Conversation
Signed-off-by: Iori Yoneji <yoneji_i@worksap.co.jp>
Signed-off-by: Iori Yoneji <yoneji_i@worksap.co.jp>
Signed-off-by: Iori Yoneji <yoneji_i@worksap.co.jp>
Signed-off-by: Iori Yoneji <yoneji_i@worksap.co.jp>
Signed-off-by: Iori Yoneji <yoneji_i@worksap.co.jp>
Signed-off-by: Iori Yoneji <yoneji_i@worksap.co.jp>
…with Pinning Signed-off-by: Iori Yoneji <yoneji_i@worksap.co.jp>
Looks like it failed the checkstyle:
https://travis-ci.org/jaegertracing/jaeger-client-java/jobs/503139012#L2534 |
Signed-off-by: Iori YONEJI <fivo.11235813@gmail.com>
Signed-off-by: Iori YONEJI <fivo.11235813@gmail.com>
aad57ee
to
d5127ff
Compare
Oh, that was too stupid. I believe it's fixed now. |
if you found this in the build logs, could you copy them here? Many PRs have been seeing crossdock failures recently, I suspect a common cause. |
I've added an nginx proxy in the docker-compose.yml. This service's log shows
I don't think the network problem is caused by reporter misconfiguration (as I changed it) because it succeeded to establish a session to the proxy, and also I don't think collector's issue because plain http version (java-http) is able to report to it. This failure happens very likely but merely it succeeds, if I remember correctly (I couldn't reproduce now). |
I tried once again which was successful this time (no change).
|
Signed-off-by: Iori Yoneji <yoneji_i@worksap.co.jp>
Codecov Report
@@ Coverage Diff @@
## master #602 +/- ##
============================================
+ Coverage 89.53% 89.66% +0.12%
- Complexity 542 563 +21
============================================
Files 68 69 +1
Lines 1949 2070 +121
Branches 251 263 +12
============================================
+ Hits 1745 1856 +111
- Misses 129 133 +4
- Partials 75 81 +6
Continue to review full report at Codecov.
|
* Make grpc reporter default and add retry Signed-off-by: Pavol Loffay <ploffay@redhat.com> * Polish Signed-off-by: Pavol Loffay <ploffay@redhat.com> * Fix port Signed-off-by: Pavol Loffay <ploffay@redhat.com> * Polish Signed-off-by: Pavol Loffay <ploffay@redhat.com> * Use higher retry Signed-off-by: Pavol Loffay <ploffay@redhat.com> * Increase retry to 100 Signed-off-by: Pavol Loffay <ploffay@redhat.com>
* TLS certificates (in comma-separated BASE64 SHA256 Hash) for certificates pinning, | ||
* used in case of HTTPS communication to the endpoint. | ||
*/ | ||
public static final String JAEGER_TLS_CERTIFICATE_PINNING = JAEGER_PREFIX + "TLS_CERTIFICATE_PINNING"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not thrilled with the name. Is it typical to pass certs via env vars? We've recently added many TLS options to Jaeger backend, and the certs are always passed via files.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I had three reasons to pass this via environment variable over file.
- It should be good to be consistent with other reporter configurations most of them can be done via fromEnv() otherwise manipulated with Internal*.
- This must be SHA256 Hash of Certificate or Public Key (https://square.github.io/okhttp/3.x/okhttp/okhttp3/CertificatePinner.html) so this is kept short.
- In Lambda, one of the motivations for this, managing environment variables is easier than doing so for file. Environment variables are shown and settable plainly in the console, while files are to be uploaded directly or indirectly (S3) to the console as zipped format.
…TTPSender Signed-off-by: Iori Yoneji <yoneji_i@worksap.co.jp>
Signed-off-by: Iori Yoneji <yoneji_i@worksap.co.jp>
… any trust anchor Signed-off-by: Iori Yoneji <yoneji_i@worksap.co.jp>
Signed-off-by: Iori YONEJI <fivo.11235813@gmail.com>
ed82e0d
to
175fa1d
Compare
78aba28
to
9f0a0b2
Compare
Signed-off-by: Iori YONEJI <fivo.11235813@gmail.com>
9f0a0b2
to
59342f1
Compare
Signed-off-by: Iori Yoneji <yoneji_i@worksap.co.jp>
Signed-off-by: Iori Yoneji <yoneji_i@worksap.co.jp>
133d8db
to
da96565
Compare
Signed-off-by: Iori Yoneji <yoneji_i@worksap.co.jp>
I feel like this is adding way too much code to the client. |
jaeger-crossdock/docker-compose.yml
Outdated
- jaeger-collector | ||
|
||
jaeger-collector-https-proxy: | ||
image: nginx:alpine |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it would be better to support TLS in the collector directly, rather than use nginx, since we already added similar functionality to gRPC:
--collector.grpc.tls Enable TLS
--collector.grpc.tls.cert string Path to TLS certificate file
--collector.grpc.tls.key string Path to TLS key file
--collector.http-port int The HTTP port for the collector service (default 14268)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is nice to have for jaeger, and I may add the option to jaeger soon, but this proxy is for client test for now. I will replace this after --collector.http.tls
options are merged.
ADD build/proxy.key /etc/nginx/proxy.key | ||
|
||
EXPOSE 8080 14443 | ||
CMD ["sh", "-c", "while ! { wget --spider -S http://jaeger-collector:14269; }; do echo waiting...; sleep 1; done; nginx -g 'daemon off;'"] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
comment would be useful, what is being queried on port 14269?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
added.
crossdock: gradle-compile crossdock-proxy-secret-gen crossdock-download-jaeger | ||
docker-compose -f $(XDOCK_YAML) -f $(XDOCK_JAEGER_YAML) kill java-udp java-http java-https | ||
docker-compose -f $(XDOCK_YAML) -f $(XDOCK_JAEGER_YAML) rm -f java-udp java-http java-https | ||
docker-compose -f $(XDOCK_YAML) -f $(XDOCK_JAEGER_YAML) build java-udp java-http java-https |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- should this also include jaeger-collector-https-proxy ?
- I would move these into a make var, to DRY
MHcCAQEEIAA24MB8sxrLG1an0nG1DCH6J32iqrtborxFOjdqWNCmoAoGCCqGSM49 | ||
AwEHoUQDQgAEAhYnw9zYU0G3VZ48nNlT5jAs096pX0zeHM/yxiJe+DS5Yj0EJXM/ | ||
0A1Of2zqxbyJpaEIFcqTmTTyTXCE7I6B6Q== | ||
-----END EC PRIVATE KEY----- |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
are these being generated by jaeger-crossdock/https-proxy/gen.sh
every time?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, this is root certificate which is used to generate proxy's certificate by gen.sh
. Hard-coding is ugly by the way, but sometimes test project includes.
The Public key pin is coded here:
https://github.com/jaegertracing/jaeger-client-java/pull/602/files#diff-9d280e9b01ffb0fc60647fe5d2a8286cR74
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you please document somewhere how you generated these files?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK, I will.
@@ -66,6 +77,7 @@ public void send(Process process, List<Span> spans) throws SenderException { | |||
try { | |||
response = httpClient.newCall(request).execute(); | |||
} catch (IOException e) { | |||
e.printStackTrace(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
don't we have that elsewhere?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That was my mistake not to remove debug code. I will delete.
} | ||
|
||
public Builder acceptSelfSigned() { | ||
// This dangerous operation will only take effect if pinning is used. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
method comment?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not intended but should be.
Signed-off-by: Iori Yoneji <yoneji_i@worksap.co.jp>
@@ -0,0 +1,10 @@ | |||
-----BEGIN CERTIFICATE----- |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's the expiration date for this one?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Noted in gen.sh
MHcCAQEEIAA24MB8sxrLG1an0nG1DCH6J32iqrtborxFOjdqWNCmoAoGCCqGSM49 | ||
AwEHoUQDQgAEAhYnw9zYU0G3VZ48nNlT5jAs096pX0zeHM/yxiJe+DS5Yj0EJXM/ | ||
0A1Of2zqxbyJpaEIFcqTmTTyTXCE7I6B6Q== | ||
-----END EC PRIVATE KEY----- |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you please document somewhere how you generated these files?
server_name ${SERVER}; | ||
location / { | ||
root /usr/share/nginx/html/; | ||
index index.html; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The indentation here seems a bit off
listen 14443 ssl; | ||
server_name ${SERVER}; | ||
|
||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know this is only for testing, but could we have a production-grade configuration here? Like, a secure set of ciphers and options like ssl_prefer_server_ciphers on
. This way, we'd be testing with production settings, making sure that all involved components are up to modern standards.
For reference, this is what I used to have on a few servers of mine, which was "current" a couple of years ago:
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name acme.example.com;
ssl_certificate /etc/pki/tls/certs/acme.example.com.bundle.cert;
ssl_certificate_key /etc/pki/tls/private/acme.example.com.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # probably needs an update to include TLSv1.3?
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
add_header Strict-Transport-Security max-age=31536000;
root /usr/share/nginx/html/acme.example.com;
}
* Instead, check the sha256 hash value by custom verifier. */ | ||
acceptSelfSigned(clientBuilder, hostname, pins); | ||
} | ||
} catch (Exception e) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This deserves a log message, even if at debug
level (but possibly at info or even warn, as this is called only once)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I afraid it isn't, because it is very similar to https://github.com/jaegertracing/jaeger-client-java/pull/602/files/a0607f48cd7370959b8f937a208fdc517a03b82f#diff-3330f8a6420c943a90a1b22b0abd0815R56. But it might be OK to fail earlier than build itself.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure I understood what you mean. The code you linked throw an exception, the code here is swallowing one. Instead of swallowing, we should log it at some level (info
in my opinion).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The try
above the catch
is needed because of URI
to be constructed by the endpoint
which is supplied by the configuration. If the endpoint is invalid, building HttpSender
at few lines later would fail. But I agree with that it shouldn't swallow all kind of Exception
, so I changed it to catch only URISyntaxException
and throw it earlier.
jaeger-thrift/src/main/java/io/jaegertracing/thrift/internal/senders/HttpSender.java
Outdated
Show resolved
Hide resolved
} | ||
} | ||
// TODO: For TOFU (trust on first use) usecase, print the chain | ||
throw new CertificateException(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If there's anything wrong, it would be very hard to figure out what is wrong. I see the following possible error conditions:
- Empty chain (bad configuration from the user's part)
- No matches between the hostname and the subject CNs from the chain
- The check failed
It would be good to have an exception thrown with the appropriate message, even if it's a bit more code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CertificateException
is thrown when the certificate couldn't be verified by the TrustManager
. If another (like default) manager might succeed the verification even after this manager failed, and if it eventually turned to be successful, the connection must be sane.
To follow this (strange?) interface, I throw CertificateException
whenever this manager fails to verify the connection.
But probably other exception could be thrown to fail in case of "The check failed" but CN matches including server's chain was empty.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But probably other exception could be thrown to fail in case of "The check failed" but CN matches including server's chain was empty.
This is good for trust-on-first-use use-case to print actual pins of the server, because calculating the pin by openssl
command is a little bothering.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 for having different exceptions for the check failed
case
Signed-off-by: Iori Yoneji <yoneji_i@worksap.co.jp>
Signed-off-by: Iori Yoneji <yoneji_i@worksap.co.jp>
Signed-off-by: Iori Yoneji <yoneji_i@worksap.co.jp>
Signed-off-by: Iori Yoneji <yoneji_i@worksap.co.jp>
a2daf6d
to
1c3cb04
Compare
Signed-off-by: Iori Yoneji <yoneji_i@worksap.co.jp>
1c3cb04
to
f45ed78
Compare
@iori-yja is this ready from your side? @jpkrohling could you please check if your review has been fixed? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This PR is missing some tests, but the actual code looks sane to me.
Tests I'd like to see:
- By default, HTTPS URL should not accept self-signed certs
- HTTPS URL succeeds when the server sends a self-signed cert and
acceptSelfSigned()
is used - HTTP +
acceptSelfSigned()
is noop (or has no bad consequences)
jaeger-thrift/src/main/java/io/jaegertracing/thrift/internal/senders/HttpSender.java
Outdated
Show resolved
Hide resolved
jaeger-thrift/src/main/java/io/jaegertracing/thrift/internal/senders/HttpSender.java
Outdated
Show resolved
Hide resolved
jaeger-thrift/src/main/java/io/jaegertracing/thrift/internal/senders/HttpSender.java
Outdated
Show resolved
Hide resolved
jaeger-thrift/src/main/java/io/jaegertracing/thrift/internal/senders/HttpSender.java
Outdated
Show resolved
Hide resolved
jaeger-thrift/src/main/java/io/jaegertracing/thrift/internal/senders/HttpSender.java
Outdated
Show resolved
Hide resolved
Sorry, forgot to check; I will catch up this week Edit: will add some tests |
jaegertracing#602 (review) Signed-off-by: Iori Yoneji <yoneji_i@worksap.co.jp>
5d01046
to
55ac341
Compare
This is the difficult part. How can I set "must-fail" test in crossdock?
|
…hCertificatePinning Signed-off-by: Iori Yoneji <yoneji_i@worksap.co.jp>
Which problem is this PR solving?
Short description of the changes
Added those below: