Home | About | Sematext search-lucene.com search-hadoop.com
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB
 Search Hadoop and all its subprojects:

Switch to Threaded View
Avro >> mail # user >> Re: AVRO and SSL/TLS IPC calls


Copy link to this message
-
Re: AVRO and SSL/TLS IPC calls
I faced this issue while I was writing tests for HTTPS source. Can't recall
the details, but if you can look into the Test case it might help

https://github.com/apache/flume/blob/trunk/flume-ng-core/src/test/java/org/apache/flume/source/http/TestHTTPSource.javalook
into
testHttps()

If time permits, I shall give a shot at the code. Can also debug using
-Djavax.net.debug=ssl
or -Djavax.net.debug=all
On Fri, Oct 18, 2013 at 12:12 AM, Dr. Pala <[EMAIL PROTECTED]> wrote:

>  Hi Connor, all,
>
> thanks for your reply. However, I am trying to use the Netty protocol +
> enforcing mutual authentication under TLS v1.2. I am almost there... but I
> am stuck with an error that is difficult to debug and maybe, guys, you have
> some more insights.
>
> Following this example:
>
>    -
>    http://svn.apache.org/repos/asf/avro/trunk/lang/java/ipc/src/test/java/org/apache/avro/ipc/TestNettyServerWithSSL.java
>
> I am trying to build a small toolkit that will make secure communication
> between the requestor and the responder easy to deploy. For doing that, I
> have some working code that initializes a keystore and uses that for the
> source of trust, here's part of the code:
>
>     // Instantiates a new responder
>     Responder responder = new SpecificResponder(m_protoClass, m_protoHandler);
>
>     // Gets a new Channel Factory
>     ChannelFactory channelFactory = new NioServerSocketChannelFactory(Executors.newCachedThreadPool(), Executors.newCachedThreadPool());
>     // Gets the responder
>     //
>     // NOTE:
>     //
>     // The m_trustManager is a helper class that extends NioClientSocketChannelFactory and
>     // implements X509TrustManager, ChannelPipelineFactory, ChannelFactory
>
>     m_server = new NettyServer(responder, new InetSocketAddress(m_host, m_port),
>         channelFactory, (ChannelPipelineFactory) m_trustManager, null);
>
>
> Internally the TrustManager implements the "*public ChannelPipeline
> getPipeline()*" method as follows:
>
>     // We need to get the pipeline
>     ChannelPipeline pipeline = Channels.pipeline();
>
>     // Set up key manager factory to use our key store
>     String algor = Security.getProperty("ssl.KeyManagerFactory.algorithm");
>     if (algor == null) algor = "SunX509";
>
>     KeyManagerFactory kmf = KeyManagerFactory.getInstance(algor);
>     kmf.init(m_keyStore, null);
>
>     // Now let's instantiate a new SSLContext and initialize it with the
>     // initialized KeyManagers
>     SSLContext serverContext = SSLContext.getInstance("TLSv1.2");
>     serverContext.init(kmf.getKeyManagers(), null, null);
>
>     // Let's create an SSLContext from which we will derive the SSLEngine
>     SSLEngine sslEngine = serverContext.createSSLEngine();
>
>     // DEBUGGING code that prints out the supported and enabled Ciphersuites
>     System.out.println("TrustManager::SERVER Mode::Supported Ciphersuites:");
>     String[] sCipher = sslEngine.getSupportedCipherSuites();
>     for (int i = 0; i < sCipher.length; i++)
>     {
>        System.out.println("- " + sCipher[i]);
>     }
>     String[] eCipher = sslEngine.getEnabledCipherSuites();
>     System.out.println("TrustManager::SERVER Mode::Enabled Ciphersuites:: ");
>     for (int i = 0; i < eCipher.length; i++)
>     {
>       System.out.println("- " + eCipher[i]);
>     }
>
>     // Set Client / Server Mode. This is needed by the application to send
>     // the right messages
>     sslEngine.setUseClientMode(false);
>
>     // Adds a new SslHandler that uses the instantiated SSLEngine to the pipeline
>     pipeline.addLast("ssl", new SslHandler(sslEngine));
>
>     // Return the pipeline
>     return pipeline;
>
>
> everything seems to be working fine, until the client tries to connect to
> the server - at that point, the server replies that there are no common
> ciphersuites with the client and exists. I also tried to connect with
> OpenSSL, but I get the same type of error from the server.
>
> There is definitely something I am forgetting in the initialization of the
thanks
ashish

Blog: http://www.ashishpaliwal.com/blog
My Photo Galleries: http://www.pbase.com/ashishpaliwal
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB