Package io.netty.handler.codec.quic

Class QuicSslContextBuilder

  • public final class QuicSslContextBuilder
extends java.lang.Object
    Builder for configuring a new SslContext for creation.

    • Method Detail

      • forServer

        public static QuicSslContextBuilder forServer​(java.io.File keyFile,
                                              @Nullable
                                              @Nullable java.lang.String keyPassword,
                                              java.io.File certChainFile)
        Creates a builder for new server-side QuicSslContext that can be used for QUIC.
        Parameters:
        keyFile - a PKCS#8 private key file in PEM format
        keyPassword - the password of the keyFile, or null if it's not password-protected
        certChainFile - an X.509 certificate chain file in PEM format
        See Also:
        keyManager(File, String, File)

      • forServer

        public static QuicSslContextBuilder forServer​(java.security.PrivateKey key,
                                              @Nullable
                                              @Nullable java.lang.String keyPassword,
                                              java.security.cert.X509Certificate... certChain)
        Creates a builder for new server-side QuicSslContext that can be used for QUIC.
        Parameters:
        key - a PKCS#8 private key
        keyPassword - the password of the keyFile, or null if it's not password-protected
        certChain - the X.509 certificate chain
        See Also:
        keyManager(File, String, File)

      • forServer

        public static QuicSslContextBuilder forServer​(javax.net.ssl.KeyManagerFactory keyManagerFactory,
                                              @Nullable
                                              @Nullable java.lang.String password)
        Creates a builder for new server-side QuicSslContext that can be used for QUIC.
        Parameters:
        keyManagerFactory - non-null factory for server's private key
        See Also:
        keyManager(KeyManagerFactory, String)

      • forServer

        public static QuicSslContextBuilder forServer​(javax.net.ssl.KeyManager keyManager,
                                              @Nullable
                                              @Nullable java.lang.String keyPassword)
        Creates a builder for new server-side QuicSslContext with KeyManager that can be used for QUIC.
        Parameters:
        keyManager - non-null KeyManager for server's private key
        keyPassword - the password of the keyFile, or null if it's not password-protected

      • earlyData

        public QuicSslContextBuilder earlyData​(boolean enabled)
        Enable / disable the usage of early data.

      • keylog

        public QuicSslContextBuilder keylog​(boolean enabled)
        Enable / disable keylog. When enabled, TLS keys are logged to an internal logger named "io.netty.handler.codec.quic.BoringSSLLogginKeylog" with DEBUG level, see BoringSSLKeylog for detail, logging keys are following NSS Key Log Format. This is intended for debugging use with tools like Wireshark.

      • trustManager

        public QuicSslContextBuilder trustManager​(@Nullable
                                          @Nullable java.io.File trustCertCollectionFile)
        Trusted certificates for verifying the remote endpoint's certificate. The file should contain an X.509 certificate collection in PEM format. null uses the system default which only works with Java 8u261 and later as these versions support TLS1.3, see JDK 8u261 Update Release Notes

      • trustManager

        public QuicSslContextBuilder trustManager​(java.security.cert.X509Certificate @Nullable ... trustCertCollection)
        Trusted certificates for verifying the remote endpoint's certificate. null uses the system default which only works with Java 8u261 and later as these versions support TLS1.3, see JDK 8u261 Update Release Notes

      • trustManager

        public QuicSslContextBuilder trustManager​(@Nullable
                                          @Nullable javax.net.ssl.TrustManagerFactory trustManagerFactory)
        Trusted manager for verifying the remote endpoint's certificate. null uses the system default which only works with Java 8u261 and later as these versions support TLS1.3, see JDK 8u261 Update Release Notes

      • trustManager

        public QuicSslContextBuilder trustManager​(javax.net.ssl.TrustManager trustManager)
        A single trusted manager for verifying the remote endpoint's certificate. This is helpful when custom implementation of TrustManager is needed. Internally, a simple wrapper of TrustManagerFactory that only produces this specified TrustManager will be created, thus all the requirements specified in trustManager(TrustManagerFactory trustManagerFactory) also apply here.

      • keyManager

        public QuicSslContextBuilder keyManager​(@Nullable
                                        @Nullable java.io.File keyFile,
                                        @Nullable
                                        @Nullable java.lang.String keyPassword,
                                        @Nullable
                                        @Nullable java.io.File keyCertChainFile)
        Identifying certificate for this host. keyCertChainFile and keyFile may be null for client contexts, which disables mutual authentication.
        Parameters:
        keyFile - a PKCS#8 private key file in PEM format
        keyPassword - the password of the keyFile, or null if it's not password-protected
        keyCertChainFile - an X.509 certificate chain file in PEM format

      • keyManager

        public QuicSslContextBuilder keyManager​(@Nullable
                                        @Nullable java.security.PrivateKey key,
                                        @Nullable
                                        @Nullable java.lang.String keyPassword,
                                        java.security.cert.X509Certificate @Nullable ... certChain)
        Identifying certificate for this host. keyCertChain and key may be null for client contexts, which disables mutual authentication.
        Parameters:
        key - a PKCS#8 private key file
        keyPassword - the password of the key, or null if it's not password-protected
        certChain - an X.509 certificate chain

      • keyManager

        public QuicSslContextBuilder keyManager​(@Nullable
                                        @Nullable javax.net.ssl.KeyManagerFactory keyManagerFactory,
                                        @Nullable
                                        @Nullable java.lang.String keyPassword)
        Identifying manager for this host. keyManagerFactory may be null for client contexts, which disables mutual authentication.

      • keyManager

        public QuicSslContextBuilder keyManager​(javax.net.ssl.KeyManager keyManager,
                                        @Nullable
                                        @Nullable java.lang.String password)
        A single key manager managing the identity information of this host. This is helpful when custom implementation of KeyManager is needed. Internally, a wrapper of KeyManagerFactory that only produces this specified KeyManager will be created, thus all the requirements specified in keyManager(KeyManagerFactory, String) also apply here.

      • applicationProtocols

        public QuicSslContextBuilder applicationProtocols​(java.lang.String @Nullable ... applicationProtocols)
        Application protocol negotiation configuration. null disables support.

      • sessionCacheSize

        public QuicSslContextBuilder sessionCacheSize​(long sessionCacheSize)
        Set the size of the cache used for storing SSL session objects. 0 to use the default value.

      • sessionTimeout

        public QuicSslContextBuilder sessionTimeout​(long sessionTimeout)
        Set the timeout for the cached SSL session objects, in seconds. 0 to use the default value.