java.lang.Object
- io.netty.handler.ssl.OpenSslCredentialBuilder

public final class OpenSslCredentialBuilder
extends java.lang.Object

Builder for creating OpenSslCredential instances.

This builder provides a fluent API for configuring SSL credentials with support for:

X.509 credentials
Certificate chains and private keys
Trust anchor identifiers (optional)

Example usage:

 // Create credential with trust anchor (optional)
 ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier("1.3.6.1.4.1.11129.9.10"); // Google's taiWE1
 byte[] trustAnchorBytes = oid.getEncoded();

 OpenSslCredential credential = OpenSslCredentialBuilder.forX509(privateKey, cert1, cert2, cert3)
     .trustAnchorId(trustAnchorBytes)  // optional
     .build();

This is a BoringSSL-specific feature.

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`OpenSslCredential`	`build()`	Builds the `OpenSslCredential` instance.
`static OpenSslCredentialBuilder`	`forX509(java.security.PrivateKey privateKey, java.security.cert.X509Certificate... certificateChain)`	Creates a new builder for an X.509 credential with a Java PrivateKey.
`OpenSslCredentialBuilder`	`mustMatchIssuer(boolean mustMatchIssuer)`	Sets whether the issuer must match for this credential.
`OpenSslCredentialBuilder`	`trustAnchorId(byte[] trustAnchorId)`	Sets the trust anchor identifier for this credential.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Method Detail
  - forX509
```
public static OpenSslCredentialBuilder forX509(java.security.PrivateKey privateKey,
                                               java.security.cert.X509Certificate... certificateChain)
```
    Creates a new builder for an X.509 credential with a Java PrivateKey.
    
    Parameters:
    
    privateKey - the private key (required)
    
    certificateChain - the certificate chain, starting with the leaf certificate (required)
    
    Returns:
    
    a new builder instance
  - trustAnchorId
```
public OpenSslCredentialBuilder trustAnchorId(byte[] trustAnchorId)
```
    Sets the trust anchor identifier for this credential.
    The trust anchor identifier should be ASN.1 DER encoded bytes. To convert from an OID string, use BouncyCastle's ASN1Encodable:
    // Example: Google's taiWE1 OID from https://pki.goog/oids/index.html ASN1ObjectIdentifier oid = new ASN1ObjectIdentifier("1.3.6.1.4.1.11129.9.10"); byte[] encoded = oid.getEncoded(); credential.trustAnchorId(encoded);
    Parameters:
    
    trustAnchorId - the trust anchor identifier as ASN.1 DER encoded bytes
    
    Returns:
    
    this builder for chaining
  - mustMatchIssuer
```
public OpenSslCredentialBuilder mustMatchIssuer(boolean mustMatchIssuer)
```
    Sets whether the issuer must match for this credential.
    
    Parameters:
    
    mustMatchIssuer - true if issuer must match
    
    Returns:
    
    this builder for chaining
  - build
```
public OpenSslCredential build()
```
    Builds the OpenSslCredential instance.
    
    Returns:
    
    a new credential instance
    
    Throws:
    
    java.lang.IllegalStateException - if an error occurs during credential creation

Class OpenSslCredentialBuilder

Method Summary

Methods inherited from class java.lang.Object

Method Detail

forX509

trustAnchorId

mustMatchIssuer

build