You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@flume.apache.org by ja...@apache.org on 2014/11/12 16:35:38 UTC
flume git commit: FLUME-2549: Enable SSLv2Hello for HttpSource
Repository: flume
Updated Branches:
refs/heads/trunk 8c7f69360 -> 94b25aebc
FLUME-2549: Enable SSLv2Hello for HttpSource
(Hari Shreedharan via Jarek Jarcec Cecho)
Project: http://git-wip-us.apache.org/repos/asf/flume/repo
Commit: http://git-wip-us.apache.org/repos/asf/flume/commit/94b25aeb
Tree: http://git-wip-us.apache.org/repos/asf/flume/tree/94b25aeb
Diff: http://git-wip-us.apache.org/repos/asf/flume/diff/94b25aeb
Branch: refs/heads/trunk
Commit: 94b25aebc6d90480bb00898de4b98257cc7d8cbb
Parents: 8c7f693
Author: Jarek Jarcec Cecho <ja...@apache.org>
Authored: Wed Nov 12 07:35:06 2014 -0800
Committer: Jarek Jarcec Cecho <ja...@apache.org>
Committed: Wed Nov 12 07:35:06 2014 -0800
----------------------------------------------------------------------
.../apache/flume/source/http/HTTPSource.java | 23 +++++-
.../http/HTTPSourceConfigurationConstants.java | 1 +
.../flume/source/http/TestHTTPSource.java | 79 +-------------------
flume-ng-doc/sphinx/FlumeUserGuide.rst | 31 ++++----
4 files changed, 39 insertions(+), 95 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/flume/blob/94b25aeb/flume-ng-core/src/main/java/org/apache/flume/source/http/HTTPSource.java
----------------------------------------------------------------------
diff --git a/flume-ng-core/src/main/java/org/apache/flume/source/http/HTTPSource.java b/flume-ng-core/src/main/java/org/apache/flume/source/http/HTTPSource.java
index 4b2717c..b520b03 100644
--- a/flume-ng-core/src/main/java/org/apache/flume/source/http/HTTPSource.java
+++ b/flume-ng-core/src/main/java/org/apache/flume/source/http/HTTPSource.java
@@ -93,6 +93,7 @@ public class HTTPSource extends AbstractSource implements
private volatile String keyStorePath;
private volatile String keyStorePassword;
private volatile Boolean sslEnabled;
+ private final List<String> excludedProtocols = new LinkedList<String>();
@Override
@@ -120,7 +121,18 @@ public class HTTPSource extends AbstractSource implements
Preconditions.checkArgument(keyStorePath != null && !keyStorePath.isEmpty(),
"Keystore is required for SSL Conifguration" );
keyStorePassword = context.getString(HTTPSourceConfigurationConstants.SSL_KEYSTORE_PASSWORD);
- Preconditions.checkArgument(keyStorePassword != null, "Keystore password is required for SSL Configuration");
+ Preconditions.checkArgument(keyStorePassword != null,
+ "Keystore password is required for SSL Configuration");
+ String excludeProtocolsStr = context.getString(HTTPSourceConfigurationConstants
+ .EXCLUDE_PROTOCOLS);
+ if (excludeProtocolsStr == null) {
+ excludedProtocols.add("SSLv3");
+ } else {
+ excludedProtocols.addAll(Arrays.asList(excludeProtocolsStr.split(" ")));
+ if (!excludedProtocols.contains("SSLv3")) {
+ excludedProtocols.add("SSLv3");
+ }
+ }
}
@@ -172,7 +184,7 @@ public class HTTPSource extends AbstractSource implements
if (sslEnabled) {
- SslSocketConnector sslSocketConnector = new HTTPSourceSocketConnector();
+ SslSocketConnector sslSocketConnector = new HTTPSourceSocketConnector(excludedProtocols);
sslSocketConnector.setKeystore(keyStorePath);
sslSocketConnector.setKeyPassword(keyStorePassword);
sslSocketConnector.setReuseAddress(true);
@@ -274,6 +286,11 @@ public class HTTPSource extends AbstractSource implements
private static class HTTPSourceSocketConnector extends SslSocketConnector {
+ private final List<String> excludedProtocols;
+ HTTPSourceSocketConnector(List<String> excludedProtocols) {
+ this.excludedProtocols = excludedProtocols;
+ }
+
@Override
public ServerSocket newServerSocket(String host, int port,
int backlog) throws IOException {
@@ -282,7 +299,7 @@ public class HTTPSource extends AbstractSource implements
String[] protocols = socket.getEnabledProtocols();
List<String> newProtocols = new ArrayList<String>(protocols.length);
for(String protocol: protocols) {
- if (!(protocol.equals("SSLv3") || protocol.equals("SSLv2Hello"))) {
+ if (!excludedProtocols.contains(protocol)) {
newProtocols.add(protocol);
}
}
http://git-wip-us.apache.org/repos/asf/flume/blob/94b25aeb/flume-ng-core/src/main/java/org/apache/flume/source/http/HTTPSourceConfigurationConstants.java
----------------------------------------------------------------------
diff --git a/flume-ng-core/src/main/java/org/apache/flume/source/http/HTTPSourceConfigurationConstants.java b/flume-ng-core/src/main/java/org/apache/flume/source/http/HTTPSourceConfigurationConstants.java
index ed52827..86caf7d 100644
--- a/flume-ng-core/src/main/java/org/apache/flume/source/http/HTTPSourceConfigurationConstants.java
+++ b/flume-ng-core/src/main/java/org/apache/flume/source/http/HTTPSourceConfigurationConstants.java
@@ -37,5 +37,6 @@ public class HTTPSourceConfigurationConstants {
public static final String SSL_KEYSTORE = "keystore";
public static final String SSL_KEYSTORE_PASSWORD = "keystorePassword";
public static final String SSL_ENABLED = "enableSSL";
+ public static final String EXCLUDE_PROTOCOLS = "excludeProtocols";
}
http://git-wip-us.apache.org/repos/asf/flume/blob/94b25aeb/flume-ng-core/src/test/java/org/apache/flume/source/http/TestHTTPSource.java
----------------------------------------------------------------------
diff --git a/flume-ng-core/src/test/java/org/apache/flume/source/http/TestHTTPSource.java b/flume-ng-core/src/test/java/org/apache/flume/source/http/TestHTTPSource.java
index 64111be..c59fdd4 100644
--- a/flume-ng-core/src/test/java/org/apache/flume/source/http/TestHTTPSource.java
+++ b/flume-ng-core/src/test/java/org/apache/flume/source/http/TestHTTPSource.java
@@ -321,11 +321,6 @@ public class TestHTTPSource {
doTestHttps("SSLv3");
}
- @Test (expected = javax.net.ssl.SSLHandshakeException.class)
- public void testHttpsSSLv2Hello() throws Exception {
- doTestHttps("SSLv2Hello");
- }
-
public void doTestHttps(String protocol) throws Exception {
Type listType = new TypeToken<List<JSONEvent>>() {
}.getType();
@@ -384,7 +379,7 @@ public class TestHTTPSource {
if(protocol != null) {
factory = new DisabledProtocolsSocketFactory(sc.getSocketFactory(), protocol);
} else {
- factory = new EnabledProtocolsSocketFactory(sc.getSocketFactory());
+ factory = sc.getSocketFactory();
}
HttpsURLConnection.setDefaultSSLSocketFactory(factory);
HttpsURLConnection.setDefaultHostnameVerifier(
@@ -498,78 +493,8 @@ public class TestHTTPSource {
DisabledProtocolsSocketFactory(javax.net.ssl.SSLSocketFactory factory, String protocol) {
this.socketFactory = factory;
- if(protocol.equals("SSLv2Hello")) {
- protocols = new String[2];
- protocols[0] = "TLSv1";
- protocols[1] = protocol;
- } else {
- protocols = new String[1];
- protocols[0] = protocol;
- }
- }
-
- @Override
- public String[] getDefaultCipherSuites() {
- return socketFactory.getDefaultCipherSuites();
- }
-
- @Override
- public String[] getSupportedCipherSuites() {
- return socketFactory.getSupportedCipherSuites();
- }
-
- @Override
- public Socket createSocket(Socket socket, String s, int i, boolean b)
- throws IOException {
- SSLSocket sc = (SSLSocket) socketFactory.createSocket(socket, s, i, b);
- sc.setEnabledProtocols(protocols);
- return sc;
- }
-
- @Override
- public Socket createSocket(String s, int i)
- throws IOException, UnknownHostException {
- SSLSocket sc = (SSLSocket)socketFactory.createSocket(s, i);
- sc.setEnabledProtocols(protocols);
- return sc;
- }
-
- @Override
- public Socket createSocket(String s, int i, InetAddress inetAddress, int i2)
- throws IOException, UnknownHostException {
- SSLSocket sc = (SSLSocket)socketFactory.createSocket(s, i, inetAddress,
- i2);
- sc.setEnabledProtocols(protocols);
- return sc;
- }
-
- @Override
- public Socket createSocket(InetAddress inetAddress, int i)
- throws IOException {
- SSLSocket sc = (SSLSocket)socketFactory.createSocket(inetAddress, i);
- sc.setEnabledProtocols(protocols);
- return sc;
- }
-
- @Override
- public Socket createSocket(InetAddress inetAddress, int i,
- InetAddress inetAddress2, int i2) throws IOException {
- SSLSocket sc = (SSLSocket)socketFactory.createSocket(inetAddress, i,
- inetAddress2, i2);
- sc.setEnabledProtocols(protocols);
- return sc;
- }
- }
-
- private class EnabledProtocolsSocketFactory extends javax.net.ssl.SSLSocketFactory {
-
- private final javax.net.ssl.SSLSocketFactory socketFactory;
- private final String[] protocols;
-
- EnabledProtocolsSocketFactory(javax.net.ssl.SSLSocketFactory factory) {
- this.socketFactory = factory;
protocols = new String[1];
- protocols[0] = "TLSv1";
+ protocols[0] = protocol;
}
@Override
http://git-wip-us.apache.org/repos/asf/flume/blob/94b25aeb/flume-ng-doc/sphinx/FlumeUserGuide.rst
----------------------------------------------------------------------
diff --git a/flume-ng-doc/sphinx/FlumeUserGuide.rst b/flume-ng-doc/sphinx/FlumeUserGuide.rst
index bab01db..122f2e8 100644
--- a/flume-ng-doc/sphinx/FlumeUserGuide.rst
+++ b/flume-ng-doc/sphinx/FlumeUserGuide.rst
@@ -1351,22 +1351,23 @@ unavailable status.
All events sent in one post request are considered to be one batch and
inserted into the channel in one transaction.
-============== ============================================ ====================================================================
-Property Name Default Description
-============== ============================================ ====================================================================
-**type** The component type name, needs to be ``http``
-**port** -- The port the source should bind to.
-bind 0.0.0.0 The hostname or IP address to listen on
-handler ``org.apache.flume.source.http.JSONHandler`` The FQCN of the handler class.
-handler.* -- Config parameters for the handler
-selector.type replicating replicating or multiplexing
-selector.* Depends on the selector.type value
-interceptors -- Space-separated list of interceptors
+================= ============================================ =====================================================================================
+Property Name Default Description
+================= ============================================ =====================================================================================
+**type** The component type name, needs to be ``http``
+**port** -- The port the source should bind to.
+bind 0.0.0.0 The hostname or IP address to listen on
+handler ``org.apache.flume.source.http.JSONHandler`` The FQCN of the handler class.
+handler.* -- Config parameters for the handler
+selector.type replicating replicating or multiplexing
+selector.* Depends on the selector.type value
+interceptors -- Space-separated list of interceptors
interceptors.*
-enableSSL false Set the property true, to enable SSL
-keystore Location of the keystore includng keystore file name
-keystorePassword Keystore password
-==================================================================================================================================
+enableSSL false Set the property true, to enable SSL. *HTTP Source does not support SSLv3.*
+excludeProtocols SSLv3 Space-separated list of SSL/TLS protocols to exclude. SSLv3 is always excluded.
+keystore Location of the keystore includng keystore file name
+keystorePassword Keystore password
+======================================================================================================================================================
For example, a http source for agent named a1: