Package org.elasticsearch.common.ssl

Class SslConfigurationLoader

  • public abstract class SslConfigurationLoader
extends java.lang.Object
    Loads SslConfiguration from settings. This class handles the logic of interpreting the various "ssl.*" configuration settings and their interactions (as well as being aware of dependencies and conflicts between different settings). The constructed SslConfiguration has sensible defaults for any settings that are not explicitly configured, and these defaults can be overridden through the various setDefaultXyz methods. It is abstract because this library has minimal dependencies, so the extraction of the setting values from the underlying setting source must be handled by the code that makes use of this class.
    See Also:
    SslConfiguration, SslConfigurationKeys

    • Constructor Summary

      Constructors 
      Constructor Description
      SslConfigurationLoader​(java.lang.String settingPrefix)
      Construct a new loader with the "standard" default values.

    • Method Summary

      Modifier and Type Method Description
      protected abstract char[] getSecureSetting​(java.lang.String key)
      Clients of this class should implement this method to load a fully-qualified key from the preferred secure settings source.
      protected abstract java.util.List<java.lang.String> getSettingAsList​(java.lang.String key)
      Clients of this class should implement this method to load a fully-qualified key from the preferred settings source.
      protected abstract java.lang.String getSettingAsString​(java.lang.String key)
      Clients of this class should implement this method to load a fully-qualified key from the preferred settings source.
      SslConfiguration load​(java.nio.file.Path basePath)
      Resolve all necessary configuration settings, and load a SslConfiguration.
      void setDefaultCiphers​(java.util.List<java.lang.String> defaultCiphers)
      Change the default supported ciphers.
      void setDefaultClientAuth​(SslClientAuthenticationMode defaultClientAuth)
      Change the default client authentication mode.
      void setDefaultKeyConfig​(SslKeyConfig defaultKeyConfig)
      Change the default key config.
      void setDefaultProtocols​(java.util.List<java.lang.String> defaultProtocols)
      Change the default SSL/TLS protocol list.
      void setDefaultTrustConfig​(SslTrustConfig defaultTrustConfig)
      Change the default trust config.
      void setDefaultVerificationMode​(SslVerificationMode defaultVerificationMode)
      Change the default verification mode.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • SslConfigurationLoader

        public SslConfigurationLoader​(java.lang.String settingPrefix)
        Construct a new loader with the "standard" default values.
        Parameters:
        settingPrefix - The prefix to apply to all settings that are loaded. It may be the empty string, otherwise it must end in a "." (period). For example, if the prefix is "reindex.ssl." then the keys that are passed to methods like getSettingAsString(String) will be in the form "reindex.ssl.verification_mode", and those same keys will be reported in error messages (via SslConfigException).

    • Method Detail

      • setDefaultTrustConfig

        public void setDefaultTrustConfig​(SslTrustConfig defaultTrustConfig)
        Change the default trust config. The initial trust config is DefaultJdkTrustConfig, which trusts the JDK's default CA certs

      • setDefaultKeyConfig

        public void setDefaultKeyConfig​(SslKeyConfig defaultKeyConfig)
        Change the default key config. The initial key config is EmptyKeyConfig, which does not provide any keys

      • setDefaultVerificationMode

        public void setDefaultVerificationMode​(SslVerificationMode defaultVerificationMode)
        Change the default verification mode. The initial verification mode is SslVerificationMode.FULL.

      • setDefaultCiphers

        public void setDefaultCiphers​(java.util.List<java.lang.String> defaultCiphers)
        Change the default supported ciphers. The initial cipher list depends on the availability of 256 bit AES.
        See Also:
        loadDefaultCiphers()

      • setDefaultProtocols

        public void setDefaultProtocols​(java.util.List<java.lang.String> defaultProtocols)
        Change the default SSL/TLS protocol list. The initial protocol list is defined by DEFAULT_PROTOCOLS

      • getSettingAsString

        protected abstract java.lang.String getSettingAsString​(java.lang.String key)
                                                throws java.lang.Exception
        Clients of this class should implement this method to load a fully-qualified key from the preferred settings source. This method will be called for basic string settings (see SslConfigurationKeys.getStringKeys()).

        The setting should be returned as a string, and this class will convert it to the relevant type.

        Throws:
        java.lang.Exception - If a RuntimeException is thrown, it will be rethrown unwrapped. All checked exceptions are wrapped in SslConfigException before being rethrown.

      • getSecureSetting

        protected abstract char[] getSecureSetting​(java.lang.String key)
                                    throws java.lang.Exception
        Clients of this class should implement this method to load a fully-qualified key from the preferred secure settings source. This method will be called for any setting keys that are marked as being secure settings.
        Throws:
        java.lang.Exception - If a RuntimeException is thrown, it will be rethrown unwrapped. All checked exceptions are wrapped in SslConfigException before being rethrown.

      • getSettingAsList

        protected abstract java.util.List<java.lang.String> getSettingAsList​(java.lang.String key)
                                                              throws java.lang.Exception
        Clients of this class should implement this method to load a fully-qualified key from the preferred settings source. This method will be called for list settings (see SslConfigurationKeys.getListKeys()).

        The setting should be returned as a list of strings, and this class will convert the values to the relevant type.

        Throws:
        java.lang.Exception - If a RuntimeException is thrown, it will be rethrown unwrapped. All checked exceptions are wrapped in SslConfigException before being rethrown.

      • load

        public SslConfiguration load​(java.nio.file.Path basePath)
        Resolve all necessary configuration settings, and load a SslConfiguration.
        Parameters:
        basePath - The base path to use for any settings that represent file paths. Typically points to the Elasticsearch configuration directory.
        Throws:
        SslConfigException - For any problems with the configuration, or with loading the required SSL classes.