You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tinkerpop.apache.org by sp...@apache.org on 2015/06/04 14:37:10 UTC

[5/6] incubator-tinkerpop git commit: Support SSL in the driver given latest changes to the server.

Support SSL in the driver given latest changes to the server.


Project: http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/commit/b9da75cc
Tree: http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/tree/b9da75cc
Diff: http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/diff/b9da75cc

Branch: refs/heads/master
Commit: b9da75ccc3e1e52e37863b48327735cb37a6f2ef
Parents: d81b9d5
Author: Stephen Mallette <sp...@genoprime.com>
Authored: Thu Jun 4 08:36:06 2015 -0400
Committer: Stephen Mallette <sp...@genoprime.com>
Committed: Thu Jun 4 08:36:06 2015 -0400

----------------------------------------------------------------------
 .../tinkerpop/gremlin/driver/Channelizer.java     | 18 ++++++++++++++++--
 .../apache/tinkerpop/gremlin/driver/Settings.java |  1 +
 2 files changed, 17 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/blob/b9da75cc/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Channelizer.java
----------------------------------------------------------------------
diff --git a/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Channelizer.java b/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Channelizer.java
index eaa8eff..3cca4fd 100644
--- a/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Channelizer.java
+++ b/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Channelizer.java
@@ -18,6 +18,8 @@
  */
 package org.apache.tinkerpop.gremlin.driver;
 
+import io.netty.handler.ssl.SslContextBuilder;
+import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
 import org.apache.tinkerpop.gremlin.driver.handler.NioGremlinRequestEncoder;
 import org.apache.tinkerpop.gremlin.driver.handler.NioGremlinResponseDecoder;
 import org.apache.tinkerpop.gremlin.driver.handler.WebSocketClientHandler;
@@ -34,7 +36,10 @@ import io.netty.handler.codec.http.websocketx.WebSocketClientHandshakerFactory;
 import io.netty.handler.codec.http.websocketx.WebSocketVersion;
 import io.netty.handler.ssl.SslContext;
 import io.netty.handler.ssl.util.SelfSignedCertificate;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
+import java.io.File;
 import java.util.Optional;
 import java.util.UUID;
 import java.util.concurrent.ConcurrentMap;
@@ -63,6 +68,8 @@ public interface Channelizer extends ChannelHandler {
      * Base implementation of the client side {@link Channelizer}.
      */
     abstract class AbstractChannelizer extends ChannelInitializer<SocketChannel> implements Channelizer {
+        private static final Logger logger = LoggerFactory.getLogger(AbstractChannelizer.class);
+
         protected Connection connection;
         protected Cluster cluster;
         private ConcurrentMap<UUID, ResultQueue> pending;
@@ -92,8 +99,15 @@ public interface Channelizer extends ChannelHandler {
             final Optional<SslContext> sslCtx;
             if (supportsSsl()) {
                 try {
-                    final SelfSignedCertificate ssc = new SelfSignedCertificate();
-                    sslCtx = Optional.of(SslContext.newServerContext(ssc.certificate(), ssc.privateKey()));
+                    final SslContextBuilder builder = SslContextBuilder.forClient();
+                    if (cluster.connectionPoolSettings().trustCertChainFile != null)
+                        builder.trustManager(new File(cluster.connectionPoolSettings().trustCertChainFile));
+                    else {
+                        logger.warn("SSL configured without a trustCertChainFile and thus trusts all certificates without verification (not suitable for production)");
+                        builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
+                    }
+
+                    sslCtx = Optional.of(builder.build());
                 } catch (Exception ex) {
                     throw new RuntimeException(ex);
                 }

http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/blob/b9da75cc/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java
----------------------------------------------------------------------
diff --git a/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java b/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java
index 2b21a68..26fad93 100644
--- a/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java
+++ b/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java
@@ -67,6 +67,7 @@ final class Settings {
 
     static class ConnectionPoolSettings {
         public boolean enableSsl = false;
+        public String trustCertChainFile = null;
         public int minSize = ConnectionPool.MIN_POOL_SIZE;
         public int maxSize = ConnectionPool.MAX_POOL_SIZE;
         public int minSimultaneousUsagePerConnection = ConnectionPool.MIN_SIMULTANEOUS_USAGE_PER_CONNECTION;