Examples with SSLHandlerFactory org.apache.flink.runtime.io.network.netty.SSLHandlerFactory used on opensource projects

Example 1 with SSLHandlerFactory

use of org.apache.flink.runtime.io.network.netty.SSLHandlerFactory in project flink by apache.

the class SSLUtils method createRestClientSSLEngineFactory.

/**
 * Creates a {@link SSLHandlerFactory} to be used by the REST Clients.
 *
 * @param config The application configuration.
 */
public static SSLHandlerFactory createRestClientSSLEngineFactory(final Configuration config) throws Exception {
    ClientAuth clientAuth = SecurityOptions.isRestSSLAuthenticationEnabled(config) ? ClientAuth.REQUIRE : ClientAuth.NONE;
    SslContext sslContext = createRestNettySSLContext(config, true, clientAuth);
    if (sslContext == null) {
        throw new IllegalConfigurationException("SSL is not enabled for REST endpoints.");
    }
    return new SSLHandlerFactory(sslContext, -1, -1);
}

Example 2 with SSLHandlerFactory

use of org.apache.flink.runtime.io.network.netty.SSLHandlerFactory in project flink by apache.

the class RestClientConfiguration method fromConfiguration.

/**
 * Creates and returns a new {@link RestClientConfiguration} from the given {@link
 * Configuration}.
 *
 * @param config configuration from which the REST client endpoint configuration should be
 *     created from
 * @return REST client endpoint configuration
 * @throws ConfigurationException if SSL was configured incorrectly
 */
public static RestClientConfiguration fromConfiguration(Configuration config) throws ConfigurationException {
    Preconditions.checkNotNull(config);
    final SSLHandlerFactory sslHandlerFactory;
    if (SecurityOptions.isRestSSLEnabled(config)) {
        try {
            sslHandlerFactory = SSLUtils.createRestClientSSLEngineFactory(config);
        } catch (Exception e) {
            throw new ConfigurationException("Failed to initialize SSLContext for the REST client", e);
        }
    } else {
        sslHandlerFactory = null;
    }
    final long connectionTimeout = config.getLong(RestOptions.CONNECTION_TIMEOUT);
    final long idlenessTimeout = config.getLong(RestOptions.IDLENESS_TIMEOUT);
    int maxContentLength = config.getInteger(RestOptions.CLIENT_MAX_CONTENT_LENGTH);
    return new RestClientConfiguration(sslHandlerFactory, connectionTimeout, idlenessTimeout, maxContentLength);
}

Example 3 with SSLHandlerFactory

use of org.apache.flink.runtime.io.network.netty.SSLHandlerFactory in project flink by apache.

the class SSLUtilsTest method testCreateSSLEngineFactory.

/**
 * Tests that {@link SSLHandlerFactory} is created correctly.
 */
@Test
public void testCreateSSLEngineFactory() throws Exception {
    Configuration serverConfig = createInternalSslConfigWithKeyAndTrustStores();
    final String[] sslAlgorithms;
    final String[] expectedSslProtocols;
    if (sslProvider.equalsIgnoreCase("OPENSSL")) {
        // openSSL does not support the same set of cipher algorithms!
        sslAlgorithms = new String[] { "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_256_GCM_SHA384" };
        expectedSslProtocols = new String[] { "SSLv2Hello", "TLSv1" };
    } else {
        sslAlgorithms = new String[] { "TLS_DHE_RSA_WITH_AES_128_CBC_SHA", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" };
        expectedSslProtocols = new String[] { "TLSv1" };
    }
    // set custom protocol and cipher suites
    serverConfig.setString(SecurityOptions.SSL_PROTOCOL, "TLSv1");
    serverConfig.setString(SecurityOptions.SSL_ALGORITHMS, String.join(",", sslAlgorithms));
    final SSLHandlerFactory serverSSLHandlerFactory = SSLUtils.createInternalServerSSLEngineFactory(serverConfig);
    final SslHandler sslHandler = serverSSLHandlerFactory.createNettySSLHandler(UnpooledByteBufAllocator.DEFAULT);
    assertEquals(expectedSslProtocols.length, sslHandler.engine().getEnabledProtocols().length);
    assertThat(sslHandler.engine().getEnabledProtocols(), arrayContainingInAnyOrder(expectedSslProtocols));
    assertEquals(sslAlgorithms.length, sslHandler.engine().getEnabledCipherSuites().length);
    assertThat(sslHandler.engine().getEnabledCipherSuites(), arrayContainingInAnyOrder(sslAlgorithms));
}

Example 4 with SSLHandlerFactory

use of org.apache.flink.runtime.io.network.netty.SSLHandlerFactory in project flink by apache.

the class RestServerEndpointConfiguration method fromConfiguration.

/**
 * Creates and returns a new {@link RestServerEndpointConfiguration} from the given {@link
 * Configuration}.
 *
 * @param config configuration from which the REST server endpoint configuration should be
 *     created from
 * @return REST server endpoint configuration
 * @throws ConfigurationException if SSL was configured incorrectly
 */
public static RestServerEndpointConfiguration fromConfiguration(Configuration config) throws ConfigurationException {
    Preconditions.checkNotNull(config);
    final String restAddress = Preconditions.checkNotNull(config.getString(RestOptions.ADDRESS), "%s must be set", RestOptions.ADDRESS.key());
    final String restBindAddress = config.getString(RestOptions.BIND_ADDRESS);
    final String portRangeDefinition = config.getString(RestOptions.BIND_PORT);
    final SSLHandlerFactory sslHandlerFactory;
    if (SecurityOptions.isRestSSLEnabled(config)) {
        try {
            sslHandlerFactory = SSLUtils.createRestServerSSLEngineFactory(config);
        } catch (Exception e) {
            throw new ConfigurationException("Failed to initialize SSLEngineFactory for REST server endpoint.", e);
        }
    } else {
        sslHandlerFactory = null;
    }
    final Path uploadDir = Paths.get(config.getString(WebOptions.UPLOAD_DIR, config.getString(WebOptions.TMP_DIR)), "flink-web-upload");
    final int maxContentLength = config.getInteger(RestOptions.SERVER_MAX_CONTENT_LENGTH);
    final Map<String, String> responseHeaders = Collections.singletonMap(HttpHeaders.Names.ACCESS_CONTROL_ALLOW_ORIGIN, config.getString(WebOptions.ACCESS_CONTROL_ALLOW_ORIGIN));
    return new RestServerEndpointConfiguration(restAddress, restBindAddress, portRangeDefinition, sslHandlerFactory, uploadDir, maxContentLength, responseHeaders);
}

Example 5 with SSLHandlerFactory

use of org.apache.flink.runtime.io.network.netty.SSLHandlerFactory in project flink by apache.

the class SSLUtils method createRestServerSSLEngineFactory.

/**
 * Creates a {@link SSLHandlerFactory} to be used by the REST Servers.
 *
 * @param config The application configuration.
 */
public static SSLHandlerFactory createRestServerSSLEngineFactory(final Configuration config) throws Exception {
    ClientAuth clientAuth = SecurityOptions.isRestSSLAuthenticationEnabled(config) ? ClientAuth.REQUIRE : ClientAuth.NONE;
    SslContext sslContext = createRestNettySSLContext(config, false, clientAuth);
    if (sslContext == null) {
        throw new IllegalConfigurationException("SSL is not enabled for REST endpoints.");
    }
    return new SSLHandlerFactory(sslContext, -1, -1);
}