You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tinkerpop.apache.org by sp...@apache.org on 2017/01/30 20:39:31 UTC
[17/45] tinkerpop git commit: Support SSL client auth
Support SSL client auth
Project: http://git-wip-us.apache.org/repos/asf/tinkerpop/repo
Commit: http://git-wip-us.apache.org/repos/asf/tinkerpop/commit/c62480bb
Tree: http://git-wip-us.apache.org/repos/asf/tinkerpop/tree/c62480bb
Diff: http://git-wip-us.apache.org/repos/asf/tinkerpop/diff/c62480bb
Branch: refs/heads/TINKERPOP-1612
Commit: c62480bbd563b9904654c23abdc66c4b4828b64e
Parents: c2a42e2
Author: Robert Dale <ro...@gmail.com>
Authored: Tue Jan 17 14:24:00 2017 -0500
Committer: Robert Dale <ro...@gmail.com>
Committed: Fri Jan 27 16:26:32 2017 -0500
----------------------------------------------------------------------
.../apache/tinkerpop/gremlin/server/AbstractChannelizer.java | 4 +++-
.../java/org/apache/tinkerpop/gremlin/server/Settings.java | 6 ++++++
2 files changed, 9 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/c62480bb/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java
----------------------------------------------------------------------
diff --git a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java
index 57c6994..d28fd4f 100644
--- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java
+++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java
@@ -242,8 +242,10 @@ public abstract class AbstractChannelizer extends ChannelInitializer<SocketChann
builder = SslContextBuilder.forServer(keyCertChainFile, keyFile, sslSettings.keyPassword)
.trustManager(trustCertChainFile);
}
+
+
- builder.sslProvider(provider);
+ builder.clientAuth(sslSettings.needClientAuth).sslProvider(provider);
try {
return builder.build();
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/c62480bb/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java
----------------------------------------------------------------------
diff --git a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java
index 97e2875..a3b9545 100644
--- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java
+++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java
@@ -18,6 +18,7 @@
*/
package org.apache.tinkerpop.gremlin.server;
+import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContext;
import org.apache.tinkerpop.gremlin.driver.MessageSerializer;
import org.apache.tinkerpop.gremlin.jsr223.GremlinPlugin;
@@ -420,6 +421,11 @@ public class Settings {
* contain an X.509 certificate chain in PEM format. {@code null} uses the system default.
*/
public String trustCertChainFile = null;
+
+ /**
+ * Require client certificate authentication
+ */
+ public ClientAuth needClientAuth = ClientAuth.NONE;
private SslContext sslContext;