public class JdkSslContext extends SslContext
SslContext
which uses JDK's SSL/TLS implementation.Constructor and Description |
---|
JdkSslContext(SSLContext sslContext,
boolean isClient,
ClientAuth clientAuth)
Creates a new
JdkSslContext from a pre-configured SSLContext . |
JdkSslContext(SSLContext sslContext,
boolean isClient,
Iterable<String> ciphers,
CipherSuiteFilter cipherFilter,
ApplicationProtocolConfig apn,
ClientAuth clientAuth)
Creates a new
JdkSslContext from a pre-configured SSLContext . |
Modifier and Type | Method and Description |
---|---|
JdkApplicationProtocolNegotiator |
applicationProtocolNegotiator()
Returns the object responsible for negotiating application layer protocols for the TLS NPN/ALPN extensions.
|
protected static KeyManagerFactory |
buildKeyManagerFactory(File certChainFile,
File keyFile,
String keyPassword,
KeyManagerFactory kmf)
Deprecated.
will be removed.
|
protected static KeyManagerFactory |
buildKeyManagerFactory(File certChainFile,
String keyAlgorithm,
File keyFile,
String keyPassword,
KeyManagerFactory kmf)
Deprecated.
will be removed.
|
List<String> |
cipherSuites()
Returns the list of enabled cipher suites, in the order of preference.
|
SSLContext |
context()
Returns the JDK
SSLContext object held by this context. |
boolean |
isClient()
Returns the
true if and only if this context is for client-side. |
SSLEngine |
newEngine(ByteBufAllocator alloc)
Creates a new
SSLEngine . |
SSLEngine |
newEngine(ByteBufAllocator alloc,
String peerHost,
int peerPort)
Creates a new
SSLEngine using advisory peer information. |
long |
sessionCacheSize()
Returns the size of the cache used for storing SSL session objects.
|
SSLSessionContext |
sessionContext()
Returns the JDK
SSLSessionContext object held by this context. |
long |
sessionTimeout()
Returns the timeout for the cached SSL session objects, in seconds.
|
buildTrustManagerFactory, defaultClientProvider, defaultServerProvider, generateKeySpec, isServer, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newHandler, newHandler, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, nextProtocols
public JdkSslContext(SSLContext sslContext, boolean isClient, ClientAuth clientAuth)
JdkSslContext
from a pre-configured SSLContext
.sslContext
- the SSLContext
to use.isClient
- true
if this context should create SSLEngine
s for client-side usage.clientAuth
- the ClientAuth
to use. This will only be used when is false
.public JdkSslContext(SSLContext sslContext, boolean isClient, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, ClientAuth clientAuth)
JdkSslContext
from a pre-configured SSLContext
.sslContext
- the SSLContext
to use.isClient
- true
if this context should create SSLEngine
s for client-side usage.ciphers
- the ciphers to use or null
if the standard should be used.cipherFilter
- the filter to use.apn
- the ApplicationProtocolConfig
to use.clientAuth
- the ClientAuth
to use. This will only be used when is false
.public final SSLContext context()
SSLContext
object held by this context.public final boolean isClient()
SslContext
true
if and only if this context is for client-side.isClient
in class SslContext
public final SSLSessionContext sessionContext()
SSLSessionContext
object held by this context.sessionContext
in class SslContext
public final List<String> cipherSuites()
SslContext
cipherSuites
in class SslContext
public final long sessionCacheSize()
SslContext
sessionCacheSize
in class SslContext
public final long sessionTimeout()
SslContext
sessionTimeout
in class SslContext
public final SSLEngine newEngine(ByteBufAllocator alloc)
SslContext
SSLEngine
.
If SslProvider.OPENSSL_REFCNT
is used then the object must be released. One way to do this is to
wrap in a SslHandler
and insert it into a pipeline. See SslContext.newHandler(ByteBufAllocator)
.
newEngine
in class SslContext
SSLEngine
public final SSLEngine newEngine(ByteBufAllocator alloc, String peerHost, int peerPort)
SslContext
SSLEngine
using advisory peer information.
If SslProvider.OPENSSL_REFCNT
is used then the object must be released. One way to do this is to
wrap in a SslHandler
and insert it into a pipeline.
See SslContext.newHandler(ByteBufAllocator, String, int)
.
newEngine
in class SslContext
peerHost
- the non-authoritative name of the hostpeerPort
- the non-authoritative portSSLEngine
public final JdkApplicationProtocolNegotiator applicationProtocolNegotiator()
SslContext
applicationProtocolNegotiator
in class SslContext
@Deprecated protected static KeyManagerFactory buildKeyManagerFactory(File certChainFile, File keyFile, String keyPassword, KeyManagerFactory kmf) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, CertificateException, KeyException, IOException
KeyManagerFactory
based upon a key file, key file password, and a certificate chain.certChainFile
- a X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of the keyFile
.
null
if it's not password-protected.kmf
- The existing KeyManagerFactory
that will be used if not null
KeyManagerFactory
based upon a key file, key file password, and a certificate chain.UnrecoverableKeyException
KeyStoreException
NoSuchAlgorithmException
NoSuchPaddingException
InvalidKeySpecException
InvalidAlgorithmParameterException
CertificateException
KeyException
IOException
@Deprecated protected static KeyManagerFactory buildKeyManagerFactory(File certChainFile, String keyAlgorithm, File keyFile, String keyPassword, KeyManagerFactory kmf) throws KeyStoreException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, IOException, CertificateException, KeyException, UnrecoverableKeyException
KeyManagerFactory
based upon a key algorithm, key file, key file password,
and a certificate chain.certChainFile
- a X.509 certificate chain file in PEM formatkeyAlgorithm
- the standard name of the requested algorithm. See the Java Secure Socket Extension
Reference Guide for information about standard algorithm names.keyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of the keyFile
.
null
if it's not password-protected.kmf
- The existing KeyManagerFactory
that will be used if not null
KeyManagerFactory
based upon a key algorithm, key file, key file password,
and a certificate chain.KeyStoreException
NoSuchAlgorithmException
NoSuchPaddingException
InvalidKeySpecException
InvalidAlgorithmParameterException
IOException
CertificateException
KeyException
UnrecoverableKeyException
Copyright © 2008–2017 The Netty Project. All rights reserved.