Package org.apache.hadoop.security.ssl
Class SSLFactory
java.lang.Object
org.apache.hadoop.security.ssl.SSLFactory
- All Implemented Interfaces:
org.apache.hadoop.security.authentication.client.ConnectionConfigurator
@Private
@Evolving
public class SSLFactory
extends Object
implements org.apache.hadoop.security.authentication.client.ConnectionConfigurator
Factory that creates SSLEngine and SSLSocketFactory instances using
Hadoop configuration information.
This SSLFactory uses a ReloadingX509TrustManager instance,
which reloads public keys if the truststore file changes.
This factory is used to configure HTTPS in Hadoop HTTP based endpoints, both client and server.
-
Nested Class Summary
Nested Classes -
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final booleanstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final booleanstatic final Stringstatic final Stringstatic final Stringstatic final Stringstatic final String -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionconfigure(HttpURLConnection conn) If the givenHttpURLConnectionis anHttpsURLConnectionconfigures the connection with theSSLSocketFactoryandHostnameVerifierof this SSLFactory, otherwise does nothing.Returns a configured SSLEngine.Returns a configured SSLServerSocketFactory.Returns a configured SSLSocketFactory.voiddestroy()Releases any resources being used.Returns the hostname verifier it should be used in HttpsURLConnections.static HostnameVerifiergetHostnameVerifier(String verifier) Returns the SSLFactory KeyStoresFactory instance.voidinit()Initializes the factory.booleanReturns if client certificates are required or not.static ConfigurationreadSSLConfiguration(Configuration conf, SSLFactory.Mode mode)
-
Field Details
-
SSL_CLIENT_CONF_KEY
- See Also:
-
SSL_CLIENT_CONF_DEFAULT
- See Also:
-
SSL_SERVER_CONF_KEY
- See Also:
-
SSL_SERVER_CONF_DEFAULT
- See Also:
-
SSL_REQUIRE_CLIENT_CERT_KEY
- See Also:
-
SSL_REQUIRE_CLIENT_CERT_DEFAULT
public static final boolean SSL_REQUIRE_CLIENT_CERT_DEFAULT- See Also:
-
SSL_HOSTNAME_VERIFIER_KEY
- See Also:
-
SSL_ENABLED_PROTOCOLS_KEY
- See Also:
-
SSL_ENABLED_PROTOCOLS_DEFAULT
- See Also:
-
SSL_SERVER_NEED_CLIENT_AUTH
- See Also:
-
SSL_SERVER_NEED_CLIENT_AUTH_DEFAULT
public static final boolean SSL_SERVER_NEED_CLIENT_AUTH_DEFAULT- See Also:
-
SSL_SERVER_KEYSTORE_LOCATION
- See Also:
-
SSL_SERVER_KEYSTORE_PASSWORD
- See Also:
-
SSL_SERVER_KEYSTORE_TYPE
- See Also:
-
SSL_SERVER_KEYSTORE_TYPE_DEFAULT
- See Also:
-
SSL_SERVER_KEYSTORE_KEYPASSWORD
- See Also:
-
SSL_SERVER_TRUSTSTORE_LOCATION
- See Also:
-
SSL_SERVER_TRUSTSTORE_PASSWORD
- See Also:
-
SSL_SERVER_TRUSTSTORE_TYPE
- See Also:
-
SSL_SERVER_TRUSTSTORE_TYPE_DEFAULT
- See Also:
-
SSL_SERVER_EXCLUDE_CIPHER_LIST
- See Also:
-
SSL_SERVER_INCLUDE_CIPHER_LIST
- See Also:
-
KEY_MANAGER_SSLCERTIFICATE
-
TRUST_MANAGER_SSLCERTIFICATE
-
KEYSTORES_FACTORY_CLASS_KEY
- See Also:
-
-
Constructor Details
-
SSLFactory
Creates an SSLFactory.- Parameters:
mode- SSLFactory mode, client or server.conf- Hadoop configuration from where the SSLFactory configuration will be read.
-
-
Method Details
-
readSSLConfiguration
-
init
Initializes the factory.- Throws:
GeneralSecurityException- thrown if an SSL initialization error happened.IOException- thrown if an IO error happened while reading the SSL configuration.
-
getHostnameVerifier
public static HostnameVerifier getHostnameVerifier(String verifier) throws GeneralSecurityException, IOException - Throws:
GeneralSecurityExceptionIOException
-
destroy
public void destroy()Releases any resources being used. -
getKeystoresFactory
Returns the SSLFactory KeyStoresFactory instance.- Returns:
- the SSLFactory KeyStoresFactory instance.
-
createSSLEngine
Returns a configured SSLEngine.- Returns:
- the configured SSLEngine.
- Throws:
GeneralSecurityException- thrown if the SSL engine could not be initialized.IOException- thrown if and IO error occurred while loading the server keystore.
-
createSSLServerSocketFactory
public SSLServerSocketFactory createSSLServerSocketFactory() throws GeneralSecurityException, IOExceptionReturns a configured SSLServerSocketFactory.- Returns:
- the configured SSLSocketFactory.
- Throws:
GeneralSecurityException- thrown if the SSLSocketFactory could not be initialized.IOException- thrown if and IO error occurred while loading the server keystore.
-
createSSLSocketFactory
Returns a configured SSLSocketFactory.- Returns:
- the configured SSLSocketFactory.
- Throws:
GeneralSecurityException- thrown if the SSLSocketFactory could not be initialized.IOException- thrown if and IO error occurred while loading the server keystore.
-
getHostnameVerifier
Returns the hostname verifier it should be used in HttpsURLConnections.- Returns:
- the hostname verifier.
-
isClientCertRequired
public boolean isClientCertRequired()Returns if client certificates are required or not.- Returns:
- if client certificates are required or not.
-
configure
If the givenHttpURLConnectionis anHttpsURLConnectionconfigures the connection with theSSLSocketFactoryandHostnameVerifierof this SSLFactory, otherwise does nothing.- Specified by:
configurein interfaceorg.apache.hadoop.security.authentication.client.ConnectionConfigurator- Parameters:
conn- theHttpURLConnectioninstance to configure.- Returns:
- the configured
HttpURLConnectioninstance. - Throws:
IOException- if an IO error occurred.
-