-
Notifications
You must be signed in to change notification settings - Fork 63
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add ability to specify TLS protocols to use for emitting events (close …
- Loading branch information
Showing
5 changed files
with
250 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
75 changes: 75 additions & 0 deletions
75
...ow-tracker/src/main/java/com/snowplowanalytics/snowplow/tracker/emitter/TLSArguments.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
/* | ||
* Copyright (c) 2015-2018 Snowplow Analytics Ltd. All rights reserved. | ||
* | ||
* This program is licensed to you under the Apache License Version 2.0, | ||
* and you may not use this file except in compliance with the Apache License Version 2.0. | ||
* You may obtain a copy of the Apache License Version 2.0 at http://www.apache.org/licenses/LICENSE-2.0. | ||
* | ||
* Unless required by applicable law or agreed to in writing, | ||
* software distributed under the Apache License Version 2.0 is distributed on an | ||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the Apache License Version 2.0 for the specific language governing permissions and limitations there under. | ||
*/ | ||
|
||
package com.snowplowanalytics.snowplow.tracker.emitter; | ||
|
||
import java.security.KeyManagementException; | ||
import java.security.KeyStore; | ||
import java.security.KeyStoreException; | ||
import java.security.NoSuchAlgorithmException; | ||
import java.util.Arrays; | ||
|
||
import javax.net.ssl.SSLSocketFactory; | ||
import javax.net.ssl.TrustManager; | ||
import javax.net.ssl.TrustManagerFactory; | ||
import javax.net.ssl.X509TrustManager; | ||
|
||
import okhttp3.TlsVersion; | ||
|
||
public class TLSArguments { | ||
private X509TrustManager trustManager = null; | ||
private SSLSocketFactory sslSocketFactory = null; | ||
|
||
/** | ||
* Builds an object to store arguments to pass to TLS connection configuration. | ||
* | ||
* @param versions Accepted TLS versions for connections | ||
*/ | ||
public TLSArguments(String[] versions) { | ||
try { | ||
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance( | ||
TrustManagerFactory.getDefaultAlgorithm()); | ||
trustManagerFactory.init((KeyStore) null); | ||
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); | ||
if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) { | ||
throw new IllegalStateException("Unexpected default trust managers:" | ||
+ Arrays.toString(trustManagers)); | ||
} | ||
this.trustManager = (X509TrustManager) trustManagers[0]; | ||
|
||
this.sslSocketFactory = new TLSSocketFactory(versions); | ||
} catch (KeyStoreException e) { | ||
e.printStackTrace(); | ||
} catch (NoSuchAlgorithmException e) { | ||
e.printStackTrace(); | ||
} catch (KeyManagementException e) { | ||
e.printStackTrace(); | ||
} | ||
this.trustManager = trustManager; | ||
this.sslSocketFactory = sslSocketFactory; | ||
} | ||
|
||
/** | ||
* @return the trust manager argument | ||
*/ | ||
public X509TrustManager getTrustManager() { | ||
return this.trustManager; | ||
} | ||
|
||
/** | ||
* @return the ssl socket factory argument | ||
*/ | ||
public SSLSocketFactory getSslSocketFactory() { | ||
return this.sslSocketFactory; | ||
} | ||
} |
85 changes: 85 additions & 0 deletions
85
...racker/src/main/java/com/snowplowanalytics/snowplow/tracker/emitter/TLSSocketFactory.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
/* | ||
* Copyright (c) 2015-2018 Snowplow Analytics Ltd. All rights reserved. | ||
* | ||
* This program is licensed to you under the Apache License Version 2.0, | ||
* and you may not use this file except in compliance with the Apache License Version 2.0. | ||
* You may obtain a copy of the Apache License Version 2.0 at http://www.apache.org/licenses/LICENSE-2.0. | ||
* | ||
* Unless required by applicable law or agreed to in writing, | ||
* software distributed under the Apache License Version 2.0 is distributed on an | ||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the Apache License Version 2.0 for the specific language governing permissions and limitations there under. | ||
*/ | ||
|
||
package com.snowplowanalytics.snowplow.tracker.emitter; | ||
|
||
import java.io.IOException; | ||
import java.net.InetAddress; | ||
import java.net.Socket; | ||
import java.net.UnknownHostException; | ||
import java.security.KeyManagementException; | ||
import java.security.NoSuchAlgorithmException; | ||
|
||
import javax.net.ssl.SSLContext; | ||
import javax.net.ssl.SSLSocket; | ||
import javax.net.ssl.SSLSocketFactory; | ||
|
||
public class TLSSocketFactory extends SSLSocketFactory { | ||
|
||
private SSLSocketFactory internalSSLSocketFactory; | ||
private String[] versions = new String[]{"TLSv1.2"}; | ||
|
||
public TLSSocketFactory(String[] versions) throws KeyManagementException, NoSuchAlgorithmException { | ||
this.versions = versions; | ||
SSLContext context = SSLContext.getInstance("TLS"); | ||
context.init(null, null, null); | ||
internalSSLSocketFactory = context.getSocketFactory(); | ||
} | ||
|
||
@Override | ||
public String[] getDefaultCipherSuites() { | ||
return internalSSLSocketFactory.getDefaultCipherSuites(); | ||
} | ||
|
||
@Override | ||
public String[] getSupportedCipherSuites() { | ||
return internalSSLSocketFactory.getSupportedCipherSuites(); | ||
} | ||
|
||
@Override | ||
public Socket createSocket() throws IOException { | ||
return enableTLSOnSocket(internalSSLSocketFactory.createSocket()); | ||
} | ||
|
||
@Override | ||
public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException { | ||
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(s, host, port, autoClose)); | ||
} | ||
|
||
@Override | ||
public Socket createSocket(String host, int port) throws IOException, UnknownHostException { | ||
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port)); | ||
} | ||
|
||
@Override | ||
public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException { | ||
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port, localHost, localPort)); | ||
} | ||
|
||
@Override | ||
public Socket createSocket(InetAddress host, int port) throws IOException { | ||
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(host, port)); | ||
} | ||
|
||
@Override | ||
public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { | ||
return enableTLSOnSocket(internalSSLSocketFactory.createSocket(address, port, localAddress, localPort)); | ||
} | ||
|
||
private Socket enableTLSOnSocket(Socket socket) { | ||
if(socket != null && (socket instanceof SSLSocket)) { | ||
((SSLSocket) socket).setEnabledProtocols(this.versions); | ||
} | ||
return socket; | ||
} | ||
} |
51 changes: 51 additions & 0 deletions
51
...ker/src/main/java/com/snowplowanalytics/snowplow/tracker/emitter/TLSVersionValidator.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
/* | ||
* Copyright (c) 2015-2017 Snowplow Analytics Ltd. All rights reserved. | ||
* | ||
* This program is licensed to you under the Apache License Version 2.0, | ||
* and you may not use this file except in compliance with the Apache License Version 2.0. | ||
* You may obtain a copy of the Apache License Version 2.0 at http://www.apache.org/licenses/LICENSE-2.0. | ||
* | ||
* Unless required by applicable law or agreed to in writing, | ||
* software distributed under the Apache License Version 2.0 is distributed on an | ||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the Apache License Version 2.0 for the specific language governing permissions and limitations there under. | ||
*/ | ||
|
||
package com.snowplowanalytics.snowplow.tracker.emitter; | ||
|
||
import java.util.Set; | ||
import java.util.HashSet; | ||
|
||
public class TLSVersionValidator { | ||
private Set<String> versions = new HashSet<>(); | ||
|
||
/** | ||
* Builds an object to only allow valid version values | ||
* | ||
* @param versions Versions allowed in TLS connection | ||
*/ | ||
public TLSVersionValidator(String[] versions) { | ||
for (String version : versions) { | ||
if (version.equalsIgnoreCase("TLSv1.2")) { | ||
this.versions.add("TLSv1.2"); | ||
} else if (version.equalsIgnoreCase("TLSv1.1")) { | ||
this.versions.add("TLSv1.1"); | ||
} | ||
} | ||
} | ||
|
||
public TLSVersionValidator(String version) { | ||
if (version.equalsIgnoreCase("TLSv1.2")) { | ||
this.versions.add("TLSv1.2"); | ||
} else if (version.equalsIgnoreCase("TLSv1.1")) { | ||
this.versions.add("TLSv1.1"); | ||
} | ||
} | ||
|
||
/** | ||
* @return Version of TLS connection | ||
*/ | ||
public String[] getVersions() { | ||
return versions.toArray(new String[versions.size()]); | ||
} | ||
} |