assets/js/1d219618.20002952.js

"use strict";(self.webpackChunk=self.webpackChunk||[]).push([[6226],{3905:(t,e,n)=>{n.d(e,{Zo:()=>s,kt:()=>k});var r=n(67294);function a(t,e,n){return e in t?Object.defineProperty(t,e,{value:n,enumerable:!0,configurable:!0,writable:!0}):t[e]=n,t}function l(t,e){var n=Object.keys(t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);e&&(r=r.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),n.push.apply(n,r)}return n}function o(t){for(var e=1;e<arguments.length;e++){var n=null!=arguments[e]?arguments[e]:{};e%2?l(Object(n),!0).forEach((function(e){a(t,e,n[e])})):Object.getOwnPropertyDescriptors?Object.defineProperties(t,Object.getOwnPropertyDescriptors(n)):l(Object(n)).forEach((function(e){Object.defineProperty(t,e,Object.getOwnPropertyDescriptor(n,e))}))}return t}function i(t,e){if(null==t)return{};var n,r,a=function(t,e){if(null==t)return{};var n,r,a={},l=Object.keys(t);for(r=0;r<l.length;r++)n=l[r],e.indexOf(n)>=0||(a[n]=t[n]);return a}(t,e);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(t);for(r=0;r<l.length;r++)n=l[r],e.indexOf(n)>=0||Object.prototype.propertyIsEnumerable.call(t,n)&&(a[n]=t[n])}return a}var d=r.createContext({}),p=function(t){var e=r.useContext(d),n=e;return t&&(n="function"==typeof t?t(e):o(o({},e),t)),n},s=function(t){var e=p(t.components);return r.createElement(d.Provider,{value:e},t.children)},m="mdxType",u={inlineCode:"code",wrapper:function(t){var e=t.children;return r.createElement(r.Fragment,{},e)}},c=r.forwardRef((function(t,e){var n=t.components,a=t.mdxType,l=t.originalType,d=t.parentName,s=i(t,["components","mdxType","originalType","parentName"]),m=p(n),c=a,k=m["".concat(d,".").concat(c)]||m[c]||u[c]||l;return n?r.createElement(k,o(o({ref:e},s),{},{components:n})):r.createElement(k,o({ref:e},s))}));function k(t,e){var n=arguments,a=e&&e.mdxType;if("string"==typeof t||a){var l=n.length,o=new Array(l);o[0]=c;var i={};for(var d in e)hasOwnProperty.call(e,d)&&(i[d]=e[d]);i.originalType=t,i[m]="string"==typeof t?t:a,o[1]=i;for(var p=2;p<l;p++)o[p]=n[p];return r.createElement.apply(null,o)}return r.createElement.apply(null,n)}c.displayName="MDXCreateElement"},79393:(t,e,n)=>{n.r(e),n.d(e,{assets:()=>s,contentTitle:()=>d,default:()=>k,frontMatter:()=>i,metadata:()=>p,toc:()=>m});var r=n(87462),a=n(63366),l=(n(67294),n(3905)),o=["components"],i={id:"simple-client-sslcontext",title:"Simple SSLContext Provider Module"},d=void 0,p={unversionedId:"development/extensions-core/simple-client-sslcontext",id:"development/extensions-core/simple-client-sslcontext",title:"Simple SSLContext Provider Module",description:"\x3c!--",source:"@site/docs/27.0.0/development/extensions-core/simple-client-sslcontext.md",sourceDirName:"development/extensions-core",slug:"/development/extensions-core/simple-client-sslcontext",permalink:"/docs/27.0.0/development/extensions-core/simple-client-sslcontext",draft:!1,tags:[],version:"current",frontMatter:{id:"simple-client-sslcontext",title:"Simple SSLContext Provider Module"}},s={},m=[],u={toc:m},c="wrapper";function k(t){var e=t.components,n=(0,a.Z)(t,o);return(0,l.kt)(c,(0,r.Z)({},u,n,{components:e,mdxType:"MDXLayout"}),(0,l.kt)("p",null,"This Apache Druid module contains a simple implementation of ",(0,l.kt)("a",{parentName:"p",href:"http://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLContext.html"},"SSLContext"),"\nthat will be injected to be used with HttpClient that Druid processes use internally to communicate with each other. To learn more about\nJava's SSL support, please refer to ",(0,l.kt)("a",{parentName:"p",href:"http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html"},"this")," guide."),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Property"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Default"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("inlineCode",{parentName:"td"},"druid.client.https.protocol")),(0,l.kt)("td",{parentName:"tr",align:null},"SSL protocol to use."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("inlineCode",{parentName:"td"},"TLSv1.2")),(0,l.kt)("td",{parentName:"tr",align:null},"no")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("inlineCode",{parentName:"td"},"druid.client.https.trustStoreType")),(0,l.kt)("td",{parentName:"tr",align:null},"The type of the key store where trusted root certificates are stored."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("inlineCode",{parentName:"td"},"java.security.KeyStore.getDefaultType()")),(0,l.kt)("td",{parentName:"tr",align:null},"no")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("inlineCode",{parentName:"td"},"druid.client.https.trustStorePath")),(0,l.kt)("td",{parentName:"tr",align:null},"The file path or URL of the TLS/SSL Key store where trusted root certificates are stored."),(0,l.kt)("td",{parentName:"tr",align:null},"none"),(0,l.kt)("td",{parentName:"tr",align:null},"yes")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("inlineCode",{parentName:"td"},"druid.client.https.trustStoreAlgorithm")),(0,l.kt)("td",{parentName:"tr",align:null},"Algorithm to be used by TrustManager to validate certificate chains"),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("inlineCode",{parentName:"td"},"javax.net.ssl.TrustManagerFactory.getDefaultAlgorithm()")),(0,l.kt)("td",{parentName:"tr",align:null},"no")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("inlineCode",{parentName:"td"},"druid.client.https.trustStorePassword")),(0,l.kt)("td",{parentName:"tr",align:null},"The ",(0,l.kt)("a",{parentName:"td",href:"/docs/27.0.0/operations/password-provider"},"Password Provider")," or String password for the Trust Store."),(0,l.kt)("td",{parentName:"tr",align:null},"none"),(0,l.kt)("td",{parentName:"tr",align:null},"yes")))),(0,l.kt)("p",null,"The following table contains optional parameters for supporting client certificate authentication:"),(0,l.kt)("table",null,(0,l.kt)("thead",{parentName:"table"},(0,l.kt)("tr",{parentName:"thead"},(0,l.kt)("th",{parentName:"tr",align:null},"Property"),(0,l.kt)("th",{parentName:"tr",align:null},"Description"),(0,l.kt)("th",{parentName:"tr",align:null},"Default"),(0,l.kt)("th",{parentName:"tr",align:null},"Required"))),(0,l.kt)("tbody",{parentName:"table"},(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("inlineCode",{parentName:"td"},"druid.client.https.keyStorePath")),(0,l.kt)("td",{parentName:"tr",align:null},"The file path or URL of the TLS/SSL Key store containing the client certificate that Druid will use when communicating with other Druid services. If this is null, the other properties in this table are ignored."),(0,l.kt)("td",{parentName:"tr",align:null},"none"),(0,l.kt)("td",{parentName:"tr",align:null},"yes")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("inlineCode",{parentName:"td"},"druid.client.https.keyStoreType")),(0,l.kt)("td",{parentName:"tr",align:null},"The type of the key store."),(0,l.kt)("td",{parentName:"tr",align:null},"none"),(0,l.kt)("td",{parentName:"tr",align:null},"yes")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("inlineCode",{parentName:"td"},"druid.client.https.certAlias")),(0,l.kt)("td",{parentName:"tr",align:null},"Alias of TLS client certificate in the keystore."),(0,l.kt)("td",{parentName:"tr",align:null},"none"),(0,l.kt)("td",{parentName:"tr",align:null},"yes")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("inlineCode",{parentName:"td"},"druid.client.https.keyStorePassword")),(0,l.kt)("td",{parentName:"tr",align:null},"The ",(0,l.kt)("a",{parentName:"td",href:"/docs/27.0.0/operations/password-provider"},"Password Provider")," or String password for the Key Store."),(0,l.kt)("td",{parentName:"tr",align:null},"none"),(0,l.kt)("td",{parentName:"tr",align:null},"no")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("inlineCode",{parentName:"td"},"druid.client.https.keyManagerFactoryAlgorithm")),(0,l.kt)("td",{parentName:"tr",align:null},"Algorithm to use for creating KeyManager, more details ",(0,l.kt)("a",{parentName:"td",href:"https://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#KeyManager"},"here"),"."),(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("inlineCode",{parentName:"td"},"javax.net.ssl.KeyManagerFactory.getDefaultAlgorithm()")),(0,l.kt)("td",{parentName:"tr",align:null},"no")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("inlineCode",{parentName:"td"},"druid.client.https.keyManagerPassword")),(0,l.kt)("td",{parentName:"tr",align:null},"The ",(0,l.kt)("a",{parentName:"td",href:"/docs/27.0.0/operations/password-provider"},"Password Provider")," or String password for the Key Manager."),(0,l.kt)("td",{parentName:"tr",align:null},"none"),(0,l.kt)("td",{parentName:"tr",align:null},"no")),(0,l.kt)("tr",{parentName:"tbody"},(0,l.kt)("td",{parentName:"tr",align:null},(0,l.kt)("inlineCode",{parentName:"td"},"druid.client.https.validateHostnames")),(0,l.kt)("td",{parentName:"tr",align:null},"Validate the hostname of the server. This should not be disabled unless you are using ",(0,l.kt)("a",{parentName:"td",href:"/docs/27.0.0/operations/tls-support"},"custom TLS certificate checks")," and know that standard hostname validation is not needed."),(0,l.kt)("td",{parentName:"tr",align:null},"true"),(0,l.kt)("td",{parentName:"tr",align:null},"no")))),(0,l.kt)("p",null,"This ",(0,l.kt)("a",{parentName:"p",href:"http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html"},"document")," lists all the possible\nvalues for the above mentioned configs among others provided by Java implementation."))}k.isMDXComponent=!0}}]);