Package io.quarkus.vertx.http.runtime

Interface CertificateConfig

public interface CertificateConfig
A certificate configuration. Provide either the certificate and key files or a keystore.

  • Method Details

    • credentialsProvider

      Optional<@WithConverter(io.quarkus.runtime.configuration.TrimmedStringConverter.class) String> credentialsProvider()
      The CredentialsProvider. If this property is configured, then a matching 'CredentialsProvider' will be used to get the keystore, keystore key, and truststore passwords unless these passwords have already been configured.

      Please note that using MicroProfile ConfigSource which is directly supported by Quarkus Configuration should be preferred unless using `CredentialsProvider` provides for some additional security and dynamism.

    • credentialsProviderName

      Optional<@WithConverter(io.quarkus.runtime.configuration.TrimmedStringConverter.class) String> credentialsProviderName()
      The credentials provider bean name.

      This is a bean name (as in @Named) of a bean that implements CredentialsProvider. It is used to select the credentials provider bean when multiple exist. This is unnecessary when there is only one credentials provider available.

      For Vault, the credentials provider bean name is vault-credentials-provider.

    • files

      Optional<List<Path>> files()
      The list of path to server certificates using the PEM format. Specifying multiple files requires SNI to be enabled.

    • keyFiles

      Optional<List<Path>> keyFiles()
      The list of path to server certificates private key files using the PEM format. Specifying multiple files requires SNI to be enabled.

      The order of the key files must match the order of the certificates.

    • keyStoreFile

      Optional<Path> keyStoreFile()
      An optional keystore that holds the certificate information instead of specifying separate files.

    • keyStoreFileType

      Optional<String> keyStoreFileType()
      An optional parameter to specify the type of the keystore file. If not given, the type is automatically detected based on the file name.

    • keyStoreProvider

      Optional<String> keyStoreProvider()
      An optional parameter to specify a provider of the keystore file. If not given, the provider is automatically detected based on the keystore file type.

    • keyStorePassword

      Optional<String> keyStorePassword()
      A parameter to specify the password of the keystore file. If not given, and if it can not be retrieved from CredentialsProvider.
      See Also:

    • keyStorePasswordKey

      Optional<String> keyStorePasswordKey()
      A parameter to specify a CredentialsProvider property key, which can be used to get the password of the key store file from CredentialsProvider.
      See Also:

    • keyStoreKeyAlias

      @Deprecated Optional<String> keyStoreKeyAlias()
      Deprecated.
      Use keyStoreAlias() instead.
      An optional parameter to select a specific key in the keystore. When SNI is disabled, and the keystore contains multiple keys and no alias is specified; the behavior is undefined.

    • keyStoreAlias

      Optional<String> keyStoreAlias()
      An optional parameter to select a specific key in the keystore. When SNI is disabled, and the keystore contains multiple keys and no alias is specified; the behavior is undefined.

    • keyStoreKeyPassword

      @Deprecated Optional<String> keyStoreKeyPassword()
      Deprecated.
      Use keyStoreAliasPassword() instead.
      An optional parameter to define the password for the key, in case it is different from keyStorePassword() If not given, it might be retrieved from CredentialsProvider.
      See Also:

    • keyStoreAliasPassword

      Optional<String> keyStoreAliasPassword()
      An optional parameter to define the password for the key, in case it is different from keyStorePassword() If not given, it might be retrieved from CredentialsProvider.
      See Also:

    • keyStoreKeyPasswordKey

      @Deprecated Optional<String> keyStoreKeyPasswordKey()
      Deprecated.
      Use keyStoreAliasPasswordKey() instead.
      A parameter to specify a CredentialsProvider property key, which can be used to get the password for the alias from CredentialsProvider.
      See Also:

    • keyStoreAliasPasswordKey

      Optional<String> keyStoreAliasPasswordKey()
      A parameter to specify a CredentialsProvider property key, which can be used to get the password for the alias from CredentialsProvider.
      See Also:

    • trustStoreFile

      Optional<Path> trustStoreFile()
      An optional trust store that holds the certificate information of the trusted certificates.

    • trustStoreFiles

      Optional<List<Path>> trustStoreFiles()
      An optional list of trusted certificates using the PEM format. If you pass multiple files, you must use the PEM format.

    • trustStoreFileType

      Optional<String> trustStoreFileType()
      An optional parameter to specify the type of the trust store file. If not given, the type is automatically detected based on the file name.

    • trustStoreProvider

      Optional<String> trustStoreProvider()
      An optional parameter to specify a provider of the trust store file. If not given, the provider is automatically detected based on the trust store file type.

    • trustStorePassword

      Optional<String> trustStorePassword()
      A parameter to specify the password of the trust store file. If not given, it might be retrieved from CredentialsProvider.
      See Also:

    • trustStorePasswordKey

      Optional<String> trustStorePasswordKey()
      A parameter to specify a CredentialsProvider property key, which can be used to get the password of the trust store file from CredentialsProvider.
      See Also:

    • trustStoreCertAlias

      Optional<String> trustStoreCertAlias()
      An optional parameter to trust a single certificate from the trust store rather than trusting all certificates in the store.

    • reloadPeriod

      Optional<Duration> reloadPeriod()
      When set, the configured certificate will be reloaded after the given period. Note that the certificate will be reloaded only if the file has been modified.

      Also, the update can also occur when the TLS certificate is configured using paths (and not in-memory).

      The reload period must be equal or greater than 30 seconds. If not set, the certificate will not be reloaded.

      IMPORTANT: It's recommended to use the TLS registry to handle the certificate reloading.