You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@beam.apache.org by jb...@apache.org on 2019/11/28 13:41:01 UTC
[beam] branch master updated: A fix for some TLS issues in the
MongoDB IO
This is an automated email from the ASF dual-hosted git repository.
jbonofre pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/beam.git
The following commit(s) were added to refs/heads/master by this push:
new e097e89 A fix for some TLS issues in the MongoDB IO
new e31b332 Merge pull request #10240 from coheigea/tls
e097e89 is described below
commit e097e89271f35244f3421cf364dcf5d15e2851ce
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Nov 28 10:40:45 2019 +0000
A fix for some TLS issues in the MongoDB IO
---
.../org/apache/beam/sdk/io/mongodb/MongoDbIO.java | 31 +++++++++++++++-------
.../org/apache/beam/sdk/io/mongodb/SSLUtils.java | 2 --
2 files changed, 21 insertions(+), 12 deletions(-)
diff --git a/sdks/java/io/mongodb/src/main/java/org/apache/beam/sdk/io/mongodb/MongoDbIO.java b/sdks/java/io/mongodb/src/main/java/org/apache/beam/sdk/io/mongodb/MongoDbIO.java
index 1845890..78b0212 100644
--- a/sdks/java/io/mongodb/src/main/java/org/apache/beam/sdk/io/mongodb/MongoDbIO.java
+++ b/sdks/java/io/mongodb/src/main/java/org/apache/beam/sdk/io/mongodb/MongoDbIO.java
@@ -39,6 +39,7 @@ import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;
import javax.annotation.Nullable;
+import javax.net.ssl.SSLContext;
import org.apache.beam.sdk.annotations.Experimental;
import org.apache.beam.sdk.coders.Coder;
import org.apache.beam.sdk.coders.SerializableCoder;
@@ -347,14 +348,19 @@ public class MongoDbIO {
}
private static MongoClientOptions.Builder getOptions(
- int maxConnectionIdleTime, boolean sslEnabled, boolean sslInvalidHostNameAllowed) {
+ int maxConnectionIdleTime,
+ boolean sslEnabled,
+ boolean sslInvalidHostNameAllowed,
+ boolean ignoreSSLCertificate) {
MongoClientOptions.Builder optionsBuilder = new MongoClientOptions.Builder();
optionsBuilder.maxConnectionIdleTime(maxConnectionIdleTime);
if (sslEnabled) {
- optionsBuilder
- .sslEnabled(sslEnabled)
- .sslInvalidHostNameAllowed(sslInvalidHostNameAllowed)
- .sslContext(SSLUtils.ignoreSSLCertificate());
+ optionsBuilder.sslEnabled(sslEnabled).sslInvalidHostNameAllowed(sslInvalidHostNameAllowed);
+ if (ignoreSSLCertificate) {
+ SSLContext sslContext = SSLUtils.ignoreSSLCertificate();
+ optionsBuilder.sslContext(sslContext);
+ optionsBuilder.socketFactory(sslContext.getSocketFactory());
+ }
}
return optionsBuilder;
}
@@ -396,7 +402,8 @@ public class MongoDbIO {
getOptions(
spec.maxConnectionIdleTime(),
spec.sslEnabled(),
- spec.sslInvalidHostNameAllowed())))) {
+ spec.sslInvalidHostNameAllowed(),
+ spec.ignoreSSLCertificate())))) {
return getDocumentCount(mongoClient, spec.database(), spec.collection());
} catch (Exception e) {
return -1;
@@ -424,7 +431,8 @@ public class MongoDbIO {
getOptions(
spec.maxConnectionIdleTime(),
spec.sslEnabled(),
- spec.sslInvalidHostNameAllowed())))) {
+ spec.sslInvalidHostNameAllowed(),
+ spec.ignoreSSLCertificate())))) {
return getEstimatedSizeBytes(mongoClient, spec.database(), spec.collection());
}
}
@@ -452,7 +460,8 @@ public class MongoDbIO {
getOptions(
spec.maxConnectionIdleTime(),
spec.sslEnabled(),
- spec.sslInvalidHostNameAllowed())))) {
+ spec.sslInvalidHostNameAllowed(),
+ spec.ignoreSSLCertificate())))) {
MongoDatabase mongoDatabase = mongoClient.getDatabase(spec.database());
List<Document> splitKeys;
@@ -743,7 +752,8 @@ public class MongoDbIO {
getOptions(
spec.maxConnectionIdleTime(),
spec.sslEnabled(),
- spec.sslInvalidHostNameAllowed())));
+ spec.sslInvalidHostNameAllowed(),
+ spec.ignoreSSLCertificate())));
}
}
@@ -925,7 +935,8 @@ public class MongoDbIO {
getOptions(
spec.maxConnectionIdleTime(),
spec.sslEnabled(),
- spec.sslInvalidHostNameAllowed())));
+ spec.sslInvalidHostNameAllowed(),
+ spec.ignoreSSLCertificate())));
}
@StartBundle
diff --git a/sdks/java/io/mongodb/src/main/java/org/apache/beam/sdk/io/mongodb/SSLUtils.java b/sdks/java/io/mongodb/src/main/java/org/apache/beam/sdk/io/mongodb/SSLUtils.java
index 2a5314e..88a4718 100644
--- a/sdks/java/io/mongodb/src/main/java/org/apache/beam/sdk/io/mongodb/SSLUtils.java
+++ b/sdks/java/io/mongodb/src/main/java/org/apache/beam/sdk/io/mongodb/SSLUtils.java
@@ -19,7 +19,6 @@ package org.apache.beam.sdk.io.mongodb;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
-import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
@@ -55,7 +54,6 @@ class SSLUtils {
// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
- HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(