[
https://issues.apache.org/jira/browse/BEAM-6151?focusedWorklogId=172400&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-172400
]
ASF GitHub Bot logged work on BEAM-6151:
----------------------------------------
Author: ASF GitHub Bot
Created on: 05/Dec/18 17:27
Start Date: 05/Dec/18 17:27
Worklog Time Spent: 10m
Work Description: jbonofre closed pull request #7162: BEAM-6151:
MongoDbIO add support mongodb server with self signed ssl
URL: https://github.com/apache/beam/pull/7162
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git
a/sdks/java/io/mongodb/src/main/java/org/apache/beam/sdk/io/mongodb/MongoDbIO.java
b/sdks/java/io/mongodb/src/main/java/org/apache/beam/sdk/io/mongodb/MongoDbIO.java
index 9d6e05bfb209..309a30d582b7 100644
---
a/sdks/java/io/mongodb/src/main/java/org/apache/beam/sdk/io/mongodb/MongoDbIO.java
+++
b/sdks/java/io/mongodb/src/main/java/org/apache/beam/sdk/io/mongodb/MongoDbIO.java
@@ -104,6 +104,9 @@ public static Read read() {
.setKeepAlive(true)
.setMaxConnectionIdleTime(60000)
.setNumSplits(0)
+ .setSslEnabled(false)
+ .setIgnoreSSLCertificate(false)
+ .setSslInvalidHostNameAllowed(false)
.build();
}
@@ -113,6 +116,9 @@ public static Write write() {
.setKeepAlive(true)
.setMaxConnectionIdleTime(60000)
.setBatchSize(1024L)
+ .setSslEnabled(false)
+ .setIgnoreSSLCertificate(false)
+ .setSslInvalidHostNameAllowed(false)
.build();
}
@@ -128,6 +134,12 @@ private MongoDbIO() {}
abstract int maxConnectionIdleTime();
+ abstract boolean sslEnabled();
+
+ abstract boolean sslInvalidHostNameAllowed();
+
+ abstract boolean ignoreSSLCertificate();
+
@Nullable
abstract String database();
@@ -152,6 +164,12 @@ private MongoDbIO() {}
abstract Builder setMaxConnectionIdleTime(int maxConnectionIdleTime);
+ abstract Builder setSslEnabled(boolean value);
+
+ abstract Builder setSslInvalidHostNameAllowed(boolean value);
+
+ abstract Builder setIgnoreSSLCertificate(boolean value);
+
abstract Builder setDatabase(String database);
abstract Builder setCollection(String collection);
@@ -215,6 +233,21 @@ public Read withMaxConnectionIdleTime(int
maxConnectionIdleTime) {
return builder().setMaxConnectionIdleTime(maxConnectionIdleTime).build();
}
+ /** Enable ssl for connection. */
+ public Read withSSLEnabled(boolean sslEnabled) {
+ return builder().setSslEnabled(sslEnabled).build();
+ }
+
+ /** Enable invalidHostNameAllowed for ssl for connection. */
+ public Read withSSLInvalidHostNameAllowed(boolean invalidHostNameAllowed) {
+ return
builder().setSslInvalidHostNameAllowed(invalidHostNameAllowed).build();
+ }
+
+ /** Enable ignoreSSLCertificate for ssl for connection (allow for self
signed ceritificates). */
+ public Read withIgnoreSSLCertificate(boolean ignoreSSLCertificate) {
+ return builder().setIgnoreSSLCertificate(ignoreSSLCertificate).build();
+ }
+
/** Sets the database to use. */
public Read withDatabase(String database) {
checkArgument(database != null, "database can not be null");
@@ -259,6 +292,10 @@ public void populateDisplayData(DisplayData.Builder
builder) {
builder.add(DisplayData.item("uri", uri()));
builder.add(DisplayData.item("keepAlive", keepAlive()));
builder.add(DisplayData.item("maxConnectionIdleTime",
maxConnectionIdleTime()));
+ builder.add(DisplayData.item("sslEnabled", sslEnabled()));
+ builder.add(DisplayData.item("sslInvalidHostNameAllowed",
sslInvalidHostNameAllowed()));
+ builder.add(DisplayData.item("ignoreSSLCertificate",
ignoreSSLCertificate()));
+
builder.add(DisplayData.item("database", database()));
builder.add(DisplayData.item("collection", collection()));
builder.addIfNotNull(DisplayData.item("filter", filter()));
@@ -270,6 +307,22 @@ public void populateDisplayData(DisplayData.Builder
builder) {
}
}
+ private static MongoClientOptions.Builder getOptions(
+ boolean keepAlive,
+ int maxConnectionIdleTime,
+ boolean sslEnabled,
+ boolean sslInvalidHostNameAllowed) {
+ MongoClientOptions.Builder optionsBuilder = new
MongoClientOptions.Builder();
+
optionsBuilder.socketKeepAlive(keepAlive).maxConnectionIdleTime(maxConnectionIdleTime);
+ if (sslEnabled) {
+ optionsBuilder
+ .sslEnabled(sslEnabled)
+ .sslInvalidHostNameAllowed(sslInvalidHostNameAllowed)
+ .sslContext(SSLUtils.ignoreSSLCertificate());
+ }
+ return optionsBuilder;
+ }
+
/** A MongoDB {@link BoundedSource} reading {@link Document} from a given
instance. */
@VisibleForTesting
static class BoundedMongoDbSource extends BoundedSource<Document> {
@@ -296,7 +349,15 @@ public void populateDisplayData(DisplayData.Builder
builder) {
@Override
public long getEstimatedSizeBytes(PipelineOptions pipelineOptions) {
- try (MongoClient mongoClient = new MongoClient(new
MongoClientURI(spec.uri()))) {
+ try (MongoClient mongoClient =
+ new MongoClient(
+ new MongoClientURI(
+ spec.uri(),
+ getOptions(
+ spec.keepAlive(),
+ spec.maxConnectionIdleTime(),
+ spec.sslEnabled(),
+ spec.sslInvalidHostNameAllowed())))) {
return getEstimatedSizeBytes(mongoClient, spec.database(),
spec.collection());
}
}
@@ -317,7 +378,15 @@ private long getEstimatedSizeBytes(
@Override
public List<BoundedSource<Document>> split(
long desiredBundleSizeBytes, PipelineOptions options) {
- try (MongoClient mongoClient = new MongoClient(new
MongoClientURI(spec.uri()))) {
+ try (MongoClient mongoClient =
+ new MongoClient(
+ new MongoClientURI(
+ spec.uri(),
+ getOptions(
+ spec.keepAlive(),
+ spec.maxConnectionIdleTime(),
+ spec.sslEnabled(),
+ spec.sslInvalidHostNameAllowed())))) {
MongoDatabase mongoDatabase = mongoClient.getDatabase(spec.database());
List<Document> splitKeys;
@@ -457,10 +526,15 @@ public BoundedMongoDbReader(BoundedMongoDbSource source) {
@Override
public boolean start() {
Read spec = source.spec;
- MongoClientOptions.Builder optionsBuilder = new
MongoClientOptions.Builder();
- optionsBuilder.maxConnectionIdleTime(spec.maxConnectionIdleTime());
- optionsBuilder.socketKeepAlive(spec.keepAlive());
- client = new MongoClient(new MongoClientURI(spec.uri(), optionsBuilder));
+ client =
+ new MongoClient(
+ new MongoClientURI(
+ spec.uri(),
+ getOptions(
+ spec.keepAlive(),
+ spec.maxConnectionIdleTime(),
+ spec.sslEnabled(),
+ spec.sslInvalidHostNameAllowed())));
MongoDatabase mongoDatabase = client.getDatabase(spec.database());
@@ -532,6 +606,12 @@ public void close() {
abstract int maxConnectionIdleTime();
+ abstract boolean sslEnabled();
+
+ abstract boolean sslInvalidHostNameAllowed();
+
+ abstract boolean ignoreSSLCertificate();
+
@Nullable
abstract String database();
@@ -550,6 +630,12 @@ public void close() {
abstract Builder setMaxConnectionIdleTime(int maxConnectionIdleTime);
+ abstract Builder setSslEnabled(boolean value);
+
+ abstract Builder setSslInvalidHostNameAllowed(boolean value);
+
+ abstract Builder setIgnoreSSLCertificate(boolean value);
+
abstract Builder setDatabase(String database);
abstract Builder setCollection(String collection);
@@ -609,6 +695,21 @@ public Write withMaxConnectionIdleTime(int
maxConnectionIdleTime) {
return builder().setMaxConnectionIdleTime(maxConnectionIdleTime).build();
}
+ /** Enable ssl for connection. */
+ public Write withSSLEnabled(boolean sslEnabled) {
+ return builder().setSslEnabled(sslEnabled).build();
+ }
+
+ /** Enable invalidHostNameAllowed for ssl for connection. */
+ public Write withSSLInvalidHostNameAllowed(boolean invalidHostNameAllowed)
{
+ return
builder().setSslInvalidHostNameAllowed(invalidHostNameAllowed).build();
+ }
+
+ /** Enable ignoreSSLCertificate for ssl for connection (allow for self
signed ceritificates). */
+ public Write withIgnoreSSLCertificate(boolean ignoreSSLCertificate) {
+ return builder().setIgnoreSSLCertificate(ignoreSSLCertificate).build();
+ }
+
/** Sets the database to use. */
public Write withDatabase(String database) {
checkArgument(database != null, "database can not be null");
@@ -642,6 +743,9 @@ public void populateDisplayData(DisplayData.Builder
builder) {
builder.add(DisplayData.item("uri", uri()));
builder.add(DisplayData.item("keepAlive", keepAlive()));
builder.add(DisplayData.item("maxConnectionIdleTime",
maxConnectionIdleTime()));
+ builder.add(DisplayData.item("sslEnable", sslEnabled()));
+ builder.add(DisplayData.item("sslInvalidHostNameAllowed",
sslInvalidHostNameAllowed()));
+ builder.add(DisplayData.item("ignoreSSLCertificate",
ignoreSSLCertificate()));
builder.add(DisplayData.item("database", database()));
builder.add(DisplayData.item("collection", collection()));
builder.add(DisplayData.item("batchSize", batchSize()));
@@ -658,10 +762,15 @@ public WriteFn(Write spec) {
@Setup
public void createMongoClient() throws Exception {
- MongoClientOptions.Builder builder = new MongoClientOptions.Builder();
- builder.socketKeepAlive(spec.keepAlive());
- builder.maxConnectionIdleTime(spec.maxConnectionIdleTime());
- client = new MongoClient(new MongoClientURI(spec.uri(), builder));
+ client =
+ new MongoClient(
+ new MongoClientURI(
+ spec.uri(),
+ getOptions(
+ spec.keepAlive(),
+ spec.maxConnectionIdleTime(),
+ spec.sslEnabled(),
+ spec.sslInvalidHostNameAllowed())));
}
@StartBundle
diff --git
a/sdks/java/io/mongodb/src/main/java/org/apache/beam/sdk/io/mongodb/SSLUtils.java
b/sdks/java/io/mongodb/src/main/java/org/apache/beam/sdk/io/mongodb/SSLUtils.java
new file mode 100644
index 000000000000..5b062ed39579
--- /dev/null
+++
b/sdks/java/io/mongodb/src/main/java/org/apache/beam/sdk/io/mongodb/SSLUtils.java
@@ -0,0 +1,75 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.beam.sdk.io.mongodb;
+
+import java.security.KeyStore;
+import java.security.cert.X509Certificate;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+
+/** Utility class for registration of ssl context, and to allow all
certificate requests. */
+public class SSLUtils {
+
+ /** static class to allow all requests. */
+ static TrustManager[] trustAllCerts =
+ new TrustManager[] {
+ new X509TrustManager() {
+ @Override
+ public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+ return null;
+ }
+
+ @Override
+ public void checkClientTrusted(X509Certificate[] certs, String
authType) {}
+
+ @Override
+ public void checkServerTrusted(X509Certificate[] certs, String
authType) {}
+ }
+ };
+
+ /**
+ * register ssl contects to accept all issue certificates.
+ *
+ * @return SSLContext
+ */
+ public static SSLContext ignoreSSLCertificate() {
+ try {
+ // Install the all-trusting trust manager
+ SSLContext sc = SSLContext.getInstance("SSL");
+ sc.init(null, trustAllCerts, new java.security.SecureRandom());
+ HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
+
+ KeyStore ks = KeyStore.getInstance("JKS");
+ ks.load(
+
SSLUtils.class.getClassLoader().getResourceAsStream("resources/.keystore"),
+ "changeit".toCharArray());
+ KeyManagerFactory kmf =
+
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+ kmf.init(ks, "changeit".toCharArray());
+ SSLContext ctx = SSLContext.getInstance("TLS");
+ ctx.init(kmf.getKeyManagers(), trustAllCerts, null);
+ SSLContext.setDefault(ctx);
+ return ctx;
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+}
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 172400)
Time Spent: 50m (was: 40m)
> MongoDbIO add support mongodb server with self signed ssl
> ---------------------------------------------------------
>
> Key: BEAM-6151
> URL: https://issues.apache.org/jira/browse/BEAM-6151
> Project: Beam
> Issue Type: Improvement
> Components: io-java-mongodb
> Affects Versions: 2.8.0
> Reporter: Chaim
> Assignee: Jean-Baptiste Onofré
> Priority: Major
> Fix For: 2.10.0
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> If the mongodb server does not have a certified ssl certificate you cannot
> connect to the server
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
