Module io.helidon.common.pki
Package io.helidon.common.pki

Class KeyConfig

java.lang.Object
io.helidon.common.pki.KeyConfig
public final class KeyConfig extends Object
Configuration of keystore, certificates and keys. This class is not RSA specific, though it is tested with RSA keys only.

Can be either built through a builder, or loaded from configuration.

Full configuration example (this class can be used to wrap either of: private key, public key, public key certificate, and certification chain, and a list of certificates): 

 # path to keystore (mandatory when loaded from config)
 keystore.resource.path = "src/test/resources/keystore.p12"
 # Keystore type
 # PKCS12 or JKS
 # defaults to jdk default (PKCS12 for latest JDK)
 keystore-type = "JKS"
 # password of the keystore (optional, defaults to empty)
 keystore-passphrase = "password"
 # alias of the certificate to get public key from (mandatory if public key is needed or public cert is needed)
 cert-alias = "service_cert"
 # alias of the key to sign request (mandatory if private key is needed)
 key-alias = "myPrivateKey"
 # password of the private key (usually the same as keystore - that's how openssl does it)
 # also defaults to keystore-passphrase
 key-passphrase = "password"
 # certification chain - will add certificates from this cert chain
 cert-chain = "alias1"
 # path to PEM file with a private key. May be encrypted, though only with PCKS#8. To get the correct format (e.g. from
 # openssl generated encrypted private key), use the following command:
 # openssl pkcs8 -topk8 -in ./id_rsa -out ./id_rsa.p8
 key-path = "path/to/private/key"
 # path to PEM file with certificate chain (may contain more than one certificate)
 cert-chain-path = "path/to/cert/chain/path"

  • Method Details

    • create

      public static KeyConfig create(Config config) throws PkiException
      Load key config from config.
      Parameters:
      config - config instance located at keys configuration (expects "keystore-path" child)
      Returns:
      KeyConfig loaded from config
      Throws:
      PkiException - when keys or certificates fail to load from keystore or when misconfigured

    • fullBuilder

      public static KeyConfig.Builder fullBuilder()
      Creates a new builder to configure instance.
      Returns:
      builder instance

    • pemBuilder

      public static KeyConfig.PemBuilder pemBuilder()
      Build this instance from PEM files (usually a pair of private key and certificate chain). Call KeyConfig.PemBuilder.build() to build the instance. If you need to add additional information to KeyConfig, use KeyConfig.PemBuilder.toFullBuilder().
      Returns:
      builder for PEM files

    • keystoreBuilder

      public static KeyConfig.KeystoreBuilder keystoreBuilder()
      Build this instance from a java keystore (such as PKCS12 keystore). Call KeyConfig.KeystoreBuilder.build() to build the instance. If you need to add additional information to KeyConfig, use KeyConfig.PemBuilder.toFullBuilder().
      Returns:
      builder for Keystore

    • publicKey

      public Optional<PublicKey> publicKey()
      The public key of this config if configured.
      Returns:
      the public key of this config or empty if not configured

    • privateKey

      public Optional<PrivateKey> privateKey()
      The private key of this config if configured.
      Returns:
      the private key of this config or empty if not configured

    • publicCert

      public Optional<X509Certificate> publicCert()
      The public X.509 Certificate if configured.
      Returns:
      the public certificate of this config or empty if not configured

    • certChain

      public List<X509Certificate> certChain()
      The X.509 Certificate Chain.
      Returns:
      the certificate chain or empty list if not configured

    • certs

      public List<X509Certificate> certs()
      The X.509 Certificates.
      Returns:
      the certificates configured or empty list if none configured