Ayza 🔐

Hey, hello there 👋 Welcome, I hope you will like this library. Feel free to drop a message in the 📖 Guestbook, I would love to hear your story and experience in using this library.

I have created this library with ❤️ and passion, mostly during evening and night hours. If you use my library and want to appreciate the work I have done, please consider to sponsor this project as a way to contribute back to the community. There are 3 options available to pick from: GitHub, Ko-fi and Open Collective

Install library with:

Install with Maven

<dependency>
    <groupId>io.github.hakky54</groupId>
    <artifactId>ayza</artifactId>
    <version>10.0.4</version>
</dependency>

Install with Gradle

implementation 'io.github.hakky54:ayza:10.0.4'

Install with Gradle Kotlin DSL

implementation("io.github.hakky54:ayza:10.0.4")

Install with Scala SBT

libraryDependencies += "io.github.hakky54" % "ayza" % "10.0.4"

Install with Apache Ivy

<dependency org="io.github.hakky54" name="ayza" rev="10.0.4"/>

Table of contents

1. Introduction
   • History
   • Advantages
   • Definitions
   • Compatibility
2. Usage
   • Example configuration
   • Other possible configurations
     • Loading keystore from the classpath
     • Loading keystore from the file system
     • Loading keystore from InputStream
     • Loading trust material with OCSP options
       • TrustStore from the classpath
       • TrustStore from the file system
       • TrustManager
       • Certificates
     • Enhanceable trust validations
     • Hide trusted certificate names of a server
     • Skip certificate validation
     • Skip hostname validation
     • Loading JDK and OS trusted certificates
     • Using specific protocols and ciphers with custom secure-random and hostname-verifier
     • Enhanceable hostname verifier
     • Using multiple identity materials and trust materials
     • Using custom KeyManager and TrustManager
     • Using dummy identity and trust material
     • Using KeyStore with multiple keys having different passwords
     • Using custom PrivateKey and Certificates
     • Reloading SSL at runtime
     • Hot swap KeyManager and TrustManager at runtime
     • Trust additional new certificates at runtime
     • Routing client identity to specific host
     • Updating client identity routes at runtime
     • Managing additional identities at runtime
     • Managing ssl session
     • Extracting server certificates
       • Single server
       • Bulk extraction from multiple servers
       • Extracting certificates behind proxy
       • Extracting certificates behind proxy with authentication
       • Extracting certificates as pem
     • Using P7B or PKCS#7 files
     • Using DER files
     • Using PFX or P12 or PKCS#12 Files
     • Using PEM Files
       • Loading pem files from the classpath
       • Loading pem files from the file system
       • Loading pem files from InputStream
       • Loading pem files from string content
       • Loading encrypted pem files
     • Migrating from classic configuration
     • Global SSL configuration
     • Logging certificate validation
     • Logging detailed KeyManager flow, input and output
     • Fluently mapping SSLFactory
   • Returnable values from the SSLFactory
3. Additional mappers for specific libraries
   • Netty
   • Jetty
   • Apache
     • Apache 4
     • Apache 5
4. Tested HTTP Clients
5. Tested HTTP Servers
6. Contributing
7. Contributors
8. License

Introduction

Ayza is a library which provides a High-Level SSLFactory class for configuring a http client or a server to communicate over SSL/TLS for one way authentication or two-way authentication. It is designed to be as lightweight as possible by having minimized the external dependencies. The core library only depends on the SLF4J logging API.

History

As a Java developer I worked for different kinds of clients. Most of the time the application required to call other microservices within the organization or some other http servers. These requests needed to be secured, and therefore it was required to load the ssl materials into the http client. Each http client may require different input value to enable https requests, and therefore I couldn't just copy-paste my earlier configuration into the new project. The resulting configuration was in my opinion always verbose, not reusable, hard to test and hard to maintain.

As a developer you also need to know how to properly load your file into your application and consume it as a KeyStore instance. Therefore, you also need to understand how to properly create for example a KeyManager and a TrustManager for you SSLContext. Ayza is taking the responsibility of creating an instance of SSLContext from the provided arguments, and it will provide you all the ssl materials which are required to configure 40+ different Http Client for Java, Scala and Kotlin. I wanted the library to be as easy as possible to use for all developers to give them a kickstart when configuring their Http Client. So feel free to provide feedback or feature requests.

The library has been renamed to