sslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, conf); try { sslFactory.init(); } catch (GeneralSecurityException ex) { throw new IOException(ex);
public void destroy() { if (sslFactory != null) { sslFactory.destroy(); } }
private HttpURLConnection configureConnection(HttpURLConnection conn) throws IOException { if (sslFactory != null) { HttpsURLConnection httpsConn = (HttpsURLConnection) conn; try { httpsConn.setSSLSocketFactory(sslFactory.createSSLSocketFactory()); } catch (GeneralSecurityException ex) { throw new IOException(ex); } httpsConn.setHostnameVerifier(sslFactory.getHostnameVerifier()); } return conn; }
clientSslFactory = new SSLFactory( SSLFactory.Mode.CLIENT, this.getConf()); clientSslFactory.init(); SSLSocketFactory sslSocketF = clientSslFactory.createSSLSocketFactory();
private void serverMode(boolean clientCert, boolean socket) throws Exception { Configuration conf = createConfiguration(clientCert, true); SSLFactory sslFactory = new SSLFactory(SSLFactory.Mode.SERVER, conf); try { sslFactory.init(); Assert.assertNotNull(sslFactory.createSSLServerSocketFactory()); Assert.assertEquals(clientCert, sslFactory.isClientCertRequired()); if (socket) { sslFactory.createSSLSocketFactory(); } else { sslFactory.getHostnameVerifier(); } } finally { sslFactory.destroy(); } }
@Test(expected = GeneralSecurityException.class) public void invalidHostnameVerifier() throws Exception { Configuration conf = createConfiguration(false, true); conf.set(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY, "foo"); SSLFactory sslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, conf); try { sslFactory.init(); } finally { sslFactory.destroy(); } }
private ConnectionConfigurator initSslConnConfigurator(final int timeout, Configuration conf) throws IOException, GeneralSecurityException { final SSLSocketFactory sf; final HostnameVerifier hv; sslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, conf); sslFactory.init(); sf = sslFactory.createSSLSocketFactory(); hv = sslFactory.getHostnameVerifier(); return new ConnectionConfigurator() { @Override public HttpURLConnection configure(HttpURLConnection conn) throws IOException { if (conn instanceof HttpsURLConnection) { HttpsURLConnection c = (HttpsURLConnection) conn; c.setSSLSocketFactory(sf); c.setHostnameVerifier(hv); } setTimeouts(conn, timeout); return conn; } }; }
@Test public void testConnectionConfigurator() throws Exception { Configuration conf = createConfiguration(false, true); conf.set(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY, "STRICT_IE6"); SSLFactory sslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, conf); try { sslFactory.init(); HttpsURLConnection sslConn = (HttpsURLConnection) new URL("https://foo").openConnection(); Assert.assertNotSame("STRICT_IE6", sslConn.getHostnameVerifier().toString()); sslFactory.configure(sslConn); Assert.assertEquals("STRICT_IE6", sslConn.getHostnameVerifier().toString()); } finally { sslFactory.destroy(); } }
private HostnameVerifier getHostnameVerifier(Configuration conf) throws GeneralSecurityException, IOException { return getHostnameVerifier(StringUtils.toUpperCase( conf.get(SSL_HOSTNAME_VERIFIER_KEY, "DEFAULT").trim())); }
private static String readOut(URL url) throws Exception { HttpsURLConnection conn = (HttpsURLConnection) url.openConnection(); conn.setSSLSocketFactory(clientSslFactory.createSSLSocketFactory()); InputStream in = conn.getInputStream(); ByteArrayOutputStream out = new ByteArrayOutputStream(); IOUtils.copyBytes(in, out, 1024); return out.toString(); }
@Override public ChannelPipeline getPipeline() throws Exception { ChannelPipeline pipeline = Channels.pipeline(); if (sslFactory != null) { pipeline.addLast("ssl", new SslHandler(sslFactory.createSSLEngine())); } pipeline.addLast("decoder", new HttpRequestDecoder()); pipeline.addLast("aggregator", new HttpChunkAggregator(1 << 16)); pipeline.addLast("encoder", new HttpResponseEncoder()); pipeline.addLast("chunking", new ChunkedWriteHandler()); pipeline.addLast("shuffle", SHUFFLE); pipeline.addLast("idle", idleStateHandler); pipeline.addLast(TIMEOUT_HANDLER, new TimeoutHandler()); return pipeline; // TODO factor security manager into pipeline // TODO factor out encode/decode to permit binary shuffle // TODO factor out decode of index to permit alt. models }
/** * Creates an SSLFactory. * * @param mode SSLFactory mode, client or server. * @param conf Hadoop configuration from where the SSLFactory configuration * will be read. */ public SSLFactory(Mode mode, Configuration conf) { this.conf = conf; if (mode == null) { throw new IllegalArgumentException("mode cannot be NULL"); } this.mode = mode; Configuration sslConf = readSSLConfiguration(conf, mode); requireClientCert = sslConf.getBoolean(SSL_REQUIRE_CLIENT_CERT_KEY, SSL_REQUIRE_CLIENT_CERT_DEFAULT); Class<? extends KeyStoresFactory> klass = conf.getClass(KEYSTORES_FACTORY_CLASS_KEY, FileBasedKeyStoresFactory.class, KeyStoresFactory.class); keystoresFactory = ReflectionUtils.newInstance(klass, sslConf); enabledProtocols = conf.getStrings(SSL_ENABLED_PROTOCOLS_KEY, SSL_ENABLED_PROTOCOLS_DEFAULT); excludeCiphers = Arrays.asList( sslConf.getTrimmedStrings(SSL_SERVER_EXCLUDE_CIPHER_LIST)); if (LOG.isDebugEnabled()) { LOG.debug("will exclude cipher suites: {}", StringUtils.join(",", excludeCiphers)); } }
private void serverMode(boolean clientCert, boolean socket) throws Exception { Configuration conf = createConfiguration(clientCert, true); SSLFactory sslFactory = new SSLFactory(SSLFactory.Mode.SERVER, conf); try { sslFactory.init(); Assert.assertNotNull(sslFactory.createSSLServerSocketFactory()); Assert.assertEquals(clientCert, sslFactory.isClientCertRequired()); if (socket) { sslFactory.createSSLSocketFactory(); } else { sslFactory.getHostnameVerifier(); } } finally { sslFactory.destroy(); } }
@Test(expected = GeneralSecurityException.class) public void invalidHostnameVerifier() throws Exception { Configuration conf = createConfiguration(false, true); conf.set(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY, "foo"); SSLFactory sslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, conf); try { sslFactory.init(); } finally { sslFactory.destroy(); } }
private ConnectionConfigurator initSslConnConfigurator(final int timeout, Configuration conf) throws IOException, GeneralSecurityException { final SSLSocketFactory sf; final HostnameVerifier hv; sslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, conf); sslFactory.init(); sf = sslFactory.createSSLSocketFactory(); hv = sslFactory.getHostnameVerifier(); return new ConnectionConfigurator() { @Override public HttpURLConnection configure(HttpURLConnection conn) throws IOException { if (conn instanceof HttpsURLConnection) { HttpsURLConnection c = (HttpsURLConnection) conn; c.setSSLSocketFactory(sf); c.setHostnameVerifier(hv); } setTimeouts(conn, timeout); return conn; } }; }
@Test public void testConnectionConfigurator() throws Exception { Configuration conf = createConfiguration(false, true); conf.set(SSLFactory.SSL_HOSTNAME_VERIFIER_KEY, "STRICT_IE6"); SSLFactory sslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, conf); try { sslFactory.init(); HttpsURLConnection sslConn = (HttpsURLConnection) new URL("https://foo").openConnection(); Assert.assertNotSame("STRICT_IE6", sslConn.getHostnameVerifier().toString()); sslFactory.configure(sslConn); Assert.assertEquals("STRICT_IE6", sslConn.getHostnameVerifier().toString()); } finally { sslFactory.destroy(); } }
private URLConnection connect(URL url) throws Exception { AuthenticatedURL.Token token = new AuthenticatedURL.Token(); AuthenticatedURL authUrl; SSLFactory clientSslFactory; URLConnection connection; // If https is chosen, configures SSL client. if (YarnConfiguration.useHttps(getConf())) { clientSslFactory = new SSLFactory(SSLFactory.Mode.CLIENT, getConf()); clientSslFactory.init(); SSLSocketFactory sslSocktFact = clientSslFactory.createSSLSocketFactory(); authUrl = new AuthenticatedURL(new KerberosAuthenticator(), clientSslFactory); connection = authUrl.openConnection(url, token); HttpsURLConnection httpsConn = (HttpsURLConnection) connection; httpsConn.setSSLSocketFactory(sslSocktFact); } else { authUrl = new AuthenticatedURL(new KerberosAuthenticator()); connection = authUrl.openConnection(url, token); } connection.connect(); return connection; }
/** * Initializes the factory. * * @throws GeneralSecurityException thrown if an SSL initialization error * happened. * @throws IOException thrown if an IO error happened while reading the SSL * configuration. */ public void init() throws GeneralSecurityException, IOException { keystoresFactory.init(mode); context = SSLContext.getInstance("TLS"); context.init(keystoresFactory.getKeyManagers(), keystoresFactory.getTrustManagers(), null); context.getDefaultSSLParameters().setProtocols(enabledProtocols); hostnameVerifier = getHostnameVerifier(conf); }
private static String readOut(URL url) throws Exception { HttpsURLConnection conn = (HttpsURLConnection) url.openConnection(); conn.setSSLSocketFactory(clientSslFactory.createSSLSocketFactory()); InputStream in = conn.getInputStream(); ByteArrayOutputStream out = new ByteArrayOutputStream(); IOUtils.copyBytes(in, out, 1024); return out.toString(); }
@Override protected void initChannel(SocketChannel ch) throws Exception { ChannelPipeline p = ch.pipeline(); p.addLast( new SslHandler(sslFactory.createSSLEngine()), new HttpRequestDecoder(), new HttpResponseEncoder()); if (restCsrfPreventionFilter != null) { p.addLast(new RestCsrfPreventionFilterHandler( restCsrfPreventionFilter)); } p.addLast( new ChunkedWriteHandler(), new URLDispatcher(jettyAddr, conf, confForCreate)); } });