1/*
2 * Licensed to the Apache Software Foundation (ASF) under one or more
3 * contributor license agreements.  See the NOTICE file distributed with
4 * this work for additional information regarding copyright ownership.
5 * The ASF licenses this file to You under the Apache License, Version 2.0
6 * (the "License"); you may not use this file except in compliance with
7 * the License.  You may obtain a copy of the License at
8 *
9 *    http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 */
17
18package org.apache.spark
19
20import java.io.File
21
22object SSLSampleConfigs {
23  val keyStorePath = new File(this.getClass.getResource("/keystore").toURI).getAbsolutePath
24  val untrustedKeyStorePath = new File(
25    this.getClass.getResource("/untrusted-keystore").toURI).getAbsolutePath
26  val trustStorePath = new File(this.getClass.getResource("/truststore").toURI).getAbsolutePath
27
28  val enabledAlgorithms =
29    // A reasonable set of TLSv1.2 Oracle security provider suites
30    "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, " +
31    "TLS_RSA_WITH_AES_256_CBC_SHA256, " +
32    "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, " +
33    "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, " +
34    "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, " +
35    // and their equivalent names in the IBM Security provider
36    "SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384, " +
37    "SSL_RSA_WITH_AES_256_CBC_SHA256, " +
38    "SSL_DHE_RSA_WITH_AES_256_CBC_SHA256, " +
39    "SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256, " +
40    "SSL_DHE_RSA_WITH_AES_128_CBC_SHA256"
41
42  def sparkSSLConfig(): SparkConf = {
43    val conf = new SparkConf(loadDefaults = false)
44    conf.set("spark.ssl.enabled", "true")
45    conf.set("spark.ssl.keyStore", keyStorePath)
46    conf.set("spark.ssl.keyStorePassword", "password")
47    conf.set("spark.ssl.keyPassword", "password")
48    conf.set("spark.ssl.trustStore", trustStorePath)
49    conf.set("spark.ssl.trustStorePassword", "password")
50    conf.set("spark.ssl.enabledAlgorithms", enabledAlgorithms)
51    conf.set("spark.ssl.protocol", "TLSv1.2")
52    conf
53  }
54
55  def sparkSSLConfigUntrusted(): SparkConf = {
56    val conf = new SparkConf(loadDefaults = false)
57    conf.set("spark.ssl.enabled", "true")
58    conf.set("spark.ssl.keyStore", untrustedKeyStorePath)
59    conf.set("spark.ssl.keyStorePassword", "password")
60    conf.set("spark.ssl.keyPassword", "password")
61    conf.set("spark.ssl.trustStore", trustStorePath)
62    conf.set("spark.ssl.trustStorePassword", "password")
63    conf.set("spark.ssl.enabledAlgorithms", enabledAlgorithms)
64    conf.set("spark.ssl.protocol", "TLSv1.2")
65    conf
66  }
67
68}
69