embulk-executor-remoteserver 0.3.2 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +4 -6
  3. data/gradle.properties +1 -1
  4. data/src/main/java/org/embulk/executor/remoteserver/Launcher.java +5 -8
  5. data/src/main/java/org/embulk/executor/remoteserver/RemoteServerExecutor.java +9 -11
  6. data/src/main/java/org/embulk/executor/remoteserver/TLSConfig.java +21 -13
  7. data/src/test/resources/config/exec_tls.yml +1 -4
  8. data/test/docker-compose.yml +1 -2
  9. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: f28395ebbd29d2028501114573e227c225fd8b6c
4
- data.tar.gz: ab865e0e32d2c4d4b56057497278ab61ee1d64be
3
+ metadata.gz: 06471b084ea22f52ecc00bfdfe47b86f87eeb69f
4
+ data.tar.gz: 729aa405aca16d6f929ed8fe7a5f74dd4ceedeac
5
5
  SHA512:
6
- metadata.gz: 7de676f12a5aab6ff29d4b43c191b06637f40901037e21bf05a9c98432bff45766e67626d6d6d7cb097d7f065a92e3fe4924b2abaa22fc497d7b530f60a43112
7
- data.tar.gz: 7dc8342789e19402d7a1d61f25bb7525aaed2525496eb93d482f42b078e25ba2ce387c78e35785788c0a89898c3ce99d074692fa99fd5f000f04372a3d10dc3f
6
+ metadata.gz: 1aa9cc6537396d1ccf54c21329743332cbaed54d76b57ccfeccdb2ba2426d944c1dcf04e39b61f19aabdfc4c57b4e7e4600068d3201ed04cc73902730c274aef
7
+ data.tar.gz: 50e4cff41b9e5726e5ac07f5ae57ba14a3e04088659c370eb2c6145d3203b13f1fde454ac85cd18237ac5c6d809006e27717eebaca9612b7e4635e31a7a0619f
data/README.md CHANGED
@@ -15,12 +15,10 @@ Embulk executor plugin to run Embulk tasks on remote servers.
15
15
  - **hosts**: List of remote servers (`hostname` or `hostname:port`, default port is `30001`). If not specified, the executor runs as the local mode, which starts an Embulk server on its own process (array of string)
16
16
  - **timeout_seconds**: Timeout seconds of the whole execution (integer, default: `3600`)
17
17
  - **use_tls**: Enable to connect server over TLS (boolean, default: `false`)
18
- - **cert_p12_file**: Information of a P12 file used as your client certificate. It would be needed when client authentication is enabled on Embulk server.
19
- - **path**: Path of the file (string, required)
20
- - **password**: Password of the file (string, required)
21
- - **ca_p12_file**: Information of a P12 file used as CA certificate. It would be needed when Embulk server uses a certificate in which unknown CA signed.
18
+ - **cert_p12_file**: Information of a PKCS12 file used as your client certificate. It would be needed when client authentication is enabled on Embulk server.
22
19
  - **path**: Path of the file (string, required)
23
20
  - **password**: Password of the file (string, required)
21
+ - **ca_cert_path**: Path of a CA certificate file. It would be needed when Embulk server uses a certificate signed by an unknown CA.
24
22
 
25
23
  ## Example
26
24
 
@@ -51,8 +49,8 @@ There are some environment variables to configure the server
51
49
  - `PORT`: Port number to listen (default: `30001`)
52
50
  - `USE_TLS`: Try to connect to client via TLS if `true` (default: `false`)
53
51
  - `REQUIRE_TLS_CLIENT_AUTH`: Require client authentication if `true` (default: `false`)
54
- - `CERT_P12_PATH`, `CERT_P12_PASSWORD`: Path and password of the P12 file for server certificate. Ignored unless both is set.
55
- - `CA_P12_PATH`, `CA_P12_PASSWORD`: Path and password of the P12 file for CA certificate. Ignored unless both is set.
52
+ - `CERT_P12_PATH`, `CERT_P12_PASSWORD`: Path and password of the PKCS12 file for server certificate. Ignored unless both is set.
53
+ - `CA_CERT_PATH`: Path of the CA certificate file. It would be needed when client authentication is enabled and client certificate is signed by an unknown CA.
56
54
 
57
55
  ## Build
58
56
 
data/gradle.properties CHANGED
@@ -1 +1 @@
1
- version=0.3.2
1
+ version=0.4.0
data/src/main/java/org/embulk/executor/remoteserver/Launcher.java CHANGED
@@ -28,18 +28,15 @@ public class Launcher {
28
28
  String keyP12Path = envVars.get("CERT_P12_PATH");
29
29
  String keyP12Password = envVars.get("CERT_P12_PASSWORD");
30
30
  if (keyP12Path != null && keyP12Password != null) {
31
- tlsConfig.keyStore(new P12File(keyP12Path, keyP12Password));
31
+ tlsConfig.setKeyStore(new P12File(keyP12Path, keyP12Password));
32
32
  }
33
33
 
34
- String trustP12Path = envVars.get("CA_P12_PATH");
35
- String trustP12Password = envVars.get("CA_P12_PASSWORD");
36
- if (trustP12Path != null && trustP12Password != null) {
37
- tlsConfig.trustStore(new P12File(trustP12Path, trustP12Password));
34
+ String caCertPath = envVars.get("CA_CERT_PATH");
35
+ if (caCertPath != null) {
36
+ tlsConfig.setCaCertPath(caCertPath);
38
37
  }
39
38
 
40
- if ("true".equals(envVars.get("REQUIRE_TLS_CLIENT_AUTH"))) {
41
- tlsConfig.enableClientAuth(true);
42
- }
39
+ tlsConfig.setEnableClientAuth("true".equals(envVars.get("REQUIRE_TLS_CLIENT_AUTH")));
43
40
  return tlsConfig;
44
41
  }
45
42
 
data/src/main/java/org/embulk/executor/remoteserver/RemoteServerExecutor.java CHANGED
@@ -51,9 +51,9 @@ public class RemoteServerExecutor implements ExecutorPlugin {
51
51
  @ConfigDefault("null")
52
52
  Optional<P12File> getCertP12File();
53
53
 
54
- @Config("ca_p12_file")
54
+ @Config("ca_cert_path")
55
55
  @ConfigDefault("null")
56
- Optional<P12File> getCaP12File();
56
+ Optional<String> getCaCertPath();
57
57
 
58
58
  @ConfigInject
59
59
  ModelManager getModelManager();
@@ -63,9 +63,9 @@ public class RemoteServerExecutor implements ExecutorPlugin {
63
63
  @ConfigDefault("null")
64
64
  Optional<P12File> getServerCertP12File();
65
65
 
66
- @Config("__server_ca_p12_file")
66
+ @Config("__server_ca_cert_path")
67
67
  @ConfigDefault("null")
68
- Optional<P12File> getServerCaP12File();
68
+ Optional<String> getServerCaCertPath();
69
69
 
70
70
  @Config("__server_require_tls_client_auth")
71
71
  @ConfigDefault("false")
@@ -133,8 +133,8 @@ public class RemoteServerExecutor implements ExecutorPlugin {
133
133
  TLSConfig tlsConfig = null;
134
134
  if (pluginTask.getUseTls()) {
135
135
  tlsConfig = new TLSConfig();
136
- pluginTask.getCertP12File().ifPresent(tlsConfig::keyStore);
137
- pluginTask.getCaP12File().ifPresent(tlsConfig::trustStore);
136
+ pluginTask.getCertP12File().ifPresent(tlsConfig::setKeyStore);
137
+ pluginTask.getCaCertPath().ifPresent(tlsConfig::setCaCertPath);
138
138
  }
139
139
 
140
140
  try (EmbulkClient client = EmbulkClient.open(session, hosts, tlsConfig)) {
@@ -171,11 +171,9 @@ public class RemoteServerExecutor implements ExecutorPlugin {
171
171
  TLSConfig tlsConfig = null;
172
172
  if (task.getUseTls()) {
173
173
  tlsConfig = new TLSConfig();
174
- task.getServerCertP12File().ifPresent(tlsConfig::keyStore);
175
- task.getServerCaP12File().ifPresent(tlsConfig::trustStore);
176
- if (task.getServerRequireTlsClientAuth()) {
177
- tlsConfig.enableClientAuth(true);
178
- }
174
+ task.getServerCertP12File().ifPresent(tlsConfig::setKeyStore);
175
+ task.getServerCaCertPath().ifPresent(tlsConfig::setCaCertPath);
176
+ tlsConfig.setEnableClientAuth(task.getServerRequireTlsClientAuth());
179
177
  }
180
178
  return EmbulkServer.start(DEFAULT_HOST.getName(), DEFAULT_HOST.getPort(), 1, tlsConfig);
181
179
  }
data/src/main/java/org/embulk/executor/remoteserver/TLSConfig.java CHANGED
@@ -8,43 +8,41 @@ import javax.net.ssl.TrustManagerFactory;
8
8
  import java.io.FileInputStream;
9
9
  import java.io.InputStream;
10
10
  import java.security.KeyStore;
11
+ import java.security.cert.CertificateFactory;
11
12
 
12
13
  class TLSConfig {
13
14
  private P12File keyStore = null;
14
- private P12File trustStore = null;
15
+ private String caCertPath = null;
15
16
  private boolean enableClientAuth = false;
16
17
 
17
18
  TLSConfig() {
18
19
  }
19
20
 
20
- TLSConfig keyStore(P12File keyStore) {
21
+ void setKeyStore(P12File keyStore) {
21
22
  this.keyStore = keyStore;
22
- return this;
23
23
  }
24
24
 
25
- TLSConfig trustStore(P12File trustStore) {
26
- this.trustStore = trustStore;
27
- return this;
25
+ void setEnableClientAuth(boolean enableClientAuth) {
26
+ this.enableClientAuth = enableClientAuth;
28
27
  }
29
28
 
30
- TLSConfig enableClientAuth(boolean enableClientAuth) {
31
- this.enableClientAuth = enableClientAuth;
32
- return this;
29
+ void setCaCertPath(String caCertPath) {
30
+ this.caCertPath = caCertPath;
33
31
  }
34
32
 
35
33
  SSLContext getSSLContext() {
36
34
  try {
37
35
  KeyManager[] keyManagers = null;
38
36
  if (keyStore != null) {
39
- KeyStore ks = load(keyStore);
37
+ KeyStore ks = loadKeyStore(keyStore);
40
38
  KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
41
39
  kmf.init(ks, keyStore.getPassword().toCharArray());
42
40
  keyManagers = kmf.getKeyManagers();
43
41
  }
44
42
 
45
43
  TrustManager[] trustManagers = null;
46
- if (trustStore != null) {
47
- KeyStore ts = load(trustStore);
44
+ if (caCertPath != null) {
45
+ KeyStore ts = loadTrustStore(caCertPath);
48
46
  TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
49
47
  tmf.init(ts);
50
48
  trustManagers = tmf.getTrustManagers();
@@ -62,7 +60,7 @@ class TLSConfig {
62
60
  return enableClientAuth;
63
61
  }
64
62
 
65
- private static KeyStore load(P12File file) {
63
+ private static KeyStore loadKeyStore(P12File file) {
66
64
  try (InputStream keyStoreIS = new FileInputStream(file.getPath())) {
67
65
  KeyStore ks = KeyStore.getInstance("PKCS12");
68
66
  ks.load(keyStoreIS, file.getPassword().toCharArray());
@@ -71,4 +69,14 @@ class TLSConfig {
71
69
  throw new RuntimeException(e);
72
70
  }
73
71
  }
72
+
73
+ private static KeyStore loadTrustStore(String path) throws Exception {
74
+ try (FileInputStream inputStream = new FileInputStream(path)) {
75
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
76
+ KeyStore ks = KeyStore.getInstance("JKS");
77
+ ks.load(null, null);
78
+ ks.setCertificateEntry("ca_cert", cf.generateCertificate(inputStream));
79
+ return ks;
80
+ }
81
+ }
74
82
  }
data/src/test/resources/config/exec_tls.yml CHANGED
@@ -7,7 +7,4 @@ use_tls: true
7
7
  cert_p12_file:
8
8
  path: tmp/certs/client.p12
9
9
  password: fghij
10
- ca_p12_file:
11
- path: tmp/certs/ca-chain.p12
12
- password: p@ssw0rd
13
-
10
+ ca_cert_path: tmp/certs/ca-chain.cert.pem
data/test/docker-compose.yml CHANGED
@@ -24,8 +24,7 @@ services:
24
24
  REQUIRE_TLS_CLIENT_AUTH: "true"
25
25
  CERT_P12_PATH: /certs/embulk-server.local.p12
26
26
  CERT_P12_PASSWORD: abcde
27
- CA_P12_PATH: /certs/ca-chain.p12
28
- CA_P12_PASSWORD: p@ssw0rd
27
+ CA_CERT_PATH: /certs/ca-chain.cert.pem
29
28
  ports:
30
29
  - "30003:30001"
31
30
  volumes:
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: embulk-executor-remoteserver
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.2
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Shinichi Ishimura
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-04-25 00:00:00.000000000 Z
11
+ date: 2019-04-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement
@@ -51,7 +51,7 @@ files:
51
51
  - LICENSE
52
52
  - README.md
53
53
  - build.gradle
54
- - classpath/embulk-executor-remoteserver-0.3.2.jar
54
+ - classpath/embulk-executor-remoteserver-0.4.0.jar
55
55
  - classpath/msgpack-core-0.8.16.jar
56
56
  - classpath/nsocket-0.3.4.jar
57
57
  - classpath/slf4j-api-1.7.26.jar