|
1 | 1 | package com.zegelin.cassandra.exporter.cli; |
2 | 2 |
|
3 | | -import com.zegelin.picocli.InetSocketAddressTypeConverter; |
4 | 3 | import com.zegelin.cassandra.exporter.netty.HttpHandler; |
| 4 | +import com.zegelin.cassandra.exporter.netty.ssl.ClientAuthentication; |
| 5 | +import com.zegelin.cassandra.exporter.netty.ssl.SslImplementation; |
| 6 | +import com.zegelin.cassandra.exporter.netty.ssl.SslMode; |
| 7 | +import com.zegelin.picocli.InetSocketAddressTypeConverter; |
5 | 8 | import picocli.CommandLine.Option; |
6 | 9 |
|
| 10 | +import java.io.File; |
7 | 11 | import java.net.InetSocketAddress; |
8 | 12 | import java.util.List; |
| 13 | +import java.util.Set; |
9 | 14 |
|
10 | 15 | public class HttpServerOptions { |
11 | 16 |
|
@@ -33,6 +38,91 @@ protected int defaultPort() { |
33 | 38 | "Defaults to '${DEFAULT-VALUE}'") |
34 | 39 | public List<InetSocketAddress> listenAddresses; |
35 | 40 |
|
| 41 | + @Option(names = "--ssl", |
| 42 | + paramLabel = "MODE", |
| 43 | + defaultValue = "DISABLE", |
| 44 | + description = "Enable or disable secured communication with SSL. " + |
| 45 | + "Valid modes: ${COMPLETION-CANDIDATES}. " + |
| 46 | + "Optional support requires Netty version 4.0.45 or later. " + |
| 47 | + "Defaults to ${DEFAULT-VALUE}." |
| 48 | + ) |
| 49 | + public SslMode sslMode = SslMode.DISABLE; |
| 50 | + |
| 51 | + @Option(names = "--ssl-implementation", |
| 52 | + paramLabel = "IMPLEMENTATION", |
| 53 | + defaultValue = "DISCOVER", |
| 54 | + description = "SSL implementation to use for secure communication. " + |
| 55 | + "OpenSSL requires platform specific libraries. " + |
| 56 | + "Valid implementations: ${COMPLETION-CANDIDATES}. " + |
| 57 | + "Defaults to ${DEFAULT-VALUE} which will use OpenSSL if required libraries are discoverable." |
| 58 | + ) |
| 59 | + public SslImplementation sslImplementation = SslImplementation.DISCOVER; |
| 60 | + |
| 61 | + @Option(names = "--ssl-ciphers", |
| 62 | + paramLabel = "CIPHER", |
| 63 | + split = ",", |
| 64 | + description = "A comma-separated list of SSL cipher suites to enable, in the order of preference. " + |
| 65 | + "Defaults to system settings." |
| 66 | + ) |
| 67 | + public List<String> sslCiphers; |
| 68 | + |
| 69 | + @Option(names = "--ssl-protocols", |
| 70 | + paramLabel = "PROTOCOL", |
| 71 | + split = ",", |
| 72 | + description = "A comma-separated list of TLS protocol versions to enable. " + |
| 73 | + "Defaults to system settings." |
| 74 | + ) |
| 75 | + public Set<String> sslProtocols; |
| 76 | + |
| 77 | + @Option(names = "--ssl-reload-interval", |
| 78 | + paramLabel = "SECONDS", |
| 79 | + defaultValue = "0", |
| 80 | + description = "Interval in seconds by which keys and certificates will be reloaded. " + |
| 81 | + "Defaults to ${DEFAULT-VALUE} which will disable run-time reload of certificates." |
| 82 | + ) |
| 83 | + public long sslReloadIntervalInSeconds = 0L; |
| 84 | + |
| 85 | + @Option(names = "--ssl-server-key", |
| 86 | + paramLabel = "SERVER-KEY", |
| 87 | + description = "Path to the private key file for the SSL server. " + |
| 88 | + "Must be provided together with a server-certificate. " + |
| 89 | + "The file should contain a PKCS#8 private key in PEM format." |
| 90 | + ) |
| 91 | + public File sslServerKeyFile; |
| 92 | + |
| 93 | + @Option(names = "--ssl-server-key-password", |
| 94 | + paramLabel = "SERVER-KEY-PASSWORD", |
| 95 | + description = "Path to the private key password file for the SSL server. " + |
| 96 | + "This is only required if the server-key is password protected. " + |
| 97 | + "The file should contain a clear text password for the server-key." |
| 98 | + ) |
| 99 | + public File sslServerKeyPasswordFile; |
| 100 | + |
| 101 | + @Option(names = "--ssl-server-certificate", |
| 102 | + paramLabel = "SERVER-CERTIFICATE", |
| 103 | + description = "Path to the certificate chain file for the SSL server. " + |
| 104 | + "Must be provided together with a server-key. " + |
| 105 | + "The file should contain an X.509 certificate chain in PEM format." |
| 106 | + ) |
| 107 | + public File sslServerCertificateFile; |
| 108 | + |
| 109 | + @Option(names = "--ssl-client-authentication", |
| 110 | + paramLabel = "CLIENT-AUTHENTICATION", |
| 111 | + defaultValue = "NONE", |
| 112 | + description = "Set SSL client authentication mode. " + |
| 113 | + "Valid options: ${COMPLETION-CANDIDATES}. " + |
| 114 | + "Defaults to ${DEFAULT-VALUE}." |
| 115 | + ) |
| 116 | + public ClientAuthentication sslClientAuthentication = ClientAuthentication.NONE; |
| 117 | + |
| 118 | + @Option(names = "--ssl-trusted-certificate", |
| 119 | + paramLabel = "TRUSTED-CERTIFICATE", |
| 120 | + description = "Path to trusted certificates for verifying the remote endpoint's certificate. " + |
| 121 | + "The file should contain an X.509 certificate collection in PEM format. " + |
| 122 | + "Defaults to the system setting." |
| 123 | + ) |
| 124 | + public File sslTrustedCertificateFile; |
| 125 | + |
36 | 126 | @Option(names = {"--family-help"}, |
37 | 127 | paramLabel = "VALUE", |
38 | 128 | defaultValue = "AUTOMATIC", |
|
0 commit comments