public class JdkSslContext extends SslContext
SslContext which uses JDK's SSL/TLS implementation.| Modifier and Type | Field and Description |
|---|---|
private JdkApplicationProtocolNegotiator |
apn |
private java.lang.String[] |
cipherSuites |
private ClientAuth |
clientAuth |
(package private) static java.util.List<java.lang.String> |
DEFAULT_CIPHERS |
(package private) static java.lang.String[] |
DEFAULT_PROTOCOLS |
private boolean |
isClient |
private static InternalLogger |
logger |
(package private) static java.lang.String |
PROTOCOL |
private java.lang.String[] |
protocols |
private javax.net.ssl.SSLContext |
sslContext |
(package private) static java.util.Set<java.lang.String> |
SUPPORTED_CIPHERS |
private java.util.List<java.lang.String> |
unmodifiableCipherSuites |
X509_CERT_FACTORY| Constructor and Description |
|---|
JdkSslContext(javax.net.ssl.SSLContext sslContext,
boolean isClient,
ClientAuth clientAuth)
Creates a new
JdkSslContext from a pre-configured SSLContext. |
JdkSslContext(javax.net.ssl.SSLContext sslContext,
boolean isClient,
java.lang.Iterable<java.lang.String> ciphers,
CipherSuiteFilter cipherFilter,
ApplicationProtocolConfig apn,
ClientAuth clientAuth)
Creates a new
JdkSslContext from a pre-configured SSLContext. |
JdkSslContext(javax.net.ssl.SSLContext sslContext,
boolean isClient,
java.lang.Iterable<java.lang.String> ciphers,
CipherSuiteFilter cipherFilter,
JdkApplicationProtocolNegotiator apn,
ClientAuth clientAuth,
java.lang.String[] protocols,
boolean startTls) |
| Modifier and Type | Method and Description |
|---|---|
private static void |
addIfSupported(java.util.Set<java.lang.String> supported,
java.util.List<java.lang.String> enabled,
java.lang.String... names) |
JdkApplicationProtocolNegotiator |
applicationProtocolNegotiator()
Returns the object responsible for negotiating application layer protocols for the TLS NPN/ALPN extensions.
|
protected static javax.net.ssl.KeyManagerFactory |
buildKeyManagerFactory(java.io.File certChainFile,
java.io.File keyFile,
java.lang.String keyPassword,
javax.net.ssl.KeyManagerFactory kmf)
Deprecated.
will be removed.
|
protected static javax.net.ssl.KeyManagerFactory |
buildKeyManagerFactory(java.io.File certChainFile,
java.lang.String keyAlgorithm,
java.io.File keyFile,
java.lang.String keyPassword,
javax.net.ssl.KeyManagerFactory kmf)
Deprecated.
will be removed.
|
java.util.List<java.lang.String> |
cipherSuites()
Returns the list of enabled cipher suites, in the order of preference.
|
private javax.net.ssl.SSLEngine |
configureAndWrapEngine(javax.net.ssl.SSLEngine engine) |
javax.net.ssl.SSLContext |
context()
Returns the JDK
SSLContext object held by this context. |
boolean |
isClient()
Returns the
true if and only if this context is for client-side. |
javax.net.ssl.SSLEngine |
newEngine(ByteBufAllocator alloc)
Creates a new
SSLEngine. |
javax.net.ssl.SSLEngine |
newEngine(ByteBufAllocator alloc,
java.lang.String peerHost,
int peerPort)
Creates a new
SSLEngine using advisory peer information. |
long |
sessionCacheSize()
Returns the size of the cache used for storing SSL session objects.
|
javax.net.ssl.SSLSessionContext |
sessionContext()
Returns the JDK
SSLSessionContext object held by this context. |
long |
sessionTimeout()
Returns the timeout for the cached SSL session objects, in seconds.
|
(package private) static JdkApplicationProtocolNegotiator |
toNegotiator(ApplicationProtocolConfig config,
boolean isServer)
Translate a
ApplicationProtocolConfig object to a JdkApplicationProtocolNegotiator object. |
buildKeyManagerFactory, buildKeyManagerFactory, buildKeyStore, buildTrustManagerFactory, buildTrustManagerFactory, defaultClientProvider, defaultServerProvider, generateKeySpec, isServer, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContextInternal, newHandler, newHandler, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContextInternal, nextProtocols, toApplicationProtocolConfig, toPrivateKey, toPrivateKey, toPrivateKeyInternal, toX509Certificates, toX509Certificates, toX509CertificatesInternalprivate static final InternalLogger logger
static final java.lang.String PROTOCOL
static final java.lang.String[] DEFAULT_PROTOCOLS
static final java.util.List<java.lang.String> DEFAULT_CIPHERS
static final java.util.Set<java.lang.String> SUPPORTED_CIPHERS
private final java.lang.String[] protocols
private final java.lang.String[] cipherSuites
private final java.util.List<java.lang.String> unmodifiableCipherSuites
private final JdkApplicationProtocolNegotiator apn
private final ClientAuth clientAuth
private final javax.net.ssl.SSLContext sslContext
private final boolean isClient
public JdkSslContext(javax.net.ssl.SSLContext sslContext,
boolean isClient,
ClientAuth clientAuth)
JdkSslContext from a pre-configured SSLContext.sslContext - the SSLContext to use.isClient - true if this context should create SSLEngines for client-side usage.clientAuth - the ClientAuth to use. This will only be used when is false.public JdkSslContext(javax.net.ssl.SSLContext sslContext,
boolean isClient,
java.lang.Iterable<java.lang.String> ciphers,
CipherSuiteFilter cipherFilter,
ApplicationProtocolConfig apn,
ClientAuth clientAuth)
JdkSslContext from a pre-configured SSLContext.sslContext - the SSLContext to use.isClient - true if this context should create SSLEngines for client-side usage.ciphers - the ciphers to use or null if the standard should be used.cipherFilter - the filter to use.apn - the ApplicationProtocolConfig to use.clientAuth - the ClientAuth to use. This will only be used when is false.JdkSslContext(javax.net.ssl.SSLContext sslContext,
boolean isClient,
java.lang.Iterable<java.lang.String> ciphers,
CipherSuiteFilter cipherFilter,
JdkApplicationProtocolNegotiator apn,
ClientAuth clientAuth,
java.lang.String[] protocols,
boolean startTls)
private static void addIfSupported(java.util.Set<java.lang.String> supported,
java.util.List<java.lang.String> enabled,
java.lang.String... names)
public final javax.net.ssl.SSLContext context()
SSLContext object held by this context.public final boolean isClient()
SslContexttrue if and only if this context is for client-side.isClient in class SslContextpublic final javax.net.ssl.SSLSessionContext sessionContext()
SSLSessionContext object held by this context.sessionContext in class SslContextpublic final java.util.List<java.lang.String> cipherSuites()
SslContextcipherSuites in class SslContextpublic final long sessionCacheSize()
SslContextsessionCacheSize in class SslContextpublic final long sessionTimeout()
SslContextsessionTimeout in class SslContextpublic final javax.net.ssl.SSLEngine newEngine(ByteBufAllocator alloc)
SslContextSSLEngine.
If SslProvider.OPENSSL_REFCNT is used then the object must be released. One way to do this is to
wrap in a SslHandler and insert it into a pipeline. See SslContext.newHandler(ByteBufAllocator).
newEngine in class SslContextSSLEnginepublic final javax.net.ssl.SSLEngine newEngine(ByteBufAllocator alloc, java.lang.String peerHost, int peerPort)
SslContextSSLEngine using advisory peer information.
If SslProvider.OPENSSL_REFCNT is used then the object must be released. One way to do this is to
wrap in a SslHandler and insert it into a pipeline.
See SslContext.newHandler(ByteBufAllocator, String, int).
newEngine in class SslContextpeerHost - the non-authoritative name of the hostpeerPort - the non-authoritative portSSLEngineprivate javax.net.ssl.SSLEngine configureAndWrapEngine(javax.net.ssl.SSLEngine engine)
public final JdkApplicationProtocolNegotiator applicationProtocolNegotiator()
SslContextapplicationProtocolNegotiator in class SslContextstatic JdkApplicationProtocolNegotiator toNegotiator(ApplicationProtocolConfig config, boolean isServer)
ApplicationProtocolConfig object to a JdkApplicationProtocolNegotiator object.config - The configuration which defines the translationisServer - true if a server false otherwise.@Deprecated
protected static javax.net.ssl.KeyManagerFactory buildKeyManagerFactory(java.io.File certChainFile,
java.io.File keyFile,
java.lang.String keyPassword,
javax.net.ssl.KeyManagerFactory kmf)
throws java.security.UnrecoverableKeyException,
java.security.KeyStoreException,
java.security.NoSuchAlgorithmException,
javax.crypto.NoSuchPaddingException,
java.security.spec.InvalidKeySpecException,
java.security.InvalidAlgorithmParameterException,
java.security.cert.CertificateException,
java.security.KeyException,
java.io.IOException
KeyManagerFactory based upon a key file, key file password, and a certificate chain.certChainFile - a X.509 certificate chain file in PEM formatkeyFile - a PKCS#8 private key file in PEM formatkeyPassword - the password of the keyFile.
null if it's not password-protected.kmf - The existing KeyManagerFactory that will be used if not nullKeyManagerFactory based upon a key file, key file password, and a certificate chain.java.security.UnrecoverableKeyExceptionjava.security.KeyStoreExceptionjava.security.NoSuchAlgorithmExceptionjavax.crypto.NoSuchPaddingExceptionjava.security.spec.InvalidKeySpecExceptionjava.security.InvalidAlgorithmParameterExceptionjava.security.cert.CertificateExceptionjava.security.KeyExceptionjava.io.IOException@Deprecated
protected static javax.net.ssl.KeyManagerFactory buildKeyManagerFactory(java.io.File certChainFile,
java.lang.String keyAlgorithm,
java.io.File keyFile,
java.lang.String keyPassword,
javax.net.ssl.KeyManagerFactory kmf)
throws java.security.KeyStoreException,
java.security.NoSuchAlgorithmException,
javax.crypto.NoSuchPaddingException,
java.security.spec.InvalidKeySpecException,
java.security.InvalidAlgorithmParameterException,
java.io.IOException,
java.security.cert.CertificateException,
java.security.KeyException,
java.security.UnrecoverableKeyException
KeyManagerFactory based upon a key algorithm, key file, key file password,
and a certificate chain.certChainFile - a X.509 certificate chain file in PEM formatkeyAlgorithm - the standard name of the requested algorithm. See the Java Secure Socket Extension
Reference Guide for information about standard algorithm names.keyFile - a PKCS#8 private key file in PEM formatkeyPassword - the password of the keyFile.
null if it's not password-protected.kmf - The existing KeyManagerFactory that will be used if not nullKeyManagerFactory based upon a key algorithm, key file, key file password,
and a certificate chain.java.security.KeyStoreExceptionjava.security.NoSuchAlgorithmExceptionjavax.crypto.NoSuchPaddingExceptionjava.security.spec.InvalidKeySpecExceptionjava.security.InvalidAlgorithmParameterExceptionjava.io.IOExceptionjava.security.cert.CertificateExceptionjava.security.KeyExceptionjava.security.UnrecoverableKeyException