Module io.helidon.common.pki
Package io.helidon.common.pki

Class KeyConfig.PemBuilder

  • All Implemented Interfaces:
    Builder<KeyConfig>, Supplier<KeyConfig>
    Enclosing class:
    KeyConfig
    public static final class KeyConfig.PemBuilder
extends Object
implements Builder<KeyConfig>
    Builder for PEM files - accepts private key and certificate chain. Obtain an instance through KeyConfig.pemBuilder(). If you have "standard" linux/unix private key, you must run " openssl pkcs8 -topk8 -in ./id_rsa -out ./id_rsa.p8" on it to work with this builder for password protected file; or "openssl pkcs8 -topk8 -in ./id_rsa -out ./id_rsa_nocrypt.p8 -nocrypt" for unprotected file. The only supported format is PKCS#8. If you have a different format, you must to transform it to PKCS8 PEM format (to use this builder), or to PKCS#12 keystore format (and use KeyConfig.KeystoreBuilder).

    • Method Detail

      • key

        public KeyConfig.PemBuilder key​(Resource resource)
        Read a private key from PEM format from a resource definition.
        Parameters:
        resource - key resource (file, classpath, URL etc.)
        Returns:
        updated builder instance

      • publicKey

        public KeyConfig.PemBuilder publicKey​(Resource resource)
        Read a public key from PEM format from a resource definition.
        Parameters:
        resource - key resource (file, classpath, URL etc.)
        Returns:
        updated builder instance

      • keyPassphrase

        public KeyConfig.PemBuilder keyPassphrase​(char[] passphrase)
        Passphrase for private key. If the key is encrypted (and in PEM PKCS#8 format), this passphrase will be used to decrypt it.
        Parameters:
        passphrase - passphrase used to encrypt the private key
        Returns:
        updated builder instance

      • keyPassphrase

        public KeyConfig.PemBuilder keyPassphrase​(String passphrase)
        Passphrase for private key. If the key is encrypted (and in PEM PKCS#8 format), this passphrase will be used to decrypt it.
        Parameters:
        passphrase - passphrase used to encrypt the private key
        Returns:
        updated builder instance

      • certChain

        public KeyConfig.PemBuilder certChain​(Resource resource)
        Load certificate chain from PEM resource.
        Parameters:
        resource - resource (e.g. classpath, file path, URL etc.)
        Returns:
        updated builder instance

      • certificates

        public KeyConfig.PemBuilder certificates​(Resource resource)
        Read one or more certificates in PEM format from a resource definition. Used eg: in a trust store.
        Parameters:
        resource - key resource (file, classpath, URL etc.)
        Returns:
        updated builder instance

      • build

        public KeyConfig build()
        Build KeyConfig based on information from PEM files only.
        Specified by:
        build in interface Builder<KeyConfig>
        Returns:
        new instance configured from this builder

      • toFullBuilder

        public KeyConfig.Builder toFullBuilder()
        Get a builder filled from this builder to add additional information (such as public key from certificate etc.).
        Returns:
        builder for KeyConfig

      • config

        public KeyConfig.PemBuilder config​(Config config)
        Update this builder from configuration. Expected keys:
        • pem-key-path - path to PEM private key file (PKCS#8 format)
        • pem-key-resource-path - path to resource on classpath
        • pem-key-passphrase - passphrase of private key if encrypted
        • pem-cert-chain-path - path to certificate chain PEM file
        • pem-cert-chain-resource-path - path to resource on classpath
        Parameters:
        config - configuration to update builder from
        Returns:
        updated builder instance