Module io.helidon.common.pki
Package io.helidon.common.pki

Class KeyConfig.PemBuilder

java.lang.Object
io.helidon.common.pki.KeyConfig.PemBuilder
All Implemented Interfaces:
io.helidon.common.Builder<KeyConfig.Builder,KeyConfig>, Supplier<KeyConfig>
Enclosing class:
KeyConfig
public static final class KeyConfig.PemBuilder extends Object implements io.helidon.common.Builder<KeyConfig.Builder,KeyConfig>
Builder for PEM files - accepts private key and certificate chain. Obtain an instance through KeyConfig.pemBuilder(). If you have "standard" linux/unix private key, you must run " openssl pkcs8 -topk8 -in ./id_rsa -out ./id_rsa.p8" on it to work with this builder for password protected file; or "openssl pkcs8 -topk8 -in ./id_rsa -out ./id_rsa_nocrypt.p8 -nocrypt" for unprotected file. The only supported format is PKCS#8. If you have a different format, you must to transform it to PKCS8 PEM format (to use this builder), or to PKCS#12 keystore format (and use KeyConfig.KeystoreBuilder).

  • Method Details

    • key

      public KeyConfig.PemBuilder key(Resource resource)
      Read a private key from PEM format from a resource definition.
      Parameters:
      resource - key resource (file, classpath, URL etc.)
      Returns:
      updated builder instance

    • publicKey

      public KeyConfig.PemBuilder publicKey(Resource resource)
      Read a public key from PEM format from a resource definition.
      Parameters:
      resource - key resource (file, classpath, URL etc.)
      Returns:
      updated builder instance

    • keyPassphrase

      public KeyConfig.PemBuilder keyPassphrase(char[] passphrase)
      Passphrase for private key. If the key is encrypted (and in PEM PKCS#8 format), this passphrase will be used to decrypt it.
      Parameters:
      passphrase - passphrase used to encrypt the private key
      Returns:
      updated builder instance

    • keyPassphrase

      public KeyConfig.PemBuilder keyPassphrase(String passphrase)
      Passphrase for private key. If the key is encrypted (and in PEM PKCS#8 format), this passphrase will be used to decrypt it.
      Parameters:
      passphrase - passphrase used to encrypt the private key
      Returns:
      updated builder instance

    • certChain

      public KeyConfig.PemBuilder certChain(Resource resource)
      Load certificate chain from PEM resource.
      Parameters:
      resource - resource (e.g. classpath, file path, URL etc.)
      Returns:
      updated builder instance

    • certificates

      public KeyConfig.PemBuilder certificates(Resource resource)
      Read one or more certificates in PEM format from a resource definition. Used eg: in a trust store.
      Parameters:
      resource - key resource (file, classpath, URL etc.)
      Returns:
      updated builder instance

    • build

      public KeyConfig build()
      Build KeyConfig based on information from PEM files only.
      Specified by:
      build in interface io.helidon.common.Builder<KeyConfig.Builder,KeyConfig>
      Returns:
      new instance configured from this builder

    • toFullBuilder

      public KeyConfig.Builder toFullBuilder()
      Get a builder filled from this builder to add additional information (such as public key from certificate etc.).
      Returns:
      builder for KeyConfig

    • config

      public KeyConfig.PemBuilder config(io.helidon.config.Config config)
      Update this builder from configuration. Expected keys:
      • pem-key-path - path to PEM private key file (PKCS#8 format)
      • pem-key-resource-path - path to resource on classpath
      • pem-key-passphrase - passphrase of private key if encrypted
      • pem-cert-chain-path - path to certificate chain PEM file
      • pem-cert-chain-resource-path - path to resource on classpath
      Parameters:
      config - configuration to update builder from
      Returns:
      updated builder instance