Package io.netty.handler.ssl

Class SslContext

    • Constructor Detail

      • SslContext

        protected SslContext()
        Creates a new instance (startTls set to false).

      • SslContext

        protected SslContext​(boolean startTls)
        Creates a new instance.

    • Method Detail

      • defaultServerProvider

        public static SslProvider defaultServerProvider()
        Returns the default server-side implementation provider currently in use.
        Returns:
        SslProvider.OPENSSL if OpenSSL is available. SslProvider.JDK otherwise.

      • defaultClientProvider

        public static SslProvider defaultClientProvider()
        Returns the default client-side implementation provider currently in use.
        Returns:
        SslProvider.OPENSSL if OpenSSL is available. SslProvider.JDK otherwise.

      • newServerContext

        @Deprecated
public static SslContext newServerContext​(java.io.File certChainFile,
                                          java.io.File keyFile)
                                   throws javax.net.ssl.SSLException
        Deprecated.
        Replaced by SslContextBuilder
        Creates a new server-side SslContext.
        Parameters:
        certChainFile - an X.509 certificate chain file in PEM format
        keyFile - a PKCS#8 private key file in PEM format
        Returns:
        a new server-side SslContext
        Throws:
        javax.net.ssl.SSLException

      • newServerContext

        @Deprecated
public static SslContext newServerContext​(java.io.File certChainFile,
                                          java.io.File keyFile,
                                          java.lang.String keyPassword)
                                   throws javax.net.ssl.SSLException
        Deprecated.
        Replaced by SslContextBuilder
        Creates a new server-side SslContext.
        Parameters:
        certChainFile - an X.509 certificate chain file in PEM format
        keyFile - a PKCS#8 private key file in PEM format
        keyPassword - the password of the keyFile. null if it's not password-protected.
        Returns:
        a new server-side SslContext
        Throws:
        javax.net.ssl.SSLException

      • newServerContext

        @Deprecated
public static SslContext newServerContext​(java.io.File certChainFile,
                                          java.io.File keyFile,
                                          java.lang.String keyPassword,
                                          java.lang.Iterable<java.lang.String> ciphers,
                                          java.lang.Iterable<java.lang.String> nextProtocols,
                                          long sessionCacheSize,
                                          long sessionTimeout)
                                   throws javax.net.ssl.SSLException
        Deprecated.
        Replaced by SslContextBuilder
        Creates a new server-side SslContext.
        Parameters:
        certChainFile - an X.509 certificate chain file in PEM format
        keyFile - a PKCS#8 private key file in PEM format
        keyPassword - the password of the keyFile. null if it's not password-protected.
        ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.
        nextProtocols - the application layer protocols to accept, in the order of preference. null to disable TLS NPN/ALPN extension.
        sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.
        sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.
        Returns:
        a new server-side SslContext
        Throws:
        javax.net.ssl.SSLException

      • newServerContext

        @Deprecated
public static SslContext newServerContext​(java.io.File certChainFile,
                                          java.io.File keyFile,
                                          java.lang.String keyPassword,
                                          java.lang.Iterable<java.lang.String> ciphers,
                                          CipherSuiteFilter cipherFilter,
                                          ApplicationProtocolConfig apn,
                                          long sessionCacheSize,
                                          long sessionTimeout)
                                   throws javax.net.ssl.SSLException
        Deprecated.
        Replaced by SslContextBuilder
        Creates a new server-side SslContext.
        Parameters:
        certChainFile - an X.509 certificate chain file in PEM format
        keyFile - a PKCS#8 private key file in PEM format
        keyPassword - the password of the keyFile. null if it's not password-protected.
        ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.
        cipherFilter - a filter to apply over the supplied list of ciphers
        apn - Provides a means to configure parameters related to application protocol negotiation.
        sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.
        sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.
        Returns:
        a new server-side SslContext
        Throws:
        javax.net.ssl.SSLException

      • newServerContext

        @Deprecated
public static SslContext newServerContext​(SslProvider provider,
                                          java.io.File certChainFile,
                                          java.io.File keyFile)
                                   throws javax.net.ssl.SSLException
        Deprecated.
        Replaced by SslContextBuilder
        Creates a new server-side SslContext.
        Parameters:
        provider - the SslContext implementation to use. null to use the current default one.
        certChainFile - an X.509 certificate chain file in PEM format
        keyFile - a PKCS#8 private key file in PEM format
        Returns:
        a new server-side SslContext
        Throws:
        javax.net.ssl.SSLException

      • newServerContext

        @Deprecated
public static SslContext newServerContext​(SslProvider provider,
                                          java.io.File certChainFile,
                                          java.io.File keyFile,
                                          java.lang.String keyPassword)
                                   throws javax.net.ssl.SSLException
        Deprecated.
        Replaced by SslContextBuilder
        Creates a new server-side SslContext.
        Parameters:
        provider - the SslContext implementation to use. null to use the current default one.
        certChainFile - an X.509 certificate chain file in PEM format
        keyFile - a PKCS#8 private key file in PEM format
        keyPassword - the password of the keyFile. null if it's not password-protected.
        Returns:
        a new server-side SslContext
        Throws:
        javax.net.ssl.SSLException

      • newServerContext

        @Deprecated
public static SslContext newServerContext​(SslProvider provider,
                                          java.io.File certChainFile,
                                          java.io.File keyFile,
                                          java.lang.String keyPassword,
                                          java.lang.Iterable<java.lang.String> ciphers,
                                          java.lang.Iterable<java.lang.String> nextProtocols,
                                          long sessionCacheSize,
                                          long sessionTimeout)
                                   throws javax.net.ssl.SSLException
        Deprecated.
        Replaced by SslContextBuilder
        Creates a new server-side SslContext.
        Parameters:
        provider - the SslContext implementation to use. null to use the current default one.
        certChainFile - an X.509 certificate chain file in PEM format
        keyFile - a PKCS#8 private key file in PEM format
        keyPassword - the password of the keyFile. null if it's not password-protected.
        ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.
        nextProtocols - the application layer protocols to accept, in the order of preference. null to disable TLS NPN/ALPN extension.
        sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.
        sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.
        Returns:
        a new server-side SslContext
        Throws:
        javax.net.ssl.SSLException

      • newServerContext

        @Deprecated
public static SslContext newServerContext​(SslProvider provider,
                                          java.io.File certChainFile,
                                          java.io.File keyFile,
                                          java.lang.String keyPassword,
                                          javax.net.ssl.TrustManagerFactory trustManagerFactory,
                                          java.lang.Iterable<java.lang.String> ciphers,
                                          java.lang.Iterable<java.lang.String> nextProtocols,
                                          long sessionCacheSize,
                                          long sessionTimeout)
                                   throws javax.net.ssl.SSLException
        Deprecated.
        Replaced by SslContextBuilder
        Creates a new server-side SslContext.
        Parameters:
        provider - the SslContext implementation to use. null to use the current default one.
        certChainFile - an X.509 certificate chain file in PEM format
        keyFile - a PKCS#8 private key file in PEM format
        keyPassword - the password of the keyFile. null if it's not password-protected.
        trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default.
        ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.
        nextProtocols - the application layer protocols to accept, in the order of preference. null to disable TLS NPN/ALPN extension.
        sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.
        sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.
        Returns:
        a new server-side SslContext
        Throws:
        javax.net.ssl.SSLException

      • newServerContext

        @Deprecated
public static SslContext newServerContext​(SslProvider provider,
                                          java.io.File certChainFile,
                                          java.io.File keyFile,
                                          java.lang.String keyPassword,
                                          java.lang.Iterable<java.lang.String> ciphers,
                                          CipherSuiteFilter cipherFilter,
                                          ApplicationProtocolConfig apn,
                                          long sessionCacheSize,
                                          long sessionTimeout)
                                   throws javax.net.ssl.SSLException
        Deprecated.
        Replaced by SslContextBuilder
        Creates a new server-side SslContext.
        Parameters:
        provider - the SslContext implementation to use. null to use the current default one.
        certChainFile - an X.509 certificate chain file in PEM format
        keyFile - a PKCS#8 private key file in PEM format
        keyPassword - the password of the keyFile. null if it's not password-protected.
        ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.
        cipherFilter - a filter to apply over the supplied list of ciphers Only required if provider is SslProvider.JDK
        apn - Provides a means to configure parameters related to application protocol negotiation.
        sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.
        sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.
        Returns:
        a new server-side SslContext
        Throws:
        javax.net.ssl.SSLException

      • newServerContext

        @Deprecated
public static SslContext newServerContext​(SslProvider provider,
                                          java.io.File trustCertCollectionFile,
                                          javax.net.ssl.TrustManagerFactory trustManagerFactory,
                                          java.io.File keyCertChainFile,
                                          java.io.File keyFile,
                                          java.lang.String keyPassword,
                                          javax.net.ssl.KeyManagerFactory keyManagerFactory,
                                          java.lang.Iterable<java.lang.String> ciphers,
                                          CipherSuiteFilter cipherFilter,
                                          ApplicationProtocolConfig apn,
                                          long sessionCacheSize,
                                          long sessionTimeout)
                                   throws javax.net.ssl.SSLException
        Deprecated.
        Replaced by SslContextBuilder
        Creates a new server-side SslContext.
        Parameters:
        provider - the SslContext implementation to use. null to use the current default one.
        trustCertCollectionFile - an X.509 certificate collection file in PEM format. This provides the certificate collection used for mutual authentication. null to use the system default
        trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from clients. null to use the default or the results of parsing trustCertCollectionFile. This parameter is ignored if provider is not SslProvider.JDK.
        keyCertChainFile - an X.509 certificate chain file in PEM format
        keyFile - a PKCS#8 private key file in PEM format
        keyPassword - the password of the keyFile. null if it's not password-protected.
        keyManagerFactory - the KeyManagerFactory that provides the KeyManagers that is used to encrypt data being sent to clients. null to use the default or the results of parsing keyCertChainFile and keyFile. This parameter is ignored if provider is not SslProvider.JDK.
        ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.
        cipherFilter - a filter to apply over the supplied list of ciphers Only required if provider is SslProvider.JDK
        apn - Provides a means to configure parameters related to application protocol negotiation.
        sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.
        sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.
        Returns:
        a new server-side SslContext
        Throws:
        javax.net.ssl.SSLException

      • newClientContext

        @Deprecated
public static SslContext newClientContext()
                                   throws javax.net.ssl.SSLException
        Deprecated.
        Replaced by SslContextBuilder
        Creates a new client-side SslContext.
        Returns:
        a new client-side SslContext
        Throws:
        javax.net.ssl.SSLException

      • newClientContext

        @Deprecated
public static SslContext newClientContext​(java.io.File certChainFile)
                                   throws javax.net.ssl.SSLException
        Deprecated.
        Replaced by SslContextBuilder
        Creates a new client-side SslContext.
        Parameters:
        certChainFile - an X.509 certificate chain file in PEM format
        Returns:
        a new client-side SslContext
        Throws:
        javax.net.ssl.SSLException

      • newClientContext

        @Deprecated
public static SslContext newClientContext​(javax.net.ssl.TrustManagerFactory trustManagerFactory)
                                   throws javax.net.ssl.SSLException
        Deprecated.
        Replaced by SslContextBuilder
        Creates a new client-side SslContext.
        Parameters:
        trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default.
        Returns:
        a new client-side SslContext
        Throws:
        javax.net.ssl.SSLException

      • newClientContext

        @Deprecated
public static SslContext newClientContext​(java.io.File certChainFile,
                                          javax.net.ssl.TrustManagerFactory trustManagerFactory)
                                   throws javax.net.ssl.SSLException
        Deprecated.
        Replaced by SslContextBuilder
        Creates a new client-side SslContext.
        Parameters:
        certChainFile - an X.509 certificate chain file in PEM format. null to use the system default
        trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default.
        Returns:
        a new client-side SslContext
        Throws:
        javax.net.ssl.SSLException

      • newClientContext

        @Deprecated
public static SslContext newClientContext​(java.io.File certChainFile,
                                          javax.net.ssl.TrustManagerFactory trustManagerFactory,
                                          java.lang.Iterable<java.lang.String> ciphers,
                                          java.lang.Iterable<java.lang.String> nextProtocols,
                                          long sessionCacheSize,
                                          long sessionTimeout)
                                   throws javax.net.ssl.SSLException
        Deprecated.
        Replaced by SslContextBuilder
        Creates a new client-side SslContext.
        Parameters:
        certChainFile - an X.509 certificate chain file in PEM format. null to use the system default
        trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default.
        ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.
        nextProtocols - the application layer protocols to accept, in the order of preference. null to disable TLS NPN/ALPN extension.
        sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.
        sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.
        Returns:
        a new client-side SslContext
        Throws:
        javax.net.ssl.SSLException

      • newClientContext

        @Deprecated
public static SslContext newClientContext​(java.io.File certChainFile,
                                          javax.net.ssl.TrustManagerFactory trustManagerFactory,
                                          java.lang.Iterable<java.lang.String> ciphers,
                                          CipherSuiteFilter cipherFilter,
                                          ApplicationProtocolConfig apn,
                                          long sessionCacheSize,
                                          long sessionTimeout)
                                   throws javax.net.ssl.SSLException
        Deprecated.
        Replaced by SslContextBuilder
        Creates a new client-side SslContext.
        Parameters:
        certChainFile - an X.509 certificate chain file in PEM format. null to use the system default
        trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default.
        ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.
        cipherFilter - a filter to apply over the supplied list of ciphers
        apn - Provides a means to configure parameters related to application protocol negotiation.
        sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.
        sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.
        Returns:
        a new client-side SslContext
        Throws:
        javax.net.ssl.SSLException

      • newClientContext

        @Deprecated
public static SslContext newClientContext​(SslProvider provider)
                                   throws javax.net.ssl.SSLException
        Deprecated.
        Replaced by SslContextBuilder
        Creates a new client-side SslContext.
        Parameters:
        provider - the SslContext implementation to use. null to use the current default one.
        Returns:
        a new client-side SslContext
        Throws:
        javax.net.ssl.SSLException

      • newClientContext

        @Deprecated
public static SslContext newClientContext​(SslProvider provider,
                                          java.io.File certChainFile)
                                   throws javax.net.ssl.SSLException
        Deprecated.
        Replaced by SslContextBuilder
        Creates a new client-side SslContext.
        Parameters:
        provider - the SslContext implementation to use. null to use the current default one.
        certChainFile - an X.509 certificate chain file in PEM format. null to use the system default
        Returns:
        a new client-side SslContext
        Throws:
        javax.net.ssl.SSLException

      • newClientContext

        @Deprecated
public static SslContext newClientContext​(SslProvider provider,
                                          javax.net.ssl.TrustManagerFactory trustManagerFactory)
                                   throws javax.net.ssl.SSLException
        Deprecated.
        Replaced by SslContextBuilder
        Creates a new client-side SslContext.
        Parameters:
        provider - the SslContext implementation to use. null to use the current default one.
        trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default.
        Returns:
        a new client-side SslContext
        Throws:
        javax.net.ssl.SSLException

      • newClientContext

        @Deprecated
public static SslContext newClientContext​(SslProvider provider,
                                          java.io.File certChainFile,
                                          javax.net.ssl.TrustManagerFactory trustManagerFactory)
                                   throws javax.net.ssl.SSLException
        Deprecated.
        Replaced by SslContextBuilder
        Creates a new client-side SslContext.
        Parameters:
        provider - the SslContext implementation to use. null to use the current default one.
        certChainFile - an X.509 certificate chain file in PEM format. null to use the system default
        trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default.
        Returns:
        a new client-side SslContext
        Throws:
        javax.net.ssl.SSLException

      • newClientContext

        @Deprecated
public static SslContext newClientContext​(SslProvider provider,
                                          java.io.File certChainFile,
                                          javax.net.ssl.TrustManagerFactory trustManagerFactory,
                                          java.lang.Iterable<java.lang.String> ciphers,
                                          java.lang.Iterable<java.lang.String> nextProtocols,
                                          long sessionCacheSize,
                                          long sessionTimeout)
                                   throws javax.net.ssl.SSLException
        Deprecated.
        Replaced by SslContextBuilder
        Creates a new client-side SslContext.
        Parameters:
        provider - the SslContext implementation to use. null to use the current default one.
        certChainFile - an X.509 certificate chain file in PEM format. null to use the system default
        trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default.
        ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.
        nextProtocols - the application layer protocols to accept, in the order of preference. null to disable TLS NPN/ALPN extension.
        sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.
        sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.
        Returns:
        a new client-side SslContext
        Throws:
        javax.net.ssl.SSLException

      • newClientContext

        @Deprecated
public static SslContext newClientContext​(SslProvider provider,
                                          java.io.File certChainFile,
                                          javax.net.ssl.TrustManagerFactory trustManagerFactory,
                                          java.lang.Iterable<java.lang.String> ciphers,
                                          CipherSuiteFilter cipherFilter,
                                          ApplicationProtocolConfig apn,
                                          long sessionCacheSize,
                                          long sessionTimeout)
                                   throws javax.net.ssl.SSLException
        Deprecated.
        Replaced by SslContextBuilder
        Creates a new client-side SslContext.
        Parameters:
        provider - the SslContext implementation to use. null to use the current default one.
        certChainFile - an X.509 certificate chain file in PEM format. null to use the system default
        trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default.
        ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.
        cipherFilter - a filter to apply over the supplied list of ciphers
        apn - Provides a means to configure parameters related to application protocol negotiation.
        sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.
        sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.
        Returns:
        a new client-side SslContext
        Throws:
        javax.net.ssl.SSLException

      • newClientContext

        @Deprecated
public static SslContext newClientContext​(SslProvider provider,
                                          java.io.File trustCertCollectionFile,
                                          javax.net.ssl.TrustManagerFactory trustManagerFactory,
                                          java.io.File keyCertChainFile,
                                          java.io.File keyFile,
                                          java.lang.String keyPassword,
                                          javax.net.ssl.KeyManagerFactory keyManagerFactory,
                                          java.lang.Iterable<java.lang.String> ciphers,
                                          CipherSuiteFilter cipherFilter,
                                          ApplicationProtocolConfig apn,
                                          long sessionCacheSize,
                                          long sessionTimeout)
                                   throws javax.net.ssl.SSLException
        Deprecated.
        Replaced by SslContextBuilder
        Creates a new client-side SslContext.
        Parameters:
        provider - the SslContext implementation to use. null to use the current default one.
        trustCertCollectionFile - an X.509 certificate collection file in PEM format. null to use the system default
        trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default or the results of parsing trustCertCollectionFile. This parameter is ignored if provider is not SslProvider.JDK.
        keyCertChainFile - an X.509 certificate chain file in PEM format. This provides the public key for mutual authentication. null to use the system default
        keyFile - a PKCS#8 private key file in PEM format. This provides the private key for mutual authentication. null for no mutual authentication.
        keyPassword - the password of the keyFile. null if it's not password-protected. Ignored if keyFile is null.
        keyManagerFactory - the KeyManagerFactory that provides the KeyManagers that is used to encrypt data being sent to servers. null to use the default or the results of parsing keyCertChainFile and keyFile. This parameter is ignored if provider is not SslProvider.JDK.
        ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.
        cipherFilter - a filter to apply over the supplied list of ciphers
        apn - Provides a means to configure parameters related to application protocol negotiation.
        sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.
        sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.
        Returns:
        a new client-side SslContext
        Throws:
        javax.net.ssl.SSLException

      • isServer

        public final boolean isServer()
        Returns true if and only if this context is for server-side.

      • isClient

        public abstract boolean isClient()
        Returns the true if and only if this context is for client-side.

      • cipherSuites

        public abstract java.util.List<java.lang.String> cipherSuites()
        Returns the list of enabled cipher suites, in the order of preference.

      • sessionCacheSize

        public long sessionCacheSize()
        Returns the size of the cache used for storing SSL session objects.

      • sessionTimeout

        public long sessionTimeout()
        Returns the timeout for the cached SSL session objects, in seconds.

      • applicationProtocolNegotiator

        public abstract ApplicationProtocolNegotiator applicationProtocolNegotiator()
        Returns the object responsible for negotiating application layer protocols for the TLS NPN/ALPN extensions.

      • newEngine

        public abstract javax.net.ssl.SSLEngine newEngine​(ByteBufAllocator alloc,
                                                  java.lang.String peerHost,
                                                  int peerPort)
        Creates a new SSLEngine using advisory peer information.

        If SslProvider.OPENSSL_REFCNT is used then the object must be released. One way to do this is to wrap in a SslHandler and insert it into a pipeline. See newHandler(ByteBufAllocator, String, int).

        Parameters:
        peerHost - the non-authoritative name of the host
        peerPort - the non-authoritative port
        Returns:
        a new SSLEngine

      • sessionContext

        public abstract javax.net.ssl.SSLSessionContext sessionContext()
        Returns the SSLSessionContext object held by this context.

      • newHandler

        public SslHandler newHandler​(ByteBufAllocator alloc,
                             java.util.concurrent.Executor delegatedTaskExecutor)
        Creates a new SslHandler.

        If SslProvider.OPENSSL_REFCNT is used then the returned SslHandler will release the engine that is wrapped. If the returned SslHandler is not inserted into a pipeline then you may leak native memory!

        Beware: the underlying generated SSLEngine won't have hostname verification enabled by default. If you create SslHandler for the client side and want proper security, we advice that you configure the SSLEngine (see SSLParameters.setEndpointIdentificationAlgorithm(String)): 

         SSLEngine sslEngine = sslHandler.engine();
 SSLParameters sslParameters = sslEngine.getSSLParameters();
 // only available since Java 7
 sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
 sslEngine.setSSLParameters(sslParameters);

        The underlying SSLEngine may not follow the restrictions imposed by the SSLEngine javadocs which limits wrap/unwrap to operate on a single SSL/TLS packet.

        Parameters:
        alloc - If supported by the SSLEngine then the SSLEngine will use this to allocate ByteBuf objects.
        delegatedTaskExecutor - the Executor that will be used to execute tasks that are returned by SSLEngine.getDelegatedTask().
        Returns:
        a new SslHandler

      • newHandler

        public SslHandler newHandler​(ByteBufAllocator alloc,
                             java.lang.String peerHost,
                             int peerPort,
                             java.util.concurrent.Executor delegatedTaskExecutor)
        Creates a new SslHandler with advisory peer information.

        If SslProvider.OPENSSL_REFCNT is used then the returned SslHandler will release the engine that is wrapped. If the returned SslHandler is not inserted into a pipeline then you may leak native memory!

        Beware: the underlying generated SSLEngine won't have hostname verification enabled by default. If you create SslHandler for the client side and want proper security, we advice that you configure the SSLEngine (see SSLParameters.setEndpointIdentificationAlgorithm(String)): 

         SSLEngine sslEngine = sslHandler.engine();
 SSLParameters sslParameters = sslEngine.getSSLParameters();
 // only available since Java 7
 sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
 sslEngine.setSSLParameters(sslParameters);

        The underlying SSLEngine may not follow the restrictions imposed by the SSLEngine javadocs which limits wrap/unwrap to operate on a single SSL/TLS packet.

        Parameters:
        alloc - If supported by the SSLEngine then the SSLEngine will use this to allocate ByteBuf objects.
        peerHost - the non-authoritative name of the host
        peerPort - the non-authoritative port
        delegatedTaskExecutor - the Executor that will be used to execute tasks that are returned by SSLEngine.getDelegatedTask().
        Returns:
        a new SslHandler

      • newHandler

        protected SslHandler newHandler​(ByteBufAllocator alloc,
                                java.lang.String peerHost,
                                int peerPort,
                                boolean startTls,
                                java.util.concurrent.Executor delegatedTaskExecutor)

      • generateKeySpec

        @Deprecated
protected static java.security.spec.PKCS8EncodedKeySpec generateKeySpec​(char[] password,
                                                                        byte[] key)
                                                                 throws java.io.IOException,
                                                                        java.security.NoSuchAlgorithmException,
                                                                        javax.crypto.NoSuchPaddingException,
                                                                        java.security.spec.InvalidKeySpecException,
                                                                        java.security.InvalidKeyException,
                                                                        java.security.InvalidAlgorithmParameterException
        Deprecated.
        Generates a key specification for an (encrypted) private key.
        Parameters:
        password - characters, if null an unencrypted key is assumed
        key - bytes of the DER encoded private key
        Returns:
        a key specification
        Throws:
        java.io.IOException - if parsing key fails
        java.security.NoSuchAlgorithmException - if the algorithm used to encrypt key is unknown
        javax.crypto.NoSuchPaddingException - if the padding scheme specified in the decryption algorithm is unknown
        java.security.spec.InvalidKeySpecException - if the decryption key based on password cannot be generated
        java.security.InvalidKeyException - if the decryption key based on password cannot be used to decrypt key
        java.security.InvalidAlgorithmParameterException - if decryption algorithm parameters are somehow faulty

      • buildKeyStore

        protected static java.security.KeyStore buildKeyStore​(java.security.cert.X509Certificate[] certChain,
                                                      java.security.PrivateKey key,
                                                      char[] keyPasswordChars,
                                                      java.lang.String keyStoreType)
                                               throws java.security.KeyStoreException,
                                                      java.security.NoSuchAlgorithmException,
                                                      java.security.cert.CertificateException,
                                                      java.io.IOException
        Generates a new KeyStore.
        Parameters:
        certChain - an X.509 certificate chain
        key - a PKCS#8 private key
        keyPasswordChars - the password of the keyFile. null if it's not password-protected.
        keyStoreType - The KeyStore Type you want to use
        Returns:
        generated KeyStore.
        Throws:
        java.security.KeyStoreException
        java.security.NoSuchAlgorithmException
        java.security.cert.CertificateException
        java.io.IOException

      • toPrivateKey

        protected static java.security.PrivateKey toPrivateKey​(java.io.File keyFile,
                                                       java.lang.String keyPassword)
                                                throws java.security.NoSuchAlgorithmException,
                                                       javax.crypto.NoSuchPaddingException,
                                                       java.security.spec.InvalidKeySpecException,
                                                       java.security.InvalidAlgorithmParameterException,
                                                       java.security.KeyException,
                                                       java.io.IOException
        Throws:
        java.security.NoSuchAlgorithmException
        javax.crypto.NoSuchPaddingException
        java.security.spec.InvalidKeySpecException
        java.security.InvalidAlgorithmParameterException
        java.security.KeyException
        java.io.IOException

      • toPrivateKey

        protected static java.security.PrivateKey toPrivateKey​(java.io.InputStream keyInputStream,
                                                       java.lang.String keyPassword)
                                                throws java.security.NoSuchAlgorithmException,
                                                       javax.crypto.NoSuchPaddingException,
                                                       java.security.spec.InvalidKeySpecException,
                                                       java.security.InvalidAlgorithmParameterException,
                                                       java.security.KeyException,
                                                       java.io.IOException
        Throws:
        java.security.NoSuchAlgorithmException
        javax.crypto.NoSuchPaddingException
        java.security.spec.InvalidKeySpecException
        java.security.InvalidAlgorithmParameterException
        java.security.KeyException
        java.io.IOException

      • buildTrustManagerFactory

        @Deprecated
protected static javax.net.ssl.TrustManagerFactory buildTrustManagerFactory​(java.io.File certChainFile,
                                                                            javax.net.ssl.TrustManagerFactory trustManagerFactory)
                                                                     throws java.security.NoSuchAlgorithmException,
                                                                            java.security.cert.CertificateException,
                                                                            java.security.KeyStoreException,
                                                                            java.io.IOException
        Deprecated.
        Build a TrustManagerFactory from a certificate chain file.
        Parameters:
        certChainFile - The certificate file to build from.
        trustManagerFactory - The existing TrustManagerFactory that will be used if not null.
        Returns:
        A TrustManagerFactory which contains the certificates in certChainFile
        Throws:
        java.security.NoSuchAlgorithmException
        java.security.cert.CertificateException
        java.security.KeyStoreException
        java.io.IOException

      • buildTrustManagerFactory

        protected static javax.net.ssl.TrustManagerFactory buildTrustManagerFactory​(java.io.File certChainFile,
                                                                            javax.net.ssl.TrustManagerFactory trustManagerFactory,
                                                                            java.lang.String keyType)
                                                                     throws java.security.NoSuchAlgorithmException,
                                                                            java.security.cert.CertificateException,
                                                                            java.security.KeyStoreException,
                                                                            java.io.IOException
        Build a TrustManagerFactory from a certificate chain file.
        Parameters:
        certChainFile - The certificate file to build from.
        trustManagerFactory - The existing TrustManagerFactory that will be used if not null.
        keyType - The KeyStore Type you want to use
        Returns:
        A TrustManagerFactory which contains the certificates in certChainFile
        Throws:
        java.security.NoSuchAlgorithmException
        java.security.cert.CertificateException
        java.security.KeyStoreException
        java.io.IOException

      • toX509Certificates

        protected static java.security.cert.X509Certificate[] toX509Certificates​(java.io.File file)
                                                                  throws java.security.cert.CertificateException
        Throws:
        java.security.cert.CertificateException

      • toX509Certificates

        protected static java.security.cert.X509Certificate[] toX509Certificates​(java.io.InputStream in)
                                                                  throws java.security.cert.CertificateException
        Throws:
        java.security.cert.CertificateException

      • buildTrustManagerFactory

        protected static javax.net.ssl.TrustManagerFactory buildTrustManagerFactory​(java.security.cert.X509Certificate[] certCollection,
                                                                            javax.net.ssl.TrustManagerFactory trustManagerFactory,
                                                                            java.lang.String keyStoreType)
                                                                     throws java.security.NoSuchAlgorithmException,
                                                                            java.security.cert.CertificateException,
                                                                            java.security.KeyStoreException,
                                                                            java.io.IOException
        Throws:
        java.security.NoSuchAlgorithmException
        java.security.cert.CertificateException
        java.security.KeyStoreException
        java.io.IOException

      • buildKeyManagerFactory

        protected static javax.net.ssl.KeyManagerFactory buildKeyManagerFactory​(java.security.cert.X509Certificate[] certChainFile,
                                                                        java.lang.String keyAlgorithm,
                                                                        java.security.PrivateKey key,
                                                                        java.lang.String keyPassword,
                                                                        javax.net.ssl.KeyManagerFactory kmf,
                                                                        java.lang.String keyStore)
                                                                 throws java.security.KeyStoreException,
                                                                        java.security.NoSuchAlgorithmException,
                                                                        java.io.IOException,
                                                                        java.security.cert.CertificateException,
                                                                        java.security.UnrecoverableKeyException
        Throws:
        java.security.KeyStoreException
        java.security.NoSuchAlgorithmException
        java.io.IOException
        java.security.cert.CertificateException
        java.security.UnrecoverableKeyException