Package io.lettuce.core

Class SslOptions.Builder

    • Method Detail

      • cipherSuites

        public SslOptions.Builder cipherSuites​(String... cipherSuites)
        Sets the cipher suites to use.
        Parameters:
        cipherSuites - cipher suites to use.
        Returns:
        this
        Since:
        5.3

      • jdkSslProvider

        public SslOptions.Builder jdkSslProvider()
        Use the JDK SSL provider for SSL connections.
        Returns:
        this

      • openSslProvider

        public SslOptions.Builder openSslProvider()
        Use the OpenSSL provider for SSL connections. The OpenSSL provider requires the netty-tcnative dependency with the OpenSSL JNI binary.
        Returns:
        this
        Throws:
        IllegalStateException - if OpenSSL is not available

      • handshakeTimeout

        public SslOptions.Builder handshakeTimeout​(Duration timeout)
        Sets a timeout for the SSL handshake.
        Parameters:
        timeout - Duration.
        Returns:
        this
        Since:
        5.3.2

      • keyStoreType

        public SslOptions.Builder keyStoreType​(String keyStoreType)
        Sets the KeyStore type. Defaults to KeyStore.getDefaultType() if not set.
        Parameters:
        keyStoreType - the keystore type to use, must not be null.
        Returns:
        this
        Since:
        5.3

      • keystore

        public SslOptions.Builder keystore​(File keystore)
        Sets the Keystore file to load client certificates. The key store file must be supported by KeyStore which is KeyStore.getDefaultType() by default. The keystore is reloaded on each connection attempt that allows to replace certificates during runtime.
        Parameters:
        keystore - the keystore file, must not be null.
        Returns:
        this
        Since:
        4.4

      • keystore

        public SslOptions.Builder keystore​(File keystore,
                                   char[] keystorePassword)
        Sets the Keystore file to load client certificates. The keystore file must be supported by KeyStore which is KeyStore.getDefaultType() by default. The keystore is reloaded on each connection attempt that allows to replace certificates during runtime.
        Parameters:
        keystore - the keystore file, must not be null.
        keystorePassword - the keystore password. May be empty to omit password and the keystore integrity check.
        Returns:
        this
        Since:
        4.4

      • keystore

        public SslOptions.Builder keystore​(URL keystore)
        Sets the Keystore resource to load client certificates. The keystore file must be supported by KeyStore which is KeyStore.getDefaultType() by default. The keystore is reloaded on each connection attempt that allows to replace certificates during runtime.
        Parameters:
        keystore - the keystore URL, must not be null.
        Returns:
        this
        Since:
        4.4

      • keystore

        public SslOptions.Builder keystore​(URL keystore,
                                   char[] keystorePassword)
        Sets the Keystore resource to load client certificates. The keystore file must be supported by KeyStore which is KeyStore.getDefaultType() by default. The keystore is reloaded on each connection attempt that allows to replace certificates during runtime.
        Parameters:
        keystore - the keystore file, must not be null.
        Returns:
        this
        Since:
        4.4

      • keyManager

        public SslOptions.Builder keyManager​(File keyCertChainFile,
                                     File keyFile,
                                     char[] keyPassword)
        Sets the key file and its certificate to use for client authentication. The key is reloaded on each connection attempt that allows to replace certificates during runtime.
        Parameters:
        keyCertChainFile - an X.509 certificate chain file in PEM format.
        keyFile - a PKCS#8 private key file in PEM format.
        keyPassword - the password of the keyFile, or null if it's not password-protected.
        Returns:
        this
        Since:
        5.3

      • keyManager

        public SslOptions.Builder keyManager​(SslOptions.Resource keyCertChain,
                                     SslOptions.Resource key,
                                     char[] keyPassword)
        Sets the key and its certificate to use for client authentication. The key is reloaded on each connection attempt that allows to replace certificates during runtime.
        Parameters:
        keyCertChain - an SslOptions.Resource for a X.509 certificate chain in PEM format.
        key - an SslOptions.Resource for a PKCS#8 private key in PEM format.
        keyPassword - the password of the keyFile, or null if it's not password-protected.
        Returns:
        this
        Since:
        5.3
        See Also:
        SslOptions.Resource

      • keystore

        public SslOptions.Builder keystore​(SslOptions.Resource resource,
                                   char[] keystorePassword)
        Sets the Java Keystore resource to load client certificates. The keystore file must be supported by KeyStore which is KeyStore.getDefaultType() by default. The keystore is reloaded on each connection attempt that allows to replace certificates during runtime.
        Parameters:
        resource - the provider that opens a InputStream to the keystore file, must not be null.
        keystorePassword - the keystore password. May be empty to omit password and the keystore integrity check.
        Returns:
        this
        Since:
        5.3

      • protocols

        public SslOptions.Builder protocols​(String... protocols)
        Sets the protocol used for the connection established to Redis Server, such as TLSv1.2, TLSv1.1, TLSv1.
        Parameters:
        protocols - list of desired protocols to use.
        Returns:
        this
        Since:
        5.3

      • truststore

        public SslOptions.Builder truststore​(File truststore)
        Sets the Truststore file to load trusted certificates. The truststore file must be supported by KeyStore which is KeyStore.getDefaultType() by default. The truststore is reloaded on each connection attempt that allows to replace certificates during runtime.
        Parameters:
        truststore - the truststore file, must not be null.
        Returns:
        this

      • truststore

        public SslOptions.Builder truststore​(File truststore,
                                     String truststorePassword)
        Sets the Truststore file to load trusted certificates. The truststore file must be supported by KeyStore which is KeyStore.getDefaultType() by default. The truststore is reloaded on each connection attempt that allows to replace certificates during runtime.
        Parameters:
        truststore - the truststore file, must not be null.
        truststorePassword - the truststore password. May be empty to omit password and the truststore integrity check.
        Returns:
        this

      • truststore

        public SslOptions.Builder truststore​(URL truststore)
        Sets the Truststore resource to load trusted certificates. The truststore resource must be supported by KeyStore which is KeyStore.getDefaultType() by default. The truststore is reloaded on each connection attempt that allows to replace certificates during runtime.
        Parameters:
        truststore - the truststore file, must not be null.
        Returns:
        this

      • truststore

        public SslOptions.Builder truststore​(URL truststore,
                                     String truststorePassword)
        Sets the Truststore resource to load trusted certificates. The truststore resource must be supported by KeyStore which is KeyStore.getDefaultType() by default. The truststore is reloaded on each connection attempt that allows to replace certificates during runtime.
        Parameters:
        truststore - the truststore file, must not be null.
        truststorePassword - the truststore password. May be empty to omit password and the truststore integrity check.
        Returns:
        this

      • trustManager

        public SslOptions.Builder trustManager​(File certCollection)
        Sets the certificate file to load trusted certificates. The file must provide X.509 certificates in PEM format. Certificates are reloaded on each connection attempt that allows to replace certificates during runtime.
        Parameters:
        certCollection - the X.509 certificate collection in PEM format.
        Returns:
        this
        Since:
        5.3

      • trustManager

        public SslOptions.Builder trustManager​(SslOptions.Resource certCollection)
        Sets the certificate resource to load trusted certificates. The file must provide X.509 certificates in PEM format. Certificates are reloaded on each connection attempt that allows to replace certificates during runtime.
        Parameters:
        certCollection - the X.509 certificate collection in PEM format.
        Returns:
        this
        Since:
        5.3

      • truststore

        public SslOptions.Builder truststore​(SslOptions.Resource resource,
                                     char[] truststorePassword)
        Sets the Truststore resource to load trusted certificates. The truststore resource must be supported by KeyStore which is KeyStore.getDefaultType() by default. The truststore is reloaded on each connection attempt that allows to replace certificates during runtime.
        Parameters:
        resource - the provider that opens a InputStream to the keystore file, must not be null.
        truststorePassword - the truststore password. May be empty to omit password and the truststore integrity check.
        Returns:
        this