Class SSLContextFactory


  • public class SSLContextFactory
    extends java.lang.Object
    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static javax.net.ssl.SSLContext createSSLContextFromPem​(com.typesafe.config.Config config)
      Convenience factory for constructing an SSLContext out of a certificate file, a private key file and zero or more CA-certificate files defined in config.
      static javax.net.ssl.SSLContext createSSLContextFromPem​(java.nio.file.Path certificatePath, java.nio.file.Path privateKeyPath)
      Convenience factory for constructing an SSLContext out of a certificate file, a private key file but use the default JDK trust store.
      static javax.net.ssl.SSLContext createSSLContextFromPem​(java.nio.file.Path certificatePath, java.nio.file.Path privateKeyPath, java.util.List<java.nio.file.Path> trustedCaCertificatePaths)
      Convenience factory for constructing an SSLContext out of a certificate file, a private key file and zero or more CA-certificate files.
      static javax.net.ssl.SSLContext createSSLContextFromPem​(java.nio.file.Path certificatePath, java.nio.file.Path privateKeyPath, java.util.Optional<scala.collection.immutable.Seq<java.nio.file.Path>> trustedCaCertificatePaths, java.util.Optional<java.security.SecureRandom> secureRandom)
      Convenience factory for constructing an SSLContext out of a certificate file, a private key file and possibly zero or more CA-certificate files to trust.
      static akka.japi.function.Creator<javax.net.ssl.SSLContext> refreshingSSLContextProvider​(java.time.Duration refreshAfter, akka.japi.function.Creator<javax.net.ssl.SSLContext> construct)
      Keeps a created SSLContext around for a refreshAfter period, sharing it among connections, then creates a new context.
      static akka.japi.function.Creator<javax.net.ssl.SSLEngine> refreshingSSLEngineProvider​(java.time.Duration refreshAfter, akka.japi.function.Creator<javax.net.ssl.SSLContext> construct)
      Keeps a created SSLContext around for a refreshAfter period, sharing it among connections, then creates a new context.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • SSLContextFactory

        public SSLContextFactory()
    • Method Detail

      • createSSLContextFromPem

        public static javax.net.ssl.SSLContext createSSLContextFromPem​(com.typesafe.config.Config config)
        Convenience factory for constructing an SSLContext out of a certificate file, a private key file and zero or more CA-certificate files defined in config.

        The provided Config is required to have the field certificate containing a path to a certificate file, private-key containing the path to a private key, and the key trusted-ca-certificates either with the value "system" to use the default JDK truststore or containing a list of zero to many paths to CA certificate files to explicitly list what CA certs to trust. All files must contain PEM encoded certificates or keys.

        Note that the paths are filesystem paths, not class path, certificate files packaged in the JAR cannot be loaded using this method.

        Example usage: createSSLContextFromPem(system.settings.config.getConfig("my-server"))

        API May Change

        Parameters:
        config - (undocumented)
        Returns:
        (undocumented)
      • createSSLContextFromPem

        public static javax.net.ssl.SSLContext createSSLContextFromPem​(java.nio.file.Path certificatePath,
                                                                       java.nio.file.Path privateKeyPath)
        Convenience factory for constructing an SSLContext out of a certificate file, a private key file but use the default JDK trust store. All files must contain PEM encoded certificates or keys.

        Note that the paths are filesystem paths, not class path, certificate files packaged in the JAR cannot be loaded using this method.

        API May Change

        Parameters:
        certificatePath - (undocumented)
        privateKeyPath - (undocumented)
        Returns:
        (undocumented)
      • createSSLContextFromPem

        public static javax.net.ssl.SSLContext createSSLContextFromPem​(java.nio.file.Path certificatePath,
                                                                       java.nio.file.Path privateKeyPath,
                                                                       java.util.List<java.nio.file.Path> trustedCaCertificatePaths)
        Convenience factory for constructing an SSLContext out of a certificate file, a private key file and zero or more CA-certificate files. All files must contain PEM encoded certificates or keys.

        Note that the paths are filesystem paths, not class path, certificate files packaged in the JAR cannot be loaded using this method.

        API May Change

        Parameters:
        certificatePath - (undocumented)
        privateKeyPath - (undocumented)
        trustedCaCertificatePaths - (undocumented)
        Returns:
        (undocumented)
      • createSSLContextFromPem

        public static javax.net.ssl.SSLContext createSSLContextFromPem​(java.nio.file.Path certificatePath,
                                                                       java.nio.file.Path privateKeyPath,
                                                                       java.util.Optional<scala.collection.immutable.Seq<java.nio.file.Path>> trustedCaCertificatePaths,
                                                                       java.util.Optional<java.security.SecureRandom> secureRandom)
        Convenience factory for constructing an SSLContext out of a certificate file, a private key file and possibly zero or more CA-certificate files to trust. All files must contain PEM encoded certificates or keys.

        Note that the paths are filesystem paths, not class path, certificate files packaged in the JAR cannot be loaded using this method.

        Parameters:
        certificatePath - Path to a PEM encoded certificate file
        privateKeyPath - Path to a PEM encoded key file
        trustedCaCertificatePaths - empty Optional to use the default system trust store, or Optional with containing a list of one or more CA certificate paths to explicitly control exactly what CAs are trusted
        secureRandom - a secure random to use for the SSL context or none to use a default instance

        API May Change

        Returns:
        (undocumented)
      • refreshingSSLEngineProvider

        public static akka.japi.function.Creator<javax.net.ssl.SSLEngine> refreshingSSLEngineProvider​(java.time.Duration refreshAfter,
                                                                                                      akka.japi.function.Creator<javax.net.ssl.SSLContext> construct)
        Keeps a created SSLContext around for a refreshAfter period, sharing it among connections, then creates a new context. Useful for rotating certificates.

        Parameters:
        refreshAfter - Keep a created context around this long, then recreate it
        construct - A factory method to create the context when recreating is needed
        Returns:
        An SSLEngine provider function to use with Akka HTTP ConnectionContext.httpsServer() and ConnectionContext.httpsClient.

        API May Change

      • refreshingSSLContextProvider

        public static akka.japi.function.Creator<javax.net.ssl.SSLContext> refreshingSSLContextProvider​(java.time.Duration refreshAfter,
                                                                                                        akka.japi.function.Creator<javax.net.ssl.SSLContext> construct)
        Keeps a created SSLContext around for a refreshAfter period, sharing it among connections, then creates a new context. Actually constructing the SSLEngine is left to caller, to allow additional customization of the SSLEngine, for example to require client certificates in a server application.

        Parameters:
        refreshAfter - Keep a created context around this long, then recreate it
        construct - A factory method to create the context when recreating is needed
        Returns:
        An SSLEngine provider function to use with Akka HTTP ConnectionContext.httpsServer() and ConnectionContext.httpsClient.

        API May Change