java.lang.Object
org.elasticsearch.xpack.core.ssl.SSLService
Provides access to
SSLEngine and SSLSocketFactory objects based on a provided configuration. All
configurations loaded by this service must be configured on construction.-
Constructor Summary
ConstructorsConstructorDescriptionSSLService(Settings settings, Environment environment) Deprecated.SSLService(Environment environment) Create a new SSLService that parses the settings for the ssl contexts that need to be created, creates them, and then caches them for use laterSSLService(Environment environment, Map<String, SslConfiguration> sslConfigurations) Create a new SSLService using the providedSslConfigurationinstances. -
Method Summary
Modifier and TypeMethodDescriptionCreates a new SSLService that supports dynamic creation of SSLContext instances.createSSLEngine(SslConfiguration configuration, String host, int port) Creates anSSLEnginebased on the provided configuration.static HostnameVerifiergetHostnameVerifier(SslConfiguration sslConfiguration) Returns information about each certificate that is referenced by any SSL configuration.getSSLConfiguration(String contextName) static Map<String, SslConfiguration> static booleanisConfigurationValidForServerUsage(SslConfiguration sslConfiguration) Returns whether the provided settings results in a valid configuration that can be used for server connectionsstatic booleanisSSLClientAuthEnabled(SslConfiguration sslConfiguration) Indicates whether client authentication is enabled for a particular configurationstatic voidregisterSettings(List<Setting<?>> settingList) voidreloadSSLContext(SslConfiguration configuration) sslConfiguration(Settings settingsToUse) Returns the existingSslConfigurationfor the given settingssslContext(SslConfiguration configuration) Returns theSSLContextfor the configuration.org.apache.http.nio.conn.ssl.SSLIOSessionStrategysslIOSessionStrategy(Settings settingsToUse) Deprecated.org.apache.http.nio.conn.ssl.SSLIOSessionStrategysslIOSessionStrategy(SslConfiguration config) sslSocketFactory(SslConfiguration configuration) Create a newSSLSocketFactorybased on the provided configuration.
-
Constructor Details
-
SSLService
Create a new SSLService that parses the settings for the ssl contexts that need to be created, creates them, and then caches them for use later -
SSLService
Create a new SSLService using the providedSslConfigurationinstances. The ssl contexts created from these configurations will be cached. -
SSLService
Deprecated.
-
-
Method Details
-
createDynamicSSLService
Creates a new SSLService that supports dynamic creation of SSLContext instances. Instances created by this service will not be cached and will not be monitored for reloading. This dynamic server does have access to the cached and monitored instances that have been created during initialization -
registerSettings
-
sslIOSessionStrategy
@Deprecated public org.apache.http.nio.conn.ssl.SSLIOSessionStrategy sslIOSessionStrategy(Settings settingsToUse) Deprecated.This method will fail if the SSL configuration uses aSecureSettingbut theSecureSettingshave been closed. UsegetSSLConfiguration(String)andsslIOSessionStrategy(SslConfiguration)(Deprecated, but not removed because monitoring uses dynamic SSL settings)Create a newSSLIOSessionStrategybased on the provided settings. The settings are used to identify the SSL configuration that should be used to create the context.- Parameters:
settingsToUse- the settings used to identify the ssl configuration, typically under a *.ssl. prefix. An empty settings will return a context created from the default configuration- Returns:
- Never
null.
-
sslIOSessionStrategy
public org.apache.http.nio.conn.ssl.SSLIOSessionStrategy sslIOSessionStrategy(SslConfiguration config) -
getHostnameVerifier
-
sslSocketFactory
Create a newSSLSocketFactorybased on the provided configuration. The socket factory will also properly configure the ciphers and protocols on each socket that is created- Parameters:
configuration- The SSL configuration to use. Typically obtained fromgetSSLConfiguration(String)- Returns:
- Never
null.
-
createSSLEngine
Creates anSSLEnginebased on the provided configuration. This SSLEngine can be used for a connection that requires hostname verification assuming the provided host and port are correct. The SSLEngine created by this method is most useful for clients with hostname verification enabled- Parameters:
configuration- the ssl configurationhost- the host of the remote endpoint. If using hostname verification, this should match what is in the remote endpoint's certificateport- the port of the remote endpoint- Returns:
SSLEngine- See Also:
-
isConfigurationValidForServerUsage
Returns whether the provided settings results in a valid configuration that can be used for server connections- Parameters:
sslConfiguration- the configuration to check
-
isSSLClientAuthEnabled
Indicates whether client authentication is enabled for a particular configuration -
sslContext
Returns theSSLContextfor the configuration. Mainly used for testing -
reloadSSLContext
-
sslConfiguration
Returns the existingSslConfigurationfor the given settings- Parameters:
settingsToUse- the settings for the ssl configuration- Returns:
- the ssl configuration for the provided settings
-
getTransportProfileContextNames
-
getSSLConfigurations
-
getLoadedCertificates
public Collection<CertificateInfo> getLoadedCertificates() throws GeneralSecurityException, IOExceptionReturns information about each certificate that is referenced by any SSL configuration. This includes certificates used for identity (with a private key) and those used for trust, but excludes certificates that are provided by the JRE. Due to the nature of KeyStores, this may include certificates that are available, but never used such as a CA certificate that is no longer in use, or a server certificate for an unrelated host.- Throws:
GeneralSecurityExceptionIOException- See Also:
-
getHttpTransportSSLConfiguration
-
getTransportSSLConfiguration
-
getSSLConfiguration
-
SecureSettingbut theSecureSettingshave been closed.