public class SSLContextBuilder extends Object implements Destroyable
SSLContext
.Modifier and Type | Method and Description |
---|---|
SSLContext |
build()
Builds a new
SSLContext instance based on the current configuration
settings. |
SSLContextBuilder |
cipherFilter(CipherFilter filter)
Configures a filter for cipher suites to enable, or
null to use
the default filter. |
SSLContextBuilder |
ciphers(String... ciphers)
Configures cipher suites to enable, or
null to enable the
recommended cipher suites. |
SSLContextBuilder |
clientAuth(ClientAuth clientAuth)
Configures the client authentication mode for a server-side
SSLEngine . |
void |
destroy()
Destroys sensitive information associated with this builder (i.e.
|
SSLContextBuilder |
enableRetransmissions(boolean enable)
Configures if DTLS handshake retransmissions should be enabled.
|
SSLEngineBuilder |
engineBuilder()
Creates a new
SSLEngine builder pre-configured with the current
configuration settings. |
static SSLContextBuilder |
forClient()
Creates a builder for a client-side
SSLContext . |
static SSLContextBuilder |
forServer(File keyFile,
char[] password,
File keyCertsFile)
Creates a builder for a server-side
SSLContext . |
static SSLContextBuilder |
forServer(File keyFile,
File keyCertsFile)
Creates a builder for a server-side
SSLContext . |
static SSLContextBuilder |
forServer(InputStream keyIn,
char[] password,
InputStream keyCertsIn)
Creates a builder for a server-side
SSLContext . |
static SSLContextBuilder |
forServer(InputStream keyIn,
InputStream keyCertsIn)
Creates a builder for a server-side
SSLContext . |
static SSLContextBuilder |
forServer(KeyManagerFactory keyFactory)
Creates a builder for a server-side
SSLContext . |
static SSLContextBuilder |
forServer(PrivateKey key,
char[] password,
X509Certificate... keyCerts)
Creates a builder for a server-side
SSLContext . |
static SSLContextBuilder |
forServer(PrivateKey key,
X509Certificate... keyCerts)
Creates a builder for a server-side
SSLContext . |
boolean |
isDestroyed()
Tells if sensitive information associated with this builder is destroyed
|
boolean |
isForClient()
Tells if the builder if for a client-side
SSLContext . |
boolean |
isForServer()
Tells if the builder if for a server-side
SSLContext . |
SSLContextBuilder |
keyManager(File keyFile,
char[] password,
File keyCertsFile)
Configures a private key with certificate chain for host identification.
|
SSLContextBuilder |
keyManager(File keyFile,
File keyCertsFile)
Configures a private key with certificate chain for host identification.
|
SSLContextBuilder |
keyManager(InputStream keyIn,
char[] password,
InputStream keyCertsIn)
Configures a private key with certificate chain for host identification.
|
SSLContextBuilder |
keyManager(InputStream keyIn,
InputStream keyCertsIn)
Configures a private key with certificate chain for host identification.
|
SSLContextBuilder |
keyManager(KeyManagerFactory keyFactory)
Configures a private key with certificate chain for host identification.
|
SSLContextBuilder |
keyManager(PrivateKey key,
char[] password,
X509Certificate... keyCerts)
Configures a private key with certificate chain for host identification.
|
SSLContextBuilder |
keyManager(PrivateKey key,
X509Certificate... keyCerts)
Configures a private key with certificate chain for host identification.
|
SSLContextBuilder |
maximumPacketSize(int maxSize)
Configures the maximum expected network packet size.
|
SSLContextBuilder |
protocol(String protocol)
Configures the protocol name of the
SSLContext to be created by this
builder. |
SSLContextBuilder |
protocolFilter(ProtocolFilter filter)
Configures a filter for protocol versions to enable, or
null to use
the default filter. |
SSLContextBuilder |
protocols(String... protocols)
Configures protocol versions to enable, or
null to enable the
recommended protocol versions. |
SSLContextBuilder |
provider(Provider provider)
Configures the provide of the
SSLContext to be created by this
builder. |
SSLContextBuilder |
providerName(String provider)
Configures the provider name of the
SSLContext to be created by this
builder. |
SSLContextBuilder |
secureRandom(SecureRandom random)
Configures a secure source of randomness.
|
SSLContextBuilder |
sessionCacheSize(int size)
Configures the size of the cache used for storing the SSL session objects.
|
SSLContextBuilder |
sessionTimeout(int timeout)
Configures the timeout limit for the cached SSL session objects.
|
SSLContextBuilder |
trustManager(File trustCertsFile)
Configures trusted certificates for remote hosts verification.
|
SSLContextBuilder |
trustManager(InputStream trustCertsIn)
Configures trusted certificates for remote hosts verification.
|
SSLContextBuilder |
trustManager(TrustManagerFactory trustFactory)
Configures trusted certificates for remote hosts verification.
|
SSLContextBuilder |
trustManager(X509Certificate... trustCerts)
Configures trusted certificates for remote hosts verification.
|
SSLContextBuilder |
useCiphersOrder(boolean useOrder)
Configures if the local cipher suites preferences should be honored during
SSL/TLS/DTLS handshaking
|
public static SSLContextBuilder forClient()
SSLContext
.SSLContext
public static SSLContextBuilder forServer(File keyFile, File keyCertsFile) throws IOException, KeyException, CertificateException
SSLContext
.keyFile
- a file for a PKCS#8 private key in the PEM encodingkeyCertsFile
- a file for an X.509 certificate chain in the PEM encodingSSLContext
IOException
- if a failure occurred while reading the filesKeyException
- if a failure occurred while creating the keyCertificateException
- if a failure occurred while creating the
certificatespublic static SSLContextBuilder forServer(File keyFile, char[] password, File keyCertsFile) throws IOException, KeyException, CertificateException
SSLContext
.keyFile
- a file for a PKCS#8 private key in the PEM encodingpassword
- the password protecting the private key, or null
if the key is not password-protectedkeyCertsFile
- a file for an X.509 certificate chain in the PEM encodingSSLContext
IOException
- if a failure occurred while reading the filesKeyException
- if a failure occurred while creating the keyCertificateException
- if a failure occurred while creating the
certificatespublic static SSLContextBuilder forServer(InputStream keyIn, InputStream keyCertsIn) throws IOException, KeyException, CertificateException
SSLContext
.keyIn
- an input stream for a PKCS#8 private key in the PEM
encodingkeyCertsIn
- an input stream for an X.509 certificate chain in the PEM
encodingSSLContext
IOException
- if a failure occurred while reading from the
input streamsKeyException
- if a failure occurred while creating the keyCertificateException
- if a failure occurred while creating the
certificatespublic static SSLContextBuilder forServer(InputStream keyIn, char[] password, InputStream keyCertsIn) throws IOException, KeyException, CertificateException
SSLContext
.keyIn
- an input stream for a PKCS#8 private key in the PEM encodingpassword
- the password protecting the private key, or null
if
the key is not password-protectedkeyCertsIn
- an input stream for an X.509 certificate chain in the PEM
encodingSSLContext
IOException
- if a failure occurred while reading from the
input streamsKeyException
- if a failure occurred while creating the keyCertificateException
- if a failure occurred while creating the
certificatespublic static SSLContextBuilder forServer(PrivateKey key, X509Certificate... keyCerts)
SSLContext
.key
- a PKCS#8 private keykeyCerts
- an X.509 certificate chainSSLContext
public static SSLContextBuilder forServer(PrivateKey key, char[] password, X509Certificate... keyCerts)
SSLContext
.key
- a PKCS#8 private keypassword
- the password protecting the private key, or null
if
the key is not password-protectedkeyCerts
- an X.509 certificate chainSSLContext
public static SSLContextBuilder forServer(KeyManagerFactory keyFactory)
SSLContext
.keyFactory
- a factory for a private keySSLContext
public boolean isForServer()
SSLContext
.true
if the builder if for a server-side SSLContext
public boolean isForClient()
SSLContext
.true
if the builder if for a client-side SSLContext
public SSLContextBuilder protocol(String protocol)
SSLContext
to be created by this
builder.protocol
- the protocol namepublic SSLContextBuilder protocols(String... protocols)
null
to enable the
recommended protocol versions.
This configuration is used to pre-configure the SSLEngineBuilder
returned by the engineBuilder()
method.
protocols
- the protocol versionspublic SSLContextBuilder protocolFilter(ProtocolFilter filter)
null
to use
the default filter.
This configuration is used to pre-configure the SSLEngineBuilder
returned by the engineBuilder()
method.
filter
- the protocol filterpublic SSLContextBuilder ciphers(String... ciphers)
null
to enable the
recommended cipher suites.
This configuration is used to pre-configure the SSLEngineBuilder
returned by the engineBuilder()
method.
ciphers
- the cipher suitespublic SSLContextBuilder cipherFilter(CipherFilter filter)
null
to use
the default filter.
This configuration is used to pre-configure the SSLEngineBuilder
returned by the engineBuilder()
method.
filter
- the cipher filterpublic SSLContextBuilder enableRetransmissions(boolean enable)
This configuration is used to pre-configure the SSLEngineBuilder
returned by the engineBuilder()
method.
NOTE: It requires Java 9 or newer.
enable
- true
to enable DTLS handshake retransmissions.public SSLContextBuilder maximumPacketSize(int maxSize)
This configuration is used to pre-configure the SSLEngineBuilder
returned by the engineBuilder()
method.
NOTE: It requires Java 9 or newer.
maxSize
- the maximum expected network packet size in bytes, or 0 to use
the default value that is specified by the underlying
implementation.public SSLContextBuilder useCiphersOrder(boolean useOrder)
This configuration is used to pre-configure the SSLEngineBuilder
returned by the engineBuilder()
method.
useOrder
- true
to honor the local cipher suites preferencespublic SSLContextBuilder clientAuth(ClientAuth clientAuth)
SSLEngine
.
This configuration is used to pre-configure the SSLEngineBuilder
returned by the engineBuilder()
method.
clientAuth
- the client authentication mode.public SSLContextBuilder provider(Provider provider)
SSLContext
to be created by this
builder.provider
- the providerpublic SSLContextBuilder providerName(String provider)
SSLContext
to be created by this
builder.provider
- the provider namepublic SSLContextBuilder sessionTimeout(int timeout)
timeout
- the timeout limit in seconds, or 0 to set no limit.public SSLContextBuilder sessionCacheSize(int size)
size
- the cache size limit, or 0 to set no limit.public SSLContextBuilder trustManager(File trustCertsFile) throws IOException, CertificateException
trustCertsFile
- a file for X.509 certificates in the PEM encodingIOException
- if a failure occurred while reading the filesCertificateException
- if a failure occurred while creating thepublic SSLContextBuilder trustManager(InputStream trustCertsIn) throws IOException, CertificateException
trustCertsIn
- an input stream for X.509 certificates in the PEM encodingIOException
- if a failure occurred while reading the filesCertificateException
- if a failure occurred while creating thepublic SSLContextBuilder trustManager(X509Certificate... trustCerts)
trustCerts
- X.509 certificatespublic SSLContextBuilder trustManager(TrustManagerFactory trustFactory)
trustFactory
- a factory for trusted certificatespublic SSLContextBuilder keyManager(File keyFile, File keyCertsFile) throws IOException, KeyException, CertificateException
keyFile
- a file for a PKCS#8 private key in the PEM encodingkeyCertsFile
- a file for an X.509 certificate chain in the PEM encodingIOException
- if a failure occurred while reading the filesKeyException
- if a failure occurred while creating the keyCertificateException
- if a failure occurred while creating the
certificatespublic SSLContextBuilder keyManager(File keyFile, char[] password, File keyCertsFile) throws IOException, KeyException, CertificateException
keyFile
- a file for a PKCS#8 private key in the PEM encodingpassword
- the password protecting the private key, or null
if the key is not password-protectedkeyCertsFile
- a file for an X.509 certificate chain in the PEM encodingIOException
- if a failure occurred while reading the filesKeyException
- if a failure occurred while creating the keyCertificateException
- if a failure occurred while creating the
certificatespublic SSLContextBuilder keyManager(InputStream keyIn, InputStream keyCertsIn) throws IOException, KeyException, CertificateException
keyIn
- an input stream for a PKCS#8 private key in the PEM
encodingkeyCertsIn
- an input stream for an X.509 certificate chain in the PEM
encodingIOException
- if a failure occurred while reading from the
input streamsKeyException
- if a failure occurred while creating the keyCertificateException
- if a failure occurred while creating the
certificatespublic SSLContextBuilder keyManager(InputStream keyIn, char[] password, InputStream keyCertsIn) throws IOException, KeyException, CertificateException
keyIn
- an input stream for a PKCS#8 private key in the PEM
encodingpassword
- the password protecting the private key, or null
if
the key is not password-protectedkeyCertsIn
- an input stream for an X.509 certificate chain in the PEM
encodingIOException
- if a failure occurred while reading from the
input streamsKeyException
- if a failure occurred while creating the keyCertificateException
- if a failure occurred while creating the
certificatespublic SSLContextBuilder keyManager(PrivateKey key, X509Certificate... keyCerts)
key
- a PKCS#8 private keykeyCerts
- an X.509 certificate chainpublic SSLContextBuilder keyManager(PrivateKey key, char[] password, X509Certificate... keyCerts)
key
- a PKCS#8 private keypassword
- the password protecting the private key, or null
if
the key is not password-protectedkeyCerts
- an X.509 certificate chainpublic SSLContextBuilder keyManager(KeyManagerFactory keyFactory)
keyFactory
- a factory for a private keypublic SSLContextBuilder secureRandom(SecureRandom random)
random
- the source of randomness, or null
to use the default
source.public SSLEngineBuilder engineBuilder() throws SSLContextCreateException
SSLEngine
builder pre-configured with the current
configuration settings. The returned builder is constructed with a new
SSLContext
created by calling the build()
method.SSLEngine
builderSSLContextCreateException
- if a failure occurred while building the
SSLContext
instance used to
construct the new SSLEngine
builderpublic SSLContext build() throws SSLContextCreateException
SSLContext
instance based on the current configuration
settings.SSLContext
instance.SSLContextCreateException
- if a failure occurred while building the
SSLContext
instancepublic void destroy() throws DestroyFailedException
destroy
in interface Destroyable
DestroyFailedException
- if the destroy operation failedpublic boolean isDestroyed()
isDestroyed
in interface Destroyable
true
if the sensitive information is destroyedCopyright © 2017–2022 SNF4J.ORG. All rights reserved.