Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HDFS-11302. Improve Logging for SSLHostnameVerifier. Contributed by Chen Liang. 

(cherry picked from commit 32bb36b750)
This commit is contained in:
Xiaoyu Yao 2017-04-05 17:25:18 -07:00
parent 75e60b6bb7
commit 9016614eb1
1 changed files with 20 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/ssl/SSLHostnameVerifier.java
View File

@ -53,6 +53,8 @@ import javax.net.ssl.SSLSocket;
import org.apache.hadoop.classification.InterfaceAudience; import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability; import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.util.StringUtils; import org.apache.hadoop.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/** /**
************************************************************************ ************************************************************************
@ -228,6 +230,12 @@ public interface SSLHostnameVerifier extends javax.net.ssl.HostnameVerifier {
abstract class AbstractVerifier implements SSLHostnameVerifier { abstract class AbstractVerifier implements SSLHostnameVerifier {
/**
* Writes as SSLFactory logs as it is the only consumer of this verifier
* class.
*/
static final Logger LOG = LoggerFactory.getLogger(SSLFactory.class);
/** /**
* This contains a list of 2nd-level domains that aren't allowed to * This contains a list of 2nd-level domains that aren't allowed to
* have wildcards when combined with country-codes. * have wildcards when combined with country-codes.
@ -354,13 +362,24 @@ public interface SSLHostnameVerifier extends javax.net.ssl.HostnameVerifier {
throws SSLException { throws SSLException {
String[] cns = Certificates.getCNs(cert); String[] cns = Certificates.getCNs(cert);
String[] subjectAlts = Certificates.getDNSSubjectAlts(cert); String[] subjectAlts = Certificates.getDNSSubjectAlts(cert);
check(host, cns, subjectAlts); try {
check(host, cns, subjectAlts);
} catch (SSLException e) {
LOG.error("Host check error {}", e);
throw e;
}
} }
public void check(final String[] hosts, final String[] cns, public void check(final String[] hosts, final String[] cns,
final String[] subjectAlts, final boolean ie6, final String[] subjectAlts, final boolean ie6,
final boolean strictWithSubDomains) final boolean strictWithSubDomains)
throws SSLException { throws SSLException {
if (LOG.isTraceEnabled()) {
LOG.trace("Hosts:{}, CNs:{} subjectAlts:{}, ie6:{}, " +
"strictWithSubDomains{}", Arrays.toString(hosts),
Arrays.toString(cns), Arrays.toString(subjectAlts), ie6,
strictWithSubDomains);
}
// Build up lists of allowed hosts For logging/debugging purposes. // Build up lists of allowed hosts For logging/debugging purposes.
StringBuffer buf = new StringBuffer(32); StringBuffer buf = new StringBuffer(32);
buf.append('<'); buf.append('<');