Package io.quarkus.vertx.http.runtime

Class CertificateConfig

java.lang.Object
io.quarkus.vertx.http.runtime.CertificateConfig
public class CertificateConfig extends Object
A certificate configuration. Provide either the certificate and key files or a keystore.

  • Field Details

    • credentialsProvider

      @ConfigItem @ConvertWith(io.quarkus.runtime.configuration.TrimmedStringConverter.class) public Optional<String> credentialsProvider
      The CredentialsProvider. If this property is configured, then a matching 'CredentialsProvider' will be used to get the keystore, keystore key, and truststore passwords unless these passwords have already been configured.

      Please note that using MicroProfile ConfigSource which is directly supported by Quarkus Configuration should be preferred unless using `CredentialsProvider` provides for some additional security and dynamism.

    • credentialsProviderName

      @ConfigItem @ConvertWith(io.quarkus.runtime.configuration.TrimmedStringConverter.class) public Optional<String> credentialsProviderName
      The credentials provider bean name.

      This is a bean name (as in @Named) of a bean that implements CredentialsProvider. It is used to select the credentials provider bean when multiple exist. This is unnecessary when there is only one credentials provider available.

      For Vault, the credentials provider bean name is vault-credentials-provider.

    • files

      @ConfigItem public Optional<List<Path>> files
      The list of path to server certificates using the PEM format. Specifying multiple files requires SNI to be enabled.

    • keyFiles

      @ConfigItem public Optional<List<Path>> keyFiles
      The list of path to server certificates private key files using the PEM format. Specifying multiple files requires SNI to be enabled.

      The order of the key files must match the order of the certificates.

    • keyStoreFile

      @ConfigItem public Optional<Path> keyStoreFile
      An optional keystore that holds the certificate information instead of specifying separate files.

    • keyStoreFileType

      @ConfigItem public Optional<String> keyStoreFileType
      An optional parameter to specify the type of the keystore file. If not given, the type is automatically detected based on the file name.

    • keyStoreProvider

      @ConfigItem public Optional<String> keyStoreProvider
      An optional parameter to specify a provider of the keystore file. If not given, the provider is automatically detected based on the keystore file type.

    • keyStorePassword

      @ConfigItem(defaultValueDocumentation="password") public Optional<String> keyStorePassword
      A parameter to specify the password of the keystore file. If not given, and if it can not be retrieved from CredentialsProvider.

    • keyStorePasswordKey

      @ConfigItem public Optional<String> keyStorePasswordKey
      A parameter to specify a CredentialsProvider property key, which can be used to get the password of the key store file from CredentialsProvider.

    • keyStoreKeyAlias

      @ConfigItem @Deprecated public Optional<String> keyStoreKeyAlias
      Deprecated.
      Use keyStoreAlias instead.
      An optional parameter to select a specific key in the keystore. When SNI is disabled, and the keystore contains multiple keys and no alias is specified; the behavior is undefined.

    • keyStoreAlias

      @ConfigItem public Optional<String> keyStoreAlias
      An optional parameter to select a specific key in the keystore. When SNI is disabled, and the keystore contains multiple keys and no alias is specified; the behavior is undefined.

    • keyStoreKeyPassword

      @Deprecated @ConfigItem public Optional<String> keyStoreKeyPassword
      Deprecated.
      Use keyStoreAliasPassword instead.
      An optional parameter to define the password for the key, in case it is different from keyStorePassword If not given, it might be retrieved from CredentialsProvider.

    • keyStoreAliasPassword

      @ConfigItem public Optional<String> keyStoreAliasPassword
      An optional parameter to define the password for the key, in case it is different from keyStorePassword If not given, it might be retrieved from CredentialsProvider.

    • keyStoreKeyPasswordKey

      @ConfigItem @Deprecated public Optional<String> keyStoreKeyPasswordKey
      Deprecated.
      Use keyStoreAliasPasswordKey instead.
      A parameter to specify a CredentialsProvider property key, which can be used to get the password for the alias from CredentialsProvider.

    • keyStoreAliasPasswordKey

      @ConfigItem public Optional<String> keyStoreAliasPasswordKey
      A parameter to specify a CredentialsProvider property key, which can be used to get the password for the alias from CredentialsProvider.

    • trustStoreFile

      @ConfigItem public Optional<Path> trustStoreFile
      An optional trust store that holds the certificate information of the trusted certificates.

    • trustStoreFiles

      @ConfigItem public Optional<List<Path>> trustStoreFiles
      An optional list of trusted certificates using the PEM format. If you pass multiple files, you must use the PEM format.

    • trustStoreFileType

      @ConfigItem public Optional<String> trustStoreFileType
      An optional parameter to specify the type of the trust store file. If not given, the type is automatically detected based on the file name.

    • trustStoreProvider

      @ConfigItem public Optional<String> trustStoreProvider
      An optional parameter to specify a provider of the trust store file. If not given, the provider is automatically detected based on the trust store file type.

    • trustStorePassword

      @ConfigItem public Optional<String> trustStorePassword
      A parameter to specify the password of the trust store file. If not given, it might be retrieved from CredentialsProvider.

    • trustStorePasswordKey

      @ConfigItem public Optional<String> trustStorePasswordKey
      A parameter to specify a CredentialsProvider property key, which can be used to get the password of the trust store file from CredentialsProvider.

    • trustStoreCertAlias

      @ConfigItem public Optional<String> trustStoreCertAlias
      An optional parameter to trust a single certificate from the trust store rather than trusting all certificates in the store.

    • reloadPeriod

      @ConfigItem public Optional<Duration> reloadPeriod
      When set, the configured certificate will be reloaded after the given period. Note that the certificate will be reloaded only if the file has been modified.

      Also, the update can also occur when the TLS certificate is configured using paths (and not in-memory).

      The reload period must be equal or greater than 30 seconds. If not set, the certificate will not be reloaded.

      IMPORTANT: It's recommended to use the TLS registry to handle the certificate reloading.

  • Constructor Details

    • CertificateConfig

      public CertificateConfig()