public final class SslContextBuilder
extends java.lang.Object
Modifier and Type | Field and Description |
---|---|
private ApplicationProtocolConfig |
apn |
private CipherSuiteFilter |
cipherFilter |
private java.lang.Iterable<java.lang.String> |
ciphers |
private ClientAuth |
clientAuth |
private boolean |
forServer |
private java.security.PrivateKey |
key |
private java.security.cert.X509Certificate[] |
keyCertChain |
private javax.net.ssl.KeyManagerFactory |
keyManagerFactory |
private java.lang.String |
keyPassword |
private SslProvider |
provider |
private long |
sessionCacheSize |
private long |
sessionTimeout |
private boolean |
startTls |
private java.security.cert.X509Certificate[] |
trustCertCollection |
private javax.net.ssl.TrustManagerFactory |
trustManagerFactory |
Modifier | Constructor and Description |
---|---|
private |
SslContextBuilder(boolean forServer) |
Modifier and Type | Method and Description |
---|---|
SslContextBuilder |
applicationProtocolConfig(ApplicationProtocolConfig apn)
Application protocol negotiation configuration.
|
SslContext |
build()
Create new
SslContext instance with configured settings. |
SslContextBuilder |
ciphers(java.lang.Iterable<java.lang.String> ciphers)
The cipher suites to enable, in the order of preference.
|
SslContextBuilder |
ciphers(java.lang.Iterable<java.lang.String> ciphers,
CipherSuiteFilter cipherFilter)
The cipher suites to enable, in the order of preference.
|
SslContextBuilder |
clientAuth(ClientAuth clientAuth)
Sets the client authentication mode.
|
static SslContextBuilder |
forClient()
Creates a builder for new client-side
SslContext . |
static SslContextBuilder |
forServer(java.io.File keyCertChainFile,
java.io.File keyFile)
Creates a builder for new server-side
SslContext . |
static SslContextBuilder |
forServer(java.io.File keyCertChainFile,
java.io.File keyFile,
java.lang.String keyPassword)
Creates a builder for new server-side
SslContext . |
static SslContextBuilder |
forServer(java.io.InputStream keyCertChainInputStream,
java.io.InputStream keyInputStream)
Creates a builder for new server-side
SslContext . |
static SslContextBuilder |
forServer(java.io.InputStream keyCertChainInputStream,
java.io.InputStream keyInputStream,
java.lang.String keyPassword)
Creates a builder for new server-side
SslContext . |
static SslContextBuilder |
forServer(javax.net.ssl.KeyManagerFactory keyManagerFactory)
Creates a builder for new server-side
SslContext . |
static SslContextBuilder |
forServer(java.security.PrivateKey key,
java.lang.String keyPassword,
java.security.cert.X509Certificate... keyCertChain)
Creates a builder for new server-side
SslContext . |
static SslContextBuilder |
forServer(java.security.PrivateKey key,
java.security.cert.X509Certificate... keyCertChain)
Creates a builder for new server-side
SslContext . |
SslContextBuilder |
keyManager(java.io.File keyCertChainFile,
java.io.File keyFile)
Identifying certificate for this host.
|
SslContextBuilder |
keyManager(java.io.File keyCertChainFile,
java.io.File keyFile,
java.lang.String keyPassword)
Identifying certificate for this host.
|
SslContextBuilder |
keyManager(java.io.InputStream keyCertChainInputStream,
java.io.InputStream keyInputStream)
Identifying certificate for this host.
|
SslContextBuilder |
keyManager(java.io.InputStream keyCertChainInputStream,
java.io.InputStream keyInputStream,
java.lang.String keyPassword)
Identifying certificate for this host.
|
SslContextBuilder |
keyManager(javax.net.ssl.KeyManagerFactory keyManagerFactory)
Identifying manager for this host.
|
SslContextBuilder |
keyManager(java.security.PrivateKey key,
java.lang.String keyPassword,
java.security.cert.X509Certificate... keyCertChain)
Identifying certificate for this host.
|
SslContextBuilder |
keyManager(java.security.PrivateKey key,
java.security.cert.X509Certificate... keyCertChain)
Identifying certificate for this host.
|
SslContextBuilder |
sessionCacheSize(long sessionCacheSize)
Set the size of the cache used for storing SSL session objects.
|
SslContextBuilder |
sessionTimeout(long sessionTimeout)
Set the timeout for the cached SSL session objects, in seconds.
|
SslContextBuilder |
sslProvider(SslProvider provider)
The
SslContext implementation to use. |
SslContextBuilder |
startTls(boolean startTls)
true if the first write request shouldn't be encrypted. |
SslContextBuilder |
trustManager(java.io.File trustCertCollectionFile)
Trusted certificates for verifying the remote endpoint's certificate.
|
SslContextBuilder |
trustManager(java.io.InputStream trustCertCollectionInputStream)
Trusted certificates for verifying the remote endpoint's certificate.
|
SslContextBuilder |
trustManager(javax.net.ssl.TrustManagerFactory trustManagerFactory)
Trusted manager for verifying the remote endpoint's certificate.
|
SslContextBuilder |
trustManager(java.security.cert.X509Certificate... trustCertCollection)
Trusted certificates for verifying the remote endpoint's certificate,
null uses the system default. |
private final boolean forServer
private SslProvider provider
private java.security.cert.X509Certificate[] trustCertCollection
private javax.net.ssl.TrustManagerFactory trustManagerFactory
private java.security.cert.X509Certificate[] keyCertChain
private java.security.PrivateKey key
private java.lang.String keyPassword
private javax.net.ssl.KeyManagerFactory keyManagerFactory
private java.lang.Iterable<java.lang.String> ciphers
private CipherSuiteFilter cipherFilter
private ApplicationProtocolConfig apn
private long sessionCacheSize
private long sessionTimeout
private ClientAuth clientAuth
private boolean startTls
public static SslContextBuilder forClient()
SslContext
.public static SslContextBuilder forServer(java.io.File keyCertChainFile, java.io.File keyFile)
SslContext
.keyCertChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyManager(File, File)
public static SslContextBuilder forServer(java.io.InputStream keyCertChainInputStream, java.io.InputStream keyInputStream)
SslContext
.keyCertChainInputStream
- an input stream for an X.509 certificate chain in PEM formatkeyInputStream
- an input stream for a PKCS#8 private key in PEM formatkeyManager(InputStream, InputStream)
public static SslContextBuilder forServer(java.security.PrivateKey key, java.security.cert.X509Certificate... keyCertChain)
SslContext
.key
- a PKCS#8 private keykeyCertChain
- the X.509 certificate chainkeyManager(PrivateKey, X509Certificate[])
public static SslContextBuilder forServer(java.io.File keyCertChainFile, java.io.File keyFile, java.lang.String keyPassword)
SslContext
.keyCertChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of the keyFile
, or null
if it's not
password-protectedkeyManager(File, File, String)
public static SslContextBuilder forServer(java.io.InputStream keyCertChainInputStream, java.io.InputStream keyInputStream, java.lang.String keyPassword)
SslContext
.keyCertChainInputStream
- an input stream for an X.509 certificate chain in PEM formatkeyInputStream
- an input stream for a PKCS#8 private key in PEM formatkeyPassword
- the password of the keyFile
, or null
if it's not
password-protectedkeyManager(InputStream, InputStream, String)
public static SslContextBuilder forServer(java.security.PrivateKey key, java.lang.String keyPassword, java.security.cert.X509Certificate... keyCertChain)
SslContext
.key
- a PKCS#8 private keykeyCertChain
- the X.509 certificate chainkeyPassword
- the password of the keyFile
, or null
if it's not
password-protectedkeyManager(File, File, String)
public static SslContextBuilder forServer(javax.net.ssl.KeyManagerFactory keyManagerFactory)
SslContext
.keyManagerFactory
- non-null
factory for server's private keykeyManager(KeyManagerFactory)
public SslContextBuilder sslProvider(SslProvider provider)
SslContext
implementation to use. null
uses the default one.public SslContextBuilder trustManager(java.io.File trustCertCollectionFile)
null
uses the system default.public SslContextBuilder trustManager(java.io.InputStream trustCertCollectionInputStream)
null
uses the system default.public SslContextBuilder trustManager(java.security.cert.X509Certificate... trustCertCollection)
null
uses the system default.public SslContextBuilder trustManager(javax.net.ssl.TrustManagerFactory trustManagerFactory)
TrustManagerFactory
is only supported for SslProvider.JDK
; for other providers,
you must use trustManager(File)
. null
uses the system default.public SslContextBuilder keyManager(java.io.File keyCertChainFile, java.io.File keyFile)
keyCertChainFile
and keyFile
may
be null
for client contexts, which disables mutual authentication.keyCertChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatpublic SslContextBuilder keyManager(java.io.InputStream keyCertChainInputStream, java.io.InputStream keyInputStream)
keyCertChainInputStream
and keyInputStream
may
be null
for client contexts, which disables mutual authentication.keyCertChainInputStream
- an input stream for an X.509 certificate chain in PEM formatkeyInputStream
- an input stream for a PKCS#8 private key in PEM formatpublic SslContextBuilder keyManager(java.security.PrivateKey key, java.security.cert.X509Certificate... keyCertChain)
keyCertChain
and key
may
be null
for client contexts, which disables mutual authentication.key
- a PKCS#8 private keykeyCertChain
- an X.509 certificate chainpublic SslContextBuilder keyManager(java.io.File keyCertChainFile, java.io.File keyFile, java.lang.String keyPassword)
keyCertChainFile
and keyFile
may
be null
for client contexts, which disables mutual authentication.keyCertChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of the keyFile
, or null
if it's not
password-protectedpublic SslContextBuilder keyManager(java.io.InputStream keyCertChainInputStream, java.io.InputStream keyInputStream, java.lang.String keyPassword)
keyCertChainInputStream
and keyInputStream
may
be null
for client contexts, which disables mutual authentication.keyCertChainInputStream
- an input stream for an X.509 certificate chain in PEM formatkeyInputStream
- an input stream for a PKCS#8 private key in PEM formatkeyPassword
- the password of the keyInputStream
, or null
if it's not
password-protectedpublic SslContextBuilder keyManager(java.security.PrivateKey key, java.lang.String keyPassword, java.security.cert.X509Certificate... keyCertChain)
keyCertChain
and key
may
be null
for client contexts, which disables mutual authentication.key
- a PKCS#8 private key filekeyPassword
- the password of the key
, or null
if it's not
password-protectedkeyCertChain
- an X.509 certificate chainpublic SslContextBuilder keyManager(javax.net.ssl.KeyManagerFactory keyManagerFactory)
keyManagerFactory
may be null
for
client contexts, which disables mutual authentication. Using a KeyManagerFactory
is only supported for SslProvider.JDK
; for other providers, you must use keyManager(File, File)
or keyManager(File, File, String)
.public SslContextBuilder ciphers(java.lang.Iterable<java.lang.String> ciphers)
null
to use default
cipher suites.public SslContextBuilder ciphers(java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter)
cipherFilter
will be
applied to the ciphers before use if provider is SslProvider.JDK
. If ciphers
is null
, then the default cipher suites will be used.public SslContextBuilder applicationProtocolConfig(ApplicationProtocolConfig apn)
null
disables support.public SslContextBuilder sessionCacheSize(long sessionCacheSize)
0
to use the
default value.public SslContextBuilder sessionTimeout(long sessionTimeout)
0
to use the
default value.public SslContextBuilder clientAuth(ClientAuth clientAuth)
public SslContextBuilder startTls(boolean startTls)
true
if the first write request shouldn't be encrypted.public SslContext build() throws javax.net.ssl.SSLException
SslContext
instance with configured settings.
If sslProvider(SslProvider)
is set to SslProvider.OPENSSL_REFCNT
then the caller is
responsible for releasing this object, or else native memory may leak.
javax.net.ssl.SSLException