Package io.servicetalk.transport.api

Class ServerSslConfigBuilder

  • public final class ServerSslConfigBuilder
extends java.lang.Object
    Default builder for ServerSslConfig objects.

    • Constructor Summary

      Constructors 
      Constructor Description
      ServerSslConfigBuilder​(java.util.function.Supplier<java.io.InputStream> keyCertChainSupplier, java.util.function.Supplier<java.io.InputStream> keySupplier)
      Create a new instance from a InputStream which provides X.509 certificate chain in PEM format and a PKCS#8 private key in PEM format.
      ServerSslConfigBuilder​(java.util.function.Supplier<java.io.InputStream> keyCertChainSupplier, java.util.function.Supplier<java.io.InputStream> keySupplier, java.lang.String keyPassword)
      Create a new instance from a InputStream which provides X.509 certificate chain in PEM format and a PKCS#8 private key in PEM format.
      ServerSslConfigBuilder​(javax.net.ssl.KeyManagerFactory kmf)
      Create a new instance using the KeyManagerFactory for SSL/TLS handshakes.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      T alpnProtocols​(java.lang.String... protocols)
      Set the TLS ALPN protocols.
      T alpnProtocols​(java.util.List<java.lang.String> protocols)
      Set the TLS ALPN protocols.
      ServerSslConfig build()
      Build a new ServerSslConfig.
      T ciphers​(java.lang.String... ciphers)
      Set the cipher suites to enable, in the order of preference.
      T ciphers​(java.util.List<java.lang.String> ciphers)
      Set the cipher suites to enable, in the order of preference.
      ServerSslConfigBuilder clientAuthMode​(SslClientAuthMode clientAuthMode)
      Set the SslClientAuthMode which determines how client authentication should be done.
      T keyManager​(java.util.function.Supplier<java.io.InputStream> keyCertChainSupplier, java.util.function.Supplier<java.io.InputStream> keySupplier)
      Set a InputStream which provides X.509 certificate chain in PEM format and a PKCS#8 private key in PEM format.
      T keyManager​(java.util.function.Supplier<java.io.InputStream> keyCertChainSupplier, java.util.function.Supplier<java.io.InputStream> keySupplier, java.lang.String keyPassword)
      Set a InputStream which provides X.509 certificate chain in PEM format and a PKCS#8 private key in PEM format protected by a password.
      T keyManager​(javax.net.ssl.KeyManagerFactory kmf)
      Set the KeyManagerFactory to use for the SSL/TLS handshake.
      T provider​(SslProvider provider)
      Get the SslProvider to use.
      T sessionCacheSize​(long sessionCacheSize)
      Get the size of the cache used for storing SSL session objects.
      T sessionTimeout​(long sessionTimeout)
      Get the timeout for the cached SSL session objects, in seconds.
      T sslProtocols​(java.lang.String... protocols)
      Set the TLS protocols to enable, in the order of preference.
      T sslProtocols​(java.util.List<java.lang.String> protocols)
      Set the TLS protocols to enable, in the order of preference.
      protected ServerSslConfigBuilder thisT()  
      T trustManager​(java.util.function.Supplier<java.io.InputStream> trustCertChainSupplier)
      Set the trusted certificates for verifying the remote endpoint's certificate.
      T trustManager​(javax.net.ssl.TrustManagerFactory tmf)
      Set the TrustManagerFactory used for verifying the remote endpoint's certificate.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • ServerSslConfigBuilder

        public ServerSslConfigBuilder​(javax.net.ssl.KeyManagerFactory kmf)
        Create a new instance using the KeyManagerFactory for SSL/TLS handshakes.
        Parameters:
        kmf - the KeyManagerFactory to use for the SSL/TLS handshakes.

      • ServerSslConfigBuilder

        public ServerSslConfigBuilder​(java.util.function.Supplier<java.io.InputStream> keyCertChainSupplier,
                              java.util.function.Supplier<java.io.InputStream> keySupplier)
        Create a new instance from a InputStream which provides X.509 certificate chain in PEM format and a PKCS#8 private key in PEM format.
        Parameters:
        keyCertChainSupplier - the X.509 certificate chain in PEM format.

        Each invocation of the Supplier should provide an independent instance of InputStream and the caller is responsible for invoking InputStream.close().

        keySupplier - a InputStream which provides a PKCS#8 private key in PEM format associated with.

        Each invocation of the Supplier should provide an independent instance of InputStream and the caller is responsible for invoking InputStream.close().

      • ServerSslConfigBuilder

        public ServerSslConfigBuilder​(java.util.function.Supplier<java.io.InputStream> keyCertChainSupplier,
                              java.util.function.Supplier<java.io.InputStream> keySupplier,
                              @Nullable
                              java.lang.String keyPassword)
        Create a new instance from a InputStream which provides X.509 certificate chain in PEM format and a PKCS#8 private key in PEM format.
        Parameters:
        keyCertChainSupplier - the X.509 certificate chain in PEM format.

        Each invocation of the Supplier should provide an independent instance of InputStream and the caller is responsible for invoking InputStream.close().

        keySupplier - a InputStream which provides a PKCS#8 private key in PEM format associated with.

        Each invocation of the Supplier should provide an independent instance of InputStream and the caller is responsible for invoking InputStream.close().

        keyPassword - the password required to access the key material from keySupplier.

    • Method Detail

      • clientAuthMode

        public ServerSslConfigBuilder clientAuthMode​(SslClientAuthMode clientAuthMode)
        Set the SslClientAuthMode which determines how client authentication should be done.
        Parameters:
        clientAuthMode - the SslClientAuthMode which determines how client authentication should be done.
        Returns:
        this.
        See Also:
        SSLParameters.getNeedClientAuth(), SSLParameters.getWantClientAuth()

      • trustManager

        public final T trustManager​(javax.net.ssl.TrustManagerFactory tmf)
        Set the TrustManagerFactory used for verifying the remote endpoint's certificate.
        Parameters:
        tmf - the TrustManagerFactory used for verifying the remote endpoint's certificate.
        Returns:
        this.

      • trustManager

        public final T trustManager​(java.util.function.Supplier<java.io.InputStream> trustCertChainSupplier)
        Set the trusted certificates for verifying the remote endpoint's certificate. The input stream should contain an X.509 certificate chain in PEM format.
        Parameters:
        trustCertChainSupplier - the trusted certificates for verifying the remote endpoint's certificate. The input stream should contain an X.509 certificate chain in PEM format.

        Each invocation of the Supplier should provide an independent instance of InputStream and the caller is responsible for invoking InputStream.close().

        Returns:
        this.

      • keyManager

        public final T keyManager​(javax.net.ssl.KeyManagerFactory kmf)
        Set the KeyManagerFactory to use for the SSL/TLS handshake.
        Parameters:
        kmf - the KeyManagerFactory to use for the SSL/TLS handshake.
        Returns:
        this.

      • keyManager

        public final T keyManager​(java.util.function.Supplier<java.io.InputStream> keyCertChainSupplier,
                          java.util.function.Supplier<java.io.InputStream> keySupplier)
        Set a InputStream which provides X.509 certificate chain in PEM format and a PKCS#8 private key in PEM format.
        Parameters:
        keyCertChainSupplier - the X.509 certificate chain in PEM format.

        Each invocation of the Supplier should provide an independent instance of InputStream and the caller is responsible for invoking InputStream.close().

        keySupplier - a InputStream which provides a PKCS#8 private key in PEM format associated with.

        Each invocation of the Supplier should provide an independent instance of InputStream and the caller is responsible for invoking InputStream.close().

        Returns:
        this.

      • keyManager

        public final T keyManager​(java.util.function.Supplier<java.io.InputStream> keyCertChainSupplier,
                          java.util.function.Supplier<java.io.InputStream> keySupplier,
                          @Nullable
                          java.lang.String keyPassword)
        Set a InputStream which provides X.509 certificate chain in PEM format and a PKCS#8 private key in PEM format protected by a password.
        Parameters:
        keyCertChainSupplier - the X.509 certificate chain in PEM format.

        Each invocation of the Supplier should provide an independent instance of InputStream and the caller is responsible for invoking InputStream.close().

        keySupplier - a InputStream which provides a PKCS#8 private key in PEM format associated with.

        Each invocation of the Supplier should provide an independent instance of InputStream and the caller is responsible for invoking InputStream.close().

        keyPassword - the password required to access the key material from keySupplier.
        Returns:
        this.

      • sslProtocols

        public final T sslProtocols​(java.util.List<java.lang.String> protocols)
        Set the TLS protocols to enable, in the order of preference.
        Parameters:
        protocols - the TLS protocols to enable, in the order of preference.
        Returns:
        this.
        See Also:
        SSLEngine.setEnabledProtocols(String[])

      • sslProtocols

        public final T sslProtocols​(java.lang.String... protocols)
        Set the TLS protocols to enable, in the order of preference.
        Parameters:
        protocols - the TLS protocols to enable, in the order of preference.
        Returns:
        this.
        See Also:
        SSLEngine.setEnabledProtocols(String[])

      • alpnProtocols

        public final T alpnProtocols​(java.util.List<java.lang.String> protocols)
        Set the TLS ALPN protocols.

        Note that each ALPN protocol typically requires corresponding configuration at the protocol layer and as a result maybe inferred and overridden by the protocol layer.

        Parameters:
        protocols - the TLS ALPN protocols.
        Returns:
        this.

      • alpnProtocols

        public final T alpnProtocols​(java.lang.String... protocols)
        Set the TLS ALPN protocols.

        Note that each ALPN protocol typically requires corresponding configuration at the protocol layer and as a result maybe inferred and overridden by the protocol layer.

        Parameters:
        protocols - the TLS ALPN protocols.
        Returns:
        this.

      • ciphers

        public final T ciphers​(java.util.List<java.lang.String> ciphers)
        Set the cipher suites to enable, in the order of preference.
        Parameters:
        ciphers - the ciphers to use.
        Returns:
        this.

      • ciphers

        public final T ciphers​(java.lang.String... ciphers)
        Set the cipher suites to enable, in the order of preference.
        Parameters:
        ciphers - the ciphers to use.
        Returns:
        this.

      • sessionCacheSize

        public final T sessionCacheSize​(long sessionCacheSize)
        Get the size of the cache used for storing SSL session objects.
        Parameters:
        sessionCacheSize - the size of the cache used for storing SSL session objects.
        Returns:
        this.
        See Also:
        SSLSessionContext.setSessionCacheSize(int)

      • sessionTimeout

        public final T sessionTimeout​(long sessionTimeout)
        Get the timeout for the cached SSL session objects, in seconds.
        Parameters:
        sessionTimeout - the timeout for the cached SSL session objects, in seconds.
        Returns:
        this.
        See Also:
        SSLSessionContext.setSessionTimeout(int)