Class SSLService

java.lang.Object
org.elasticsearch.xpack.core.ssl.SSLService

public class SSLService extends Object
Provides access to SSLEngine and SSLSocketFactory objects based on a provided configuration. All configurations loaded by this service must be configured on construction.
  • Constructor Details

    • SSLService

      public SSLService(Environment environment)
      Create a new SSLService that parses the settings for the ssl contexts that need to be created, creates them, and then caches them for use later
    • SSLService

      public SSLService(Environment environment, SSLService.LoadedSslConfigurations loadedConfiguration)
      Create a new SSLService using the provided SslConfiguration instances. The ssl contexts created from these configurations will be cached.
    • SSLService

      @Deprecated public SSLService(Settings settings, Environment environment)
      Deprecated.
  • Method Details

    • getExtensionSettings

      public static Collection<? extends Setting<?>> getExtensionSettings(List<SslProfileExtension> extensions)
    • createDynamicSSLService

      public SSLService createDynamicSSLService()
      Creates a new SSLService that supports dynamic creation of SSLContext instances. Instances created by this service will not be cached and will not be monitored for reloading. This dynamic server does have access to the cached and monitored instances that have been created during initialization
    • registerSettings

      public static void registerSettings(List<Setting<?>> settingList)
    • profile

      public SslProfile profile(String profileName)
      Return an encapsulated object for the named profile. A profile is named according to the settings prefix under which it is defined (e.g. xpack.http.ssl or xpack.security.transport.ssl
      Throws:
      IllegalArgumentException - if the named profile does not exist
    • sslIOSessionStrategy

      @Deprecated public org.apache.http.nio.conn.ssl.SSLIOSessionStrategy sslIOSessionStrategy(Settings settingsToUse)
      Deprecated.
      This method will fail if the SSL configuration uses a SecureSetting but the SecureSettings have been closed. Use profile(String) and SslProfile.ioSessionStrategy() (Deprecated, but not removed because monitoring uses dynamic SSL settings)
      Create a new SSLIOSessionStrategy based on the provided settings. The settings are used to identify the SSL configuration that should be used to create the context.
      Parameters:
      settingsToUse - the settings used to identify the ssl configuration, typically under a *.ssl. prefix. An empty settings will return a context created from the default configuration
      Returns:
      Never null.
    • isConfigurationValidForServerUsage

      public static boolean isConfigurationValidForServerUsage(SslConfiguration sslConfiguration)
      Returns whether the provided settings results in a valid configuration that can be used for server connections
      Parameters:
      sslConfiguration - the configuration to check
    • isSSLClientAuthEnabled

      public static boolean isSSLClientAuthEnabled(SslConfiguration sslConfiguration)
      Indicates whether client authentication is enabled for a particular configuration
    • sslConfiguration

      public SslConfiguration sslConfiguration(Settings settingsToUse)
      Returns the existing SslConfiguration for the given settings
      Parameters:
      settingsToUse - the settings for the ssl configuration
      Returns:
      the ssl configuration for the provided settings
    • getTransportProfileContextNames

      public Set<String> getTransportProfileContextNames()
    • getSSLConfigurations

      public static SSLService.LoadedSslConfigurations getSSLConfigurations(Environment env, List<SslProfileExtension> extensions)
    • getLoadedCertificates

      public Collection<CertificateInfo> getLoadedCertificates() throws GeneralSecurityException, IOException
      Returns information about each certificate that is referenced by any SSL configuration. This includes certificates used for identity (with a private key) and those used for trust, but excludes certificates that are provided by the JRE. Due to the nature of KeyStores, this may include certificates that are available, but never used such as a CA certificate that is no longer in use, or a server certificate for an unrelated host.
      Throws:
      GeneralSecurityException
      IOException
      See Also:
    • getHttpTransportSSLConfiguration

      public SslConfiguration getHttpTransportSSLConfiguration()
    • getTransportSSLConfiguration

      public SslConfiguration getTransportSSLConfiguration()
    • getSSLConfiguration

      public SslConfiguration getSSLConfiguration(String contextName)