public final class SSLContextBuilder extends Object
CipherSuiteSelector.openSslDefault()
ProtocolSelector.DEFAULT_SELECTOR
false
Security::getProviders
Constructor and Description |
---|
SSLContextBuilder() |
Modifier and Type | Method and Description |
---|---|
SecurityFactory<SSLContext> |
build()
Build a security factory for the new context.
|
SSLContextBuilder |
setAuthenticationOptional(boolean authenticationOptional)
Where a SecurityDomain is associated with this Builder if the client presents a certificate an attempt will be made to
obtain a SecurityIdentity by using the certificate for authentication, setting this flag to
true allows for a
failed authentication to be silently ignored. |
SSLContextBuilder |
setCipherSuiteSelector(CipherSuiteSelector cipherSuiteSelector)
Set the cipher suite selector to use for this context.
|
SSLContextBuilder |
setClientMode(boolean clientMode)
Set the client mode of the target SSL context.
|
SSLContextBuilder |
setKeyManager(X509ExtendedKeyManager keyManager)
Set the key manager which should be used to hold identities for this context.
|
SSLContextBuilder |
setKeyManagerSecurityFactory(SecurityFactory<X509ExtendedKeyManager> keyManagerSecurityFactory)
Set the factory for the key manager which should be used to hold identities for this context.
|
SSLContextBuilder |
setMechanismConfigurationSelector(MechanismConfigurationSelector mechanismConfigurationSelector)
Set selector of mechanism configuration for
ServerAuthenticationContext , which will be used for SSL client authentication. |
SSLContextBuilder |
setNeedClientAuth(boolean needClientAuth)
Force the SSLContext created by this builder to need client authentication.
|
SSLContextBuilder |
setProtocolSelector(ProtocolSelector protocolSelector)
Set the protocol selector to use for this context.
|
SSLContextBuilder |
setProviderName(String name)
Set the provider name.
|
SSLContextBuilder |
setProviderSupplier(Supplier<Provider[]> providerSupplier)
Set the provider supplier.
|
SSLContextBuilder |
setSecurityDomain(SecurityDomain securityDomain)
Set the security domain to use to authenticate clients.
|
SSLContextBuilder |
setSessionCacheSize(int sessionCacheSize)
Sets the size of the cache used for storing SSLSession objects.
|
SSLContextBuilder |
setSessionTimeout(int sessionTimeout)
Sets the timeout limit for SSLSession objects.
|
SSLContextBuilder |
setTrustManager(X509TrustManager trustManager)
Set the trust manager which should be used to hold identities for this context.
|
SSLContextBuilder |
setTrustManagerSecurityFactory(SecurityFactory<X509TrustManager> trustManagerSecurityFactory)
Set the factory for the trust manager which should be used for the initial trust decisions during connection.
|
SSLContextBuilder |
setUseCipherSuitesOrder(boolean useCipherSuitesOrder)
Sets whether the local cipher suites preference should be honored.
|
SSLContextBuilder |
setWantClientAuth(boolean wantClientAuth)
Force the SSLContext created by this builder to want client authentication.
|
SSLContextBuilder |
setWrap(boolean wrap)
Set if the configured SSL engine and sockets created using the SSL context should be wrapped to prevent modification to the configuration.
|
public SSLContextBuilder setSecurityDomain(SecurityDomain securityDomain)
securityDomain
- the security domain to use to authenticate clients, or null
to disable client
certificate authenticationpublic SSLContextBuilder setCipherSuiteSelector(CipherSuiteSelector cipherSuiteSelector)
cipherSuiteSelector
- the cipher suite selector (not null
)public SSLContextBuilder setProtocolSelector(ProtocolSelector protocolSelector)
protocolSelector
- the protocol selector to use for this context (not null
)public SSLContextBuilder setUseCipherSuitesOrder(boolean useCipherSuitesOrder)
useCipherSuitesOrder
- whether the local cipher suites preference should be honored.public SSLContextBuilder setWantClientAuth(boolean wantClientAuth)
wantClientAuth
- should the SSLContext be forced to want client authentication.public SSLContextBuilder setNeedClientAuth(boolean needClientAuth)
needClientAuth
- should the SSLContext be forced to need client authentication.public SSLContextBuilder setAuthenticationOptional(boolean authenticationOptional)
true
allows for a
failed authentication to be silently ignored.
This setting does not bypass any certificate checking performed by the underlying TrustManager so failure there will still cause the connection attempt to be aborted.
The reason this setting would be used would be to enable a fallback to another authentication mechanism after the connection is established.
Note: Where this is no security domain associated there is no authentication step so this value will be ignored.authenticationOptional
- should the authentication step be allowed to silently fail.public SSLContextBuilder setSessionCacheSize(int sessionCacheSize)
sessionCacheSize
- the size of the cache used for storing SSLSession objects.SSLContextBuilder
to allow chaining of method calls.public SSLContextBuilder setSessionTimeout(int sessionTimeout)
sessionTimeout
- the timeout limit for SSLSession objects.SSLContextBuilder
to allow chaining of method calls.public SSLContextBuilder setKeyManagerSecurityFactory(SecurityFactory<X509ExtendedKeyManager> keyManagerSecurityFactory)
keyManagerSecurityFactory
- the security factory which produces the key manager (not null
)public SSLContextBuilder setKeyManager(X509ExtendedKeyManager keyManager)
keyManager
- the security factory which produces the key manager (not null
)public SSLContextBuilder setTrustManagerSecurityFactory(SecurityFactory<X509TrustManager> trustManagerSecurityFactory)
trustManagerSecurityFactory
- the factory for the trust manager which should be used for the initial trust decisions during connection (not null
).public SSLContextBuilder setTrustManager(X509TrustManager trustManager)
trustManager
- the trust manager which should be used to hold identities for this context (not null
).public SSLContextBuilder setProviderSupplier(Supplier<Provider[]> providerSupplier)
providerSupplier
- the provider supplier (not null
)public SSLContextBuilder setProviderName(String name)
name
- the provider name (if null
and provider is allowed)public SSLContextBuilder setClientMode(boolean clientMode)
clientMode
- true
to use client mode, false
otherwisepublic SSLContextBuilder setWrap(boolean wrap)
true
.wrap
- should the engine or socket created by the SSL context be wrapped to prevent modification to the configuration.public SSLContextBuilder setMechanismConfigurationSelector(MechanismConfigurationSelector mechanismConfigurationSelector)
ServerAuthenticationContext
, which will be used for SSL client authentication.mechanismConfigurationSelector
- mechanism configuration selector to be used by ServerAuthenticationContext
in SSL authentication.public SecurityFactory<SSLContext> build()
Copyright © 2017 JBoss by Red Hat. All rights reserved.