ptupitsyn commented on code in PR #1662:
URL: https://github.com/apache/ignite-3/pull/1662#discussion_r1104114678
##########
modules/client/src/main/java/org/apache/ignite/internal/client/io/netty/NettyClientConnectionMultiplexer.java:
##########
@@ -75,6 +94,77 @@ public void initChannel(SocketChannel ch) {
}
}
+ private void setupSsl(SocketChannel ch, IgniteClientConfiguration
clientCfg) {
+ if (clientCfg.sslConfiguration() == null ||
!clientCfg.sslConfiguration().enabled()) {
+ return;
+ }
+
+ try {
+ var ssl = clientCfg.sslConfiguration();
+ var builder =
SslContextBuilder.forClient().trustManager(loadTrustManagerFactory(ssl));
+
+ ClientAuth clientAuth =
toNettyClientAuth(ssl.clientAuthenticationMode());
+ if (ClientAuth.NONE != clientAuth) {
+
builder.clientAuth(clientAuth).keyManager(loadKeyManagerFactory(ssl));
+ }
+
+ var context = builder.build();
+
+ ch.pipeline().addFirst("ssl", context.newHandler(ch.alloc()));
+ } catch (NoSuchAlgorithmException | KeyStoreException |
CertificateException | IOException | UnrecoverableKeyException e) {
+ throw new IgniteException(CLIENT_SSL_CONFIGURATION_ERR, "Client
SSL configuration error: " + e.getMessage(), e);
+ }
+
+ }
+
+ @NotNull
+ private static KeyManagerFactory loadKeyManagerFactory(SslConfiguration
ssl)
+ throws KeyStoreException, IOException, NoSuchAlgorithmException,
CertificateException, UnrecoverableKeyException {
+ KeyStore ks = KeyStore.getInstance(ssl.keyStoreType());
+
+ char[] ksPassword = ssl.keyStorePassword() == null ? null :
ssl.keyStorePassword().toCharArray();
+ if (ssl.keyStorePath() != null) {
+ try (var is = Files.newInputStream(Path.of(ssl.keyStorePath()))) {
+ ks.load(is, ksPassword);
+ }
+ } else {
+ ks.load(null, ksPassword);
+ }
+
+ KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+ keyManagerFactory.init(ks, ksPassword);
+ return keyManagerFactory;
+ }
+
+ @NotNull
+ private static TrustManagerFactory
loadTrustManagerFactory(SslConfiguration ssl)
+ throws KeyStoreException, IOException, NoSuchAlgorithmException,
CertificateException {
+ KeyStore ts = KeyStore.getInstance(ssl.trustStoreType());
+ char[] tsPassword = ssl.trustStorePassword() == null ? null :
ssl.trustStorePassword().toCharArray();
+ if (ssl.trustStorePath() != null) {
+ try (var is = Files.newInputStream(Path.of(ssl.trustStorePath())))
{
+ ts.load(is, tsPassword);
+ }
+ } else {
+ ts.load(null, tsPassword);
+ }
+
+ TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance(
+ TrustManagerFactory.getDefaultAlgorithm()
+ );
+ trustManagerFactory.init(ts);
+ return trustManagerFactory;
+ }
+
+ private ClientAuth toNettyClientAuth(ClientAuthenticationMode
igniteClientAuth) {
Review Comment:
```suggestion
private static ClientAuth toNettyClientAuth(ClientAuthenticationMode
igniteClientAuth) {
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
