Module io.helidon.common.tls
Package io.helidon.common.tls

Class TlsConfig.BuilderBase<BUILDER extends TlsConfig.BuilderBase<BUILDER,PROTOTYPE>,PROTOTYPE extends TlsConfig>

java.lang.Object
io.helidon.common.tls.TlsConfig.BuilderBase<BUILDER,PROTOTYPE>
Type Parameters:
BUILDER - type of the builder extending this abstract builder
PROTOTYPE - type of the prototype interface that would be built by Prototype.Builder.buildPrototype()
All Implemented Interfaces:
Prototype.Builder<BUILDER,PROTOTYPE>, Prototype.ConfiguredBuilder<BUILDER,PROTOTYPE>
Direct Known Subclasses:
TlsConfig.Builder
Enclosing interface:
TlsConfig
public abstract static class TlsConfig.BuilderBase<BUILDER extends TlsConfig.BuilderBase<BUILDER,PROTOTYPE>,PROTOTYPE extends TlsConfig> extends Object implements Prototype.ConfiguredBuilder<BUILDER,PROTOTYPE>
Fluent API builder base for Tls.

  • Constructor Details

    • BuilderBase

      protected BuilderBase()
      Protected to support extensibility.

  • Method Details

    • from

      public BUILDER from(TlsConfig prototype)
      Update this builder from an existing prototype instance. This method disables automatic service discovery.
      Parameters:
      prototype - existing prototype to update this builder from
      Returns:
      updated builder instance

    • from

      public BUILDER from(TlsConfig.BuilderBase<?,?> builder)
      Update this builder from an existing prototype builder instance.
      Parameters:
      builder - existing builder prototype to update this builder from
      Returns:
      updated builder instance

    • config

      public BUILDER config(Config config)
      Update builder from configuration (node of this type). If a value is present in configuration, it would override currently configured values.
      Specified by:
      config in interface Prototype.ConfiguredBuilder<BUILDER extends TlsConfig.BuilderBase<BUILDER,PROTOTYPE>,PROTOTYPE extends TlsConfig>
      Parameters:
      config - configuration instance used to obtain values to update this builder
      Returns:
      updated builder instance

    • clearSslContext

      public BUILDER clearSslContext()
      Clear existing value of this property.
      Returns:
      updated builder instance
      See Also:

    • sslContext

      public BUILDER sslContext(SSLContext sslContext)
      Provide a fully configured SSLContext. If defined, context related configuration is ignored.
      Parameters:
      sslContext - SSL context to use
      Returns:
      updated builder instance
      See Also:

    • clearPrivateKey

      public BUILDER clearPrivateKey()
      Clear existing value of this property.
      Returns:
      updated builder instance
      See Also:

    • privateKey

      public BUILDER privateKey(PrivateKey privateKey)
      Private key to use. For server side TLS, this is required. For client side TLS, this is optional (used when mutual TLS is enabled).
      Parameters:
      privateKey - private key to use
      Returns:
      updated builder instance
      See Also:

    • privateKey

      public BUILDER privateKey(Keys privateKeyConfig)
      Private key to use. For server side TLS, this is required. For client side TLS, this is optional (used when mutual TLS is enabled).
      Parameters:
      privateKeyConfig - private key to use
      Returns:
      updated builder instance
      See Also:

    • privateKey

      public BUILDER privateKey(Consumer<Keys.Builder> consumer)
      Private key to use. For server side TLS, this is required. For client side TLS, this is optional (used when mutual TLS is enabled).
      Parameters:
      consumer - private key to use
      Returns:
      updated builder instance
      See Also:

    • privateKeyCertChain

      public BUILDER privateKeyCertChain(List<? extends X509Certificate> privateKeyCertChain)
      Certificate chain of the private key.
      Parameters:
      privateKeyCertChain - private key certificate chain, only used when private key is configured
      Returns:
      updated builder instance
      See Also:

    • addPrivateKeyCertChain

      public BUILDER addPrivateKeyCertChain(List<? extends X509Certificate> privateKeyCertChain)
      Certificate chain of the private key.
      Parameters:
      privateKeyCertChain - private key certificate chain, only used when private key is configured
      Returns:
      updated builder instance
      See Also:

    • privateKeyCertChain

      public BUILDER privateKeyCertChain(Keys privateKeyCertChainConfig)
      Certificate chain of the private key.
      Parameters:
      privateKeyCertChainConfig - private key certificate chain, only used when private key is configured
      Returns:
      updated builder instance
      See Also:

    • addPrivateKeyCertChain

      public BUILDER addPrivateKeyCertChain(X509Certificate privateKeyCertChain)
      Certificate chain of the private key.
      Parameters:
      privateKeyCertChain - private key certificate chain, only used when private key is configured
      Returns:
      updated builder instance
      See Also:

    • privateKeyCertChain

      public BUILDER privateKeyCertChain(Consumer<Keys.Builder> consumer)
      Certificate chain of the private key.
      Parameters:
      consumer - private key certificate chain, only used when private key is configured
      Returns:
      updated builder instance
      See Also:

    • trust

      public BUILDER trust(List<? extends X509Certificate> trust)
      List of certificates that form the trust manager.
      Parameters:
      trust - certificates to be trusted
      Returns:
      updated builder instance
      See Also:

    • addTrust

      public BUILDER addTrust(List<? extends X509Certificate> trust)
      List of certificates that form the trust manager.
      Parameters:
      trust - certificates to be trusted
      Returns:
      updated builder instance
      See Also:

    • trust

      public BUILDER trust(Keys trustConfig)
      List of certificates that form the trust manager.
      Parameters:
      trustConfig - certificates to be trusted
      Returns:
      updated builder instance
      See Also:

    • addTrust

      public BUILDER addTrust(X509Certificate trust)
      List of certificates that form the trust manager.
      Parameters:
      trust - certificates to be trusted
      Returns:
      updated builder instance
      See Also:

    • trust

      public BUILDER trust(Consumer<Keys.Builder> consumer)
      List of certificates that form the trust manager.
      Parameters:
      consumer - certificates to be trusted
      Returns:
      updated builder instance
      See Also:

    • manager

      public BUILDER manager(TlsManager manager)
      The Tls manager. If one is not explicitly defined in the config then a default manager will be created.
      Parameters:
      manager - the tls manager of the tls instance
      Returns:
      updated builder instance
      See Also:

    • clearSecureRandom

      public BUILDER clearSecureRandom()
      Clear existing value of this property.
      Returns:
      updated builder instance
      See Also:

    • secureRandom

      public BUILDER secureRandom(SecureRandom secureRandom)
      Explicit secure random to use.
      Parameters:
      secureRandom - secure random to use
      Returns:
      updated builder instance
      See Also:

    • clearSslParameters

      public BUILDER clearSslParameters()
      Clear existing value of this property.
      Returns:
      updated builder instance
      See Also:

    • sslParameters

      public BUILDER sslParameters(SSLParameters sslParameters)
      Configure SSL parameters. This will always have a value, as we compute ssl parameters in a builder interceptor from configured options.
      Parameters:
      sslParameters - SSL parameters to use
      Returns:
      updated builder instance
      See Also:

    • clearSecureRandomProvider

      public BUILDER clearSecureRandomProvider()
      Clear existing value of this property.
      Returns:
      updated builder instance
      See Also:

    • secureRandomProvider

      public BUILDER secureRandomProvider(String secureRandomProvider)
      Provider to use when creating a new secure random. When defined, secureRandomAlgorithm() must be defined as well.
      Parameters:
      secureRandomProvider - provider to use, by default no provider is specified
      Returns:
      updated builder instance
      See Also:

    • clearSecureRandomAlgorithm

      public BUILDER clearSecureRandomAlgorithm()
      Clear existing value of this property.
      Returns:
      updated builder instance
      See Also:

    • secureRandomAlgorithm

      public BUILDER secureRandomAlgorithm(String secureRandomAlgorithm)
      Algorithm to use when creating a new secure random.
      Parameters:
      secureRandomAlgorithm - algorithm to use, by default uses SecureRandom constructor
      Returns:
      updated builder instance
      See Also:

    • clearKeyManagerFactoryAlgorithm

      public BUILDER clearKeyManagerFactoryAlgorithm()
      Clear existing value of this property.
      Returns:
      updated builder instance
      See Also:

    • keyManagerFactoryAlgorithm

      public BUILDER keyManagerFactoryAlgorithm(String keyManagerFactoryAlgorithm)
      Algorithm of the key manager factory used when private key is defined. Defaults to KeyManagerFactory.getDefaultAlgorithm().
      Parameters:
      keyManagerFactoryAlgorithm - algorithm to use
      Returns:
      updated builder instance
      See Also:

    • clearKeyManagerFactoryProvider

      public BUILDER clearKeyManagerFactoryProvider()
      Clear existing value of this property.
      Returns:
      updated builder instance
      See Also:

    • keyManagerFactoryProvider

      public BUILDER keyManagerFactoryProvider(String keyManagerFactoryProvider)
      Key manager factory provider.
      Parameters:
      keyManagerFactoryProvider - provider to use
      Returns:
      updated builder instance
      See Also:

    • clearTrustManagerFactoryAlgorithm

      public BUILDER clearTrustManagerFactoryAlgorithm()
      Clear existing value of this property.
      Returns:
      updated builder instance
      See Also:

    • trustManagerFactoryAlgorithm

      public BUILDER trustManagerFactoryAlgorithm(String trustManagerFactoryAlgorithm)
      Trust manager factory algorithm.
      Parameters:
      trustManagerFactoryAlgorithm - algorithm to use
      Returns:
      updated builder instance
      See Also:

    • clearTrustManagerFactoryProvider

      public BUILDER clearTrustManagerFactoryProvider()
      Clear existing value of this property.
      Returns:
      updated builder instance
      See Also:

    • trustManagerFactoryProvider

      public BUILDER trustManagerFactoryProvider(String trustManagerFactoryProvider)
      Trust manager factory provider to use.
      Parameters:
      trustManagerFactoryProvider - provider to use
      Returns:
      updated builder instance
      See Also:

    • applicationProtocols

      public BUILDER applicationProtocols(List<? extends String> applicationProtocols)
      Configure list of supported application protocols (such as h2) for application layer protocol negotiation (ALPN).
      Parameters:
      applicationProtocols - application protocols
      Returns:
      updated builder instance
      See Also:

    • addApplicationProtocols

      public BUILDER addApplicationProtocols(List<? extends String> applicationProtocols)
      Configure list of supported application protocols (such as h2) for application layer protocol negotiation (ALPN).
      Parameters:
      applicationProtocols - application protocols
      Returns:
      updated builder instance
      See Also:

    • addApplicationProtocol

      public BUILDER addApplicationProtocol(String applicationProtocol)
      Configure list of supported application protocols (such as h2) for application layer protocol negotiation (ALPN).
      Parameters:
      applicationProtocol - application protocols
      Returns:
      updated builder instance
      See Also:

    • endpointIdentificationAlgorithm

      public BUILDER endpointIdentificationAlgorithm(String endpointIdentificationAlgorithm)
      Identification algorithm for SSL endpoints.
      Parameters:
      endpointIdentificationAlgorithm - configure endpoint identification algorithm, or set to NONE to disable endpoint identification (equivalent to hostname verification). Defaults to "HTTPS"
      Returns:
      updated builder instance
      See Also:

    • enabled

      public BUILDER enabled(boolean enabled)
      Flag indicating whether Tls is enabled.
      Parameters:
      enabled - enabled flag
      Returns:
      updated builder instance
      See Also:

    • trustAll

      public BUILDER trustAll(boolean trustAll)
      Trust any certificate provided by the other side of communication.

      This is a dangerous setting: if set to true, any certificate will be accepted, throwing away most of the security advantages of TLS. NEVER do this in production.

      Parameters:
      trustAll - whether to trust all certificates, do not use in production
      Returns:
      updated builder instance
      See Also:

    • clientAuth

      public BUILDER clientAuth(TlsClientAuth clientAuth)
      Configure requirement for mutual TLS.
      Parameters:
      clientAuth - what type of mutual TLS to use, defaults to TlsClientAuth.NONE
      Returns:
      updated builder instance
      See Also:

    • protocol

      public BUILDER protocol(String protocol)
      Configure the protocol used to obtain an instance of SSLContext.
      Parameters:
      protocol - protocol to use, defaults to "TLS"
      Returns:
      updated builder instance
      See Also:

    • clearProvider

      public BUILDER clearProvider()
      Clear existing value of this property.
      Returns:
      updated builder instance
      See Also:

    • provider

      public BUILDER provider(String provider)
      Use explicit provider to obtain an instance of SSLContext.
      Parameters:
      provider - provider to use, defaults to none (only protocol() is used by default)
      Returns:
      updated builder instance
      See Also:

    • enabledCipherSuites

      public BUILDER enabledCipherSuites(List<? extends String> enabledCipherSuites)
      Enabled cipher suites for TLS communication.
      Parameters:
      enabledCipherSuites - cipher suits to enable, by default (or if list is empty), all available cipher suites are enabled
      Returns:
      updated builder instance
      See Also:

    • addEnabledCipherSuites

      public BUILDER addEnabledCipherSuites(List<? extends String> enabledCipherSuites)
      Enabled cipher suites for TLS communication.
      Parameters:
      enabledCipherSuites - cipher suits to enable, by default (or if list is empty), all available cipher suites are enabled
      Returns:
      updated builder instance
      See Also:

    • addEnabledCipherSuite

      public BUILDER addEnabledCipherSuite(String enabledCipherSuite)
      Enabled cipher suites for TLS communication.
      Parameters:
      enabledCipherSuite - cipher suits to enable, by default (or if list is empty), all available cipher suites are enabled
      Returns:
      updated builder instance
      See Also:

    • enabledProtocols

      public BUILDER enabledProtocols(List<? extends String> enabledProtocols)
      Enabled protocols for TLS communication. Example of valid values for TLS protocol: TLSv1.3, TLSv1.2
      Parameters:
      enabledProtocols - protocols to enable, by default (or if list is empty), all available protocols are enabled
      Returns:
      updated builder instance
      See Also:

    • addEnabledProtocols

      public BUILDER addEnabledProtocols(List<? extends String> enabledProtocols)
      Enabled protocols for TLS communication. Example of valid values for TLS protocol: TLSv1.3, TLSv1.2
      Parameters:
      enabledProtocols - protocols to enable, by default (or if list is empty), all available protocols are enabled
      Returns:
      updated builder instance
      See Also:

    • addEnabledProtocol

      public BUILDER addEnabledProtocol(String enabledProtocol)
      Enabled protocols for TLS communication. Example of valid values for TLS protocol: TLSv1.3, TLSv1.2
      Parameters:
      enabledProtocol - protocols to enable, by default (or if list is empty), all available protocols are enabled
      Returns:
      updated builder instance
      See Also:

    • sessionCacheSize

      public BUILDER sessionCacheSize(int sessionCacheSize)
      SSL session cache size.
      Parameters:
      sessionCacheSize - session cache size, defaults to 20480.
      Returns:
      updated builder instance
      See Also:

    • sessionTimeout

      public BUILDER sessionTimeout(Duration sessionTimeout)
      SSL session timeout.
      Parameters:
      sessionTimeout - session timeout, defaults to "PT24H".
      Returns:
      updated builder instance
      See Also:

    • clearInternalKeystoreType

      public BUILDER clearInternalKeystoreType()
      Clear existing value of this property.
      Returns:
      updated builder instance
      See Also:

    • internalKeystoreType

      public BUILDER internalKeystoreType(String internalKeystoreType)
      Type of the key stores used internally to create a key and trust manager factories.
      Parameters:
      internalKeystoreType - keystore type, defaults to KeyStore.getDefaultType()
      Returns:
      updated builder instance
      See Also:

    • clearInternalKeystoreProvider

      public BUILDER clearInternalKeystoreProvider()
      Clear existing value of this property.
      Returns:
      updated builder instance
      See Also:

    • internalKeystoreProvider

      public BUILDER internalKeystoreProvider(String internalKeystoreProvider)
      Provider of the key stores used internally to create a key and trust manager factories.
      Parameters:
      internalKeystoreProvider - keystore provider, if not defined, provider is not specified
      Returns:
      updated builder instance
      See Also:

    • clearRevocation

      public BUILDER clearRevocation()
      Clear existing value of this property.
      Returns:
      updated builder instance
      See Also:

    • revocation

      public BUILDER revocation(RevocationConfig revocation)
      Certificate revocation check configuration.
      Parameters:
      revocation - certificate revocation configuration
      Returns:
      updated builder instance
      See Also:

    • revocation

      public BUILDER revocation(Consumer<RevocationConfig.Builder> consumer)
      Certificate revocation check configuration.
      Parameters:
      consumer - certificate revocation configuration
      Returns:
      updated builder instance
      See Also:

    • sslContext

      public Optional<SSLContext> sslContext()
      Provide a fully configured SSLContext. If defined, context related configuration is ignored.
      Returns:
      the ssl context

    • privateKey

      public Optional<PrivateKey> privateKey()
      Private key to use. For server side TLS, this is required. For client side TLS, this is optional (used when mutual TLS is enabled).
      Returns:
      the private key

    • privateKeyCertChain

      public List<X509Certificate> privateKeyCertChain()
      Certificate chain of the private key.
      Returns:
      the private key cert chain

    • trust

      public List<X509Certificate> trust()
      List of certificates that form the trust manager.
      Returns:
      the trust

    • manager

      public Optional<TlsManager> manager()
      The Tls manager. If one is not explicitly defined in the config then a default manager will be created.
      Returns:
      the manager
      See Also:

    • secureRandom

      public Optional<SecureRandom> secureRandom()
      Explicit secure random to use.
      Returns:
      the secure random

    • sslParameters

      public Optional<SSLParameters> sslParameters()
      Configure SSL parameters. This will always have a value, as we compute ssl parameters in a builder interceptor from configured options.
      Returns:
      the ssl parameters

    • secureRandomProvider

      public Optional<String> secureRandomProvider()
      Provider to use when creating a new secure random. When defined, secureRandomAlgorithm() must be defined as well.
      Returns:
      the secure random provider

    • secureRandomAlgorithm

      public Optional<String> secureRandomAlgorithm()
      Algorithm to use when creating a new secure random.
      Returns:
      the secure random algorithm

    • keyManagerFactoryAlgorithm

      public Optional<String> keyManagerFactoryAlgorithm()
      Algorithm of the key manager factory used when private key is defined. Defaults to KeyManagerFactory.getDefaultAlgorithm().
      Returns:
      the key manager factory algorithm

    • keyManagerFactoryProvider

      public Optional<String> keyManagerFactoryProvider()
      Key manager factory provider.
      Returns:
      the key manager factory provider

    • trustManagerFactoryAlgorithm

      public Optional<String> trustManagerFactoryAlgorithm()
      Trust manager factory algorithm.
      Returns:
      the trust manager factory algorithm

    • trustManagerFactoryProvider

      public Optional<String> trustManagerFactoryProvider()
      Trust manager factory provider to use.
      Returns:
      the trust manager factory provider

    • applicationProtocols

      public List<String> applicationProtocols()
      Configure list of supported application protocols (such as h2) for application layer protocol negotiation (ALPN).
      Returns:
      the application protocols

    • endpointIdentificationAlgorithm

      public String endpointIdentificationAlgorithm()
      Identification algorithm for SSL endpoints.
      Returns:
      the endpoint identification algorithm

    • enabled

      public boolean enabled()
      Flag indicating whether Tls is enabled.
      Returns:
      the enabled

    • trustAll

      public boolean trustAll()
      Trust any certificate provided by the other side of communication.

      This is a dangerous setting: if set to true, any certificate will be accepted, throwing away most of the security advantages of TLS. NEVER do this in production.

      Returns:
      the trust all

    • clientAuth

      public TlsClientAuth clientAuth()
      Configure requirement for mutual TLS.
      Returns:
      the client auth

    • protocol

      public String protocol()
      Configure the protocol used to obtain an instance of SSLContext.
      Returns:
      the protocol

    • provider

      public Optional<String> provider()
      Use explicit provider to obtain an instance of SSLContext.
      Returns:
      the provider

    • enabledCipherSuites

      public List<String> enabledCipherSuites()
      Enabled cipher suites for TLS communication.
      Returns:
      the enabled cipher suites

    • enabledProtocols

      public List<String> enabledProtocols()
      Enabled protocols for TLS communication. Example of valid values for TLS protocol: TLSv1.3, TLSv1.2
      Returns:
      the enabled protocols

    • sessionCacheSize

      public int sessionCacheSize()
      SSL session cache size.
      Returns:
      the session cache size

    • sessionTimeout

      public Duration sessionTimeout()
      SSL session timeout.
      Returns:
      the session timeout

    • internalKeystoreType

      public Optional<String> internalKeystoreType()
      Type of the key stores used internally to create a key and trust manager factories.
      Returns:
      the internal keystore type

    • internalKeystoreProvider

      public Optional<String> internalKeystoreProvider()
      Provider of the key stores used internally to create a key and trust manager factories.
      Returns:
      the internal keystore provider

    • revocation

      public Optional<RevocationConfig> revocation()
      Certificate revocation check configuration.
      Returns:
      the revocation

    • config

      public Optional<Config> config()
      If this instance was configured, this would be the config instance used.
      Returns:
      config node used to configure this builder, or empty if not configured

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • preBuildPrototype

      protected void preBuildPrototype()
      Handles providers and decorators.

    • validatePrototype

      protected void validatePrototype()
      Validates required properties.