Package io.micronaut.http.netty

Class NettySslContextBuilder

java.lang.Object

io.micronaut.http.netty.NettySslContextBuilder

public class NettySslContextBuilder
extends Object

Builder for Netty SslContext (TCP/HTTP/1.1 and HTTP/2) and QuicSslContext (HTTP/3). Consumes KeyStore and trust store material and applies Micronaut SSL configuration such as ciphers, protocols, ALPN, client authentication, and provider selection (JDK vs OpenSSL).

Since:

4.10.0

Author:

Jonas Konrad

Constructor Summary

Constructors

Constructor	Description
NettySslContextBuilder(boolean server)	Create a builder for client or server mode.

Method Summary

Modifier and Type	Method	Description
protected final @Nullable List<String>	alpnProtocols()	ALPN protocol names configured on this builder.
final @NonNull NettySslContextBuilder	alpnProtocols(@Nullable List<String> alpnProtocols)	Set ALPN protocol names in preference order.
@NonNull io.netty.handler.codec.quic.QuicSslContext	buildHttp3()	Build a Netty QuicSslContext for HTTP/3 over QUIC.
@NonNull io.netty.handler.ssl.SslContext	buildTcp()	Build a Netty SslContext for TCP-based protocols (HTTP/1.1, HTTP/2).
protected final @Nullable List<String>	ciphers()	Cipher suites configured on this builder.
final @NonNull NettySslContextBuilder	ciphers(@Nullable List<String> ciphers, boolean ignoreUnsupportedCiphers)	Set cipher suites.
protected final @Nullable ClientAuthentication	clientAuthentication()	Client authentication policy currently configured.
final @NonNull NettySslContextBuilder	clientAuthentication(@Nullable ClientAuthentication clientAuthentication)	Set client authentication policy for mutual TLS.
protected @NonNull KeyManagerFactory	createKeyManagerFactory()	Create and initialize a KeyManagerFactory from the configured key store.
protected @NonNull TrustManagerFactory	createTrustManagerFactory()	Create and initialize a TrustManagerFactory from the configured trust store.
final @NonNull NettySslContextBuilder	http2()	Convenience to enable HTTP/2 defaults (recommended ciphers and ALPN protocols).
protected final @Nullable String	keyPassword()	Key password currently configured.
final @NonNull NettySslContextBuilder	keyPassword(@Nullable String keyPassword)	Set the password used to unlock the private key in the key store (if required).
protected final @Nullable KeyStore	keyStore()	Current key store set on this builder.
final @NonNull NettySslContextBuilder	keyStore(@Nullable KeyStore keyStore)	Set the key store containing the private key and certificate chain (if any).
protected final boolean	openssl()	Whether OpenSSL has been requested.
final @NonNull NettySslContextBuilder	openssl(boolean openssl)	Select the underlying SSL provider.
protected final @Nullable List<String>	protocols()	Enabled TLS protocols configured on this builder.
final @NonNull NettySslContextBuilder	protocols(@Nullable List<String> protocols)	Set enabled TLS protocol names (e.g.
protected final boolean	trustAll()	Whether to trust all certificates instead of relying on the trust store.
final @NonNull NettySslContextBuilder	trustAll(boolean trustAll)	Whether to trust all certificates instead of relying on the trust store.
protected final @Nullable KeyStore	trustStore()	Current trust store set on this builder.
final @NonNull NettySslContextBuilder	trustStore(@Nullable KeyStore trustStore)	Set the trust store containing trusted certificates.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

NettySslContextBuilder

public NettySslContextBuilder(boolean server)

Create a builder for client or server mode.

Parameters:

server - whether to build server-side contexts (true) or client-side (false)

Method Details

openssl

@NonNull
public final @NonNull NettySslContextBuilder openssl(boolean openssl)

Select the underlying SSL provider.

Parameters:

openssl - true to prefer OpenSSL (via Netty), false for JDK provider

Returns:

this builder

openssl

protected final boolean openssl()

Whether OpenSSL has been requested.

Returns:

true if OpenSSL should be used

keyStore

@Nullable
protected final @Nullable KeyStore keyStore()

Current key store set on this builder.

Returns:

the key store or null

keyStore

@NonNull
public final @NonNull NettySslContextBuilder keyStore(@Nullable
 @Nullable KeyStore keyStore)

Set the key store containing the private key and certificate chain (if any).

Parameters:

keyStore - the key store or null

Returns:

this builder

keyPassword

@Nullable
protected final @Nullable String keyPassword()

Key password currently configured.

Returns:

the password or null

keyPassword

@NonNull
public final @NonNull NettySslContextBuilder keyPassword(@Nullable
 @Nullable String keyPassword)

Set the password used to unlock the private key in the key store (if required).

Parameters:

keyPassword - the password or null

Returns:

this builder

trustStore

@Nullable
protected final @Nullable KeyStore trustStore()

Current trust store set on this builder.

Returns:

the trust store or null

trustStore

@NonNull
public final @NonNull NettySslContextBuilder trustStore(@Nullable
 @Nullable KeyStore trustStore)

Set the trust store containing trusted certificates.

Parameters:

trustStore - the trust store or null

Returns:

this builder

trustAll

protected final boolean trustAll()

Whether to trust all certificates instead of relying on the trust store.

Returns:

true to trust all certificates

trustAll

@NonNull
public final @NonNull NettySslContextBuilder trustAll(boolean trustAll)

Whether to trust all certificates instead of relying on the trust store. This is insecure, so handle with care.

Parameters:

trustAll - true to trust all certificates

Returns:

this builder

protocols

@Nullable
protected final @Nullable List<String> protocols()

Enabled TLS protocols configured on this builder.

Returns:

list of protocol names or null for defaults

protocols

@NonNull
public final @NonNull NettySslContextBuilder protocols(@Nullable
 @Nullable List<String> protocols)

Set enabled TLS protocol names (e.g. TLSv1.3).

Parameters:

protocols - list of protocol names or null to use defaults

Returns:

this builder

ciphers

@Nullable
protected final @Nullable List<String> ciphers()

Cipher suites configured on this builder.

Returns:

list of ciphers or null for defaults

ciphers

@NonNull
public final @NonNull NettySslContextBuilder ciphers(@Nullable
 @Nullable List<String> ciphers,
 boolean ignoreUnsupportedCiphers)

Set cipher suites.

Parameters:

ciphers - list of cipher names or null to use defaults

ignoreUnsupportedCiphers - whether to ignore unsupported ciphers (true) or fail (false)

Returns:

this builder

alpnProtocols

@Nullable
protected final @Nullable List<String> alpnProtocols()

ALPN protocol names configured on this builder.

Returns:

list of protocol names or null

alpnProtocols

@NonNull
public final @NonNull NettySslContextBuilder alpnProtocols(@Nullable
 @Nullable List<String> alpnProtocols)

Set ALPN protocol names in preference order.

Parameters:

alpnProtocols - ALPN protocols (e.g. h2, http/1.1) or null

Returns:

this builder

http2

@NonNull
public final @NonNull NettySslContextBuilder http2()

Convenience to enable HTTP/2 defaults (recommended ciphers and ALPN protocols).

Returns:

this builder

clientAuthentication

@Nullable
protected final @Nullable ClientAuthentication clientAuthentication()

Client authentication policy currently configured.

Returns:

ClientAuthentication or null

clientAuthentication

@NonNull
public final @NonNull NettySslContextBuilder clientAuthentication(@Nullable
 @Nullable ClientAuthentication clientAuthentication)

Set client authentication policy for mutual TLS.

Parameters:

clientAuthentication - NEED, WANT, or null for none

Returns:

this builder

createTrustManagerFactory

@NonNull
protected @NonNull TrustManagerFactory createTrustManagerFactory()
                                                          throws Exception

Create and initialize a TrustManagerFactory from the configured trust store.

Returns:

initialized trust manager factory

Throws:

Exception

createKeyManagerFactory

@NonNull
protected @NonNull KeyManagerFactory createKeyManagerFactory()
                                                      throws Exception

Create and initialize a KeyManagerFactory from the configured key store.

Returns:

initialized key manager factory

Throws:

Exception

buildTcp

@NonNull
public @NonNull io.netty.handler.ssl.SslContext buildTcp()
                                                  throws Exception

Build a Netty SslContext for TCP-based protocols (HTTP/1.1, HTTP/2).

Returns:

the built SSL context

Throws:

Exception

buildHttp3

@NonNull
public @NonNull io.netty.handler.codec.quic.QuicSslContext buildHttp3()
                                                               throws Exception

Build a Netty QuicSslContext for HTTP/3 over QUIC.

Returns:

the built QUIC SSL context

Throws:

Exception