assets/js/59acd16c.373a41f9.js

"use strict";(self.webpackChunk=self.webpackChunk||[]).push([[6417],{15680:(e,t,n)=>{n.d(t,{xA:()=>p,yg:()=>u});var r=n(96540);function a(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function l(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(e);t&&(r=r.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,r)}return n}function o(e){for(var t=1;t<arguments.length;t++){var n=null!=arguments[t]?arguments[t]:{};t%2?l(Object(n),!0).forEach((function(t){a(e,t,n[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(n)):l(Object(n)).forEach((function(t){Object.defineProperty(e,t,Object.getOwnPropertyDescriptor(n,t))}))}return e}function i(e,t){if(null==e)return{};var n,r,a=function(e,t){if(null==e)return{};var n,r,a={},l=Object.keys(e);for(r=0;r<l.length;r++)n=l[r],t.indexOf(n)>=0||(a[n]=e[n]);return a}(e,t);if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e);for(r=0;r<l.length;r++)n=l[r],t.indexOf(n)>=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(a[n]=e[n])}return a}var s=r.createContext({}),d=function(e){var t=r.useContext(s),n=t;return e&&(n="function"==typeof e?e(t):o(o({},t),e)),n},p=function(e){var t=d(e.components);return r.createElement(s.Provider,{value:t},e.children)},g="mdxType",y={inlineCode:"code",wrapper:function(e){var t=e.children;return r.createElement(r.Fragment,{},t)}},m=r.forwardRef((function(e,t){var n=e.components,a=e.mdxType,l=e.originalType,s=e.parentName,p=i(e,["components","mdxType","originalType","parentName"]),g=d(n),m=a,u=g["".concat(s,".").concat(m)]||g[m]||y[m]||l;return n?r.createElement(u,o(o({ref:t},p),{},{components:n})):r.createElement(u,o({ref:t},p))}));function u(e,t){var n=arguments,a=t&&t.mdxType;if("string"==typeof e||a){var l=n.length,o=new Array(l);o[0]=m;var i={};for(var s in t)hasOwnProperty.call(t,s)&&(i[s]=t[s]);i.originalType=e,i[g]="string"==typeof e?e:a,o[1]=i;for(var d=2;d<l;d++)o[d]=n[d];return r.createElement.apply(null,o)}return r.createElement.apply(null,n)}m.displayName="MDXCreateElement"},87059:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>p,contentTitle:()=>s,default:()=>u,frontMatter:()=>i,metadata:()=>d,toc:()=>g});var r=n(58168),a=n(98587),l=(n(96540),n(15680)),o=["components"],i={id:"simple-client-sslcontext",title:"Simple SSLContext Provider Module"},s=void 0,d={unversionedId:"development/extensions-core/simple-client-sslcontext",id:"development/extensions-core/simple-client-sslcontext",title:"Simple SSLContext Provider Module",description:"\x3c!--",source:"@site/docs/latest/development/extensions-core/simple-client-sslcontext.md",sourceDirName:"development/extensions-core",slug:"/development/extensions-core/simple-client-sslcontext",permalink:"/docs/latest/development/extensions-core/simple-client-sslcontext",draft:!1,tags:[],version:"current",frontMatter:{id:"simple-client-sslcontext",title:"Simple SSLContext Provider Module"}},p={},g=[],y={toc:g},m="wrapper";function u(e){var t=e.components,n=(0,a.A)(e,o);return(0,l.yg)(m,(0,r.A)({},y,n,{components:t,mdxType:"MDXLayout"}),(0,l.yg)("p",null,"This Apache Druid module contains a simple implementation of ",(0,l.yg)("a",{parentName:"p",href:"http://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLContext.html"},"SSLContext"),"\nthat will be injected to be used with HttpClient that Druid processes use internally to communicate with each other. To learn more about\nJava's SSL support, please refer to ",(0,l.yg)("a",{parentName:"p",href:"http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html"},"this")," guide."),(0,l.yg)("table",null,(0,l.yg)("thead",{parentName:"table"},(0,l.yg)("tr",{parentName:"thead"},(0,l.yg)("th",{parentName:"tr",align:null},"Property"),(0,l.yg)("th",{parentName:"tr",align:null},"Description"),(0,l.yg)("th",{parentName:"tr",align:null},"Default"),(0,l.yg)("th",{parentName:"tr",align:null},"Required"))),(0,l.yg)("tbody",{parentName:"table"},(0,l.yg)("tr",{parentName:"tbody"},(0,l.yg)("td",{parentName:"tr",align:null},(0,l.yg)("inlineCode",{parentName:"td"},"druid.client.https.protocol")),(0,l.yg)("td",{parentName:"tr",align:null},"SSL protocol to use."),(0,l.yg)("td",{parentName:"tr",align:null},(0,l.yg)("inlineCode",{parentName:"td"},"TLSv1.2")),(0,l.yg)("td",{parentName:"tr",align:null},"no")),(0,l.yg)("tr",{parentName:"tbody"},(0,l.yg)("td",{parentName:"tr",align:null},(0,l.yg)("inlineCode",{parentName:"td"},"druid.client.https.trustStoreType")),(0,l.yg)("td",{parentName:"tr",align:null},"The type of the key store where trusted root certificates are stored."),(0,l.yg)("td",{parentName:"tr",align:null},(0,l.yg)("inlineCode",{parentName:"td"},"java.security.KeyStore.getDefaultType()")),(0,l.yg)("td",{parentName:"tr",align:null},"no")),(0,l.yg)("tr",{parentName:"tbody"},(0,l.yg)("td",{parentName:"tr",align:null},(0,l.yg)("inlineCode",{parentName:"td"},"druid.client.https.trustStorePath")),(0,l.yg)("td",{parentName:"tr",align:null},"The file path or URL of the TLS/SSL Key store where trusted root certificates are stored."),(0,l.yg)("td",{parentName:"tr",align:null},"none"),(0,l.yg)("td",{parentName:"tr",align:null},"yes")),(0,l.yg)("tr",{parentName:"tbody"},(0,l.yg)("td",{parentName:"tr",align:null},(0,l.yg)("inlineCode",{parentName:"td"},"druid.client.https.trustStoreAlgorithm")),(0,l.yg)("td",{parentName:"tr",align:null},"Algorithm to be used by TrustManager to validate certificate chains"),(0,l.yg)("td",{parentName:"tr",align:null},(0,l.yg)("inlineCode",{parentName:"td"},"javax.net.ssl.TrustManagerFactory.getDefaultAlgorithm()")),(0,l.yg)("td",{parentName:"tr",align:null},"no")),(0,l.yg)("tr",{parentName:"tbody"},(0,l.yg)("td",{parentName:"tr",align:null},(0,l.yg)("inlineCode",{parentName:"td"},"druid.client.https.trustStorePassword")),(0,l.yg)("td",{parentName:"tr",align:null},"The ",(0,l.yg)("a",{parentName:"td",href:"/docs/latest/operations/password-provider"},"Password Provider")," or String password for the Trust Store."),(0,l.yg)("td",{parentName:"tr",align:null},"none"),(0,l.yg)("td",{parentName:"tr",align:null},"yes")))),(0,l.yg)("p",null,"The following table contains optional parameters for supporting client certificate authentication:"),(0,l.yg)("table",null,(0,l.yg)("thead",{parentName:"table"},(0,l.yg)("tr",{parentName:"thead"},(0,l.yg)("th",{parentName:"tr",align:null},"Property"),(0,l.yg)("th",{parentName:"tr",align:null},"Description"),(0,l.yg)("th",{parentName:"tr",align:null},"Default"),(0,l.yg)("th",{parentName:"tr",align:null},"Required"))),(0,l.yg)("tbody",{parentName:"table"},(0,l.yg)("tr",{parentName:"tbody"},(0,l.yg)("td",{parentName:"tr",align:null},(0,l.yg)("inlineCode",{parentName:"td"},"druid.client.https.keyStorePath")),(0,l.yg)("td",{parentName:"tr",align:null},"The file path or URL of the TLS/SSL Key store containing the client certificate that Druid will use when communicating with other Druid services. If this is null, the other properties in this table are ignored."),(0,l.yg)("td",{parentName:"tr",align:null},"none"),(0,l.yg)("td",{parentName:"tr",align:null},"yes")),(0,l.yg)("tr",{parentName:"tbody"},(0,l.yg)("td",{parentName:"tr",align:null},(0,l.yg)("inlineCode",{parentName:"td"},"druid.client.https.keyStoreType")),(0,l.yg)("td",{parentName:"tr",align:null},"The type of the key store."),(0,l.yg)("td",{parentName:"tr",align:null},"none"),(0,l.yg)("td",{parentName:"tr",align:null},"yes")),(0,l.yg)("tr",{parentName:"tbody"},(0,l.yg)("td",{parentName:"tr",align:null},(0,l.yg)("inlineCode",{parentName:"td"},"druid.client.https.certAlias")),(0,l.yg)("td",{parentName:"tr",align:null},"Alias of TLS client certificate in the keystore."),(0,l.yg)("td",{parentName:"tr",align:null},"none"),(0,l.yg)("td",{parentName:"tr",align:null},"yes")),(0,l.yg)("tr",{parentName:"tbody"},(0,l.yg)("td",{parentName:"tr",align:null},(0,l.yg)("inlineCode",{parentName:"td"},"druid.client.https.keyStorePassword")),(0,l.yg)("td",{parentName:"tr",align:null},"The ",(0,l.yg)("a",{parentName:"td",href:"/docs/latest/operations/password-provider"},"Password Provider")," or String password for the Key Store."),(0,l.yg)("td",{parentName:"tr",align:null},"none"),(0,l.yg)("td",{parentName:"tr",align:null},"no")),(0,l.yg)("tr",{parentName:"tbody"},(0,l.yg)("td",{parentName:"tr",align:null},(0,l.yg)("inlineCode",{parentName:"td"},"druid.client.https.keyManagerFactoryAlgorithm")),(0,l.yg)("td",{parentName:"tr",align:null},"Algorithm to use for creating KeyManager, more details ",(0,l.yg)("a",{parentName:"td",href:"https://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#KeyManager"},"here"),"."),(0,l.yg)("td",{parentName:"tr",align:null},(0,l.yg)("inlineCode",{parentName:"td"},"javax.net.ssl.KeyManagerFactory.getDefaultAlgorithm()")),(0,l.yg)("td",{parentName:"tr",align:null},"no")),(0,l.yg)("tr",{parentName:"tbody"},(0,l.yg)("td",{parentName:"tr",align:null},(0,l.yg)("inlineCode",{parentName:"td"},"druid.client.https.keyManagerPassword")),(0,l.yg)("td",{parentName:"tr",align:null},"The ",(0,l.yg)("a",{parentName:"td",href:"/docs/latest/operations/password-provider"},"Password Provider")," or String password for the Key Manager."),(0,l.yg)("td",{parentName:"tr",align:null},"none"),(0,l.yg)("td",{parentName:"tr",align:null},"no")),(0,l.yg)("tr",{parentName:"tbody"},(0,l.yg)("td",{parentName:"tr",align:null},(0,l.yg)("inlineCode",{parentName:"td"},"druid.client.https.validateHostnames")),(0,l.yg)("td",{parentName:"tr",align:null},"Validate the hostname of the server. This should not be disabled unless you are using ",(0,l.yg)("a",{parentName:"td",href:"/docs/latest/operations/tls-support"},"custom TLS certificate checks")," and know that standard hostname validation is not needed."),(0,l.yg)("td",{parentName:"tr",align:null},"true"),(0,l.yg)("td",{parentName:"tr",align:null},"no")))),(0,l.yg)("p",null,"This ",(0,l.yg)("a",{parentName:"p",href:"http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html"},"document")," lists all the possible\nvalues for the above mentioned configs among others provided by Java implementation."))}u.isMDXComponent=!0}}]);