org.apache.druid.server.security

Class DefaultTLSCertificateChecker

java.lang.Object

org.apache.druid.server.security.DefaultTLSCertificateChecker

All Implemented Interfaces:

TLSCertificateChecker

public class DefaultTLSCertificateChecker
extends Object
implements TLSCertificateChecker

Constructor Summary

Constructors

Constructor and Description
DefaultTLSCertificateChecker()

Method Summary

Modifier and Type	Method and Description
void	checkClient(X509Certificate[] chain, String authType, SSLEngine engine, X509ExtendedTrustManager baseTrustManager) This method allows an extension to replace the standard X509ExtendedTrustManager.checkClientTrusted(X509Certificate[], String, SSLEngine) method.
void	checkServer(X509Certificate[] chain, String authType, SSLEngine engine, X509ExtendedTrustManager baseTrustManager) This method allows an extension to replace the standard X509ExtendedTrustManager.checkServerTrusted(X509Certificate[], String, SSLEngine) method.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultTLSCertificateChecker

public DefaultTLSCertificateChecker()

Method Detail

checkClient

public void checkClient(X509Certificate[] chain,
                        String authType,
                        SSLEngine engine,
                        X509ExtendedTrustManager baseTrustManager)
                 throws CertificateException

Description copied from interface: TLSCertificateChecker

This method allows an extension to replace the standard X509ExtendedTrustManager.checkClientTrusted(X509Certificate[], String, SSLEngine) method. This controls the certificate check used by Druid's server, checking certificates for internal requests made by other Druid services and user-submitted requests.

Specified by:

checkClient in interface TLSCertificateChecker

Parameters:

chain - See docs for X509ExtendedTrustManager.checkClientTrusted(X509Certificate[], String, SSLEngine).

authType - See docs for X509ExtendedTrustManager.checkClientTrusted(X509Certificate[], String, SSLEngine).

engine - See docs for X509ExtendedTrustManager.checkClientTrusted(X509Certificate[], String, SSLEngine).

baseTrustManager - The base trust manager. An extension should call baseTrustManager.checkClientTrusted(chain, authType, engine) if/when it wishes to use the standard check in addition to custom checks.

Throws:

CertificateException

checkServer

public void checkServer(X509Certificate[] chain,
                        String authType,
                        SSLEngine engine,
                        X509ExtendedTrustManager baseTrustManager)
                 throws CertificateException

Description copied from interface: TLSCertificateChecker

This method allows an extension to replace the standard X509ExtendedTrustManager.checkServerTrusted(X509Certificate[], String, SSLEngine) method. This controls the certificate check used by Druid's internal client, used to validate the certificates of other Druid services.

Specified by:

checkServer in interface TLSCertificateChecker

Parameters:

chain - See docs for X509ExtendedTrustManager.checkServerTrusted(X509Certificate[], String, SSLEngine).

authType - See docs for X509ExtendedTrustManager.checkServerTrusted(X509Certificate[], String, SSLEngine).

engine - See docs for X509ExtendedTrustManager.checkServerTrusted(X509Certificate[], String, SSLEngine).

baseTrustManager - The base trust manager. An extension should call baseTrustManager.checkServerTrusted(chain, authType, engine) if/when it wishes to use the standard check in addition to custom checks.

Throws:

CertificateException