Package org.jboss.netty.handler.ssl

Class SslContext

java.lang.Object
org.jboss.netty.handler.ssl.SslContext
Direct Known Subclasses:
JdkSslContext, OpenSslServerContext
public abstract class SslContext extends Object
A secure socket protocol implementation which acts as a factory for SSLEngine and SslHandler. Internally, it is implemented via JDK's SSLContext or OpenSSL's SSL_CTX.

Making your server support SSL/TLS

 // In your ChannelPipelineFactory:
 ChannelPipeline p = Channels.pipeline();
 SslContext sslCtx = SslContext.newServerContext(...);
 p.addLast("ssl", sslCtx.newEngine());
 ...

Making your client support SSL/TLS

 // In your ChannelPipelineFactory:
 ChannelPipeline p = Channels.pipeline();
 SslContext sslCtx = SslContext.newClientContext(...);
 p.addLast("ssl", sslCtx.newEngine(host, port));
 ...

  • Field Details

  • Constructor Details

  • Method Details

    • defaultServerProvider

      public static SslProvider defaultServerProvider()
      Returns the default server-side implementation provider currently in use.
      Returns:
      SslProvider.OPENSSL if OpenSSL is available. SslProvider.JDK otherwise.

    • defaultClientProvider

      public static SslProvider defaultClientProvider()
      Returns the default client-side implementation provider currently in use.
      Returns:
      SslProvider.JDK, because it is the only implementation at the moment

    • newServerContext

      public static SslContext newServerContext(File certChainFile, File keyFile) throws SSLException
      Creates a new server-side SslContext.
      Parameters:
      certChainFile - an X.509 certificate chain file in PEM format
      keyFile - a PKCS#8 private key file in PEM format
      Returns:
      a new server-side SslContext
      Throws:
      SSLException

    • newServerContext

      public static SslContext newServerContext(File certChainFile, File keyFile, String keyPassword) throws SSLException
      Creates a new server-side SslContext.
      Parameters:
      certChainFile - an X.509 certificate chain file in PEM format
      keyFile - a PKCS#8 private key file in PEM format
      keyPassword - the password of the keyFile. null if it's not password-protected.
      Returns:
      a new server-side SslContext
      Throws:
      SSLException

    • newServerContext

      public static SslContext newServerContext(SslBufferPool bufPool, File certChainFile, File keyFile, String keyPassword, Iterable<String> ciphers, Iterable<String> nextProtocols, long sessionCacheSize, long sessionTimeout) throws SSLException
      Creates a new server-side SslContext.
      Parameters:
      bufPool - the buffer pool which will be used by the returned SslContext. null to use the default buffer pool.
      certChainFile - an X.509 certificate chain file in PEM format
      keyFile - a PKCS#8 private key file in PEM format
      keyPassword - the password of the keyFile. null if it's not password-protected.
      ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.
      nextProtocols - the application layer protocols to accept, in the order of preference. null to disable TLS NPN/ALPN extension.
      sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.
      sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.
      Returns:
      a new server-side SslContext
      Throws:
      SSLException

    • newServerContext

      public static SslContext newServerContext(SslProvider provider, File certChainFile, File keyFile) throws SSLException
      Creates a new server-side SslContext.
      Parameters:
      provider - the SslContext implementation to use. null to use the current default one.
      certChainFile - an X.509 certificate chain file in PEM format
      keyFile - a PKCS#8 private key file in PEM format
      Returns:
      a new server-side SslContext
      Throws:
      SSLException

    • newServerContext

      public static SslContext newServerContext(SslProvider provider, File certChainFile, File keyFile, String keyPassword) throws SSLException
      Creates a new server-side SslContext.
      Parameters:
      provider - the SslContext implementation to use. null to use the current default one.
      certChainFile - an X.509 certificate chain file in PEM format
      keyFile - a PKCS#8 private key file in PEM format
      keyPassword - the password of the keyFile. null if it's not password-protected.
      Returns:
      a new server-side SslContext
      Throws:
      SSLException

    • newServerContext

      public static SslContext newServerContext(SslProvider provider, SslBufferPool bufPool, File certChainFile, File keyFile, String keyPassword, Iterable<String> ciphers, Iterable<String> nextProtocols, long sessionCacheSize, long sessionTimeout) throws SSLException
      Creates a new server-side SslContext.
      Parameters:
      provider - the SslContext implementation to use. null to use the current default one.
      bufPool - the buffer pool which will be used by the returned SslContext. null to use the default buffer pool.
      certChainFile - an X.509 certificate chain file in PEM format
      keyFile - a PKCS#8 private key file in PEM format
      keyPassword - the password of the keyFile. null if it's not password-protected.
      ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.
      nextProtocols - the application layer protocols to accept, in the order of preference. null to disable TLS NPN/ALPN extension.
      sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.
      sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.
      Returns:
      a new server-side SslContext
      Throws:
      SSLException

    • newClientContext

      public static SslContext newClientContext() throws SSLException
      Creates a new client-side SslContext.
      Returns:
      a new client-side SslContext
      Throws:
      SSLException

    • newClientContext

      public static SslContext newClientContext(File certChainFile) throws SSLException
      Creates a new client-side SslContext.
      Parameters:
      certChainFile - an X.509 certificate chain file in PEM format
      Returns:
      a new client-side SslContext
      Throws:
      SSLException

    • newClientContext

      public static SslContext newClientContext(TrustManagerFactory trustManagerFactory) throws SSLException
      Creates a new client-side SslContext.
      Parameters:
      trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default.
      Returns:
      a new client-side SslContext
      Throws:
      SSLException

    • newClientContext

      public static SslContext newClientContext(File certChainFile, TrustManagerFactory trustManagerFactory) throws SSLException
      Creates a new client-side SslContext.
      Parameters:
      certChainFile - an X.509 certificate chain file in PEM format. null to use the system default
      trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default.
      Returns:
      a new client-side SslContext
      Throws:
      SSLException

    • newClientContext

      public static SslContext newClientContext(SslBufferPool bufPool, File certChainFile, TrustManagerFactory trustManagerFactory, Iterable<String> ciphers, Iterable<String> nextProtocols, long sessionCacheSize, long sessionTimeout) throws SSLException
      Creates a new client-side SslContext.
      Parameters:
      bufPool - the buffer pool which will be used by the returned SslContext. null to use the default buffer pool.
      certChainFile - an X.509 certificate chain file in PEM format. null to use the system default
      trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default.
      ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.
      nextProtocols - the application layer protocols to accept, in the order of preference. null to disable TLS NPN/ALPN extension.
      sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.
      sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.
      Returns:
      a new client-side SslContext
      Throws:
      SSLException

    • newClientContext

      public static SslContext newClientContext(SslProvider provider) throws SSLException
      Creates a new client-side SslContext.
      Parameters:
      provider - the SslContext implementation to use. null to use the current default one.
      Returns:
      a new client-side SslContext
      Throws:
      SSLException

    • newClientContext

      public static SslContext newClientContext(SslProvider provider, File certChainFile) throws SSLException
      Creates a new client-side SslContext.
      Parameters:
      provider - the SslContext implementation to use. null to use the current default one.
      certChainFile - an X.509 certificate chain file in PEM format. null to use the system default
      Returns:
      a new client-side SslContext
      Throws:
      SSLException

    • newClientContext

      public static SslContext newClientContext(SslProvider provider, TrustManagerFactory trustManagerFactory) throws SSLException
      Creates a new client-side SslContext.
      Parameters:
      provider - the SslContext implementation to use. null to use the current default one.
      trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default.
      Returns:
      a new client-side SslContext
      Throws:
      SSLException

    • newClientContext

      public static SslContext newClientContext(SslProvider provider, File certChainFile, TrustManagerFactory trustManagerFactory) throws SSLException
      Creates a new client-side SslContext.
      Parameters:
      provider - the SslContext implementation to use. null to use the current default one.
      certChainFile - an X.509 certificate chain file in PEM format. null to use the system default
      trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default.
      Returns:
      a new client-side SslContext
      Throws:
      SSLException

    • newClientContext

      public static SslContext newClientContext(SslProvider provider, SslBufferPool bufPool, File certChainFile, TrustManagerFactory trustManagerFactory, Iterable<String> ciphers, Iterable<String> nextProtocols, long sessionCacheSize, long sessionTimeout) throws SSLException
      Creates a new client-side SslContext.
      Parameters:
      provider - the SslContext implementation to use. null to use the current default one.
      bufPool - the buffer pool which will be used by the returned SslContext. null to use the default buffer pool.
      certChainFile - an X.509 certificate chain file in PEM format. null to use the system default
      trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default.
      ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.
      nextProtocols - the application layer protocols to accept, in the order of preference. null to disable TLS NPN/ALPN extension.
      sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.
      sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.
      Returns:
      a new client-side SslContext
      Throws:
      SSLException

    • newBufferPool

      SslBufferPool newBufferPool()

    • isServer

      public final boolean isServer()
      Returns true if and only if this context is for server-side.

    • bufferPool

      public final SslBufferPool bufferPool()
      Returns the SslBufferPool used by the SSLEngine and SslHandler created by this context.

    • isClient

      public abstract boolean isClient()
      Returns the true if and only if this context is for client-side.

    • cipherSuites

      public abstract List<String> cipherSuites()
      Returns the list of enabled cipher suites, in the order of preference.

    • sessionCacheSize

      public abstract long sessionCacheSize()
      Returns the size of the cache used for storing SSL session objects.

    • sessionTimeout

      public abstract long sessionTimeout()
      Returns the timeout for the cached SSL session objects, in seconds.

    • nextProtocols

      public abstract List<String> nextProtocols()
      Returns the list of application layer protocols for the TLS NPN/ALPN extension, in the order of preference.
      Returns:
      the list of application layer protocols. null if NPN/ALPN extension has been disabled.

    • newEngine

      public abstract SSLEngine newEngine()
      Creates a new SSLEngine.
      Returns:
      a new SSLEngine

    • newEngine

      public abstract SSLEngine newEngine(String peerHost, int peerPort)
      Creates a new SSLEngine using advisory peer information.
      Parameters:
      peerHost - the non-authoritative name of the host
      peerPort - the non-authoritative port
      Returns:
      a new SSLEngine

    • newHandler

      public final SslHandler newHandler()
      Creates a new SslHandler.
      Returns:
      a new SslHandler

    • newHandler

      public final SslHandler newHandler(String peerHost, int peerPort)
      Creates a new SslHandler with advisory peer information.
      Parameters:
      peerHost - the non-authoritative name of the host
      peerPort - the non-authoritative port
      Returns:
      a new SslHandler

    • newHandler

      private SslHandler newHandler(SSLEngine engine)