embulk-executor-remoteserver 0.3.2 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +4 -6
  3. data/gradle.properties +1 -1
  4. data/src/main/java/org/embulk/executor/remoteserver/Launcher.java +5 -8
  5. data/src/main/java/org/embulk/executor/remoteserver/RemoteServerExecutor.java +9 -11
  6. data/src/main/java/org/embulk/executor/remoteserver/TLSConfig.java +21 -13
  7. data/src/test/resources/config/exec_tls.yml +1 -4
  8. data/test/docker-compose.yml +1 -2
  9. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: f28395ebbd29d2028501114573e227c225fd8b6c
4
- data.tar.gz: ab865e0e32d2c4d4b56057497278ab61ee1d64be
3
+ metadata.gz: 06471b084ea22f52ecc00bfdfe47b86f87eeb69f
4
+ data.tar.gz: 729aa405aca16d6f929ed8fe7a5f74dd4ceedeac
5
5
  SHA512:
6
- metadata.gz: 7de676f12a5aab6ff29d4b43c191b06637f40901037e21bf05a9c98432bff45766e67626d6d6d7cb097d7f065a92e3fe4924b2abaa22fc497d7b530f60a43112
7
- data.tar.gz: 7dc8342789e19402d7a1d61f25bb7525aaed2525496eb93d482f42b078e25ba2ce387c78e35785788c0a89898c3ce99d074692fa99fd5f000f04372a3d10dc3f
6
+ metadata.gz: 1aa9cc6537396d1ccf54c21329743332cbaed54d76b57ccfeccdb2ba2426d944c1dcf04e39b61f19aabdfc4c57b4e7e4600068d3201ed04cc73902730c274aef
7
+ data.tar.gz: 50e4cff41b9e5726e5ac07f5ae57ba14a3e04088659c370eb2c6145d3203b13f1fde454ac85cd18237ac5c6d809006e27717eebaca9612b7e4635e31a7a0619f
data/README.md CHANGED
@@ -15,12 +15,10 @@ Embulk executor plugin to run Embulk tasks on remote servers.
15
15
  - **hosts**: List of remote servers (`hostname` or `hostname:port`, default port is `30001`). If not specified, the executor runs as the local mode, which starts an Embulk server on its own process (array of string)
16
16
  - **timeout_seconds**: Timeout seconds of the whole execution (integer, default: `3600`)
17
17
  - **use_tls**: Enable to connect server over TLS (boolean, default: `false`)
18
- - **cert_p12_file**: Information of a P12 file used as your client certificate. It would be needed when client authentication is enabled on Embulk server.
19
- - **path**: Path of the file (string, required)
20
- - **password**: Password of the file (string, required)
21
- - **ca_p12_file**: Information of a P12 file used as CA certificate. It would be needed when Embulk server uses a certificate in which unknown CA signed.
18
+ - **cert_p12_file**: Information of a PKCS12 file used as your client certificate. It would be needed when client authentication is enabled on Embulk server.
22
19
  - **path**: Path of the file (string, required)
23
20
  - **password**: Password of the file (string, required)
21
+ - **ca_cert_path**: Path of a CA certificate file. It would be needed when Embulk server uses a certificate signed by an unknown CA.
24
22
 
25
23
  ## Example
26
24
 
@@ -51,8 +49,8 @@ There are some environment variables to configure the server
51
49
  - `PORT`: Port number to listen (default: `30001`)
52
50
  - `USE_TLS`: Try to connect to client via TLS if `true` (default: `false`)
53
51
  - `REQUIRE_TLS_CLIENT_AUTH`: Require client authentication if `true` (default: `false`)
54
- - `CERT_P12_PATH`, `CERT_P12_PASSWORD`: Path and password of the P12 file for server certificate. Ignored unless both is set.
55
- - `CA_P12_PATH`, `CA_P12_PASSWORD`: Path and password of the P12 file for CA certificate. Ignored unless both is set.
52
+ - `CERT_P12_PATH`, `CERT_P12_PASSWORD`: Path and password of the PKCS12 file for server certificate. Ignored unless both is set.
53
+ - `CA_CERT_PATH`: Path of the CA certificate file. It would be needed when client authentication is enabled and client certificate is signed by an unknown CA.
56
54
 
57
55
  ## Build
58
56
 
data/gradle.properties CHANGED
@@ -1 +1 @@
1
- version=0.3.2
1
+ version=0.4.0
data/src/main/java/org/embulk/executor/remoteserver/Launcher.java CHANGED
@@ -28,18 +28,15 @@ public class Launcher {
28
28
  String keyP12Path = envVars.get("CERT_P12_PATH");
29
29
  String keyP12Password = envVars.get("CERT_P12_PASSWORD");
30
30
  if (keyP12Path != null && keyP12Password != null) {
31
- tlsConfig.keyStore(new P12File(keyP12Path, keyP12Password));
31
+ tlsConfig.setKeyStore(new P12File(keyP12Path, keyP12Password));
32
32
  }
33
33
 
34
- String trustP12Path = envVars.get("CA_P12_PATH");
35
- String trustP12Password = envVars.get("CA_P12_PASSWORD");
36
- if (trustP12Path != null && trustP12Password != null) {
37
- tlsConfig.trustStore(new P12File(trustP12Path, trustP12Password));
34
+ String caCertPath = envVars.get("CA_CERT_PATH");
35
+ if (caCertPath != null) {
36
+ tlsConfig.setCaCertPath(caCertPath);
38
37
  }
39
38
 
40
- if ("true".equals(envVars.get("REQUIRE_TLS_CLIENT_AUTH"))) {
41
- tlsConfig.enableClientAuth(true);
42
- }
39
+ tlsConfig.setEnableClientAuth("true".equals(envVars.get("REQUIRE_TLS_CLIENT_AUTH")));
43
40
  return tlsConfig;
44
41
  }
45
42
 
data/src/main/java/org/embulk/executor/remoteserver/RemoteServerExecutor.java CHANGED
@@ -51,9 +51,9 @@ public class RemoteServerExecutor implements ExecutorPlugin {
51
51
  @ConfigDefault("null")
52
52
  Optional<P12File> getCertP12File();
53
53
 
54
- @Config("ca_p12_file")
54
+ @Config("ca_cert_path")
55
55
  @ConfigDefault("null")
56
- Optional<P12File> getCaP12File();
56
+ Optional<String> getCaCertPath();
57
57
 
58
58
  @ConfigInject
59
59
  ModelManager getModelManager();
@@ -63,9 +63,9 @@ public class RemoteServerExecutor implements ExecutorPlugin {
63
63
  @ConfigDefault("null")
64
64
  Optional<P12File> getServerCertP12File();
65
65
 
66
- @Config("__server_ca_p12_file")
66
+ @Config("__server_ca_cert_path")
67
67
  @ConfigDefault("null")
68
- Optional<P12File> getServerCaP12File();
68
+ Optional<String> getServerCaCertPath();
69
69
 
70
70
  @Config("__server_require_tls_client_auth")
71
71
  @ConfigDefault("false")
@@ -133,8 +133,8 @@ public class RemoteServerExecutor implements ExecutorPlugin {
133
133
  TLSConfig tlsConfig = null;
134
134
  if (pluginTask.getUseTls()) {
135
135
  tlsConfig = new TLSConfig();
136
- pluginTask.getCertP12File().ifPresent(tlsConfig::keyStore);
137
- pluginTask.getCaP12File().ifPresent(tlsConfig::trustStore);
136
+ pluginTask.getCertP12File().ifPresent(tlsConfig::setKeyStore);
137
+ pluginTask.getCaCertPath().ifPresent(tlsConfig::setCaCertPath);
138
138
  }
139
139
 
140
140
  try (EmbulkClient client = EmbulkClient.open(session, hosts, tlsConfig)) {
@@ -171,11 +171,9 @@ public class RemoteServerExecutor implements ExecutorPlugin {
171
171
  TLSConfig tlsConfig = null;
172
172
  if (task.getUseTls()) {
173
173
  tlsConfig = new TLSConfig();
174
- task.getServerCertP12File().ifPresent(tlsConfig::keyStore);
175
- task.getServerCaP12File().ifPresent(tlsConfig::trustStore);
176
- if (task.getServerRequireTlsClientAuth()) {
177
- tlsConfig.enableClientAuth(true);
178
- }
174
+ task.getServerCertP12File().ifPresent(tlsConfig::setKeyStore);
175
+ task.getServerCaCertPath().ifPresent(tlsConfig::setCaCertPath);
176
+ tlsConfig.setEnableClientAuth(task.getServerRequireTlsClientAuth());
179
177
  }
180
178
  return EmbulkServer.start(DEFAULT_HOST.getName(), DEFAULT_HOST.getPort(), 1, tlsConfig);
181
179
  }
data/src/main/java/org/embulk/executor/remoteserver/TLSConfig.java CHANGED
@@ -8,43 +8,41 @@ import javax.net.ssl.TrustManagerFactory;
8
8
  import java.io.FileInputStream;
9
9
  import java.io.InputStream;
10
10
  import java.security.KeyStore;
11
+ import java.security.cert.CertificateFactory;
11
12
 
12
13
  class TLSConfig {
13
14
  private P12File keyStore = null;
14
- private P12File trustStore = null;
15
+ private String caCertPath = null;
15
16
  private boolean enableClientAuth = false;
16
17
 
17
18
  TLSConfig() {
18
19
  }
19
20
 
20
- TLSConfig keyStore(P12File keyStore) {
21
+ void setKeyStore(P12File keyStore) {
21
22
  this.keyStore = keyStore;
22
- return this;
23
23
  }
24
24
 
25
- TLSConfig trustStore(P12File trustStore) {
26
- this.trustStore = trustStore;
27
- return this;
25
+ void setEnableClientAuth(boolean enableClientAuth) {
26
+ this.enableClientAuth = enableClientAuth;
28
27
  }
29
28
 
30
- TLSConfig enableClientAuth(boolean enableClientAuth) {
31
- this.enableClientAuth = enableClientAuth;
32
- return this;
29
+ void setCaCertPath(String caCertPath) {
30
+ this.caCertPath = caCertPath;
33
31
  }
34
32
 
35
33
  SSLContext getSSLContext() {
36
34
  try {
37
35
  KeyManager[] keyManagers = null;
38
36
  if (keyStore != null) {
39
- KeyStore ks = load(keyStore);
37
+ KeyStore ks = loadKeyStore(keyStore);
40
38
  KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
41
39
  kmf.init(ks, keyStore.getPassword().toCharArray());
42
40
  keyManagers = kmf.getKeyManagers();
43
41
  }
44
42
 
45
43
  TrustManager[] trustManagers = null;
46
- if (trustStore != null) {
47
- KeyStore ts = load(trustStore);
44
+ if (caCertPath != null) {
45
+ KeyStore ts = loadTrustStore(caCertPath);
48
46
  TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
49
47
  tmf.init(ts);
50
48
  trustManagers = tmf.getTrustManagers();
@@ -62,7 +60,7 @@ class TLSConfig {
62
60
  return enableClientAuth;
63
61
  }
64
62
 
65
- private static KeyStore load(P12File file) {
63
+ private static KeyStore loadKeyStore(P12File file) {
66
64
  try (InputStream keyStoreIS = new FileInputStream(file.getPath())) {
67
65
  KeyStore ks = KeyStore.getInstance("PKCS12");
68
66
  ks.load(keyStoreIS, file.getPassword().toCharArray());
@@ -71,4 +69,14 @@ class TLSConfig {
71
69
  throw new RuntimeException(e);
72
70
  }
73
71
  }
72
+
73
+ private static KeyStore loadTrustStore(String path) throws Exception {
74
+ try (FileInputStream inputStream = new FileInputStream(path)) {
75
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
76
+ KeyStore ks = KeyStore.getInstance("JKS");
77
+ ks.load(null, null);
78
+ ks.setCertificateEntry("ca_cert", cf.generateCertificate(inputStream));
79
+ return ks;
80
+ }
81
+ }
74
82
  }
data/src/test/resources/config/exec_tls.yml CHANGED
@@ -7,7 +7,4 @@ use_tls: true
7
7
  cert_p12_file:
8
8
  path: tmp/certs/client.p12
9
9
  password: fghij
10
- ca_p12_file:
11
- path: tmp/certs/ca-chain.p12
12
- password: p@ssw0rd
13
-
10
+ ca_cert_path: tmp/certs/ca-chain.cert.pem
data/test/docker-compose.yml CHANGED
@@ -24,8 +24,7 @@ services:
24
24
  REQUIRE_TLS_CLIENT_AUTH: "true"
25
25
  CERT_P12_PATH: /certs/embulk-server.local.p12
26
26
  CERT_P12_PASSWORD: abcde
27
- CA_P12_PATH: /certs/ca-chain.p12
28
- CA_P12_PASSWORD: p@ssw0rd
27
+ CA_CERT_PATH: /certs/ca-chain.cert.pem
29
28
  ports:
30
29
  - "30003:30001"
31
30
  volumes:
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: embulk-executor-remoteserver
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.2
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Shinichi Ishimura
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-04-25 00:00:00.000000000 Z
11
+ date: 2019-04-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement
@@ -51,7 +51,7 @@ files:
51
51
  - LICENSE
52
52
  - README.md
53
53
  - build.gradle
54
- - classpath/embulk-executor-remoteserver-0.3.2.jar
54
+ - classpath/embulk-executor-remoteserver-0.4.0.jar
55
55
  - classpath/msgpack-core-0.8.16.jar
56
56
  - classpath/nsocket-0.3.4.jar
57
57
  - classpath/slf4j-api-1.7.26.jar