Package io.servicetalk.transport.api

Class ClientSslConfigBuilder

  • public final class ClientSslConfigBuilder
extends java.lang.Object
    Default builder for ClientSslConfig objects.

    • Constructor Detail

      • ClientSslConfigBuilder

        public ClientSslConfigBuilder()
        Create a new instance using this JVM's TrustManagerFactory.getDefaultAlgorithm() and default TrustManagerFactory.

      • ClientSslConfigBuilder

        public ClientSslConfigBuilder​(javax.net.ssl.TrustManagerFactory tmf)
        Create a new instance using tmf to verify trusted servers.
        Parameters:
        tmf - The TrustManagerFactory used to verify trusted servers.

      • ClientSslConfigBuilder

        public ClientSslConfigBuilder​(java.util.function.Supplier<java.io.InputStream> trustCertChainSupplier)
        Create a new instance using trustCertChainSupplier to verify trusted servers.
        Parameters:
        trustCertChainSupplier - the trusted certificates for verifying the remote endpoint's certificate. The input stream should contain an X.509 certificate chain in PEM format.

        Each invocation of the Supplier should provide an independent instance of InputStream and the caller is responsible for invoking InputStream.close().

    • Method Detail

      • keyManager

        public ClientSslConfigBuilder keyManager​(java.util.function.Supplier<java.io.InputStream> keyCertChainSupplier,
                                         java.util.function.Supplier<java.io.InputStream> keySupplier)

      • keyManager

        public ClientSslConfigBuilder keyManager​(java.util.function.Supplier<java.io.InputStream> keyCertChainSupplier,
                                         java.util.function.Supplier<java.io.InputStream> keySupplier,
                                         @Nullable
                                         java.lang.String keyPassword)

      • hostnameVerificationAlgorithm

        public ClientSslConfigBuilder hostnameVerificationAlgorithm​(java.lang.String algorithm)
        Set the algorithm to use for hostname verification to verify the server identity.
        Parameters:
        algorithm - The algorithm to use when verifying the host name. See Endpoint Identification Algorithm Name
        Returns:
        this.
        See Also:
        SSLParameters.setEndpointIdentificationAlgorithm(String)

      • disableHostnameVerification

        @Deprecated
public ClientSslConfigBuilder disableHostnameVerification()
        Deprecated.
        Disabling hostname verification may leave you vulnerable to man-in-the-middle attacks. See server identity on the risks of disabling. If the expected value isn't automatically inferred use peerHost(String) to set the expected value.
        Disable host name verification.
        Returns:
        this.
        See Also:
        SSLParameters.setEndpointIdentificationAlgorithm(String)

      • peerHost

        public ClientSslConfigBuilder peerHost​(java.lang.String peerHost)
        Set the non-authoritative name of the peer.
        Parameters:
        peerHost - the non-authoritative name of the peer.
        Returns:
        this.
        See Also:
        SSLEngine.getPeerHost()

      • peerPort

        public ClientSslConfigBuilder peerPort​(int peerPort)
        Set the non-authoritative port of the peer.
        Parameters:
        peerPort - the non-authoritative port of the peer, or -1 if unavailable (which may prevent session resumption).
        Returns:
        this.
        See Also:
        SSLEngine.getPeerPort()

      • sniHostname

        public ClientSslConfigBuilder sniHostname​(java.lang.String sniHostname)
        Set the SNI host name.
        Parameters:
        sniHostname - SNI host name.
        Returns:
        this.
        See Also:
        SSLParameters.setServerNames(List)

      • sslProtocols

        public T sslProtocols​(java.util.List<java.lang.String> protocols)
        Set the TLS protocols to enable, in the order of preference.
        Parameters:
        protocols - the TLS protocols to enable, in the order of preference.
        Returns:
        this.
        See Also:
        SSLEngine.setEnabledProtocols(String[])

      • sslProtocols

        public T sslProtocols​(java.lang.String... protocols)
        Set the TLS protocols to enable, in the order of preference.
        Parameters:
        protocols - the TLS protocols to enable, in the order of preference.
        Returns:
        this.
        See Also:
        SSLEngine.setEnabledProtocols(String[])

      • alpnProtocols

        public T alpnProtocols​(java.util.List<java.lang.String> protocols)
        Set the TLS ALPN protocols.

        Note that each ALPN protocol typically requires corresponding configuration at the protocol layer and as a result maybe inferred and overridden by the protocol layer.

        Parameters:
        protocols - the TLS ALPN protocols.
        Returns:
        this.

      • alpnProtocols

        public T alpnProtocols​(java.lang.String... protocols)
        Set the TLS ALPN protocols.

        Note that each ALPN protocol typically requires corresponding configuration at the protocol layer and as a result maybe inferred and overridden by the protocol layer.

        Parameters:
        protocols - the TLS ALPN protocols.
        Returns:
        this.

      • ciphers

        public T ciphers​(java.util.List<java.lang.String> ciphers)
        Set the cipher suites to enable, in the order of preference.
        Parameters:
        ciphers - the ciphers to use.
        Returns:
        this.

      • ciphers

        public T ciphers​(java.lang.String... ciphers)
        Set the cipher suites to enable, in the order of preference.
        Parameters:
        ciphers - the ciphers to use.
        Returns:
        this.

      • sessionCacheSize

        public T sessionCacheSize​(long sessionCacheSize)
        Get the size of the cache used for storing SSL session objects.
        Parameters:
        sessionCacheSize - the size of the cache used for storing SSL session objects.
        Returns:
        this.
        See Also:
        SSLSessionContext.setSessionCacheSize(int)

      • sessionTimeout

        public T sessionTimeout​(long sessionTimeout)
        Get the timeout for the cached SSL session objects, in seconds.
        Parameters:
        sessionTimeout - the timeout for the cached SSL session objects, in seconds.
        Returns:
        this.
        See Also:
        SSLSessionContext.setSessionTimeout(int)