io.jooby

Class SslOptions

java.lang.Object

io.jooby.SslOptions

public final class SslOptions
extends Object

SSL options for enabling HTTPs in Jooby. Jooby supports two certificate formats: - PKCS12 - X.509 Jooby doesn't support JKS format due it is a proprietary format, it favors the use of PKCS12 format.

Since:

2.3.0

Author:

edgar

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	SslOptions.ClientAuth The desired SSL client authentication mode for SSL channels in server mode.

Field Summary

Fields

Modifier and Type	Field and Description
static String	PKCS12 PKCS12 constant.
static String	X509 X509 constant.

Constructor Summary

Constructors

Constructor and Description
SslOptions()

Method Summary

Modifier and Type	Method and Description
static Optional<SslOptions>	from(com.typesafe.config.Config conf) Get SSL options from application configuration.
static Optional<SslOptions>	from(com.typesafe.config.Config conf, String... key) Get SSL options from application configuration.
String	getCert() A PKCS12 or X.509 certificate chain file in PEM format.
SslOptions.ClientAuth	getClientAuth() The desired SSL client authentication mode for SSL channels in server mode.
String	getPassword() Certificate password.
String	getPrivateKey() Private key file location.
InputStream	getResource(ClassLoader loader, String path) Search for a resource at the given path.
String	getTrustCert() A PKCS12 or X.509 certificate chain file in PEM format.
String	getTrustPassword() Trust certificate password.
String	getType() Certificate type.
static SslOptions	pkcs12(String crt, String password) Creates SSL options for PKCS12 certificate type.
static SslOptions	selfSigned() Creates SSL options using a self-signed certificate using PKCS12.
static SslOptions	selfSigned(String type) Creates SSL options using a self-signed certificate.
SslOptions	setCert(String cert) Set certificate path.
SslOptions	setClientAuth(SslOptions.ClientAuth clientAuth) Set desired SSL client authentication mode for SSL channels in server mode.
SslOptions	setPassword(String password) Certificate password.
SslOptions	setPrivateKey(String privateKey) Set private key file location.
SslOptions	setTrustCert(String trustCert) Set certificate path.
SslOptions	setTrustPassword(String password) Set trust certificate password.
SslOptions	setType(String type) Set certificate type.
String	toString()
static SslOptions	x509(String crt, String key) Creates SSL options for X.509 certificate type.
static SslOptions	x509(String crt, String key, String password) Creates SSL options for X.509 certificate type.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

X509

public static final String X509

X509 constant.

See Also:

Constant Field Values

PKCS12

public static final String PKCS12

PKCS12 constant.

See Also:

Constant Field Values

Constructor Detail

SslOptions

public SslOptions()

Method Detail

getType

public String getType()

Certificate type. Default is PKCS12.

Returns:

Certificate type. Default is PKCS12.

setType

@Nonnull
public SslOptions setType(@Nonnull
                                   String type)

Set certificate type.

Parameters:

type - Certificate type.

Returns:

Ssl options.

getCert

@Nonnull
public String getCert()

A PKCS12 or X.509 certificate chain file in PEM format. It can be an absolute path or a classpath resource. Required.

Returns:

A PKCS12 or X.509 certificate chain file in PEM format. It can be an absolute path or a classpath resource. Required.

setCert

@Nonnull
public SslOptions setCert(@Nonnull
                                   String cert)

Set certificate path. A PKCS12 or X.509 certificate chain file in PEM format. It can be an absolute path or a classpath resource. Required.

Parameters:

cert - Certificate path or location.

Returns:

Ssl options.

getTrustCert

@Nullable
public String getTrustCert()

A PKCS12 or X.509 certificate chain file in PEM format. It can be an absolute path or a classpath resource. Required for SslOptions.ClientAuth.REQUIRED or SslOptions.ClientAuth.REQUESTED.

Returns:

A PKCS12 or X.509 certificate chain file in PEM format. It can be an absolute path or a classpath resource. Required for SslOptions.ClientAuth.REQUIRED or SslOptions.ClientAuth.REQUESTED.

setTrustCert

@Nonnull
public SslOptions setTrustCert(@Nullable
                                        String trustCert)

Set certificate path. A PKCS12 or X.509 certificate chain file in PEM format. It can be an absolute path or a classpath resource. Required.

Parameters:

trustCert - Certificate path or location.

Returns:

Ssl options.

getTrustPassword

@Nullable
public String getTrustPassword()

Trust certificate password. Optional.

Returns:

Trust certificate password. Optional.

setTrustPassword

@Nonnull
public SslOptions setTrustPassword(@Nullable
                                            String password)

Set trust certificate password.

Parameters:

password - Certificate password.

Returns:

SSL options.

getPrivateKey

@Nullable
public String getPrivateKey()

Private key file location. A PKCS#8 private key file in PEM format. It can be an absolute path or a classpath resource. Required when using X.509 certificates.

Returns:

A PKCS#8 private key file in PEM format. It can be an absolute path or a classpath resource. Required when using X.509 certificates.

setPrivateKey

@Nonnull
public SslOptions setPrivateKey(@Nullable
                                         String privateKey)

Set private key file location. A PKCS#8 private key file in PEM format. It can be an absolute path or a classpath resource. Required when using X.509 certificates.

Parameters:

privateKey - Private key file location. A PKCS#8 private key file in PEM format. It can be an absolute path or a classpath resource. Required when using X.509 certificates.

Returns:

Ssl options.

setPassword

@Nonnull
public SslOptions setPassword(@Nullable
                                       String password)

Certificate password.

Parameters:

password - Certificate password.

Returns:

SSL options.

getPassword

@Nullable
public String getPassword()

Certificate password.

Returns:

Certificate password.

getResource

@Nonnull
public InputStream getResource(@Nonnull
                                        ClassLoader loader,
                                        @Nonnull
                                        String path)
                                 throws IOException

Search for a resource at the given path. This method uses the following order: - Look at file system for path as it is (absolute path) - Look at file system for path relative to current process dir - Look at class path for path

Parameters:

loader - Class loader.

path - Path (file system path or classpath).

Returns:

Resource.

Throws:

IOException - If file not found or can't be read it.

getClientAuth

@Nonnull
public SslOptions.ClientAuth getClientAuth()

The desired SSL client authentication mode for SSL channels in server mode. Default is: SslOptions.ClientAuth.REQUESTED.

Returns:

desired SSL client authentication mode for SSL channels in server mode.

setClientAuth

@Nonnull
public SslOptions setClientAuth(@Nonnull
                                         SslOptions.ClientAuth clientAuth)

Set desired SSL client authentication mode for SSL channels in server mode.

Parameters:

clientAuth - The desired SSL client authentication mode for SSL channels in server mode.

Returns:

This options.

toString

public String toString()

Overrides:

toString in class Object

x509

@Nonnull
public static SslOptions x509(@Nonnull
                                       String crt,
                                       @Nonnull
                                       String key)

Creates SSL options for X.509 certificate type.

Parameters:

crt - Certificate path or location.

key - Private key path or location.

Returns:

New SSL options.

x509

@Nonnull
public static SslOptions x509(@Nonnull
                                       String crt,
                                       @Nonnull
                                       String key,
                                       @Nullable
                                       String password)

Creates SSL options for X.509 certificate type.

Parameters:

crt - Certificate path or location.

key - Private key path or location.

password - Password.

Returns:

New SSL options.

pkcs12

public static SslOptions pkcs12(@Nonnull
                                String crt,
                                @Nonnull
                                String password)

Creates SSL options for PKCS12 certificate type.

Parameters:

crt - Certificate path or location.

password - Password.

Returns:

New SSL options.

selfSigned

public static SslOptions selfSigned()

Creates SSL options using a self-signed certificate using PKCS12. Useful for development. Certificate works for localhost.

Returns:

New SSL options.

selfSigned

public static SslOptions selfSigned(String type)

Creates SSL options using a self-signed certificate. Useful for development. Certificate works for localhost.

Parameters:

type - Certificate type: PKCS12 or X509.

Returns:

New SSL options.

from

@Nonnull
public static Optional<SslOptions> from(@Nonnull
                                                 com.typesafe.config.Config conf)

Get SSL options from application configuration. Configuration must be at server.ssl or ssl. PKCS12 example:

   server {
     ssl {
       type: PKCS12
       cert: mycertificate.crt
       password: mypassword
     }
   }
 

X509 example:

   server {
     ssl {
       type: X509
       cert: mycertificate.crt
       key: mykey.key
     }
   }
 

Parameters:

conf - Application configuration.

Returns:

SSl options or empty.

from

@Nonnull
public static Optional<SslOptions> from(@Nonnull
                                                 com.typesafe.config.Config conf,
                                                 String... key)

Get SSL options from application configuration. It looks for ssl options at the given path(s). PKCS12 example:

   server {
     ssl {
       type: PKCS12
       cert: mycertificate.crt
       password: mypassword
     }
   }
 

X509 example:

   server {
     ssl {
       type: X509
       cert: mycertificate.crt
       key: mykey.key
     }
   }
 

Parameters:

conf - Application configuration.

key - Path to use for loading SSL options. Required.

Returns:

SSl options or empty.