Module io.helidon.common.tls
Package io.helidon.common.tls

Interface TlsConfig

All Superinterfaces:
Prototype.Api, Prototype.Factory<Tls>
All Known Implementing Classes:
TlsConfig.BuilderBase.TlsConfigImpl
public interface TlsConfig extends Prototype.Api
Interface generated from definition. Please add javadoc to the definition interface.
See Also:

  • Field Details

  • Method Details

    • builder

      static TlsConfig.Builder builder()
      Create a new fluent API builder to customize configuration.
      Returns:
      a new builder

    • builder

      static TlsConfig.Builder builder(TlsConfig instance)
      Create a new fluent API builder from an existing instance.
      Parameters:
      instance - an existing instance used as a base for the builder
      Returns:
      a builder based on an instance

    • create

      static TlsConfig create(Config config)
      Create a new instance from configuration.
      Parameters:
      config - used to configure the new instance
      Returns:
      a new instance configured from configuration

    • create

      static TlsConfig create()
      Create a new instance with default values.
      Returns:
      a new instance

    • sslContext

      Optional<SSLContext> sslContext()
      Provide a fully configured SSLContext. If defined, context related configuration is ignored.
      Returns:
      SSL context to use

    • privateKey

      Optional<PrivateKey> privateKey()
      Private key to use. For server side TLS, this is required. For client side TLS, this is optional (used when mutual TLS is enabled).
      Returns:
      private key to use

    • privateKeyCertChain

      List<X509Certificate> privateKeyCertChain()
      Certificate chain of the private key.
      Returns:
      private key certificate chain, only used when private key is configured

    • trust

      List<X509Certificate> trust()
      List of certificates that form the trust manager.
      Returns:
      certificates to be trusted

    • manager

      TlsManager manager()
      The Tls manager. If one is not explicitly defined in the config then a default manager will be created.
      Returns:
      the tls manager of the tls instance
      See Also:

    • secureRandom

      Optional<SecureRandom> secureRandom()
      Explicit secure random to use.
      Returns:
      secure random to use

    • sslParameters

      Optional<SSLParameters> sslParameters()
      Configure SSL parameters. This will always have a value, as we compute ssl parameters in a builder interceptor from configured options.
      Returns:
      SSL parameters to use

    • secureRandomProvider

      Optional<String> secureRandomProvider()
      Provider to use when creating a new secure random. When defined, secureRandomAlgorithm() must be defined as well.
      Returns:
      provider to use, by default no provider is specified

    • secureRandomAlgorithm

      Optional<String> secureRandomAlgorithm()
      Algorithm to use when creating a new secure random.
      Returns:
      algorithm to use, by default uses SecureRandom constructor

    • keyManagerFactoryAlgorithm

      Optional<String> keyManagerFactoryAlgorithm()
      Algorithm of the key manager factory used when private key is defined. Defaults to KeyManagerFactory.getDefaultAlgorithm().
      Returns:
      algorithm to use

    • keyManagerFactoryProvider

      Optional<String> keyManagerFactoryProvider()
      Key manager factory provider.
      Returns:
      provider to use

    • trustManagerFactoryAlgorithm

      Optional<String> trustManagerFactoryAlgorithm()
      Trust manager factory algorithm.
      Returns:
      algorithm to use

    • trustManagerFactoryProvider

      Optional<String> trustManagerFactoryProvider()
      Trust manager factory provider to use.
      Returns:
      provider to use

    • applicationProtocols

      List<String> applicationProtocols()
      Configure list of supported application protocols (such as h2) for application layer protocol negotiation (ALPN).
      Returns:
      application protocols

    • endpointIdentificationAlgorithm

      String endpointIdentificationAlgorithm()
      Identification algorithm for SSL endpoints.
      Returns:
      configure endpoint identification algorithm, or set to NONE to disable endpoint identification (equivalent to hostname verification). Defaults to "HTTPS"

    • enabled

      boolean enabled()
      Flag indicating whether Tls is enabled.
      Returns:
      enabled flag

    • trustAll

      boolean trustAll()
      Trust any certificate provided by the other side of communication.

      This is a dangerous setting: if set to true, any certificate will be accepted, throwing away most of the security advantages of TLS. NEVER do this in production.

      Returns:
      whether to trust all certificates, do not use in production

    • clientAuth

      TlsClientAuth clientAuth()
      Configure requirement for mutual TLS.
      Returns:
      what type of mutual TLS to use, defaults to TlsClientAuth.NONE

    • protocol

      String protocol()
      Configure the protocol used to obtain an instance of SSLContext.
      Returns:
      protocol to use, defaults to "TLS"

    • provider

      Optional<String> provider()
      Use explicit provider to obtain an instance of SSLContext.
      Returns:
      provider to use, defaults to none (only protocol() is used by default)

    • enabledCipherSuites

      List<String> enabledCipherSuites()
      Enabled cipher suites for TLS communication.
      Returns:
      cipher suites to enable, by default (or if list is empty), all available cipher suites are enabled

    • enabledProtocols

      List<String> enabledProtocols()
      Enabled protocols for TLS communication. Example of valid values for TLS protocol: TLSv1.3, TLSv1.2
      Returns:
      protocols to enable, by default (or if list is empty), all available protocols are enabled

    • sessionCacheSize

      int sessionCacheSize()
      SSL session cache size.
      Returns:
      session cache size, defaults to 20480.

    • sessionTimeout

      Duration sessionTimeout()
      SSL session timeout.
      Returns:
      session timeout, defaults to "PT24H".

    • internalKeystoreType

      Optional<String> internalKeystoreType()
      Type of the key stores used internally to create a key and trust manager factories.
      Returns:
      keystore type, defaults to KeyStore.getDefaultType()

    • internalKeystoreProvider

      Optional<String> internalKeystoreProvider()
      Provider of the key stores used internally to create a key and trust manager factories.
      Returns:
      keystore provider, if not defined, provider is not specified

    • revocation

      Optional<RevocationConfig> revocation()
      Certificate revocation check configuration.
      Returns:
      certificate revocation configuration