accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From els...@apache.org
Subject [2/3] git commit: ACCUMULO-3052 Allow configuration of SSL cipher suites
Date Thu, 07 Aug 2014 02:32:49 GMT
ACCUMULO-3052 Allow configuration of SSL cipher suites


Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/20aecf7d
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/20aecf7d
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/20aecf7d

Branch: refs/heads/master
Commit: 20aecf7d6feced222995b013f58c654fdba42db6
Parents: cc30021
Author: Josh Elser <elserj@apache.org>
Authored: Wed Aug 6 22:21:16 2014 -0400
Committer: Josh Elser <elserj@apache.org>
Committed: Wed Aug 6 22:21:16 2014 -0400

----------------------------------------------------------------------
 .../org/apache/accumulo/core/conf/Property.java    |  2 ++
 .../accumulo/core/util/SslConnectionParams.java    | 17 ++++++++++++++++-
 2 files changed, 18 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/accumulo/blob/20aecf7d/core/src/main/java/org/apache/accumulo/core/conf/Property.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/accumulo/core/conf/Property.java b/core/src/main/java/org/apache/accumulo/core/conf/Property.java
index 3a794a4..54d13e6 100644
--- a/core/src/main/java/org/apache/accumulo/core/conf/Property.java
+++ b/core/src/main/java/org/apache/accumulo/core/conf/Property.java
@@ -98,6 +98,8 @@ public enum Property {
   RPC_SSL_TRUSTSTORE_TYPE("rpc.javax.net.ssl.trustStoreType", "jks", PropertyType.STRING,
"Type of SSL truststore"),
   RPC_USE_JSSE("rpc.useJsse", "false", PropertyType.BOOLEAN, "Use JSSE system properties
to configure SSL rather than the " + RPC_PREFIX.getKey()
       + "javax.net.ssl.* Accumulo properties"),
+  RPC_SSL_CIPHER_SUITES("rpc.ssl.cipher.suites", "", PropertyType.STRING, "Comma separated
list of cipher suites that can be used by accepted connections"),
+
   // instance properties (must be the same for every node in an instance)
   INSTANCE_PREFIX("instance.", null, PropertyType.PREFIX,
       "Properties in this category must be consistent throughout a cloud. This is enforced
and servers won't be able to communicate if these differ."),

http://git-wip-us.apache.org/repos/asf/accumulo/blob/20aecf7d/core/src/main/java/org/apache/accumulo/core/util/SslConnectionParams.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/accumulo/core/util/SslConnectionParams.java b/core/src/main/java/org/apache/accumulo/core/util/SslConnectionParams.java
index 6fde38a..652f768 100644
--- a/core/src/main/java/org/apache/accumulo/core/util/SslConnectionParams.java
+++ b/core/src/main/java/org/apache/accumulo/core/util/SslConnectionParams.java
@@ -22,6 +22,7 @@ import java.net.URL;
 
 import org.apache.accumulo.core.conf.AccumuloConfiguration;
 import org.apache.accumulo.core.conf.Property;
+import org.apache.hadoop.util.StringUtils;
 import org.apache.log4j.Logger;
 import org.apache.thrift.transport.TSSLTransportFactory.TSSLTransportParameters;
 
@@ -41,6 +42,8 @@ public class SslConnectionParams  {
   private String trustStorePass;
   private String trustStoreType;
 
+  private String[] cipherSuites;
+
   public static SslConnectionParams forConfig(AccumuloConfiguration conf, boolean server)
{
     if (!conf.getBoolean(Property.INSTANCE_RPC_SSL_ENABLED))
       return null;
@@ -66,6 +69,11 @@ public class SslConnectionParams  {
       throw new IllegalArgumentException("Could not load configured keystore file", e);
     }
 
+    String ciphers = conf.get(Property.RPC_SSL_CIPHER_SUITES);
+    if (null != ciphers && !ciphers.isEmpty()) {
+      result.cipherSuites = StringUtils.split(ciphers, ',');
+    }
+
     return result;
   }
 
@@ -145,7 +153,14 @@ public class SslConnectionParams  {
   public TSSLTransportParameters getTTransportParams() {
     if (useJsse)
       throw new IllegalStateException("Cannot get TTransportParams for JSEE configuration.");
-    TSSLTransportParameters params = new TSSLTransportParameters();
+    TSSLTransportParameters params;
+    if (null != cipherSuites) {
+      // TLS is the default value used in thrift 0.9.1
+      params = new TSSLTransportParameters("TLS", cipherSuites);
+    } else {
+      params = new TSSLTransportParameters();
+    }
+
     params.requireClientAuth(clientAuth);
     if (keyStoreSet) {
       params.setKeyStore(keyStorePath, keyStorePass, null, keyStoreType);


Mime
View raw message