Class SSLCredential

java.lang.Object
io.netty.internal.tcnative.SSLCredential
public final class SSLCredential extends Object
SSL_CREDENTIAL management for BoringSSL. This class provides methods to create and manage SSL_CREDENTIAL objects, which are used to configure credentials for SSL/TLS connections in BoringSSL.

This API is only supported when using BoringSSL. For usage instructions and detailed documentation, see the BoringSSL SSL_CREDENTIAL documentation.

SSL_CREDENTIAL objects allow fine-grained control over certificate and private key configuration, including support for multiple credentials, delegated credentials, and SPAKE2+ authentication.

  • Constructor Summary

    Constructors
    Modifier
    Constructor
    Description
    private
    SSLCredential()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    static void
    free(long cred)
    Free an SSL_CREDENTIAL and decrement its reference count.
    static long
    newDelegated()
    Create a new delegated SSL_CREDENTIAL.
    static long
    newX509()
    Create a new X509 SSL_CREDENTIAL.
    static void
    setCertChain(long cred, long chain)
    Set the certificate chain for an SSL_CREDENTIAL.
    static void
    setCertificateProperties(long cred, byte[] properties)
    Set the certificate properties for an SSL_CREDENTIAL.
    static void
    setDelegatedCredential(long cred, byte[] delegatedCred)
    Set the delegated credential for an SSL_CREDENTIAL.
    static void
    setMustMatchIssuer(long cred, boolean mustMatch)
    Set whether the issuer must match for an SSL_CREDENTIAL.
    static void
    setOcspResponse(long cred, byte[] response)
    Set the OCSP response for an SSL_CREDENTIAL.
    static void
    setPrivateKey(long cred, long key)
    Set the private key for an SSL_CREDENTIAL.
    static void
    setSignedCertTimestampList(long cred, byte[] sctList)
    Set the signed certificate timestamp list for an SSL_CREDENTIAL.
    static void
    setSigningAlgorithmPrefs(long cred, int[] prefs)
    Set the signing algorithm preferences for an SSL_CREDENTIAL.
    static void
    setTrustAnchorId(long cred, byte[] id)
    Set the trust anchor ID for an SSL_CREDENTIAL.
    static void
    upRef(long cred)
    Increment the reference count of an SSL_CREDENTIAL.

    Methods inherited from class Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • SSLCredential

      private SSLCredential()

  • Method Details

    • newX509

      public static long newX509() throws Exception
      Create a new X509 SSL_CREDENTIAL.

      This is a BoringSSL-specific feature. See SSL_CREDENTIAL_new_x509 for detailed documentation.

      Returns:
      the SSL_CREDENTIAL instance (SSL_CREDENTIAL *)
      Throws:
      Exception - if an error occurred

    • upRef

      public static void upRef(long cred) throws Exception
      Increment the reference count of an SSL_CREDENTIAL.

      This is a BoringSSL-specific feature. See SSL_CREDENTIAL_up_ref for detailed documentation.

      Parameters:
      cred - the SSL_CREDENTIAL instance (SSL_CREDENTIAL *)
      Throws:
      Exception - if an error occurred

    • free

      public static void free(long cred) throws Exception
      Free an SSL_CREDENTIAL and decrement its reference count.

      This is a BoringSSL-specific feature. See SSL_CREDENTIAL_free for detailed documentation.

      Parameters:
      cred - the SSL_CREDENTIAL instance (SSL_CREDENTIAL *)
      Throws:
      Exception - if an error occurred

    • setPrivateKey

      public static void setPrivateKey(long cred, long key) throws Exception
      Set the private key for an SSL_CREDENTIAL.

      This is a BoringSSL-specific feature. See SSL_CREDENTIAL_set1_private_key for detailed documentation.

      Parameters:
      cred - the SSL_CREDENTIAL instance (SSL_CREDENTIAL *)
      key - the private key (EVP_PKEY *)
      Throws:
      Exception - if an error occurred

    • setCertChain

      public static void setCertChain(long cred, long chain) throws Exception
      Set the certificate chain for an SSL_CREDENTIAL.

      This is a BoringSSL-specific feature. See SSL_CREDENTIAL_set1_cert_chain for detailed documentation.

      Parameters:
      cred - the SSL_CREDENTIAL instance (SSL_CREDENTIAL *)
      chain - the certificate chain (STACK_OF(CRYPTO_BUFFER) *)
      Throws:
      Exception - if an error occurred

    • setOcspResponse

      public static void setOcspResponse(long cred, byte[] response) throws Exception
      Set the OCSP response for an SSL_CREDENTIAL.

      This is a BoringSSL-specific feature. See SSL_CREDENTIAL_set1_ocsp_response for detailed documentation.

      Parameters:
      cred - the SSL_CREDENTIAL instance (SSL_CREDENTIAL *)
      response - the OCSP response bytes
      Throws:
      Exception - if an error occurred

    • setSigningAlgorithmPrefs

      public static void setSigningAlgorithmPrefs(long cred, int[] prefs) throws Exception
      Set the signing algorithm preferences for an SSL_CREDENTIAL.

      This is a BoringSSL-specific feature. See SSL_CREDENTIAL_set1_signing_algorithm_prefs for detailed documentation.

      Parameters:
      cred - the SSL_CREDENTIAL instance (SSL_CREDENTIAL *)
      prefs - the signing algorithm preferences
      Throws:
      Exception - if an error occurred

    • setCertificateProperties

      public static void setCertificateProperties(long cred, byte[] properties) throws Exception
      Set the certificate properties for an SSL_CREDENTIAL.

      This is a BoringSSL-specific feature. See SSL_CREDENTIAL_set1_certificate_properties for detailed documentation.

      Parameters:
      cred - the SSL_CREDENTIAL instance (SSL_CREDENTIAL *)
      properties - the certificate properties
      Throws:
      Exception - if an error occurred

    • setSignedCertTimestampList

      public static void setSignedCertTimestampList(long cred, byte[] sctList) throws Exception
      Set the signed certificate timestamp list for an SSL_CREDENTIAL.

      This is a BoringSSL-specific feature. See SSL_CREDENTIAL_set1_signed_cert_timestamp_list for detailed documentation.

      Parameters:
      cred - the SSL_CREDENTIAL instance (SSL_CREDENTIAL *)
      sctList - the signed certificate timestamp list
      Throws:
      Exception - if an error occurred

    • setMustMatchIssuer

      public static void setMustMatchIssuer(long cred, boolean mustMatch) throws Exception
      Set whether the issuer must match for an SSL_CREDENTIAL.

      This is a BoringSSL-specific feature. See SSL_CREDENTIAL_set_must_match_issuer for detailed documentation.

      Parameters:
      cred - the SSL_CREDENTIAL instance (SSL_CREDENTIAL *)
      mustMatch - true if issuer must match, false otherwise
      Throws:
      Exception - if an error occurred

    • setTrustAnchorId

      public static void setTrustAnchorId(long cred, byte[] id) throws Exception
      Set the trust anchor ID for an SSL_CREDENTIAL.

      This is a BoringSSL-specific feature for trust anchor configuration. See SSL_CREDENTIAL_set1_trust_anchor_id for detailed documentation.

      Parameters:
      cred - the SSL_CREDENTIAL instance (SSL_CREDENTIAL *)
      id - the trust anchor ID
      Throws:
      Exception - if an error occurred

    • newDelegated

      public static long newDelegated() throws Exception
      Create a new delegated SSL_CREDENTIAL.

      This is a BoringSSL-specific feature for delegated credential support. See SSL_CREDENTIAL_new_delegated for detailed documentation.

      Returns:
      the delegated SSL_CREDENTIAL instance (SSL_CREDENTIAL *)
      Throws:
      Exception - if an error occurred

    • setDelegatedCredential

      public static void setDelegatedCredential(long cred, byte[] delegatedCred) throws Exception
      Set the delegated credential for an SSL_CREDENTIAL.

      This is a BoringSSL-specific feature for delegated credential configuration. See SSL_CREDENTIAL_set1_delegated_credential for detailed documentation.

      Parameters:
      cred - the SSL_CREDENTIAL instance (SSL_CREDENTIAL *)
      delegatedCred - the delegated credential bytes
      Throws:
      Exception - if an error occurred