org.apache.hadoop.security.ssl
Class SSLFactory

java.lang.Object
  extended by org.apache.hadoop.security.ssl.SSLFactory
All Implemented Interfaces:
ConnectionConfigurator

@InterfaceAudience.Private
@InterfaceStability.Evolving
public class SSLFactory
extends Object
implements ConnectionConfigurator

Factory that creates SSLEngine and SSLSocketFactory instances using Hadoop configuration information.

This SSLFactory uses a ReloadingX509TrustManager instance, which reloads public keys if the truststore file changes.

This factory is used to configure HTTPS in Hadoop HTTP based endpoints, both client and server.


Nested Class Summary
static class SSLFactory.Mode
           
 
Field Summary
static boolean DEFAULT_SSL_REQUIRE_CLIENT_CERT
           
static String KEYSTORES_FACTORY_CLASS_KEY
           
static String SSL_CLIENT_CONF_KEY
           
static String SSL_HOSTNAME_VERIFIER_KEY
           
static String SSL_REQUIRE_CLIENT_CERT_KEY
           
static String SSL_SERVER_CONF_KEY
           
static String SSLCERTIFICATE
           
 
Constructor Summary
SSLFactory(SSLFactory.Mode mode, Configuration conf)
          Creates an SSLFactory.
 
Method Summary
 HttpURLConnection configure(HttpURLConnection conn)
          If the given HttpURLConnection is an HttpsURLConnection configures the connection with the SSLSocketFactory and HostnameVerifier of this SSLFactory, otherwise does nothing.
 SSLEngine createSSLEngine()
          Returns a configured SSLEngine.
 SSLServerSocketFactory createSSLServerSocketFactory()
          Returns a configured SSLServerSocketFactory.
 SSLSocketFactory createSSLSocketFactory()
          Returns a configured SSLSocketFactory.
 void destroy()
          Releases any resources being used.
 HostnameVerifier getHostnameVerifier()
          Returns the hostname verifier it should be used in HttpsURLConnections.
 KeyStoresFactory getKeystoresFactory()
          Returns the SSLFactory KeyStoresFactory instance.
 void init()
          Initializes the factory.
 boolean isClientCertRequired()
          Returns if client certificates are required or not.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

SSL_REQUIRE_CLIENT_CERT_KEY

public static final String SSL_REQUIRE_CLIENT_CERT_KEY
See Also:
Constant Field Values

SSL_HOSTNAME_VERIFIER_KEY

public static final String SSL_HOSTNAME_VERIFIER_KEY
See Also:
Constant Field Values

SSL_CLIENT_CONF_KEY

public static final String SSL_CLIENT_CONF_KEY
See Also:
Constant Field Values

SSL_SERVER_CONF_KEY

public static final String SSL_SERVER_CONF_KEY
See Also:
Constant Field Values

SSLCERTIFICATE

public static final String SSLCERTIFICATE

DEFAULT_SSL_REQUIRE_CLIENT_CERT

public static final boolean DEFAULT_SSL_REQUIRE_CLIENT_CERT
See Also:
Constant Field Values

KEYSTORES_FACTORY_CLASS_KEY

public static final String KEYSTORES_FACTORY_CLASS_KEY
See Also:
Constant Field Values
Constructor Detail

SSLFactory

public SSLFactory(SSLFactory.Mode mode,
                  Configuration conf)
Creates an SSLFactory.

Parameters:
mode - SSLFactory mode, client or server.
conf - Hadoop configuration from where the SSLFactory configuration will be read.
Method Detail

init

public void init()
          throws GeneralSecurityException,
                 IOException
Initializes the factory.

Throws:
GeneralSecurityException - thrown if an SSL initialization error happened.
IOException - thrown if an IO error happened while reading the SSL configuration.

destroy

public void destroy()
Releases any resources being used.


getKeystoresFactory

public KeyStoresFactory getKeystoresFactory()
Returns the SSLFactory KeyStoresFactory instance.

Returns:
the SSLFactory KeyStoresFactory instance.

createSSLEngine

public SSLEngine createSSLEngine()
                          throws GeneralSecurityException,
                                 IOException
Returns a configured SSLEngine.

Returns:
the configured SSLEngine.
Throws:
GeneralSecurityException - thrown if the SSL engine could not be initialized.
IOException - thrown if and IO error occurred while loading the server keystore.

createSSLServerSocketFactory

public SSLServerSocketFactory createSSLServerSocketFactory()
                                                    throws GeneralSecurityException,
                                                           IOException
Returns a configured SSLServerSocketFactory.

Returns:
the configured SSLSocketFactory.
Throws:
GeneralSecurityException - thrown if the SSLSocketFactory could not be initialized.
IOException - thrown if and IO error occurred while loading the server keystore.

createSSLSocketFactory

public SSLSocketFactory createSSLSocketFactory()
                                        throws GeneralSecurityException,
                                               IOException
Returns a configured SSLSocketFactory.

Returns:
the configured SSLSocketFactory.
Throws:
GeneralSecurityException - thrown if the SSLSocketFactory could not be initialized.
IOException - thrown if and IO error occurred while loading the server keystore.

getHostnameVerifier

public HostnameVerifier getHostnameVerifier()
Returns the hostname verifier it should be used in HttpsURLConnections.

Returns:
the hostname verifier.

isClientCertRequired

public boolean isClientCertRequired()
Returns if client certificates are required or not.

Returns:
if client certificates are required or not.

configure

public HttpURLConnection configure(HttpURLConnection conn)
                            throws IOException
If the given HttpURLConnection is an HttpsURLConnection configures the connection with the SSLSocketFactory and HostnameVerifier of this SSLFactory, otherwise does nothing.

Specified by:
configure in interface ConnectionConfigurator
Parameters:
conn - the HttpURLConnection instance to configure.
Returns:
the configured HttpURLConnection instance.
Throws:
IOException - if an IO error occurred.


Copyright © 2009 The Apache Software Foundation