You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ud...@apache.org on 2016/07/21 16:16:51 UTC
[1/2] incubator-geode git commit: GEODE-420: Added
SSLConfigurationFactory to have a single location that determines the
SSLConfiguration. Amended all affected classes
Repository: incubator-geode
Updated Branches:
refs/heads/feature/GEODE-420 399a63878 -> 9891f06ed
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9891f06e/geode-core/src/main/java/com/gemstone/gemfire/management/internal/JettyHelper.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/JettyHelper.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/JettyHelper.java
index 42dcd64..32d2045 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/JettyHelper.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/JettyHelper.java
@@ -17,7 +17,6 @@
package com.gemstone.gemfire.management.internal;
import java.io.File;
-import java.util.Properties;
import java.util.concurrent.CountDownLatch;
import org.apache.logging.log4j.Logger;
@@ -34,30 +33,32 @@ import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.webapp.WebAppContext;
import com.gemstone.gemfire.GemFireConfigException;
+import com.gemstone.gemfire.internal.admin.SSLConfig;
import com.gemstone.gemfire.internal.lang.StringUtils;
import com.gemstone.gemfire.internal.logging.LogService;
+import com.gemstone.gemfire.internal.net.SSLConfigurationFactory;
+import com.gemstone.gemfire.internal.net.SSLEnabledComponent;
/**
* @since GemFire 8.1
*/
@SuppressWarnings("unused")
public class JettyHelper {
+
private static final Logger logger = LogService.getLogger();
- private static final String FILE_PATH_SEPARATOR = System.getProperty(
- "file.separator");
+ private static final String FILE_PATH_SEPARATOR = System.getProperty("file.separator");
private static final String USER_DIR = System.getProperty("user.dir");
private static final String USER_NAME = System.getProperty("user.name");
-
+
private static final String HTTPS = "https";
private static String bindAddress = "0.0.0.0";
private static int port = 0;
-
- public static Server initJetty(final String bindAddress, final int port, boolean useSSL,
- boolean needClientAuth, String protocols, String ciphers, Properties sysProps) throws Exception {
+
+ public static Server initJetty(final String bindAddress, final int port, SSLConfig sslConfig) throws Exception {
final Server jettyServer = new Server();
@@ -65,82 +66,79 @@ public class JettyHelper {
// to this collection.
jettyServer.setHandler(new HandlerCollection());
ServerConnector connector = null;
-
+
HttpConfiguration httpConfig = new HttpConfiguration();
httpConfig.setSecureScheme(HTTPS);
httpConfig.setSecurePort(port);
- if (useSSL) {
+ if (sslConfig.isEnabled()) {
SslContextFactory sslContextFactory = new SslContextFactory();
-
- sslContextFactory.setNeedClientAuth(needClientAuth);
-
- if (!StringUtils.isBlank(ciphers) && !"any".equalsIgnoreCase(ciphers)) {
+
+ sslContextFactory.setNeedClientAuth(sslConfig.isRequireAuth());
+
+ if (!StringUtils.isBlank(sslConfig.getCiphers()) && !"any".equalsIgnoreCase(sslConfig.getCiphers())) {
//If use has mentioned "any" let the SSL layer decide on the ciphers
- sslContextFactory.setIncludeCipherSuites(SSLUtil.readArray(ciphers));
+ sslContextFactory.setIncludeCipherSuites(SSLUtil.readArray(sslConfig.getCiphers()));
}
- String protocol = SSLUtil.getSSLAlgo(SSLUtil.readArray(protocols));
+ String protocol = SSLUtil.getSSLAlgo(SSLUtil.readArray(sslConfig.getProtocols()));
if (protocol != null) {
sslContextFactory.setProtocol(protocol);
} else {
logger.warn(ManagementStrings.SSL_PROTOCOAL_COULD_NOT_BE_DETERMINED);
}
-
- if (StringUtils.isBlank(sysProps.getProperty("javax.net.ssl.keyStore"))) {
+
+ if (StringUtils.isBlank(sslConfig.getKeystore())) {
throw new GemFireConfigException("Key store can't be empty if SSL is enabled for HttpService");
}
- sslContextFactory.setKeyStorePath(sysProps.getProperty("javax.net.ssl.keyStore"));
+ sslContextFactory.setKeyStorePath(sslConfig.getKeystore());
- if (!StringUtils.isBlank(sysProps.getProperty("javax.net.ssl.keyStoreType"))) {
- sslContextFactory.setKeyStoreType(sysProps.getProperty("javax.net.ssl.keyStoreType"));
+ if (!StringUtils.isBlank(sslConfig.getKeystoreType())) {
+ sslContextFactory.setKeyStoreType(sslConfig.getKeystoreType());
}
- if (!StringUtils.isBlank(sysProps.getProperty("javax.net.ssl.keyStorePassword"))){
- sslContextFactory.setKeyStorePassword(sysProps.getProperty("javax.net.ssl.keyStorePassword"));
+ if (!StringUtils.isBlank(sslConfig.getKeystorePassword())) {
+ sslContextFactory.setKeyStorePassword(sslConfig.getKeystorePassword());
}
- if (!StringUtils.isBlank(sysProps.getProperty("javax.net.ssl.trustStore"))){
- sslContextFactory.setTrustStorePath(sysProps.getProperty("javax.net.ssl.trustStore"));
+ if (!StringUtils.isBlank(sslConfig.getTruststore())) {
+ sslContextFactory.setTrustStorePath(sslConfig.getTruststore());
}
- if (!StringUtils.isBlank(sysProps.getProperty("javax.net.ssl.trustStorePassword"))){
- sslContextFactory.setTrustStorePassword(sysProps.getProperty("javax.net.ssl.trustStorePassword"));
+ if (!StringUtils.isBlank(sslConfig.getTruststorePassword())) {
+ sslContextFactory.setTrustStorePassword(sslConfig.getTruststorePassword());
}
-
httpConfig.addCustomizer(new SecureRequestCustomizer());
//Somehow With HTTP_2.0 Jetty throwing NPE. Need to investigate further whether all GemFire web application(Pulse, REST) can do with HTTP_1.1
- connector = new ServerConnector(jettyServer, new SslConnectionFactory(sslContextFactory,
- HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpConfig));
-
+ connector = new ServerConnector(jettyServer, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpConfig));
+
connector.setPort(port);
} else {
connector = new ServerConnector(jettyServer, new HttpConnectionFactory(httpConfig));
-
+
connector.setPort(port);
}
- jettyServer.setConnectors(new Connector[] { connector});
-
+ jettyServer.setConnectors(new Connector[] { connector });
+
if (!StringUtils.isBlank(bindAddress)) {
connector.setHost(bindAddress);
}
-
+
if (bindAddress != null && !bindAddress.isEmpty()) {
JettyHelper.bindAddress = bindAddress;
}
-
+
JettyHelper.port = port;
return jettyServer;
}
-
public static Server startJetty(final Server jetty) throws Exception {
@@ -148,8 +146,7 @@ public class JettyHelper {
return jetty;
}
- public static Server addWebApplication(final Server jetty,
- final String webAppContext, final String warFilePath) {
+ public static Server addWebApplication(final Server jetty, final String webAppContext, final String warFilePath) {
WebAppContext webapp = new WebAppContext();
webapp.setContextPath(webAppContext);
webapp.setWar(warFilePath);
@@ -166,60 +163,49 @@ public class JettyHelper {
}
-
private static String getWebAppBaseDirectory(final String context) {
String underscoredContext = context.replace("/", "_");
- final String workingDirectory = USER_DIR
- .concat(FILE_PATH_SEPARATOR)
- .concat("GemFire_" + USER_NAME)
- .concat(FILE_PATH_SEPARATOR)
- .concat("services")
- .concat(FILE_PATH_SEPARATOR)
- .concat("http")
- .concat(FILE_PATH_SEPARATOR)
- .concat(
- (StringUtils.isBlank(bindAddress)) ? "0.0.0.0" : bindAddress)
- .concat("_")
- .concat(String.valueOf(port)
- .concat(underscoredContext));
+ final String workingDirectory = USER_DIR.concat(FILE_PATH_SEPARATOR)
+ .concat("GemFire_" + USER_NAME)
+ .concat(FILE_PATH_SEPARATOR)
+ .concat("services")
+ .concat(FILE_PATH_SEPARATOR)
+ .concat("http")
+ .concat(FILE_PATH_SEPARATOR)
+ .concat((StringUtils.isBlank(bindAddress)) ? "0.0.0.0" : bindAddress)
+ .concat("_")
+ .concat(String.valueOf(port).concat(underscoredContext));
return workingDirectory;
}
private static final CountDownLatch latch = new CountDownLatch(1);
- private static String normalizeWebAppArchivePath(
- final String webAppArchivePath) {
- return (webAppArchivePath.startsWith(File.separator) ? new File(
- webAppArchivePath) :
- new File(".", webAppArchivePath)).getAbsolutePath();
+ private static String normalizeWebAppArchivePath(final String webAppArchivePath) {
+ return (webAppArchivePath.startsWith(File.separator) ? new File(webAppArchivePath) : new File(".", webAppArchivePath)).getAbsolutePath();
}
private static String normalizeWebAppContext(final String webAppContext) {
- return (webAppContext.startsWith(
- "/") ? webAppContext : "/" + webAppContext);
+ return (webAppContext.startsWith("/") ? webAppContext : "/" + webAppContext);
}
public static void main(final String... args) throws Exception {
if (args.length > 1) {
System.out.printf("Temporary Directory @ ($1%s)%n", USER_DIR);
- final Server jetty = JettyHelper.initJetty(null, 8090, false, false, null, null, null);
+ final Server jetty = JettyHelper.initJetty(null, 8090, SSLConfigurationFactory.getSSLConfigForComponent(SSLEnabledComponent.HTTP_SERVICE));
for (int index = 0; index < args.length; index += 2) {
final String webAppContext = args[index];
final String webAppArchivePath = args[index + 1];
- JettyHelper.addWebApplication(jetty,
- normalizeWebAppContext(webAppContext),
- normalizeWebAppArchivePath(webAppArchivePath));
+ JettyHelper.addWebApplication(jetty, normalizeWebAppContext(webAppContext), normalizeWebAppArchivePath(webAppArchivePath));
}
JettyHelper.startJetty(jetty);
latch.await();
} else {
- System.out.printf(
- "usage:%n>java com.gemstone.gemfire.management.internal.TomcatHelper <web-app-context> <war-file-path> [<web-app-context> <war-file-path>]*");
+ System.out.printf("usage:%n>java com.gemstone.gemfire.management.internal.TomcatHelper <web-app-context> <war-file-path> [<web-app-context> <war-file-path>]*");
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9891f06e/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java
index bb9bfb4..9a8f83a 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java
@@ -57,6 +57,8 @@ import com.gemstone.gemfire.internal.GemFireVersion;
import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
import com.gemstone.gemfire.internal.lang.StringUtils;
import com.gemstone.gemfire.internal.logging.LogService;
+import com.gemstone.gemfire.internal.net.SSLConfigurationFactory;
+import com.gemstone.gemfire.internal.net.SSLEnabledComponent;
import com.gemstone.gemfire.internal.net.SocketCreator;
import com.gemstone.gemfire.internal.net.SocketCreatorFactory;
import com.gemstone.gemfire.internal.security.shiro.JMXShiroAuthenticator;
@@ -224,8 +226,7 @@ public class ManagementAgent {
boolean isRestWebAppAdded = false;
- this.httpServer = JettyHelper.initJetty(bindAddress, port, this.config.getHttpServiceSSLEnabled(), this.config.getHttpServiceSSLRequireAuthentication(), this.config
- .getHttpServiceSSLProtocols(), this.config.getHttpServiceSSLCiphers(), this.config.getHttpServiceSSLProperties());
+ this.httpServer = JettyHelper.initJetty(bindAddress, port, SSLConfigurationFactory.getSSLConfigForComponent(SSLEnabledComponent.HTTP_SERVICE));
if (agentUtil.isWebApplicationAvailable(gemfireWar)) {
this.httpServer = JettyHelper.addWebApplication(this.httpServer, "/gemfire", gemfireWar);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9891f06e/geode-core/src/main/java/com/gemstone/gemfire/management/internal/RestAgent.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/RestAgent.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/RestAgent.java
index 53f0894..033b9bd 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/RestAgent.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/RestAgent.java
@@ -20,6 +20,9 @@ package com.gemstone.gemfire.management.internal;
import com.gemstone.gemfire.cache.*;
import com.gemstone.gemfire.distributed.internal.DistributionConfig;
import com.gemstone.gemfire.internal.GemFireVersion;
+import com.gemstone.gemfire.internal.admin.SSLConfig;
+import com.gemstone.gemfire.internal.net.SSLConfigurationFactory;
+import com.gemstone.gemfire.internal.net.SSLEnabledComponent;
import com.gemstone.gemfire.internal.net.SocketCreator;
import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
import com.gemstone.gemfire.internal.cache.InternalRegionArguments;
@@ -126,11 +129,7 @@ public class RestAgent {
final int port = this.config.getHttpServicePort();
- this.httpServer = JettyHelper.initJetty(httpServiceBindAddress, port,
- this.config.getHttpServiceSSLEnabled(),
- this.config.getHttpServiceSSLRequireAuthentication(),
- this.config.getHttpServiceSSLProtocols(), this.config.getHttpServiceSSLCiphers(),
- this.config.getHttpServiceSSLProperties());
+ this.httpServer = JettyHelper.initJetty(httpServiceBindAddress, port, SSLConfigurationFactory.getSSLConfigForComponent(SSLEnabledComponent.HTTP_SERVICE));
this.httpServer = JettyHelper.addWebApplication(httpServer, "/gemfire-api", gemfireAPIWar);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9891f06e/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java
index 5c62a31..a813248 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/DistributionConfigJUnitTest.java
@@ -359,6 +359,7 @@ public class DistributionConfigJUnitTest {
@Test
public void testSSLEnabledComponents() {
Properties props = new Properties();
+ props.put(MCAST_PORT, "0");
props.put(CLUSTER_SSL_ENABLED, "true");
props.put(SSL_ENABLED_COMPONENTS, "all");
@@ -368,6 +369,7 @@ public class DistributionConfigJUnitTest {
@Test(expected = IllegalArgumentException.class)
public void testSSLEnabledComponentsLegacyFail() {
Properties props = new Properties();
+ props.put(MCAST_PORT, "0");
props.put(CLUSTER_SSL_ENABLED, "true");
props.put(HTTP_SERVICE_SSL_ENABLED, "true");
props.put(SSL_ENABLED_COMPONENTS, "all");
@@ -377,6 +379,7 @@ public class DistributionConfigJUnitTest {
@Test
public void testSSLEnabledComponentsLegacyPass() {
Properties props = new Properties();
+ props.put(MCAST_PORT, "0");
props.put(CLUSTER_SSL_ENABLED, "true");
props.put(HTTP_SERVICE_SSL_ENABLED, "true");
props.put(SSL_ENABLED_COMPONENTS, "");
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9891f06e/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/InternalDistributedSystemJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/InternalDistributedSystemJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/InternalDistributedSystemJUnitTest.java
index c90a263..d9a1d1b 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/InternalDistributedSystemJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/InternalDistributedSystemJUnitTest.java
@@ -683,10 +683,7 @@ public class InternalDistributedSystemJUnitTest
@Test
public void testDeprecatedSSLProps() {
- Properties props = new Properties();
- props.setProperty(MCAST_PORT, "0");
- props.setProperty(LOCATORS, "");
- props.setProperty(CLUSTER_SSL_ENABLED, "true");
+ Properties props = getCommonProperties();
Config config1 = new DistributionConfigImpl(props, false);
Properties props1 = config1.toProperties();
// For the deprecated ssl-* properties a decision was made
@@ -706,13 +703,10 @@ public class InternalDistributedSystemJUnitTest
@Test
public void testSSLEnabledComponents() {
- Properties props = new Properties();
- props.setProperty(MCAST_PORT, "0");
- props.setProperty(LOCATORS, "");
- props.setProperty(CLUSTER_SSL_ENABLED, "true");
+ Properties props = getCommonProperties();
props.setProperty(SSL_ENABLED_COMPONENTS, "cluster,server");
Config config1 = new DistributionConfigImpl(props, false);
- assertEquals("cluster,server", config1.getAttribute(SSL_ENABLED_COMPONENTS));
+ assertEquals("cluster server", config1.getAttribute(SSL_ENABLED_COMPONENTS));
}
@Rule
@@ -720,10 +714,7 @@ public class InternalDistributedSystemJUnitTest
@Test(expected = IllegalArgumentException.class)
public void testSSLEnabledComponentsWrongComponentName() {
- Properties props = new Properties();
- props.setProperty(MCAST_PORT, "0");
- props.setProperty(LOCATORS, "");
- props.setProperty(CLUSTER_SSL_ENABLED, "true");
+ Properties props = getCommonProperties();
props.setProperty(SSL_ENABLED_COMPONENTS, "testing");
new DistributionConfigImpl(props, false);
illegalArgumentException.expect(IllegalArgumentException.class);
@@ -733,10 +724,9 @@ public class InternalDistributedSystemJUnitTest
@Test(expected = IllegalArgumentException.class)
public void testSSLEnabledComponentsWithLegacyJMXSSLSettings() {
- Properties props = new Properties();
- props.setProperty(CLUSTER_SSL_ENABLED, "true");
- props.setProperty(JMX_MANAGER_SSL_ENABLED, "true");
+ Properties props = getCommonProperties();
props.setProperty(SSL_ENABLED_COMPONENTS, "all");
+ props.setProperty(JMX_MANAGER_SSL_ENABLED, "true");
new DistributionConfigImpl(props, false);
illegalArgumentException.expect(IllegalArgumentException.class);
illegalArgumentException.expectMessage(LocalizedStrings.AbstractDistributionConfig_SSL_ENABLED_COMPONENTS_SET_INVALID_DEPRECATED_SSL_SET.getRawText());
@@ -744,10 +734,9 @@ public class InternalDistributedSystemJUnitTest
@Test(expected = IllegalArgumentException.class)
public void testSSLEnabledComponentsWithLegacyGatewaySSLSettings() {
- Properties props = new Properties();
- props.setProperty(CLUSTER_SSL_ENABLED, "true");
- props.setProperty(GATEWAY_SSL_ENABLED, "true");
+ Properties props = getCommonProperties();
props.setProperty(SSL_ENABLED_COMPONENTS, "all");
+ props.setProperty(GATEWAY_SSL_ENABLED, "true");
new DistributionConfigImpl(props, false);
illegalArgumentException.expect(IllegalArgumentException.class);
@@ -756,10 +745,9 @@ public class InternalDistributedSystemJUnitTest
@Test(expected = IllegalArgumentException.class)
public void testSSLEnabledComponentsWithLegacyServerSSLSettings() {
- Properties props = new Properties();
- props.setProperty(CLUSTER_SSL_ENABLED, "true");
- props.setProperty(SERVER_SSL_ENABLED, "true");
+ Properties props = getCommonProperties();
props.setProperty(SSL_ENABLED_COMPONENTS, "all");
+ props.setProperty(SERVER_SSL_ENABLED, "true");
new DistributionConfigImpl(props, false);
illegalArgumentException.expect(IllegalArgumentException.class);
@@ -768,16 +756,23 @@ public class InternalDistributedSystemJUnitTest
@Test(expected = IllegalArgumentException.class)
public void testSSLEnabledComponentsWithLegacyHTTPServiceSSLSettings() {
- Properties props = new Properties();
- props.setProperty(CLUSTER_SSL_ENABLED, "true");
- props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true");
+ Properties props = getCommonProperties();
props.setProperty(SSL_ENABLED_COMPONENTS, "all");
+ props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true");
new DistributionConfigImpl(props, false);
illegalArgumentException.expect(IllegalArgumentException.class);
illegalArgumentException.expectMessage(LocalizedStrings.AbstractDistributionConfig_SSL_ENABLED_COMPONENTS_SET_INVALID_DEPRECATED_SSL_SET.getRawText());
}
+ private Properties getCommonProperties() {
+ Properties props = new Properties();
+ props.setProperty(MCAST_PORT, "0");
+ props.setProperty(LOCATORS, "");
+ props.setProperty(CLUSTER_SSL_ENABLED, "true");
+ return props;
+ }
+
public static String getHostAddress(InetAddress addr) {
String address = addr.getHostAddress();
if (addr instanceof Inet4Address || (!addr.isLinkLocalAddress() && !addr.isLoopbackAddress())) {
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9891f06e/geode-core/src/test/java/com/gemstone/gemfire/internal/net/JSSESocketJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/internal/net/JSSESocketJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/internal/net/JSSESocketJUnitTest.java
index 63c556b..bbcce71 100755
--- a/geode-core/src/test/java/com/gemstone/gemfire/internal/net/JSSESocketJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/internal/net/JSSESocketJUnitTest.java
@@ -29,6 +29,7 @@ import java.io.StringReader;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
+import java.util.Properties;
import org.apache.logging.log4j.Level;
import org.apache.logging.log4j.LogManager;
@@ -46,6 +47,7 @@ import org.junit.experimental.categories.Category;
import org.junit.rules.TestName;
import com.gemstone.gemfire.distributed.internal.DistributionConfig;
+import com.gemstone.gemfire.distributed.internal.DistributionConfigImpl;
import com.gemstone.gemfire.internal.AvailablePort;
import com.gemstone.gemfire.internal.logging.LogService;
import com.gemstone.gemfire.test.dunit.ThreadUtils;
@@ -120,6 +122,9 @@ public class JSSESocketJUnitTest {
System.setProperty("javax.net.ssl.keyStorePassword", "password");
}
+ DistributionConfigImpl distributionConfig = new DistributionConfigImpl(new Properties());
+
+ SocketCreatorFactory.setDistributionConfig(distributionConfig);
assertTrue(SocketCreatorFactory.getClusterSSLSocketCreator().useSSL());
final ServerSocket serverSocket = SocketCreatorFactory.getClusterSSLSocketCreator().createServerSocket(randport, 0, InetAddress.getByName("localhost"));
@@ -174,7 +179,9 @@ public class JSSESocketJUnitTest {
@Test
public void testClientSocketFactory() {
System.getProperties().put(DistributionConfig.GEMFIRE_PREFIX + "clientSocketFactory", TSocketFactory.class.getName());
- System.getProperties().remove(DistributionConfig.GEMFIRE_PREFIX + CLUSTER_SSL_ENABLED);
+ System.getProperties().put(DistributionConfig.GEMFIRE_PREFIX + CLUSTER_SSL_ENABLED, "false");
+ DistributionConfigImpl distributionConfig = new DistributionConfigImpl(new Properties());
+ SocketCreatorFactory.setDistributionConfig(distributionConfig);
factoryInvoked = false;
try {
try {
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9891f06e/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SocketCreatorFactoryJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SocketCreatorFactoryJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SocketCreatorFactoryJUnitTest.java
index c4d6846..442467f 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SocketCreatorFactoryJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SocketCreatorFactoryJUnitTest.java
@@ -123,6 +123,7 @@ public class SocketCreatorFactoryJUnitTest extends JSSESocketJUnitTest {
Properties properties = configureSSLProperties(SSLEnabledComponents.SERVER);
DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
+
SocketCreatorFactory.setDistributionConfig(distributionConfig);
Assert.assertFalse(SocketCreatorFactory.getClusterSSLSocketCreator().useSSL());
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9891f06e/geode-core/src/test/java/com/gemstone/gemfire/management/internal/JettyHelperJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/JettyHelperJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/JettyHelperJUnitTest.java
index 1c66780..b53f39c 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/JettyHelperJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/JettyHelperJUnitTest.java
@@ -23,6 +23,10 @@ import org.eclipse.jetty.server.ServerConnector;
import org.junit.Test;
import org.junit.experimental.categories.Category;
+import com.gemstone.gemfire.internal.admin.SSLConfig;
+import com.gemstone.gemfire.internal.net.SSLConfigurationFactory;
+import com.gemstone.gemfire.internal.net.SSLEnabledComponent;
+import com.gemstone.gemfire.internal.net.SocketCreatorFactory;
import com.gemstone.gemfire.test.junit.categories.UnitTest;
/**
@@ -40,7 +44,7 @@ public class JettyHelperJUnitTest {
@Test
public void testSetPortNoBindAddress() throws Exception {
- final Server jetty = JettyHelper.initJetty(null, 8090, false, false, null, null, null);
+ final Server jetty = JettyHelper.initJetty(null, 8090, SSLConfigurationFactory.getSSLConfigForComponent(SSLEnabledComponent.HTTP_SERVICE));
assertNotNull(jetty);
assertNotNull(jetty.getConnectors()[0]);
@@ -50,7 +54,7 @@ public class JettyHelperJUnitTest {
@Test
public void testSetPortWithBindAddress() throws Exception {
- final Server jetty = JettyHelper.initJetty("10.123.50.1", 10480, false, false, null, null, null);
+ final Server jetty = JettyHelper.initJetty("10.123.50.1", 10480, SSLConfigurationFactory.getSSLConfigForComponent(SSLEnabledComponent.HTTP_SERVICE));
assertNotNull(jetty);
assertNotNull(jetty.getConnectors()[0]);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9891f06e/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CreateAlterDestroyRegionCommandsDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CreateAlterDestroyRegionCommandsDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CreateAlterDestroyRegionCommandsDUnitTest.java
index 5704ad7..2e61c23 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CreateAlterDestroyRegionCommandsDUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/internal/cli/commands/CreateAlterDestroyRegionCommandsDUnitTest.java
@@ -785,7 +785,7 @@ public class CreateAlterDestroyRegionCommandsDUnitTest extends CliCommandTestBas
// Start the default manager
Properties managerProps = new Properties();
managerProps.setProperty(MCAST_PORT, "0");
- managerProps.setProperty(LOCATORS, "localhost:" + locatorPort);
+ managerProps.setProperty(LOCATORS, "localhost[" + locatorPort+"]");
setUpJmxManagerOnVm0ThenConnect(managerProps);
// Create a cache in VM 1
@@ -793,7 +793,7 @@ public class CreateAlterDestroyRegionCommandsDUnitTest extends CliCommandTestBas
vm.invoke(() -> {
Properties localProps = new Properties();
localProps.setProperty(MCAST_PORT, "0");
- localProps.setProperty(LOCATORS, "localhost:" + locatorPort);
+ localProps.setProperty(LOCATORS, "localhost[" + locatorPort+"]");
localProps.setProperty(GROUPS, groupName);
getSystem(localProps);
assertNotNull(getCache());
@@ -831,7 +831,7 @@ public class CreateAlterDestroyRegionCommandsDUnitTest extends CliCommandTestBas
Properties localProps = new Properties();
localProps.setProperty(MCAST_PORT, "0");
- localProps.setProperty(LOCATORS, "localhost:" + locatorPort);
+ localProps.setProperty(LOCATORS, "localhost[" + locatorPort+"]");
localProps.setProperty(GROUPS, groupName);
localProps.setProperty(USE_CLUSTER_CONFIGURATION, "true");
getSystem(localProps);
@@ -873,7 +873,7 @@ public class CreateAlterDestroyRegionCommandsDUnitTest extends CliCommandTestBas
Properties localProps = new Properties();
localProps.setProperty(MCAST_PORT, "0");
- localProps.setProperty(LOCATORS, "localhost:" + locatorPort);
+ localProps.setProperty(LOCATORS, "localhost[" + locatorPort+"]");
localProps.setProperty(GROUPS, groupName);
localProps.setProperty(USE_CLUSTER_CONFIGURATION, "true");
getSystem(localProps);
@@ -919,7 +919,7 @@ public class CreateAlterDestroyRegionCommandsDUnitTest extends CliCommandTestBas
// Start the default manager
Properties managerProps = new Properties();
managerProps.setProperty(MCAST_PORT, "0");
- managerProps.setProperty(LOCATORS, "localhost:" + locatorPort);
+ managerProps.setProperty(LOCATORS, "localhost[" + locatorPort+"]");
setUpJmxManagerOnVm0ThenConnect(managerProps);
// Create a cache in VM 1
@@ -927,7 +927,7 @@ public class CreateAlterDestroyRegionCommandsDUnitTest extends CliCommandTestBas
vm.invoke(() -> {
Properties localProps = new Properties();
localProps.setProperty(MCAST_PORT, "0");
- localProps.setProperty(LOCATORS, "localhost:" + locatorPort);
+ localProps.setProperty(LOCATORS, "localhost[" + locatorPort+"]");
localProps.setProperty(GROUPS, groupName);
getSystem(localProps);
assertNotNull(getCache());
@@ -983,7 +983,7 @@ public class CreateAlterDestroyRegionCommandsDUnitTest extends CliCommandTestBas
Properties localProps = new Properties();
localProps.setProperty(MCAST_PORT, "0");
- localProps.setProperty(LOCATORS, "localhost:" + locatorPort);
+ localProps.setProperty(LOCATORS, "localhost[" + locatorPort+"]");
localProps.setProperty(GROUPS, groupName);
localProps.setProperty(USE_CLUSTER_CONFIGURATION, "true");
getSystem(localProps);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9891f06e/geode-core/src/test/java/com/gemstone/gemfire/test/dunit/internal/JUnit4DistributedTestCase.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/test/dunit/internal/JUnit4DistributedTestCase.java b/geode-core/src/test/java/com/gemstone/gemfire/test/dunit/internal/JUnit4DistributedTestCase.java
index bed3cad..46744ed 100755
--- a/geode-core/src/test/java/com/gemstone/gemfire/test/dunit/internal/JUnit4DistributedTestCase.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/test/dunit/internal/JUnit4DistributedTestCase.java
@@ -31,6 +31,7 @@ import com.gemstone.gemfire.distributed.DistributedSystem;
import com.gemstone.gemfire.distributed.internal.DistributionConfig;
import com.gemstone.gemfire.distributed.internal.DistributionMessageObserver;
import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem;
+import com.gemstone.gemfire.internal.net.SSLConfigurationFactory;
import com.gemstone.gemfire.internal.net.SocketCreator;
import com.gemstone.gemfire.internal.admin.ClientStatsManager;
import com.gemstone.gemfire.internal.cache.*;
@@ -155,6 +156,7 @@ public abstract class JUnit4DistributedTestCase implements DistributedTestFixtur
if (system == null || !system.isConnected()) {
// Figure out our distributed system properties
SocketCreatorFactory.close();
+ SSLConfigurationFactory.close();
Properties p = DistributedTestUtils.getAllDistributedSystemProperties(props);
lastSystemCreatedInTest = getTestClass(); // used to be getDeclaringClass()
if (logPerTest) {
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9891f06e/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/testbed/driver/PulseUITest.java
----------------------------------------------------------------------
diff --git a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/testbed/driver/PulseUITest.java b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/testbed/driver/PulseUITest.java
index 24ba815..35339d7 100644
--- a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/testbed/driver/PulseUITest.java
+++ b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/testbed/driver/PulseUITest.java
@@ -35,6 +35,8 @@ import org.openqa.selenium.firefox.FirefoxDriver;
import org.openqa.selenium.support.ui.ExpectedCondition;
import org.openqa.selenium.support.ui.WebDriverWait;
+import com.gemstone.gemfire.internal.net.SSLConfigurationFactory;
+import com.gemstone.gemfire.internal.net.SSLEnabledComponent;
import com.gemstone.gemfire.management.internal.JettyHelper;
import com.gemstone.gemfire.test.junit.categories.UITest;
import com.vmware.gemfire.tools.pulse.testbed.GemFireDistributedSystem.Locator;
@@ -70,7 +72,7 @@ public class PulseUITest {
path = getPulseWarPath();
//System.setProperty("pulse.propMockDataUpdaterClass", "com.vmware.gemfire.tools.pulse.testbed.PropMockDataUpdater");
- jetty = JettyHelper.initJetty(host, port, false, false, null, null, null);
+ jetty = JettyHelper.initJetty(host, port, SSLConfigurationFactory.getSSLConfigForComponent(SSLEnabledComponent.HTTP_SERVICE));
JettyHelper.addWebApplication(jetty, context, getPulseWarPath());
jetty.start();
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9891f06e/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAbstractTest.java
----------------------------------------------------------------------
diff --git a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAbstractTest.java b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAbstractTest.java
index 23c7f75..e5cd058 100644
--- a/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAbstractTest.java
+++ b/geode-pulse/src/test/java/com/vmware/gemfire/tools/pulse/tests/PulseAbstractTest.java
@@ -44,6 +44,8 @@ import org.openqa.selenium.support.ui.ExpectedCondition;
import org.openqa.selenium.support.ui.ExpectedConditions;
import org.openqa.selenium.support.ui.WebDriverWait;
+import com.gemstone.gemfire.internal.net.SSLConfigurationFactory;
+import com.gemstone.gemfire.internal.net.SSLEnabledComponent;
import com.gemstone.gemfire.management.internal.JettyHelper;
import com.vmware.gemfire.tools.pulse.internal.data.PulseConstants;
@@ -145,7 +147,7 @@ public abstract class PulseAbstractTest extends PulseBaseTest {
int port = 8080;
String context = "/pulse";
- jetty = JettyHelper.initJetty(host, port, false, false, null, null, null);
+ jetty = JettyHelper.initJetty(host, port, SSLConfigurationFactory.getSSLConfigForComponent(SSLEnabledComponent.HTTP_SERVICE));
JettyHelper.addWebApplication(jetty, context, getPulseWarPath());
jetty.start();
[2/2] incubator-geode git commit: GEODE-420: Added
SSLConfigurationFactory to have a single location that determines the
SSLConfiguration. Amended all affected classes
Posted by ud...@apache.org.
GEODE-420: Added SSLConfigurationFactory to have a single location that determines the SSLConfiguration. Amended all affected classes
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/9891f06e
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/9891f06e
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/9891f06e
Branch: refs/heads/feature/GEODE-420
Commit: 9891f06ed5f7222851c3176a160172ac2f8d0feb
Parents: 399a638
Author: Udo Kohlmeyer <uk...@pivotal.io>
Authored: Thu Jul 21 09:16:45 2016 -0700
Committer: Udo Kohlmeyer <uk...@pivotal.io>
Committed: Thu Jul 21 09:16:45 2016 -0700
----------------------------------------------------------------------
.../controllers/RestAPIsWithSSLDUnitTest.java | 314 ++++++++++++++----
.../internal/InternalDistributedSystem.java | 1 +
.../gemfire/internal/admin/SSLConfig.java | 217 ++++++++-----
.../internal/net/SSLConfigurationFactory.java | 279 ++++++++++++++++
.../internal/net/SSLEnabledComponent.java | 53 ++++
.../gemfire/internal/net/SocketCreator.java | 316 ++++++++-----------
.../internal/net/SocketCreatorFactory.java | 112 ++-----
.../management/internal/JettyHelper.java | 116 +++----
.../management/internal/ManagementAgent.java | 5 +-
.../gemfire/management/internal/RestAgent.java | 9 +-
.../internal/DistributionConfigJUnitTest.java | 3 +
.../InternalDistributedSystemJUnitTest.java | 45 ++-
.../internal/net/JSSESocketJUnitTest.java | 9 +-
.../net/SocketCreatorFactoryJUnitTest.java | 1 +
.../internal/JettyHelperJUnitTest.java | 8 +-
...eateAlterDestroyRegionCommandsDUnitTest.java | 14 +-
.../internal/JUnit4DistributedTestCase.java | 2 +
.../tools/pulse/testbed/driver/PulseUITest.java | 4 +-
.../tools/pulse/tests/PulseAbstractTest.java | 4 +-
19 files changed, 998 insertions(+), 514 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9891f06e/geode-assembly/src/test/java/com/gemstone/gemfire/rest/internal/web/controllers/RestAPIsWithSSLDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-assembly/src/test/java/com/gemstone/gemfire/rest/internal/web/controllers/RestAPIsWithSSLDUnitTest.java b/geode-assembly/src/test/java/com/gemstone/gemfire/rest/internal/web/controllers/RestAPIsWithSSLDUnitTest.java
index f01ab4b..f641c09 100644
--- a/geode-assembly/src/test/java/com/gemstone/gemfire/rest/internal/web/controllers/RestAPIsWithSSLDUnitTest.java
+++ b/geode-assembly/src/test/java/com/gemstone/gemfire/rest/internal/web/controllers/RestAPIsWithSSLDUnitTest.java
@@ -16,20 +16,50 @@
*/
package com.gemstone.gemfire.rest.internal.web.controllers;
-import org.junit.experimental.categories.Category;
-import org.junit.Test;
-
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
import static org.junit.Assert.*;
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.net.BindException;
+import java.security.KeyStore;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+import javax.net.ssl.SSLContext;
-import com.gemstone.gemfire.cache.*;
+import org.apache.http.HttpEntity;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.conn.ssl.SSLContexts;
+import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
+import org.json.JSONObject;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.cache.AttributesFactory;
+import com.gemstone.gemfire.cache.Cache;
+import com.gemstone.gemfire.cache.CacheFactory;
+import com.gemstone.gemfire.cache.DataPolicy;
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.RegionAttributes;
+import com.gemstone.gemfire.cache.RegionFactory;
+import com.gemstone.gemfire.cache.RegionShortcut;
import com.gemstone.gemfire.cache.client.ClientCache;
import com.gemstone.gemfire.cache.client.ClientCacheFactory;
import com.gemstone.gemfire.cache.client.ClientRegionShortcut;
import com.gemstone.gemfire.cache.client.internal.LocatorTestBase;
import com.gemstone.gemfire.cache.server.CacheServer;
import com.gemstone.gemfire.distributed.DistributedSystem;
+import com.gemstone.gemfire.distributed.SSLEnabledComponents;
import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem;
import com.gemstone.gemfire.internal.AvailablePort;
import com.gemstone.gemfire.internal.AvailablePortHelper;
@@ -39,30 +69,10 @@ import com.gemstone.gemfire.test.dunit.Host;
import com.gemstone.gemfire.test.dunit.IgnoredException;
import com.gemstone.gemfire.test.dunit.NetworkUtils;
import com.gemstone.gemfire.test.dunit.VM;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
import com.gemstone.gemfire.util.test.TestUtil;
-import org.apache.http.HttpEntity;
-import org.apache.http.client.methods.CloseableHttpResponse;
-import org.apache.http.client.methods.HttpGet;
-import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
-import org.apache.http.conn.ssl.SSLContexts;
-import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
-import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.impl.client.HttpClients;
-import org.json.JSONObject;
-
-import javax.net.ssl.SSLContext;
-import java.io.*;
-import java.net.BindException;
-import java.security.KeyStore;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Properties;
-
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
/**
- *
* @since GemFire 8.0
*/
@Category(DistributedTest.class)
@@ -98,8 +108,12 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
}
@SuppressWarnings("deprecation")
- protected int startBridgeServer(String hostName, int restServicePort, final String locators, final String[] regions,
- final Properties sslProperties, boolean clusterLevel) {
+ protected int startBridgeServer(String hostName,
+ int restServicePort,
+ final String locators,
+ final String[] regions,
+ final Properties sslProperties,
+ boolean clusterLevel) {
Properties props = new Properties();
props.setProperty(MCAST_PORT, "0");
@@ -109,7 +123,7 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
props.setProperty(HTTP_SERVICE_PORT, String.valueOf(restServicePort));
System.setProperty("javax.net.debug", "ssl,handshake");
- configureSSL(props, sslProperties, clusterLevel);
+ props = configureSSL(props, sslProperties, clusterLevel);
DistributedSystem ds = getSystem(props);
Cache cache = CacheFactory.create(ds);
@@ -161,8 +175,9 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
region.putAll(userMap);
- if (clientCache != null)
+ if (clientCache != null) {
clientCache.getLogger().info("Gemfire Cache Client: Puts successfully done");
+ }
}
@@ -193,14 +208,13 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
final String hostName = server.getHost().getHostName();
final int restServicePort = AvailablePortHelper.getRandomAvailableTCPPort();
startBridgeServer(hostName, restServicePort, locators, new String[] { REGION_NAME }, sslProperties, clusterLevel);
+ // String restEndpoint = "https://" + hostName + ":" + restServicePort + "/gemfire-api/v1";
return "https://" + hostName + ":" + restServicePort + "/gemfire-api/v1";
});
// create a client cache
client.invoke("Create ClientCache", () -> {
- new ClientCacheFactory()
- .setPdxReadSerialized(true)
- .addPoolLocator(locatorHostName, locatorPort).create();
+ new ClientCacheFactory().setPdxReadSerialized(true).addPoolLocator(locatorHostName, locatorPort).create();
return null;
});
@@ -226,14 +240,13 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
// stop the client and make sure the bridge server notifies
// stopBridgeMemberVM(client);
- locator.invoke(()-> closeCache());
- manager.invoke(()-> closeCache());
- server.invoke(()-> closeCache());
- client.invoke(()-> closeCache());
+ locator.invoke(() -> closeCache());
+ manager.invoke(() -> closeCache());
+ server.invoke(() -> closeCache());
+ client.invoke(() -> closeCache());
}
- private void closeCache()
- {
+ private void closeCache() {
GemFireCacheImpl cache = GemFireCacheImpl.getInstance();
if (cache != null && !cache.isClosed()) {
cache.close();
@@ -248,20 +261,17 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
}
}
- private void configureSSL(Properties props, Properties sslProperties, boolean clusterLevel) {
+ private Properties configureSSL(Properties props, Properties sslProperties, boolean clusterLevel) {
if (clusterLevel) {
sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_ENABLED, CLUSTER_SSL_ENABLED);
sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_KEYSTORE, CLUSTER_SSL_KEYSTORE);
- sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_KEYSTORE_PASSWORD,
- CLUSTER_SSL_KEYSTORE_PASSWORD);
+ sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_KEYSTORE_PASSWORD, CLUSTER_SSL_KEYSTORE_PASSWORD);
sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_KEYSTORE_TYPE, CLUSTER_SSL_KEYSTORE_TYPE);
sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_PROTOCOLS, CLUSTER_SSL_PROTOCOLS);
- sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_REQUIRE_AUTHENTICATION,
- CLUSTER_SSL_REQUIRE_AUTHENTICATION);
+ sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_REQUIRE_AUTHENTICATION, CLUSTER_SSL_REQUIRE_AUTHENTICATION);
sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_TRUSTSTORE, CLUSTER_SSL_TRUSTSTORE);
- sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_TRUSTSTORE_PASSWORD,
- CLUSTER_SSL_TRUSTSTORE_PASSWORD);
+ sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_TRUSTSTORE_PASSWORD, CLUSTER_SSL_TRUSTSTORE_PASSWORD);
} else {
sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_ENABLED, null);
sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_KEYSTORE, null);
@@ -272,6 +282,20 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_TRUSTSTORE, null);
sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_TRUSTSTORE_PASSWORD, null);
}
+ String sslEnabledComponentsProperty = sslProperties.getProperty(SSL_ENABLED_COMPONENTS);
+ if (sslEnabledComponentsProperty != null && sslEnabledComponentsProperty.length() > 0) {
+ sslPropertyConverter(sslProperties, props, CLUSTER_SSL_ENABLED, null);
+ sslPropertyConverter(sslProperties, props, CLUSTER_SSL_KEYSTORE, null);
+ sslPropertyConverter(sslProperties, props, CLUSTER_SSL_KEYSTORE_PASSWORD, null);
+ sslPropertyConverter(sslProperties, props, CLUSTER_SSL_KEYSTORE_TYPE, null);
+ sslPropertyConverter(sslProperties, props, CLUSTER_SSL_PROTOCOLS, null);
+ sslPropertyConverter(sslProperties, props, CLUSTER_SSL_REQUIRE_AUTHENTICATION, null);
+ sslPropertyConverter(sslProperties, props, CLUSTER_SSL_TRUSTSTORE, null);
+ sslPropertyConverter(sslProperties, props, CLUSTER_SSL_TRUSTSTORE_PASSWORD, null);
+ sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_ALIAS, null);
+ sslPropertyConverter(sslProperties, props, SSL_ENABLED_COMPONENTS, null);
+ }
+ return props;
}
private int startManager(final String locators, final String[] regions, final Properties sslProperties) throws IOException {
@@ -291,21 +315,18 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
while (true) {
try {
DistributedSystem ds = getSystem(props);
- System.out.println("Creating cache with http-service-port " + props.getProperty(HTTP_SERVICE_PORT, "7070")
- + " and jmx-manager-port " + props.getProperty(JMX_MANAGER_PORT, "1099"));
+ System.out.println("Creating cache with http-service-port " + props.getProperty(HTTP_SERVICE_PORT, "7070") + " and jmx-manager-port " + props.getProperty(JMX_MANAGER_PORT, "1099"));
cache = CacheFactory.create(ds);
System.out.println("Successfully created cache.");
break;
} catch (ManagementException ex) {
- if ((ex.getCause() instanceof BindException)
- || (ex.getCause() != null && ex.getCause().getCause() instanceof BindException)) {
+ if ((ex.getCause() instanceof BindException) || (ex.getCause() != null && ex.getCause().getCause() instanceof BindException)) {
//close cache and disconnect
GemFireCacheImpl existingInstance = GemFireCacheImpl.getInstance();
if (existingInstance != null) {
existingInstance.close();
}
- InternalDistributedSystem ids = InternalDistributedSystem
- .getConnectedInstance();
+ InternalDistributedSystem ids = InternalDistributedSystem.getConnectedInstance();
if (ids != null) {
ids.disconnect();
}
@@ -357,14 +378,13 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
// this is needed
SSLContext sslcontext = SSLContexts.custom()
- .loadTrustMaterial(clientKeys, new TrustSelfSignedStrategy())
- .loadKeyMaterial(clientKeys, "password".toCharArray())
- .build();
+ .loadTrustMaterial(clientKeys, new TrustSelfSignedStrategy())
+ .loadKeyMaterial(clientKeys, "password".toCharArray())
+ .build();
// Host checking is disabled here , as tests might run on multiple hosts and
// host entries can not be assumed
- SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext,
- SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
+ SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
@@ -413,16 +433,176 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
public void testSimpleSSL() throws Exception {
Properties props = new Properties();
+ props.setProperty(CLUSTER_SSL_ENABLED, "true");
+ props.setProperty(CLUSTER_SSL_KEYSTORE, jks.getCanonicalPath());
+ props.setProperty(CLUSTER_SSL_KEYSTORE_PASSWORD, "password");
+ props.setProperty(CLUSTER_SSL_KEYSTORE_TYPE, "JKS");
+ props.setProperty(SSL_ENABLED_COMPONENTS, SSLEnabledComponents.HTTP_SERVICE);
+ String restEndpoint = startInfraWithSSL(props, false);
+ validateConnection(restEndpoint, "SSL");
+ }
+
+ @Test
+ public void testSSLWithoutKeyStoreType() throws Exception {
+ Properties props = new Properties();
+ props.setProperty(CLUSTER_SSL_ENABLED, "true");
+ props.setProperty(CLUSTER_SSL_KEYSTORE, jks.getCanonicalPath());
+ props.setProperty(CLUSTER_SSL_KEYSTORE_PASSWORD, "password");
+ props.setProperty(SSL_ENABLED_COMPONENTS, SSLEnabledComponents.HTTP_SERVICE);
+
+ String restEndpoint = startInfraWithSSL(props, false);
+ validateConnection(restEndpoint, "SSL");
+ }
+
+ @Test
+ public void testSSLWithSSLProtocol() throws Exception {
+ Properties props = new Properties();
+ props.setProperty(CLUSTER_SSL_ENABLED, "true");
+ props.setProperty(CLUSTER_SSL_KEYSTORE, jks.getCanonicalPath());
+ props.setProperty(CLUSTER_SSL_KEYSTORE_PASSWORD, "password");
+ props.setProperty(CLUSTER_SSL_KEYSTORE_TYPE, "JKS");
+ props.setProperty(CLUSTER_SSL_PROTOCOLS, "SSL");
+ props.setProperty(SSL_ENABLED_COMPONENTS, SSLEnabledComponents.HTTP_SERVICE);
+
+ String restEndpoint = startInfraWithSSL(props, false);
+ validateConnection(restEndpoint, "SSL");
+ }
+
+ @Test
+ public void testSSLWithTLSProtocol() throws Exception {
+ Properties props = new Properties();
+ props.setProperty(CLUSTER_SSL_ENABLED, "true");
+ props.setProperty(CLUSTER_SSL_KEYSTORE, jks.getCanonicalPath());
+ props.setProperty(CLUSTER_SSL_KEYSTORE_PASSWORD, "password");
+ props.setProperty(CLUSTER_SSL_KEYSTORE_TYPE, "JKS");
+ props.setProperty(CLUSTER_SSL_PROTOCOLS, "TLS");
+ props.setProperty(SSL_ENABLED_COMPONENTS, SSLEnabledComponents.HTTP_SERVICE);
+
+ String restEndpoint = startInfraWithSSL(props, false);
+ validateConnection(restEndpoint, "TLS");
+ }
+
+ @Test
+ public void testSSLWithTLSv11Protocol() throws Exception {
+ Properties props = new Properties();
+ props.setProperty(CLUSTER_SSL_ENABLED, "true");
+ props.setProperty(CLUSTER_SSL_KEYSTORE, jks.getCanonicalPath());
+ props.setProperty(CLUSTER_SSL_KEYSTORE_PASSWORD, "password");
+ props.setProperty(CLUSTER_SSL_KEYSTORE_TYPE, "JKS");
+ props.setProperty(CLUSTER_SSL_PROTOCOLS, "TLSv1.1");
+ props.setProperty(SSL_ENABLED_COMPONENTS, SSLEnabledComponents.HTTP_SERVICE);
+
+ String restEndpoint = startInfraWithSSL(props, false);
+ validateConnection(restEndpoint, "TLSv1.1");
+ }
+
+ @Test
+ public void testSSLWithTLSv12Protocol() throws Exception {
+ Properties props = new Properties();
+ props.setProperty(CLUSTER_SSL_ENABLED, "true");
+ props.setProperty(CLUSTER_SSL_KEYSTORE, jks.getCanonicalPath());
+ props.setProperty(CLUSTER_SSL_KEYSTORE_PASSWORD, "password");
+ props.setProperty(CLUSTER_SSL_KEYSTORE_TYPE, "JKS");
+ props.setProperty(CLUSTER_SSL_PROTOCOLS, "TLSv1.2");
+ props.setProperty(SSL_ENABLED_COMPONENTS, SSLEnabledComponents.HTTP_SERVICE);
+
+ String restEndpoint = startInfraWithSSL(props, false);
+ validateConnection(restEndpoint, "TLSv1.2");
+ }
+
+ @Test
+ public void testWithMultipleProtocol() throws Exception {
+ Properties props = new Properties();
+ props.setProperty(CLUSTER_SSL_ENABLED, "true");
+ props.setProperty(CLUSTER_SSL_KEYSTORE, jks.getCanonicalPath());
+ props.setProperty(CLUSTER_SSL_KEYSTORE_PASSWORD, "password");
+ props.setProperty(CLUSTER_SSL_KEYSTORE_TYPE, "JKS");
+ props.setProperty(CLUSTER_SSL_PROTOCOLS, "SSL,TLSv1.2");
+ props.setProperty(SSL_ENABLED_COMPONENTS, SSLEnabledComponents.HTTP_SERVICE);
+
+ String restEndpoint = startInfraWithSSL(props, false);
+ validateConnection(restEndpoint, "TLSv1.2");
+ }
+
+ @Test
+ public void testSSLWithCipherSuite() throws Exception {
+ System.setProperty("javax.net.debug", "ssl");
+ Properties props = new Properties();
+ props.setProperty(CLUSTER_SSL_ENABLED, "true");
+ props.setProperty(CLUSTER_SSL_KEYSTORE, jks.getCanonicalPath());
+ props.setProperty(CLUSTER_SSL_KEYSTORE_PASSWORD, "password");
+ props.setProperty(CLUSTER_SSL_KEYSTORE_TYPE, "JKS");
+ props.setProperty(CLUSTER_SSL_PROTOCOLS, "TLSv1.2");
+ props.setProperty(SSL_ENABLED_COMPONENTS, SSLEnabledComponents.HTTP_SERVICE);
+
+ SSLContext ssl = SSLContext.getInstance("TLSv1.2");
+
+ ssl.init(null, null, new java.security.SecureRandom());
+ String[] cipherSuites = ssl.getSocketFactory().getSupportedCipherSuites();
+
+ props.setProperty(CLUSTER_SSL_CIPHERS, cipherSuites[0]);
+
+ String restEndpoint = startInfraWithSSL(props, false);
+ validateConnection(restEndpoint, "TLSv1.2");
+ }
+
+ @Test
+ public void testSSLWithMultipleCipherSuite() throws Exception {
+ Properties props = new Properties();
+ props.setProperty(CLUSTER_SSL_ENABLED, "true");
+ props.setProperty(CLUSTER_SSL_KEYSTORE, jks.getCanonicalPath());
+ props.setProperty(CLUSTER_SSL_KEYSTORE_PASSWORD, "password");
+ props.setProperty(CLUSTER_SSL_KEYSTORE_TYPE, "JKS");
+ props.setProperty(CLUSTER_SSL_PROTOCOLS, "TLSv1.2");
+ props.setProperty(SSL_ENABLED_COMPONENTS, SSLEnabledComponents.HTTP_SERVICE);
+
+ SSLContext ssl = SSLContext.getInstance("TLSv1.2");
+
+ ssl.init(null, null, new java.security.SecureRandom());
+ String[] cipherSuites = ssl.getSocketFactory().getSupportedCipherSuites();
+
+ props.setProperty(CLUSTER_SSL_CIPHERS, cipherSuites[0] + "," + cipherSuites[1]);
+
+ String restEndpoint = startInfraWithSSL(props, false);
+ validateConnection(restEndpoint, "TLSv1.2");
+ }
+
+ @Test
+ public void testMutualAuthentication() throws Exception {
+ Properties props = new Properties();
+
+ props.setProperty(HTTP_SERVICE_SSL_TRUSTSTORE, jks.getCanonicalPath());
+
+ props.setProperty(HTTP_SERVICE_SSL_TRUSTSTORE_PASSWORD, "password");
+
+ props.setProperty(CLUSTER_SSL_ENABLED, "true");
+ props.setProperty(CLUSTER_SSL_KEYSTORE, jks.getCanonicalPath());
+ props.setProperty(CLUSTER_SSL_KEYSTORE_PASSWORD, "password");
+ props.setProperty(CLUSTER_SSL_TRUSTSTORE, jks.getCanonicalPath());
+ props.setProperty(CLUSTER_SSL_TRUSTSTORE_PASSWORD, "password");
+ props.setProperty(CLUSTER_SSL_KEYSTORE_TYPE, "JKS");
+ props.setProperty(CLUSTER_SSL_PROTOCOLS, "SSL");
+ props.setProperty(CLUSTER_SSL_REQUIRE_AUTHENTICATION, "true");
+ props.setProperty(SSL_ENABLED_COMPONENTS, SSLEnabledComponents.HTTP_SERVICE);
+
+ String restEndpoint = startInfraWithSSL(props, false);
+ validateConnection(restEndpoint, "SSL");
+ }
+
+ @Test
+ public void testSimpleSSLLegacy() throws Exception {
+
+ Properties props = new Properties();
props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true");
props.setProperty(HTTP_SERVICE_SSL_KEYSTORE, jks.getCanonicalPath());
props.setProperty(HTTP_SERVICE_SSL_KEYSTORE_PASSWORD, "password");
props.setProperty(HTTP_SERVICE_SSL_KEYSTORE_TYPE, "JKS");
- String restEndpoint = startInfraWithSSL(props,false);
+ String restEndpoint = startInfraWithSSL(props, false);
validateConnection(restEndpoint, "SSL");
}
@Test
- public void testSSLWithoutKeyStoreType() throws Exception {
+ public void testSSLWithoutKeyStoreTypeLegacy() throws Exception {
Properties props = new Properties();
props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true");
props.setProperty(HTTP_SERVICE_SSL_KEYSTORE, jks.getCanonicalPath());
@@ -433,7 +613,7 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
}
@Test
- public void testSSLWithSSLProtocol() throws Exception {
+ public void testSSLWithSSLProtocolLegacy() throws Exception {
Properties props = new Properties();
props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true");
props.setProperty(HTTP_SERVICE_SSL_KEYSTORE, jks.getCanonicalPath());
@@ -445,7 +625,7 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
}
@Test
- public void testSSLWithTLSProtocol() throws Exception {
+ public void testSSLWithTLSProtocolLegacy() throws Exception {
Properties props = new Properties();
props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true");
props.setProperty(HTTP_SERVICE_SSL_KEYSTORE, jks.getCanonicalPath());
@@ -457,7 +637,7 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
}
@Test
- public void testSSLWithTLSv11Protocol() throws Exception {
+ public void testSSLWithTLSv11ProtocolLegacy() throws Exception {
Properties props = new Properties();
props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true");
props.setProperty(HTTP_SERVICE_SSL_KEYSTORE, jks.getCanonicalPath());
@@ -469,7 +649,7 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
}
@Test
- public void testSSLWithTLSv12Protocol() throws Exception {
+ public void testSSLWithTLSv12ProtocolLegacy() throws Exception {
Properties props = new Properties();
props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true");
props.setProperty(HTTP_SERVICE_SSL_KEYSTORE, jks.getCanonicalPath());
@@ -481,7 +661,7 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
}
@Test
- public void testWithMultipleProtocol() throws Exception {
+ public void testWithMultipleProtocolLegacy() throws Exception {
Properties props = new Properties();
props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true");
props.setProperty(HTTP_SERVICE_SSL_KEYSTORE, jks.getCanonicalPath());
@@ -493,7 +673,7 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
}
@Test
- public void testSSLWithCipherSuite() throws Exception {
+ public void testSSLWithCipherSuiteLegacy() throws Exception {
System.setProperty("javax.net.debug", "ssl");
Properties props = new Properties();
props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true");
@@ -513,7 +693,7 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
}
@Test
- public void testSSLWithMultipleCipherSuite() throws Exception {
+ public void testSSLWithMultipleCipherSuiteLegacy() throws Exception {
Properties props = new Properties();
props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true");
props.setProperty(HTTP_SERVICE_SSL_KEYSTORE, jks.getCanonicalPath());
@@ -532,7 +712,7 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
}
@Test
- public void testMutualAuthentication() throws Exception {
+ public void testMutualAuthenticationLegacy() throws Exception {
Properties props = new Properties();
props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true");
props.setProperty(HTTP_SERVICE_SSL_KEYSTORE, jks.getCanonicalPath());
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9891f06e/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/InternalDistributedSystem.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/InternalDistributedSystem.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/InternalDistributedSystem.java
index 5e2ce3f..699e7f2 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/InternalDistributedSystem.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/InternalDistributedSystem.java
@@ -101,6 +101,7 @@ import com.gemstone.gemfire.internal.logging.log4j.AlertAppender;
import com.gemstone.gemfire.internal.logging.log4j.LocalizedMessage;
import com.gemstone.gemfire.internal.logging.log4j.LogWriterAppender;
import com.gemstone.gemfire.internal.logging.log4j.LogWriterAppenders;
+import com.gemstone.gemfire.internal.net.SSLConfigurationFactory;
import com.gemstone.gemfire.internal.net.SocketCreatorFactory;
import com.gemstone.gemfire.internal.offheap.MemoryAllocator;
import com.gemstone.gemfire.internal.offheap.OffHeapStorage;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9891f06e/geode-core/src/main/java/com/gemstone/gemfire/internal/admin/SSLConfig.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/admin/SSLConfig.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/admin/SSLConfig.java
index 76ac625..33a6e05 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/admin/SSLConfig.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/admin/SSLConfig.java
@@ -16,115 +16,180 @@
*/
package com.gemstone.gemfire.internal.admin;
-import com.gemstone.gemfire.distributed.internal.DistributionConfig;
-
import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
import java.util.Iterator;
import java.util.Properties;
+import com.gemstone.gemfire.distributed.internal.DistributionConfig;
+import com.gemstone.gemfire.management.internal.SSLUtil;
+
/**
* The SSL configuration settings for a GemFire distributed system.
- *
- *
*/
public class SSLConfig {
-
+
//private static final String PREFIX = "javax.net.ssl.";
private boolean enabled = DistributionConfig.DEFAULT_CLUSTER_SSL_ENABLED;
private String protocols = DistributionConfig.DEFAULT_CLUSTER_SSL_PROTOCOLS;
private String ciphers = DistributionConfig.DEFAULT_CLUSTER_SSL_CIPHERS;
private boolean requireAuth = DistributionConfig.DEFAULT_CLUSTER_SSL_REQUIRE_AUTHENTICATION;
-
- /**
- * SSL implementation-specific key-value pairs. Each key should be prefixed
+ private String keystore = DistributionConfig.DEFAULT_CLUSTER_SSL_KEYSTORE;
+ private String keystoreType = DistributionConfig.DEFAULT_CLUSTER_SSL_KEYSTORE_TYPE;
+ private String keystorePassword = DistributionConfig.DEFAULT_CLUSTER_SSL_KEYSTORE_PASSWORD;
+ private String truststore = DistributionConfig.DEFAULT_CLUSTER_SSL_TRUSTSTORE;
+ private String truststorePassword = DistributionConfig.DEFAULT_CLUSTER_SSL_TRUSTSTORE_PASSWORD;
+ private String truststoreType = DistributionConfig.DEFAULT_CLUSTER_SSL_KEYSTORE_TYPE;
+ private String alias = null;
+
+ /**
+ * SSL implementation-specific key-value pairs. Each key should be prefixed
* with <code>javax.net.ssl.</code>
*/
private Properties properties = new Properties();
public SSLConfig() {
}
-
- public SSLConfig(boolean enabled) {
+
+ public String getAlias() {
+ return alias;
+ }
+
+ public void setAlias(final String alias) {
+ this.alias = alias;
+ }
+
+ public String getKeystore() {
+ return keystore;
+ }
+
+ public void setKeystore(final String keystore) {
+ this.keystore = keystore;
+ }
+
+ public String getKeystorePassword() {
+ return keystorePassword;
+ }
+
+ public void setKeystorePassword(final String keystorePassword) {
+ this.keystorePassword = keystorePassword;
+ }
+
+ public String getKeystoreType() {
+ return keystoreType;
+ }
+
+ public void setKeystoreType(final String keystoreType) {
+ this.keystoreType = keystoreType;
+ }
+
+ public String getTruststore() {
+ return truststore;
+ }
+
+ public void setTruststore(final String truststore) {
+ this.truststore = truststore;
+ }
+
+ public String getTruststorePassword() {
+ return truststorePassword;
+ }
+
+ public void setTruststorePassword(final String truststorePassword) {
+ this.truststorePassword = truststorePassword;
+ }
+
+ public boolean isEnabled() {
+ return this.enabled;
+ }
+
+ public void setEnabled(boolean enabled) {
this.enabled = enabled;
}
-
- public boolean isEnabled() {
- return this.enabled;
- }
- public void setEnabled(boolean enabled) {
- this.enabled = enabled;
- }
-
- public String getProtocols() {
- return this.protocols;
- }
- public void setProtocols(String protocols) {
- this.protocols = protocols;
- }
-
- public String getCiphers() {
- return this.ciphers;
- }
- public void setCiphers(String ciphers) {
- this.ciphers = ciphers;
- }
-
- public boolean isRequireAuth() {
- return this.requireAuth;
- }
- public void setRequireAuth(boolean requireAuth) {
- this.requireAuth = requireAuth;
- }
-
- public Properties getProperties() {
- return this.properties;
- }
- public void setProperties(Properties newProps) {
- this.properties = new Properties();
- for (Iterator iter = newProps.keySet().iterator(); iter.hasNext();) {
- String key = (String) iter.next();
-// String value = newProps.getProperty(key);
- this.properties.setProperty(key, newProps.getProperty(key));
- }
- }
-
- /**
- * Returns a string representation of the object.
- *
- * @return a string representation of the object
- */
- @Override
- public String toString() {
- final StringBuffer sb = new StringBuffer("[SSLConfig: ");
- sb.append("enabled=").append(this.enabled);
- sb.append(", protocols=").append(this.protocols);
- sb.append(", ciphers=").append(this.ciphers);
- sb.append(", requireAuth=").append(this.requireAuth);
- sb.append(", properties=").append(this.properties);
- sb.append("]");
- return sb.toString();
- }
+
+ public String getProtocols() {
+ return this.protocols;
+ }
+
+ public String[] getProtocolsAsStringArray() {
+ return SSLUtil.readArray(this.protocols);
+ }
+
+ public void setProtocols(String protocols) {
+ this.protocols = protocols;
+ }
+
+ public String getCiphers() {
+ return this.ciphers;
+ }
+
+ public String[] getCiphersAsStringArray() {
+ return SSLUtil.readArray(this.ciphers);
+ }
+
+ public void setCiphers(String ciphers) {
+ this.ciphers = ciphers;
+ }
+
+ public boolean isRequireAuth() {
+ return this.requireAuth;
+ }
+
+ public void setRequireAuth(boolean requireAuth) {
+ this.requireAuth = requireAuth;
+ }
+
+ public String getTruststoreType() {
+ return truststoreType;
+ }
+
+ public void setTruststoreType(final String truststoreType) {
+ this.truststoreType = truststoreType;
+ }
+
+ public Properties getProperties() {
+ return this.properties;
+ }
+
+ public void setProperties(Properties newProps) {
+ this.properties = new Properties();
+ for (Iterator iter = newProps.keySet().iterator(); iter.hasNext(); ) {
+ String key = (String) iter.next();
+ // String value = newProps.getProperty(key);
+ this.properties.setProperty(key, newProps.getProperty(key));
+ }
+ }
+
+ /**
+ * Returns a string representation of the object.
+ * @return a string representation of the object
+ */
+ @Override
+ public String toString() {
+ final StringBuffer sb = new StringBuffer("[SSLConfig: ");
+ sb.append("enabled=").append(this.enabled);
+ sb.append(", protocols=").append(this.protocols);
+ sb.append(", ciphers=").append(this.ciphers);
+ sb.append(", requireAuth=").append(this.requireAuth);
+ sb.append(", properties=").append(this.properties);
+ sb.append("]");
+ return sb.toString();
+ }
/**
* Populates a <code>Properties</code> object with the SSL-related
* configuration information used by {@link
* com.gemstone.gemfire.distributed.DistributedSystem#connect}.
- *
* @since GemFire 4.0
*/
public void toDSProperties(Properties props) {
- props.setProperty(CLUSTER_SSL_ENABLED,
- String.valueOf(this.enabled));
+ props.setProperty(CLUSTER_SSL_ENABLED, String.valueOf(this.enabled));
if (this.enabled) {
- props.setProperty(CLUSTER_SSL_PROTOCOLS,
- this.protocols);
- props.setProperty(CLUSTER_SSL_CIPHERS,
- this.ciphers);
- props.setProperty(CLUSTER_SSL_REQUIRE_AUTHENTICATION,
- String.valueOf(this.requireAuth));
+ props.setProperty(CLUSTER_SSL_PROTOCOLS, this.protocols);
+ props.setProperty(CLUSTER_SSL_CIPHERS, this.ciphers);
+ props.setProperty(CLUSTER_SSL_REQUIRE_AUTHENTICATION, String.valueOf(this.requireAuth));
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9891f06e/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java
new file mode 100644
index 0000000..a876975
--- /dev/null
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java
@@ -0,0 +1,279 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.gemstone.gemfire.internal.net;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+
+import org.apache.commons.lang.ArrayUtils;
+import org.springframework.util.StringUtils;
+
+import com.gemstone.gemfire.distributed.internal.DistributionConfig;
+import com.gemstone.gemfire.distributed.internal.DistributionConfigImpl;
+import com.gemstone.gemfire.internal.admin.SSLConfig;
+
+public class SSLConfigurationFactory {
+
+ private static SSLConfigurationFactory instance = new SSLConfigurationFactory();
+ private DistributionConfig distributionConfig = new DistributionConfigImpl(new Properties());
+ private Map<SSLEnabledComponent, SSLConfig> registeredSSLConfig = new HashMap<>();
+
+ private SSLConfigurationFactory() {
+ }
+
+ private synchronized static SSLConfigurationFactory getInstance() {
+ if (instance == null) {
+ instance = new SSLConfigurationFactory();
+ }
+ return instance;
+ }
+
+ public static void setDistributionConfig(final DistributionConfig distributionConfig) {
+ getInstance().distributionConfig = distributionConfig;
+ }
+
+ public static SSLConfig getSSLConfigForComponent(SSLEnabledComponent sslEnabledComponent) {
+ SSLConfig sslConfig = getInstance().getRegisteredSSLConfigForComponent(sslEnabledComponent);
+ if (sslConfig == null) {
+ sslConfig = getInstance().createSSLConfigForComponent(sslEnabledComponent);
+ }
+ return sslConfig;
+ }
+
+ private SSLConfig createSSLConfigForComponent(final SSLEnabledComponent sslEnabledComponent) {
+ SSLConfig sslConfig = new SSLConfig();
+ configureClusterSSL(sslConfig, sslEnabledComponent);
+ String[] sslEnabledComponents = distributionConfig.getSSLEnabledComponents();
+ switch (sslEnabledComponent) {
+ case ALL: {
+
+ }
+ case CLUSTER: {
+ break;
+ }
+ case SERVER: {
+ if (sslEnabledComponents.length > 0) {
+ sslConfig.setAlias(distributionConfig.getServerSSLAlias());
+ } else {
+ sslConfig = configureLegacyServerSSL(sslConfig);
+ }
+ break;
+ }
+ case GATEWAY: {
+ if (sslEnabledComponents.length > 0) {
+ sslConfig.setAlias(distributionConfig.getGatewaySSLAlias());
+ } else {
+ sslConfig = configureLegacyGatewaySSL(sslConfig);
+ }
+ break;
+ }
+ case HTTP_SERVICE: {
+ if (sslEnabledComponents.length > 0) {
+ sslConfig.setAlias(distributionConfig.getHTTPServiceSSLAlias());
+ } else {
+ sslConfig = configureLegacyHttpServiceSSL(sslConfig);
+ }
+ break;
+ }
+ case JMX: {
+ if (sslEnabledComponents.length > 0) {
+ sslConfig.setAlias(distributionConfig.getJMXManagerSSLAlias());
+ } else {
+ sslConfig = configureLegacyJMXSSL(sslConfig);
+ }
+ break;
+ }
+ }
+ configureSSLPropertiesFromSystemProperties(sslConfig);
+ return sslConfig;
+ }
+
+ private void configureClusterSSL(final SSLConfig sslConfig, final SSLEnabledComponent sslEnabledComponent) {
+ sslConfig.setCiphers(distributionConfig.getClusterSSLCiphers());
+ sslConfig.setEnabled(determineIfSSLEnabledForSSLComponent(sslEnabledComponent));
+ sslConfig.setKeystore(distributionConfig.getClusterSSLKeyStore());
+ sslConfig.setKeystorePassword(distributionConfig.getClusterSSLKeyStorePassword());
+ sslConfig.setKeystoreType(distributionConfig.getClusterSSLKeyStoreType());
+ sslConfig.setTruststore(distributionConfig.getClusterSSLTrustStore());
+ sslConfig.setTruststorePassword(distributionConfig.getClusterSSLTrustStorePassword());
+ sslConfig.setProtocols(distributionConfig.getClusterSSLProtocols());
+ sslConfig.setRequireAuth(distributionConfig.getClusterSSLRequireAuthentication());
+ sslConfig.setAlias(distributionConfig.getClusterSSLAlias());
+ }
+
+ private boolean determineIfSSLEnabledForSSLComponent(final SSLEnabledComponent sslEnabledComponent) {
+ if (ArrayUtils.contains(distributionConfig.getSSLEnabledComponents(), SSLEnabledComponent.ALL.getConstant().toLowerCase())) {
+ return true;
+ }
+ if (distributionConfig.getSSLEnabledComponents().length == 0 && distributionConfig.getClusterSSLEnabled()) {
+ return true;
+ }
+ return ArrayUtils.contains(distributionConfig.getSSLEnabledComponents(), sslEnabledComponent.getConstant().toLowerCase()) ? true : false;
+ }
+
+ /**
+ * Configure a sslConfig for the server using the legacy configuration
+ * @return A sslConfig object describing the ssl config for the server component
+ *
+ * @deprecated as of Geode 1.0
+ */
+ private SSLConfig configureLegacyServerSSL(SSLConfig sslConfig) {
+ sslConfig.setCiphers(distributionConfig.getServerSSLCiphers());
+ sslConfig.setEnabled(distributionConfig.getServerSSLEnabled());
+ sslConfig.setKeystore(distributionConfig.getServerSSLKeyStore());
+ sslConfig.setKeystorePassword(distributionConfig.getServerSSLKeyStorePassword());
+ sslConfig.setKeystoreType(distributionConfig.getServerSSLKeyStoreType());
+ sslConfig.setTruststore(distributionConfig.getServerSSLTrustStore());
+ sslConfig.setTruststorePassword(distributionConfig.getServerSSLTrustStorePassword());
+ sslConfig.setProtocols(distributionConfig.getServerSSLProtocols());
+ sslConfig.setRequireAuth(distributionConfig.getServerSSLRequireAuthentication());
+ return sslConfig;
+ }
+
+ /**
+ * Configure a sslConfig for the jmx using the legacy configuration
+ * @return A sslConfig object describing the ssl config for the jmx component
+ *
+ * @deprecated as of Geode 1.0
+ */
+ private SSLConfig configureLegacyJMXSSL(SSLConfig sslConfig) {
+ sslConfig.setCiphers(distributionConfig.getJmxManagerSSLCiphers());
+ sslConfig.setEnabled(distributionConfig.getJmxManagerSSLEnabled());
+ sslConfig.setKeystore(distributionConfig.getJmxManagerSSLKeyStore());
+ sslConfig.setKeystorePassword(distributionConfig.getJmxManagerSSLKeyStorePassword());
+ sslConfig.setKeystoreType(distributionConfig.getJmxManagerSSLKeyStoreType());
+ sslConfig.setTruststore(distributionConfig.getJmxManagerSSLTrustStore());
+ sslConfig.setTruststorePassword(distributionConfig.getJmxManagerSSLTrustStorePassword());
+ sslConfig.setProtocols(distributionConfig.getJmxManagerSSLProtocols());
+ sslConfig.setRequireAuth(distributionConfig.getJmxManagerSSLRequireAuthentication());
+ return sslConfig;
+ }
+
+ /**
+ * Configure a sslConfig for the gateway using the legacy configuration
+ * @return A sslConfig object describing the ssl config for the gateway component
+ *
+ * @deprecated as of Geode 1.0
+ */
+ private SSLConfig configureLegacyGatewaySSL(SSLConfig sslConfig) {
+ sslConfig.setCiphers(distributionConfig.getGatewaySSLCiphers());
+ sslConfig.setEnabled(distributionConfig.getGatewaySSLEnabled());
+ sslConfig.setKeystore(distributionConfig.getGatewaySSLKeyStore());
+ sslConfig.setKeystorePassword(distributionConfig.getGatewaySSLKeyStorePassword());
+ sslConfig.setKeystoreType(distributionConfig.getGatewaySSLKeyStoreType());
+ sslConfig.setTruststore(distributionConfig.getGatewaySSLTrustStore());
+ sslConfig.setTruststorePassword(distributionConfig.getGatewaySSLTrustStorePassword());
+ sslConfig.setProtocols(distributionConfig.getGatewaySSLProtocols());
+ sslConfig.setRequireAuth(distributionConfig.getGatewaySSLRequireAuthentication());
+ return sslConfig;
+ }
+
+ /**
+ * Configure a sslConfig for the http service using the legacy configuration
+ * @return A sslConfig object describing the ssl config for the http service component
+ *
+ * @deprecated as of Geode 1.0
+ */
+ private SSLConfig configureLegacyHttpServiceSSL(SSLConfig sslConfig) {
+ sslConfig.setCiphers(distributionConfig.getHttpServiceSSLCiphers());
+ sslConfig.setEnabled(distributionConfig.getHttpServiceSSLEnabled());
+ sslConfig.setKeystore(distributionConfig.getHttpServiceSSLKeyStore());
+ sslConfig.setKeystorePassword(distributionConfig.getHttpServiceSSLKeyStorePassword());
+ sslConfig.setKeystoreType(distributionConfig.getHttpServiceSSLKeyStoreType());
+ sslConfig.setTruststore(distributionConfig.getHttpServiceSSLTrustStore());
+ sslConfig.setTruststorePassword(distributionConfig.getHttpServiceSSLTrustStorePassword());
+ sslConfig.setProtocols(distributionConfig.getHttpServiceSSLProtocols());
+ sslConfig.setRequireAuth(distributionConfig.getHttpServiceSSLRequireAuthentication());
+ return sslConfig;
+ }
+
+ private SSLConfig configureSSLPropertiesFromSystemProperties(SSLConfig sslConfig) {
+ return configureSSLPropertiesFromSystemProperties(sslConfig, null);
+ }
+
+ private SSLConfig configureSSLPropertiesFromSystemProperties(SSLConfig sslConfig, Properties properties) {
+ if (StringUtils.isEmpty(sslConfig.getKeystore())) {
+ sslConfig.setKeystore(getValueFromSystemProperties(properties, "javax.net.ssl.keyStore"));
+ }
+ if (StringUtils.isEmpty(sslConfig.getKeystoreType())) {
+ sslConfig.setKeystoreType(getValueFromSystemProperties(properties, "javax.net.ssl.keyStoreType"));
+ }
+ if (StringUtils.isEmpty(sslConfig.getKeystorePassword())) {
+ sslConfig.setKeystorePassword(getValueFromSystemProperties(properties, "javax.net.ssl.keyStorePassword"));
+ }
+ if (StringUtils.isEmpty(sslConfig.getTruststore())) {
+ sslConfig.setTruststore(getValueFromSystemProperties(properties, "javax.net.ssl.trustStore"));
+ }
+ if (StringUtils.isEmpty(sslConfig.getTruststorePassword())) {
+ sslConfig.setTruststorePassword(getValueFromSystemProperties(properties, "javax.net.ssl.trustStorePassword"));
+ }
+ if (StringUtils.isEmpty(sslConfig.getTruststoreType())) {
+ sslConfig.setTruststoreType(getValueFromSystemProperties(properties, "javax.net.ssl.trustStoreType"));
+ }
+ return sslConfig;
+ }
+
+ private String getValueFromSystemProperties(final Properties properties, String property) {
+ String propertyValue = null;
+ if (properties != null) {
+ propertyValue = properties.getProperty(property);
+ }
+ if (property != null) {
+ propertyValue = System.getProperty(property);
+ if (propertyValue != null) {
+ if (propertyValue.trim().equals("")) {
+ propertyValue = System.getenv(property);
+ }
+ }
+ }
+ return propertyValue;
+ }
+
+ private SSLConfig getRegisteredSSLConfigForComponent(final SSLEnabledComponent sslEnabledComponent) {
+ return registeredSSLConfig.get(sslEnabledComponent);
+ }
+
+ public static void close() {
+ getInstance().clearSSLConfigForAllComponents();
+ getInstance().distributionConfig = null;
+ instance = null;
+ }
+
+ private void clearSSLConfigForAllComponents() {
+ registeredSSLConfig.clear();
+ }
+
+ public static SSLConfig getSSLConfigForComponent(final boolean useSSL,
+ final boolean needClientAuth,
+ final String protocols,
+ final String ciphers,
+ final Properties gfsecurityProps,
+ final String alias) {
+ SSLConfig sslConfig = new SSLConfig();
+ sslConfig.setAlias(alias);
+ sslConfig.setCiphers(ciphers);
+ sslConfig.setProtocols(protocols);
+ sslConfig.setRequireAuth(needClientAuth);
+ sslConfig.setEnabled(useSSL);
+
+ sslConfig = getInstance().configureSSLPropertiesFromSystemProperties(sslConfig, gfsecurityProps);
+
+ return sslConfig;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9891f06e/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLEnabledComponent.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLEnabledComponent.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLEnabledComponent.java
new file mode 100644
index 0000000..b479372
--- /dev/null
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLEnabledComponent.java
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.internal.net;
+
+import org.springframework.util.StringUtils;
+
+import com.gemstone.gemfire.GemFireConfigException;
+import com.gemstone.gemfire.distributed.SSLEnabledComponents;
+
+public enum SSLEnabledComponent {
+ ALL(SSLEnabledComponents.ALL),
+ CLUSTER(SSLEnabledComponents.CLUSTER),
+ SERVER(SSLEnabledComponents.SERVER),
+ JMX(SSLEnabledComponents.JMX),
+ HTTP_SERVICE(SSLEnabledComponents.HTTP_SERVICE),
+ GATEWAY(SSLEnabledComponents.GATEWAY),
+ NONE("NO_COMPONENT");
+
+ private String constant;
+
+ SSLEnabledComponent(final String constant) {
+ this.constant = constant;
+ }
+
+ public static SSLEnabledComponent getEnum(String enumString) {
+ for (SSLEnabledComponent sslEnabledComponent : SSLEnabledComponent.values()) {
+ if (!StringUtils.isEmpty(enumString)) {
+ if (sslEnabledComponent.constant.equals(enumString)) {
+ return sslEnabledComponent;
+ }
+ }
+ }
+ throw new GemFireConfigException("There is no registered component for the name: " + enumString);
+ }
+
+ public String getConstant() {
+ return constant;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9891f06e/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SocketCreator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SocketCreator.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SocketCreator.java
index 45aa8a5..d00c9cf 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SocketCreator.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SocketCreator.java
@@ -72,6 +72,7 @@ import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import org.apache.logging.log4j.Logger;
+import org.springframework.util.StringUtils;
import com.gemstone.gemfire.GemFireConfigException;
import com.gemstone.gemfire.SystemConnectException;
@@ -87,6 +88,7 @@ import com.gemstone.gemfire.internal.ClassPathLoader;
import com.gemstone.gemfire.internal.ConnectionWatcher;
import com.gemstone.gemfire.internal.GfeConsoleReaderFactory;
import com.gemstone.gemfire.internal.GfeConsoleReaderFactory.GfeConsoleReader;
+import com.gemstone.gemfire.internal.admin.SSLConfig;
import com.gemstone.gemfire.internal.cache.wan.TransportFilterServerSocket;
import com.gemstone.gemfire.internal.cache.wan.TransportFilterSocketFactory;
import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
@@ -156,25 +158,25 @@ public class SocketCreator {
*/
private boolean ready = false;
- /**
- * True if configured to use SSL
- */
- private boolean useSSL;
-
- /**
- * True if configured to require client authentication
- */
- private boolean needClientAuth;
-
- /**
- * Space-delimited list of SSL protocols to use, 'any' allows any
- */
- private String[] protocols;
-
- /**
- * Space-delimited list of SSL ciphers to use, 'any' allows any
- */
- private String[] ciphers;
+ // /**
+ // * True if configured to use SSL
+ // */
+ // private boolean useSSL;
+ //
+ // /**
+ // * True if configured to require client authentication
+ // */
+ // private boolean needClientAuth;
+ //
+ // /**
+ // * Space-delimited list of SSL protocols to use, 'any' allows any
+ // */
+ // private String[] protocols;
+ //
+ // /**
+ // * Space-delimited list of SSL ciphers to use, 'any' allows any
+ // */
+ // private String[] ciphers;
/**
* Only print this SocketCreator's config once
@@ -186,6 +188,8 @@ public class SocketCreator {
*/
private SSLContext sslContext;
+ private SSLConfig sslConfig;
+
static {
InetAddress inetAddress = null;
try {
@@ -251,7 +255,6 @@ public class SocketCreator {
*/
public static final boolean ENABLE_TCP_KEEP_ALIVE;
-
static {
// bug #49484 - customers want tcp/ip keep-alive turned on by default
// to avoid dropped connections. It can be turned off by setting this
@@ -271,21 +274,11 @@ public class SocketCreator {
/**
* Constructs new SocketCreator instance.
*/
- SocketCreator() {
- this(false, false, null, null, null, null);
+ SocketCreator(final SSLConfig sslConfig) {
+ this.sslConfig = sslConfig;
+ initialize();
}
- /**
- * Constructs new SocketCreator instance.
- */
- SocketCreator(final boolean useSSL,
- final boolean needClientAuth,
- final String[] protocols,
- final String[] ciphers,
- final Properties props,
- final String alias) {
- initialize(useSSL, needClientAuth, protocols, ciphers, props, alias);
- }
// -------------------------------------------------------------------------
// Static instance accessors
@@ -350,35 +343,19 @@ public class SocketCreator {
* Initialize this SocketCreator.
* <p>
* Caller must synchronize on the SocketCreator instance.
- * @param useSSL true if ssl is to be enabled
- * @param needClientAuth true if client authentication is required
- * @param protocols array of ssl protocols to use
- * @param ciphers array of ssl ciphers to use
- * @param props vendor properties passed in through gfsecurity.properties
*/
@SuppressWarnings("hiding")
- private void initialize(final boolean useSSL,
- final boolean needClientAuth,
- final String[] protocols,
- final String[] ciphers,
- final Properties props,
- final String alias) {
+ private void initialize() {
try {
- this.useSSL = useSSL;
- this.needClientAuth = needClientAuth;
-
- this.protocols = protocols;
- this.ciphers = ciphers;
-
// set p2p values...
- if (this.useSSL) {
+ if (this.sslConfig.isEnabled()) {
System.setProperty("p2p.useSSL", "true");
System.setProperty("p2p.oldIO", "true");
System.setProperty("p2p.nodirectBuffers", "true");
try {
if (sslContext == null) {
- sslContext = createAndConfigureSSLContext(protocols, props, alias);
+ sslContext = createAndConfigureSSLContext();
SSLContext.setDefault(sslContext);
}
} catch (Exception e) {
@@ -414,20 +391,16 @@ public class SocketCreator {
/**
* Creates & configures the SSLContext when SSL is enabled.
- * @param protocolNames valid SSL protocols for this connection
- * @param props vendor properties passed in through gfsecurity.properties
- *
* @return new SSLContext configured using the given protocols & properties
*
* @throws GeneralSecurityException if security information can not be found
* @throws IOException if information can not be loaded
*/
- private SSLContext createAndConfigureSSLContext(final String[] protocolNames, final Properties props, final String alias)
- throws GeneralSecurityException, IOException {
+ private SSLContext createAndConfigureSSLContext() throws GeneralSecurityException, IOException {
- SSLContext newSSLContext = getSSLContextInstance(protocolNames);
- KeyManager[] keyManagers = getKeyManagers(props, alias);
- TrustManager[] trustManagers = getTrustManagers(props);
+ SSLContext newSSLContext = getSSLContextInstance();
+ KeyManager[] keyManagers = getKeyManagers();
+ TrustManager[] trustManagers = getTrustManagers();
newSSLContext.init(keyManagers, trustManagers, null /* use the default secure random*/);
return newSSLContext;
@@ -481,7 +454,8 @@ public class SocketCreator {
}
}
- private SSLContext getSSLContextInstance(String[] protocols) {
+ private SSLContext getSSLContextInstance() {
+ String[] protocols = sslConfig.getProtocolsAsStringArray();
SSLContext sslContext = null;
if (protocols != null && protocols.length > 0) {
for (String protocol : protocols) {
@@ -511,142 +485,119 @@ public class SocketCreator {
return sslContext;
}
- private TrustManager[] getTrustManagers(Properties sysProps) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
+ private TrustManager[] getTrustManagers() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
TrustManager[] trustManagers = null;
- String trustStoreType = sysProps.getProperty("javax.net.ssl.trustStoreType");
GfeConsoleReader consoleReader = GfeConsoleReaderFactory.getDefaultConsoleReader();
- if (trustStoreType == null) {
- trustStoreType = System.getProperty("javax.net.ssl.trustStoreType", KeyStore.getDefaultType());
- } else if (trustStoreType.trim().equals("")) {
+ String trustStoreType = sslConfig.getTruststoreType();
+ if (StringUtils.isEmpty(trustStoreType)) {
//read from console, default on empty
if (consoleReader.isSupported()) {
trustStoreType = consoleReader.readLine("Please enter the trustStoreType (javax.net.ssl.trustStoreType) : ");
- }
- if (isEmpty(trustStoreType)) {
+ } else {
trustStoreType = KeyStore.getDefaultType();
}
}
+
KeyStore ts = KeyStore.getInstance(trustStoreType);
- String trustStorePath = System.getProperty("javax.net.ssl.trustStore");
- if (trustStorePath == null) {
- trustStorePath = sysProps.getProperty("javax.net.ssl.trustStore");
- }
- if (trustStorePath != null) {
- if (trustStorePath.trim().equals("")) {
- trustStorePath = System.getenv("javax.net.ssl.trustStore");
- //read from console
- if (isEmpty(trustStorePath) && consoleReader.isSupported()) {
- trustStorePath = consoleReader.readLine("Please enter the trustStore location (javax.net.ssl.trustStore) : ");
- }
- }
- FileInputStream fis = new FileInputStream(trustStorePath);
- String passwordString = System.getProperty("javax.net.ssl.trustStorePassword");
- if (passwordString == null) {
- passwordString = sysProps.getProperty("javax.net.ssl.trustStorePassword");
+ String trustStorePath = sslConfig.getTruststore();
+ if (StringUtils.isEmpty(trustStorePath)) {
+ if (consoleReader.isSupported()) {
+ trustStorePath = consoleReader.readLine("Please enter the trustStore location (javax.net.ssl.trustStore) : ");
}
- char[] password = null;
- if (passwordString != null) {
- if (passwordString.trim().equals("")) {
- String encryptedPass = System.getenv("javax.net.ssl.trustStorePassword");
- if (!isEmpty(encryptedPass)) {
- String toDecrypt = "encrypted(" + encryptedPass + ")";
- passwordString = PasswordUtil.decrypt(toDecrypt);
- password = passwordString.toCharArray();
- }
- //read from the console
- if (isEmpty(passwordString) && consoleReader.isSupported()) {
- password = consoleReader.readPassword("Please enter password for trustStore (javax.net.ssl.trustStorePassword) : ");
- }
- } else {
+ }
+ FileInputStream fis = new FileInputStream(trustStorePath);
+ String passwordString = sslConfig.getTruststorePassword();
+ char[] password = null;
+ if (passwordString != null) {
+ if (passwordString.trim().equals("")) {
+ if (!StringUtils.isEmpty(passwordString)) {
+ String toDecrypt = "encrypted(" + passwordString + ")";
+ passwordString = PasswordUtil.decrypt(toDecrypt);
password = passwordString.toCharArray();
}
- }
- ts.load(fis, password);
-
- // default algorithm can be changed by setting property "ssl.TrustManagerFactory.algorithm" in security properties
- TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
- tmf.init(ts);
- trustManagers = tmf.getTrustManagers();
- // follow the security tip in java doc
- if (password != null) {
- java.util.Arrays.fill(password, ' ');
+ //read from the console
+ if (StringUtils.isEmpty(passwordString) && consoleReader.isSupported()) {
+ password = consoleReader.readPassword("Please enter password for trustStore (javax.net.ssl.trustStorePassword) : ");
+ }
+ } else {
+ password = passwordString.toCharArray();
}
}
+ ts.load(fis, password);
+
+ // default algorithm can be changed by setting property "ssl.TrustManagerFactory.algorithm" in security properties
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+ tmf.init(ts);
+ trustManagers = tmf.getTrustManagers();
+ // follow the security tip in java doc
+ if (password != null) {
+ java.util.Arrays.fill(password, ' ');
+ }
+
return trustManagers;
}
- private KeyManager[] getKeyManagers(final Properties sysProps, final String alias)
- throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
- String keyStoreType = sysProps.getProperty("javax.net.ssl.keyStoreType");
+ private KeyManager[] getKeyManagers() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
GfeConsoleReader consoleReader = GfeConsoleReaderFactory.getDefaultConsoleReader();
KeyManager[] keyManagers = null;
-
- if (keyStoreType == null) {
- keyStoreType = System.getProperty("javax.net.ssl.keyStoreType", KeyStore.getDefaultType());
- } else if (keyStoreType.trim().equals("")) {
+ String keyStoreType = sslConfig.getKeystoreType();
+ if (StringUtils.isEmpty(keyStoreType)) {
// read from console, default on empty
if (consoleReader.isSupported()) {
keyStoreType = consoleReader.readLine("Please enter the keyStoreType (javax.net.ssl.keyStoreType) : ");
- }
- if (isEmpty(keyStoreType)) {
+ } else {
keyStoreType = KeyStore.getDefaultType();
}
}
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
- String keyStoreFilePath = sysProps.getProperty("javax.net.ssl.keyStore");
- if (keyStoreFilePath == null) {
- keyStoreFilePath = System.getProperty("javax.net.ssl.keyStore");
- }
- if (keyStoreFilePath != null) {
- if (keyStoreFilePath.trim().equals("")) {
- keyStoreFilePath = System.getenv("javax.net.ssl.keyStore");
- //read from console
- if (isEmpty(keyStoreFilePath) && consoleReader.isSupported()) {
- keyStoreFilePath = consoleReader.readLine("Please enter the keyStore location (javax.net.ssl.keyStore) : ");
- }
- if (isEmpty(keyStoreFilePath)) {
- keyStoreFilePath = System.getProperty("user.home") + System.getProperty("file.separator") + ".keystore";
- }
- }
- FileInputStream fileInputStream = new FileInputStream(keyStoreFilePath);
- String passwordString = sysProps.getProperty("javax.net.ssl.keyStorePassword");
- if (passwordString == null) {
- passwordString = System.getProperty("javax.net.ssl.keyStorePassword");
+ String keyStoreFilePath = sslConfig.getKeystore();
+ if (StringUtils.isEmpty(keyStoreFilePath)) {
+ if (consoleReader.isSupported()) {
+ keyStoreFilePath = consoleReader.readLine("Please enter the keyStore location (javax.net.ssl.keyStore) : ");
+ } else {
+ keyStoreFilePath = System.getProperty("user.home") + System.getProperty("file.separator") + ".keystore";
}
- char[] password = null;
- if (passwordString != null) {
- if (passwordString.trim().equals("")) {
- String encryptedPass = System.getenv("javax.net.ssl.keyStorePassword");
- if (!isEmpty(encryptedPass)) {
- String toDecrypt = "encrypted(" + encryptedPass + ")";
- passwordString = PasswordUtil.decrypt(toDecrypt);
- password = passwordString.toCharArray();
- }
- //read from the console
- if (isEmpty(passwordString) && consoleReader != null) {
- password = consoleReader.readPassword("Please enter password for keyStore (javax.net.ssl.keyStorePassword) : ");
- }
- } else {
+ }
+
+ FileInputStream fileInputStream = new FileInputStream(keyStoreFilePath);
+ String passwordString = sslConfig.getKeystorePassword();
+ char[] password = null;
+ if (passwordString != null) {
+ if (passwordString.trim().equals("")) {
+ String encryptedPass = System.getenv("javax.net.ssl.keyStorePassword");
+ if (!StringUtils.isEmpty(encryptedPass)) {
+ String toDecrypt = "encrypted(" + encryptedPass + ")";
+ passwordString = PasswordUtil.decrypt(toDecrypt);
password = passwordString.toCharArray();
}
- }
- keyStore.load(fileInputStream, password);
- // default algorithm can be changed by setting property "ssl.KeyManagerFactory.algorithm" in security properties
- KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
- keyManagerFactory.init(keyStore, password);
- keyManagers = keyManagerFactory.getKeyManagers();
- // follow the security tip in java doc
- if (password != null) {
- java.util.Arrays.fill(password, ' ');
+ //read from the console
+ if (StringUtils.isEmpty(passwordString) && consoleReader != null) {
+ password = consoleReader.readPassword("Please enter password for keyStore (javax.net.ssl.keyStorePassword) : ");
+ }
+ } else {
+ password = passwordString.toCharArray();
}
}
+ keyStore.load(fileInputStream, password);
+ // default algorithm can be changed by setting property "ssl.KeyManagerFactory.algorithm" in security properties
+ KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+ keyManagerFactory.init(keyStore, password);
+ keyManagers = keyManagerFactory.getKeyManagers();
+ // follow the security tip in java doc
+ if (password != null) {
+ java.util.Arrays.fill(password, ' ');
+ }
+
KeyManager[] extendedKeyManagers = new KeyManager[keyManagers.length];
- for (int i = 0; i < keyManagers.length; i++) {
- extendedKeyManagers[i] = new ExtendedAliasKeyManager(keyManagers[i], alias);
+ for (int i = 0; i < keyManagers.length; i++)
+
+ {
+ extendedKeyManagers[i] = new ExtendedAliasKeyManager(keyManagers[i], sslConfig.getAlias());
}
+
return extendedKeyManagers;
}
@@ -706,10 +657,6 @@ public class SocketCreator {
}
- private boolean isEmpty(String string) {
- return (string == null || string.trim().equals(""));
- }
-
// -------------------------------------------------------------------------
// Public methods
// -------------------------------------------------------------------------
@@ -718,7 +665,7 @@ public class SocketCreator {
* Returns true if this SocketCreator is configured to use SSL.
*/
public boolean useSSL() {
- return this.useSSL;
+ return this.sslConfig.isEnabled();
}
/**
@@ -759,11 +706,11 @@ public class SocketCreator {
* SSL configuration is left up to JSSE properties in java.security file.
*/
public ServerSocket createServerSocket(int nport, int backlog, InetAddress bindAddr) throws IOException {
- return createServerSocket(nport, backlog, bindAddr, -1, useSSL);
+ return createServerSocket(nport, backlog, bindAddr, -1, sslConfig.isEnabled());
}
public ServerSocket createServerSocket(int nport, int backlog, InetAddress bindAddr, int socketBufferSize) throws IOException {
- return createServerSocket(nport, backlog, bindAddr, socketBufferSize, useSSL);
+ return createServerSocket(nport, backlog, bindAddr, socketBufferSize, sslConfig.isEnabled());
}
private ServerSocket createServerSocket(int nport, int backlog, InetAddress bindAddr, int socketBufferSize, boolean sslConnection) throws IOException {
@@ -825,7 +772,7 @@ public class SocketCreator {
boolean useNIO,
int tcpBufferSize,
int[] tcpPortRange) throws IOException {
- return createServerSocketUsingPortRange(ba, backlog, isBindAddress, useNIO, tcpBufferSize, tcpPortRange, this.useSSL);
+ return createServerSocketUsingPortRange(ba, backlog, isBindAddress, useNIO, tcpBufferSize, tcpPortRange, sslConfig.isEnabled());
}
/**
@@ -944,7 +891,7 @@ public class SocketCreator {
*/
public Socket connect(InetAddress inetadd, int port, int timeout, ConnectionWatcher optionalWatcher, boolean clientSide, int socketBufferSize)
throws IOException {
- return connect(inetadd, port, timeout, optionalWatcher, clientSide, socketBufferSize, this.useSSL);
+ return connect(inetadd, port, timeout, optionalWatcher, clientSide, socketBufferSize, sslConfig.isEnabled());
}
/**
@@ -1030,7 +977,7 @@ public class SocketCreator {
logger.debug(LocalizedMessage.create(LocalizedStrings.SocketCreator_SSL_CONNECTION_FROM_PEER_0, ((X509Certificate) peer[0]).getSubjectDN()));
}
} catch (SSLPeerUnverifiedException ex) {
- if (this.needClientAuth) {
+ if (this.sslConfig.isRequireAuth()) {
logger.fatal(LocalizedMessage.create(LocalizedStrings.SocketCreator_SSL_ERROR_IN_AUTHENTICATING_PEER_0_1, new Object[] {
socket.getInetAddress(), Integer.valueOf(socket.getPort())
}), ex);
@@ -1054,18 +1001,20 @@ public class SocketCreator {
*/
private void finishServerSocket(SSLServerSocket serverSocket) throws IOException {
serverSocket.setUseClientMode(false);
- if (this.needClientAuth) {
+ if (this.sslConfig.isRequireAuth()) {
//serverSocket.setWantClientAuth( true );
serverSocket.setNeedClientAuth(true);
}
serverSocket.setEnableSessionCreation(true);
// restrict cyphers
- if (!"any".equalsIgnoreCase(this.protocols[0])) {
- serverSocket.setEnabledProtocols(this.protocols);
+ String[] protocols = this.sslConfig.getProtocolsAsStringArray();
+ if (!"any".equalsIgnoreCase(protocols[0])) {
+ serverSocket.setEnabledProtocols(protocols);
}
- if (!"any".equalsIgnoreCase(this.ciphers[0])) {
- serverSocket.setEnabledCipherSuites(this.ciphers);
+ String[] ciphers = this.sslConfig.getCiphersAsStringArray();
+ if (!"any".equalsIgnoreCase(ciphers[0])) {
+ serverSocket.setEnabledCipherSuites(ciphers);
}
}
@@ -1080,12 +1029,15 @@ public class SocketCreator {
sslSocket.setUseClientMode(true);
sslSocket.setEnableSessionCreation(true);
+ String[] protocols = this.sslConfig.getProtocolsAsStringArray();
+
// restrict cyphers
- if (this.protocols != null && !"any".equalsIgnoreCase(this.protocols[0])) {
- sslSocket.setEnabledProtocols(this.protocols);
+ if (protocols != null && !"any".equalsIgnoreCase(protocols[0])) {
+ sslSocket.setEnabledProtocols(protocols);
}
- if (this.ciphers != null && !"any".equalsIgnoreCase(this.ciphers[0])) {
- sslSocket.setEnabledCipherSuites(this.ciphers);
+ String[] ciphers = this.sslConfig.getCiphersAsStringArray();
+ if (ciphers != null && !"any".equalsIgnoreCase(ciphers[0])) {
+ sslSocket.setEnabledCipherSuites(ciphers);
}
try {
@@ -1096,7 +1048,7 @@ public class SocketCreator {
logger.debug(LocalizedMessage.create(LocalizedStrings.SocketCreator_SSL_CONNECTION_FROM_PEER_0, ((X509Certificate) peer[0]).getSubjectDN()));
}
} catch (SSLPeerUnverifiedException ex) {
- if (this.needClientAuth) {
+ if (this.sslConfig.isRequireAuth()) {
logger.fatal(LocalizedMessage.create(LocalizedStrings.SocketCreator_SSL_ERROR_IN_AUTHENTICATING_PEER), ex);
throw ex;
}
@@ -1117,7 +1069,7 @@ public class SocketCreator {
configShown = true;
StringBuffer sb = new StringBuffer();
sb.append("SSL Configuration: \n");
- sb.append(" ssl-enabled = " + this.useSSL).append("\n");
+ sb.append(" ssl-enabled = " + this.sslConfig.isEnabled()).append("\n");
// add other options here....
for (String key : System.getProperties().stringPropertyNames()) { // fix for 46822
if (key.startsWith("javax.net.ssl")) {
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9891f06e/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SocketCreatorFactory.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SocketCreatorFactory.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SocketCreatorFactory.java
index ae31215..8a30f66 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SocketCreatorFactory.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SocketCreatorFactory.java
@@ -27,12 +27,13 @@ import org.apache.commons.lang.ArrayUtils;
import com.gemstone.gemfire.distributed.SSLEnabledComponents;
import com.gemstone.gemfire.distributed.internal.DistributionConfig;
import com.gemstone.gemfire.distributed.internal.DistributionConfigImpl;
+import com.gemstone.gemfire.internal.admin.SSLConfig;
public class SocketCreatorFactory {
private static SocketCreatorFactory instance = new SocketCreatorFactory();
private static final String NON_SSL = "Non_SSL";
- private Map<String, SocketCreator> socketCreators = new HashMap<>();
+ private Map<SSLEnabledComponent, SocketCreator> socketCreators = new HashMap<>();
private DistributionConfig distributionConfig;
private SocketCreatorFactory() {
@@ -52,6 +53,7 @@ public class SocketCreatorFactory {
} else {
this.distributionConfig = distributionConfig;
}
+ SSLConfigurationFactory.setDistributionConfig(this.distributionConfig);
}
private static SocketCreatorFactory getInstance() {
@@ -62,120 +64,68 @@ public class SocketCreatorFactory {
}
public static SocketCreator getClusterSSLSocketCreator() {
- DistributionConfig distributionConfig = getInstance().distributionConfig;
- if (distributionConfig.getSSLEnabledComponents().length == 0) {
- return getInstance().getOrCreateSocketCreatorForSSLEnabledComponent(SSLEnabledComponents.CLUSTER, null);
- } else {
- return getInstance().getOrCreateSocketCreatorForSSLEnabledComponent(SSLEnabledComponents.CLUSTER, distributionConfig.getClusterSSLAlias());
- }
+ SSLConfig sslConfigForComponent = SSLConfigurationFactory.getSSLConfigForComponent(SSLEnabledComponent.CLUSTER);
+ return getInstance().getOrCreateSocketCreatorForSSLEnabledComponent(SSLEnabledComponent.CLUSTER, sslConfigForComponent);
}
public static SocketCreator getServerSSLSocketCreator() {
- DistributionConfig distributionConfig = getInstance().distributionConfig;
- if (distributionConfig.getSSLEnabledComponents().length == 0) {
- return getInstance().getOrCreateSocketCreatorForSSLEnabledComponent(SSLEnabledComponents.SERVER, null, distributionConfig.getServerSSLEnabled(), distributionConfig
- .getServerSSLRequireAuthentication(), createStringArrayFromString(distributionConfig.getServerSSLProtocols()), createStringArrayFromString(distributionConfig
- .getServerSSLCiphers()), distributionConfig.getServerSSLProperties());
- } else {
- return getInstance().getOrCreateSocketCreatorForSSLEnabledComponent(SSLEnabledComponents.SERVER, distributionConfig.getServerSSLAlias());
- }
+ SSLConfig sslConfigForComponent = SSLConfigurationFactory.getSSLConfigForComponent(SSLEnabledComponent.SERVER);
+ return getInstance().getOrCreateSocketCreatorForSSLEnabledComponent(SSLEnabledComponent.SERVER, sslConfigForComponent);
}
public static SocketCreator getGatewaySSLSocketCreator() {
- DistributionConfig distributionConfig = getInstance().distributionConfig;
- if (distributionConfig.getSSLEnabledComponents().length == 0) {
- return getInstance().getOrCreateSocketCreatorForSSLEnabledComponent(SSLEnabledComponents.GATEWAY, null, distributionConfig.getGatewaySSLEnabled(), distributionConfig
- .getGatewaySSLRequireAuthentication(), createStringArrayFromString(distributionConfig.getGatewaySSLProtocols()), createStringArrayFromString(distributionConfig
- .getGatewaySSLCiphers()), distributionConfig.getGatewaySSLProperties());
- } else {
- return getInstance().getOrCreateSocketCreatorForSSLEnabledComponent(SSLEnabledComponents.GATEWAY, distributionConfig.getGatewaySSLAlias());
- }
+ SSLConfig sslConfigForComponent = SSLConfigurationFactory.getSSLConfigForComponent(SSLEnabledComponent.GATEWAY);
+ return getInstance().getOrCreateSocketCreatorForSSLEnabledComponent(SSLEnabledComponent.GATEWAY, sslConfigForComponent);
}
public static SocketCreator getJMXManagerSSLSocketCreator() {
- DistributionConfig distributionConfig = getInstance().distributionConfig;
- if (distributionConfig.getSSLEnabledComponents().length == 0) {
- return getInstance().getOrCreateSocketCreatorForSSLEnabledComponent(SSLEnabledComponents.JMX, null, distributionConfig.getJmxManagerSSLEnabled(), distributionConfig
- .getJmxManagerSSLRequireAuthentication(), createStringArrayFromString(distributionConfig.getJmxManagerSSLProtocols()), createStringArrayFromString(distributionConfig
- .getJmxManagerSSLCiphers()), distributionConfig.getJmxSSLProperties());
- } else {
- return getInstance().getOrCreateSocketCreatorForSSLEnabledComponent(SSLEnabledComponents.JMX, distributionConfig.getJMXManagerSSLAlias());
- }
+ SSLConfig sslConfigForComponent = SSLConfigurationFactory.getSSLConfigForComponent(SSLEnabledComponent.JMX);
+ return getInstance().getOrCreateSocketCreatorForSSLEnabledComponent(SSLEnabledComponent.JMX, sslConfigForComponent);
}
public static SocketCreator getHTTPServiceSSLSocketCreator() {
- DistributionConfig distributionConfig = getInstance().distributionConfig;
- if (distributionConfig.getSSLEnabledComponents().length == 0) {
- return getInstance().getOrCreateSocketCreatorForSSLEnabledComponent(SSLEnabledComponents.HTTP_SERVICE, null, distributionConfig.getHttpServiceSSLEnabled(), distributionConfig
- .getHttpServiceSSLRequireAuthentication(), createStringArrayFromString(distributionConfig.getHttpServiceSSLProtocols()), createStringArrayFromString(distributionConfig
- .getHttpServiceSSLCiphers()), distributionConfig.getHttpServiceSSLProperties());
- } else {
- return getInstance().getOrCreateSocketCreatorForSSLEnabledComponent(SSLEnabledComponents.HTTP_SERVICE, distributionConfig.getHTTPServiceSSLAlias());
- }
+ SSLConfig sslConfigForComponent = SSLConfigurationFactory.getSSLConfigForComponent(SSLEnabledComponent.HTTP_SERVICE);
+ return getInstance().getOrCreateSocketCreatorForSSLEnabledComponent(SSLEnabledComponent.HTTP_SERVICE, sslConfigForComponent);
}
- private SocketCreator getSSLSocketCreator(String sslComponent,
- String alias,
- DistributionConfig distributionConfig,
- final boolean useSSL,
- final boolean needClientAuth,
- final String[] protocols,
- final String[] ciphers,
- final Properties props) {
- if (useSSL) {
+ private SocketCreator getSSLSocketCreator(final SSLEnabledComponent sslComponent, final DistributionConfig distributionConfig, final SSLConfig sslConfig) {
+ if (sslConfig.isEnabled()) {
if (ArrayUtils.contains(distributionConfig.getSSLEnabledComponents(), SSLEnabledComponents.ALL)) {
- return createSSLSocketCreator(SSLEnabledComponents.ALL, alias, useSSL, needClientAuth, protocols, ciphers, props);
- } else if (distributionConfig.getSSLEnabledComponents().length == 0 || ArrayUtils.contains(distributionConfig.getSSLEnabledComponents(), sslComponent)) {
- return createSSLSocketCreator(sslComponent, alias, useSSL, needClientAuth, protocols, ciphers, props);
+ return createSSLSocketCreator(SSLEnabledComponent.ALL, sslConfig);
+ } else if (ArrayUtils.contains(distributionConfig.getSSLEnabledComponents(), sslComponent.getConstant())) {
+ return createSSLSocketCreator(sslComponent, sslConfig);
}
}
- return createSSLSocketCreator(NON_SSL, null, false, false, null, null, null);
+ return createSSLSocketCreator(SSLEnabledComponent.NONE, sslConfig);
}
- private SocketCreator getOrCreateSocketCreatorForSSLEnabledComponent(String sslEnabledComponent, String alias) {
- return getOrCreateSocketCreatorForSSLEnabledComponent(sslEnabledComponent, alias, distributionConfig.getClusterSSLEnabled(), distributionConfig.getClusterSSLRequireAuthentication(), createStringArrayFromString(distributionConfig
- .getClusterSSLProtocols()), createStringArrayFromString(distributionConfig.getClusterSSLCiphers()), distributionConfig.getClusterSSLProperties());
- }
-
- private SocketCreator getOrCreateSocketCreatorForSSLEnabledComponent(String sslEnabledComponent,
- String alias,
- boolean useSSL,
- boolean needClientAuth,
- String[] protocols,
- String[] ciphers,
- Properties props) {
+ private SocketCreator getOrCreateSocketCreatorForSSLEnabledComponent(final SSLEnabledComponent sslEnabledComponent, final SSLConfig sslConfig) {
SocketCreator socketCreator = getSocketCreatorForComponent(sslEnabledComponent);
if (socketCreator == null) {
- return getSSLSocketCreator(sslEnabledComponent, alias, distributionConfig, useSSL, needClientAuth, protocols, ciphers, props);
+ return getSSLSocketCreator(sslEnabledComponent, distributionConfig, sslConfig);
} else {
return socketCreator;
}
}
- private SocketCreator createSSLSocketCreator(final String sslEnableComponent,
- final String alias,
- final boolean useSSL,
- final boolean needClientAuth,
- final String[] protocols,
- final String[] ciphers,
- final Properties props) {
+ private SocketCreator createSSLSocketCreator(final SSLEnabledComponent sslEnableComponent, final SSLConfig sslConfig) {
SocketCreator socketCreator = null;
- if (useSSL) {
- socketCreator = new SocketCreator(useSSL, needClientAuth, protocols, ciphers, props, alias);
+ if (sslConfig.isEnabled()) {
+ socketCreator = new SocketCreator(sslConfig);
addSocketCreatorForComponent(sslEnableComponent, socketCreator);
} else {
- socketCreator = new SocketCreator();
- addSocketCreatorForComponent(NON_SSL, socketCreator);
+ socketCreator = new SocketCreator(sslConfig);
+ addSocketCreatorForComponent(SSLEnabledComponent.NONE, socketCreator);
}
return socketCreator;
}
- private synchronized void addSocketCreatorForComponent(String sslEnabledComponent, SocketCreator socketCreator) {
+ private synchronized void addSocketCreatorForComponent(SSLEnabledComponent sslEnabledComponent, SocketCreator socketCreator) {
socketCreators.put(sslEnabledComponent, socketCreator);
}
- private synchronized SocketCreator getSocketCreatorForComponent(String sslEnabledComponent) {
+ private synchronized SocketCreator getSocketCreatorForComponent(SSLEnabledComponent sslEnabledComponent) {
return socketCreators.get(sslEnabledComponent);
}
@@ -203,7 +153,7 @@ public class SocketCreatorFactory {
* @param ciphers
* @param gfsecurityProps
*
- * @return
+ * @return SocketCreator for the defined properties
*
* @deprecated as of Geode 1.0
*/
@@ -213,13 +163,15 @@ public class SocketCreatorFactory {
final String protocols,
final String ciphers,
final Properties gfsecurityProps) {
- return new SocketCreator(useSSL, needClientAuth, createStringArrayFromString(protocols), createStringArrayFromString(ciphers), gfsecurityProps, null);
+ SSLConfig sslConfig = SSLConfigurationFactory.getSSLConfigForComponent(useSSL, needClientAuth, protocols, ciphers, gfsecurityProps, null);
+ return new SocketCreator(sslConfig);
}
public static void close() {
getInstance().clearSocketCreators();
getInstance().distributionConfig = null;
instance = null;
+ SSLConfigurationFactory.close();
}
private synchronized void clearSocketCreators() {