Class ServerSslConfigBuilder
ServerSslConfig
objects.-
Constructor Summary
ConstructorsConstructorDescriptionServerSslConfigBuilder
(Supplier<InputStream> keyCertChainSupplier, Supplier<InputStream> keySupplier) Create a new instance from aInputStream
which providesX.509
certificate chain inPEM
format and aPKCS#8
private key inPEM
format.ServerSslConfigBuilder
(Supplier<InputStream> keyCertChainSupplier, Supplier<InputStream> keySupplier, String keyPassword) Create a new instance from aInputStream
which providesX.509
certificate chain inPEM
format and aPKCS#8
private key inPEM
format.Create a new instance using theKeyManagerFactory
for SSL/TLS handshakes. -
Method Summary
Modifier and TypeMethodDescriptionfinal ServerSslConfigBuilder
alpnProtocols
(String... protocols) Set the TLS ALPN protocols.final ServerSslConfigBuilder
alpnProtocols
(List<String> protocols) Set the TLS ALPN protocols.build()
Build a newServerSslConfig
.final ServerSslConfigBuilder
certificateCompressionAlgorithms
(CertificateCompressionAlgorithm... algorithms) Sets the certificate compression algorithms to advertise if the feature is supported at runtime.final ServerSslConfigBuilder
Sets the certificate compression algorithms to advertise if the feature is supported at runtime.final ServerSslConfigBuilder
Set the cipher suites to enable, in the order of preference.final ServerSslConfigBuilder
Set the cipher suites to enable, in the order of preference.final ServerSslConfigBuilder
cipherSuiteFilter
(SslConfig.CipherSuiteFilter cipherSuiteFilter) Set the filtering behavior for ciphers suites.clientAuthMode
(SslClientAuthMode clientAuthMode) Set theSslClientAuthMode
which determines how client authentication should be done.final ServerSslConfigBuilder
handshakeTimeout
(Duration handshakeTimeout) Sets the timeout for the handshake process.final ServerSslConfigBuilder
keyManager
(Supplier<InputStream> keyCertChainSupplier, Supplier<InputStream> keySupplier) Set aInputStream
which providesX.509
certificate chain inPEM
format and aPKCS#8
private key inPEM
format.final ServerSslConfigBuilder
keyManager
(Supplier<InputStream> keyCertChainSupplier, Supplier<InputStream> keySupplier, String keyPassword) Set aInputStream
which providesX.509
certificate chain inPEM
format and aPKCS#8
private key inPEM
format protected by a password.final ServerSslConfigBuilder
Set theKeyManagerFactory
to use for the SSL/TLS handshake.final ServerSslConfigBuilder
maxCertificateListBytes
(int maxBytes) Set the preferred maximum allowed size of the certificate chain in bytes.final ServerSslConfigBuilder
provider
(SslProvider provider) Get theSslProvider
to use.final ServerSslConfigBuilder
sessionCacheSize
(long sessionCacheSize) Get the size of the cache used for storing SSL session objects.final ServerSslConfigBuilder
sessionTimeout
(long sessionTimeout) Get the timeout for the cached SSL session objects, in seconds.final ServerSslConfigBuilder
sslProtocols
(String... protocols) Set the TLS protocols to enable, in the order of preference.final ServerSslConfigBuilder
sslProtocols
(List<String> protocols) Set the TLS protocols to enable, in the order of preference.protected ServerSslConfigBuilder
thisT()
final ServerSslConfigBuilder
trustManager
(Supplier<InputStream> trustCertChainSupplier) Set the trusted certificates for verifying the remote endpoint's certificate.final ServerSslConfigBuilder
Set theTrustManagerFactory
used for verifying the remote endpoint's certificate.
-
Constructor Details
-
ServerSslConfigBuilder
Create a new instance using theKeyManagerFactory
for SSL/TLS handshakes.- Parameters:
kmf
- theKeyManagerFactory
to use for the SSL/TLS handshakes.- See Also:
-
ServerSslConfigBuilder
public ServerSslConfigBuilder(Supplier<InputStream> keyCertChainSupplier, Supplier<InputStream> keySupplier) Create a new instance from aInputStream
which providesX.509
certificate chain inPEM
format and aPKCS#8
private key inPEM
format.- Parameters:
keyCertChainSupplier
- theX.509
certificate chain inPEM
format.Each invocation of the
Supplier
should provide an independent instance ofInputStream
and the caller is responsible for invokingInputStream.close()
.keySupplier
- aInputStream
which provides aPKCS#8
private key in PEM format associated with.Each invocation of the
Supplier
should provide an independent instance ofInputStream
and the caller is responsible for invokingInputStream.close()
.- See Also:
-
ServerSslConfigBuilder
public ServerSslConfigBuilder(Supplier<InputStream> keyCertChainSupplier, Supplier<InputStream> keySupplier, @Nullable String keyPassword) Create a new instance from aInputStream
which providesX.509
certificate chain inPEM
format and aPKCS#8
private key inPEM
format.- Parameters:
keyCertChainSupplier
- theX.509
certificate chain inPEM
format.Each invocation of the
Supplier
should provide an independent instance ofInputStream
and the caller is responsible for invokingInputStream.close()
.keySupplier
- aInputStream
which provides aPKCS#8
private key in PEM format associated with.Each invocation of the
Supplier
should provide an independent instance ofInputStream
and the caller is responsible for invokingInputStream.close()
.keyPassword
- the password required to access the key material fromkeySupplier
.- See Also:
-
-
Method Details
-
clientAuthMode
Set theSslClientAuthMode
which determines how client authentication should be done.- Parameters:
clientAuthMode
- theSslClientAuthMode
which determines how client authentication should be done.- Returns:
this
.- See Also:
-
build
Build a newServerSslConfig
.- Returns:
- a new
ServerSslConfig
.
-
thisT
-
trustManager
Set theTrustManagerFactory
used for verifying the remote endpoint's certificate.- Parameters:
tmf
- theTrustManagerFactory
used for verifying the remote endpoint's certificate.- Returns:
this
.- See Also:
-
trustManager
Set the trusted certificates for verifying the remote endpoint's certificate. The input stream should contain anX.509
certificate chain inPEM
format.- Parameters:
trustCertChainSupplier
- the trusted certificates for verifying the remote endpoint's certificate. The input stream should contain anX.509
certificate chain inPEM
format.Each invocation of the
Supplier
should provide an independent instance ofInputStream
and the caller is responsible for invokingInputStream.close()
.- Returns:
this
.- See Also:
-
keyManager
Set theKeyManagerFactory
to use for the SSL/TLS handshake.- Parameters:
kmf
- theKeyManagerFactory
to use for the SSL/TLS handshake.- Returns:
this
.- See Also:
-
keyManager
public final ServerSslConfigBuilder keyManager(Supplier<InputStream> keyCertChainSupplier, Supplier<InputStream> keySupplier) Set aInputStream
which providesX.509
certificate chain inPEM
format and aPKCS#8
private key inPEM
format.- Parameters:
keyCertChainSupplier
- theX.509
certificate chain inPEM
format.Each invocation of the
Supplier
should provide an independent instance ofInputStream
and the caller is responsible for invokingInputStream.close()
.keySupplier
- aInputStream
which provides aPKCS#8
private key inPEM
format associated with.Each invocation of the
Supplier
should provide an independent instance ofInputStream
and the caller is responsible for invokingInputStream.close()
.- Returns:
this
.- See Also:
-
keyManager
public final ServerSslConfigBuilder keyManager(Supplier<InputStream> keyCertChainSupplier, Supplier<InputStream> keySupplier, @Nullable String keyPassword) Set aInputStream
which providesX.509
certificate chain inPEM
format and aPKCS#8
private key inPEM
format protected by a password.- Parameters:
keyCertChainSupplier
- theX.509
certificate chain inPEM
format.Each invocation of the
Supplier
should provide an independent instance ofInputStream
and the caller is responsible for invokingInputStream.close()
.keySupplier
- aInputStream
which provides aPKCS#8
private key inPEM
format associated with.Each invocation of the
Supplier
should provide an independent instance ofInputStream
and the caller is responsible for invokingInputStream.close()
.keyPassword
- the password required to access the key material fromkeySupplier
.- Returns:
this
.- See Also:
-
sslProtocols
Set the TLS protocols to enable, in the order of preference.- Parameters:
protocols
- the TLS protocols to enable, in the order of preference.- Returns:
this
.- See Also:
-
sslProtocols
Set the TLS protocols to enable, in the order of preference.- Parameters:
protocols
- the TLS protocols to enable, in the order of preference.- Returns:
this
.- See Also:
-
alpnProtocols
Set the TLS ALPN protocols.Note that each ALPN protocol typically requires corresponding configuration at the protocol layer and as a result maybe inferred and overridden by the protocol layer.
- Parameters:
protocols
- the TLS ALPN protocols.- Returns:
this
.- See Also:
-
alpnProtocols
Set the TLS ALPN protocols.Note that each ALPN protocol typically requires corresponding configuration at the protocol layer and as a result maybe inferred and overridden by the protocol layer.
- Parameters:
protocols
- the TLS ALPN protocols.- Returns:
this
.- See Also:
-
ciphers
Set the cipher suites to enable, in the order of preference.- Parameters:
ciphers
- the ciphers to use.- Returns:
this
.- See Also:
-
ciphers
Set the cipher suites to enable, in the order of preference.- Parameters:
ciphers
- the ciphers to use.- Returns:
this
.- See Also:
-
cipherSuiteFilter
public final ServerSslConfigBuilder cipherSuiteFilter(SslConfig.CipherSuiteFilter cipherSuiteFilter) Set the filtering behavior for ciphers suites.- Parameters:
cipherSuiteFilter
-SslConfig.CipherSuiteFilter
to use.- Returns:
this
.- See Also:
-
sessionCacheSize
Get the size of the cache used for storing SSL session objects.- Parameters:
sessionCacheSize
- the size of the cache used for storing SSL session objects.- Returns:
this
.- See Also:
-
sessionTimeout
Get the timeout for the cached SSL session objects, in seconds.- Parameters:
sessionTimeout
- the timeout for the cached SSL session objects, in seconds.- Returns:
this
.- See Also:
-
provider
Get theSslProvider
to use.- Parameters:
provider
- theSslProvider
to use.- Returns:
this
.- See Also:
-
certificateCompressionAlgorithms
public final ServerSslConfigBuilder certificateCompressionAlgorithms(List<CertificateCompressionAlgorithm> algorithms) Sets the certificate compression algorithms to advertise if the feature is supported at runtime.- Parameters:
algorithms
- the certificate compression algorithms to use.- Returns:
this
.- See Also:
-
certificateCompressionAlgorithms
public final ServerSslConfigBuilder certificateCompressionAlgorithms(CertificateCompressionAlgorithm... algorithms) Sets the certificate compression algorithms to advertise if the feature is supported at runtime.- Parameters:
algorithms
- the certificate compression algorithms to use.- Returns:
this
.- See Also:
-
handshakeTimeout
Sets the timeout for the handshake process.Implementations can round the returned
Duration
to full time units, depending on their time granularity.Zero duration
disables the timeout.- Parameters:
handshakeTimeout
- the timeout for the handshake process orDuration.ZERO
to disable it.- Returns:
this
.- See Also:
-
maxCertificateListBytes
Set the preferred maximum allowed size of the certificate chain in bytes. This may not be respected and depends on if theSSLEngine
supports this feature.- Parameters:
maxBytes
- Number of bytes for the certificate chain.0
may mean "use the default limit".- Returns:
this
.
-