/**
* Copyright 2016 LinkedIn Corp. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
*/
package com.github.ambry.config;
/**
* The configs for SSL
*/
public class SSLConfig {
/**
* The SSL protocol for SSLContext
*/
@Config("ssl.context.protocol")
@Default("TLS")
public final String sslContextProtocol;
/**
* The SSL provider for SSLContext
*/
@Config("ssl.context.provider")
@Default("")
public final String sslContextProvider;
/**
* The enabled protocols for SSLEngine, a comma separated list of values
*/
@Config("ssl.enabled.protocols")
@Default("TLSv1.2")
public final String sslEnabledProtocols;
/**
* The SSL endpoint identification algorithm
*/
@Config("ssl.endpoint.identification.algorithm")
@Default("")
public final String sslEndpointIdentificationAlgorithm;
/**
* The SSL client authentication config
*/
@Config("ssl.client.authentication")
@Default("required")
public final String sslClientAuthentication;
/**
* The SSL keymanager algorithm
*/
@Config("ssl.keymanager.algorithm")
@Default("")
public final String sslKeymanagerAlgorithm;
/**
* The SSL trustmanager algorithm
*/
@Config("ssl.trustmanager.algorithm")
@Default("")
public final String sslTrustmanagerAlgorithm;
/**
* The SSL key store type
*/
@Config("ssl.keystore.type")
@Default("JKS")
public final String sslKeystoreType;
/**
* The SSL key store path
*/
@Config("ssl.keystore.path")
@Default("")
public final String sslKeystorePath;
/**
* The SSL key store password
* There could be multiple keys in one key store
* This password is to protect the integrity of the entire key store
*/
@Config("ssl.keystore.password")
@Default("")
public final String sslKeystorePassword;
/**
* The SSL key password
* The key store protects each private key with its individual password
*/
@Config("ssl.key.password")
@Default("")
public final String sslKeyPassword;
/**
* The SSL trust store type
*/
@Config("ssl.truststore.type")
@Default("JKS")
public final String sslTruststoreType;
/**
* The SSL trust store path
*/
@Config("ssl.truststore.path")
@Default("")
public final String sslTruststorePath;
/**
* The SSL trust store password
*/
@Config("ssl.truststore.password")
@Default("")
public final String sslTruststorePassword;
/**
* The SSL supported cipher suites, a comma separated list of values
*/
@Config("ssl.cipher.suites")
@Default("")
public final String sslCipherSuites;
public SSLConfig(VerifiableProperties verifiableProperties) {
sslContextProtocol = verifiableProperties.getString("ssl.context.protocol", "TLS");
sslContextProvider = verifiableProperties.getString("ssl.context.provider", "");
sslEnabledProtocols = verifiableProperties.getString("ssl.enabled.protocols", "TLSv1.2");
sslEndpointIdentificationAlgorithm = verifiableProperties.getString("ssl.endpoint.identification.algorithm", "");
sslClientAuthentication = verifiableProperties.getString("ssl.client.authentication", "required");
sslKeymanagerAlgorithm = verifiableProperties.getString("ssl.keymanager.algorithm", "");
sslTrustmanagerAlgorithm = verifiableProperties.getString("ssl.trustmanager.algorithm", "");
sslKeystoreType = verifiableProperties.getString("ssl.keystore.type", "JKS");
sslKeystorePath = verifiableProperties.getString("ssl.keystore.path", "");
sslKeystorePassword = verifiableProperties.getString("ssl.keystore.password", "");
sslKeyPassword = verifiableProperties.getString("ssl.key.password", "");
sslTruststoreType = verifiableProperties.getString("ssl.truststore.type", "JKS");
sslTruststorePath = verifiableProperties.getString("ssl.truststore.path", "");
sslTruststorePassword = verifiableProperties.getString("ssl.truststore.password", "");
sslCipherSuites = verifiableProperties.getString("ssl.cipher.suites", "");
}
}