Package io.micronaut.http.netty
Class SslContextAutoLoader
java.lang.Object
io.micronaut.http.netty.SslContextAutoLoader
Automatically loads and refreshes Netty SSL contexts from configured
CertificateProviders.
Subclasses supply the configuration, transport (TCP vs QUIC), and builder factory. This class
subscribes to keystore/truststore publishers and swaps the active SslContextHolder
when updates arrive, taking care of Netty reference counting.- Since:
- 4.10.0
- Author:
- Jonas Konrad
-
Constructor Summary
ConstructorsModifierConstructorDescriptionprotectedSslContextAutoLoader(org.slf4j.Logger log) Create a new auto-loader. -
Method Summary
Modifier and TypeMethodDescriptionfinal voidautoLoad()Start auto-loading using names fromSslConfiguration(SslConfiguration.getKeyName()andSslConfiguration.getTrustName()).final voidStart auto-loading using the given provider names.protected abstract @NonNull NettySslContextBuilderbuilder()Create a newNettySslContextBuilderin server or client mode depending on the subclass.protected abstract @NonNull BeanProvider<CertificateProvider>Access to namedCertificateProviderbeans used to resolve key/trust material.final voidclear()Stop watching for updates and release the current SSL context holder.protected abstract @NonNull SslContextHolderCreate the legacy SSL context holder when no certificate providers are configured.protected abstract booleanquic()Whether the target transport is QUIC/HTTP3 (true) or TCP (false).protected abstract @NonNull SslConfigurationThe SSL configuration used to derive defaults like protocols, ciphers and client auth.final @Nullable SslContextHolderObtain the current SSL context holder and retain the underlying Netty contexts.
-
Constructor Details
-
SslContextAutoLoader
protected SslContextAutoLoader(org.slf4j.Logger log) Create a new auto-loader.- Parameters:
log- logger used to report initialization failures
-
-
Method Details
-
takeRetained
Obtain the current SSL context holder and retain the underlying Netty contexts.- Returns:
- the retained holder, or
nullif no context is currently available
-
clear
public final void clear()Stop watching for updates and release the current SSL context holder. Safe to call multiple times. -
certificateProviders
Access to namedCertificateProviderbeans used to resolve key/trust material.- Returns:
- a provider of
CertificateProviderbeans
-
sslConfiguration
The SSL configuration used to derive defaults like protocols, ciphers and client auth.- Returns:
- the SSL configuration
-
quic
protected abstract boolean quic()Whether the target transport is QUIC/HTTP3 (true) or TCP (false).- Returns:
truefor QUIC,falsefor TCP
-
createLegacy
Create the legacy SSL context holder when no certificate providers are configured. Implementations should read from legacy configuration and build fixed contexts.- Returns:
- a holder for legacy contexts
-
autoLoad
public final void autoLoad()Start auto-loading using names fromSslConfiguration(SslConfiguration.getKeyName()andSslConfiguration.getTrustName()). -
autoLoad
public final void autoLoad(@Nullable @Nullable String keyName, @Nullable @Nullable String trustName) Start auto-loading using the given provider names.- Parameters:
keyName- optional name of theCertificateProviderfor the key storetrustName- optional name of theCertificateProviderfor the trust store
-
builder
Create a newNettySslContextBuilderin server or client mode depending on the subclass.- Returns:
- the builder to construct Netty SSL contexts
-