Package org.apache.hadoop.security.ssl

Class FileBasedKeyStoresFactory

java.lang.Object
org.apache.hadoop.security.ssl.FileBasedKeyStoresFactory
All Implemented Interfaces:
Configurable, KeyStoresFactory
@Private @Evolving public class FileBasedKeyStoresFactory extends Object implements KeyStoresFactory
KeyStoresFactory implementation that reads the certificates from keystore files.

If either the truststore or the keystore certificates file changes, it would be refreshed under the corresponding wrapper implementation - ReloadingX509KeystoreManager or ReloadingX509TrustManager.

  • Field Details

    • SSL_MONITORING_THREAD_NAME

      public static final String SSL_MONITORING_THREAD_NAME
      The name of the timer thread monitoring file changes.
      See Also:

    • SSL_STORES_RELOAD_INTERVAL_TPL_KEY

      public static final String SSL_STORES_RELOAD_INTERVAL_TPL_KEY
      The refresh interval used to check if either of the truststore or keystore certificate file has changed.
      See Also:

    • SSL_KEYSTORE_LOCATION_TPL_KEY

      public static final String SSL_KEYSTORE_LOCATION_TPL_KEY
      See Also:

    • SSL_KEYSTORE_PASSWORD_TPL_KEY

      public static final String SSL_KEYSTORE_PASSWORD_TPL_KEY
      See Also:

    • SSL_KEYSTORE_KEYPASSWORD_TPL_KEY

      public static final String SSL_KEYSTORE_KEYPASSWORD_TPL_KEY
      See Also:

    • SSL_KEYSTORE_TYPE_TPL_KEY

      public static final String SSL_KEYSTORE_TYPE_TPL_KEY
      See Also:

    • SSL_TRUSTSTORE_RELOAD_INTERVAL_TPL_KEY

      public static final String SSL_TRUSTSTORE_RELOAD_INTERVAL_TPL_KEY
      See Also:

    • SSL_TRUSTSTORE_LOCATION_TPL_KEY

      public static final String SSL_TRUSTSTORE_LOCATION_TPL_KEY
      See Also:

    • SSL_TRUSTSTORE_PASSWORD_TPL_KEY

      public static final String SSL_TRUSTSTORE_PASSWORD_TPL_KEY
      See Also:

    • SSL_TRUSTSTORE_TYPE_TPL_KEY

      public static final String SSL_TRUSTSTORE_TYPE_TPL_KEY
      See Also:

    • SSL_EXCLUDE_CIPHER_LIST

      public static final String SSL_EXCLUDE_CIPHER_LIST
      See Also:

    • DEFAULT_KEYSTORE_TYPE

      public static final String DEFAULT_KEYSTORE_TYPE
      Default format of the keystore files.
      See Also:

    • DEFAULT_SSL_STORES_RELOAD_INTERVAL

      public static final int DEFAULT_SSL_STORES_RELOAD_INTERVAL
      The default time interval in milliseconds used to check if either of the truststore or keystore certificates file has changed and needs reloading.
      See Also:

  • Constructor Details

    • FileBasedKeyStoresFactory

      public FileBasedKeyStoresFactory()

  • Method Details

    • resolvePropertyName

      @VisibleForTesting public static String resolvePropertyName(SSLFactory.Mode mode, String template)
      Resolves a property name to its client/server version if applicable.

      NOTE: This method is public for testing purposes.

      Parameters:
      mode - client/server mode.
      template - property name template.
      Returns:
      the resolved property name.

    • setConf

      public void setConf(Configuration conf)
      Sets the configuration for the factory.
      Specified by:
      setConf in interface Configurable
      Parameters:
      conf - the configuration for the factory.

    • getConf

      public Configuration getConf()
      Returns the configuration of the factory.
      Specified by:
      getConf in interface Configurable
      Returns:
      the configuration of the factory.

    • init

      public void init(SSLFactory.Mode mode) throws IOException, GeneralSecurityException
      Initializes the keystores of the factory.
      Specified by:
      init in interface KeyStoresFactory
      Parameters:
      mode - if the keystores are to be used in client or server mode.
      Throws:
      IOException - thrown if the keystores could not be initialized due to an IO error.
      GeneralSecurityException - thrown if the keystores could not be initialized due to a security error.

    • destroy

      public void destroy()
      Releases any resources being used.
      Specified by:
      destroy in interface KeyStoresFactory

    • getKeyManagers

      public KeyManager[] getKeyManagers()
      Returns the keymanagers for owned certificates.
      Specified by:
      getKeyManagers in interface KeyStoresFactory
      Returns:
      the keymanagers for owned certificates.

    • getTrustManagers

      public TrustManager[] getTrustManagers()
      Returns the trustmanagers for trusted certificates.
      Specified by:
      getTrustManagers in interface KeyStoresFactory
      Returns:
      the trustmanagers for trusted certificates.