Support SSL client auth
Project: http://git-wip-us.apache.org/repos/asf/tinkerpop/repo Commit: http://git-wip-us.apache.org/repos/asf/tinkerpop/commit/e120e9f7 Tree: http://git-wip-us.apache.org/repos/asf/tinkerpop/tree/e120e9f7 Diff: http://git-wip-us.apache.org/repos/asf/tinkerpop/diff/e120e9f7 Branch: refs/heads/TINKERPOP-1602 Commit: e120e9f76982941bdcb1bac66c038d492c3609aa Parents: fe5f557 Author: Robert Dale <robd...@gmail.com> Authored: Tue Jan 17 14:24:00 2017 -0500 Committer: Robert Dale <robd...@gmail.com> Committed: Mon Jan 23 14:36:18 2017 -0500 ---------------------------------------------------------------------- .../apache/tinkerpop/gremlin/server/AbstractChannelizer.java | 4 +++- .../java/org/apache/tinkerpop/gremlin/server/Settings.java | 6 ++++++ 2 files changed, 9 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/e120e9f7/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java ---------------------------------------------------------------------- diff --git a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java index 57c6994..d28fd4f 100644 --- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java +++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java @@ -242,8 +242,10 @@ public abstract class AbstractChannelizer extends ChannelInitializer<SocketChann builder = SslContextBuilder.forServer(keyCertChainFile, keyFile, sslSettings.keyPassword) .trustManager(trustCertChainFile); } + + - builder.sslProvider(provider); + builder.clientAuth(sslSettings.needClientAuth).sslProvider(provider); try { return builder.build(); http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/e120e9f7/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java ---------------------------------------------------------------------- diff --git a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java index 97e2875..a3b9545 100644 --- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java +++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java @@ -18,6 +18,7 @@ */ package org.apache.tinkerpop.gremlin.server; +import io.netty.handler.ssl.ClientAuth; import io.netty.handler.ssl.SslContext; import org.apache.tinkerpop.gremlin.driver.MessageSerializer; import org.apache.tinkerpop.gremlin.jsr223.GremlinPlugin; @@ -420,6 +421,11 @@ public class Settings { * contain an X.509 certificate chain in PEM format. {@code null} uses the system default. */ public String trustCertChainFile = null; + + /** + * Require client certificate authentication + */ + public ClientAuth needClientAuth = ClientAuth.NONE; private SslContext sslContext;