You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ud...@apache.org on 2016/09/06 19:01:44 UTC
[1/3] incubator-geode git commit: GEODE-1792: ssl-ciphers and
ssl-protocols are comma delimited. Changed JMX_MANAGER_SSL_ALIAS ->
JMX_SSL_ALIAS
Repository: incubator-geode
Updated Branches:
refs/heads/feature/GEODE-1792 [created] 9626269f3
GEODE-1792: ssl-ciphers and ssl-protocols are comma delimited.
Changed JMX_MANAGER_SSL_ALIAS -> JMX_SSL_ALIAS
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/156d2d15
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/156d2d15
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/156d2d15
Branch: refs/heads/feature/GEODE-1792
Commit: 156d2d151c714ece94604f1ac0f0563af096fd8c
Parents: c6f5997
Author: Udo Kohlmeyer <uk...@pivotal.io>
Authored: Tue Sep 6 15:50:18 2016 +1000
Committer: Udo Kohlmeyer <uk...@pivotal.io>
Committed: Tue Sep 6 15:50:18 2016 +1000
----------------------------------------------------------------------
.../distributed/ConfigurationProperties.java | 6 +-
.../internal/AbstractDistributionConfig.java | 2 +-
.../internal/DistributionConfig.java | 16 +-
.../internal/DistributionConfigImpl.java | 18 ++-
.../internal/net/SSLConfigurationFactory.java | 2 +-
.../gemfire/internal/net/SocketCreator.java | 3 +-
.../gemfire/management/GemFireProperties.java | 161 ++++++++++++++++++-
.../internal/beans/BeanUtilFuncs.java | 17 ++
.../gemfire/distributed/LocatorDUnitTest.java | 5 +-
.../net/SSLConfigurationFactoryTest.java | 2 +-
.../net/SocketCreatorFactoryJUnitTest.java | 4 +-
.../gemfire/management/JMXMBeanDUnitTest.java | 6 +-
12 files changed, 206 insertions(+), 36 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/156d2d15/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java
index df85aca..6db4142 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java
@@ -849,7 +849,7 @@ public interface ConfigurationProperties {
* <U>Default</U>: "" </p>
* <U>Since</U>: Geode 1.0
*/
- String SSL_JMX_MANAGER_ALIAS = "ssl-jmx-alias";
+ String SSL_JMX_ALIAS = "ssl-jmx-alias";
/**
* The static String definition of the <i>"jmx-manager-ssl-ciphers"</i> property
* <a name="jmx-manager-ssl-ciphers"/a></p>
@@ -871,7 +871,7 @@ public interface ConfigurationProperties {
* Ignored if jmx-manager is false.
* </p>
* <U>Default</U>: "false"
- * @deprecated Since Geode 1.0 use {@link #SSL_ENABLED_COMPONENTS} with optional {@link #SSL_JMX_MANAGER_ALIAS}
+ * @deprecated Since Geode 1.0 use {@link #SSL_ENABLED_COMPONENTS} with optional {@link #SSL_JMX_ALIAS}
*/
@Deprecated
String JMX_MANAGER_SSL_ENABLED = "jmx-manager-ssl-enabled";
@@ -1813,7 +1813,7 @@ public interface ConfigurationProperties {
*
* <U>Description</U>This property will be set when using multi-key keystores. This will define the alias that
* the ssl connection factory would use when no alias has been set for the different component aliases.
- * {@link #SSL_CLUSTER_ALIAS}, {@link #SSL_SERVER_ALIAS},{@link #SSL_LOCATOR_ALIAS},{@link #SSL_GATEWAY_ALIAS},{@link #SSL_JMX_MANAGER_ALIAS} , {@link #SSL_HTTP_SERVICE_ALIAS}
+ * {@link #SSL_CLUSTER_ALIAS}, {@link #SSL_SERVER_ALIAS},{@link #SSL_LOCATOR_ALIAS},{@link #SSL_GATEWAY_ALIAS},{@link #SSL_JMX_ALIAS} , {@link #SSL_HTTP_SERVICE_ALIAS}
* </p>
* <U>Default</U>: ""</p>
* <U>Since</U>: Geode 1.0
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/156d2d15/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/AbstractDistributionConfig.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/AbstractDistributionConfig.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/AbstractDistributionConfig.java
index f92511e..ce77c5e 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/AbstractDistributionConfig.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/AbstractDistributionConfig.java
@@ -885,7 +885,7 @@ public abstract class AbstractDistributionConfig extends AbstractConfig implemen
m.put(JMX_MANAGER, "If true then this member is willing to be a jmx manager. Defaults to false except on a locator.");
m.put(JMX_MANAGER_START, "If true then the jmx manager will be started when the cache is created. Defaults to false.");
m.put(JMX_MANAGER_SSL_ENABLED, "If true then the jmx manager will only allow SSL clients to connect. Defaults to false. This property is ignored if jmx-manager-port is \"0\".");
- m.put(SSL_JMX_MANAGER_ALIAS, LocalizedStrings.AbstractDistributionConfig_JMX_MANAGER_SSL_ALIAS_0.toLocalizedString(Boolean.valueOf(DEFAULT_SSL_ALIAS)));
+ m.put(SSL_JMX_ALIAS, LocalizedStrings.AbstractDistributionConfig_JMX_MANAGER_SSL_ALIAS_0.toLocalizedString(Boolean.valueOf(DEFAULT_SSL_ALIAS)));
m.put(JMX_MANAGER_SSL_CIPHERS, "List of available SSL cipher suites that are to be enabled for JMX Manager. Defaults to \"" + DEFAULT_JMX_MANAGER_SSL_CIPHERS + "\" meaning your provider''s defaults.");
m.put(JMX_MANAGER_SSL_PROTOCOLS, "List of available SSL protocols that are to be enabled for JMX Manager. Defaults to \"" + DEFAULT_JMX_MANAGER_SSL_PROTOCOLS + "\" meaning defaults of your provider.");
m.put(JMX_MANAGER_SSL_REQUIRE_AUTHENTICATION, "If set to false, ciphers and protocols that permit anonymous JMX Clients are allowed. Defaults to \"" + DEFAULT_JMX_MANAGER_SSL_REQUIRE_AUTHENTICATION + "\".");
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/156d2d15/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
index 4ad95c6..628231b 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
@@ -4316,27 +4316,27 @@ public interface DistributionConfig extends Config, LogConfig {
String HTTP_SERVICE_SSL_ALIAS_NAME = SSL_HTTP_SERVICE_ALIAS;
/**
- * Returns the value of the {@link ConfigurationProperties#SSL_JMX_MANAGER_ALIAS}
+ * Returns the value of the {@link ConfigurationProperties#SSL_JMX_ALIAS}
* property.
* @since Geode 1.0
*/
- @ConfigAttributeGetter(name = SSL_JMX_MANAGER_ALIAS)
- String getJMXManagerSSLAlias();
+ @ConfigAttributeGetter(name = SSL_JMX_ALIAS)
+ String getJMXSSLAlias();
/**
- * Sets the value of the {@link ConfigurationProperties#SSL_JMX_MANAGER_ALIAS}
+ * Sets the value of the {@link ConfigurationProperties#SSL_JMX_ALIAS}
* property.
* @since Geode 1.0
*/
- @ConfigAttributeSetter(name = SSL_JMX_MANAGER_ALIAS)
- void setJMXManagerSSLAlias(String alias);
+ @ConfigAttributeSetter(name = SSL_JMX_ALIAS)
+ void setJMXSSLAlias(String alias);
/**
- * The name of the {@link ConfigurationProperties#SSL_JMX_MANAGER_ALIAS} property
+ * The name of the {@link ConfigurationProperties#SSL_JMX_ALIAS} property
* @since Geode 1.0
*/
@ConfigAttribute(type = String.class)
- String JMX_MANAGER_SSL_ALIAS_NAME = SSL_JMX_MANAGER_ALIAS;
+ String JMX_SSL_ALIAS_NAME = SSL_JMX_ALIAS;
/**
* Returns the value of the {@link ConfigurationProperties#SSL_SERVER_ALIAS}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/156d2d15/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
index 1ac92d0..bcc0413 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
@@ -26,13 +26,11 @@ import java.lang.reflect.Method;
import java.net.InetAddress;
import java.net.URL;
import java.net.UnknownHostException;
-import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
-import java.util.Objects;
import java.util.Properties;
import java.util.Set;
@@ -770,7 +768,7 @@ public class DistributionConfigImpl extends AbstractDistributionConfig implement
this.clusterSSLAlias = other.getClusterSSLAlias();
this.gatewaySSLAlias = other.getGatewaySSLAlias();
this.httpServiceSSLAlias = other.getHTTPServiceSSLAlias();
- this.jmxManagerSSLAlias = other.getJMXManagerSSLAlias();
+ this.jmxManagerSSLAlias = other.getJMXSSLAlias();
this.serverSSLAlias = other.getServerSSLAlias();
this.locatorSSLAlias = other.getLocatorSSLAlias();
@@ -993,7 +991,7 @@ public class DistributionConfigImpl extends AbstractDistributionConfig implement
return StringUtils.isEmpty(getHTTPServiceSSLAlias()) ? true : (getSSLEnabledComponents().length > 1 ? !StringUtils.isEmpty(getSSLDefaultAlias()) : true);
}
case JMX: {
- return StringUtils.isEmpty(getJMXManagerSSLAlias()) ? true : (getSSLEnabledComponents().length > 1 ? !StringUtils.isEmpty(getSSLDefaultAlias()) : true);
+ return StringUtils.isEmpty(getJMXSSLAlias()) ? true : (getSSLEnabledComponents().length > 1 ? !StringUtils.isEmpty(getSSLDefaultAlias()) : true);
}
case LOCATOR: {
return StringUtils.isEmpty(getLocatorSSLAlias()) ? true : (getSSLEnabledComponents().length > 1 ? !StringUtils.isEmpty(getSSLDefaultAlias()) : true);
@@ -1470,6 +1468,10 @@ public class DistributionConfigImpl extends AbstractDistributionConfig implement
continue;
}
Object propVal = me.getValue();
+ if(propName.equals(SSL_CIPHERS) || propName.equals(SSL_PROTOCOLS))
+ {
+ propVal = convertCommaDelimitedToSpaceDelimitedString((String)propVal);
+ }
if (propVal != null && (propVal instanceof String)) { // weed out extraneous non-string properties
this.setAttribute(propName, ((String) propVal).trim(), this.sourceMap.get(propName));
}
@@ -1490,6 +1492,10 @@ public class DistributionConfigImpl extends AbstractDistributionConfig implement
this.modifiable = false;
}
+ private String convertCommaDelimitedToSpaceDelimitedString(final String propVal) {
+ return propVal.replace(","," ");
+ }
+
public void close() {
// Clear the extra stuff from System properties
Properties props = System.getProperties();
@@ -2559,12 +2565,12 @@ public class DistributionConfigImpl extends AbstractDistributionConfig implement
}
@Override
- public String getJMXManagerSSLAlias() {
+ public String getJMXSSLAlias() {
return jmxManagerSSLAlias;
}
@Override
- public void setJMXManagerSSLAlias(final String alias) {
+ public void setJMXSSLAlias(final String alias) {
jmxManagerSSLAlias = alias;
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/156d2d15/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java
index df4f49c..1339f5a 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java
@@ -128,7 +128,7 @@ public class SSLConfigurationFactory {
}
case JMX: {
if (sslEnabledComponents.length > 0) {
- sslConfig = setAliasForComponent(sslConfig, getDistributionConfig().getJMXManagerSSLAlias());
+ sslConfig = setAliasForComponent(sslConfig, getDistributionConfig().getJMXSSLAlias());
} else {
sslConfig = configureLegacyJMXSSL(sslConfig);
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/156d2d15/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SocketCreator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SocketCreator.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SocketCreator.java
index 0a2bfa3..6ddd0a2 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SocketCreator.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SocketCreator.java
@@ -1019,11 +1019,12 @@ public class SocketCreator {
}
serverSocket.setEnableSessionCreation(true);
- // restrict cyphers
+ // restrict protocols
String[] protocols = this.sslConfig.getProtocolsAsStringArray();
if (!"any".equalsIgnoreCase(protocols[0])) {
serverSocket.setEnabledProtocols(protocols);
}
+ // restrict ciphers
String[] ciphers = this.sslConfig.getCiphersAsStringArray();
if (!"any".equalsIgnoreCase(ciphers[0])) {
serverSocket.setEnabledCipherSuites(ciphers);
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/156d2d15/geode-core/src/main/java/com/gemstone/gemfire/management/GemFireProperties.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/GemFireProperties.java b/geode-core/src/main/java/com/gemstone/gemfire/management/GemFireProperties.java
index 410d658..61f4072 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/GemFireProperties.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/GemFireProperties.java
@@ -17,6 +17,7 @@
package com.gemstone.gemfire.management;
+import com.gemstone.gemfire.internal.security.SecurableComponent;
/**
* Composite Data type to be used by member to depict gemfire properties in key value manner
@@ -478,7 +479,7 @@ public class GemFireProperties {
*/
@Deprecated
private String jmxManagerSSLTrustStorePassword;
- private String jmxManagerSSLAlias;
+ private String jmxSSLAlias;
private boolean clusterSSLEnabled;
private String clusterSSLProtocols;
@@ -636,6 +637,20 @@ public class GemFireProperties {
* Specifies whether the default transaction mode should be distributed.
*/
private boolean distributedTransactions;
+
+ private String locatorSSLAlias;
+
+ private SecurableComponent[] sslEnabledComponents;
+ private String sslProtocols;
+ private String sslCiphers;
+ private boolean sslRequireAuthentication;
+ private String sslKeyStore;
+ private String sslKeyStoreType;
+ private String sslKeyStorePassword;
+ private String sslTrustStore;
+ private String sslTrustStorePassword;
+ private boolean sslHttpServiceRequireAuthentication;
+ private String sslDefaultAlias;
/**
@@ -1018,22 +1033,22 @@ public class GemFireProperties {
}
-// public void setSslEnabled(boolean sslEnabled) {
+// public void setSSLEnabled(boolean sslEnabled) {
// this.sslEnabled = sslEnabled;
//
// }
//
-// public void setSslCiphers(String sslCiphers) {
+// public void setSSLCiphers(String sslCiphers) {
// this.sslCiphers = sslCiphers;
//
// }
//
-// public void setSslProtocols(String sslProtocols) {
+// public void setSSLProtocols(String sslProtocols) {
// this.sslProtocols = sslProtocols;
//
// }
//
-// public void setSslRequireAuthentication(boolean sslRequireAuthentication) {
+// public void setSSLRequireAuthentication(boolean sslRequireAuthentication) {
// this.sslRequireAuthentication = sslRequireAuthentication;
//
// }
@@ -1721,4 +1736,140 @@ public class GemFireProperties {
public boolean getDistributedTransactions() {
return this.distributedTransactions;
}
+
+ public String getJmxSSLAlias() {
+ return jmxSSLAlias;
+ }
+
+ public void setJmxSSLAlias(final String jmxSSLAlias) {
+ this.jmxSSLAlias = jmxSSLAlias;
+ }
+
+ public String getClusterSSLAlias() {
+ return clusterSSLAlias;
+ }
+
+ public void setClusterSSLAlias(final String clusterSSLAlias) {
+ this.clusterSSLAlias = clusterSSLAlias;
+ }
+
+ public String getServerSSLAlias() {
+ return serverSSLAlias;
+ }
+
+ public void setServerSSLAlias(final String serverSSLAlias) {
+ this.serverSSLAlias = serverSSLAlias;
+ }
+
+ public String getGatewaySSLAlias() {
+ return gatewaySSLAlias;
+ }
+
+ public void setGatewaySSLAlias(final String gatewaySSLAlias) {
+ this.gatewaySSLAlias = gatewaySSLAlias;
+ }
+
+ public String getHttpServiceSSLAlias() {
+ return httpServiceSSLAlias;
+ }
+
+ public void setHttpServiceSSLAlias(final String httpServiceSSLAlias) {
+ this.httpServiceSSLAlias = httpServiceSSLAlias;
+ }
+
+ public String getLocatorSSLAlias() {
+ return locatorSSLAlias;
+ }
+
+ public void setLocatorSSLAlias(final String locatorSSLAlias) {
+ this.locatorSSLAlias = locatorSSLAlias;
+ }
+
+ public SecurableComponent[] getSSLEnabledComponents() {
+ return sslEnabledComponents;
+ }
+
+ public void setSSLEnabledComponents(final SecurableComponent[] sslEnabledComponents) {
+ this.sslEnabledComponents = sslEnabledComponents;
+ }
+
+ public String getSSLProtocols() {
+ return sslProtocols;
+ }
+
+ public void setSSLProtocols(final String sslProtocols) {
+ this.sslProtocols = sslProtocols;
+ }
+
+ public String getSSLCiphers() {
+ return sslCiphers;
+ }
+
+ public void setSSLCiphers(final String sslCiphers) {
+ this.sslCiphers = sslCiphers;
+ }
+
+ public boolean isSSLRequireAuthentication() {
+ return sslRequireAuthentication;
+ }
+
+ public void setSSLRequireAuthentication(final boolean sslRequireAuthentication) {
+ this.sslRequireAuthentication = sslRequireAuthentication;
+ }
+
+ public String getSSLKeyStore() {
+ return sslKeyStore;
+ }
+
+ public void setSSLKeyStore(final String sslKeyStore) {
+ this.sslKeyStore = sslKeyStore;
+ }
+
+ public String getSSLKeyStoreType() {
+ return sslKeyStoreType;
+ }
+
+ public void setSSLKeyStoreType(final String sslKeyStoreType) {
+ this.sslKeyStoreType = sslKeyStoreType;
+ }
+
+ public String getSSLKeyStorePassword() {
+ return sslKeyStorePassword;
+ }
+
+ public void setSSLKeyStorePassword(final String sslKeyStorePassword) {
+ this.sslKeyStorePassword = sslKeyStorePassword;
+ }
+
+ public String getSSLTrustStore() {
+ return sslTrustStore;
+ }
+
+ public void setSSLTrustStore(final String sslTrustStore) {
+ this.sslTrustStore = sslTrustStore;
+ }
+
+ public String getSSLTrustStorePassword() {
+ return sslTrustStorePassword;
+ }
+
+ public void setSSLTrustStorePassword(final String sslTrustStorePassword) {
+ this.sslTrustStorePassword = sslTrustStorePassword;
+ }
+
+ public boolean isSSLHttpServiceRequireAuthentication() {
+ return sslHttpServiceRequireAuthentication;
+ }
+
+ public void setSSLHttpServiceRequireAuthentication(final boolean sslHttpServiceRequireAuthentication) {
+ this.sslHttpServiceRequireAuthentication = sslHttpServiceRequireAuthentication;
+ }
+
+ public String getSSLDefaultAlias() {
+ return sslDefaultAlias;
+ }
+
+ public void setSSLDefaultAlias(final String sslDefaultAlias) {
+ this.sslDefaultAlias = sslDefaultAlias;
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/156d2d15/geode-core/src/main/java/com/gemstone/gemfire/management/internal/beans/BeanUtilFuncs.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/beans/BeanUtilFuncs.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/beans/BeanUtilFuncs.java
index 9d62fbf..8e05d74 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/beans/BeanUtilFuncs.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/beans/BeanUtilFuncs.java
@@ -333,6 +333,23 @@ public class BeanUtilFuncs {
gemFirePropertyData.setHttpServiceBindAddress(config.getHttpServiceBindAddress());
gemFirePropertyData.setStartDevRestApi(config.getStartDevRestApi());
+ gemFirePropertyData.setSSLCiphers(config.getSSLCiphers());
+ gemFirePropertyData.setSSLEnabledComponents(config.getSSLEnabledComponents());
+ gemFirePropertyData.setSSLHttpServiceRequireAuthentication(config.getSSLHTTPRequireAuthentication());
+ gemFirePropertyData.setSSLKeyStore(config.getSSLKeyStore());
+ gemFirePropertyData.setSSLKeyStoreType(config.getSSLKeyStoreType());
+ gemFirePropertyData.setSSLKeyStorePassword(config.getSSLKeyStorePassword());
+ gemFirePropertyData.setSSLTrustStore(config.getSSLTrustStore());
+ gemFirePropertyData.setSSLTrustStorePassword(config.getSSLTrustStorePassword());
+
+ gemFirePropertyData.setClusterSSLAlias(config.getClusterSSLAlias());
+ gemFirePropertyData.setServerSSLAlias(config.getServerSSLAlias());
+ gemFirePropertyData.setJmxSSLAlias(config.getJMXSSLAlias());
+ gemFirePropertyData.setGatewaySSLAlias(config.getGatewaySSLAlias());
+ gemFirePropertyData.setLocatorSSLAlias(config.getLocatorSSLAlias());
+ gemFirePropertyData.setHttpServiceSSLAlias(config.getHTTPServiceSSLAlias());
+ gemFirePropertyData.setSSLDefaultAlias(config.getSSLDefaultAlias());
+
return gemFirePropertyData;
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/156d2d15/geode-core/src/test/java/com/gemstone/gemfire/distributed/LocatorDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/distributed/LocatorDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/distributed/LocatorDUnitTest.java
index fc0e93b..a373e82 100755
--- a/geode-core/src/test/java/com/gemstone/gemfire/distributed/LocatorDUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/distributed/LocatorDUnitTest.java
@@ -55,7 +55,6 @@ import com.gemstone.gemfire.internal.AvailablePortHelper;
import com.gemstone.gemfire.internal.cache.GemFireCacheImpl;
import com.gemstone.gemfire.internal.logging.InternalLogWriter;
import com.gemstone.gemfire.internal.logging.LocalLogWriter;
-import com.gemstone.gemfire.internal.net.SocketCreatorFactory;
import com.gemstone.gemfire.internal.security.SecurableComponent;
import com.gemstone.gemfire.internal.tcp.Connection;
import com.gemstone.gemfire.test.dunit.DistributedTestUtils;
@@ -365,8 +364,8 @@ public class LocatorDUnitTest extends JUnit4DistributedTestCase {
properties.put(MEMBER_TIMEOUT, "2000");
properties.put(LOG_LEVEL, LogWriterUtils.getDUnitLogLevel());
properties.put(ENABLE_CLUSTER_CONFIGURATION, "false");
- properties.put(SSL_CIPHERS, "any");
- properties.put(SSL_PROTOCOLS, "any");
+ properties.put(SSL_CIPHERS, "TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
+ properties.put(SSL_PROTOCOLS, "TLSv1,TLSv1.1,TLSv1.2");
properties.put(SSL_KEYSTORE, getSingleKeyKeystore());
properties.put(SSL_KEYSTORE_PASSWORD, "password");
properties.put(SSL_KEYSTORE_TYPE, "JKS");
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/156d2d15/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactoryTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactoryTest.java b/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactoryTest.java
index d890457..3cbe55e 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactoryTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactoryTest.java
@@ -155,7 +155,7 @@ public class SSLConfigurationFactoryTest extends JUnit4DistributedTestCase {
case HTTP_SERVICE:
return getAliasForComponent(properties, SSL_HTTP_SERVICE_ALIAS);
case JMX:
- return getAliasForComponent(properties, SSL_JMX_MANAGER_ALIAS);
+ return getAliasForComponent(properties, SSL_JMX_ALIAS);
case LOCATOR:
return getAliasForComponent(properties, SSL_LOCATOR_ALIAS);
case SERVER:
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/156d2d15/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SocketCreatorFactoryJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SocketCreatorFactoryJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SocketCreatorFactoryJUnitTest.java
index c55c661..06de622 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SocketCreatorFactoryJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SocketCreatorFactoryJUnitTest.java
@@ -216,8 +216,8 @@ public class SocketCreatorFactoryJUnitTest extends JSSESocketJUnitTest {
properties.setProperty(MCAST_PORT, "0");
properties.setProperty(SSL_REQUIRE_AUTHENTICATION, "true");
- properties.setProperty(SSL_CIPHERS, "any");
- properties.setProperty(SSL_PROTOCOLS, "TLSv1.2");
+ properties.setProperty(SSL_CIPHERS, "MD2withRSA,MD5withRSA,SHA1withRSA,SHA256withRSA,SHA384withRSA,SHA512withRS");
+ properties.setProperty(SSL_PROTOCOLS, "TLSv1,TLSv1.1,TLSv1.2");
properties.setProperty(SSL_KEYSTORE, jks.getCanonicalPath());
properties.setProperty(SSL_KEYSTORE_PASSWORD, "password");
properties.setProperty(SSL_KEYSTORE_TYPE, "JKS");
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/156d2d15/geode-core/src/test/java/com/gemstone/gemfire/management/JMXMBeanDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/JMXMBeanDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/JMXMBeanDUnitTest.java
index f08c172..3c1f944 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/JMXMBeanDUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/JMXMBeanDUnitTest.java
@@ -22,9 +22,6 @@ import static org.junit.Assert.*;
import java.io.File;
import java.io.IOException;
-import java.io.Serializable;
-import java.net.Socket;
-import java.rmi.server.RMIClientSocketFactory;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
@@ -43,7 +40,6 @@ import org.junit.experimental.categories.Category;
import com.gemstone.gemfire.distributed.LocatorLauncher;
import com.gemstone.gemfire.internal.AvailablePortHelper;
-import com.gemstone.gemfire.internal.net.SocketCreator;
import com.gemstone.gemfire.internal.security.SecurableComponent;
import com.gemstone.gemfire.test.dunit.DistributedTestCase;
import com.gemstone.gemfire.test.dunit.DistributedTestUtils;
@@ -246,7 +242,7 @@ public class JMXMBeanDUnitTest extends DistributedTestCase {
if (useMultiKey) {
properties.setProperty(SSL_KEYSTORE, getMultiKeyKeystore());
properties.setProperty(SSL_TRUSTSTORE, getMultiKeyTruststore());
- properties.setProperty(SSL_JMX_MANAGER_ALIAS, "jmxkey");
+ properties.setProperty(SSL_JMX_ALIAS, "jmxkey");
}
}
}
[2/3] incubator-geode git commit: Merge branch 'feature/GEODE-420'
into feature/GEODE-1792
Posted by ud...@apache.org.
Merge branch 'feature/GEODE-420' into feature/GEODE-1792
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/d79a944b
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/d79a944b
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/d79a944b
Branch: refs/heads/feature/GEODE-1792
Commit: d79a944b6ada74eeb8214a0c60a728e57152b7f8
Parents: 156d2d1 6853f56
Author: Udo Kohlmeyer <uk...@pivotal.io>
Authored: Wed Sep 7 03:30:14 2016 +1000
Committer: Udo Kohlmeyer <uk...@pivotal.io>
Committed: Wed Sep 7 03:30:14 2016 +1000
----------------------------------------------------------------------
.../internal/DistributionConfigImpl.java | 15 +-
.../gemfire/internal/AbstractConfig.java | 5 +
.../internal/security/SecurableComponent.java | 6 +-
.../internal/JmxManagerLocatorRequest.java | 6 +-
.../internal/cli/commands/ShellCommands.java | 13 +-
.../ConnectToLocatorSSLDUnitTest.java | 151 +++++++++++++++++++
6 files changed, 178 insertions(+), 18 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/d79a944b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
----------------------------------------------------------------------
[3/3] incubator-geode git commit: GEODE-1792: Amended tests to use
comma delimited ciphers and protocols
Posted by ud...@apache.org.
GEODE-1792: Amended tests to use comma delimited ciphers and protocols
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/9626269f
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/9626269f
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/9626269f
Branch: refs/heads/feature/GEODE-1792
Commit: 9626269f305fbb55d4e7f4a19dd646d407c9c50b
Parents: d79a944
Author: Udo Kohlmeyer <uk...@pivotal.io>
Authored: Wed Sep 7 05:01:34 2016 +1000
Committer: Udo Kohlmeyer <uk...@pivotal.io>
Committed: Wed Sep 7 05:01:34 2016 +1000
----------------------------------------------------------------------
.../internal/DistributionConfigImpl.java | 10 ++---
.../net/SSLConfigurationFactoryTest.java | 42 +++++++++++++++++++-
.../net/SocketCreatorFactoryJUnitTest.java | 5 ++-
.../ConnectToLocatorSSLDUnitTest.java | 2 +-
4 files changed, 48 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9626269f/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
index b272615..7b6b40d 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
@@ -1470,10 +1470,6 @@ public class DistributionConfigImpl extends AbstractDistributionConfig implement
continue;
}
Object propVal = me.getValue();
- if(propName.equals(SSL_CIPHERS) || propName.equals(SSL_PROTOCOLS))
- {
- propVal = convertCommaDelimitedToSpaceDelimitedString((String)propVal);
- }
if (propVal != null && (propVal instanceof String)) { // weed out extraneous non-string properties
this.setAttribute(propName, ((String) propVal).trim(), this.sourceMap.get(propName));
}
@@ -2603,7 +2599,8 @@ public class DistributionConfigImpl extends AbstractDistributionConfig implement
@Override
public void setSSLProtocols(final String sslProtocols) {
- this.sslProtocols = sslProtocols;
+ //This conversion is required due to backwards compatibility of the existing protocols code
+ this.sslProtocols = convertCommaDelimitedToSpaceDelimitedString(sslProtocols);
}
@Override
@@ -2613,7 +2610,8 @@ public class DistributionConfigImpl extends AbstractDistributionConfig implement
@Override
public void setSSLCiphers(final String sslCiphers) {
- this.sslCiphers = sslCiphers;
+ //This conversion is required due to backwards compatibility of the existing cipher code
+ this.sslCiphers = convertCommaDelimitedToSpaceDelimitedString(sslCiphers);
}
@Override
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9626269f/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactoryTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactoryTest.java b/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactoryTest.java
index 3cbe55e..bc142e2 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactoryTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactoryTest.java
@@ -42,6 +42,44 @@ public class SSLConfigurationFactoryTest extends JUnit4DistributedTestCase {
}
@Test
+ public void getSSLConfigWithCommaDelimitedProtocols() throws Exception {
+ Properties properties = new Properties();
+ properties.setProperty(SSL_ENABLED_COMPONENTS, "all");
+ properties.setProperty(SSL_KEYSTORE, "someKeyStore");
+ properties.setProperty(SSL_KEYSTORE_PASSWORD, "keystorePassword");
+ properties.setProperty(SSL_KEYSTORE_TYPE, "JKS");
+ properties.setProperty(SSL_TRUSTSTORE, "someKeyStore");
+ properties.setProperty(SSL_TRUSTSTORE_PASSWORD, "keystorePassword");
+ properties.setProperty(SSL_DEFAULT_ALIAS, "defaultAlias");
+ properties.setProperty(SSL_CIPHERS, "Cipher1,Cipher2");
+ properties.setProperty(SSL_PROTOCOLS, "Protocol1,Protocol2");
+ DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
+ SSLConfigurationFactory.setDistributionConfig(distributionConfig);
+ for (SecurableComponent securableComponent : SecurableComponent.values()) {
+ assertSSLConfig(properties, SSLConfigurationFactory.getSSLConfigForComponent(securableComponent), securableComponent, distributionConfig);
+ }
+ }
+
+ @Test
+ public void getSSLConfigWithCommaDelimitedCiphers() throws Exception {
+ Properties properties = new Properties();
+ properties.setProperty(SSL_ENABLED_COMPONENTS, "all");
+ properties.setProperty(SSL_KEYSTORE, "someKeyStore");
+ properties.setProperty(SSL_KEYSTORE_PASSWORD, "keystorePassword");
+ properties.setProperty(SSL_KEYSTORE_TYPE, "JKS");
+ properties.setProperty(SSL_TRUSTSTORE, "someKeyStore");
+ properties.setProperty(SSL_TRUSTSTORE_PASSWORD, "keystorePassword");
+ properties.setProperty(SSL_DEFAULT_ALIAS, "defaultAlias");
+ properties.setProperty(SSL_CIPHERS, "Cipher1,Cipher2");
+ properties.setProperty(SSL_PROTOCOLS, "any");
+ DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
+ SSLConfigurationFactory.setDistributionConfig(distributionConfig);
+ for (SecurableComponent securableComponent : SecurableComponent.values()) {
+ assertSSLConfig(properties, SSLConfigurationFactory.getSSLConfigForComponent(securableComponent), securableComponent, distributionConfig);
+ }
+ }
+
+ @Test
public void getSSLConfigForComponentALL() throws Exception {
Properties properties = new Properties();
properties.setProperty(SSL_ENABLED_COMPONENTS, "all");
@@ -130,8 +168,8 @@ public class SSLConfigurationFactoryTest extends JUnit4DistributedTestCase {
assertEquals(properties.getProperty(SSL_KEYSTORE_TYPE), sslConfig.getKeystoreType());
assertEquals(properties.getProperty(SSL_TRUSTSTORE), sslConfig.getTruststore());
assertEquals(properties.getProperty(SSL_TRUSTSTORE_PASSWORD), sslConfig.getTruststorePassword());
- assertEquals(properties.getProperty(SSL_CIPHERS), sslConfig.getCiphers());
- assertEquals(properties.getProperty(SSL_PROTOCOLS), sslConfig.getProtocols());
+ assertEquals(properties.getProperty(SSL_CIPHERS).replace(","," "), sslConfig.getCiphers());
+ assertEquals(properties.getProperty(SSL_PROTOCOLS).replace(","," "), sslConfig.getProtocols());
assertEquals(getCorrectAlias(expectedSecurableComponent, properties), sslConfig.getAlias());
assertEquals(requiresAuthentication(properties, expectedSecurableComponent), sslConfig.isRequireAuth());
assertEquals(expectedSecurableComponent, sslConfig.getSecuredComponent());
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9626269f/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SocketCreatorFactoryJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SocketCreatorFactoryJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SocketCreatorFactoryJUnitTest.java
index 06de622..7c2b729 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SocketCreatorFactoryJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SocketCreatorFactoryJUnitTest.java
@@ -157,7 +157,8 @@ public class SocketCreatorFactoryJUnitTest extends JSSESocketJUnitTest {
@Test
public void testNewSSLConfigSSLComponentCombinations2() {
- Properties properties = configureSSLProperties(commaDelimitedString(SecurableComponent.CLUSTER.getConstant(), SecurableComponent.SERVER.getConstant(), SecurableComponent.HTTP_SERVICE.getConstant(), SecurableComponent.JMX.getConstant()));
+ Properties properties = configureSSLProperties(commaDelimitedString(SecurableComponent.CLUSTER.getConstant(), SecurableComponent.SERVER.getConstant(), SecurableComponent.HTTP_SERVICE
+ .getConstant(), SecurableComponent.JMX.getConstant()));
DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
SocketCreatorFactory.setDistributionConfig(distributionConfig);
@@ -216,7 +217,7 @@ public class SocketCreatorFactoryJUnitTest extends JSSESocketJUnitTest {
properties.setProperty(MCAST_PORT, "0");
properties.setProperty(SSL_REQUIRE_AUTHENTICATION, "true");
- properties.setProperty(SSL_CIPHERS, "MD2withRSA,MD5withRSA,SHA1withRSA,SHA256withRSA,SHA384withRSA,SHA512withRS");
+ properties.setProperty(SSL_CIPHERS, "TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
properties.setProperty(SSL_PROTOCOLS, "TLSv1,TLSv1.1,TLSv1.2");
properties.setProperty(SSL_KEYSTORE, jks.getCanonicalPath());
properties.setProperty(SSL_KEYSTORE_PASSWORD, "password");
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9626269f/geode-core/src/test/java/com/gemstone/gemfire/management/ConnectToLocatorSSLDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/ConnectToLocatorSSLDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/ConnectToLocatorSSLDUnitTest.java
index 75a0e82..048e304 100644
--- a/geode-core/src/test/java/com/gemstone/gemfire/management/ConnectToLocatorSSLDUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/ConnectToLocatorSSLDUnitTest.java
@@ -81,7 +81,7 @@ public class ConnectToLocatorSSLDUnitTest extends JUnit4DistributedTestCase {
securityProps.setProperty(SSL_KEYSTORE_TYPE, "JKS");
securityProps.setProperty(SSL_TRUSTSTORE, jks.getCanonicalPath());
securityProps.setProperty(SSL_TRUSTSTORE_PASSWORD, "password");
- securityProps.setProperty(SSL_PROTOCOLS, "TLSv1.2 TLSv1.1");
+ securityProps.setProperty(SSL_PROTOCOLS, "TLSv1.2,TLSv1.1");
setUpLocatorAndConnect(securityProps);
}