Package io.servicetalk.transport.api

Class ServerSslConfigBuilder

java.lang.Object

io.servicetalk.transport.api.ServerSslConfigBuilder

public final class ServerSslConfigBuilder
extends Object

Default builder for ServerSslConfig objects.

Constructor Summary

Constructors

Constructor	Description
ServerSslConfigBuilder(Supplier<InputStream> keyCertChainSupplier, Supplier<InputStream> keySupplier)	Create a new instance from a InputStream which provides X.509 certificate chain in PEM format and a PKCS#8 private key in PEM format.
ServerSslConfigBuilder(Supplier<InputStream> keyCertChainSupplier, Supplier<InputStream> keySupplier, String keyPassword)	Create a new instance from a InputStream which provides X.509 certificate chain in PEM format and a PKCS#8 private key in PEM format.
ServerSslConfigBuilder(KeyManagerFactory kmf)	Create a new instance using the KeyManagerFactory for SSL/TLS handshakes.

Method Summary

Modifier and Type	Method	Description
final ServerSslConfigBuilder	alpnProtocols(String... protocols)	Set the TLS ALPN protocols.
final ServerSslConfigBuilder	alpnProtocols(List<String> protocols)	Set the TLS ALPN protocols.
ServerSslConfig	build()	Build a new ServerSslConfig.
final ServerSslConfigBuilder	certificateCompressionAlgorithms(CertificateCompressionAlgorithm... algorithms)	Sets the certificate compression algorithms to advertise if the feature is supported at runtime.
final ServerSslConfigBuilder	certificateCompressionAlgorithms(List<CertificateCompressionAlgorithm> algorithms)	Sets the certificate compression algorithms to advertise if the feature is supported at runtime.
final ServerSslConfigBuilder	ciphers(String... ciphers)	Set the cipher suites to enable, in the order of preference.
final ServerSslConfigBuilder	ciphers(List<String> ciphers)	Set the cipher suites to enable, in the order of preference.
final ServerSslConfigBuilder	cipherSuiteFilter(SslConfig.CipherSuiteFilter cipherSuiteFilter)	Set the filtering behavior for ciphers suites.
ServerSslConfigBuilder	clientAuthMode(SslClientAuthMode clientAuthMode)	Set the SslClientAuthMode which determines how client authentication should be done.
final ServerSslConfigBuilder	handshakeTimeout(Duration handshakeTimeout)	Sets the timeout for the handshake process.
final ServerSslConfigBuilder	keyManager(Supplier<InputStream> keyCertChainSupplier, Supplier<InputStream> keySupplier)	Set a InputStream which provides X.509 certificate chain in PEM format and a PKCS#8 private key in PEM format.
final ServerSslConfigBuilder	keyManager(Supplier<InputStream> keyCertChainSupplier, Supplier<InputStream> keySupplier, String keyPassword)	Set a InputStream which provides X.509 certificate chain in PEM format and a PKCS#8 private key in PEM format protected by a password.
final ServerSslConfigBuilder	keyManager(KeyManagerFactory kmf)	Set the KeyManagerFactory to use for the SSL/TLS handshake.
final ServerSslConfigBuilder	maxCertificateListBytes(int maxBytes)	Set the preferred maximum allowed size of the certificate chain in bytes.
final ServerSslConfigBuilder	provider(SslProvider provider)	Get the SslProvider to use.
final ServerSslConfigBuilder	sessionCacheSize(long sessionCacheSize)	Get the size of the cache used for storing SSL session objects.
final ServerSslConfigBuilder	sessionTimeout(long sessionTimeout)	Get the timeout for the cached SSL session objects, in seconds.
final ServerSslConfigBuilder	sslProtocols(String... protocols)	Set the TLS protocols to enable, in the order of preference.
final ServerSslConfigBuilder	sslProtocols(List<String> protocols)	Set the TLS protocols to enable, in the order of preference.
protected ServerSslConfigBuilder	thisT()
final ServerSslConfigBuilder	trustManager(Supplier<InputStream> trustCertChainSupplier)	Set the trusted certificates for verifying the remote endpoint's certificate.
final ServerSslConfigBuilder	trustManager(TrustManagerFactory tmf)	Set the TrustManagerFactory used for verifying the remote endpoint's certificate.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

ServerSslConfigBuilder

public ServerSslConfigBuilder(KeyManagerFactory kmf)

Create a new instance using the KeyManagerFactory for SSL/TLS handshakes.

Parameters:

kmf - the KeyManagerFactory to use for the SSL/TLS handshakes.

See Also:

• SslConfig.keyManagerFactory()

ServerSslConfigBuilder

public ServerSslConfigBuilder(Supplier<InputStream> keyCertChainSupplier,
 Supplier<InputStream> keySupplier)

Create a new instance from a InputStream which provides X.509 certificate chain in PEM format and a PKCS#8 private key in PEM format.

Parameters:

keyCertChainSupplier - the X.509 certificate chain in PEM format.

Each invocation of the Supplier should provide an independent instance of InputStream and the caller is responsible for invoking InputStream.close().

keySupplier - a InputStream which provides a PKCS#8 private key in PEM format associated with.

Each invocation of the Supplier should provide an independent instance of InputStream and the caller is responsible for invoking InputStream.close().

See Also:

• SslConfig.keyCertChainSupplier()
• SslConfig.keySupplier()

ServerSslConfigBuilder

public ServerSslConfigBuilder(Supplier<InputStream> keyCertChainSupplier,
 Supplier<InputStream> keySupplier,
 @Nullable
 String keyPassword)

Create a new instance from a InputStream which provides X.509 certificate chain in PEM format and a PKCS#8 private key in PEM format.

Parameters:

keyCertChainSupplier - the X.509 certificate chain in PEM format.

Each invocation of the Supplier should provide an independent instance of InputStream and the caller is responsible for invoking InputStream.close().

keySupplier - a InputStream which provides a PKCS#8 private key in PEM format associated with.

Each invocation of the Supplier should provide an independent instance of InputStream and the caller is responsible for invoking InputStream.close().

keyPassword - the password required to access the key material from keySupplier.

See Also:

• SslConfig.keyCertChainSupplier()
• SslConfig.keySupplier()
• SslConfig.keyPassword()

Method Details

clientAuthMode

public ServerSslConfigBuilder clientAuthMode(SslClientAuthMode clientAuthMode)

Set the SslClientAuthMode which determines how client authentication should be done.

Parameters:

clientAuthMode - the SslClientAuthMode which determines how client authentication should be done.

Returns:

this.

See Also:

• ServerSslConfig.clientAuthMode()
• SSLParameters.getNeedClientAuth()
• SSLParameters.getWantClientAuth()

build

public ServerSslConfig build()

Build a new ServerSslConfig.

Returns:

a new ServerSslConfig.

thisT

protected ServerSslConfigBuilder thisT()

trustManager

public final ServerSslConfigBuilder trustManager(TrustManagerFactory tmf)

Set the TrustManagerFactory used for verifying the remote endpoint's certificate.

Parameters:

tmf - the TrustManagerFactory used for verifying the remote endpoint's certificate.

Returns:

this.

See Also:

• SslConfig.trustManagerFactory()

trustManager

public final ServerSslConfigBuilder trustManager(Supplier<InputStream> trustCertChainSupplier)

Set the trusted certificates for verifying the remote endpoint's certificate. The input stream should contain an X.509 certificate chain in PEM format.

Parameters:

trustCertChainSupplier - the trusted certificates for verifying the remote endpoint's certificate. The input stream should contain an X.509 certificate chain in PEM format.

Each invocation of the Supplier should provide an independent instance of InputStream and the caller is responsible for invoking InputStream.close().

Returns:

this.

See Also:

• SslConfig.trustCertChainSupplier()

keyManager

public final ServerSslConfigBuilder keyManager(KeyManagerFactory kmf)

Set the KeyManagerFactory to use for the SSL/TLS handshake.

Parameters:

kmf - the KeyManagerFactory to use for the SSL/TLS handshake.

Returns:

this.

See Also:

• SslConfig.keyManagerFactory()

keyManager

public final ServerSslConfigBuilder keyManager(Supplier<InputStream> keyCertChainSupplier,
 Supplier<InputStream> keySupplier)

Set a InputStream which provides X.509 certificate chain in PEM format and a PKCS#8 private key in PEM format.

Parameters:

keyCertChainSupplier - the X.509 certificate chain in PEM format.

Each invocation of the Supplier should provide an independent instance of InputStream and the caller is responsible for invoking InputStream.close().

keySupplier - a InputStream which provides a PKCS#8 private key in PEM format associated with.

Each invocation of the Supplier should provide an independent instance of InputStream and the caller is responsible for invoking InputStream.close().

Returns:

this.

See Also:

• SslConfig.keyCertChainSupplier()
• SslConfig.keySupplier()

keyManager

public final ServerSslConfigBuilder keyManager(Supplier<InputStream> keyCertChainSupplier,
 Supplier<InputStream> keySupplier,
 @Nullable
 String keyPassword)

Set a InputStream which provides X.509 certificate chain in PEM format and a PKCS#8 private key in PEM format protected by a password.

Parameters:

keyCertChainSupplier - the X.509 certificate chain in PEM format.

Each invocation of the Supplier should provide an independent instance of InputStream and the caller is responsible for invoking InputStream.close().

keySupplier - a InputStream which provides a PKCS#8 private key in PEM format associated with.

Each invocation of the Supplier should provide an independent instance of InputStream and the caller is responsible for invoking InputStream.close().

keyPassword - the password required to access the key material from keySupplier.

Returns:

this.

See Also:

• SslConfig.keyCertChainSupplier()
• SslConfig.keySupplier()
• SslConfig.keyPassword()

sslProtocols

public final ServerSslConfigBuilder sslProtocols(List<String> protocols)

Set the TLS protocols to enable, in the order of preference.

Parameters:

protocols - the TLS protocols to enable, in the order of preference.

Returns:

this.

See Also:

• SslConfig.sslProtocols()
• SSLEngine.setEnabledProtocols(String[])

sslProtocols

public final ServerSslConfigBuilder sslProtocols(String... protocols)

Set the TLS protocols to enable, in the order of preference.

Parameters:

protocols - the TLS protocols to enable, in the order of preference.

Returns:

this.

See Also:

• SslConfig.sslProtocols()
• SSLEngine.setEnabledProtocols(String[])

alpnProtocols

public final ServerSslConfigBuilder alpnProtocols(List<String> protocols)

Set the TLS ALPN protocols.

Note that each ALPN protocol typically requires corresponding configuration at the protocol layer and as a result maybe inferred and overridden by the protocol layer.

Parameters:

protocols - the TLS ALPN protocols.

Returns:

this.

See Also:

• SslConfig.alpnProtocols()

alpnProtocols

public final ServerSslConfigBuilder alpnProtocols(String... protocols)

Set the TLS ALPN protocols.

Note that each ALPN protocol typically requires corresponding configuration at the protocol layer and as a result maybe inferred and overridden by the protocol layer.

Parameters:

protocols - the TLS ALPN protocols.

Returns:

this.

See Also:

• SslConfig.alpnProtocols()

ciphers

public final ServerSslConfigBuilder ciphers(List<String> ciphers)

Set the cipher suites to enable, in the order of preference.

Parameters:

ciphers - the ciphers to use.

Returns:

this.

See Also:

• SslConfig.ciphers()

ciphers

public final ServerSslConfigBuilder ciphers(String... ciphers)

Set the cipher suites to enable, in the order of preference.

Parameters:

ciphers - the ciphers to use.

Returns:

this.

See Also:

• SslConfig.ciphers()

cipherSuiteFilter

public final ServerSslConfigBuilder cipherSuiteFilter(SslConfig.CipherSuiteFilter cipherSuiteFilter)

Set the filtering behavior for ciphers suites.

Parameters:

cipherSuiteFilter - SslConfig.CipherSuiteFilter to use.

Returns:

this.

See Also:

• SslConfig.cipherSuiteFilter()
• ciphers(String...)
• ciphers(List)

sessionCacheSize

public final ServerSslConfigBuilder sessionCacheSize(long sessionCacheSize)

Get the size of the cache used for storing SSL session objects.

Parameters:

sessionCacheSize - the size of the cache used for storing SSL session objects.

Returns:

this.

See Also:

• SslConfig.sessionCacheSize()
• SSLSessionContext.setSessionCacheSize(int)

sessionTimeout

public final ServerSslConfigBuilder sessionTimeout(long sessionTimeout)

Get the timeout for the cached SSL session objects, in seconds.

Parameters:

sessionTimeout - the timeout for the cached SSL session objects, in seconds.

Returns:

this.

See Also:

• SslConfig.sessionTimeout()
• SSLSessionContext.setSessionTimeout(int)

provider

public final ServerSslConfigBuilder provider(SslProvider provider)

Get the SslProvider to use.

Parameters:

provider - the SslProvider to use.

Returns:

this.

See Also:

• SslConfig.provider()

certificateCompressionAlgorithms

public final ServerSslConfigBuilder certificateCompressionAlgorithms(List<CertificateCompressionAlgorithm> algorithms)

Sets the certificate compression algorithms to advertise if the feature is supported at runtime.

Parameters:

algorithms - the certificate compression algorithms to use.

Returns:

this.

See Also:

• SslConfig.certificateCompressionAlgorithms()
• CertificateCompressionAlgorithms

certificateCompressionAlgorithms

public final ServerSslConfigBuilder certificateCompressionAlgorithms(CertificateCompressionAlgorithm... algorithms)

Sets the certificate compression algorithms to advertise if the feature is supported at runtime.

Parameters:

algorithms - the certificate compression algorithms to use.

Returns:

this.

See Also:

• SslConfig.certificateCompressionAlgorithms()
• CertificateCompressionAlgorithms

handshakeTimeout

public final ServerSslConfigBuilder handshakeTimeout(Duration handshakeTimeout)

Sets the timeout for the handshake process.

Implementations can round the returned Duration to full time units, depending on their time granularity. Zero duration disables the timeout.

Parameters:

handshakeTimeout - the timeout for the handshake process or Duration.ZERO to disable it.

Returns:

this.

See Also:

• SslConfig.handshakeTimeout()

maxCertificateListBytes

public final ServerSslConfigBuilder maxCertificateListBytes(int maxBytes)

Set the preferred maximum allowed size of the certificate chain in bytes. This may not be respected and depends on if the SSLEngine supports this feature.

Parameters:

maxBytes - Number of bytes for the certificate chain. 0 may mean "use the default limit".

Returns:

this.