Package io.micronaut.http.netty
Class NettySslContextBuilder
java.lang.Object
io.micronaut.http.netty.NettySslContextBuilder
Builder for Netty
SslContext
(TCP/HTTP/1.1 and HTTP/2) and QuicSslContext
(HTTP/3).
Consumes KeyStore
and trust store material and applies Micronaut SSL configuration
such as ciphers, protocols, ALPN, client authentication, and provider selection (JDK vs OpenSSL).- Since:
- 4.10.0
- Author:
- Jonas Konrad
-
Constructor Summary
ConstructorsConstructorDescriptionNettySslContextBuilder
(boolean server) Create a builder for client or server mode. -
Method Summary
Modifier and TypeMethodDescriptionALPN protocol names configured on this builder.alpnProtocols
(@Nullable List<String> alpnProtocols) Set ALPN protocol names in preference order.@NonNull io.netty.handler.codec.quic.QuicSslContext
Build a NettyQuicSslContext
for HTTP/3 over QUIC.@NonNull io.netty.handler.ssl.SslContext
buildTcp()
Build a NettySslContext
for TCP-based protocols (HTTP/1.1, HTTP/2).ciphers()
Cipher suites configured on this builder.Set cipher suites.protected final @Nullable ClientAuthentication
Client authentication policy currently configured.clientAuthentication
(@Nullable ClientAuthentication clientAuthentication) Set client authentication policy for mutual TLS.protected @NonNull KeyManagerFactory
Create and initialize aKeyManagerFactory
from the configured key store.protected @NonNull TrustManagerFactory
Create and initialize aTrustManagerFactory
from the configured trust store.http2()
Convenience to enable HTTP/2 defaults (recommended ciphers and ALPN protocols).Key password currently configured.keyPassword
(@Nullable String keyPassword) Set the password used to unlock the private key in the key store (if required).keyStore()
Current key store set on this builder.Set the key store containing the private key and certificate chain (if any).protected final boolean
openssl()
Whether OpenSSL has been requested.openssl
(boolean openssl) Select the underlying SSL provider.Enabled TLS protocols configured on this builder.Set enabled TLS protocol names (e.g.protected final boolean
trustAll()
Whether to trust all certificates instead of relying on the trust store.trustAll
(boolean trustAll) Whether to trust all certificates instead of relying on the trust store.Current trust store set on this builder.trustStore
(@Nullable KeyStore trustStore) Set the trust store containing trusted certificates.
-
Constructor Details
-
NettySslContextBuilder
public NettySslContextBuilder(boolean server) Create a builder for client or server mode.- Parameters:
server
- whether to build server-side contexts (true) or client-side (false)
-
-
Method Details
-
openssl
Select the underlying SSL provider.- Parameters:
openssl
- true to prefer OpenSSL (via Netty), false for JDK provider- Returns:
- this builder
-
openssl
protected final boolean openssl()Whether OpenSSL has been requested.- Returns:
- true if OpenSSL should be used
-
keyStore
Current key store set on this builder.- Returns:
- the key store or
null
-
keyStore
@NonNull public final @NonNull NettySslContextBuilder keyStore(@Nullable @Nullable KeyStore keyStore) Set the key store containing the private key and certificate chain (if any).- Parameters:
keyStore
- the key store ornull
- Returns:
- this builder
-
keyPassword
Key password currently configured.- Returns:
- the password or
null
-
keyPassword
@NonNull public final @NonNull NettySslContextBuilder keyPassword(@Nullable @Nullable String keyPassword) Set the password used to unlock the private key in the key store (if required).- Parameters:
keyPassword
- the password ornull
- Returns:
- this builder
-
trustStore
Current trust store set on this builder.- Returns:
- the trust store or
null
-
trustStore
@NonNull public final @NonNull NettySslContextBuilder trustStore(@Nullable @Nullable KeyStore trustStore) Set the trust store containing trusted certificates.- Parameters:
trustStore
- the trust store ornull
- Returns:
- this builder
-
trustAll
protected final boolean trustAll()Whether to trust all certificates instead of relying on the trust store.- Returns:
true
to trust all certificates
-
trustAll
Whether to trust all certificates instead of relying on the trust store. This is insecure, so handle with care.- Parameters:
trustAll
-true
to trust all certificates- Returns:
- this builder
-
protocols
Enabled TLS protocols configured on this builder.- Returns:
- list of protocol names or
null
for defaults
-
protocols
@NonNull public final @NonNull NettySslContextBuilder protocols(@Nullable @Nullable List<String> protocols) Set enabled TLS protocol names (e.g. TLSv1.3).- Parameters:
protocols
- list of protocol names ornull
to use defaults- Returns:
- this builder
-
ciphers
Cipher suites configured on this builder.- Returns:
- list of ciphers or
null
for defaults
-
ciphers
@NonNull public final @NonNull NettySslContextBuilder ciphers(@Nullable @Nullable List<String> ciphers, boolean ignoreUnsupportedCiphers) Set cipher suites.- Parameters:
ciphers
- list of cipher names ornull
to use defaultsignoreUnsupportedCiphers
- whether to ignore unsupported ciphers (true) or fail (false)- Returns:
- this builder
-
alpnProtocols
ALPN protocol names configured on this builder.- Returns:
- list of protocol names or
null
-
alpnProtocols
@NonNull public final @NonNull NettySslContextBuilder alpnProtocols(@Nullable @Nullable List<String> alpnProtocols) Set ALPN protocol names in preference order.- Parameters:
alpnProtocols
- ALPN protocols (e.g. h2, http/1.1) ornull
- Returns:
- this builder
-
http2
Convenience to enable HTTP/2 defaults (recommended ciphers and ALPN protocols).- Returns:
- this builder
-
clientAuthentication
Client authentication policy currently configured.- Returns:
ClientAuthentication
ornull
-
clientAuthentication
@NonNull public final @NonNull NettySslContextBuilder clientAuthentication(@Nullable @Nullable ClientAuthentication clientAuthentication) Set client authentication policy for mutual TLS.- Parameters:
clientAuthentication
- NEED, WANT, ornull
for none- Returns:
- this builder
-
createTrustManagerFactory
Create and initialize aTrustManagerFactory
from the configured trust store.- Returns:
- initialized trust manager factory
- Throws:
Exception
-
createKeyManagerFactory
Create and initialize aKeyManagerFactory
from the configured key store.- Returns:
- initialized key manager factory
- Throws:
Exception
-
buildTcp
Build a NettySslContext
for TCP-based protocols (HTTP/1.1, HTTP/2).- Returns:
- the built SSL context
- Throws:
Exception
-
buildHttp3
Build a NettyQuicSslContext
for HTTP/3 over QUIC.- Returns:
- the built QUIC SSL context
- Throws:
Exception
-