HADOOP-17337. S3A NetworkBinding has a runtime dependency on shaded httpclient. (#2599)
Contributed by Steve Loughran.
This commit is contained in:
parent
66ecee333e
commit
26b9d480e8
@ -0,0 +1,47 @@
|
||||
/*
|
||||
* Licensed to the Apache Software Foundation (ASF) under one
|
||||
* or more contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. The ASF licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.apache.hadoop.fs.s3a.impl;
|
||||
|
||||
import javax.net.ssl.HostnameVerifier;
|
||||
import java.io.IOException;
|
||||
|
||||
import com.amazonaws.ClientConfiguration;
|
||||
import com.amazonaws.thirdparty.apache.http.conn.ssl.SSLConnectionSocketFactory;
|
||||
|
||||
import org.apache.hadoop.security.ssl.DelegatingSSLSocketFactory;
|
||||
|
||||
/**
|
||||
* This interacts with the Shaded httpclient library used in the full
|
||||
* AWS SDK. If the S3A client is used with the unshaded SDK, this
|
||||
* class will not link.
|
||||
*/
|
||||
public class ConfigureShadedAWSSocketFactory implements
|
||||
NetworkBinding.ConfigureAWSSocketFactory {
|
||||
|
||||
@Override
|
||||
public void configureSocketFactory(final ClientConfiguration awsConf,
|
||||
final DelegatingSSLSocketFactory.SSLChannelMode channelMode)
|
||||
throws IOException {
|
||||
DelegatingSSLSocketFactory.initializeDefaultFactory(channelMode);
|
||||
awsConf.getApacheHttpClientConfig().setSslSocketFactory(
|
||||
new SSLConnectionSocketFactory(
|
||||
DelegatingSSLSocketFactory.getDefaultFactory(),
|
||||
(HostnameVerifier) null));
|
||||
}
|
||||
}
|
@ -19,14 +19,10 @@
|
||||
package org.apache.hadoop.fs.s3a.impl;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.lang.reflect.Constructor;
|
||||
import java.lang.reflect.InvocationTargetException;
|
||||
import java.net.URI;
|
||||
import java.net.URISyntaxException;
|
||||
|
||||
import javax.net.ssl.HostnameVerifier;
|
||||
import javax.net.ssl.SSLSocketFactory;
|
||||
|
||||
import com.amazonaws.ClientConfiguration;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
@ -43,20 +39,21 @@
|
||||
/**
|
||||
* Configures network settings when communicating with AWS services.
|
||||
*/
|
||||
public class NetworkBinding {
|
||||
public final class NetworkBinding {
|
||||
|
||||
private static final Logger LOG =
|
||||
LoggerFactory.getLogger(NetworkBinding.class);
|
||||
private static final String AWS_SOCKET_FACTORY_CLASSNAME = "com.amazonaws" +
|
||||
".thirdparty.apache.http.conn.ssl.SSLConnectionSocketFactory";
|
||||
private static final String BINDING_CLASSNAME = "org.apache.hadoop.fs.s3a.impl.ConfigureShadedAWSSocketFactory";
|
||||
|
||||
private NetworkBinding() {
|
||||
}
|
||||
|
||||
/**
|
||||
* Configures the {@code SSLConnectionSocketFactory} used by the AWS SDK.
|
||||
* A custom Socket Factory can be set using the method
|
||||
* {@code setSslSocketFactory()}.
|
||||
* If {@code SSLConnectionSocketFactory} cannot be found on the classpath, the value
|
||||
* of {@link org.apache.hadoop.fs.s3a.Constants#SSL_CHANNEL_MODE} is ignored.
|
||||
*
|
||||
* Uses reflection to do this via {@link ConfigureShadedAWSSocketFactory}
|
||||
* so as to avoid
|
||||
* @param conf the {@link Configuration} used to get the client specified
|
||||
* value of {@code SSL_CHANNEL_MODE}
|
||||
* @param awsConf the {@code ClientConfiguration} to set the
|
||||
@ -84,28 +81,33 @@ public static void bindSSLChannelMode(Configuration conf,
|
||||
|
||||
DelegatingSSLSocketFactory.initializeDefaultFactory(channelMode);
|
||||
try {
|
||||
// Look for AWS_SOCKET_FACTORY_CLASSNAME on the classpath and instantiate
|
||||
// an instance using the DelegatingSSLSocketFactory as the
|
||||
// SSLSocketFactory.
|
||||
Class<?> sslConnectionSocketFactory = Class.forName(
|
||||
AWS_SOCKET_FACTORY_CLASSNAME);
|
||||
Constructor<?> factoryConstructor =
|
||||
sslConnectionSocketFactory.getDeclaredConstructor(
|
||||
SSLSocketFactory.class, HostnameVerifier.class);
|
||||
awsConf.getApacheHttpClientConfig().setSslSocketFactory(
|
||||
(com.amazonaws.thirdparty.apache.http.conn.ssl.
|
||||
SSLConnectionSocketFactory) factoryConstructor
|
||||
.newInstance(DelegatingSSLSocketFactory
|
||||
.getDefaultFactory(),
|
||||
(HostnameVerifier) null));
|
||||
// use reflection to load in our own binding class.
|
||||
// this is *probably* overkill, but it is how we can be fully confident
|
||||
// that no attempt will be made to load/link to the AWS Shaded SDK except
|
||||
// within this try/catch block
|
||||
Class<? extends ConfigureAWSSocketFactory> clazz =
|
||||
(Class<? extends ConfigureAWSSocketFactory>) Class.forName(BINDING_CLASSNAME);
|
||||
clazz.getConstructor()
|
||||
.newInstance()
|
||||
.configureSocketFactory(awsConf, channelMode);
|
||||
} catch (ClassNotFoundException | NoSuchMethodException |
|
||||
IllegalAccessException | InstantiationException |
|
||||
InvocationTargetException | LinkageError e) {
|
||||
LOG.debug("Unable to create class {}, value of {} will be ignored",
|
||||
AWS_SOCKET_FACTORY_CLASSNAME, SSL_CHANNEL_MODE, e);
|
||||
BINDING_CLASSNAME, SSL_CHANNEL_MODE, e);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Interface used to bind to the socket factory, allows the code which
|
||||
* works with the shaded AWS libraries to exist in their own class.
|
||||
*/
|
||||
interface ConfigureAWSSocketFactory {
|
||||
void configureSocketFactory(ClientConfiguration awsConf,
|
||||
DelegatingSSLSocketFactory.SSLChannelMode channelMode)
|
||||
throws IOException;
|
||||
}
|
||||
|
||||
/**
|
||||
* Given an S3 bucket region as returned by a bucket location query,
|
||||
* fix it into a form which can be used by other AWS commands.
|
||||
|
Loading…
Reference in New Issue
Block a user