ISslContextFactory (apache-cassandra API)

All Known Implementing Classes:

AbstractSslContextFactory, DefaultSslContextFactory, DisableSslContextFactory, FileBasedSslContextFactory, PEMBasedSslContextFactory
```
public interface ISslContextFactory
```
The purpose of this interface is to provide pluggable mechanism for creating custom JSSE and Netty SSLContext objects. Please use the Cassandra configuration key ssl_context_factory as part of client_encryption_options/server_encryption_options and provide a custom class-name implementing this interface with parameters to be used to plugin a your own way to load the SSLContext.
Implementation of this interface must have a constructor with argument of type Map<String,Object> to allow custom parameters, needed by the implementation, to be passed from the yaml configuration. Common SSL configurations like protocol, algorithm, cipher_suites, accepted_protocols, require_client_auth, require_endpoint_verification, enabled, optional will also be passed to that map by Cassanddra.
Since on top of Netty, Cassandra is internally using JSSE SSLContext also for certain use-cases- this interface has methods for both.
Below is an example of how to configure a custom implementation with parameters
```
 ssl_context_factory:
       class_name: org.apache.cassandra.security.YourSslContextFactoryImpl
       parameters:
         key1: "value1"
         key2: "value2"
         key3: "value3"
 
```

Nested Class Summary

Nested Classes
Modifier and Type	Interface and Description
`static class`	`ISslContextFactory.SocketType` Indicates if the process holds the inbound/listening (Server) end of the socket or the outbound side (Client).

Method Summary

All Methods Instance Methods Abstract Methods Default Methods
Modifier and Type	Method and Description
`javax.net.ssl.SSLContext`	`createJSSESslContext(boolean verifyPeerCertificate)` Creates JSSE SSLContext.
`io.netty.handler.ssl.SslContext`	`createNettySslContext(boolean verifyPeerCertificate, ISslContextFactory.SocketType socketType, io.netty.handler.ssl.CipherSuiteFilter cipherFilter)` Creates Netty's SslContext object.
`java.util.List<java.lang.String>`	`getAcceptedProtocols()` Returns the prepared list of accepted protocols.
`java.util.List<java.lang.String>`	`getCipherSuites()` Returns the list of cipher suites supported by the implementation.
`default boolean`	`hasKeystore()` Returns if this factory uses private keystore.
`void`	`initHotReloading()` Initializes hot reloading of the security keys/certs.
`boolean`	`shouldReload()` Returns if any changes require the reloading of the SSL context returned by this factory.

- Method Detail
  - createJSSESslContext
```
javax.net.ssl.SSLContext createJSSESslContext(boolean verifyPeerCertificate)
                                       throws javax.net.ssl.SSLException
```
    Creates JSSE SSLContext.
    
    Parameters:
    
    verifyPeerCertificate - true if SSL peer's certificate needs to be verified; false otherwise
    
    Returns:
    
    JSSE's SSLContext
    
    Throws:
    
    javax.net.ssl.SSLException - in case the Ssl Context creation fails for some reason
  - createNettySslContext
```
io.netty.handler.ssl.SslContext createNettySslContext(boolean verifyPeerCertificate,
                                                      ISslContextFactory.SocketType socketType,
                                                      io.netty.handler.ssl.CipherSuiteFilter cipherFilter)
                                               throws javax.net.ssl.SSLException
```
    Creates Netty's SslContext object.
    
    Parameters:
    
    verifyPeerCertificate - true if SSL peer's certificate needs to be verified; false otherwise
    
    socketType - ISslContextFactory.SocketType for Netty's Inbound or Outbound channels
    
    cipherFilter - to allow Netty's cipher suite filtering, e.g. SslContextBuilder.ciphers(Iterable, CipherSuiteFilter)
    
    Returns:
    
    Netty's SslContext
    
    Throws:
    
    javax.net.ssl.SSLException - in case the Ssl Context creation fails for some reason
  - initHotReloading
```
void initHotReloading()
               throws javax.net.ssl.SSLException
```
    Initializes hot reloading of the security keys/certs. The implementation must guarantee this to be thread safe.
    
    Throws:
    
    javax.net.ssl.SSLException
  - shouldReload
```
boolean shouldReload()
```
    Returns if any changes require the reloading of the SSL context returned by this factory. This will be called by Cassandra's periodic polling for any potential changes that will reload the SSL context. However only newer connections established after the reload will use the reloaded SSL context.
    
    Returns:
    
    true if SSL Context needs to be reload; false otherwise
  - hasKeystore
```
default boolean hasKeystore()
```
    Returns if this factory uses private keystore.
    
    Returns:
    
    true by default unless the implementation overrides this
  - getAcceptedProtocols
```
java.util.List<java.lang.String> getAcceptedProtocols()
```
    Returns the prepared list of accepted protocols.
    
    Returns:
    
    array of protocol names suitable for passing to Netty's SslContextBuilder.protocols, or null if the default
  - getCipherSuites
```
java.util.List<java.lang.String> getCipherSuites()
```
    Returns the list of cipher suites supported by the implementation.
    
    Returns:
    
    List of supported cipher suites

Interface ISslContextFactory

Nested Class Summary

Method Summary

Method Detail

createJSSESslContext

createNettySslContext

initHotReloading

shouldReload

hasKeystore

getAcceptedProtocols

getCipherSuites