public abstract class SslContext
extends java.lang.Object
SSLEngine
and SslHandler
.
Internally, it is implemented via JDK's SSLContext
or OpenSSL's SSL_CTX
.
// In yourChannelInitializer
:ChannelPipeline
p = channel.pipeline();SslContext
sslCtx =SslContextBuilder.forServer(...)
.build(); p.addLast("ssl",sslCtx.newHandler(channel.alloc())
); ...
// In yourChannelInitializer
:ChannelPipeline
p = channel.pipeline();SslContext
sslCtx =SslContextBuilder.forClient()
.build(); p.addLast("ssl",sslCtx.newHandler(channel.alloc(), host, port)
); ...
限定符 | 构造器和说明 |
---|---|
protected |
SslContext()
Creates a new instance (startTls set to
false ). |
protected |
SslContext(boolean startTls)
Creates a new instance.
|
限定符和类型 | 方法和说明 |
---|---|
abstract ApplicationProtocolNegotiator |
applicationProtocolNegotiator()
Returns the object responsible for negotiating application layer protocols for the TLS NPN/ALPN extensions.
|
AttributeMap |
attributes()
Returns the
AttributeMap that belongs to this SslContext . |
protected static javax.net.ssl.KeyManagerFactory |
buildKeyManagerFactory(java.security.cert.X509Certificate[] certChainFile,
java.lang.String keyAlgorithm,
java.security.PrivateKey key,
java.lang.String keyPassword,
javax.net.ssl.KeyManagerFactory kmf,
java.lang.String keyStore) |
protected static java.security.KeyStore |
buildKeyStore(java.security.cert.X509Certificate[] certChain,
java.security.PrivateKey key,
char[] keyPasswordChars,
java.lang.String keyStoreType)
Generates a new
KeyStore . |
protected static javax.net.ssl.TrustManagerFactory |
buildTrustManagerFactory(java.io.File certChainFile,
javax.net.ssl.TrustManagerFactory trustManagerFactory)
已过时。
|
protected static javax.net.ssl.TrustManagerFactory |
buildTrustManagerFactory(java.io.File certChainFile,
javax.net.ssl.TrustManagerFactory trustManagerFactory,
java.lang.String keyType)
Build a
TrustManagerFactory from a certificate chain file. |
protected static javax.net.ssl.TrustManagerFactory |
buildTrustManagerFactory(java.security.cert.X509Certificate[] certCollection,
javax.net.ssl.TrustManagerFactory trustManagerFactory,
java.lang.String keyStoreType) |
abstract java.util.List<java.lang.String> |
cipherSuites()
Returns the list of enabled cipher suites, in the order of preference.
|
static SslProvider |
defaultClientProvider()
Returns the default client-side implementation provider currently in use.
|
static SslProvider |
defaultServerProvider()
Returns the default server-side implementation provider currently in use.
|
protected static java.security.spec.PKCS8EncodedKeySpec |
generateKeySpec(char[] password,
byte[] key)
已过时。
|
abstract boolean |
isClient()
Returns the
true if and only if this context is for client-side. |
boolean |
isServer()
Returns
true if and only if this context is for server-side. |
static SslContext |
newClientContext()
已过时。
Replaced by
SslContextBuilder |
static SslContext |
newClientContext(java.io.File certChainFile)
已过时。
Replaced by
SslContextBuilder |
static SslContext |
newClientContext(java.io.File certChainFile,
javax.net.ssl.TrustManagerFactory trustManagerFactory)
已过时。
Replaced by
SslContextBuilder |
static SslContext |
newClientContext(java.io.File certChainFile,
javax.net.ssl.TrustManagerFactory trustManagerFactory,
java.lang.Iterable<java.lang.String> ciphers,
CipherSuiteFilter cipherFilter,
ApplicationProtocolConfig apn,
long sessionCacheSize,
long sessionTimeout)
已过时。
Replaced by
SslContextBuilder |
static SslContext |
newClientContext(java.io.File certChainFile,
javax.net.ssl.TrustManagerFactory trustManagerFactory,
java.lang.Iterable<java.lang.String> ciphers,
java.lang.Iterable<java.lang.String> nextProtocols,
long sessionCacheSize,
long sessionTimeout)
已过时。
Replaced by
SslContextBuilder |
static SslContext |
newClientContext(SslProvider provider)
已过时。
Replaced by
SslContextBuilder |
static SslContext |
newClientContext(SslProvider provider,
java.io.File certChainFile)
已过时。
Replaced by
SslContextBuilder |
static SslContext |
newClientContext(SslProvider provider,
java.io.File certChainFile,
javax.net.ssl.TrustManagerFactory trustManagerFactory)
已过时。
Replaced by
SslContextBuilder |
static SslContext |
newClientContext(SslProvider provider,
java.io.File trustCertCollectionFile,
javax.net.ssl.TrustManagerFactory trustManagerFactory,
java.io.File keyCertChainFile,
java.io.File keyFile,
java.lang.String keyPassword,
javax.net.ssl.KeyManagerFactory keyManagerFactory,
java.lang.Iterable<java.lang.String> ciphers,
CipherSuiteFilter cipherFilter,
ApplicationProtocolConfig apn,
long sessionCacheSize,
long sessionTimeout)
已过时。
Replaced by
SslContextBuilder |
static SslContext |
newClientContext(SslProvider provider,
java.io.File certChainFile,
javax.net.ssl.TrustManagerFactory trustManagerFactory,
java.lang.Iterable<java.lang.String> ciphers,
CipherSuiteFilter cipherFilter,
ApplicationProtocolConfig apn,
long sessionCacheSize,
long sessionTimeout)
已过时。
Replaced by
SslContextBuilder |
static SslContext |
newClientContext(SslProvider provider,
java.io.File certChainFile,
javax.net.ssl.TrustManagerFactory trustManagerFactory,
java.lang.Iterable<java.lang.String> ciphers,
java.lang.Iterable<java.lang.String> nextProtocols,
long sessionCacheSize,
long sessionTimeout)
已过时。
Replaced by
SslContextBuilder |
static SslContext |
newClientContext(SslProvider provider,
javax.net.ssl.TrustManagerFactory trustManagerFactory)
已过时。
Replaced by
SslContextBuilder |
static SslContext |
newClientContext(javax.net.ssl.TrustManagerFactory trustManagerFactory)
已过时。
Replaced by
SslContextBuilder |
abstract javax.net.ssl.SSLEngine |
newEngine(ByteBufAllocator alloc)
Creates a new
SSLEngine . |
abstract javax.net.ssl.SSLEngine |
newEngine(ByteBufAllocator alloc,
java.lang.String peerHost,
int peerPort)
Creates a new
SSLEngine using advisory peer information. |
SslHandler |
newHandler(ByteBufAllocator alloc)
Create a new SslHandler.
|
protected SslHandler |
newHandler(ByteBufAllocator alloc,
boolean startTls)
Create a new SslHandler.
|
protected SslHandler |
newHandler(ByteBufAllocator alloc,
boolean startTls,
java.util.concurrent.Executor executor)
Create a new SslHandler.
|
SslHandler |
newHandler(ByteBufAllocator alloc,
java.util.concurrent.Executor delegatedTaskExecutor)
Creates a new
SslHandler . |
SslHandler |
newHandler(ByteBufAllocator alloc,
java.lang.String peerHost,
int peerPort)
Creates a new
SslHandler |
protected SslHandler |
newHandler(ByteBufAllocator alloc,
java.lang.String peerHost,
int peerPort,
boolean startTls)
Create a new SslHandler.
|
protected SslHandler |
newHandler(ByteBufAllocator alloc,
java.lang.String peerHost,
int peerPort,
boolean startTls,
java.util.concurrent.Executor delegatedTaskExecutor) |
SslHandler |
newHandler(ByteBufAllocator alloc,
java.lang.String peerHost,
int peerPort,
java.util.concurrent.Executor delegatedTaskExecutor)
Creates a new
SslHandler with advisory peer information. |
static SslContext |
newServerContext(java.io.File certChainFile,
java.io.File keyFile)
已过时。
Replaced by
SslContextBuilder |
static SslContext |
newServerContext(java.io.File certChainFile,
java.io.File keyFile,
java.lang.String keyPassword)
已过时。
Replaced by
SslContextBuilder |
static SslContext |
newServerContext(java.io.File certChainFile,
java.io.File keyFile,
java.lang.String keyPassword,
java.lang.Iterable<java.lang.String> ciphers,
CipherSuiteFilter cipherFilter,
ApplicationProtocolConfig apn,
long sessionCacheSize,
long sessionTimeout)
已过时。
Replaced by
SslContextBuilder |
static SslContext |
newServerContext(java.io.File certChainFile,
java.io.File keyFile,
java.lang.String keyPassword,
java.lang.Iterable<java.lang.String> ciphers,
java.lang.Iterable<java.lang.String> nextProtocols,
long sessionCacheSize,
long sessionTimeout)
已过时。
Replaced by
SslContextBuilder |
static SslContext |
newServerContext(SslProvider provider,
java.io.File certChainFile,
java.io.File keyFile)
已过时。
Replaced by
SslContextBuilder |
static SslContext |
newServerContext(SslProvider provider,
java.io.File certChainFile,
java.io.File keyFile,
java.lang.String keyPassword)
已过时。
Replaced by
SslContextBuilder |
static SslContext |
newServerContext(SslProvider provider,
java.io.File certChainFile,
java.io.File keyFile,
java.lang.String keyPassword,
java.lang.Iterable<java.lang.String> ciphers,
CipherSuiteFilter cipherFilter,
ApplicationProtocolConfig apn,
long sessionCacheSize,
long sessionTimeout)
已过时。
Replaced by
SslContextBuilder |
static SslContext |
newServerContext(SslProvider provider,
java.io.File certChainFile,
java.io.File keyFile,
java.lang.String keyPassword,
java.lang.Iterable<java.lang.String> ciphers,
java.lang.Iterable<java.lang.String> nextProtocols,
long sessionCacheSize,
long sessionTimeout)
已过时。
Replaced by
SslContextBuilder |
static SslContext |
newServerContext(SslProvider provider,
java.io.File certChainFile,
java.io.File keyFile,
java.lang.String keyPassword,
javax.net.ssl.TrustManagerFactory trustManagerFactory,
java.lang.Iterable<java.lang.String> ciphers,
java.lang.Iterable<java.lang.String> nextProtocols,
long sessionCacheSize,
long sessionTimeout)
已过时。
Replaced by
SslContextBuilder |
static SslContext |
newServerContext(SslProvider provider,
java.io.File trustCertCollectionFile,
javax.net.ssl.TrustManagerFactory trustManagerFactory,
java.io.File keyCertChainFile,
java.io.File keyFile,
java.lang.String keyPassword,
javax.net.ssl.KeyManagerFactory keyManagerFactory,
java.lang.Iterable<java.lang.String> ciphers,
CipherSuiteFilter cipherFilter,
ApplicationProtocolConfig apn,
long sessionCacheSize,
long sessionTimeout)
已过时。
Replaced by
SslContextBuilder |
java.util.List<java.lang.String> |
nextProtocols()
已过时。
Use
applicationProtocolNegotiator() instead. |
long |
sessionCacheSize()
Returns the size of the cache used for storing SSL session objects.
|
abstract javax.net.ssl.SSLSessionContext |
sessionContext()
Returns the
SSLSessionContext object held by this context. |
long |
sessionTimeout()
Returns the timeout for the cached SSL session objects, in seconds.
|
protected static java.security.PrivateKey |
toPrivateKey(java.io.File keyFile,
java.lang.String keyPassword) |
protected static java.security.PrivateKey |
toPrivateKey(java.io.InputStream keyInputStream,
java.lang.String keyPassword) |
protected static java.security.cert.X509Certificate[] |
toX509Certificates(java.io.File file) |
protected static java.security.cert.X509Certificate[] |
toX509Certificates(java.io.InputStream in) |
protected SslContext()
false
).protected SslContext(boolean startTls)
public static SslProvider defaultServerProvider()
SslProvider.OPENSSL
if OpenSSL is available. SslProvider.JDK
otherwise.public static SslProvider defaultClientProvider()
SslProvider.OPENSSL
if OpenSSL is available. SslProvider.JDK
otherwise.@Deprecated public static SslContext newServerContext(java.io.File certChainFile, java.io.File keyFile) throws javax.net.ssl.SSLException
SslContextBuilder
SslContext
.certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatSslContext
javax.net.ssl.SSLException
@Deprecated public static SslContext newServerContext(java.io.File certChainFile, java.io.File keyFile, java.lang.String keyPassword) throws javax.net.ssl.SSLException
SslContextBuilder
SslContext
.certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of the keyFile
.
null
if it's not password-protected.SslContext
javax.net.ssl.SSLException
@Deprecated public static SslContext newServerContext(java.io.File certChainFile, java.io.File keyFile, java.lang.String keyPassword, java.lang.Iterable<java.lang.String> ciphers, java.lang.Iterable<java.lang.String> nextProtocols, long sessionCacheSize, long sessionTimeout) throws javax.net.ssl.SSLException
SslContextBuilder
SslContext
.certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of the keyFile
.
null
if it's not password-protected.ciphers
- the cipher suites to enable, in the order of preference.
null
to use the default cipher suites.nextProtocols
- the application layer protocols to accept, in the order of preference.
null
to disable TLS NPN/ALPN extension.sessionCacheSize
- the size of the cache used for storing SSL session objects.
0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.
0
to use the default value.SslContext
javax.net.ssl.SSLException
@Deprecated public static SslContext newServerContext(java.io.File certChainFile, java.io.File keyFile, java.lang.String keyPassword, java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout) throws javax.net.ssl.SSLException
SslContextBuilder
SslContext
.certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of the keyFile
.
null
if it's not password-protected.ciphers
- the cipher suites to enable, in the order of preference.
null
to use the default cipher suites.cipherFilter
- a filter to apply over the supplied list of ciphersapn
- Provides a means to configure parameters related to application protocol negotiation.sessionCacheSize
- the size of the cache used for storing SSL session objects.
0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.
0
to use the default value.SslContext
javax.net.ssl.SSLException
@Deprecated public static SslContext newServerContext(SslProvider provider, java.io.File certChainFile, java.io.File keyFile) throws javax.net.ssl.SSLException
SslContextBuilder
SslContext
.provider
- the SslContext
implementation to use.
null
to use the current default one.certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatSslContext
javax.net.ssl.SSLException
@Deprecated public static SslContext newServerContext(SslProvider provider, java.io.File certChainFile, java.io.File keyFile, java.lang.String keyPassword) throws javax.net.ssl.SSLException
SslContextBuilder
SslContext
.provider
- the SslContext
implementation to use.
null
to use the current default one.certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of the keyFile
.
null
if it's not password-protected.SslContext
javax.net.ssl.SSLException
@Deprecated public static SslContext newServerContext(SslProvider provider, java.io.File certChainFile, java.io.File keyFile, java.lang.String keyPassword, java.lang.Iterable<java.lang.String> ciphers, java.lang.Iterable<java.lang.String> nextProtocols, long sessionCacheSize, long sessionTimeout) throws javax.net.ssl.SSLException
SslContextBuilder
SslContext
.provider
- the SslContext
implementation to use.
null
to use the current default one.certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of the keyFile
.
null
if it's not password-protected.ciphers
- the cipher suites to enable, in the order of preference.
null
to use the default cipher suites.nextProtocols
- the application layer protocols to accept, in the order of preference.
null
to disable TLS NPN/ALPN extension.sessionCacheSize
- the size of the cache used for storing SSL session objects.
0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.
0
to use the default value.SslContext
javax.net.ssl.SSLException
@Deprecated public static SslContext newServerContext(SslProvider provider, java.io.File certChainFile, java.io.File keyFile, java.lang.String keyPassword, javax.net.ssl.TrustManagerFactory trustManagerFactory, java.lang.Iterable<java.lang.String> ciphers, java.lang.Iterable<java.lang.String> nextProtocols, long sessionCacheSize, long sessionTimeout) throws javax.net.ssl.SSLException
SslContextBuilder
SslContext
.provider
- the SslContext
implementation to use.
null
to use the current default one.certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of the keyFile
.
null
if it's not password-protected.trustManagerFactory
- the TrustManagerFactory
that provides the TrustManager
s
that verifies the certificates sent from servers.
null
to use the default.ciphers
- the cipher suites to enable, in the order of preference.
null
to use the default cipher suites.nextProtocols
- the application layer protocols to accept, in the order of preference.
null
to disable TLS NPN/ALPN extension.sessionCacheSize
- the size of the cache used for storing SSL session objects.
0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.
0
to use the default value.SslContext
javax.net.ssl.SSLException
@Deprecated public static SslContext newServerContext(SslProvider provider, java.io.File certChainFile, java.io.File keyFile, java.lang.String keyPassword, java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout) throws javax.net.ssl.SSLException
SslContextBuilder
SslContext
.provider
- the SslContext
implementation to use.
null
to use the current default one.certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of the keyFile
.
null
if it's not password-protected.ciphers
- the cipher suites to enable, in the order of preference.
null
to use the default cipher suites.cipherFilter
- a filter to apply over the supplied list of ciphers
Only required if provider
is SslProvider.JDK
apn
- Provides a means to configure parameters related to application protocol negotiation.sessionCacheSize
- the size of the cache used for storing SSL session objects.
0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.
0
to use the default value.SslContext
javax.net.ssl.SSLException
@Deprecated public static SslContext newServerContext(SslProvider provider, java.io.File trustCertCollectionFile, javax.net.ssl.TrustManagerFactory trustManagerFactory, java.io.File keyCertChainFile, java.io.File keyFile, java.lang.String keyPassword, javax.net.ssl.KeyManagerFactory keyManagerFactory, java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout) throws javax.net.ssl.SSLException
SslContextBuilder
SslContext
.provider
- the SslContext
implementation to use.
null
to use the current default one.trustCertCollectionFile
- an X.509 certificate collection file in PEM format.
This provides the certificate collection used for mutual authentication.
null
to use the system defaulttrustManagerFactory
- the TrustManagerFactory
that provides the TrustManager
s
that verifies the certificates sent from clients.
null
to use the default or the results of parsing
trustCertCollectionFile
.
This parameter is ignored if provider
is not SslProvider.JDK
.keyCertChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of the keyFile
.
null
if it's not password-protected.keyManagerFactory
- the KeyManagerFactory
that provides the KeyManager
s
that is used to encrypt data being sent to clients.
null
to use the default or the results of parsing
keyCertChainFile
and keyFile
.
This parameter is ignored if provider
is not SslProvider.JDK
.ciphers
- the cipher suites to enable, in the order of preference.
null
to use the default cipher suites.cipherFilter
- a filter to apply over the supplied list of ciphers
Only required if provider
is SslProvider.JDK
apn
- Provides a means to configure parameters related to application protocol negotiation.sessionCacheSize
- the size of the cache used for storing SSL session objects.
0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.
0
to use the default value.SslContext
javax.net.ssl.SSLException
@Deprecated public static SslContext newClientContext() throws javax.net.ssl.SSLException
SslContextBuilder
SslContext
.SslContext
javax.net.ssl.SSLException
@Deprecated public static SslContext newClientContext(java.io.File certChainFile) throws javax.net.ssl.SSLException
SslContextBuilder
SslContext
.certChainFile
- an X.509 certificate chain file in PEM formatSslContext
javax.net.ssl.SSLException
@Deprecated public static SslContext newClientContext(javax.net.ssl.TrustManagerFactory trustManagerFactory) throws javax.net.ssl.SSLException
SslContextBuilder
SslContext
.trustManagerFactory
- the TrustManagerFactory
that provides the TrustManager
s
that verifies the certificates sent from servers.
null
to use the default.SslContext
javax.net.ssl.SSLException
@Deprecated public static SslContext newClientContext(java.io.File certChainFile, javax.net.ssl.TrustManagerFactory trustManagerFactory) throws javax.net.ssl.SSLException
SslContextBuilder
SslContext
.certChainFile
- an X.509 certificate chain file in PEM format.
null
to use the system defaulttrustManagerFactory
- the TrustManagerFactory
that provides the TrustManager
s
that verifies the certificates sent from servers.
null
to use the default.SslContext
javax.net.ssl.SSLException
@Deprecated public static SslContext newClientContext(java.io.File certChainFile, javax.net.ssl.TrustManagerFactory trustManagerFactory, java.lang.Iterable<java.lang.String> ciphers, java.lang.Iterable<java.lang.String> nextProtocols, long sessionCacheSize, long sessionTimeout) throws javax.net.ssl.SSLException
SslContextBuilder
SslContext
.certChainFile
- an X.509 certificate chain file in PEM format.
null
to use the system defaulttrustManagerFactory
- the TrustManagerFactory
that provides the TrustManager
s
that verifies the certificates sent from servers.
null
to use the default.ciphers
- the cipher suites to enable, in the order of preference.
null
to use the default cipher suites.nextProtocols
- the application layer protocols to accept, in the order of preference.
null
to disable TLS NPN/ALPN extension.sessionCacheSize
- the size of the cache used for storing SSL session objects.
0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.
0
to use the default value.SslContext
javax.net.ssl.SSLException
@Deprecated public static SslContext newClientContext(java.io.File certChainFile, javax.net.ssl.TrustManagerFactory trustManagerFactory, java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout) throws javax.net.ssl.SSLException
SslContextBuilder
SslContext
.certChainFile
- an X.509 certificate chain file in PEM format.
null
to use the system defaulttrustManagerFactory
- the TrustManagerFactory
that provides the TrustManager
s
that verifies the certificates sent from servers.
null
to use the default.ciphers
- the cipher suites to enable, in the order of preference.
null
to use the default cipher suites.cipherFilter
- a filter to apply over the supplied list of ciphersapn
- Provides a means to configure parameters related to application protocol negotiation.sessionCacheSize
- the size of the cache used for storing SSL session objects.
0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.
0
to use the default value.SslContext
javax.net.ssl.SSLException
@Deprecated public static SslContext newClientContext(SslProvider provider) throws javax.net.ssl.SSLException
SslContextBuilder
SslContext
.provider
- the SslContext
implementation to use.
null
to use the current default one.SslContext
javax.net.ssl.SSLException
@Deprecated public static SslContext newClientContext(SslProvider provider, java.io.File certChainFile) throws javax.net.ssl.SSLException
SslContextBuilder
SslContext
.provider
- the SslContext
implementation to use.
null
to use the current default one.certChainFile
- an X.509 certificate chain file in PEM format.
null
to use the system defaultSslContext
javax.net.ssl.SSLException
@Deprecated public static SslContext newClientContext(SslProvider provider, javax.net.ssl.TrustManagerFactory trustManagerFactory) throws javax.net.ssl.SSLException
SslContextBuilder
SslContext
.provider
- the SslContext
implementation to use.
null
to use the current default one.trustManagerFactory
- the TrustManagerFactory
that provides the TrustManager
s
that verifies the certificates sent from servers.
null
to use the default.SslContext
javax.net.ssl.SSLException
@Deprecated public static SslContext newClientContext(SslProvider provider, java.io.File certChainFile, javax.net.ssl.TrustManagerFactory trustManagerFactory) throws javax.net.ssl.SSLException
SslContextBuilder
SslContext
.provider
- the SslContext
implementation to use.
null
to use the current default one.certChainFile
- an X.509 certificate chain file in PEM format.
null
to use the system defaulttrustManagerFactory
- the TrustManagerFactory
that provides the TrustManager
s
that verifies the certificates sent from servers.
null
to use the default.SslContext
javax.net.ssl.SSLException
@Deprecated public static SslContext newClientContext(SslProvider provider, java.io.File certChainFile, javax.net.ssl.TrustManagerFactory trustManagerFactory, java.lang.Iterable<java.lang.String> ciphers, java.lang.Iterable<java.lang.String> nextProtocols, long sessionCacheSize, long sessionTimeout) throws javax.net.ssl.SSLException
SslContextBuilder
SslContext
.provider
- the SslContext
implementation to use.
null
to use the current default one.certChainFile
- an X.509 certificate chain file in PEM format.
null
to use the system defaulttrustManagerFactory
- the TrustManagerFactory
that provides the TrustManager
s
that verifies the certificates sent from servers.
null
to use the default.ciphers
- the cipher suites to enable, in the order of preference.
null
to use the default cipher suites.nextProtocols
- the application layer protocols to accept, in the order of preference.
null
to disable TLS NPN/ALPN extension.sessionCacheSize
- the size of the cache used for storing SSL session objects.
0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.
0
to use the default value.SslContext
javax.net.ssl.SSLException
@Deprecated public static SslContext newClientContext(SslProvider provider, java.io.File certChainFile, javax.net.ssl.TrustManagerFactory trustManagerFactory, java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout) throws javax.net.ssl.SSLException
SslContextBuilder
SslContext
.provider
- the SslContext
implementation to use.
null
to use the current default one.certChainFile
- an X.509 certificate chain file in PEM format.
null
to use the system defaulttrustManagerFactory
- the TrustManagerFactory
that provides the TrustManager
s
that verifies the certificates sent from servers.
null
to use the default.ciphers
- the cipher suites to enable, in the order of preference.
null
to use the default cipher suites.cipherFilter
- a filter to apply over the supplied list of ciphersapn
- Provides a means to configure parameters related to application protocol negotiation.sessionCacheSize
- the size of the cache used for storing SSL session objects.
0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.
0
to use the default value.SslContext
javax.net.ssl.SSLException
@Deprecated public static SslContext newClientContext(SslProvider provider, java.io.File trustCertCollectionFile, javax.net.ssl.TrustManagerFactory trustManagerFactory, java.io.File keyCertChainFile, java.io.File keyFile, java.lang.String keyPassword, javax.net.ssl.KeyManagerFactory keyManagerFactory, java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout) throws javax.net.ssl.SSLException
SslContextBuilder
SslContext
.provider
- the SslContext
implementation to use.
null
to use the current default one.trustCertCollectionFile
- an X.509 certificate collection file in PEM format.
null
to use the system defaulttrustManagerFactory
- the TrustManagerFactory
that provides the TrustManager
s
that verifies the certificates sent from servers.
null
to use the default or the results of parsing
trustCertCollectionFile
.
This parameter is ignored if provider
is not SslProvider.JDK
.keyCertChainFile
- an X.509 certificate chain file in PEM format.
This provides the public key for mutual authentication.
null
to use the system defaultkeyFile
- a PKCS#8 private key file in PEM format.
This provides the private key for mutual authentication.
null
for no mutual authentication.keyPassword
- the password of the keyFile
.
null
if it's not password-protected.
Ignored if keyFile
is null
.keyManagerFactory
- the KeyManagerFactory
that provides the KeyManager
s
that is used to encrypt data being sent to servers.
null
to use the default or the results of parsing
keyCertChainFile
and keyFile
.
This parameter is ignored if provider
is not SslProvider.JDK
.ciphers
- the cipher suites to enable, in the order of preference.
null
to use the default cipher suites.cipherFilter
- a filter to apply over the supplied list of ciphersapn
- Provides a means to configure parameters related to application protocol negotiation.sessionCacheSize
- the size of the cache used for storing SSL session objects.
0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.
0
to use the default value.SslContext
javax.net.ssl.SSLException
public final AttributeMap attributes()
AttributeMap
that belongs to this SslContext
.public final boolean isServer()
true
if and only if this context is for server-side.public abstract boolean isClient()
true
if and only if this context is for client-side.public abstract java.util.List<java.lang.String> cipherSuites()
public long sessionCacheSize()
public long sessionTimeout()
@Deprecated public final java.util.List<java.lang.String> nextProtocols()
applicationProtocolNegotiator()
instead.public abstract ApplicationProtocolNegotiator applicationProtocolNegotiator()
public abstract javax.net.ssl.SSLEngine newEngine(ByteBufAllocator alloc)
SSLEngine
.
If SslProvider.OPENSSL_REFCNT
is used then the object must be released. One way to do this is to
wrap in a SslHandler
and insert it into a pipeline. See newHandler(ByteBufAllocator)
.
SSLEngine
public abstract javax.net.ssl.SSLEngine newEngine(ByteBufAllocator alloc, java.lang.String peerHost, int peerPort)
SSLEngine
using advisory peer information.
If SslProvider.OPENSSL_REFCNT
is used then the object must be released. One way to do this is to
wrap in a SslHandler
and insert it into a pipeline.
See newHandler(ByteBufAllocator, String, int)
.
peerHost
- the non-authoritative name of the hostpeerPort
- the non-authoritative portSSLEngine
public abstract javax.net.ssl.SSLSessionContext sessionContext()
SSLSessionContext
object held by this context.public final SslHandler newHandler(ByteBufAllocator alloc)
protected SslHandler newHandler(ByteBufAllocator alloc, boolean startTls)
public SslHandler newHandler(ByteBufAllocator alloc, java.util.concurrent.Executor delegatedTaskExecutor)
SslHandler
.
If SslProvider.OPENSSL_REFCNT
is used then the returned SslHandler
will release the engine
that is wrapped. If the returned SslHandler
is not inserted into a pipeline then you may leak native
memory!
Beware: the underlying generated SSLEngine
won't have
hostname verification enabled by default.
If you create SslHandler
for the client side and want proper security, we advice that you configure
the SSLEngine
(see SSLParameters.setEndpointIdentificationAlgorithm(String)
):
SSLEngine sslEngine = sslHandler.engine(); SSLParameters sslParameters = sslEngine.getSSLParameters(); // only available since Java 7 sslParameters.setEndpointIdentificationAlgorithm("HTTPS"); sslEngine.setSSLParameters(sslParameters);
The underlying SSLEngine
may not follow the restrictions imposed by the
SSLEngine javadocs which
limits wrap/unwrap to operate on a single SSL/TLS packet.
alloc
- If supported by the SSLEngine then the SSLEngine will use this to allocate ByteBuf objects.delegatedTaskExecutor
- the Executor
that will be used to execute tasks that are returned by
SSLEngine.getDelegatedTask()
.SslHandler
protected SslHandler newHandler(ByteBufAllocator alloc, boolean startTls, java.util.concurrent.Executor executor)
public final SslHandler newHandler(ByteBufAllocator alloc, java.lang.String peerHost, int peerPort)
SslHandler
protected SslHandler newHandler(ByteBufAllocator alloc, java.lang.String peerHost, int peerPort, boolean startTls)
public SslHandler newHandler(ByteBufAllocator alloc, java.lang.String peerHost, int peerPort, java.util.concurrent.Executor delegatedTaskExecutor)
SslHandler
with advisory peer information.
If SslProvider.OPENSSL_REFCNT
is used then the returned SslHandler
will release the engine
that is wrapped. If the returned SslHandler
is not inserted into a pipeline then you may leak native
memory!
Beware: the underlying generated SSLEngine
won't have
hostname verification enabled by default.
If you create SslHandler
for the client side and want proper security, we advice that you configure
the SSLEngine
(see SSLParameters.setEndpointIdentificationAlgorithm(String)
):
SSLEngine sslEngine = sslHandler.engine(); SSLParameters sslParameters = sslEngine.getSSLParameters(); // only available since Java 7 sslParameters.setEndpointIdentificationAlgorithm("HTTPS"); sslEngine.setSSLParameters(sslParameters);
The underlying SSLEngine
may not follow the restrictions imposed by the
SSLEngine javadocs which
limits wrap/unwrap to operate on a single SSL/TLS packet.
alloc
- If supported by the SSLEngine then the SSLEngine will use this to allocate ByteBuf objects.peerHost
- the non-authoritative name of the hostpeerPort
- the non-authoritative portdelegatedTaskExecutor
- the Executor
that will be used to execute tasks that are returned by
SSLEngine.getDelegatedTask()
.SslHandler
protected SslHandler newHandler(ByteBufAllocator alloc, java.lang.String peerHost, int peerPort, boolean startTls, java.util.concurrent.Executor delegatedTaskExecutor)
@Deprecated protected static java.security.spec.PKCS8EncodedKeySpec generateKeySpec(char[] password, byte[] key) throws java.io.IOException, java.security.NoSuchAlgorithmException, javax.crypto.NoSuchPaddingException, java.security.spec.InvalidKeySpecException, java.security.InvalidKeyException, java.security.InvalidAlgorithmParameterException
password
- characters, if null
an unencrypted key is assumedkey
- bytes of the DER encoded private keyjava.io.IOException
- if parsing key
failsjava.security.NoSuchAlgorithmException
- if the algorithm used to encrypt key
is unknownjavax.crypto.NoSuchPaddingException
- if the padding scheme specified in the decryption algorithm is unknownjava.security.spec.InvalidKeySpecException
- if the decryption key based on password
cannot be generatedjava.security.InvalidKeyException
- if the decryption key based on password
cannot be used to decrypt
key
java.security.InvalidAlgorithmParameterException
- if decryption algorithm parameters are somehow faultyprotected static java.security.KeyStore buildKeyStore(java.security.cert.X509Certificate[] certChain, java.security.PrivateKey key, char[] keyPasswordChars, java.lang.String keyStoreType) throws java.security.KeyStoreException, java.security.NoSuchAlgorithmException, java.security.cert.CertificateException, java.io.IOException
KeyStore
.certChain
- an X.509 certificate chainkey
- a PKCS#8 private keykeyPasswordChars
- the password of the keyFile
.
null
if it's not password-protected.keyStoreType
- The KeyStore Type you want to useKeyStore
.java.security.KeyStoreException
java.security.NoSuchAlgorithmException
java.security.cert.CertificateException
java.io.IOException
protected static java.security.PrivateKey toPrivateKey(java.io.File keyFile, java.lang.String keyPassword) throws java.security.NoSuchAlgorithmException, javax.crypto.NoSuchPaddingException, java.security.spec.InvalidKeySpecException, java.security.InvalidAlgorithmParameterException, java.security.KeyException, java.io.IOException
java.security.NoSuchAlgorithmException
javax.crypto.NoSuchPaddingException
java.security.spec.InvalidKeySpecException
java.security.InvalidAlgorithmParameterException
java.security.KeyException
java.io.IOException
protected static java.security.PrivateKey toPrivateKey(java.io.InputStream keyInputStream, java.lang.String keyPassword) throws java.security.NoSuchAlgorithmException, javax.crypto.NoSuchPaddingException, java.security.spec.InvalidKeySpecException, java.security.InvalidAlgorithmParameterException, java.security.KeyException, java.io.IOException
java.security.NoSuchAlgorithmException
javax.crypto.NoSuchPaddingException
java.security.spec.InvalidKeySpecException
java.security.InvalidAlgorithmParameterException
java.security.KeyException
java.io.IOException
@Deprecated protected static javax.net.ssl.TrustManagerFactory buildTrustManagerFactory(java.io.File certChainFile, javax.net.ssl.TrustManagerFactory trustManagerFactory) throws java.security.NoSuchAlgorithmException, java.security.cert.CertificateException, java.security.KeyStoreException, java.io.IOException
TrustManagerFactory
from a certificate chain file.certChainFile
- The certificate file to build from.trustManagerFactory
- The existing TrustManagerFactory
that will be used if not null
.TrustManagerFactory
which contains the certificates in certChainFile
java.security.NoSuchAlgorithmException
java.security.cert.CertificateException
java.security.KeyStoreException
java.io.IOException
protected static javax.net.ssl.TrustManagerFactory buildTrustManagerFactory(java.io.File certChainFile, javax.net.ssl.TrustManagerFactory trustManagerFactory, java.lang.String keyType) throws java.security.NoSuchAlgorithmException, java.security.cert.CertificateException, java.security.KeyStoreException, java.io.IOException
TrustManagerFactory
from a certificate chain file.certChainFile
- The certificate file to build from.trustManagerFactory
- The existing TrustManagerFactory
that will be used if not null
.keyType
- The KeyStore Type you want to useTrustManagerFactory
which contains the certificates in certChainFile
java.security.NoSuchAlgorithmException
java.security.cert.CertificateException
java.security.KeyStoreException
java.io.IOException
protected static java.security.cert.X509Certificate[] toX509Certificates(java.io.File file) throws java.security.cert.CertificateException
java.security.cert.CertificateException
protected static java.security.cert.X509Certificate[] toX509Certificates(java.io.InputStream in) throws java.security.cert.CertificateException
java.security.cert.CertificateException
protected static javax.net.ssl.TrustManagerFactory buildTrustManagerFactory(java.security.cert.X509Certificate[] certCollection, javax.net.ssl.TrustManagerFactory trustManagerFactory, java.lang.String keyStoreType) throws java.security.NoSuchAlgorithmException, java.security.cert.CertificateException, java.security.KeyStoreException, java.io.IOException
java.security.NoSuchAlgorithmException
java.security.cert.CertificateException
java.security.KeyStoreException
java.io.IOException
protected static javax.net.ssl.KeyManagerFactory buildKeyManagerFactory(java.security.cert.X509Certificate[] certChainFile, java.lang.String keyAlgorithm, java.security.PrivateKey key, java.lang.String keyPassword, javax.net.ssl.KeyManagerFactory kmf, java.lang.String keyStore) throws java.security.KeyStoreException, java.security.NoSuchAlgorithmException, java.io.IOException, java.security.cert.CertificateException, java.security.UnrecoverableKeyException
java.security.KeyStoreException
java.security.NoSuchAlgorithmException
java.io.IOException
java.security.cert.CertificateException
java.security.UnrecoverableKeyException