Package org.apache.hadoop.security.ssl

Class SSLFactory

java.lang.Object

org.apache.hadoop.security.ssl.SSLFactory

All Implemented Interfaces:

org.apache.hadoop.security.authentication.client.ConnectionConfigurator

@Private
@Evolving
public class SSLFactory
extends java.lang.Object
implements org.apache.hadoop.security.authentication.client.ConnectionConfigurator

Factory that creates SSLEngine and SSLSocketFactory instances using Hadoop configuration information.

This SSLFactory uses a ReloadingX509TrustManager instance, which reloads public keys if the truststore file changes.

This factory is used to configure HTTPS in Hadoop HTTP based endpoints, both client and server.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	SSLFactory.Mode

Field Summary

Fields

Modifier and Type	Field	Description
static java.lang.String	KEY_MANAGER_SSLCERTIFICATE
static java.lang.String	KEYSTORES_FACTORY_CLASS_KEY
static java.lang.String	SSL_CLIENT_CONF_DEFAULT
static java.lang.String	SSL_CLIENT_CONF_KEY
static java.lang.String	SSL_CLIENT_KEYSTORE_TYPE
static java.lang.String	SSL_CLIENT_KEYSTORE_TYPE_DEFAULT
static java.lang.String	SSL_CLIENT_TRUSTSTORE_PASSWORD
static java.lang.String	SSL_CLIENT_TRUSTSTORE_TYPE
static java.lang.String	SSL_ENABLED_PROTOCOLS_DEFAULT
static java.lang.String	SSL_ENABLED_PROTOCOLS_KEY
static java.lang.String	SSL_HOSTNAME_VERIFIER_KEY
static boolean	SSL_REQUIRE_CLIENT_CERT_DEFAULT
static java.lang.String	SSL_REQUIRE_CLIENT_CERT_KEY
static java.lang.String	SSL_SERVER_CONF_DEFAULT
static java.lang.String	SSL_SERVER_CONF_KEY
static java.lang.String	SSL_SERVER_EXCLUDE_CIPHER_LIST
static java.lang.String	SSL_SERVER_INCLUDE_CIPHER_LIST
static java.lang.String	SSL_SERVER_KEYSTORE_KEYPASSWORD
static java.lang.String	SSL_SERVER_KEYSTORE_LOCATION
static java.lang.String	SSL_SERVER_KEYSTORE_PASSWORD
static java.lang.String	SSL_SERVER_KEYSTORE_TYPE
static java.lang.String	SSL_SERVER_KEYSTORE_TYPE_DEFAULT
static java.lang.String	SSL_SERVER_NEED_CLIENT_AUTH
static boolean	SSL_SERVER_NEED_CLIENT_AUTH_DEFAULT
static java.lang.String	SSL_SERVER_TRUSTSTORE_LOCATION
static java.lang.String	SSL_SERVER_TRUSTSTORE_PASSWORD
static java.lang.String	SSL_SERVER_TRUSTSTORE_TYPE
static java.lang.String	SSL_SERVER_TRUSTSTORE_TYPE_DEFAULT
static java.lang.String	TRUST_MANAGER_SSLCERTIFICATE
static java.lang.String	TRUSTNAME_SERVICE_JAVA_PROPERTY
static java.lang.String	TRUSTSTORE_PASS_JAVA_PROPERTY
static java.lang.String	TRUSTSTORE_TYPE_JAVA_PROPERTY

Constructor Summary

Constructors

Constructor	Description
SSLFactory(SSLFactory.Mode mode, Configuration conf)	Creates an SSLFactory.

Method Summary

Modifier and Type	Method	Description
java.net.HttpURLConnection	configure(java.net.HttpURLConnection conn)	If the given HttpURLConnection is an HttpsURLConnection configures the connection with the SSLSocketFactory and HostnameVerifier of this SSLFactory, otherwise does nothing.
javax.net.ssl.SSLEngine	createSSLEngine()	Returns a configured SSLEngine.
javax.net.ssl.SSLServerSocketFactory	createSSLServerSocketFactory()	Returns a configured SSLServerSocketFactory.
javax.net.ssl.SSLSocketFactory	createSSLSocketFactory()	Returns a configured SSLSocketFactory.
void	destroy()	Releases any resources being used.
javax.net.ssl.HostnameVerifier	getHostnameVerifier()	Returns the hostname verifier it should be used in HttpsURLConnections.
static javax.net.ssl.HostnameVerifier	getHostnameVerifier(java.lang.String verifier)
KeyStoresFactory	getKeystoresFactory()	Returns the SSLFactory KeyStoresFactory instance.
Configuration	getSslConf()	Returns SSL configuration.
void	init()	Initializes the factory.
boolean	isClientCertRequired()	Returns if client certificates are required or not.
static Configuration	readSSLConfiguration(Configuration conf, SSLFactory.Mode mode)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SSL_CLIENT_CONF_KEY

public static final java.lang.String SSL_CLIENT_CONF_KEY

See Also:

Constant Field Values

SSL_CLIENT_CONF_DEFAULT

public static final java.lang.String SSL_CLIENT_CONF_DEFAULT

See Also:

Constant Field Values

SSL_SERVER_CONF_KEY

public static final java.lang.String SSL_SERVER_CONF_KEY

See Also:

Constant Field Values

SSL_SERVER_CONF_DEFAULT

public static final java.lang.String SSL_SERVER_CONF_DEFAULT

See Also:

Constant Field Values

SSL_REQUIRE_CLIENT_CERT_KEY

public static final java.lang.String SSL_REQUIRE_CLIENT_CERT_KEY

See Also:

Constant Field Values

SSL_REQUIRE_CLIENT_CERT_DEFAULT

public static final boolean SSL_REQUIRE_CLIENT_CERT_DEFAULT

See Also:

Constant Field Values

SSL_HOSTNAME_VERIFIER_KEY

public static final java.lang.String SSL_HOSTNAME_VERIFIER_KEY

See Also:

Constant Field Values

SSL_ENABLED_PROTOCOLS_KEY

public static final java.lang.String SSL_ENABLED_PROTOCOLS_KEY

See Also:

Constant Field Values

SSL_ENABLED_PROTOCOLS_DEFAULT

public static final java.lang.String SSL_ENABLED_PROTOCOLS_DEFAULT

See Also:

Constant Field Values

SSL_SERVER_NEED_CLIENT_AUTH

public static final java.lang.String SSL_SERVER_NEED_CLIENT_AUTH

See Also:

Constant Field Values

SSL_SERVER_NEED_CLIENT_AUTH_DEFAULT

public static final boolean SSL_SERVER_NEED_CLIENT_AUTH_DEFAULT

See Also:

Constant Field Values

SSL_SERVER_KEYSTORE_LOCATION

public static final java.lang.String SSL_SERVER_KEYSTORE_LOCATION

See Also:

Constant Field Values

SSL_SERVER_KEYSTORE_PASSWORD

public static final java.lang.String SSL_SERVER_KEYSTORE_PASSWORD

See Also:

Constant Field Values

SSL_SERVER_KEYSTORE_TYPE

public static final java.lang.String SSL_SERVER_KEYSTORE_TYPE

See Also:

Constant Field Values

SSL_SERVER_KEYSTORE_TYPE_DEFAULT

public static final java.lang.String SSL_SERVER_KEYSTORE_TYPE_DEFAULT

See Also:

Constant Field Values

SSL_SERVER_KEYSTORE_KEYPASSWORD

public static final java.lang.String SSL_SERVER_KEYSTORE_KEYPASSWORD

See Also:

Constant Field Values

SSL_SERVER_TRUSTSTORE_LOCATION

public static final java.lang.String SSL_SERVER_TRUSTSTORE_LOCATION

See Also:

Constant Field Values

SSL_SERVER_TRUSTSTORE_PASSWORD

public static final java.lang.String SSL_SERVER_TRUSTSTORE_PASSWORD

See Also:

Constant Field Values

SSL_SERVER_TRUSTSTORE_TYPE

public static final java.lang.String SSL_SERVER_TRUSTSTORE_TYPE

See Also:

Constant Field Values

SSL_SERVER_TRUSTSTORE_TYPE_DEFAULT

public static final java.lang.String SSL_SERVER_TRUSTSTORE_TYPE_DEFAULT

See Also:

Constant Field Values

SSL_CLIENT_KEYSTORE_TYPE

public static final java.lang.String SSL_CLIENT_KEYSTORE_TYPE

See Also:

Constant Field Values

SSL_CLIENT_KEYSTORE_TYPE_DEFAULT

public static final java.lang.String SSL_CLIENT_KEYSTORE_TYPE_DEFAULT

See Also:

Constant Field Values

SSL_SERVER_EXCLUDE_CIPHER_LIST

public static final java.lang.String SSL_SERVER_EXCLUDE_CIPHER_LIST

See Also:

Constant Field Values

SSL_SERVER_INCLUDE_CIPHER_LIST

public static final java.lang.String SSL_SERVER_INCLUDE_CIPHER_LIST

See Also:

Constant Field Values

KEY_MANAGER_SSLCERTIFICATE

public static final java.lang.String KEY_MANAGER_SSLCERTIFICATE

TRUST_MANAGER_SSLCERTIFICATE

public static final java.lang.String TRUST_MANAGER_SSLCERTIFICATE

KEYSTORES_FACTORY_CLASS_KEY

public static final java.lang.String KEYSTORES_FACTORY_CLASS_KEY

See Also:

Constant Field Values

SSL_CLIENT_TRUSTSTORE_PASSWORD

public static final java.lang.String SSL_CLIENT_TRUSTSTORE_PASSWORD

See Also:

Constant Field Values

SSL_CLIENT_TRUSTSTORE_TYPE

public static final java.lang.String SSL_CLIENT_TRUSTSTORE_TYPE

See Also:

Constant Field Values

TRUSTNAME_SERVICE_JAVA_PROPERTY

public static final java.lang.String TRUSTNAME_SERVICE_JAVA_PROPERTY

See Also:

Constant Field Values

TRUSTSTORE_PASS_JAVA_PROPERTY

public static final java.lang.String TRUSTSTORE_PASS_JAVA_PROPERTY

See Also:

Constant Field Values

TRUSTSTORE_TYPE_JAVA_PROPERTY

public static final java.lang.String TRUSTSTORE_TYPE_JAVA_PROPERTY

See Also:

Constant Field Values

Constructor Detail

SSLFactory

public SSLFactory(SSLFactory.Mode mode,
                  Configuration conf)

Creates an SSLFactory.

Parameters:

mode - SSLFactory mode, client or server.

conf - Hadoop configuration from where the SSLFactory configuration will be read.

Method Detail

readSSLConfiguration

public static Configuration readSSLConfiguration(Configuration conf,
                                                 SSLFactory.Mode mode)

init

public void init()
          throws java.security.GeneralSecurityException,
                 java.io.IOException

Initializes the factory.

Throws:

java.security.GeneralSecurityException - thrown if an SSL initialization error happened.

java.io.IOException - thrown if an IO error happened while reading the SSL configuration.

getHostnameVerifier

public static javax.net.ssl.HostnameVerifier getHostnameVerifier(java.lang.String verifier)
                                                          throws java.security.GeneralSecurityException,
                                                                 java.io.IOException

Throws:

java.security.GeneralSecurityException

java.io.IOException

destroy

public void destroy()

Releases any resources being used.

getKeystoresFactory

public KeyStoresFactory getKeystoresFactory()

Returns the SSLFactory KeyStoresFactory instance.

Returns:

the SSLFactory KeyStoresFactory instance.

createSSLEngine

public javax.net.ssl.SSLEngine createSSLEngine()
                                        throws java.security.GeneralSecurityException,
                                               java.io.IOException

Returns a configured SSLEngine.

Returns:

the configured SSLEngine.

Throws:

java.security.GeneralSecurityException - thrown if the SSL engine could not be initialized.

java.io.IOException - thrown if and IO error occurred while loading the server keystore.

createSSLServerSocketFactory

public javax.net.ssl.SSLServerSocketFactory createSSLServerSocketFactory()
                                                                  throws java.security.GeneralSecurityException,
                                                                         java.io.IOException

Returns a configured SSLServerSocketFactory.

Returns:

the configured SSLSocketFactory.

Throws:

java.security.GeneralSecurityException - thrown if the SSLSocketFactory could not be initialized.

java.io.IOException - thrown if and IO error occurred while loading the server keystore.

createSSLSocketFactory

public javax.net.ssl.SSLSocketFactory createSSLSocketFactory()
                                                      throws java.security.GeneralSecurityException,
                                                             java.io.IOException

Returns a configured SSLSocketFactory.

Returns:

the configured SSLSocketFactory.

Throws:

java.security.GeneralSecurityException - thrown if the SSLSocketFactory could not be initialized.

java.io.IOException - thrown if and IO error occurred while loading the server keystore.

getHostnameVerifier

public javax.net.ssl.HostnameVerifier getHostnameVerifier()

Returns the hostname verifier it should be used in HttpsURLConnections.

Returns:

the hostname verifier.

getSslConf

public Configuration getSslConf()

Returns SSL configuration.

Returns:

SSL configuration.

isClientCertRequired

public boolean isClientCertRequired()

Returns if client certificates are required or not.

Returns:

if client certificates are required or not.

configure

public java.net.HttpURLConnection configure(java.net.HttpURLConnection conn)
                                     throws java.io.IOException

If the given HttpURLConnection is an HttpsURLConnection configures the connection with the SSLSocketFactory and HostnameVerifier of this SSLFactory, otherwise does nothing.

Specified by:

configure in interface org.apache.hadoop.security.authentication.client.ConnectionConfigurator

Parameters:

conn - the HttpURLConnection instance to configure.

Returns:

the configured HttpURLConnection instance.

Throws:

java.io.IOException - if an IO error occurred.