Package org.kiwiproject.config
Class TlsContextConfiguration.TlsContextConfigurationBuilder
java.lang.Object
org.kiwiproject.config.TlsContextConfiguration.TlsContextConfigurationBuilder
- Enclosing class:
- TlsContextConfiguration
-
Method Summary
Modifier and TypeMethodDescriptionbuild()The alias of a specific client certificate to present when authenticating.disableSniHostCheck(boolean disableSniHostCheck) Whether the SNI (Server Name Indication) host check is disabled.keyStorePassword(String keyStorePassword) Key store password.keyStorePath(String keyStorePath) Absolute path to the key store.keyStoreProvider(String keyStoreProvider) The name of the provider for the key store, i.e., the value ofproviderto use when getting theKeyStoreinstance for the key store.keyStoreType(String keyStoreType) Key store type.The TLS/SSL protocol to use.The name of the JCE (Java Cryptography Extension) provider to use on the client side for cryptographic support (for example, SunJCE, Conscrypt, BC, etc.).supportedCiphers(List<String> supportedCiphers) A list of cipher suites (e.g., TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256) which are supported.supportedProtocols(List<String> supportedProtocols) List of supported protocols.toString()trustSelfSignedCertificates(boolean trustSelfSignedCertificates) Whether self-signed certificates should be trusted.trustStorePassword(String trustStorePassword) Trust store password.trustStorePath(String trustStorePath) Absolute path to the trust store.trustStoreProvider(String trustStoreProvider) The name of the provider for the trust store, i.e., the value ofproviderto use when getting theKeyStoreinstance for the trust store.trustStoreType(String trustStoreType) Trust store type.verifyHostname(boolean verifyHostname) Should host names be verified when establishing secure connections?
-
Method Details
-
protocol
The TLS/SSL protocol to use. Default isSSLContextProtocol.TLS_1_2.- Returns:
this.- See Also:
-
provider
The name of the JCE (Java Cryptography Extension) provider to use on the client side for cryptographic support (for example, SunJCE, Conscrypt, BC, etc.).For more details, see the "Java Cryptography Architecture (JCA) Reference Guide" section of the Java Security Developer’s Guide.
- Returns:
this.
-
keyStorePath
Absolute path to the key store.- Returns:
this.
-
keyStorePassword
public TlsContextConfiguration.TlsContextConfigurationBuilder keyStorePassword(String keyStorePassword) Key store password.- Returns:
this.
-
keyStoreType
Key store type. Defaults toKeyStoreType.JKS.- Returns:
this.- See Also:
-
keyStoreProvider
public TlsContextConfiguration.TlsContextConfigurationBuilder keyStoreProvider(String keyStoreProvider) The name of the provider for the key store, i.e., the value ofproviderto use when getting theKeyStoreinstance for the key store.For more details, see the "Java Cryptography Architecture (JCA) Reference Guide" section of the Java Security Developer’s Guide.
- Returns:
this.- See Also:
-
trustStorePath
Absolute path to the trust store.- Returns:
this.
-
trustStorePassword
public TlsContextConfiguration.TlsContextConfigurationBuilder trustStorePassword(String trustStorePassword) Trust store password.- Returns:
this.
-
trustStoreType
Trust store type. Defaults toKeyStoreType.JKS.- Returns:
this.- See Also:
-
trustStoreProvider
public TlsContextConfiguration.TlsContextConfigurationBuilder trustStoreProvider(String trustStoreProvider) The name of the provider for the trust store, i.e., the value ofproviderto use when getting theKeyStoreinstance for the trust store.For more details, see the "Java Cryptography Architecture (JCA) Reference Guide" section of the Java Security Developer’s Guide.
- Returns:
this.- See Also:
-
trustSelfSignedCertificates
public TlsContextConfiguration.TlsContextConfigurationBuilder trustSelfSignedCertificates(boolean trustSelfSignedCertificates) Whether self-signed certificates should be trusted. Default isfalse.- Returns:
this.
-
verifyHostname
public TlsContextConfiguration.TlsContextConfigurationBuilder verifyHostname(boolean verifyHostname) Should host names be verified when establishing secure connections? Default istrue.- Returns:
this.
-
disableSniHostCheck
public TlsContextConfiguration.TlsContextConfigurationBuilder disableSniHostCheck(boolean disableSniHostCheck) Whether the SNI (Server Name Indication) host check is disabled. Default isfalse- Returns:
this.- See Also:
-
supportedProtocols
public TlsContextConfiguration.TlsContextConfigurationBuilder supportedProtocols(List<String> supportedProtocols) List of supported protocols. It can benull. See the implementation note for why.- Returns:
this.- Implementation Note:
- Yes, this is null by default. This is due to the Dropwizard
TlsConfigurationwhich has this same property null by default; I suspect this is ultimately due to the (unfortunate) way in which Apache HttpClient'sSSLConnectionSocketFactoryacceptssupportedProtocolsin its constructors as arrays that are supposed to be null if you aren't specifying a specific list of them. The HttpClient code does an explicit null check on thesupportedProtocolsinSSLConnectionSocketFactory.createLayeredSocket(Socket, String, int, org.apache.hc.core5.http.protocol.HttpContext). You will need to look at the source code, as the JavaDoc doesn't mention this tidbit, nor do the constructors since they don't have any documentation regarding their arguments. If you don't like reading source code of the open-source tools you rely on, then please close this file, log out, and change careers.
-
supportedCiphers
public TlsContextConfiguration.TlsContextConfigurationBuilder supportedCiphers(List<String> supportedCiphers) A list of cipher suites (e.g., TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256) which are supported. All other cipher suites will be refused.Note that this can be
nullfor similar reason assupportedProtocols. See the implementation note onsupportedProtocols.- Returns:
this.
-
certAlias
The alias of a specific client certificate to present when authenticating. Use this when the specified keystore has multiple certificates to force use of a non-default certificate.- Returns:
this.
-
build
-
toString
-