Package io.lettuce.core
Class SslOptions.Builder
- java.lang.Object
-
- io.lettuce.core.SslOptions.Builder
-
- Enclosing class:
- SslOptions
public static class SslOptions.Builder extends Object
Builder forSslOptions
.
-
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description SslOptions
build()
Create a new instance ofSslOptions
SslOptions.Builder
cipherSuites(String... cipherSuites)
Sets the cipher suites to use.SslOptions.Builder
handshakeTimeout(Duration timeout)
Sets a timeout for the SSL handshake.SslOptions.Builder
jdkSslProvider()
Use the JDK SSL provider for SSL connections.SslOptions.Builder
keyManager(SslOptions.Resource keyCertChain, SslOptions.Resource key, char[] keyPassword)
Sets the key and its certificate to use for client authentication.SslOptions.Builder
keyManager(File keyCertChainFile, File keyFile, char[] keyPassword)
Sets the key file and its certificate to use for client authentication.SslOptions.Builder
keyManager(KeyManagerFactory keyManagerFactory)
Sets theKeyManagerFactory
.SslOptions.Builder
keystore(SslOptions.Resource resource, char[] keystorePassword)
Sets the Java Keystore resource to load client certificates.SslOptions.Builder
keystore(File keystore)
Sets the Keystore file to load client certificates.SslOptions.Builder
keystore(File keystore, char[] keystorePassword)
Sets the Keystore file to load client certificates.SslOptions.Builder
keystore(URL keystore)
Sets the Keystore resource to load client certificates.SslOptions.Builder
keystore(URL keystore, char[] keystorePassword)
Sets the Keystore resource to load client certificates.SslOptions.Builder
keyStoreType(String keyStoreType)
Sets the KeyStore type.SslOptions.Builder
openSslProvider()
Use the OpenSSL provider for SSL connections.SslOptions.Builder
protocols(String... protocols)
Sets the protocol used for the connection established to Redis Server, such asTLSv1.2, TLSv1.1, TLSv1
.SslOptions.Builder
sslContext(Consumer<SslContextBuilder> contextBuilderCustomizer)
Applies aSslContextBuilder
customizer by callingConsumer.accept(Object)
SslOptions.Builder
sslParameters(Supplier<SSLParameters> sslParametersSupplier)
Configures aSupplier
to createSSLParameters
.SslOptions.Builder
trustManager(SslOptions.Resource certCollection)
Sets the certificate resource to load trusted certificates.SslOptions.Builder
trustManager(File certCollection)
Sets the certificate file to load trusted certificates.SslOptions.Builder
trustManager(TrustManagerFactory trustManagerFactory)
Sets theTrustManagerFactory
.SslOptions.Builder
truststore(SslOptions.Resource resource, char[] truststorePassword)
Sets the Truststore resource to load trusted certificates.SslOptions.Builder
truststore(File truststore)
Sets the Truststore file to load trusted certificates.SslOptions.Builder
truststore(File truststore, String truststorePassword)
Sets the Truststore file to load trusted certificates.SslOptions.Builder
truststore(URL truststore)
Sets the Truststore resource to load trusted certificates.SslOptions.Builder
truststore(URL truststore, String truststorePassword)
Sets the Truststore resource to load trusted certificates.
-
-
-
Method Detail
-
cipherSuites
public SslOptions.Builder cipherSuites(String... cipherSuites)
Sets the cipher suites to use.- Parameters:
cipherSuites
- cipher suites to use.- Returns:
this
- Since:
- 5.3
-
jdkSslProvider
public SslOptions.Builder jdkSslProvider()
Use the JDK SSL provider for SSL connections.- Returns:
this
-
openSslProvider
public SslOptions.Builder openSslProvider()
Use the OpenSSL provider for SSL connections. The OpenSSL provider requires thenetty-tcnative
dependency with the OpenSSL JNI binary.- Returns:
this
- Throws:
IllegalStateException
- if OpenSSL is not available
-
handshakeTimeout
public SslOptions.Builder handshakeTimeout(Duration timeout)
Sets a timeout for the SSL handshake.- Parameters:
timeout
-Duration
.- Returns:
this
- Since:
- 5.3.2
-
keyStoreType
public SslOptions.Builder keyStoreType(String keyStoreType)
Sets the KeyStore type. Defaults toKeyStore.getDefaultType()
if not set.- Parameters:
keyStoreType
- the keystore type to use, must not benull
.- Returns:
this
- Since:
- 5.3
-
keystore
public SslOptions.Builder keystore(File keystore)
Sets the Keystore file to load client certificates. The key store file must be supported byKeyStore
which isKeyStore.getDefaultType()
by default. The keystore is reloaded on each connection attempt that allows to replace certificates during runtime.- Parameters:
keystore
- the keystore file, must not benull
.- Returns:
this
- Since:
- 4.4
-
keystore
public SslOptions.Builder keystore(File keystore, char[] keystorePassword)
Sets the Keystore file to load client certificates. The keystore file must be supported byKeyStore
which isKeyStore.getDefaultType()
by default. The keystore is reloaded on each connection attempt that allows to replace certificates during runtime.- Parameters:
keystore
- the keystore file, must not benull
.keystorePassword
- the keystore password. May be empty to omit password and the keystore integrity check.- Returns:
this
- Since:
- 4.4
-
keystore
public SslOptions.Builder keystore(URL keystore)
Sets the Keystore resource to load client certificates. The keystore file must be supported byKeyStore
which isKeyStore.getDefaultType()
by default. The keystore is reloaded on each connection attempt that allows to replace certificates during runtime.- Parameters:
keystore
- the keystore URL, must not benull
.- Returns:
this
- Since:
- 4.4
-
keystore
public SslOptions.Builder keystore(URL keystore, char[] keystorePassword)
Sets the Keystore resource to load client certificates. The keystore file must be supported byKeyStore
which isKeyStore.getDefaultType()
by default. The keystore is reloaded on each connection attempt that allows to replace certificates during runtime.- Parameters:
keystore
- the keystore file, must not benull
.- Returns:
this
- Since:
- 4.4
-
keyManager
public SslOptions.Builder keyManager(File keyCertChainFile, File keyFile, char[] keyPassword)
Sets the key file and its certificate to use for client authentication. The key is reloaded on each connection attempt that allows to replace certificates during runtime.- Parameters:
keyCertChainFile
- an X.509 certificate chain file in PEM format.keyFile
- a PKCS#8 private key file in PEM format.keyPassword
- the password of thekeyFile
, ornull
if it's not password-protected.- Returns:
this
- Since:
- 5.3
-
keyManager
public SslOptions.Builder keyManager(SslOptions.Resource keyCertChain, SslOptions.Resource key, char[] keyPassword)
Sets the key and its certificate to use for client authentication. The key is reloaded on each connection attempt that allows to replace certificates during runtime.- Parameters:
keyCertChain
- anSslOptions.Resource
for a X.509 certificate chain in PEM format.key
- anSslOptions.Resource
for a PKCS#8 private key in PEM format.keyPassword
- the password of thekeyFile
, ornull
if it's not password-protected.- Returns:
this
- Since:
- 5.3
- See Also:
SslOptions.Resource
-
keyManager
public SslOptions.Builder keyManager(KeyManagerFactory keyManagerFactory)
Sets theKeyManagerFactory
.- Parameters:
keyManagerFactory
- theKeyManagerFactory
to use.- Returns:
this
- Since:
- 5.3
-
keystore
public SslOptions.Builder keystore(SslOptions.Resource resource, char[] keystorePassword)
Sets the Java Keystore resource to load client certificates. The keystore file must be supported byKeyStore
which isKeyStore.getDefaultType()
by default. The keystore is reloaded on each connection attempt that allows to replace certificates during runtime.- Parameters:
resource
- the provider that opens aInputStream
to the keystore file, must not benull
.keystorePassword
- the keystore password. May be empty to omit password and the keystore integrity check.- Returns:
this
- Since:
- 5.3
-
protocols
public SslOptions.Builder protocols(String... protocols)
Sets the protocol used for the connection established to Redis Server, such asTLSv1.2, TLSv1.1, TLSv1
.- Parameters:
protocols
- list of desired protocols to use.- Returns:
this
- Since:
- 5.3
-
truststore
public SslOptions.Builder truststore(File truststore)
Sets the Truststore file to load trusted certificates. The truststore file must be supported byKeyStore
which isKeyStore.getDefaultType()
by default. The truststore is reloaded on each connection attempt that allows to replace certificates during runtime.- Parameters:
truststore
- the truststore file, must not benull
.- Returns:
this
-
truststore
public SslOptions.Builder truststore(File truststore, String truststorePassword)
Sets the Truststore file to load trusted certificates. The truststore file must be supported byKeyStore
which isKeyStore.getDefaultType()
by default. The truststore is reloaded on each connection attempt that allows to replace certificates during runtime.- Parameters:
truststore
- the truststore file, must not benull
.truststorePassword
- the truststore password. May be empty to omit password and the truststore integrity check.- Returns:
this
-
truststore
public SslOptions.Builder truststore(URL truststore)
Sets the Truststore resource to load trusted certificates. The truststore resource must be supported byKeyStore
which isKeyStore.getDefaultType()
by default. The truststore is reloaded on each connection attempt that allows to replace certificates during runtime.- Parameters:
truststore
- the truststore file, must not benull
.- Returns:
this
-
truststore
public SslOptions.Builder truststore(URL truststore, String truststorePassword)
Sets the Truststore resource to load trusted certificates. The truststore resource must be supported byKeyStore
which isKeyStore.getDefaultType()
by default. The truststore is reloaded on each connection attempt that allows to replace certificates during runtime.- Parameters:
truststore
- the truststore file, must not benull
.truststorePassword
- the truststore password. May be empty to omit password and the truststore integrity check.- Returns:
this
-
trustManager
public SslOptions.Builder trustManager(File certCollection)
Sets the certificate file to load trusted certificates. The file must provide X.509 certificates in PEM format. Certificates are reloaded on each connection attempt that allows to replace certificates during runtime.- Parameters:
certCollection
- the X.509 certificate collection in PEM format.- Returns:
this
- Since:
- 5.3
-
trustManager
public SslOptions.Builder trustManager(SslOptions.Resource certCollection)
Sets the certificate resource to load trusted certificates. The file must provide X.509 certificates in PEM format. Certificates are reloaded on each connection attempt that allows to replace certificates during runtime.- Parameters:
certCollection
- the X.509 certificate collection in PEM format.- Returns:
this
- Since:
- 5.3
-
trustManager
public SslOptions.Builder trustManager(TrustManagerFactory trustManagerFactory)
Sets theTrustManagerFactory
.- Parameters:
trustManagerFactory
- theTrustManagerFactory
to use.- Returns:
this
- Since:
- 5.3
-
truststore
public SslOptions.Builder truststore(SslOptions.Resource resource, char[] truststorePassword)
Sets the Truststore resource to load trusted certificates. The truststore resource must be supported byKeyStore
which isKeyStore.getDefaultType()
by default. The truststore is reloaded on each connection attempt that allows to replace certificates during runtime.- Parameters:
resource
- the provider that opens aInputStream
to the keystore file, must not benull
.truststorePassword
- the truststore password. May be empty to omit password and the truststore integrity check.- Returns:
this
-
sslContext
public SslOptions.Builder sslContext(Consumer<SslContextBuilder> contextBuilderCustomizer)
Applies aSslContextBuilder
customizer by callingConsumer.accept(Object)
- Parameters:
contextBuilderCustomizer
- builder callback to customize theSslContextBuilder
.- Returns:
this
- Since:
- 5.3
-
sslParameters
public SslOptions.Builder sslParameters(Supplier<SSLParameters> sslParametersSupplier)
Configures aSupplier
to createSSLParameters
.- Parameters:
sslParametersSupplier
-Supplier
forSSLParameters
.- Returns:
this
- Since:
- 5.3
-
build
public SslOptions build()
Create a new instance ofSslOptions
- Returns:
- new instance of
SslOptions
-
-