Class SslConfiguration
java.lang.Object
org.springframework.vault.support.SslConfiguration
SSL configuration.
Provides configuration for a key store and trust store for TLS certificate verification. Key store and trust store may be left unconfigured if the JDK trust store contains all necessary certificates to verify TLS certificates. The key store is used for Client Certificate authentication.
- Author:
- Mark Paluch, Ryan Gow
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic classConfiguration for a key in a keystore.static classConfiguration for a key store/trust store. -
Field Summary
Fields -
Constructor Summary
ConstructorsConstructorDescriptionSslConfiguration(Resource keyStore, String keyStorePassword, Resource trustStore, String trustStorePassword) Deprecated.SslConfiguration(SslConfiguration.KeyStoreConfiguration keyStoreConfiguration, SslConfiguration.KeyConfiguration keyConfiguration, SslConfiguration.KeyStoreConfiguration trustStoreConfiguration) Create a newSslConfiguration.SslConfiguration(SslConfiguration.KeyStoreConfiguration keyStoreConfiguration, SslConfiguration.KeyConfiguration keyConfiguration, SslConfiguration.KeyStoreConfiguration trustStoreConfiguration, List<String> enabledProtocols, List<String> enabledCipherSuites) Create a newSslConfiguration.SslConfiguration(SslConfiguration.KeyStoreConfiguration keyStoreConfiguration, SslConfiguration.KeyStoreConfiguration trustStoreConfiguration) Create a newSslConfiguration.SslConfiguration(SslConfiguration.KeyStoreConfiguration keyStoreConfiguration, SslConfiguration.KeyStoreConfiguration trustStoreConfiguration, List<String> enabledProtocols, List<String> enabledCipherSuites) Create a newSslConfiguration. -
Method Summary
Modifier and TypeMethodDescriptionstatic SslConfigurationCreate a newSslConfigurationfor the given truststore with the defaultKeyStoretype.Deprecated.Since 1.1, usecreate(Resource, char[], Resource, char[])to preventStringinterning and retaining passwords represented as String longer from GC than necessary.static SslConfigurationforKeyStore(Resource keyStore, char[] keyStorePassword) Create a newSslConfigurationfor the given key store with the defaultKeyStoretype.static SslConfigurationforKeyStore(Resource keyStore, char[] keyStorePassword, SslConfiguration.KeyConfiguration keyConfiguration) Create a newSslConfigurationfor the given key store with the defaultKeyStoretype.static SslConfigurationforKeyStore(Resource keyStore, String keyStorePassword) Deprecated.Since 1.1, useforKeyStore(Resource, char[])to preventStringinterning and retaining passwords represented as String longer from GC than necessary.static SslConfigurationCreate a newSslConfigurationfor the givenkey store.static SslConfigurationforKeyStore(SslConfiguration.KeyStoreConfiguration keyStore, SslConfiguration.KeyConfiguration keyConfiguration) static SslConfigurationforTrustStore(Resource trustStore, char[] trustStorePassword) Create a newSslConfigurationfor the given trust store with the defaultKeyStoretype.static SslConfigurationforTrustStore(Resource trustStore, String trustStorePassword) Deprecated.Since 1.1, useforTrustStore(Resource, char[])to preventStringinterning and retaining passwords represented as String longer from GC than necessary.static SslConfigurationforTrustStore(SslConfiguration.KeyStoreConfiguration trustStore) Create a newSslConfigurationfor the giventrust store.The list of SSL cipher suites that must be enabled.The list of SSL protocol versions that must be enabled.static SslConfigurationFactory method returning an unconfiguredSslConfigurationinstance.withEnabledCipherSuites(String... enabledCipherSuites) Create a newSslConfigurationwith the enabled cipher suites applied retaining the other configuration from this instance.withEnabledCipherSuites(List<String> enabledCipherSuites) Create a newSslConfigurationwith the enabled cipher suites applied retaining the other configuration from this instance.withEnabledProtocols(String... enabledProtocols) Create a newSslConfigurationwith the enabled protocol versions applied retaining the other configuration from this instance.withEnabledProtocols(List<String> enabledProtocols) Create a newSslConfigurationwith the enabled protocol versions applied retaining the other configuration from this instance.withKeyStore(SslConfiguration.KeyStoreConfiguration configuration) Create a newSslConfigurationwithSslConfiguration.KeyStoreConfigurationapplied retaining thetrust storeconfiguration.withKeyStore(SslConfiguration.KeyStoreConfiguration configuration, SslConfiguration.KeyConfiguration keyConfiguration) Create a newSslConfigurationwithSslConfiguration.KeyStoreConfigurationandSslConfiguration.KeyConfigurationapplied retaining thetrust storeconfiguration.withTrustStore(SslConfiguration.KeyStoreConfiguration configuration) Create a newSslConfigurationwithtrust store configurationapplied retaining thegetKeyStoreConfiguration()key store} configuration.
-
Field Details
-
PEM_KEYSTORE_TYPE
Constant for PEM-based keystore type.- Since:
- 2.3
- See Also:
-
DEFAULT_KEYSTORE_TYPE
Constant for system-default keystore type.- Since:
- 2.3
-
-
Constructor Details
-
SslConfiguration
@Deprecated public SslConfiguration(Resource keyStore, @Nullable String keyStorePassword, Resource trustStore, @Nullable String trustStorePassword) Deprecated.Since 1.1, useSslConfiguration(KeyStoreConfiguration, KeyStoreConfiguration)to preventStringinterning and retaining passwords represented as String longer from GC than necessary.Create a newSslConfigurationwith the defaultKeyStoretype.- Parameters:
keyStore- the key store resource, must not be null.keyStorePassword- the key store password.trustStore- the trust store resource, must not be null.trustStorePassword- the trust store password.
-
SslConfiguration
public SslConfiguration(SslConfiguration.KeyStoreConfiguration keyStoreConfiguration, SslConfiguration.KeyStoreConfiguration trustStoreConfiguration) Create a newSslConfiguration.- Parameters:
keyStoreConfiguration- the key store configuration, must not be null.trustStoreConfiguration- the trust store configuration, must not be null.- Since:
- 1.1
-
SslConfiguration
public SslConfiguration(SslConfiguration.KeyStoreConfiguration keyStoreConfiguration, SslConfiguration.KeyConfiguration keyConfiguration, SslConfiguration.KeyStoreConfiguration trustStoreConfiguration, List<String> enabledProtocols, List<String> enabledCipherSuites) Create a newSslConfiguration.- Parameters:
keyStoreConfiguration- the key store configuration, must not be null.trustStoreConfiguration- the trust store configuration, must not be null.enabledProtocols- the enabled SSL protocols, elements must match protocol version strings used by the enabled Java SSL provider. May be null to indicate the SSL socket factory should use a default list of enabled protocol versions.enabledCipherSuites- the enabled SSL cipher suites, elements must match cipher suite strings used by the enabled Java SSL provider. May be null to indicate the SSL socket factory should use a default list of enabled cipher suites.- Since:
- 2.3.2
- See Also:
-
sun.security.ssl.ProtocolVersionsun.security.ssl.CipherSuite
-
SslConfiguration
public SslConfiguration(SslConfiguration.KeyStoreConfiguration keyStoreConfiguration, SslConfiguration.KeyConfiguration keyConfiguration, SslConfiguration.KeyStoreConfiguration trustStoreConfiguration) Create a newSslConfiguration.- Parameters:
keyStoreConfiguration- the key store configuration, must not be null.keyConfiguration- the configuration for a specific key inkeyStoreConfigurationto use.trustStoreConfiguration- the trust store configuration, must not be null.- Since:
- 2.2
-
SslConfiguration
public SslConfiguration(SslConfiguration.KeyStoreConfiguration keyStoreConfiguration, SslConfiguration.KeyStoreConfiguration trustStoreConfiguration, List<String> enabledProtocols, List<String> enabledCipherSuites) Create a newSslConfiguration.- Parameters:
keyStoreConfiguration- the key store configuration, must not be null.trustStoreConfiguration- the trust store configuration, must not be null.enabledProtocols- the enabled SSL protocols, elements must match protocol version strings used by the enabled Java SSL provider. May be null to indicate the SSL socket factory should use a default list of enabled protocol versions.enabledCipherSuites- the enabled SSL cipher suites, elements must match cipher suite strings used by the enabled Java SSL provider. May be null to indicate the SSL socket factory should use a default list of enabled cipher suites.- Since:
- 2.3.2
- See Also:
-
sun.security.ssl.ProtocolVersionsun.security.ssl.CipherSuite
-
-
Method Details
-
forTrustStore
@Deprecated public static SslConfiguration forTrustStore(Resource trustStore, @Nullable String trustStorePassword) Deprecated.Since 1.1, useforTrustStore(Resource, char[])to preventStringinterning and retaining passwords represented as String longer from GC than necessary.Create a newSslConfigurationfor the given trust store with the defaultKeyStoretype.- Parameters:
trustStore- resource pointing to an existing trust store, must not be null.trustStorePassword- may be null.- Returns:
- the created
SslConfiguration. - See Also:
-
forTrustStore
public static SslConfiguration forTrustStore(Resource trustStore, @Nullable char[] trustStorePassword) Create a newSslConfigurationfor the given trust store with the defaultKeyStoretype.- Parameters:
trustStore- resource pointing to an existing trust store, must not be null.trustStorePassword- may be null.- Returns:
- the created
SslConfiguration. - See Also:
-
forTrustStore
Create a newSslConfigurationfor the giventrust store.- Parameters:
trustStore- must not be null.- Returns:
- a new
SslConfigurationwithtrust store configurationapplied. - Since:
- 2.2
- See Also:
-
forKeyStore
@Deprecated public static SslConfiguration forKeyStore(Resource keyStore, @Nullable String keyStorePassword) Deprecated.Since 1.1, useforKeyStore(Resource, char[])to preventStringinterning and retaining passwords represented as String longer from GC than necessary.Create a newSslConfigurationfor the given key store with the defaultKeyStoretype.- Parameters:
keyStore- resource pointing to an existing key store, must not be null.keyStorePassword- may be null.- Returns:
- the created
SslConfiguration. - See Also:
-
forKeyStore
Create a newSslConfigurationfor the given key store with the defaultKeyStoretype.- Parameters:
keyStore- resource pointing to an existing key store, must not be null.keyStorePassword- may be null.- Returns:
- the created
SslConfiguration. - See Also:
-
forKeyStore
Create a newSslConfigurationfor the givenkey store.- Parameters:
keyStore- resource pointing to an existing key store, must not be null.- Returns:
- the created
SslConfiguration. - Since:
- 2.2
- See Also:
-
forKeyStore
public static SslConfiguration forKeyStore(SslConfiguration.KeyStoreConfiguration keyStore, SslConfiguration.KeyConfiguration keyConfiguration) - Parameters:
keyStore- resource pointing to an existing key store, must not be null.keyConfiguration- the configuration for a specific key inkeyStoreConfigurationto use.- Returns:
- the created
SslConfiguration. - Since:
- 2.2
- See Also:
-
forKeyStore
public static SslConfiguration forKeyStore(Resource keyStore, @Nullable char[] keyStorePassword, SslConfiguration.KeyConfiguration keyConfiguration) Create a newSslConfigurationfor the given key store with the defaultKeyStoretype.- Parameters:
keyStore- resource pointing to an existing key store, must not be null.keyStorePassword- may be null.keyConfiguration- the configuration for a specific key inkeyStoreConfigurationto use.- Returns:
- the created
SslConfiguration. - Since:
- 2.2
- See Also:
-
create
@Deprecated public SslConfiguration create(Resource keyStore, @Nullable String keyStorePassword, Resource trustStore, @Nullable String trustStorePassword) Deprecated.Since 1.1, usecreate(Resource, char[], Resource, char[])to preventStringinterning and retaining passwords represented as String longer from GC than necessary.Create a newSslConfigurationfor the given truststore with the defaultKeyStoretype.- Parameters:
keyStore- resource pointing to an existing keystore, must not be null.keyStorePassword- may be null.trustStore- resource pointing to an existing trust store, must not be null.trustStorePassword- may be null.- Returns:
- the created
SslConfiguration. - See Also:
-
create
public static SslConfiguration create(Resource keyStore, @Nullable char[] keyStorePassword, Resource trustStore, @Nullable char[] trustStorePassword) Create a newSslConfigurationfor the given truststore with the defaultKeyStoretype.- Parameters:
keyStore- resource pointing to an existing keystore, must not be null.keyStorePassword- may be null.trustStore- resource pointing to an existing trust store, must not be null.trustStorePassword- may be null.- Returns:
- the created
SslConfiguration. - See Also:
-
unconfigured
Factory method returning an unconfiguredSslConfigurationinstance.- Returns:
- an unconfigured
SslConfigurationinstance. - Since:
- 2.0
-
getEnabledProtocols
The list of SSL protocol versions that must be enabled. A value of null indicates that the SSL socket factory should use a default list of enabled protocol versions.- Returns:
- the list of enabled SSL protocol versions.
- Since:
- 2.3.2
-
withEnabledProtocols
Create a newSslConfigurationwith the enabled protocol versions applied retaining the other configuration from this instance.- Parameters:
enabledProtocols- must not be null.- Returns:
- a new
SslConfigurationwith the enabled protocol versions applied. - Since:
- 2.3.2
- See Also:
-
sun.security.ssl.ProtocolVersion
-
withEnabledProtocols
Create a newSslConfigurationwith the enabled protocol versions applied retaining the other configuration from this instance.- Parameters:
enabledProtocols- must not be null.- Returns:
- a new
SslConfigurationwith the enabled protocol versions applied. - Since:
- 2.3.2
- See Also:
-
sun.security.ssl.ProtocolVersion
-
getEnabledCipherSuites
The list of SSL cipher suites that must be enabled. A value of null indicates that the SSL socket factory should use a default list of enabled cipher suites.- Returns:
- the list of enabled SSL cipher suites.
- Since:
- 2.3.2
-
withEnabledCipherSuites
Create a newSslConfigurationwith the enabled cipher suites applied retaining the other configuration from this instance.- Parameters:
enabledCipherSuites- must not be null.- Returns:
- a new
SslConfigurationwith the enabled cipher suites applied. - Since:
- 2.3.2
- See Also:
-
sun.security.ssl.CipherSuite
-
withEnabledCipherSuites
Create a newSslConfigurationwith the enabled cipher suites applied retaining the other configuration from this instance.- Parameters:
enabledCipherSuites- must not be null.- Returns:
- a new
SslConfigurationwith the enabled cipher suites applied. - Since:
- 2.3.2
- See Also:
-
sun.security.ssl.CipherSuite
-
getKeyStore
- Returns:
- the
key storeresource or null if not configured.
-
getKeyStoreConfiguration
- Returns:
- the key store configuration.
- Since:
- 1.1
-
getKeyConfiguration
- Returns:
- the key configuration.
- Since:
- 2.2
-
withKeyStore
Create a newSslConfigurationwithSslConfiguration.KeyStoreConfigurationapplied retaining thetrust storeconfiguration.- Parameters:
configuration- must not be null.- Returns:
- a new
SslConfigurationwithSslConfiguration.KeyStoreConfigurationapplied. - Since:
- 2.0
-
withKeyStore
public SslConfiguration withKeyStore(SslConfiguration.KeyStoreConfiguration configuration, SslConfiguration.KeyConfiguration keyConfiguration) Create a newSslConfigurationwithSslConfiguration.KeyStoreConfigurationandSslConfiguration.KeyConfigurationapplied retaining thetrust storeconfiguration.- Parameters:
configuration- must not be null.keyConfiguration- the configuration for a specific key inkeyStoreConfigurationto use.- Returns:
- a new
SslConfigurationwithSslConfiguration.KeyStoreConfigurationandSslConfiguration.KeyConfigurationapplied. - Since:
- 2.2
-
getTrustStore
- Returns:
- the
key storeresource or null if not configured.
-
getTrustStoreConfiguration
- Returns:
- the trust store configuration.
- Since:
- 1.1
-
withTrustStore
Create a newSslConfigurationwithtrust store configurationapplied retaining thegetKeyStoreConfiguration()key store} configuration.- Parameters:
configuration- must not be null.- Returns:
- a new
SslConfigurationwithtrust store configurationapplied. - Since:
- 2.0
-
SslConfiguration(KeyStoreConfiguration, KeyStoreConfiguration)to preventStringinterning and retaining passwords represented as String longer from GC than necessary.