You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2019/09/18 07:20:27 UTC
[ranger] branch master updated: RANGER-2567: Ranger fails to
connect wired Solr
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new a94f6e0 RANGER-2567: Ranger fails to connect wired Solr
a94f6e0 is described below
commit a94f6e0d1f39ea51743ea54849313d198237e70f
Author: Pradeep <pr...@apache.org>
AuthorDate: Fri Sep 13 14:20:14 2019 +0530
RANGER-2567: Ranger fails to connect wired Solr
---
.../audit/destination/SolrAuditDestination.java | 156 ++++++++++++++++++++
.../ranger/audit/provider/BaseAuditHandler.java | 20 +++
.../hadoop/config/RangerConfiguration.java | 49 ++++++-
.../hadoop/utils/RangerCredentialProvider.java | 38 ++---
.../ranger/server/tomcat/EmbeddedServer.java | 162 +++++++++++++++++++++
5 files changed, 405 insertions(+), 20 deletions(-)
diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java b/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java
index 35487e9..7631e58 100644
--- a/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java
+++ b/agents-audit/src/main/java/org/apache/ranger/audit/destination/SolrAuditDestination.java
@@ -19,6 +19,7 @@
package org.apache.ranger.audit.destination;
+import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ranger.audit.model.AuditEventBase;
@@ -36,13 +37,32 @@ import org.apache.solr.client.solrj.response.UpdateResponse;
import org.apache.solr.common.SolrException;
import org.apache.solr.common.SolrInputDocument;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.io.InputStream;
import java.lang.reflect.Field;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedExceptionAction;
+import java.security.SecureRandom;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Properties;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+
import java.util.Arrays;
import java.util.Optional;
@@ -84,6 +104,12 @@ public class SolrAuditDestination extends AuditDestination {
synchronized(SolrAuditDestination.class) {
me = solrClient;
if (solrClient == null) {
+ KeyManager[] kmList = getKeyManagers();
+ TrustManager[] tmList = getTrustManagers();
+ SSLContext sslContext = getSSLContext(kmList, tmList);
+ if(sslContext != null) {
+ SSLContext.setDefault(sslContext);
+ }
String urls = MiscUtil.getStringProperty(props, propPrefix
+ "." + PROP_SOLR_URLS);
if (urls != null) {
@@ -321,4 +347,134 @@ public class SolrAuditDestination extends AuditDestination {
}
LOG.info("<==SolrAuditDestination.init()" );
}
+
+ private KeyManager[] getKeyManagers() {
+ KeyManager[] kmList = null;
+ String credentialProviderPath = MiscUtil.getStringProperty(props, RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL);
+ String keyStoreAlias = RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL_ALIAS;
+ String keyStoreFile = MiscUtil.getStringProperty(props, RANGER_POLICYMGR_CLIENT_KEY_FILE);
+ String keyStoreFilepwd = MiscUtil.getCredentialString(credentialProviderPath, keyStoreAlias);
+ if (StringUtils.isNotEmpty(keyStoreFile) && StringUtils.isNotEmpty(keyStoreFilepwd)) {
+ InputStream in = null;
+
+ try {
+ in = getFileInputStream(keyStoreFile);
+
+ if (in != null) {
+ String keyStoreType = MiscUtil.getStringProperty(props, RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE);
+ keyStoreType = StringUtils.isNotEmpty(keyStoreType) ? keyStoreType : RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE_DEFAULT;
+ KeyStore keyStore = KeyStore.getInstance(keyStoreType);
+
+ keyStore.load(in, keyStoreFilepwd.toCharArray());
+
+ KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(RANGER_SSL_KEYMANAGER_ALGO_TYPE);
+
+ keyManagerFactory.init(keyStore, keyStoreFilepwd.toCharArray());
+
+ kmList = keyManagerFactory.getKeyManagers();
+ } else {
+ LOG.error("Unable to obtain keystore from file [" + keyStoreFile + "]");
+ }
+ } catch (KeyStoreException e) {
+ LOG.error("Unable to obtain from KeyStore :" + e.getMessage(), e);
+ } catch (NoSuchAlgorithmException e) {
+ LOG.error("SSL algorithm is NOT available in the environment", e);
+ } catch (CertificateException e) {
+ LOG.error("Unable to obtain the requested certification ", e);
+ } catch (FileNotFoundException e) {
+ LOG.error("Unable to find the necessary SSL Keystore Files", e);
+ } catch (IOException e) {
+ LOG.error("Unable to read the necessary SSL Keystore Files", e);
+ } catch (UnrecoverableKeyException e) {
+ LOG.error("Unable to recover the key from keystore", e);
+ } finally {
+ close(in, keyStoreFile);
+ }
+ }
+
+ return kmList;
+ }
+
+ private TrustManager[] getTrustManagers() {
+ TrustManager[] tmList = null;
+ String credentialProviderPath = MiscUtil.getStringProperty(props, RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL);
+ String trustStoreAlias = RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL_ALIAS;
+ String trustStoreFile = MiscUtil.getStringProperty(props, RANGER_POLICYMGR_TRUSTSTORE_FILE);
+ String trustStoreFilepwd = MiscUtil.getCredentialString(credentialProviderPath, trustStoreAlias);
+ if (StringUtils.isNotEmpty(trustStoreFile) && StringUtils.isNotEmpty(trustStoreFilepwd)) {
+ InputStream in = null;
+
+ try {
+ in = getFileInputStream(trustStoreFile);
+
+ if (in != null) {
+ String trustStoreType = MiscUtil.getStringProperty(props, RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE);
+ trustStoreType = StringUtils.isNotEmpty(trustStoreType) ? trustStoreType : RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE_DEFAULT;
+ KeyStore trustStore = KeyStore.getInstance(trustStoreType);
+
+ trustStore.load(in, trustStoreFilepwd.toCharArray());
+
+ TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(RANGER_SSL_TRUSTMANAGER_ALGO_TYPE);
+
+ trustManagerFactory.init(trustStore);
+
+ tmList = trustManagerFactory.getTrustManagers();
+ } else {
+ LOG.error("Unable to obtain truststore from file [" + trustStoreFile + "]");
+ }
+ } catch (KeyStoreException e) {
+ LOG.error("Unable to obtain from KeyStore", e);
+ } catch (NoSuchAlgorithmException e) {
+ LOG.error("SSL algorithm is NOT available in the environment :" + e.getMessage(), e);
+ } catch (CertificateException e) {
+ LOG.error("Unable to obtain the requested certification :" + e.getMessage(), e);
+ } catch (FileNotFoundException e) {
+ LOG.error("Unable to find the necessary SSL TrustStore File:" + trustStoreFile, e);
+ } catch (IOException e) {
+ LOG.error("Unable to read the necessary SSL TrustStore Files :" + trustStoreFile, e);
+ } finally {
+ close(in, trustStoreFile);
+ }
+ }
+
+ return tmList;
+ }
+
+ private SSLContext getSSLContext(KeyManager[] kmList, TrustManager[] tmList) {
+ SSLContext sslContext = null;
+ try {
+ sslContext = SSLContext.getInstance(RANGER_SSL_CONTEXT_ALGO_TYPE);
+ if (sslContext != null) {
+ sslContext.init(kmList, tmList, new SecureRandom());
+ }
+ } catch (NoSuchAlgorithmException e) {
+ LOG.error("SSL algorithm is not available in the environment", e);
+ } catch (KeyManagementException e) {
+ LOG.error("Unable to initialise the SSLContext", e);
+ }
+ return sslContext;
+ }
+
+ private InputStream getFileInputStream(String fileName) throws IOException {
+ InputStream in = null;
+ if (StringUtils.isNotEmpty(fileName)) {
+ File file = new File(fileName);
+ if (file != null && file.exists()) {
+ in = new FileInputStream(file);
+ } else {
+ in = ClassLoader.getSystemResourceAsStream(fileName);
+ }
+ }
+ return in;
+ }
+
+ private void close(InputStream str, String filename) {
+ if (str != null) {
+ try {
+ str.close();
+ } catch (IOException excp) {
+ LOG.error("Error while closing file: [" + filename + "]", excp);
+ }
+ }
+ }
}
diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java b/agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java
index dac5c94..6138ca0 100644
--- a/agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java
+++ b/agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditHandler.java
@@ -28,11 +28,31 @@ import com.google.gson.GsonBuilder;
import java.util.*;
import java.util.concurrent.atomic.AtomicLong;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.TrustManagerFactory;
+
public abstract class BaseAuditHandler implements AuditHandler {
private static final Log LOG = LogFactory.getLog(BaseAuditHandler.class);
static final String AUDIT_LOG_FAILURE_REPORT_MIN_INTERVAL_PROP = "xasecure.audit.log.failure.report.min.interval.ms";
protected static final String AUDIT_DB_CREDENTIAL_PROVIDER_FILE = "xasecure.audit.credential.provider.file";
+
+ public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE = "xasecure.policymgr.clientssl.keystore";
+ public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE = "xasecure.policymgr.clientssl.keystore.type";
+ public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL = "xasecure.policymgr.clientssl.keystore.credential.file";
+ public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_CREDENTIAL_ALIAS = "sslKeyStore";
+ public static final String RANGER_POLICYMGR_CLIENT_KEY_FILE_TYPE_DEFAULT = "jks";
+
+ public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE = "xasecure.policymgr.clientssl.truststore";
+ public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE = "xasecure.policymgr.clientssl.truststore.type";
+ public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL = "xasecure.policymgr.clientssl.truststore.credential.file";
+ public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_CREDENTIAL_ALIAS = "sslTrustStore";
+ public static final String RANGER_POLICYMGR_TRUSTSTORE_FILE_TYPE_DEFAULT = "jks";
+
+ public static final String RANGER_SSL_KEYMANAGER_ALGO_TYPE = KeyManagerFactory.getDefaultAlgorithm();
+ public static final String RANGER_SSL_TRUSTMANAGER_ALGO_TYPE = TrustManagerFactory.getDefaultAlgorithm();
+ public static final String RANGER_SSL_CONTEXT_ALGO_TYPE = "TLS";
+
public static final String PROP_CONFIG = "config";
private int mLogFailureReportMinIntervalInMs = 60 * 1000;
diff --git a/agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerConfiguration.java b/agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerConfiguration.java
index 0c2e473..481fbcc 100644
--- a/agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerConfiguration.java
+++ b/agents-common/src/main/java/org/apache/ranger/authorization/hadoop/config/RangerConfiguration.java
@@ -20,6 +20,7 @@
package org.apache.ranger.authorization.hadoop.config;
+import java.io.File;
import java.net.URL;
import java.util.Properties;
@@ -39,7 +40,8 @@ public class RangerConfiguration extends Configuration {
public void addResourcesForServiceType(String serviceType) {
String auditCfg = "ranger-" + serviceType + "-audit.xml";
String securityCfg = "ranger-" + serviceType + "-security.xml";
-
+ String sslCfg = "ranger-" + serviceType + "-policymgr-ssl.xml";
+
if ( !addResourceIfReadable(auditCfg)) {
addAuditResource(serviceType);
}
@@ -47,6 +49,11 @@ public class RangerConfiguration extends Configuration {
if ( !addResourceIfReadable(securityCfg)) {
addSecurityResource(serviceType);
}
+
+ if ( !addResourceIfReadable(sslCfg)) {
+ addSslConfigResource(serviceType);
+ }
+
}
public boolean addAdminResources() {
@@ -185,4 +192,44 @@ public class RangerConfiguration extends Configuration {
}
}
+ private void addSslConfigResource(String serviceType) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("==> addSslConfigResource(Service Type: " + serviceType);
+ }
+ try {
+ String sslConfigFile = config.get(RangerLegacyConfigBuilder.getPropertyName(RangerConfigConstants.RANGER_PLUGIN_REST_SSL_CONFIG_FILE, serviceType));
+ URL url = getSSLConfigResource(sslConfigFile);
+ if (url != null) {
+ addResource(url);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("SSL config file URL:" + url.getPath());
+ }
+ }
+ } catch (Throwable t) {
+ LOG.warn(" Unable to find SSL Configs");
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(" Unable to find SSL Configs");
+ }
+ }
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("<== addSslConfigResource(Service Type: " + serviceType + ")");
+ }
+ }
+
+ private URL getSSLConfigResource(String fileName) throws Throwable {
+ URL ret = null;
+ try {
+ if (fileName != null) {
+ File f = new File(fileName);
+ if (f.exists() && f.canRead()) {
+ ret = f.toURI().toURL();
+ }
+ }
+ } catch (Throwable t) {
+ LOG.error("Unable to read SSL configuration file:" + fileName);
+ throw t;
+ }
+ return ret;
+ }
+
}
diff --git a/agents-cred/src/main/java/org/apache/ranger/authorization/hadoop/utils/RangerCredentialProvider.java b/agents-cred/src/main/java/org/apache/ranger/authorization/hadoop/utils/RangerCredentialProvider.java
index 61d0f21..07bae00 100644
--- a/agents-cred/src/main/java/org/apache/ranger/authorization/hadoop/utils/RangerCredentialProvider.java
+++ b/agents-cred/src/main/java/org/apache/ranger/authorization/hadoop/utils/RangerCredentialProvider.java
@@ -43,18 +43,18 @@ public final class RangerCredentialProvider {
}
public String getCredentialString(String url, String alias) {
- List<CredentialProvider> providers = getCredentialProviders(url);
-
- if (providers != null) {
- for (CredentialProvider provider : providers) {
- try {
- CredentialProvider.CredentialEntry credEntry = provider.getCredentialEntry(alias);
-
- if (credEntry != null && credEntry.getCredential() != null) {
- return new String(credEntry.getCredential());
+ if (url != null && alias != null) {
+ List<CredentialProvider> providers = getCredentialProviders(url);
+ if (providers != null) {
+ for (CredentialProvider provider : providers) {
+ try {
+ CredentialProvider.CredentialEntry credEntry = provider.getCredentialEntry(alias);
+ if (credEntry != null && credEntry.getCredential() != null) {
+ return new String(credEntry.getCredential());
+ }
+ } catch (Exception ie) {
+ LOG.error("Unable to get the Credential Provider from the Configuration", ie);
}
- } catch(Exception ie) {
- LOG.error("Unable to get the Credential Provider from the Configuration", ie);
}
}
}
@@ -62,14 +62,14 @@ public final class RangerCredentialProvider {
}
List<CredentialProvider> getCredentialProviders(String url) {
- try {
- Configuration conf = new Configuration();
-
- conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, url);
-
- return CredentialProviderFactory.getProviders(conf);
- } catch(Exception ie) {
- LOG.error("Unable to get the Credential Provider from the Configuration", ie);
+ if (url != null) {
+ try {
+ Configuration conf = new Configuration();
+ conf.set(CredentialProviderFactory.CREDENTIAL_PROVIDER_PATH, url);
+ return CredentialProviderFactory.getProviders(conf);
+ } catch (Exception ie) {
+ LOG.error("Unable to get the Credential Provider from the Configuration", ie);
+ }
}
return null;
}
diff --git a/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java b/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
index b39212a..295fcb9 100644
--- a/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
+++ b/embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
@@ -20,11 +20,22 @@
package org.apache.ranger.server.tomcat;
import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
import java.io.IOException;
+import java.io.InputStream;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedAction;
+import java.security.SecureRandom;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
import java.util.Date;
import java.util.Iterator;
import java.util.Properties;
+import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.List;
@@ -33,12 +44,20 @@ import org.apache.catalina.LifecycleException;
import org.apache.catalina.connector.Connector;
import org.apache.catalina.startup.Tomcat;
import org.apache.catalina.valves.AccessLogValve;
+import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.security.SecureClientLogin;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.alias.CredentialProvider;
import org.apache.hadoop.security.alias.CredentialProviderFactory;
import org.apache.hadoop.security.alias.JavaKeyStoreProvider;
+import org.apache.ranger.authorization.hadoop.utils.RangerCredentialProvider;
import org.apache.ranger.plugin.util.XMLUtils;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
import javax.security.auth.Subject;
public class EmbeddedServer {
@@ -64,6 +83,11 @@ public class EmbeddedServer {
private static final String ADMIN_SERVER_NAME = "rangeradmin";
private Properties serverConfigProperties = new Properties();
+ public static final String RANGER_KEYSTORE_FILE_TYPE_DEFAULT = "jks";
+ public static final String RANGER_TRUSTSTORE_FILE_TYPE_DEFAULT = "jks";
+ public static final String RANGER_SSL_CONTEXT_ALGO_TYPE = "TLS";
+ public static final String RANGER_SSL_KEYMANAGER_ALGO_TYPE = KeyManagerFactory.getDefaultAlgorithm();
+ public static final String RANGER_SSL_TRUSTMANAGER_ALGO_TYPE = TrustManagerFactory.getDefaultAlgorithm();
public static void main(String[] args) {
new EmbeddedServer(args).start();
@@ -83,6 +107,10 @@ public class EmbeddedServer {
public static String DEFAULT_SHUTDOWN_COMMAND = "SHUTDOWN";
public void start() {
+ SSLContext sslContext = getSSLContext();
+ if (sslContext != null) {
+ SSLContext.setDefault(sslContext);
+ }
final Tomcat server = new Tomcat();
String logDir = null;
@@ -448,4 +476,138 @@ public class EmbeddedServer {
}
return credential;
}
+
+ private SSLContext getSSLContext() {
+ KeyManager[] kmList = getKeyManagers();
+ TrustManager[] tmList = getTrustManagers();
+ SSLContext sslContext = null;
+ if (tmList != null) {
+ try {
+ sslContext = SSLContext.getInstance(RANGER_SSL_CONTEXT_ALGO_TYPE);
+ sslContext.init(kmList, tmList, new SecureRandom());
+ } catch (NoSuchAlgorithmException e) {
+ LOG.severe("SSL algorithm is not available in the environment. Reason: " + e.toString());
+ } catch (KeyManagementException e) {
+ LOG.severe("Unable to initials the SSLContext. Reason: " + e.toString());
+ }
+ }
+ return sslContext;
+ }
+
+ private KeyManager[] getKeyManagers() {
+ KeyManager[] kmList = null;
+ String keyStoreFile = getConfig("ranger.keystore.file");
+ String keyStoreAlias = getConfig("ranger.keystore.alias");
+ String credentialProviderPath = getConfig("ranger.credential.provider.path");
+ String keyStoreFilepwd = getCredential(credentialProviderPath, keyStoreAlias);
+
+ if (StringUtils.isNotEmpty(keyStoreFile) && StringUtils.isNotEmpty(keyStoreFilepwd)) {
+ InputStream in = null;
+
+ try {
+ in = getFileInputStream(keyStoreFile);
+
+ if (in != null) {
+ KeyStore keyStore = KeyStore.getInstance(RANGER_KEYSTORE_FILE_TYPE_DEFAULT);
+
+ keyStore.load(in, keyStoreFilepwd.toCharArray());
+
+ KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(RANGER_SSL_KEYMANAGER_ALGO_TYPE);
+
+ keyManagerFactory.init(keyStore, keyStoreFilepwd.toCharArray());
+
+ kmList = keyManagerFactory.getKeyManagers();
+ } else {
+ LOG.severe("Unable to obtain keystore from file [" + keyStoreFile + "]");
+ }
+ } catch (KeyStoreException e) {
+ LOG.log(Level.SEVERE, "Unable to obtain from KeyStore :" + e.getMessage(), e);
+ } catch (NoSuchAlgorithmException e) {
+ LOG.log(Level.SEVERE, "SSL algorithm is NOT available in the environment", e);
+ } catch (CertificateException e) {
+ LOG.log(Level.SEVERE, "Unable to obtain the requested certification ", e);
+ } catch (FileNotFoundException e) {
+ LOG.log(Level.SEVERE, "Unable to find the necessary SSL Keystore Files", e);
+ } catch (IOException e) {
+ LOG.log(Level.SEVERE, "Unable to read the necessary SSL Keystore Files", e);
+ } catch (UnrecoverableKeyException e) {
+ LOG.log(Level.SEVERE, "Unable to recover the key from keystore", e);
+ } finally {
+ close(in, keyStoreFile);
+ }
+ }
+ return kmList;
+ }
+
+ private TrustManager[] getTrustManagers() {
+ TrustManager[] tmList = null;
+ String truststoreFile = getConfig("ranger.truststore.file");
+ String truststoreAlias = getConfig("ranger.truststore.alias");
+ String credentialProviderPath = getConfig("ranger.credential.provider.path");
+ String trustStoreFilepwd = getCredential(credentialProviderPath, truststoreAlias);
+
+ if (StringUtils.isNotEmpty(truststoreFile) && StringUtils.isNotEmpty(trustStoreFilepwd)) {
+ InputStream in = null;
+
+ try {
+ in = getFileInputStream(truststoreFile);
+
+ if (in != null) {
+ KeyStore trustStore = KeyStore.getInstance(RANGER_TRUSTSTORE_FILE_TYPE_DEFAULT);
+
+ trustStore.load(in, trustStoreFilepwd.toCharArray());
+
+ TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(RANGER_SSL_TRUSTMANAGER_ALGO_TYPE);
+
+ trustManagerFactory.init(trustStore);
+
+ tmList = trustManagerFactory.getTrustManagers();
+ } else {
+ LOG.log(Level.SEVERE, "Unable to obtain truststore from file [" + truststoreFile + "]");
+ }
+ } catch (KeyStoreException e) {
+ LOG.log(Level.SEVERE, "Unable to obtain from KeyStore", e);
+ } catch (NoSuchAlgorithmException e) {
+ LOG.log(Level.SEVERE, "SSL algorithm is NOT available in the environment :" + e.getMessage(), e);
+ } catch (CertificateException e) {
+ LOG.log(Level.SEVERE, "Unable to obtain the requested certification :" + e.getMessage(), e);
+ } catch (FileNotFoundException e) {
+ LOG.log(Level.SEVERE, "Unable to find the necessary SSL TrustStore File:" + truststoreFile, e);
+ } catch (IOException e) {
+ LOG.log(Level.SEVERE, "Unable to read the necessary SSL TrustStore Files :" + truststoreFile, e);
+ } finally {
+ close(in, truststoreFile);
+ }
+ }
+
+ return tmList;
+ }
+
+ private String getCredential(String url, String alias) {
+ return RangerCredentialProvider.getInstance().getCredentialString(url, alias);
+ }
+
+ private InputStream getFileInputStream(String fileName) throws IOException {
+ InputStream in = null;
+ if (StringUtils.isNotEmpty(fileName)) {
+ File f = new File(fileName);
+ if (f.exists()) {
+ in = new FileInputStream(f);
+ } else {
+ in = ClassLoader.getSystemResourceAsStream(fileName);
+ }
+ }
+ return in;
+ }
+
+ private void close(InputStream str, String filename) {
+ if (str != null) {
+ try {
+ str.close();
+ } catch (IOException excp) {
+ LOG.log(Level.SEVERE, "Error while closing file: [" + filename + "]", excp);
+ }
+ }
+ }
+
}