Repository: accumulo Updated Branches: refs/heads/1.6.1-SNAPSHOT 1b49f44d1 -> 4d70739ab refs/heads/master a458a2fae -> eeb06e3a1
ACCUMULO-3053 Pull include/exclude ciphers for Monitor SSL Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/4d70739a Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/4d70739a Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/4d70739a Branch: refs/heads/1.6.1-SNAPSHOT Commit: 4d70739abb27749f414d906924746d90d7687a2f Parents: 1b49f44 Author: Josh Elser <els...@apache.org> Authored: Thu Aug 7 13:17:44 2014 -0400 Committer: Josh Elser <els...@apache.org> Committed: Thu Aug 7 13:38:05 2014 -0400 ---------------------------------------------------------------------- .../org/apache/accumulo/core/conf/Property.java | 2 ++ .../accumulo/monitor/EmbeddedWebServer.java | 27 ++++++++++++++------ 2 files changed, 21 insertions(+), 8 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/accumulo/blob/4d70739a/core/src/main/java/org/apache/accumulo/core/conf/Property.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/accumulo/core/conf/Property.java b/core/src/main/java/org/apache/accumulo/core/conf/Property.java index 54d13e6..d7d78a6 100644 --- a/core/src/main/java/org/apache/accumulo/core/conf/Property.java +++ b/core/src/main/java/org/apache/accumulo/core/conf/Property.java @@ -309,6 +309,8 @@ public enum Property { @Experimental @Sensitive MONITOR_SSL_TRUSTSTOREPASS("monitor.ssl.trustStorePassword", "", PropertyType.STRING, "The truststore password for enabling monitor SSL."), + MONITOR_SSL_INCLUDE_CIPHERS("monitor.ssl.include.ciphers", "", PropertyType.STRING, "A comma-separated list of allows SSL Ciphers, see monitor.ssl.exclude.ciphers to disallow ciphers"), + MONITOR_SSL_EXCLUDE_CIPHERS("monitor.ssl.exclude.ciphers", "", PropertyType.STRING, "A comma-separated list of disallowed SSL Ciphers, see mmonitor.ssl.include.ciphers to allow ciphers"), MONITOR_LOCK_CHECK_INTERVAL("monitor.lock.check.interval", "5s", PropertyType.TIMEDURATION, "The amount of time to sleep between checking for the Montior ZooKeeper lock"), http://git-wip-us.apache.org/repos/asf/accumulo/blob/4d70739a/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java ---------------------------------------------------------------------- diff --git a/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java b/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java index a36b942..888913a 100644 --- a/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java +++ b/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java @@ -18,7 +18,9 @@ package org.apache.accumulo.monitor; import javax.servlet.http.HttpServlet; +import org.apache.accumulo.core.conf.AccumuloConfiguration; import org.apache.accumulo.core.conf.Property; +import org.apache.hadoop.util.StringUtils; import org.eclipse.jetty.server.Server; import org.eclipse.jetty.server.nio.SelectChannelConnector; import org.eclipse.jetty.server.session.SessionHandler; @@ -40,18 +42,27 @@ public class EmbeddedWebServer { public EmbeddedWebServer(String host, int port) { server = new Server(); - if (EMPTY.equals(Monitor.getSystemConfiguration().get(Property.MONITOR_SSL_KEYSTORE)) - || EMPTY.equals(Monitor.getSystemConfiguration().get(Property.MONITOR_SSL_KEYSTOREPASS)) - || EMPTY.equals(Monitor.getSystemConfiguration().get(Property.MONITOR_SSL_TRUSTSTORE)) || EMPTY.equals(Monitor.getSystemConfiguration().get( -Property.MONITOR_SSL_TRUSTSTOREPASS))) { + final AccumuloConfiguration conf = Monitor.getSystemConfiguration(); + if (EMPTY.equals(conf.get(Property.MONITOR_SSL_KEYSTORE)) || EMPTY.equals(conf.get(Property.MONITOR_SSL_KEYSTOREPASS)) + || EMPTY.equals(conf.get(Property.MONITOR_SSL_TRUSTSTORE)) || EMPTY.equals(conf.get(Property.MONITOR_SSL_TRUSTSTOREPASS))) { connector = new SelectChannelConnector(); usingSsl = false; } else { SslContextFactory sslContextFactory = new SslContextFactory(); - sslContextFactory.setKeyStorePath(Monitor.getSystemConfiguration().get(Property.MONITOR_SSL_KEYSTORE)); - sslContextFactory.setKeyStorePassword(Monitor.getSystemConfiguration().get(Property.MONITOR_SSL_KEYSTOREPASS)); - sslContextFactory.setTrustStore(Monitor.getSystemConfiguration().get(Property.MONITOR_SSL_TRUSTSTORE)); - sslContextFactory.setTrustStorePassword(Monitor.getSystemConfiguration().get(Property.MONITOR_SSL_TRUSTSTOREPASS)); + sslContextFactory.setKeyStorePath(conf.get(Property.MONITOR_SSL_KEYSTORE)); + sslContextFactory.setKeyStorePassword(conf.get(Property.MONITOR_SSL_KEYSTOREPASS)); + sslContextFactory.setTrustStore(conf.get(Property.MONITOR_SSL_TRUSTSTORE)); + sslContextFactory.setTrustStorePassword(conf.get(Property.MONITOR_SSL_TRUSTSTOREPASS)); + + final String includedCiphers = conf.get(Property.MONITOR_SSL_INCLUDE_CIPHERS); + if (!Property.MONITOR_SSL_INCLUDE_CIPHERS.getDefaultValue().equals(includedCiphers)) { + sslContextFactory.setIncludeCipherSuites(StringUtils.split(includedCiphers, ',')); + } + + final String excludedCiphers = conf.get(Property.MONITOR_SSL_EXCLUDE_CIPHERS); + if (!Property.MONITOR_SSL_EXCLUDE_CIPHERS.getDefaultValue().equals(excludedCiphers)) { + sslContextFactory.setExcludeCipherSuites(StringUtils.split(excludedCiphers, ',')); + } connector = new SslSelectChannelConnector(sslContextFactory); usingSsl = true;
