Package org.apache.cassandra.config

Class EncryptionOptions

  • Direct Known Subclasses:
    EncryptionOptions.ServerEncryptionOptions
    public class EncryptionOptions
extends java.lang.Object
    This holds various options used for enabling SSL/TLS encryption. Examples of such options are: supported cipher-suites, ssl protocol with version, accepted protocols, end-point verification, require client-auth/cert etc.

    • Field Detail

      • keystore

        public final java.lang.String keystore

      • keystore_password

        @Nullable
public final java.lang.String keystore_password

      • truststore

        public final java.lang.String truststore

      • truststore_password

        @Nullable
public final java.lang.String truststore_password

      • cipher_suites

        public final java.util.List<java.lang.String> cipher_suites

      • protocol

        protected java.lang.String protocol

      • accepted_protocols

        protected java.util.List<java.lang.String> accepted_protocols

      • algorithm

        public final java.lang.String algorithm

      • store_type

        public final java.lang.String store_type

      • require_client_auth

        public final boolean require_client_auth

      • require_endpoint_verification

        public final boolean require_endpoint_verification

      • enabled

        protected java.lang.Boolean enabled

      • optional

        protected java.lang.Boolean optional

      • isEnabled

        protected java.lang.Boolean isEnabled

      • isOptional

        protected java.lang.Boolean isOptional

      • sslContextFactoryInstance

        public transient ISslContextFactory sslContextFactoryInstance

    • Constructor Detail

      • EncryptionOptions

        public EncryptionOptions()

      • EncryptionOptions

        public EncryptionOptions​(ParameterizedClass ssl_context_factory,
                         java.lang.String keystore,
                         java.lang.String keystore_password,
                         java.lang.String truststore,
                         java.lang.String truststore_password,
                         java.util.List<java.lang.String> cipher_suites,
                         java.lang.String protocol,
                         java.util.List<java.lang.String> accepted_protocols,
                         java.lang.String algorithm,
                         java.lang.String store_type,
                         boolean require_client_auth,
                         boolean require_endpoint_verification,
                         java.lang.Boolean enabled,
                         java.lang.Boolean optional)

    • Method Detail

      • fillSslContextParams

        protected void fillSslContextParams​(java.util.Map<java.lang.String,​java.lang.Object> sslContextFactoryParameters)

      • putSslContextFactoryParameter

        protected static void putSslContextFactoryParameter​(java.util.Map<java.lang.String,​java.lang.Object> existingParameters,
                                                    EncryptionOptions.ConfigKey configKey,
                                                    java.lang.Object value)

      • getEnabled

        public java.lang.Boolean getEnabled()
        Indicates if the channel should be encrypted. Client and Server uses different logic to determine this
        Returns:
        if the channel should be encrypted

      • setEnabled

        public void setEnabled​(java.lang.Boolean enabled)
        Sets if encryption should be enabled for this channel. Note that this should only be called by the configuration parser or tests. It is public only for that purpose, mutating enabled state is probably a bad idea.
        Parameters:
        enabled - value to set

      • getOptional

        public java.lang.Boolean getOptional()
        Indicates if the channel may be encrypted (but is not required to be). Explicitly providing a value in the configuration take precedent. If no optional value is set and !isEnabled(), then optional connections are allowed if a keystore exists. Without it, it would be impossible to establish the connections. Return type is Boolean even though it can never be null so that snakeyaml can find it
        Returns:
        if the channel may be encrypted

      • setOptional

        public void setOptional​(java.lang.Boolean optional)
        Sets if encryption should be optional for this channel. Note that this should only be called by the configuration parser or tests. It is public only for that purpose, mutating enabled state is probably a bad idea.
        Parameters:
        optional - value to set

      • setProtocol

        public void setProtocol​(java.lang.String protocol)
        Sets accepted TLS protocol for this channel. Note that this should only be called by the configuration parser or tests. It is public only for that purpose, mutating protocol state is probably a bad idea.
        Parameters:
        protocol - value to set

      • getProtocol

        public java.lang.String getProtocol()

      • setAcceptedProtocols

        public void setAcceptedProtocols​(java.util.List<java.lang.String> accepted_protocols)
        Sets accepted TLS protocols for this channel. Note that this should only be called by the configuration parser or tests. It is public only for that purpose, mutating protocol state is probably a bad idea. The function casing is required for snakeyaml to find this setter for the protected field.
        Parameters:
        accepted_protocols - value to set

      • getAcceptedProtocols

        public java.util.List<java.lang.String> getAcceptedProtocols()

      • acceptedProtocolsArray

        public java.lang.String[] acceptedProtocolsArray()

      • cipherSuitesArray

        public java.lang.String[] cipherSuitesArray()

      • withKeyStore

        public EncryptionOptions withKeyStore​(java.lang.String keystore)

      • withKeyStorePassword

        public EncryptionOptions withKeyStorePassword​(java.lang.String keystore_password)

      • withTrustStore

        public EncryptionOptions withTrustStore​(java.lang.String truststore)

      • withTrustStorePassword

        public EncryptionOptions withTrustStorePassword​(java.lang.String truststore_password)

      • withCipherSuites

        public EncryptionOptions withCipherSuites​(java.util.List<java.lang.String> cipher_suites)

      • withCipherSuites

        public EncryptionOptions withCipherSuites​(java.lang.String... cipher_suites)

      • withProtocol

        public EncryptionOptions withProtocol​(java.lang.String protocol)

      • withAcceptedProtocols

        public EncryptionOptions withAcceptedProtocols​(java.util.List<java.lang.String> accepted_protocols)

      • withAlgorithm

        public EncryptionOptions withAlgorithm​(java.lang.String algorithm)

      • withStoreType

        public EncryptionOptions withStoreType​(java.lang.String store_type)

      • withRequireClientAuth

        public EncryptionOptions withRequireClientAuth​(boolean require_client_auth)

      • withRequireEndpointVerification

        public EncryptionOptions withRequireEndpointVerification​(boolean require_endpoint_verification)

      • withOptional

        public EncryptionOptions withOptional​(java.lang.Boolean optional)

      • equals

        public boolean equals​(java.lang.Object o)
        The method is being mainly used to cache SslContexts therefore, we only consider fields that would make a difference when the TrustStore or KeyStore files are updated
        Overrides:
        equals in class java.lang.Object

      • hashCode

        public int hashCode()
        The method is being mainly used to cache SslContexts therefore, we only consider fields that would make a difference when the TrustStore or KeyStore files are updated
        Overrides:
        hashCode in class java.lang.Object