Class SSLFactory


  • public final class SSLFactory
    extends java.lang.Object
    A Factory for providing and setting up client SSLSockets. Also provides methods for creating both JSSE SSLContext instances as well as netty SslContext instances.

    Netty SslContext instances are expensive to create (as well as to destroy) and consume a lof of resources (especially direct memory), but instances can be reused across connections (assuming the SSL params are the same). Hence we cache created instances in cachedSslContexts.

    • Field Detail

      • DEFAULT_HOT_RELOAD_INITIAL_DELAY_SEC

        public static final int DEFAULT_HOT_RELOAD_INITIAL_DELAY_SEC
        Default initial delay for hot reloading
        See Also:
        Constant Field Values
      • DEFAULT_HOT_RELOAD_PERIOD_SEC

        public static final int DEFAULT_HOT_RELOAD_PERIOD_SEC
        Default periodic check delay for hot reloading
        See Also:
        Constant Field Values
    • Constructor Detail

      • SSLFactory

        public SSLFactory()
    • Method Detail

      • openSslIsAvailable

        public static boolean openSslIsAvailable()
      • tlsInstanceProtocolSubstitution

        public static java.util.List<java.lang.String> tlsInstanceProtocolSubstitution()
        Provides the list of protocols that would have been supported if "TLS" was selected as the protocol before the change for CASSANDRA-13325 that expects explicit protocol versions.
        Returns:
        list of enabled protocol names
      • createSSLContext

        public static javax.net.ssl.SSLContext createSSLContext​(EncryptionOptions options,
                                                                boolean buildTruststore)
                                                         throws java.io.IOException
        Create a JSSE SSLContext.
        Throws:
        java.io.IOException
      • getOrCreateSslContext

        public static io.netty.handler.ssl.SslContext getOrCreateSslContext​(EncryptionOptions options,
                                                                            boolean buildTruststore,
                                                                            SSLFactory.SocketType socketType)
                                                                     throws java.io.IOException
        get a netty SslContext instance
        Throws:
        java.io.IOException
      • initHotReloading

        public static void initHotReloading​(EncryptionOptions.ServerEncryptionOptions serverOpts,
                                            EncryptionOptions clientOpts,
                                            boolean force)
                                     throws java.io.IOException
        Determines whether to hot reload certificates and schedules a periodic task for it.
        Parameters:
        serverOpts - Server encryption options (Internode)
        clientOpts - Client encryption options (Native Protocol)
        Throws:
        java.io.IOException
      • validateSslContext

        public static void validateSslContext​(java.lang.String contextDescription,
                                              EncryptionOptions options,
                                              boolean buildTrustStore,
                                              boolean logProtocolAndCiphers)
                                       throws java.io.IOException
        Throws:
        java.io.IOException