Class DelegatingSslConfig<T extends SslConfig>
- Type Parameters:
T
- The type ofSslConfig
to delegate to.
- All Implemented Interfaces:
SslConfig
- Direct Known Subclasses:
DelegatingClientSslConfig
,DelegatingServerSslConfig
SslConfig
and delegate all methods to it.-
Nested Class Summary
Nested classes/interfaces inherited from interface io.servicetalk.transport.api.SslConfig
SslConfig.CipherSuiteFilter
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionGet the TLS ALPN protocols.Get the list of usableCertificateCompressionAlgorithms
to advertise.ciphers()
Get the cipher suites to enable, in the order of preference.Defines filtering behavior for ciphers suites.protected T
delegate()
Get theDelegatingSslConfig
to delegate to.Get the timeout for the handshake process.Get aInputStream
which providesX.509
certificate chain inPEM
format associated withSslConfig.keySupplier()
.Get theKeyManagerFactory
to use for the SSL/TLS handshake.Get the password required to access the key material (e.g.Get aInputStream
which provides aPKCS#8
private key inPEM
format associated withSslConfig.keyCertChainSupplier()
.int
Get the preferred maximum allowed size of the certificate chain in bytes.provider()
Get theSslProvider
to use.long
Get the size of the cache used for storing SSL session objects.long
Get the timeout for the cached SSL session objects, in seconds.Get the TLS protocols to enable, in the order of preference.Get the trusted certificates for verifying the remote endpoint's certificate.Get theTrustManagerFactory
used for verifying the remote endpoint's certificate.
-
Constructor Details
-
DelegatingSslConfig
Create a new instance.- Parameters:
delegate
- The instance to delegate to.
-
-
Method Details
-
delegate
Get theDelegatingSslConfig
to delegate to.- Returns:
- the
DelegatingSslConfig
to delegate to.
-
trustManagerFactory
Description copied from interface:SslConfig
Get theTrustManagerFactory
used for verifying the remote endpoint's certificate.- Specified by:
trustManagerFactory
in interfaceSslConfig
- Returns:
- the
TrustManagerFactory
used for verifying the remote endpoint's certificate.
-
trustCertChainSupplier
Description copied from interface:SslConfig
Get the trusted certificates for verifying the remote endpoint's certificate. The input stream should contain anX.509
certificate chain inPEM
format.- Specified by:
trustCertChainSupplier
in interfaceSslConfig
- Returns:
- the trusted certificates for verifying the remote endpoint's certificate. The input stream should
contain an
X.509
certificate chain inPEM
format.Each invocation of the
Supplier
should provide an independent instance ofInputStream
and the caller is responsible for invokingInputStream.close()
.
-
keyManagerFactory
Description copied from interface:SslConfig
Get theKeyManagerFactory
to use for the SSL/TLS handshake.- Specified by:
keyManagerFactory
in interfaceSslConfig
- Returns:
- the
KeyManagerFactory
to use for the SSL/TLS handshake.
-
keyCertChainSupplier
Description copied from interface:SslConfig
Get aInputStream
which providesX.509
certificate chain inPEM
format associated withSslConfig.keySupplier()
.- Specified by:
keyCertChainSupplier
in interfaceSslConfig
- Returns:
- the certificate chain associated with
SslConfig.keySupplier()
.Each invocation of the
Supplier
should provide an independent instance ofInputStream
and the caller is responsible for invokingInputStream.close()
.
-
keySupplier
Description copied from interface:SslConfig
Get aInputStream
which provides aPKCS#8
private key inPEM
format associated withSslConfig.keyCertChainSupplier()
.- Specified by:
keySupplier
in interfaceSslConfig
- Returns:
- a
InputStream
which provides aPKCS#8
private key inPEM
format associated withSslConfig.keyCertChainSupplier()
.Each invocation of the
Supplier
should provide an independent instance ofInputStream
and the caller is responsible for invokingInputStream.close()
.
-
keyPassword
Description copied from interface:SslConfig
Get the password required to access the key material (e.g. fromSslConfig.keySupplier()
).- Specified by:
keyPassword
in interfaceSslConfig
- Returns:
- the password required to access the key material (e.g. from
SslConfig.keySupplier()
).
-
sslProtocols
Description copied from interface:SslConfig
Get the TLS protocols to enable, in the order of preference.- Specified by:
sslProtocols
in interfaceSslConfig
- Returns:
- the TLS protocols to enable, in the order of preference.
- See Also:
-
alpnProtocols
Description copied from interface:SslConfig
Get the TLS ALPN protocols.Note that each ALPN protocol typically requires corresponding configuration at the protocol layer and as a result maybe inferred and overridden by the protocol layer.
- Specified by:
alpnProtocols
in interfaceSslConfig
- Returns:
- the TLS ALPN protocols.
-
ciphers
Description copied from interface:SslConfig
Get the cipher suites to enable, in the order of preference. -
cipherSuiteFilter
Description copied from interface:SslConfig
Defines filtering behavior for ciphers suites.- Specified by:
cipherSuiteFilter
in interfaceSslConfig
- Returns:
- filtering behavior for ciphers suites.
- See Also:
-
sessionCacheSize
public long sessionCacheSize()Description copied from interface:SslConfig
Get the size of the cache used for storing SSL session objects.- Specified by:
sessionCacheSize
in interfaceSslConfig
- Returns:
- the size of the cache used for storing SSL session objects.
- See Also:
-
sessionTimeout
public long sessionTimeout()Description copied from interface:SslConfig
Get the timeout for the cached SSL session objects, in seconds.- Specified by:
sessionTimeout
in interfaceSslConfig
- Returns:
- the timeout for the cached SSL session objects, in seconds.
- See Also:
-
provider
Description copied from interface:SslConfig
Get theSslProvider
to use.- Specified by:
provider
in interfaceSslConfig
- Returns:
- the
SslProvider
to use.
-
certificateCompressionAlgorithms
Description copied from interface:SslConfig
Get the list of usableCertificateCompressionAlgorithms
to advertise.If this method returns null (by default) or an empty list, no certificate compression algorithms will be advertised during the TLS handshake which effectively disables this feature. Note that even though they are advertised, the other side is not required per RFC to compress so certificates might still be sent uncompressed.
Also note that this feature is only available with:
- BoringSSL implementation of
SslProvider.OPENSSL
. Provided compression algorithms are ignored when theSslProvider.JDK
is used. - TLSv1.3 or above.
- Specified by:
certificateCompressionAlgorithms
in interfaceSslConfig
- Returns:
- the list of certificate compression algorithms to advertise.
- See Also:
- BoringSSL implementation of
-
handshakeTimeout
Description copied from interface:SslConfig
Get the timeout for the handshake process.Implementations can round the returned
Duration
to full time units, depending on their time granularity.Zero duration
disables the timeout.- Specified by:
handshakeTimeout
in interfaceSslConfig
- Returns:
- the timeout for the handshake process or
Duration.ZERO
to disable it.
-
maxCertificateListBytes
public int maxCertificateListBytes()Description copied from interface:SslConfig
Get the preferred maximum allowed size of the certificate chain in bytes. This may not be respected and depends on if theSSLEngine
supports this feature.- Specified by:
maxCertificateListBytes
in interfaceSslConfig
- Returns:
- Maximum number of bytes for the certificate chain, or
<=0
to use the default limit.
-