org.jclouds.rackspace.cloudloadbalancers.v1.domain.SSLTermination Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of rackspace-cloudloadbalancers Show documentation
Show all versions of rackspace-cloudloadbalancers Show documentation
Cloud Load Balancers API for Rackspace
The newest version!
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.jclouds.rackspace.cloudloadbalancers.v1.domain;
import java.beans.ConstructorProperties;
import jakarta.inject.Named;
import com.google.common.base.MoreObjects;
import com.google.common.base.Objects;
import com.google.common.base.MoreObjects.ToStringHelper;
import com.google.common.base.Optional;
/**
* The SSL Termination feature allows a load balancer user to terminate SSL traffic at the load balancer layer versus
* at the web server layer. A user may choose to configure SSL Termination using a key and an SSL certificate or an
* (Intermediate) SSL certificate.
*
* When SSL Termination is configured on a load balancer, a secure shadow server is created that listens only for
* secure traffic on a user-specified port. This shadow server is only visible to and manageable by the system.
* Existing or updated attributes on a load balancer with SSL Termination will also apply to its shadow server.
* For example, if Connection Logging is enabled on an SSL load balancer, it will also be enabled on the shadow server
* and Cloud Files logs will contain log files for both.
*
* Notes
*
* - SSL Termination may only be configured on load balancers with non-secure protocols. For example, SSL Termination
* can be applied to an HTTP load balancer, but not to an HTTPS load balancer.
* - SSL-terminated load balancers decrypt the traffic at the traffic manager and pass unencrypted traffic to the
* back-end node. Because of this, the customer's back-end nodes don't know what protocol the client requested.
* Therefore the X-Forwarded-Proto (XFP) header has been added for identifying the originating protocol of an HTTP
* request as "http" or "https" depending on what protocol the client requested.
* - Not every service will return certificates in the proper order. Please verify that your chain of certificates
* matches that of walking up the chain from the domain to the CA root.
*
*
* Warning
*
* - If SSL is enabled on a load balancer that is configured with nodes that are NOT in the same datacenter, then
* decrypted traffic will be sent in clear text over the public internet to the external node(s) and will no longer
* be secure.
*
*
*
*
* Optional SSL Attributes
*
*
*
* Optional SSL Attributes
* Non-SSL Traffic
* SSL Traffic
*
*
*
*
* enabled = true (default)Yes
* Yes
*
*
* enabled = falseYes
* No
*
*
* secureTrafficOnly = trueNo
* Yes
*
*
* secureTrafficOnly = false (default)Yes
* Yes
*
*
*
* enabled = true
* secureTrafficOnly = true
*
* No
* Yes
*
*
*
* enabled = true
* secureTrafficOnly = false
*
* Yes
* Yes
*
*
*
* enabled = false
* secureTrafficOnly = false
*
* Yes
* No
*
*
*
* enabled = false
* secureTrafficOnly = true
*
* Yes
* No
*
*
*
*/
public class SSLTermination {
private final boolean enabled;
private final boolean secureTrafficOnly;
private final int securePort;
private final Optional certificate;
@Named("privatekey")
private final Optional privateKey;
private final Optional intermediateCertificate;
@ConstructorProperties({ "enabled", "secureTrafficOnly", "securePort", "certificate", "privatekey",
"intermediateCertificate" })
protected SSLTermination(boolean enabled, boolean secureTrafficOnly, int securePort, String certificate,
String privateKey, String intermediateCertificate) {
this.enabled = enabled;
this.secureTrafficOnly = secureTrafficOnly;
this.securePort = securePort;
this.certificate = Optional.fromNullable(certificate);
this.privateKey = Optional.fromNullable(privateKey);
this.intermediateCertificate = Optional.fromNullable(intermediateCertificate);
}
public boolean getEnabled() {
return this.enabled;
}
public boolean getSecureTrafficOnly() {
return this.secureTrafficOnly;
}
public int getSecurePort() {
return this.securePort;
}
public Optional getCertificate() {
return this.certificate;
}
public Optional getPrivateKey() {
return this.privateKey;
}
public Optional getIntermediateCertificate() {
return this.intermediateCertificate;
}
@Override
public int hashCode() {
return Objects.hashCode(enabled, secureTrafficOnly, securePort, certificate, privateKey, intermediateCertificate);
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null || getClass() != obj.getClass())
return false;
SSLTermination that = SSLTermination.class.cast(obj);
return Objects.equal(this.enabled, that.enabled) && Objects.equal(this.secureTrafficOnly, that.secureTrafficOnly)
&& Objects.equal(this.securePort, that.securePort) && Objects.equal(this.certificate, that.certificate)
&& Objects.equal(this.privateKey, that.privateKey)
&& Objects.equal(this.intermediateCertificate, that.intermediateCertificate);
}
protected ToStringHelper string() {
return MoreObjects.toStringHelper(this).omitNullValues().add("enabled", enabled)
.add("secureTrafficOnly", secureTrafficOnly).add("securePort", securePort)
.add("certificate", certificate.orNull()).add("privateKey", privateKey.orNull())
.add("intermediateCertificate", intermediateCertificate.orNull());
}
@Override
public String toString() {
return string().toString();
}
public static class Builder {
private boolean enabled;
private boolean secureTrafficOnly;
private int securePort;
private String certificate;
private String privateKey;
private String intermediateCertificate;
/**
* Required. Determines if the load balancer is enabled to terminate SSL traffic.
*
* If enabled = false, the load balancer will retain its specified SSL attributes, but will not terminate SSL traffic.
*/
public Builder enabled(boolean enabled) {
this.enabled = enabled;
return this;
}
/**
* Required. Determines if the load balancer may accept only secure traffic.
*
* If secureTrafficOnly = true, the load balancer will not accept non-secure traffic.
*/
public Builder secureTrafficOnly(boolean secureTrafficOnly) {
this.secureTrafficOnly = secureTrafficOnly;
return this;
}
/**
* Required. The port on which the SSL termination load balancer will listen for secure traffic.
*
* The securePort must be unique to the existing LB protocol/port combination. For example, port 443.
*/
public Builder securePort(int securePort) {
this.securePort = securePort;
return this;
}
/**
* Required. The certificate used for SSL termination.
*
* The certificate is validated and verified against the key and intermediate certificate if provided.
*
* All requests to SSL termination require the key/certificates to be in "proper" format, meaning that all raw
* line feed characters should be wrapped in a newline character. So if the user pastes in the key from a
* mykey.key file, it will not properly handle the field. For example, use string.replaceAll("\n", "\\n").
*/
public Builder certificate(String certificate) {
this.certificate = certificate;
return this;
}
/**
* Required. The private key for the SSL certificate.
*
* The private key is validated and verified against the provided certificate(s).
*
* @see SSLTermination#certificate(String)
*/
public Builder privatekey(String privateKey) {
this.privateKey = privateKey;
return this;
}
/**
* Optional only when configuring Intermediate SSL Termination. The user's intermediate certificate used for SSL
* termination.
*
* The intermediate certificate is validated and verified against the key and certificate credentials provided.
*
* A user may only provide an intermediateCertificate when accompanied by a certificate, private key, and
* securePort. It may not be added to an existing SSL configuration as a single attribute in a future request.
*
* @see SSLTermination#certificate(String)
*/
public Builder intermediateCertificate(String intermediateCertificate) {
this.intermediateCertificate = intermediateCertificate;
return this;
}
public SSLTermination build() {
return new SSLTermination(enabled, secureTrafficOnly, securePort, certificate, privateKey,
intermediateCertificate);
}
public Builder from(SSLTermination in) {
return this.enabled(in.getEnabled()).secureTrafficOnly(in.getSecureTrafficOnly())
.securePort(in.getSecurePort()).certificate(in.getCertificate().orNull())
.privatekey(in.getPrivateKey().orNull())
.intermediateCertificate(in.getIntermediateCertificate().orNull());
}
}
public static Builder builder() {
return new Builder();
}
public Builder toBuilder() {
return new Builder().from(this);
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy