Repository: incubator-falcon Updated Branches: refs/heads/master ebb5d4c69 -> 3c5edec9d
FALCON-838 Add support for https in merlin. Contributed by Ruslan Ostafiychuk and Raghav Kumar Gautam Project: http://git-wip-us.apache.org/repos/asf/incubator-falcon/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-falcon/commit/3c5edec9 Tree: http://git-wip-us.apache.org/repos/asf/incubator-falcon/tree/3c5edec9 Diff: http://git-wip-us.apache.org/repos/asf/incubator-falcon/diff/3c5edec9 Branch: refs/heads/master Commit: 3c5edec9daea46c6c10a8a808d3b68ea8fa0601f Parents: ebb5d4c Author: Raghav Kumar Gautam <rag...@apache.org> Authored: Sat Oct 25 15:05:19 2014 -0700 Committer: Raghav Kumar Gautam <rag...@apache.org> Committed: Sat Oct 25 15:05:19 2014 -0700 ---------------------------------------------------------------------- falcon-regression/CHANGES.txt | 3 ++ .../org/apache/falcon/request/BaseRequest.java | 40 +++++++++++++++++++- .../security/FalconAuthorizationToken.java | 20 +++++++++- 3 files changed, 61 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-falcon/blob/3c5edec9/falcon-regression/CHANGES.txt ---------------------------------------------------------------------- diff --git a/falcon-regression/CHANGES.txt b/falcon-regression/CHANGES.txt index aa33b18..93f49eb 100644 --- a/falcon-regression/CHANGES.txt +++ b/falcon-regression/CHANGES.txt @@ -5,6 +5,9 @@ Trunk (Unreleased) INCOMPATIBLE CHANGES NEW FEATURES + FALCON-838 Add support for https in merlin (Raghav Kumar Gautam and + Ruslan Ostafiychuk via Raghav Kumar Gautam) + FALCON-746 Add ACL validation and enforcement tests (Raghav Kumar Gautam via Ruslan Ostafiychuk) FALCON-743 Adding tests for cases related to usage of pipelines tag http://git-wip-us.apache.org/repos/asf/incubator-falcon/blob/3c5edec9/falcon-regression/merlin-core/src/main/java/org/apache/falcon/request/BaseRequest.java ---------------------------------------------------------------------- diff --git a/falcon-regression/merlin-core/src/main/java/org/apache/falcon/request/BaseRequest.java b/falcon-regression/merlin-core/src/main/java/org/apache/falcon/request/BaseRequest.java index 549b986..7244fb7 100644 --- a/falcon-regression/merlin-core/src/main/java/org/apache/falcon/request/BaseRequest.java +++ b/falcon-regression/merlin-core/src/main/java/org/apache/falcon/request/BaseRequest.java @@ -18,6 +18,7 @@ package org.apache.falcon.request; +import org.apache.commons.net.util.TrustManagerUtils; import org.apache.falcon.regression.core.interfaces.IEntityManagerHelper; import org.apache.falcon.security.FalconAuthorizationToken; import org.apache.hadoop.security.authentication.client.AuthenticatedURL; @@ -29,19 +30,28 @@ import org.apache.http.HttpHost; import org.apache.http.HttpRequest; import org.apache.http.HttpResponse; import org.apache.http.HttpStatus; +import org.apache.http.client.HttpClient; import org.apache.http.client.methods.HttpDelete; import org.apache.http.client.methods.HttpGet; import org.apache.http.client.methods.HttpPost; import org.apache.http.client.methods.HttpPut; import org.apache.http.client.utils.URIBuilder; +import org.apache.http.conn.scheme.Scheme; +import org.apache.http.conn.scheme.SchemeRegistry; +import org.apache.http.conn.ssl.AllowAllHostnameVerifier; +import org.apache.http.conn.ssl.SSLSocketFactory; import org.apache.http.entity.StringEntity; import org.apache.http.impl.client.DefaultHttpClient; +import org.apache.http.impl.conn.BasicClientConnectionManager; import org.apache.http.message.BasicHeader; import org.apache.log4j.Logger; +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManager; import java.io.IOException; import java.net.URI; import java.net.URISyntaxException; +import java.security.SecureRandom; import java.util.ArrayList; import java.util.List; @@ -57,6 +67,25 @@ public class BaseRequest { private String user; private URI uri; private HttpHost target; + private static final SSLSocketFactory SSL_SOCKET_FACTORY; + + static { + try { + SSLContext ssl = getSslContext(); + SSL_SOCKET_FACTORY = new SSLSocketFactory(ssl, new AllowAllHostnameVerifier()); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + public static SSLContext getSslContext() throws Exception { + SSLContext sslContext = SSLContext.getInstance("SSL"); + sslContext.init( + null, + new TrustManager[]{TrustManagerUtils.getValidateServerCertificateTrustManager()}, + new SecureRandom()); + return sslContext; + } public BaseRequest(String url, String method, String user) throws URISyntaxException { this(url, method, user, null); @@ -121,7 +150,16 @@ public class BaseRequest { uri.getHost(), uri.getPort()); request.addHeader(RequestKeys.COOKIE, RequestKeys.AUTH_COOKIE_EQ + token); } - DefaultHttpClient client = new DefaultHttpClient(); + + HttpClient client; + if (uri.toString().startsWith("https")) { + SchemeRegistry schemeRegistry = new SchemeRegistry(); + schemeRegistry.register(new Scheme("https", uri.getPort(), SSL_SOCKET_FACTORY)); + BasicClientConnectionManager cm = new BasicClientConnectionManager(schemeRegistry); + client = new DefaultHttpClient(cm); + } else { + client = new DefaultHttpClient(); + } LOGGER.info("Request Url: " + request.getRequestLine().getUri()); LOGGER.info("Request Method: " + request.getRequestLine().getMethod()); http://git-wip-us.apache.org/repos/asf/incubator-falcon/blob/3c5edec9/falcon-regression/merlin-core/src/main/java/org/apache/falcon/security/FalconAuthorizationToken.java ---------------------------------------------------------------------- diff --git a/falcon-regression/merlin-core/src/main/java/org/apache/falcon/security/FalconAuthorizationToken.java b/falcon-regression/merlin-core/src/main/java/org/apache/falcon/security/FalconAuthorizationToken.java index f5a075e..1af999e 100644 --- a/falcon-regression/merlin-core/src/main/java/org/apache/falcon/security/FalconAuthorizationToken.java +++ b/falcon-regression/merlin-core/src/main/java/org/apache/falcon/security/FalconAuthorizationToken.java @@ -18,12 +18,16 @@ package org.apache.falcon.security; +import org.apache.falcon.request.BaseRequest; import org.apache.hadoop.security.authentication.client.AuthenticatedURL; import org.apache.hadoop.security.authentication.client.AuthenticationException; import org.apache.hadoop.security.authentication.client.KerberosAuthenticator; import org.apache.hadoop.security.authentication.client.PseudoAuthenticator; import org.apache.log4j.Logger; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLSession; import java.io.IOException; import java.net.URL; import java.util.concurrent.ConcurrentHashMap; @@ -42,7 +46,14 @@ public final class FalconAuthorizationToken { private FalconAuthorizationToken() { } - public static void authenticate(String user, String protocol, String host, + public static final HostnameVerifier ALL_TRUSTING_HOSTNAME_VERIFIER = new HostnameVerifier() { + @Override + public boolean verify(String hostname, SSLSession sslSession) { + return true; + } + }; + + private static void authenticate(String user, String protocol, String host, int port) throws IOException, AuthenticationException { URL url = new URL(String.format("%s://%s:%d/%s", protocol, host, port, @@ -52,6 +63,13 @@ public final class FalconAuthorizationToken { /*using KerberosAuthenticator which falls back to PsuedoAuthenticator instead of passing authentication type from the command line - bad factory*/ + try { + HttpsURLConnection.setDefaultSSLSocketFactory(BaseRequest.getSslContext() + .getSocketFactory()); + } catch (Exception e) { + throw new RuntimeException(e); + } + HttpsURLConnection.setDefaultHostnameVerifier(ALL_TRUSTING_HOSTNAME_VERIFIER); new AuthenticatedURL(AUTHENTICATOR).openConnection(url, currentToken); String key = getKey(user, protocol, host, port);
