This is an automated email from the ASF dual-hosted git repository. jbonofre pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/beam.git
The following commit(s) were added to refs/heads/master by this push: new e097e89 A fix for some TLS issues in the MongoDB IO new e31b332 Merge pull request #10240 from coheigea/tls e097e89 is described below commit e097e89271f35244f3421cf364dcf5d15e2851ce Author: Colm O hEigeartaigh <cohei...@apache.org> AuthorDate: Thu Nov 28 10:40:45 2019 +0000 A fix for some TLS issues in the MongoDB IO --- .../org/apache/beam/sdk/io/mongodb/MongoDbIO.java | 31 +++++++++++++++------- .../org/apache/beam/sdk/io/mongodb/SSLUtils.java | 2 -- 2 files changed, 21 insertions(+), 12 deletions(-) diff --git a/sdks/java/io/mongodb/src/main/java/org/apache/beam/sdk/io/mongodb/MongoDbIO.java b/sdks/java/io/mongodb/src/main/java/org/apache/beam/sdk/io/mongodb/MongoDbIO.java index 1845890..78b0212 100644 --- a/sdks/java/io/mongodb/src/main/java/org/apache/beam/sdk/io/mongodb/MongoDbIO.java +++ b/sdks/java/io/mongodb/src/main/java/org/apache/beam/sdk/io/mongodb/MongoDbIO.java @@ -39,6 +39,7 @@ import java.util.Collections; import java.util.List; import java.util.stream.Collectors; import javax.annotation.Nullable; +import javax.net.ssl.SSLContext; import org.apache.beam.sdk.annotations.Experimental; import org.apache.beam.sdk.coders.Coder; import org.apache.beam.sdk.coders.SerializableCoder; @@ -347,14 +348,19 @@ public class MongoDbIO { } private static MongoClientOptions.Builder getOptions( - int maxConnectionIdleTime, boolean sslEnabled, boolean sslInvalidHostNameAllowed) { + int maxConnectionIdleTime, + boolean sslEnabled, + boolean sslInvalidHostNameAllowed, + boolean ignoreSSLCertificate) { MongoClientOptions.Builder optionsBuilder = new MongoClientOptions.Builder(); optionsBuilder.maxConnectionIdleTime(maxConnectionIdleTime); if (sslEnabled) { - optionsBuilder - .sslEnabled(sslEnabled) - .sslInvalidHostNameAllowed(sslInvalidHostNameAllowed) - .sslContext(SSLUtils.ignoreSSLCertificate()); + optionsBuilder.sslEnabled(sslEnabled).sslInvalidHostNameAllowed(sslInvalidHostNameAllowed); + if (ignoreSSLCertificate) { + SSLContext sslContext = SSLUtils.ignoreSSLCertificate(); + optionsBuilder.sslContext(sslContext); + optionsBuilder.socketFactory(sslContext.getSocketFactory()); + } } return optionsBuilder; } @@ -396,7 +402,8 @@ public class MongoDbIO { getOptions( spec.maxConnectionIdleTime(), spec.sslEnabled(), - spec.sslInvalidHostNameAllowed())))) { + spec.sslInvalidHostNameAllowed(), + spec.ignoreSSLCertificate())))) { return getDocumentCount(mongoClient, spec.database(), spec.collection()); } catch (Exception e) { return -1; @@ -424,7 +431,8 @@ public class MongoDbIO { getOptions( spec.maxConnectionIdleTime(), spec.sslEnabled(), - spec.sslInvalidHostNameAllowed())))) { + spec.sslInvalidHostNameAllowed(), + spec.ignoreSSLCertificate())))) { return getEstimatedSizeBytes(mongoClient, spec.database(), spec.collection()); } } @@ -452,7 +460,8 @@ public class MongoDbIO { getOptions( spec.maxConnectionIdleTime(), spec.sslEnabled(), - spec.sslInvalidHostNameAllowed())))) { + spec.sslInvalidHostNameAllowed(), + spec.ignoreSSLCertificate())))) { MongoDatabase mongoDatabase = mongoClient.getDatabase(spec.database()); List<Document> splitKeys; @@ -743,7 +752,8 @@ public class MongoDbIO { getOptions( spec.maxConnectionIdleTime(), spec.sslEnabled(), - spec.sslInvalidHostNameAllowed()))); + spec.sslInvalidHostNameAllowed(), + spec.ignoreSSLCertificate()))); } } @@ -925,7 +935,8 @@ public class MongoDbIO { getOptions( spec.maxConnectionIdleTime(), spec.sslEnabled(), - spec.sslInvalidHostNameAllowed()))); + spec.sslInvalidHostNameAllowed(), + spec.ignoreSSLCertificate()))); } @StartBundle diff --git a/sdks/java/io/mongodb/src/main/java/org/apache/beam/sdk/io/mongodb/SSLUtils.java b/sdks/java/io/mongodb/src/main/java/org/apache/beam/sdk/io/mongodb/SSLUtils.java index 2a5314e..88a4718 100644 --- a/sdks/java/io/mongodb/src/main/java/org/apache/beam/sdk/io/mongodb/SSLUtils.java +++ b/sdks/java/io/mongodb/src/main/java/org/apache/beam/sdk/io/mongodb/SSLUtils.java @@ -19,7 +19,6 @@ package org.apache.beam.sdk.io.mongodb; import java.security.KeyStore; import java.security.cert.X509Certificate; -import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; @@ -55,7 +54,6 @@ class SSLUtils { // Install the all-trusting trust manager SSLContext sc = SSLContext.getInstance("TLS"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); - HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); KeyStore ks = KeyStore.getInstance("JKS"); ks.load(