Skip to content

Commit

Permalink
Add SSL support for sentinel-datasource-redis (#3045)
Browse files Browse the repository at this point in the history
  • Loading branch information
z521598 authored and LearningGp committed Dec 27, 2023
1 parent cc6923f commit 74f7d18
Show file tree
Hide file tree
Showing 4 changed files with 321 additions and 16 deletions.
2 changes: 1 addition & 1 deletion sentinel-extension/sentinel-datasource-redis/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
<properties>
<java.source.version>1.8</java.source.version>
<java.target.version>1.8</java.target.version>
<lettuce.version>5.0.1.RELEASE</lettuce.version>
<lettuce.version>5.3.1.RELEASE</lettuce.version>
<redis.mock.version>0.1.6</redis.mock.version>
</properties>

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,18 +25,20 @@

import io.lettuce.core.RedisClient;
import io.lettuce.core.RedisURI;
import io.lettuce.core.SslOptions;
import io.lettuce.core.api.sync.RedisCommands;
import io.lettuce.core.cluster.ClusterClientOptions;
import io.lettuce.core.cluster.RedisClusterClient;
import io.lettuce.core.cluster.api.sync.RedisAdvancedClusterCommands;
import io.lettuce.core.cluster.pubsub.StatefulRedisClusterPubSubConnection;
import io.lettuce.core.pubsub.RedisPubSubAdapter;
import io.lettuce.core.pubsub.StatefulRedisPubSubConnection;
import io.lettuce.core.pubsub.api.sync.RedisPubSubCommands;

import java.io.File;
import java.time.Duration;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.TimeUnit;

/**
* <p>
Expand Down Expand Up @@ -94,19 +96,70 @@ public RedisDataSource(RedisConnectionConfig connectionConfig, String ruleKey, S
subscribeFromChannel(channel);
}

/**
* init SslOptions, support jks or pem format
*
* @param connectionConfig Redis connection config
* @return a new SslOptions
*/
private SslOptions initSslOptions(RedisConnectionConfig connectionConfig) {
if (!connectionConfig.isSslEnable()){
return null;
}

SslOptions.Builder sslOptionsBuilder = SslOptions.builder();

if (connectionConfig.getTrustedCertificatesPath() != null){
if (connectionConfig.getTrustedCertificatesPath().endsWith(".jks")){
// if the value is end with .jks,think it is java key store format,to invoke truststore method
sslOptionsBuilder.truststore(
new File(connectionConfig.getTrustedCertificatesPath()),
connectionConfig.getTrustedCertificatesJksPassword()
);
} else {
// if the value is not end with .jks,think it is pem format,to invoke trustManager method
sslOptionsBuilder.trustManager(new File(connectionConfig.getTrustedCertificatesPath()));
}
}

if (connectionConfig.getKeyCertChainFilePath() != null || connectionConfig.getKeyFilePath() != null) {
if (connectionConfig.getKeyFilePath().endsWith(".jks")){
sslOptionsBuilder.keystore(
new File(connectionConfig.getKeyCertChainFilePath()),
connectionConfig.getKeyFilePassword() == null ? null : connectionConfig.getKeyFilePassword().toCharArray()
);
} else {
sslOptionsBuilder.keyManager(
new File(connectionConfig.getKeyCertChainFilePath()),
new File(connectionConfig.getKeyFilePath()),
connectionConfig.getKeyFilePassword() == null ? null : connectionConfig.getKeyFilePassword().toCharArray()
);
}
}
return sslOptionsBuilder.build();
}

/**
* Build Redis client fromm {@code RedisConnectionConfig}.
*
* @return a new {@link RedisClient}
*/
private RedisClient getRedisClient(RedisConnectionConfig connectionConfig) {
RedisClient redisClient;
if (connectionConfig.getRedisSentinels().size() == 0) {
RecordLog.info("[RedisDataSource] Creating stand-alone mode Redis client");
return getRedisStandaloneClient(connectionConfig);
redisClient = getRedisStandaloneClient(connectionConfig);
} else {
RecordLog.info("[RedisDataSource] Creating Redis Sentinel mode Redis client");
return getRedisSentinelClient(connectionConfig);
redisClient = getRedisSentinelClient(connectionConfig);
}
SslOptions sslOptions = initSslOptions(connectionConfig);
if (sslOptions != null){
redisClient.setOptions(
ClusterClientOptions.builder().sslOptions(sslOptions).build()
);
}
return redisClient;
}

private RedisClusterClient getRedisClusterClient(RedisConnectionConfig connectionConfig) {
Expand All @@ -119,23 +172,33 @@ private RedisClusterClient getRedisClusterClient(RedisConnectionConfig connectio
RedisURI.Builder clusterRedisUriBuilder = RedisURI.builder();
clusterRedisUriBuilder.withHost(config.getHost())
.withPort(config.getPort())
.withSsl(config.isSslEnable())
.withTimeout(Duration.ofMillis(connectionConfig.getTimeout()));
//All redis nodes must have same password
if (password != null) {
clusterRedisUriBuilder.withPassword(connectionConfig.getPassword());
}
redisUris.add(clusterRedisUriBuilder.build());
}
return RedisClusterClient.create(redisUris);
RedisClusterClient redisClusterClient = RedisClusterClient.create(redisUris);
SslOptions sslOptions = initSslOptions(connectionConfig);
if (sslOptions != null){
redisClusterClient.setOptions(
ClusterClientOptions.builder().sslOptions(sslOptions).build()
);
}
return redisClusterClient;
}


private RedisClient getRedisStandaloneClient(RedisConnectionConfig connectionConfig) {
char[] password = connectionConfig.getPassword();
String clientName = connectionConfig.getClientName();
RedisURI.Builder redisUriBuilder = RedisURI.builder();
redisUriBuilder.withHost(connectionConfig.getHost())
.withPort(connectionConfig.getPort())
.withDatabase(connectionConfig.getDatabase())
.withSsl(connectionConfig.isSslEnable())
.withTimeout(Duration.ofMillis(connectionConfig.getTimeout()));
if (password != null) {
redisUriBuilder.withPassword(connectionConfig.getPassword());
Expand All @@ -160,6 +223,7 @@ private RedisClient getRedisSentinelClient(RedisConnectionConfig connectionConfi
sentinelRedisUriBuilder.withClientName(clientName);
}
sentinelRedisUriBuilder.withSentinelMasterId(connectionConfig.getRedisSentinelMasterId())
.withSsl(connectionConfig.isSslEnable())
.withTimeout(Duration.ofMillis(connectionConfig.getTimeout()));
return RedisClient.create(sentinelRedisUriBuilder.build());
}
Expand Down
Loading

0 comments on commit 74f7d18

Please sign in to comment.