You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tinkerpop.apache.org by dk...@apache.org on 2015/06/05 20:46:35 UTC
[05/26] incubator-tinkerpop git commit: Support SSL in the driver
given latest changes to the server.
Support SSL in the driver given latest changes to the server.
Project: http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/commit/b9da75cc
Tree: http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/tree/b9da75cc
Diff: http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/diff/b9da75cc
Branch: refs/heads/preprocessor
Commit: b9da75ccc3e1e52e37863b48327735cb37a6f2ef
Parents: d81b9d5
Author: Stephen Mallette <sp...@genoprime.com>
Authored: Thu Jun 4 08:36:06 2015 -0400
Committer: Stephen Mallette <sp...@genoprime.com>
Committed: Thu Jun 4 08:36:06 2015 -0400
----------------------------------------------------------------------
.../tinkerpop/gremlin/driver/Channelizer.java | 18 ++++++++++++++++--
.../apache/tinkerpop/gremlin/driver/Settings.java | 1 +
2 files changed, 17 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/blob/b9da75cc/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Channelizer.java
----------------------------------------------------------------------
diff --git a/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Channelizer.java b/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Channelizer.java
index eaa8eff..3cca4fd 100644
--- a/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Channelizer.java
+++ b/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Channelizer.java
@@ -18,6 +18,8 @@
*/
package org.apache.tinkerpop.gremlin.driver;
+import io.netty.handler.ssl.SslContextBuilder;
+import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import org.apache.tinkerpop.gremlin.driver.handler.NioGremlinRequestEncoder;
import org.apache.tinkerpop.gremlin.driver.handler.NioGremlinResponseDecoder;
import org.apache.tinkerpop.gremlin.driver.handler.WebSocketClientHandler;
@@ -34,7 +36,10 @@ import io.netty.handler.codec.http.websocketx.WebSocketClientHandshakerFactory;
import io.netty.handler.codec.http.websocketx.WebSocketVersion;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.util.SelfSignedCertificate;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import java.io.File;
import java.util.Optional;
import java.util.UUID;
import java.util.concurrent.ConcurrentMap;
@@ -63,6 +68,8 @@ public interface Channelizer extends ChannelHandler {
* Base implementation of the client side {@link Channelizer}.
*/
abstract class AbstractChannelizer extends ChannelInitializer<SocketChannel> implements Channelizer {
+ private static final Logger logger = LoggerFactory.getLogger(AbstractChannelizer.class);
+
protected Connection connection;
protected Cluster cluster;
private ConcurrentMap<UUID, ResultQueue> pending;
@@ -92,8 +99,15 @@ public interface Channelizer extends ChannelHandler {
final Optional<SslContext> sslCtx;
if (supportsSsl()) {
try {
- final SelfSignedCertificate ssc = new SelfSignedCertificate();
- sslCtx = Optional.of(SslContext.newServerContext(ssc.certificate(), ssc.privateKey()));
+ final SslContextBuilder builder = SslContextBuilder.forClient();
+ if (cluster.connectionPoolSettings().trustCertChainFile != null)
+ builder.trustManager(new File(cluster.connectionPoolSettings().trustCertChainFile));
+ else {
+ logger.warn("SSL configured without a trustCertChainFile and thus trusts all certificates without verification (not suitable for production)");
+ builder.trustManager(InsecureTrustManagerFactory.INSTANCE);
+ }
+
+ sslCtx = Optional.of(builder.build());
} catch (Exception ex) {
throw new RuntimeException(ex);
}
http://git-wip-us.apache.org/repos/asf/incubator-tinkerpop/blob/b9da75cc/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java
----------------------------------------------------------------------
diff --git a/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java b/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java
index 2b21a68..26fad93 100644
--- a/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java
+++ b/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java
@@ -67,6 +67,7 @@ final class Settings {
static class ConnectionPoolSettings {
public boolean enableSsl = false;
+ public String trustCertChainFile = null;
public int minSize = ConnectionPool.MIN_POOL_SIZE;
public int maxSize = ConnectionPool.MAX_POOL_SIZE;
public int minSimultaneousUsagePerConnection = ConnectionPool.MIN_SIMULTANEOUS_USAGE_PER_CONNECTION;