Module io.helidon.common.tls
Package io.helidon.common.tls

Class ConfiguredTlsManager

java.lang.Object
io.helidon.common.tls.ConfiguredTlsManager
All Implemented Interfaces:
NamedService, TlsManager
public class ConfiguredTlsManager extends Object implements TlsManager
The default configured TlsManager implementation.

  • Constructor Details

    • ConfiguredTlsManager

      protected ConfiguredTlsManager(String name, String type)
      Configured tls manager constructor.
      Parameters:
      name - the manager name
      type - the manager type

  • Method Details

    • name

      public String name()
      Description copied from interface: NamedService
      Name of this implementation, as provided in ConfiguredProvider.create(Config, String).
      Specified by:
      name in interface NamedService
      Returns:
      name of this service

    • type

      public String type()
      Description copied from interface: NamedService
      Type of this implementation, to distinguish instances of same type, with different NamedService.name(). Use for example ConfiguredProvider.configKey() to define the type.
      Specified by:
      type in interface NamedService
      Returns:
      type of this service

    • sslContext

      public SSLContext sslContext()
      Description copied from interface: TlsManager
      SSL context created by this manager. This method is called only after TlsManager.init(TlsConfig) and only if TlsConfigBlueprint.enabled() is true.
      Specified by:
      sslContext in interface TlsManager
      Returns:
      the SSL context to use

    • init

      public void init(TlsConfig tlsConfig)
      Description copied from interface: TlsManager
      Always called before any other method on this type. This method is only called when TLS is enabled. In case the TLS is disabled, none of the methods on this type can be called.
      Specified by:
      init in interface TlsManager
      Parameters:
      tlsConfig - TLS configuration

    • reload

      public void reload(Tls tls)
      Description copied from interface: TlsManager
      This method will multiplex the call to all TlsReloadableComponents that are being managed by this manager.
      Specified by:
      reload in interface TlsManager
      Parameters:
      tls - the new tls instance
      See Also:

    • keyManager

      public Optional<X509KeyManager> keyManager()
      Description copied from interface: TlsManager
      The key manager in use.
      Specified by:
      keyManager in interface TlsManager
      Returns:
      key manager

    • trustManager

      public Optional<X509TrustManager> trustManager()
      Description copied from interface: TlsManager
      The trust manager in use.
      Specified by:
      trustManager in interface TlsManager
      Returns:
      trust manager

    • reload

      protected void reload(Optional<X509KeyManager> keyManager, Optional<X509TrustManager> trustManager)
      Reload the current SSL context with the provided key manager and trust manager (if defined).
      Parameters:
      keyManager - key manager to use
      trustManager - trust manager to use

    • initSslContext

      protected void initSslContext(TlsConfig tlsConfig, SecureRandom secureRandom, KeyManager[] keyManagers, TrustManager[] trustManagers)
      Initialize and set the SSLContext on this manager instance.
      Parameters:
      tlsConfig - the tls configuration
      secureRandom - the secure random
      keyManagers - the key managers
      trustManagers - the trust managers

    • secureRandom

      protected SecureRandom secureRandom(TlsConfig tlsConfig)
      Load secure random.
      Parameters:
      tlsConfig - TLS configuration
      Returns:
      secure random

    • buildKmf

      protected KeyManagerFactory buildKmf(TlsConfig target, SecureRandom secureRandom, PrivateKey privateKey, Certificate[] certificates)
      Build the key manager factory.
      Parameters:
      target - the tls configuration
      secureRandom - the secure random
      privateKey - the private key for the key store
      certificates - the certificates for the keystore
      Returns:
      a key manager factory instance

    • internalKeystore

      protected KeyStore internalKeystore(TlsConfig tlsConfig)
      Creates an internal keystore and loads it with no password and no data.
      Parameters:
      tlsConfig - TLS config
      Returns:
      a new keystore

    • createTmf

      protected TrustManagerFactory createTmf(TlsConfig tlsConfig)
      Create a new trust manager factory based on the configuration (i.e., the algorithm and provider).
      Parameters:
      tlsConfig - TLS config
      Returns:
      a new trust manager factory

    • initializeTmf

      protected void initializeTmf(TrustManagerFactory tmf, KeyStore keyStore, TlsConfig tlsConfig)
      Perform initialization of the TrustManagerFactory based on the provided TLS configuration.
      Parameters:
      tmf - trust manager factory to be initialized
      keyStore - keystore
      tlsConfig - tls configuration

    • trustAllTmf

      protected TrustManagerFactory trustAllTmf()
      Creates a trust all trust manager factory.
      Returns:
      a new trust manager factory trusting all