Package io.servicetalk.transport.api

Class DelegatingSslConfig<T extends SslConfig>

java.lang.Object

io.servicetalk.transport.api.DelegatingSslConfig<T>

Type Parameters:

T - The type of SslConfig to delegate to.

All Implemented Interfaces:

SslConfig

Direct Known Subclasses:

DelegatingClientSslConfig, DelegatingServerSslConfig

public abstract class DelegatingSslConfig<T extends SslConfig>
extends Object
implements SslConfig

Wrap a SslConfig and delegate all methods to it.

Nested Class Summary

Nested classes/interfaces inherited from interface io.servicetalk.transport.api.SslConfig

SslConfig.CipherSuiteFilter

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	DelegatingSslConfig(T delegate)	Create a new instance.

Method Summary

Modifier and Type	Method	Description
List<String>	alpnProtocols()	Get the TLS ALPN protocols.
List<CertificateCompressionAlgorithm>	certificateCompressionAlgorithms()	Get the list of usable CertificateCompressionAlgorithms to advertise.
List<String>	ciphers()	Get the cipher suites to enable, in the order of preference.
SslConfig.CipherSuiteFilter	cipherSuiteFilter()	Defines filtering behavior for ciphers suites.
protected T	delegate()	Get the DelegatingSslConfig to delegate to.
Duration	handshakeTimeout()	Get the timeout for the handshake process.
Supplier<InputStream>	keyCertChainSupplier()	Get a InputStream which provides X.509 certificate chain in PEM format associated with SslConfig.keySupplier().
KeyManagerFactory	keyManagerFactory()	Get the KeyManagerFactory to use for the SSL/TLS handshake.
String	keyPassword()	Get the password required to access the key material (e.g.
Supplier<InputStream>	keySupplier()	Get a InputStream which provides a PKCS#8 private key in PEM format associated with SslConfig.keyCertChainSupplier().
int	maxCertificateListBytes()	Get the preferred maximum allowed size of the certificate chain in bytes.
SslProvider	provider()	Get the SslProvider to use.
long	sessionCacheSize()	Get the size of the cache used for storing SSL session objects.
long	sessionTimeout()	Get the timeout for the cached SSL session objects, in seconds.
List<String>	sslProtocols()	Get the TLS protocols to enable, in the order of preference.
Supplier<InputStream>	trustCertChainSupplier()	Get the trusted certificates for verifying the remote endpoint's certificate.
TrustManagerFactory	trustManagerFactory()	Get the TrustManagerFactory used for verifying the remote endpoint's certificate.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

DelegatingSslConfig

protected DelegatingSslConfig(T delegate)

Create a new instance.

Parameters:

delegate - The instance to delegate to.

Method Details

delegate

protected T delegate()

Get the DelegatingSslConfig to delegate to.

Returns:

the DelegatingSslConfig to delegate to.

trustManagerFactory

@Nullable
public TrustManagerFactory trustManagerFactory()

Description copied from interface: SslConfig

Get the TrustManagerFactory used for verifying the remote endpoint's certificate.

Specified by:

trustManagerFactory in interface SslConfig

Returns:

the TrustManagerFactory used for verifying the remote endpoint's certificate.

trustCertChainSupplier

@Nullable
public Supplier<InputStream> trustCertChainSupplier()

Description copied from interface: SslConfig

Get the trusted certificates for verifying the remote endpoint's certificate. The input stream should contain an X.509 certificate chain in PEM format.

Specified by:

trustCertChainSupplier in interface SslConfig

Returns:

the trusted certificates for verifying the remote endpoint's certificate. The input stream should contain an X.509 certificate chain in PEM format.

Each invocation of the Supplier should provide an independent instance of InputStream and the caller is responsible for invoking InputStream.close().

keyManagerFactory

@Nullable
public KeyManagerFactory keyManagerFactory()

Description copied from interface: SslConfig

Get the KeyManagerFactory to use for the SSL/TLS handshake.

Specified by:

keyManagerFactory in interface SslConfig

Returns:

the KeyManagerFactory to use for the SSL/TLS handshake.

keyCertChainSupplier

@Nullable
public Supplier<InputStream> keyCertChainSupplier()

Description copied from interface: SslConfig

Get a InputStream which provides X.509 certificate chain in PEM format associated with SslConfig.keySupplier().

Specified by:

keyCertChainSupplier in interface SslConfig

Returns:

the certificate chain associated with SslConfig.keySupplier().

Each invocation of the Supplier should provide an independent instance of InputStream and the caller is responsible for invoking InputStream.close().

keySupplier

@Nullable
public Supplier<InputStream> keySupplier()

Description copied from interface: SslConfig

Get a InputStream which provides a PKCS#8 private key in PEM format associated with SslConfig.keyCertChainSupplier().

Specified by:

keySupplier in interface SslConfig

Returns:

a InputStream which provides a PKCS#8 private key in PEM format associated with SslConfig.keyCertChainSupplier().

Each invocation of the Supplier should provide an independent instance of InputStream and the caller is responsible for invoking InputStream.close().

keyPassword

@Nullable
public String keyPassword()

Description copied from interface: SslConfig

Get the password required to access the key material (e.g. from SslConfig.keySupplier()).

Specified by:

keyPassword in interface SslConfig

Returns:

the password required to access the key material (e.g. from SslConfig.keySupplier()).

sslProtocols

@Nullable
public List<String> sslProtocols()

Description copied from interface: SslConfig

Get the TLS protocols to enable, in the order of preference.

Specified by:

sslProtocols in interface SslConfig

Returns:

the TLS protocols to enable, in the order of preference.

See Also:

• SSLEngine.setEnabledProtocols(String[])

alpnProtocols

@Nullable
public List<String> alpnProtocols()

Description copied from interface: SslConfig

Get the TLS ALPN protocols.

Note that each ALPN protocol typically requires corresponding configuration at the protocol layer and as a result maybe inferred and overridden by the protocol layer.

Specified by:

alpnProtocols in interface SslConfig

Returns:

the TLS ALPN protocols.

ciphers

@Nullable
public List<String> ciphers()

Description copied from interface: SslConfig

Get the cipher suites to enable, in the order of preference.

Specified by:

ciphers in interface SslConfig

Returns:

the cipher suites to enable, in the order of preference.

See Also:

• SslConfig.cipherSuiteFilter()

cipherSuiteFilter

public SslConfig.CipherSuiteFilter cipherSuiteFilter()

Description copied from interface: SslConfig

Defines filtering behavior for ciphers suites.

Specified by:

cipherSuiteFilter in interface SslConfig

Returns:

filtering behavior for ciphers suites.

See Also:

• SslConfig.ciphers()

sessionCacheSize

public long sessionCacheSize()

Description copied from interface: SslConfig

Get the size of the cache used for storing SSL session objects.

Specified by:

sessionCacheSize in interface SslConfig

Returns:

the size of the cache used for storing SSL session objects.

See Also:

• SSLSessionContext.setSessionCacheSize(int)

sessionTimeout

public long sessionTimeout()

Description copied from interface: SslConfig

Get the timeout for the cached SSL session objects, in seconds.

Specified by:

sessionTimeout in interface SslConfig

Returns:

the timeout for the cached SSL session objects, in seconds.

See Also:

• SSLSessionContext.setSessionTimeout(int)

provider

@Nullable
public SslProvider provider()

Description copied from interface: SslConfig

Get the SslProvider to use.

Specified by:

provider in interface SslConfig

Returns:

the SslProvider to use.

certificateCompressionAlgorithms

@Nullable
public List<CertificateCompressionAlgorithm> certificateCompressionAlgorithms()

Description copied from interface: SslConfig

Get the list of usable CertificateCompressionAlgorithms to advertise.

If this method returns null (by default) or an empty list, no certificate compression algorithms will be advertised during the TLS handshake which effectively disables this feature. Note that even though they are advertised, the other side is not required per RFC to compress so certificates might still be sent uncompressed.

Also note that this feature is only available with:

• BoringSSL implementation of SslProvider.OPENSSL. Provided compression algorithms are ignored when the SslProvider.JDK is used.
• TLSv1.3 or above.

Specified by:

certificateCompressionAlgorithms in interface SslConfig

Returns:

the list of certificate compression algorithms to advertise.

See Also:

• RFC8879 - TLS Certificate Compression
• CertificateCompressionAlgorithms

handshakeTimeout

public Duration handshakeTimeout()

Description copied from interface: SslConfig

Get the timeout for the handshake process.

Implementations can round the returned Duration to full time units, depending on their time granularity. Zero duration disables the timeout.

Specified by:

handshakeTimeout in interface SslConfig

Returns:

the timeout for the handshake process or Duration.ZERO to disable it.

maxCertificateListBytes

public int maxCertificateListBytes()

Description copied from interface: SslConfig

Get the preferred maximum allowed size of the certificate chain in bytes. This may not be respected and depends on if the SSLEngine supports this feature.

Specified by:

maxCertificateListBytes in interface SslConfig

Returns:

Maximum number of bytes for the certificate chain, or <=0 to use the default limit.