Module io.jooby
Package io.jooby

Class SslOptions

java.lang.Object
io.jooby.SslOptions
All Implemented Interfaces:
Closeable, AutoCloseable

public final class SslOptions extends Object implements Closeable
SSL options for enabling HTTPs in Jooby. Jooby supports two certificate formats:

- PKCS12 - X.509

Jooby doesn't support JKS format due it is a proprietary format, it favors the use of PKCS12 format.

Since:
2.3.0
Author:
edgar
  • Field Details

  • Constructor Details

    • SslOptions

      public SslOptions()
  • Method Details

    • getType

      public String getType()
      Certificate type. Default is PKCS12.
      Returns:
      Certificate type. Default is PKCS12.
    • setType

      @NonNull public SslOptions setType(@NonNull String type)
      Set certificate type.
      Parameters:
      type - Certificate type.
      Returns:
      Ssl options.
    • getCert

      @NonNull public InputStream getCert()
      A PKCS12 or X.509 certificate chain file in PEM format. It can be an absolute path or a classpath resource. Required.
      Returns:
      A PKCS12 or X.509 certificate chain file in PEM format. It can be an absolute path or a classpath resource. Required.
    • setCert

      @NonNull public SslOptions setCert(@NonNull InputStream cert)
      Set certificate path. A PKCS12 or X.509 certificate chain file in PEM format. It can be an absolute path or a classpath resource. Required.
      Parameters:
      cert - Certificate path or location.
      Returns:
      Ssl options.
    • getTrustCert

      @Nullable public InputStream getTrustCert()
      A PKCS12 or X.509 certificate chain file in PEM format. It can be an absolute path or a classpath resource. Required for SslOptions.ClientAuth.REQUIRED or SslOptions.ClientAuth.REQUESTED.
      Returns:
      A PKCS12 or X.509 certificate chain file in PEM format. It can be an absolute path or a classpath resource. Required for SslOptions.ClientAuth.REQUIRED or SslOptions.ClientAuth.REQUESTED.
    • setTrustCert

      @NonNull public SslOptions setTrustCert(@Nullable InputStream trustCert)
      Set certificate path. A PKCS12 or X.509 certificate chain file in PEM format. It can be an absolute path or a classpath resource. Required.
      Parameters:
      trustCert - Certificate path or location.
      Returns:
      Ssl options.
    • getTrustPassword

      @Nullable public String getTrustPassword()
      Trust certificate password. Optional.
      Returns:
      Trust certificate password. Optional.
    • setTrustPassword

      @NonNull public SslOptions setTrustPassword(@Nullable String password)
      Set trust certificate password.
      Parameters:
      password - Certificate password.
      Returns:
      SSL options.
    • getPrivateKey

      @Nullable public InputStream getPrivateKey()
      Private key file location. A PKCS#8 private key file in PEM format. It can be an absolute path or a classpath resource. Required when using X.509 certificates.
      Returns:
      A PKCS#8 private key file in PEM format. It can be an absolute path or a classpath resource. Required when using X.509 certificates.
    • setPrivateKey

      @NonNull public SslOptions setPrivateKey(@Nullable InputStream privateKey)
      Set private key file location. A PKCS#8 private key file in PEM format. It can be an absolute path or a classpath resource. Required when using X.509 certificates.
      Parameters:
      privateKey - Private key file location. A PKCS#8 private key file in PEM format. It can be an absolute path or a classpath resource. Required when using X.509 certificates.
      Returns:
      Ssl options.
    • close

      public void close()
      Specified by:
      close in interface AutoCloseable
      Specified by:
      close in interface Closeable
    • setPassword

      @NonNull public SslOptions setPassword(@Nullable String password)
      Certificate password.
      Parameters:
      password - Certificate password.
      Returns:
      SSL options.
    • getPassword

      @Nullable public String getPassword()
      Certificate password.
      Returns:
      Certificate password.
    • getResource

      @NonNull public static InputStream getResource(@NonNull String path)
      Search for a resource at the given path. This method uses the following order:

      - Look at file system for path as it is (absolute path) - Look at file system for path relative to current process dir - Look at class path for path

      Parameters:
      path - Path (file system path or classpath).
      Returns:
      Resource.
    • getClientAuth

      @NonNull public SslOptions.ClientAuth getClientAuth()
      The desired SSL client authentication mode for SSL channels in server mode.

      Default is: SslOptions.ClientAuth.REQUESTED.

      Returns:
      desired SSL client authentication mode for SSL channels in server mode.
    • setClientAuth

      @NonNull public SslOptions setClientAuth(@NonNull SslOptions.ClientAuth clientAuth)
      Set desired SSL client authentication mode for SSL channels in server mode.
      Parameters:
      clientAuth - The desired SSL client authentication mode for SSL channels in server mode.
      Returns:
      This options.
    • getProtocol

      @NonNull public List<String> getProtocol()
      Specify the enabled protocols for an SSL/TLS session. Default is: TLSv1.2 and TLSv1.3.

      If a listed protocol is not supported, it is ignored; however, if you specify a list of protocols, none of which are supported, an exception will be thrown.

      Please note TLSv1.3 protocol is available in: - 8u261-b12 from Oracle JDK - TLS 1.3 support in OpenJDK is (beside Azul's OpenJSSE) expected to come into 8u272. - Java 11.0.3 or higher.

      Returns:
      TLS protocols. Default is: TLSv1.2 and TLSv1.3.
    • setProtocol

      @NonNull public SslOptions setProtocol(@NonNull String... protocol)
      Specify the enabled protocols for an SSL/TLS session. If a listed protocol is not supported, it is ignored; however, if you specify a list of protocols, none of which are supported, an exception will be thrown.
      Parameters:
      protocol - TLS protocols.
      Returns:
      This options.
    • setProtocol

      @NonNull public SslOptions setProtocol(@NonNull List<String> protocol)
      Specify the enabled protocols for an SSL/TLS session. If a listed protocol is not supported, it is ignored; however, if you specify a list of protocols, none of which are supported, an exception will be thrown.
      Parameters:
      protocol - TLS protocols.
      Returns:
      This options.
    • toString

      public String toString()
      Overrides:
      toString in class Object
    • x509

      @NonNull public static SslOptions x509(@NonNull String crt, @NonNull String key)
      Creates SSL options for X.509 certificate type.
      Parameters:
      crt - Certificate path or location.
      key - Private key path or location.
      Returns:
      New SSL options.
    • x509

      @NonNull public static SslOptions x509(@NonNull String crt, @NonNull String key, @Nullable String password)
      Creates SSL options for X.509 certificate type.
      Parameters:
      crt - Certificate path or location.
      key - Private key path or location.
      password - Password.
      Returns:
      New SSL options.
    • pkcs12

      public static SslOptions pkcs12(@NonNull String crt, @NonNull String password)
      Creates SSL options for PKCS12 certificate type.
      Parameters:
      crt - Certificate path or location.
      password - Password.
      Returns:
      New SSL options.
    • selfSigned

      public static SslOptions selfSigned()
      Creates SSL options using a self-signed certificate using PKCS12. Useful for development. Certificate works for localhost.
      Returns:
      New SSL options.
    • selfSigned

      public static SslOptions selfSigned(String type)
      Creates SSL options using a self-signed certificate. Useful for development. Certificate works for localhost.
      Parameters:
      type - Certificate type: PKCS12 or X509.
      Returns:
      New SSL options.
    • from

      @NonNull public static Optional<SslOptions> from(@NonNull com.typesafe.config.Config conf)
      Get SSL options from application configuration. Configuration must be at server.ssl or ssl.

      PKCS12 example:

         server {
           ssl {
             type: PKCS12
             cert: mycertificate.crt
             password: mypassword
           }
         }
       
      X509 example:
         server {
           ssl {
             type: X509
             cert: mycertificate.crt
             key: mykey.key
           }
         }
       
      Parameters:
      conf - Application configuration.
      Returns:
      SSl options or empty.
    • from

      @NonNull public static Optional<SslOptions> from(@NonNull com.typesafe.config.Config conf, String... key)
      Get SSL options from application configuration. It looks for ssl options at the given path(s).

      PKCS12 example:

         server {
           ssl {
             type: PKCS12
             cert: mycertificate.crt
             password: mypassword
           }
         }
       
      X509 example:
         server {
           ssl {
             type: X509
             cert: mycertificate.crt
             key: mykey.key
           }
         }
       
      Parameters:
      conf - Application configuration.
      key - Path to use for loading SSL options. Required.
      Returns:
      SSl options or empty.