SecurityUtility (Pulsar Common 2.10.0.4 API)

java.lang.Object
- org.apache.pulsar.common.util.SecurityUtility

public class SecurityUtility
extends Object

Helper class for the security domain.

Field Summary

Fields
Modifier and Type	Field and Description
`static String`	`BC`
`static String`	`BC_FIPS`
`static String`	`BC_FIPS_PROVIDER_CLASS`
`static String`	`BC_NON_FIPS_PROVIDER_CLASS`
`static Provider`	`BC_PROVIDER`
`static Provider`	`CONSCRYPT_PROVIDER`
`static String`	`CONSCRYPT_PROVIDER_CLASS`

Constructor Summary

Constructors
Constructor and Description

SecurityUtility()

Constructors
Constructor and Description
`SecurityUtility()`

Method Summary

All Methods Static Methods Concrete Methods
Modifier and Type	Method and Description
`static io.netty.handler.ssl.SslContext`	`createAutoRefreshSslContextForClient(io.netty.handler.ssl.SslProvider sslProvider, boolean allowInsecureConnection, String trustCertsFilePath, String certFilePath, String keyFilePath, String sslContextAlgorithm, int refreshDurationSec, ScheduledExecutorService executor)` Creates `SslContext` with capability to do auto-cert refresh.
`static io.netty.handler.ssl.SslContext`	`createNettySslContextForClient(io.netty.handler.ssl.SslProvider sslProvider, boolean allowInsecureConnection, InputStream trustCertsStream, Certificate[] certificates, PrivateKey privateKey, Set<String> ciphers, Set<String> protocols)`
`static io.netty.handler.ssl.SslContext`	`createNettySslContextForClient(io.netty.handler.ssl.SslProvider sslProvider, boolean allowInsecureConnection, String trustCertsFilePath, Certificate[] certificates, PrivateKey privateKey, Set<String> ciphers, Set<String> protocols)`
`static io.netty.handler.ssl.SslContext`	`createNettySslContextForClient(io.netty.handler.ssl.SslProvider sslProvider, boolean allowInsecureConnection, String trustCertsFilePath, Set<String> ciphers, Set<String> protocols)`
`static io.netty.handler.ssl.SslContext`	`createNettySslContextForClient(io.netty.handler.ssl.SslProvider sslProvider, boolean allowInsecureConnection, String trustCertsFilePath, String certFilePath, String keyFilePath, Set<String> ciphers, Set<String> protocols)`
`static io.netty.handler.ssl.SslContext`	`createNettySslContextForServer(io.netty.handler.ssl.SslProvider sslProvider, boolean allowInsecureConnection, String trustCertsFilePath, String certFilePath, String keyFilePath, Set<String> ciphers, Set<String> protocols, boolean requireTrustedClientCertOnConnect)`
`static SSLContext`	`createSslContext(boolean allowInsecureConnection, Certificate[] trustCertficates, Certificate[] certificates, PrivateKey privateKey)`
`static SSLContext`	`createSslContext(boolean allowInsecureConnection, Certificate[] trustCertficates, Certificate[] certificates, PrivateKey privateKey, String providerName)`
`static SSLContext`	`createSslContext(boolean allowInsecureConnection, Certificate[] trustCertificates, String providerName)`
`static SSLContext`	`createSslContext(boolean allowInsecureConnection, String trustCertsFilePath, String certFilePath, String keyFilePath, String providerName)`
`static Provider`	`getBCProviderFromClassPath()` Get Bouncy Castle provider from classpath, and call Security.addProvider.
`static Provider`	`getProvider()` Get Bouncy Castle provider, and call Security.addProvider(provider) if success.
`static boolean`	`isBCFIPS()`
`static X509Certificate[]`	`loadCertificatesFromPemFile(String certFilePath)`
`static X509Certificate[]`	`loadCertificatesFromPemStream(InputStream inStream)`
`static PrivateKey`	`loadPrivateKeyFromPemFile(String keyFilePath)`
`static PrivateKey`	`loadPrivateKeyFromPemStream(InputStream inStream)`
`static TrustManager[]`	`processConscryptTrustManagers(TrustManager[] trustManagers)` Conscrypt TrustManager instances will be configured to use the Pulsar `TlsHostnameVerifier` class.
`static Provider`	`resolveProvider(String providerName)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

BC_PROVIDER

public static final Provider BC_PROVIDER

BC_FIPS_PROVIDER_CLASS

public static final String BC_FIPS_PROVIDER_CLASS

See Also:: Constant Field Values

BC_NON_FIPS_PROVIDER_CLASS

public static final String BC_NON_FIPS_PROVIDER_CLASS

See Also:: Constant Field Values

CONSCRYPT_PROVIDER_CLASS

public static final String CONSCRYPT_PROVIDER_CLASS

See Also:: Constant Field Values

CONSCRYPT_PROVIDER

public static final Provider CONSCRYPT_PROVIDER

BC_FIPS
```
public static final String BC_FIPS
```
See Also:

Constant Field Values

BC
```
public static final String BC
```
See Also:

Constant Field Values

Constructor Detail
- SecurityUtility
```
public SecurityUtility()
```

Method Detail

isBCFIPS
```
public static boolean isBCFIPS()
```

getProvider
```
public static Provider getProvider()
```
Get Bouncy Castle provider, and call Security.addProvider(provider) if success. 1. try get from classpath. 2. try get from Nar.

getBCProviderFromClassPath
```
public static Provider getBCProviderFromClassPath()
                                           throws Exception
```
Get Bouncy Castle provider from classpath, and call Security.addProvider. Throw Exception if failed.

Throws:

Exception

createSslContext

public static SSLContext createSslContext(boolean allowInsecureConnection,
                                          Certificate[] trustCertificates,
                                          String providerName)
                                   throws GeneralSecurityException

Throws:: GeneralSecurityException

createNettySslContextForClient

public static io.netty.handler.ssl.SslContext createNettySslContextForClient(io.netty.handler.ssl.SslProvider sslProvider,
                                                                             boolean allowInsecureConnection,
                                                                             String trustCertsFilePath,
                                                                             Set<String> ciphers,
                                                                             Set<String> protocols)
                                                                      throws GeneralSecurityException,
                                                                             SSLException,
                                                                             FileNotFoundException,
                                                                             IOException

Throws:: GeneralSecurityException; SSLException; FileNotFoundException; IOException

createSslContext

public static SSLContext createSslContext(boolean allowInsecureConnection,
                                          String trustCertsFilePath,
                                          String certFilePath,
                                          String keyFilePath,
                                          String providerName)
                                   throws GeneralSecurityException

Throws:: GeneralSecurityException

createAutoRefreshSslContextForClient

public static io.netty.handler.ssl.SslContext createAutoRefreshSslContextForClient(io.netty.handler.ssl.SslProvider sslProvider,
                                                                                   boolean allowInsecureConnection,
                                                                                   String trustCertsFilePath,
                                                                                   String certFilePath,
                                                                                   String keyFilePath,
                                                                                   String sslContextAlgorithm,
                                                                                   int refreshDurationSec,
                                                                                   ScheduledExecutorService executor)
                                                                            throws GeneralSecurityException,
                                                                                   SSLException,
                                                                                   FileNotFoundException,
                                                                                   IOException

Creates SslContext with capability to do auto-cert refresh.

Parameters:: allowInsecureConnection -; trustCertsFilePath -; certFilePath -; keyFilePath -; sslContextAlgorithm -; refreshDurationSec -; executor -
Returns:
Throws:: GeneralSecurityException; SSLException; FileNotFoundException; IOException

createNettySslContextForClient

public static io.netty.handler.ssl.SslContext createNettySslContextForClient(io.netty.handler.ssl.SslProvider sslProvider,
                                                                             boolean allowInsecureConnection,
                                                                             String trustCertsFilePath,
                                                                             String certFilePath,
                                                                             String keyFilePath,
                                                                             Set<String> ciphers,
                                                                             Set<String> protocols)
                                                                      throws GeneralSecurityException,
                                                                             SSLException,
                                                                             FileNotFoundException,
                                                                             IOException

Throws:: GeneralSecurityException; SSLException; FileNotFoundException; IOException

createNettySslContextForClient

public static io.netty.handler.ssl.SslContext createNettySslContextForClient(io.netty.handler.ssl.SslProvider sslProvider,
                                                                             boolean allowInsecureConnection,
                                                                             String trustCertsFilePath,
                                                                             Certificate[] certificates,
                                                                             PrivateKey privateKey,
                                                                             Set<String> ciphers,
                                                                             Set<String> protocols)
                                                                      throws GeneralSecurityException,
                                                                             SSLException,
                                                                             FileNotFoundException,
                                                                             IOException

Throws:: GeneralSecurityException; SSLException; FileNotFoundException; IOException

createNettySslContextForClient

public static io.netty.handler.ssl.SslContext createNettySslContextForClient(io.netty.handler.ssl.SslProvider sslProvider,
                                                                             boolean allowInsecureConnection,
                                                                             InputStream trustCertsStream,
                                                                             Certificate[] certificates,
                                                                             PrivateKey privateKey,
                                                                             Set<String> ciphers,
                                                                             Set<String> protocols)
                                                                      throws GeneralSecurityException,
                                                                             SSLException,
                                                                             FileNotFoundException,
                                                                             IOException

Throws:: GeneralSecurityException; SSLException; FileNotFoundException; IOException

createNettySslContextForServer

public static io.netty.handler.ssl.SslContext createNettySslContextForServer(io.netty.handler.ssl.SslProvider sslProvider,
                                                                             boolean allowInsecureConnection,
                                                                             String trustCertsFilePath,
                                                                             String certFilePath,
                                                                             String keyFilePath,
                                                                             Set<String> ciphers,
                                                                             Set<String> protocols,
                                                                             boolean requireTrustedClientCertOnConnect)
                                                                      throws GeneralSecurityException,
                                                                             SSLException,
                                                                             FileNotFoundException,
                                                                             IOException

Throws:: GeneralSecurityException; SSLException; FileNotFoundException; IOException

createSslContext

public static SSLContext createSslContext(boolean allowInsecureConnection,
                                          Certificate[] trustCertficates,
                                          Certificate[] certificates,
                                          PrivateKey privateKey)
                                   throws GeneralSecurityException

Throws:: GeneralSecurityException

createSslContext

public static SSLContext createSslContext(boolean allowInsecureConnection,
                                          Certificate[] trustCertficates,
                                          Certificate[] certificates,
                                          PrivateKey privateKey,
                                          String providerName)
                                   throws GeneralSecurityException

Throws:: GeneralSecurityException

processConscryptTrustManagers
```
@InterfaceAudience.Private
public static TrustManager[] processConscryptTrustManagers(TrustManager[] trustManagers)
```
Conscrypt TrustManager instances will be configured to use the Pulsar TlsHostnameVerifier class. This method is used as a workaround for https://github.com/google/conscrypt/issues/1015 when Conscrypt / OpenSSL is used as the TLS security provider.

Parameters:

trustManagers - the array of TrustManager instances to process.

Returns:

same instance passed as parameter

loadCertificatesFromPemFile

public static X509Certificate[] loadCertificatesFromPemFile(String certFilePath)
                                                     throws KeyManagementException

Throws:: KeyManagementException

loadCertificatesFromPemStream

public static X509Certificate[] loadCertificatesFromPemStream(InputStream inStream)
                                                       throws KeyManagementException

Throws:: KeyManagementException

loadPrivateKeyFromPemFile

public static PrivateKey loadPrivateKeyFromPemFile(String keyFilePath)
                                            throws KeyManagementException

Throws:: KeyManagementException

loadPrivateKeyFromPemStream

public static PrivateKey loadPrivateKeyFromPemStream(InputStream inStream)
                                              throws KeyManagementException

Throws:: KeyManagementException

resolveProvider

public static Provider resolveProvider(String providerName)
                                throws NoSuchAlgorithmException

Throws:: NoSuchAlgorithmException

Class SecurityUtility

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

BC_PROVIDER

BC_FIPS_PROVIDER_CLASS

BC_NON_FIPS_PROVIDER_CLASS

CONSCRYPT_PROVIDER_CLASS

CONSCRYPT_PROVIDER

BC_FIPS

BC

Constructor Detail

SecurityUtility

Method Detail

isBCFIPS

getProvider

getBCProviderFromClassPath

createSslContext

createNettySslContextForClient

createSslContext

createAutoRefreshSslContextForClient

createNettySslContextForClient

createNettySslContextForClient

createNettySslContextForClient

createNettySslContextForServer

createSslContext

createSslContext

processConscryptTrustManagers

loadCertificatesFromPemFile

loadCertificatesFromPemStream

loadPrivateKeyFromPemFile

loadPrivateKeyFromPemStream

resolveProvider