Class SslContextFactory

java.lang.Object
com.loomcache.common.config.SslContextFactory
public final class SslContextFactory extends Object
Factory for creating SSLContext, SSLServerSocket, SSLSocket, and optional Netty SslContext instances from LoomCache TlsConfig.

The existing socket transport uses standard JDK SSLSocket (blocking I/O) which pairs well with Java 25 virtual threads — virtual threads unmount on blocking socket ops, so we get the simplicity of blocking TLS with the scalability of async. Netty SslContext creation is available for transports that can consume Netty's OpenSSL/BoringSSL provider via netty-tcnative.

Thread-safe: SSLContext is safe for concurrent use after initialization.

  • Constructor Details

    • SslContextFactory

      public SslContextFactory()

  • Method Details

    • createSslContext

      public static SSLContext createSslContext(TlsConfig config) throws GeneralSecurityException, IOException
      Create an SSLContext from TlsConfig.
      Parameters:
      config - TLS configuration (must be enabled)
      Returns:
      initialized SSLContext
      Throws:
      GeneralSecurityException - if keystore/truststore loading fails
      IOException - if keystore/truststore files cannot be read

    • createNettyServerContext

      public static io.netty.handler.ssl.SslContext createNettyServerContext(TlsConfig config) throws GeneralSecurityException, IOException
      Create a Netty server SslContext from TlsConfig.
      Parameters:
      config - TLS configuration (must be enabled)
      Returns:
      initialized Netty SslContext
      Throws:
      GeneralSecurityException - if keystore/truststore loading or provider selection fails
      IOException - if keystore/truststore files cannot be read

    • createNettyClientContext

      public static io.netty.handler.ssl.SslContext createNettyClientContext(TlsConfig config) throws GeneralSecurityException, IOException
      Create a Netty client SslContext from TlsConfig.
      Parameters:
      config - TLS configuration (must be enabled)
      Returns:
      initialized Netty SslContext
      Throws:
      GeneralSecurityException - if keystore/truststore loading or provider selection fails
      IOException - if keystore/truststore files cannot be read

    • isOpenSslAvailable

      public static boolean isOpenSslAvailable()
      Whether Netty's OpenSSL/BoringSSL provider is available in this process.
      Returns:
      true if Netty can create OpenSSL-backed contexts

    • openSslAvailabilityDescription

      public static String openSslAvailabilityDescription()
      Human-readable OpenSSL/BoringSSL provider status for diagnostics.
      Returns:
      availability description

    • createServerSocket

      public static ServerSocket createServerSocket(TlsConfig config, SSLContext sslContext, int port) throws IOException
      Create an SSL server socket bound to the given port.
      Parameters:
      config - TLS configuration
      sslContext - the SSLContext to use
      port - the port to bind to
      Returns:
      bound SSLServerSocket with configured protocols and cipher suites
      Throws:
      IOException

    • createServerSocket

      public static ServerSocket createServerSocket(TlsConfig config, SSLContext sslContext, @Nullable String bindHost, int port) throws IOException
      Throws:
      IOException

    • createClientSocket

      public static Socket createClientSocket(TlsConfig config, SSLContext sslContext, String host, int port, int connectTimeoutMs) throws IOException
      Create an SSL client socket connected to the given host:port.
      Parameters:
      config - TLS configuration
      sslContext - the SSLContext to use
      host - target host
      port - target port
      connectTimeoutMs - connection timeout in milliseconds
      Returns:
      connected SSLSocket with configured protocols
      Throws:
      IOException - if connection fails or hostname verification fails