io.netty.incubator.codec.quic

Class QuicSslContextBuilder

java.lang.Object

io.netty.incubator.codec.quic.QuicSslContextBuilder

public final class QuicSslContextBuilder
extends Object

Builder for configuring a new SslContext for creation.

Method Summary

Modifier and Type	Method and Description
QuicSslContextBuilder	applicationProtocols(String... applicationProtocols) Application protocol negotiation configuration.
QuicSslContext	build() Create new QuicSslContext instance with configured settings that can be used for QUIC.
static QuicSslContext	buildForServerWithSni(io.netty.util.Mapping<? super String,? extends QuicSslContext> mapping) Enables support for SNI on the server side.
QuicSslContextBuilder	clientAuth(io.netty.handler.ssl.ClientAuth clientAuth) Sets the client authentication mode.
QuicSslContextBuilder	earlyData(boolean enabled) Enable / disable the usage of early data.
static QuicSslContextBuilder	forClient() Creates a builder for new client-side QuicSslContext that can be used for QUIC.
static QuicSslContextBuilder	forServer(File keyFile, @Nullable String keyPassword, File certChainFile) Creates a builder for new server-side QuicSslContext that can be used for QUIC.
static QuicSslContextBuilder	forServer(KeyManagerFactory keyManagerFactory, @Nullable String password) Creates a builder for new server-side QuicSslContext that can be used for QUIC.
static QuicSslContextBuilder	forServer(KeyManager keyManager, @Nullable String keyPassword) Creates a builder for new server-side QuicSslContext with KeyManager that can be used for QUIC.
static QuicSslContextBuilder	forServer(PrivateKey key, @Nullable String keyPassword, X509Certificate... certChain) Creates a builder for new server-side QuicSslContext that can be used for QUIC.
QuicSslContextBuilder	keylog(boolean enabled) Enable / disable keylog.
QuicSslContextBuilder	keylog(@Nullable BoringSSLKeylog keylog) Enable / disable keylog.
QuicSslContextBuilder	keyManager(@Nullable File keyFile, @Nullable String keyPassword, @Nullable File keyCertChainFile) Identifying certificate for this host.
QuicSslContextBuilder	keyManager(@Nullable KeyManagerFactory keyManagerFactory, @Nullable String keyPassword) Identifying manager for this host.
QuicSslContextBuilder	keyManager(KeyManager keyManager, @Nullable String password) A single key manager managing the identity information of this host.
QuicSslContextBuilder	keyManager(@Nullable PrivateKey key, @Nullable String keyPassword, X509Certificate... certChain) Identifying certificate for this host.
<T> QuicSslContextBuilder	option(io.netty.handler.ssl.SslContextOption<T> option, T value) Configure a SslContextOption.
QuicSslContextBuilder	sessionCacheSize(long sessionCacheSize) Set the size of the cache used for storing SSL session objects.
QuicSslContextBuilder	sessionTimeout(long sessionTimeout) Set the timeout for the cached SSL session objects, in seconds.
QuicSslContextBuilder	trustManager(@Nullable File trustCertCollectionFile) Trusted certificates for verifying the remote endpoint's certificate.
QuicSslContextBuilder	trustManager(TrustManager trustManager) A single trusted manager for verifying the remote endpoint's certificate.
QuicSslContextBuilder	trustManager(@Nullable TrustManagerFactory trustManagerFactory) Trusted manager for verifying the remote endpoint's certificate.
QuicSslContextBuilder	trustManager(X509Certificate... trustCertCollection) Trusted certificates for verifying the remote endpoint's certificate.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

forClient

public static QuicSslContextBuilder forClient()

Creates a builder for new client-side QuicSslContext that can be used for QUIC.

forServer

public static QuicSslContextBuilder forServer(File keyFile,
                                              @Nullable
                                              @Nullable String keyPassword,
                                              File certChainFile)

Creates a builder for new server-side QuicSslContext that can be used for QUIC.

Parameters:

keyFile - a PKCS#8 private key file in PEM format

keyPassword - the password of the keyFile, or null if it's not password-protected

certChainFile - an X.509 certificate chain file in PEM format

See Also:

keyManager(File, String, File)

forServer

public static QuicSslContextBuilder forServer(PrivateKey key,
                                              @Nullable
                                              @Nullable String keyPassword,
                                              X509Certificate... certChain)

Creates a builder for new server-side QuicSslContext that can be used for QUIC.

Parameters:

key - a PKCS#8 private key

keyPassword - the password of the keyFile, or null if it's not password-protected

certChain - the X.509 certificate chain

See Also:

keyManager(File, String, File)

forServer

public static QuicSslContextBuilder forServer(KeyManagerFactory keyManagerFactory,
                                              @Nullable
                                              @Nullable String password)

Creates a builder for new server-side QuicSslContext that can be used for QUIC.

Parameters:

keyManagerFactory - non-null factory for server's private key

See Also:

keyManager(KeyManagerFactory, String)

forServer

public static QuicSslContextBuilder forServer(KeyManager keyManager,
                                              @Nullable
                                              @Nullable String keyPassword)

Creates a builder for new server-side QuicSslContext with KeyManager that can be used for QUIC.

Parameters:

keyManager - non-null KeyManager for server's private key

keyPassword - the password of the keyFile, or null if it's not password-protected

buildForServerWithSni

public static QuicSslContext buildForServerWithSni(io.netty.util.Mapping<? super String,? extends QuicSslContext> mapping)

Enables support for SNI on the server side.

Parameters:

mapping - the Mapping that is used to map names to the QuicSslContext to use. Usually using DomainWildcardMappingBuilder should be used to create the Mapping.

option

public <T> QuicSslContextBuilder option(io.netty.handler.ssl.SslContextOption<T> option,
                                        T value)

Configure a SslContextOption.

earlyData

public QuicSslContextBuilder earlyData(boolean enabled)

Enable / disable the usage of early data.

keylog

public QuicSslContextBuilder keylog(boolean enabled)

Enable / disable keylog. When enabled, TLS keys are logged to an internal logger named "io.netty.incubator.codec.quic.BoringSSLLogginKeylog" with DEBUG level, see BoringSSLKeylog for detail, logging keys are following NSS Key Log Format. This is intended for debugging use with tools like Wireshark.

keylog

public QuicSslContextBuilder keylog(@Nullable
                                    @Nullable BoringSSLKeylog keylog)

Enable / disable keylog. When enabled, TLS keys are logged to BoringSSLKeylog.logKey(SSLEngine, String) logging keys are following NSS Key Log Format. This is intended for debugging use with tools like Wireshark.

trustManager

public QuicSslContextBuilder trustManager(@Nullable
                                          @Nullable File trustCertCollectionFile)

Trusted certificates for verifying the remote endpoint's certificate. The file should contain an X.509 certificate collection in PEM format. null uses the system default which only works with Java 8u261 and later as these versions support TLS1.3, see JDK 8u261 Update Release Notes

trustManager

public QuicSslContextBuilder trustManager(X509Certificate... trustCertCollection)

Trusted certificates for verifying the remote endpoint's certificate. null uses the system default which only works with Java 8u261 and later as these versions support TLS1.3, see JDK 8u261 Update Release Notes

trustManager

public QuicSslContextBuilder trustManager(@Nullable
                                          @Nullable TrustManagerFactory trustManagerFactory)

Trusted manager for verifying the remote endpoint's certificate. null uses the system default which only works with Java 8u261 and later as these versions support TLS1.3, see JDK 8u261 Update Release Notes

trustManager

public QuicSslContextBuilder trustManager(TrustManager trustManager)

A single trusted manager for verifying the remote endpoint's certificate. This is helpful when custom implementation of TrustManager is needed. Internally, a simple wrapper of TrustManagerFactory that only produces this specified TrustManager will be created, thus all the requirements specified in trustManager(TrustManagerFactory trustManagerFactory) also apply here.

keyManager

public QuicSslContextBuilder keyManager(@Nullable
                                        @Nullable File keyFile,
                                        @Nullable
                                        @Nullable String keyPassword,
                                        @Nullable
                                        @Nullable File keyCertChainFile)

Identifying certificate for this host. keyCertChainFile and keyFile may be null for client contexts, which disables mutual authentication.

Parameters:

keyFile - a PKCS#8 private key file in PEM format

keyPassword - the password of the keyFile, or null if it's not password-protected

keyCertChainFile - an X.509 certificate chain file in PEM format

keyManager

public QuicSslContextBuilder keyManager(@Nullable
                                        @Nullable PrivateKey key,
                                        @Nullable
                                        @Nullable String keyPassword,
                                        X509Certificate... certChain)

Identifying certificate for this host. keyCertChain and key may be null for client contexts, which disables mutual authentication.

Parameters:

key - a PKCS#8 private key file

keyPassword - the password of the key, or null if it's not password-protected

certChain - an X.509 certificate chain

keyManager

public QuicSslContextBuilder keyManager(@Nullable
                                        @Nullable KeyManagerFactory keyManagerFactory,
                                        @Nullable
                                        @Nullable String keyPassword)

Identifying manager for this host. keyManagerFactory may be null for client contexts, which disables mutual authentication.

keyManager

public QuicSslContextBuilder keyManager(KeyManager keyManager,
                                        @Nullable
                                        @Nullable String password)

A single key manager managing the identity information of this host. This is helpful when custom implementation of KeyManager is needed. Internally, a wrapper of KeyManagerFactory that only produces this specified KeyManager will be created, thus all the requirements specified in keyManager(KeyManagerFactory, String) also apply here.

applicationProtocols

public QuicSslContextBuilder applicationProtocols(String... applicationProtocols)

Application protocol negotiation configuration. null disables support.

sessionCacheSize

public QuicSslContextBuilder sessionCacheSize(long sessionCacheSize)

Set the size of the cache used for storing SSL session objects. 0 to use the default value.

sessionTimeout

public QuicSslContextBuilder sessionTimeout(long sessionTimeout)

Set the timeout for the cached SSL session objects, in seconds. 0 to use the default value.

clientAuth

public QuicSslContextBuilder clientAuth(io.netty.handler.ssl.ClientAuth clientAuth)

Sets the client authentication mode.

build

public QuicSslContext build()

Create new QuicSslContext instance with configured settings that can be used for QUIC.