Package io.micronaut.http.netty

Class NettySslContextBuilder

java.lang.Object
io.micronaut.http.netty.NettySslContextBuilder
public class NettySslContextBuilder extends Object
Builder for Netty SslContext (TCP/HTTP/1.1 and HTTP/2) and QuicSslContext (HTTP/3). Consumes KeyStore and trust store material and applies Micronaut SSL configuration such as ciphers, protocols, ALPN, client authentication, and provider selection (JDK vs OpenSSL).
Since:
4.10.0
Author:
Jonas Konrad

  • Constructor Details

    • NettySslContextBuilder

      public NettySslContextBuilder(boolean server)
      Create a builder for client or server mode.
      Parameters:
      server - whether to build server-side contexts (true) or client-side (false)

  • Method Details

    • openssl

      public final @NonNull NettySslContextBuilder openssl(boolean openssl)
      Select the underlying SSL provider.
      Parameters:
      openssl - true to prefer OpenSSL (via Netty), false for JDK provider
      Returns:
      this builder

    • openssl

      protected final boolean openssl()
      Whether OpenSSL has been requested.
      Returns:
      true if OpenSSL should be used

    • keyStore

      protected final @Nullable KeyStore keyStore()
      Current key store set on this builder.
      Returns:
      the key store or null

    • keyStore

      public final @NonNull NettySslContextBuilder keyStore(@Nullable KeyStore keyStore)
      Set the key store containing the private key and certificate chain (if any).
      Parameters:
      keyStore - the key store or null
      Returns:
      this builder

    • keyPassword

      protected final @Nullable String keyPassword()
      Key password currently configured.
      Returns:
      the password or null

    • keyPassword

      public final @NonNull NettySslContextBuilder keyPassword(@Nullable String keyPassword)
      Set the password used to unlock the private key in the key store (if required).
      Parameters:
      keyPassword - the password or null
      Returns:
      this builder

    • trustStore

      protected final @Nullable KeyStore trustStore()
      Current trust store set on this builder.
      Returns:
      the trust store or null

    • trustStore

      public final @NonNull NettySslContextBuilder trustStore(@Nullable KeyStore trustStore)
      Set the trust store containing trusted certificates.
      Parameters:
      trustStore - the trust store or null
      Returns:
      this builder

    • trustAll

      protected final boolean trustAll()
      Whether to trust all certificates instead of relying on the trust store.
      Returns:
      true to trust all certificates

    • trustAll

      public final @NonNull NettySslContextBuilder trustAll(boolean trustAll)
      Whether to trust all certificates instead of relying on the trust store. This is insecure, so handle with care.
      Parameters:
      trustAll - true to trust all certificates
      Returns:
      this builder

    • protocols

      protected final @Nullable List<String> protocols()
      Enabled TLS protocols configured on this builder.
      Returns:
      list of protocol names or null for defaults

    • protocols

      public final @NonNull NettySslContextBuilder protocols(@Nullable List<String> protocols)
      Set enabled TLS protocol names (e.g. TLSv1.3).
      Parameters:
      protocols - list of protocol names or null to use defaults
      Returns:
      this builder

    • ciphers

      protected final @Nullable List<String> ciphers()
      Cipher suites configured on this builder.
      Returns:
      list of ciphers or null for defaults

    • ciphers

      public final @NonNull NettySslContextBuilder ciphers(@Nullable List<String> ciphers, boolean ignoreUnsupportedCiphers)
      Set cipher suites.
      Parameters:
      ciphers - list of cipher names or null to use defaults
      ignoreUnsupportedCiphers - whether to ignore unsupported ciphers (true) or fail (false)
      Returns:
      this builder

    • alpnProtocols

      protected final @Nullable List<String> alpnProtocols()
      ALPN protocol names configured on this builder.
      Returns:
      list of protocol names or null

    • alpnProtocols

      public final @NonNull NettySslContextBuilder alpnProtocols(@Nullable List<String> alpnProtocols)
      Set ALPN protocol names in preference order.
      Parameters:
      alpnProtocols - ALPN protocols (e.g. h2, http/1.1) or null
      Returns:
      this builder

    • http2

      public final @NonNull NettySslContextBuilder http2()
      Convenience to enable HTTP/2 defaults (recommended ciphers and ALPN protocols).
      Returns:
      this builder

    • clientAuthentication

      protected final @Nullable ClientAuthentication clientAuthentication()
      Client authentication policy currently configured.
      Returns:
      ClientAuthentication or null

    • clientAuthentication

      public final @NonNull NettySslContextBuilder clientAuthentication(@Nullable ClientAuthentication clientAuthentication)
      Set client authentication policy for mutual TLS.
      Parameters:
      clientAuthentication - NEED, WANT, or null for none
      Returns:
      this builder

    • createTrustManagerFactory

      protected @NonNull TrustManagerFactory createTrustManagerFactory() throws Exception
      Create and initialize a TrustManagerFactory from the configured trust store.
      Returns:
      initialized trust manager factory
      Throws:
      Exception

    • createKeyManagerFactory

      protected @NonNull KeyManagerFactory createKeyManagerFactory() throws Exception
      Create and initialize a KeyManagerFactory from the configured key store.
      Returns:
      initialized key manager factory
      Throws:
      Exception

    • buildTcp

      public @NonNull io.netty.handler.ssl.SslContext buildTcp() throws Exception
      Build a Netty SslContext for TCP-based protocols (HTTP/1.1, HTTP/2).
      Returns:
      the built SSL context
      Throws:
      Exception

    • buildHttp3

      public @NonNull io.netty.handler.codec.quic.QuicSslContext buildHttp3() throws Exception
      Build a Netty QuicSslContext for HTTP/3 over QUIC.
      Returns:
      the built QUIC SSL context
      Throws:
      Exception