Example 11 with DrillException
use of org.apache.drill.common.exceptions.DrillException in project drill by apache.
the class SSLConfig method initializeTrustManagerFactory.
public TrustManagerFactory initializeTrustManagerFactory() throws DrillException {
TrustManagerFactory tmf;
KeyStore ts = null;
// Support Windows/MacOs system trust store
try {
String trustStoreType = getTrustStoreType();
if ((isWindows || isMacOs) && useSystemTrustStore()) {
// This is valid for MS-Windows and MacOs
logger.debug("Initializing System truststore.");
ts = KeyStore.getInstance(!trustStoreType.isEmpty() ? trustStoreType : KeyStore.getDefaultType());
ts.load(null, null);
} else if (!getTrustStorePath().isEmpty()) {
// if truststore is not provided then we will use the default. Note that the default depends on
// the TrustManagerFactory that in turn depends on the Security Provider.
// Use null as the truststore which will result in the default truststore being picked up
logger.debug("Initializing truststore {}.", getTrustStorePath());
ts = KeyStore.getInstance(!trustStoreType.isEmpty() ? trustStoreType : KeyStore.getDefaultType());
InputStream tsStream = new FileInputStream(getTrustStorePath());
ts.load(tsStream, getTrustStorePassword().toCharArray());
} else {
logger.debug("Initializing default truststore.");
}
if (disableCertificateVerification()) {
tmf = InsecureTrustManagerFactory.INSTANCE;
} else {
tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
}
tmf.init(ts);
} catch (Exception e) {
// Catch any SSL initialization Exceptions here and abort.
throw new DrillException(new StringBuilder().append("Exception while initializing the truststore: [").append(e.getMessage()).append("]. ").toString(), e);
}
return tmf;
}
Also used :
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
InsecureTrustManagerFactory(io.netty.handler.ssl.util.InsecureTrustManagerFactory)
DrillException(org.apache.drill.common.exceptions.DrillException)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
IOException(java.io.IOException)
DrillException(org.apache.drill.common.exceptions.DrillException)
Example 12 with DrillException
use of org.apache.drill.common.exceptions.DrillException in project drill by apache.
the class SSLConfig method initializeKeyManagerFactory.
public KeyManagerFactory initializeKeyManagerFactory() throws DrillException {
KeyManagerFactory kmf;
String keyStorePath = getKeyStorePath();
String keyStorePassword = getKeyStorePassword();
String keyStoreType = getKeyStoreType();
try {
if (keyStorePath.isEmpty()) {
throw new DrillException("No Keystore provided.");
}
KeyStore ks = KeyStore.getInstance(!keyStoreType.isEmpty() ? keyStoreType : KeyStore.getDefaultType());
// initialize the key manager factory
// Will throw an exception if the file is not found/accessible.
InputStream ksStream = new FileInputStream(keyStorePath);
// A key password CANNOT be null or an empty string.
if (keyStorePassword.isEmpty()) {
throw new DrillException("The Keystore password cannot be empty.");
}
ks.load(ksStream, keyStorePassword.toCharArray());
// Empty Keystore. (Remarkably, it is possible to do this).
if (ks.size() == 0) {
throw new DrillException("The Keystore has no entries.");
}
kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, getKeyPassword().toCharArray());
} catch (Exception e) {
throw new DrillException(new StringBuilder().append("Exception while initializing the keystore: [").append(e.getMessage()).append("]. ").toString());
}
return kmf;
}
Also used :
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
DrillException(org.apache.drill.common.exceptions.DrillException)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
IOException(java.io.IOException)
DrillException(org.apache.drill.common.exceptions.DrillException)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Example 13 with DrillException
use of org.apache.drill.common.exceptions.DrillException in project drill by apache.
the class SSLConfigServer method initJDKSSLContext.
@Override
public SSLContext initJDKSSLContext() throws DrillException {
final SSLContext sslCtx;
if (!userSslEnabled) {
return null;
}
KeyManagerFactory kmf;
TrustManagerFactory tmf;
try {
if (keyStorePath.isEmpty()) {
throw new DrillException("No Keystore provided.");
}
kmf = initializeKeyManagerFactory();
tmf = initializeTrustManagerFactory();
sslCtx = SSLContext.getInstance(protocol);
sslCtx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
} catch (Exception e) {
// Catch any SSL initialization Exceptions here and abort.
throw new DrillException(new StringBuilder().append("SSL is enabled but cannot be initialized - ").append("[ ").append(e.getMessage()).append("]. ").toString());
}
this.jdkSSlContext = sslCtx;
return sslCtx;
}
Also used :
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
SSLContext(javax.net.ssl.SSLContext)
DrillException(org.apache.drill.common.exceptions.DrillException)
DrillException(org.apache.drill.common.exceptions.DrillException)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Example 14 with DrillException
use of org.apache.drill.common.exceptions.DrillException in project drill by apache.
the class SSLConfigServer method initNettySslContext.
@Override
public SslContext initNettySslContext() throws DrillException {
final SslContext sslCtx;
if (!userSslEnabled) {
return null;
}
KeyManagerFactory kmf;
TrustManagerFactory tmf;
try {
if (keyStorePath.isEmpty()) {
throw new DrillException("No Keystore provided.");
}
kmf = initializeKeyManagerFactory();
tmf = initializeTrustManagerFactory();
sslCtx = SslContextBuilder.forServer(kmf).trustManager(tmf).protocols(protocol).sslProvider(getProvider()).build();
} catch (Exception e) {
// Catch any SSL initialization Exceptions here and abort.
throw new DrillException(new StringBuilder().append("SSL is enabled but cannot be initialized - ").append("[ ").append(e.getMessage()).append("]. ").toString());
}
this.nettySslContext = sslCtx;
return sslCtx;
}
Also used :
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
DrillException(org.apache.drill.common.exceptions.DrillException)
DrillException(org.apache.drill.common.exceptions.DrillException)
SslContext(io.netty.handler.ssl.SslContext)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Example 15 with DrillException
use of org.apache.drill.common.exceptions.DrillException in project drill by apache.
the class TestSSLConfig method testMissingKeystorePath.
@Test
public void testMissingKeystorePath() throws Exception {
ConfigBuilder config = new ConfigBuilder();
config.put(ExecConstants.HTTP_KEYSTORE_PATH, "");
config.put(ExecConstants.HTTP_KEYSTORE_PASSWORD, "root");
config.put(ExecConstants.SSL_USE_HADOOP_CONF, false);
config.put(ExecConstants.USER_SSL_ENABLED, true);
try {
SSLConfig sslv = new SSLConfigBuilder().config(config.build()).mode(SSLConfig.Mode.SERVER).initializeSSLContext(false).validateKeyStore(true).build();
fail();
// Expected
} catch (Exception e) {
assertTrue(e instanceof DrillException);
}
}
Also used :
SSLConfig(org.apache.drill.exec.ssl.SSLConfig)
SSLConfigBuilder(org.apache.drill.exec.ssl.SSLConfigBuilder)
ConfigBuilder(org.apache.drill.test.ConfigBuilder)
SSLConfigBuilder(org.apache.drill.exec.ssl.SSLConfigBuilder)
DrillException(org.apache.drill.common.exceptions.DrillException)
DrillException(org.apache.drill.common.exceptions.DrillException)
Test(org.junit.Test)
BaseTest(org.apache.drill.test.BaseTest)
SecurityTest(org.apache.drill.categories.SecurityTest)
Aggregations
DrillException (org.apache.drill.common.exceptions.DrillException)28
SecurityTest (org.apache.drill.categories.SecurityTest)12
Test (org.junit.Test)12
TrustManagerFactory (javax.net.ssl.TrustManagerFactory)10
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)6
DrillConfig (org.apache.drill.common.config.DrillConfig)6
SpnegoConfig (org.apache.drill.exec.server.rest.auth.SpnegoConfig)6
SSLConfig (org.apache.drill.exec.ssl.SSLConfig)6
SSLConfigBuilder (org.apache.drill.exec.ssl.SSLConfigBuilder)6
BaseTest (org.apache.drill.test.BaseTest)6
ConfigBuilder (org.apache.drill.test.ConfigBuilder)6
SslContext (io.netty.handler.ssl.SslContext)4
FileInputStream (java.io.FileInputStream)4
InputStream (java.io.InputStream)4
KeyStore (java.security.KeyStore)4
SSLContext (javax.net.ssl.SSLContext)4
Configuration (org.apache.hadoop.conf.Configuration)4
InsecureTrustManagerFactory (io.netty.handler.ssl.util.InsecureTrustManagerFactory)2
IOException (java.io.IOException)2
ArrayList (java.util.ArrayList)2
