Package io.netty.handler.ssl
Class OpenSslServerContext
java.lang.Object
io.netty.handler.ssl.SslContext
io.netty.handler.ssl.ReferenceCountedOpenSslContext
io.netty.handler.ssl.OpenSslContext
io.netty.handler.ssl.OpenSslServerContext
- All Implemented Interfaces:
ReferenceCounted
A server-side
SslContext
which uses OpenSSL's SSL/TLS implementation.
This class will use a finalizer to ensure native resources are automatically cleaned up. To avoid finalizers
and manually release the native memory see ReferenceCountedOpenSslServerContext
.
-
Nested Class Summary
Nested classes/interfaces inherited from class io.netty.handler.ssl.ReferenceCountedOpenSslContext
ReferenceCountedOpenSslContext.AbstractCertificateVerifier
-
Field Summary
FieldsFields inherited from class io.netty.handler.ssl.ReferenceCountedOpenSslContext
CLIENT_ENABLE_SESSION_CACHE, CLIENT_ENABLE_SESSION_TICKET, CLIENT_ENABLE_SESSION_TICKET_TLSV13, clientAuth, ctx, ctxLock, enableOcsp, endpointIdentificationAlgorithm, engineMap, hasTLSv13Cipher, keyCertChain, NONE_PROTOCOL_NEGOTIATOR, protocols, SERVER_ENABLE_SESSION_CACHE, SERVER_ENABLE_SESSION_TICKET, SERVER_ENABLE_SESSION_TICKET_TLSV13, tlsFalseStart, USE_TASKS, VERIFY_DEPTH
Fields inherited from class io.netty.handler.ssl.SslContext
ALIAS, resumptionController, X509_CERT_FACTORY
-
Constructor Summary
ConstructorsModifierConstructorDescriptionOpenSslServerContext
(File certChainFile, File keyFile) Deprecated.OpenSslServerContext
(File certChainFile, File keyFile, String keyPassword) Deprecated.OpenSslServerContext
(File certChainFile, File keyFile, String keyPassword, Iterable<String> ciphers, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout) Deprecated.OpenSslServerContext
(File certChainFile, File keyFile, String keyPassword, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout) Deprecated.OpenSslServerContext
(File certChainFile, File keyFile, String keyPassword, Iterable<String> ciphers, Iterable<String> nextProtocols, long sessionCacheSize, long sessionTimeout) Deprecated.OpenSslServerContext
(File certChainFile, File keyFile, String keyPassword, TrustManagerFactory trustManagerFactory, Iterable<String> ciphers, ApplicationProtocolConfig config, long sessionCacheSize, long sessionTimeout) Deprecated.OpenSslServerContext
(File certChainFile, File keyFile, String keyPassword, TrustManagerFactory trustManagerFactory, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig config, long sessionCacheSize, long sessionTimeout) Deprecated.OpenSslServerContext
(File certChainFile, File keyFile, String keyPassword, TrustManagerFactory trustManagerFactory, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, OpenSslApplicationProtocolNegotiator apn, long sessionCacheSize, long sessionTimeout) Deprecated.useSslContextBuilder
}OpenSslServerContext
(File certChainFile, File keyFile, String keyPassword, TrustManagerFactory trustManagerFactory, Iterable<String> ciphers, OpenSslApplicationProtocolNegotiator apn, long sessionCacheSize, long sessionTimeout) Deprecated.OpenSslServerContext
(File trustCertCollectionFile, TrustManagerFactory trustManagerFactory, File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig config, long sessionCacheSize, long sessionTimeout) Deprecated.OpenSslServerContext
(File trustCertCollectionFile, TrustManagerFactory trustManagerFactory, File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, OpenSslApplicationProtocolNegotiator apn, long sessionCacheSize, long sessionTimeout) Deprecated.(package private)
OpenSslServerContext
(X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory, X509Certificate[] keyCertChain, PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout, ClientAuth clientAuth, String[] protocols, boolean startTls, boolean enableOcsp, String keyStore, ResumptionController resumptionController, Map.Entry<SslContextOption<?>, Object>... options) private
OpenSslServerContext
(X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory, X509Certificate[] keyCertChain, PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, OpenSslApplicationProtocolNegotiator apn, long sessionCacheSize, long sessionTimeout, ClientAuth clientAuth, String[] protocols, boolean startTls, boolean enableOcsp, String keyStore, ResumptionController resumptionController, Map.Entry<SslContextOption<?>, Object>... options) -
Method Summary
Methods inherited from class io.netty.handler.ssl.OpenSslContext
finalize, newEngine0
Methods inherited from class io.netty.handler.ssl.ReferenceCountedOpenSslContext
applicationProtocolNegotiator, certificates, chooseTrustManager, chooseTrustManager, chooseX509KeyManager, cipherSuites, context, freeBio, getBioNonApplicationBufferSize, getRejectRemoteInitiatedRenegotiation, isClient, newEngine, newEngine, newHandler, newHandler, newHandler, newHandler, providerFor, refCnt, release, release, retain, retain, setBioNonApplicationBufferSize, setKeyMaterial, setPrivateKeyMethod, setRejectRemoteInitiatedRenegotiation, setTicketKeys, setUseTasks, sslCtxPointer, stats, toBIO, toBIO, toBIO, toNegotiator, touch, touch, useExtendedTrustManager
Methods inherited from class io.netty.handler.ssl.SslContext
attributes, buildKeyManagerFactory, buildKeyManagerFactory, buildKeyStore, buildTrustManagerFactory, buildTrustManagerFactory, buildTrustManagerFactory, defaultClientProvider, defaultServerProvider, generateKeySpec, isServer, keyStorePassword, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContext, newClientContextInternal, newHandler, newHandler, newHandler, newHandler, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContext, newServerContextInternal, nextProtocols, sessionCacheSize, sessionTimeout, toApplicationProtocolConfig, toPrivateKey, toPrivateKey, toPrivateKey, toPrivateKeyInternal, toX509Certificates, toX509Certificates, toX509CertificatesInternal
-
Field Details
-
sessionContext
-
-
Constructor Details
-
OpenSslServerContext
Deprecated.Creates a new instance.- Parameters:
certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM format- Throws:
SSLException
-
OpenSslServerContext
@Deprecated public OpenSslServerContext(File certChainFile, File keyFile, String keyPassword) throws SSLException Deprecated.Creates a new instance.- Parameters:
certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of thekeyFile
.null
if it's not password-protected.- Throws:
SSLException
-
OpenSslServerContext
@Deprecated public OpenSslServerContext(File certChainFile, File keyFile, String keyPassword, Iterable<String> ciphers, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout) throws SSLException Deprecated.Creates a new instance.- Parameters:
certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of thekeyFile
.null
if it's not password-protected.ciphers
- the cipher suites to enable, in the order of preference.null
to use the default cipher suites.apn
- Provides a means to configure parameters related to application protocol negotiation.sessionCacheSize
- the size of the cache used for storing SSL session objects.0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.0
to use the default value.- Throws:
SSLException
-
OpenSslServerContext
@Deprecated public OpenSslServerContext(File certChainFile, File keyFile, String keyPassword, Iterable<String> ciphers, Iterable<String> nextProtocols, long sessionCacheSize, long sessionTimeout) throws SSLException Deprecated.Creates a new instance.- Parameters:
certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of thekeyFile
.null
if it's not password-protected.ciphers
- the cipher suites to enable, in the order of preference.null
to use the default cipher suites.nextProtocols
- the application layer protocols to accept, in the order of preference.null
to disable TLS NPN/ALPN extension.sessionCacheSize
- the size of the cache used for storing SSL session objects.0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.0
to use the default value.- Throws:
SSLException
-
OpenSslServerContext
@Deprecated public OpenSslServerContext(File certChainFile, File keyFile, String keyPassword, TrustManagerFactory trustManagerFactory, Iterable<String> ciphers, ApplicationProtocolConfig config, long sessionCacheSize, long sessionTimeout) throws SSLException Deprecated.Creates a new instance.- Parameters:
certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of thekeyFile
.null
if it's not password-protected.ciphers
- the cipher suites to enable, in the order of preference.null
to use the default cipher suites.config
- Application protocol config.sessionCacheSize
- the size of the cache used for storing SSL session objects.0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.0
to use the default value.- Throws:
SSLException
-
OpenSslServerContext
@Deprecated public OpenSslServerContext(File certChainFile, File keyFile, String keyPassword, TrustManagerFactory trustManagerFactory, Iterable<String> ciphers, OpenSslApplicationProtocolNegotiator apn, long sessionCacheSize, long sessionTimeout) throws SSLException Deprecated.Creates a new instance.- Parameters:
certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of thekeyFile
.null
if it's not password-protected.ciphers
- the cipher suites to enable, in the order of preference.null
to use the default cipher suites.apn
- Application protocol negotiator.sessionCacheSize
- the size of the cache used for storing SSL session objects.0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.0
to use the default value.- Throws:
SSLException
-
OpenSslServerContext
@Deprecated public OpenSslServerContext(File certChainFile, File keyFile, String keyPassword, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout) throws SSLException Deprecated.Creates a new instance.- Parameters:
certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of thekeyFile
.null
if it's not password-protected.ciphers
- the cipher suites to enable, in the order of preference.null
to use the default cipher suites.cipherFilter
- a filter to apply over the supplied list of ciphersapn
- Provides a means to configure parameters related to application protocol negotiation.sessionCacheSize
- the size of the cache used for storing SSL session objects.0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.0
to use the default value.- Throws:
SSLException
-
OpenSslServerContext
@Deprecated public OpenSslServerContext(File trustCertCollectionFile, TrustManagerFactory trustManagerFactory, File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig config, long sessionCacheSize, long sessionTimeout) throws SSLException Deprecated.Creates a new instance.- Parameters:
trustCertCollectionFile
- an X.509 certificate collection file in PEM format. This provides the certificate collection used for mutual authentication.null
to use the system defaulttrustManagerFactory
- theTrustManagerFactory
that provides theTrustManager
s that verifies the certificates sent from clients.null
to use the default or the results of parsingtrustCertCollectionFile
.keyCertChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of thekeyFile
.null
if it's not password-protected.keyManagerFactory
- theKeyManagerFactory
that provides theKeyManager
s that is used to encrypt data being sent to clients.null
to use the default or the results of parsingkeyCertChainFile
andkeyFile
.ciphers
- the cipher suites to enable, in the order of preference.null
to use the default cipher suites.cipherFilter
- a filter to apply over the supplied list of ciphers Only required ifprovider
isSslProvider.JDK
config
- Provides a means to configure parameters related to application protocol negotiation.sessionCacheSize
- the size of the cache used for storing SSL session objects.0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.0
to use the default value.- Throws:
SSLException
-
OpenSslServerContext
@Deprecated public OpenSslServerContext(File certChainFile, File keyFile, String keyPassword, TrustManagerFactory trustManagerFactory, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig config, long sessionCacheSize, long sessionTimeout) throws SSLException Deprecated.Creates a new instance.- Parameters:
certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of thekeyFile
.null
if it's not password-protected.ciphers
- the cipher suites to enable, in the order of preference.null
to use the default cipher suites.cipherFilter
- a filter to apply over the supplied list of ciphersconfig
- Application protocol config.sessionCacheSize
- the size of the cache used for storing SSL session objects.0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.0
to use the default value.- Throws:
SSLException
-
OpenSslServerContext
@Deprecated public OpenSslServerContext(File certChainFile, File keyFile, String keyPassword, TrustManagerFactory trustManagerFactory, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, OpenSslApplicationProtocolNegotiator apn, long sessionCacheSize, long sessionTimeout) throws SSLException Deprecated.useSslContextBuilder
}Creates a new instance.- Parameters:
certChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of thekeyFile
.null
if it's not password-protected.ciphers
- the cipher suites to enable, in the order of preference.null
to use the default cipher suites.cipherFilter
- a filter to apply over the supplied list of ciphersapn
- Application protocol negotiator.sessionCacheSize
- the size of the cache used for storing SSL session objects.0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.0
to use the default value.- Throws:
SSLException
-
OpenSslServerContext
@Deprecated public OpenSslServerContext(File trustCertCollectionFile, TrustManagerFactory trustManagerFactory, File keyCertChainFile, File keyFile, String keyPassword, KeyManagerFactory keyManagerFactory, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, OpenSslApplicationProtocolNegotiator apn, long sessionCacheSize, long sessionTimeout) throws SSLException Deprecated.Creates a new instance.- Parameters:
trustCertCollectionFile
- an X.509 certificate collection file in PEM format. This provides the certificate collection used for mutual authentication.null
to use the system defaulttrustManagerFactory
- theTrustManagerFactory
that provides theTrustManager
s that verifies the certificates sent from clients.null
to use the default or the results of parsingtrustCertCollectionFile
.keyCertChainFile
- an X.509 certificate chain file in PEM formatkeyFile
- a PKCS#8 private key file in PEM formatkeyPassword
- the password of thekeyFile
.null
if it's not password-protected.keyManagerFactory
- theKeyManagerFactory
that provides theKeyManager
s that is used to encrypt data being sent to clients.null
to use the default or the results of parsingkeyCertChainFile
andkeyFile
.ciphers
- the cipher suites to enable, in the order of preference.null
to use the default cipher suites.cipherFilter
- a filter to apply over the supplied list of ciphers Only required ifprovider
isSslProvider.JDK
apn
- Application Protocol Negotiator objectsessionCacheSize
- the size of the cache used for storing SSL session objects.0
to use the default value.sessionTimeout
- the timeout for the cached SSL session objects, in seconds.0
to use the default value.- Throws:
SSLException
-
OpenSslServerContext
OpenSslServerContext(X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory, X509Certificate[] keyCertChain, PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, ApplicationProtocolConfig apn, long sessionCacheSize, long sessionTimeout, ClientAuth clientAuth, String[] protocols, boolean startTls, boolean enableOcsp, String keyStore, ResumptionController resumptionController, Map.Entry<SslContextOption<?>, Object>... options) throws SSLException- Throws:
SSLException
-
OpenSslServerContext
private OpenSslServerContext(X509Certificate[] trustCertCollection, TrustManagerFactory trustManagerFactory, X509Certificate[] keyCertChain, PrivateKey key, String keyPassword, KeyManagerFactory keyManagerFactory, Iterable<String> ciphers, CipherSuiteFilter cipherFilter, OpenSslApplicationProtocolNegotiator apn, long sessionCacheSize, long sessionTimeout, ClientAuth clientAuth, String[] protocols, boolean startTls, boolean enableOcsp, String keyStore, ResumptionController resumptionController, Map.Entry<SslContextOption<?>, Object>... options) throws SSLException- Throws:
SSLException
-
-
Method Details
-
sessionContext
Description copied from class:SslContext
Returns theSSLSessionContext
object held by this context.- Specified by:
sessionContext
in classReferenceCountedOpenSslContext
-
SslContextBuilder