Class ClientSslConfigBuilder
ClientSslConfig
objects.-
Constructor Summary
ConstructorsConstructorDescriptionCreate a new instance using this JVM'sTrustManagerFactory.getDefaultAlgorithm()
and defaultTrustManagerFactory
.ClientSslConfigBuilder
(Supplier<InputStream> trustCertChainSupplier) Create a new instance usingtrustCertChainSupplier
to verify trusted servers.Create a new instance usingtmf
to verify trusted servers. -
Method Summary
Modifier and TypeMethodDescriptionfinal ClientSslConfigBuilder
alpnProtocols
(String... protocols) Set the TLS ALPN protocols.final ClientSslConfigBuilder
alpnProtocols
(List<String> protocols) Set the TLS ALPN protocols.build()
Build a newClientSslConfig
.final ClientSslConfigBuilder
certificateCompressionAlgorithms
(CertificateCompressionAlgorithm... algorithms) Sets the certificate compression algorithms to advertise if the feature is supported at runtime.final ClientSslConfigBuilder
Sets the certificate compression algorithms to advertise if the feature is supported at runtime.final ClientSslConfigBuilder
Set the cipher suites to enable, in the order of preference.final ClientSslConfigBuilder
Set the cipher suites to enable, in the order of preference.final ClientSslConfigBuilder
cipherSuiteFilter
(SslConfig.CipherSuiteFilter cipherSuiteFilter) Set the filtering behavior for ciphers suites.final ClientSslConfigBuilder
handshakeTimeout
(Duration handshakeTimeout) Sets the timeout for the handshake process.hostnameVerificationAlgorithm
(String algorithm) Set the algorithm to use for hostname verification to verify the server identity.final ClientSslConfigBuilder
keyManager
(Supplier<InputStream> keyCertChainSupplier, Supplier<InputStream> keySupplier) Set aInputStream
which providesX.509
certificate chain inPEM
format and aPKCS#8
private key inPEM
format.final ClientSslConfigBuilder
keyManager
(Supplier<InputStream> keyCertChainSupplier, Supplier<InputStream> keySupplier, String keyPassword) Set aInputStream
which providesX.509
certificate chain inPEM
format and aPKCS#8
private key inPEM
format protected by a password.final ClientSslConfigBuilder
Set theKeyManagerFactory
to use for the SSL/TLS handshake.final ClientSslConfigBuilder
maxCertificateListBytes
(int maxBytes) Set the preferred maximum allowed size of the certificate chain in bytes.Set the non-authoritative name of the peer.peerPort
(int peerPort) Set the non-authoritative port of the peer.final ClientSslConfigBuilder
provider
(SslProvider provider) Get theSslProvider
to use.final ClientSslConfigBuilder
sessionCacheSize
(long sessionCacheSize) Get the size of the cache used for storing SSL session objects.final ClientSslConfigBuilder
sessionTimeout
(long sessionTimeout) Get the timeout for the cached SSL session objects, in seconds.sniHostname
(String sniHostname) Set the SNI host name.final ClientSslConfigBuilder
sslProtocols
(String... protocols) Set the TLS protocols to enable, in the order of preference.final ClientSslConfigBuilder
sslProtocols
(List<String> protocols) Set the TLS protocols to enable, in the order of preference.protected ClientSslConfigBuilder
thisT()
final ClientSslConfigBuilder
trustManager
(Supplier<InputStream> trustCertChainSupplier) Set the trusted certificates for verifying the remote endpoint's certificate.final ClientSslConfigBuilder
Set theTrustManagerFactory
used for verifying the remote endpoint's certificate.
-
Constructor Details
-
ClientSslConfigBuilder
public ClientSslConfigBuilder()Create a new instance using this JVM'sTrustManagerFactory.getDefaultAlgorithm()
and defaultTrustManagerFactory
. -
ClientSslConfigBuilder
Create a new instance usingtmf
to verify trusted servers.- Parameters:
tmf
- TheTrustManagerFactory
used to verify trusted servers.- See Also:
-
ClientSslConfigBuilder
Create a new instance usingtrustCertChainSupplier
to verify trusted servers.- Parameters:
trustCertChainSupplier
- the trusted certificates for verifying the remote endpoint's certificate. The input stream should contain anX.509
certificate chain inPEM
format.Each invocation of the
Supplier
should provide an independent instance ofInputStream
and the caller is responsible for invokingInputStream.close()
.- See Also:
-
-
Method Details
-
hostnameVerificationAlgorithm
Set the algorithm to use for hostname verification to verify the server identity.- Parameters:
algorithm
- The algorithm to use when verifying the host name. See Endpoint Identification Algorithm Name. An emptyString
(""
) disables hostname verification.- Returns:
this
.- See Also:
-
peerHost
Set the non-authoritative name of the peer.- Parameters:
peerHost
- the non-authoritative name of the peer.- Returns:
this
.- See Also:
-
peerPort
Set the non-authoritative port of the peer.- Parameters:
peerPort
- the non-authoritative port of the peer, or-1
if unavailable (which may prevent session resumption).- Returns:
this
.- See Also:
-
sniHostname
Set the SNI host name.- Parameters:
sniHostname
- SNI host name.- Returns:
this
.- See Also:
-
build
Build a newClientSslConfig
.- Returns:
- a new
ClientSslConfig
.
-
thisT
-
trustManager
Set theTrustManagerFactory
used for verifying the remote endpoint's certificate.- Parameters:
tmf
- theTrustManagerFactory
used for verifying the remote endpoint's certificate.- Returns:
this
.- See Also:
-
trustManager
Set the trusted certificates for verifying the remote endpoint's certificate. The input stream should contain anX.509
certificate chain inPEM
format.- Parameters:
trustCertChainSupplier
- the trusted certificates for verifying the remote endpoint's certificate. The input stream should contain anX.509
certificate chain inPEM
format.Each invocation of the
Supplier
should provide an independent instance ofInputStream
and the caller is responsible for invokingInputStream.close()
.- Returns:
this
.- See Also:
-
keyManager
Set theKeyManagerFactory
to use for the SSL/TLS handshake.- Parameters:
kmf
- theKeyManagerFactory
to use for the SSL/TLS handshake.- Returns:
this
.- See Also:
-
keyManager
public final ClientSslConfigBuilder keyManager(Supplier<InputStream> keyCertChainSupplier, Supplier<InputStream> keySupplier) Set aInputStream
which providesX.509
certificate chain inPEM
format and aPKCS#8
private key inPEM
format.- Parameters:
keyCertChainSupplier
- theX.509
certificate chain inPEM
format.Each invocation of the
Supplier
should provide an independent instance ofInputStream
and the caller is responsible for invokingInputStream.close()
.keySupplier
- aInputStream
which provides aPKCS#8
private key inPEM
format associated with.Each invocation of the
Supplier
should provide an independent instance ofInputStream
and the caller is responsible for invokingInputStream.close()
.- Returns:
this
.- See Also:
-
keyManager
public final ClientSslConfigBuilder keyManager(Supplier<InputStream> keyCertChainSupplier, Supplier<InputStream> keySupplier, @Nullable String keyPassword) Set aInputStream
which providesX.509
certificate chain inPEM
format and aPKCS#8
private key inPEM
format protected by a password.- Parameters:
keyCertChainSupplier
- theX.509
certificate chain inPEM
format.Each invocation of the
Supplier
should provide an independent instance ofInputStream
and the caller is responsible for invokingInputStream.close()
.keySupplier
- aInputStream
which provides aPKCS#8
private key inPEM
format associated with.Each invocation of the
Supplier
should provide an independent instance ofInputStream
and the caller is responsible for invokingInputStream.close()
.keyPassword
- the password required to access the key material fromkeySupplier
.- Returns:
this
.- See Also:
-
sslProtocols
Set the TLS protocols to enable, in the order of preference.- Parameters:
protocols
- the TLS protocols to enable, in the order of preference.- Returns:
this
.- See Also:
-
sslProtocols
Set the TLS protocols to enable, in the order of preference.- Parameters:
protocols
- the TLS protocols to enable, in the order of preference.- Returns:
this
.- See Also:
-
alpnProtocols
Set the TLS ALPN protocols.Note that each ALPN protocol typically requires corresponding configuration at the protocol layer and as a result maybe inferred and overridden by the protocol layer.
- Parameters:
protocols
- the TLS ALPN protocols.- Returns:
this
.- See Also:
-
alpnProtocols
Set the TLS ALPN protocols.Note that each ALPN protocol typically requires corresponding configuration at the protocol layer and as a result maybe inferred and overridden by the protocol layer.
- Parameters:
protocols
- the TLS ALPN protocols.- Returns:
this
.- See Also:
-
ciphers
Set the cipher suites to enable, in the order of preference.- Parameters:
ciphers
- the ciphers to use.- Returns:
this
.- See Also:
-
ciphers
Set the cipher suites to enable, in the order of preference.- Parameters:
ciphers
- the ciphers to use.- Returns:
this
.- See Also:
-
cipherSuiteFilter
public final ClientSslConfigBuilder cipherSuiteFilter(SslConfig.CipherSuiteFilter cipherSuiteFilter) Set the filtering behavior for ciphers suites.- Parameters:
cipherSuiteFilter
-SslConfig.CipherSuiteFilter
to use.- Returns:
this
.- See Also:
-
sessionCacheSize
Get the size of the cache used for storing SSL session objects.- Parameters:
sessionCacheSize
- the size of the cache used for storing SSL session objects.- Returns:
this
.- See Also:
-
sessionTimeout
Get the timeout for the cached SSL session objects, in seconds.- Parameters:
sessionTimeout
- the timeout for the cached SSL session objects, in seconds.- Returns:
this
.- See Also:
-
provider
Get theSslProvider
to use.- Parameters:
provider
- theSslProvider
to use.- Returns:
this
.- See Also:
-
certificateCompressionAlgorithms
public final ClientSslConfigBuilder certificateCompressionAlgorithms(List<CertificateCompressionAlgorithm> algorithms) Sets the certificate compression algorithms to advertise if the feature is supported at runtime.- Parameters:
algorithms
- the certificate compression algorithms to use.- Returns:
this
.- See Also:
-
certificateCompressionAlgorithms
public final ClientSslConfigBuilder certificateCompressionAlgorithms(CertificateCompressionAlgorithm... algorithms) Sets the certificate compression algorithms to advertise if the feature is supported at runtime.- Parameters:
algorithms
- the certificate compression algorithms to use.- Returns:
this
.- See Also:
-
handshakeTimeout
Sets the timeout for the handshake process.Implementations can round the returned
Duration
to full time units, depending on their time granularity.Zero duration
disables the timeout.- Parameters:
handshakeTimeout
- the timeout for the handshake process orDuration.ZERO
to disable it.- Returns:
this
.- See Also:
-
maxCertificateListBytes
Set the preferred maximum allowed size of the certificate chain in bytes. This may not be respected and depends on if theSSLEngine
supports this feature.- Parameters:
maxBytes
- Number of bytes for the certificate chain.0
may mean "use the default limit".- Returns:
this
.
-