io.lettuce.core

Class SslOptions.Builder

java.lang.Object

io.lettuce.core.SslOptions.Builder

Enclosing class:

SslOptions

public static class SslOptions.Builder
extends Object

Builder for SslOptions.

Method Summary

Modifier and Type	Method and Description
SslOptions	build() Create a new instance of SslOptions
SslOptions.Builder	cipherSuites(String... cipherSuites) Sets the cipher suites to use.
SslOptions.Builder	handshakeTimeout(Duration timeout) Sets a timeout for the SSL handshake.
SslOptions.Builder	jdkSslProvider() Use the JDK SSL provider for SSL connections.
SslOptions.Builder	keyManager(File keyCertChainFile, File keyFile, char[] keyPassword) Sets the key file and its certificate to use for client authentication.
SslOptions.Builder	keyManager(KeyManagerFactory keyManagerFactory) Sets the KeyManagerFactory.
SslOptions.Builder	keyManager(SslOptions.Resource keyCertChain, SslOptions.Resource key, char[] keyPassword) Sets the key and its certificate to use for client authentication.
SslOptions.Builder	keystore(File keystore) Sets the Keystore file to load client certificates.
SslOptions.Builder	keystore(File keystore, char[] keystorePassword) Sets the Keystore file to load client certificates.
SslOptions.Builder	keystore(SslOptions.Resource resource, char[] keystorePassword) Sets the Java Keystore resource to load client certificates.
SslOptions.Builder	keystore(URL keystore) Sets the Keystore resource to load client certificates.
SslOptions.Builder	keystore(URL keystore, char[] keystorePassword) Sets the Keystore resource to load client certificates.
SslOptions.Builder	keyStoreType(String keyStoreType) Sets the KeyStore type.
SslOptions.Builder	openSslProvider() Use the OpenSSL provider for SSL connections.
SslOptions.Builder	protocols(String... protocols) Sets the protocol used for the connection established to Redis Server, such as TLSv1.2, TLSv1.1, TLSv1.
SslOptions.Builder	sslContext(Consumer<SslContextBuilder> contextBuilderCustomizer) Applies a SslContextBuilder customizer by calling Consumer.accept(Object)
SslOptions.Builder	sslParameters(Supplier<SSLParameters> sslParametersSupplier) Configures a Supplier to create SSLParameters.
SslOptions.Builder	trustManager(File certCollection) Sets the certificate file to load trusted certificates.
SslOptions.Builder	trustManager(SslOptions.Resource certCollection) Sets the certificate resource to load trusted certificates.
SslOptions.Builder	trustManager(TrustManagerFactory trustManagerFactory) Sets the TrustManagerFactory.
SslOptions.Builder	truststore(File truststore) Sets the Truststore file to load trusted certificates.
SslOptions.Builder	truststore(File truststore, String truststorePassword) Sets the Truststore file to load trusted certificates.
SslOptions.Builder	truststore(SslOptions.Resource resource, char[] truststorePassword) Sets the Truststore resource to load trusted certificates.
SslOptions.Builder	truststore(URL truststore) Sets the Truststore resource to load trusted certificates.
SslOptions.Builder	truststore(URL truststore, String truststorePassword) Sets the Truststore resource to load trusted certificates.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

cipherSuites

public SslOptions.Builder cipherSuites(String... cipherSuites)

Sets the cipher suites to use.

Parameters:

cipherSuites - cipher suites to use.

Returns:

this

Since:

5.3

jdkSslProvider

public SslOptions.Builder jdkSslProvider()

Use the JDK SSL provider for SSL connections.

Returns:

this

openSslProvider

public SslOptions.Builder openSslProvider()

Use the OpenSSL provider for SSL connections. The OpenSSL provider requires the netty-tcnative dependency with the OpenSSL JNI binary.

Returns:

this

Throws:

IllegalStateException - if OpenSSL is not available

handshakeTimeout

public SslOptions.Builder handshakeTimeout(Duration timeout)

Sets a timeout for the SSL handshake.

Parameters:

timeout - Duration.

Returns:

this

Since:

5.3.2

keyStoreType

public SslOptions.Builder keyStoreType(String keyStoreType)

Sets the KeyStore type. Defaults to KeyStore.getDefaultType() if not set.

Parameters:

keyStoreType - the keystore type to use, must not be null.

Returns:

this

Since:

5.3

keystore

public SslOptions.Builder keystore(File keystore)

Sets the Keystore file to load client certificates. The key store file must be supported by KeyStore which is KeyStore.getDefaultType() by default. The keystore is reloaded on each connection attempt that allows to replace certificates during runtime.

Parameters:

keystore - the keystore file, must not be null.

Returns:

this

Since:

4.4

keystore

public SslOptions.Builder keystore(File keystore,
                                   char[] keystorePassword)

Sets the Keystore file to load client certificates. The keystore file must be supported by KeyStore which is KeyStore.getDefaultType() by default. The keystore is reloaded on each connection attempt that allows to replace certificates during runtime.

Parameters:

keystore - the keystore file, must not be null.

keystorePassword - the keystore password. May be empty to omit password and the keystore integrity check.

Returns:

this

Since:

4.4

keystore

public SslOptions.Builder keystore(URL keystore)

Sets the Keystore resource to load client certificates. The keystore file must be supported by KeyStore which is KeyStore.getDefaultType() by default. The keystore is reloaded on each connection attempt that allows to replace certificates during runtime.

Parameters:

keystore - the keystore URL, must not be null.

Returns:

this

Since:

4.4

keystore

public SslOptions.Builder keystore(URL keystore,
                                   char[] keystorePassword)

Sets the Keystore resource to load client certificates. The keystore file must be supported by KeyStore which is KeyStore.getDefaultType() by default. The keystore is reloaded on each connection attempt that allows to replace certificates during runtime.

Parameters:

keystore - the keystore file, must not be null.

Returns:

this

Since:

4.4

keyManager

public SslOptions.Builder keyManager(File keyCertChainFile,
                                     File keyFile,
                                     char[] keyPassword)

Sets the key file and its certificate to use for client authentication. The key is reloaded on each connection attempt that allows to replace certificates during runtime.

Parameters:

keyCertChainFile - an X.509 certificate chain file in PEM format.

keyFile - a PKCS#8 private key file in PEM format.

keyPassword - the password of the keyFile, or null if it's not password-protected.

Returns:

this

Since:

5.3

keyManager

public SslOptions.Builder keyManager(SslOptions.Resource keyCertChain,
                                     SslOptions.Resource key,
                                     char[] keyPassword)

Sets the key and its certificate to use for client authentication. The key is reloaded on each connection attempt that allows to replace certificates during runtime.

Parameters:

keyCertChain - an SslOptions.Resource for a X.509 certificate chain in PEM format.

key - an SslOptions.Resource for a PKCS#8 private key in PEM format.

keyPassword - the password of the keyFile, or null if it's not password-protected.

Returns:

this

Since:

5.3

See Also:

SslOptions.Resource

keyManager

public SslOptions.Builder keyManager(KeyManagerFactory keyManagerFactory)

Sets the KeyManagerFactory.

Parameters:

keyManagerFactory - the KeyManagerFactory to use.

Returns:

this

Since:

5.3

keystore

public SslOptions.Builder keystore(SslOptions.Resource resource,
                                   char[] keystorePassword)

Sets the Java Keystore resource to load client certificates. The keystore file must be supported by KeyStore which is KeyStore.getDefaultType() by default. The keystore is reloaded on each connection attempt that allows to replace certificates during runtime.

Parameters:

resource - the provider that opens a InputStream to the keystore file, must not be null.

keystorePassword - the keystore password. May be empty to omit password and the keystore integrity check.

Returns:

this

Since:

5.3

protocols

public SslOptions.Builder protocols(String... protocols)

Sets the protocol used for the connection established to Redis Server, such as TLSv1.2, TLSv1.1, TLSv1.

Parameters:

protocols - list of desired protocols to use.

Returns:

this

Since:

5.3

truststore

public SslOptions.Builder truststore(File truststore)

Sets the Truststore file to load trusted certificates. The truststore file must be supported by KeyStore which is KeyStore.getDefaultType() by default. The truststore is reloaded on each connection attempt that allows to replace certificates during runtime.

Parameters:

truststore - the truststore file, must not be null.

Returns:

this

truststore

public SslOptions.Builder truststore(File truststore,
                                     String truststorePassword)

Sets the Truststore file to load trusted certificates. The truststore file must be supported by KeyStore which is KeyStore.getDefaultType() by default. The truststore is reloaded on each connection attempt that allows to replace certificates during runtime.

Parameters:

truststore - the truststore file, must not be null.

truststorePassword - the truststore password. May be empty to omit password and the truststore integrity check.

Returns:

this

truststore

public SslOptions.Builder truststore(URL truststore)

Sets the Truststore resource to load trusted certificates. The truststore resource must be supported by KeyStore which is KeyStore.getDefaultType() by default. The truststore is reloaded on each connection attempt that allows to replace certificates during runtime.

Parameters:

truststore - the truststore file, must not be null.

Returns:

this

truststore

public SslOptions.Builder truststore(URL truststore,
                                     String truststorePassword)

Sets the Truststore resource to load trusted certificates. The truststore resource must be supported by KeyStore which is KeyStore.getDefaultType() by default. The truststore is reloaded on each connection attempt that allows to replace certificates during runtime.

Parameters:

truststore - the truststore file, must not be null.

truststorePassword - the truststore password. May be empty to omit password and the truststore integrity check.

Returns:

this

trustManager

public SslOptions.Builder trustManager(File certCollection)

Sets the certificate file to load trusted certificates. The file must provide X.509 certificates in PEM format. Certificates are reloaded on each connection attempt that allows to replace certificates during runtime.

Parameters:

certCollection - the X.509 certificate collection in PEM format.

Returns:

this

Since:

5.3

trustManager

public SslOptions.Builder trustManager(SslOptions.Resource certCollection)

Sets the certificate resource to load trusted certificates. The file must provide X.509 certificates in PEM format. Certificates are reloaded on each connection attempt that allows to replace certificates during runtime.

Parameters:

certCollection - the X.509 certificate collection in PEM format.

Returns:

this

Since:

5.3

trustManager

public SslOptions.Builder trustManager(TrustManagerFactory trustManagerFactory)

Sets the TrustManagerFactory.

Parameters:

trustManagerFactory - the TrustManagerFactory to use.

Returns:

this

Since:

5.3

truststore

public SslOptions.Builder truststore(SslOptions.Resource resource,
                                     char[] truststorePassword)

Sets the Truststore resource to load trusted certificates. The truststore resource must be supported by KeyStore which is KeyStore.getDefaultType() by default. The truststore is reloaded on each connection attempt that allows to replace certificates during runtime.

Parameters:

resource - the provider that opens a InputStream to the keystore file, must not be null.

truststorePassword - the truststore password. May be empty to omit password and the truststore integrity check.

Returns:

this

sslContext

public SslOptions.Builder sslContext(Consumer<SslContextBuilder> contextBuilderCustomizer)

Applies a SslContextBuilder customizer by calling Consumer.accept(Object)

Parameters:

contextBuilderCustomizer - builder callback to customize the SslContextBuilder.

Returns:

this

Since:

5.3

sslParameters

public SslOptions.Builder sslParameters(Supplier<SSLParameters> sslParametersSupplier)

Configures a Supplier to create SSLParameters.

Parameters:

sslParametersSupplier - Supplier for SSLParameters.

Returns:

this

Since:

5.3

build

public SslOptions build()

Create a new instance of SslOptions

Returns:

new instance of SslOptions