程序包 org.apache.pulsar.common.util

类 SecurityUtility

java.lang.Object

org.apache.pulsar.common.util.SecurityUtility

public class SecurityUtility
extends Object

Helper class for the security domain.

字段概要

字段

修饰符和类型	字段	说明
static final String	BC
static final String	BC_FIPS
static final String	BC_FIPS_PROVIDER_CLASS
static final String	BC_NON_FIPS_PROVIDER_CLASS
static final Provider	BC_PROVIDER
static final Provider	CONSCRYPT_PROVIDER
static final String	CONSCRYPT_PROVIDER_CLASS

构造器概要

构造器

构造器	说明
SecurityUtility()

方法概要

修饰符和类型	方法	说明
static void	configureSSLHandler(io.netty.handler.ssl.SslHandler handler)
static io.netty.handler.ssl.SslContext	createAutoRefreshSslContextForClient(io.netty.handler.ssl.SslProvider sslProvider, boolean allowInsecureConnection, String trustCertsFilePath, String certFilePath, String keyFilePath, String sslContextAlgorithm, int refreshDurationSec, ScheduledExecutorService executor)	Creates SslContext with capability to do auto-cert refresh.
static io.netty.handler.ssl.SslContext	createNettySslContextForClient(io.netty.handler.ssl.SslProvider sslProvider, boolean allowInsecureConnection, InputStream trustCertsStream, Certificate[] certificates, PrivateKey privateKey, Set<String> ciphers, Set<String> protocols)
static io.netty.handler.ssl.SslContext	createNettySslContextForClient(io.netty.handler.ssl.SslProvider sslProvider, boolean allowInsecureConnection, String trustCertsFilePath, String certFilePath, String keyFilePath, Set<String> ciphers, Set<String> protocols)
static io.netty.handler.ssl.SslContext	createNettySslContextForClient(io.netty.handler.ssl.SslProvider sslProvider, boolean allowInsecureConnection, String trustCertsFilePath, Certificate[] certificates, PrivateKey privateKey, Set<String> ciphers, Set<String> protocols)
static io.netty.handler.ssl.SslContext	createNettySslContextForClient(io.netty.handler.ssl.SslProvider sslProvider, boolean allowInsecureConnection, String trustCertsFilePath, Set<String> ciphers, Set<String> protocols)
static io.netty.handler.ssl.SslContext	createNettySslContextForServer(io.netty.handler.ssl.SslProvider sslProvider, boolean allowInsecureConnection, String trustCertsFilePath, String certFilePath, String keyFilePath, Set<String> ciphers, Set<String> protocols, boolean requireTrustedClientCertOnConnect)
static SSLContext	createSslContext(boolean allowInsecureConnection, String trustCertsFilePath, String certFilePath, String keyFilePath, String providerName)
static SSLContext	createSslContext(boolean allowInsecureConnection, Certificate[] trustCertificates, String providerName)
static SSLContext	createSslContext(boolean allowInsecureConnection, Certificate[] trustCertficates, Certificate[] certificates, PrivateKey privateKey)
static SSLContext	createSslContext(boolean allowInsecureConnection, Certificate[] trustCertficates, Certificate[] certificates, PrivateKey privateKey, String providerName)
static Provider	getBCProviderFromClassPath()	Get Bouncy Castle provider from classpath, and call Security.addProvider.
static Provider	getProvider()	Get Bouncy Castle provider, and call Security.addProvider(provider) if success. 1. try get from classpath. 2. try get from Nar.
static boolean	isBCFIPS()
static X509Certificate[]	loadCertificatesFromPemFile(String certFilePath)
static X509Certificate[]	loadCertificatesFromPemStream(InputStream inStream)
static PrivateKey	loadPrivateKeyFromPemFile(String keyFilePath)
static PrivateKey	loadPrivateKeyFromPemStream(InputStream inStream)
static TrustManager[]	processConscryptTrustManagers(TrustManager[] trustManagers)	Conscrypt TrustManager instances will be configured to use the Pulsar TlsHostnameVerifier class.
static Provider	resolveProvider(String providerName)

从类继承的方法 java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

字段详细资料

BC_PROVIDER

public static final Provider BC_PROVIDER

BC_FIPS_PROVIDER_CLASS

public static final String BC_FIPS_PROVIDER_CLASS

另请参阅:

• 常量字段值

BC_NON_FIPS_PROVIDER_CLASS

public static final String BC_NON_FIPS_PROVIDER_CLASS

另请参阅:

• 常量字段值

CONSCRYPT_PROVIDER_CLASS

public static final String CONSCRYPT_PROVIDER_CLASS

另请参阅:

• 常量字段值

CONSCRYPT_PROVIDER

public static final Provider CONSCRYPT_PROVIDER

BC_FIPS

public static final String BC_FIPS

另请参阅:

• 常量字段值

BC

public static final String BC

另请参阅:

• 常量字段值

构造器详细资料

SecurityUtility

public SecurityUtility()

方法详细资料

isBCFIPS

public static boolean isBCFIPS()

getProvider

public static Provider getProvider()

Get Bouncy Castle provider, and call Security.addProvider(provider) if success. 1. try get from classpath. 2. try get from Nar.

getBCProviderFromClassPath

public static Provider getBCProviderFromClassPath()
                                           throws Exception

Get Bouncy Castle provider from classpath, and call Security.addProvider. Throw Exception if failed.

抛出:

Exception

createSslContext

public static SSLContext createSslContext(boolean allowInsecureConnection,
 Certificate[] trustCertificates,
 String providerName)
                                   throws GeneralSecurityException

抛出:

GeneralSecurityException

createNettySslContextForClient

public static io.netty.handler.ssl.SslContext createNettySslContextForClient(io.netty.handler.ssl.SslProvider sslProvider,
 boolean allowInsecureConnection,
 String trustCertsFilePath,
 Set<String> ciphers,
 Set<String> protocols)
                                                                      throws GeneralSecurityException,
SSLException,
FileNotFoundException,
IOException

抛出:

GeneralSecurityException

SSLException

FileNotFoundException

IOException

createSslContext

public static SSLContext createSslContext(boolean allowInsecureConnection,
 String trustCertsFilePath,
 String certFilePath,
 String keyFilePath,
 String providerName)
                                   throws GeneralSecurityException

抛出:

GeneralSecurityException

createAutoRefreshSslContextForClient

public static io.netty.handler.ssl.SslContext createAutoRefreshSslContextForClient(io.netty.handler.ssl.SslProvider sslProvider,
 boolean allowInsecureConnection,
 String trustCertsFilePath,
 String certFilePath,
 String keyFilePath,
 String sslContextAlgorithm,
 int refreshDurationSec,
 ScheduledExecutorService executor)
                                                                            throws GeneralSecurityException,
SSLException,
FileNotFoundException,
IOException

Creates SslContext with capability to do auto-cert refresh.

参数:

allowInsecureConnection -

trustCertsFilePath -

certFilePath -

keyFilePath -

sslContextAlgorithm -

refreshDurationSec -

executor -

返回:

抛出:

GeneralSecurityException

SSLException

FileNotFoundException

IOException

createNettySslContextForClient

public static io.netty.handler.ssl.SslContext createNettySslContextForClient(io.netty.handler.ssl.SslProvider sslProvider,
 boolean allowInsecureConnection,
 String trustCertsFilePath,
 String certFilePath,
 String keyFilePath,
 Set<String> ciphers,
 Set<String> protocols)
                                                                      throws GeneralSecurityException,
SSLException,
FileNotFoundException,
IOException

抛出:

GeneralSecurityException

SSLException

FileNotFoundException

IOException

createNettySslContextForClient

public static io.netty.handler.ssl.SslContext createNettySslContextForClient(io.netty.handler.ssl.SslProvider sslProvider,
 boolean allowInsecureConnection,
 String trustCertsFilePath,
 Certificate[] certificates,
 PrivateKey privateKey,
 Set<String> ciphers,
 Set<String> protocols)
                                                                      throws GeneralSecurityException,
SSLException,
FileNotFoundException,
IOException

抛出:

GeneralSecurityException

SSLException

FileNotFoundException

IOException

createNettySslContextForClient

public static io.netty.handler.ssl.SslContext createNettySslContextForClient(io.netty.handler.ssl.SslProvider sslProvider,
 boolean allowInsecureConnection,
 InputStream trustCertsStream,
 Certificate[] certificates,
 PrivateKey privateKey,
 Set<String> ciphers,
 Set<String> protocols)
                                                                      throws GeneralSecurityException,
SSLException,
FileNotFoundException,
IOException

抛出:

GeneralSecurityException

SSLException

FileNotFoundException

IOException

createNettySslContextForServer

public static io.netty.handler.ssl.SslContext createNettySslContextForServer(io.netty.handler.ssl.SslProvider sslProvider,
 boolean allowInsecureConnection,
 String trustCertsFilePath,
 String certFilePath,
 String keyFilePath,
 Set<String> ciphers,
 Set<String> protocols,
 boolean requireTrustedClientCertOnConnect)
                                                                      throws GeneralSecurityException,
SSLException,
FileNotFoundException,
IOException

抛出:

GeneralSecurityException

SSLException

FileNotFoundException

IOException

createSslContext

public static SSLContext createSslContext(boolean allowInsecureConnection,
 Certificate[] trustCertficates,
 Certificate[] certificates,
 PrivateKey privateKey)
                                   throws GeneralSecurityException

抛出:

GeneralSecurityException

createSslContext

public static SSLContext createSslContext(boolean allowInsecureConnection,
 Certificate[] trustCertficates,
 Certificate[] certificates,
 PrivateKey privateKey,
 String providerName)
                                   throws GeneralSecurityException

抛出:

GeneralSecurityException

processConscryptTrustManagers

@Private
public static TrustManager[] processConscryptTrustManagers(TrustManager[] trustManagers)

Conscrypt TrustManager instances will be configured to use the Pulsar TlsHostnameVerifier class. This method is used as a workaround for https://github.com/google/conscrypt/issues/1015 when Conscrypt / OpenSSL is used as the TLS security provider.

参数:

trustManagers - the array of TrustManager instances to process.

返回:

same instance passed as parameter

loadCertificatesFromPemFile

public static X509Certificate[] loadCertificatesFromPemFile(String certFilePath)
                                                     throws KeyManagementException

抛出:

KeyManagementException

loadCertificatesFromPemStream

public static X509Certificate[] loadCertificatesFromPemStream(InputStream inStream)
                                                       throws KeyManagementException

抛出:

KeyManagementException

loadPrivateKeyFromPemFile

public static PrivateKey loadPrivateKeyFromPemFile(String keyFilePath)
                                            throws KeyManagementException

抛出:

KeyManagementException

loadPrivateKeyFromPemStream

public static PrivateKey loadPrivateKeyFromPemStream(InputStream inStream)
                                              throws KeyManagementException

抛出:

KeyManagementException

configureSSLHandler

public static void configureSSLHandler(io.netty.handler.ssl.SslHandler handler)

resolveProvider

public static Provider resolveProvider(String providerName)
                                throws NoSuchAlgorithmException

抛出:

NoSuchAlgorithmException