You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@accumulo.apache.org by el...@apache.org on 2014/08/07 04:32:48 UTC
[1/3] git commit: ACCUMULO-3052 Allow configuration of SSL cipher
suites
Repository: accumulo
Updated Branches:
refs/heads/1.6.1-SNAPSHOT cc30021c2 -> 20aecf7d6
refs/heads/master dbcf984b2 -> 4bb28faaf
ACCUMULO-3052 Allow configuration of SSL cipher suites
Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/20aecf7d
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/20aecf7d
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/20aecf7d
Branch: refs/heads/1.6.1-SNAPSHOT
Commit: 20aecf7d6feced222995b013f58c654fdba42db6
Parents: cc30021
Author: Josh Elser <el...@apache.org>
Authored: Wed Aug 6 22:21:16 2014 -0400
Committer: Josh Elser <el...@apache.org>
Committed: Wed Aug 6 22:21:16 2014 -0400
----------------------------------------------------------------------
.../org/apache/accumulo/core/conf/Property.java | 2 ++
.../accumulo/core/util/SslConnectionParams.java | 17 ++++++++++++++++-
2 files changed, 18 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/accumulo/blob/20aecf7d/core/src/main/java/org/apache/accumulo/core/conf/Property.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/accumulo/core/conf/Property.java b/core/src/main/java/org/apache/accumulo/core/conf/Property.java
index 3a794a4..54d13e6 100644
--- a/core/src/main/java/org/apache/accumulo/core/conf/Property.java
+++ b/core/src/main/java/org/apache/accumulo/core/conf/Property.java
@@ -98,6 +98,8 @@ public enum Property {
RPC_SSL_TRUSTSTORE_TYPE("rpc.javax.net.ssl.trustStoreType", "jks", PropertyType.STRING, "Type of SSL truststore"),
RPC_USE_JSSE("rpc.useJsse", "false", PropertyType.BOOLEAN, "Use JSSE system properties to configure SSL rather than the " + RPC_PREFIX.getKey()
+ "javax.net.ssl.* Accumulo properties"),
+ RPC_SSL_CIPHER_SUITES("rpc.ssl.cipher.suites", "", PropertyType.STRING, "Comma separated list of cipher suites that can be used by accepted connections"),
+
// instance properties (must be the same for every node in an instance)
INSTANCE_PREFIX("instance.", null, PropertyType.PREFIX,
"Properties in this category must be consistent throughout a cloud. This is enforced and servers won't be able to communicate if these differ."),
http://git-wip-us.apache.org/repos/asf/accumulo/blob/20aecf7d/core/src/main/java/org/apache/accumulo/core/util/SslConnectionParams.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/accumulo/core/util/SslConnectionParams.java b/core/src/main/java/org/apache/accumulo/core/util/SslConnectionParams.java
index 6fde38a..652f768 100644
--- a/core/src/main/java/org/apache/accumulo/core/util/SslConnectionParams.java
+++ b/core/src/main/java/org/apache/accumulo/core/util/SslConnectionParams.java
@@ -22,6 +22,7 @@ import java.net.URL;
import org.apache.accumulo.core.conf.AccumuloConfiguration;
import org.apache.accumulo.core.conf.Property;
+import org.apache.hadoop.util.StringUtils;
import org.apache.log4j.Logger;
import org.apache.thrift.transport.TSSLTransportFactory.TSSLTransportParameters;
@@ -41,6 +42,8 @@ public class SslConnectionParams {
private String trustStorePass;
private String trustStoreType;
+ private String[] cipherSuites;
+
public static SslConnectionParams forConfig(AccumuloConfiguration conf, boolean server) {
if (!conf.getBoolean(Property.INSTANCE_RPC_SSL_ENABLED))
return null;
@@ -66,6 +69,11 @@ public class SslConnectionParams {
throw new IllegalArgumentException("Could not load configured keystore file", e);
}
+ String ciphers = conf.get(Property.RPC_SSL_CIPHER_SUITES);
+ if (null != ciphers && !ciphers.isEmpty()) {
+ result.cipherSuites = StringUtils.split(ciphers, ',');
+ }
+
return result;
}
@@ -145,7 +153,14 @@ public class SslConnectionParams {
public TSSLTransportParameters getTTransportParams() {
if (useJsse)
throw new IllegalStateException("Cannot get TTransportParams for JSEE configuration.");
- TSSLTransportParameters params = new TSSLTransportParameters();
+ TSSLTransportParameters params;
+ if (null != cipherSuites) {
+ // TLS is the default value used in thrift 0.9.1
+ params = new TSSLTransportParameters("TLS", cipherSuites);
+ } else {
+ params = new TSSLTransportParameters();
+ }
+
params.requireClientAuth(clientAuth);
if (keyStoreSet) {
params.setKeyStore(keyStorePath, keyStorePass, null, keyStoreType);
[3/3] git commit: Merge branch '1.6.1-SNAPSHOT'
Posted by el...@apache.org.
Merge branch '1.6.1-SNAPSHOT'
Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/4bb28faa
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/4bb28faa
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/4bb28faa
Branch: refs/heads/master
Commit: 4bb28faafb20aecdc28e264159ff48b56e62dbd1
Parents: dbcf984 20aecf7
Author: Josh Elser <el...@apache.org>
Authored: Wed Aug 6 22:21:49 2014 -0400
Committer: Josh Elser <el...@apache.org>
Committed: Wed Aug 6 22:21:49 2014 -0400
----------------------------------------------------------------------
.../org/apache/accumulo/core/conf/Property.java | 2 ++
.../accumulo/core/util/SslConnectionParams.java | 17 ++++++++++++++++-
2 files changed, 18 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/accumulo/blob/4bb28faa/core/src/main/java/org/apache/accumulo/core/conf/Property.java
----------------------------------------------------------------------
[2/3] git commit: ACCUMULO-3052 Allow configuration of SSL cipher
suites
Posted by el...@apache.org.
ACCUMULO-3052 Allow configuration of SSL cipher suites
Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/20aecf7d
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/20aecf7d
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/20aecf7d
Branch: refs/heads/master
Commit: 20aecf7d6feced222995b013f58c654fdba42db6
Parents: cc30021
Author: Josh Elser <el...@apache.org>
Authored: Wed Aug 6 22:21:16 2014 -0400
Committer: Josh Elser <el...@apache.org>
Committed: Wed Aug 6 22:21:16 2014 -0400
----------------------------------------------------------------------
.../org/apache/accumulo/core/conf/Property.java | 2 ++
.../accumulo/core/util/SslConnectionParams.java | 17 ++++++++++++++++-
2 files changed, 18 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/accumulo/blob/20aecf7d/core/src/main/java/org/apache/accumulo/core/conf/Property.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/accumulo/core/conf/Property.java b/core/src/main/java/org/apache/accumulo/core/conf/Property.java
index 3a794a4..54d13e6 100644
--- a/core/src/main/java/org/apache/accumulo/core/conf/Property.java
+++ b/core/src/main/java/org/apache/accumulo/core/conf/Property.java
@@ -98,6 +98,8 @@ public enum Property {
RPC_SSL_TRUSTSTORE_TYPE("rpc.javax.net.ssl.trustStoreType", "jks", PropertyType.STRING, "Type of SSL truststore"),
RPC_USE_JSSE("rpc.useJsse", "false", PropertyType.BOOLEAN, "Use JSSE system properties to configure SSL rather than the " + RPC_PREFIX.getKey()
+ "javax.net.ssl.* Accumulo properties"),
+ RPC_SSL_CIPHER_SUITES("rpc.ssl.cipher.suites", "", PropertyType.STRING, "Comma separated list of cipher suites that can be used by accepted connections"),
+
// instance properties (must be the same for every node in an instance)
INSTANCE_PREFIX("instance.", null, PropertyType.PREFIX,
"Properties in this category must be consistent throughout a cloud. This is enforced and servers won't be able to communicate if these differ."),
http://git-wip-us.apache.org/repos/asf/accumulo/blob/20aecf7d/core/src/main/java/org/apache/accumulo/core/util/SslConnectionParams.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/accumulo/core/util/SslConnectionParams.java b/core/src/main/java/org/apache/accumulo/core/util/SslConnectionParams.java
index 6fde38a..652f768 100644
--- a/core/src/main/java/org/apache/accumulo/core/util/SslConnectionParams.java
+++ b/core/src/main/java/org/apache/accumulo/core/util/SslConnectionParams.java
@@ -22,6 +22,7 @@ import java.net.URL;
import org.apache.accumulo.core.conf.AccumuloConfiguration;
import org.apache.accumulo.core.conf.Property;
+import org.apache.hadoop.util.StringUtils;
import org.apache.log4j.Logger;
import org.apache.thrift.transport.TSSLTransportFactory.TSSLTransportParameters;
@@ -41,6 +42,8 @@ public class SslConnectionParams {
private String trustStorePass;
private String trustStoreType;
+ private String[] cipherSuites;
+
public static SslConnectionParams forConfig(AccumuloConfiguration conf, boolean server) {
if (!conf.getBoolean(Property.INSTANCE_RPC_SSL_ENABLED))
return null;
@@ -66,6 +69,11 @@ public class SslConnectionParams {
throw new IllegalArgumentException("Could not load configured keystore file", e);
}
+ String ciphers = conf.get(Property.RPC_SSL_CIPHER_SUITES);
+ if (null != ciphers && !ciphers.isEmpty()) {
+ result.cipherSuites = StringUtils.split(ciphers, ',');
+ }
+
return result;
}
@@ -145,7 +153,14 @@ public class SslConnectionParams {
public TSSLTransportParameters getTTransportParams() {
if (useJsse)
throw new IllegalStateException("Cannot get TTransportParams for JSEE configuration.");
- TSSLTransportParameters params = new TSSLTransportParameters();
+ TSSLTransportParameters params;
+ if (null != cipherSuites) {
+ // TLS is the default value used in thrift 0.9.1
+ params = new TSSLTransportParameters("TLS", cipherSuites);
+ } else {
+ params = new TSSLTransportParameters();
+ }
+
params.requireClientAuth(clientAuth);
if (keyStoreSet) {
params.setKeyStore(keyStorePath, keyStorePass, null, keyStoreType);