From 38d86b0a6432e9a7249f1692ace36b6e34171b0a Mon Sep 17 00:00:00 2001 From: soumitra-st <127247229+soumitra-st@users.noreply.github.com> Date: Wed, 14 Feb 2024 11:42:50 -0800 Subject: [PATCH] Adding support of insecure TLS (#12416) --- .../org/apache/pinot/common/config/TlsConfig.java | 9 +++++++++ .../java/org/apache/pinot/common/utils/TlsUtils.java | 12 ++++++++++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/pinot-common/src/main/java/org/apache/pinot/common/config/TlsConfig.java b/pinot-common/src/main/java/org/apache/pinot/common/config/TlsConfig.java index b0dbc53ee192..fc9344e96fd1 100644 --- a/pinot-common/src/main/java/org/apache/pinot/common/config/TlsConfig.java +++ b/pinot-common/src/main/java/org/apache/pinot/common/config/TlsConfig.java @@ -35,6 +35,7 @@ public class TlsConfig { private String _trustStorePath; private String _trustStorePassword; private String _sslProvider = SslProvider.JDK.toString(); + private boolean _insecure = false; public TlsConfig() { // left blank @@ -118,4 +119,12 @@ public void setSslProvider(String sslProvider) { public boolean isCustomized() { return StringUtils.isNoneBlank(_keyStorePath) || StringUtils.isNoneBlank(_trustStorePath); } + + public boolean isInsecure() { + return _insecure; + } + + public void setInsecure(boolean insecure) { + _insecure = insecure; + } } diff --git a/pinot-common/src/main/java/org/apache/pinot/common/utils/TlsUtils.java b/pinot-common/src/main/java/org/apache/pinot/common/utils/TlsUtils.java index c75e171384ff..bfc833c12936 100644 --- a/pinot-common/src/main/java/org/apache/pinot/common/utils/TlsUtils.java +++ b/pinot-common/src/main/java/org/apache/pinot/common/utils/TlsUtils.java @@ -24,6 +24,7 @@ import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslContextBuilder; import io.netty.handler.ssl.SslProvider; +import io.netty.handler.ssl.util.InsecureTrustManagerFactory; import java.io.IOException; import java.io.InputStream; import java.net.MalformedURLException; @@ -80,6 +81,7 @@ public final class TlsUtils { private static final String FILE_SCHEME = "file"; private static final String FILE_SCHEME_PREFIX = FILE_SCHEME + "://"; private static final String FILE_SCHEME_PREFIX_WITHOUT_SLASH = FILE_SCHEME + ":"; + private static final String INSECURE = "insecure"; private static final AtomicReference SSL_CONTEXT_REF = new AtomicReference<>(); @@ -126,6 +128,8 @@ public static TlsConfig extractTlsConfig(PinotConfiguration pinotConfig, String pinotConfig.getProperty(key(namespace, TRUSTSTORE_PASSWORD), defaultConfig.getTrustStorePassword())); tlsConfig.setSslProvider( pinotConfig.getProperty(key(namespace, SSL_PROVIDER), defaultConfig.getSslProvider())); + tlsConfig.setInsecure( + pinotConfig.getProperty(key(namespace, INSECURE), defaultConfig.isInsecure())); return tlsConfig; } @@ -178,8 +182,12 @@ public static KeyManagerFactory createKeyManagerFactory(String keyStorePath, Str * @return TrustManagerFactory */ public static TrustManagerFactory createTrustManagerFactory(TlsConfig tlsConfig) { - return createTrustManagerFactory(tlsConfig.getTrustStorePath(), tlsConfig.getTrustStorePassword(), - tlsConfig.getTrustStoreType()); + if (tlsConfig.isInsecure()) { + return InsecureTrustManagerFactory.INSTANCE; + } else { + return createTrustManagerFactory(tlsConfig.getTrustStorePath(), tlsConfig.getTrustStorePassword(), + tlsConfig.getTrustStoreType()); + } } /**