You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@atlas.apache.org by sa...@apache.org on 2019/09/20 17:44:12 UTC
[atlas] branch branch-2.0 updated: ATLAS-3419 : Atlas fails to
connect to wired solr.
This is an automated email from the ASF dual-hosted git repository.
sarath pushed a commit to branch branch-2.0
in repository https://gitbox.apache.org/repos/asf/atlas.git
The following commit(s) were added to refs/heads/branch-2.0 by this push:
new cc9f8f0 ATLAS-3419 : Atlas fails to connect to wired solr.
cc9f8f0 is described below
commit cc9f8f0e9d5d02d7dc82daf85931f6aab529edbc
Author: Vishal Suvagia <vi...@apache.org>
AuthorDate: Fri Sep 20 12:33:10 2019 +0530
ATLAS-3419 : Atlas fails to connect to wired solr.
Signed-off-by: Sarath Subramanian <sa...@apache.org>
(cherry picked from commit 91134031c5024527a1f4e975f1e24ef6da245fe6)
---
.../atlas/web/service/SecureEmbeddedServer.java | 184 +++++++++++++++++++++
1 file changed, 184 insertions(+)
diff --git a/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java b/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
index 3a8bd9f..4ee8526 100755
--- a/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
+++ b/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
@@ -21,6 +21,7 @@ package org.apache.atlas.web.service;
import org.apache.atlas.ApplicationProperties;
import org.apache.atlas.AtlasConfiguration;
import org.apache.atlas.AtlasException;
+import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.alias.CredentialProvider;
import org.apache.hadoop.security.alias.CredentialProviderFactory;
@@ -35,7 +36,23 @@ import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileInputStream;
import java.io.IOException;
+import java.io.InputStream;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
import java.util.List;
import static org.apache.atlas.security.SecurityProperties.ATLAS_SSL_EXCLUDE_CIPHER_SUITES;
@@ -60,6 +77,14 @@ public class SecureEmbeddedServer extends EmbeddedServer {
private static final Logger LOG = LoggerFactory.getLogger(SecureEmbeddedServer.class);
+ public static final String ATLAS_KEYSTORE_FILE_TYPE_DEFAULT = "jks";
+ public static final String ATLAS_TRUSTSTORE_FILE_TYPE_DEFAULT = "jks";
+ public static final String ATLAS_TLS_CONTEXT_ALGO_TYPE = "TLS";
+ public static final String ATLAS_TLS_KEYMANAGER_DEFAULT_ALGO_TYPE = KeyManagerFactory.getDefaultAlgorithm();
+ public static final String ATLAS_TLS_TRUSTMANAGER_DEFAULT_ALGO_TYPE = TrustManagerFactory.getDefaultAlgorithm();
+
+
+
public SecureEmbeddedServer(String host, int port, String path) throws IOException {
super(host, port, path);
}
@@ -68,6 +93,11 @@ public class SecureEmbeddedServer extends EmbeddedServer {
protected Connector getConnector(String host, int port) throws IOException {
org.apache.commons.configuration.Configuration config = getConfiguration();
+ SSLContext sslContext = getSSLContext();
+ if (sslContext != null) {
+ SSLContext.setDefault(sslContext);
+ }
+
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(config.getString(KEYSTORE_FILE_KEY,
System.getProperty(KEYSTORE_FILE_KEY, DEFAULT_KEYSTORE_FILE_LOCATION)));
@@ -156,4 +186,158 @@ public class SecureEmbeddedServer extends EmbeddedServer {
throw new RuntimeException("Unable to load configuration: " + ApplicationProperties.APPLICATION_PROPERTIES);
}
}
+
+ /**
+ * creates the SSLContext using the available keystore and truststore.
+ * @return
+ */
+ private SSLContext getSSLContext() {
+ KeyManager[] kmList = getKeyManagers();
+ TrustManager[] tmList = getTrustManagers();
+ SSLContext sslContext = null;
+ if (tmList != null) {
+ try {
+ sslContext = SSLContext.getInstance(ATLAS_TLS_CONTEXT_ALGO_TYPE);
+ sslContext.init(kmList, tmList, new SecureRandom());
+ } catch (NoSuchAlgorithmException e) {
+ LOG.error("SSL algorithm is not available in the environment. Reason: " + e.toString());
+ } catch (KeyManagementException e) {
+ LOG.error("Unable to initials the SSLContext. Reason: " + e.toString());
+ }
+ }
+ return sslContext;
+ }
+
+ /**
+ * Generating the KeyManager using the provided keystore.
+ * @return
+ */
+ private KeyManager[] getKeyManagers() {
+ KeyManager[] kmList = null;
+ try {
+
+ String keyStoreFile = getConfiguration().getString(KEYSTORE_FILE_KEY,
+ System.getProperty(KEYSTORE_FILE_KEY, DEFAULT_KEYSTORE_FILE_LOCATION));
+ String keyStoreFilepwd = getPassword(getConfiguration(), KEYSTORE_PASSWORD_KEY);
+
+ if (StringUtils.isNotEmpty(keyStoreFile) && StringUtils.isNotEmpty(keyStoreFilepwd)) {
+ InputStream in = null;
+
+ try {
+ in = getFileInputStream(keyStoreFile);
+
+ if (in != null) {
+ KeyStore keyStore = KeyStore.getInstance(ATLAS_KEYSTORE_FILE_TYPE_DEFAULT);
+
+ keyStore.load(in, keyStoreFilepwd.toCharArray());
+
+ KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(ATLAS_TLS_KEYMANAGER_DEFAULT_ALGO_TYPE);
+
+ keyManagerFactory.init(keyStore, keyStoreFilepwd.toCharArray());
+
+ kmList = keyManagerFactory.getKeyManagers();
+ } else {
+ LOG.error("Unable to obtain keystore from file [" + keyStoreFile + "]");
+ }
+ } catch (KeyStoreException e) {
+ LOG.error("Unable to obtain from KeyStore :" + e.getMessage(), e);
+ } catch (NoSuchAlgorithmException e) {
+ LOG.error("SSL algorithm is NOT available in the environment", e);
+ } catch (CertificateException e) {
+ LOG.error("Unable to obtain the requested certification ", e);
+ } catch (FileNotFoundException e) {
+ LOG.error("Unable to find the necessary TLS Keystore Files", e);
+ } catch (IOException e) {
+ LOG.error("Unable to read the necessary TLS Keystore Files", e);
+ } catch (UnrecoverableKeyException e) {
+ LOG.error("Unable to recover the key from keystore", e);
+ } finally {
+ close(in, keyStoreFile);
+ }
+ }
+
+ }catch (IOException exception) {
+ LOG.error(exception.getMessage());
+ }
+ return kmList;
+ }
+
+ /**
+ * Generating the TrustManager using the provided truststore
+ * @return
+ */
+ private TrustManager[] getTrustManagers() {
+ TrustManager[] tmList = null;
+ try {
+ String truststoreFile = getConfiguration().getString(TRUSTSTORE_FILE_KEY,
+ System.getProperty(TRUSTSTORE_FILE_KEY, DEFATULT_TRUSTORE_FILE_LOCATION));
+ String trustStoreFilepwd = getPassword(getConfiguration(), TRUSTSTORE_PASSWORD_KEY);
+
+ if (StringUtils.isNotEmpty(truststoreFile) && StringUtils.isNotEmpty(trustStoreFilepwd)) {
+ InputStream in = null;
+
+ try {
+ in = getFileInputStream(truststoreFile);
+
+ if (in != null) {
+ KeyStore trustStore = KeyStore.getInstance(ATLAS_TRUSTSTORE_FILE_TYPE_DEFAULT);
+
+ trustStore.load(in, trustStoreFilepwd.toCharArray());
+
+ TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(ATLAS_TLS_TRUSTMANAGER_DEFAULT_ALGO_TYPE);
+
+ trustManagerFactory.init(trustStore);
+
+ tmList = trustManagerFactory.getTrustManagers();
+ } else {
+ LOG.error("Unable to obtain truststore from file [" + truststoreFile + "]");
+ }
+ } catch (KeyStoreException e) {
+ LOG.error("Unable to obtain from KeyStore", e);
+ } catch (NoSuchAlgorithmException e) {
+ LOG.error("SSL algorithm is NOT available in the environment :" + e.getMessage(), e);
+ } catch (CertificateException e) {
+ LOG.error("Unable to obtain the requested certification :" + e.getMessage(), e);
+ } catch (FileNotFoundException e) {
+ LOG.error("Unable to find the necessary TLS TrustStore File:" + truststoreFile, e);
+ } catch (IOException e) {
+ LOG.error("Unable to read the necessary TLS TrustStore Files :" + truststoreFile, e);
+ } finally {
+ close(in, truststoreFile);
+ }
+ }
+
+ }catch (IOException exception) {
+ LOG.error(exception.getMessage());
+ }
+ return tmList;
+ }
+
+ private InputStream getFileInputStream(String fileName) throws IOException {
+ InputStream in = null;
+ if (StringUtils.isNotEmpty(fileName)) {
+ File f = new File(fileName);
+ if (f.exists()) {
+ in = new FileInputStream(f);
+ } else {
+ in = ClassLoader.getSystemResourceAsStream(fileName);
+ }
+ }
+ return in;
+ }
+
+ /**
+ * Closing file-stream.
+ * @param str
+ * @param filename
+ */
+ private void close(InputStream str, String filename) {
+ if (str != null) {
+ try {
+ str.close();
+ } catch (IOException excp) {
+ LOG.error("Error while closing file: [" + filename + "]", excp);
+ }
+ }
+ }
}