public class SslConfiguration extends Object
Provides configuration for a key store and trust store for TLS certificate verification. Key store and trust store may be left unconfigured if the JDK trust store contains all necessary certificates to verify TLS certificates. The key store is used for Client Certificate authentication.
Resource
,
KeyStore
,
ClientCertificateAuthentication
Modifier and Type | Class and Description |
---|---|
static class |
SslConfiguration.KeyConfiguration
Configuration for a key in a keystore.
|
static class |
SslConfiguration.KeyStoreConfiguration
Configuration for a key store/trust store.
|
Modifier and Type | Field and Description |
---|---|
static String |
DEFAULT_KEYSTORE_TYPE
Constant for system-default keystore type.
|
static String |
PEM_KEYSTORE_TYPE
Constant for PEM-based keystore type.
|
Modifier and Type | Method and Description |
---|---|
static SslConfiguration |
create(Resource keyStore,
char[] keyStorePassword,
Resource trustStore,
char[] trustStorePassword)
Create a new
SslConfiguration for the given truststore with the default
KeyStore type. |
SslConfiguration |
create(Resource keyStore,
String keyStorePassword,
Resource trustStore,
String trustStorePassword)
Deprecated.
Since 1.1, use
create(Resource, char[], Resource, char[]) to
prevent String interning and retaining passwords represented as String
longer from GC than necessary. |
static SslConfiguration |
forKeyStore(Resource keyStore,
char[] keyStorePassword)
Create a new
SslConfiguration for the given key store with the default
KeyStore type. |
static SslConfiguration |
forKeyStore(Resource keyStore,
char[] keyStorePassword,
SslConfiguration.KeyConfiguration keyConfiguration)
Create a new
SslConfiguration for the given key store with the default
KeyStore type. |
static SslConfiguration |
forKeyStore(Resource keyStore,
String keyStorePassword)
Deprecated.
Since 1.1, use
forKeyStore(Resource, char[]) to prevent
String interning and retaining passwords represented as String longer from
GC than necessary. |
static SslConfiguration |
forKeyStore(SslConfiguration.KeyStoreConfiguration keyStore)
Create a new
SslConfiguration for the given key store . |
static SslConfiguration |
forKeyStore(SslConfiguration.KeyStoreConfiguration keyStore,
SslConfiguration.KeyConfiguration keyConfiguration)
|
static SslConfiguration |
forTrustStore(Resource trustStore,
char[] trustStorePassword)
Create a new
SslConfiguration for the given trust store with the default
KeyStore type. |
static SslConfiguration |
forTrustStore(Resource trustStore,
String trustStorePassword)
Deprecated.
Since 1.1, use
forTrustStore(Resource, char[]) to prevent
String interning and retaining passwords represented as String longer from
GC than necessary. |
static SslConfiguration |
forTrustStore(SslConfiguration.KeyStoreConfiguration trustStore)
Create a new
SslConfiguration for the given trust store . |
List<String> |
getEnabledCipherSuites()
The list of SSL cipher suites that must be enabled.
|
List<String> |
getEnabledProtocols()
The list of SSL protocol versions that must be enabled.
|
SslConfiguration.KeyConfiguration |
getKeyConfiguration() |
Resource |
getKeyStore() |
SslConfiguration.KeyStoreConfiguration |
getKeyStoreConfiguration() |
String |
getKeyStorePassword()
Deprecated.
Since 1.1, use
SslConfiguration.KeyStoreConfiguration.getStorePassword() to
prevent String interning and retaining passwords represented as String
longer from GC than necessary. |
Resource |
getTrustStore() |
SslConfiguration.KeyStoreConfiguration |
getTrustStoreConfiguration() |
String |
getTrustStorePassword()
Deprecated.
Since 1.1, use
SslConfiguration.KeyStoreConfiguration.getStorePassword() to
prevent String interning and retaining passwords represented as String
longer from GC than necessary. |
static SslConfiguration |
unconfigured()
Factory method returning an unconfigured
SslConfiguration instance. |
SslConfiguration |
withEnabledCipherSuites(List<String> enabledCipherSuites)
Create a new
SslConfiguration with the enabled cipher suites applied
retaining the other configuration from this instance. |
SslConfiguration |
withEnabledCipherSuites(String... enabledCipherSuites)
Create a new
SslConfiguration with the enabled cipher suites applied
retaining the other configuration from this instance. |
SslConfiguration |
withEnabledProtocols(List<String> enabledProtocols)
Create a new
SslConfiguration with the enabled protocol versions applied
retaining the other configuration from this instance. |
SslConfiguration |
withEnabledProtocols(String... enabledProtocols)
Create a new
SslConfiguration with the enabled protocol versions applied
retaining the other configuration from this instance. |
SslConfiguration |
withKeyStore(SslConfiguration.KeyStoreConfiguration configuration)
Create a new
SslConfiguration with SslConfiguration.KeyStoreConfiguration applied
retaining the trust store configuration. |
SslConfiguration |
withKeyStore(SslConfiguration.KeyStoreConfiguration configuration,
SslConfiguration.KeyConfiguration keyConfiguration)
Create a new
SslConfiguration with SslConfiguration.KeyStoreConfiguration and
SslConfiguration.KeyConfiguration applied retaining the trust store configuration. |
SslConfiguration |
withTrustStore(SslConfiguration.KeyStoreConfiguration configuration)
Create a new
SslConfiguration with trust store
configuration applied retaining the getKeyStoreConfiguration() key store}
configuration. |
public static final String PEM_KEYSTORE_TYPE
public static final String DEFAULT_KEYSTORE_TYPE
@Deprecated public SslConfiguration(Resource keyStore, @Nullable String keyStorePassword, Resource trustStore, @Nullable String trustStorePassword)
SslConfiguration(KeyStoreConfiguration, KeyStoreConfiguration)
to prevent
String
interning and retaining passwords represented as String longer from
GC than necessary.SslConfiguration
with the default KeyStore
type.keyStore
- the key store resource, must not be null.keyStorePassword
- the key store password.trustStore
- the trust store resource, must not be null.trustStorePassword
- the trust store password.public SslConfiguration(SslConfiguration.KeyStoreConfiguration keyStoreConfiguration, SslConfiguration.KeyStoreConfiguration trustStoreConfiguration)
SslConfiguration
.keyStoreConfiguration
- the key store configuration, must not be
null.trustStoreConfiguration
- the trust store configuration, must not be
null.public SslConfiguration(SslConfiguration.KeyStoreConfiguration keyStoreConfiguration, SslConfiguration.KeyConfiguration keyConfiguration, SslConfiguration.KeyStoreConfiguration trustStoreConfiguration, List<String> enabledProtocols, List<String> enabledCipherSuites)
SslConfiguration
.keyStoreConfiguration
- the key store configuration, must not be
null.trustStoreConfiguration
- the trust store configuration, must not be
null.enabledProtocols
- the enabled SSL protocols, elements must match protocol
version strings used by the enabled Java SSL provider. May be null to
indicate the SSL socket factory should use a default list of enabled protocol
versions.enabledCipherSuites
- the enabled SSL cipher suites, elements must match
cipher suite strings used by the enabled Java SSL provider. May be null
to indicate the SSL socket factory should use a default list of enabled cipher
suites.sun.security.ssl.ProtocolVersion
,
sun.security.ssl.CipherSuite
public SslConfiguration(SslConfiguration.KeyStoreConfiguration keyStoreConfiguration, SslConfiguration.KeyConfiguration keyConfiguration, SslConfiguration.KeyStoreConfiguration trustStoreConfiguration)
SslConfiguration
.keyStoreConfiguration
- the key store configuration, must not be
null.keyConfiguration
- the configuration for a specific key in
keyStoreConfiguration
to use.trustStoreConfiguration
- the trust store configuration, must not be
null.public SslConfiguration(SslConfiguration.KeyStoreConfiguration keyStoreConfiguration, SslConfiguration.KeyStoreConfiguration trustStoreConfiguration, List<String> enabledProtocols, List<String> enabledCipherSuites)
SslConfiguration
.keyStoreConfiguration
- the key store configuration, must not be
null.trustStoreConfiguration
- the trust store configuration, must not be
null.enabledProtocols
- the enabled SSL protocols, elements must match protocol
version strings used by the enabled Java SSL provider. May be null to
indicate the SSL socket factory should use a default list of enabled protocol
versions.enabledCipherSuites
- the enabled SSL cipher suites, elements must match
cipher suite strings used by the enabled Java SSL provider. May be null
to indicate the SSL socket factory should use a default list of enabled cipher
suites.sun.security.ssl.ProtocolVersion
,
sun.security.ssl.CipherSuite
@Deprecated public static SslConfiguration forTrustStore(Resource trustStore, @Nullable String trustStorePassword)
forTrustStore(Resource, char[])
to prevent
String
interning and retaining passwords represented as String longer from
GC than necessary.SslConfiguration
for the given trust store with the default
KeyStore
type.trustStore
- resource pointing to an existing trust store, must not be
null.trustStorePassword
- may be null.SslConfiguration
.KeyStore
public static SslConfiguration forTrustStore(Resource trustStore, @Nullable char[] trustStorePassword)
SslConfiguration
for the given trust store with the default
KeyStore
type.trustStore
- resource pointing to an existing trust store, must not be
null.trustStorePassword
- may be null.SslConfiguration
.KeyStore
public static SslConfiguration forTrustStore(SslConfiguration.KeyStoreConfiguration trustStore)
SslConfiguration
for the given trust store
.trustStore
- must not be null.SslConfiguration
with trust
store configuration
applied.KeyStore
@Deprecated public static SslConfiguration forKeyStore(Resource keyStore, @Nullable String keyStorePassword)
forKeyStore(Resource, char[])
to prevent
String
interning and retaining passwords represented as String longer from
GC than necessary.SslConfiguration
for the given key store with the default
KeyStore
type.keyStore
- resource pointing to an existing key store, must not be
null.keyStorePassword
- may be null.SslConfiguration
.KeyStore
public static SslConfiguration forKeyStore(Resource keyStore, @Nullable char[] keyStorePassword)
SslConfiguration
for the given key store with the default
KeyStore
type.keyStore
- resource pointing to an existing key store, must not be
null.keyStorePassword
- may be null.SslConfiguration
.KeyStore
public static SslConfiguration forKeyStore(SslConfiguration.KeyStoreConfiguration keyStore)
SslConfiguration
for the given key store
.keyStore
- resource pointing to an existing key store, must not be
null.SslConfiguration
.KeyStore
public static SslConfiguration forKeyStore(SslConfiguration.KeyStoreConfiguration keyStore, SslConfiguration.KeyConfiguration keyConfiguration)
keyStore
- resource pointing to an existing key store, must not be
null.keyConfiguration
- the configuration for a specific key in
keyStoreConfiguration
to use.SslConfiguration
.KeyStore
public static SslConfiguration forKeyStore(Resource keyStore, @Nullable char[] keyStorePassword, SslConfiguration.KeyConfiguration keyConfiguration)
SslConfiguration
for the given key store with the default
KeyStore
type.keyStore
- resource pointing to an existing key store, must not be
null.keyStorePassword
- may be null.keyConfiguration
- the configuration for a specific key in
keyStoreConfiguration
to use.SslConfiguration
.KeyStore
@Deprecated public SslConfiguration create(Resource keyStore, @Nullable String keyStorePassword, Resource trustStore, @Nullable String trustStorePassword)
create(Resource, char[], Resource, char[])
to
prevent String
interning and retaining passwords represented as String
longer from GC than necessary.SslConfiguration
for the given truststore with the default
KeyStore
type.keyStore
- resource pointing to an existing keystore, must not be
null.keyStorePassword
- may be null.trustStore
- resource pointing to an existing trust store, must not be
null.trustStorePassword
- may be null.SslConfiguration
.KeyStore
public static SslConfiguration create(Resource keyStore, @Nullable char[] keyStorePassword, Resource trustStore, @Nullable char[] trustStorePassword)
SslConfiguration
for the given truststore with the default
KeyStore
type.keyStore
- resource pointing to an existing keystore, must not be
null.keyStorePassword
- may be null.trustStore
- resource pointing to an existing trust store, must not be
null.trustStorePassword
- may be null.SslConfiguration
.KeyStore
public static SslConfiguration unconfigured()
SslConfiguration
instance.SslConfiguration
instance.public List<String> getEnabledProtocols()
public SslConfiguration withEnabledProtocols(String... enabledProtocols)
SslConfiguration
with the enabled protocol versions applied
retaining the other configuration from this instance.enabledProtocols
- must not be null.SslConfiguration
with the enabled protocol versions applied.sun.security.ssl.ProtocolVersion
public SslConfiguration withEnabledProtocols(List<String> enabledProtocols)
SslConfiguration
with the enabled protocol versions applied
retaining the other configuration from this instance.enabledProtocols
- must not be null.SslConfiguration
with the enabled protocol versions applied.sun.security.ssl.ProtocolVersion
public List<String> getEnabledCipherSuites()
public SslConfiguration withEnabledCipherSuites(String... enabledCipherSuites)
SslConfiguration
with the enabled cipher suites applied
retaining the other configuration from this instance.enabledCipherSuites
- must not be null.SslConfiguration
with the enabled cipher suites applied.sun.security.ssl.CipherSuite
public SslConfiguration withEnabledCipherSuites(List<String> enabledCipherSuites)
SslConfiguration
with the enabled cipher suites applied
retaining the other configuration from this instance.enabledCipherSuites
- must not be null.SslConfiguration
with the enabled cipher suites applied.sun.security.ssl.CipherSuite
public Resource getKeyStore()
key store
resource or null if
not configured.@Deprecated @Nullable public String getKeyStorePassword()
SslConfiguration.KeyStoreConfiguration.getStorePassword()
to
prevent String
interning and retaining passwords represented as String
longer from GC than necessary.public SslConfiguration.KeyStoreConfiguration getKeyStoreConfiguration()
public SslConfiguration.KeyConfiguration getKeyConfiguration()
public SslConfiguration withKeyStore(SslConfiguration.KeyStoreConfiguration configuration)
SslConfiguration
with SslConfiguration.KeyStoreConfiguration
applied
retaining the trust store
configuration.configuration
- must not be null.SslConfiguration
with SslConfiguration.KeyStoreConfiguration
applied.public SslConfiguration withKeyStore(SslConfiguration.KeyStoreConfiguration configuration, SslConfiguration.KeyConfiguration keyConfiguration)
SslConfiguration
with SslConfiguration.KeyStoreConfiguration
and
SslConfiguration.KeyConfiguration
applied retaining the trust store
configuration.configuration
- must not be null.keyConfiguration
- the configuration for a specific key in
keyStoreConfiguration
to use.SslConfiguration
with SslConfiguration.KeyStoreConfiguration
and
SslConfiguration.KeyConfiguration
applied.public Resource getTrustStore()
key store
resource or null if
not configured.@Deprecated @Nullable public String getTrustStorePassword()
SslConfiguration.KeyStoreConfiguration.getStorePassword()
to
prevent String
interning and retaining passwords represented as String
longer from GC than necessary.public SslConfiguration.KeyStoreConfiguration getTrustStoreConfiguration()
public SslConfiguration withTrustStore(SslConfiguration.KeyStoreConfiguration configuration)
SslConfiguration
with trust store
configuration
applied retaining the getKeyStoreConfiguration()
key store}
configuration.configuration
- must not be null.SslConfiguration
with trust
store configuration
applied.Copyright © 2016–2022 Pivotal Software, Inc.. All rights reserved.