Package io.netty.handler.codec.quic

Class QuicSslContextBuilder

  • public final class QuicSslContextBuilder
extends Object
    Builder for configuring a new SslContext for creation.

    • Method Detail

      • forServer

        public static QuicSslContextBuilder forServer​(File keyFile,
                                              @Nullable
                                              @Nullable String keyPassword,
                                              File certChainFile)
        Creates a builder for new server-side QuicSslContext that can be used for QUIC.
        Parameters:
        keyFile - a PKCS#8 private key file in PEM format
        keyPassword - the password of the keyFile, or null if it's not password-protected
        certChainFile - an X.509 certificate chain file in PEM format
        See Also:
        keyManager(File, String, File)

      • forServer

        public static QuicSslContextBuilder forServer​(KeyManager keyManager,
                                              @Nullable
                                              @Nullable String keyPassword)
        Creates a builder for new server-side QuicSslContext with KeyManager that can be used for QUIC.
        Parameters:
        keyManager - non-null KeyManager for server's private key
        keyPassword - the password of the keyFile, or null if it's not password-protected

      • buildForServerWithSni

        public static QuicSslContext buildForServerWithSni​(io.netty.util.Mapping<? super String,​? extends QuicSslContext> mapping)
        Enables support for SNI on the server side.
        Parameters:
        mapping - the Mapping that is used to map names to the QuicSslContext to use. Usually using DomainWildcardMappingBuilder should be used to create the Mapping.

      • option

        public <T> QuicSslContextBuilder option​(io.netty.handler.ssl.SslContextOption<T> option,
                                        T value)
        Configure a SslContextOption.

      • earlyData

        public QuicSslContextBuilder earlyData​(boolean enabled)
        Enable / disable the usage of early data.

      • keylog

        public QuicSslContextBuilder keylog​(boolean enabled)
        Enable / disable keylog. When enabled, TLS keys are logged to an internal logger named "io.netty.handler.codec.quic.BoringSSLLogginKeylog" with DEBUG level, see BoringSSLKeylog for detail, logging keys are following NSS Key Log Format. This is intended for debugging use with tools like Wireshark.

      • trustManager

        public QuicSslContextBuilder trustManager​(@Nullable
                                          @Nullable File trustCertCollectionFile)
        Trusted certificates for verifying the remote endpoint's certificate. The file should contain an X.509 certificate collection in PEM format. null uses the system default which only works with Java 8u261 and later as these versions support TLS1.3, see JDK 8u261 Update Release Notes

      • keyManager

        public QuicSslContextBuilder keyManager​(@Nullable
                                        @Nullable File keyFile,
                                        @Nullable
                                        @Nullable String keyPassword,
                                        @Nullable
                                        @Nullable File keyCertChainFile)
        Identifying certificate for this host. keyCertChainFile and keyFile may be null for client contexts, which disables mutual authentication.
        Parameters:
        keyFile - a PKCS#8 private key file in PEM format
        keyPassword - the password of the keyFile, or null if it's not password-protected
        keyCertChainFile - an X.509 certificate chain file in PEM format

      • keyManager

        public QuicSslContextBuilder keyManager​(@Nullable
                                        @Nullable PrivateKey key,
                                        @Nullable
                                        @Nullable String keyPassword,
                                        X509Certificate @Nullable ... certChain)
        Identifying certificate for this host. keyCertChain and key may be null for client contexts, which disables mutual authentication.
        Parameters:
        key - a PKCS#8 private key file
        keyPassword - the password of the key, or null if it's not password-protected
        certChain - an X.509 certificate chain

      • keyManager

        public QuicSslContextBuilder keyManager​(@Nullable
                                        @Nullable KeyManagerFactory keyManagerFactory,
                                        @Nullable
                                        @Nullable String keyPassword)
        Identifying manager for this host. keyManagerFactory may be null for client contexts, which disables mutual authentication.

      • applicationProtocols

        public QuicSslContextBuilder applicationProtocols​(String @Nullable ... applicationProtocols)
        Application protocol negotiation configuration. null disables support.

      • sessionCacheSize

        public QuicSslContextBuilder sessionCacheSize​(long sessionCacheSize)
        Set the size of the cache used for storing SSL session objects. 0 to use the default value.

      • sessionTimeout

        public QuicSslContextBuilder sessionTimeout​(long sessionTimeout)
        Set the timeout for the cached SSL session objects, in seconds. 0 to use the default value.

      • clientAuth

        public QuicSslContextBuilder clientAuth​(io.netty.handler.ssl.ClientAuth clientAuth)
        Sets the client authentication mode.