public class JdkSslContext extends SslContext
SslContext
which uses JDK's SSL/TLS implementation.Modifier and Type | Field and Description |
---|---|
private JdkApplicationProtocolNegotiator |
apn |
private java.lang.String[] |
cipherSuites |
private ClientAuth |
clientAuth |
(package private) static java.util.List<java.lang.String> |
DEFAULT_CIPHERS |
private boolean |
isClient |
private static InternalLogger |
logger |
(package private) static java.lang.String |
PROTOCOL |
(package private) static java.lang.String[] |
PROTOCOLS |
private javax.net.ssl.SSLContext |
sslContext |
(package private) static java.util.Set<java.lang.String> |
SUPPORTED_CIPHERS |
private java.util.List<java.lang.String> |
unmodifiableCipherSuites |
X509_CERT_FACTORY
Constructor and Description |
---|
JdkSslContext(javax.net.ssl.SSLContext sslContext,
boolean isClient,
ClientAuth clientAuth)
Creates a new
JdkSslContext from a pre-configured SSLContext . |
JdkSslContext(javax.net.ssl.SSLContext sslContext,
boolean isClient,
java.lang.Iterable<java.lang.String> ciphers,
CipherSuiteFilter cipherFilter,
ApplicationProtocolConfig apn,
ClientAuth clientAuth)
Creates a new
JdkSslContext from a pre-configured SSLContext . |
JdkSslContext(javax.net.ssl.SSLContext sslContext,
boolean isClient,
java.lang.Iterable<java.lang.String> ciphers,
CipherSuiteFilter cipherFilter,
JdkApplicationProtocolNegotiator apn,
ClientAuth clientAuth,
boolean startTls) |
Modifier and Type | Method and Description |
---|---|
private static void |
addIfSupported(java.util.Set<java.lang.String> supported,
java.util.List<java.lang.String> enabled,
java.lang.String... names) |
JdkApplicationProtocolNegotiator |
applicationProtocolNegotiator()
Returns the object responsible for negotiating application layer protocols for the TLS NPN/ALPN extensions.
|
protected static javax.net.ssl.KeyManagerFactory |
buildKeyManagerFactory(java.io.File certChainFile,
java.io.File keyFile,
java.lang.String keyPassword,
javax.net.ssl.KeyManagerFactory kmf)
Deprecated.
will be removed.
|
protected static javax.net.ssl.KeyManagerFactory |
buildKeyManagerFactory(java.io.File certChainFile,
java.lang.String keyAlgorithm,
java.io.File keyFile,
java.lang.String keyPassword,
javax.net.ssl.KeyManagerFactory kmf)
Deprecated.
will be removed.
|
java.util.List<java.lang.String> |
cipherSuites()
Returns the list of enabled cipher suites, in the order of preference.
|
private javax.net.ssl.SSLEngine |
configureAndWrapEngine(javax.net.ssl.SSLEngine engine) |
javax.net.ssl.SSLContext |
context()
Returns the JDK
SSLContext object held by this context. |
boolean |
isClient()
Returns the
true if and only if this context is for client-side. |
javax.net.ssl.SSLEngine |
newEngine(ByteBufAllocator alloc)
Creates a new
SSLEngine . |
javax.net.ssl.SSLEngine |
newEngine(ByteBufAllocator alloc,
java.lang.String peerHost,
int peerPort)
Creates a new
SSLEngine using advisory peer information. |
long |
sessionCacheSize()
Returns the size of the cache used for storing SSL session objects.
|
javax.net.ssl.SSLSessionContext |
sessionContext()
Returns the JDK
SSLSessionContext object held by this context. |
long |
sessionTimeout()
Returns the timeout for the cached SSL session objects, in seconds.
|
(package private) static JdkApplicationProtocolNegotiator |
toNegotiator(ApplicationProtocolConfig config,
boolean isServer)
Translate a
ApplicationProtocolConfig object to a JdkApplicationProtocolNegotiator object. |
buildDefaultKeyManagerFactory, buildKeyManagerFactory, buildKeyManagerFactory, buildKeyStore, buildTrustManagerFactory, buildTrustManagerFactory, defaultClientProvider, defaultServerProvider, generateKeySpec, isServer, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContextInternal, newHandler, newHandler, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContextInternal, nextProtocols, toApplicationProtocolConfig, toPrivateKey, toPrivateKey, toPrivateKeyInternal, toX509Certificates, toX509Certificates, toX509CertificatesInternal
private static final InternalLogger logger
static final java.lang.String PROTOCOL
static final java.lang.String[] PROTOCOLS
static final java.util.List<java.lang.String> DEFAULT_CIPHERS
static final java.util.Set<java.lang.String> SUPPORTED_CIPHERS
private final java.lang.String[] cipherSuites
private final java.util.List<java.lang.String> unmodifiableCipherSuites
private final JdkApplicationProtocolNegotiator apn
private final ClientAuth clientAuth
private final javax.net.ssl.SSLContext sslContext
private final boolean isClient
public JdkSslContext(javax.net.ssl.SSLContext sslContext, boolean isClient, ClientAuth clientAuth)
JdkSslContext
from a pre-configured SSLContext
.sslContext
- the SSLContext
to use.isClient
- true
if this context should create SSLEngine
s for client-side usage.clientAuth
- the ClientAuth
to use. This will only be used when is false
.public JdkSslContext(javax.net.ssl.SSLContext sslContext, boolean isClient, java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, ClientAuth clientAuth)
JdkSslContext
from a pre-configured SSLContext
.sslContext
- the SSLContext
to use.isClient
- true
if this context should create SSLEngine
s for client-side usage.ciphers
- the ciphers to use or null
if the standart should be used.cipherFilter
- the filter to use.apn
- the ApplicationProtocolConfig
to use.clientAuth
- the ClientAuth
to use. This will only be used when is false
.JdkSslContext(javax.net.ssl.SSLContext sslContext, boolean isClient, java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter, JdkApplicationProtocolNegotiator apn, ClientAuth clientAuth, boolean startTls)
private static void addIfSupported(java.util.Set<java.lang.String> supported, java.util.List<java.lang.String> enabled, java.lang.String... names)
public final javax.net.ssl.SSLContext context()
SSLContext
object held by this context.public final boolean isClient()
SslContext
true
if and only if this context is for client-side.isClient
in class SslContext
public final javax.net.ssl.SSLSessionContext sessionContext()
SSLSessionContext
object held by this context.sessionContext
in class SslContext
public final java.util.List<java.lang.String> cipherSuites()
SslContext
cipherSuites
in class SslContext
public final long sessionCacheSize()
SslContext
sessionCacheSize
in class SslContext
public final long sessionTimeout()
SslContext
sessionTimeout
in class SslContext
public final javax.net.ssl.SSLEngine newEngine(ByteBufAllocator alloc)
SslContext
SSLEngine
.
If SslProvider.OPENSSL_REFCNT
is used then the object must be released. One way to do this is to
wrap in a SslHandler
and insert it into a pipeline. See SslContext.newHandler(ByteBufAllocator)
.
newEngine
in class SslContext
SSLEngine
public final javax.net.ssl.SSLEngine newEngine(ByteBufAllocator alloc, java.lang.String peerHost, int peerPort)
SslContext
SSLEngine
using advisory peer information.
If SslProvider.OPENSSL_REFCNT
is used then the object must be released. One way to do this is to
wrap in a SslHandler
and insert it into a pipeline.
See SslContext.newHandler(ByteBufAllocator, String, int)
.
newEngine
in class SslContext
peerHost
- the non-authoritative name of the hostpeerPort
- the non-authoritative portSSLEngine
private javax.net.ssl.SSLEngine configureAndWrapEngine(javax.net.ssl.SSLEngine engine)
public final JdkApplicationProtocolNegotiator applicationProtocolNegotiator()
SslContext
applicationProtocolNegotiator
in class SslContext
static JdkApplicationProtocolNegotiator toNegotiator(ApplicationProtocolConfig config, boolean isServer)
ApplicationProtocolConfig
object to a JdkApplicationProtocolNegotiator
object.config
- The configuration which defines the translationisServer
- true
if a server false
otherwise.@Deprecated protected static javax.net.ssl.KeyManagerFactory buildKeyManagerFactory(java.io.File certChainFile, java.io.File keyFile, java.lang.String keyPassword, javax.net.ssl.KeyManagerFactory kmf) throws java.security.UnrecoverableKeyException, java.security.KeyStoreException, java.security.NoSuchAlgorithmException, javax.crypto.NoSuchPaddingException, java.security.spec.InvalidKeySpecException, java.security.InvalidAlgorithmParameterException, java.security.cert.CertificateException, java.security.KeyException, java.io.IOException
KeyManagerFactory
based upon a key file, key file password, and a certificate chain.certChainFile
- a X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of the keyFile
.
null
if it's not password-protected.kmf
- The existing KeyManagerFactory
that will be used if not null
KeyManagerFactory
based upon a key file, key file password, and a certificate chain.java.security.UnrecoverableKeyException
java.security.KeyStoreException
java.security.NoSuchAlgorithmException
javax.crypto.NoSuchPaddingException
java.security.spec.InvalidKeySpecException
java.security.InvalidAlgorithmParameterException
java.security.cert.CertificateException
java.security.KeyException
java.io.IOException
@Deprecated protected static javax.net.ssl.KeyManagerFactory buildKeyManagerFactory(java.io.File certChainFile, java.lang.String keyAlgorithm, java.io.File keyFile, java.lang.String keyPassword, javax.net.ssl.KeyManagerFactory kmf) throws java.security.KeyStoreException, java.security.NoSuchAlgorithmException, javax.crypto.NoSuchPaddingException, java.security.spec.InvalidKeySpecException, java.security.InvalidAlgorithmParameterException, java.io.IOException, java.security.cert.CertificateException, java.security.KeyException, java.security.UnrecoverableKeyException
KeyManagerFactory
based upon a key algorithm, key file, key file password,
and a certificate chain.certChainFile
- a X.509 certificate chain file in PEM formatkeyAlgorithm
- the standard name of the requested algorithm. See the Java Secure Socket Extension
Reference Guide for information about standard algorithm names.keyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of the keyFile
.
null
if it's not password-protected.kmf
- The existing KeyManagerFactory
that will be used if not null
KeyManagerFactory
based upon a key algorithm, key file, key file password,
and a certificate chain.java.security.KeyStoreException
java.security.NoSuchAlgorithmException
javax.crypto.NoSuchPaddingException
java.security.spec.InvalidKeySpecException
java.security.InvalidAlgorithmParameterException
java.io.IOException
java.security.cert.CertificateException
java.security.KeyException
java.security.UnrecoverableKeyException