Package org.jboss.netty.handler.ssl

Class SslContext

    • Method Detail

      • defaultServerProvider

        public static SslProvider defaultServerProvider()
        Returns the default server-side implementation provider currently in use.
        Returns:
        SslProvider.OPENSSL if OpenSSL is available. SslProvider.JDK otherwise.

      • defaultClientProvider

        public static SslProvider defaultClientProvider()
        Returns the default client-side implementation provider currently in use.
        Returns:
        SslProvider.JDK, because it is the only implementation at the moment

      • newServerContext

        public static SslContext newServerContext​(File certChainFile,
                                          File keyFile)
                                   throws SSLException
        Creates a new server-side SslContext.
        Parameters:
        certChainFile - an X.509 certificate chain file in PEM format
        keyFile - a PKCS#8 private key file in PEM format
        Returns:
        a new server-side SslContext
        Throws:
        SSLException

      • newServerContext

        public static SslContext newServerContext​(File certChainFile,
                                          File keyFile,
                                          String keyPassword)
                                   throws SSLException
        Creates a new server-side SslContext.
        Parameters:
        certChainFile - an X.509 certificate chain file in PEM format
        keyFile - a PKCS#8 private key file in PEM format
        keyPassword - the password of the keyFile. null if it's not password-protected.
        Returns:
        a new server-side SslContext
        Throws:
        SSLException

      • newServerContext

        public static SslContext newServerContext​(SslBufferPool bufPool,
                                          File certChainFile,
                                          File keyFile,
                                          String keyPassword,
                                          Iterable<String> ciphers,
                                          Iterable<String> nextProtocols,
                                          long sessionCacheSize,
                                          long sessionTimeout)
                                   throws SSLException
        Creates a new server-side SslContext.
        Parameters:
        bufPool - the buffer pool which will be used by the returned SslContext. null to use the default buffer pool.
        certChainFile - an X.509 certificate chain file in PEM format
        keyFile - a PKCS#8 private key file in PEM format
        keyPassword - the password of the keyFile. null if it's not password-protected.
        ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.
        nextProtocols - the application layer protocols to accept, in the order of preference. null to disable TLS NPN/ALPN extension.
        sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.
        sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.
        Returns:
        a new server-side SslContext
        Throws:
        SSLException

      • newServerContext

        public static SslContext newServerContext​(SslProvider provider,
                                          File certChainFile,
                                          File keyFile)
                                   throws SSLException
        Creates a new server-side SslContext.
        Parameters:
        provider - the SslContext implementation to use. null to use the current default one.
        certChainFile - an X.509 certificate chain file in PEM format
        keyFile - a PKCS#8 private key file in PEM format
        Returns:
        a new server-side SslContext
        Throws:
        SSLException

      • newServerContext

        public static SslContext newServerContext​(SslProvider provider,
                                          File certChainFile,
                                          File keyFile,
                                          String keyPassword)
                                   throws SSLException
        Creates a new server-side SslContext.
        Parameters:
        provider - the SslContext implementation to use. null to use the current default one.
        certChainFile - an X.509 certificate chain file in PEM format
        keyFile - a PKCS#8 private key file in PEM format
        keyPassword - the password of the keyFile. null if it's not password-protected.
        Returns:
        a new server-side SslContext
        Throws:
        SSLException

      • newServerContext

        public static SslContext newServerContext​(SslProvider provider,
                                          SslBufferPool bufPool,
                                          File certChainFile,
                                          File keyFile,
                                          String keyPassword,
                                          Iterable<String> ciphers,
                                          Iterable<String> nextProtocols,
                                          long sessionCacheSize,
                                          long sessionTimeout)
                                   throws SSLException
        Creates a new server-side SslContext.
        Parameters:
        provider - the SslContext implementation to use. null to use the current default one.
        bufPool - the buffer pool which will be used by the returned SslContext. null to use the default buffer pool.
        certChainFile - an X.509 certificate chain file in PEM format
        keyFile - a PKCS#8 private key file in PEM format
        keyPassword - the password of the keyFile. null if it's not password-protected.
        ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.
        nextProtocols - the application layer protocols to accept, in the order of preference. null to disable TLS NPN/ALPN extension.
        sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.
        sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.
        Returns:
        a new server-side SslContext
        Throws:
        SSLException

      • newClientContext

        public static SslContext newClientContext​(SslBufferPool bufPool,
                                          File certChainFile,
                                          TrustManagerFactory trustManagerFactory,
                                          Iterable<String> ciphers,
                                          Iterable<String> nextProtocols,
                                          long sessionCacheSize,
                                          long sessionTimeout)
                                   throws SSLException
        Creates a new client-side SslContext.
        Parameters:
        bufPool - the buffer pool which will be used by the returned SslContext. null to use the default buffer pool.
        certChainFile - an X.509 certificate chain file in PEM format. null to use the system default
        trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default.
        ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.
        nextProtocols - the application layer protocols to accept, in the order of preference. null to disable TLS NPN/ALPN extension.
        sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.
        sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.
        Returns:
        a new client-side SslContext
        Throws:
        SSLException

      • newClientContext

        public static SslContext newClientContext​(SslProvider provider,
                                          File certChainFile)
                                   throws SSLException
        Creates a new client-side SslContext.
        Parameters:
        provider - the SslContext implementation to use. null to use the current default one.
        certChainFile - an X.509 certificate chain file in PEM format. null to use the system default
        Returns:
        a new client-side SslContext
        Throws:
        SSLException

      • newClientContext

        public static SslContext newClientContext​(SslProvider provider,
                                          SslBufferPool bufPool,
                                          File certChainFile,
                                          TrustManagerFactory trustManagerFactory,
                                          Iterable<String> ciphers,
                                          Iterable<String> nextProtocols,
                                          long sessionCacheSize,
                                          long sessionTimeout)
                                   throws SSLException
        Creates a new client-side SslContext.
        Parameters:
        provider - the SslContext implementation to use. null to use the current default one.
        bufPool - the buffer pool which will be used by the returned SslContext. null to use the default buffer pool.
        certChainFile - an X.509 certificate chain file in PEM format. null to use the system default
        trustManagerFactory - the TrustManagerFactory that provides the TrustManagers that verifies the certificates sent from servers. null to use the default.
        ciphers - the cipher suites to enable, in the order of preference. null to use the default cipher suites.
        nextProtocols - the application layer protocols to accept, in the order of preference. null to disable TLS NPN/ALPN extension.
        sessionCacheSize - the size of the cache used for storing SSL session objects. 0 to use the default value.
        sessionTimeout - the timeout for the cached SSL session objects, in seconds. 0 to use the default value.
        Returns:
        a new client-side SslContext
        Throws:
        SSLException

      • isServer

        public final boolean isServer()
        Returns true if and only if this context is for server-side.

      • isClient

        public abstract boolean isClient()
        Returns the true if and only if this context is for client-side.

      • cipherSuites

        public abstract List<String> cipherSuites()
        Returns the list of enabled cipher suites, in the order of preference.

      • sessionCacheSize

        public abstract long sessionCacheSize()
        Returns the size of the cache used for storing SSL session objects.

      • sessionTimeout

        public abstract long sessionTimeout()
        Returns the timeout for the cached SSL session objects, in seconds.

      • nextProtocols

        public abstract List<String> nextProtocols()
        Returns the list of application layer protocols for the TLS NPN/ALPN extension, in the order of preference.
        Returns:
        the list of application layer protocols. null if NPN/ALPN extension has been disabled.

      • newEngine

        public abstract SSLEngine newEngine​(String peerHost,
                                    int peerPort)
        Creates a new SSLEngine using advisory peer information.
        Parameters:
        peerHost - the non-authoritative name of the host
        peerPort - the non-authoritative port
        Returns:
        a new SSLEngine

      • newHandler

        public final SslHandler newHandler​(String peerHost,
                                   int peerPort)
        Creates a new SslHandler with advisory peer information.
        Parameters:
        peerHost - the non-authoritative name of the host
        peerPort - the non-authoritative port
        Returns:
        a new SslHandler