io.servicetalk.transport.api

Interface ClientSecurityConfigurator

All Superinterfaces:

SecurityConfigurator

All Known Subinterfaces:

GrpcClientSecurityConfigurator<U,R>, PartitionedHttpClientSecurityConfigurator<U,R>, SingleAddressHttpClientSecurityConfigurator<U,R>

public interface ClientSecurityConfigurator
extends SecurityConfigurator

A SecurityConfigurator contract for clients.

Nested Class Summary

Nested classes/interfaces inherited from interface io.servicetalk.transport.api.SecurityConfigurator

SecurityConfigurator.SslProvider

Method Summary

Modifier and Type	Method and Description
ClientSecurityConfigurator	ciphers(java.lang.Iterable<java.lang.String> ciphers) The cipher suites to enable, in the order of preference.
ClientSecurityConfigurator	disableHostnameVerification() Disable verification of the server identity.
ClientSecurityConfigurator	hostnameVerification(java.lang.String hostNameVerificationHost) Set the host name used to verify the server identity.
ClientSecurityConfigurator	hostnameVerification(java.lang.String hostNameVerificationHost, int hostNameVerificationPort) Set the host name and port used to verify the server identity.
ClientSecurityConfigurator	hostnameVerification(java.lang.String hostNameVerificationAlgorithm, java.lang.String hostNameVerificationHost) Determines what algorithm to use for hostname verification.
ClientSecurityConfigurator	hostnameVerification(java.lang.String hostNameVerificationAlgorithm, java.lang.String hostNameVerificationHost, int hostNameVerificationPort) Determines what algorithm to use for hostname verification.
ClientSecurityConfigurator	hostnameVerificationAlgorithm(java.lang.String hostNameVerificationAlgorithm) Determines what algorithm to use for hostname verification.
ClientSecurityConfigurator	keyManager(javax.net.ssl.KeyManagerFactory keyManagerFactory) Identifying certificate for this host.
ClientSecurityConfigurator	keyManager(java.util.function.Supplier<java.io.InputStream> keyCertChainSupplier, java.util.function.Supplier<java.io.InputStream> keySupplier) Identifying certificate for this host.
ClientSecurityConfigurator	keyManager(java.util.function.Supplier<java.io.InputStream> keyCertChainSupplier, java.util.function.Supplier<java.io.InputStream> keySupplier, java.lang.String keyPassword) Identifying certificate for this host.
ClientSecurityConfigurator	protocols(java.lang.String... protocols) The SSL protocols to enable, in the order of preference.
ClientSecurityConfigurator	provider(SecurityConfigurator.SslProvider provider) Sets the SecurityConfigurator.SslProvider to use.
ClientSecurityConfigurator	sessionCacheSize(long sessionCacheSize) Set the size of the cache used for storing SSL session objects.
ClientSecurityConfigurator	sessionTimeout(long sessionTimeout) Set the timeout for the cached SSL session objects, in seconds.
ClientSecurityConfigurator	sniHostname(java.lang.String sniHostname) Set the SNI host name.
ClientSecurityConfigurator	trustManager(java.util.function.Supplier<java.io.InputStream> trustCertChainSupplier) Trusted certificates for verifying the remote endpoint's certificate.
ClientSecurityConfigurator	trustManager(javax.net.ssl.TrustManagerFactory trustManagerFactory) Trust manager for verifying the remote endpoint's certificate.

Method Detail

trustManager

ClientSecurityConfigurator trustManager(java.util.function.Supplier<java.io.InputStream> trustCertChainSupplier)

Description copied from interface: SecurityConfigurator

Trusted certificates for verifying the remote endpoint's certificate. The input stream should contain an X.509 certificate chain in PEM format.

Specified by:

trustManager in interface SecurityConfigurator

Parameters:

trustCertChainSupplier - a supplier for the certificate chain input stream.

The responsibility to call InputStream.close() is transferred to callers of the returned Supplier. If this is not the desired behavior then wrap the InputStream and override InputStream.close().

Returns:

this.

trustManager

ClientSecurityConfigurator trustManager(javax.net.ssl.TrustManagerFactory trustManagerFactory)

Description copied from interface: SecurityConfigurator

Trust manager for verifying the remote endpoint's certificate. The TrustManagerFactory which take preference over any configured Supplier.

Specified by:

trustManager in interface SecurityConfigurator

Parameters:

trustManagerFactory - the TrustManagerFactory to use.

Returns:

this.

protocols

ClientSecurityConfigurator protocols(java.lang.String... protocols)

Description copied from interface: SecurityConfigurator

The SSL protocols to enable, in the order of preference.

Specified by:

protocols in interface SecurityConfigurator

Parameters:

protocols - the protocols to use.

Returns:

this.

See Also:

SSLEngine.setEnabledProtocols(String[])

ciphers

ClientSecurityConfigurator ciphers(java.lang.Iterable<java.lang.String> ciphers)

Description copied from interface: SecurityConfigurator

The cipher suites to enable, in the order of preference.

Specified by:

ciphers in interface SecurityConfigurator

Parameters:

ciphers - the ciphers to use.

Returns:

this.

sessionCacheSize

ClientSecurityConfigurator sessionCacheSize(long sessionCacheSize)

Description copied from interface: SecurityConfigurator

Set the size of the cache used for storing SSL session objects.

Specified by:

sessionCacheSize in interface SecurityConfigurator

Parameters:

sessionCacheSize - the cache size.

Returns:

this.

sessionTimeout

ClientSecurityConfigurator sessionTimeout(long sessionTimeout)

Description copied from interface: SecurityConfigurator

Set the timeout for the cached SSL session objects, in seconds.

Specified by:

sessionTimeout in interface SecurityConfigurator

Parameters:

sessionTimeout - the session timeout.

Returns:

this.

provider

ClientSecurityConfigurator provider(SecurityConfigurator.SslProvider provider)

Description copied from interface: SecurityConfigurator

Sets the SecurityConfigurator.SslProvider to use.

Specified by:

provider in interface SecurityConfigurator

Parameters:

provider - the provider.

Returns:

this.

hostnameVerificationAlgorithm

ClientSecurityConfigurator hostnameVerificationAlgorithm(java.lang.String hostNameVerificationAlgorithm)

Determines what algorithm to use for hostname verification.

Parameters:

hostNameVerificationAlgorithm - The algorithm to use when verifying the host name. See Supported algorithm names.

Returns:

this.

See Also:

SSLParameters.setEndpointIdentificationAlgorithm(String)

hostnameVerification

ClientSecurityConfigurator hostnameVerification(java.lang.String hostNameVerificationAlgorithm,
                                                java.lang.String hostNameVerificationHost)

Determines what algorithm to use for hostname verification.

Parameters:

hostNameVerificationAlgorithm - The algorithm to use when verifying the host name. See Supported algorithm names.

hostNameVerificationHost - the host name used to verify the server identity.

Returns:

this.

See Also:

SSLParameters.setEndpointIdentificationAlgorithm(String)

hostnameVerification

ClientSecurityConfigurator hostnameVerification(java.lang.String hostNameVerificationAlgorithm,
                                                java.lang.String hostNameVerificationHost,
                                                int hostNameVerificationPort)

Determines what algorithm to use for hostname verification.

Parameters:

hostNameVerificationAlgorithm - The algorithm to use when verifying the host name. See Supported algorithm names.

hostNameVerificationHost - the host name used to verify the server identity.

hostNameVerificationPort - The port which maybe used to verify the server identity.

Returns:

this.

See Also:

SSLParameters.setEndpointIdentificationAlgorithm(String)

hostnameVerification

ClientSecurityConfigurator hostnameVerification(java.lang.String hostNameVerificationHost)

Set the host name used to verify the server identity.

Parameters:

hostNameVerificationHost - the host name used to verify the server identity.

Returns:

this.

hostnameVerification

ClientSecurityConfigurator hostnameVerification(java.lang.String hostNameVerificationHost,
                                                int hostNameVerificationPort)

Set the host name and port used to verify the server identity.

Parameters:

hostNameVerificationHost - the host name used to verify the server identity.

hostNameVerificationPort - The port which maybe used to verify the server identity.

Returns:

this.

See Also:

SSLParameters.setEndpointIdentificationAlgorithm(String)

sniHostname

ClientSecurityConfigurator sniHostname(java.lang.String sniHostname)

Set the SNI host name.

Parameters:

sniHostname - The SNI host name.

Returns:

this.

disableHostnameVerification

ClientSecurityConfigurator disableHostnameVerification()

Disable verification of the server identity.

Returns:

this.

keyManager

ClientSecurityConfigurator keyManager(javax.net.ssl.KeyManagerFactory keyManagerFactory)

Identifying certificate for this host. keyManagerFactory may be null, which disables mutual authentication. The KeyManagerFactory which take preference over any configured Supplier.

Parameters:

keyManagerFactory - an KeyManagerFactory.

Returns:

this.

keyManager

ClientSecurityConfigurator keyManager(java.util.function.Supplier<java.io.InputStream> keyCertChainSupplier,
                                      java.util.function.Supplier<java.io.InputStream> keySupplier)

Identifying certificate for this host. keyCertChainInputStream and keyInputStream may be null, which disables mutual authentication.

Parameters:

keyCertChainSupplier - a Supplier that will provide an input stream for a X.509 certificate chain in PEM format.

The responsibility to call InputStream.close() is transferred to callers of the Supplier. If this is not the desired behavior then wrap the InputStream and override InputStream.close().

keySupplier - an Supplier that will provide an input stream for a KCS#8 private key in PEM format.

The responsibility to call InputStream.close() is transferred to callers of the Supplier. If this is not the desired behavior then wrap the InputStream and override InputStream.close().

Returns:

this.

keyManager

ClientSecurityConfigurator keyManager(java.util.function.Supplier<java.io.InputStream> keyCertChainSupplier,
                                      java.util.function.Supplier<java.io.InputStream> keySupplier,
                                      java.lang.String keyPassword)

Identifying certificate for this host. keyCertChainInputStream and keyInputStream may be null, which disables mutual authentication.

Parameters:

keyCertChainSupplier - an Supplier that will provide an input stream for a X.509 certificate chain in PEM format.

The responsibility to call InputStream.close() is transferred to callers of the Supplier. If this is not the desired behavior then wrap the InputStream and override InputStream.close().

keySupplier - an Supplier that will provide an input stream for a KCS#8 private key in PEM format.

The responsibility to call InputStream.close() is transferred to callers of the Supplier. If this is not the desired behavior then wrap the InputStream and override InputStream.close().

keyPassword - the password of the keyInputStream.

Returns:

this.