public final class SslContextBuilder
extends java.lang.Object
限定符和类型 | 方法和说明 |
---|---|
SslContextBuilder |
applicationProtocolConfig(ApplicationProtocolConfig apn)
Application protocol negotiation configuration.
|
SslContext |
build()
Create new
SslContext instance with configured settings. |
SslContextBuilder |
ciphers(java.lang.Iterable<java.lang.String> ciphers)
The cipher suites to enable, in the order of preference.
|
SslContextBuilder |
ciphers(java.lang.Iterable<java.lang.String> ciphers,
CipherSuiteFilter cipherFilter)
The cipher suites to enable, in the order of preference.
|
SslContextBuilder |
clientAuth(ClientAuth clientAuth)
Sets the client authentication mode.
|
SslContextBuilder |
enableOcsp(boolean enableOcsp)
Enables OCSP stapling.
|
static SslContextBuilder |
forClient()
Creates a builder for new client-side
SslContext . |
static SslContextBuilder |
forServer(java.io.File keyCertChainFile,
java.io.File keyFile)
Creates a builder for new server-side
SslContext . |
static SslContextBuilder |
forServer(java.io.File keyCertChainFile,
java.io.File keyFile,
java.lang.String keyPassword)
Creates a builder for new server-side
SslContext . |
static SslContextBuilder |
forServer(java.io.InputStream keyCertChainInputStream,
java.io.InputStream keyInputStream)
Creates a builder for new server-side
SslContext . |
static SslContextBuilder |
forServer(java.io.InputStream keyCertChainInputStream,
java.io.InputStream keyInputStream,
java.lang.String keyPassword)
Creates a builder for new server-side
SslContext . |
static SslContextBuilder |
forServer(javax.net.ssl.KeyManager keyManager)
Creates a builder for new server-side
SslContext with KeyManager . |
static SslContextBuilder |
forServer(javax.net.ssl.KeyManagerFactory keyManagerFactory)
Creates a builder for new server-side
SslContext . |
static SslContextBuilder |
forServer(java.security.PrivateKey key,
java.lang.Iterable<? extends java.security.cert.X509Certificate> keyCertChain)
Creates a builder for new server-side
SslContext . |
static SslContextBuilder |
forServer(java.security.PrivateKey key,
java.lang.String keyPassword,
java.lang.Iterable<? extends java.security.cert.X509Certificate> keyCertChain)
Creates a builder for new server-side
SslContext . |
static SslContextBuilder |
forServer(java.security.PrivateKey key,
java.lang.String keyPassword,
java.security.cert.X509Certificate... keyCertChain)
Creates a builder for new server-side
SslContext . |
static SslContextBuilder |
forServer(java.security.PrivateKey key,
java.security.cert.X509Certificate... keyCertChain)
Creates a builder for new server-side
SslContext . |
SslContextBuilder |
keyManager(java.io.File keyCertChainFile,
java.io.File keyFile)
Identifying certificate for this host.
|
SslContextBuilder |
keyManager(java.io.File keyCertChainFile,
java.io.File keyFile,
java.lang.String keyPassword)
Identifying certificate for this host.
|
SslContextBuilder |
keyManager(java.io.InputStream keyCertChainInputStream,
java.io.InputStream keyInputStream)
Identifying certificate for this host.
|
SslContextBuilder |
keyManager(java.io.InputStream keyCertChainInputStream,
java.io.InputStream keyInputStream,
java.lang.String keyPassword)
Identifying certificate for this host.
|
SslContextBuilder |
keyManager(javax.net.ssl.KeyManager keyManager)
A single key manager managing the identity information of this host.
|
SslContextBuilder |
keyManager(javax.net.ssl.KeyManagerFactory keyManagerFactory)
Identifying manager for this host.
|
SslContextBuilder |
keyManager(java.security.PrivateKey key,
java.lang.Iterable<? extends java.security.cert.X509Certificate> keyCertChain)
Identifying certificate for this host.
|
SslContextBuilder |
keyManager(java.security.PrivateKey key,
java.lang.String keyPassword,
java.lang.Iterable<? extends java.security.cert.X509Certificate> keyCertChain)
Identifying certificate for this host.
|
SslContextBuilder |
keyManager(java.security.PrivateKey key,
java.lang.String keyPassword,
java.security.cert.X509Certificate... keyCertChain)
Identifying certificate for this host.
|
SslContextBuilder |
keyManager(java.security.PrivateKey key,
java.security.cert.X509Certificate... keyCertChain)
Identifying certificate for this host.
|
SslContextBuilder |
keyStoreType(java.lang.String keyStoreType)
Sets the
KeyStore type that should be used. |
<T> SslContextBuilder |
option(SslContextOption<T> option,
T value)
Configure a
SslContextOption . |
SslContextBuilder |
protocols(java.lang.Iterable<java.lang.String> protocols)
The TLS protocol versions to enable.
|
SslContextBuilder |
protocols(java.lang.String... protocols)
The TLS protocol versions to enable.
|
SslContextBuilder |
sessionCacheSize(long sessionCacheSize)
Set the size of the cache used for storing SSL session objects.
|
SslContextBuilder |
sessionTimeout(long sessionTimeout)
Set the timeout for the cached SSL session objects, in seconds.
|
SslContextBuilder |
sslContextProvider(java.security.Provider sslContextProvider)
The SSLContext
Provider to use. |
SslContextBuilder |
sslProvider(SslProvider provider)
The
SslContext implementation to use. |
SslContextBuilder |
startTls(boolean startTls)
true if the first write request shouldn't be encrypted. |
SslContextBuilder |
trustManager(java.io.File trustCertCollectionFile)
Trusted certificates for verifying the remote endpoint's certificate.
|
SslContextBuilder |
trustManager(java.io.InputStream trustCertCollectionInputStream)
Trusted certificates for verifying the remote endpoint's certificate.
|
SslContextBuilder |
trustManager(java.lang.Iterable<? extends java.security.cert.X509Certificate> trustCertCollection)
Trusted certificates for verifying the remote endpoint's certificate,
null uses the system default. |
SslContextBuilder |
trustManager(javax.net.ssl.TrustManager trustManager)
A single trusted manager for verifying the remote endpoint's certificate.
|
SslContextBuilder |
trustManager(javax.net.ssl.TrustManagerFactory trustManagerFactory)
Trusted manager for verifying the remote endpoint's certificate.
|
SslContextBuilder |
trustManager(java.security.cert.X509Certificate... trustCertCollection)
Trusted certificates for verifying the remote endpoint's certificate,
null uses the system default. |
public static SslContextBuilder forClient()
SslContext
.public static SslContextBuilder forServer(java.io.File keyCertChainFile, java.io.File keyFile)
SslContext
.keyCertChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyManager(File, File)
public static SslContextBuilder forServer(java.io.InputStream keyCertChainInputStream, java.io.InputStream keyInputStream)
SslContext
.keyCertChainInputStream
- an input stream for an X.509 certificate chain in PEM format. The caller is
responsible for calling InputStream.close()
after build()
has been called.keyInputStream
- an input stream for a PKCS#8 private key in PEM format. The caller is
responsible for calling InputStream.close()
after build()
has been called.keyManager(InputStream, InputStream)
public static SslContextBuilder forServer(java.security.PrivateKey key, java.security.cert.X509Certificate... keyCertChain)
SslContext
.key
- a PKCS#8 private keykeyCertChain
- the X.509 certificate chainkeyManager(PrivateKey, X509Certificate[])
public static SslContextBuilder forServer(java.security.PrivateKey key, java.lang.Iterable<? extends java.security.cert.X509Certificate> keyCertChain)
SslContext
.key
- a PKCS#8 private keykeyCertChain
- the X.509 certificate chainkeyManager(PrivateKey, X509Certificate[])
public static SslContextBuilder forServer(java.io.File keyCertChainFile, java.io.File keyFile, java.lang.String keyPassword)
SslContext
.keyCertChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of the keyFile
, or null
if it's not
password-protectedkeyManager(File, File, String)
public static SslContextBuilder forServer(java.io.InputStream keyCertChainInputStream, java.io.InputStream keyInputStream, java.lang.String keyPassword)
SslContext
.keyCertChainInputStream
- an input stream for an X.509 certificate chain in PEM format. The caller is
responsible for calling InputStream.close()
after build()
has been called.keyInputStream
- an input stream for a PKCS#8 private key in PEM format. The caller is
responsible for calling InputStream.close()
after build()
has been called.keyPassword
- the password of the keyFile
, or null
if it's not
password-protectedkeyManager(InputStream, InputStream, String)
public static SslContextBuilder forServer(java.security.PrivateKey key, java.lang.String keyPassword, java.security.cert.X509Certificate... keyCertChain)
SslContext
.key
- a PKCS#8 private keykeyCertChain
- the X.509 certificate chainkeyPassword
- the password of the keyFile
, or null
if it's not
password-protectedkeyManager(File, File, String)
public static SslContextBuilder forServer(java.security.PrivateKey key, java.lang.String keyPassword, java.lang.Iterable<? extends java.security.cert.X509Certificate> keyCertChain)
SslContext
.key
- a PKCS#8 private keykeyCertChain
- the X.509 certificate chainkeyPassword
- the password of the keyFile
, or null
if it's not
password-protectedkeyManager(File, File, String)
public static SslContextBuilder forServer(javax.net.ssl.KeyManagerFactory keyManagerFactory)
SslContext
.
If you use SslProvider.OPENSSL
or SslProvider.OPENSSL_REFCNT
consider using
OpenSslX509KeyManagerFactory
or OpenSslCachingX509KeyManagerFactory
.keyManagerFactory
- non-null
factory for server's private keykeyManager(KeyManagerFactory)
public static SslContextBuilder forServer(javax.net.ssl.KeyManager keyManager)
SslContext
with KeyManager
.keyManager
- non-null
KeyManager for server's private keypublic <T> SslContextBuilder option(SslContextOption<T> option, T value)
SslContextOption
.public SslContextBuilder sslProvider(SslProvider provider)
SslContext
implementation to use. null
uses the default one.public SslContextBuilder keyStoreType(java.lang.String keyStoreType)
KeyStore
type that should be used. null
uses the default one.public SslContextBuilder sslContextProvider(java.security.Provider sslContextProvider)
public SslContextBuilder trustManager(java.io.File trustCertCollectionFile)
null
uses the system default.public SslContextBuilder trustManager(java.io.InputStream trustCertCollectionInputStream)
null
uses the system default.
The caller is responsible for calling InputStream.close()
after build()
has been called.public SslContextBuilder trustManager(java.security.cert.X509Certificate... trustCertCollection)
null
uses the system default.public SslContextBuilder trustManager(java.lang.Iterable<? extends java.security.cert.X509Certificate> trustCertCollection)
null
uses the system default.public SslContextBuilder trustManager(javax.net.ssl.TrustManagerFactory trustManagerFactory)
null
uses the system default.public SslContextBuilder trustManager(javax.net.ssl.TrustManager trustManager)
TrustManager
is needed.
Internally, a simple wrapper of TrustManagerFactory
that only produces this
specified TrustManager
will be created, thus all the requirements specified in
trustManager(TrustManagerFactory trustManagerFactory)
also apply here.public SslContextBuilder keyManager(java.io.File keyCertChainFile, java.io.File keyFile)
keyCertChainFile
and keyFile
may
be null
for client contexts, which disables mutual authentication.keyCertChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatpublic SslContextBuilder keyManager(java.io.InputStream keyCertChainInputStream, java.io.InputStream keyInputStream)
keyCertChainInputStream
and keyInputStream
may
be null
for client contexts, which disables mutual authentication.keyCertChainInputStream
- an input stream for an X.509 certificate chain in PEM format. The caller is
responsible for calling InputStream.close()
after build()
has been called.keyInputStream
- an input stream for a PKCS#8 private key in PEM format. The caller is
responsible for calling InputStream.close()
after build()
has been called.public SslContextBuilder keyManager(java.security.PrivateKey key, java.security.cert.X509Certificate... keyCertChain)
keyCertChain
and key
may
be null
for client contexts, which disables mutual authentication.key
- a PKCS#8 private keykeyCertChain
- an X.509 certificate chainpublic SslContextBuilder keyManager(java.security.PrivateKey key, java.lang.Iterable<? extends java.security.cert.X509Certificate> keyCertChain)
keyCertChain
and key
may
be null
for client contexts, which disables mutual authentication.key
- a PKCS#8 private keykeyCertChain
- an X.509 certificate chainpublic SslContextBuilder keyManager(java.io.File keyCertChainFile, java.io.File keyFile, java.lang.String keyPassword)
keyCertChainFile
and keyFile
may
be null
for client contexts, which disables mutual authentication.keyCertChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of the keyFile
, or null
if it's not
password-protectedpublic SslContextBuilder keyManager(java.io.InputStream keyCertChainInputStream, java.io.InputStream keyInputStream, java.lang.String keyPassword)
keyCertChainInputStream
and keyInputStream
may
be null
for client contexts, which disables mutual authentication.keyCertChainInputStream
- an input stream for an X.509 certificate chain in PEM format. The caller is
responsible for calling InputStream.close()
after build()
has been called.keyInputStream
- an input stream for a PKCS#8 private key in PEM format. The caller is
responsible for calling InputStream.close()
after build()
has been called.keyPassword
- the password of the keyInputStream
, or null
if it's not
password-protectedpublic SslContextBuilder keyManager(java.security.PrivateKey key, java.lang.String keyPassword, java.security.cert.X509Certificate... keyCertChain)
keyCertChain
and key
may
be null
for client contexts, which disables mutual authentication.key
- a PKCS#8 private key filekeyPassword
- the password of the key
, or null
if it's not
password-protectedkeyCertChain
- an X.509 certificate chainpublic SslContextBuilder keyManager(java.security.PrivateKey key, java.lang.String keyPassword, java.lang.Iterable<? extends java.security.cert.X509Certificate> keyCertChain)
keyCertChain
and key
may
be null
for client contexts, which disables mutual authentication.key
- a PKCS#8 private key filekeyPassword
- the password of the key
, or null
if it's not
password-protectedkeyCertChain
- an X.509 certificate chainpublic SslContextBuilder keyManager(javax.net.ssl.KeyManagerFactory keyManagerFactory)
keyManagerFactory
may be null
for
client contexts, which disables mutual authentication. Using a KeyManagerFactory
is only supported for SslProvider.JDK
or SslProvider.OPENSSL
/ SslProvider.OPENSSL_REFCNT
if the used openssl version is 1.0.1+. You can check if your openssl version supports using a
KeyManagerFactory
by calling OpenSsl.supportsKeyManagerFactory()
. If this is not the case
you must use keyManager(File, File)
or keyManager(File, File, String)
.
If you use SslProvider.OPENSSL
or SslProvider.OPENSSL_REFCNT
consider using
OpenSslX509KeyManagerFactory
or OpenSslCachingX509KeyManagerFactory
.public SslContextBuilder keyManager(javax.net.ssl.KeyManager keyManager)
KeyManager
is needed.
Internally, a wrapper of KeyManagerFactory
that only produces this specified
KeyManager
will be created, thus all the requirements specified in
keyManager(KeyManagerFactory keyManagerFactory)
also apply here.public SslContextBuilder ciphers(java.lang.Iterable<java.lang.String> ciphers)
null
to use default
cipher suites.public SslContextBuilder ciphers(java.lang.Iterable<java.lang.String> ciphers, CipherSuiteFilter cipherFilter)
cipherFilter
will be
applied to the ciphers before use. If ciphers
is null
, then the default
cipher suites will be used.public SslContextBuilder applicationProtocolConfig(ApplicationProtocolConfig apn)
null
disables support.public SslContextBuilder sessionCacheSize(long sessionCacheSize)
0
to use the
default value.public SslContextBuilder sessionTimeout(long sessionTimeout)
0
to use the
default value.public SslContextBuilder clientAuth(ClientAuth clientAuth)
public SslContextBuilder protocols(java.lang.String... protocols)
protocols
- The protocols to enable, or null
to enable the default protocols.SSLEngine.setEnabledCipherSuites(String[])
public SslContextBuilder protocols(java.lang.Iterable<java.lang.String> protocols)
protocols
- The protocols to enable, or null
to enable the default protocols.SSLEngine.setEnabledCipherSuites(String[])
public SslContextBuilder startTls(boolean startTls)
true
if the first write request shouldn't be encrypted.@UnstableApi public SslContextBuilder enableOcsp(boolean enableOcsp)
SslProvider
implementations support OCSP
stapling and an exception will be thrown upon build()
.public SslContext build() throws javax.net.ssl.SSLException
SslContext
instance with configured settings.
If sslProvider(SslProvider)
is set to SslProvider.OPENSSL_REFCNT
then the caller is
responsible for releasing this object, or else native memory may leak.
javax.net.ssl.SSLException