Class ServerSecurityConfig
- java.lang.Object
-
- io.servicetalk.transport.netty.internal.ReadOnlyServerSecurityConfig
-
- io.servicetalk.transport.netty.internal.ServerSecurityConfig
-
public class ServerSecurityConfig extends ReadOnlyServerSecurityConfig
Server security configuration.
-
-
Field Summary
Fields Modifier and Type Field Description protected java.util.function.Supplier<java.io.InputStream>
keyCertChainSupplier
protected javax.net.ssl.KeyManagerFactory
keyManagerFactory
protected java.lang.String
keyPassword
protected java.util.function.Supplier<java.io.InputStream>
keySupplier
-
Fields inherited from class io.servicetalk.transport.netty.internal.ReadOnlyServerSecurityConfig
clientAuth
-
-
Constructor Summary
Constructors Constructor Description ServerSecurityConfig()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description ReadOnlyServerSecurityConfig
asReadOnly()
Returns this config as aReadOnlyServerSecurityConfig
.void
ciphers(java.lang.Iterable<java.lang.String> ciphers)
The cipher suites to enable, in the order of preference.void
clientAuth(ServerSecurityConfigurator.ClientAuth clientAuth)
Sets the client authentication mode.void
keyManager(java.util.function.Supplier<java.io.InputStream> keyCertChainSupplier, java.util.function.Supplier<java.io.InputStream> keySupplier)
Identifying certificate for this host.void
keyManager(java.util.function.Supplier<java.io.InputStream> keyCertChainSupplier, java.util.function.Supplier<java.io.InputStream> keySupplier, java.lang.String keyPassword)
Identifying certificate for this host.void
keyManager(javax.net.ssl.KeyManagerFactory keyManagerFactory)
Identifying certificate for this host.void
protocols(java.lang.String... protocols)
The SSL protocols to enable, in the order of preference.void
provider(SecurityConfigurator.SslProvider provider)
Sets theSecurityConfigurator.SslProvider
to use.void
sessionCacheSize(long sessionCacheSize)
Set the size of the cache used for storing SSL session objects.void
sessionTimeout(long sessionTimeout)
Set the timeout for the cached SSL session objects, in seconds.void
trustManager(java.util.function.Supplier<java.io.InputStream> trustCertChainSupplier)
Trusted certificates for verifying the remote endpoint's certificate.void
trustManager(javax.net.ssl.TrustManagerFactory trustManagerFactory)
Trust manager for verifying the remote endpoint's certificate.-
Methods inherited from class io.servicetalk.transport.netty.internal.ReadOnlyServerSecurityConfig
clientAuth
-
-
-
-
Field Detail
-
keyManagerFactory
@Nullable protected javax.net.ssl.KeyManagerFactory keyManagerFactory
-
keyCertChainSupplier
protected java.util.function.Supplier<java.io.InputStream> keyCertChainSupplier
-
keySupplier
protected java.util.function.Supplier<java.io.InputStream> keySupplier
-
keyPassword
@Nullable protected java.lang.String keyPassword
-
-
Method Detail
-
trustManager
public void trustManager(java.util.function.Supplier<java.io.InputStream> trustCertChainSupplier)
Trusted certificates for verifying the remote endpoint's certificate. The input stream should contain anX.509
certificate chain inPEM
format.- Parameters:
trustCertChainSupplier
- a supplier for the certificate chain input stream.
-
trustManager
public void trustManager(javax.net.ssl.TrustManagerFactory trustManagerFactory)
Trust manager for verifying the remote endpoint's certificate. TheTrustManagerFactory
which take preference over any configuredSupplier
.- Parameters:
trustManagerFactory
- theTrustManagerFactory
to use.
-
protocols
public void protocols(java.lang.String... protocols)
The SSL protocols to enable, in the order of preference.- Parameters:
protocols
- the protocols to use.
-
ciphers
public void ciphers(java.lang.Iterable<java.lang.String> ciphers)
The cipher suites to enable, in the order of preference.- Parameters:
ciphers
- the ciphers to use.
-
sessionCacheSize
public void sessionCacheSize(long sessionCacheSize)
Set the size of the cache used for storing SSL session objects.- Parameters:
sessionCacheSize
- the cache size.
-
sessionTimeout
public void sessionTimeout(long sessionTimeout)
Set the timeout for the cached SSL session objects, in seconds.- Parameters:
sessionTimeout
- the session timeout.
-
provider
public void provider(SecurityConfigurator.SslProvider provider)
Sets theSecurityConfigurator.SslProvider
to use.- Parameters:
provider
- the provider.
-
keyManager
public void keyManager(javax.net.ssl.KeyManagerFactory keyManagerFactory)
Identifying certificate for this host.keyManagerFactory
may benull
, which disables mutual authentication. TheKeyManagerFactory
which take preference over any configuredSupplier
.- Parameters:
keyManagerFactory
- anKeyManagerFactory
.
-
keyManager
public void keyManager(java.util.function.Supplier<java.io.InputStream> keyCertChainSupplier, java.util.function.Supplier<java.io.InputStream> keySupplier)
Identifying certificate for this host.keyCertChainInputStream
andkeyInputStream
may benull
, which disables mutual authentication.- Parameters:
keyCertChainSupplier
- aSupplier
that will provide an input stream for aX.509
certificate chain inPEM
format.keySupplier
- anSupplier
that will provide an input stream for a KCS#8 private key in PEM format.
-
keyManager
public void keyManager(java.util.function.Supplier<java.io.InputStream> keyCertChainSupplier, java.util.function.Supplier<java.io.InputStream> keySupplier, java.lang.String keyPassword)
Identifying certificate for this host.keyCertChainInputStream
andkeyInputStream
may benull
, which disables mutual authentication.- Parameters:
keyCertChainSupplier
- anSupplier
that will provide an input stream for aX.509
certificate chain inPEM
format.keySupplier
- anSupplier
that will provide an input stream for a KCS#8 private key in PEM format.keyPassword
- the password of thekeyInputStream
.
-
clientAuth
public void clientAuth(ServerSecurityConfigurator.ClientAuth clientAuth)
Sets the client authentication mode.- Parameters:
clientAuth
- the auth configuration to use.
-
asReadOnly
public ReadOnlyServerSecurityConfig asReadOnly()
Returns this config as aReadOnlyServerSecurityConfig
.- Returns:
- This config as a
ReadOnlyServerSecurityConfig
.
-
-