Class SSLService

java.lang.Object
org.elasticsearch.xpack.core.ssl.SSLService

public class SSLService extends Object
Provides access to SSLEngine and SSLSocketFactory objects based on a provided configuration. All configurations loaded by this service must be configured on construction.
  • Constructor Details

    • SSLService

      public SSLService(Environment environment)
      Create a new SSLService that parses the settings for the ssl contexts that need to be created, creates them, and then caches them for use later
    • SSLService

      public SSLService(Environment environment, Map<String,SslConfiguration> sslConfigurations)
      Create a new SSLService using the provided SslConfiguration instances. The ssl contexts created from these configurations will be cached.
    • SSLService

      @Deprecated public SSLService(Settings settings, Environment environment)
      Deprecated.
  • Method Details

    • createDynamicSSLService

      public SSLService createDynamicSSLService()
      Creates a new SSLService that supports dynamic creation of SSLContext instances. Instances created by this service will not be cached and will not be monitored for reloading. This dynamic server does have access to the cached and monitored instances that have been created during initialization
    • registerSettings

      public static void registerSettings(List<Setting<?>> settingList)
    • sslIOSessionStrategy

      @Deprecated public org.apache.http.nio.conn.ssl.SSLIOSessionStrategy sslIOSessionStrategy(Settings settingsToUse)
      Deprecated.
      This method will fail if the SSL configuration uses a SecureSetting but the SecureSettings have been closed. Use getSSLConfiguration(String) and sslIOSessionStrategy(SslConfiguration) (Deprecated, but not removed because monitoring uses dynamic SSL settings)
      Create a new SSLIOSessionStrategy based on the provided settings. The settings are used to identify the SSL configuration that should be used to create the context.
      Parameters:
      settingsToUse - the settings used to identify the ssl configuration, typically under a *.ssl. prefix. An empty settings will return a context created from the default configuration
      Returns:
      Never null.
    • sslIOSessionStrategy

      public org.apache.http.nio.conn.ssl.SSLIOSessionStrategy sslIOSessionStrategy(SslConfiguration config)
    • getHostnameVerifier

      public static HostnameVerifier getHostnameVerifier(SslConfiguration sslConfiguration)
    • sslSocketFactory

      public SSLSocketFactory sslSocketFactory(SslConfiguration configuration)
      Create a new SSLSocketFactory based on the provided configuration. The socket factory will also properly configure the ciphers and protocols on each socket that is created
      Parameters:
      configuration - The SSL configuration to use. Typically obtained from getSSLConfiguration(String)
      Returns:
      Never null.
    • createSSLEngine

      public SSLEngine createSSLEngine(SslConfiguration configuration, String host, int port)
      Creates an SSLEngine based on the provided configuration. This SSLEngine can be used for a connection that requires hostname verification assuming the provided host and port are correct. The SSLEngine created by this method is most useful for clients with hostname verification enabled
      Parameters:
      configuration - the ssl configuration
      host - the host of the remote endpoint. If using hostname verification, this should match what is in the remote endpoint's certificate
      port - the port of the remote endpoint
      Returns:
      SSLEngine
      See Also:
    • isConfigurationValidForServerUsage

      public static boolean isConfigurationValidForServerUsage(SslConfiguration sslConfiguration)
      Returns whether the provided settings results in a valid configuration that can be used for server connections
      Parameters:
      sslConfiguration - the configuration to check
    • isSSLClientAuthEnabled

      public static boolean isSSLClientAuthEnabled(SslConfiguration sslConfiguration)
      Indicates whether client authentication is enabled for a particular configuration
    • sslContext

      public SSLContext sslContext(SslConfiguration configuration)
      Returns the SSLContext for the configuration. Mainly used for testing
    • reloadSSLContext

      public void reloadSSLContext(SslConfiguration configuration)
    • sslConfiguration

      public SslConfiguration sslConfiguration(Settings settingsToUse)
      Returns the existing SslConfiguration for the given settings
      Parameters:
      settingsToUse - the settings for the ssl configuration
      Returns:
      the ssl configuration for the provided settings
    • getTransportProfileContextNames

      public Set<String> getTransportProfileContextNames()
    • getSSLConfigurations

      public static Map<String,SslConfiguration> getSSLConfigurations(Environment env)
    • getLoadedCertificates

      public Collection<CertificateInfo> getLoadedCertificates() throws GeneralSecurityException, IOException
      Returns information about each certificate that is referenced by any SSL configuration. This includes certificates used for identity (with a private key) and those used for trust, but excludes certificates that are provided by the JRE. Due to the nature of KeyStores, this may include certificates that are available, but never used such as a CA certificate that is no longer in use, or a server certificate for an unrelated host.
      Throws:
      GeneralSecurityException
      IOException
      See Also:
    • getHttpTransportSSLConfiguration

      public SslConfiguration getHttpTransportSSLConfiguration()
    • getTransportSSLConfiguration

      public SslConfiguration getTransportSSLConfiguration()
    • getSSLConfiguration

      public SslConfiguration getSSLConfiguration(String contextName)