AbstractSslContextFactory (apache-cassandra API)

java.lang.Object
- org.apache.cassandra.security.AbstractSslContextFactory

All Implemented Interfaces:

ISslContextFactory

Direct Known Subclasses:

DisableSslContextFactory, FileBasedSslContextFactory
```
public abstract class AbstractSslContextFactory
extends java.lang.Object
implements ISslContextFactory
```
Abstract class implementing ISslContextFacotry to provide most of the functionality that any implementation might need. This does not assume any file-based credentials for keys/certs hence provide a good base for any implementation that only need to customize the loading of keys/certs in a custom way.
CAUTION: While this is extremely useful abstraction, please be careful if you need to modify this class given possible custom implementations out there!

See Also:

DefaultSslContextFactory

Nested Class Summary
- Nested classes/interfaces inherited from interface org.apache.cassandra.security.ISslContextFactory
  ISslContextFactory.SocketType

Field Summary

Fields
Modifier and Type	Field and Description
`protected java.util.List<java.lang.String>`	`accepted_protocols`
`protected java.lang.String`	`algorithm`
`protected java.util.List<java.lang.String>`	`cipher_suites`
`protected java.lang.Boolean`	`enabled`
`protected boolean`	`openSslIsAvailable`
`protected java.lang.Boolean`	`optional`
`protected java.util.Map<java.lang.String,java.lang.Object>`	`parameters`
`protected java.lang.String`	`protocol`
`protected boolean`	`require_client_auth`
`protected boolean`	`require_endpoint_verification`
`protected java.lang.String`	`store_type`
`protected static java.util.List<java.lang.String>`	`TLS_PROTOCOL_SUBSTITUTION`

Constructor Summary

Constructors
Modifier	Constructor and Description
`protected`	`AbstractSslContextFactory()`
`protected`	`AbstractSslContextFactory(java.util.Map<java.lang.String,java.lang.Object> parameters)`

Method Summary

All Methods Instance Methods Abstract Methods Concrete Methods
Modifier and Type	Method and Description
`protected abstract javax.net.ssl.KeyManagerFactory`	`buildKeyManagerFactory()`
`protected abstract javax.net.ssl.TrustManagerFactory`	`buildTrustManagerFactory()`
`javax.net.ssl.SSLContext`	`createJSSESslContext(boolean verifyPeerCertificate)` Creates JSSE SSLContext.
`io.netty.handler.ssl.SslContext`	`createNettySslContext(boolean verifyPeerCertificate, ISslContextFactory.SocketType socketType, io.netty.handler.ssl.CipherSuiteFilter cipherFilter)` Creates Netty's SslContext object.
`protected void`	`deriveIfOpenSslAvailable()` Dervies if `OpenSSL` is available.
`java.util.List<java.lang.String>`	`getAcceptedProtocols()` Combine the pre-4.0 protocol field with the accepted_protocols list, substituting a list of explicit protocols for the previous catchall default of "TLS"
`protected java.lang.Boolean`	`getBoolean(java.lang.String key)`
`protected java.lang.Boolean`	`getBoolean(java.lang.String key, boolean defaultValue)`
`java.util.List<java.lang.String>`	`getCipherSuites()` Returns the list of cipher suites supported by the implementation.
`protected io.netty.handler.ssl.SslProvider`	`getSslProvider()` Returns `SslProvider` to be used to build Netty's SslContext.
`protected java.lang.String`	`getString(java.lang.String key)`
`protected java.lang.String`	`getString(java.lang.String key, java.lang.String defaultValue)`
`protected java.util.List<java.lang.String>`	`getStringList(java.lang.String key)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.cassandra.security.ISslContextFactory
hasKeystore, initHotReloading, shouldReload

Field Detail

TLS_PROTOCOL_SUBSTITUTION

protected static final java.util.List<java.lang.String> TLS_PROTOCOL_SUBSTITUTION

openSslIsAvailable
```
protected boolean openSslIsAvailable
```

parameters

protected final java.util.Map<java.lang.String,java.lang.Object> parameters

cipher_suites

protected final java.util.List<java.lang.String> cipher_suites

protocol

protected final java.lang.String protocol

accepted_protocols

protected final java.util.List<java.lang.String> accepted_protocols

algorithm

protected final java.lang.String algorithm

store_type

protected final java.lang.String store_type

require_client_auth

protected final boolean require_client_auth

require_endpoint_verification

protected final boolean require_endpoint_verification

enabled
```
protected java.lang.Boolean enabled
```

optional
```
protected java.lang.Boolean optional
```

Constructor Detail

AbstractSslContextFactory
```
protected AbstractSslContextFactory()
```

AbstractSslContextFactory

protected AbstractSslContextFactory(java.util.Map<java.lang.String,java.lang.Object> parameters)

Method Detail
- deriveIfOpenSslAvailable
```
protected void deriveIfOpenSslAvailable()
```
  Dervies if OpenSSL is available. It allows in-jvm dtests to disable tcnative openssl support by setting cassandra.disable_tcactive_openssl system property as true. Otherwise, it creates a circular reference that prevents the instance class loader from being garbage collected.
- getString
```
protected java.lang.String getString(java.lang.String key,
                                     java.lang.String defaultValue)
```
- getString
```
protected java.lang.String getString(java.lang.String key)
```
- getStringList
```
protected java.util.List<java.lang.String> getStringList(java.lang.String key)
```
- getBoolean
```
protected java.lang.Boolean getBoolean(java.lang.String key,
                                       boolean defaultValue)
```
- getBoolean
```
protected java.lang.Boolean getBoolean(java.lang.String key)
```
- createJSSESslContext
```
public javax.net.ssl.SSLContext createJSSESslContext(boolean verifyPeerCertificate)
                                              throws javax.net.ssl.SSLException
```
  Description copied from interface: ISslContextFactory
  
  Creates JSSE SSLContext.
  
  Specified by:
  
  createJSSESslContext in interface ISslContextFactory
  
  Parameters:
  
  verifyPeerCertificate - true if SSL peer's certificate needs to be verified; false otherwise
  
  Returns:
  
  JSSE's SSLContext
  
  Throws:
  
  javax.net.ssl.SSLException - in case the Ssl Context creation fails for some reason
- createNettySslContext
```
public io.netty.handler.ssl.SslContext createNettySslContext(boolean verifyPeerCertificate,
                                                             ISslContextFactory.SocketType socketType,
                                                             io.netty.handler.ssl.CipherSuiteFilter cipherFilter)
                                                      throws javax.net.ssl.SSLException
```
  Description copied from interface: ISslContextFactory
  
  Creates Netty's SslContext object.
  
  Specified by:
  
  createNettySslContext in interface ISslContextFactory
  
  Parameters:
  
  verifyPeerCertificate - true if SSL peer's certificate needs to be verified; false otherwise
  
  socketType - ISslContextFactory.SocketType for Netty's Inbound or Outbound channels
  
  cipherFilter - to allow Netty's cipher suite filtering, e.g. SslContextBuilder.ciphers(Iterable, CipherSuiteFilter)
  
  Returns:
  
  Netty's SslContext
  
  Throws:
  
  javax.net.ssl.SSLException - in case the Ssl Context creation fails for some reason
- getAcceptedProtocols
```
public java.util.List<java.lang.String> getAcceptedProtocols()
```
  Combine the pre-4.0 protocol field with the accepted_protocols list, substituting a list of explicit protocols for the previous catchall default of "TLS"
  
  Specified by:
  
  getAcceptedProtocols in interface ISslContextFactory
  
  Returns:
  
  array of protocol names suitable for passing to SslContextBuilder.protocols, or null if the default
- getCipherSuites
```
public java.util.List<java.lang.String> getCipherSuites()
```
  Description copied from interface: ISslContextFactory
  
  Returns the list of cipher suites supported by the implementation.
  
  Specified by:
  
  getCipherSuites in interface ISslContextFactory
  
  Returns:
  
  List of supported cipher suites
- getSslProvider
```
protected io.netty.handler.ssl.SslProvider getSslProvider()
```
  Returns SslProvider to be used to build Netty's SslContext.
  
  Returns:
  
  appropriate SslProvider
- buildKeyManagerFactory
```
protected abstract javax.net.ssl.KeyManagerFactory buildKeyManagerFactory()
                                                                   throws javax.net.ssl.SSLException
```
  Throws:
  
  javax.net.ssl.SSLException
- buildTrustManagerFactory
```
protected abstract javax.net.ssl.TrustManagerFactory buildTrustManagerFactory()
                                                                       throws javax.net.ssl.SSLException
```
  Throws:
  
  javax.net.ssl.SSLException

Class AbstractSslContextFactory

Nested Class Summary

Nested classes/interfaces inherited from interface org.apache.cassandra.security.ISslContextFactory

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Methods inherited from interface org.apache.cassandra.security.ISslContextFactory

Field Detail

TLS_PROTOCOL_SUBSTITUTION

openSslIsAvailable

parameters

cipher_suites

protocol

accepted_protocols

algorithm

store_type

require_client_auth

require_endpoint_verification

enabled

optional

Constructor Detail

AbstractSslContextFactory

AbstractSslContextFactory

Method Detail

deriveIfOpenSslAvailable

getString

getString

getStringList

getBoolean

getBoolean

createJSSESslContext

createNettySslContext

getAcceptedProtocols

getCipherSuites

getSslProvider

buildKeyManagerFactory

buildTrustManagerFactory