Class SSLContextFactory
- java.lang.Object
-
- akka.http.javadsl.common.SSLContextFactory
-
public class SSLContextFactory extends java.lang.Object
-
-
Constructor Summary
Constructors Constructor Description SSLContextFactory()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static javax.net.ssl.SSLContext
createSSLContextFromPem(com.typesafe.config.Config config)
Convenience factory for constructing an SSLContext out of a certificate file, a private key file and zero or more CA-certificate files defined in config.static javax.net.ssl.SSLContext
createSSLContextFromPem(java.nio.file.Path certificatePath, java.nio.file.Path privateKeyPath)
Convenience factory for constructing an SSLContext out of a certificate file, a private key file but use the default JDK trust store.static javax.net.ssl.SSLContext
createSSLContextFromPem(java.nio.file.Path certificatePath, java.nio.file.Path privateKeyPath, java.util.List<java.nio.file.Path> trustedCaCertificatePaths)
Convenience factory for constructing an SSLContext out of a certificate file, a private key file and zero or more CA-certificate files.static javax.net.ssl.SSLContext
createSSLContextFromPem(java.nio.file.Path certificatePath, java.nio.file.Path privateKeyPath, java.util.Optional<scala.collection.immutable.Seq<java.nio.file.Path>> trustedCaCertificatePaths, java.util.Optional<java.security.SecureRandom> secureRandom)
Convenience factory for constructing an SSLContext out of a certificate file, a private key file and possibly zero or more CA-certificate files to trust.static akka.japi.function.Creator<javax.net.ssl.SSLContext>
refreshingSSLContextProvider(java.time.Duration refreshAfter, akka.japi.function.Creator<javax.net.ssl.SSLContext> construct)
Keeps a created SSLContext around for arefreshAfter
period, sharing it among connections, then creates a new context.static akka.japi.function.Creator<javax.net.ssl.SSLEngine>
refreshingSSLEngineProvider(java.time.Duration refreshAfter, akka.japi.function.Creator<javax.net.ssl.SSLContext> construct)
Keeps a created SSLContext around for arefreshAfter
period, sharing it among connections, then creates a new context.
-
-
-
Method Detail
-
createSSLContextFromPem
public static javax.net.ssl.SSLContext createSSLContextFromPem(com.typesafe.config.Config config)
Convenience factory for constructing an SSLContext out of a certificate file, a private key file and zero or more CA-certificate files defined in config.The provided
Config
is required to have the fieldcertificate
containing a path to a certificate file,private-key
containing the path to a private key, and the keytrusted-ca-certificates
either with the value "system" to use the default JDK truststore or containing a list of zero to many paths to CA certificate files to explicitly list what CA certs to trust. All files must contain PEM encoded certificates or keys.Note that the paths are filesystem paths, not class path, certificate files packaged in the JAR cannot be loaded using this method.
Example usage:
createSSLContextFromPem(system.settings.config.getConfig("my-server"))
API May Change
- Parameters:
config
- (undocumented)- Returns:
- (undocumented)
-
createSSLContextFromPem
public static javax.net.ssl.SSLContext createSSLContextFromPem(java.nio.file.Path certificatePath, java.nio.file.Path privateKeyPath)
Convenience factory for constructing an SSLContext out of a certificate file, a private key file but use the default JDK trust store. All files must contain PEM encoded certificates or keys.Note that the paths are filesystem paths, not class path, certificate files packaged in the JAR cannot be loaded using this method.
API May Change
- Parameters:
certificatePath
- (undocumented)privateKeyPath
- (undocumented)- Returns:
- (undocumented)
-
createSSLContextFromPem
public static javax.net.ssl.SSLContext createSSLContextFromPem(java.nio.file.Path certificatePath, java.nio.file.Path privateKeyPath, java.util.List<java.nio.file.Path> trustedCaCertificatePaths)
Convenience factory for constructing an SSLContext out of a certificate file, a private key file and zero or more CA-certificate files. All files must contain PEM encoded certificates or keys.Note that the paths are filesystem paths, not class path, certificate files packaged in the JAR cannot be loaded using this method.
API May Change
- Parameters:
certificatePath
- (undocumented)privateKeyPath
- (undocumented)trustedCaCertificatePaths
- (undocumented)- Returns:
- (undocumented)
-
createSSLContextFromPem
public static javax.net.ssl.SSLContext createSSLContextFromPem(java.nio.file.Path certificatePath, java.nio.file.Path privateKeyPath, java.util.Optional<scala.collection.immutable.Seq<java.nio.file.Path>> trustedCaCertificatePaths, java.util.Optional<java.security.SecureRandom> secureRandom)
Convenience factory for constructing an SSLContext out of a certificate file, a private key file and possibly zero or more CA-certificate files to trust. All files must contain PEM encoded certificates or keys.Note that the paths are filesystem paths, not class path, certificate files packaged in the JAR cannot be loaded using this method.
- Parameters:
certificatePath
- Path to a PEM encoded certificate fileprivateKeyPath
- Path to a PEM encoded key filetrustedCaCertificatePaths
- emptyOptional
to use the default system trust store, orOptional
with containing a list of one or more CA certificate paths to explicitly control exactly what CAs are trustedsecureRandom
- a secure random to use for the SSL context or none to use a default instanceAPI May Change
- Returns:
- (undocumented)
-
refreshingSSLEngineProvider
public static akka.japi.function.Creator<javax.net.ssl.SSLEngine> refreshingSSLEngineProvider(java.time.Duration refreshAfter, akka.japi.function.Creator<javax.net.ssl.SSLContext> construct)
Keeps a created SSLContext around for arefreshAfter
period, sharing it among connections, then creates a new context. Useful for rotating certificates.- Parameters:
refreshAfter
- Keep a created context around this long, then recreate itconstruct
- A factory method to create the context when recreating is needed- Returns:
- An SSLEngine provider function to use with Akka HTTP
ConnectionContext.httpsServer()
andConnectionContext.httpsClient
.API May Change
-
refreshingSSLContextProvider
public static akka.japi.function.Creator<javax.net.ssl.SSLContext> refreshingSSLContextProvider(java.time.Duration refreshAfter, akka.japi.function.Creator<javax.net.ssl.SSLContext> construct)
Keeps a created SSLContext around for arefreshAfter
period, sharing it among connections, then creates a new context. Actually constructing theSSLEngine
is left to caller, to allow additional customization of theSSLEngine
, for example to require client certificates in a server application.- Parameters:
refreshAfter
- Keep a created context around this long, then recreate itconstruct
- A factory method to create the context when recreating is needed- Returns:
- An SSLEngine provider function to use with Akka HTTP
ConnectionContext.httpsServer()
andConnectionContext.httpsClient
.API May Change
-
-