Package org.apache.cassandra.config
Class EncryptionOptions
- java.lang.Object
-
- org.apache.cassandra.config.EncryptionOptions
-
- Direct Known Subclasses:
EncryptionOptions.ServerEncryptionOptions
public class EncryptionOptions extends java.lang.Object
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
EncryptionOptions.ServerEncryptionOptions
static class
EncryptionOptions.TlsEncryptionPolicy
-
Field Summary
Fields Modifier and Type Field Description protected java.util.List<java.lang.String>
accepted_protocols
java.lang.String
algorithm
java.util.List<java.lang.String>
cipher_suites
protected java.lang.Boolean
enabled
protected java.lang.Boolean
isEnabled
protected java.lang.Boolean
isOptional
java.lang.String
keystore
java.lang.String
keystore_password
protected java.lang.Boolean
optional
protected java.lang.String
protocol
boolean
require_client_auth
boolean
require_endpoint_verification
java.lang.String
store_type
java.lang.String
truststore
java.lang.String
truststore_password
-
Constructor Summary
Constructors Constructor Description EncryptionOptions()
EncryptionOptions(java.lang.String keystore, java.lang.String keystore_password, java.lang.String truststore, java.lang.String truststore_password, java.util.List<java.lang.String> cipher_suites, java.lang.String protocol, java.util.List<java.lang.String> accepted_protocols, java.lang.String algorithm, java.lang.String store_type, boolean require_client_auth, boolean require_endpoint_verification, java.lang.Boolean enabled, java.lang.Boolean optional)
EncryptionOptions(EncryptionOptions options)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description java.util.List<java.lang.String>
acceptedProtocols()
Combine the pre-4.0 protocol field with the accepted_protocols list, substituting a list of explicit protocols for the previous catchall default of "TLS"java.lang.String[]
acceptedProtocolsArray()
EncryptionOptions
applyConfig()
java.lang.String[]
cipherSuitesArray()
boolean
equals(java.lang.Object o)
The method is being mainly used to cache SslContexts therefore, we only consider fields that would make a difference when the TrustStore or KeyStore files are updatedint
hashCode()
The method is being mainly used to cache SslContexts therefore, we only consider fields that would make a difference when the TrustStore or KeyStore files are updatedjava.lang.Boolean
isEnabled()
Indicates if the channel should be encrypted.java.lang.Boolean
isOptional()
Indicates if the channel may be encrypted (but is not required to be).void
setaccepted_protocols(java.util.List<java.lang.String> accepted_protocols)
Sets accepted TLS protocols for this channel.void
setEnabled(java.lang.Boolean enabled)
Sets if encryption should be enabled for this channel.void
setOptional(boolean optional)
Sets if encryption should be optional for this channel.void
setProtocol(java.lang.String protocol)
Sets accepted TLS protocol for this channel.EncryptionOptions.TlsEncryptionPolicy
tlsEncryptionPolicy()
EncryptionOptions
withAcceptedProtocols(java.util.List<java.lang.String> accepted_protocols)
EncryptionOptions
withAlgorithm(java.lang.String algorithm)
EncryptionOptions
withCipherSuites(java.lang.String... cipher_suites)
EncryptionOptions
withCipherSuites(java.util.List<java.lang.String> cipher_suites)
EncryptionOptions
withEnabled(boolean enabled)
EncryptionOptions
withKeyStore(java.lang.String keystore)
EncryptionOptions
withKeyStorePassword(java.lang.String keystore_password)
EncryptionOptions
withOptional(java.lang.Boolean optional)
EncryptionOptions
withProtocol(java.lang.String protocol)
EncryptionOptions
withRequireClientAuth(boolean require_client_auth)
EncryptionOptions
withRequireEndpointVerification(boolean require_endpoint_verification)
EncryptionOptions
withStoreType(java.lang.String store_type)
EncryptionOptions
withTrustStore(java.lang.String truststore)
EncryptionOptions
withTrustStorePassword(java.lang.String truststore_password)
-
-
-
Field Detail
-
keystore
public final java.lang.String keystore
-
keystore_password
public final java.lang.String keystore_password
-
truststore
public final java.lang.String truststore
-
truststore_password
public final java.lang.String truststore_password
-
cipher_suites
public final java.util.List<java.lang.String> cipher_suites
-
protocol
protected java.lang.String protocol
-
accepted_protocols
protected java.util.List<java.lang.String> accepted_protocols
-
algorithm
public final java.lang.String algorithm
-
store_type
public final java.lang.String store_type
-
require_client_auth
public final boolean require_client_auth
-
require_endpoint_verification
public final boolean require_endpoint_verification
-
enabled
protected java.lang.Boolean enabled
-
optional
protected java.lang.Boolean optional
-
isEnabled
protected java.lang.Boolean isEnabled
-
isOptional
protected java.lang.Boolean isOptional
-
-
Constructor Detail
-
EncryptionOptions
public EncryptionOptions()
-
EncryptionOptions
public EncryptionOptions(java.lang.String keystore, java.lang.String keystore_password, java.lang.String truststore, java.lang.String truststore_password, java.util.List<java.lang.String> cipher_suites, java.lang.String protocol, java.util.List<java.lang.String> accepted_protocols, java.lang.String algorithm, java.lang.String store_type, boolean require_client_auth, boolean require_endpoint_verification, java.lang.Boolean enabled, java.lang.Boolean optional)
-
EncryptionOptions
public EncryptionOptions(EncryptionOptions options)
-
-
Method Detail
-
applyConfig
public EncryptionOptions applyConfig()
-
isEnabled
public java.lang.Boolean isEnabled()
Indicates if the channel should be encrypted. Client and Server uses different logic to determine this- Returns:
- if the channel should be encrypted
-
setEnabled
public void setEnabled(java.lang.Boolean enabled)
Sets if encryption should be enabled for this channel. Note that this should only be called by the configuration parser or tests. It is public only for that purpose, mutating enabled state is probably a bad idea.- Parameters:
enabled
- value to set
-
isOptional
public java.lang.Boolean isOptional()
Indicates if the channel may be encrypted (but is not required to be). Explicitly providing a value in the configuration take precedent. If no optional value is set and !isEnabled(), then optional connections are allowed if a keystore exists. Without it, it would be impossible to establish the connections. Return type is Boolean even though it can never be null so that snakeyaml can find it- Returns:
- if the channel may be encrypted
-
setOptional
public void setOptional(boolean optional)
Sets if encryption should be optional for this channel. Note that this should only be called by the configuration parser or tests. It is public only for that purpose, mutating enabled state is probably a bad idea.- Parameters:
optional
- value to set
-
setProtocol
public void setProtocol(java.lang.String protocol)
Sets accepted TLS protocol for this channel. Note that this should only be called by the configuration parser or tests. It is public only for that purpose, mutating protocol state is probably a bad idea.- Parameters:
protocol
- value to set
-
setaccepted_protocols
public void setaccepted_protocols(java.util.List<java.lang.String> accepted_protocols)
Sets accepted TLS protocols for this channel. Note that this should only be called by the configuration parser or tests. It is public only for that purpose, mutating protocol state is probably a bad idea. The function casing is required for snakeyaml to find this setter for the protected field.- Parameters:
accepted_protocols
- value to set
-
acceptedProtocols
public java.util.List<java.lang.String> acceptedProtocols()
Combine the pre-4.0 protocol field with the accepted_protocols list, substituting a list of explicit protocols for the previous catchall default of "TLS"- Returns:
- array of protocol names suitable for passing to SslContextBuilder.protocols, or null if the default
-
acceptedProtocolsArray
public java.lang.String[] acceptedProtocolsArray()
-
cipherSuitesArray
public java.lang.String[] cipherSuitesArray()
-
tlsEncryptionPolicy
public EncryptionOptions.TlsEncryptionPolicy tlsEncryptionPolicy()
-
withKeyStore
public EncryptionOptions withKeyStore(java.lang.String keystore)
-
withKeyStorePassword
public EncryptionOptions withKeyStorePassword(java.lang.String keystore_password)
-
withTrustStore
public EncryptionOptions withTrustStore(java.lang.String truststore)
-
withTrustStorePassword
public EncryptionOptions withTrustStorePassword(java.lang.String truststore_password)
-
withCipherSuites
public EncryptionOptions withCipherSuites(java.util.List<java.lang.String> cipher_suites)
-
withCipherSuites
public EncryptionOptions withCipherSuites(java.lang.String... cipher_suites)
-
withProtocol
public EncryptionOptions withProtocol(java.lang.String protocol)
-
withAcceptedProtocols
public EncryptionOptions withAcceptedProtocols(java.util.List<java.lang.String> accepted_protocols)
-
withAlgorithm
public EncryptionOptions withAlgorithm(java.lang.String algorithm)
-
withStoreType
public EncryptionOptions withStoreType(java.lang.String store_type)
-
withRequireClientAuth
public EncryptionOptions withRequireClientAuth(boolean require_client_auth)
-
withRequireEndpointVerification
public EncryptionOptions withRequireEndpointVerification(boolean require_endpoint_verification)
-
withEnabled
public EncryptionOptions withEnabled(boolean enabled)
-
withOptional
public EncryptionOptions withOptional(java.lang.Boolean optional)
-
equals
public boolean equals(java.lang.Object o)
The method is being mainly used to cache SslContexts therefore, we only consider fields that would make a difference when the TrustStore or KeyStore files are updated- Overrides:
equals
in classjava.lang.Object
-
hashCode
public int hashCode()
The method is being mainly used to cache SslContexts therefore, we only consider fields that would make a difference when the TrustStore or KeyStore files are updated- Overrides:
hashCode
in classjava.lang.Object
-
-