Package io.netty.handler.ssl
Class JdkSslContext
java.lang.Object
io.netty.handler.ssl.SslContext
io.netty.handler.ssl.JdkSslContext
- Direct Known Subclasses:
JdkSslClientContext
,JdkSslServerContext
An
SslContext
which uses JDK's SSL/TLS implementation.-
Nested Class Summary
Nested Classes -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate final JdkApplicationProtocolNegotiator
private final String[]
private final ClientAuth
private static final String[]
private static final Provider
private final boolean
private static final InternalLogger
(package private) static final String
private final String[]
private final SSLContext
Fields inherited from class io.netty.handler.ssl.SslContext
ALIAS, X509_CERT_FACTORY
-
Constructor Summary
ConstructorsConstructorDescriptionJdkSslContext
(SSLContext sslContext, boolean isClient, ClientAuth clientAuth) Deprecated.JdkSslContext
(SSLContext sslContext, boolean isClient, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, ClientAuth clientAuth) JdkSslContext
(SSLContext sslContext, boolean isClient, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, ClientAuth clientAuth, String[] protocols, boolean startTls) Creates a newJdkSslContext
from a pre-configuredSSLContext
.JdkSslContext
(SSLContext sslContext, boolean isClient, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, JdkApplicationProtocolNegotiator apn, ClientAuth clientAuth, String[] protocols, boolean startTls) -
Method Summary
Modifier and TypeMethodDescriptionReturns the object responsible for negotiating application layer protocols for the TLS NPN/ALPN extensions.protected static KeyManagerFactory
buildKeyManagerFactory
(File certChainFile, File keyFile, String keyPassword, KeyManagerFactory kmf) Deprecated.will be removed.(package private) static KeyManagerFactory
buildKeyManagerFactory
(File certChainFile, File keyFile, String keyPassword, KeyManagerFactory kmf, String keyStore) Build aKeyManagerFactory
based upon a key file, key file password, and a certificate chain.protected static KeyManagerFactory
buildKeyManagerFactory
(File certChainFile, String keyAlgorithm, File keyFile, String keyPassword, KeyManagerFactory kmf) Deprecated.will be removed.(package private) static KeyManagerFactory
buildKeyManagerFactory
(File certChainFile, String keyAlgorithm, File keyFile, String keyPassword, KeyManagerFactory kmf, String keyStore) Build aKeyManagerFactory
based upon a key algorithm, key file, key file password, and a certificate chain.Returns the list of enabled cipher suites, in the order of preference.private SSLEngine
configureAndWrapEngine
(SSLEngine engine, ByteBufAllocator alloc) final SSLContext
context()
Returns the JDKSSLContext
object held by this context.defaultCiphers
(SSLEngine engine, Set<String> supportedCiphers) private static String[]
defaultProtocols
(SSLContext context, SSLEngine engine) final boolean
isClient()
Returns thetrue
if and only if this context is for client-side.private static boolean
isTlsV13Supported
(String[] protocols) final SSLEngine
newEngine
(ByteBufAllocator alloc) Creates a newSSLEngine
.final SSLEngine
newEngine
(ByteBufAllocator alloc, String peerHost, int peerPort) Creates a newSSLEngine
using advisory peer information.final SSLSessionContext
Returns the JDKSSLSessionContext
object held by this context.supportedCiphers
(SSLEngine engine) (package private) static JdkApplicationProtocolNegotiator
toNegotiator
(ApplicationProtocolConfig config, boolean isServer) Translate aApplicationProtocolConfig
object to aJdkApplicationProtocolNegotiator
object.Methods inherited from class io.netty.handler.ssl.SslContext
attributes, buildKeyManagerFactory, buildKeyManagerFactory, buildKeyStore, buildTrustManagerFactory, buildTrustManagerFactory, buildTrustManagerFactory, defaultClientProvider, defaultServerProvider, generateKeySpec, isServer, keyStorePassword, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContextInternal, newHandler, newHandler, newHandler, newHandler, newHandler, newHandler, newHandler, newHandler, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContextInternal, nextProtocols, sessionCacheSize, sessionTimeout, toApplicationProtocolConfig, toPrivateKey, toPrivateKey, toPrivateKey, toPrivateKeyInternal, toX509Certificates, toX509Certificates, toX509CertificatesInternal
-
Field Details
-
logger
-
PROTOCOL
- See Also:
-
DEFAULT_PROTOCOLS
-
DEFAULT_CIPHERS
-
DEFAULT_CIPHERS_NON_TLSV13
-
SUPPORTED_CIPHERS
-
SUPPORTED_CIPHERS_NON_TLSV13
-
DEFAULT_PROVIDER
-
protocols
-
cipherSuites
-
unmodifiableCipherSuites
-
apn
-
clientAuth
-
sslContext
-
isClient
private final boolean isClient
-
-
Constructor Details
-
JdkSslContext
Deprecated.Creates a newJdkSslContext
from a pre-configuredSSLContext
.- Parameters:
sslContext
- theSSLContext
to use.isClient
-true
if this context should createSSLEngine
s for client-side usage.clientAuth
- theClientAuth
to use. This will only be used when isfalse
.
-
JdkSslContext
@Deprecated public JdkSslContext(SSLContext sslContext, boolean isClient, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, ClientAuth clientAuth) Deprecated.Creates a newJdkSslContext
from a pre-configuredSSLContext
.- Parameters:
sslContext
- theSSLContext
to use.isClient
-true
if this context should createSSLEngine
s for client-side usage.ciphers
- the ciphers to use ornull
if the standard should be used.cipherFilter
- the filter to use.apn
- theApplicationProtocolConfig
to use.clientAuth
- theClientAuth
to use. This will only be used when isfalse
.
-
JdkSslContext
public JdkSslContext(SSLContext sslContext, boolean isClient, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, ClientAuth clientAuth, String[] protocols, boolean startTls) Creates a newJdkSslContext
from a pre-configuredSSLContext
.- Parameters:
sslContext
- theSSLContext
to use.isClient
-true
if this context should createSSLEngine
s for client-side usage.ciphers
- the ciphers to use ornull
if the standard should be used.cipherFilter
- the filter to use.apn
- theApplicationProtocolConfig
to use.clientAuth
- theClientAuth
to use. This will only be used when isfalse
.protocols
- the protocols to enable, ornull
to enable the default protocols.startTls
-true
if the first write request shouldn't be encrypted
-
JdkSslContext
JdkSslContext(SSLContext sslContext, boolean isClient, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, JdkApplicationProtocolNegotiator apn, ClientAuth clientAuth, String[] protocols, boolean startTls)
-
-
Method Details
-
defaultProtocols
-
supportedCiphers
-
defaultCiphers
-
isTlsV13Supported
-
context
Returns the JDKSSLContext
object held by this context. -
isClient
public final boolean isClient()Description copied from class:SslContext
Returns thetrue
if and only if this context is for client-side.- Specified by:
isClient
in classSslContext
-
sessionContext
Returns the JDKSSLSessionContext
object held by this context.- Specified by:
sessionContext
in classSslContext
-
cipherSuites
Description copied from class:SslContext
Returns the list of enabled cipher suites, in the order of preference.- Specified by:
cipherSuites
in classSslContext
-
newEngine
Description copied from class:SslContext
Creates a newSSLEngine
.If
SslProvider.OPENSSL_REFCNT
is used then the object must be released. One way to do this is to wrap in aSslHandler
and insert it into a pipeline. SeeSslContext.newHandler(ByteBufAllocator)
.- Specified by:
newEngine
in classSslContext
- Returns:
- a new
SSLEngine
-
newEngine
Description copied from class:SslContext
Creates a newSSLEngine
using advisory peer information.If
SslProvider.OPENSSL_REFCNT
is used then the object must be released. One way to do this is to wrap in aSslHandler
and insert it into a pipeline. SeeSslContext.newHandler(ByteBufAllocator, String, int)
.- Specified by:
newEngine
in classSslContext
- Parameters:
peerHost
- the non-authoritative name of the hostpeerPort
- the non-authoritative port- Returns:
- a new
SSLEngine
-
configureAndWrapEngine
-
applicationProtocolNegotiator
Description copied from class:SslContext
Returns the object responsible for negotiating application layer protocols for the TLS NPN/ALPN extensions.- Specified by:
applicationProtocolNegotiator
in classSslContext
-
toNegotiator
static JdkApplicationProtocolNegotiator toNegotiator(ApplicationProtocolConfig config, boolean isServer) Translate aApplicationProtocolConfig
object to aJdkApplicationProtocolNegotiator
object.- Parameters:
config
- The configuration which defines the translationisServer
-true
if a serverfalse
otherwise.- Returns:
- The results of the translation
-
buildKeyManagerFactory
static KeyManagerFactory buildKeyManagerFactory(File certChainFile, File keyFile, String keyPassword, KeyManagerFactory kmf, String keyStore) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, CertificateException, KeyException, IOException Build aKeyManagerFactory
based upon a key file, key file password, and a certificate chain.- Parameters:
certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of thekeyFile
.null
if it's not password-protected.kmf
- The existingKeyManagerFactory
that will be used if notnull
keyStore
- theKeyStore
that should be used in theKeyManagerFactory
- Returns:
- A
KeyManagerFactory
based upon a key file, key file password, and a certificate chain. - Throws:
UnrecoverableKeyException
KeyStoreException
NoSuchAlgorithmException
NoSuchPaddingException
InvalidKeySpecException
InvalidAlgorithmParameterException
CertificateException
KeyException
IOException
-
buildKeyManagerFactory
@Deprecated protected static KeyManagerFactory buildKeyManagerFactory(File certChainFile, File keyFile, String keyPassword, KeyManagerFactory kmf) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, CertificateException, KeyException, IOException Deprecated.will be removed.Build aKeyManagerFactory
based upon a key file, key file password, and a certificate chain.- Parameters:
certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of thekeyFile
.null
if it's not password-protected.kmf
- The existingKeyManagerFactory
that will be used if notnull
- Returns:
- A
KeyManagerFactory
based upon a key file, key file password, and a certificate chain. - Throws:
UnrecoverableKeyException
KeyStoreException
NoSuchAlgorithmException
NoSuchPaddingException
InvalidKeySpecException
InvalidAlgorithmParameterException
CertificateException
KeyException
IOException
-
buildKeyManagerFactory
static KeyManagerFactory buildKeyManagerFactory(File certChainFile, String keyAlgorithm, File keyFile, String keyPassword, KeyManagerFactory kmf, String keyStore) throws KeyStoreException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, IOException, CertificateException, KeyException, UnrecoverableKeyException Build aKeyManagerFactory
based upon a key algorithm, key file, key file password, and a certificate chain.- Parameters:
certChainFile
- an X.509 certificate chain file in PEM formatkeyAlgorithm
- the standard name of the requested algorithm. See the Java Secure Socket Extension Reference Guide for information about standard algorithm names.keyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of thekeyFile
.null
if it's not password-protected.kmf
- The existingKeyManagerFactory
that will be used if notnull
keyStore
- theKeyStore
that should be used in theKeyManagerFactory
- Returns:
- A
KeyManagerFactory
based upon a key algorithm, key file, key file password, and a certificate chain. - Throws:
KeyStoreException
NoSuchAlgorithmException
NoSuchPaddingException
InvalidKeySpecException
InvalidAlgorithmParameterException
IOException
CertificateException
KeyException
UnrecoverableKeyException
-
buildKeyManagerFactory
@Deprecated protected static KeyManagerFactory buildKeyManagerFactory(File certChainFile, String keyAlgorithm, File keyFile, String keyPassword, KeyManagerFactory kmf) throws KeyStoreException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, IOException, CertificateException, KeyException, UnrecoverableKeyException Deprecated.will be removed.Build aKeyManagerFactory
based upon a key algorithm, key file, key file password, and a certificate chain.- Parameters:
certChainFile
- an buildKeyManagerFactory X.509 certificate chain file in PEM formatkeyAlgorithm
- the standard name of the requested algorithm. See the Java Secure Socket Extension Reference Guide for information about standard algorithm names.keyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of thekeyFile
.null
if it's not password-protected.kmf
- The existingKeyManagerFactory
that will be used if notnull
- Returns:
- A
KeyManagerFactory
based upon a key algorithm, key file, key file password, and a certificate chain. - Throws:
KeyStoreException
NoSuchAlgorithmException
NoSuchPaddingException
InvalidKeySpecException
InvalidAlgorithmParameterException
IOException
CertificateException
KeyException
UnrecoverableKeyException
-
JdkSslContext(SSLContext, boolean, Iterable, CipherSuiteFilter, ApplicationProtocolConfig, ClientAuth, String[], boolean)