. This is intended for debugging use with tools like Wireshark.

    • trustManager

      public QuicSslContextBuilder trustManager(@Nullable @Nullable File trustCertCollectionFile)
      Trusted certificates for verifying the remote endpoint's certificate. The file should contain an X.509 certificate collection in PEM format. null uses the system default which only works with Java 8u261 and later as these versions support TLS1.3, see JDK 8u261 Update Release Notes

    • trustManager

      public QuicSslContextBuilder trustManager(X509Certificate @Nullable ... trustCertCollection)
      Trusted certificates for verifying the remote endpoint's certificate. null uses the system default which only works with Java 8u261 and later as these versions support TLS1.3, see JDK 8u261 Update Release Notes

    • trustManager

      public QuicSslContextBuilder trustManager(@Nullable @Nullable TrustManagerFactory trustManagerFactory)
      Trusted manager for verifying the remote endpoint's certificate. null uses the system default which only works with Java 8u261 and later as these versions support TLS1.3, see JDK 8u261 Update Release Notes

    • trustManager

      public QuicSslContextBuilder trustManager(TrustManager trustManager)
      A single trusted manager for verifying the remote endpoint's certificate. This is helpful when custom implementation of TrustManager is needed. Internally, a simple wrapper of TrustManagerFactory that only produces this specified TrustManager will be created, thus all the requirements specified in trustManager(TrustManagerFactory trustManagerFactory) also apply here.

    • keyManager

      public QuicSslContextBuilder keyManager(@Nullable @Nullable File keyFile, @Nullable @Nullable String keyPassword, @Nullable @Nullable File keyCertChainFile)
      Identifying certificate for this host. keyCertChainFile and keyFile may be null for client contexts, which disables mutual authentication.
      Parameters:
      keyFile - a PKCS#8 private key file in PEM format
      keyPassword - the password of the keyFile, or null if it's not password-protected
      keyCertChainFile - an X.509 certificate chain file in PEM format

    • keyManager

      public QuicSslContextBuilder keyManager(@Nullable @Nullable PrivateKey key, @Nullable @Nullable String keyPassword, X509Certificate @Nullable ... certChain)
      Identifying certificate for this host. keyCertChain and key may be null for client contexts, which disables mutual authentication.
      Parameters:
      key - a PKCS#8 private key file
      keyPassword - the password of the key, or null if it's not password-protected
      certChain - an X.509 certificate chain

    • keyManager

      public QuicSslContextBuilder keyManager(@Nullable @Nullable KeyManagerFactory keyManagerFactory, @Nullable @Nullable String keyPassword)
      Identifying manager for this host. keyManagerFactory may be null for client contexts, which disables mutual authentication.

    • keyManager

      public QuicSslContextBuilder keyManager(KeyManager keyManager, @Nullable @Nullable String password)
      A single key manager managing the identity information of this host. This is helpful when custom implementation of KeyManager is needed. Internally, a wrapper of KeyManagerFactory that only produces this specified KeyManager will be created, thus all the requirements specified in keyManager(KeyManagerFactory, String) also apply here.

    • applicationProtocols

      public QuicSslContextBuilder applicationProtocols(String @Nullable ... applicationProtocols)
      Application protocol negotiation configuration. null disables support.

    • sessionCacheSize

      public QuicSslContextBuilder sessionCacheSize(long sessionCacheSize)
      Set the size of the cache used for storing SSL session objects. 0 to use the default value.

    • sessionTimeout

      public QuicSslContextBuilder sessionTimeout(long sessionTimeout)
      Set the timeout for the cached SSL session objects, in seconds. 0 to use the default value.

    • clientAuth

      public QuicSslContextBuilder clientAuth(ClientAuth clientAuth)
      Sets the client authentication mode.

    • build

      public QuicSslContext build()
      Create new QuicSslContext instance with configured settings that can be used for QUIC.