org.apache.ignite.ssl

Class SslContextFactory

java.lang.Object

org.apache.ignite.ssl.SslContextFactory

All Implemented Interfaces:

Serializable, javax.cache.configuration.Factory<SSLContext>

public class SslContextFactory
extends Object
implements javax.cache.configuration.Factory<SSLContext>

SSL context factory that provides SSL context configuration with specified key and trust stores. This factory caches the result of the first successful attempt to create an SSLContext and always returns it as a result of further invocations of the create()} method.

In some cases it is useful to disable certificate validation of client side (e.g. when connecting to a server with self-signed certificate). This can be achieved by setting a disabled trust manager to this factory, which can be obtained by getDisabledTrustManager() method:

     SslContextFactory factory = new SslContextFactory();
     factory.setTrustManagers(SslContextFactory.getDisabledTrustManager());
     // Rest of initialization.
 

See Also:

Serialized Form

Field Summary

Fields

Modifier and Type	Field and Description
static String	DFLT_KEY_ALGORITHM Default key manager / trust manager algorithm.
static boolean	DFLT_NEED_CLIENT_AUTH Whether SSL needs client authentication by default.
static String	DFLT_SSL_PROTOCOL Default SSL protocol.
static String	DFLT_STORE_TYPE Default key / trust store type.
static String	IGNITE_KEY_ALGORITHM_PROPERTY Deprecated. Use "ssl.KeyManagerFactory.algorithm" instead as per JSSE standard. Should be considered for deletion in 9.0.

Constructor Summary

Constructors

Constructor and Description
SslContextFactory()

Method Summary

Modifier and Type	Method and Description
SSLContext	create()
String[]	getCipherSuites() Gets enabled cipher suites.
static TrustManager	getDisabledTrustManager() Returns an instance of trust manager that will always succeed regardless of certificate provided.
String	getKeyAlgorithm() Gets algorithm that will be used to create a key manager.
String	getKeyStoreFilePath() Gets path to the key store file.
char[]	getKeyStorePassword() Gets key store password.
String	getKeyStoreType() Gets key store type used for context creation.
boolean	getNeedClientAuth() Returns true if SSL needs client authentication.
String	getProtocol() Gets protocol for secure transport.
String[]	getProtocols() Gets enabled protocols.
TrustManager[]	getTrustManagers() Gets pre-configured trust managers.
String	getTrustStoreFilePath() Gets path to the trust store file.
char[]	getTrustStorePassword() Gets trust store password.
String	getTrustStoreType() Gets trust store type used for context creation.
protected InputStream	openFileInputStream(String filePath) By default, this method simply opens a raw file input stream.
void	setCipherSuites(String... cipherSuites) Sets enabled cipher suites.
void	setKeyAlgorithm(String keyAlgorithm) Sets key manager algorithm that will be used to create a key manager.
void	setKeyStoreFilePath(String keyStoreFilePath) Sets path to the key store file.
void	setKeyStorePassword(char[] keyStorePwd) Sets key store password.
void	setKeyStoreType(String keyStoreType) Sets key store type used in context initialization.
void	setNeedClientAuth(boolean needClientAuth) Sets whether SSL needs client authentication.
void	setProtocol(String proto) Sets protocol for secure transport.
void	setProtocols(String... protocols) Sets enabled protocols.
void	setTrustManagers(TrustManager... trustMgrs) Sets pre-configured trust managers.
void	setTrustStoreFilePath(String trustStoreFilePath) Sets path to the trust store file.
void	setTrustStorePassword(char[] trustStorePwd) Sets trust store password.
void	setTrustStoreType(String trustStoreType) Sets trust store type used in context initialization.
String	toString()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

DFLT_STORE_TYPE

public static final String DFLT_STORE_TYPE

Default key / trust store type.

DFLT_SSL_PROTOCOL

public static final String DFLT_SSL_PROTOCOL

Default SSL protocol.

See Also:

Constant Field Values

IGNITE_KEY_ALGORITHM_PROPERTY

@Deprecated
public static final String IGNITE_KEY_ALGORITHM_PROPERTY

Deprecated. Use "ssl.KeyManagerFactory.algorithm" instead as per JSSE standard. Should be considered for deletion in 9.0.

Property name to specify default key/trust manager algorithm.

See Also:

Constant Field Values

DFLT_KEY_ALGORITHM

public static final String DFLT_KEY_ALGORITHM

Default key manager / trust manager algorithm. Specifying different trust manager algorithm is not supported.

DFLT_NEED_CLIENT_AUTH

public static final boolean DFLT_NEED_CLIENT_AUTH

Whether SSL needs client authentication by default.

See Also:

Constant Field Values

Constructor Detail

SslContextFactory

public SslContextFactory()

Method Detail

getKeyStoreType

public String getKeyStoreType()

Gets key store type used for context creation.

Returns:

Key store type.

setKeyStoreType

public void setKeyStoreType(String keyStoreType)

Sets key store type used in context initialization. If not provided, DFLT_STORE_TYPE will be used.

Parameters:

keyStoreType - Key store type.

getTrustStoreType

public String getTrustStoreType()

Gets trust store type used for context creation.

Returns:

trust store type.

setTrustStoreType

public void setTrustStoreType(String trustStoreType)

Sets trust store type used in context initialization. If not provided, DFLT_STORE_TYPE will be used.

Parameters:

trustStoreType - Trust store type.

getProtocol

public String getProtocol()

Gets protocol for secure transport.

Returns:

SSL protocol name.

setProtocol

public void setProtocol(String proto)

Sets protocol for secure transport. If not specified, DFLT_SSL_PROTOCOL will be used.

Parameters:

proto - SSL protocol name.

getKeyAlgorithm

public String getKeyAlgorithm()

Gets algorithm that will be used to create a key manager. If not specified, DFLT_KEY_ALGORITHM will be used.

Returns:

Key manager algorithm.

setKeyAlgorithm

public void setKeyAlgorithm(String keyAlgorithm)

Sets key manager algorithm that will be used to create a key manager.

Parameters:

keyAlgorithm - Key algorithm name.

getKeyStoreFilePath

public String getKeyStoreFilePath()

Gets path to the key store file.

Returns:

Path to key store file.

setKeyStoreFilePath

public void setKeyStoreFilePath(String keyStoreFilePath)

Sets path to the key store file. This is a mandatory parameter since ssl context could not be initialized without key manager.

Parameters:

keyStoreFilePath - Path to key store file.

getKeyStorePassword

public char[] getKeyStorePassword()

Gets key store password.

Returns:

Key store password.

setKeyStorePassword

public void setKeyStorePassword(char[] keyStorePwd)

Sets key store password.

Parameters:

keyStorePwd - Key store password.

getTrustStoreFilePath

public String getTrustStoreFilePath()

Gets path to the trust store file.

Returns:

Path to the trust store file.

setTrustStoreFilePath

public void setTrustStoreFilePath(String trustStoreFilePath)

Sets path to the trust store file. This is an optional parameter, however one of the setTrustStoreFilePath(String), setTrustManagers(TrustManager[]) properties must be set.

Parameters:

trustStoreFilePath - Path to the trust store file.

getTrustStorePassword

public char[] getTrustStorePassword()

Gets trust store password.

Returns:

Trust store password.

setTrustStorePassword

public void setTrustStorePassword(char[] trustStorePwd)

Sets trust store password.

Parameters:

trustStorePwd - Trust store password.

getTrustManagers

public TrustManager[] getTrustManagers()

Gets pre-configured trust managers.

Returns:

Trust managers.

setTrustManagers

public void setTrustManagers(TrustManager... trustMgrs)

Sets pre-configured trust managers. This is an optional parameter, however one of the setTrustStoreFilePath(String), #setTrustManagers(TrustManager[])

Parameters:

trustMgrs - Pre-configured trust managers.

getDisabledTrustManager

public static TrustManager getDisabledTrustManager()

Returns an instance of trust manager that will always succeed regardless of certificate provided.

Returns:

Trust manager instance.

setCipherSuites

public void setCipherSuites(String... cipherSuites)

Sets enabled cipher suites.

Parameters:

cipherSuites - enabled cipher suites.

getCipherSuites

public String[] getCipherSuites()

Gets enabled cipher suites.

Returns:

enabled cipher suites

getProtocols

public String[] getProtocols()

Gets enabled protocols.

Returns:

Enabled protocols.

setProtocols

public void setProtocols(String... protocols)

Sets enabled protocols.

Parameters:

protocols - Enabled protocols.

getNeedClientAuth

public boolean getNeedClientAuth()

Returns true if SSL needs client authentication.

Returns:

true if SSL needs client authentication.

setNeedClientAuth

public void setNeedClientAuth(boolean needClientAuth)

Sets whether SSL needs client authentication. Default is DFLT_NEED_CLIENT_AUTH. Note that for thin clients and management tools this value is overridden by ClientConnectorConfiguration.setSslClientAuth(boolean) and ConnectorConfiguration.setSslClientAuth(boolean) respectively.

Parameters:

needClientAuth - True if SSL needs client authentication.

openFileInputStream

protected InputStream openFileInputStream(String filePath)
                                   throws IOException

By default, this method simply opens a raw file input stream. Subclasses may override this method if some specific location should be handled (this may be a case for Android users).

Parameters:

filePath - Path to the file.

Returns:

Opened input stream.

Throws:

IOException - If stream could not be opened.

toString

public String toString()

Overrides:

toString in class Object

create

public SSLContext create()

Specified by:

create in interface javax.cache.configuration.Factory<SSLContext>