Package org.apache.pekko.remote.artery.tcp.ssl

Class RotatingKeysSSLEngineProvider

java.lang.Object

org.apache.pekko.remote.artery.tcp.ssl.RotatingKeysSSLEngineProvider

All Implemented Interfaces:

SSLEngineProvider

public final class RotatingKeysSSLEngineProvider
extends Object
implements SSLEngineProvider

Variation on ConfigSSLEngineProvider that will periodically reload the keys and certificates from disk, to facilitate rolling updates of certificates.

This class is still ApiMayChange because it can likely be further harmonized with the standard ConfigSSLEngineProvider. Also the location and default values of the configuration may change in future versions of Apache Pekko.

This provider does not perform hostname verification, but instead allows checking that the remote certificate has a subject name that matches the subject name of the configured certificate.

Constructor Summary

Constructors

Constructor	Description
RotatingKeysSSLEngineProvider(com.typesafe.config.Config config, MarkerLoggingAdapter log)
RotatingKeysSSLEngineProvider(ActorSystem system)

Method Summary

Modifier and Type	Method	Description
com.typesafe.config.Config	config()
SSLEngine	createClientSSLEngine(String hostname, int port)
SSLEngine	createServerSSLEngine(String hostname, int port)
protected MarkerLoggingAdapter	log()
scala.Option<Throwable>	verifyClientSession(String hostname, SSLSession session)	Verification that will be called after every successful handshake to verify additional session information.
scala.Option<Throwable>	verifyServerSession(String hostname, SSLSession session)	Verification that will be called after every successful handshake to verify additional session information.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

RotatingKeysSSLEngineProvider

public RotatingKeysSSLEngineProvider(com.typesafe.config.Config config,
 MarkerLoggingAdapter log)

RotatingKeysSSLEngineProvider

public RotatingKeysSSLEngineProvider(ActorSystem system)

Method Details

config

public com.typesafe.config.Config config()

log

protected MarkerLoggingAdapter log()

createServerSSLEngine

public SSLEngine createServerSSLEngine(String hostname,
 int port)

Specified by:

createServerSSLEngine in interface SSLEngineProvider

createClientSSLEngine

public SSLEngine createClientSSLEngine(String hostname,
 int port)

Specified by:

createClientSSLEngine in interface SSLEngineProvider

verifyClientSession

public scala.Option<Throwable> verifyClientSession(String hostname,
 SSLSession session)

Description copied from interface: SSLEngineProvider

Verification that will be called after every successful handshake to verify additional session information. Return None if valid otherwise Some with explaining cause.

Specified by:

verifyClientSession in interface SSLEngineProvider

verifyServerSession

public scala.Option<Throwable> verifyServerSession(String hostname,
 SSLSession session)

Description copied from interface: SSLEngineProvider

Verification that will be called after every successful handshake to verify additional session information. Return None if valid otherwise Some with explaining cause.

Specified by:

verifyServerSession in interface SSLEngineProvider