You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pinot.apache.org by ja...@apache.org on 2024/02/14 19:42:55 UTC
(pinot) branch master updated: Adding support of insecure TLS (#12416)
This is an automated email from the ASF dual-hosted git repository.
jackie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pinot.git
The following commit(s) were added to refs/heads/master by this push:
new 38d86b0a64 Adding support of insecure TLS (#12416)
38d86b0a64 is described below
commit 38d86b0a6432e9a7249f1692ace36b6e34171b0a
Author: soumitra-st <12...@users.noreply.github.com>
AuthorDate: Wed Feb 14 11:42:50 2024 -0800
Adding support of insecure TLS (#12416)
---
.../main/java/org/apache/pinot/common/config/TlsConfig.java | 9 +++++++++
.../main/java/org/apache/pinot/common/utils/TlsUtils.java | 12 ++++++++++--
2 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/pinot-common/src/main/java/org/apache/pinot/common/config/TlsConfig.java b/pinot-common/src/main/java/org/apache/pinot/common/config/TlsConfig.java
index b0dbc53ee1..fc9344e96f 100644
--- a/pinot-common/src/main/java/org/apache/pinot/common/config/TlsConfig.java
+++ b/pinot-common/src/main/java/org/apache/pinot/common/config/TlsConfig.java
@@ -35,6 +35,7 @@ public class TlsConfig {
private String _trustStorePath;
private String _trustStorePassword;
private String _sslProvider = SslProvider.JDK.toString();
+ private boolean _insecure = false;
public TlsConfig() {
// left blank
@@ -118,4 +119,12 @@ public class TlsConfig {
public boolean isCustomized() {
return StringUtils.isNoneBlank(_keyStorePath) || StringUtils.isNoneBlank(_trustStorePath);
}
+
+ public boolean isInsecure() {
+ return _insecure;
+ }
+
+ public void setInsecure(boolean insecure) {
+ _insecure = insecure;
+ }
}
diff --git a/pinot-common/src/main/java/org/apache/pinot/common/utils/TlsUtils.java b/pinot-common/src/main/java/org/apache/pinot/common/utils/TlsUtils.java
index c75e171384..bfc833c129 100644
--- a/pinot-common/src/main/java/org/apache/pinot/common/utils/TlsUtils.java
+++ b/pinot-common/src/main/java/org/apache/pinot/common/utils/TlsUtils.java
@@ -24,6 +24,7 @@ import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SslProvider;
+import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
@@ -80,6 +81,7 @@ public final class TlsUtils {
private static final String FILE_SCHEME = "file";
private static final String FILE_SCHEME_PREFIX = FILE_SCHEME + "://";
private static final String FILE_SCHEME_PREFIX_WITHOUT_SLASH = FILE_SCHEME + ":";
+ private static final String INSECURE = "insecure";
private static final AtomicReference<SSLContext> SSL_CONTEXT_REF = new AtomicReference<>();
@@ -126,6 +128,8 @@ public final class TlsUtils {
pinotConfig.getProperty(key(namespace, TRUSTSTORE_PASSWORD), defaultConfig.getTrustStorePassword()));
tlsConfig.setSslProvider(
pinotConfig.getProperty(key(namespace, SSL_PROVIDER), defaultConfig.getSslProvider()));
+ tlsConfig.setInsecure(
+ pinotConfig.getProperty(key(namespace, INSECURE), defaultConfig.isInsecure()));
return tlsConfig;
}
@@ -178,8 +182,12 @@ public final class TlsUtils {
* @return TrustManagerFactory
*/
public static TrustManagerFactory createTrustManagerFactory(TlsConfig tlsConfig) {
- return createTrustManagerFactory(tlsConfig.getTrustStorePath(), tlsConfig.getTrustStorePassword(),
- tlsConfig.getTrustStoreType());
+ if (tlsConfig.isInsecure()) {
+ return InsecureTrustManagerFactory.INSTANCE;
+ } else {
+ return createTrustManagerFactory(tlsConfig.getTrustStorePath(), tlsConfig.getTrustStorePassword(),
+ tlsConfig.getTrustStoreType());
+ }
}
/**
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@pinot.apache.org
For additional commands, e-mail: commits-help@pinot.apache.org