Class HttpsConfigBuilder
- java.lang.Object
-
- io.muserver.HttpsConfigBuilder
-
public class HttpsConfigBuilder extends java.lang.Object
A builder for specifying HTTPS config.To use HTTPS in your server, create an HTTPS Config builder and pass it to
MuServerBuilder.withHttpsConfig(HttpsConfigBuilder)
-
-
Field Summary
Fields Modifier and Type Field Description protected javax.net.ssl.TrustManager
trustManager
Only used by HttpsConfigBuilder
-
Constructor Summary
Constructors Constructor Description HttpsConfigBuilder()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static HttpsConfigBuilder
httpsConfig()
protected void
setKeystoreBytes(java.io.InputStream is, boolean closeAfter)
Sets the keystore to usestatic HttpsConfigBuilder
unsignedLocalhost()
Creates an SSL config builder that will serve HTTPS over a self-signed SSL cert for the localhost domain.HttpsConfigBuilder
withCipherFilter(SSLCipherFilter cipherFilter)
Sets a filter allowing you to specify which ciphers you would like to support.HttpsConfigBuilder
withClientCertificateTrustManager(javax.net.ssl.TrustManager trustManager)
Sets the trust manager that is used to validate client certificates.HttpsConfigBuilder
withDefaultAlias(java.lang.String certAlias)
This option may be useful for cases where multiple certificates exist in a single keystore.HttpsConfigBuilder
withKeyManagerFactory(javax.net.ssl.KeyManagerFactory keyManagerFactory)
Sets the key manager factory to use for SSL.HttpsConfigBuilder
withKeyPassword(char[] keyPassword)
The password to use to get the key from the keystoreHttpsConfigBuilder
withKeyPassword(java.lang.String keyPassword)
The password to use to get the key from the keystoreHttpsConfigBuilder
withKeystore(java.io.File file)
Specifies the keystore to useHttpsConfigBuilder
withKeystore(java.io.InputStream keystoreStream)
Loads a keystore from the given stream.HttpsConfigBuilder
withKeystore(java.security.KeyStore keystore, char[] password)
Uses the given KeyStore for TLS.HttpsConfigBuilder
withKeystoreFromClasspath(java.lang.String classpath)
Loads a keystore from the classpathHttpsConfigBuilder
withKeystorePassword(char[] keystorePassword)
The password to use to access the keystoreHttpsConfigBuilder
withKeystorePassword(java.lang.String keystorePassword)
The password to use to access the keystoreHttpsConfigBuilder
withKeystoreType(java.lang.String keystoreType)
The type of keystore, such as JKS, JCEKS, PKCS12, etcHttpsConfigBuilder
withProtocols(java.lang.String... protocols)
Sets the SSL/TLS protocols to use, for example "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3".
-
-
-
Method Detail
-
withKeystoreType
public HttpsConfigBuilder withKeystoreType(java.lang.String keystoreType)
The type of keystore, such as JKS, JCEKS, PKCS12, etc- Parameters:
keystoreType
- The type of keystore to load- Returns:
- This builder
-
withKeyPassword
public HttpsConfigBuilder withKeyPassword(java.lang.String keyPassword)
The password to use to get the key from the keystore- Parameters:
keyPassword
- The password- Returns:
- This builder
-
withKeystorePassword
public HttpsConfigBuilder withKeystorePassword(java.lang.String keystorePassword)
The password to use to access the keystore- Parameters:
keystorePassword
- The password- Returns:
- This builder
-
withKeyPassword
public HttpsConfigBuilder withKeyPassword(char[] keyPassword)
The password to use to get the key from the keystore- Parameters:
keyPassword
- The password- Returns:
- This builder
-
withKeystorePassword
public HttpsConfigBuilder withKeystorePassword(char[] keystorePassword)
The password to use to access the keystore- Parameters:
keystorePassword
- The password- Returns:
- This builder
-
setKeystoreBytes
protected void setKeystoreBytes(java.io.InputStream is, boolean closeAfter)
Sets the keystore to use- Parameters:
is
- The input stream of the keystorecloseAfter
- Whether or not this method should close the stream
-
withKeystore
public HttpsConfigBuilder withKeystore(java.io.InputStream keystoreStream)
Loads a keystore from the given stream.Does not close the keystore afterwards.
- Parameters:
keystoreStream
- A stream to a keystore- Returns:
- This builder
-
withKeystore
public HttpsConfigBuilder withKeystore(java.io.File file)
Specifies the keystore to use- Parameters:
file
- A file object pointing to the keystore- Returns:
- This builder
-
withKeystore
public HttpsConfigBuilder withKeystore(java.security.KeyStore keystore, char[] password)
Uses the given KeyStore for TLS.- Parameters:
keystore
- The keystore to usepassword
- The keystore password.- Returns:
- This builder
-
withKeystoreFromClasspath
public HttpsConfigBuilder withKeystoreFromClasspath(java.lang.String classpath)
Loads a keystore from the classpath- Parameters:
classpath
- A path to load a keystore from, for example/mycert.p12
- Returns:
- This builder
-
withKeyManagerFactory
public HttpsConfigBuilder withKeyManagerFactory(javax.net.ssl.KeyManagerFactory keyManagerFactory)
Sets the key manager factory to use for SSL.Note this is an alternative to setting a keystore directory.
- Parameters:
keyManagerFactory
- The key manager factory to use- Returns:
- This builder
-
withCipherFilter
public HttpsConfigBuilder withCipherFilter(SSLCipherFilter cipherFilter)
Sets a filter allowing you to specify which ciphers you would like to support.- Parameters:
cipherFilter
- A Filter that takes all the supported ciphers, and all the default ciphers (normally the default will exclude insecure ciphers that technically could be supported) and returns a list of ciphers you want to use in your preferred order.- Returns:
- This builder
-
withProtocols
public HttpsConfigBuilder withProtocols(java.lang.String... protocols)
Sets the SSL/TLS protocols to use, for example "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", "TLSv1.3". The default is "TLSv1.2" and "TLSv1.3".Note that if the current JDK does not support a requested protocol then it will be ignored. If no requested protocols are available, then an exception will be started when this is built.
- Parameters:
protocols
- The protocols to use, or null to use the default.- Returns:
- This builder.
-
withDefaultAlias
public HttpsConfigBuilder withDefaultAlias(java.lang.String certAlias)
This option may be useful for cases where multiple certificates exist in a single keystore. For clients that support it, SNI will be used to pick the correct certificate, however if the SNI is not used then by default the first cert from the keystore will be picked. To override this default behaviour, you can specify the certificate to use here when SNI is not available.Note you do not need to set this if your keystore has only one certificate in it.
- Parameters:
certAlias
- The alias of the cert to pick when SNI isn't available, or null to allow an arbitrary cert to be picked (normally the first one).- Returns:
- This builder
-
httpsConfig
public static HttpsConfigBuilder httpsConfig()
- Returns:
- a new HttpsConfig builder
-
withClientCertificateTrustManager
public HttpsConfigBuilder withClientCertificateTrustManager(javax.net.ssl.TrustManager trustManager)
Sets the trust manager that is used to validate client certificates.Setting the trust manager will make client certificates optional. The trust manager should contain the public keys of certificate authorities that you want to allow client certificates from. Certificates will be available for request handlers at
HttpConnection.clientCertificate()
(note that the connection of a request is available onMuRequest.connection()
).Important note: if no certificate is set then the client certificate will be
null
. If an invalid certificate is sent then the TLS connection will be rejected.- Parameters:
trustManager
- The trust manager to use to validate client certificates- Returns:
- This builder.
-
unsignedLocalhost
public static HttpsConfigBuilder unsignedLocalhost()
Creates an SSL config builder that will serve HTTPS over a self-signed SSL cert for the localhost domain.As no clients should trust this cert, this should be used only for testing purposes.
- Returns:
- An HTTPS Config builder
-
-