Package io.netty.handler.ssl
Class JdkSslContext
java.lang.Object
io.netty.handler.ssl.SslContext
io.netty.handler.ssl.JdkSslContext
- Direct Known Subclasses:
JdkSslClientContext,JdkSslServerContext
An
SslContext which uses JDK's SSL/TLS implementation.-
Nested Class Summary
Nested Classes -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate final JdkApplicationProtocolNegotiatorprivate final String[]private final ClientAuthprivate static final String[]private static final Providerprivate final Stringprivate final booleanprivate static final InternalLogger(package private) static final Stringprivate final String[]private final SSLContextFields inherited from class io.netty.handler.ssl.SslContext
ALIAS, resumptionController, X509_CERT_FACTORY -
Constructor Summary
ConstructorsConstructorDescriptionJdkSslContext(SSLContext sslContext, boolean isClient, ClientAuth clientAuth) Deprecated.JdkSslContext(SSLContext sslContext, boolean isClient, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, ClientAuth clientAuth) JdkSslContext(SSLContext sslContext, boolean isClient, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, ClientAuth clientAuth, String[] protocols, boolean startTls) Creates a newJdkSslContextfrom a pre-configuredSSLContext.JdkSslContext(SSLContext sslContext, boolean isClient, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, JdkApplicationProtocolNegotiator apn, ClientAuth clientAuth, String[] protocols, boolean startTls) JdkSslContext(SSLContext sslContext, boolean isClient, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, JdkApplicationProtocolNegotiator apn, ClientAuth clientAuth, String[] protocols, boolean startTls, String endpointIdentificationAlgorithm, ResumptionController resumptionController) -
Method Summary
Modifier and TypeMethodDescriptionReturns the object responsible for negotiating application layer protocols for the TLS NPN/ALPN extensions.protected static KeyManagerFactorybuildKeyManagerFactory(File certChainFile, File keyFile, String keyPassword, KeyManagerFactory kmf) Deprecated.will be removed.(package private) static KeyManagerFactorybuildKeyManagerFactory(File certChainFile, File keyFile, String keyPassword, KeyManagerFactory kmf, String keyStore) Build aKeyManagerFactorybased upon a key file, key file password, and a certificate chain.protected static KeyManagerFactorybuildKeyManagerFactory(File certChainFile, String keyAlgorithm, File keyFile, String keyPassword, KeyManagerFactory kmf) Deprecated.will be removed.(package private) static KeyManagerFactorybuildKeyManagerFactory(File certChainFile, String keyAlgorithm, File keyFile, String keyPassword, KeyManagerFactory kmf, String keyStore) Build aKeyManagerFactorybased upon a key algorithm, key file, key file password, and a certificate chain.Returns the list of enabled cipher suites, in the order of preference.private SSLEngineconfigureAndWrapEngine(SSLEngine engine, ByteBufAllocator alloc) private voidfinal SSLContextcontext()Returns the JDKSSLContextobject held by this context.defaultCiphers(SSLEngine engine, Set<String> supportedCiphers) private static String[]defaultProtocols(SSLContext context, SSLEngine engine) final booleanisClient()Returns thetrueif and only if this context is for client-side.private static booleanisTlsV13Supported(String[] protocols) final SSLEnginenewEngine(ByteBufAllocator alloc) Creates a newSSLEngine.final SSLEnginenewEngine(ByteBufAllocator alloc, String peerHost, int peerPort) Creates a newSSLEngineusing advisory peer information.final SSLSessionContextReturns the JDKSSLSessionContextobject held by this context.supportedCiphers(SSLEngine engine) (package private) static JdkApplicationProtocolNegotiatortoNegotiator(ApplicationProtocolConfig config, boolean isServer) Translate aApplicationProtocolConfigobject to aJdkApplicationProtocolNegotiatorobject.Methods inherited from class io.netty.handler.ssl.SslContext
attributes, buildKeyManagerFactory, buildKeyManagerFactory, buildKeyStore, buildTrustManagerFactory, buildTrustManagerFactory, buildTrustManagerFactory, defaultClientProvider, defaultServerProvider, generateKeySpec, isServer, keyStorePassword, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContextInternal, newHandler, newHandler, newHandler, newHandler, newHandler, newHandler, newHandler, newHandler, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContextInternal, nextProtocols, sessionCacheSize, sessionTimeout, toApplicationProtocolConfig, toPrivateKey, toPrivateKey, toPrivateKey, toPrivateKeyInternal, toX509Certificates, toX509Certificates, toX509CertificatesInternal
-
Field Details
-
logger
-
PROTOCOL
- See Also:
-
DEFAULT_PROTOCOLS
-
DEFAULT_CIPHERS
-
DEFAULT_CIPHERS_NON_TLSV13
-
SUPPORTED_CIPHERS
-
SUPPORTED_CIPHERS_NON_TLSV13
-
DEFAULT_PROVIDER
-
protocols
-
cipherSuites
-
unmodifiableCipherSuites
-
apn
-
clientAuth
-
sslContext
-
isClient
private final boolean isClient -
endpointIdentificationAlgorithm
-
-
Constructor Details
-
JdkSslContext
Deprecated.Creates a newJdkSslContextfrom a pre-configuredSSLContext.- Parameters:
sslContext- theSSLContextto use.isClient-trueif this context should createSSLEngines for client-side usage.clientAuth- theClientAuthto use. This will only be used when isfalse.
-
JdkSslContext
@Deprecated public JdkSslContext(SSLContext sslContext, boolean isClient, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, ClientAuth clientAuth) Deprecated.Creates a newJdkSslContextfrom a pre-configuredSSLContext.- Parameters:
sslContext- theSSLContextto use.isClient-trueif this context should createSSLEngines for client-side usage.ciphers- the ciphers to use ornullif the standard should be used.cipherFilter- the filter to use.apn- theApplicationProtocolConfigto use.clientAuth- theClientAuthto use. This will only be used when isfalse.
-
JdkSslContext
public JdkSslContext(SSLContext sslContext, boolean isClient, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, ClientAuth clientAuth, String[] protocols, boolean startTls) Creates a newJdkSslContextfrom a pre-configuredSSLContext.- Parameters:
sslContext- theSSLContextto use.isClient-trueif this context should createSSLEngines for client-side usage.ciphers- the ciphers to use ornullif the standard should be used.cipherFilter- the filter to use.apn- theApplicationProtocolConfigto use.clientAuth- theClientAuthto use. This will only be used when isfalse.protocols- the protocols to enable, ornullto enable the default protocols.startTls-trueif the first write request shouldn't be encrypted
-
JdkSslContext
JdkSslContext(SSLContext sslContext, boolean isClient, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, JdkApplicationProtocolNegotiator apn, ClientAuth clientAuth, String[] protocols, boolean startTls) -
JdkSslContext
JdkSslContext(SSLContext sslContext, boolean isClient, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, JdkApplicationProtocolNegotiator apn, ClientAuth clientAuth, String[] protocols, boolean startTls, String endpointIdentificationAlgorithm, ResumptionController resumptionController)
-
-
Method Details
-
defaultProtocols
-
supportedCiphers
-
defaultCiphers
-
isTlsV13Supported
-
context
Returns the JDKSSLContextobject held by this context. -
isClient
public final boolean isClient()Description copied from class:SslContextReturns thetrueif and only if this context is for client-side.- Specified by:
isClientin classSslContext
-
sessionContext
Returns the JDKSSLSessionContextobject held by this context.- Specified by:
sessionContextin classSslContext
-
cipherSuites
Description copied from class:SslContextReturns the list of enabled cipher suites, in the order of preference.- Specified by:
cipherSuitesin classSslContext
-
newEngine
Description copied from class:SslContextCreates a newSSLEngine.If
SslProvider.OPENSSL_REFCNTis used then the object must be released. One way to do this is to wrap in aSslHandlerand insert it into a pipeline. SeeSslContext.newHandler(ByteBufAllocator).- Specified by:
newEnginein classSslContext- Returns:
- a new
SSLEngine
-
newEngine
Description copied from class:SslContextCreates a newSSLEngineusing advisory peer information.If
SslProvider.OPENSSL_REFCNTis used then the object must be released. One way to do this is to wrap in aSslHandlerand insert it into a pipeline. SeeSslContext.newHandler(ByteBufAllocator, String, int).- Specified by:
newEnginein classSslContext- Parameters:
peerHost- the non-authoritative name of the hostpeerPort- the non-authoritative port- Returns:
- a new
SSLEngine
-
configureAndWrapEngine
-
configureEndpointVerification
-
applicationProtocolNegotiator
Description copied from class:SslContextReturns the object responsible for negotiating application layer protocols for the TLS NPN/ALPN extensions.- Specified by:
applicationProtocolNegotiatorin classSslContext
-
toNegotiator
static JdkApplicationProtocolNegotiator toNegotiator(ApplicationProtocolConfig config, boolean isServer) Translate aApplicationProtocolConfigobject to aJdkApplicationProtocolNegotiatorobject.- Parameters:
config- The configuration which defines the translationisServer-trueif a serverfalseotherwise.- Returns:
- The results of the translation
-
buildKeyManagerFactory
static KeyManagerFactory buildKeyManagerFactory(File certChainFile, File keyFile, String keyPassword, KeyManagerFactory kmf, String keyStore) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, CertificateException, KeyException, IOException Build aKeyManagerFactorybased upon a key file, key file password, and a certificate chain.- Parameters:
certChainFile- an X.509 certificate chain file in PEM formatkeyFile- a PKCS#8 private key file in PEM formatkeyPassword- the password of thekeyFile.nullif it's not password-protected.kmf- The existingKeyManagerFactorythat will be used if notnullkeyStore- theKeyStorethat should be used in theKeyManagerFactory- Returns:
- A
KeyManagerFactorybased upon a key file, key file password, and a certificate chain. - Throws:
UnrecoverableKeyExceptionKeyStoreExceptionNoSuchAlgorithmExceptionNoSuchPaddingExceptionInvalidKeySpecExceptionInvalidAlgorithmParameterExceptionCertificateExceptionKeyExceptionIOException
-
buildKeyManagerFactory
@Deprecated protected static KeyManagerFactory buildKeyManagerFactory(File certChainFile, File keyFile, String keyPassword, KeyManagerFactory kmf) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, CertificateException, KeyException, IOException Deprecated.will be removed.Build aKeyManagerFactorybased upon a key file, key file password, and a certificate chain.- Parameters:
certChainFile- an X.509 certificate chain file in PEM formatkeyFile- a PKCS#8 private key file in PEM formatkeyPassword- the password of thekeyFile.nullif it's not password-protected.kmf- The existingKeyManagerFactorythat will be used if notnull- Returns:
- A
KeyManagerFactorybased upon a key file, key file password, and a certificate chain. - Throws:
UnrecoverableKeyExceptionKeyStoreExceptionNoSuchAlgorithmExceptionNoSuchPaddingExceptionInvalidKeySpecExceptionInvalidAlgorithmParameterExceptionCertificateExceptionKeyExceptionIOException
-
buildKeyManagerFactory
static KeyManagerFactory buildKeyManagerFactory(File certChainFile, String keyAlgorithm, File keyFile, String keyPassword, KeyManagerFactory kmf, String keyStore) throws KeyStoreException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, IOException, CertificateException, KeyException, UnrecoverableKeyException Build aKeyManagerFactorybased upon a key algorithm, key file, key file password, and a certificate chain.- Parameters:
certChainFile- an X.509 certificate chain file in PEM formatkeyAlgorithm- the standard name of the requested algorithm. See the Java Secure Socket Extension Reference Guide for information about standard algorithm names.keyFile- a PKCS#8 private key file in PEM formatkeyPassword- the password of thekeyFile.nullif it's not password-protected.kmf- The existingKeyManagerFactorythat will be used if notnullkeyStore- theKeyStorethat should be used in theKeyManagerFactory- Returns:
- A
KeyManagerFactorybased upon a key algorithm, key file, key file password, and a certificate chain. - Throws:
KeyStoreExceptionNoSuchAlgorithmExceptionNoSuchPaddingExceptionInvalidKeySpecExceptionInvalidAlgorithmParameterExceptionIOExceptionCertificateExceptionKeyExceptionUnrecoverableKeyException
-
buildKeyManagerFactory
@Deprecated protected static KeyManagerFactory buildKeyManagerFactory(File certChainFile, String keyAlgorithm, File keyFile, String keyPassword, KeyManagerFactory kmf) throws KeyStoreException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, IOException, CertificateException, KeyException, UnrecoverableKeyException Deprecated.will be removed.Build aKeyManagerFactorybased upon a key algorithm, key file, key file password, and a certificate chain.- Parameters:
certChainFile- an buildKeyManagerFactory X.509 certificate chain file in PEM formatkeyAlgorithm- the standard name of the requested algorithm. See the Java Secure Socket Extension Reference Guide for information about standard algorithm names.keyFile- a PKCS#8 private key file in PEM formatkeyPassword- the password of thekeyFile.nullif it's not password-protected.kmf- The existingKeyManagerFactorythat will be used if notnull- Returns:
- A
KeyManagerFactorybased upon a key algorithm, key file, key file password, and a certificate chain. - Throws:
KeyStoreExceptionNoSuchAlgorithmExceptionNoSuchPaddingExceptionInvalidKeySpecExceptionInvalidAlgorithmParameterExceptionIOExceptionCertificateExceptionKeyExceptionUnrecoverableKeyException
-
JdkSslContext(SSLContext, boolean, Iterable, CipherSuiteFilter, ApplicationProtocolConfig, ClientAuth, String[], boolean)