org.springframework.vault.support

Class SslConfiguration

java.lang.Object

org.springframework.vault.support.SslConfiguration

public class SslConfiguration
extends Object

SSL configuration.

Provides configuration for a key store and trust store for TLS certificate verification. Key store and trust store may be left unconfigured if the JDK trust store contains all necessary certificates to verify TLS certificates. The key store is used for Client Certificate authentication.

Author:

Mark Paluch, Ryan Gow

See Also:

Resource, KeyStore, ClientCertificateAuthentication

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	SslConfiguration.KeyConfiguration Configuration for a key in a keystore.
static class	SslConfiguration.KeyStoreConfiguration Configuration for a key store/trust store.

Field Summary

Fields

Modifier and Type	Field and Description
static String	DEFAULT_KEYSTORE_TYPE Constant for system-default keystore type.
static String	PEM_KEYSTORE_TYPE Constant for PEM-based keystore type.

Constructor Summary

Constructors

Constructor and Description
SslConfiguration(org.springframework.core.io.Resource keyStore, String keyStorePassword, org.springframework.core.io.Resource trustStore, String trustStorePassword) Deprecated. Since 1.1, use SslConfiguration(KeyStoreConfiguration, KeyStoreConfiguration) to prevent String interning and retaining passwords represented as String longer from GC than necessary.
SslConfiguration(SslConfiguration.KeyStoreConfiguration keyStoreConfiguration, SslConfiguration.KeyConfiguration keyConfiguration, SslConfiguration.KeyStoreConfiguration trustStoreConfiguration) Create a new SslConfiguration.
SslConfiguration(SslConfiguration.KeyStoreConfiguration keyStoreConfiguration, SslConfiguration.KeyConfiguration keyConfiguration, SslConfiguration.KeyStoreConfiguration trustStoreConfiguration, List<String> enabledProtocols, List<String> enabledCipherSuites) Create a new SslConfiguration.
SslConfiguration(SslConfiguration.KeyStoreConfiguration keyStoreConfiguration, SslConfiguration.KeyStoreConfiguration trustStoreConfiguration) Create a new SslConfiguration.
SslConfiguration(SslConfiguration.KeyStoreConfiguration keyStoreConfiguration, SslConfiguration.KeyStoreConfiguration trustStoreConfiguration, List<String> enabledProtocols, List<String> enabledCipherSuites) Create a new SslConfiguration.

Method Summary

Modifier and Type	Method and Description
static SslConfiguration	create(org.springframework.core.io.Resource keyStore, char[] keyStorePassword, org.springframework.core.io.Resource trustStore, char[] trustStorePassword) Create a new SslConfiguration for the given truststore with the default KeyStore type.
SslConfiguration	create(org.springframework.core.io.Resource keyStore, String keyStorePassword, org.springframework.core.io.Resource trustStore, String trustStorePassword) Deprecated. Since 1.1, use create(Resource, char[], Resource, char[]) to prevent String interning and retaining passwords represented as String longer from GC than necessary.
static SslConfiguration	forKeyStore(org.springframework.core.io.Resource keyStore, char[] keyStorePassword) Create a new SslConfiguration for the given key store with the default KeyStore type.
static SslConfiguration	forKeyStore(org.springframework.core.io.Resource keyStore, char[] keyStorePassword, SslConfiguration.KeyConfiguration keyConfiguration) Create a new SslConfiguration for the given key store with the default KeyStore type.
static SslConfiguration	forKeyStore(org.springframework.core.io.Resource keyStore, String keyStorePassword) Deprecated. Since 1.1, use forKeyStore(Resource, char[]) to prevent String interning and retaining passwords represented as String longer from GC than necessary.
static SslConfiguration	forKeyStore(SslConfiguration.KeyStoreConfiguration keyStore) Create a new SslConfiguration for the given key store.
static SslConfiguration	forKeyStore(SslConfiguration.KeyStoreConfiguration keyStore, SslConfiguration.KeyConfiguration keyConfiguration) Create a new SslConfiguration for the given key store and SslConfiguration.KeyConfiguration.
static SslConfiguration	forTrustStore(org.springframework.core.io.Resource trustStore, char[] trustStorePassword) Create a new SslConfiguration for the given trust store with the default KeyStore type.
static SslConfiguration	forTrustStore(org.springframework.core.io.Resource trustStore, String trustStorePassword) Deprecated. Since 1.1, use forTrustStore(Resource, char[]) to prevent String interning and retaining passwords represented as String longer from GC than necessary.
static SslConfiguration	forTrustStore(SslConfiguration.KeyStoreConfiguration trustStore) Create a new SslConfiguration for the given trust store.
List<String>	getEnabledCipherSuites() The list of SSL cipher suites that must be enabled.
List<String>	getEnabledProtocols() The list of SSL protocol versions that must be enabled.
SslConfiguration.KeyConfiguration	getKeyConfiguration()
org.springframework.core.io.Resource	getKeyStore()
SslConfiguration.KeyStoreConfiguration	getKeyStoreConfiguration()
String	getKeyStorePassword() Deprecated. Since 1.1, use SslConfiguration.KeyStoreConfiguration.getStorePassword() to prevent String interning and retaining passwords represented as String longer from GC than necessary.
org.springframework.core.io.Resource	getTrustStore()
SslConfiguration.KeyStoreConfiguration	getTrustStoreConfiguration()
String	getTrustStorePassword() Deprecated. Since 1.1, use SslConfiguration.KeyStoreConfiguration.getStorePassword() to prevent String interning and retaining passwords represented as String longer from GC than necessary.
static SslConfiguration	unconfigured() Factory method returning an unconfigured SslConfiguration instance.
SslConfiguration	withEnabledCipherSuites(List<String> enabledCipherSuites) Create a new SslConfiguration with the enabled cipher suites applied retaining the other configuration from this instance.
SslConfiguration	withEnabledCipherSuites(String... enabledCipherSuites) Create a new SslConfiguration with the enabled cipher suites applied retaining the other configuration from this instance.
SslConfiguration	withEnabledProtocols(List<String> enabledProtocols) Create a new SslConfiguration with the enabled protocol versions applied retaining the other configuration from this instance.
SslConfiguration	withEnabledProtocols(String... enabledProtocols) Create a new SslConfiguration with the enabled protocol versions applied retaining the other configuration from this instance.
SslConfiguration	withKeyStore(SslConfiguration.KeyStoreConfiguration configuration) Create a new SslConfiguration with SslConfiguration.KeyStoreConfiguration applied retaining the trust store configuration.
SslConfiguration	withKeyStore(SslConfiguration.KeyStoreConfiguration configuration, SslConfiguration.KeyConfiguration keyConfiguration) Create a new SslConfiguration with SslConfiguration.KeyStoreConfiguration and SslConfiguration.KeyConfiguration applied retaining the trust store configuration.
SslConfiguration	withTrustStore(SslConfiguration.KeyStoreConfiguration configuration) Create a new SslConfiguration with trust store configuration applied retaining the getKeyStoreConfiguration() key store} configuration.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

PEM_KEYSTORE_TYPE

public static final String PEM_KEYSTORE_TYPE

Constant for PEM-based keystore type.

Since:

2.3

See Also:

Constant Field Values

DEFAULT_KEYSTORE_TYPE

public static final String DEFAULT_KEYSTORE_TYPE

Constant for system-default keystore type.

Since:

2.3

Constructor Detail

SslConfiguration

@Deprecated
public SslConfiguration(org.springframework.core.io.Resource keyStore,
                                    @Nullable
                                    String keyStorePassword,
                                    org.springframework.core.io.Resource trustStore,
                                    @Nullable
                                    String trustStorePassword)

Deprecated. Since 1.1, use SslConfiguration(KeyStoreConfiguration, KeyStoreConfiguration) to prevent String interning and retaining passwords represented as String longer from GC than necessary.

Create a new SslConfiguration with the default KeyStore type.

Parameters:

keyStore - the key store resource, must not be null.

keyStorePassword - the key store password.

trustStore - the trust store resource, must not be null.

trustStorePassword - the trust store password.

SslConfiguration

public SslConfiguration(SslConfiguration.KeyStoreConfiguration keyStoreConfiguration,
                        SslConfiguration.KeyStoreConfiguration trustStoreConfiguration)

Create a new SslConfiguration.

Parameters:

keyStoreConfiguration - the key store configuration, must not be null.

trustStoreConfiguration - the trust store configuration, must not be null.

Since:

1.1

SslConfiguration

public SslConfiguration(SslConfiguration.KeyStoreConfiguration keyStoreConfiguration,
                        SslConfiguration.KeyConfiguration keyConfiguration,
                        SslConfiguration.KeyStoreConfiguration trustStoreConfiguration,
                        List<String> enabledProtocols,
                        List<String> enabledCipherSuites)

Create a new SslConfiguration.

Parameters:

keyStoreConfiguration - the key store configuration, must not be null.

trustStoreConfiguration - the trust store configuration, must not be null.

enabledProtocols - the enabled SSL protocols, elements must match protocol version strings used by the enabled Java SSL provider. May be null to indicate the SSL socket factory should use a default list of enabled protocol versions.

enabledCipherSuites - the enabled SSL cipher suites, elements must match cipher suite strings used by the enabled Java SSL provider. May be null to indicate the SSL socket factory should use a default list of enabled cipher suites.

Since:

2.3.2

See Also:

sun.security.ssl.ProtocolVersion, sun.security.ssl.CipherSuite

SslConfiguration

public SslConfiguration(SslConfiguration.KeyStoreConfiguration keyStoreConfiguration,
                        SslConfiguration.KeyConfiguration keyConfiguration,
                        SslConfiguration.KeyStoreConfiguration trustStoreConfiguration)

Create a new SslConfiguration.

Parameters:

keyStoreConfiguration - the key store configuration, must not be null.

keyConfiguration - the configuration for a specific key in keyStoreConfiguration to use.

trustStoreConfiguration - the trust store configuration, must not be null.

Since:

2.2

SslConfiguration

public SslConfiguration(SslConfiguration.KeyStoreConfiguration keyStoreConfiguration,
                        SslConfiguration.KeyStoreConfiguration trustStoreConfiguration,
                        List<String> enabledProtocols,
                        List<String> enabledCipherSuites)

Create a new SslConfiguration.

Parameters:

keyStoreConfiguration - the key store configuration, must not be null.

trustStoreConfiguration - the trust store configuration, must not be null.

enabledProtocols - the enabled SSL protocols, elements must match protocol version strings used by the enabled Java SSL provider. May be null to indicate the SSL socket factory should use a default list of enabled protocol versions.

enabledCipherSuites - the enabled SSL cipher suites, elements must match cipher suite strings used by the enabled Java SSL provider. May be null to indicate the SSL socket factory should use a default list of enabled cipher suites.

Since:

2.3.2

See Also:

sun.security.ssl.ProtocolVersion, sun.security.ssl.CipherSuite

Method Detail

forTrustStore

@Deprecated
public static SslConfiguration forTrustStore(org.springframework.core.io.Resource trustStore,
                                                         @Nullable
                                                         String trustStorePassword)

Deprecated. Since 1.1, use forTrustStore(Resource, char[]) to prevent String interning and retaining passwords represented as String longer from GC than necessary.

Create a new SslConfiguration for the given trust store with the default KeyStore type.

Parameters:

trustStore - resource pointing to an existing trust store, must not be null.

trustStorePassword - may be null.

Returns:

the created SslConfiguration.

See Also:

KeyStore

forTrustStore

public static SslConfiguration forTrustStore(org.springframework.core.io.Resource trustStore,
                                             @Nullable
                                             char[] trustStorePassword)

Create a new SslConfiguration for the given trust store with the default KeyStore type.

Parameters:

trustStore - resource pointing to an existing trust store, must not be null.

trustStorePassword - may be null.

Returns:

the created SslConfiguration.

See Also:

KeyStore

forTrustStore

public static SslConfiguration forTrustStore(SslConfiguration.KeyStoreConfiguration trustStore)

Create a new SslConfiguration for the given trust store.

Parameters:

trustStore - must not be null.

Returns:

a new SslConfiguration with trust store configuration applied.

Since:

2.2

See Also:

KeyStore

forKeyStore

@Deprecated
public static SslConfiguration forKeyStore(org.springframework.core.io.Resource keyStore,
                                                       @Nullable
                                                       String keyStorePassword)

Deprecated. Since 1.1, use forKeyStore(Resource, char[]) to prevent String interning and retaining passwords represented as String longer from GC than necessary.

Create a new SslConfiguration for the given key store with the default KeyStore type.

Parameters:

keyStore - resource pointing to an existing key store, must not be null.

keyStorePassword - may be null.

Returns:

the created SslConfiguration.

See Also:

KeyStore

forKeyStore

public static SslConfiguration forKeyStore(org.springframework.core.io.Resource keyStore,
                                           @Nullable
                                           char[] keyStorePassword)

Create a new SslConfiguration for the given key store with the default KeyStore type.

Parameters:

keyStore - resource pointing to an existing key store, must not be null.

keyStorePassword - may be null.

Returns:

the created SslConfiguration.

See Also:

KeyStore

forKeyStore

public static SslConfiguration forKeyStore(SslConfiguration.KeyStoreConfiguration keyStore)

Create a new SslConfiguration for the given key store.

Parameters:

keyStore - resource pointing to an existing key store, must not be null.

Returns:

the created SslConfiguration.

Since:

2.2

See Also:

KeyStore

forKeyStore

public static SslConfiguration forKeyStore(SslConfiguration.KeyStoreConfiguration keyStore,
                                           SslConfiguration.KeyConfiguration keyConfiguration)

Create a new SslConfiguration for the given key store and SslConfiguration.KeyConfiguration.

Parameters:

keyStore - resource pointing to an existing key store, must not be null.

keyConfiguration - the configuration for a specific key in keyStoreConfiguration to use.

Returns:

the created SslConfiguration.

Since:

2.2

See Also:

KeyStore

forKeyStore

public static SslConfiguration forKeyStore(org.springframework.core.io.Resource keyStore,
                                           @Nullable
                                           char[] keyStorePassword,
                                           SslConfiguration.KeyConfiguration keyConfiguration)

Create a new SslConfiguration for the given key store with the default KeyStore type.

Parameters:

keyStore - resource pointing to an existing key store, must not be null.

keyStorePassword - may be null.

keyConfiguration - the configuration for a specific key in keyStoreConfiguration to use.

Returns:

the created SslConfiguration.

Since:

2.2

See Also:

KeyStore

create

@Deprecated
public SslConfiguration create(org.springframework.core.io.Resource keyStore,
                                           @Nullable
                                           String keyStorePassword,
                                           org.springframework.core.io.Resource trustStore,
                                           @Nullable
                                           String trustStorePassword)

Deprecated. Since 1.1, use create(Resource, char[], Resource, char[]) to prevent String interning and retaining passwords represented as String longer from GC than necessary.

Create a new SslConfiguration for the given truststore with the default KeyStore type.

Parameters:

keyStore - resource pointing to an existing keystore, must not be null.

keyStorePassword - may be null.

trustStore - resource pointing to an existing trust store, must not be null.

trustStorePassword - may be null.

Returns:

the created SslConfiguration.

See Also:

KeyStore

create

public static SslConfiguration create(org.springframework.core.io.Resource keyStore,
                                      @Nullable
                                      char[] keyStorePassword,
                                      org.springframework.core.io.Resource trustStore,
                                      @Nullable
                                      char[] trustStorePassword)

Create a new SslConfiguration for the given truststore with the default KeyStore type.

Parameters:

keyStore - resource pointing to an existing keystore, must not be null.

keyStorePassword - may be null.

trustStore - resource pointing to an existing trust store, must not be null.

trustStorePassword - may be null.

Returns:

the created SslConfiguration.

See Also:

KeyStore

unconfigured

public static SslConfiguration unconfigured()

Factory method returning an unconfigured SslConfiguration instance.

Returns:

an unconfigured SslConfiguration instance.

Since:

2.0

getEnabledProtocols

public List<String> getEnabledProtocols()

The list of SSL protocol versions that must be enabled. A value of null indicates that the SSL socket factory should use a default list of enabled protocol versions.

Returns:

the list of enabled SSL protocol versions.

Since:

2.3.2

withEnabledProtocols

public SslConfiguration withEnabledProtocols(String... enabledProtocols)

Create a new SslConfiguration with the enabled protocol versions applied retaining the other configuration from this instance.

Parameters:

enabledProtocols - must not be null.

Returns:

a new SslConfiguration with the enabled protocol versions applied.

Since:

2.3.2

See Also:

sun.security.ssl.ProtocolVersion

withEnabledProtocols

public SslConfiguration withEnabledProtocols(List<String> enabledProtocols)

Create a new SslConfiguration with the enabled protocol versions applied retaining the other configuration from this instance.

Parameters:

enabledProtocols - must not be null.

Returns:

a new SslConfiguration with the enabled protocol versions applied.

Since:

2.3.2

See Also:

sun.security.ssl.ProtocolVersion

getEnabledCipherSuites

public List<String> getEnabledCipherSuites()

The list of SSL cipher suites that must be enabled. A value of null indicates that the SSL socket factory should use a default list of enabled cipher suites.

Returns:

the list of enabled SSL cipher suites.

Since:

2.3.2

withEnabledCipherSuites

public SslConfiguration withEnabledCipherSuites(String... enabledCipherSuites)

Create a new SslConfiguration with the enabled cipher suites applied retaining the other configuration from this instance.

Parameters:

enabledCipherSuites - must not be null.

Returns:

a new SslConfiguration with the enabled cipher suites applied.

Since:

2.3.2

See Also:

sun.security.ssl.CipherSuite

withEnabledCipherSuites

public SslConfiguration withEnabledCipherSuites(List<String> enabledCipherSuites)

Create a new SslConfiguration with the enabled cipher suites applied retaining the other configuration from this instance.

Parameters:

enabledCipherSuites - must not be null.

Returns:

a new SslConfiguration with the enabled cipher suites applied.

Since:

2.3.2

See Also:

sun.security.ssl.CipherSuite

getKeyStore

public org.springframework.core.io.Resource getKeyStore()

Returns:

the key store resource or null if not configured.

getKeyStorePassword

@Deprecated
 @Nullable
public String getKeyStorePassword()

Deprecated. Since 1.1, use SslConfiguration.KeyStoreConfiguration.getStorePassword() to prevent String interning and retaining passwords represented as String longer from GC than necessary.

Returns:

the key store password or null if not configured.

getKeyStoreConfiguration

public SslConfiguration.KeyStoreConfiguration getKeyStoreConfiguration()

Returns:

the key store configuration.

Since:

1.1

getKeyConfiguration

public SslConfiguration.KeyConfiguration getKeyConfiguration()

Returns:

the key configuration.

Since:

2.2

withKeyStore

public SslConfiguration withKeyStore(SslConfiguration.KeyStoreConfiguration configuration)

Create a new SslConfiguration with SslConfiguration.KeyStoreConfiguration applied retaining the trust store configuration.

Parameters:

configuration - must not be null.

Returns:

a new SslConfiguration with SslConfiguration.KeyStoreConfiguration applied.

Since:

2.0

withKeyStore

public SslConfiguration withKeyStore(SslConfiguration.KeyStoreConfiguration configuration,
                                     SslConfiguration.KeyConfiguration keyConfiguration)

Create a new SslConfiguration with SslConfiguration.KeyStoreConfiguration and SslConfiguration.KeyConfiguration applied retaining the trust store configuration.

Parameters:

configuration - must not be null.

keyConfiguration - the configuration for a specific key in keyStoreConfiguration to use.

Returns:

a new SslConfiguration with SslConfiguration.KeyStoreConfiguration and SslConfiguration.KeyConfiguration applied.

Since:

2.2

getTrustStore

public org.springframework.core.io.Resource getTrustStore()

Returns:

the key store resource or null if not configured.

getTrustStorePassword

@Deprecated
 @Nullable
public String getTrustStorePassword()

Deprecated. Since 1.1, use SslConfiguration.KeyStoreConfiguration.getStorePassword() to prevent String interning and retaining passwords represented as String longer from GC than necessary.

Returns:

the trust store password or null if not configured.

getTrustStoreConfiguration

public SslConfiguration.KeyStoreConfiguration getTrustStoreConfiguration()

Returns:

the trust store configuration.

Since:

1.1

withTrustStore

public SslConfiguration withTrustStore(SslConfiguration.KeyStoreConfiguration configuration)

Create a new SslConfiguration with trust store configuration applied retaining the getKeyStoreConfiguration() key store} configuration.

Parameters:

configuration - must not be null.

Returns:

a new SslConfiguration with trust store configuration applied.

Since:

2.0