You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ignite.apache.org by ag...@apache.org on 2020/02/18 12:25:16 UTC
[ignite] branch master updated: IGNITE-12616 Do not ask for
keystore/truststore password twice in control.sh execution - Fixes #7351.
This is an automated email from the ASF dual-hosted git repository.
agoncharuk pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ignite.git
The following commit(s) were added to refs/heads/master by this push:
new bb16c6b IGNITE-12616 Do not ask for keystore/truststore password twice in control.sh execution - Fixes #7351.
bb16c6b is described below
commit bb16c6b7ae2cef19e9f1b5be2801dfbaa292f2ce
Author: ktkalenko <kt...@gridgain.com>
AuthorDate: Tue Feb 18 15:24:01 2020 +0300
IGNITE-12616 Do not ask for keystore/truststore password twice in control.sh execution - Fixes #7351.
Signed-off-by: Alexey Goncharuk <al...@gmail.com>
---
.../internal/commandline/CommandHandler.java | 16 ++-
.../commandline/ConnectionAndSslParameters.java | 18 ++++
.../GridCommandHandlerSslWithSecurityTest.java | 111 +++++++++++++++++++++
.../ignite/testsuites/SecurityTestSuite.java | 4 +-
4 files changed, 144 insertions(+), 5 deletions(-)
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/commandline/CommandHandler.java b/modules/core/src/main/java/org/apache/ignite/internal/commandline/CommandHandler.java
index 57bdcfa..dab5d53 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/commandline/CommandHandler.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/commandline/CommandHandler.java
@@ -512,8 +512,12 @@ public class CommandHandler {
if (args.sslKeyStorePassword() != null)
factory.setKeyStorePassword(args.sslKeyStorePassword());
- else
- factory.setKeyStorePassword(requestPasswordFromConsole("SSL keystore password: "));
+ else {
+ char[] keyStorePwd = requestPasswordFromConsole("SSL keystore password: ");
+
+ args.sslKeyStorePassword(keyStorePwd);
+ factory.setKeyStorePassword(keyStorePwd);
+ }
factory.setKeyStoreType(args.sslKeyStoreType());
@@ -524,8 +528,12 @@ public class CommandHandler {
if (args.sslTrustStorePassword() != null)
factory.setTrustStorePassword(args.sslTrustStorePassword());
- else
- factory.setTrustStorePassword(requestPasswordFromConsole("SSL truststore password: "));
+ else {
+ char[] trustStorePwd = requestPasswordFromConsole("SSL truststore password: ");
+
+ args.sslTrustStorePassword(trustStorePwd);
+ factory.setTrustStorePassword(trustStorePwd);
+ }
factory.setTrustStoreType(args.sslTrustStoreType());
}
diff --git a/modules/core/src/main/java/org/apache/ignite/internal/commandline/ConnectionAndSslParameters.java b/modules/core/src/main/java/org/apache/ignite/internal/commandline/ConnectionAndSslParameters.java
index befe451..145482f 100644
--- a/modules/core/src/main/java/org/apache/ignite/internal/commandline/ConnectionAndSslParameters.java
+++ b/modules/core/src/main/java/org/apache/ignite/internal/commandline/ConnectionAndSslParameters.java
@@ -240,6 +240,15 @@ public class ConnectionAndSslParameters {
}
/**
+ * Set keystore password.
+ *
+ * @param sslKeyStorePassword Keystore password.
+ */
+ public void sslKeyStorePassword(char[] sslKeyStorePassword) {
+ this.sslKeyStorePassword = sslKeyStorePassword;
+ }
+
+ /**
* @return Truststore
*/
public String sslTrustStorePath() {
@@ -259,4 +268,13 @@ public class ConnectionAndSslParameters {
public char[] sslTrustStorePassword() {
return sslTrustStorePassword;
}
+
+ /**
+ * Set truststore password.
+ *
+ * @param sslTrustStorePassword Truststore password.
+ */
+ public void sslTrustStorePassword(char[] sslTrustStorePassword) {
+ this.sslTrustStorePassword = sslTrustStorePassword;
+ }
}
diff --git a/modules/core/src/test/java/org/apache/ignite/internal/processors/security/GridCommandHandlerSslWithSecurityTest.java b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/GridCommandHandlerSslWithSecurityTest.java
new file mode 100644
index 0000000..721412b
--- /dev/null
+++ b/modules/core/src/test/java/org/apache/ignite/internal/processors/security/GridCommandHandlerSslWithSecurityTest.java
@@ -0,0 +1,111 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ignite.internal.processors.security;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.atomic.AtomicInteger;
+import org.apache.ignite.configuration.ConnectorConfiguration;
+import org.apache.ignite.configuration.IgniteConfiguration;
+import org.apache.ignite.internal.IgniteEx;
+import org.apache.ignite.internal.commandline.CommandHandler;
+import org.apache.ignite.internal.commandline.NoopConsole;
+import org.apache.ignite.internal.processors.security.impl.TestSecurityPluginProvider;
+import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest;
+import org.junit.Test;
+
+import static org.apache.ignite.internal.commandline.CommandHandler.EXIT_CODE_OK;
+import static org.apache.ignite.internal.commandline.CommandList.DEACTIVATE;
+import static org.apache.ignite.plugin.security.SecurityPermissionSetBuilder.ALLOW_ALL;
+import static org.apache.ignite.testframework.GridTestUtils.keyStorePassword;
+import static org.apache.ignite.testframework.GridTestUtils.keyStorePath;
+import static org.apache.ignite.testframework.GridTestUtils.sslTrustedFactory;
+
+/**
+ * Command line handler test with SSL and security.
+ */
+public class GridCommandHandlerSslWithSecurityTest extends GridCommonAbstractTest {
+ /** Login. */
+ private final String login = "testUsr";
+
+ /** Password. */
+ private final String pwd = "testPwd";
+
+ /** {@inheritDoc} */
+ @Override protected IgniteConfiguration getConfiguration(String igniteInstanceName) throws Exception {
+ return super.getConfiguration(igniteInstanceName)
+ .setPluginProviders(new TestSecurityPluginProvider(login, pwd, ALLOW_ALL, null, false))
+ .setSslContextFactory(sslTrustedFactory("node01", "trustone"))
+ .setConnectorConfiguration(new ConnectorConfiguration().setSslEnabled(true));
+ }
+
+ /**
+ * Verify that the command work correctly when entering passwords for
+ * keystore and truststore, and that these passwords are requested only
+ * once.
+ *
+ * @throws Exception If failed.
+ */
+ @Test
+ public void testInputKeyTrustStorePwdOnlyOnce() throws Exception {
+ IgniteEx crd = startGrid();
+
+ crd.cluster().active(true);
+
+ CommandHandler cmd = new CommandHandler();
+
+ AtomicInteger keyStorePwdCnt = new AtomicInteger();
+ AtomicInteger trustStorePwdCnt = new AtomicInteger();
+
+ cmd.console = new NoopConsole() {
+ /** {@inheritDoc} */
+ @Override public char[] readPassword(String fmt, Object... args) {
+ if (fmt.contains("keystore")) {
+ keyStorePwdCnt.incrementAndGet();
+
+ return keyStorePassword().toCharArray();
+ }
+ else if (fmt.contains("truststore")) {
+ trustStorePwdCnt.incrementAndGet();
+
+ return keyStorePassword().toCharArray();
+ }
+
+ return pwd.toCharArray();
+ }
+ };
+
+ List<String> args = new ArrayList<>();
+
+ args.add(DEACTIVATE.text());
+ args.add("--yes");
+
+ args.add("--user");
+ args.add(login);
+
+ args.add("--keystore");
+ args.add(keyStorePath("node01"));
+
+ args.add("--truststore");
+ args.add(keyStorePath("trustone"));
+
+ assertEquals(EXIT_CODE_OK, cmd.execute(args));
+ assertEquals(1, keyStorePwdCnt.get());
+ assertEquals(1, trustStorePwdCnt.get());
+ }
+}
diff --git a/modules/core/src/test/java/org/apache/ignite/testsuites/SecurityTestSuite.java b/modules/core/src/test/java/org/apache/ignite/testsuites/SecurityTestSuite.java
index b8bd726..1e2d7fa 100644
--- a/modules/core/src/test/java/org/apache/ignite/testsuites/SecurityTestSuite.java
+++ b/modules/core/src/test/java/org/apache/ignite/testsuites/SecurityTestSuite.java
@@ -18,6 +18,7 @@
package org.apache.ignite.testsuites;
import org.apache.ignite.internal.processors.security.IgniteSecurityProcessorTest;
+import org.apache.ignite.internal.processors.security.GridCommandHandlerSslWithSecurityTest;
import org.apache.ignite.internal.processors.security.InvalidServerTest;
import org.apache.ignite.internal.processors.security.cache.CacheOperationPermissionCheckTest;
import org.apache.ignite.internal.processors.security.cache.ContinuousQueryPermissionCheckTest;
@@ -85,7 +86,8 @@ import org.junit.runners.Suite;
IgniteOperationsInsideSandboxTest.class,
SecuritySubjectPermissionsTest.class,
AccessToClassesInsideInternalPackageTest.class,
- IgniteSecurityProcessorTest.class
+ IgniteSecurityProcessorTest.class,
+ GridCommandHandlerSslWithSecurityTest.class
})
public class SecurityTestSuite {
}