Class KeyConfig


  • public final class KeyConfig
    extends Object
    Configuration of keystore, certificates and keys. This class is not RSA specific, though it is tested with RSA keys only.

    Can be either built through a builder, or loaded from configuration.

    Full configuration example (this class can be used to wrap either of: private key, public key, public key certificate, and certification chain, and a list of certificates):

     # path to keystore (mandatory when loaded from config)
     keystore.resource.path = "src/test/resources/keystore.p12"
     # Keystore type
     # PKCS12 or JKS
     # defaults to jdk default (PKCS12 for latest JDK)
     keystore-type = "JKS"
     # password of the keystore (optional, defaults to empty)
     keystore-passphrase = "password"
     # alias of the certificate to get public key from (mandatory if public key is needed or public cert is needed)
     cert-alias = "service_cert"
     # alias of the key to sign request (mandatory if private key is needed)
     key-alias = "myPrivateKey"
     # password of the private key (usually the same as keystore - that's how openssl does it)
     # also defaults to keystore-passphrase
     key-passphrase = "password"
     # certification chain - will add certificates from this cert chain
     cert-chain = "alias1"
     # path to PEM file with a private key. May be encrypted, though only with PCKS#8. To get the correct format (e.g. from
     # openssl generated encrypted private key), use the following command:
     # openssl pkcs8 -topk8 -in ./id_rsa -out ./id_rsa.p8
     key-path = "path/to/private/key"
     # path to PEM file with certificate chain (may contain more than one certificate)
     cert-chain-path = "path/to/cert/chain/path"
     
    • Method Detail

      • create

        public static KeyConfig create​(Config config)
                                throws PkiException
        Load key config from config.
        Parameters:
        config - config instance located at keys configuration (expects "keystore-path" child)
        Returns:
        KeyConfig loaded from config
        Throws:
        PkiException - when keys or certificates fail to load from keystore or when misconfigured
      • fullBuilder

        public static KeyConfig.Builder fullBuilder()
        Creates a new builder to configure instance.
        Returns:
        builder instance
      • publicKey

        public Optional<PublicKey> publicKey()
        The public key of this config if configured.
        Returns:
        the public key of this config or empty if not configured
      • privateKey

        public Optional<PrivateKey> privateKey()
        The private key of this config if configured.
        Returns:
        the private key of this config or empty if not configured
      • publicCert

        public Optional<X509Certificate> publicCert()
        The public X.509 Certificate if configured.
        Returns:
        the public certificate of this config or empty if not configured
      • certChain

        public List<X509Certificate> certChain()
        The X.509 Certificate Chain.
        Returns:
        the certificate chain or empty list if not configured
      • certs

        public List<X509Certificate> certs()
        The X.509 Certificates.
        Returns:
        the certificates configured or empty list if none configured