Package org.apache.cassandra.config
Class EncryptionOptions
- java.lang.Object
-
- org.apache.cassandra.config.EncryptionOptions
-
- Direct Known Subclasses:
EncryptionOptions.ServerEncryptionOptions
public class EncryptionOptions extends java.lang.ObjectThis holds various options used for enabling SSL/TLS encryption. Examples of such options are: supported cipher-suites, ssl protocol with version, accepted protocols, end-point verification, require client-auth/cert etc.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classEncryptionOptions.ConfigKeystatic classEncryptionOptions.ServerEncryptionOptionsstatic classEncryptionOptions.TlsEncryptionPolicy
-
Field Summary
Fields Modifier and Type Field Description protected java.util.List<java.lang.String>accepted_protocolsjava.lang.Stringalgorithmjava.util.List<java.lang.String>cipher_suitesprotected java.lang.Booleanenabledprotected java.lang.BooleanisEnabledprotected java.lang.BooleanisOptionaljava.lang.Stringkeystorejava.lang.Stringkeystore_passwordprotected java.lang.Booleanoptionalprotected java.lang.Stringprotocolbooleanrequire_client_authbooleanrequire_endpoint_verificationParameterizedClassssl_context_factoryISslContextFactorysslContextFactoryInstancejava.lang.Stringstore_typejava.lang.Stringtruststorejava.lang.Stringtruststore_password
-
Constructor Summary
Constructors Constructor Description EncryptionOptions()EncryptionOptions(EncryptionOptions options)EncryptionOptions(ParameterizedClass ssl_context_factory, java.lang.String keystore, java.lang.String keystore_password, java.lang.String truststore, java.lang.String truststore_password, java.util.List<java.lang.String> cipher_suites, java.lang.String protocol, java.util.List<java.lang.String> accepted_protocols, java.lang.String algorithm, java.lang.String store_type, boolean require_client_auth, boolean require_endpoint_verification, java.lang.Boolean enabled, java.lang.Boolean optional)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.lang.String[]acceptedProtocolsArray()EncryptionOptionsapplyConfig()java.lang.String[]cipherSuitesArray()booleanequals(java.lang.Object o)The method is being mainly used to cache SslContexts therefore, we only consider fields that would make a difference when the TrustStore or KeyStore files are updatedjava.util.List<java.lang.String>getAcceptedProtocols()java.lang.BooleangetEnabled()Indicates if the channel should be encrypted.java.lang.BooleangetOptional()Indicates if the channel may be encrypted (but is not required to be).java.lang.StringgetProtocol()inthashCode()The method is being mainly used to cache SslContexts therefore, we only consider fields that would make a difference when the TrustStore or KeyStore files are updatedvoidsetAcceptedProtocols(java.util.List<java.lang.String> accepted_protocols)Sets accepted TLS protocols for this channel.voidsetEnabled(java.lang.Boolean enabled)Sets if encryption should be enabled for this channel.voidsetOptional(java.lang.Boolean optional)Sets if encryption should be optional for this channel.voidsetProtocol(java.lang.String protocol)Sets accepted TLS protocol for this channel.EncryptionOptions.TlsEncryptionPolicytlsEncryptionPolicy()EncryptionOptionswithAcceptedProtocols(java.util.List<java.lang.String> accepted_protocols)EncryptionOptionswithAlgorithm(java.lang.String algorithm)EncryptionOptionswithCipherSuites(java.lang.String... cipher_suites)EncryptionOptionswithCipherSuites(java.util.List<java.lang.String> cipher_suites)EncryptionOptionswithEnabled(boolean enabled)EncryptionOptionswithKeyStore(java.lang.String keystore)EncryptionOptionswithKeyStorePassword(java.lang.String keystore_password)EncryptionOptionswithOptional(java.lang.Boolean optional)EncryptionOptionswithProtocol(java.lang.String protocol)EncryptionOptionswithRequireClientAuth(boolean require_client_auth)EncryptionOptionswithRequireEndpointVerification(boolean require_endpoint_verification)EncryptionOptionswithSslContextFactory(ParameterizedClass sslContextFactoryClass)EncryptionOptionswithStoreType(java.lang.String store_type)EncryptionOptionswithTrustStore(java.lang.String truststore)EncryptionOptionswithTrustStorePassword(java.lang.String truststore_password)
-
-
-
Field Detail
-
ssl_context_factory
public final ParameterizedClass ssl_context_factory
-
keystore
public final java.lang.String keystore
-
keystore_password
@Nullable public final java.lang.String keystore_password
-
truststore
public final java.lang.String truststore
-
truststore_password
@Nullable public final java.lang.String truststore_password
-
cipher_suites
public final java.util.List<java.lang.String> cipher_suites
-
protocol
protected java.lang.String protocol
-
accepted_protocols
protected java.util.List<java.lang.String> accepted_protocols
-
algorithm
public final java.lang.String algorithm
-
store_type
public final java.lang.String store_type
-
require_client_auth
public final boolean require_client_auth
-
require_endpoint_verification
public final boolean require_endpoint_verification
-
enabled
protected java.lang.Boolean enabled
-
optional
protected java.lang.Boolean optional
-
isEnabled
protected java.lang.Boolean isEnabled
-
isOptional
protected java.lang.Boolean isOptional
-
sslContextFactoryInstance
public transient ISslContextFactory sslContextFactoryInstance
-
-
Constructor Detail
-
EncryptionOptions
public EncryptionOptions()
-
EncryptionOptions
public EncryptionOptions(ParameterizedClass ssl_context_factory, java.lang.String keystore, java.lang.String keystore_password, java.lang.String truststore, java.lang.String truststore_password, java.util.List<java.lang.String> cipher_suites, java.lang.String protocol, java.util.List<java.lang.String> accepted_protocols, java.lang.String algorithm, java.lang.String store_type, boolean require_client_auth, boolean require_endpoint_verification, java.lang.Boolean enabled, java.lang.Boolean optional)
-
EncryptionOptions
public EncryptionOptions(EncryptionOptions options)
-
-
Method Detail
-
applyConfig
public EncryptionOptions applyConfig()
-
getEnabled
public java.lang.Boolean getEnabled()
Indicates if the channel should be encrypted. Client and Server uses different logic to determine this- Returns:
- if the channel should be encrypted
-
setEnabled
public void setEnabled(java.lang.Boolean enabled)
Sets if encryption should be enabled for this channel. Note that this should only be called by the configuration parser or tests. It is public only for that purpose, mutating enabled state is probably a bad idea.- Parameters:
enabled- value to set
-
getOptional
public java.lang.Boolean getOptional()
Indicates if the channel may be encrypted (but is not required to be). Explicitly providing a value in the configuration take precedent. If no optional value is set and !isEnabled(), then optional connections are allowed if a keystore exists. Without it, it would be impossible to establish the connections. Return type is Boolean even though it can never be null so that snakeyaml can find it- Returns:
- if the channel may be encrypted
-
setOptional
public void setOptional(java.lang.Boolean optional)
Sets if encryption should be optional for this channel. Note that this should only be called by the configuration parser or tests. It is public only for that purpose, mutating enabled state is probably a bad idea.- Parameters:
optional- value to set
-
setProtocol
public void setProtocol(java.lang.String protocol)
Sets accepted TLS protocol for this channel. Note that this should only be called by the configuration parser or tests. It is public only for that purpose, mutating protocol state is probably a bad idea.- Parameters:
protocol- value to set
-
getProtocol
public java.lang.String getProtocol()
-
setAcceptedProtocols
public void setAcceptedProtocols(java.util.List<java.lang.String> accepted_protocols)
Sets accepted TLS protocols for this channel. Note that this should only be called by the configuration parser or tests. It is public only for that purpose, mutating protocol state is probably a bad idea. The function casing is required for snakeyaml to find this setter for the protected field.- Parameters:
accepted_protocols- value to set
-
getAcceptedProtocols
public java.util.List<java.lang.String> getAcceptedProtocols()
-
acceptedProtocolsArray
public java.lang.String[] acceptedProtocolsArray()
-
cipherSuitesArray
public java.lang.String[] cipherSuitesArray()
-
tlsEncryptionPolicy
public EncryptionOptions.TlsEncryptionPolicy tlsEncryptionPolicy()
-
withSslContextFactory
public EncryptionOptions withSslContextFactory(ParameterizedClass sslContextFactoryClass)
-
withKeyStore
public EncryptionOptions withKeyStore(java.lang.String keystore)
-
withKeyStorePassword
public EncryptionOptions withKeyStorePassword(java.lang.String keystore_password)
-
withTrustStore
public EncryptionOptions withTrustStore(java.lang.String truststore)
-
withTrustStorePassword
public EncryptionOptions withTrustStorePassword(java.lang.String truststore_password)
-
withCipherSuites
public EncryptionOptions withCipherSuites(java.util.List<java.lang.String> cipher_suites)
-
withCipherSuites
public EncryptionOptions withCipherSuites(java.lang.String... cipher_suites)
-
withProtocol
public EncryptionOptions withProtocol(java.lang.String protocol)
-
withAcceptedProtocols
public EncryptionOptions withAcceptedProtocols(java.util.List<java.lang.String> accepted_protocols)
-
withAlgorithm
public EncryptionOptions withAlgorithm(java.lang.String algorithm)
-
withStoreType
public EncryptionOptions withStoreType(java.lang.String store_type)
-
withRequireClientAuth
public EncryptionOptions withRequireClientAuth(boolean require_client_auth)
-
withRequireEndpointVerification
public EncryptionOptions withRequireEndpointVerification(boolean require_endpoint_verification)
-
withEnabled
public EncryptionOptions withEnabled(boolean enabled)
-
withOptional
public EncryptionOptions withOptional(java.lang.Boolean optional)
-
equals
public boolean equals(java.lang.Object o)
The method is being mainly used to cache SslContexts therefore, we only consider fields that would make a difference when the TrustStore or KeyStore files are updated- Overrides:
equalsin classjava.lang.Object
-
hashCode
public int hashCode()
The method is being mainly used to cache SslContexts therefore, we only consider fields that would make a difference when the TrustStore or KeyStore files are updated- Overrides:
hashCodein classjava.lang.Object
-
-