Class SslContext
- java.lang.Object
-
- io.netty.handler.ssl.SslContext
-
- Direct Known Subclasses:
DelegatingSslContext
,JdkSslContext
,ReferenceCountedOpenSslContext
public abstract class SslContext extends java.lang.Object
A secure socket protocol implementation which acts as a factory forSSLEngine
andSslHandler
. Internally, it is implemented via JDK'sSSLContext
or OpenSSL'sSSL_CTX
.Making your server support SSL/TLS
// In your
ChannelInitializer
:ChannelPipeline
p = channel.pipeline();SslContext
sslCtx =SslContextBuilder.forServer(...)
.build(); p.addLast("ssl",sslCtx.newHandler(channel.alloc())
); ...Making your client support SSL/TLS
// In your
ChannelInitializer
:ChannelPipeline
p = channel.pipeline();SslContext
sslCtx =SslContextBuilder.forClient()
.build(); p.addLast("ssl",sslCtx.newHandler(channel.alloc(), host, port)
); ...
-
-
Constructor Summary
Constructors Modifier Constructor Description protected
SslContext()
Creates a new instance (startTls set tofalse
).protected
SslContext(boolean startTls)
Creates a new instance.
-
Method Summary
All Methods Static Methods Instance Methods Abstract Methods Concrete Methods Deprecated Methods Modifier and Type Method Description abstract ApplicationProtocolNegotiator
applicationProtocolNegotiator()
Returns the object responsible for negotiating application layer protocols for the TLS NPN/ALPN extensions.AttributeMap
attributes()
Returns theAttributeMap
that belongs to thisSslContext
.protected static javax.net.ssl.KeyManagerFactory
buildKeyManagerFactory(java.security.cert.X509Certificate[] certChainFile, java.lang.String keyAlgorithm, java.security.PrivateKey key, java.lang.String keyPassword, javax.net.ssl.KeyManagerFactory kmf, java.lang.String keyStore)
protected static java.security.KeyStore
buildKeyStore(java.security.cert.X509Certificate[] certChain, java.security.PrivateKey key, char[] keyPasswordChars, java.lang.String keyStoreType)
Generates a newKeyStore
.protected static javax.net.ssl.TrustManagerFactory
buildTrustManagerFactory(java.io.File certChainFile, javax.net.ssl.TrustManagerFactory trustManagerFactory)
Deprecated.protected static javax.net.ssl.TrustManagerFactory
buildTrustManagerFactory(java.io.File certChainFile, javax.net.ssl.TrustManagerFactory trustManagerFactory, java.lang.String keyType)
Build aTrustManagerFactory
from a certificate chain file.protected static javax.net.ssl.TrustManagerFactory
buildTrustManagerFactory(java.security.cert.X509Certificate[] certCollection, javax.net.ssl.TrustManagerFactory trustManagerFactory, java.lang.String keyStoreType)
abstract java.util.List<java.lang.String>
cipherSuites()
Returns the list of enabled cipher suites, in the order of preference.static SslProvider
defaultClientProvider()
Returns the default client-side implementation provider currently in use.static SslProvider
defaultServerProvider()
Returns the default server-side implementation provider currently in use.protected static java.security.spec.PKCS8EncodedKeySpec
generateKeySpec(char[] password, byte[] key)
Deprecated.abstract boolean
isClient()
Returns thetrue
if and only if this context is for client-side.boolean
isServer()
Returnstrue
if and only if this context is for server-side.static SslContext
newClientContext()
Deprecated.Replaced bySslContextBuilder
static SslContext
newClientContext(SslProvider provider)
Deprecated.Replaced bySslContextBuilder
static SslContext
newClientContext(SslProvider provider, java.io.File certChainFile)
Deprecated.Replaced bySslContextBuilder
static SslContext
newClientContext(SslProvider provider, java.io.File certChainFile, javax.net.ssl.TrustManagerFactory trustManagerFactory)
Deprecated.Replaced bySslContextBuilder
static SslContext
newClientContext(SslProvider provider, java.io.File trustCertCollectionFile, javax.net.ssl.TrustManagerFactory trustManagerFactory, java.io.File keyCertChainFile, java.io.File keyFile, java.lang.String keyPassword, javax.net.ssl.KeyManagerFactory keyManagerFactory, java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout)
Deprecated.Replaced bySslContextBuilder
static SslContext
newClientContext(SslProvider provider, java.io.File certChainFile, javax.net.ssl.TrustManagerFactory trustManagerFactory, java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout)
Deprecated.Replaced bySslContextBuilder
static SslContext
newClientContext(SslProvider provider, java.io.File certChainFile, javax.net.ssl.TrustManagerFactory trustManagerFactory, java.lang.Iterable<java.lang.String> ciphers, java.lang.Iterable<java.lang.String> nextProtocols, long sessionCacheSize, long sessionTimeout)
Deprecated.Replaced bySslContextBuilder
static SslContext
newClientContext(SslProvider provider, javax.net.ssl.TrustManagerFactory trustManagerFactory)
Deprecated.Replaced bySslContextBuilder
static SslContext
newClientContext(java.io.File certChainFile)
Deprecated.Replaced bySslContextBuilder
static SslContext
newClientContext(java.io.File certChainFile, javax.net.ssl.TrustManagerFactory trustManagerFactory)
Deprecated.Replaced bySslContextBuilder
static SslContext
newClientContext(java.io.File certChainFile, javax.net.ssl.TrustManagerFactory trustManagerFactory, java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout)
Deprecated.Replaced bySslContextBuilder
static SslContext
newClientContext(java.io.File certChainFile, javax.net.ssl.TrustManagerFactory trustManagerFactory, java.lang.Iterable<java.lang.String> ciphers, java.lang.Iterable<java.lang.String> nextProtocols, long sessionCacheSize, long sessionTimeout)
Deprecated.Replaced bySslContextBuilder
static SslContext
newClientContext(javax.net.ssl.TrustManagerFactory trustManagerFactory)
Deprecated.Replaced bySslContextBuilder
abstract javax.net.ssl.SSLEngine
newEngine(ByteBufAllocator alloc)
Creates a newSSLEngine
.abstract javax.net.ssl.SSLEngine
newEngine(ByteBufAllocator alloc, java.lang.String peerHost, int peerPort)
Creates a newSSLEngine
using advisory peer information.SslHandler
newHandler(ByteBufAllocator alloc)
Create a new SslHandler.protected SslHandler
newHandler(ByteBufAllocator alloc, boolean startTls)
Create a new SslHandler.protected SslHandler
newHandler(ByteBufAllocator alloc, boolean startTls, java.util.concurrent.Executor executor)
Create a new SslHandler.SslHandler
newHandler(ByteBufAllocator alloc, java.lang.String peerHost, int peerPort)
Creates a newSslHandler
protected SslHandler
newHandler(ByteBufAllocator alloc, java.lang.String peerHost, int peerPort, boolean startTls)
Create a new SslHandler.protected SslHandler
newHandler(ByteBufAllocator alloc, java.lang.String peerHost, int peerPort, boolean startTls, java.util.concurrent.Executor delegatedTaskExecutor)
SslHandler
newHandler(ByteBufAllocator alloc, java.lang.String peerHost, int peerPort, java.util.concurrent.Executor delegatedTaskExecutor)
Creates a newSslHandler
with advisory peer information.SslHandler
newHandler(ByteBufAllocator alloc, java.util.concurrent.Executor delegatedTaskExecutor)
Creates a newSslHandler
.static SslContext
newServerContext(SslProvider provider, java.io.File certChainFile, java.io.File keyFile)
Deprecated.Replaced bySslContextBuilder
static SslContext
newServerContext(SslProvider provider, java.io.File certChainFile, java.io.File keyFile, java.lang.String keyPassword)
Deprecated.Replaced bySslContextBuilder
static SslContext
newServerContext(SslProvider provider, java.io.File certChainFile, java.io.File keyFile, java.lang.String keyPassword, java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout)
Deprecated.Replaced bySslContextBuilder
static SslContext
newServerContext(SslProvider provider, java.io.File certChainFile, java.io.File keyFile, java.lang.String keyPassword, java.lang.Iterable<java.lang.String> ciphers, java.lang.Iterable<java.lang.String> nextProtocols, long sessionCacheSize, long sessionTimeout)
Deprecated.Replaced bySslContextBuilder
static SslContext
newServerContext(SslProvider provider, java.io.File certChainFile, java.io.File keyFile, java.lang.String keyPassword, javax.net.ssl.TrustManagerFactory trustManagerFactory, java.lang.Iterable<java.lang.String> ciphers, java.lang.Iterable<java.lang.String> nextProtocols, long sessionCacheSize, long sessionTimeout)
Deprecated.Replaced bySslContextBuilder
static SslContext
newServerContext(SslProvider provider, java.io.File trustCertCollectionFile, javax.net.ssl.TrustManagerFactory trustManagerFactory, java.io.File keyCertChainFile, java.io.File keyFile, java.lang.String keyPassword, javax.net.ssl.KeyManagerFactory keyManagerFactory, java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout)
Deprecated.Replaced bySslContextBuilder
static SslContext
newServerContext(java.io.File certChainFile, java.io.File keyFile)
Deprecated.Replaced bySslContextBuilder
static SslContext
newServerContext(java.io.File certChainFile, java.io.File keyFile, java.lang.String keyPassword)
Deprecated.Replaced bySslContextBuilder
static SslContext
newServerContext(java.io.File certChainFile, java.io.File keyFile, java.lang.String keyPassword, java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout)
Deprecated.Replaced bySslContextBuilder
static SslContext
newServerContext(java.io.File certChainFile, java.io.File keyFile, java.lang.String keyPassword, java.lang.Iterable<java.lang.String> ciphers, java.lang.Iterable<java.lang.String> nextProtocols, long sessionCacheSize, long sessionTimeout)
Deprecated.Replaced bySslContextBuilder
java.util.List<java.lang.String>
nextProtocols()
Deprecated.UseapplicationProtocolNegotiator()
instead.long
sessionCacheSize()
Returns the size of the cache used for storing SSL session objects.abstract javax.net.ssl.SSLSessionContext
sessionContext()
Returns theSSLSessionContext
object held by this context.long
sessionTimeout()
Returns the timeout for the cached SSL session objects, in seconds.protected static java.security.PrivateKey
toPrivateKey(java.io.File keyFile, java.lang.String keyPassword)
protected static java.security.PrivateKey
toPrivateKey(java.io.InputStream keyInputStream, java.lang.String keyPassword)
protected static java.security.cert.X509Certificate[]
toX509Certificates(java.io.File file)
protected static java.security.cert.X509Certificate[]
toX509Certificates(java.io.InputStream in)
-
-
-
Method Detail
-
defaultServerProvider
public static SslProvider defaultServerProvider()
Returns the default server-side implementation provider currently in use.- Returns:
SslProvider.OPENSSL
if OpenSSL is available.SslProvider.JDK
otherwise.
-
defaultClientProvider
public static SslProvider defaultClientProvider()
Returns the default client-side implementation provider currently in use.- Returns:
SslProvider.OPENSSL
if OpenSSL is available.SslProvider.JDK
otherwise.
-
newServerContext
@Deprecated public static SslContext newServerContext(java.io.File certChainFile, java.io.File keyFile) throws javax.net.ssl.SSLException
Deprecated.Replaced bySslContextBuilder
Creates a new server-sideSslContext
.- Parameters:
certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM format- Returns:
- a new server-side
SslContext
- Throws:
javax.net.ssl.SSLException
-
newServerContext
@Deprecated public static SslContext newServerContext(java.io.File certChainFile, java.io.File keyFile, java.lang.String keyPassword) throws javax.net.ssl.SSLException
Deprecated.Replaced bySslContextBuilder
Creates a new server-sideSslContext
.- Parameters:
certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of thekeyFile
.null
if it's not password-protected.- Returns:
- a new server-side
SslContext
- Throws:
javax.net.ssl.SSLException
-
newServerContext
@Deprecated public static SslContext newServerContext(java.io.File certChainFile, java.io.File keyFile, java.lang.String keyPassword, java.lang.Iterable<java.lang.String> ciphers, java.lang.Iterable<java.lang.String> nextProtocols, long sessionCacheSize, long sessionTimeout) throws javax.net.ssl.SSLException
Deprecated.Replaced bySslContextBuilder
Creates a new server-sideSslContext
.- Parameters:
certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of thekeyFile
.null
if it's not password-protected.ciphers
- the cipher suites to enable, in the order of preference.null
to use the default cipher suites.nextProtocols
- the application layer protocols to accept, in the order of preference.null
to disable TLS NPN/ALPN extension.sessionCacheSize
- the size of the cache used for storing SSL session objects.0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.0
to use the default value.- Returns:
- a new server-side
SslContext
- Throws:
javax.net.ssl.SSLException
-
newServerContext
@Deprecated public static SslContext newServerContext(java.io.File certChainFile, java.io.File keyFile, java.lang.String keyPassword, java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout) throws javax.net.ssl.SSLException
Deprecated.Replaced bySslContextBuilder
Creates a new server-sideSslContext
.- Parameters:
certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of thekeyFile
.null
if it's not password-protected.ciphers
- the cipher suites to enable, in the order of preference.null
to use the default cipher suites.cipherFilter
- a filter to apply over the supplied list of ciphersapn
- Provides a means to configure parameters related to application protocol negotiation.sessionCacheSize
- the size of the cache used for storing SSL session objects.0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.0
to use the default value.- Returns:
- a new server-side
SslContext
- Throws:
javax.net.ssl.SSLException
-
newServerContext
@Deprecated public static SslContext newServerContext(SslProvider provider, java.io.File certChainFile, java.io.File keyFile) throws javax.net.ssl.SSLException
Deprecated.Replaced bySslContextBuilder
Creates a new server-sideSslContext
.- Parameters:
provider
- theSslContext
implementation to use.null
to use the current default one.certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM format- Returns:
- a new server-side
SslContext
- Throws:
javax.net.ssl.SSLException
-
newServerContext
@Deprecated public static SslContext newServerContext(SslProvider provider, java.io.File certChainFile, java.io.File keyFile, java.lang.String keyPassword) throws javax.net.ssl.SSLException
Deprecated.Replaced bySslContextBuilder
Creates a new server-sideSslContext
.- Parameters:
provider
- theSslContext
implementation to use.null
to use the current default one.certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of thekeyFile
.null
if it's not password-protected.- Returns:
- a new server-side
SslContext
- Throws:
javax.net.ssl.SSLException
-
newServerContext
@Deprecated public static SslContext newServerContext(SslProvider provider, java.io.File certChainFile, java.io.File keyFile, java.lang.String keyPassword, java.lang.Iterable<java.lang.String> ciphers, java.lang.Iterable<java.lang.String> nextProtocols, long sessionCacheSize, long sessionTimeout) throws javax.net.ssl.SSLException
Deprecated.Replaced bySslContextBuilder
Creates a new server-sideSslContext
.- Parameters:
provider
- theSslContext
implementation to use.null
to use the current default one.certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of thekeyFile
.null
if it's not password-protected.ciphers
- the cipher suites to enable, in the order of preference.null
to use the default cipher suites.nextProtocols
- the application layer protocols to accept, in the order of preference.null
to disable TLS NPN/ALPN extension.sessionCacheSize
- the size of the cache used for storing SSL session objects.0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.0
to use the default value.- Returns:
- a new server-side
SslContext
- Throws:
javax.net.ssl.SSLException
-
newServerContext
@Deprecated public static SslContext newServerContext(SslProvider provider, java.io.File certChainFile, java.io.File keyFile, java.lang.String keyPassword, javax.net.ssl.TrustManagerFactory trustManagerFactory, java.lang.Iterable<java.lang.String> ciphers, java.lang.Iterable<java.lang.String> nextProtocols, long sessionCacheSize, long sessionTimeout) throws javax.net.ssl.SSLException
Deprecated.Replaced bySslContextBuilder
Creates a new server-sideSslContext
.- Parameters:
provider
- theSslContext
implementation to use.null
to use the current default one.certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of thekeyFile
.null
if it's not password-protected.trustManagerFactory
- theTrustManagerFactory
that provides theTrustManager
s that verifies the certificates sent from servers.null
to use the default.ciphers
- the cipher suites to enable, in the order of preference.null
to use the default cipher suites.nextProtocols
- the application layer protocols to accept, in the order of preference.null
to disable TLS NPN/ALPN extension.sessionCacheSize
- the size of the cache used for storing SSL session objects.0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.0
to use the default value.- Returns:
- a new server-side
SslContext
- Throws:
javax.net.ssl.SSLException
-
newServerContext
@Deprecated public static SslContext newServerContext(SslProvider provider, java.io.File certChainFile, java.io.File keyFile, java.lang.String keyPassword, java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout) throws javax.net.ssl.SSLException
Deprecated.Replaced bySslContextBuilder
Creates a new server-sideSslContext
.- Parameters:
provider
- theSslContext
implementation to use.null
to use the current default one.certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of thekeyFile
.null
if it's not password-protected.ciphers
- the cipher suites to enable, in the order of preference.null
to use the default cipher suites.cipherFilter
- a filter to apply over the supplied list of ciphers Only required ifprovider
isSslProvider.JDK
apn
- Provides a means to configure parameters related to application protocol negotiation.sessionCacheSize
- the size of the cache used for storing SSL session objects.0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.0
to use the default value.- Returns:
- a new server-side
SslContext
- Throws:
javax.net.ssl.SSLException
-
newServerContext
@Deprecated public static SslContext newServerContext(SslProvider provider, java.io.File trustCertCollectionFile, javax.net.ssl.TrustManagerFactory trustManagerFactory, java.io.File keyCertChainFile, java.io.File keyFile, java.lang.String keyPassword, javax.net.ssl.KeyManagerFactory keyManagerFactory, java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout) throws javax.net.ssl.SSLException
Deprecated.Replaced bySslContextBuilder
Creates a new server-sideSslContext
.- Parameters:
provider
- theSslContext
implementation to use.null
to use the current default one.trustCertCollectionFile
- an X.509 certificate collection file in PEM format. This provides the certificate collection used for mutual authentication.null
to use the system defaulttrustManagerFactory
- theTrustManagerFactory
that provides theTrustManager
s that verifies the certificates sent from clients.null
to use the default or the results of parsingtrustCertCollectionFile
. This parameter is ignored ifprovider
is notSslProvider.JDK
.keyCertChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of thekeyFile
.null
if it's not password-protected.keyManagerFactory
- theKeyManagerFactory
that provides theKeyManager
s that is used to encrypt data being sent to clients.null
to use the default or the results of parsingkeyCertChainFile
andkeyFile
. This parameter is ignored ifprovider
is notSslProvider.JDK
.ciphers
- the cipher suites to enable, in the order of preference.null
to use the default cipher suites.cipherFilter
- a filter to apply over the supplied list of ciphers Only required ifprovider
isSslProvider.JDK
apn
- Provides a means to configure parameters related to application protocol negotiation.sessionCacheSize
- the size of the cache used for storing SSL session objects.0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.0
to use the default value.- Returns:
- a new server-side
SslContext
- Throws:
javax.net.ssl.SSLException
-
newClientContext
@Deprecated public static SslContext newClientContext() throws javax.net.ssl.SSLException
Deprecated.Replaced bySslContextBuilder
Creates a new client-sideSslContext
.- Returns:
- a new client-side
SslContext
- Throws:
javax.net.ssl.SSLException
-
newClientContext
@Deprecated public static SslContext newClientContext(java.io.File certChainFile) throws javax.net.ssl.SSLException
Deprecated.Replaced bySslContextBuilder
Creates a new client-sideSslContext
.- Parameters:
certChainFile
- an X.509 certificate chain file in PEM format- Returns:
- a new client-side
SslContext
- Throws:
javax.net.ssl.SSLException
-
newClientContext
@Deprecated public static SslContext newClientContext(javax.net.ssl.TrustManagerFactory trustManagerFactory) throws javax.net.ssl.SSLException
Deprecated.Replaced bySslContextBuilder
Creates a new client-sideSslContext
.- Parameters:
trustManagerFactory
- theTrustManagerFactory
that provides theTrustManager
s that verifies the certificates sent from servers.null
to use the default.- Returns:
- a new client-side
SslContext
- Throws:
javax.net.ssl.SSLException
-
newClientContext
@Deprecated public static SslContext newClientContext(java.io.File certChainFile, javax.net.ssl.TrustManagerFactory trustManagerFactory) throws javax.net.ssl.SSLException
Deprecated.Replaced bySslContextBuilder
Creates a new client-sideSslContext
.- Parameters:
certChainFile
- an X.509 certificate chain file in PEM format.null
to use the system defaulttrustManagerFactory
- theTrustManagerFactory
that provides theTrustManager
s that verifies the certificates sent from servers.null
to use the default.- Returns:
- a new client-side
SslContext
- Throws:
javax.net.ssl.SSLException
-
newClientContext
@Deprecated public static SslContext newClientContext(java.io.File certChainFile, javax.net.ssl.TrustManagerFactory trustManagerFactory, java.lang.Iterable<java.lang.String> ciphers, java.lang.Iterable<java.lang.String> nextProtocols, long sessionCacheSize, long sessionTimeout) throws javax.net.ssl.SSLException
Deprecated.Replaced bySslContextBuilder
Creates a new client-sideSslContext
.- Parameters:
certChainFile
- an X.509 certificate chain file in PEM format.null
to use the system defaulttrustManagerFactory
- theTrustManagerFactory
that provides theTrustManager
s that verifies the certificates sent from servers.null
to use the default.ciphers
- the cipher suites to enable, in the order of preference.null
to use the default cipher suites.nextProtocols
- the application layer protocols to accept, in the order of preference.null
to disable TLS NPN/ALPN extension.sessionCacheSize
- the size of the cache used for storing SSL session objects.0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.0
to use the default value.- Returns:
- a new client-side
SslContext
- Throws:
javax.net.ssl.SSLException
-
newClientContext
@Deprecated public static SslContext newClientContext(java.io.File certChainFile, javax.net.ssl.TrustManagerFactory trustManagerFactory, java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout) throws javax.net.ssl.SSLException
Deprecated.Replaced bySslContextBuilder
Creates a new client-sideSslContext
.- Parameters:
certChainFile
- an X.509 certificate chain file in PEM format.null
to use the system defaulttrustManagerFactory
- theTrustManagerFactory
that provides theTrustManager
s that verifies the certificates sent from servers.null
to use the default.ciphers
- the cipher suites to enable, in the order of preference.null
to use the default cipher suites.cipherFilter
- a filter to apply over the supplied list of ciphersapn
- Provides a means to configure parameters related to application protocol negotiation.sessionCacheSize
- the size of the cache used for storing SSL session objects.0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.0
to use the default value.- Returns:
- a new client-side
SslContext
- Throws:
javax.net.ssl.SSLException
-
newClientContext
@Deprecated public static SslContext newClientContext(SslProvider provider) throws javax.net.ssl.SSLException
Deprecated.Replaced bySslContextBuilder
Creates a new client-sideSslContext
.- Parameters:
provider
- theSslContext
implementation to use.null
to use the current default one.- Returns:
- a new client-side
SslContext
- Throws:
javax.net.ssl.SSLException
-
newClientContext
@Deprecated public static SslContext newClientContext(SslProvider provider, java.io.File certChainFile) throws javax.net.ssl.SSLException
Deprecated.Replaced bySslContextBuilder
Creates a new client-sideSslContext
.- Parameters:
provider
- theSslContext
implementation to use.null
to use the current default one.certChainFile
- an X.509 certificate chain file in PEM format.null
to use the system default- Returns:
- a new client-side
SslContext
- Throws:
javax.net.ssl.SSLException
-
newClientContext
@Deprecated public static SslContext newClientContext(SslProvider provider, javax.net.ssl.TrustManagerFactory trustManagerFactory) throws javax.net.ssl.SSLException
Deprecated.Replaced bySslContextBuilder
Creates a new client-sideSslContext
.- Parameters:
provider
- theSslContext
implementation to use.null
to use the current default one.trustManagerFactory
- theTrustManagerFactory
that provides theTrustManager
s that verifies the certificates sent from servers.null
to use the default.- Returns:
- a new client-side
SslContext
- Throws:
javax.net.ssl.SSLException
-
newClientContext
@Deprecated public static SslContext newClientContext(SslProvider provider, java.io.File certChainFile, javax.net.ssl.TrustManagerFactory trustManagerFactory) throws javax.net.ssl.SSLException
Deprecated.Replaced bySslContextBuilder
Creates a new client-sideSslContext
.- Parameters:
provider
- theSslContext
implementation to use.null
to use the current default one.certChainFile
- an X.509 certificate chain file in PEM format.null
to use the system defaulttrustManagerFactory
- theTrustManagerFactory
that provides theTrustManager
s that verifies the certificates sent from servers.null
to use the default.- Returns:
- a new client-side
SslContext
- Throws:
javax.net.ssl.SSLException
-
newClientContext
@Deprecated public static SslContext newClientContext(SslProvider provider, java.io.File certChainFile, javax.net.ssl.TrustManagerFactory trustManagerFactory, java.lang.Iterable<java.lang.String> ciphers, java.lang.Iterable<java.lang.String> nextProtocols, long sessionCacheSize, long sessionTimeout) throws javax.net.ssl.SSLException
Deprecated.Replaced bySslContextBuilder
Creates a new client-sideSslContext
.- Parameters:
provider
- theSslContext
implementation to use.null
to use the current default one.certChainFile
- an X.509 certificate chain file in PEM format.null
to use the system defaulttrustManagerFactory
- theTrustManagerFactory
that provides theTrustManager
s that verifies the certificates sent from servers.null
to use the default.ciphers
- the cipher suites to enable, in the order of preference.null
to use the default cipher suites.nextProtocols
- the application layer protocols to accept, in the order of preference.null
to disable TLS NPN/ALPN extension.sessionCacheSize
- the size of the cache used for storing SSL session objects.0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.0
to use the default value.- Returns:
- a new client-side
SslContext
- Throws:
javax.net.ssl.SSLException
-
newClientContext
@Deprecated public static SslContext newClientContext(SslProvider provider, java.io.File certChainFile, javax.net.ssl.TrustManagerFactory trustManagerFactory, java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout) throws javax.net.ssl.SSLException
Deprecated.Replaced bySslContextBuilder
Creates a new client-sideSslContext
.- Parameters:
provider
- theSslContext
implementation to use.null
to use the current default one.certChainFile
- an X.509 certificate chain file in PEM format.null
to use the system defaulttrustManagerFactory
- theTrustManagerFactory
that provides theTrustManager
s that verifies the certificates sent from servers.null
to use the default.ciphers
- the cipher suites to enable, in the order of preference.null
to use the default cipher suites.cipherFilter
- a filter to apply over the supplied list of ciphersapn
- Provides a means to configure parameters related to application protocol negotiation.sessionCacheSize
- the size of the cache used for storing SSL session objects.0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.0
to use the default value.- Returns:
- a new client-side
SslContext
- Throws:
javax.net.ssl.SSLException
-
newClientContext
@Deprecated public static SslContext newClientContext(SslProvider provider, java.io.File trustCertCollectionFile, javax.net.ssl.TrustManagerFactory trustManagerFactory, java.io.File keyCertChainFile, java.io.File keyFile, java.lang.String keyPassword, javax.net.ssl.KeyManagerFactory keyManagerFactory, java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout) throws javax.net.ssl.SSLException
Deprecated.Replaced bySslContextBuilder
Creates a new client-sideSslContext
.- Parameters:
provider
- theSslContext
implementation to use.null
to use the current default one.trustCertCollectionFile
- an X.509 certificate collection file in PEM format.null
to use the system defaulttrustManagerFactory
- theTrustManagerFactory
that provides theTrustManager
s that verifies the certificates sent from servers.null
to use the default or the results of parsingtrustCertCollectionFile
. This parameter is ignored ifprovider
is notSslProvider.JDK
.keyCertChainFile
- an X.509 certificate chain file in PEM format. This provides the public key for mutual authentication.null
to use the system defaultkeyFile
- a PKCS#8 private key file in PEM format. This provides the private key for mutual authentication.null
for no mutual authentication.keyPassword
- the password of thekeyFile
.null
if it's not password-protected. Ignored ifkeyFile
isnull
.keyManagerFactory
- theKeyManagerFactory
that provides theKeyManager
s that is used to encrypt data being sent to servers.null
to use the default or the results of parsingkeyCertChainFile
andkeyFile
. This parameter is ignored ifprovider
is notSslProvider.JDK
.ciphers
- the cipher suites to enable, in the order of preference.null
to use the default cipher suites.cipherFilter
- a filter to apply over the supplied list of ciphersapn
- Provides a means to configure parameters related to application protocol negotiation.sessionCacheSize
- the size of the cache used for storing SSL session objects.0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.0
to use the default value.- Returns:
- a new client-side
SslContext
- Throws:
javax.net.ssl.SSLException
-
attributes
public final AttributeMap attributes()
Returns theAttributeMap
that belongs to thisSslContext
.
-
isServer
public final boolean isServer()
Returnstrue
if and only if this context is for server-side.
-
isClient
public abstract boolean isClient()
Returns thetrue
if and only if this context is for client-side.
-
cipherSuites
public abstract java.util.List<java.lang.String> cipherSuites()
Returns the list of enabled cipher suites, in the order of preference.
-
sessionCacheSize
public long sessionCacheSize()
Returns the size of the cache used for storing SSL session objects.
-
sessionTimeout
public long sessionTimeout()
Returns the timeout for the cached SSL session objects, in seconds.
-
nextProtocols
@Deprecated public final java.util.List<java.lang.String> nextProtocols()
Deprecated.UseapplicationProtocolNegotiator()
instead.
-
applicationProtocolNegotiator
public abstract ApplicationProtocolNegotiator applicationProtocolNegotiator()
Returns the object responsible for negotiating application layer protocols for the TLS NPN/ALPN extensions.
-
newEngine
public abstract javax.net.ssl.SSLEngine newEngine(ByteBufAllocator alloc)
Creates a newSSLEngine
.If
SslProvider.OPENSSL_REFCNT
is used then the object must be released. One way to do this is to wrap in aSslHandler
and insert it into a pipeline. SeenewHandler(ByteBufAllocator)
.- Returns:
- a new
SSLEngine
-
newEngine
public abstract javax.net.ssl.SSLEngine newEngine(ByteBufAllocator alloc, java.lang.String peerHost, int peerPort)
Creates a newSSLEngine
using advisory peer information.If
SslProvider.OPENSSL_REFCNT
is used then the object must be released. One way to do this is to wrap in aSslHandler
and insert it into a pipeline. SeenewHandler(ByteBufAllocator, String, int)
.- Parameters:
peerHost
- the non-authoritative name of the hostpeerPort
- the non-authoritative port- Returns:
- a new
SSLEngine
-
sessionContext
public abstract javax.net.ssl.SSLSessionContext sessionContext()
Returns theSSLSessionContext
object held by this context.
-
newHandler
public final SslHandler newHandler(ByteBufAllocator alloc)
Create a new SslHandler.- See Also:
newHandler(ByteBufAllocator, Executor)
-
newHandler
protected SslHandler newHandler(ByteBufAllocator alloc, boolean startTls)
Create a new SslHandler.- See Also:
newHandler(ByteBufAllocator)
-
newHandler
public SslHandler newHandler(ByteBufAllocator alloc, java.util.concurrent.Executor delegatedTaskExecutor)
Creates a newSslHandler
.If
SslProvider.OPENSSL_REFCNT
is used then the returnedSslHandler
will release the engine that is wrapped. If the returnedSslHandler
is not inserted into a pipeline then you may leak native memory!Beware: the underlying generated
SSLEngine
won't have hostname verification enabled by default. If you createSslHandler
for the client side and want proper security, we advice that you configure theSSLEngine
(seeSSLParameters.setEndpointIdentificationAlgorithm(String)
):SSLEngine sslEngine = sslHandler.engine(); SSLParameters sslParameters = sslEngine.getSSLParameters(); // only available since Java 7 sslParameters.setEndpointIdentificationAlgorithm("HTTPS"); sslEngine.setSSLParameters(sslParameters);
The underlying
SSLEngine
may not follow the restrictions imposed by the SSLEngine javadocs which limits wrap/unwrap to operate on a single SSL/TLS packet.- Parameters:
alloc
- If supported by the SSLEngine then the SSLEngine will use this to allocate ByteBuf objects.delegatedTaskExecutor
- theExecutor
that will be used to execute tasks that are returned bySSLEngine.getDelegatedTask()
.- Returns:
- a new
SslHandler
-
newHandler
protected SslHandler newHandler(ByteBufAllocator alloc, boolean startTls, java.util.concurrent.Executor executor)
Create a new SslHandler.
-
newHandler
public final SslHandler newHandler(ByteBufAllocator alloc, java.lang.String peerHost, int peerPort)
Creates a newSslHandler
-
newHandler
protected SslHandler newHandler(ByteBufAllocator alloc, java.lang.String peerHost, int peerPort, boolean startTls)
Create a new SslHandler.
-
newHandler
public SslHandler newHandler(ByteBufAllocator alloc, java.lang.String peerHost, int peerPort, java.util.concurrent.Executor delegatedTaskExecutor)
Creates a newSslHandler
with advisory peer information.If
SslProvider.OPENSSL_REFCNT
is used then the returnedSslHandler
will release the engine that is wrapped. If the returnedSslHandler
is not inserted into a pipeline then you may leak native memory!Beware: the underlying generated
SSLEngine
won't have hostname verification enabled by default. If you createSslHandler
for the client side and want proper security, we advice that you configure theSSLEngine
(seeSSLParameters.setEndpointIdentificationAlgorithm(String)
):SSLEngine sslEngine = sslHandler.engine(); SSLParameters sslParameters = sslEngine.getSSLParameters(); // only available since Java 7 sslParameters.setEndpointIdentificationAlgorithm("HTTPS"); sslEngine.setSSLParameters(sslParameters);
The underlying
SSLEngine
may not follow the restrictions imposed by the SSLEngine javadocs which limits wrap/unwrap to operate on a single SSL/TLS packet.- Parameters:
alloc
- If supported by the SSLEngine then the SSLEngine will use this to allocate ByteBuf objects.peerHost
- the non-authoritative name of the hostpeerPort
- the non-authoritative portdelegatedTaskExecutor
- theExecutor
that will be used to execute tasks that are returned bySSLEngine.getDelegatedTask()
.- Returns:
- a new
SslHandler
-
newHandler
protected SslHandler newHandler(ByteBufAllocator alloc, java.lang.String peerHost, int peerPort, boolean startTls, java.util.concurrent.Executor delegatedTaskExecutor)
-
generateKeySpec
@Deprecated protected static java.security.spec.PKCS8EncodedKeySpec generateKeySpec(char[] password, byte[] key) throws java.io.IOException, java.security.NoSuchAlgorithmException, javax.crypto.NoSuchPaddingException, java.security.spec.InvalidKeySpecException, java.security.InvalidKeyException, java.security.InvalidAlgorithmParameterException
Deprecated.Generates a key specification for an (encrypted) private key.- Parameters:
password
- characters, ifnull
an unencrypted key is assumedkey
- bytes of the DER encoded private key- Returns:
- a key specification
- Throws:
java.io.IOException
- if parsingkey
failsjava.security.NoSuchAlgorithmException
- if the algorithm used to encryptkey
is unknownjavax.crypto.NoSuchPaddingException
- if the padding scheme specified in the decryption algorithm is unknownjava.security.spec.InvalidKeySpecException
- if the decryption key based onpassword
cannot be generatedjava.security.InvalidKeyException
- if the decryption key based onpassword
cannot be used to decryptkey
java.security.InvalidAlgorithmParameterException
- if decryption algorithm parameters are somehow faulty
-
buildKeyStore
protected static java.security.KeyStore buildKeyStore(java.security.cert.X509Certificate[] certChain, java.security.PrivateKey key, char[] keyPasswordChars, java.lang.String keyStoreType) throws java.security.KeyStoreException, java.security.NoSuchAlgorithmException, java.security.cert.CertificateException, java.io.IOException
Generates a newKeyStore
.- Parameters:
certChain
- an X.509 certificate chainkey
- a PKCS#8 private keykeyPasswordChars
- the password of thekeyFile
.null
if it's not password-protected.keyStoreType
- The KeyStore Type you want to use- Returns:
- generated
KeyStore
. - Throws:
java.security.KeyStoreException
java.security.NoSuchAlgorithmException
java.security.cert.CertificateException
java.io.IOException
-
toPrivateKey
protected static java.security.PrivateKey toPrivateKey(java.io.File keyFile, java.lang.String keyPassword) throws java.security.NoSuchAlgorithmException, javax.crypto.NoSuchPaddingException, java.security.spec.InvalidKeySpecException, java.security.InvalidAlgorithmParameterException, java.security.KeyException, java.io.IOException
- Throws:
java.security.NoSuchAlgorithmException
javax.crypto.NoSuchPaddingException
java.security.spec.InvalidKeySpecException
java.security.InvalidAlgorithmParameterException
java.security.KeyException
java.io.IOException
-
toPrivateKey
protected static java.security.PrivateKey toPrivateKey(java.io.InputStream keyInputStream, java.lang.String keyPassword) throws java.security.NoSuchAlgorithmException, javax.crypto.NoSuchPaddingException, java.security.spec.InvalidKeySpecException, java.security.InvalidAlgorithmParameterException, java.security.KeyException, java.io.IOException
- Throws:
java.security.NoSuchAlgorithmException
javax.crypto.NoSuchPaddingException
java.security.spec.InvalidKeySpecException
java.security.InvalidAlgorithmParameterException
java.security.KeyException
java.io.IOException
-
buildTrustManagerFactory
@Deprecated protected static javax.net.ssl.TrustManagerFactory buildTrustManagerFactory(java.io.File certChainFile, javax.net.ssl.TrustManagerFactory trustManagerFactory) throws java.security.NoSuchAlgorithmException, java.security.cert.CertificateException, java.security.KeyStoreException, java.io.IOException
Deprecated.Build aTrustManagerFactory
from a certificate chain file.- Parameters:
certChainFile
- The certificate file to build from.trustManagerFactory
- The existingTrustManagerFactory
that will be used if notnull
.- Returns:
- A
TrustManagerFactory
which contains the certificates incertChainFile
- Throws:
java.security.NoSuchAlgorithmException
java.security.cert.CertificateException
java.security.KeyStoreException
java.io.IOException
-
buildTrustManagerFactory
protected static javax.net.ssl.TrustManagerFactory buildTrustManagerFactory(java.io.File certChainFile, javax.net.ssl.TrustManagerFactory trustManagerFactory, java.lang.String keyType) throws java.security.NoSuchAlgorithmException, java.security.cert.CertificateException, java.security.KeyStoreException, java.io.IOException
Build aTrustManagerFactory
from a certificate chain file.- Parameters:
certChainFile
- The certificate file to build from.trustManagerFactory
- The existingTrustManagerFactory
that will be used if notnull
.keyType
- The KeyStore Type you want to use- Returns:
- A
TrustManagerFactory
which contains the certificates incertChainFile
- Throws:
java.security.NoSuchAlgorithmException
java.security.cert.CertificateException
java.security.KeyStoreException
java.io.IOException
-
toX509Certificates
protected static java.security.cert.X509Certificate[] toX509Certificates(java.io.File file) throws java.security.cert.CertificateException
- Throws:
java.security.cert.CertificateException
-
toX509Certificates
protected static java.security.cert.X509Certificate[] toX509Certificates(java.io.InputStream in) throws java.security.cert.CertificateException
- Throws:
java.security.cert.CertificateException
-
buildTrustManagerFactory
protected static javax.net.ssl.TrustManagerFactory buildTrustManagerFactory(java.security.cert.X509Certificate[] certCollection, javax.net.ssl.TrustManagerFactory trustManagerFactory, java.lang.String keyStoreType) throws java.security.NoSuchAlgorithmException, java.security.cert.CertificateException, java.security.KeyStoreException, java.io.IOException
- Throws:
java.security.NoSuchAlgorithmException
java.security.cert.CertificateException
java.security.KeyStoreException
java.io.IOException
-
buildKeyManagerFactory
protected static javax.net.ssl.KeyManagerFactory buildKeyManagerFactory(java.security.cert.X509Certificate[] certChainFile, java.lang.String keyAlgorithm, java.security.PrivateKey key, java.lang.String keyPassword, javax.net.ssl.KeyManagerFactory kmf, java.lang.String keyStore) throws java.security.KeyStoreException, java.security.NoSuchAlgorithmException, java.io.IOException, java.security.cert.CertificateException, java.security.UnrecoverableKeyException
- Throws:
java.security.KeyStoreException
java.security.NoSuchAlgorithmException
java.io.IOException
java.security.cert.CertificateException
java.security.UnrecoverableKeyException
-
-