accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From els...@apache.org
Subject [1/3] git commit: ACCUMULO-3053 Pull include/exclude ciphers for Monitor SSL
Date Thu, 07 Aug 2014 17:56:35 GMT
Repository: accumulo
Updated Branches:
  refs/heads/1.6.1-SNAPSHOT 1b49f44d1 -> 4d70739ab
  refs/heads/master a458a2fae -> eeb06e3a1


ACCUMULO-3053 Pull include/exclude ciphers for Monitor SSL


Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/4d70739a
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/4d70739a
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/4d70739a

Branch: refs/heads/1.6.1-SNAPSHOT
Commit: 4d70739abb27749f414d906924746d90d7687a2f
Parents: 1b49f44
Author: Josh Elser <elserj@apache.org>
Authored: Thu Aug 7 13:17:44 2014 -0400
Committer: Josh Elser <elserj@apache.org>
Committed: Thu Aug 7 13:38:05 2014 -0400

----------------------------------------------------------------------
 .../org/apache/accumulo/core/conf/Property.java |  2 ++
 .../accumulo/monitor/EmbeddedWebServer.java     | 27 ++++++++++++++------
 2 files changed, 21 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/accumulo/blob/4d70739a/core/src/main/java/org/apache/accumulo/core/conf/Property.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/accumulo/core/conf/Property.java b/core/src/main/java/org/apache/accumulo/core/conf/Property.java
index 54d13e6..d7d78a6 100644
--- a/core/src/main/java/org/apache/accumulo/core/conf/Property.java
+++ b/core/src/main/java/org/apache/accumulo/core/conf/Property.java
@@ -309,6 +309,8 @@ public enum Property {
   @Experimental
   @Sensitive
   MONITOR_SSL_TRUSTSTOREPASS("monitor.ssl.trustStorePassword", "", PropertyType.STRING, "The
truststore password for enabling monitor SSL."),
+  MONITOR_SSL_INCLUDE_CIPHERS("monitor.ssl.include.ciphers", "", PropertyType.STRING, "A
comma-separated list of allows SSL Ciphers, see monitor.ssl.exclude.ciphers to disallow ciphers"),
+  MONITOR_SSL_EXCLUDE_CIPHERS("monitor.ssl.exclude.ciphers", "", PropertyType.STRING, "A
comma-separated list of disallowed SSL Ciphers, see mmonitor.ssl.include.ciphers to allow
ciphers"),
 
   MONITOR_LOCK_CHECK_INTERVAL("monitor.lock.check.interval", "5s", PropertyType.TIMEDURATION,
       "The amount of time to sleep between checking for the Montior ZooKeeper lock"),

http://git-wip-us.apache.org/repos/asf/accumulo/blob/4d70739a/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java
----------------------------------------------------------------------
diff --git a/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java
b/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java
index a36b942..888913a 100644
--- a/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java
+++ b/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java
@@ -18,7 +18,9 @@ package org.apache.accumulo.monitor;
 
 import javax.servlet.http.HttpServlet;
 
+import org.apache.accumulo.core.conf.AccumuloConfiguration;
 import org.apache.accumulo.core.conf.Property;
+import org.apache.hadoop.util.StringUtils;
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.server.nio.SelectChannelConnector;
 import org.eclipse.jetty.server.session.SessionHandler;
@@ -40,18 +42,27 @@ public class EmbeddedWebServer {
 
   public EmbeddedWebServer(String host, int port) {
     server = new Server();
-    if (EMPTY.equals(Monitor.getSystemConfiguration().get(Property.MONITOR_SSL_KEYSTORE))
-        || EMPTY.equals(Monitor.getSystemConfiguration().get(Property.MONITOR_SSL_KEYSTOREPASS))
-        || EMPTY.equals(Monitor.getSystemConfiguration().get(Property.MONITOR_SSL_TRUSTSTORE))
|| EMPTY.equals(Monitor.getSystemConfiguration().get(
-Property.MONITOR_SSL_TRUSTSTOREPASS))) {
+    final AccumuloConfiguration conf = Monitor.getSystemConfiguration();
+    if (EMPTY.equals(conf.get(Property.MONITOR_SSL_KEYSTORE)) || EMPTY.equals(conf.get(Property.MONITOR_SSL_KEYSTOREPASS))
+        || EMPTY.equals(conf.get(Property.MONITOR_SSL_TRUSTSTORE)) || EMPTY.equals(conf.get(Property.MONITOR_SSL_TRUSTSTOREPASS)))
{
       connector = new SelectChannelConnector();
       usingSsl = false;
     } else {
       SslContextFactory sslContextFactory = new SslContextFactory();
-      sslContextFactory.setKeyStorePath(Monitor.getSystemConfiguration().get(Property.MONITOR_SSL_KEYSTORE));
-      sslContextFactory.setKeyStorePassword(Monitor.getSystemConfiguration().get(Property.MONITOR_SSL_KEYSTOREPASS));
-      sslContextFactory.setTrustStore(Monitor.getSystemConfiguration().get(Property.MONITOR_SSL_TRUSTSTORE));
-      sslContextFactory.setTrustStorePassword(Monitor.getSystemConfiguration().get(Property.MONITOR_SSL_TRUSTSTOREPASS));
+      sslContextFactory.setKeyStorePath(conf.get(Property.MONITOR_SSL_KEYSTORE));
+      sslContextFactory.setKeyStorePassword(conf.get(Property.MONITOR_SSL_KEYSTOREPASS));
+      sslContextFactory.setTrustStore(conf.get(Property.MONITOR_SSL_TRUSTSTORE));
+      sslContextFactory.setTrustStorePassword(conf.get(Property.MONITOR_SSL_TRUSTSTOREPASS));
+
+      final String includedCiphers = conf.get(Property.MONITOR_SSL_INCLUDE_CIPHERS);
+      if (!Property.MONITOR_SSL_INCLUDE_CIPHERS.getDefaultValue().equals(includedCiphers))
{
+        sslContextFactory.setIncludeCipherSuites(StringUtils.split(includedCiphers, ','));
+      }
+
+      final String excludedCiphers = conf.get(Property.MONITOR_SSL_EXCLUDE_CIPHERS);
+      if (!Property.MONITOR_SSL_EXCLUDE_CIPHERS.getDefaultValue().equals(excludedCiphers))
{
+        sslContextFactory.setExcludeCipherSuites(StringUtils.split(excludedCiphers, ','));
+      }
 
       connector = new SslSelectChannelConnector(sslContextFactory);
       usingSsl = true;


Mime
View raw message