Module io.helidon.nima.common.tls
Package io.helidon.nima.common.tls

Class Tls.Builder

java.lang.Object
io.helidon.nima.common.tls.Tls.Builder
All Implemented Interfaces:
Builder<Tls.Builder,Tls>, Supplier<Tls>
Enclosing class:
Tls
public static class Tls.Builder extends Object implements Builder<Tls.Builder,Tls>
Fluent API builder for Tls.

  • Method Details

    • build

      public Tls build()
      Description copied from interface: Builder
      Build the instance from this builder.
      Specified by:
      build in interface Builder<Tls.Builder,Tls>
      Returns:
      instance of the built type

    • protocol

      public Tls.Builder protocol(String protocol)
      Configure the protocol used to obtain an instance of SSLContext.
      Parameters:
      protocol - protocol to use, defaults to "TLS"
      Returns:
      updated builder

    • provider

      public Tls.Builder provider(String provider)
      Use explicit provider to obtain an instance of SSLContext.
      Parameters:
      provider - provider to use, defaults to none (only protocol(String) is used by default)
      Returns:
      updated builder

    • sessionTimeout

      public Tls.Builder sessionTimeout(Duration sessionTimeout)
      SSL session timeout.
      Parameters:
      sessionTimeout - session timeout, defaults to 30 minutes
      Returns:
      updated builder

    • sessionCacheSize

      public Tls.Builder sessionCacheSize(int sessionCacheSize)
      SSL session cache size.
      Parameters:
      sessionCacheSize - session cache size, defaults to 1024
      Returns:
      updated builder

    • enabledCipherSuites

      public Tls.Builder enabledCipherSuites(List<String> enabledCipherSuites)
      Enabled cipher suites for TLS communication.
      Parameters:
      enabledCipherSuites - cipher suits to enable, by default (or if list is empty), all available cipher suites are enabled
      Returns:
      updated builder

    • enabledProtocols

      public Tls.Builder enabledProtocols(List<String> enabledProtocols)
      Enabled protocols for TLS communication. Example of valid values for TLS protocol: TLSv1.3, TLSv1.2
      Parameters:
      enabledProtocols - protocols to enable, by default (or if list is empty), all available protocols are enabled
      Returns:
      updated builder

    • sslContext

      public Tls.Builder sslContext(SSLContext sslContext)
      Provide a fully configured SSLContext. If defined, context related configuration is ignored.
      Parameters:
      sslContext - SSL context to use
      Returns:
      updated builder

    • privateKey

      public Tls.Builder privateKey(PrivateKey privateKey)
      Private key to use. For server side TLS, this is required. For client side TLS, this is optional (used when mutual TLS is enabled).
      Parameters:
      privateKey - private key to use
      Returns:
      updated builder

    • privateKeyCertChain

      public Tls.Builder privateKeyCertChain(List<X509Certificate> privateKeyCertChain)
      Certificate chain of the private key.
      Parameters:
      privateKeyCertChain - private key certificate chain, only used when private key is configured
      Returns:
      updated builder

    • keyManagerFactoryAlgorithm

      public Tls.Builder keyManagerFactoryAlgorithm(String keyManagerFactoryAlgorithm)
      Algorithm of the key manager factory used when private key is defined. Defaults to KeyManagerFactory.getDefaultAlgorithm().
      Parameters:
      keyManagerFactoryAlgorithm - algorithm to use
      Returns:
      updated builder

    • trustCertificates

      public Tls.Builder trustCertificates(List<X509Certificate> trustCertificates)
      List of certificates that form the trust manager.
      Parameters:
      trustCertificates - certificates to be trusted
      Returns:
      updated builder

    • secureRandomAlgorithm

      public Tls.Builder secureRandomAlgorithm(String secureRandomAlgorithm)
      Algorithm to use when creating a new secure random.
      Parameters:
      secureRandomAlgorithm - algorithm to use, by default uses SecureRandom constructor
      Returns:
      updated builder

    • secureRandomProvider

      public Tls.Builder secureRandomProvider(String secureRandomProvider)
      Provider to use when creating a new secure random.
      Parameters:
      secureRandomProvider - provider to use, by default no provider is specified
      Returns:
      updated builder

    • secureRandom

      public Tls.Builder secureRandom(SecureRandom secureRandom)
      Explicit secure random to use.
      Parameters:
      secureRandom - secure random to use
      Returns:
      updated builder

    • tlsClientAuth

      public Tls.Builder tlsClientAuth(TlsClientAuth tlsClientAuth)
      Configure requirement for mutual TLS.
      Parameters:
      tlsClientAuth - what type of mutual TLS to use, defaults to TlsClientAuth.NONE
      Returns:
      updated builder

    • trustAll

      public Tls.Builder trustAll(boolean trustAll)
      Trust any certificate provided by the other side of communication.

      This is a dangerous setting: if set to true, any certificate will be accepted, throwing away most of the security advantages of TLS. NEVER do this in production.

      Parameters:
      trustAll - whether to trust all certificates, do not use in production
      Returns:
      updated builder

    • internalKeystoreType

      public Tls.Builder internalKeystoreType(String internalKeystoreType)
      Type of the key stores used internally to create a key and trust manager factories.
      Parameters:
      internalKeystoreType - keystore type, defaults to KeyStore.getDefaultType()
      Returns:
      updated builder

    • internalKeystoreProvider

      public Tls.Builder internalKeystoreProvider(String internalKeystoreProvider)
      Provider of the key stores used internally to create a key and trust manager factories.
      Parameters:
      internalKeystoreProvider - keystore provider, if not defined, provider is not specified
      Returns:
      updated builder

    • keyManagerFactoryProvider

      public Tls.Builder keyManagerFactoryProvider(String keyManagerFactoryProvider)
      Key manager factory provider.
      Parameters:
      keyManagerFactoryProvider - provider to use
      Returns:
      updated builder

    • trustManagerFactoryAlgorithm

      public Tls.Builder trustManagerFactoryAlgorithm(String trustManagerFactoryAlgorithm)
      Trust manager factory algorithm.
      Parameters:
      trustManagerFactoryAlgorithm - algorithm to use
      Returns:
      updated builder

    • trustManagerFactoryProvider

      public Tls.Builder trustManagerFactoryProvider(String trustManagerFactoryProvider)
      Trust manager factory provider to use.
      Parameters:
      trustManagerFactoryProvider - provider
      Returns:
      updated builder

    • sslParameters

      public Tls.Builder sslParameters(SSLParameters sslParameters)
      Configure SSL parameters.
      Parameters:
      sslParameters - SSL parameters to use
      Returns:
      updated builder

    • endpointIdentificationAlgorithm

      public Tls.Builder endpointIdentificationAlgorithm(String endpointIdentificationAlgorithm)
      Identification algorithm for SSL endpoints.
      Parameters:
      endpointIdentificationAlgorithm - configure endpoint identification algorithm, or set to NONE to disable endpoint identification (equivalent to hostname verification). Defaults to "HTTPS"
      Returns:
      updated builder

    • applicationProtocols

      public Tls.Builder applicationProtocols(List<String> applicationProtocols)
      Configure list of supported application protocols (such as h2).
      Parameters:
      applicationProtocols - application protocols
      Returns:
      updated builder

    • config

      public Tls.Builder config(Config config)
      Update this builder from configuration.
      Parameters:
      config - config on the node of SSL configuration
      Returns:
      this builder

    • enabled

      public Tls.Builder enabled(boolean enabled)
      Whether the TLS config should be enabled or not.
      Parameters:
      enabled - configure to false to disable SSL context (and SSL support on the server)
      Returns:
      this builder