Package io.servicetalk.transport.api
Class ClientSslConfigBuilder
- java.lang.Object
-
- io.servicetalk.transport.api.ClientSslConfigBuilder
-
public final class ClientSslConfigBuilder extends java.lang.Object
Default builder forClientSslConfig
objects.
-
-
Constructor Summary
Constructors Constructor Description ClientSslConfigBuilder()
Create a new instance using this JVM'sTrustManagerFactory.getDefaultAlgorithm()
and defaultTrustManagerFactory
.ClientSslConfigBuilder(java.util.function.Supplier<java.io.InputStream> trustCertChainSupplier)
Create a new instance usingtrustCertChainSupplier
to verify trusted servers.ClientSslConfigBuilder(javax.net.ssl.TrustManagerFactory tmf)
Create a new instance usingtmf
to verify trusted servers.
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description T
alpnProtocols(java.lang.String... protocols)
Set the TLS ALPN protocols.T
alpnProtocols(java.util.List<java.lang.String> protocols)
Set the TLS ALPN protocols.ClientSslConfig
build()
Build a newClientSslConfig
.T
ciphers(java.lang.String... ciphers)
Set the cipher suites to enable, in the order of preference.T
ciphers(java.util.List<java.lang.String> ciphers)
Set the cipher suites to enable, in the order of preference.ClientSslConfigBuilder
disableHostnameVerification()
Deprecated.Disabling hostname verification may leave you vulnerable to man-in-the-middle attacks.ClientSslConfigBuilder
hostnameVerificationAlgorithm(java.lang.String algorithm)
Set the algorithm to use for hostname verification to verify the server identity.ClientSslConfigBuilder
keyManager(java.util.function.Supplier<java.io.InputStream> keyCertChainSupplier, java.util.function.Supplier<java.io.InputStream> keySupplier)
ClientSslConfigBuilder
keyManager(java.util.function.Supplier<java.io.InputStream> keyCertChainSupplier, java.util.function.Supplier<java.io.InputStream> keySupplier, java.lang.String keyPassword)
ClientSslConfigBuilder
keyManager(javax.net.ssl.KeyManagerFactory kmf)
ClientSslConfigBuilder
peerHost(java.lang.String peerHost)
Set the non-authoritative name of the peer.ClientSslConfigBuilder
peerPort(int peerPort)
Set the non-authoritative port of the peer.T
provider(SslProvider provider)
Get theSslProvider
to use.T
sessionCacheSize(long sessionCacheSize)
Get the size of the cache used for storing SSL session objects.T
sessionTimeout(long sessionTimeout)
Get the timeout for the cached SSL session objects, in seconds.ClientSslConfigBuilder
sniHostname(java.lang.String sniHostname)
Set the SNI host name.T
sslProtocols(java.lang.String... protocols)
Set the TLS protocols to enable, in the order of preference.T
sslProtocols(java.util.List<java.lang.String> protocols)
Set the TLS protocols to enable, in the order of preference.protected ClientSslConfigBuilder
thisT()
-
-
-
Constructor Detail
-
ClientSslConfigBuilder
public ClientSslConfigBuilder()
Create a new instance using this JVM'sTrustManagerFactory.getDefaultAlgorithm()
and defaultTrustManagerFactory
.
-
ClientSslConfigBuilder
public ClientSslConfigBuilder(javax.net.ssl.TrustManagerFactory tmf)
Create a new instance usingtmf
to verify trusted servers.- Parameters:
tmf
- TheTrustManagerFactory
used to verify trusted servers.
-
ClientSslConfigBuilder
public ClientSslConfigBuilder(java.util.function.Supplier<java.io.InputStream> trustCertChainSupplier)
Create a new instance usingtrustCertChainSupplier
to verify trusted servers.- Parameters:
trustCertChainSupplier
- the trusted certificates for verifying the remote endpoint's certificate. The input stream should contain anX.509
certificate chain inPEM
format.Each invocation of the
Supplier
should provide an independent instance ofInputStream
and the caller is responsible for invokingInputStream.close()
.
-
-
Method Detail
-
keyManager
public ClientSslConfigBuilder keyManager(javax.net.ssl.KeyManagerFactory kmf)
-
keyManager
public ClientSslConfigBuilder keyManager(java.util.function.Supplier<java.io.InputStream> keyCertChainSupplier, java.util.function.Supplier<java.io.InputStream> keySupplier)
-
keyManager
public ClientSslConfigBuilder keyManager(java.util.function.Supplier<java.io.InputStream> keyCertChainSupplier, java.util.function.Supplier<java.io.InputStream> keySupplier, @Nullable java.lang.String keyPassword)
-
hostnameVerificationAlgorithm
public ClientSslConfigBuilder hostnameVerificationAlgorithm(java.lang.String algorithm)
Set the algorithm to use for hostname verification to verify the server identity.- Parameters:
algorithm
- The algorithm to use when verifying the host name. See Endpoint Identification Algorithm Name- Returns:
this
.- See Also:
SSLParameters.setEndpointIdentificationAlgorithm(String)
-
disableHostnameVerification
@Deprecated public ClientSslConfigBuilder disableHostnameVerification()
Deprecated.Disabling hostname verification may leave you vulnerable to man-in-the-middle attacks. See server identity on the risks of disabling. If the expected value isn't automatically inferred usepeerHost(String)
to set the expected value.Disable host name verification.- Returns:
this
.- See Also:
SSLParameters.setEndpointIdentificationAlgorithm(String)
-
peerHost
public ClientSslConfigBuilder peerHost(java.lang.String peerHost)
Set the non-authoritative name of the peer.- Parameters:
peerHost
- the non-authoritative name of the peer.- Returns:
this
.- See Also:
SSLEngine.getPeerHost()
-
peerPort
public ClientSslConfigBuilder peerPort(int peerPort)
Set the non-authoritative port of the peer.- Parameters:
peerPort
- the non-authoritative port of the peer, or-1
if unavailable (which may prevent session resumption).- Returns:
this
.- See Also:
SSLEngine.getPeerPort()
-
sniHostname
public ClientSslConfigBuilder sniHostname(java.lang.String sniHostname)
Set the SNI host name.- Parameters:
sniHostname
- SNI host name.- Returns:
this
.- See Also:
SSLParameters.setServerNames(List)
-
build
public ClientSslConfig build()
Build a newClientSslConfig
.- Returns:
- a new
ClientSslConfig
.
-
thisT
protected ClientSslConfigBuilder thisT()
-
sslProtocols
public T sslProtocols(java.util.List<java.lang.String> protocols)
Set the TLS protocols to enable, in the order of preference.- Parameters:
protocols
- the TLS protocols to enable, in the order of preference.- Returns:
this
.- See Also:
SSLEngine.setEnabledProtocols(String[])
-
sslProtocols
public T sslProtocols(java.lang.String... protocols)
Set the TLS protocols to enable, in the order of preference.- Parameters:
protocols
- the TLS protocols to enable, in the order of preference.- Returns:
this
.- See Also:
SSLEngine.setEnabledProtocols(String[])
-
alpnProtocols
public T alpnProtocols(java.util.List<java.lang.String> protocols)
Set the TLS ALPN protocols.Note that each ALPN protocol typically requires corresponding configuration at the protocol layer and as a result maybe inferred and overridden by the protocol layer.
- Parameters:
protocols
- the TLS ALPN protocols.- Returns:
this
.
-
alpnProtocols
public T alpnProtocols(java.lang.String... protocols)
Set the TLS ALPN protocols.Note that each ALPN protocol typically requires corresponding configuration at the protocol layer and as a result maybe inferred and overridden by the protocol layer.
- Parameters:
protocols
- the TLS ALPN protocols.- Returns:
this
.
-
ciphers
public T ciphers(java.util.List<java.lang.String> ciphers)
Set the cipher suites to enable, in the order of preference.- Parameters:
ciphers
- the ciphers to use.- Returns:
this
.
-
ciphers
public T ciphers(java.lang.String... ciphers)
Set the cipher suites to enable, in the order of preference.- Parameters:
ciphers
- the ciphers to use.- Returns:
this
.
-
sessionCacheSize
public T sessionCacheSize(long sessionCacheSize)
Get the size of the cache used for storing SSL session objects.- Parameters:
sessionCacheSize
- the size of the cache used for storing SSL session objects.- Returns:
this
.- See Also:
SSLSessionContext.setSessionCacheSize(int)
-
sessionTimeout
public T sessionTimeout(long sessionTimeout)
Get the timeout for the cached SSL session objects, in seconds.- Parameters:
sessionTimeout
- the timeout for the cached SSL session objects, in seconds.- Returns:
this
.- See Also:
SSLSessionContext.setSessionTimeout(int)
-
provider
public T provider(SslProvider provider)
Get theSslProvider
to use.- Parameters:
provider
- theSslProvider
to use.- Returns:
this
.
-
-