java.lang.Object
org.elasticsearch.common.ssl.SslConfigurationKeys
Utility class for handling the standard setting keys for use in SSL configuration.
- See Also:
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final StringThe path to a PEM formatted file that contains the certificate to be used as part of key managementstatic final StringA list of paths to PEM formatted certificates that should be trusted as CAsstatic final StringThe SSL/TLS cipher suites that should be usedstatic final StringWhen operating as a server, whether to request/require client certificatesstatic final StringThe timeout for TLS handshakes in this context.static final StringThe path to a PEM formatted file that contains the private key for the configuredCERTIFICATE.static final StringThe password to read the configuredKEY, as a non-secure setting.static final StringThe password to read the configuredKEY, as a secure setting.static final StringThekey management algorithmto use when constructing a Key manager from akeystore.static final StringThe password for the key within theconfigured keystore, as a non-secure setting.static final StringThe password for the file configured inKEYSTORE_PATH, as a non-secure setting.static final StringThe path to a KeyStore file (in a format supported by this JRE) that should be used for key managementstatic final StringThe password for the key within theconfigured keystore, as a secure setting.static final StringThe password for the file configured inKEYSTORE_PATH, as a secure setting.static final StringThekeystore typefor the file configured inKEYSTORE_PATH.static final StringThe SSL/TLS protocols (i.e.static final StringThe fields from the X509 certificate used for restricted trust.static final StringThetrust management algorithmto use when configuring trust with atruststore.static final StringThe password for the file configured inTRUSTSTORE_PATH, as a non-secure setting.static final StringThe path to a KeyStore file (in a format supported by this JRE) that should be used as a trust-storestatic final StringThe password for the file configured inTRUSTSTORE_PATH, as a secure setting.static final StringThekeystore typefor the file configured inTRUSTSTORE_PATH.static final StringWhether certificate and/or hostname verification should be used -
Method Summary
Modifier and TypeMethodDescriptionThe list of keys that are used to load a non-secure, list settingThe list of keys that are used to load a secure setting (such as a password) that would typically be stored in the elasticsearch keystore.The list of keys that are used to load a non-secure, non-list settingstatic booleanisDeprecated(String key)
-
Field Details
-
PROTOCOLS
The SSL/TLS protocols (i.e. versions) that should be used- See Also:
-
CIPHERS
The SSL/TLS cipher suites that should be used- See Also:
-
VERIFICATION_MODE
Whether certificate and/or hostname verification should be used- See Also:
-
CLIENT_AUTH
When operating as a server, whether to request/require client certificates- See Also:
-
CERTIFICATE_AUTHORITIES
A list of paths to PEM formatted certificates that should be trusted as CAs- See Also:
-
TRUSTSTORE_PATH
The path to a KeyStore file (in a format supported by this JRE) that should be used as a trust-store- See Also:
-
TRUSTSTORE_SECURE_PASSWORD
The password for the file configured inTRUSTSTORE_PATH, as a secure setting.- See Also:
-
TRUSTSTORE_LEGACY_PASSWORD
The password for the file configured inTRUSTSTORE_PATH, as a non-secure setting. The use of this settingis deprecated.- See Also:
-
TRUSTSTORE_TYPE
Thekeystore typefor the file configured inTRUSTSTORE_PATH.- See Also:
-
TRUSTSTORE_ALGORITHM
Thetrust management algorithmto use when configuring trust with atruststore.- See Also:
-
TRUST_RESTRICTIONS_X509_FIELDS
The fields from the X509 certificate used for restricted trust. Internationally omitted from the list of setting returned by methods in this class. This is not a general purpose ssl configuration.- See Also:
-
KEYSTORE_PATH
The path to a KeyStore file (in a format supported by this JRE) that should be used for key management- See Also:
-
KEYSTORE_SECURE_PASSWORD
The password for the file configured inKEYSTORE_PATH, as a secure setting.- See Also:
-
KEYSTORE_LEGACY_PASSWORD
The password for the file configured inKEYSTORE_PATH, as a non-secure setting. The use of this settingis deprecated.- See Also:
-
KEYSTORE_SECURE_KEY_PASSWORD
The password for the key within theconfigured keystore, as a secure setting. If no key password is specified, it will default to the keystore password.- See Also:
-
KEYSTORE_LEGACY_KEY_PASSWORD
The password for the key within theconfigured keystore, as a non-secure setting. The use of this settingis deprecated. If no key password is specified, it will default to the keystore password.- See Also:
-
KEYSTORE_TYPE
Thekeystore typefor the file configured inKEYSTORE_PATH.- See Also:
-
KEYSTORE_ALGORITHM
Thekey management algorithmto use when constructing a Key manager from akeystore.- See Also:
-
CERTIFICATE
The path to a PEM formatted file that contains the certificate to be used as part of key management- See Also:
-
KEY
The path to a PEM formatted file that contains the private key for the configuredCERTIFICATE.- See Also:
-
KEY_SECURE_PASSPHRASE
The password to read the configuredKEY, as a secure setting. This (or thelegacy fallback) is required if the key file is encrypted.- See Also:
-
KEY_LEGACY_PASSPHRASE
The password to read the configuredKEY, as a non-secure setting. The use of this settingis deprecated.- See Also:
-
HANDSHAKE_TIMEOUT
The timeout for TLS handshakes in this context.- See Also:
-
-
Method Details
-
getStringKeys
The list of keys that are used to load a non-secure, non-list setting -
getListKeys
The list of keys that are used to load a non-secure, list setting -
getSecureStringKeys
The list of keys that are used to load a secure setting (such as a password) that would typically be stored in the elasticsearch keystore. -
isDeprecated
- Returns:
trueif the provided key is a deprecated setting
-