Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

实现 #3000 Issue的功能:Redis 数据源支持 SSL #3045

Merged
merged 2 commits into from
Apr 23, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion sentinel-extension/sentinel-datasource-redis/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
<properties>
<java.source.version>1.8</java.source.version>
<java.target.version>1.8</java.target.version>
<lettuce.version>5.0.1.RELEASE</lettuce.version>
<lettuce.version>5.3.1.RELEASE</lettuce.version>
<redis.mock.version>0.1.6</redis.mock.version>
</properties>

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,18 +25,20 @@

import io.lettuce.core.RedisClient;
import io.lettuce.core.RedisURI;
import io.lettuce.core.SslOptions;
import io.lettuce.core.api.sync.RedisCommands;
import io.lettuce.core.cluster.ClusterClientOptions;
import io.lettuce.core.cluster.RedisClusterClient;
import io.lettuce.core.cluster.api.sync.RedisAdvancedClusterCommands;
import io.lettuce.core.cluster.pubsub.StatefulRedisClusterPubSubConnection;
import io.lettuce.core.pubsub.RedisPubSubAdapter;
import io.lettuce.core.pubsub.StatefulRedisPubSubConnection;
import io.lettuce.core.pubsub.api.sync.RedisPubSubCommands;

import java.io.File;
import java.time.Duration;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.TimeUnit;

/**
* <p>
Expand Down Expand Up @@ -94,19 +96,70 @@ public RedisDataSource(RedisConnectionConfig connectionConfig, String ruleKey, S
subscribeFromChannel(channel);
}

/**
* init SslOptions, support jks or pem format
*
* @param connectionConfig Redis connection config
* @return a new SslOptions
*/
private SslOptions initSslOptions(RedisConnectionConfig connectionConfig) {
if (!connectionConfig.isSslEnable()){
return null;
}

SslOptions.Builder sslOptionsBuilder = SslOptions.builder();

if (connectionConfig.getTrustedCertificatesPath() != null){
if (connectionConfig.getTrustedCertificatesPath().endsWith(".jks")){
// if the value is end with .jks,think it is java key store format,to invoke truststore method
sslOptionsBuilder.truststore(
new File(connectionConfig.getTrustedCertificatesPath()),
connectionConfig.getTrustedCertificatesJksPassword()
);
} else {
// if the value is not end with .jks,think it is pem format,to invoke trustManager method
sslOptionsBuilder.trustManager(new File(connectionConfig.getTrustedCertificatesPath()));
}
}

if (connectionConfig.getKeyCertChainFilePath() != null || connectionConfig.getKeyFilePath() != null) {
if (connectionConfig.getKeyFilePath().endsWith(".jks")){
sslOptionsBuilder.keystore(
new File(connectionConfig.getKeyCertChainFilePath()),
connectionConfig.getKeyFilePassword() == null ? null : connectionConfig.getKeyFilePassword().toCharArray()
);
} else {
sslOptionsBuilder.keyManager(
new File(connectionConfig.getKeyCertChainFilePath()),
new File(connectionConfig.getKeyFilePath()),
connectionConfig.getKeyFilePassword() == null ? null : connectionConfig.getKeyFilePassword().toCharArray()
);
}
}
return sslOptionsBuilder.build();
}

/**
* Build Redis client fromm {@code RedisConnectionConfig}.
*
* @return a new {@link RedisClient}
*/
private RedisClient getRedisClient(RedisConnectionConfig connectionConfig) {
RedisClient redisClient;
if (connectionConfig.getRedisSentinels().size() == 0) {
RecordLog.info("[RedisDataSource] Creating stand-alone mode Redis client");
return getRedisStandaloneClient(connectionConfig);
redisClient = getRedisStandaloneClient(connectionConfig);
} else {
RecordLog.info("[RedisDataSource] Creating Redis Sentinel mode Redis client");
return getRedisSentinelClient(connectionConfig);
redisClient = getRedisSentinelClient(connectionConfig);
}
SslOptions sslOptions = initSslOptions(connectionConfig);
if (sslOptions != null){
redisClient.setOptions(
ClusterClientOptions.builder().sslOptions(sslOptions).build()
);
}
return redisClient;
}

private RedisClusterClient getRedisClusterClient(RedisConnectionConfig connectionConfig) {
Expand All @@ -119,23 +172,33 @@ private RedisClusterClient getRedisClusterClient(RedisConnectionConfig connectio
RedisURI.Builder clusterRedisUriBuilder = RedisURI.builder();
clusterRedisUriBuilder.withHost(config.getHost())
.withPort(config.getPort())
.withSsl(config.isSslEnable())
.withTimeout(Duration.ofMillis(connectionConfig.getTimeout()));
//All redis nodes must have same password
if (password != null) {
clusterRedisUriBuilder.withPassword(connectionConfig.getPassword());
}
redisUris.add(clusterRedisUriBuilder.build());
}
return RedisClusterClient.create(redisUris);
RedisClusterClient redisClusterClient = RedisClusterClient.create(redisUris);
SslOptions sslOptions = initSslOptions(connectionConfig);
if (sslOptions != null){
redisClusterClient.setOptions(
ClusterClientOptions.builder().sslOptions(sslOptions).build()
);
}
return redisClusterClient;
}


private RedisClient getRedisStandaloneClient(RedisConnectionConfig connectionConfig) {
char[] password = connectionConfig.getPassword();
String clientName = connectionConfig.getClientName();
RedisURI.Builder redisUriBuilder = RedisURI.builder();
redisUriBuilder.withHost(connectionConfig.getHost())
.withPort(connectionConfig.getPort())
.withDatabase(connectionConfig.getDatabase())
.withSsl(connectionConfig.isSslEnable())
.withTimeout(Duration.ofMillis(connectionConfig.getTimeout()));
if (password != null) {
redisUriBuilder.withPassword(connectionConfig.getPassword());
Expand All @@ -160,6 +223,7 @@ private RedisClient getRedisSentinelClient(RedisConnectionConfig connectionConfi
sentinelRedisUriBuilder.withClientName(clientName);
}
sentinelRedisUriBuilder.withSentinelMasterId(connectionConfig.getRedisSentinelMasterId())
.withSsl(connectionConfig.isSslEnable())
.withTimeout(Duration.ofMillis(connectionConfig.getTimeout()));
return RedisClient.create(sentinelRedisUriBuilder.build());
}
Expand Down
Loading