public final class SslOptions extends Object
Modifier and Type | Class and Description |
---|---|
static class |
SslOptions.ClientAuth
The desired SSL client authentication mode for SSL channels in server mode.
|
Modifier and Type | Field and Description |
---|---|
static String |
PKCS12
PKCS12 constant.
|
static String |
TLS_V1_2
TLSv1.2.
|
static String |
TLS_V1_3
TLSv1.3 protocol.
|
static String |
X509
X509 constant.
|
Constructor and Description |
---|
SslOptions() |
Modifier and Type | Method and Description |
---|---|
static Optional<SslOptions> |
from(com.typesafe.config.Config conf)
Get SSL options from application configuration.
|
static Optional<SslOptions> |
from(com.typesafe.config.Config conf,
String... key)
Get SSL options from application configuration.
|
String |
getCert()
A PKCS12 or X.509 certificate chain file in PEM format.
|
SslOptions.ClientAuth |
getClientAuth()
The desired SSL client authentication mode for SSL channels in server mode.
|
String |
getPassword()
Certificate password.
|
String |
getPrivateKey()
Private key file location.
|
List<String> |
getProtocol()
Specify the enabled protocols for an SSL/TLS session.
|
InputStream |
getResource(ClassLoader loader,
String path)
Search for a resource at the given path.
|
String |
getTrustCert()
A PKCS12 or X.509 certificate chain file in PEM format.
|
String |
getTrustPassword()
Trust certificate password.
|
String |
getType()
Certificate type.
|
static SslOptions |
pkcs12(String crt,
String password)
Creates SSL options for PKCS12 certificate type.
|
static SslOptions |
selfSigned()
Creates SSL options using a self-signed certificate using PKCS12.
|
static SslOptions |
selfSigned(String type)
Creates SSL options using a self-signed certificate.
|
SslOptions |
setCert(String cert)
Set certificate path.
|
SslOptions |
setClientAuth(SslOptions.ClientAuth clientAuth)
Set desired SSL client authentication mode for SSL channels in server mode.
|
SslOptions |
setPassword(String password)
Certificate password.
|
SslOptions |
setPrivateKey(String privateKey)
Set private key file location.
|
SslOptions |
setProtocol(List<String> protocol)
Specify the enabled protocols for an SSL/TLS session.
|
SslOptions |
setProtocol(String... protocol)
Specify the enabled protocols for an SSL/TLS session.
|
SslOptions |
setTrustCert(String trustCert)
Set certificate path.
|
SslOptions |
setTrustPassword(String password)
Set trust certificate password.
|
SslOptions |
setType(String type)
Set certificate type.
|
String |
toString() |
static SslOptions |
x509(String crt,
String key)
Creates SSL options for X.509 certificate type.
|
static SslOptions |
x509(String crt,
String key,
String password)
Creates SSL options for X.509 certificate type.
|
public static final String TLS_V1_2
public static final String TLS_V1_3
public static final String X509
public static final String PKCS12
public String getType()
PKCS12
.PKCS12
.@Nonnull public SslOptions setType(@Nonnull String type)
type
- Certificate type.@Nonnull public String getCert()
@Nonnull public SslOptions setCert(@Nonnull String cert)
cert
- Certificate path or location.@Nullable public String getTrustCert()
SslOptions.ClientAuth.REQUIRED
or SslOptions.ClientAuth.REQUESTED
.SslOptions.ClientAuth.REQUIRED
or
SslOptions.ClientAuth.REQUESTED
.@Nonnull public SslOptions setTrustCert(@Nullable String trustCert)
trustCert
- Certificate path or location.@Nullable public String getTrustPassword()
@Nonnull public SslOptions setTrustPassword(@Nullable String password)
password
- Certificate password.@Nullable public String getPrivateKey()
@Nonnull public SslOptions setPrivateKey(@Nullable String privateKey)
privateKey
- Private key file location. A PKCS#8 private key file in PEM format. It can
be an absolute path or a classpath resource. Required when using X.509 certificates.@Nonnull public SslOptions setPassword(@Nullable String password)
password
- Certificate password.@Nullable public String getPassword()
@Nonnull public InputStream getResource(@Nonnull ClassLoader loader, @Nonnull String path) throws IOException
loader
- Class loader.path
- Path (file system path or classpath).IOException
- If file not found or can't be read it.@Nonnull public SslOptions.ClientAuth getClientAuth()
SslOptions.ClientAuth.REQUESTED
.@Nonnull public SslOptions setClientAuth(@Nonnull SslOptions.ClientAuth clientAuth)
clientAuth
- The desired SSL client authentication mode for SSL channels in server mode.@Nonnull public List<String> getProtocol()
TLSv1.2
and
TLSv1.3
.
If a listed protocol is not supported, it is ignored; however, if you specify a list of
protocols, none of which are supported, an exception will be thrown.
Please note TLSv1.3 protocol is available in:
- 8u261-b12 from Oracle JDK
- TLS 1.3 support in OpenJDK is (beside Azul's OpenJSSE) expected to come into 8u272.
- Java 11.0.3 or higher.TLSv1.2
and TLSv1.3
.@Nonnull public SslOptions setProtocol(@Nonnull String... protocol)
protocol
- TLS protocols.@Nonnull public SslOptions setProtocol(@Nonnull List<String> protocol)
protocol
- TLS protocols.@Nonnull public static SslOptions x509(@Nonnull String crt, @Nonnull String key)
crt
- Certificate path or location.key
- Private key path or location.@Nonnull public static SslOptions x509(@Nonnull String crt, @Nonnull String key, @Nullable String password)
crt
- Certificate path or location.key
- Private key path or location.password
- Password.public static SslOptions pkcs12(@Nonnull String crt, @Nonnull String password)
crt
- Certificate path or location.password
- Password.public static SslOptions selfSigned()
localhost
.public static SslOptions selfSigned(String type)
localhost
.type
- Certificate type: PKCS12
or X509
.@Nonnull public static Optional<SslOptions> from(@Nonnull com.typesafe.config.Config conf)
server.ssl
or ssl
.
PKCS12 example:
server { ssl { type: PKCS12 cert: mycertificate.crt password: mypassword } }X509 example:
server { ssl { type: X509 cert: mycertificate.crt key: mykey.key } }
conf
- Application configuration.@Nonnull public static Optional<SslOptions> from(@Nonnull com.typesafe.config.Config conf, String... key)
server { ssl { type: PKCS12 cert: mycertificate.crt password: mypassword } }X509 example:
server { ssl { type: X509 cert: mycertificate.crt key: mykey.key } }
conf
- Application configuration.key
- Path to use for loading SSL options. Required.Copyright © 2022. All rights reserved.