Class ClientSecurityConfig
- java.lang.Object
-
- io.servicetalk.transport.netty.internal.ReadOnlyClientSecurityConfig
-
- io.servicetalk.transport.netty.internal.ClientSecurityConfig
-
public class ClientSecurityConfig extends ReadOnlyClientSecurityConfig
Client security configuration.
-
-
Field Summary
Fields Modifier and Type Field Description protected java.util.function.Supplier<java.io.InputStream>
keyCertChainSupplier
protected javax.net.ssl.KeyManagerFactory
keyManagerFactory
protected java.lang.String
keyPassword
protected java.util.function.Supplier<java.io.InputStream>
keySupplier
-
Fields inherited from class io.servicetalk.transport.netty.internal.ReadOnlyClientSecurityConfig
hostnameVerificationAlgorithm, hostNameVerificationHost, hostNameVerificationPort, sniHostname
-
-
Constructor Summary
Constructors Constructor Description ClientSecurityConfig(java.lang.String serverHostname, int serverPort)
Creates new instance.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description ReadOnlyClientSecurityConfig
asReadOnly()
Returns this config as aReadOnlyClientSecurityConfig
.void
ciphers(java.lang.Iterable<java.lang.String> ciphers)
The cipher suites to enable, in the order of preference.void
disableHostnameVerification()
Disable verification of the server identity.void
hostNameVerification(java.lang.String hostNameVerificationHost)
Set the host name used to verify the server identity.void
hostNameVerification(java.lang.String hostNameVerificationHost, int hostNameVerificationPort)
Set the host name and port used to verify the server identity.void
hostNameVerification(java.lang.String hostNameVerificationAlgorithm, java.lang.String hostNameVerificationHost)
Determines what algorithm to use for hostname verification.void
hostNameVerification(java.lang.String hostNameVerificationAlgorithm, java.lang.String hostNameVerificationHost, int hostNameVerificationPort)
Determines what algorithm to use for hostname verification.void
hostNameVerificationAlgorithm(java.lang.String hostNameVerificationAlgorithm)
Determines what algorithm to use for hostname verification.void
keyManager(java.util.function.Supplier<java.io.InputStream> keyCertChainSupplier, java.util.function.Supplier<java.io.InputStream> keySupplier)
Identifying certificate for this host.void
keyManager(java.util.function.Supplier<java.io.InputStream> keyCertChainSupplier, java.util.function.Supplier<java.io.InputStream> keySupplier, java.lang.String keyPassword)
Identifying certificate for this host.void
keyManager(javax.net.ssl.KeyManagerFactory keyManagerFactory)
Identifying certificate for this host.void
protocols(java.lang.String... protocols)
The SSL protocols to enable, in the order of preference.void
provider(SecurityConfigurator.SslProvider provider)
Sets theSecurityConfigurator.SslProvider
to use.void
sessionCacheSize(long sessionCacheSize)
Set the size of the cache used for storing SSL session objects.void
sessionTimeout(long sessionTimeout)
Set the timeout for the cached SSL session objects, in seconds.void
sniHostname(java.lang.String sniHostname)
Set the SNI host name.void
trustManager(java.util.function.Supplier<java.io.InputStream> trustCertChainSupplier)
Trusted certificates for verifying the remote endpoint's certificate.void
trustManager(javax.net.ssl.TrustManagerFactory trustManagerFactory)
Trust manager for verifying the remote endpoint's certificate.-
Methods inherited from class io.servicetalk.transport.netty.internal.ReadOnlyClientSecurityConfig
hostnameVerificationAlgorithm, hostnameVerificationHost, hostnameVerificationPort, sniHostname
-
-
-
-
Field Detail
-
keyManagerFactory
@Nullable protected javax.net.ssl.KeyManagerFactory keyManagerFactory
-
keyCertChainSupplier
protected java.util.function.Supplier<java.io.InputStream> keyCertChainSupplier
-
keySupplier
protected java.util.function.Supplier<java.io.InputStream> keySupplier
-
keyPassword
@Nullable protected java.lang.String keyPassword
-
-
Method Detail
-
hostNameVerificationAlgorithm
public void hostNameVerificationAlgorithm(java.lang.String hostNameVerificationAlgorithm)
Determines what algorithm to use for hostname verification.- Parameters:
hostNameVerificationAlgorithm
- The algorithm to use when verifying the host name.
-
hostNameVerification
public void hostNameVerification(java.lang.String hostNameVerificationAlgorithm, java.lang.String hostNameVerificationHost)
Determines what algorithm to use for hostname verification.- Parameters:
hostNameVerificationAlgorithm
- The algorithm to use when verifying the host name.hostNameVerificationHost
- the host name used to verify the server identity.
-
hostNameVerification
public void hostNameVerification(java.lang.String hostNameVerificationAlgorithm, java.lang.String hostNameVerificationHost, int hostNameVerificationPort)
Determines what algorithm to use for hostname verification.- Parameters:
hostNameVerificationAlgorithm
- The algorithm to use when verifying the host name.hostNameVerificationHost
- the host name used to verify the server identity.hostNameVerificationPort
- The port which maybe used to verify the server identity.
-
hostNameVerification
public void hostNameVerification(java.lang.String hostNameVerificationHost)
Set the host name used to verify the server identity.- Parameters:
hostNameVerificationHost
- the host name used to verify the server identity.
-
hostNameVerification
public void hostNameVerification(java.lang.String hostNameVerificationHost, int hostNameVerificationPort)
Set the host name and port used to verify the server identity.- Parameters:
hostNameVerificationHost
- the host name used to verify the server identity.hostNameVerificationPort
- The port which maybe used to verify the server identity.
-
sniHostname
public void sniHostname(java.lang.String sniHostname)
Set the SNI host name.- Parameters:
sniHostname
- The SNI host name.
-
disableHostnameVerification
public void disableHostnameVerification()
Disable verification of the server identity.
-
trustManager
public void trustManager(java.util.function.Supplier<java.io.InputStream> trustCertChainSupplier)
Trusted certificates for verifying the remote endpoint's certificate. The input stream should contain anX.509
certificate chain inPEM
format.- Parameters:
trustCertChainSupplier
- a supplier for the certificate chain input stream.
-
trustManager
public void trustManager(javax.net.ssl.TrustManagerFactory trustManagerFactory)
Trust manager for verifying the remote endpoint's certificate. TheTrustManagerFactory
which take preference over any configuredSupplier
.- Parameters:
trustManagerFactory
- theTrustManagerFactory
to use.
-
protocols
public void protocols(java.lang.String... protocols)
The SSL protocols to enable, in the order of preference.- Parameters:
protocols
- the protocols to use.
-
ciphers
public void ciphers(java.lang.Iterable<java.lang.String> ciphers)
The cipher suites to enable, in the order of preference.- Parameters:
ciphers
- the ciphers to use.
-
sessionCacheSize
public void sessionCacheSize(long sessionCacheSize)
Set the size of the cache used for storing SSL session objects.- Parameters:
sessionCacheSize
- the cache size.
-
sessionTimeout
public void sessionTimeout(long sessionTimeout)
Set the timeout for the cached SSL session objects, in seconds.- Parameters:
sessionTimeout
- the session timeout.
-
provider
public void provider(SecurityConfigurator.SslProvider provider)
Sets theSecurityConfigurator.SslProvider
to use.- Parameters:
provider
- the provider.
-
keyManager
public void keyManager(javax.net.ssl.KeyManagerFactory keyManagerFactory)
Identifying certificate for this host.keyManagerFactory
may benull
, which disables mutual authentication. TheKeyManagerFactory
which take preference over any configuredSupplier
.- Parameters:
keyManagerFactory
- anKeyManagerFactory
.
-
keyManager
public void keyManager(java.util.function.Supplier<java.io.InputStream> keyCertChainSupplier, java.util.function.Supplier<java.io.InputStream> keySupplier)
Identifying certificate for this host.keyCertChainInputStream
andkeyInputStream
may benull
, which disables mutual authentication.- Parameters:
keyCertChainSupplier
- aSupplier
that will provide an input stream for aX.509
certificate chain inPEM
format.keySupplier
- anSupplier
that will provide an input stream for a KCS#8 private key in PEM format.
-
keyManager
public void keyManager(java.util.function.Supplier<java.io.InputStream> keyCertChainSupplier, java.util.function.Supplier<java.io.InputStream> keySupplier, java.lang.String keyPassword)
Identifying certificate for this host.keyCertChainInputStream
andkeyInputStream
may benull
, which disables mutual authentication.- Parameters:
keyCertChainSupplier
- anSupplier
that will provide an input stream for aX.509
certificate chain inPEM
format.keySupplier
- anSupplier
that will provide an input stream for a KCS#8 private key in PEM format.keyPassword
- the password of thekeyInputStream
.
-
asReadOnly
public ReadOnlyClientSecurityConfig asReadOnly()
Returns this config as aReadOnlyClientSecurityConfig
.- Returns:
- This config as a
ReadOnlyClientSecurityConfig
.
-
-