org.apache.ignite.ssl

Class SslContextFactory

java.lang.Object

org.apache.ignite.ssl.AbstractSslContextFactory

org.apache.ignite.ssl.SslContextFactory

All Implemented Interfaces:

Serializable, javax.cache.configuration.Factory<SSLContext>

public class SslContextFactory
extends AbstractSslContextFactory

SSL context factory that provides SSL context configuration with specified key and trust stores. This factory caches the result of the first successful attempt to create an SSLContext and always returns it as a result of further invocations of the AbstractSslContextFactory.create()} method.

In some cases it is useful to disable certificate validation of client side (e.g. when connecting to a server with self-signed certificate). This can be achieved by setting a disabled trust manager to this factory, which can be obtained by getDisabledTrustManager() method:

     SslContextFactory factory = new SslContextFactory();
     factory.setTrustManagers(SslContextFactory.getDisabledTrustManager());
     // Rest of initialization.
 

See Also:

Serialized Form

Field Summary

Fields

Modifier and Type	Field and Description
static String	DFLT_KEY_ALGORITHM Default key manager / trust manager algorithm.
static String	DFLT_SSL_PROTOCOL Default SSL protocol.
static String	DFLT_STORE_TYPE Default key / trust store type.
protected String	keyAlgorithm Key manager algorithm.
protected String	keyStoreFilePath Path to key store file
protected char[]	keyStorePwd Key store password
protected String	keyStoreType Key store type.
protected TrustManager[]	trustMgrs Trust managers.
protected String	trustStoreFilePath Path to trust store.
protected char[]	trustStorePwd Trust store password
protected String	trustStoreType Trust store type.

Fields inherited from class org.apache.ignite.ssl.AbstractSslContextFactory

cipherSuites, proto, protocols, sslCtx

Constructor Summary

Constructors

Constructor and Description
SslContextFactory()

Method Summary

Modifier and Type	Method and Description
protected void	checkParameters() Checks that all required parameters are set.
protected KeyManager[]	createKeyManagers()
protected TrustManager[]	createTrustManagers()
static TrustManager	getDisabledTrustManager() Returns an instance of trust manager that will always succeed regardless of certificate provided.
String	getKeyAlgorithm() Gets algorithm that will be used to create a key manager.
String	getKeyStoreFilePath() Gets path to the key store file.
char[]	getKeyStorePassword() Gets key store password.
String	getKeyStoreType() Gets key store type used for context creation.
TrustManager[]	getTrustManagers() Gets pre-configured trust managers.
String	getTrustStoreFilePath() Gets path to the trust store file.
char[]	getTrustStorePassword() Gets trust store password.
String	getTrustStoreType() Gets trust store type used for context creation.
protected KeyStore	loadKeyStore(String keyStoreType, String storeFilePath, char[] keyStorePwd) Loads key store with configured parameters.
protected InputStream	openFileInputStream(String filePath) By default, this method simply opens a raw file input stream.
void	setKeyAlgorithm(String keyAlgorithm) Sets key manager algorithm that will be used to create a key manager.
void	setKeyStoreFilePath(String keyStoreFilePath) Sets path to the key store file.
void	setKeyStorePassword(char[] keyStorePwd) Sets key store password.
void	setKeyStoreType(String keyStoreType) Sets key store type used in context initialization.
void	setTrustManagers(TrustManager... trustMgrs) Sets pre-configured trust managers.
void	setTrustStoreFilePath(String trustStoreFilePath) Sets path to the trust store file.
void	setTrustStorePassword(char[] trustStorePwd) Sets trust store password.
void	setTrustStoreType(String trustStoreType) Sets trust store type used in context initialization.
String	toString()

Methods inherited from class org.apache.ignite.ssl.AbstractSslContextFactory

checkNullParameter, create, getCipherSuites, getProtocol, getProtocols, setCipherSuites, setProtocol, setProtocols

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

DFLT_STORE_TYPE

public static final String DFLT_STORE_TYPE

Default key / trust store type.

DFLT_SSL_PROTOCOL

public static final String DFLT_SSL_PROTOCOL

Default SSL protocol.

See Also:

Constant Field Values

DFLT_KEY_ALGORITHM

public static final String DFLT_KEY_ALGORITHM

Default key manager / trust manager algorithm. Specifying different trust manager algorithm is not supported.

keyAlgorithm

protected String keyAlgorithm

Key manager algorithm.

keyStoreType

protected String keyStoreType

Key store type.

keyStoreFilePath

protected String keyStoreFilePath

Path to key store file

keyStorePwd

protected char[] keyStorePwd

Key store password

trustStoreType

protected String trustStoreType

Trust store type.

trustStoreFilePath

protected String trustStoreFilePath

Path to trust store.

trustStorePwd

protected char[] trustStorePwd

Trust store password

trustMgrs

protected TrustManager[] trustMgrs

Trust managers.

Constructor Detail

SslContextFactory

public SslContextFactory()

Method Detail

getKeyStoreType

public String getKeyStoreType()

Gets key store type used for context creation.

Returns:

Key store type.

setKeyStoreType

public void setKeyStoreType(String keyStoreType)

Sets key store type used in context initialization. If not provided, DFLT_STORE_TYPE will be used.

Parameters:

keyStoreType - Key store type.

getTrustStoreType

public String getTrustStoreType()

Gets trust store type used for context creation.

Returns:

trust store type.

setTrustStoreType

public void setTrustStoreType(String trustStoreType)

Sets trust store type used in context initialization. If not provided, DFLT_STORE_TYPE will be used.

Parameters:

trustStoreType - Trust store type.

getKeyAlgorithm

public String getKeyAlgorithm()

Gets algorithm that will be used to create a key manager. If not specified, DFLT_KEY_ALGORITHM will be used.

Returns:

Key manager algorithm.

setKeyAlgorithm

public void setKeyAlgorithm(String keyAlgorithm)

Sets key manager algorithm that will be used to create a key manager.

Parameters:

keyAlgorithm - Key algorithm name.

getKeyStoreFilePath

public String getKeyStoreFilePath()

Gets path to the key store file.

Returns:

Path to key store file.

setKeyStoreFilePath

public void setKeyStoreFilePath(String keyStoreFilePath)

Sets path to the key store file. This is a mandatory parameter since ssl context could not be initialized without key manager.

Parameters:

keyStoreFilePath - Path to key store file.

getKeyStorePassword

public char[] getKeyStorePassword()

Gets key store password.

Returns:

Key store password.

setKeyStorePassword

public void setKeyStorePassword(char[] keyStorePwd)

Sets key store password.

Parameters:

keyStorePwd - Key store password.

getTrustStoreFilePath

public String getTrustStoreFilePath()

Gets path to the trust store file.

Returns:

Path to the trust store file.

setTrustStoreFilePath

public void setTrustStoreFilePath(String trustStoreFilePath)

Sets path to the trust store file. This is an optional parameter, however one of the setTrustStoreFilePath(String), setTrustManagers(TrustManager[]) properties must be set.

Parameters:

trustStoreFilePath - Path to the trust store file.

getTrustStorePassword

public char[] getTrustStorePassword()

Gets trust store password.

Returns:

Trust store password.

setTrustStorePassword

public void setTrustStorePassword(char[] trustStorePwd)

Sets trust store password.

Parameters:

trustStorePwd - Trust store password.

getTrustManagers

public TrustManager[] getTrustManagers()

Gets pre-configured trust managers.

Returns:

Trust managers.

setTrustManagers

public void setTrustManagers(TrustManager... trustMgrs)

Sets pre-configured trust managers. This is an optional parameter, however one of the setTrustStoreFilePath(String), #setTrustManagers(TrustManager[])

Parameters:

trustMgrs - Pre-configured trust managers.

getDisabledTrustManager

public static TrustManager getDisabledTrustManager()

Returns an instance of trust manager that will always succeed regardless of certificate provided.

Returns:

Trust manager instance.

createKeyManagers

protected final KeyManager[] createKeyManagers()
                                        throws SSLException

Specified by:

createKeyManagers in class AbstractSslContextFactory

Returns:

Created Key Managers.

Throws:

SSLException - If Key Managers could not be created.

createTrustManagers

protected final TrustManager[] createTrustManagers()
                                            throws SSLException

Specified by:

createTrustManagers in class AbstractSslContextFactory

Returns:

Created Trust Managers.

Throws:

SSLException - If Trust Managers could not be created.

checkParameters

protected void checkParameters()
                        throws SSLException

Checks that all required parameters are set.

Specified by:

checkParameters in class AbstractSslContextFactory

Throws:

SSLException - If any of required parameters is missing.

openFileInputStream

protected InputStream openFileInputStream(String filePath)
                                   throws IOException

By default, this method simply opens a raw file input stream. Subclasses may override this method if some specific location should be handled (this may be a case for Android users).

Parameters:

filePath - Path to the file.

Returns:

Opened input stream.

Throws:

IOException - If stream could not be opened.

loadKeyStore

protected KeyStore loadKeyStore(String keyStoreType,
                                String storeFilePath,
                                char[] keyStorePwd)
                         throws SSLException

Loads key store with configured parameters.

Parameters:

keyStoreType - Type of key store.

storeFilePath - Path to key store file.

keyStorePwd - Store password.

Returns:

Initialized key store.

Throws:

SSLException - If key store could not be initialized.

toString

public String toString()

Overrides:

toString in class Object