Module io.netty5.handler

Package io.netty5.handler.ssl

Class SslContext

java.lang.Object

io.netty5.handler.ssl.SslContext

Direct Known Subclasses:

DelegatingSslContext, JdkSslContext, ReferenceCountedOpenSslContext

public abstract class SslContext
extends Object

A secure socket protocol implementation which acts as a factory for SSLEngine and SslHandler. Internally, it is implemented via JDK's SSLContext or OpenSSL's SSL_CTX.

Making your server support SSL/TLS

 // In your ChannelInitializer:
 ChannelPipeline p = channel.pipeline();
 SslContext sslCtx = SslContextBuilder.forServer(...).build();
 p.addLast("ssl", sslCtx.newHandler(channel.alloc()));
 ...
 

Making your client support SSL/TLS

 // In your ChannelInitializer:
 ChannelPipeline p = channel.pipeline();
 SslContext sslCtx = SslContextBuilder.forClient().build();
 p.addLast("ssl", sslCtx.newHandler(channel.alloc(), host, port));
 ...
 

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	SslContext()	Creates a new instance (startTls set to false).
protected	SslContext(boolean startTls)	Creates a new instance.

Method Summary

Modifier and Type	Method	Description
abstract ApplicationProtocolNegotiator	applicationProtocolNegotiator()	Returns the object responsible for negotiating application layer protocols for the TLS NPN/ALPN extensions.
AttributeMap	attributes()	Returns the AttributeMap that belongs to this SslContext .
protected static KeyManagerFactory	buildKeyManagerFactory(X509Certificate[] certChainFile, String keyAlgorithm, PrivateKey key, String keyPassword, KeyManagerFactory kmf, String keyStore)
protected static KeyStore	buildKeyStore(X509Certificate[] certChain, PrivateKey key, char[] keyPasswordChars, String keyStoreType)	Generates a new KeyStore.
protected static TrustManagerFactory	buildTrustManagerFactory(File certChainFile, TrustManagerFactory trustManagerFactory)	Deprecated.
protected static TrustManagerFactory	buildTrustManagerFactory(File certChainFile, TrustManagerFactory trustManagerFactory, String keyType)	Build a TrustManagerFactory from a certificate chain file.
protected static TrustManagerFactory	buildTrustManagerFactory(X509Certificate[] certCollection, TrustManagerFactory trustManagerFactory, String keyStoreType)
abstract List<String>	cipherSuites()	Returns the list of enabled cipher suites, in the order of preference.
static SslProvider	defaultClientProvider()	Returns the default client-side implementation provider currently in use.
static SslProvider	defaultServerProvider()	Returns the default server-side implementation provider currently in use.
protected static PKCS8EncodedKeySpec	generateKeySpec(char[] password, byte[] key)	Deprecated.
abstract boolean	isClient()	Returns the true if and only if this context is for client-side.
boolean	isServer()	Returns true if and only if this context is for server-side.
static SslContext	newClientContext()	Deprecated. Replaced by SslContextBuilder
static SslContext	newClientContext(SslProvider provider)	Deprecated. Replaced by SslContextBuilder
static SslContext	newClientContext(SslProvider provider, File certChainFile)	Deprecated. Replaced by SslContextBuilder
static SslContext	newClientContext(SslProvider provider, File certChainFile, TrustManagerFactory trustManagerFactory)	Deprecated. Replaced by SslContextBuilder
static SslContext	newClientContext(SslProvider provider, File trustCertCollectionFile, TrustManagerFactory trustManagerFactory, File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout)	Deprecated. Replaced by SslContextBuilder
static SslContext	newClientContext(SslProvider provider, File certChainFile, TrustManagerFactory trustManagerFactory, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout)	Deprecated. Replaced by SslContextBuilder
static SslContext	newClientContext(SslProvider provider, File certChainFile, TrustManagerFactory trustManagerFactory, Iterable<String> ciphers, Iterable<String> nextProtocols, long sessionCacheSize, long sessionTimeout)	Deprecated. Replaced by SslContextBuilder
static SslContext	newClientContext(SslProvider provider, TrustManagerFactory trustManagerFactory)	Deprecated. Replaced by SslContextBuilder
static SslContext	newClientContext(File certChainFile)	Deprecated. Replaced by SslContextBuilder
static SslContext	newClientContext(File certChainFile, TrustManagerFactory trustManagerFactory)	Deprecated. Replaced by SslContextBuilder
static SslContext	newClientContext(File certChainFile, TrustManagerFactory trustManagerFactory, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout)	Deprecated. Replaced by SslContextBuilder
static SslContext	newClientContext(File certChainFile, TrustManagerFactory trustManagerFactory, Iterable<String> ciphers, Iterable<String> nextProtocols, long sessionCacheSize, long sessionTimeout)	Deprecated. Replaced by SslContextBuilder
static SslContext	newClientContext(TrustManagerFactory trustManagerFactory)	Deprecated. Replaced by SslContextBuilder
abstract SSLEngine	newEngine(BufferAllocator alloc)	Creates a new SSLEngine.
abstract SSLEngine	newEngine(BufferAllocator alloc, String peerHost, int peerPort)	Creates a new SSLEngine using advisory peer information.
SslHandler	newHandler(BufferAllocator alloc)	Create a new SslHandler.
protected SslHandler	newHandler(BufferAllocator alloc, boolean startTls)	Create a new SslHandler.
protected SslHandler	newHandler(BufferAllocator alloc, boolean startTls, Executor executor)	Create a new SslHandler.
SslHandler	newHandler(BufferAllocator alloc, String peerHost, int peerPort)	Creates a new SslHandler
protected SslHandler	newHandler(BufferAllocator alloc, String peerHost, int peerPort, boolean startTls)	Create a new SslHandler.
protected SslHandler	newHandler(BufferAllocator alloc, String peerHost, int peerPort, boolean startTls, Executor delegatedTaskExecutor)
SslHandler	newHandler(BufferAllocator alloc, String peerHost, int peerPort, Executor delegatedTaskExecutor)	Creates a new SslHandler with advisory peer information.
SslHandler	newHandler(BufferAllocator alloc, Executor delegatedTaskExecutor)	Creates a new SslHandler.
static SslContext	newServerContext(SslProvider provider, File certChainFile, File keyFile)	Deprecated. Replaced by SslContextBuilder
static SslContext	newServerContext(SslProvider provider, File certChainFile, File keyFile, String keyPassword)	Deprecated. Replaced by SslContextBuilder
static SslContext	newServerContext(SslProvider provider, File certChainFile, File keyFile, String keyPassword, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout)	Deprecated. Replaced by SslContextBuilder
static SslContext	newServerContext(SslProvider provider, File certChainFile, File keyFile, String keyPassword, Iterable<String> ciphers, Iterable<String> nextProtocols, long sessionCacheSize, long sessionTimeout)	Deprecated. Replaced by SslContextBuilder
static SslContext	newServerContext(SslProvider provider, File certChainFile, File keyFile, String keyPassword, TrustManagerFactory trustManagerFactory, Iterable<String> ciphers, Iterable<String> nextProtocols, long sessionCacheSize, long sessionTimeout)	Deprecated. Replaced by SslContextBuilder
static SslContext	newServerContext(SslProvider provider, File trustCertCollectionFile, TrustManagerFactory trustManagerFactory, File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout)	Deprecated. Replaced by SslContextBuilder
static SslContext	newServerContext(File certChainFile, File keyFile)	Deprecated. Replaced by SslContextBuilder
static SslContext	newServerContext(File certChainFile, File keyFile, String keyPassword)	Deprecated. Replaced by SslContextBuilder
static SslContext	newServerContext(File certChainFile, File keyFile, String keyPassword, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout)	Deprecated. Replaced by SslContextBuilder
static SslContext	newServerContext(File certChainFile, File keyFile, String keyPassword, Iterable<String> ciphers, Iterable<String> nextProtocols, long sessionCacheSize, long sessionTimeout)	Deprecated. Replaced by SslContextBuilder
List<String>	nextProtocols()	Deprecated. Use applicationProtocolNegotiator() instead.
long	sessionCacheSize()	Returns the size of the cache used for storing SSL session objects.
abstract SSLSessionContext	sessionContext()	Returns the SSLSessionContext object held by this context.
long	sessionTimeout()	Returns the timeout for the cached SSL session objects, in seconds.
protected static PrivateKey	toPrivateKey(File keyFile, String keyPassword)
protected static PrivateKey	toPrivateKey(InputStream keyInputStream, String keyPassword)
protected static X509Certificate[]	toX509Certificates(File file)
protected static X509Certificate[]	toX509Certificates(InputStream in)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SslContext

protected SslContext()

Creates a new instance (startTls set to false).

SslContext

protected SslContext(boolean startTls)

Creates a new instance.

Method Detail

defaultServerProvider

public static SslProvider defaultServerProvider()

Returns the default server-side implementation provider currently in use.

Returns:

SslProvider.OPENSSL if OpenSSL is available. SslProvider.JDK otherwise.

defaultClientProvider

public static SslProvider defaultClientProvider()

Returns the default client-side implementation provider currently in use.

Returns:

SslProvider.OPENSSL if OpenSSL is available. SslProvider.JDK otherwise.

newServerContext

@Deprecated
public static SslContext newServerContext(File certChainFile,
                                          File keyFile)
                                   throws SSLException

Deprecated.

Replaced by SslContextBuilder

Creates a new server-side SslContext.

Parameters:

certChainFile - an X.509 certificate chain file in PEM format

keyFile - a PKCS#8 private key file in PEM format

Returns:

a new server-side SslContext

Throws:

SSLException

newServerContext

@Deprecated
public static SslContext newServerContext(File certChainFile,
                                          File keyFile,
                                          String keyPassword)
                                   throws SSLException

Deprecated.

Replaced by SslContextBuilder

Creates a new server-side SslContext.

Parameters:

certChainFile - an X.509 certificate chain file in PEM format

keyFile - a PKCS#8 private key file in PEM format

keyPassword - the password of the keyFile. null if it's not password-protected.

Returns:

a new server-side SslContext

Throws:

SSLException

newServerContext

@Deprecated
public static SslContext newServerContext(File certChainFile,
                                          File keyFile,
                                          String keyPassword,
                                          Iterable<String> ciphers,
                                          Iterable<String> nextProtocols,
                                          long sessionCacheSize,
                                          long sessionTimeout)
                                   throws SSLException

Deprecated.

Replaced by SslContextBuilder

Creates a new server-side SslContext.

Parameters:

certChainFile - an X.509 certificate chain file in PEM format

keyFile - a PKCS#8 private key file in PEM format

keyPassword - the password of the keyFile. null if it's not password-protected.

ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.

nextProtocols - the application layer protocols to accept, in the order of preference. null to disable TLS NPN/ALPN extension.

sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.

sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.

Returns:

a new server-side SslContext

Throws:

SSLException

newServerContext

@Deprecated
public static SslContext newServerContext(File certChainFile,
                                          File keyFile,
                                          String keyPassword,
                                          Iterable<String> ciphers,
                                          CipherSuiteFilter cipherFilter,
                                          ApplicationProtocolConfig apn,
                                          long sessionCacheSize,
                                          long sessionTimeout)
                                   throws SSLException

Deprecated.

Replaced by SslContextBuilder

Creates a new server-side SslContext.

Parameters:

certChainFile - an X.509 certificate chain file in PEM format

keyFile - a PKCS#8 private key file in PEM format

keyPassword - the password of the keyFile. null if it's not password-protected.

ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.

cipherFilter - a filter to apply over the supplied list of ciphers

apn - Provides a means to configure parameters related to application protocol negotiation.

sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.

sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.

Returns:

a new server-side SslContext

Throws:

SSLException

newServerContext

@Deprecated
public static SslContext newServerContext(SslProvider provider,
                                          File certChainFile,
                                          File keyFile)
                                   throws SSLException

Deprecated.

Replaced by SslContextBuilder

Creates a new server-side SslContext.

Parameters:

provider - the SslContext implementation to use. null to use the current default one.

certChainFile - an X.509 certificate chain file in PEM format

keyFile - a PKCS#8 private key file in PEM format

Returns:

a new server-side SslContext

Throws:

SSLException

newServerContext

@Deprecated
public static SslContext newServerContext(SslProvider provider,
                                          File certChainFile,
                                          File keyFile,
                                          String keyPassword)
                                   throws SSLException

Deprecated.

Replaced by SslContextBuilder

Creates a new server-side SslContext.

Parameters:

provider - the SslContext implementation to use. null to use the current default one.

certChainFile - an X.509 certificate chain file in PEM format

keyFile - a PKCS#8 private key file in PEM format

keyPassword - the password of the keyFile. null if it's not password-protected.

Returns:

a new server-side SslContext

Throws:

SSLException

newServerContext

@Deprecated
public static SslContext newServerContext(SslProvider provider,
                                          File certChainFile,
                                          File keyFile,
                                          String keyPassword,
                                          Iterable<String> ciphers,
                                          Iterable<String> nextProtocols,
                                          long sessionCacheSize,
                                          long sessionTimeout)
                                   throws SSLException

Deprecated.

Replaced by SslContextBuilder

Creates a new server-side SslContext.

Parameters:

provider - the SslContext implementation to use. null to use the current default one.

certChainFile - an X.509 certificate chain file in PEM format

keyFile - a PKCS#8 private key file in PEM format

keyPassword - the password of the keyFile. null if it's not password-protected.

ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.

nextProtocols - the application layer protocols to accept, in the order of preference. null to disable TLS NPN/ALPN extension.

sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.

sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.

Returns:

a new server-side SslContext

Throws:

SSLException

newServerContext

@Deprecated
public static SslContext newServerContext(SslProvider provider,
                                          File certChainFile,
                                          File keyFile,
                                          String keyPassword,
                                          TrustManagerFactory trustManagerFactory,
                                          Iterable<String> ciphers,
                                          Iterable<String> nextProtocols,
                                          long sessionCacheSize,
                                          long sessionTimeout)
                                   throws SSLException

Deprecated.

Replaced by SslContextBuilder

Creates a new server-side SslContext.

Parameters:

provider - the SslContext implementation to use. null to use the current default one.

certChainFile - an X.509 certificate chain file in PEM format

keyFile - a PKCS#8 private key file in PEM format

keyPassword - the password of the keyFile. null if it's not password-protected.

trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default.

ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.

nextProtocols - the application layer protocols to accept, in the order of preference. null to disable TLS NPN/ALPN extension.

sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.

sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.

Returns:

a new server-side SslContext

Throws:

SSLException

newServerContext

@Deprecated
public static SslContext newServerContext(SslProvider provider,
                                          File certChainFile,
                                          File keyFile,
                                          String keyPassword,
                                          Iterable<String> ciphers,
                                          CipherSuiteFilter cipherFilter,
                                          ApplicationProtocolConfig apn,
                                          long sessionCacheSize,
                                          long sessionTimeout)
                                   throws SSLException

Deprecated.

Replaced by SslContextBuilder

Creates a new server-side SslContext.

Parameters:

provider - the SslContext implementation to use. null to use the current default one.

certChainFile - an X.509 certificate chain file in PEM format

keyFile - a PKCS#8 private key file in PEM format

keyPassword - the password of the keyFile. null if it's not password-protected.

ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.

cipherFilter - a filter to apply over the supplied list of ciphers Only required if provider is SslProvider.JDK

apn - Provides a means to configure parameters related to application protocol negotiation.

sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.

sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.

Returns:

a new server-side SslContext

Throws:

SSLException

newServerContext

@Deprecated
public static SslContext newServerContext(SslProvider provider,
                                          File trustCertCollectionFile,
                                          TrustManagerFactory trustManagerFactory,
                                          File keyCertChainFile,
                                          File keyFile,
                                          String keyPassword,
                                          KeyManagerFactory keyManagerFactory,
                                          Iterable<String> ciphers,
                                          CipherSuiteFilter cipherFilter,
                                          ApplicationProtocolConfig apn,
                                          long sessionCacheSize,
                                          long sessionTimeout)
                                   throws SSLException

Deprecated.

Replaced by SslContextBuilder

Creates a new server-side SslContext.

Parameters:

provider - the SslContext implementation to use. null to use the current default one.

trustCertCollectionFile - an X.509 certificate collection file in PEM format. This provides the certificate collection used for mutual authentication. null to use the system default

trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from clients. null to use the default or the results of parsing trustCertCollectionFile. This parameter is ignored if provider is not SslProvider.JDK.

keyCertChainFile - an X.509 certificate chain file in PEM format

keyFile - a PKCS#8 private key file in PEM format

keyPassword - the password of the keyFile. null if it's not password-protected.

keyManagerFactory - the KeyManagerFactory that provides the KeyManagers that is used to encrypt data being sent to clients. null to use the default or the results of parsing keyCertChainFile and keyFile. This parameter is ignored if provider is not SslProvider.JDK.

ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.

cipherFilter - a filter to apply over the supplied list of ciphers Only required if provider is SslProvider.JDK

apn - Provides a means to configure parameters related to application protocol negotiation.

sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.

sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.

Returns:

a new server-side SslContext

Throws:

SSLException

newClientContext

@Deprecated
public static SslContext newClientContext()
                                   throws SSLException

Deprecated.

Replaced by SslContextBuilder

Creates a new client-side SslContext.

Returns:

a new client-side SslContext

Throws:

SSLException

newClientContext

@Deprecated
public static SslContext newClientContext(File certChainFile)
                                   throws SSLException

Deprecated.

Replaced by SslContextBuilder

Creates a new client-side SslContext.

Parameters:

certChainFile - an X.509 certificate chain file in PEM format

Returns:

a new client-side SslContext

Throws:

SSLException

newClientContext

@Deprecated
public static SslContext newClientContext(TrustManagerFactory trustManagerFactory)
                                   throws SSLException

Deprecated.

Replaced by SslContextBuilder

Creates a new client-side SslContext.

Parameters:

trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default.

Returns:

a new client-side SslContext

Throws:

SSLException

newClientContext

@Deprecated
public static SslContext newClientContext(File certChainFile,
                                          TrustManagerFactory trustManagerFactory)
                                   throws SSLException

Deprecated.

Replaced by SslContextBuilder

Creates a new client-side SslContext.

Parameters:

certChainFile - an X.509 certificate chain file in PEM format. null to use the system default

trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default.

Returns:

a new client-side SslContext

Throws:

SSLException

newClientContext

@Deprecated
public static SslContext newClientContext(File certChainFile,
                                          TrustManagerFactory trustManagerFactory,
                                          Iterable<String> ciphers,
                                          Iterable<String> nextProtocols,
                                          long sessionCacheSize,
                                          long sessionTimeout)
                                   throws SSLException

Deprecated.

Replaced by SslContextBuilder

Creates a new client-side SslContext.

Parameters:

certChainFile - an X.509 certificate chain file in PEM format. null to use the system default

trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default.

ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.

nextProtocols - the application layer protocols to accept, in the order of preference. null to disable TLS NPN/ALPN extension.

sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.

sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.

Returns:

a new client-side SslContext

Throws:

SSLException

newClientContext

@Deprecated
public static SslContext newClientContext(File certChainFile,
                                          TrustManagerFactory trustManagerFactory,
                                          Iterable<String> ciphers,
                                          CipherSuiteFilter cipherFilter,
                                          ApplicationProtocolConfig apn,
                                          long sessionCacheSize,
                                          long sessionTimeout)
                                   throws SSLException

Deprecated.

Replaced by SslContextBuilder

Creates a new client-side SslContext.

Parameters:

certChainFile - an X.509 certificate chain file in PEM format. null to use the system default

trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default.

ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.

cipherFilter - a filter to apply over the supplied list of ciphers

apn - Provides a means to configure parameters related to application protocol negotiation.

sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.

sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.

Returns:

a new client-side SslContext

Throws:

SSLException

newClientContext

@Deprecated
public static SslContext newClientContext(SslProvider provider)
                                   throws SSLException

Deprecated.

Replaced by SslContextBuilder

Creates a new client-side SslContext.

Parameters:

provider - the SslContext implementation to use. null to use the current default one.

Returns:

a new client-side SslContext

Throws:

SSLException

newClientContext

@Deprecated
public static SslContext newClientContext(SslProvider provider,
                                          File certChainFile)
                                   throws SSLException

Deprecated.

Replaced by SslContextBuilder

Creates a new client-side SslContext.

Parameters:

provider - the SslContext implementation to use. null to use the current default one.

certChainFile - an X.509 certificate chain file in PEM format. null to use the system default

Returns:

a new client-side SslContext

Throws:

SSLException

newClientContext

@Deprecated
public static SslContext newClientContext(SslProvider provider,
                                          TrustManagerFactory trustManagerFactory)
                                   throws SSLException

Deprecated.

Replaced by SslContextBuilder

Creates a new client-side SslContext.

Parameters:

provider - the SslContext implementation to use. null to use the current default one.

trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default.

Returns:

a new client-side SslContext

Throws:

SSLException

newClientContext

@Deprecated
public static SslContext newClientContext(SslProvider provider,
                                          File certChainFile,
                                          TrustManagerFactory trustManagerFactory)
                                   throws SSLException

Deprecated.

Replaced by SslContextBuilder

Creates a new client-side SslContext.

Parameters:

provider - the SslContext implementation to use. null to use the current default one.

certChainFile - an X.509 certificate chain file in PEM format. null to use the system default

trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default.

Returns:

a new client-side SslContext

Throws:

SSLException

newClientContext

@Deprecated
public static SslContext newClientContext(SslProvider provider,
                                          File certChainFile,
                                          TrustManagerFactory trustManagerFactory,
                                          Iterable<String> ciphers,
                                          Iterable<String> nextProtocols,
                                          long sessionCacheSize,
                                          long sessionTimeout)
                                   throws SSLException

Deprecated.

Replaced by SslContextBuilder

Creates a new client-side SslContext.

Parameters:

provider - the SslContext implementation to use. null to use the current default one.

certChainFile - an X.509 certificate chain file in PEM format. null to use the system default

trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default.

ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.

nextProtocols - the application layer protocols to accept, in the order of preference. null to disable TLS NPN/ALPN extension.

sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.

sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.

Returns:

a new client-side SslContext

Throws:

SSLException

newClientContext

@Deprecated
public static SslContext newClientContext(SslProvider provider,
                                          File certChainFile,
                                          TrustManagerFactory trustManagerFactory,
                                          Iterable<String> ciphers,
                                          CipherSuiteFilter cipherFilter,
                                          ApplicationProtocolConfig apn,
                                          long sessionCacheSize,
                                          long sessionTimeout)
                                   throws SSLException

Deprecated.

Replaced by SslContextBuilder

Creates a new client-side SslContext.

Parameters:

provider - the SslContext implementation to use. null to use the current default one.

certChainFile - an X.509 certificate chain file in PEM format. null to use the system default

trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default.

ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.

cipherFilter - a filter to apply over the supplied list of ciphers

apn - Provides a means to configure parameters related to application protocol negotiation.

sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.

sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.

Returns:

a new client-side SslContext

Throws:

SSLException

newClientContext

@Deprecated
public static SslContext newClientContext(SslProvider provider,
                                          File trustCertCollectionFile,
                                          TrustManagerFactory trustManagerFactory,
                                          File keyCertChainFile,
                                          File keyFile,
                                          String keyPassword,
                                          KeyManagerFactory keyManagerFactory,
                                          Iterable<String> ciphers,
                                          CipherSuiteFilter cipherFilter,
                                          ApplicationProtocolConfig apn,
                                          long sessionCacheSize,
                                          long sessionTimeout)
                                   throws SSLException

Deprecated.

Replaced by SslContextBuilder

Creates a new client-side SslContext.

Parameters:

provider - the SslContext implementation to use. null to use the current default one.

trustCertCollectionFile - an X.509 certificate collection file in PEM format. null to use the system default

trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default or the results of parsing trustCertCollectionFile. This parameter is ignored if provider is not SslProvider.JDK.

keyCertChainFile - an X.509 certificate chain file in PEM format. This provides the public key for mutual authentication. null to use the system default

keyFile - a PKCS#8 private key file in PEM format. This provides the private key for mutual authentication. null for no mutual authentication.

keyPassword - the password of the keyFile. null if it's not password-protected. Ignored if keyFile is null.

keyManagerFactory - the KeyManagerFactory that provides the KeyManagers that is used to encrypt data being sent to servers. null to use the default or the results of parsing keyCertChainFile and keyFile. This parameter is ignored if provider is not SslProvider.JDK.

ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.

cipherFilter - a filter to apply over the supplied list of ciphers

apn - Provides a means to configure parameters related to application protocol negotiation.

sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.

sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.

Returns:

a new client-side SslContext

Throws:

SSLException

attributes

public final AttributeMap attributes()

Returns the AttributeMap that belongs to this SslContext .

isServer

public final boolean isServer()

Returns true if and only if this context is for server-side.

isClient

public abstract boolean isClient()

Returns the true if and only if this context is for client-side.

cipherSuites

public abstract List<String> cipherSuites()

Returns the list of enabled cipher suites, in the order of preference.

sessionCacheSize

public long sessionCacheSize()

Returns the size of the cache used for storing SSL session objects.

sessionTimeout

public long sessionTimeout()

Returns the timeout for the cached SSL session objects, in seconds.

nextProtocols

@Deprecated
public final List<String> nextProtocols()

Deprecated.

Use applicationProtocolNegotiator() instead.

applicationProtocolNegotiator

public abstract ApplicationProtocolNegotiator applicationProtocolNegotiator()

Returns the object responsible for negotiating application layer protocols for the TLS NPN/ALPN extensions.

newEngine

public abstract SSLEngine newEngine(BufferAllocator alloc)

Creates a new SSLEngine.

If SslProvider.OPENSSL_REFCNT is used then the object must be released. One way to do this is to wrap in a SslHandler and insert it into a pipeline. See newHandler(BufferAllocator).

Returns:

a new SSLEngine

newEngine

public abstract SSLEngine newEngine(BufferAllocator alloc,
                                    String peerHost,
                                    int peerPort)

Creates a new SSLEngine using advisory peer information.

If SslProvider.OPENSSL_REFCNT is used then the object must be released. One way to do this is to wrap in a SslHandler and insert it into a pipeline. See newHandler(BufferAllocator, String, int).

Parameters:

peerHost - the non-authoritative name of the host

peerPort - the non-authoritative port

Returns:

a new SSLEngine

sessionContext

public abstract SSLSessionContext sessionContext()

Returns the SSLSessionContext object held by this context.

newHandler

public final SslHandler newHandler(BufferAllocator alloc)

Create a new SslHandler.

See Also:

newHandler(BufferAllocator, Executor)

newHandler

protected SslHandler newHandler(BufferAllocator alloc,
                                boolean startTls)

Create a new SslHandler.

See Also:

newHandler(BufferAllocator)

newHandler

public SslHandler newHandler(BufferAllocator alloc,
                             Executor delegatedTaskExecutor)

Creates a new SslHandler.

If SslProvider.OPENSSL_REFCNT is used then the returned SslHandler will release the engine that is wrapped. If the returned SslHandler is not inserted into a pipeline then you may leak native memory!

Beware: the underlying generated SSLEngine won't have hostname verification enabled by default. If you create SslHandler for the client side and want proper security, we advice that you configure the SSLEngine (see SSLParameters.setEndpointIdentificationAlgorithm(String)):

 SSLEngine sslEngine = sslHandler.engine();
 SSLParameters sslParameters = sslEngine.getSSLParameters();
 // only available since Java 7
 sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
 sslEngine.setSSLParameters(sslParameters);
 

The underlying SSLEngine may not follow the restrictions imposed by the SSLEngine javadocs which limits wrap/unwrap to operate on a single SSL/TLS packet.

Parameters:

alloc - If supported by the SSLEngine then the SSLEngine will use this to allocate Buffer objects.

delegatedTaskExecutor - the Executor that will be used to execute tasks that are returned by SSLEngine.getDelegatedTask().

Returns:

a new SslHandler

newHandler

protected SslHandler newHandler(BufferAllocator alloc,
                                boolean startTls,
                                Executor executor)

Create a new SslHandler.

See Also:

newHandler(BufferAllocator, String, int, boolean, Executor)

newHandler

public final SslHandler newHandler(BufferAllocator alloc,
                                   String peerHost,
                                   int peerPort)

Creates a new SslHandler

See Also:

newHandler(BufferAllocator, String, int, Executor)

newHandler

protected SslHandler newHandler(BufferAllocator alloc,
                                String peerHost,
                                int peerPort,
                                boolean startTls)

Create a new SslHandler.

See Also:

newHandler(BufferAllocator, String, int, boolean, Executor)

newHandler

public SslHandler newHandler(BufferAllocator alloc,
                             String peerHost,
                             int peerPort,
                             Executor delegatedTaskExecutor)

Creates a new SslHandler with advisory peer information.

If SslProvider.OPENSSL_REFCNT is used then the returned SslHandler will release the engine that is wrapped. If the returned SslHandler is not inserted into a pipeline then you may leak native memory!

Beware: the underlying generated SSLEngine won't have hostname verification enabled by default. If you create SslHandler for the client side and want proper security, we advice that you configure the SSLEngine (see SSLParameters.setEndpointIdentificationAlgorithm(String)):

 SSLEngine sslEngine = sslHandler.engine();
 SSLParameters sslParameters = sslEngine.getSSLParameters();
 // only available since Java 7
 sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
 sslEngine.setSSLParameters(sslParameters);
 

The underlying SSLEngine may not follow the restrictions imposed by the SSLEngine javadocs which limits wrap/unwrap to operate on a single SSL/TLS packet.

Parameters:

alloc - If supported by the SSLEngine then the SSLEngine will use this to allocate Buffer objects.

peerHost - the non-authoritative name of the host

peerPort - the non-authoritative port

delegatedTaskExecutor - the Executor that will be used to execute tasks that are returned by SSLEngine.getDelegatedTask().

Returns:

a new SslHandler

newHandler

protected SslHandler newHandler(BufferAllocator alloc,
                                String peerHost,
                                int peerPort,
                                boolean startTls,
                                Executor delegatedTaskExecutor)

generateKeySpec

@Deprecated
protected static PKCS8EncodedKeySpec generateKeySpec(char[] password,
                                                     byte[] key)
                                              throws IOException,
                                                     NoSuchAlgorithmException,
                                                     NoSuchPaddingException,
                                                     InvalidKeySpecException,
                                                     InvalidKeyException,
                                                     InvalidAlgorithmParameterException

Deprecated.

Generates a key specification for an (encrypted) private key.

Parameters:

password - characters, if null an unencrypted key is assumed

key - bytes of the DER encoded private key

Returns:

a key specification

Throws:

IOException - if parsing key fails

NoSuchAlgorithmException - if the algorithm used to encrypt key is unknown

NoSuchPaddingException - if the padding scheme specified in the decryption algorithm is unknown

InvalidKeySpecException - if the decryption key based on password cannot be generated

InvalidKeyException - if the decryption key based on password cannot be used to decrypt key

InvalidAlgorithmParameterException - if decryption algorithm parameters are somehow faulty

buildKeyStore

protected static KeyStore buildKeyStore(X509Certificate[] certChain,
                                        PrivateKey key,
                                        char[] keyPasswordChars,
                                        String keyStoreType)
                                 throws KeyStoreException,
                                        NoSuchAlgorithmException,
                                        CertificateException,
                                        IOException

Generates a new KeyStore.

Parameters:

certChain - an X.509 certificate chain

key - a PKCS#8 private key

keyPasswordChars - the password of the keyFile. null if it's not password-protected.

keyStoreType - The KeyStore Type you want to use

Returns:

generated KeyStore.

Throws:

KeyStoreException

NoSuchAlgorithmException

CertificateException

IOException

toPrivateKey

protected static PrivateKey toPrivateKey(File keyFile,
                                         String keyPassword)
                                  throws NoSuchAlgorithmException,
                                         NoSuchPaddingException,
                                         InvalidKeySpecException,
                                         InvalidAlgorithmParameterException,
                                         KeyException,
                                         IOException

Throws:

NoSuchAlgorithmException

NoSuchPaddingException

InvalidKeySpecException

InvalidAlgorithmParameterException

KeyException

IOException

toPrivateKey

protected static PrivateKey toPrivateKey(InputStream keyInputStream,
                                         String keyPassword)
                                  throws NoSuchAlgorithmException,
                                         NoSuchPaddingException,
                                         InvalidKeySpecException,
                                         InvalidAlgorithmParameterException,
                                         KeyException,
                                         IOException

Throws:

NoSuchAlgorithmException

NoSuchPaddingException

InvalidKeySpecException

InvalidAlgorithmParameterException

KeyException

IOException

buildTrustManagerFactory

@Deprecated
protected static TrustManagerFactory buildTrustManagerFactory(File certChainFile,
                                                              TrustManagerFactory trustManagerFactory)
                                                       throws NoSuchAlgorithmException,
                                                              CertificateException,
                                                              KeyStoreException,
                                                              IOException

Deprecated.

Build a TrustManagerFactory from a certificate chain file.

Parameters:

certChainFile - The certificate file to build from.

trustManagerFactory - The existing TrustManagerFactory that will be used if not null.

Returns:

A TrustManagerFactory which contains the certificates in certChainFile

Throws:

NoSuchAlgorithmException

CertificateException

KeyStoreException

IOException

buildTrustManagerFactory

protected static TrustManagerFactory buildTrustManagerFactory(File certChainFile,
                                                              TrustManagerFactory trustManagerFactory,
                                                              String keyType)
                                                       throws NoSuchAlgorithmException,
                                                              CertificateException,
                                                              KeyStoreException,
                                                              IOException

Build a TrustManagerFactory from a certificate chain file.

Parameters:

certChainFile - The certificate file to build from.

trustManagerFactory - The existing TrustManagerFactory that will be used if not null.

keyType - The KeyStore Type you want to use

Returns:

A TrustManagerFactory which contains the certificates in certChainFile

Throws:

NoSuchAlgorithmException

CertificateException

KeyStoreException

IOException

toX509Certificates

protected static X509Certificate[] toX509Certificates(File file)
                                               throws CertificateException

Throws:

CertificateException

toX509Certificates

protected static X509Certificate[] toX509Certificates(InputStream in)
                                               throws CertificateException

Throws:

CertificateException

buildTrustManagerFactory

protected static TrustManagerFactory buildTrustManagerFactory(X509Certificate[] certCollection,
                                                              TrustManagerFactory trustManagerFactory,
                                                              String keyStoreType)
                                                       throws NoSuchAlgorithmException,
                                                              CertificateException,
                                                              KeyStoreException,
                                                              IOException

Throws:

NoSuchAlgorithmException

CertificateException

KeyStoreException

IOException

buildKeyManagerFactory

protected static KeyManagerFactory buildKeyManagerFactory(X509Certificate[] certChainFile,
                                                          String keyAlgorithm,
                                                          PrivateKey key,
                                                          String keyPassword,
                                                          KeyManagerFactory kmf,
                                                          String keyStore)
                                                   throws KeyStoreException,
                                                          NoSuchAlgorithmException,
                                                          IOException,
                                                          CertificateException,
                                                          UnrecoverableKeyException

Throws:

KeyStoreException

NoSuchAlgorithmException

IOException

CertificateException

UnrecoverableKeyException