Package org.apache.ignite.ssl
Class SslContextFactory
- java.lang.Object
-
- org.apache.ignite.ssl.AbstractSslContextFactory
-
- org.apache.ignite.ssl.SslContextFactory
-
- All Implemented Interfaces:
Serializable
,javax.cache.configuration.Factory<SSLContext>
public class SslContextFactory extends AbstractSslContextFactory
SSL context factory that provides SSL context configuration with specified key and trust stores. This factory caches the result of the first successful attempt to create anSSLContext
and always returns it as a result of further invocations of theAbstractSslContextFactory.create()
} method.In some cases it is useful to disable certificate validation of client side (e.g. when connecting to a server with self-signed certificate). This can be achieved by setting a disabled trust manager to this factory, which can be obtained by
getDisabledTrustManager()
method:SslContextFactory factory = new SslContextFactory(); factory.setTrustManagers(SslContextFactory.getDisabledTrustManager()); // Rest of initialization.
- See Also:
- Serialized Form
-
-
Field Summary
Fields Modifier and Type Field Description static String
DFLT_KEY_ALGORITHM
Default key manager / trust manager algorithm.static String
DFLT_SSL_PROTOCOL
Default SSL protocol.static String
DFLT_STORE_TYPE
Default key / trust store type.protected String
keyAlgorithm
Key manager algorithm.protected String
keyStoreFilePath
Path to key store fileprotected char[]
keyStorePwd
Key store passwordprotected String
keyStoreType
Key store type.protected TrustManager[]
trustMgrs
Trust managers.protected String
trustStoreFilePath
Path to trust store.protected char[]
trustStorePwd
Trust store passwordprotected String
trustStoreType
Trust store type.-
Fields inherited from class org.apache.ignite.ssl.AbstractSslContextFactory
cipherSuites, proto, protocols, sslCtx
-
-
Constructor Summary
Constructors Constructor Description SslContextFactory()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
checkParameters()
Checks that all required parameters are set.protected KeyManager[]
createKeyManagers()
protected TrustManager[]
createTrustManagers()
static TrustManager
getDisabledTrustManager()
Returns an instance of trust manager that will always succeed regardless of certificate provided.String
getKeyAlgorithm()
Gets algorithm that will be used to create a key manager.String
getKeyStoreFilePath()
Gets path to the key store file.char[]
getKeyStorePassword()
Gets key store password.String
getKeyStoreType()
Gets key store type used for context creation.TrustManager[]
getTrustManagers()
Gets pre-configured trust managers.String
getTrustStoreFilePath()
Gets path to the trust store file.char[]
getTrustStorePassword()
Gets trust store password.String
getTrustStoreType()
Gets trust store type used for context creation.protected KeyStore
loadKeyStore(String keyStoreType, String storeFilePath, char[] keyStorePwd)
Loads key store with configured parameters.protected InputStream
openFileInputStream(String filePath)
By default, this method simply opens a raw file input stream.void
setKeyAlgorithm(String keyAlgorithm)
Sets key manager algorithm that will be used to create a key manager.void
setKeyStoreFilePath(String keyStoreFilePath)
Sets path to the key store file.void
setKeyStorePassword(char[] keyStorePwd)
Sets key store password.void
setKeyStoreType(String keyStoreType)
Sets key store type used in context initialization.void
setTrustManagers(TrustManager... trustMgrs)
Sets pre-configured trust managers.void
setTrustStoreFilePath(String trustStoreFilePath)
Sets path to the trust store file.void
setTrustStorePassword(char[] trustStorePwd)
Sets trust store password.void
setTrustStoreType(String trustStoreType)
Sets trust store type used in context initialization.String
toString()
-
Methods inherited from class org.apache.ignite.ssl.AbstractSslContextFactory
checkNullParameter, create, getCipherSuites, getProtocol, getProtocols, setCipherSuites, setProtocol, setProtocols
-
-
-
-
Field Detail
-
DFLT_STORE_TYPE
public static final String DFLT_STORE_TYPE
Default key / trust store type.
-
DFLT_SSL_PROTOCOL
public static final String DFLT_SSL_PROTOCOL
Default SSL protocol.- See Also:
- Constant Field Values
-
DFLT_KEY_ALGORITHM
public static final String DFLT_KEY_ALGORITHM
Default key manager / trust manager algorithm. Specifying different trust manager algorithm is not supported.
-
keyAlgorithm
protected String keyAlgorithm
Key manager algorithm.
-
keyStoreType
protected String keyStoreType
Key store type.
-
keyStoreFilePath
protected String keyStoreFilePath
Path to key store file
-
keyStorePwd
protected char[] keyStorePwd
Key store password
-
trustStoreType
protected String trustStoreType
Trust store type.
-
trustStoreFilePath
protected String trustStoreFilePath
Path to trust store.
-
trustStorePwd
protected char[] trustStorePwd
Trust store password
-
trustMgrs
protected TrustManager[] trustMgrs
Trust managers.
-
-
Method Detail
-
getKeyStoreType
public String getKeyStoreType()
Gets key store type used for context creation.- Returns:
- Key store type.
-
setKeyStoreType
public void setKeyStoreType(String keyStoreType)
Sets key store type used in context initialization. If not provided,DFLT_STORE_TYPE
will be used.- Parameters:
keyStoreType
- Key store type.
-
getTrustStoreType
public String getTrustStoreType()
Gets trust store type used for context creation.- Returns:
- trust store type.
-
setTrustStoreType
public void setTrustStoreType(String trustStoreType)
Sets trust store type used in context initialization. If not provided,DFLT_STORE_TYPE
will be used.- Parameters:
trustStoreType
- Trust store type.
-
getKeyAlgorithm
public String getKeyAlgorithm()
Gets algorithm that will be used to create a key manager. If not specified,DFLT_KEY_ALGORITHM
will be used.- Returns:
- Key manager algorithm.
-
setKeyAlgorithm
public void setKeyAlgorithm(String keyAlgorithm)
Sets key manager algorithm that will be used to create a key manager.- Parameters:
keyAlgorithm
- Key algorithm name.
-
getKeyStoreFilePath
public String getKeyStoreFilePath()
Gets path to the key store file.- Returns:
- Path to key store file.
-
setKeyStoreFilePath
public void setKeyStoreFilePath(String keyStoreFilePath)
Sets path to the key store file. This is a mandatory parameter since ssl context could not be initialized without key manager.- Parameters:
keyStoreFilePath
- Path to key store file.
-
getKeyStorePassword
public char[] getKeyStorePassword()
Gets key store password.- Returns:
- Key store password.
-
setKeyStorePassword
public void setKeyStorePassword(char[] keyStorePwd)
Sets key store password.- Parameters:
keyStorePwd
- Key store password.
-
getTrustStoreFilePath
public String getTrustStoreFilePath()
Gets path to the trust store file.- Returns:
- Path to the trust store file.
-
setTrustStoreFilePath
public void setTrustStoreFilePath(String trustStoreFilePath)
Sets path to the trust store file. This is an optional parameter, however one of thesetTrustStoreFilePath(String)
,setTrustManagers(TrustManager[])
properties must be set.- Parameters:
trustStoreFilePath
- Path to the trust store file.
-
getTrustStorePassword
public char[] getTrustStorePassword()
Gets trust store password.- Returns:
- Trust store password.
-
setTrustStorePassword
public void setTrustStorePassword(char[] trustStorePwd)
Sets trust store password.- Parameters:
trustStorePwd
- Trust store password.
-
getTrustManagers
public TrustManager[] getTrustManagers()
Gets pre-configured trust managers.- Returns:
- Trust managers.
-
setTrustManagers
public void setTrustManagers(TrustManager... trustMgrs)
Sets pre-configured trust managers. This is an optional parameter, however one of thesetTrustStoreFilePath(String)
,#setTrustManagers(TrustManager[])
- Parameters:
trustMgrs
- Pre-configured trust managers.
-
getDisabledTrustManager
public static TrustManager getDisabledTrustManager()
Returns an instance of trust manager that will always succeed regardless of certificate provided.- Returns:
- Trust manager instance.
-
createKeyManagers
protected final KeyManager[] createKeyManagers() throws SSLException
- Specified by:
createKeyManagers
in classAbstractSslContextFactory
- Returns:
- Created Key Managers.
- Throws:
SSLException
- If Key Managers could not be created.
-
createTrustManagers
protected final TrustManager[] createTrustManagers() throws SSLException
- Specified by:
createTrustManagers
in classAbstractSslContextFactory
- Returns:
- Created Trust Managers.
- Throws:
SSLException
- If Trust Managers could not be created.
-
checkParameters
protected void checkParameters() throws SSLException
Checks that all required parameters are set.- Specified by:
checkParameters
in classAbstractSslContextFactory
- Throws:
SSLException
- If any of required parameters is missing.
-
openFileInputStream
protected InputStream openFileInputStream(String filePath) throws IOException
By default, this method simply opens a raw file input stream. Subclasses may override this method if some specific location should be handled (this may be a case for Android users).- Parameters:
filePath
- Path to the file.- Returns:
- Opened input stream.
- Throws:
IOException
- If stream could not be opened.
-
loadKeyStore
protected KeyStore loadKeyStore(String keyStoreType, String storeFilePath, char[] keyStorePwd) throws SSLException
Loads key store with configured parameters.- Parameters:
keyStoreType
- Type of key store.storeFilePath
- Path to key store file.keyStorePwd
- Store password.- Returns:
- Initialized key store.
- Throws:
SSLException
- If key store could not be initialized.
-
-