All Downloads are FREE. Search and download functionalities are using the official Maven repository.

io.quarkus.tls.runtime.config.KeyStoreConfig Maven / Gradle / Ivy

package io.quarkus.tls.runtime.config;

import java.util.Optional;

import io.quarkus.runtime.annotations.ConfigGroup;
import io.smallrye.config.WithDefault;

@ConfigGroup
public interface KeyStoreConfig {

    /**
     * Configures the PEM key/certificate pair.
     */
    Optional pem();

    /**
     * Configure the PKCS12 key store.
     */
    Optional p12();

    /**
     * Configure the JKS key store.
     */
    Optional jks();

    /**
     * Enables Server Name Indication (SNI).
     * 

* Server Name Indication (SNI) is a TLS extension that allows a client to specify the hostname it is attempting to * connect to during the TLS handshake. This enables a server to present different SSL certificates for multiple * domains on a single IP address, facilitating secure communication for virtual hosting scenarios. *

* With this setting enabled, the client indicate the server name during the TLS handshake, allowing the server to * select the right certificate. *

* When configuring the keystore with PEM files, multiple CRT/Key must be given. * When configuring the keystore with a JKS or a P12 file, it selects one alias based on the SNI hostname. * In this case, all the keystore password and alias password must be the same (configured with the {@code password} * and {@code alias-password} properties. Do not set the {@code alias} property. */ @WithDefault("false") boolean sni(); /** * The credential provider configuration for the keys store. * A credential provider offers a way to retrieve the key store password and alias password. * Note that the credential provider is only used if the password / alias password are not set in the configuration. */ KeyStoreCredentialProviderConfig credentialsProvider(); default void validate(String name) { if (pem().isPresent() && (p12().isPresent() || jks().isPresent())) { throw new IllegalStateException( "Invalid keystore '" + name + "' - The keystore cannot be configured with PEM and PKCS12 or JKS at the same time"); } if (p12().isPresent() && jks().isPresent()) { throw new IllegalStateException( "Invalid keystore '" + name + "' - The keystore cannot be configured with PKCS12 and JKS at the same time"); } } }





© 2015 - 2025 Weber Informatics LLC | Privacy Policy