Class SslConfiguration
java.lang.Object
org.springframework.vault.support.SslConfiguration
SSL configuration.
Provides configuration for a key store and trust store for TLS certificate verification. Key store and trust store may be left unconfigured if the JDK trust store contains all necessary certificates to verify TLS certificates. The key store is used for Client Certificate authentication.
- Author:
- Mark Paluch, Ryan Gow
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic classConfiguration for a key in a keystore.static classConfiguration for a key store/trust store. -
Field Summary
Fields -
Constructor Summary
ConstructorsConstructorDescriptionSslConfiguration(SslConfiguration.KeyStoreConfiguration keyStoreConfiguration, SslConfiguration.KeyConfiguration keyConfiguration, SslConfiguration.KeyStoreConfiguration trustStoreConfiguration) Create a newSslConfiguration.SslConfiguration(SslConfiguration.KeyStoreConfiguration keyStoreConfiguration, SslConfiguration.KeyConfiguration keyConfiguration, SslConfiguration.KeyStoreConfiguration trustStoreConfiguration, List<String> enabledProtocols, List<String> enabledCipherSuites) Create a newSslConfiguration.SslConfiguration(SslConfiguration.KeyStoreConfiguration keyStoreConfiguration, SslConfiguration.KeyStoreConfiguration trustStoreConfiguration) Create a newSslConfiguration.SslConfiguration(SslConfiguration.KeyStoreConfiguration keyStoreConfiguration, SslConfiguration.KeyStoreConfiguration trustStoreConfiguration, List<String> enabledProtocols, List<String> enabledCipherSuites) Create a newSslConfiguration. -
Method Summary
Modifier and TypeMethodDescriptionstatic SslConfigurationCreate a newSslConfigurationfor the given truststore with the defaultKeyStoretype.static SslConfigurationforKeyStore(Resource keyStore, char[] keyStorePassword) Create a newSslConfigurationfor the given key store with the defaultKeyStoretype.static SslConfigurationforKeyStore(Resource keyStore, char[] keyStorePassword, SslConfiguration.KeyConfiguration keyConfiguration) Create a newSslConfigurationfor the given key store with the defaultKeyStoretype.static SslConfigurationCreate a newSslConfigurationfor the givenkey store.static SslConfigurationforKeyStore(SslConfiguration.KeyStoreConfiguration keyStore, SslConfiguration.KeyConfiguration keyConfiguration) static SslConfigurationforTrustStore(Resource trustStore, char[] trustStorePassword) Create a newSslConfigurationfor the given trust store with the defaultKeyStoretype.static SslConfigurationforTrustStore(SslConfiguration.KeyStoreConfiguration trustStore) Create a newSslConfigurationfor the giventrust store.The list of SSL cipher suites that must be enabled.The list of SSL protocol versions that must be enabled.static SslConfigurationFactory method returning an unconfiguredSslConfigurationinstance.withEnabledCipherSuites(String... enabledCipherSuites) Create a newSslConfigurationwith the enabled cipher suites applied retaining the other configuration from this instance.withEnabledCipherSuites(List<String> enabledCipherSuites) Create a newSslConfigurationwith the enabled cipher suites applied retaining the other configuration from this instance.withEnabledProtocols(String... enabledProtocols) Create a newSslConfigurationwith the enabled protocol versions applied retaining the other configuration from this instance.withEnabledProtocols(List<String> enabledProtocols) Create a newSslConfigurationwith the enabled protocol versions applied retaining the other configuration from this instance.withKeyStore(SslConfiguration.KeyStoreConfiguration configuration) Create a newSslConfigurationwithSslConfiguration.KeyStoreConfigurationapplied retaining thetrust storeconfiguration.withKeyStore(SslConfiguration.KeyStoreConfiguration configuration, SslConfiguration.KeyConfiguration keyConfiguration) Create a newSslConfigurationwithSslConfiguration.KeyStoreConfigurationandSslConfiguration.KeyConfigurationapplied retaining thetrust storeconfiguration.withTrustStore(SslConfiguration.KeyStoreConfiguration configuration) Create a newSslConfigurationwithtrust store configurationapplied retaining thegetKeyStoreConfiguration()key store} configuration.
-
Field Details
-
PEM_KEYSTORE_TYPE
Constant for PEM-based keystore type.- Since:
- 2.3
- See Also:
-
DEFAULT_KEYSTORE_TYPE
Constant for system-default keystore type.- Since:
- 2.3
-
-
Constructor Details
-
SslConfiguration
public SslConfiguration(SslConfiguration.KeyStoreConfiguration keyStoreConfiguration, SslConfiguration.KeyStoreConfiguration trustStoreConfiguration) Create a newSslConfiguration.- Parameters:
keyStoreConfiguration- the key store configuration, must not be null.trustStoreConfiguration- the trust store configuration, must not be null.- Since:
- 1.1
-
SslConfiguration
public SslConfiguration(SslConfiguration.KeyStoreConfiguration keyStoreConfiguration, SslConfiguration.KeyConfiguration keyConfiguration, SslConfiguration.KeyStoreConfiguration trustStoreConfiguration, List<String> enabledProtocols, List<String> enabledCipherSuites) Create a newSslConfiguration.- Parameters:
keyStoreConfiguration- the key store configuration, must not be null.trustStoreConfiguration- the trust store configuration, must not be null.enabledProtocols- the enabled SSL protocols, elements must match protocol version strings used by the enabled Java SSL provider. May be null to indicate the SSL socket factory should use a default list of enabled protocol versions.enabledCipherSuites- the enabled SSL cipher suites, elements must match cipher suite strings used by the enabled Java SSL provider. May be null to indicate the SSL socket factory should use a default list of enabled cipher suites.- Since:
- 2.3.2
-
SslConfiguration
public SslConfiguration(SslConfiguration.KeyStoreConfiguration keyStoreConfiguration, SslConfiguration.KeyConfiguration keyConfiguration, SslConfiguration.KeyStoreConfiguration trustStoreConfiguration) Create a newSslConfiguration.- Parameters:
keyStoreConfiguration- the key store configuration, must not be null.keyConfiguration- the configuration for a specific key inkeyStoreConfigurationto use.trustStoreConfiguration- the trust store configuration, must not be null.- Since:
- 2.2
-
SslConfiguration
public SslConfiguration(SslConfiguration.KeyStoreConfiguration keyStoreConfiguration, SslConfiguration.KeyStoreConfiguration trustStoreConfiguration, List<String> enabledProtocols, List<String> enabledCipherSuites) Create a newSslConfiguration.- Parameters:
keyStoreConfiguration- the key store configuration, must not be null.trustStoreConfiguration- the trust store configuration, must not be null.enabledProtocols- the enabled SSL protocols, elements must match protocol version strings used by the enabled Java SSL provider. May be null to indicate the SSL socket factory should use a default list of enabled protocol versions.enabledCipherSuites- the enabled SSL cipher suites, elements must match cipher suite strings used by the enabled Java SSL provider. May be null to indicate the SSL socket factory should use a default list of enabled cipher suites.- Since:
- 2.3.2
-
-
Method Details
-
forTrustStore
public static SslConfiguration forTrustStore(Resource trustStore, @Nullable char[] trustStorePassword) Create a newSslConfigurationfor the given trust store with the defaultKeyStoretype.- Parameters:
trustStore- resource pointing to an existing trust store, must not be null.trustStorePassword- may be null.- Returns:
- the created
SslConfiguration. - See Also:
-
forTrustStore
Create a newSslConfigurationfor the giventrust store.- Parameters:
trustStore- must not be null.- Returns:
- a new
SslConfigurationwithtrust store configurationapplied. - Since:
- 2.2
- See Also:
-
forKeyStore
Create a newSslConfigurationfor the given key store with the defaultKeyStoretype.- Parameters:
keyStore- resource pointing to an existing key store, must not be null.keyStorePassword- may be null.- Returns:
- the created
SslConfiguration. - See Also:
-
forKeyStore
Create a newSslConfigurationfor the givenkey store.- Parameters:
keyStore- resource pointing to an existing key store, must not be null.- Returns:
- the created
SslConfiguration. - Since:
- 2.2
- See Also:
-
forKeyStore
public static SslConfiguration forKeyStore(SslConfiguration.KeyStoreConfiguration keyStore, SslConfiguration.KeyConfiguration keyConfiguration) - Parameters:
keyStore- resource pointing to an existing key store, must not be null.keyConfiguration- the configuration for a specific key inkeyStoreConfigurationto use.- Returns:
- the created
SslConfiguration. - Since:
- 2.2
- See Also:
-
forKeyStore
public static SslConfiguration forKeyStore(Resource keyStore, @Nullable char[] keyStorePassword, SslConfiguration.KeyConfiguration keyConfiguration) Create a newSslConfigurationfor the given key store with the defaultKeyStoretype.- Parameters:
keyStore- resource pointing to an existing key store, must not be null.keyStorePassword- may be null.keyConfiguration- the configuration for a specific key inkeyStoreConfigurationto use.- Returns:
- the created
SslConfiguration. - Since:
- 2.2
- See Also:
-
create
public static SslConfiguration create(Resource keyStore, @Nullable char[] keyStorePassword, Resource trustStore, @Nullable char[] trustStorePassword) Create a newSslConfigurationfor the given truststore with the defaultKeyStoretype.- Parameters:
keyStore- resource pointing to an existing keystore, must not be null.keyStorePassword- may be null.trustStore- resource pointing to an existing trust store, must not be null.trustStorePassword- may be null.- Returns:
- the created
SslConfiguration. - See Also:
-
unconfigured
Factory method returning an unconfiguredSslConfigurationinstance.- Returns:
- an unconfigured
SslConfigurationinstance. - Since:
- 2.0
-
getEnabledProtocols
The list of SSL protocol versions that must be enabled. A value of null indicates that the SSL socket factory should use a default list of enabled protocol versions.- Returns:
- the list of enabled SSL protocol versions.
- Since:
- 2.3.2
-
withEnabledProtocols
Create a newSslConfigurationwith the enabled protocol versions applied retaining the other configuration from this instance.- Parameters:
enabledProtocols- must not be null.- Returns:
- a new
SslConfigurationwith the enabled protocol versions applied. - Since:
- 2.3.2
-
withEnabledProtocols
Create a newSslConfigurationwith the enabled protocol versions applied retaining the other configuration from this instance.- Parameters:
enabledProtocols- must not be null.- Returns:
- a new
SslConfigurationwith the enabled protocol versions applied. - Since:
- 2.3.2
-
getEnabledCipherSuites
The list of SSL cipher suites that must be enabled. A value of null indicates that the SSL socket factory should use a default list of enabled cipher suites.- Returns:
- the list of enabled SSL cipher suites.
- Since:
- 2.3.2
-
withEnabledCipherSuites
Create a newSslConfigurationwith the enabled cipher suites applied retaining the other configuration from this instance.- Parameters:
enabledCipherSuites- must not be null.- Returns:
- a new
SslConfigurationwith the enabled cipher suites applied. - Since:
- 2.3.2
-
withEnabledCipherSuites
Create a newSslConfigurationwith the enabled cipher suites applied retaining the other configuration from this instance.- Parameters:
enabledCipherSuites- must not be null.- Returns:
- a new
SslConfigurationwith the enabled cipher suites applied. - Since:
- 2.3.2
-
getKeyStore
- Returns:
- the
key storeresource or null if not configured.
-
getKeyStoreConfiguration
- Returns:
- the key store configuration.
- Since:
- 1.1
-
getKeyConfiguration
- Returns:
- the key configuration.
- Since:
- 2.2
-
withKeyStore
Create a newSslConfigurationwithSslConfiguration.KeyStoreConfigurationapplied retaining thetrust storeconfiguration.- Parameters:
configuration- must not be null.- Returns:
- a new
SslConfigurationwithSslConfiguration.KeyStoreConfigurationapplied. - Since:
- 2.0
-
withKeyStore
public SslConfiguration withKeyStore(SslConfiguration.KeyStoreConfiguration configuration, SslConfiguration.KeyConfiguration keyConfiguration) Create a newSslConfigurationwithSslConfiguration.KeyStoreConfigurationandSslConfiguration.KeyConfigurationapplied retaining thetrust storeconfiguration.- Parameters:
configuration- must not be null.keyConfiguration- the configuration for a specific key inkeyStoreConfigurationto use.- Returns:
- a new
SslConfigurationwithSslConfiguration.KeyStoreConfigurationandSslConfiguration.KeyConfigurationapplied. - Since:
- 2.2
-
getTrustStore
- Returns:
- the
key storeresource or null if not configured.
-
getTrustStoreConfiguration
- Returns:
- the trust store configuration.
- Since:
- 1.1
-
withTrustStore
Create a newSslConfigurationwithtrust store configurationapplied retaining thegetKeyStoreConfiguration()key store} configuration.- Parameters:
configuration- must not be null.- Returns:
- a new
SslConfigurationwithtrust store configurationapplied. - Since:
- 2.0
-