Packages

final case class TlsServerConfig(certChainFile: ExistingFile, privateKeyFile: ExistingFile, trustCollectionFile: Option[ExistingFile] = None, secretsUrl: Option[String] = None, clientAuth: ServerAuthRequirementConfig = ServerAuthRequirementConfig.Optional, minimumServerProtocolVersion: Option[String] = Some( TlsServerConfig.defaultMinimumServerProtocol ), ciphers: Option[Seq[String]] = TlsServerConfig.defaultCiphers, enableCertRevocationChecking: Boolean = false) extends BaseTlsArguments with Product with Serializable

A wrapper for TLS related server parameters supporting mutual authentication.

Certificates and keys must be provided in the PEM format. It is recommended to create them with OpenSSL. Other formats (such as GPG) may also work, but have not been tested.

certChainFile

a file containing a certificate chain, containing the certificate chain from the server to the root CA. The certificate chain is used to authenticate the server. The order of certificates in the chain matters, i.e., it must start with the server certificate and end with the root certificate.

privateKeyFile

a file containing the server's private key. The key must not use a password.

trustCollectionFile

a file containing certificates of all nodes the server trusts. Used for client authentication. It depends on the enclosing configuration whether client authentication is mandatory, optional or unsupported. If client authentication is enabled and this parameter is absent, the certificates in the JVM trust store will be used instead.

secretsUrl

URL of a secrets service that provide parameters needed to decrypt the private key. Required when private key is encrypted (indicated by '.enc' filename suffix).

clientAuth

indicates whether server requires, requests, does does not request auth from clients. Normally the ledger api server requires client auth under TLS, but using this setting this requirement can be loosened. See https://github.com/digital-asset/daml/commit/edd73384c427d9afe63bae9d03baa2a26f7b7f54

minimumServerProtocolVersion

minimum supported TLS protocol. Set None (or null in config file) to default to JVM settings.

ciphers

supported ciphers. Set to None (or null in config file) to default to JVM settings.

enableCertRevocationChecking

whether to enable certificate revocation checking per https://tersesystems.com/blog/2014/03/22/fixing-certificate-revocation/ TODO(#4881): implement cert-revocation at the participant and domain admin endpoints Ledger api server reference PR: https://github.com/digital-asset/daml/pull/7965

Ordering
  1. Alphabetic
  2. By Inheritance
Inherited
  1. TlsServerConfig
  2. Serializable
  3. Product
  4. Equals
  5. BaseTlsArguments
  6. AnyRef
  7. Any
  1. Hide All
  2. Show All
Visibility
  1. Public
  2. Protected

Instance Constructors

  1. new TlsServerConfig(certChainFile: ExistingFile, privateKeyFile: ExistingFile, trustCollectionFile: Option[ExistingFile] = None, secretsUrl: Option[String] = None, clientAuth: ServerAuthRequirementConfig = ServerAuthRequirementConfig.Optional, minimumServerProtocolVersion: Option[String] = Some( TlsServerConfig.defaultMinimumServerProtocol ), ciphers: Option[Seq[String]] = TlsServerConfig.defaultCiphers, enableCertRevocationChecking: Boolean = false)

    certChainFile

    a file containing a certificate chain, containing the certificate chain from the server to the root CA. The certificate chain is used to authenticate the server. The order of certificates in the chain matters, i.e., it must start with the server certificate and end with the root certificate.

    privateKeyFile

    a file containing the server's private key. The key must not use a password.

    trustCollectionFile

    a file containing certificates of all nodes the server trusts. Used for client authentication. It depends on the enclosing configuration whether client authentication is mandatory, optional or unsupported. If client authentication is enabled and this parameter is absent, the certificates in the JVM trust store will be used instead.

    secretsUrl

    URL of a secrets service that provide parameters needed to decrypt the private key. Required when private key is encrypted (indicated by '.enc' filename suffix).

    clientAuth

    indicates whether server requires, requests, does does not request auth from clients. Normally the ledger api server requires client auth under TLS, but using this setting this requirement can be loosened. See https://github.com/digital-asset/daml/commit/edd73384c427d9afe63bae9d03baa2a26f7b7f54

    minimumServerProtocolVersion

    minimum supported TLS protocol. Set None (or null in config file) to default to JVM settings.

    ciphers

    supported ciphers. Set to None (or null in config file) to default to JVM settings.

    enableCertRevocationChecking

    whether to enable certificate revocation checking per https://tersesystems.com/blog/2014/03/22/fixing-certificate-revocation/ TODO(#4881): implement cert-revocation at the participant and domain admin endpoints Ledger api server reference PR: https://github.com/digital-asset/daml/pull/7965

Value Members

  1. final def !=(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  2. final def ##: Int
    Definition Classes
    AnyRef → Any
  3. final def ==(arg0: Any): Boolean
    Definition Classes
    AnyRef → Any
  4. final def asInstanceOf[T0]: T0
    Definition Classes
    Any
  5. val certChainFile: ExistingFile
    Definition Classes
    TlsServerConfigBaseTlsArguments
  6. val ciphers: Option[Seq[String]]
    Definition Classes
    TlsServerConfigBaseTlsArguments
  7. val clientAuth: ServerAuthRequirementConfig
  8. lazy val clientConfig: TlsClientConfig
  9. def clone(): AnyRef
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.CloneNotSupportedException]) @native() @IntrinsicCandidate()
  10. val enableCertRevocationChecking: Boolean
  11. final def eq(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  12. final def getClass(): Class[_ <: AnyRef]
    Definition Classes
    AnyRef → Any
    Annotations
    @native() @IntrinsicCandidate()
  13. final def isInstanceOf[T0]: Boolean
    Definition Classes
    Any
  14. val minimumServerProtocolVersion: Option[String]
    Definition Classes
    TlsServerConfigBaseTlsArguments
  15. final def ne(arg0: AnyRef): Boolean
    Definition Classes
    AnyRef
  16. final def notify(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @IntrinsicCandidate()
  17. final def notifyAll(): Unit
    Definition Classes
    AnyRef
    Annotations
    @native() @IntrinsicCandidate()
  18. val privateKeyFile: ExistingFile
    Definition Classes
    TlsServerConfigBaseTlsArguments
  19. def productElementNames: Iterator[String]
    Definition Classes
    Product
  20. def protocols: Option[Seq[String]]
    Definition Classes
    BaseTlsArguments
  21. val secretsUrl: Option[String]
  22. final def synchronized[T0](arg0: => T0): T0
    Definition Classes
    AnyRef
  23. val trustCollectionFile: Option[ExistingFile]
  24. final def wait(arg0: Long, arg1: Int): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])
  25. final def wait(arg0: Long): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException]) @native()
  26. final def wait(): Unit
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.InterruptedException])

Deprecated Value Members

  1. def finalize(): Unit
    Attributes
    protected[lang]
    Definition Classes
    AnyRef
    Annotations
    @throws(classOf[java.lang.Throwable]) @Deprecated @Deprecated
    Deprecated

Inherited from Serializable

Inherited from Product

Inherited from Equals

Inherited from BaseTlsArguments

Inherited from AnyRef

Inherited from Any

Ungrouped