Package org.apache.cassandra.security
Class AbstractSslContextFactory
- java.lang.Object
-
- org.apache.cassandra.security.AbstractSslContextFactory
-
- All Implemented Interfaces:
ISslContextFactory
- Direct Known Subclasses:
DisableSslContextFactory,FileBasedSslContextFactory
public abstract class AbstractSslContextFactory extends java.lang.Object implements ISslContextFactory
Abstract class implementingISslContextFacotryto provide most of the functionality that any implementation might need. This does not assume any file-based credentials for keys/certs hence provide a good base for any implementation that only need to customize the loading of keys/certs in a custom way.CAUTION:While this is extremely useful abstraction, please be careful if you need to modify this class given possible custom implementations out there!- See Also:
DefaultSslContextFactory
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.apache.cassandra.security.ISslContextFactory
ISslContextFactory.SocketType
-
-
Field Summary
Fields Modifier and Type Field Description protected java.util.List<java.lang.String>accepted_protocolsprotected java.lang.Stringalgorithmprotected java.util.List<java.lang.String>cipher_suitesprotected java.lang.Booleanenabledprotected booleanopenSslIsAvailableprotected java.lang.Booleanoptionalprotected java.util.Map<java.lang.String,java.lang.Object>parametersprotected java.lang.Stringprotocolprotected booleanrequire_client_authprotected booleanrequire_endpoint_verificationprotected java.lang.Stringstore_typeprotected static java.util.List<java.lang.String>TLS_PROTOCOL_SUBSTITUTION
-
Constructor Summary
Constructors Modifier Constructor Description protectedAbstractSslContextFactory()protectedAbstractSslContextFactory(java.util.Map<java.lang.String,java.lang.Object> parameters)
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description protected abstract javax.net.ssl.KeyManagerFactorybuildKeyManagerFactory()protected abstract javax.net.ssl.TrustManagerFactorybuildTrustManagerFactory()javax.net.ssl.SSLContextcreateJSSESslContext(boolean verifyPeerCertificate)Creates JSSE SSLContext.io.netty.handler.ssl.SslContextcreateNettySslContext(boolean verifyPeerCertificate, ISslContextFactory.SocketType socketType, io.netty.handler.ssl.CipherSuiteFilter cipherFilter)Creates Netty's SslContext object.protected voidderiveIfOpenSslAvailable()Dervies ifOpenSSLis available.java.util.List<java.lang.String>getAcceptedProtocols()Combine the pre-4.0 protocol field with the accepted_protocols list, substituting a list of explicit protocols for the previous catchall default of "TLS"protected java.lang.BooleangetBoolean(java.lang.String key)protected java.lang.BooleangetBoolean(java.lang.String key, boolean defaultValue)java.util.List<java.lang.String>getCipherSuites()Returns the list of cipher suites supported by the implementation.protected io.netty.handler.ssl.SslProvidergetSslProvider()ReturnsSslProviderto be used to build Netty's SslContext.protected java.lang.StringgetString(java.lang.String key)protected java.lang.StringgetString(java.lang.String key, java.lang.String defaultValue)protected java.util.List<java.lang.String>getStringList(java.lang.String key)-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.apache.cassandra.security.ISslContextFactory
hasKeystore, initHotReloading, shouldReload
-
-
-
-
Field Detail
-
TLS_PROTOCOL_SUBSTITUTION
protected static final java.util.List<java.lang.String> TLS_PROTOCOL_SUBSTITUTION
-
openSslIsAvailable
protected boolean openSslIsAvailable
-
parameters
protected final java.util.Map<java.lang.String,java.lang.Object> parameters
-
cipher_suites
protected final java.util.List<java.lang.String> cipher_suites
-
protocol
protected final java.lang.String protocol
-
accepted_protocols
protected final java.util.List<java.lang.String> accepted_protocols
-
algorithm
protected final java.lang.String algorithm
-
store_type
protected final java.lang.String store_type
-
require_client_auth
protected final boolean require_client_auth
-
require_endpoint_verification
protected final boolean require_endpoint_verification
-
enabled
protected java.lang.Boolean enabled
-
optional
protected java.lang.Boolean optional
-
-
Method Detail
-
deriveIfOpenSslAvailable
protected void deriveIfOpenSslAvailable()
Dervies ifOpenSSLis available. It allows in-jvm dtests to disable tcnative openssl support by settingcassandra.disable_tcactive_opensslsystem property astrue. Otherwise, it creates a circular reference that prevents the instance class loader from being garbage collected.
-
getString
protected java.lang.String getString(java.lang.String key, java.lang.String defaultValue)
-
getString
protected java.lang.String getString(java.lang.String key)
-
getStringList
protected java.util.List<java.lang.String> getStringList(java.lang.String key)
-
getBoolean
protected java.lang.Boolean getBoolean(java.lang.String key, boolean defaultValue)
-
getBoolean
protected java.lang.Boolean getBoolean(java.lang.String key)
-
createJSSESslContext
public javax.net.ssl.SSLContext createJSSESslContext(boolean verifyPeerCertificate) throws javax.net.ssl.SSLExceptionDescription copied from interface:ISslContextFactoryCreates JSSE SSLContext.- Specified by:
createJSSESslContextin interfaceISslContextFactory- Parameters:
verifyPeerCertificate-trueif SSL peer's certificate needs to be verified;falseotherwise- Returns:
- JSSE's
SSLContext - Throws:
javax.net.ssl.SSLException- in case the Ssl Context creation fails for some reason
-
createNettySslContext
public io.netty.handler.ssl.SslContext createNettySslContext(boolean verifyPeerCertificate, ISslContextFactory.SocketType socketType, io.netty.handler.ssl.CipherSuiteFilter cipherFilter) throws javax.net.ssl.SSLExceptionDescription copied from interface:ISslContextFactoryCreates Netty's SslContext object.- Specified by:
createNettySslContextin interfaceISslContextFactory- Parameters:
verifyPeerCertificate-trueif SSL peer's certificate needs to be verified;falseotherwisesocketType-ISslContextFactory.SocketTypefor Netty's Inbound or Outbound channelscipherFilter- to allow Netty's cipher suite filtering, e.g.SslContextBuilder.ciphers(Iterable, CipherSuiteFilter)- Returns:
- Netty's
SslContext - Throws:
javax.net.ssl.SSLException- in case the Ssl Context creation fails for some reason
-
getAcceptedProtocols
public java.util.List<java.lang.String> getAcceptedProtocols()
Combine the pre-4.0 protocol field with the accepted_protocols list, substituting a list of explicit protocols for the previous catchall default of "TLS"- Specified by:
getAcceptedProtocolsin interfaceISslContextFactory- Returns:
- array of protocol names suitable for passing to SslContextBuilder.protocols, or null if the default
-
getCipherSuites
public java.util.List<java.lang.String> getCipherSuites()
Description copied from interface:ISslContextFactoryReturns the list of cipher suites supported by the implementation.- Specified by:
getCipherSuitesin interfaceISslContextFactory- Returns:
- List of supported cipher suites
-
getSslProvider
protected io.netty.handler.ssl.SslProvider getSslProvider()
ReturnsSslProviderto be used to build Netty's SslContext.- Returns:
- appropriate SslProvider
-
buildKeyManagerFactory
protected abstract javax.net.ssl.KeyManagerFactory buildKeyManagerFactory() throws javax.net.ssl.SSLException- Throws:
javax.net.ssl.SSLException
-
buildTrustManagerFactory
protected abstract javax.net.ssl.TrustManagerFactory buildTrustManagerFactory() throws javax.net.ssl.SSLException- Throws:
javax.net.ssl.SSLException
-
-