net.devh.boot.grpc.client.config

Class GrpcChannelProperties.Security

java.lang.Object

net.devh.boot.grpc.client.config.GrpcChannelProperties.Security

Enclosing class:

GrpcChannelProperties

public static class GrpcChannelProperties.Security
extends Object

A container with options for the channel's transport security.

Constructor Summary

Constructors

Constructor and Description
Security()

Method Summary

Modifier and Type	Method and Description
protected boolean	canEqual(Object other)
void	copyDefaultsFrom(GrpcChannelProperties.Security config) Copies the defaults from the given configuration.
boolean	equals(Object o)
String	getAuthorityOverride() Gets the authority to check for during server certificate verification.
Resource	getCertificateChain() Gets the resource containing the SSL certificate chain.
List<String>	getCiphers() Gets the cipher suite accepted for secure connections (in the order of preference).
Resource	getKeyStore() The resource containing the key store.
String	getKeyStoreFormat() The format of the keyStore.
String	getKeyStorePassword() Password for the key store.
Resource	getPrivateKey() Gets resource containing the private key.
String	getPrivateKeyPassword() Gets the password for the private key.
String[]	getProtocols() Gets the TLS protocols accepted for secure connections
Resource	getTrustCertCollection() Gets the resource containing the the trusted certificate collection.
Resource	getTrustStore() The resource containing the trust store.
String	getTrustStoreFormat() The format of the trustStore.
String	getTrustStorePassword() Password for the trust store.
int	hashCode()
boolean	isClientAuthEnabled() Gets whether client can authenticate using certificates.
void	setAuthorityOverride(String authorityOverride) Sets the authority to check for during server certificate verification.
void	setCertificateChain(Resource certificateChain) Sets the resource containing the SSL certificate chain.
void	setCiphers(String ciphers) Sets the cipher suite accepted for secure connections (in the order of preference).
void	setClientAuthEnabled(Boolean clientAuthEnabled) Set whether client can authenticate using certificates.
void	setKeyStore(Resource keyStore) The resource containing the key store.
void	setKeyStoreFormat(String keyStoreFormat) The format of the keyStore.
void	setKeyStorePassword(String keyStorePassword) Password for the key store.
void	setPrivateKey(Resource privateKey) Sets the resource containing the private key.
void	setPrivateKeyPassword(String privateKeyPassword) Sets the password for the private key.
void	setProtocols(String protocols) Sets the TLS protocols accepted for secure connections.
void	setTrustCertCollection(Resource trustCertCollection) Sets the resource containing the trusted certificate collection.
void	setTrustStore(Resource trustStore) The resource containing the trust store.
void	setTrustStoreFormat(String trustStoreFormat) The format of the trustStore.
void	setTrustStorePassword(String trustStorePassword) Password for the trust store.
String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

Security

public Security()

Method Detail

isClientAuthEnabled

public boolean isClientAuthEnabled()

Gets whether client can authenticate using certificates.

Returns:

True, if the client can authenticate itself using certificates.

See Also:

setClientAuthEnabled(Boolean)

setClientAuthEnabled

public void setClientAuthEnabled(Boolean clientAuthEnabled)

Set whether client can authenticate using certificates. Defaults to false.

Parameters:

clientAuthEnabled - Whether the client can authenticate itself using certificates.

getCertificateChain

public Resource getCertificateChain()

Gets the resource containing the SSL certificate chain.

Returns:

The certificate chain resource or null, if security is not enabled.

See Also:

setCertificateChain(Resource)

setCertificateChain

public void setCertificateChain(Resource certificateChain)

Sets the resource containing the SSL certificate chain. Required if isClientAuthEnabled() is true. The linked certificate will be used to authenticate the client.

Parameters:

certificateChain - The certificate chain.

See Also:

SslContextBuilder.keyManager(InputStream, InputStream, String)

getPrivateKey

public Resource getPrivateKey()

Gets resource containing the private key.

Returns:

The private key resource or null, if security is not enabled.

See Also:

setPrivateKey(Resource)

setPrivateKey

public void setPrivateKey(Resource privateKey)

Sets the resource containing the private key. Required if isClientAuthEnabled() is true.

Parameters:

privateKey - The private key resource.

See Also:

SslContextBuilder.keyManager(InputStream, InputStream, String)

getPrivateKeyPassword

public String getPrivateKeyPassword()

Gets the password for the private key.

Returns:

The password for the private key or null, if the private key is not set or not encrypted.

See Also:

setPrivateKeyPassword(String)

setPrivateKeyPassword

public void setPrivateKeyPassword(String privateKeyPassword)

Sets the password for the private key.

Parameters:

privateKeyPassword - The password for the private key.

See Also:

SslContextBuilder.keyManager(File, File, String)

getKeyStoreFormat

public String getKeyStoreFormat()

The format of the keyStore.

Possible values includes:

• AUTODETECT (default)
• JKS (.jks)
• PKCS12 (.p12)
• any supported KeyStore format
• Fallback to KeyStore#getDefaultType()

Returns:

The key store format to use.

setKeyStoreFormat

public void setKeyStoreFormat(String keyStoreFormat)

The format of the keyStore.

Possible values includes:

• AUTODETECT (default)
• JKS (.jks)
• PKCS12 (.p12)
• any supported KeyStore format
• Fallback to KeyStore#getDefaultType()

Parameters:

keyStoreFormat - The key store format to use

getKeyStore

public Resource getKeyStore()

The resource containing the key store. Cannot be used in conjunction with privateKey.

Returns:

The key store resource or null.

setKeyStore

public void setKeyStore(Resource keyStore)

The resource containing the key store. Cannot be used in conjunction with privateKey.

Parameters:

keyStore - The key store resource.

getKeyStorePassword

public String getKeyStorePassword()

Password for the key store. Use is combination with keyStore.

Returns:

The password for the key store or null.

setKeyStorePassword

public void setKeyStorePassword(String keyStorePassword)

Password for the key store. Use is combination with keyStore.

Parameters:

keyStorePassword - The password for the key store.

getTrustCertCollection

public Resource getTrustCertCollection()

Gets the resource containing the the trusted certificate collection. If null or empty the use the system's default collection should be used.

Returns:

The trusted certificate collection resource or null.

See Also:

setTrustCertCollection(Resource)

setTrustCertCollection

public void setTrustCertCollection(Resource trustCertCollection)

Sets the resource containing the trusted certificate collection. If not set (null) it will use the system's default collection (Default). This collection will be used to verify server certificates.

Parameters:

trustCertCollection - The path to the trusted certificate collection.

See Also:

SslContextBuilder.trustManager(InputStream)

getTrustStoreFormat

public String getTrustStoreFormat()

The format of the trustStore.

Possible values includes:

• AUTODETECT (default)
• JKS (.jks)
• PKCS12 (.p12)
• any supported KeyStore format
• Fallback to KeyStore#getDefaultType()

Returns:

The trust store format to use.

setTrustStoreFormat

public void setTrustStoreFormat(String trustStoreFormat)

The format of the trustStore.

Possible values includes:

• AUTODETECT (default)
• JKS (.jks)
• PKCS12 (.p12)
• any supported KeyStore format
• Fallback to KeyStore#getDefaultType()

Parameters:

trustStoreFormat - The trust store format to use.

getTrustStore

public Resource getTrustStore()

The resource containing the trust store. Cannot be used in conjunction with trustCertCollection. If neither this nor trustCertCollection is set then the system's trust store will be used.

Returns:

The trust store resource or null.

setTrustStore

public void setTrustStore(Resource trustStore)

The resource containing the trust store. Cannot be used in conjunction with trustCertCollection. If neither this nor trustCertCollection is set then the system's trust store will be used.

Parameters:

trustStore - The trust store resource.

getTrustStorePassword

public String getTrustStorePassword()

Password for the trust store. Use is combination with trustStore.

Returns:

The password for the trust store or null.

setTrustStorePassword

public void setTrustStorePassword(String trustStorePassword)

Password for the trust store. Use is combination with trustStore.

Parameters:

trustStorePassword - The password for the trust store.

getAuthorityOverride

public String getAuthorityOverride()

Gets the authority to check for during server certificate verification.

Returns:

The override for the authority to check for or null, there is no override configured.

See Also:

setAuthorityOverride(String)

setAuthorityOverride

public void setAuthorityOverride(String authorityOverride)

Sets the authority to check for during server certificate verification. By default the clients will use the name of the client to check the server certificate's common + alternative names.

Parameters:

authorityOverride - The authority to check for in the certificate, or null to use the default checks.

See Also:

AbstractManagedChannelImplBuilder.overrideAuthority(String)

getCiphers

public List<String> getCiphers()

Gets the cipher suite accepted for secure connections (in the order of preference).

Returns:

The cipher suite accepted for secure connections or null.

setCiphers

public void setCiphers(String ciphers)

Sets the cipher suite accepted for secure connections (in the order of preference). If not specified (null), then the default suites should be used.

Parameters:

ciphers - Cipher suite consisting of one or more cipher strings separated by colons, commas or spaces

See Also:

SslContextBuilder.ciphers(Iterable)

getProtocols

public String[] getProtocols()

Gets the TLS protocols accepted for secure connections

Returns:

The protocols accepted for secure connections or null.

setProtocols

public void setProtocols(String protocols)

Sets the TLS protocols accepted for secure connections. If not specified (null), then the default ones will be used.

Parameters:

protocols - Protocol list consisting of one or more protocols separated by colons, commas or spaces.

See Also:

SslContextBuilder.protocols(String...)

copyDefaultsFrom

public void copyDefaultsFrom(GrpcChannelProperties.Security config)

Copies the defaults from the given configuration. Values are considered "default" if they are null. Please note that the getters might return fallback values instead.

Parameters:

config - The config to copy the defaults from.

toString

public String toString()

Overrides:

toString in class Object

equals

public boolean equals(Object o)

Overrides:

equals in class Object

canEqual

protected boolean canEqual(Object other)

hashCode

public int hashCode()

Overrides:

hashCode in class Object