summaryrefslogtreecommitdiffstats
path: root/src/main/java/org/openslx/satellitedaemon/Globals.java
diff options
context:
space:
mode:
authorSimon Rettberg2014-11-21 12:21:25 +0100
committerSimon Rettberg2014-11-21 12:21:25 +0100
commitb3dff2789104e11f0b7ba9e47385ead9a6166d53 (patch)
tree17220e07a648e2986cb327029224e9bf08b2b425 /src/main/java/org/openslx/satellitedaemon/Globals.java
parentAdd 8 seconds timeout to thrift connection (diff)
downloadsatellite-daemon-b3dff2789104e11f0b7ba9e47385ead9a6166d53.tar.gz
satellite-daemon-b3dff2789104e11f0b7ba9e47385ead9a6166d53.tar.xz
satellite-daemon-b3dff2789104e11f0b7ba9e47385ead9a6166d53.zip
Add TLS support for thrift connection to master, switch to TLSv1.2 everywhere
Diffstat (limited to 'src/main/java/org/openslx/satellitedaemon/Globals.java')
-rw-r--r--src/main/java/org/openslx/satellitedaemon/Globals.java14
1 files changed, 11 insertions, 3 deletions
diff --git a/src/main/java/org/openslx/satellitedaemon/Globals.java b/src/main/java/org/openslx/satellitedaemon/Globals.java
index fa39d2d..bb6e6da 100644
--- a/src/main/java/org/openslx/satellitedaemon/Globals.java
+++ b/src/main/java/org/openslx/satellitedaemon/Globals.java
@@ -5,6 +5,7 @@ import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
+import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.util.Properties;
@@ -48,6 +49,12 @@ public class Globals
// Integers //
+ public static boolean getThriftTls()
+ {
+ String s = properties.getProperty( "THRIFT_TLS", "yes" );
+ return s.equalsIgnoreCase( "yes" ) || s.equalsIgnoreCase( "true" ) || s.equalsIgnoreCase( "1" ) || s.equalsIgnoreCase( "on" );
+ }
+
public static int getThriftPort()
{
return Util.tryToParseInt( properties.getProperty( "THRIFT_PORT" ) );
@@ -87,8 +94,9 @@ public class Globals
return true;
if ( getTruststorePath() == null || getTruststorePath().isEmpty() ) {
try {
- context = SSLContext.getDefault();
- } catch ( NoSuchAlgorithmException e ) {
+ context = SSLContext.getInstance( "TLSv1.2" );
+ context.init( null, null, null );
+ } catch ( NoSuchAlgorithmException | KeyManagementException e ) {
log.error( "could not load system default ssl context.", e );
return false;
}
@@ -101,7 +109,7 @@ public class Globals
TrustManagerFactory tmf = TrustManagerFactory
.getInstance( TrustManagerFactory.getDefaultAlgorithm() );
tmf.init( keystore );
- context = SSLContext.getInstance( "SSLv3" );
+ context = SSLContext.getInstance( "TLSv1.2" );
TrustManager[] trustManagers = tmf.getTrustManagers();
context.init( null, trustManagers, null );
} catch ( FileNotFoundException e ) {
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-05-05 10:05:00 +0200