java.lang.Object
org.elasticsearch.xpack.core.ssl.SSLService
Provides access to
SSLEngine and SSLSocketFactory objects based on a provided configuration. All
configurations loaded by this service must be configured on construction.-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic classUsed for sharing internal configuration information betweenSSLServiceandSSLConfigurationReloader -
Constructor Summary
ConstructorsConstructorDescriptionSSLService(Settings settings, Environment environment) Deprecated.SSLService(Environment environment) Create a new SSLService that parses the settings for the ssl contexts that need to be created, creates them, and then caches them for use laterSSLService(Environment environment, SSLService.LoadedSslConfigurations loadedConfiguration) Create a new SSLService using the providedSslConfigurationinstances. -
Method Summary
Modifier and TypeMethodDescriptionCreates a new SSLService that supports dynamic creation of SSLContext instances.static Collection<? extends Setting<?>> getExtensionSettings(List<SslProfileExtension> extensions) Returns information about each certificate that is referenced by any SSL configuration.getSSLConfiguration(String contextName) getSSLConfigurations(Environment env, List<SslProfileExtension> extensions) static booleanisConfigurationValidForServerUsage(SslConfiguration sslConfiguration) Returns whether the provided settings results in a valid configuration that can be used for server connectionsstatic booleanisSSLClientAuthEnabled(SslConfiguration sslConfiguration) Indicates whether client authentication is enabled for a particular configurationReturn an encapsulated object for the named profile.static voidregisterSettings(List<Setting<?>> settingList) sslConfiguration(Settings settingsToUse) Returns the existingSslConfigurationfor the given settingsorg.apache.http.nio.conn.ssl.SSLIOSessionStrategysslIOSessionStrategy(Settings settingsToUse) Deprecated.
-
Constructor Details
-
SSLService
Create a new SSLService that parses the settings for the ssl contexts that need to be created, creates them, and then caches them for use later -
SSLService
Create a new SSLService using the providedSslConfigurationinstances. The ssl contexts created from these configurations will be cached. -
SSLService
Deprecated.
-
-
Method Details
-
getExtensionSettings
public static Collection<? extends Setting<?>> getExtensionSettings(List<SslProfileExtension> extensions) -
createDynamicSSLService
Creates a new SSLService that supports dynamic creation of SSLContext instances. Instances created by this service will not be cached and will not be monitored for reloading. This dynamic server does have access to the cached and monitored instances that have been created during initialization -
registerSettings
-
profile
Return an encapsulated object for the named profile. A profile is named according to the settings prefix under which it is defined (e.g.xpack.http.sslorxpack.security.transport.ssl- Throws:
IllegalArgumentException- if the named profile does not exist
-
sslIOSessionStrategy
@Deprecated public org.apache.http.nio.conn.ssl.SSLIOSessionStrategy sslIOSessionStrategy(Settings settingsToUse) Deprecated.This method will fail if the SSL configuration uses aSecureSettingbut theSecureSettingshave been closed. Useprofile(String)andSslProfile.ioSessionStrategy()(Deprecated, but not removed because monitoring uses dynamic SSL settings)Create a newSSLIOSessionStrategybased on the provided settings. The settings are used to identify the SSL configuration that should be used to create the context.- Parameters:
settingsToUse- the settings used to identify the ssl configuration, typically under a *.ssl. prefix. An empty settings will return a context created from the default configuration- Returns:
- Never
null.
-
isConfigurationValidForServerUsage
Returns whether the provided settings results in a valid configuration that can be used for server connections- Parameters:
sslConfiguration- the configuration to check
-
isSSLClientAuthEnabled
Indicates whether client authentication is enabled for a particular configuration -
sslConfiguration
Returns the existingSslConfigurationfor the given settings- Parameters:
settingsToUse- the settings for the ssl configuration- Returns:
- the ssl configuration for the provided settings
-
getTransportProfileContextNames
-
getSSLConfigurations
public static SSLService.LoadedSslConfigurations getSSLConfigurations(Environment env, List<SslProfileExtension> extensions) -
getLoadedCertificates
public Collection<CertificateInfo> getLoadedCertificates() throws GeneralSecurityException, IOExceptionReturns information about each certificate that is referenced by any SSL configuration. This includes certificates used for identity (with a private key) and those used for trust, but excludes certificates that are provided by the JRE. Due to the nature of KeyStores, this may include certificates that are available, but never used such as a CA certificate that is no longer in use, or a server certificate for an unrelated host.- Throws:
GeneralSecurityExceptionIOException- See Also:
-
getHttpTransportSSLConfiguration
-
getTransportSSLConfiguration
-
getSSLConfiguration
-
SecureSettingbut theSecureSettingshave been closed.