Package io.servicetalk.transport.api

Class ClientSslConfigBuilder

java.lang.Object

io.servicetalk.transport.api.ClientSslConfigBuilder

public final class ClientSslConfigBuilder
extends Object

Default builder for ClientSslConfig objects.

Constructor Summary

Constructors

Constructor	Description
ClientSslConfigBuilder()	Create a new instance using this JVM's TrustManagerFactory.getDefaultAlgorithm() and default TrustManagerFactory.
ClientSslConfigBuilder(Supplier<InputStream> trustCertChainSupplier)	Create a new instance using trustCertChainSupplier to verify trusted servers.
ClientSslConfigBuilder(TrustManagerFactory tmf)	Create a new instance using tmf to verify trusted servers.

Method Summary

Modifier and Type	Method	Description
final ClientSslConfigBuilder	alpnProtocols(String... protocols)	Set the TLS ALPN protocols.
final ClientSslConfigBuilder	alpnProtocols(List<String> protocols)	Set the TLS ALPN protocols.
ClientSslConfig	build()	Build a new ClientSslConfig.
final ClientSslConfigBuilder	certificateCompressionAlgorithms(CertificateCompressionAlgorithm... algorithms)	Sets the certificate compression algorithms to advertise if the feature is supported at runtime.
final ClientSslConfigBuilder	certificateCompressionAlgorithms(List<CertificateCompressionAlgorithm> algorithms)	Sets the certificate compression algorithms to advertise if the feature is supported at runtime.
final ClientSslConfigBuilder	ciphers(String... ciphers)	Set the cipher suites to enable, in the order of preference.
final ClientSslConfigBuilder	ciphers(List<String> ciphers)	Set the cipher suites to enable, in the order of preference.
final ClientSslConfigBuilder	cipherSuiteFilter(SslConfig.CipherSuiteFilter cipherSuiteFilter)	Set the filtering behavior for ciphers suites.
final ClientSslConfigBuilder	handshakeTimeout(Duration handshakeTimeout)	Sets the timeout for the handshake process.
ClientSslConfigBuilder	hostnameVerificationAlgorithm(String algorithm)	Set the algorithm to use for hostname verification to verify the server identity.
final ClientSslConfigBuilder	keyManager(Supplier<InputStream> keyCertChainSupplier, Supplier<InputStream> keySupplier)	Set a InputStream which provides X.509 certificate chain in PEM format and a PKCS#8 private key in PEM format.
final ClientSslConfigBuilder	keyManager(Supplier<InputStream> keyCertChainSupplier, Supplier<InputStream> keySupplier, String keyPassword)	Set a InputStream which provides X.509 certificate chain in PEM format and a PKCS#8 private key in PEM format protected by a password.
final ClientSslConfigBuilder	keyManager(KeyManagerFactory kmf)	Set the KeyManagerFactory to use for the SSL/TLS handshake.
final ClientSslConfigBuilder	maxCertificateListBytes(int maxBytes)	Set the preferred maximum allowed size of the certificate chain in bytes.
ClientSslConfigBuilder	peerHost(String peerHost)	Set the non-authoritative name of the peer.
ClientSslConfigBuilder	peerPort(int peerPort)	Set the non-authoritative port of the peer.
final ClientSslConfigBuilder	provider(SslProvider provider)	Get the SslProvider to use.
final ClientSslConfigBuilder	sessionCacheSize(long sessionCacheSize)	Get the size of the cache used for storing SSL session objects.
final ClientSslConfigBuilder	sessionTimeout(long sessionTimeout)	Get the timeout for the cached SSL session objects, in seconds.
ClientSslConfigBuilder	sniHostname(String sniHostname)	Set the SNI host name.
final ClientSslConfigBuilder	sslProtocols(String... protocols)	Set the TLS protocols to enable, in the order of preference.
final ClientSslConfigBuilder	sslProtocols(List<String> protocols)	Set the TLS protocols to enable, in the order of preference.
protected ClientSslConfigBuilder	thisT()
final ClientSslConfigBuilder	trustManager(Supplier<InputStream> trustCertChainSupplier)	Set the trusted certificates for verifying the remote endpoint's certificate.
final ClientSslConfigBuilder	trustManager(TrustManagerFactory tmf)	Set the TrustManagerFactory used for verifying the remote endpoint's certificate.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

ClientSslConfigBuilder

public ClientSslConfigBuilder()

Create a new instance using this JVM's TrustManagerFactory.getDefaultAlgorithm() and default TrustManagerFactory.

ClientSslConfigBuilder

public ClientSslConfigBuilder(TrustManagerFactory tmf)

Create a new instance using tmf to verify trusted servers.

Parameters:

tmf - The TrustManagerFactory used to verify trusted servers.

See Also:

• SslConfig.trustManagerFactory()

ClientSslConfigBuilder

public ClientSslConfigBuilder(Supplier<InputStream> trustCertChainSupplier)

Create a new instance using trustCertChainSupplier to verify trusted servers.

Parameters:

trustCertChainSupplier - the trusted certificates for verifying the remote endpoint's certificate. The input stream should contain an X.509 certificate chain in PEM format.

Each invocation of the Supplier should provide an independent instance of InputStream and the caller is responsible for invoking InputStream.close().

See Also:

• SslConfig.trustCertChainSupplier()

Method Details

hostnameVerificationAlgorithm

public ClientSslConfigBuilder hostnameVerificationAlgorithm(String algorithm)

Set the algorithm to use for hostname verification to verify the server identity.

Parameters:

algorithm - The algorithm to use when verifying the host name. See Endpoint Identification Algorithm Name. An empty String ("") disables hostname verification.

Returns:

this.

See Also:

• ClientSslConfig.hostnameVerificationAlgorithm()
• SSLParameters.setEndpointIdentificationAlgorithm(String)

peerHost

public ClientSslConfigBuilder peerHost(@Nullable
 String peerHost)

Set the non-authoritative name of the peer.

Parameters:

peerHost - the non-authoritative name of the peer.

Returns:

this.

See Also:

• ClientSslConfig.peerHost()
• SSLEngine.getPeerHost()

peerPort

public ClientSslConfigBuilder peerPort(int peerPort)

Set the non-authoritative port of the peer.

Parameters:

peerPort - the non-authoritative port of the peer, or -1 if unavailable (which may prevent session resumption).

Returns:

this.

See Also:

• ClientSslConfig.peerPort()
• SSLEngine.getPeerPort()

sniHostname

public ClientSslConfigBuilder sniHostname(String sniHostname)

Set the SNI host name.

Parameters:

sniHostname - SNI host name.

Returns:

this.

See Also:

• ClientSslConfig.sniHostname()
• SSLParameters.setServerNames(List)

build

public ClientSslConfig build()

Build a new ClientSslConfig.

Returns:

a new ClientSslConfig.

thisT

protected ClientSslConfigBuilder thisT()

trustManager

public final ClientSslConfigBuilder trustManager(TrustManagerFactory tmf)

Set the TrustManagerFactory used for verifying the remote endpoint's certificate.

Parameters:

tmf - the TrustManagerFactory used for verifying the remote endpoint's certificate.

Returns:

this.

See Also:

• SslConfig.trustManagerFactory()

trustManager

public final ClientSslConfigBuilder trustManager(Supplier<InputStream> trustCertChainSupplier)

Set the trusted certificates for verifying the remote endpoint's certificate. The input stream should contain an X.509 certificate chain in PEM format.

Parameters:

trustCertChainSupplier - the trusted certificates for verifying the remote endpoint's certificate. The input stream should contain an X.509 certificate chain in PEM format.

Each invocation of the Supplier should provide an independent instance of InputStream and the caller is responsible for invoking InputStream.close().

Returns:

this.

See Also:

• SslConfig.trustCertChainSupplier()

keyManager

public final ClientSslConfigBuilder keyManager(KeyManagerFactory kmf)

Set the KeyManagerFactory to use for the SSL/TLS handshake.

Parameters:

kmf - the KeyManagerFactory to use for the SSL/TLS handshake.

Returns:

this.

See Also:

• SslConfig.keyManagerFactory()

keyManager

public final ClientSslConfigBuilder keyManager(Supplier<InputStream> keyCertChainSupplier,
 Supplier<InputStream> keySupplier)

Set a InputStream which provides X.509 certificate chain in PEM format and a PKCS#8 private key in PEM format.

Parameters:

keyCertChainSupplier - the X.509 certificate chain in PEM format.

Each invocation of the Supplier should provide an independent instance of InputStream and the caller is responsible for invoking InputStream.close().

keySupplier - a InputStream which provides a PKCS#8 private key in PEM format associated with.

Each invocation of the Supplier should provide an independent instance of InputStream and the caller is responsible for invoking InputStream.close().

Returns:

this.

See Also:

• SslConfig.keyCertChainSupplier()
• SslConfig.keySupplier()

keyManager

public final ClientSslConfigBuilder keyManager(Supplier<InputStream> keyCertChainSupplier,
 Supplier<InputStream> keySupplier,
 @Nullable
 String keyPassword)

Set a InputStream which provides X.509 certificate chain in PEM format and a PKCS#8 private key in PEM format protected by a password.

Parameters:

keyCertChainSupplier - the X.509 certificate chain in PEM format.

Each invocation of the Supplier should provide an independent instance of InputStream and the caller is responsible for invoking InputStream.close().

keySupplier - a InputStream which provides a PKCS#8 private key in PEM format associated with.

Each invocation of the Supplier should provide an independent instance of InputStream and the caller is responsible for invoking InputStream.close().

keyPassword - the password required to access the key material from keySupplier.

Returns:

this.

See Also:

• SslConfig.keyCertChainSupplier()
• SslConfig.keySupplier()
• SslConfig.keyPassword()

sslProtocols

public final ClientSslConfigBuilder sslProtocols(List<String> protocols)

Set the TLS protocols to enable, in the order of preference.

Parameters:

protocols - the TLS protocols to enable, in the order of preference.

Returns:

this.

See Also:

• SslConfig.sslProtocols()
• SSLEngine.setEnabledProtocols(String[])

sslProtocols

public final ClientSslConfigBuilder sslProtocols(String... protocols)

Set the TLS protocols to enable, in the order of preference.

Parameters:

protocols - the TLS protocols to enable, in the order of preference.

Returns:

this.

See Also:

• SslConfig.sslProtocols()
• SSLEngine.setEnabledProtocols(String[])

alpnProtocols

public final ClientSslConfigBuilder alpnProtocols(List<String> protocols)

Set the TLS ALPN protocols.

Note that each ALPN protocol typically requires corresponding configuration at the protocol layer and as a result maybe inferred and overridden by the protocol layer.

Parameters:

protocols - the TLS ALPN protocols.

Returns:

this.

See Also:

• SslConfig.alpnProtocols()

alpnProtocols

public final ClientSslConfigBuilder alpnProtocols(String... protocols)

Set the TLS ALPN protocols.

Note that each ALPN protocol typically requires corresponding configuration at the protocol layer and as a result maybe inferred and overridden by the protocol layer.

Parameters:

protocols - the TLS ALPN protocols.

Returns:

this.

See Also:

• SslConfig.alpnProtocols()

ciphers

public final ClientSslConfigBuilder ciphers(List<String> ciphers)

Set the cipher suites to enable, in the order of preference.

Parameters:

ciphers - the ciphers to use.

Returns:

this.

See Also:

• SslConfig.ciphers()

ciphers

public final ClientSslConfigBuilder ciphers(String... ciphers)

Set the cipher suites to enable, in the order of preference.

Parameters:

ciphers - the ciphers to use.

Returns:

this.

See Also:

• SslConfig.ciphers()

cipherSuiteFilter

public final ClientSslConfigBuilder cipherSuiteFilter(SslConfig.CipherSuiteFilter cipherSuiteFilter)

Set the filtering behavior for ciphers suites.

Parameters:

cipherSuiteFilter - SslConfig.CipherSuiteFilter to use.

Returns:

this.

See Also:

• SslConfig.cipherSuiteFilter()
• ciphers(String...)
• ciphers(List)

sessionCacheSize

public final ClientSslConfigBuilder sessionCacheSize(long sessionCacheSize)

Get the size of the cache used for storing SSL session objects.

Parameters:

sessionCacheSize - the size of the cache used for storing SSL session objects.

Returns:

this.

See Also:

• SslConfig.sessionCacheSize()
• SSLSessionContext.setSessionCacheSize(int)

sessionTimeout

public final ClientSslConfigBuilder sessionTimeout(long sessionTimeout)

Get the timeout for the cached SSL session objects, in seconds.

Parameters:

sessionTimeout - the timeout for the cached SSL session objects, in seconds.

Returns:

this.

See Also:

• SslConfig.sessionTimeout()
• SSLSessionContext.setSessionTimeout(int)

provider

public final ClientSslConfigBuilder provider(SslProvider provider)

Get the SslProvider to use.

Parameters:

provider - the SslProvider to use.

Returns:

this.

See Also:

• SslConfig.provider()

certificateCompressionAlgorithms

public final ClientSslConfigBuilder certificateCompressionAlgorithms(List<CertificateCompressionAlgorithm> algorithms)

Sets the certificate compression algorithms to advertise if the feature is supported at runtime.

Parameters:

algorithms - the certificate compression algorithms to use.

Returns:

this.

See Also:

• SslConfig.certificateCompressionAlgorithms()
• CertificateCompressionAlgorithms

certificateCompressionAlgorithms

public final ClientSslConfigBuilder certificateCompressionAlgorithms(CertificateCompressionAlgorithm... algorithms)

Sets the certificate compression algorithms to advertise if the feature is supported at runtime.

Parameters:

algorithms - the certificate compression algorithms to use.

Returns:

this.

See Also:

• SslConfig.certificateCompressionAlgorithms()
• CertificateCompressionAlgorithms

handshakeTimeout

public final ClientSslConfigBuilder handshakeTimeout(Duration handshakeTimeout)

Sets the timeout for the handshake process.

Implementations can round the returned Duration to full time units, depending on their time granularity. Zero duration disables the timeout.

Parameters:

handshakeTimeout - the timeout for the handshake process or Duration.ZERO to disable it.

Returns:

this.

See Also:

• SslConfig.handshakeTimeout()

maxCertificateListBytes

public final ClientSslConfigBuilder maxCertificateListBytes(int maxBytes)

Set the preferred maximum allowed size of the certificate chain in bytes. This may not be respected and depends on if the SSLEngine supports this feature.

Parameters:

maxBytes - Number of bytes for the certificate chain. 0 may mean "use the default limit".

Returns:

this.