/** * Creates a new {@link SslHandler}. * * @return a new {@link SslHandler} */ public final SslHandler newHandler() { return newHandler(newEngine()); }
/** * Creates a new server-side {@link SslContext}. * * @param certChainFile an X.509 certificate chain file in PEM format * @param keyFile a PKCS#8 private key file in PEM format * @return a new server-side {@link SslContext} */ public static SslContext newServerContext(File certChainFile, File keyFile) throws SSLException { return newServerContext(null, null, certChainFile, keyFile, null, null, null, 0, 0); }
/** * Creates a new client-side {@link SslContext}. * * @param provider the {@link SslContext} implementation to use. * {@code null} to use the current default one. * * @return a new client-side {@link SslContext} */ public static SslContext newClientContext(SslProvider provider) throws SSLException { return newClientContext(provider, null, null, null, null, null, 0, 0); }
private SslHandler buildSslHandler() throws CertificateException, SSLException { final SslContext sslCtx = SslContext.newServerContext( tlsCertFile, tlsKeyFile, emptyToNull(configuration.getRestTlsKeyPassword())); return sslCtx.newHandler(); } });
public SslHandler createHandler() throws Exception { return clientContext.newHandler(); }
@Override public SslHandler newHandler() { SessionAwareSslHandler handler = new SessionAwareSslHandler( sslContext.newEngine(), sslContext.bufferPool(), JavaSslServerConfiguration.this); handler.setCloseOnSSLException(true); return handler; } };
private SslHandler newHandler(SSLEngine engine) { SslHandler handler = new SslHandler(engine, bufferPool()); if (isClient()) { handler.setIssueHandshake(true); } handler.setCloseOnSSLException(true); return handler; } }
/** * Returns {@code true} if and only if this context is for server-side. */ public final boolean isServer() { return !isClient(); }
SslContext(SslBufferPool bufferPool) { this.bufferPool = bufferPool == null? newBufferPool() : bufferPool; }
public SslHandler createHandler(SocketAddress address) throws Exception { if (!(address instanceof InetSocketAddress)) { return createHandler(); } InetSocketAddress netAddress = (InetSocketAddress) address; String host = netAddress.getHostString(); if (host == null) { return createHandler(); } return clientContext.newHandler(host, netAddress.getPort()); } }
/** * Creates a new server-side {@link SslContext}. * * @param provider the {@link SslContext} implementation to use. * {@code null} to use the current default one. * @param certChainFile an X.509 certificate chain file in PEM format * @param keyFile a PKCS#8 private key file in PEM format * @return a new server-side {@link SslContext} */ public static SslContext newServerContext( SslProvider provider, File certChainFile, File keyFile) throws SSLException { return newServerContext(provider, null, certChainFile, keyFile, null, null, null, 0, 0); }
/** * Creates a new {@link SslHandler} with advisory peer information. * * @param peerHost the non-authoritative name of the host * @param peerPort the non-authoritative port * * @return a new {@link SslHandler} */ public final SslHandler newHandler(String peerHost, int peerPort) { return newHandler(newEngine(peerHost, peerPort)); }
/** * Creates a new client-side {@link SslContext}. * * @return a new client-side {@link SslContext} */ public static SslContext newClientContext() throws SSLException { return newClientContext(null, null, null, null, null, null, 0, 0); }
/** * Creates a new server-side {@link SslContext}. * * @param certChainFile an X.509 certificate chain file in PEM format * @param keyFile a PKCS#8 private key file in PEM format * @param keyPassword the password of the {@code keyFile}. * {@code null} if it's not password-protected. * @return a new server-side {@link SslContext} */ public static SslContext newServerContext( File certChainFile, File keyFile, String keyPassword) throws SSLException { return newServerContext(null, null, certChainFile, keyFile, keyPassword, null, null, 0, 0); }
/** * Creates a new client-side {@link SslContext}. * * @param trustManagerFactory the {@link TrustManagerFactory} that provides the {@link TrustManager}s * that verifies the certificates sent from servers. * {@code null} to use the default. * * @return a new client-side {@link SslContext} */ public static SslContext newClientContext(TrustManagerFactory trustManagerFactory) throws SSLException { return newClientContext(null, null, null, trustManagerFactory, null, null, 0, 0); }
/** * Creates a new server-side {@link SslContext}. * * @param provider the {@link SslContext} implementation to use. * {@code null} to use the current default one. * @param certChainFile an X.509 certificate chain file in PEM format * @param keyFile a PKCS#8 private key file in PEM format * @param keyPassword the password of the {@code keyFile}. * {@code null} if it's not password-protected. * @return a new server-side {@link SslContext} */ public static SslContext newServerContext( SslProvider provider, File certChainFile, File keyFile, String keyPassword) throws SSLException { return newServerContext(provider, null, certChainFile, keyFile, keyPassword, null, null, 0, 0); }
/** * Creates a new client-side {@link SslContext}. * * @param certChainFile an X.509 certificate chain file in PEM format * * @return a new client-side {@link SslContext} */ public static SslContext newClientContext(File certChainFile) throws SSLException { return newClientContext(null, null, certChainFile, null, null, null, 0, 0); }
/** * Creates a new server-side {@link SslContext}. * * @param bufPool the buffer pool which will be used by the returned {@link SslContext}. * {@code null} to use the default buffer pool. * @param certChainFile an X.509 certificate chain file in PEM format * @param keyFile a PKCS#8 private key file in PEM format * @param keyPassword the password of the {@code keyFile}. * {@code null} if it's not password-protected. * @param ciphers the cipher suites to enable, in the order of preference. * {@code null} to use the default cipher suites. * @param nextProtocols the application layer protocols to accept, in the order of preference. * {@code null} to disable TLS NPN/ALPN extension. * @param sessionCacheSize the size of the cache used for storing SSL session objects. * {@code 0} to use the default value. * @param sessionTimeout the timeout for the cached SSL session objects, in seconds. * {@code 0} to use the default value. * @return a new server-side {@link SslContext} */ public static SslContext newServerContext( SslBufferPool bufPool, File certChainFile, File keyFile, String keyPassword, Iterable<String> ciphers, Iterable<String> nextProtocols, long sessionCacheSize, long sessionTimeout) throws SSLException { return newServerContext( null, bufPool, certChainFile, keyFile, keyPassword, ciphers, nextProtocols, sessionCacheSize, sessionTimeout); }
/** * Creates a new client-side {@link SslContext}. * * @param provider the {@link SslContext} implementation to use. * {@code null} to use the current default one. * @param certChainFile an X.509 certificate chain file in PEM format. * {@code null} to use the system default * * @return a new client-side {@link SslContext} */ public static SslContext newClientContext(SslProvider provider, File certChainFile) throws SSLException { return newClientContext(provider, null, certChainFile, null, null, null, 0, 0); }
protected SslHandlerFactory createSslHandlerFactory() { try { SslContext sslContext = SslContext.newServerContext( SslProvider.JDK, null, certFile, keyFile, keyPassword, ciphers, null, 0, 0); return new SslHandlerFactory() { @Override public SslHandler newHandler() { SessionAwareSslHandler handler = new SessionAwareSslHandler( sslContext.newEngine(), sslContext.bufferPool(), JavaSslServerConfiguration.this); handler.setCloseOnSSLException(true); return handler; } }; } catch (SSLException e) { throw Throwables.propagate(e); } }