You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sn...@apache.org on 2014/11/06 00:30:09 UTC
[1/2] git commit: ARGUS-158 - SSL service disables SSLv3 protocol
Repository: incubator-argus
Updated Branches:
refs/heads/ranger-0.4 2f8287b4c -> 548fac2a5
ARGUS-158 - SSL service disables SSLv3 protocol
Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/558270ef
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/558270ef
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/558270ef
Branch: refs/heads/ranger-0.4
Commit: 558270ef2f9cbf4ae2b64bcd7e4896d80ac8bdf9
Parents: 37c62a8
Author: sneethiraj <sn...@apache.org>
Authored: Wed Nov 5 17:52:54 2014 -0500
Committer: sneethiraj <sn...@apache.org>
Committed: Wed Nov 5 17:52:54 2014 -0500
----------------------------------------------------------------------
.../xasecure/server/tomcat/EmbededServer.java | 4 ++++
.../UnixAuthenticationService.java | 25 +++++++++++++++++++-
2 files changed, 28 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/558270ef/embededwebserver/src/main/java/com/xasecure/server/tomcat/EmbededServer.java
----------------------------------------------------------------------
diff --git a/embededwebserver/src/main/java/com/xasecure/server/tomcat/EmbededServer.java b/embededwebserver/src/main/java/com/xasecure/server/tomcat/EmbededServer.java
index 7adc1aa..fd014e7 100644
--- a/embededwebserver/src/main/java/com/xasecure/server/tomcat/EmbededServer.java
+++ b/embededwebserver/src/main/java/com/xasecure/server/tomcat/EmbededServer.java
@@ -111,6 +111,10 @@ public class EmbededServer {
ssl.setAttribute("keyAlias", getConfig("https.attrib.keyAlias") ) ;
ssl.setAttribute("keystorePass", getConfig("https.attrib.keystorePass"));
ssl.setAttribute("keystoreFile", getConfig("https.attrib.keystoreFile")) ;
+
+ String enabledProtocols = "TLSv1, TLSv1.1, TLSv1.2" ;
+ ssl.setAttribute("sslEnabledProtocols", enabledProtocols ) ;
+
server.getService().addConnector(ssl);
}
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/558270ef/unixauthservice/src/main/java/com/xasecure/authentication/UnixAuthenticationService.java
----------------------------------------------------------------------
diff --git a/unixauthservice/src/main/java/com/xasecure/authentication/UnixAuthenticationService.java b/unixauthservice/src/main/java/com/xasecure/authentication/UnixAuthenticationService.java
index 107ba40..bd9eac2 100644
--- a/unixauthservice/src/main/java/com/xasecure/authentication/UnixAuthenticationService.java
+++ b/unixauthservice/src/main/java/com/xasecure/authentication/UnixAuthenticationService.java
@@ -28,12 +28,15 @@ import java.net.Socket;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.ArrayList;
+import java.util.HashSet;
import java.util.List;
import java.util.Properties;
+import java.util.Set;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
@@ -48,7 +51,7 @@ public class UnixAuthenticationService {
private static final String serviceName = "UnixAuthenticationService" ;
- private static final String SSL_ALGORITHM = "SSLv3" ;
+ private static final String SSL_ALGORITHM = "TLS" ;
private static final String REMOTE_LOGIN_AUTH_SERVICE_PORT_PARAM = "authServicePort" ;
private static final String SSL_KEYSTORE_PATH_PARAM = "keyStore" ;
private static final String SSL_KEYSTORE_PATH_PASSWORD_PARAM = "keyStorePassword" ;
@@ -216,6 +219,26 @@ public class UnixAuthenticationService {
SSLServerSocketFactory sf = context.getServerSocketFactory() ;
ServerSocket socket = (SSLEnabled ? sf.createServerSocket(portNum) : new ServerSocket(portNum) ) ;
+
+ if (SSLEnabled) {
+ SSLServerSocket secureSocket = (SSLServerSocket) socket ;
+ String[] protocols = secureSocket.getEnabledProtocols() ;
+ Set<String> allowedProtocols = new HashSet<String>() ;
+ for(String ep : protocols) {
+ if (! ep.toUpperCase().startsWith("SSLV3")) {
+ LOG.info("Enabling Protocol: [" + ep + "]");
+ allowedProtocols.add(ep) ;
+ }
+ else {
+ LOG.info("Disabling Protocol: [" + ep + "]");
+ }
+ }
+
+ if (!allowedProtocols.isEmpty()) {
+ secureSocket.setEnabledProtocols(allowedProtocols.toArray(new String[0]));
+ }
+ }
+
Socket client = null ;
[2/2] git commit: Merge branch 'ranger-0.4' of
https://git-wip-us.apache.org/repos/asf/incubator-argus into ranger-0.4
Posted by sn...@apache.org.
Merge branch 'ranger-0.4' of https://git-wip-us.apache.org/repos/asf/incubator-argus into ranger-0.4
Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/548fac2a
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/548fac2a
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/548fac2a
Branch: refs/heads/ranger-0.4
Commit: 548fac2a5cb04754f2edb56397fafe550578dd21
Parents: 558270e 2f8287b
Author: sneethiraj <sn...@apache.org>
Authored: Wed Nov 5 18:29:50 2014 -0500
Committer: sneethiraj <sn...@apache.org>
Committed: Wed Nov 5 18:29:50 2014 -0500
----------------------------------------------------------------------
.../xasecure/ldapusersync/process/LdapUserGroupBuilder.java | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
----------------------------------------------------------------------