Package software.amazon.awssdk.crt.io

Class TlsContextPkcs11Options

java.lang.Object

software.amazon.awssdk.crt.CrtResource

software.amazon.awssdk.crt.io.TlsContextPkcs11Options

All Implemented Interfaces:

AutoCloseable

public class TlsContextPkcs11Options
extends CrtResource

Options for TLS using a PKCS#11 library for private key operations.

See Also:

• TlsContextOptions.withMtlsPkcs11(TlsContextPkcs11Options)

Nested Class Summary

Nested classes/interfaces inherited from class software.amazon.awssdk.crt.CrtResource

CrtResource.ResourceInstance

Constructor Summary

Constructors

Constructor	Description
TlsContextPkcs11Options(Pkcs11Lib pkcs11Lib)	Constructor

Method Summary

Modifier and Type	Method	Description
TlsContextPkcs11Options	withCertificateFileContents(String contents)	Use this X.509 certificate (contents in memory).
TlsContextPkcs11Options	withCertificateFilePath(String path)	Use this X.509 certificate (file on disk).
TlsContextPkcs11Options	withPrivateKeyObjectLabel(String label)	Specify the label of the private key object on the PKCS#11 token.
TlsContextPkcs11Options	withSlotId(long slotId)	Specify the slot ID containing a PKCS#11 token.
TlsContextPkcs11Options	withTokenLabel(String label)	Specify the label of the PKCS#11 token to use.
TlsContextPkcs11Options	withUserPin(String pin)	Use this PIN to log the user into the PKCS#11 token.

Methods inherited from class software.amazon.awssdk.crt.CrtResource

addRef, addReferenceTo, close, collectNativeResource, collectNativeResources, decRef, getNativeHandle, getResourceLogDescription, isNull, logNativeResources, logNativeResources, removeReferenceTo, setDescription, waitForNoResources

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

TlsContextPkcs11Options

public TlsContextPkcs11Options(Pkcs11Lib pkcs11Lib)

Constructor

Parameters:

pkcs11Lib - use this PKCS#11 library

Method Details

withUserPin

public TlsContextPkcs11Options withUserPin(String pin)

Use this PIN to log the user into the PKCS#11 token. Leave unspecified to log into a token with a "protected authentication path".

Parameters:

pin - PIN

Returns:

this

withSlotId

public TlsContextPkcs11Options withSlotId(long slotId)

Specify the slot ID containing a PKCS#11 token. If not specified, the token will be chosen based on other criteria (such as token label).

Parameters:

slotId - slot ID

Returns:

this

withTokenLabel

public TlsContextPkcs11Options withTokenLabel(String label)

Specify the label of the PKCS#11 token to use. If not specified, the token will be chosen based on other criteria (such as slot ID).

Parameters:

label - label of token

Returns:

this

withPrivateKeyObjectLabel

public TlsContextPkcs11Options withPrivateKeyObjectLabel(String label)

Specify the label of the private key object on the PKCS#11 token. If not specified, the key will be chosen based on other criteria (such as being the only available private key on the token).

Parameters:

label - label of private key object

Returns:

this

withCertificateFilePath

public TlsContextPkcs11Options withCertificateFilePath(String path)

Use this X.509 certificate (file on disk). The certificate may be specified by other means instead (ex: withCertificateFileContents(java.lang.String))

Parameters:

path - path to PEM-formatted certificate file on disk.

Returns:

this

withCertificateFileContents

public TlsContextPkcs11Options withCertificateFileContents(String contents)

Use this X.509 certificate (contents in memory). The certificate may be specified by other means instead (ex: withCertificateFilePath(java.lang.String))

Parameters:

contents - contents of PEM-formatted certificate file.

Returns:

this