Package io.muserver

Class HttpsConfigBuilder

    • Field Detail

      • trustManager

        protected javax.net.ssl.TrustManager trustManager
        Only used by HttpsConfigBuilder
    • Constructor Detail

      • HttpsConfigBuilder

        public HttpsConfigBuilder()
    • Method Detail

      • withKeystoreType

        public HttpsConfigBuilder withKeystoreType​(java.lang.String keystoreType)
        The type of keystore, such as JKS, JCEKS, PKCS12, etc
        Parameters:
        keystoreType - The type of keystore to load
        Returns:
        This builder
      • withKeyPassword

        public HttpsConfigBuilder withKeyPassword​(java.lang.String keyPassword)
        The password to use to get the key from the keystore
        Parameters:
        keyPassword - The password
        Returns:
        This builder
      • withKeystorePassword

        public HttpsConfigBuilder withKeystorePassword​(java.lang.String keystorePassword)
        The password to use to access the keystore
        Parameters:
        keystorePassword - The password
        Returns:
        This builder
      • withKeyPassword

        public HttpsConfigBuilder withKeyPassword​(char[] keyPassword)
        The password to use to get the key from the keystore
        Parameters:
        keyPassword - The password
        Returns:
        This builder
      • withKeystorePassword

        public HttpsConfigBuilder withKeystorePassword​(char[] keystorePassword)
        The password to use to access the keystore
        Parameters:
        keystorePassword - The password
        Returns:
        This builder
      • setKeystoreBytes

        protected void setKeystoreBytes​(java.io.InputStream is,
                                        boolean closeAfter)
        Sets the keystore to use
        Parameters:
        is - The input stream of the keystore
        closeAfter - Whether or not this method should close the stream
      • withKeystore

        public HttpsConfigBuilder withKeystore​(java.io.InputStream keystoreStream)
        Loads a keystore from the given stream.

        Does not close the keystore afterwards.

        Parameters:
        keystoreStream - A stream to a keystore
        Returns:
        This builder
      • withKeystore

        public HttpsConfigBuilder withKeystore​(java.io.File file)
        Specifies the keystore to use
        Parameters:
        file - A file object pointing to the keystore
        Returns:
        This builder
      • withKeystore

        public HttpsConfigBuilder withKeystore​(java.security.KeyStore keystore,
                                               char[] password)
        Uses the given KeyStore for TLS.
        Parameters:
        keystore - The keystore to use
        password - The keystore password.
        Returns:
        This builder
      • withKeystoreFromClasspath

        public HttpsConfigBuilder withKeystoreFromClasspath​(java.lang.String classpath)
        Loads a keystore from the classpath
        Parameters:
        classpath - A path to load a keystore from, for example /mycert.p12
        Returns:
        This builder
      • withKeyManagerFactory

        public HttpsConfigBuilder withKeyManagerFactory​(javax.net.ssl.KeyManagerFactory keyManagerFactory)
        Sets the key manager factory to use for SSL.

        Note this is an alternative to setting a keystore directory.

        Parameters:
        keyManagerFactory - The key manager factory to use
        Returns:
        This builder
      • withCipherFilter

        public HttpsConfigBuilder withCipherFilter​(SSLCipherFilter cipherFilter)
        Sets a filter allowing you to specify which ciphers you would like to support.
        Parameters:
        cipherFilter - A Filter that takes all the supported ciphers, and all the default ciphers (normally the default will exclude insecure ciphers that technically could be supported) and returns a list of ciphers you want to use in your preferred order.
        Returns:
        This builder
      • withProtocols

        public HttpsConfigBuilder withProtocols​(java.lang.String... protocols)
        Sets the SSL/TLS protocols to use, for example "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3". The default is "TLSv1.2" and "TLSv1.3".

        Note that if the current JDK does not support a requested protocol then it will be ignored. If no requested protocols are available, then an exception will be started when this is built.

        Parameters:
        protocols - The protocols to use, or null to use the default.
        Returns:
        This builder.
      • withDefaultAlias

        public HttpsConfigBuilder withDefaultAlias​(java.lang.String certAlias)
        This option may be useful for cases where multiple certificates exist in a single keystore. For clients that support it, SNI will be used to pick the correct certificate, however if the SNI is not used then by default the first cert from the keystore will be picked. To override this default behaviour, you can specify the certificate to use here when SNI is not available.

        Note you do not need to set this if your keystore has only one certificate in it.

        Parameters:
        certAlias - The alias of the cert to pick when SNI isn't available, or null to allow an arbitrary cert to be picked (normally the first one).
        Returns:
        This builder
      • httpsConfig

        public static HttpsConfigBuilder httpsConfig()
        Returns:
        a new HttpsConfig builder
      • withClientCertificateTrustManager

        public HttpsConfigBuilder withClientCertificateTrustManager​(javax.net.ssl.TrustManager trustManager)
        Sets the trust manager that is used to validate client certificates.

        Setting the trust manager will make client certificates optional. The trust manager should contain the public keys of certificate authorities that you want to allow client certificates from. Certificates will be available for request handlers at HttpConnection.clientCertificate() (note that the connection of a request is available on MuRequest.connection()).

        Important note: if no certificate is set then the client certificate will be null. If an invalid certificate is sent then the TLS connection will be rejected.

        Parameters:
        trustManager - The trust manager to use to validate client certificates
        Returns:
        This builder.
      • unsignedLocalhost

        public static HttpsConfigBuilder unsignedLocalhost()
        Creates an SSL config builder that will serve HTTPS over a self-signed SSL cert for the localhost domain.

        As no clients should trust this cert, this should be used only for testing purposes.

        Returns:
        An HTTPS Config builder