[
https://issues.apache.org/jira/browse/FLINK-3931?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15552476#comment-15552476
]
ASF GitHub Bot commented on FLINK-3931:
---------------------------------------
Github user mxm commented on a diff in the pull request:
https://github.com/apache/flink/pull/2518#discussion_r82230310
--- Diff:
flink-runtime/src/test/java/org/apache/flink/runtime/blob/BlobClientSslTest.java
---
@@ -0,0 +1,284 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.flink.runtime.blob;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.fail;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.InetSocketAddress;
+import java.security.MessageDigest;
+import java.util.Collections;
+import java.util.List;
+
+import org.apache.flink.configuration.ConfigConstants;
+import org.apache.flink.configuration.Configuration;
+import org.apache.flink.api.common.JobID;
+import org.apache.flink.core.fs.Path;
+import org.codehaus.jackson.map.DeserializerFactory;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+/**
+ * This class contains unit tests for the {@link BlobClient} with ssl
enabled.
+ */
+public class BlobClientSslTest {
+
+ /** The buffer size used during the tests in bytes. */
+ private static final int TEST_BUFFER_SIZE = 17 * 1000;
+
+ /** The instance of the BLOB server used during the tests. */
+ private static BlobServer BLOB_SERVER;
+
+ /** The blob service client configuration */
+ private static Configuration clientConfig;
+ /**
+ * Starts the BLOB server.
+ */
+ @BeforeClass
+ public static void startServer() {
+ try {
+ Configuration config = new Configuration();
+ config.setBoolean(ConfigConstants.SECURITY_SSL_ENABLED,
true);
+ config.setString(ConfigConstants.SECURITY_SSL_KEYSTORE,
"src/test/resources/local127.keystore");
+
config.setString(ConfigConstants.SECURITY_SSL_KEYSTORE_PASSWORD, "password");
+
config.setString(ConfigConstants.SECURITY_SSL_KEY_PASSWORD, "password");
--- End diff --
Ah, it is enabled by default when the global SSL flag is set. Can we fail
the test if SSL is not enabled?
> Implement Transport Encryption (SSL/TLS)
> ----------------------------------------
>
> Key: FLINK-3931
> URL: https://issues.apache.org/jira/browse/FLINK-3931
> Project: Flink
> Issue Type: New Feature
> Reporter: Eron Wright
> Assignee: Suresh Krishnappa
> Labels: security
> Original Estimate: 1,008h
> Remaining Estimate: 1,008h
>
> _This issue is part of a series of improvements detailed in the [Secure Data
> Access|https://docs.google.com/document/d/1-GQB6uVOyoaXGwtqwqLV8BHDxWiMO2WnVzBoJ8oPaAs/edit?usp=sharing]
> design doc._
> To assure privacy and data integrity between Flink components, enable TLS for
> all communication channels. As described in the design doc:
> - Accept a configured certificate or generate a certificate.
> - Enable Akka SSL
> - Implement Data Transfer SSL
> - Implement Blob Server SSL
> - Implement Web UI HTTPS
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
