Skip to content

Commit

Permalink
chore(springBoot): Upgrade to Spring Boot 1.5.4, including new cert b…
Browse files Browse the repository at this point in the history 
…lacklist impl (#88)
  • Loading branch information
Travis Tomsu authored Jul 24, 2017
1 parent 206d2d6 commit d8803f2
Show file tree
Hide file tree
Showing 5 changed files with 21 additions and 23 deletions.
4 changes: 2 additions & 2 deletions build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ buildscript {
maven { url "https://plugins.gradle.org/m2/" }
}
dependencies {
classpath 'com.netflix.spinnaker.gradle:spinnaker-gradle-project:3.13.0'
classpath 'com.netflix.spinnaker.gradle:spinnaker-gradle-project:3.16.0'
}
}

Expand All @@ -34,7 +34,7 @@ allprojects {
group = 'com.netflix.spinnaker.kork'

ext {
spinnakerDependenciesVersion = project.hasProperty('spinnakerDependenciesVersion') ? project.property('spinnakerDependenciesVersion') : '0.91.0'
spinnakerDependenciesVersion = project.hasProperty('spinnakerDependenciesVersion') ? project.property('spinnakerDependenciesVersion') : '0.106.0-rc.1-springBoot154'
}

def checkLocalVersions = [spinnakerDependenciesVersion: spinnakerDependenciesVersion]
Expand Down
2 changes: 1 addition & 1 deletion kork-core/src/main/java/com/netflix/spinnaker/kork/metrics/SpectatorConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ MetricsController metricsController(Registry registry) {

@Bean
@Primary
@ConditionalOnMissingClass(name = "org.springframework.messaging.MessageChannel")
@ConditionalOnMissingClass("org.springframework.messaging.MessageChannel")
@ConditionalOnMissingBean(name = "primaryMetricWriter")
public MetricWriter primaryMetricWriter(List<MetricWriter> writers) {
return new CompositeMetricWriter(writers);
Expand Down
13 changes: 8 additions & 5 deletions kork-web/src/main/groovy/com/netflix/spinnaker/config/TomcatConfiguration.groovy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import groovy.util.logging.Slf4j
import org.apache.catalina.connector.Connector
import org.apache.coyote.http11.AbstractHttp11JsseProtocol
import org.apache.coyote.http11.Http11NioProtocol
import org.apache.tomcat.util.net.SSLHostConfig
import org.springframework.boot.actuate.endpoint.ResolvedEnvironmentEndpoint
import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression
import org.springframework.boot.context.embedded.ConfigurableEmbeddedServletContainer
Expand Down Expand Up @@ -61,11 +62,13 @@ class TomcatConfiguration {
def handler = connector.getProtocolHandler()
if (handler instanceof AbstractHttp11JsseProtocol) {
if (handler.isSSLEnabled()) {
handler.setProperty("useServerCipherSuitesOrder", "true")
handler.setProperty("sslEnabledProtocols", okHttpClientConfigurationProperties.tlsVersions.join(","))
handler.setCiphers(okHttpClientConfigurationProperties.cipherSuites.join(","))
handler.setSslImplementationName(BlacklistingSSLImplementation.name)
handler.setCrlFile(sslExtensionConfigurationProperties.getCrlFile())
SSLHostConfig sslHostConfig = new SSLHostConfig();
sslHostConfig.setHonorCipherOrder("true")
sslHostConfig.ciphers = okHttpClientConfigurationProperties.cipherSuites.join(",")
sslHostConfig.setProtocols(okHttpClientConfigurationProperties.tlsVersions.join(","))
sslHostConfig.setTrustManagerClassName(BlacklistingSSLImplementation.name)
sslHostConfig.setCertificateRevocationListFile(sslExtensionConfigurationProperties.getCrlFile())
handler.addSslHostConfig(sslHostConfig)
}
}
}
Expand Down
14 changes: 7 additions & 7 deletions ...-web/src/main/groovy/com/netflix/spinnaker/tomcat/x509/BlacklistingJSSESocketFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,27 +16,27 @@

package com.netflix.spinnaker.tomcat.x509;

import org.apache.tomcat.util.net.AbstractEndpoint;
import org.apache.tomcat.util.net.jsse.JSSESocketFactory;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.apache.tomcat.util.net.jsse.JSSEUtil;

import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.util.Optional;

public class BlacklistingJSSESocketFactory extends JSSESocketFactory {
public class BlacklistingJSSESocketFactory extends JSSEUtil {
private static final String BLACKLIST_PREFIX = "blacklist:";

private final Blacklist blacklist;

public BlacklistingJSSESocketFactory(AbstractEndpoint<?> endpoint) {
super(endpoint);
String blacklistFile = Optional.ofNullable(endpoint.getCrlFile())
public BlacklistingJSSESocketFactory(SSLHostConfigCertificate certificate) {
super(certificate);
String blacklistFile = Optional.ofNullable(certificate.getSSLHostConfig().getCertificateRevocationListFile())
.filter(file -> file.startsWith(BLACKLIST_PREFIX))
.map(file -> file.substring(BLACKLIST_PREFIX.length()))
.orElse(null);

if (blacklistFile != null) {
endpoint.setCrlFile(null);
certificate.getSSLHostConfig().setCertificateRevocationListFile(null);
blacklist = Blacklist.forFile(blacklistFile);
} else {
blacklist = null;
Expand Down
11 changes: 3 additions & 8 deletions ...-web/src/main/groovy/com/netflix/spinnaker/tomcat/x509/BlacklistingSSLImplementation.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,8 @@

package com.netflix.spinnaker.tomcat.x509;

import org.apache.tomcat.util.net.AbstractEndpoint;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.apache.tomcat.util.net.SSLUtil;
import org.apache.tomcat.util.net.ServerSocketFactory;
import org.apache.tomcat.util.net.jsse.JSSEImplementation;

/**
Expand All @@ -35,13 +34,9 @@
* revoked certificates.
*/
public class BlacklistingSSLImplementation extends JSSEImplementation {
@Override
public ServerSocketFactory getServerSocketFactory(AbstractEndpoint<?> endpoint) {
return new BlacklistingJSSESocketFactory(endpoint);
}

@Override
public SSLUtil getSSLUtil(AbstractEndpoint<?> endpoint) {
return new BlacklistingJSSESocketFactory(endpoint);
public SSLUtil getSSLUtil(SSLHostConfigCertificate certificate) {
return new BlacklistingJSSESocketFactory(certificate);
}
}

0 comments on commit d8803f2

Please sign in to comment.