java.lang.Object
io.jooby.SslOptions
- All Implemented Interfaces:
Closeable
,AutoCloseable
SSL options for enabling HTTPs in Jooby. Jooby supports two certificate formats:
- PKCS12 - X.509
Jooby doesn't support JKS format due it is a proprietary format, it favors the use of PKCS12 format.
- Since:
- 2.3.0
- Author:
- edgar
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic enum
The desired SSL client authentication mode for SSL channels in server mode. -
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
close()
static Optional<SslOptions>
from
(com.typesafe.config.Config conf) Get SSL options from application configuration.static Optional<SslOptions>
Get SSL options from application configuration.getCert()
A PKCS12 or X.509 certificate chain file in PEM format.The desired SSL client authentication mode for SSL channels in server mode.Certificate password.Private key file location.Specify the enabled protocols for an SSL/TLS session.static InputStream
getResource
(String path) Search for a resource at the given path.A PKCS12 or X.509 certificate chain file in PEM format.Trust certificate password.getType()
Certificate type.static SslOptions
Creates SSL options for PKCS12 certificate type.static SslOptions
Creates SSL options using a self-signed certificate using PKCS12.static SslOptions
selfSigned
(String type) Creates SSL options using a self-signed certificate.setCert
(InputStream cert) Set certificate path.setClientAuth
(SslOptions.ClientAuth clientAuth) Set desired SSL client authentication mode for SSL channels in server mode.setPassword
(String password) Certificate password.setPrivateKey
(InputStream privateKey) Set private key file location.setProtocol
(String... protocol) Specify the enabled protocols for an SSL/TLS session.setProtocol
(List<String> protocol) Specify the enabled protocols for an SSL/TLS session.setTrustCert
(InputStream trustCert) Set certificate path.setTrustPassword
(String password) Set trust certificate password.Set certificate type.toString()
static SslOptions
Creates SSL options for X.509 certificate type.static SslOptions
Creates SSL options for X.509 certificate type.
-
Field Details
-
TLS_V1_2
TLSv1.2. Default TLS protocol.- See Also:
-
TLS_V1_3
TLSv1.3 protocol. Available in: - 8u261-b12 from Oracle JDK - TLS 1.3 support in OpenJDK is (beside Azul's OpenJSSE) expected to come into 8u272. - Java 11.0.3 or higher.- See Also:
-
X509
X509 constant.- See Also:
-
PKCS12
PKCS12 constant.- See Also:
-
-
Constructor Details
-
SslOptions
public SslOptions()
-
-
Method Details
-
getType
Certificate type. Default isPKCS12
.- Returns:
- Certificate type. Default is
PKCS12
.
-
setType
Set certificate type.- Parameters:
type
- Certificate type.- Returns:
- Ssl options.
-
getCert
A PKCS12 or X.509 certificate chain file in PEM format. It can be an absolute path or a classpath resource. Required.- Returns:
- A PKCS12 or X.509 certificate chain file in PEM format. It can be an absolute path or a classpath resource. Required.
-
setCert
Set certificate path. A PKCS12 or X.509 certificate chain file in PEM format. It can be an absolute path or a classpath resource. Required.- Parameters:
cert
- Certificate path or location.- Returns:
- Ssl options.
-
getTrustCert
A PKCS12 or X.509 certificate chain file in PEM format. It can be an absolute path or a classpath resource. Required forSslOptions.ClientAuth.REQUIRED
orSslOptions.ClientAuth.REQUESTED
.- Returns:
- A PKCS12 or X.509 certificate chain file in PEM format. It can be an absolute path or a
classpath resource. Required for
SslOptions.ClientAuth.REQUIRED
orSslOptions.ClientAuth.REQUESTED
.
-
setTrustCert
Set certificate path. A PKCS12 or X.509 certificate chain file in PEM format. It can be an absolute path or a classpath resource. Required.- Parameters:
trustCert
- Certificate path or location.- Returns:
- Ssl options.
-
getTrustPassword
Trust certificate password. Optional.- Returns:
- Trust certificate password. Optional.
-
setTrustPassword
Set trust certificate password.- Parameters:
password
- Certificate password.- Returns:
- SSL options.
-
getPrivateKey
Private key file location. A PKCS#8 private key file in PEM format. It can be an absolute path or a classpath resource. Required when using X.509 certificates.- Returns:
- A PKCS#8 private key file in PEM format. It can be an absolute path or a classpath resource. Required when using X.509 certificates.
-
setPrivateKey
Set private key file location. A PKCS#8 private key file in PEM format. It can be an absolute path or a classpath resource. Required when using X.509 certificates.- Parameters:
privateKey
- Private key file location. A PKCS#8 private key file in PEM format. It can be an absolute path or a classpath resource. Required when using X.509 certificates.- Returns:
- Ssl options.
-
close
public void close()- Specified by:
close
in interfaceAutoCloseable
- Specified by:
close
in interfaceCloseable
-
setPassword
Certificate password.- Parameters:
password
- Certificate password.- Returns:
- SSL options.
-
getPassword
Certificate password.- Returns:
- Certificate password.
-
getResource
Search for a resource at the given path. This method uses the following order:- Look at file system for path as it is (absolute path) - Look at file system for path relative to current process dir - Look at class path for path
- Parameters:
path
- Path (file system path or classpath).- Returns:
- Resource.
-
getClientAuth
The desired SSL client authentication mode for SSL channels in server mode.Default is:
SslOptions.ClientAuth.REQUESTED
.- Returns:
- desired SSL client authentication mode for SSL channels in server mode.
-
setClientAuth
Set desired SSL client authentication mode for SSL channels in server mode.- Parameters:
clientAuth
- The desired SSL client authentication mode for SSL channels in server mode.- Returns:
- This options.
-
getProtocol
Specify the enabled protocols for an SSL/TLS session. Default is:TLSv1.2
andTLSv1.3
.If a listed protocol is not supported, it is ignored; however, if you specify a list of protocols, none of which are supported, an exception will be thrown.
Please note TLSv1.3 protocol is available in: - 8u261-b12 from Oracle JDK - TLS 1.3 support in OpenJDK is (beside Azul's OpenJSSE) expected to come into 8u272. - Java 11.0.3 or higher.
- Returns:
- TLS protocols. Default is:
TLSv1.2
andTLSv1.3
.
-
setProtocol
Specify the enabled protocols for an SSL/TLS session. If a listed protocol is not supported, it is ignored; however, if you specify a list of protocols, none of which are supported, an exception will be thrown.- Parameters:
protocol
- TLS protocols.- Returns:
- This options.
-
setProtocol
Specify the enabled protocols for an SSL/TLS session. If a listed protocol is not supported, it is ignored; however, if you specify a list of protocols, none of which are supported, an exception will be thrown.- Parameters:
protocol
- TLS protocols.- Returns:
- This options.
-
toString
-
x509
Creates SSL options for X.509 certificate type.- Parameters:
crt
- Certificate path or location.key
- Private key path or location.- Returns:
- New SSL options.
-
x509
@NonNull public static SslOptions x509(@NonNull String crt, @NonNull String key, @Nullable String password) Creates SSL options for X.509 certificate type.- Parameters:
crt
- Certificate path or location.key
- Private key path or location.password
- Password.- Returns:
- New SSL options.
-
pkcs12
Creates SSL options for PKCS12 certificate type.- Parameters:
crt
- Certificate path or location.password
- Password.- Returns:
- New SSL options.
-
selfSigned
Creates SSL options using a self-signed certificate using PKCS12. Useful for development. Certificate works forlocalhost
.- Returns:
- New SSL options.
-
selfSigned
Creates SSL options using a self-signed certificate. Useful for development. Certificate works forlocalhost
.- Parameters:
type
- Certificate type:PKCS12
orX509
.- Returns:
- New SSL options.
-
from
Get SSL options from application configuration. Configuration must be atserver.ssl
orssl
.PKCS12 example:
server { ssl { type: PKCS12 cert: mycertificate.crt password: mypassword } }
X509 example:server { ssl { type: X509 cert: mycertificate.crt key: mykey.key } }
- Parameters:
conf
- Application configuration.- Returns:
- SSl options or empty.
-
from
@NonNull public static Optional<SslOptions> from(@NonNull com.typesafe.config.Config conf, String... key) Get SSL options from application configuration. It looks for ssl options at the given path(s).PKCS12 example:
server { ssl { type: PKCS12 cert: mycertificate.crt password: mypassword } }
X509 example:server { ssl { type: X509 cert: mycertificate.crt key: mykey.key } }
- Parameters:
conf
- Application configuration.key
- Path to use for loading SSL options. Required.- Returns:
- SSl options or empty.
-