Package io.netty.handler.ssl
Class JdkSslContext
- java.lang.Object
-
- io.netty.handler.ssl.SslContext
-
- io.netty.handler.ssl.JdkSslContext
-
- Direct Known Subclasses:
JdkSslClientContext
,JdkSslServerContext
public class JdkSslContext extends SslContext
AnSslContext
which uses JDK's SSL/TLS implementation.
-
-
Constructor Summary
Constructors Constructor Description JdkSslContext(javax.net.ssl.SSLContext sslContext, boolean isClient, ClientAuth clientAuth)
JdkSslContext(javax.net.ssl.SSLContext sslContext, boolean isClient, java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, ClientAuth clientAuth)
JdkSslContext(javax.net.ssl.SSLContext sslContext, boolean isClient, java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, ClientAuth clientAuth, java.lang.String[] protocols, boolean startTls)
Creates a newJdkSslContext
from a pre-configuredSSLContext
.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description JdkApplicationProtocolNegotiator
applicationProtocolNegotiator()
Returns the object responsible for negotiating application layer protocols for the TLS NPN/ALPN extensions.protected static javax.net.ssl.KeyManagerFactory
buildKeyManagerFactory(java.io.File certChainFile, java.io.File keyFile, java.lang.String keyPassword, javax.net.ssl.KeyManagerFactory kmf)
Deprecated.will be removed.protected static javax.net.ssl.KeyManagerFactory
buildKeyManagerFactory(java.io.File certChainFile, java.lang.String keyAlgorithm, java.io.File keyFile, java.lang.String keyPassword, javax.net.ssl.KeyManagerFactory kmf)
Deprecated.will be removed.java.util.List<java.lang.String>
cipherSuites()
Returns the list of enabled cipher suites, in the order of preference.javax.net.ssl.SSLContext
context()
Returns the JDKSSLContext
object held by this context.boolean
isClient()
Returns thetrue
if and only if this context is for client-side.javax.net.ssl.SSLEngine
newEngine(ByteBufAllocator alloc)
Creates a newSSLEngine
.javax.net.ssl.SSLEngine
newEngine(ByteBufAllocator alloc, java.lang.String peerHost, int peerPort)
Creates a newSSLEngine
using advisory peer information.javax.net.ssl.SSLSessionContext
sessionContext()
Returns the JDKSSLSessionContext
object held by this context.-
Methods inherited from class io.netty.handler.ssl.SslContext
attributes, buildKeyManagerFactory, buildKeyStore, buildTrustManagerFactory, buildTrustManagerFactory, buildTrustManagerFactory, defaultClientProvider, defaultServerProvider, generateKeySpec, isServer, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newHandler, newHandler, newHandler, newHandler, newHandler, newHandler, newHandler, newHandler, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, nextProtocols, sessionCacheSize, sessionTimeout, toPrivateKey, toPrivateKey, toX509Certificates, toX509Certificates
-
-
-
-
Constructor Detail
-
JdkSslContext
@Deprecated public JdkSslContext(javax.net.ssl.SSLContext sslContext, boolean isClient, ClientAuth clientAuth)
Deprecated.Creates a newJdkSslContext
from a pre-configuredSSLContext
.- Parameters:
sslContext
- theSSLContext
to use.isClient
-true
if this context should createSSLEngine
s for client-side usage.clientAuth
- theClientAuth
to use. This will only be used when {@param isClient} isfalse
.
-
JdkSslContext
@Deprecated public JdkSslContext(javax.net.ssl.SSLContext sslContext, boolean isClient, java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, ClientAuth clientAuth)
Deprecated.Creates a newJdkSslContext
from a pre-configuredSSLContext
.- Parameters:
sslContext
- theSSLContext
to use.isClient
-true
if this context should createSSLEngine
s for client-side usage.ciphers
- the ciphers to use ornull
if the standard should be used.cipherFilter
- the filter to use.apn
- theApplicationProtocolConfig
to use.clientAuth
- theClientAuth
to use. This will only be used when {@param isClient} isfalse
.
-
JdkSslContext
public JdkSslContext(javax.net.ssl.SSLContext sslContext, boolean isClient, java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, ClientAuth clientAuth, java.lang.String[] protocols, boolean startTls)
Creates a newJdkSslContext
from a pre-configuredSSLContext
.- Parameters:
sslContext
- theSSLContext
to use.isClient
-true
if this context should createSSLEngine
s for client-side usage.ciphers
- the ciphers to use ornull
if the standard should be used.cipherFilter
- the filter to use.apn
- theApplicationProtocolConfig
to use.clientAuth
- theClientAuth
to use. This will only be used when {@param isClient} isfalse
.protocols
- the protocols to enable, ornull
to enable the default protocols.startTls
-true
if the first write request shouldn't be encrypted
-
-
Method Detail
-
context
public final javax.net.ssl.SSLContext context()
Returns the JDKSSLContext
object held by this context.
-
isClient
public final boolean isClient()
Description copied from class:SslContext
Returns thetrue
if and only if this context is for client-side.- Specified by:
isClient
in classSslContext
-
sessionContext
public final javax.net.ssl.SSLSessionContext sessionContext()
Returns the JDKSSLSessionContext
object held by this context.- Specified by:
sessionContext
in classSslContext
-
cipherSuites
public final java.util.List<java.lang.String> cipherSuites()
Description copied from class:SslContext
Returns the list of enabled cipher suites, in the order of preference.- Specified by:
cipherSuites
in classSslContext
-
newEngine
public final javax.net.ssl.SSLEngine newEngine(ByteBufAllocator alloc)
Description copied from class:SslContext
Creates a newSSLEngine
.If
SslProvider.OPENSSL_REFCNT
is used then the object must be released. One way to do this is to wrap in aSslHandler
and insert it into a pipeline. SeeSslContext.newHandler(ByteBufAllocator)
.- Specified by:
newEngine
in classSslContext
- Returns:
- a new
SSLEngine
-
newEngine
public final javax.net.ssl.SSLEngine newEngine(ByteBufAllocator alloc, java.lang.String peerHost, int peerPort)
Description copied from class:SslContext
Creates a newSSLEngine
using advisory peer information.If
SslProvider.OPENSSL_REFCNT
is used then the object must be released. One way to do this is to wrap in aSslHandler
and insert it into a pipeline. SeeSslContext.newHandler(ByteBufAllocator, String, int)
.- Specified by:
newEngine
in classSslContext
peerHost
- the non-authoritative name of the hostpeerPort
- the non-authoritative port- Returns:
- a new
SSLEngine
-
applicationProtocolNegotiator
public final JdkApplicationProtocolNegotiator applicationProtocolNegotiator()
Description copied from class:SslContext
Returns the object responsible for negotiating application layer protocols for the TLS NPN/ALPN extensions.- Specified by:
applicationProtocolNegotiator
in classSslContext
-
buildKeyManagerFactory
@Deprecated protected static javax.net.ssl.KeyManagerFactory buildKeyManagerFactory(java.io.File certChainFile, java.io.File keyFile, java.lang.String keyPassword, javax.net.ssl.KeyManagerFactory kmf) throws java.security.UnrecoverableKeyException, java.security.KeyStoreException, java.security.NoSuchAlgorithmException, javax.crypto.NoSuchPaddingException, java.security.spec.InvalidKeySpecException, java.security.InvalidAlgorithmParameterException, java.security.cert.CertificateException, java.security.KeyException, java.io.IOException
Deprecated.will be removed.Build aKeyManagerFactory
based upon a key file, key file password, and a certificate chain.- Parameters:
certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of thekeyFile
.null
if it's not password-protected.kmf
- The existingKeyManagerFactory
that will be used if notnull
- Returns:
- A
KeyManagerFactory
based upon a key file, key file password, and a certificate chain. - Throws:
java.security.UnrecoverableKeyException
java.security.KeyStoreException
java.security.NoSuchAlgorithmException
javax.crypto.NoSuchPaddingException
java.security.spec.InvalidKeySpecException
java.security.InvalidAlgorithmParameterException
java.security.cert.CertificateException
java.security.KeyException
java.io.IOException
-
buildKeyManagerFactory
@Deprecated protected static javax.net.ssl.KeyManagerFactory buildKeyManagerFactory(java.io.File certChainFile, java.lang.String keyAlgorithm, java.io.File keyFile, java.lang.String keyPassword, javax.net.ssl.KeyManagerFactory kmf) throws java.security.KeyStoreException, java.security.NoSuchAlgorithmException, javax.crypto.NoSuchPaddingException, java.security.spec.InvalidKeySpecException, java.security.InvalidAlgorithmParameterException, java.io.IOException, java.security.cert.CertificateException, java.security.KeyException, java.security.UnrecoverableKeyException
Deprecated.will be removed.Build aKeyManagerFactory
based upon a key algorithm, key file, key file password, and a certificate chain.- Parameters:
certChainFile
- an buildKeyManagerFactory X.509 certificate chain file in PEM formatkeyAlgorithm
- the standard name of the requested algorithm. See the Java Secure Socket Extension Reference Guide for information about standard algorithm names.keyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of thekeyFile
.null
if it's not password-protected.kmf
- The existingKeyManagerFactory
that will be used if notnull
- Returns:
- A
KeyManagerFactory
based upon a key algorithm, key file, key file password, and a certificate chain. - Throws:
java.security.KeyStoreException
java.security.NoSuchAlgorithmException
javax.crypto.NoSuchPaddingException
java.security.spec.InvalidKeySpecException
java.security.InvalidAlgorithmParameterException
java.io.IOException
java.security.cert.CertificateException
java.security.KeyException
java.security.UnrecoverableKeyException
-
-