Package org.apache.hadoop.security.ssl

Class ReloadingX509KeystoreManager

java.lang.Object

javax.net.ssl.X509ExtendedKeyManager

org.apache.hadoop.security.ssl.ReloadingX509KeystoreManager

All Implemented Interfaces:

KeyManager, X509KeyManager

@Private
@Evolving
public class ReloadingX509KeystoreManager
extends X509ExtendedKeyManager

An implementation of X509KeyManager that exposes a method, loadFrom(Path) to reload its configuration. Note that it is necessary to implement the X509ExtendedKeyManager to properly delegate the additional methods, otherwise the SSL handshake will fail.

Constructor Summary

Constructors

Constructor	Description
ReloadingX509KeystoreManager(String type, String location, String storePassword, String keyPassword)	Construct a Reloading509KeystoreManager

Method Summary

Modifier and Type	Method	Description
String	chooseClientAlias(String[] strings, Principal[] principals, Socket socket)
String	chooseEngineClientAlias(String[] strings, Principal[] principals, SSLEngine sslEngine)
String	chooseEngineServerAlias(String s, Principal[] principals, SSLEngine sslEngine)
String	chooseServerAlias(String s, Principal[] principals, Socket socket)
X509Certificate[]	getCertificateChain(String s)
String[]	getClientAliases(String s, Principal[] principals)
PrivateKey	getPrivateKey(String s)
String[]	getServerAliases(String s, Principal[] principals)
ReloadingX509KeystoreManager	loadFrom(Path path)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

ReloadingX509KeystoreManager

public ReloadingX509KeystoreManager(String type,
 String location,
 String storePassword,
 String keyPassword)
                             throws IOException,
GeneralSecurityException

Construct a Reloading509KeystoreManager

Parameters:

type - type of keystore file, typically 'jks'.

location - local path to the keystore file.

storePassword - password of the keystore file.

keyPassword - The password of the key.

Throws:

IOException - raised on errors performing I/O.

GeneralSecurityException - thrown if create encryptor error.

Method Details

chooseEngineClientAlias

public String chooseEngineClientAlias(String[] strings,
 Principal[] principals,
 SSLEngine sslEngine)

Overrides:

chooseEngineClientAlias in class X509ExtendedKeyManager

chooseEngineServerAlias

public String chooseEngineServerAlias(String s,
 Principal[] principals,
 SSLEngine sslEngine)

Overrides:

chooseEngineServerAlias in class X509ExtendedKeyManager

getClientAliases

public String[] getClientAliases(String s,
 Principal[] principals)

chooseClientAlias

public String chooseClientAlias(String[] strings,
 Principal[] principals,
 Socket socket)

getServerAliases

public String[] getServerAliases(String s,
 Principal[] principals)

chooseServerAlias

public String chooseServerAlias(String s,
 Principal[] principals,
 Socket socket)

getCertificateChain

public X509Certificate[] getCertificateChain(String s)

getPrivateKey

public PrivateKey getPrivateKey(String s)

loadFrom

public ReloadingX509KeystoreManager loadFrom(Path path)