Class JdkSslContext

java.lang.Object

io.netty.handler.ssl.SslContext

io.netty.handler.ssl.JdkSslContext

Direct Known Subclasses:

JdkSslClientContext, JdkSslServerContext

public class JdkSslContext
extends SslContext

An SslContext which uses JDK's SSL/TLS implementation.

Constructor Summary

Constructors

Constructor	Description
JdkSslContext(SSLContext sslContext, boolean isClient, ClientAuth clientAuth)	Deprecated. Use JdkSslContext(SSLContext, boolean, Iterable, CipherSuiteFilter, ApplicationProtocolConfig, ClientAuth, String[], boolean)
JdkSslContext(SSLContext sslContext, boolean isClient, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, ClientAuth clientAuth)	Deprecated. Use JdkSslContext(SSLContext, boolean, Iterable, CipherSuiteFilter, ApplicationProtocolConfig, ClientAuth, String[], boolean)
JdkSslContext(SSLContext sslContext, boolean isClient, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, ClientAuth clientAuth, String[] protocols, boolean startTls)	Creates a new JdkSslContext from a pre-configured SSLContext.

Method Summary

Modifier and Type	Method	Description
final JdkApplicationProtocolNegotiator	applicationProtocolNegotiator()	Returns the object responsible for negotiating application layer protocols for the TLS NPN/ALPN extensions.
protected static KeyManagerFactory	buildKeyManagerFactory(File certChainFile, File keyFile, String keyPassword, KeyManagerFactory kmf)	Deprecated. will be removed.
protected static KeyManagerFactory	buildKeyManagerFactory(File certChainFile, String keyAlgorithm, File keyFile, String keyPassword, KeyManagerFactory kmf)	Deprecated. will be removed.
final List<String>	cipherSuites()	Returns the list of enabled cipher suites, in the order of preference.
final SSLContext	context()	Returns the JDK SSLContext object held by this context.
final boolean	isClient()	Returns the true if and only if this context is for client-side.
final SSLEngine	newEngine(ByteBufAllocator alloc)	Creates a new SSLEngine.
final SSLEngine	newEngine(ByteBufAllocator alloc, String peerHost, int peerPort)	Creates a new SSLEngine using advisory peer information.
final SSLSessionContext	sessionContext()	Returns the JDK SSLSessionContext object held by this context.

Methods inherited from class SslContext

attributes, buildKeyManagerFactory, buildKeyStore, buildTrustManagerFactory, buildTrustManagerFactory, buildTrustManagerFactory, defaultClientProvider, defaultServerProvider, generateKeySpec, isServer, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newHandler, newHandler, newHandler, newHandler, newHandler, newHandler, newHandler, newHandler, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, nextProtocols, sessionCacheSize, sessionTimeout, toPrivateKey, toPrivateKey, toX509Certificates, toX509Certificates

Methods inherited from class Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

JdkSslContext

@Deprecated
public JdkSslContext(SSLContext sslContext,
 boolean isClient,
 ClientAuth clientAuth)

Deprecated.

Use JdkSslContext(SSLContext, boolean, Iterable, CipherSuiteFilter, ApplicationProtocolConfig, ClientAuth, String[], boolean)

Creates a new JdkSslContext from a pre-configured SSLContext.

Parameters:

sslContext - the SSLContext to use.

isClient - true if this context should create SSLEngines for client-side usage.

clientAuth - the ClientAuth to use. This will only be used when is false.

JdkSslContext

@Deprecated
public JdkSslContext(SSLContext sslContext,
 boolean isClient,
 Iterable<String> ciphers,
 CipherSuiteFilter cipherFilter,
 ApplicationProtocolConfig apn,
 ClientAuth clientAuth)

Deprecated.

Use JdkSslContext(SSLContext, boolean, Iterable, CipherSuiteFilter, ApplicationProtocolConfig, ClientAuth, String[], boolean)

Creates a new JdkSslContext from a pre-configured SSLContext.

Parameters:

sslContext - the SSLContext to use.

isClient - true if this context should create SSLEngines for client-side usage.

ciphers - the ciphers to use or null if the standard should be used.

cipherFilter - the filter to use.

apn - the ApplicationProtocolConfig to use.

clientAuth - the ClientAuth to use. This will only be used when is false.

JdkSslContext

public JdkSslContext(SSLContext sslContext,
 boolean isClient,
 Iterable<String> ciphers,
 CipherSuiteFilter cipherFilter,
 ApplicationProtocolConfig apn,
 ClientAuth clientAuth,
 String[] protocols,
 boolean startTls)

Creates a new JdkSslContext from a pre-configured SSLContext.

Parameters:

sslContext - the SSLContext to use.

isClient - true if this context should create SSLEngines for client-side usage.

ciphers - the ciphers to use or null if the standard should be used.

cipherFilter - the filter to use.

apn - the ApplicationProtocolConfig to use.

clientAuth - the ClientAuth to use. This will only be used when is false.

protocols - the protocols to enable, or null to enable the default protocols.

startTls - true if the first write request shouldn't be encrypted

Method Details

context

public final SSLContext context()

Returns the JDK SSLContext object held by this context.

isClient

public final boolean isClient()

Description copied from class: SslContext

Returns the true if and only if this context is for client-side.

Specified by:

isClient in class SslContext

sessionContext

public final SSLSessionContext sessionContext()

Returns the JDK SSLSessionContext object held by this context.

Specified by:

sessionContext in class SslContext

cipherSuites

public final List<String> cipherSuites()

Description copied from class: SslContext

Returns the list of enabled cipher suites, in the order of preference.

Specified by:

cipherSuites in class SslContext

newEngine

public final SSLEngine newEngine(ByteBufAllocator alloc)

Description copied from class: SslContext

Creates a new SSLEngine.

If SslProvider.OPENSSL_REFCNT is used then the object must be released. One way to do this is to wrap in a SslHandler and insert it into a pipeline. See SslContext.newHandler(ByteBufAllocator).

Specified by:

newEngine in class SslContext

Returns:

a new SSLEngine

newEngine

public final SSLEngine newEngine(ByteBufAllocator alloc,
 String peerHost,
 int peerPort)

Description copied from class: SslContext

Creates a new SSLEngine using advisory peer information.

If SslProvider.OPENSSL_REFCNT is used then the object must be released. One way to do this is to wrap in a SslHandler and insert it into a pipeline. See SslContext.newHandler(ByteBufAllocator, String, int).

Specified by:

newEngine in class SslContext

Parameters:

peerHost - the non-authoritative name of the host

peerPort - the non-authoritative port

Returns:

a new SSLEngine

applicationProtocolNegotiator

public final JdkApplicationProtocolNegotiator applicationProtocolNegotiator()

Description copied from class: SslContext

Returns the object responsible for negotiating application layer protocols for the TLS NPN/ALPN extensions.

Specified by:

applicationProtocolNegotiator in class SslContext

buildKeyManagerFactory

@Deprecated
protected static KeyManagerFactory buildKeyManagerFactory(File certChainFile,
 File keyFile,
 String keyPassword,
 KeyManagerFactory kmf)
                                                   throws UnrecoverableKeyException,
KeyStoreException,
NoSuchAlgorithmException,
NoSuchPaddingException,
InvalidKeySpecException,
InvalidAlgorithmParameterException,
CertificateException,
KeyException,
IOException

Deprecated.

will be removed.

Build a KeyManagerFactory based upon a key file, key file password, and a certificate chain.

Parameters:

certChainFile - an X.509 certificate chain file in PEM format

keyFile - a PKCS#8 private key file in PEM format

keyPassword - the password of the keyFile. null if it's not password-protected.

kmf - The existing KeyManagerFactory that will be used if not null

Returns:

A KeyManagerFactory based upon a key file, key file password, and a certificate chain.

Throws:

UnrecoverableKeyException

KeyStoreException

NoSuchAlgorithmException

NoSuchPaddingException

InvalidKeySpecException

InvalidAlgorithmParameterException

CertificateException

KeyException

IOException

buildKeyManagerFactory

@Deprecated
protected static KeyManagerFactory buildKeyManagerFactory(File certChainFile,
 String keyAlgorithm,
 File keyFile,
 String keyPassword,
 KeyManagerFactory kmf)
                                                   throws KeyStoreException,
NoSuchAlgorithmException,
NoSuchPaddingException,
InvalidKeySpecException,
InvalidAlgorithmParameterException,
IOException,
CertificateException,
KeyException,
UnrecoverableKeyException

Deprecated.

will be removed.

Build a KeyManagerFactory based upon a key algorithm, key file, key file password, and a certificate chain.

Parameters:

certChainFile - an buildKeyManagerFactory X.509 certificate chain file in PEM format

keyAlgorithm - the standard name of the requested algorithm. See the Java Secure Socket Extension Reference Guide for information about standard algorithm names.

keyFile - a PKCS#8 private key file in PEM format

keyPassword - the password of the keyFile. null if it's not password-protected.

kmf - The existing KeyManagerFactory that will be used if not null

Returns:

A KeyManagerFactory based upon a key algorithm, key file, key file password, and a certificate chain.

Throws:

KeyStoreException

NoSuchAlgorithmException

NoSuchPaddingException

InvalidKeySpecException

InvalidAlgorithmParameterException

IOException

CertificateException

KeyException

UnrecoverableKeyException