Package org.elasticsearch.common.ssl

Class SslConfigurationLoader

java.lang.Object
org.elasticsearch.common.ssl.SslConfigurationLoader
public abstract class SslConfigurationLoader
extends java.lang.Object
Loads SslConfiguration from settings. This class handles the logic of interpreting the various "ssl.*" configuration settings and their interactions (as well as being aware of dependencies and conflicts between different settings). The constructed SslConfiguration has sensible defaults for any settings that are not explicitly configured, and these defaults can be overridden through the various setDefaultXyz methods. It is abstract because this library has minimal dependencies, so the extraction of the setting values from the underlying setting source must be handled by the code that makes use of this class.
See Also:
SslConfiguration, SslConfigurationKeys

  • Constructor Summary

    Constructors
    Constructor Description
    SslConfigurationLoader​(java.lang.String settingPrefix)
    Construct a new loader with the "standard" default values.

  • Method Summary

    Modifier and Type Method Description
    protected abstract char[] getSecureSetting​(java.lang.String key)
    Clients of this class should implement this method to load a fully-qualified key from the preferred secure settings source.
    protected abstract java.util.List<java.lang.String> getSettingAsList​(java.lang.String key)
    Clients of this class should implement this method to load a fully-qualified key from the preferred settings source.
    protected abstract java.lang.String getSettingAsString​(java.lang.String key)
    Clients of this class should implement this method to load a fully-qualified key from the preferred settings source.
    SslConfiguration load​(java.nio.file.Path basePath)
    Resolve all necessary configuration settings, and load a SslConfiguration.
    void setDefaultCiphers​(java.util.List<java.lang.String> defaultCiphers)
    Change the default supported ciphers.
    void setDefaultClientAuth​(SslClientAuthenticationMode defaultClientAuth)
    Change the default client authentication mode.
    void setDefaultKeyConfig​(SslKeyConfig defaultKeyConfig)
    Change the default key config.
    void setDefaultProtocols​(java.util.List<java.lang.String> defaultProtocols)
    Change the default SSL/TLS protocol list.
    void setDefaultTrustConfig​(SslTrustConfig defaultTrustConfig)
    Change the default trust config.
    void setDefaultVerificationMode​(SslVerificationMode defaultVerificationMode)
    Change the default verification mode.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • SslConfigurationLoader

      public SslConfigurationLoader​(java.lang.String settingPrefix)
      Construct a new loader with the "standard" default values.
      Parameters:
      settingPrefix - The prefix to apply to all settings that are loaded. It may be the empty string, otherwise it must end in a "." (period). For example, if the prefix is "reindex.ssl." then the keys that are passed to methods like getSettingAsString(String) will be in the form "reindex.ssl.verification_mode", and those same keys will be reported in error messages (via SslConfigException).

  • Method Details

    • setDefaultTrustConfig

      public void setDefaultTrustConfig​(SslTrustConfig defaultTrustConfig)
      Change the default trust config. The initial trust config is DefaultJdkTrustConfig, which trusts the JDK's default CA certs

    • setDefaultKeyConfig

      public void setDefaultKeyConfig​(SslKeyConfig defaultKeyConfig)
      Change the default key config. The initial key config is EmptyKeyConfig, which does not provide any keys

    • setDefaultVerificationMode

      public void setDefaultVerificationMode​(SslVerificationMode defaultVerificationMode)
      Change the default verification mode. The initial verification mode is SslVerificationMode.FULL.

    • setDefaultClientAuth

      public void setDefaultClientAuth​(SslClientAuthenticationMode defaultClientAuth)
      Change the default client authentication mode. The initial client auth mode is SslClientAuthenticationMode.OPTIONAL.

    • setDefaultCiphers

      public void setDefaultCiphers​(java.util.List<java.lang.String> defaultCiphers)
      Change the default supported ciphers. The initial cipher list depends on the availability of 256 bit AES.
      See Also:
      loadDefaultCiphers()

    • setDefaultProtocols

      public void setDefaultProtocols​(java.util.List<java.lang.String> defaultProtocols)
      Change the default SSL/TLS protocol list. The initial protocol list is defined by DEFAULT_PROTOCOLS

    • getSettingAsString

      protected abstract java.lang.String getSettingAsString​(java.lang.String key) throws java.lang.Exception
      Clients of this class should implement this method to load a fully-qualified key from the preferred settings source. This method will be called for basic string settings (see SslConfigurationKeys.getStringKeys()).

      The setting should be returned as a string, and this class will convert it to the relevant type.

      Throws:
      java.lang.Exception - If a RuntimeException is thrown, it will be rethrown unwrapped. All checked exceptions are wrapped in SslConfigException before being rethrown.

    • getSecureSetting

      protected abstract char[] getSecureSetting​(java.lang.String key) throws java.lang.Exception
      Clients of this class should implement this method to load a fully-qualified key from the preferred secure settings source. This method will be called for any setting keys that are marked as being secure settings.
      Throws:
      java.lang.Exception - If a RuntimeException is thrown, it will be rethrown unwrapped. All checked exceptions are wrapped in SslConfigException before being rethrown.

    • getSettingAsList

      protected abstract java.util.List<java.lang.String> getSettingAsList​(java.lang.String key) throws java.lang.Exception
      Clients of this class should implement this method to load a fully-qualified key from the preferred settings source. This method will be called for list settings (see SslConfigurationKeys.getListKeys()).

      The setting should be returned as a list of strings, and this class will convert the values to the relevant type.

      Throws:
      java.lang.Exception - If a RuntimeException is thrown, it will be rethrown unwrapped. All checked exceptions are wrapped in SslConfigException before being rethrown.

    • load

      public SslConfiguration load​(java.nio.file.Path basePath)
      Resolve all necessary configuration settings, and load a SslConfiguration.
      Parameters:
      basePath - The base path to use for any settings that represent file paths. Typically points to the Elasticsearch configuration directory.
      Throws:
      SslConfigException - For any problems with the configuration, or with loading the required SSL classes.