Package org.apache.ignite.ssl

Class SslContextFactory

  • All Implemented Interfaces:
    Serializable, javax.cache.configuration.Factory<SSLContext>
    public class SslContextFactory
extends AbstractSslContextFactory
    SSL context factory that provides SSL context configuration with specified key and trust stores. This factory caches the result of the first successful attempt to create an SSLContext and always returns it as a result of further invocations of the AbstractSslContextFactory.create()} method.

    In some cases it is useful to disable certificate validation of client side (e.g. when connecting to a server with self-signed certificate). This can be achieved by setting a disabled trust manager to this factory, which can be obtained by getDisabledTrustManager() method: 

         SslContextFactory factory = new SslContextFactory();
     factory.setTrustManagers(SslContextFactory.getDisabledTrustManager());
     // Rest of initialization.
    See Also:
    Serialized Form

    • Field Detail

      • DFLT_STORE_TYPE

        public static final String DFLT_STORE_TYPE
        Default key / trust store type.

      • DFLT_KEY_ALGORITHM

        public static final String DFLT_KEY_ALGORITHM
        Default key manager / trust manager algorithm. Specifying different trust manager algorithm is not supported.

      • keyAlgorithm

        protected String keyAlgorithm
        Key manager algorithm.

      • keyStoreType

        protected String keyStoreType
        Key store type.

      • keyStoreFilePath

        protected String keyStoreFilePath
        Path to key store file

      • keyStorePwd

        protected char[] keyStorePwd
        Key store password

      • trustStoreType

        protected String trustStoreType
        Trust store type.

      • trustStoreFilePath

        protected String trustStoreFilePath
        Path to trust store.

      • trustStorePwd

        protected char[] trustStorePwd
        Trust store password

      • trustMgrs

        protected TrustManager[] trustMgrs
        Trust managers.

    • Constructor Detail

      • SslContextFactory

        public SslContextFactory()

    • Method Detail

      • getKeyStoreType

        public String getKeyStoreType()
        Gets key store type used for context creation.
        Returns:
        Key store type.

      • setKeyStoreType

        public void setKeyStoreType​(String keyStoreType)
        Sets key store type used in context initialization. If not provided, DFLT_STORE_TYPE will be used.
        Parameters:
        keyStoreType - Key store type.

      • getTrustStoreType

        public String getTrustStoreType()
        Gets trust store type used for context creation.
        Returns:
        trust store type.

      • setTrustStoreType

        public void setTrustStoreType​(String trustStoreType)
        Sets trust store type used in context initialization. If not provided, DFLT_STORE_TYPE will be used.
        Parameters:
        trustStoreType - Trust store type.

      • getKeyAlgorithm

        public String getKeyAlgorithm()
        Gets algorithm that will be used to create a key manager. If not specified, DFLT_KEY_ALGORITHM will be used.
        Returns:
        Key manager algorithm.

      • setKeyAlgorithm

        public void setKeyAlgorithm​(String keyAlgorithm)
        Sets key manager algorithm that will be used to create a key manager.
        Parameters:
        keyAlgorithm - Key algorithm name.

      • getKeyStoreFilePath

        public String getKeyStoreFilePath()
        Gets path to the key store file.
        Returns:
        Path to key store file.

      • setKeyStoreFilePath

        public void setKeyStoreFilePath​(String keyStoreFilePath)
        Sets path to the key store file. This is a mandatory parameter since ssl context could not be initialized without key manager.
        Parameters:
        keyStoreFilePath - Path to key store file.

      • getKeyStorePassword

        public char[] getKeyStorePassword()
        Gets key store password.
        Returns:
        Key store password.

      • setKeyStorePassword

        public void setKeyStorePassword​(char[] keyStorePwd)
        Sets key store password.
        Parameters:
        keyStorePwd - Key store password.

      • getTrustStoreFilePath

        public String getTrustStoreFilePath()
        Gets path to the trust store file.
        Returns:
        Path to the trust store file.

      • setTrustStoreFilePath

        public void setTrustStoreFilePath​(String trustStoreFilePath)
        Sets path to the trust store file. This is an optional parameter, however one of the setTrustStoreFilePath(String), setTrustManagers(TrustManager[]) properties must be set.
        Parameters:
        trustStoreFilePath - Path to the trust store file.

      • getTrustStorePassword

        public char[] getTrustStorePassword()
        Gets trust store password.
        Returns:
        Trust store password.

      • setTrustStorePassword

        public void setTrustStorePassword​(char[] trustStorePwd)
        Sets trust store password.
        Parameters:
        trustStorePwd - Trust store password.

      • getTrustManagers

        public TrustManager[] getTrustManagers()
        Gets pre-configured trust managers.
        Returns:
        Trust managers.

      • setTrustManagers

        public void setTrustManagers​(TrustManager... trustMgrs)
        Sets pre-configured trust managers. This is an optional parameter, however one of the setTrustStoreFilePath(String), #setTrustManagers(TrustManager[])
        Parameters:
        trustMgrs - Pre-configured trust managers.

      • getDisabledTrustManager

        public static TrustManager getDisabledTrustManager()
        Returns an instance of trust manager that will always succeed regardless of certificate provided.
        Returns:
        Trust manager instance.

      • openFileInputStream

        protected InputStream openFileInputStream​(String filePath)
                                   throws IOException
        By default, this method simply opens a raw file input stream. Subclasses may override this method if some specific location should be handled (this may be a case for Android users).
        Parameters:
        filePath - Path to the file.
        Returns:
        Opened input stream.
        Throws:
        IOException - If stream could not be opened.

      • loadKeyStore

        protected KeyStore loadKeyStore​(String keyStoreType,
                                String storeFilePath,
                                char[] keyStorePwd)
                         throws SSLException
        Loads key store with configured parameters.
        Parameters:
        keyStoreType - Type of key store.
        storeFilePath - Path to key store file.
        keyStorePwd - Store password.
        Returns:
        Initialized key store.
        Throws:
        SSLException - If key store could not be initialized.