Repository: lens Updated Branches: refs/heads/master 7a6987254 -> f678a4bae
LENS-1511 : Adding missing files in patch. Project: http://git-wip-us.apache.org/repos/asf/lens/repo Commit: http://git-wip-us.apache.org/repos/asf/lens/commit/f678a4ba Tree: http://git-wip-us.apache.org/repos/asf/lens/tree/f678a4ba Diff: http://git-wip-us.apache.org/repos/asf/lens/diff/f678a4ba Branch: refs/heads/master Commit: f678a4bae7408ea261f309cac0272f714997fd88 Parents: 7a69872 Author: Rajitha R <[email protected]> Authored: Thu May 24 23:57:42 2018 +0530 Committer: Rajitha.R <[email protected]> Committed: Thu May 24 23:57:42 2018 +0530 ---------------------------------------------------------------------- .../lens/client/LensHostnameVerifier.java | 59 ++++++++++ .../apache/lens/client/LensTrustManager.java | 115 +++++++++++++++++++ 2 files changed, 174 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/lens/blob/f678a4ba/lens-client/src/main/java/org/apache/lens/client/LensHostnameVerifier.java ---------------------------------------------------------------------- diff --git a/lens-client/src/main/java/org/apache/lens/client/LensHostnameVerifier.java b/lens-client/src/main/java/org/apache/lens/client/LensHostnameVerifier.java new file mode 100644 index 0000000..7025a8c --- /dev/null +++ b/lens-client/src/main/java/org/apache/lens/client/LensHostnameVerifier.java @@ -0,0 +1,59 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.lens.client; + +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.SSLSession; + +import lombok.extern.slf4j.Slf4j; + +/** + * LensHostnameVerifier : Class to verify host name or cname mentioned in + * lens server's base url is same as present in SSL cert. + */ +@Slf4j +public class LensHostnameVerifier implements HostnameVerifier { + + private boolean ignoreHostVerification; + private String lensServerHostBaseURL; + + public LensHostnameVerifier(LensClientConfig config) { + + if (Boolean.valueOf(config.get(LensClientConfig.SSL_IGNORE_SERVER_CERT, + String.valueOf(LensClientConfig.DEFAULT_SSL_IGNORE_SERVER_CERT_VALUE)))) { + log.info("Will skip hostname verification."); + ignoreHostVerification = true; + lensServerHostBaseURL = config.get(LensClientConfig.SERVER_BASE_URL); + } else { + log.info("Host name verification is enabled."); + ignoreHostVerification = false; + } + + } + + @Override + public boolean verify(String hostname, SSLSession session) { + + if (ignoreHostVerification) { + return true; + } else { + return lensServerHostBaseURL.contains(hostname); + } + } +} http://git-wip-us.apache.org/repos/asf/lens/blob/f678a4ba/lens-client/src/main/java/org/apache/lens/client/LensTrustManager.java ---------------------------------------------------------------------- diff --git a/lens-client/src/main/java/org/apache/lens/client/LensTrustManager.java b/lens-client/src/main/java/org/apache/lens/client/LensTrustManager.java new file mode 100644 index 0000000..4a69617 --- /dev/null +++ b/lens-client/src/main/java/org/apache/lens/client/LensTrustManager.java @@ -0,0 +1,115 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.lens.client; + +import java.security.KeyStore; +import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; + +import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.X509TrustManager; + +import lombok.extern.slf4j.Slf4j; + +/** + * LensTrustManager : class to instantiate trust manager for lens client + * and verify server certs. + */ +@Slf4j +public class LensTrustManager implements X509TrustManager { + + private boolean ignoreCertCheck; + private X509TrustManager trustManager; + + public LensTrustManager(LensClientConfig config) { + + if (Boolean.valueOf(config.get(LensClientConfig.SSL_IGNORE_SERVER_CERT, + String.valueOf(LensClientConfig.DEFAULT_SSL_IGNORE_SERVER_CERT_VALUE)))) { + log.info("Will skip server cert verification."); + ignoreCertCheck = true; + } else { + log.info("Server cert verification is enabled."); + ignoreCertCheck = false; + try { + trustManager = getTrustManager(); + } catch (Exception e) { + log.error(e.toString()); + throw new RuntimeException(e); + } + } + + } + + /** + * + * @param chain + * @param authType + * @throws CertificateException + */ + @Override + public void checkClientTrusted(final X509Certificate[] chain, final String authType) throws CertificateException { + if (!ignoreCertCheck) { + trustManager.checkClientTrusted(chain, authType); + } + } + + /** + * + * @param chain + * @param authType + * @throws CertificateException + */ + @Override + public void checkServerTrusted(final X509Certificate[] chain, final String authType) throws CertificateException { + if (!ignoreCertCheck) { + trustManager.checkServerTrusted(chain, authType); + } + } + + /** + * + * @return + */ + @Override + public X509Certificate[] getAcceptedIssuers() { + return trustManager.getAcceptedIssuers(); + } + + /** + * + * @return trust manager to init trust chain + * @throws Exception + */ + private X509TrustManager getTrustManager() throws Exception { + + TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + tmf.init((KeyStore) null); + + X509TrustManager x509Tm = null; + + for (TrustManager tm : tmf.getTrustManagers()) { + if (tm instanceof X509TrustManager) { + x509Tm = (X509TrustManager) tm; + break; + } + } + return x509Tm; + } +}
