Repository: flume Updated Branches: refs/heads/trunk 327a43dbe -> 965e13264
http://git-wip-us.apache.org/repos/asf/flume/blob/965e1326/flume-ng-sdk/src/main/java/org/apache/flume/api/NettyAvroRpcClient.java ---------------------------------------------------------------------- diff --git a/flume-ng-sdk/src/main/java/org/apache/flume/api/NettyAvroRpcClient.java b/flume-ng-sdk/src/main/java/org/apache/flume/api/NettyAvroRpcClient.java index 9bcdf51..d7a69c9 100644 --- a/flume-ng-sdk/src/main/java/org/apache/flume/api/NettyAvroRpcClient.java +++ b/flume-ng-sdk/src/main/java/org/apache/flume/api/NettyAvroRpcClient.java @@ -33,6 +33,7 @@ import java.util.LinkedList; import java.util.List; import java.util.Map; import java.util.Properties; +import java.util.Set; import java.util.concurrent.Callable; import java.util.concurrent.CancellationException; import java.util.concurrent.ExecutionException; @@ -65,7 +66,6 @@ import org.apache.flume.FlumeException; import org.apache.flume.source.avro.AvroFlumeEvent; import org.apache.flume.source.avro.AvroSourceProtocol; import org.apache.flume.source.avro.Status; -import org.apache.flume.util.SSLUtil; import org.jboss.netty.channel.ChannelPipeline; import org.jboss.netty.channel.socket.SocketChannel; import org.jboss.netty.channel.socket.nio.NioClientSocketChannelFactory; @@ -80,7 +80,7 @@ import org.slf4j.LoggerFactory; * The connections are intended to be opened before clients are given access so * that the object cannot ever be in an inconsistent when exposed to users. */ -public class NettyAvroRpcClient extends AbstractRpcClient implements RpcClient { +public class NettyAvroRpcClient extends SSLContextAwareAbstractRpcClient { private ExecutorService callTimeoutPool; private final ReentrantLock stateLock = new ReentrantLock(); @@ -91,12 +91,6 @@ public class NettyAvroRpcClient extends AbstractRpcClient implements RpcClient { private ConnState connState; private InetSocketAddress address; - private boolean enableSsl; - private boolean trustAllCerts; - private String truststore; - private String truststorePassword; - private String truststoreType; - private final List<String> excludeProtocols = new LinkedList<String>(); private Transceiver transceiver; private AvroSourceProtocol.Callback avroClient; @@ -147,13 +141,14 @@ public class NettyAvroRpcClient extends AbstractRpcClient implements RpcClient { bossExecutor, workerExecutor, enableDeflateCompression, enableSsl, trustAllCerts, compressionLevel, truststore, truststorePassword, truststoreType, - excludeProtocols, maxIoWorkers); + excludeProtocols, includeProtocols, excludeCipherSuites, includeCipherSuites, + maxIoWorkers); } else { socketChannelFactory = new SSLCompressionChannelFactory( bossExecutor, workerExecutor, enableDeflateCompression, enableSsl, trustAllCerts, compressionLevel, truststore, truststorePassword, truststoreType, - excludeProtocols); + excludeProtocols, includeProtocols, excludeCipherSuites, includeCipherSuites); } } else { if (maxIoWorkers >= 1) { @@ -582,28 +577,7 @@ public class NettyAvroRpcClient extends AbstractRpcClient implements RpcClient { } } - enableSsl = Boolean.parseBoolean(properties.getProperty( - RpcClientConfigurationConstants.CONFIG_SSL)); - trustAllCerts = Boolean.parseBoolean(properties.getProperty( - RpcClientConfigurationConstants.CONFIG_TRUST_ALL_CERTS)); - truststore = properties.getProperty( - RpcClientConfigurationConstants.CONFIG_TRUSTSTORE, SSLUtil.getGlobalTruststorePath()); - truststorePassword = properties.getProperty( - RpcClientConfigurationConstants.CONFIG_TRUSTSTORE_PASSWORD, - SSLUtil.getGlobalTruststorePassword()); - truststoreType = properties.getProperty( - RpcClientConfigurationConstants.CONFIG_TRUSTSTORE_TYPE, - SSLUtil.getGlobalTruststoreType("JKS")); - String excludeProtocolsStr = properties.getProperty( - RpcClientConfigurationConstants.CONFIG_EXCLUDE_PROTOCOLS); - if (excludeProtocolsStr == null) { - excludeProtocols.add("SSLv3"); - } else { - excludeProtocols.addAll(Arrays.asList(excludeProtocolsStr.split(" "))); - if (!excludeProtocols.contains("SSLv3")) { - excludeProtocols.add("SSLv3"); - } - } + configureSSL(properties); String maxIoWorkersStr = properties.getProperty(RpcClientConfigurationConstants.MAX_IO_WORKERS); if (!StringUtils.isEmpty(maxIoWorkersStr)) { @@ -669,12 +643,16 @@ public class NettyAvroRpcClient extends AbstractRpcClient implements RpcClient { private final String truststore; private final String truststorePassword; private final String truststoreType; - private final List<String> excludeProtocols; + private final Set<String> excludeProtocols; + private final Set<String> includeProtocols; + private final Set<String> excludeCipherSuites; + private final Set<String> includeCipherSuites; public SSLCompressionChannelFactory(Executor bossExecutor, Executor workerExecutor, boolean enableCompression, boolean enableSsl, boolean trustAllCerts, int compressionLevel, String truststore, String truststorePassword, - String truststoreType, List<String> excludeProtocols) { + String truststoreType, Set<String> excludeProtocols, Set<String> includeProtocols, + Set<String> excludeCipherSuites, Set<String> includeCipherSuites) { super(bossExecutor, workerExecutor); this.enableCompression = enableCompression; this.enableSsl = enableSsl; @@ -684,12 +662,16 @@ public class NettyAvroRpcClient extends AbstractRpcClient implements RpcClient { this.truststorePassword = truststorePassword; this.truststoreType = truststoreType; this.excludeProtocols = excludeProtocols; + this.includeProtocols = includeProtocols; + this.excludeCipherSuites = excludeCipherSuites; + this.includeCipherSuites = includeCipherSuites; } public SSLCompressionChannelFactory(Executor bossExecutor, Executor workerExecutor, boolean enableCompression, boolean enableSsl, boolean trustAllCerts, int compressionLevel, String truststore, String truststorePassword, - String truststoreType, List<String> excludeProtocols, int maxIOWorkers) { + String truststoreType, Set<String> excludeProtocols, Set<String> includeProtocols, + Set<String> excludeCipherSuites, Set<String> includeCipherSuites, int maxIOWorkers) { super(bossExecutor, workerExecutor, maxIOWorkers); this.enableCompression = enableCompression; this.enableSsl = enableSsl; @@ -699,6 +681,9 @@ public class NettyAvroRpcClient extends AbstractRpcClient implements RpcClient { this.truststorePassword = truststorePassword; this.truststoreType = truststoreType; this.excludeProtocols = excludeProtocols; + this.includeProtocols = includeProtocols; + this.excludeCipherSuites = excludeCipherSuites; + this.includeCipherSuites = includeCipherSuites; } @Override @@ -736,15 +721,29 @@ public class NettyAvroRpcClient extends AbstractRpcClient implements RpcClient { sslContext.init(null, managers, null); SSLEngine sslEngine = sslContext.createSSLEngine(); sslEngine.setUseClientMode(true); + List<String> enabledProtocols = new ArrayList<String>(); for (String protocol : sslEngine.getEnabledProtocols()) { - if (!excludeProtocols.contains(protocol)) { + if ((includeProtocols.isEmpty() || includeProtocols.contains(protocol)) + && !excludeProtocols.contains(protocol)) { enabledProtocols.add(protocol); } } sslEngine.setEnabledProtocols(enabledProtocols.toArray(new String[0])); + + List<String> enabledCipherSuites = new ArrayList<String>(); + for (String suite : sslEngine.getEnabledCipherSuites()) { + if ((includeCipherSuites.isEmpty() || includeCipherSuites.contains(suite)) + && !excludeCipherSuites.contains(suite)) { + enabledCipherSuites.add(suite); + } + } + sslEngine.setEnabledCipherSuites(enabledCipherSuites.toArray(new String[0])); + logger.info("SSLEngine protocols enabled: " + Arrays.asList(sslEngine.getEnabledProtocols())); + logger.info("SSLEngine cipher suites enabled: " + + Arrays.asList(sslEngine.getEnabledProtocols())); // addFirst() will make SSL handling the first stage of decoding // and the last stage of encoding this must be added after // adding compression handling above http://git-wip-us.apache.org/repos/asf/flume/blob/965e1326/flume-ng-sdk/src/main/java/org/apache/flume/api/RpcClientConfigurationConstants.java ---------------------------------------------------------------------- diff --git a/flume-ng-sdk/src/main/java/org/apache/flume/api/RpcClientConfigurationConstants.java b/flume-ng-sdk/src/main/java/org/apache/flume/api/RpcClientConfigurationConstants.java index d83cf19..228ae66 100644 --- a/flume-ng-sdk/src/main/java/org/apache/flume/api/RpcClientConfigurationConstants.java +++ b/flume-ng-sdk/src/main/java/org/apache/flume/api/RpcClientConfigurationConstants.java @@ -144,6 +144,9 @@ public final class RpcClientConfigurationConstants { public static final String CONFIG_TRUSTSTORE_PASSWORD = "truststore-password"; public static final String CONFIG_TRUSTSTORE_TYPE = "truststore-type"; public static final String CONFIG_EXCLUDE_PROTOCOLS = "exclude-protocols"; + public static final String CONFIG_INCLUDE_PROTOCOLS = "include-protocols"; + public static final String CONFIG_EXCLUDE_CIPHER_SUITES = "exclude-cipher-suites"; + public static final String CONFIG_INCLUDE_CIPHER_SUITES = "include-cipher-suites"; public static final String KERBEROS_KEY = "kerberos"; http://git-wip-us.apache.org/repos/asf/flume/blob/965e1326/flume-ng-sdk/src/main/java/org/apache/flume/api/SSLContextAwareAbstractRpcClient.java ---------------------------------------------------------------------- diff --git a/flume-ng-sdk/src/main/java/org/apache/flume/api/SSLContextAwareAbstractRpcClient.java b/flume-ng-sdk/src/main/java/org/apache/flume/api/SSLContextAwareAbstractRpcClient.java new file mode 100644 index 0000000..34557f6 --- /dev/null +++ b/flume-ng-sdk/src/main/java/org/apache/flume/api/SSLContextAwareAbstractRpcClient.java @@ -0,0 +1,77 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.flume.api; + +import java.util.Arrays; +import java.util.LinkedHashSet; +import java.util.Objects; +import java.util.Properties; +import java.util.Set; + +import org.apache.flume.FlumeException; +import org.apache.flume.util.SSLUtil; + +public abstract class SSLContextAwareAbstractRpcClient extends AbstractRpcClient { + protected boolean enableSsl; + protected boolean trustAllCerts; + protected String truststore; + protected String truststorePassword; + protected String truststoreType; + protected final Set<String> excludeProtocols = new LinkedHashSet<>(Arrays.asList("SSLv3")); + protected final Set<String> includeProtocols = new LinkedHashSet<>(); + protected final Set<String> excludeCipherSuites = new LinkedHashSet<>(); + protected final Set<String> includeCipherSuites = new LinkedHashSet<>(); + + protected void configureSSL(Properties properties) throws FlumeException { + enableSsl = Boolean.parseBoolean(properties.getProperty( + RpcClientConfigurationConstants.CONFIG_SSL)); + trustAllCerts = Boolean.parseBoolean(properties.getProperty( + RpcClientConfigurationConstants.CONFIG_TRUST_ALL_CERTS)); + truststore = properties.getProperty( + RpcClientConfigurationConstants.CONFIG_TRUSTSTORE, SSLUtil.getGlobalTruststorePath()); + truststorePassword = properties.getProperty( + RpcClientConfigurationConstants.CONFIG_TRUSTSTORE_PASSWORD, + SSLUtil.getGlobalTruststorePassword()); + truststoreType = properties.getProperty( + RpcClientConfigurationConstants.CONFIG_TRUSTSTORE_TYPE, + SSLUtil.getGlobalTruststoreType("JKS")); + parseList(properties.getProperty( + RpcClientConfigurationConstants.CONFIG_EXCLUDE_PROTOCOLS, + SSLUtil.getGlobalExcludeProtocols()), + excludeProtocols); + parseList(properties.getProperty( + RpcClientConfigurationConstants.CONFIG_INCLUDE_PROTOCOLS, + SSLUtil.getGlobalIncludeProtocols()), + includeProtocols); + parseList(properties.getProperty( + RpcClientConfigurationConstants.CONFIG_EXCLUDE_CIPHER_SUITES, + SSLUtil.getGlobalExcludeCipherSuites()), + excludeCipherSuites); + parseList(properties.getProperty( + RpcClientConfigurationConstants.CONFIG_INCLUDE_CIPHER_SUITES, + SSLUtil.getGlobalIncludeCipherSuites()), + includeCipherSuites); + } + + private void parseList(String value, Set<String> set) { + if (Objects.nonNull(value)) { + set.addAll(Arrays.asList(value.split(" "))); + } + } +} http://git-wip-us.apache.org/repos/asf/flume/blob/965e1326/flume-ng-sdk/src/main/java/org/apache/flume/api/ThriftRpcClient.java ---------------------------------------------------------------------- diff --git a/flume-ng-sdk/src/main/java/org/apache/flume/api/ThriftRpcClient.java b/flume-ng-sdk/src/main/java/org/apache/flume/api/ThriftRpcClient.java index 0048e61..26ccba8 100644 --- a/flume-ng-sdk/src/main/java/org/apache/flume/api/ThriftRpcClient.java +++ b/flume-ng-sdk/src/main/java/org/apache/flume/api/ThriftRpcClient.java @@ -24,7 +24,6 @@ import org.apache.flume.FlumeException; import org.apache.flume.thrift.Status; import org.apache.flume.thrift.ThriftFlumeEvent; import org.apache.flume.thrift.ThriftSourceProtocol; -import org.apache.flume.util.SSLUtil; import org.apache.thrift.protocol.TBinaryProtocol; import org.apache.thrift.protocol.TCompactProtocol; import org.apache.thrift.transport.TFastFramedTransport; @@ -41,7 +40,6 @@ import java.io.FileInputStream; import java.nio.ByteBuffer; import java.security.KeyStore; import java.util.ArrayList; -import java.util.Arrays; import java.util.HashSet; import java.util.Iterator; import java.util.LinkedList; @@ -63,7 +61,7 @@ import java.util.concurrent.locks.Condition; import java.util.concurrent.locks.Lock; import java.util.concurrent.locks.ReentrantLock; -public class ThriftRpcClient extends AbstractRpcClient { +public class ThriftRpcClient extends SSLContextAwareAbstractRpcClient { private static final Logger LOGGER = LoggerFactory.getLogger(ThriftRpcClient.class); /** @@ -84,12 +82,6 @@ public class ThriftRpcClient extends AbstractRpcClient { private final Random random = new Random(); private String protocol; - private boolean enableSsl; - private String truststore; - private String truststorePassword; - private String truststoreType; - private final List<String> excludeProtocols = new LinkedList<String>(); - public ThriftRpcClient() { stateLock = new ReentrantLock(true); connState = State.INIT; @@ -314,29 +306,7 @@ public class ThriftRpcClient extends AbstractRpcClient { connectionPoolSize = RpcClientConfigurationConstants .DEFAULT_CONNECTION_POOL_SIZE; } - - enableSsl = Boolean.parseBoolean(properties.getProperty( - RpcClientConfigurationConstants.CONFIG_SSL)); - if (enableSsl) { - truststore = properties.getProperty( - RpcClientConfigurationConstants.CONFIG_TRUSTSTORE, SSLUtil.getGlobalTruststorePath()); - truststorePassword = properties.getProperty( - RpcClientConfigurationConstants.CONFIG_TRUSTSTORE_PASSWORD, - SSLUtil.getGlobalTruststorePassword()); - truststoreType = properties.getProperty( - RpcClientConfigurationConstants.CONFIG_TRUSTSTORE_TYPE, - SSLUtil.getGlobalTruststoreType("JKS")); - String excludeProtocolsStr = properties.getProperty( - RpcClientConfigurationConstants.CONFIG_EXCLUDE_PROTOCOLS); - if (excludeProtocolsStr == null) { - excludeProtocols.add("SSLv3"); - } else { - excludeProtocols.addAll(Arrays.asList(excludeProtocolsStr.split(" "))); - if (!excludeProtocols.contains("SSLv3")) { - excludeProtocols.add("SSLv3"); - } - } - } + configureSSL(properties); connectionManager = new ConnectionPoolManager(connectionPoolSize); connState = State.READY; @@ -385,7 +355,8 @@ public class ThriftRpcClient extends AbstractRpcClient { // Create the TSocket from that tsocket = createSSLSocket( - sslSockFactory, hostname, port, 120000, excludeProtocols); + sslSockFactory, hostname, port, 120000, excludeProtocols, + includeProtocols, excludeCipherSuites, includeCipherSuites); } else { tsocket = new TSocket(hostname, port); } @@ -538,7 +509,8 @@ public class ThriftRpcClient extends AbstractRpcClient { } private static TSocket createSSLSocket(SSLSocketFactory factory, String host, - int port, int timeout, List<String> excludeProtocols) + int port, int timeout, Set<String> excludeProtocols, Set<String> includeProtocols, + Set<String> excludeCipherSuites, Set<String> includeCipherSuites) throws FlumeException { try { SSLSocket socket = (SSLSocket) factory.createSocket(host, port); @@ -546,11 +518,22 @@ public class ThriftRpcClient extends AbstractRpcClient { List<String> enabledProtocols = new ArrayList<String>(); for (String protocol : socket.getEnabledProtocols()) { - if (!excludeProtocols.contains(protocol)) { + if ((includeProtocols.isEmpty() || includeProtocols.contains(protocol)) + && !excludeProtocols.contains(protocol)) { enabledProtocols.add(protocol); } } socket.setEnabledProtocols(enabledProtocols.toArray(new String[0])); + + List<String> enabledCipherSuites = new ArrayList<String>(); + for (String suite : socket.getEnabledCipherSuites()) { + if ((includeCipherSuites.isEmpty() || includeCipherSuites.contains(suite)) + && !excludeCipherSuites.contains(suite)) { + enabledCipherSuites.add(suite); + } + } + socket.setEnabledCipherSuites(enabledCipherSuites.toArray(new String[0])); + return new TSocket(socket); } catch (Exception e) { throw new FlumeException("Could not connect to " + host + " on port " + port, e); http://git-wip-us.apache.org/repos/asf/flume/blob/965e1326/flume-ng-sdk/src/main/java/org/apache/flume/util/SSLUtil.java ---------------------------------------------------------------------- diff --git a/flume-ng-sdk/src/main/java/org/apache/flume/util/SSLUtil.java b/flume-ng-sdk/src/main/java/org/apache/flume/util/SSLUtil.java index 02fe8ed..04a7d5c 100644 --- a/flume-ng-sdk/src/main/java/org/apache/flume/util/SSLUtil.java +++ b/flume-ng-sdk/src/main/java/org/apache/flume/util/SSLUtil.java @@ -31,6 +31,10 @@ public class SSLUtil { private static final String SYS_PROP_TRUSTSTORE_PATH = "javax.net.ssl.trustStore"; private static final String SYS_PROP_TRUSTSTORE_PASSWORD = "javax.net.ssl.trustStorePassword"; private static final String SYS_PROP_TRUSTSTORE_TYPE = "javax.net.ssl.trustStoreType"; + private static final String SYS_PROP_INCLUDE_PROTOCOLS = "flume.ssl.include.protocols"; + private static final String SYS_PROP_EXCLUDE_PROTOCOLS = "flume.ssl.exclude.protocols"; + private static final String SYS_PROP_INCLUDE_CIPHERSUITES = "flume.ssl.include.cipherSuites"; + private static final String SYS_PROP_EXCLUDE_CIPHERSUITES = "flume.ssl.exclude.cipherSuites"; private static final String ENV_VAR_KEYSTORE_PATH = "FLUME_SSL_KEYSTORE_PATH"; private static final String ENV_VAR_KEYSTORE_PASSWORD = "FLUME_SSL_KEYSTORE_PASSWORD"; @@ -38,6 +42,10 @@ public class SSLUtil { private static final String ENV_VAR_TRUSTSTORE_PATH = "FLUME_SSL_TRUSTSTORE_PATH"; private static final String ENV_VAR_TRUSTSTORE_PASSWORD = "FLUME_SSL_TRUSTSTORE_PASSWORD"; private static final String ENV_VAR_TRUSTSTORE_TYPE = "FLUME_SSL_TRUSTSTORE_TYPE"; + private static final String ENV_VAR_INCLUDE_PROTOCOLS = "FLUME_SSL_INCLUDE_PROTOCOLS"; + private static final String ENV_VAR_EXCLUDE_PROTOCOLS = "FLUME_SSL_EXCLUDE_PROTOCOLS"; + private static final String ENV_VAR_INCLUDE_CIPHERSUITES = "FLUME_SSL_INCLUDE_CIPHERSUITES"; + private static final String ENV_VAR_EXCLUDE_CIPHERSUITES = "FLUME_SSL_EXCLUDE_CIPHERSUITES"; private static final String DESCR_KEYSTORE_PATH = "keystore path"; private static final String DESCR_KEYSTORE_PASSWORD = "keystore password"; @@ -45,6 +53,10 @@ public class SSLUtil { private static final String DESCR_TRUSTSTORE_PATH = "truststore path"; private static final String DESCR_TRUSTSTORE_PASSWORD = "truststore password"; private static final String DESCR_TRUSTSTORE_TYPE = "truststore type"; + private static final String DESCR_INCLUDE_PROTOCOLS = "include protocols"; + private static final String DESCR_EXCLUDE_PROTOCOLS = "exclude protocols"; + private static final String DESCR_INCLUDE_CIPHERSUITES = "include cipher suites"; + private static final String DESCR_EXCLUDE_CIPHERSUITES = "exclude cipher suites"; public static void initGlobalSSLParameters() { initSysPropFromEnvVar( @@ -59,6 +71,14 @@ public class SSLUtil { SYS_PROP_TRUSTSTORE_PASSWORD, ENV_VAR_TRUSTSTORE_PASSWORD, DESCR_TRUSTSTORE_PASSWORD); initSysPropFromEnvVar( SYS_PROP_TRUSTSTORE_TYPE, ENV_VAR_TRUSTSTORE_TYPE, DESCR_TRUSTSTORE_TYPE); + initSysPropFromEnvVar( + SYS_PROP_INCLUDE_PROTOCOLS, ENV_VAR_INCLUDE_PROTOCOLS, DESCR_INCLUDE_PROTOCOLS); + initSysPropFromEnvVar( + SYS_PROP_EXCLUDE_PROTOCOLS, ENV_VAR_EXCLUDE_PROTOCOLS, DESCR_EXCLUDE_PROTOCOLS); + initSysPropFromEnvVar( + SYS_PROP_INCLUDE_CIPHERSUITES, ENV_VAR_INCLUDE_CIPHERSUITES, DESCR_INCLUDE_CIPHERSUITES); + initSysPropFromEnvVar( + SYS_PROP_EXCLUDE_CIPHERSUITES, ENV_VAR_EXCLUDE_CIPHERSUITES, DESCR_EXCLUDE_CIPHERSUITES); } private static void initSysPropFromEnvVar(String sysPropName, String envVarName, @@ -103,4 +123,24 @@ public class SSLUtil { return sysPropValue != null ? sysPropValue : defaultValue; } + public static String getGlobalExcludeProtocols() { + return normalizeProperty(SYS_PROP_EXCLUDE_PROTOCOLS); + } + + public static String getGlobalIncludeProtocols() { + return normalizeProperty(SYS_PROP_INCLUDE_PROTOCOLS); + } + + public static String getGlobalExcludeCipherSuites() { + return normalizeProperty(SYS_PROP_EXCLUDE_CIPHERSUITES); + } + + public static String getGlobalIncludeCipherSuites() { + return normalizeProperty(SYS_PROP_INCLUDE_CIPHERSUITES); + } + + private static String normalizeProperty(String name) { + String property = System.getProperty(name); + return property == null ? null : property.replaceAll(",", " "); + } } http://git-wip-us.apache.org/repos/asf/flume/blob/965e1326/flume-ng-sdk/src/test/java/org/apache/flume/util/AbstractSSLUtilListTest.java ---------------------------------------------------------------------- diff --git a/flume-ng-sdk/src/test/java/org/apache/flume/util/AbstractSSLUtilListTest.java b/flume-ng-sdk/src/test/java/org/apache/flume/util/AbstractSSLUtilListTest.java new file mode 100644 index 0000000..a9e3b6f --- /dev/null +++ b/flume-ng-sdk/src/test/java/org/apache/flume/util/AbstractSSLUtilListTest.java @@ -0,0 +1,44 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.flume.util; + +import java.util.Arrays; +import java.util.Collection; + +import org.junit.runners.Parameterized.Parameters; + +public abstract class AbstractSSLUtilListTest extends AbstractSSLUtilTest { + @Parameters + public static Collection<?> data() { + return Arrays.asList(new Object[][]{ + // system property value, environment variable value, expected value + { null, null, null }, + { "sysprop", null, "sysprop" }, + { "sysprop,sysprop", null, "sysprop sysprop" }, + { null, "envvar", "envvar" }, + { null, "envvar,envvar", "envvar envvar" }, + { "sysprop", "envvar", "sysprop" }, + { "sysprop,sysprop", "envvar,envvar", "sysprop sysprop" } + }); + } + + protected AbstractSSLUtilListTest(String sysPropValue, String envVarValue, String expectedValue) { + super(sysPropValue, envVarValue, expectedValue); + } +} http://git-wip-us.apache.org/repos/asf/flume/blob/965e1326/flume-ng-sdk/src/test/java/org/apache/flume/util/SSLUtilExcludeCipherSuitesTest.java ---------------------------------------------------------------------- diff --git a/flume-ng-sdk/src/test/java/org/apache/flume/util/SSLUtilExcludeCipherSuitesTest.java b/flume-ng-sdk/src/test/java/org/apache/flume/util/SSLUtilExcludeCipherSuitesTest.java new file mode 100644 index 0000000..f176c5e --- /dev/null +++ b/flume-ng-sdk/src/test/java/org/apache/flume/util/SSLUtilExcludeCipherSuitesTest.java @@ -0,0 +1,49 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.flume.util; + +import org.junit.Assert; +import org.junit.Test; + +public class SSLUtilExcludeCipherSuitesTest extends AbstractSSLUtilListTest { + + public SSLUtilExcludeCipherSuitesTest( + String sysPropValue, String envVarValue, String expectedValue) { + super(sysPropValue, envVarValue, expectedValue); + } + + @Override + protected String getSysPropName() { + return "flume.ssl.exclude.cipherSuites"; + } + + @Override + protected String getEnvVarName() { + return "FLUME_SSL_EXCLUDE_CIPHERSUITES"; + } + + @Test + public void testIncludeProtocols() { + SSLUtil.initGlobalSSLParameters(); + String actualValue = SSLUtil.getGlobalExcludeCipherSuites(); + + Assert.assertEquals(expectedValue, actualValue); + } + +} http://git-wip-us.apache.org/repos/asf/flume/blob/965e1326/flume-ng-sdk/src/test/java/org/apache/flume/util/SSLUtilExcludeProtocolsTest.java ---------------------------------------------------------------------- diff --git a/flume-ng-sdk/src/test/java/org/apache/flume/util/SSLUtilExcludeProtocolsTest.java b/flume-ng-sdk/src/test/java/org/apache/flume/util/SSLUtilExcludeProtocolsTest.java new file mode 100644 index 0000000..8e66dfd --- /dev/null +++ b/flume-ng-sdk/src/test/java/org/apache/flume/util/SSLUtilExcludeProtocolsTest.java @@ -0,0 +1,49 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.flume.util; + +import org.junit.Assert; +import org.junit.Test; + +public class SSLUtilExcludeProtocolsTest extends AbstractSSLUtilListTest { + + public SSLUtilExcludeProtocolsTest( + String sysPropValue, String envVarValue, String expectedValue) { + super(sysPropValue, envVarValue, expectedValue); + } + + @Override + protected String getSysPropName() { + return "flume.ssl.exclude.protocols"; + } + + @Override + protected String getEnvVarName() { + return "FLUME_SSL_EXCLUDE_PROTOCOLS"; + } + + @Test + public void testExcludeProtocols() { + SSLUtil.initGlobalSSLParameters(); + String actualValue = SSLUtil.getGlobalExcludeProtocols(); + + Assert.assertEquals(expectedValue, actualValue); + } + +} http://git-wip-us.apache.org/repos/asf/flume/blob/965e1326/flume-ng-sdk/src/test/java/org/apache/flume/util/SSLUtilIncludeCipherSuitesTest.java ---------------------------------------------------------------------- diff --git a/flume-ng-sdk/src/test/java/org/apache/flume/util/SSLUtilIncludeCipherSuitesTest.java b/flume-ng-sdk/src/test/java/org/apache/flume/util/SSLUtilIncludeCipherSuitesTest.java new file mode 100644 index 0000000..7625c23 --- /dev/null +++ b/flume-ng-sdk/src/test/java/org/apache/flume/util/SSLUtilIncludeCipherSuitesTest.java @@ -0,0 +1,49 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.flume.util; + +import org.junit.Assert; +import org.junit.Test; + +public class SSLUtilIncludeCipherSuitesTest extends AbstractSSLUtilListTest { + + public SSLUtilIncludeCipherSuitesTest( + String sysPropValue, String envVarValue, String expectedValue) { + super(sysPropValue, envVarValue, expectedValue); + } + + @Override + protected String getSysPropName() { + return "flume.ssl.include.cipherSuites"; + } + + @Override + protected String getEnvVarName() { + return "FLUME_SSL_INCLUDE_CIPHERSUITES"; + } + + @Test + public void testIncludeProtocols() { + SSLUtil.initGlobalSSLParameters(); + String actualValue = SSLUtil.getGlobalIncludeCipherSuites(); + + Assert.assertEquals(expectedValue, actualValue); + } + +} http://git-wip-us.apache.org/repos/asf/flume/blob/965e1326/flume-ng-sdk/src/test/java/org/apache/flume/util/SSLUtilIncludeProtocolsTest.java ---------------------------------------------------------------------- diff --git a/flume-ng-sdk/src/test/java/org/apache/flume/util/SSLUtilIncludeProtocolsTest.java b/flume-ng-sdk/src/test/java/org/apache/flume/util/SSLUtilIncludeProtocolsTest.java new file mode 100644 index 0000000..597dba6 --- /dev/null +++ b/flume-ng-sdk/src/test/java/org/apache/flume/util/SSLUtilIncludeProtocolsTest.java @@ -0,0 +1,49 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.flume.util; + +import org.junit.Assert; +import org.junit.Test; + +public class SSLUtilIncludeProtocolsTest extends AbstractSSLUtilListTest { + + public SSLUtilIncludeProtocolsTest( + String sysPropValue, String envVarValue, String expectedValue) { + super(sysPropValue, envVarValue, expectedValue); + } + + @Override + protected String getSysPropName() { + return "flume.ssl.include.protocols"; + } + + @Override + protected String getEnvVarName() { + return "FLUME_SSL_INCLUDE_PROTOCOLS"; + } + + @Test + public void testIncludeProtocols() { + SSLUtil.initGlobalSSLParameters(); + String actualValue = SSLUtil.getGlobalIncludeProtocols(); + + Assert.assertEquals(expectedValue, actualValue); + } + +}
