1/* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18package org.apache.spark 19 20import java.io.File 21 22object SSLSampleConfigs { 23 val keyStorePath = new File(this.getClass.getResource("/keystore").toURI).getAbsolutePath 24 val untrustedKeyStorePath = new File( 25 this.getClass.getResource("/untrusted-keystore").toURI).getAbsolutePath 26 val trustStorePath = new File(this.getClass.getResource("/truststore").toURI).getAbsolutePath 27 28 val enabledAlgorithms = 29 // A reasonable set of TLSv1.2 Oracle security provider suites 30 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, " + 31 "TLS_RSA_WITH_AES_256_CBC_SHA256, " + 32 "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, " + 33 "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, " + 34 "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, " + 35 // and their equivalent names in the IBM Security provider 36 "SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384, " + 37 "SSL_RSA_WITH_AES_256_CBC_SHA256, " + 38 "SSL_DHE_RSA_WITH_AES_256_CBC_SHA256, " + 39 "SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256, " + 40 "SSL_DHE_RSA_WITH_AES_128_CBC_SHA256" 41 42 def sparkSSLConfig(): SparkConf = { 43 val conf = new SparkConf(loadDefaults = false) 44 conf.set("spark.ssl.enabled", "true") 45 conf.set("spark.ssl.keyStore", keyStorePath) 46 conf.set("spark.ssl.keyStorePassword", "password") 47 conf.set("spark.ssl.keyPassword", "password") 48 conf.set("spark.ssl.trustStore", trustStorePath) 49 conf.set("spark.ssl.trustStorePassword", "password") 50 conf.set("spark.ssl.enabledAlgorithms", enabledAlgorithms) 51 conf.set("spark.ssl.protocol", "TLSv1.2") 52 conf 53 } 54 55 def sparkSSLConfigUntrusted(): SparkConf = { 56 val conf = new SparkConf(loadDefaults = false) 57 conf.set("spark.ssl.enabled", "true") 58 conf.set("spark.ssl.keyStore", untrustedKeyStorePath) 59 conf.set("spark.ssl.keyStorePassword", "password") 60 conf.set("spark.ssl.keyPassword", "password") 61 conf.set("spark.ssl.trustStore", trustStorePath) 62 conf.set("spark.ssl.trustStorePassword", "password") 63 conf.set("spark.ssl.enabledAlgorithms", enabledAlgorithms) 64 conf.set("spark.ssl.protocol", "TLSv1.2") 65 conf 66 } 67 68} 69