Improve and make more coherent ssl/tls options

src/main/asciidoc/net.adoc

@@ -365,7 +365,7 @@ The password for the keystore should also be provided:
 [source,java]
 ----
 NetServerOptions options = new NetServerOptions().setSsl(true).setKeyStoreOptions(
-    new JKSOptions().
+    new JksOptions().
         setPath("/path/to/your/keystore.jks").
         setPassword("password-of-your-keystore")
 );
@@ -377,7 +377,7 @@ Alternatively you can read the key store yourself as a buffer and provide that d
 [source,java]
 ----
 Buffer myKeyStoreAsABuffer = readKeyStore();
-JKSOptions jksOptions = new JKSOptions().
+JksOptions jksOptions = new JksOptions().
     setValue(myKeyStoreAsABuffer).
     setPassword("password-of-your-keystore");
 NetServerOptions options = new NetServerOptions().

src/main/java/examples/NetExamples.java

@@ -187,7 +187,7 @@ public void example16(Vertx vertx) {
 
   public void example17(Vertx vertx) {
     NetServerOptions options = new NetServerOptions().setSsl(true).setKeyStoreOptions(
-        new JKSOptions().
+        new JksOptions().
             setPath("/path/to/your/keystore.jks").
             setPassword("password-of-your-keystore")
     );
@@ -196,7 +196,7 @@ public void example17(Vertx vertx) {
 
   public void example18(Vertx vertx) {
     Buffer myKeyStoreAsABuffer = readKeyStore();
-    JKSOptions jksOptions = new JKSOptions().
+    JksOptions jksOptions = new JksOptions().
         setValue(myKeyStoreAsABuffer).
         setPassword("password-of-your-keystore");
     NetServerOptions options = new NetServerOptions().

src/main/java/io/vertx/core/http/HttpClientOptions.java

@@ -19,8 +19,12 @@
 import io.vertx.codegen.annotations.DataObject;
 import io.vertx.core.json.JsonObject;
 import io.vertx.core.net.ClientOptionsBase;
-import io.vertx.core.net.KeyStoreOptions;
-import io.vertx.core.net.TrustStoreOptions;
+import io.vertx.core.net.JksOptions;
+import io.vertx.core.net.PemCaOptions;
+import io.vertx.core.net.PemKeyCertOptions;
+import io.vertx.core.net.PfxOptions;
+import io.vertx.core.net.CaOptions;
+import io.vertx.core.net.TCPSSLOptions;
 
 /**
  * Options describing how an {@link HttpClient} will make connections.
@@ -189,17 +193,37 @@ public HttpClientOptions setSsl(boolean ssl) {
   }
 
   @Override
-  public HttpClientOptions setKeyStoreOptions(KeyStoreOptions keyStore) {
-    super.setKeyStoreOptions(keyStore);
+  public HttpClientOptions setKeyStoreOptions(JksOptions options) {
+    super.setKeyStoreOptions(options);
     return this;
   }
 
   @Override
-  public HttpClientOptions setTrustStoreOptions(TrustStoreOptions trustStore) {
-    super.setTrustStoreOptions(trustStore);
+  public HttpClientOptions setPfxKeyCertOptions(PfxOptions options) {
+    return (HttpClientOptions) super.setPfxKeyCertOptions(options);
+  }
+
+  @Override
+  public HttpClientOptions setPemKeyCertOptions(PemKeyCertOptions options) {
+    return (HttpClientOptions) super.setPemKeyCertOptions(options);
+  }
+
+  @Override
+  public HttpClientOptions setTrustStoreOptions(JksOptions options) {
+    super.setTrustStoreOptions(options);
     return this;
   }
 
+  @Override
+  public HttpClientOptions setPfxCaOptions(PfxOptions options) {
+    return (HttpClientOptions) super.setPfxCaOptions(options);
+  }
+
+  @Override
+  public HttpClientOptions setPemCaOptions(PemCaOptions options) {
+    return (HttpClientOptions) super.setPemCaOptions(options);
+  }
+
   @Override
   public HttpClientOptions addEnabledCipherSuite(String suite) {
     super.addEnabledCipherSuite(suite);

src/main/java/io/vertx/core/http/HttpServerOptions.java

@@ -18,9 +18,12 @@
 
 import io.vertx.codegen.annotations.DataObject;
 import io.vertx.core.json.JsonObject;
-import io.vertx.core.net.KeyStoreOptions;
+import io.vertx.core.net.JksOptions;
+import io.vertx.core.net.PemCaOptions;
+import io.vertx.core.net.PemKeyCertOptions;
 import io.vertx.core.net.NetServerOptions;
-import io.vertx.core.net.TrustStoreOptions;
+import io.vertx.core.net.PfxOptions;
+import io.vertx.core.net.CaOptions;
 
 /**
  * Represents options used by an {@link io.vertx.core.http.HttpServer} instance
@@ -145,17 +148,37 @@ public HttpServerOptions setSsl(boolean ssl) {
   }
 
   @Override
-  public HttpServerOptions setKeyStoreOptions(KeyStoreOptions keyStore) {
-    super.setKeyStoreOptions(keyStore);
+  public HttpServerOptions setKeyStoreOptions(JksOptions options) {
+    super.setKeyStoreOptions(options);
     return this;
   }
 
   @Override
-  public HttpServerOptions setTrustStoreOptions(TrustStoreOptions trustStore) {
-    super.setTrustStoreOptions(trustStore);
+  public HttpServerOptions setPfxKeyCertOptions(PfxOptions options) {
+    return (HttpServerOptions) super.setPfxKeyCertOptions(options);
+  }
+
+  @Override
+  public HttpServerOptions setPemKeyCertOptions(PemKeyCertOptions options) {
+    return (HttpServerOptions) super.setPemKeyCertOptions(options);
+  }
+
+  @Override
+  public HttpServerOptions setTrustStoreOptions(JksOptions options) {
+    super.setTrustStoreOptions(options);
     return this;
   }
 
+  @Override
+  public HttpServerOptions setPemCaOptions(PemCaOptions options) {
+    return (HttpServerOptions) super.setPemCaOptions(options);
+  }
+
+  @Override
+  public HttpServerOptions setPfxCaOptions(PfxOptions options) {
+    return (HttpServerOptions) super.setPfxCaOptions(options);
+  }
+
   @Override
   public HttpServerOptions addEnabledCipherSuite(String suite) {
     super.addEnabledCipherSuite(suite);

src/main/java/io/vertx/core/http/impl/HttpClientImpl.java

@@ -91,7 +91,7 @@ public class HttpClientImpl implements HttpClient {
   public HttpClientImpl(VertxInternal vertx, HttpClientOptions options) {
     this.vertx = vertx;
     this.options = new HttpClientOptions(options);
-    this.sslHelper = new SSLHelper(options, KeyStoreHelper.create(vertx, options.getKeyStoreOptions()), KeyStoreHelper.create(vertx, options.getTrustStoreOptions()));
+    this.sslHelper = new SSLHelper(options, KeyStoreHelper.create(vertx, options.getKeyCertOptions()), KeyStoreHelper.create(vertx, options.getCaOptions()));
     this.creatingContext = vertx.getContext();
     closeHook = completionHandler -> {
       HttpClientImpl.this.close();

src/main/java/io/vertx/core/http/impl/HttpServerImpl.java

@@ -131,7 +131,7 @@ public HttpServerImpl(VertxInternal vertx, HttpServerOptions options) {
       }
       creatingContext.addCloseHook(this);
     }
-    this.sslHelper = new SSLHelper(options, KeyStoreHelper.create(vertx, options.getKeyStoreOptions()), KeyStoreHelper.create(vertx, options.getTrustStoreOptions()));
+    this.sslHelper = new SSLHelper(options, KeyStoreHelper.create(vertx, options.getKeyCertOptions()), KeyStoreHelper.create(vertx, options.getCaOptions()));
     this.subProtocols = options.getWebsocketSubProtocols();
     this.metrics = vertx.metricsSPI().createMetrics(this, options);
   }

src/main/java/io/vertx/core/net/CaOptions.java

@@ -13,142 +13,21 @@
  *
  * You may elect to redistribute this code under either of these licenses.
  */
-
 package io.vertx.core.net;
 
 import io.vertx.codegen.annotations.DataObject;
-import io.vertx.core.buffer.Buffer;
-import io.vertx.core.impl.Arguments;
-import io.vertx.core.json.JsonArray;
-import io.vertx.core.json.JsonObject;
-
-import java.util.ArrayList;
-import java.util.Base64;
-import java.util.List;
-import java.util.Objects;
 
 /**
- * Certificate Authority trust store options configuring certificates based on
- * <i>Privacy-enhanced Electronic Email</i> (PEM) files. The store is configured with a list of
- * validating certificates.
- * <p>
- * Validating certificates must contain X.509 certificates wrapped in a PEM block:<p>
- *
- * <pre>
- * -----BEGIN CERTIFICATE-----
- * MIIDezCCAmOgAwIBAgIEVmLkwTANBgkqhkiG9w0BAQsFADBuMRAwDgYDVQQGEwdV
- * ...
- * z5+DuODBJUQst141Jmgq8bS543IU/5apcKQeGNxEyQ==
- * -----END CERTIFICATE-----
- * </pre>
- *
- * The certificates can either be loaded by Vert.x from the filesystem:
- * <p>
- * <pre>
- * HttpServerOptions options = new HttpServerOptions();
- * options.setTrustStore(new CaOptions().addCertPath("/cert.pem"));
- * </pre>
- *
- * Or directly provided as a buffer:
- * <p>
- *
- * <pre>
- * Buffer cert = vertx.fileSystem().readFileSync("/cert.pem");
- * HttpServerOptions options = new HttpServerOptions();
- * options.setTrustStore(new CaOptions().addCertValue(cert));
- * </pre>
+ * Certification authority configuration options.
  *
  * @author <a href="mailto:julien@julienviet.com">Julien Viet</a>
- * @author <a href="http://tfox.org">Tim Fox</a>
  */
 @DataObject
-public class CaOptions implements TrustStoreOptions, Cloneable {
-
-  private ArrayList<String> certPaths;
-  private ArrayList<Buffer> certValues;
-
-  /**
-   * Default constructor
-   */
-  public CaOptions() {
-    super();
-    this.certPaths = new ArrayList<>();
-    this.certValues = new ArrayList<>();
-  }
-
-  /**
-   * Copy constructor
-   *
-   * @param other  the options to copy
-   */
-  public CaOptions(CaOptions other) {
-    super();
-    this.certPaths = new ArrayList<>(other.getCertPaths());
-    this.certValues = new ArrayList<>(other.getCertValues());
-  }
+public interface CaOptions {
 
   /**
-   * Create options from JSON
-   *
-   * @param json  the JSON
+   * @return a copy of these options
    */
-  public CaOptions(JsonObject json) {
-    super();
-    this.certPaths = new ArrayList<>();
-    this.certValues = new ArrayList<>();
-    for (Object certPath : json.getJsonArray("certPaths", new JsonArray())) {
-      certPaths.add((String) certPath);
-    }
-    for (Object certValue : json.getJsonArray("certValues", new JsonArray())) {
-      certValues.add(Buffer.buffer(Base64.getDecoder().decode((String) certValue)));
-    }
-  }
-
-  /**
-   * @return  the certificate paths used to locate certificates
-   */
-  public List<String> getCertPaths() {
-    return certPaths;
-  }
-
-  /**
-   * Add a certificate path
-   *
-   * @param certPath  the path to add
-   * @return a reference to this, so the API can be used fluently
-   * @throws NullPointerException
-   */
-  public CaOptions addCertPath(String certPath) throws NullPointerException {
-    Objects.requireNonNull(certPath, "No null certificate accepted");
-    Arguments.require(!certPath.isEmpty(), "No empty certificate path accepted");
-    certPaths.add(certPath);
-    return this;
-  }
-
-  /**
-   *
-   * @return the certificate values
-   */
-  public List<Buffer> getCertValues() {
-    return certValues;
-  }
-
-  /**
-   * Add a certificate value
-   *
-   * @param certValue  the value to add
-   * @return a reference to this, so the API can be used fluently
-   * @throws NullPointerException
-   */
-  public CaOptions addCertValue(Buffer certValue) throws NullPointerException {
-    Objects.requireNonNull(certValue, "No null certificate accepted");
-    certValues.add(certValue);
-    return this;
-  }
-
-  @Override
-  public CaOptions clone() {
-    return new CaOptions(this);
-  }
+  CaOptions clone();
 
 }

src/main/java/io/vertx/core/net/JKSOptions.java → src/main/java/io/vertx/core/net/JksOptions.java

@@ -19,7 +19,6 @@
 import io.vertx.codegen.annotations.DataObject;
 import io.vertx.core.buffer.Buffer;
 import io.vertx.core.json.JsonObject;
-import io.vertx.core.net.JKSOptions;
 
 /**
  * Key or trust store options configuring private key and/or certificates based on Java Keystore files.
@@ -46,7 +45,7 @@
  * @author <a href="http://tfox.org">Tim Fox</a>
  */
 @DataObject
-public class JKSOptions implements KeyStoreOptions, TrustStoreOptions, Cloneable {
+public class JksOptions implements KeyCertOptions, CaOptions, Cloneable {
 
   private String password;
   private String path;
@@ -55,7 +54,7 @@ public class JKSOptions implements KeyStoreOptions, TrustStoreOptions, Cloneable
   /**
    * Default constructor
    */
-  public JKSOptions() {
+  public JksOptions() {
     super();
   }
 
@@ -64,7 +63,7 @@ public JKSOptions() {
    *
    * @param other  the options to copy
    */
-  public JKSOptions(JKSOptions other) {
+  public JksOptions(JksOptions other) {
     super();
     this.password = other.getPassword();
     this.path = other.getPath();
@@ -76,7 +75,7 @@ public JKSOptions(JKSOptions other) {
    *
    * @param json  the JSON
    */
-  public JKSOptions(JsonObject json) {
+  public JksOptions(JsonObject json) {
     super();
     this.password = json.getString("password");
     this.path = json.getString("path");
@@ -97,7 +96,7 @@ public String getPassword() {
    * @param password  the password
    * @return a reference to this, so the API can be used fluently
    */
-  public JKSOptions setPassword(String password) {
+  public JksOptions setPassword(String password) {
     this.password = password;
     return this;
   }
@@ -117,7 +116,7 @@ public String getPath() {
    * @param path  the path
    * @return a reference to this, so the API can be used fluently
    */
-  public JKSOptions setPath(String path) {
+  public JksOptions setPath(String path) {
     this.path = path;
     return this;
   }
@@ -137,13 +136,13 @@ public Buffer getValue() {
    * @param value  the key store as a buffer
    * @return a reference to this, so the API can be used fluently
    */
-  public JKSOptions setValue(Buffer value) {
+  public JksOptions setValue(Buffer value) {
     this.value = value;
     return this;
   }
 
   @Override
-  public JKSOptions clone() {
-    return new JKSOptions(this);
+  public JksOptions clone() {
+    return new JksOptions(this);
   }
 }