SSLContextBuilder (WildFly Elytron 1.6.7.Final API)

java.lang.Object
- org.wildfly.security.ssl.SSLContextBuilder

```
public final class SSLContextBuilder
extends Object
```
A class which allows building and configuration of a single client- or server-side SSL context. The builder requires, at a minimum, that a key manager be set; all other parameters have default values as follows:
- The security domain defaults to being empty (no client authentication possible)
- The principal decoder defaults to the default principal decoder
- The cipher suite selector defaults to CipherSuiteSelector.openSslDefault()
- The protocol suite selector defaults to ProtocolSelector.DEFAULT_SELECTOR
- The "require client authentication" flag defaults to false
- The provider supplier defaults to Security::getProviders
Author:

David M. Lloyd

Constructor Summary

Constructors
Constructor and Description

SSLContextBuilder()

Constructors
Constructor and Description
`SSLContextBuilder()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`SecurityFactory<SSLContext>`	`build()` Build a security factory for the new context.
`SSLContextBuilder`	`setAuthenticationOptional(boolean authenticationOptional)` Where a SecurityDomain is associated with this Builder if the client presents a certificate an attempt will be made to obtain a SecurityIdentity by using the certificate for authentication, setting this flag to `true` allows for a failed authentication to be silently ignored.
`SSLContextBuilder`	`setCipherSuiteSelector(CipherSuiteSelector cipherSuiteSelector)` Set the cipher suite selector to use for this context.
`SSLContextBuilder`	`setClientMode(boolean clientMode)` Set the client mode of the target SSL context.
`SSLContextBuilder`	`setKeyManager(X509ExtendedKeyManager keyManager)` Set the key manager which should be used to hold identities for this context.
`SSLContextBuilder`	`setKeyManagerSecurityFactory(SecurityFactory<X509ExtendedKeyManager> keyManagerSecurityFactory)` Set the factory for the key manager which should be used to hold identities for this context.
`SSLContextBuilder`	`setMechanismConfigurationSelector(MechanismConfigurationSelector mechanismConfigurationSelector)` Set selector of mechanism configuration for `ServerAuthenticationContext`, which will be used for SSL client authentication.
`SSLContextBuilder`	`setNeedClientAuth(boolean needClientAuth)` Force the SSLContext created by this builder to need client authentication.
`SSLContextBuilder`	`setProtocolSelector(ProtocolSelector protocolSelector)` Set the protocol selector to use for this context.
`SSLContextBuilder`	`setProviderName(String name)` Set the provider name.
`SSLContextBuilder`	`setProviderSupplier(Supplier<Provider[]> providerSupplier)` Set the provider supplier.
`SSLContextBuilder`	`setSecurityDomain(SecurityDomain securityDomain)` Set the security domain to use to authenticate clients.
`SSLContextBuilder`	`setSessionCacheSize(int sessionCacheSize)` Sets the size of the cache used for storing SSLSession objects.
`SSLContextBuilder`	`setSessionTimeout(int sessionTimeout)` Sets the timeout limit for SSLSession objects.
`SSLContextBuilder`	`setTrustManager(X509TrustManager trustManager)` Set the trust manager which should be used to hold identities for this context.
`SSLContextBuilder`	`setTrustManagerSecurityFactory(SecurityFactory<X509TrustManager> trustManagerSecurityFactory)` Set the factory for the trust manager which should be used for the initial trust decisions during connection.
`SSLContextBuilder`	`setUseCipherSuitesOrder(boolean useCipherSuitesOrder)` Sets whether the local cipher suites preference should be honored.
`SSLContextBuilder`	`setWantClientAuth(boolean wantClientAuth)` Force the SSLContext created by this builder to want client authentication.
`SSLContextBuilder`	`setWrap(boolean wrap)` Set if the configured SSL engine and sockets created using the SSL context should be wrapped to prevent modification to the configuration.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - SSLContextBuilder
```
public SSLContextBuilder()
```
- Method Detail
  - setSecurityDomain
```
public SSLContextBuilder setSecurityDomain(SecurityDomain securityDomain)
```
    Set the security domain to use to authenticate clients.
    
    Parameters:
    
    securityDomain - the security domain to use to authenticate clients, or null to disable client certificate authentication
  - setCipherSuiteSelector
```
public SSLContextBuilder setCipherSuiteSelector(CipherSuiteSelector cipherSuiteSelector)
```
    Set the cipher suite selector to use for this context.
    
    Parameters:
    
    cipherSuiteSelector - the cipher suite selector (not null)
  - setProtocolSelector
```
public SSLContextBuilder setProtocolSelector(ProtocolSelector protocolSelector)
```
    Set the protocol selector to use for this context.
    
    Parameters:
    
    protocolSelector - the protocol selector to use for this context (not null)
  - setUseCipherSuitesOrder
```
public SSLContextBuilder setUseCipherSuitesOrder(boolean useCipherSuitesOrder)
```
    Sets whether the local cipher suites preference should be honored.
    
    Parameters:
    
    useCipherSuitesOrder - whether the local cipher suites preference should be honored.
  - setWantClientAuth
```
public SSLContextBuilder setWantClientAuth(boolean wantClientAuth)
```
    Force the SSLContext created by this builder to want client authentication. The SSLContext returned by this builder will be configured to want client authentication if this value is set to true OR of a SecurityDomain is associated.
    
    Parameters:
    
    wantClientAuth - should the SSLContext be forced to want client authentication.
  - setNeedClientAuth
```
public SSLContextBuilder setNeedClientAuth(boolean needClientAuth)
```
    Force the SSLContext created by this builder to need client authentication. The SSLContext returned by this builder will be configured to need client authentication if this value is set to true.
    
    Parameters:
    
    needClientAuth - should the SSLContext be forced to need client authentication.
  - setAuthenticationOptional
```
public SSLContextBuilder setAuthenticationOptional(boolean authenticationOptional)
```
    Where a SecurityDomain is associated with this Builder if the client presents a certificate an attempt will be made to obtain a SecurityIdentity by using the certificate for authentication, setting this flag to true allows for a failed authentication to be silently ignored. This setting does not bypass any certificate checking performed by the underlying TrustManager so failure there will still cause the connection attempt to be aborted. The reason this setting would be used would be to enable a fallback to another authentication mechanism after the connection is established. Note: Where this is no security domain associated there is no authentication step so this value will be ignored.
    
    Parameters:
    
    authenticationOptional - should the authentication step be allowed to silently fail.
  - setSessionCacheSize
```
public SSLContextBuilder setSessionCacheSize(int sessionCacheSize)
```
    Sets the size of the cache used for storing SSLSession objects.
    
    Parameters:
    
    sessionCacheSize - the size of the cache used for storing SSLSession objects.
    
    Returns:
    
    The SSLContextBuilder to allow chaining of method calls.
  - setSessionTimeout
```
public SSLContextBuilder setSessionTimeout(int sessionTimeout)
```
    Sets the timeout limit for SSLSession objects.
    
    Parameters:
    
    sessionTimeout - the timeout limit for SSLSession objects.
    
    Returns:
    
    The SSLContextBuilder to allow chaining of method calls.
  - setKeyManagerSecurityFactory
```
public SSLContextBuilder setKeyManagerSecurityFactory(SecurityFactory<X509ExtendedKeyManager> keyManagerSecurityFactory)
```
    Set the factory for the key manager which should be used to hold identities for this context.
    
    Parameters:
    
    keyManagerSecurityFactory - the security factory which produces the key manager (not null)
  - setKeyManager
```
public SSLContextBuilder setKeyManager(X509ExtendedKeyManager keyManager)
```
    Set the key manager which should be used to hold identities for this context.
    
    Parameters:
    
    keyManager - the security factory which produces the key manager (not null)
  - setTrustManagerSecurityFactory
```
public SSLContextBuilder setTrustManagerSecurityFactory(SecurityFactory<X509TrustManager> trustManagerSecurityFactory)
```
    Set the factory for the trust manager which should be used for the initial trust decisions during connection.
    
    Parameters:
    
    trustManagerSecurityFactory - the factory for the trust manager which should be used for the initial trust decisions during connection (not null).
  - setTrustManager
```
public SSLContextBuilder setTrustManager(X509TrustManager trustManager)
```
    Set the trust manager which should be used to hold identities for this context.
    
    Parameters:
    
    trustManager - the trust manager which should be used to hold identities for this context (not null).
  - setProviderSupplier
```
public SSLContextBuilder setProviderSupplier(Supplier<Provider[]> providerSupplier)
```
    Set the provider supplier.
    
    Parameters:
    
    providerSupplier - the provider supplier (not null)
  - setProviderName
```
public SSLContextBuilder setProviderName(String name)
```
    Set the provider name.
    
    Parameters:
    
    name - the provider name (if null and provider is allowed)
    
    Returns:
    
    this builder
  - setClientMode
```
public SSLContextBuilder setClientMode(boolean clientMode)
```
    Set the client mode of the target SSL context.
    
    Parameters:
    
    clientMode - true to use client mode, false otherwise
    
    Returns:
    
    this builder
  - setWrap
```
public SSLContextBuilder setWrap(boolean wrap)
```
    Set if the configured SSL engine and sockets created using the SSL context should be wrapped to prevent modification to the configuration. Defaults to true.
    
    Parameters:
    
    wrap - should the engine or socket created by the SSL context be wrapped to prevent modification to the configuration.
    
    Returns:
    
    this builder
  - setMechanismConfigurationSelector
```
public SSLContextBuilder setMechanismConfigurationSelector(MechanismConfigurationSelector mechanismConfigurationSelector)
```
    Set selector of mechanism configuration for ServerAuthenticationContext, which will be used for SSL client authentication.
    
    Parameters:
    
    mechanismConfigurationSelector - mechanism configuration selector to be used by ServerAuthenticationContext in SSL authentication.
    
    Returns:
    
    this builder
  - build
```
public SecurityFactory<SSLContext> build()
```
    Build a security factory for the new context. The factory will cache the constructed instance.
    
    Returns:
    
    the security factory

Class SSLContextBuilder

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

SSLContextBuilder

Method Detail

setSecurityDomain

setCipherSuiteSelector

setProtocolSelector

setUseCipherSuitesOrder

setWantClientAuth

setNeedClientAuth

setAuthenticationOptional

setSessionCacheSize

setSessionTimeout

setKeyManagerSecurityFactory

setKeyManager

setTrustManagerSecurityFactory

setTrustManager

setProviderSupplier

setProviderName

setClientMode

setWrap

setMechanismConfigurationSelector

build