Package org.apache.pulsar.common.util
Class SecurityUtility
- java.lang.Object
-
- org.apache.pulsar.common.util.SecurityUtility
-
public class SecurityUtility extends java.lang.ObjectHelper class for the security domain.
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.StringBCstatic java.lang.StringBC_FIPSstatic java.lang.StringBC_FIPS_PROVIDER_CLASSstatic java.lang.StringBC_NON_FIPS_PROVIDER_CLASSstatic java.security.ProviderBC_PROVIDERstatic java.security.ProviderCONSCRYPT_PROVIDERstatic java.lang.StringCONSCRYPT_PROVIDER_CLASS
-
Constructor Summary
Constructors Constructor Description SecurityUtility()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static voidconfigureSSLHandler(io.netty.handler.ssl.SslHandler handler)static io.netty.handler.ssl.SslContextcreateAutoRefreshSslContextForClient(io.netty.handler.ssl.SslProvider sslProvider, boolean allowInsecureConnection, java.lang.String trustCertsFilePath, java.lang.String certFilePath, java.lang.String keyFilePath, java.lang.String sslContextAlgorithm, int refreshDurationSec, java.util.concurrent.ScheduledExecutorService executor)CreatesSslContextwith capability to do auto-cert refresh.static io.netty.handler.ssl.SslContextcreateNettySslContextForClient(io.netty.handler.ssl.SslProvider sslProvider, boolean allowInsecureConnection, java.io.InputStream trustCertsStream, java.security.cert.Certificate[] certificates, java.security.PrivateKey privateKey, java.util.Set<java.lang.String> ciphers, java.util.Set<java.lang.String> protocols)static io.netty.handler.ssl.SslContextcreateNettySslContextForClient(io.netty.handler.ssl.SslProvider sslProvider, boolean allowInsecureConnection, java.lang.String trustCertsFilePath, java.lang.String certFilePath, java.lang.String keyFilePath, java.util.Set<java.lang.String> ciphers, java.util.Set<java.lang.String> protocols)static io.netty.handler.ssl.SslContextcreateNettySslContextForClient(io.netty.handler.ssl.SslProvider sslProvider, boolean allowInsecureConnection, java.lang.String trustCertsFilePath, java.security.cert.Certificate[] certificates, java.security.PrivateKey privateKey, java.util.Set<java.lang.String> ciphers, java.util.Set<java.lang.String> protocols)static io.netty.handler.ssl.SslContextcreateNettySslContextForClient(io.netty.handler.ssl.SslProvider sslProvider, boolean allowInsecureConnection, java.lang.String trustCertsFilePath, java.util.Set<java.lang.String> ciphers, java.util.Set<java.lang.String> protocols)static io.netty.handler.ssl.SslContextcreateNettySslContextForServer(io.netty.handler.ssl.SslProvider sslProvider, boolean allowInsecureConnection, java.lang.String trustCertsFilePath, java.lang.String certFilePath, java.lang.String keyFilePath, java.util.Set<java.lang.String> ciphers, java.util.Set<java.lang.String> protocols, boolean requireTrustedClientCertOnConnect)static javax.net.ssl.SSLContextcreateSslContext(boolean allowInsecureConnection, java.lang.String trustCertsFilePath, java.lang.String certFilePath, java.lang.String keyFilePath, java.lang.String providerName)static javax.net.ssl.SSLContextcreateSslContext(boolean allowInsecureConnection, java.security.cert.Certificate[] trustCertificates, java.lang.String providerName)static javax.net.ssl.SSLContextcreateSslContext(boolean allowInsecureConnection, java.security.cert.Certificate[] trustCertficates, java.security.cert.Certificate[] certificates, java.security.PrivateKey privateKey)static javax.net.ssl.SSLContextcreateSslContext(boolean allowInsecureConnection, java.security.cert.Certificate[] trustCertficates, java.security.cert.Certificate[] certificates, java.security.PrivateKey privateKey, java.lang.String providerName)static java.security.ProvidergetBCProviderFromClassPath()Get Bouncy Castle provider from classpath, and call Security.addProvider.static java.security.ProvidergetProvider()Get Bouncy Castle provider, and call Security.addProvider(provider) if success.static booleanisBCFIPS()static java.security.cert.X509Certificate[]loadCertificatesFromPemFile(java.lang.String certFilePath)static java.security.cert.X509Certificate[]loadCertificatesFromPemStream(java.io.InputStream inStream)static java.security.PrivateKeyloadPrivateKeyFromPemFile(java.lang.String keyFilePath)static java.security.PrivateKeyloadPrivateKeyFromPemStream(java.io.InputStream inStream)static javax.net.ssl.TrustManager[]processConscryptTrustManagers(javax.net.ssl.TrustManager[] trustManagers)Conscrypt TrustManager instances will be configured to use the PulsarTlsHostnameVerifierclass.static java.security.ProviderresolveProvider(java.lang.String providerName)
-
-
-
Field Detail
-
BC_PROVIDER
public static final java.security.Provider BC_PROVIDER
-
BC_FIPS_PROVIDER_CLASS
public static final java.lang.String BC_FIPS_PROVIDER_CLASS
- See Also:
- Constant Field Values
-
BC_NON_FIPS_PROVIDER_CLASS
public static final java.lang.String BC_NON_FIPS_PROVIDER_CLASS
- See Also:
- Constant Field Values
-
CONSCRYPT_PROVIDER_CLASS
public static final java.lang.String CONSCRYPT_PROVIDER_CLASS
- See Also:
- Constant Field Values
-
CONSCRYPT_PROVIDER
public static final java.security.Provider CONSCRYPT_PROVIDER
-
BC_FIPS
public static final java.lang.String BC_FIPS
- See Also:
- Constant Field Values
-
BC
public static final java.lang.String BC
- See Also:
- Constant Field Values
-
-
Method Detail
-
isBCFIPS
public static boolean isBCFIPS()
-
getProvider
public static java.security.Provider getProvider()
Get Bouncy Castle provider, and call Security.addProvider(provider) if success. 1. try get from classpath. 2. try get from Nar.
-
getBCProviderFromClassPath
public static java.security.Provider getBCProviderFromClassPath() throws java.lang.ExceptionGet Bouncy Castle provider from classpath, and call Security.addProvider. Throw Exception if failed.- Throws:
java.lang.Exception
-
createSslContext
public static javax.net.ssl.SSLContext createSslContext(boolean allowInsecureConnection, java.security.cert.Certificate[] trustCertificates, java.lang.String providerName) throws java.security.GeneralSecurityException- Throws:
java.security.GeneralSecurityException
-
createNettySslContextForClient
public static io.netty.handler.ssl.SslContext createNettySslContextForClient(io.netty.handler.ssl.SslProvider sslProvider, boolean allowInsecureConnection, java.lang.String trustCertsFilePath, java.util.Set<java.lang.String> ciphers, java.util.Set<java.lang.String> protocols) throws java.security.GeneralSecurityException, javax.net.ssl.SSLException, java.io.FileNotFoundException, java.io.IOException- Throws:
java.security.GeneralSecurityExceptionjavax.net.ssl.SSLExceptionjava.io.FileNotFoundExceptionjava.io.IOException
-
createSslContext
public static javax.net.ssl.SSLContext createSslContext(boolean allowInsecureConnection, java.lang.String trustCertsFilePath, java.lang.String certFilePath, java.lang.String keyFilePath, java.lang.String providerName) throws java.security.GeneralSecurityException- Throws:
java.security.GeneralSecurityException
-
createAutoRefreshSslContextForClient
public static io.netty.handler.ssl.SslContext createAutoRefreshSslContextForClient(io.netty.handler.ssl.SslProvider sslProvider, boolean allowInsecureConnection, java.lang.String trustCertsFilePath, java.lang.String certFilePath, java.lang.String keyFilePath, java.lang.String sslContextAlgorithm, int refreshDurationSec, java.util.concurrent.ScheduledExecutorService executor) throws java.security.GeneralSecurityException, javax.net.ssl.SSLException, java.io.FileNotFoundException, java.io.IOExceptionCreatesSslContextwith capability to do auto-cert refresh.- Parameters:
allowInsecureConnection-trustCertsFilePath-certFilePath-keyFilePath-sslContextAlgorithm-refreshDurationSec-executor-- Returns:
- Throws:
java.security.GeneralSecurityExceptionjavax.net.ssl.SSLExceptionjava.io.FileNotFoundExceptionjava.io.IOException
-
createNettySslContextForClient
public static io.netty.handler.ssl.SslContext createNettySslContextForClient(io.netty.handler.ssl.SslProvider sslProvider, boolean allowInsecureConnection, java.lang.String trustCertsFilePath, java.lang.String certFilePath, java.lang.String keyFilePath, java.util.Set<java.lang.String> ciphers, java.util.Set<java.lang.String> protocols) throws java.security.GeneralSecurityException, javax.net.ssl.SSLException, java.io.FileNotFoundException, java.io.IOException- Throws:
java.security.GeneralSecurityExceptionjavax.net.ssl.SSLExceptionjava.io.FileNotFoundExceptionjava.io.IOException
-
createNettySslContextForClient
public static io.netty.handler.ssl.SslContext createNettySslContextForClient(io.netty.handler.ssl.SslProvider sslProvider, boolean allowInsecureConnection, java.lang.String trustCertsFilePath, java.security.cert.Certificate[] certificates, java.security.PrivateKey privateKey, java.util.Set<java.lang.String> ciphers, java.util.Set<java.lang.String> protocols) throws java.security.GeneralSecurityException, javax.net.ssl.SSLException, java.io.FileNotFoundException, java.io.IOException- Throws:
java.security.GeneralSecurityExceptionjavax.net.ssl.SSLExceptionjava.io.FileNotFoundExceptionjava.io.IOException
-
createNettySslContextForClient
public static io.netty.handler.ssl.SslContext createNettySslContextForClient(io.netty.handler.ssl.SslProvider sslProvider, boolean allowInsecureConnection, java.io.InputStream trustCertsStream, java.security.cert.Certificate[] certificates, java.security.PrivateKey privateKey, java.util.Set<java.lang.String> ciphers, java.util.Set<java.lang.String> protocols) throws java.security.GeneralSecurityException, javax.net.ssl.SSLException, java.io.FileNotFoundException, java.io.IOException- Throws:
java.security.GeneralSecurityExceptionjavax.net.ssl.SSLExceptionjava.io.FileNotFoundExceptionjava.io.IOException
-
createNettySslContextForServer
public static io.netty.handler.ssl.SslContext createNettySslContextForServer(io.netty.handler.ssl.SslProvider sslProvider, boolean allowInsecureConnection, java.lang.String trustCertsFilePath, java.lang.String certFilePath, java.lang.String keyFilePath, java.util.Set<java.lang.String> ciphers, java.util.Set<java.lang.String> protocols, boolean requireTrustedClientCertOnConnect) throws java.security.GeneralSecurityException, javax.net.ssl.SSLException, java.io.FileNotFoundException, java.io.IOException- Throws:
java.security.GeneralSecurityExceptionjavax.net.ssl.SSLExceptionjava.io.FileNotFoundExceptionjava.io.IOException
-
createSslContext
public static javax.net.ssl.SSLContext createSslContext(boolean allowInsecureConnection, java.security.cert.Certificate[] trustCertficates, java.security.cert.Certificate[] certificates, java.security.PrivateKey privateKey) throws java.security.GeneralSecurityException- Throws:
java.security.GeneralSecurityException
-
createSslContext
public static javax.net.ssl.SSLContext createSslContext(boolean allowInsecureConnection, java.security.cert.Certificate[] trustCertficates, java.security.cert.Certificate[] certificates, java.security.PrivateKey privateKey, java.lang.String providerName) throws java.security.GeneralSecurityException- Throws:
java.security.GeneralSecurityException
-
processConscryptTrustManagers
@Private public static javax.net.ssl.TrustManager[] processConscryptTrustManagers(javax.net.ssl.TrustManager[] trustManagers)
Conscrypt TrustManager instances will be configured to use the PulsarTlsHostnameVerifierclass. This method is used as a workaround for https://github.com/google/conscrypt/issues/1015 when Conscrypt / OpenSSL is used as the TLS security provider.- Parameters:
trustManagers- the array of TrustManager instances to process.- Returns:
- same instance passed as parameter
-
loadCertificatesFromPemFile
public static java.security.cert.X509Certificate[] loadCertificatesFromPemFile(java.lang.String certFilePath) throws java.security.KeyManagementException- Throws:
java.security.KeyManagementException
-
loadCertificatesFromPemStream
public static java.security.cert.X509Certificate[] loadCertificatesFromPemStream(java.io.InputStream inStream) throws java.security.KeyManagementException- Throws:
java.security.KeyManagementException
-
loadPrivateKeyFromPemFile
public static java.security.PrivateKey loadPrivateKeyFromPemFile(java.lang.String keyFilePath) throws java.security.KeyManagementException- Throws:
java.security.KeyManagementException
-
loadPrivateKeyFromPemStream
public static java.security.PrivateKey loadPrivateKeyFromPemStream(java.io.InputStream inStream) throws java.security.KeyManagementException- Throws:
java.security.KeyManagementException
-
configureSSLHandler
public static void configureSSLHandler(io.netty.handler.ssl.SslHandler handler)
-
resolveProvider
public static java.security.Provider resolveProvider(java.lang.String providerName) throws java.security.NoSuchAlgorithmException- Throws:
java.security.NoSuchAlgorithmException
-
-