Package org.apache.cassandra.security

Class AbstractSslContextFactory

  • All Implemented Interfaces:
    ISslContextFactory
    Direct Known Subclasses:
    DisableSslContextFactory, FileBasedSslContextFactory
    public abstract class AbstractSslContextFactory
extends java.lang.Object
implements ISslContextFactory
    Abstract class implementing ISslContextFacotry to provide most of the functionality that any implementation might need. This does not assume any file-based credentials for keys/certs hence provide a good base for any implementation that only need to customize the loading of keys/certs in a custom way.

    CAUTION: While this is extremely useful abstraction, please be careful if you need to modify this class given possible custom implementations out there!

    See Also:
    DefaultSslContextFactory

    • Field Detail

      • TLS_PROTOCOL_SUBSTITUTION

        protected static final java.util.List<java.lang.String> TLS_PROTOCOL_SUBSTITUTION

      • openSslIsAvailable

        protected boolean openSslIsAvailable

      • parameters

        protected final java.util.Map<java.lang.String,​java.lang.Object> parameters

      • cipher_suites

        protected final java.util.List<java.lang.String> cipher_suites

      • protocol

        protected final java.lang.String protocol

      • accepted_protocols

        protected final java.util.List<java.lang.String> accepted_protocols

      • algorithm

        protected final java.lang.String algorithm

      • store_type

        protected final java.lang.String store_type

      • require_client_auth

        protected final boolean require_client_auth

      • require_endpoint_verification

        protected final boolean require_endpoint_verification

      • enabled

        protected java.lang.Boolean enabled

      • optional

        protected java.lang.Boolean optional

    • Constructor Detail

      • AbstractSslContextFactory

        protected AbstractSslContextFactory()

      • AbstractSslContextFactory

        protected AbstractSslContextFactory​(java.util.Map<java.lang.String,​java.lang.Object> parameters)

    • Method Detail

      • deriveIfOpenSslAvailable

        protected void deriveIfOpenSslAvailable()
        Dervies if OpenSSL is available. It allows in-jvm dtests to disable tcnative openssl support by setting CassandraRelevantProperties.DISABLE_TCACTIVE_OPENSSL system property as true. Otherwise, it creates a circular reference that prevents the instance class loader from being garbage collected.

      • getString

        protected java.lang.String getString​(java.lang.String key,
                                     java.lang.String defaultValue)

      • getString

        protected java.lang.String getString​(java.lang.String key)

      • getStringList

        protected java.util.List<java.lang.String> getStringList​(java.lang.String key)

      • getBoolean

        protected java.lang.Boolean getBoolean​(java.lang.String key,
                                       boolean defaultValue)

      • getBoolean

        protected java.lang.Boolean getBoolean​(java.lang.String key)

      • createJSSESslContext

        public javax.net.ssl.SSLContext createJSSESslContext​(boolean verifyPeerCertificate)
                                              throws javax.net.ssl.SSLException
        Description copied from interface: ISslContextFactory
        Creates JSSE SSLContext.
        Specified by:
        createJSSESslContext in interface ISslContextFactory
        Parameters:
        verifyPeerCertificate - true if SSL peer's certificate needs to be verified; false otherwise
        Returns:
        JSSE's SSLContext
        Throws:
        javax.net.ssl.SSLException - in case the Ssl Context creation fails for some reason

      • createNettySslContext

        public io.netty.handler.ssl.SslContext createNettySslContext​(boolean verifyPeerCertificate,
                                                             ISslContextFactory.SocketType socketType,
                                                             io.netty.handler.ssl.CipherSuiteFilter cipherFilter)
                                                      throws javax.net.ssl.SSLException
        Description copied from interface: ISslContextFactory
        Creates Netty's SslContext object.
        Specified by:
        createNettySslContext in interface ISslContextFactory
        Parameters:
        verifyPeerCertificate - true if SSL peer's certificate needs to be verified; false otherwise
        socketType - ISslContextFactory.SocketType for Netty's Inbound or Outbound channels
        cipherFilter - to allow Netty's cipher suite filtering, e.g. SslContextBuilder.ciphers(Iterable, CipherSuiteFilter)
        Returns:
        Netty's SslContext
        Throws:
        javax.net.ssl.SSLException - in case the Ssl Context creation fails for some reason

      • getAcceptedProtocols

        public java.util.List<java.lang.String> getAcceptedProtocols()
        Combine the pre-4.0 protocol field with the accepted_protocols list, substituting a list of explicit protocols for the previous catchall default of "TLS"
        Specified by:
        getAcceptedProtocols in interface ISslContextFactory
        Returns:
        array of protocol names suitable for passing to SslContextBuilder.protocols, or null if the default

      • getCipherSuites

        public java.util.List<java.lang.String> getCipherSuites()
        Description copied from interface: ISslContextFactory
        Returns the list of cipher suites supported by the implementation.
        Specified by:
        getCipherSuites in interface ISslContextFactory
        Returns:
        List of supported cipher suites

      • getSslProvider

        protected io.netty.handler.ssl.SslProvider getSslProvider()
        Returns SslProvider to be used to build Netty's SslContext.
        Returns:
        appropriate SslProvider

      • buildKeyManagerFactory

        protected abstract javax.net.ssl.KeyManagerFactory buildKeyManagerFactory()
                                                                   throws javax.net.ssl.SSLException
        Throws:
        javax.net.ssl.SSLException

      • buildTrustManagerFactory

        protected abstract javax.net.ssl.TrustManagerFactory buildTrustManagerFactory()
                                                                       throws javax.net.ssl.SSLException
        Throws:
        javax.net.ssl.SSLException

      • buildOutboundKeyManagerFactory

        protected abstract javax.net.ssl.KeyManagerFactory buildOutboundKeyManagerFactory()
                                                                           throws javax.net.ssl.SSLException
        Create a KeyManagerFactory for outbound connections. It provides a seperate keystore for internode mTLS outbound connections.
        Returns:
        KeyManagerFactory
        Throws:
        javax.net.ssl.SSLException