public final class KeyConfig extends Object
Can be either built through a builder, or loaded from configuration.
Full configuration example (this class can be used to wrap either of: private key, public key, public key certificate, and certification chain, and a list of certificates):
# path to keystore (mandatory when loaded from config) keystore-path = "src/test/resources/keystore.p12" # Keystore type # PKCS12 or JKS # defaults to jdk default (PKCS12 for latest JDK) keystore-type = "JKS" # password of the keystore (optional, defaults to empty) keystore-passphrase = "password" # alias of the certificate to get public key from (mandatory if public key is needed or public cert is needed) cert-alias = "service_cert" # alias of the key to sign request (mandatory if private key is needed) key-alias = "myPrivateKey" # password of the private key (usually the same as keystore - that's how openssl does it) # also defaults to keystore-passphrase key-passphrase = "password" # certification chain - will add certificates from this cert chain cert-chain = "alias1" # path to PEM file with a private key. May be encrypted, though only with PCKS#8. To get the correct format (e.g. from # openssl generated encrypted private key), use the following command: # openssl pkcs8 -topk8 -in ./id_rsa -out ./id_rsa.p8 key-path = "path/to/private/key" # path to PEM file with certificate chain (may contain more than one certificate) cert-chain-path = "path/to/cert/chain/path"
| Modifier and Type | Class and Description |
|---|---|
static class |
KeyConfig.Builder
Fluent API builder for
KeyConfig. |
static class |
KeyConfig.KeystoreBuilder
Builder for resources from a java keystore (PKCS12, JKS etc.).
|
static class |
KeyConfig.PemBuilder
Builder for PEM files - accepts private key and certificate chain.
|
| Modifier and Type | Method and Description |
|---|---|
List<X509Certificate> |
certChain()
The X.509 Certificate Chain.
|
List<X509Certificate> |
certs()
The X.509 Certificates.
|
static KeyConfig |
create(io.helidon.config.Config config)
Load key config from config.
|
static KeyConfig.Builder |
fullBuilder()
Creates a new builder to configure instance.
|
static KeyConfig.KeystoreBuilder |
keystoreBuilder()
Build this instance from a java keystore (such as PKCS12 keystore).
|
static KeyConfig.PemBuilder |
pemBuilder()
Build this instance from PEM files (usually a pair of private key and certificate chain).
|
Optional<PrivateKey> |
privateKey()
The private key of this config if configured.
|
Optional<X509Certificate> |
publicCert()
The public X.509 Certificate if configured.
|
Optional<PublicKey> |
publicKey()
The public key of this config if configured.
|
public static KeyConfig create(io.helidon.config.Config config) throws PkiException
config - config instance located at keys configuration (expects "keystore-path" child)PkiException - when keys or certificates fail to load from keystore or when misconfiguredpublic static KeyConfig.Builder fullBuilder()
public static KeyConfig.PemBuilder pemBuilder()
KeyConfig.PemBuilder.build() to build the instance.
If you need to add additional information to KeyConfig, use KeyConfig.PemBuilder.toFullBuilder().public static KeyConfig.KeystoreBuilder keystoreBuilder()
KeyConfig.KeystoreBuilder.build() to build the instance.
If you need to add additional information to KeyConfig, use KeyConfig.PemBuilder.toFullBuilder().public Optional<PublicKey> publicKey()
public Optional<PrivateKey> privateKey()
public Optional<X509Certificate> publicCert()
public List<X509Certificate> certChain()
public List<X509Certificate> certs()
Copyright © 2018–2019 Oracle Corporation. All rights reserved.