Package io.servicetalk.transport.api

Class ServerSslConfigBuilder

  • public final class ServerSslConfigBuilder
extends java.lang.Object
    Default builder for ServerSslConfig objects.

    • Constructor Summary

      Constructors 
      Constructor Description
      ServerSslConfigBuilder​(java.util.function.Supplier<java.io.InputStream> keyCertChainSupplier, java.util.function.Supplier<java.io.InputStream> keySupplier)
      Create a new instance from a InputStream which provides X.509 certificate chain in PEM format and a PKCS#8 private key in PEM format.
      ServerSslConfigBuilder​(java.util.function.Supplier<java.io.InputStream> keyCertChainSupplier, java.util.function.Supplier<java.io.InputStream> keySupplier, java.lang.String keyPassword)
      Create a new instance from a InputStream which provides X.509 certificate chain in PEM format and a PKCS#8 private key in PEM format.
      ServerSslConfigBuilder​(javax.net.ssl.KeyManagerFactory kmf)
      Create a new instance using the KeyManagerFactory for SSL/TLS handshakes.

    • Constructor Detail

      • ServerSslConfigBuilder

        public ServerSslConfigBuilder​(javax.net.ssl.KeyManagerFactory kmf)
        Create a new instance using the KeyManagerFactory for SSL/TLS handshakes.
        Parameters:
        kmf - the KeyManagerFactory to use for the SSL/TLS handshakes.

      • ServerSslConfigBuilder

        public ServerSslConfigBuilder​(java.util.function.Supplier<java.io.InputStream> keyCertChainSupplier,
                              java.util.function.Supplier<java.io.InputStream> keySupplier)
        Create a new instance from a InputStream which provides X.509 certificate chain in PEM format and a PKCS#8 private key in PEM format.
        Parameters:
        keyCertChainSupplier - the X.509 certificate chain in PEM format.

        Each invocation of the Supplier should provide an independent instance of InputStream and the caller is responsible for invoking InputStream.close().

        keySupplier - a InputStream which provides a PKCS#8 private key in PEM format associated with.

        Each invocation of the Supplier should provide an independent instance of InputStream and the caller is responsible for invoking InputStream.close().

      • ServerSslConfigBuilder

        public ServerSslConfigBuilder​(java.util.function.Supplier<java.io.InputStream> keyCertChainSupplier,
                              java.util.function.Supplier<java.io.InputStream> keySupplier,
                              @Nullable
                              java.lang.String keyPassword)
        Create a new instance from a InputStream which provides X.509 certificate chain in PEM format and a PKCS#8 private key in PEM format.
        Parameters:
        keyCertChainSupplier - the X.509 certificate chain in PEM format.

        Each invocation of the Supplier should provide an independent instance of InputStream and the caller is responsible for invoking InputStream.close().

        keySupplier - a InputStream which provides a PKCS#8 private key in PEM format associated with.

        Each invocation of the Supplier should provide an independent instance of InputStream and the caller is responsible for invoking InputStream.close().

        keyPassword - the password required to access the key material from keySupplier.

    • Method Detail

      • trustManager

        public ServerSslConfigBuilder trustManager​(java.util.function.Supplier<java.io.InputStream> trustCertChainSupplier)

      • clientAuthMode

        public ServerSslConfigBuilder clientAuthMode​(SslClientAuthMode clientAuthMode)
        Set the SslClientAuthMode which determines how client authentication should be done.
        Parameters:
        clientAuthMode - the SslClientAuthMode which determines how client authentication should be done.
        Returns:
        this.
        See Also:
        SSLParameters.getNeedClientAuth(), SSLParameters.getWantClientAuth()

      • sslProtocols

        public T sslProtocols​(java.util.List<java.lang.String> protocols)
        Set the TLS protocols to enable, in the order of preference.
        Parameters:
        protocols - the TLS protocols to enable, in the order of preference.
        Returns:
        this.
        See Also:
        SSLEngine.setEnabledProtocols(String[])

      • sslProtocols

        public T sslProtocols​(java.lang.String... protocols)
        Set the TLS protocols to enable, in the order of preference.
        Parameters:
        protocols - the TLS protocols to enable, in the order of preference.
        Returns:
        this.
        See Also:
        SSLEngine.setEnabledProtocols(String[])

      • alpnProtocols

        public T alpnProtocols​(java.util.List<java.lang.String> protocols)
        Set the TLS ALPN protocols.

        Note that each ALPN protocol typically requires corresponding configuration at the protocol layer and as a result maybe inferred and overridden by the protocol layer.

        Parameters:
        protocols - the TLS ALPN protocols.
        Returns:
        this.

      • alpnProtocols

        public T alpnProtocols​(java.lang.String... protocols)
        Set the TLS ALPN protocols.

        Note that each ALPN protocol typically requires corresponding configuration at the protocol layer and as a result maybe inferred and overridden by the protocol layer.

        Parameters:
        protocols - the TLS ALPN protocols.
        Returns:
        this.

      • ciphers

        public T ciphers​(java.util.List<java.lang.String> ciphers)
        Set the cipher suites to enable, in the order of preference.
        Parameters:
        ciphers - the ciphers to use.
        Returns:
        this.

      • ciphers

        public T ciphers​(java.lang.String... ciphers)
        Set the cipher suites to enable, in the order of preference.
        Parameters:
        ciphers - the ciphers to use.
        Returns:
        this.

      • sessionCacheSize

        public T sessionCacheSize​(long sessionCacheSize)
        Get the size of the cache used for storing SSL session objects.
        Parameters:
        sessionCacheSize - the size of the cache used for storing SSL session objects.
        Returns:
        this.
        See Also:
        SSLSessionContext.setSessionCacheSize(int)

      • sessionTimeout

        public T sessionTimeout​(long sessionTimeout)
        Get the timeout for the cached SSL session objects, in seconds.
        Parameters:
        sessionTimeout - the timeout for the cached SSL session objects, in seconds.
        Returns:
        this.
        See Also:
        SSLSessionContext.setSessionTimeout(int)