[
https://issues.apache.org/jira/browse/FLUME-2204?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13871713#comment-13871713
]
Charles Pritchard commented on FLUME-2204:
------------------------------------------
That's correct; this is a fairly trivial thing to add in.
https://apache.googlesource.com/flume/+/trunk/flume-ng-core/src/main/java/org/apache/flume/source/AvroSource.java
Something like:
getPipeline...
sslEngine.setUseClientMode(false);
sslEngine.setNeedClientAuth(true);
and when the first message is via the ChannelHandlerContext...
SslHandler sslhandler = (SslHandler)
ctx.getPipeline().get("ssl");
clientName = null;
try {
X509Certificate client = (X509Certificate)
sslhandler.getEngine().getSession().getPeerCertificates()[0];
X500Principal p = client.getSubjectX500Principal();
LdapName ldn = new LdapName(p.getName());
for(Rdn rdn: ldn.getRdns()) {
if(rdn.getType().equals("CN")) clientName =
rdn.getValue().toString();
}
} catch(SSLPeerUnverifiedException badClient) {
if(DEBUG) {
System.out.println("no luck on cert authentication");
}
}
Via:
import java.security.Principal;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLPeerUnverifiedException;
import org.jboss.netty.channel.ChannelHandlerContext;
import javax.security.auth.x500.X500Principal;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
> Expose Peer SSL Certificate in AvroSource
> -----------------------------------------
>
> Key: FLUME-2204
> URL: https://issues.apache.org/jira/browse/FLUME-2204
> Project: Flume
> Issue Type: Bug
> Reporter: Charles Pritchard
>
> AvroSource supports SSL connections, getPeerCertificateChain()[0] will expose
> the client SSL certificate. Through that getSubjectDN().getName() gives us
> very usable information.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
