You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ud...@apache.org on 2016/09/13 19:11:51 UTC
[04/50] [abbrv] incubator-geode git commit: GEODE-420: adding
ssl-http-service-require-authentication property
GEODE-420: adding ssl-http-service-require-authentication property
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/8754dae4
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/8754dae4
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/8754dae4
Branch: refs/heads/develop
Commit: 8754dae48af43f2159b8f0295e9a443d8de6a71a
Parents: 6179a69
Author: Udo Kohlmeyer <uk...@pivotal.io>
Authored: Wed Aug 17 15:44:25 2016 +1000
Committer: Udo Kohlmeyer <uk...@pivotal.io>
Committed: Wed Aug 17 15:44:25 2016 +1000
----------------------------------------------------------------------
.../distributed/ConfigurationProperties.java | 9 +
.../internal/DistributionConfig.java | 33 +++-
.../internal/DistributionConfigImpl.java | 12 ++
.../gemfire/internal/admin/SSLConfig.java | 4 +-
.../internal/net/SSLConfigurationFactory.java | 36 ++--
.../gemfire/distributed/LocatorDUnitTest.java | 4 +-
.../net/SSLConfigurationFactoryTest.java | 163 +++++++++++++++++++
7 files changed, 240 insertions(+), 21 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8754dae4/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java
index 11e961e..fdb3bf6 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java
@@ -1758,4 +1758,13 @@ public interface ConfigurationProperties {
* <U>Since</U>: Geode 1.0
*/
String SSL_DEFAULT_ALIAS = "ssl-default-alias";
+ /**
+ * The static String definition of the <i>"ssl-http-service-require-authentication"</i> property
+ *
+ * <U>Description</U>If false allows client side's http connection to be authenticated without a 2-way SSL authentication.
+ * </p>
+ * <U>Default</U>: "false"</p>
+ * <U>Since</U>: Geode 1.0
+ */
+ String SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION = "ssl-http-service-require-authentication";
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8754dae4/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
index 126342f..8e2a60b 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
@@ -1631,12 +1631,12 @@ public interface DistributionConfig extends Config, LogConfig {
@ConfigAttribute(type = int[].class)
String MEMBERSHIP_PORT_RANGE_NAME = MEMBERSHIP_PORT_RANGE;
- /** set this boolean to restrict membership/communications to use ports in the ephemeral range */
+ /**
+ * set this boolean to restrict membership/communications to use ports in the ephemeral range
+ */
String RESTRICT_MEMBERSHIP_PORT_RANGE = GEMFIRE_PREFIX + "use-ephemeral-ports";
- int[] DEFAULT_MEMBERSHIP_PORT_RANGE = Boolean.getBoolean(RESTRICT_MEMBERSHIP_PORT_RANGE)
- ? new int[] { 32769, 61000 }
- : new int[] { 1024, 65535 };
+ int[] DEFAULT_MEMBERSHIP_PORT_RANGE = Boolean.getBoolean(RESTRICT_MEMBERSHIP_PORT_RANGE) ? new int[] { 32769, 61000 } : new int[] { 1024, 65535 };
@ConfigAttributeGetter(name = MEMBERSHIP_PORT_RANGE)
int[] getMembershipPortRange();
@@ -4540,6 +4540,31 @@ public interface DistributionConfig extends Config, LogConfig {
@ConfigAttribute(type = String.class)
String SSL_TRUSTSTORE_PASSWORD_NAME = SSL_TRUSTSTORE_PASSWORD;
+ /**
+ * Returns the value of the {@link ConfigurationProperties#SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION}
+ * property.
+ */
+ @ConfigAttributeGetter(name = SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION)
+ boolean getSSLHTTPRequireAuthentication();
+
+ /**
+ * Sets the value of the {@link ConfigurationProperties#SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION}
+ * property.
+ */
+ @ConfigAttributeSetter(name = SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION)
+ void setSSLHTTPRequireAuthentication(boolean requiresAuthenatication);
+
+ /**
+ * The name of the {@link ConfigurationProperties#SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION} property
+ */
+ @ConfigAttribute(type = Boolean.class)
+ String SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION_NAME = SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION;
+
+ /**
+ * The default value for http service ssl mutual authentication
+ */
+ boolean DEFAULT_SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION = false;
+
//*************** Initializers to gather all the annotations in this class ************************
Map<String, ConfigAttribute> attributes = new HashMap<>();
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8754dae4/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
index 26263d3..a5a9aa6 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
@@ -556,6 +556,7 @@ public class DistributionConfigImpl extends AbstractDistributionConfig implement
private String sslKeyStorePassword = DEFAULT_SSL_KEYSTORE_PASSWORD;
private String sslTrustStore = DEFAULT_SSL_TRUSTSTORE;
private String sslTrustStorePassword = DEFAULT_SSL_TRUSTSTORE_PASSWORD;
+ private boolean sslHttpServiceRequireAuthentication = DEFAULT_SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION;
private String locatorSSLAlias = DEFAULT_SSL_ALIAS;
@@ -772,6 +773,7 @@ public class DistributionConfigImpl extends AbstractDistributionConfig implement
this.sslTrustStorePassword = other.getSSLTrustStorePassword();
this.sslProperties = other.getSSLProperties();
this.sslDefaultAlias = other.getSSLDefaultAlias();
+ this.sslHttpServiceRequireAuthentication = other.getSSLHTTPRequireAuthentication();
}
@@ -2642,6 +2644,16 @@ public class DistributionConfigImpl extends AbstractDistributionConfig implement
this.sslTrustStorePassword = sslTrustStorePassword;
}
+ @Override
+ public boolean getSSLHTTPRequireAuthentication() {
+ return sslHttpServiceRequireAuthentication;
+ }
+
+ @Override
+ public void setSSLHTTPRequireAuthentication(final boolean requiresAuthenatication) {
+ this.sslHttpServiceRequireAuthentication = requiresAuthenatication;
+ }
+
/////////////////////// Utility Methods ///////////////////////
/**
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8754dae4/geode-core/src/main/java/com/gemstone/gemfire/internal/admin/SSLConfig.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/admin/SSLConfig.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/admin/SSLConfig.java
index 977d44d..ebf3a7e 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/admin/SSLConfig.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/admin/SSLConfig.java
@@ -30,8 +30,6 @@ import com.gemstone.gemfire.management.internal.SSLUtil;
*/
public class SSLConfig {
- //private static final String PREFIX = "javax.net.ssl.";
-
private boolean enabled = DistributionConfig.DEFAULT_SSL_ENABLED;
private String protocols = DistributionConfig.DEFAULT_SSL_PROTOCOLS;
private String ciphers = DistributionConfig.DEFAULT_SSL_CIPHERS;
@@ -150,6 +148,8 @@ public class SSLConfig {
this.truststoreType = truststoreType;
}
+
+
public Properties getProperties() {
return this.properties;
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8754dae4/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java
index 9873d03..33378b8 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java
@@ -62,33 +62,33 @@ public class SSLConfigurationFactory {
}
private SSLConfig createSSLConfigForComponent(final SSLEnabledComponent sslEnabledComponent) {
- SSLConfig sslConfig = new SSLConfig();
- configureClusterSSL(sslConfig, sslEnabledComponent);
+ SSLConfig sslConfig = createSSLConfig(sslEnabledComponent);
SSLEnabledComponent[] sslEnabledComponents = distributionConfig.getSSLEnabledComponents();
- if(sslEnabledComponents.length == 0)
- {
+ if (sslEnabledComponents.length == 0) {
sslConfig = configureLegacyClusterSSL(sslConfig);
}
sslConfig.setSslEnabledComponent(sslEnabledComponent);
switch (sslEnabledComponent) {
case ALL: {
-
+ //Create a SSLConfig separate for HTTP Service. As the require-authentication might differ
+ createSSLConfigForComponent(SSLEnabledComponent.HTTP_SERVICE);
+ break;
}
case CLUSTER: {
if (sslEnabledComponents.length > 0) {
- sslConfig.setAlias(distributionConfig.getClusterSSLAlias());
+ sslConfig = setAliasForComponent(sslConfig, distributionConfig.getClusterSSLAlias());
}
break;
}
case LOCATOR: {
if (sslEnabledComponents.length > 0) {
- sslConfig.setAlias(distributionConfig.getLocatorSSLAlias());
+ sslConfig = setAliasForComponent(sslConfig, distributionConfig.getLocatorSSLAlias());
}
break;
}
case SERVER: {
if (sslEnabledComponents.length > 0) {
- sslConfig.setAlias(distributionConfig.getServerSSLAlias());
+ sslConfig = setAliasForComponent(sslConfig, distributionConfig.getServerSSLAlias());
} else {
sslConfig = configureLegacyServerSSL(sslConfig);
}
@@ -96,7 +96,7 @@ public class SSLConfigurationFactory {
}
case GATEWAY: {
if (sslEnabledComponents.length > 0) {
- sslConfig.setAlias(distributionConfig.getGatewaySSLAlias());
+ sslConfig = setAliasForComponent(sslConfig, distributionConfig.getGatewaySSLAlias());
} else {
sslConfig = configureLegacyGatewaySSL(sslConfig);
}
@@ -104,7 +104,8 @@ public class SSLConfigurationFactory {
}
case HTTP_SERVICE: {
if (sslEnabledComponents.length > 0) {
- sslConfig.setAlias(distributionConfig.getHTTPServiceSSLAlias());
+ sslConfig = setAliasForComponent(sslConfig, distributionConfig.getHTTPServiceSSLAlias());
+ sslConfig.setRequireAuth(distributionConfig.getSSLHTTPRequireAuthentication());
} else {
sslConfig = configureLegacyHttpServiceSSL(sslConfig);
}
@@ -112,7 +113,7 @@ public class SSLConfigurationFactory {
}
case JMX: {
if (sslEnabledComponents.length > 0) {
- sslConfig.setAlias(distributionConfig.getJMXManagerSSLAlias());
+ sslConfig = setAliasForComponent(sslConfig, distributionConfig.getJMXManagerSSLAlias());
} else {
sslConfig = configureLegacyJMXSSL(sslConfig);
}
@@ -123,7 +124,15 @@ public class SSLConfigurationFactory {
return sslConfig;
}
- private void configureClusterSSL(final SSLConfig sslConfig, final SSLEnabledComponent sslEnabledComponent) {
+ private SSLConfig setAliasForComponent(final SSLConfig sslConfig, final String clusterSSLAlias) {
+ if (!StringUtils.isEmpty(clusterSSLAlias)) {
+ sslConfig.setAlias(clusterSSLAlias);
+ }
+ return sslConfig;
+ }
+
+ private SSLConfig createSSLConfig(final SSLEnabledComponent sslEnabledComponent) {
+ SSLConfig sslConfig = new SSLConfig();
sslConfig.setCiphers(distributionConfig.getSSLCiphers());
sslConfig.setEnabled(determineIfSSLEnabledForSSLComponent(sslEnabledComponent));
sslConfig.setKeystore(distributionConfig.getSSLKeyStore());
@@ -133,6 +142,8 @@ public class SSLConfigurationFactory {
sslConfig.setTruststorePassword(distributionConfig.getSSLTrustStorePassword());
sslConfig.setProtocols(distributionConfig.getSSLProtocols());
sslConfig.setRequireAuth(distributionConfig.getSSLRequireAuthentication());
+ sslConfig.setAlias(distributionConfig.getSSLDefaultAlias());
+ return sslConfig;
}
private boolean determineIfSSLEnabledForSSLComponent(final SSLEnabledComponent sslEnabledComponent) {
@@ -296,6 +307,7 @@ public class SSLConfigurationFactory {
registeredSSLConfig.clear();
}
+ @Deprecated
public static SSLConfig getSSLConfigForComponent(final boolean useSSL,
final boolean needClientAuth,
final String protocols,
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8754dae4/geode-core/src/test/java/com/gemstone/gemfire/distributed/LocatorDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/distributed/LocatorDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/distributed/LocatorDUnitTest.java
index 2bff100..8bfce23 100755
--- a/geode-core/src/test/java/com/gemstone/gemfire/distributed/LocatorDUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/distributed/LocatorDUnitTest.java
@@ -130,6 +130,7 @@ public class LocatorDUnitTest extends JUnit4DistributedTestCase {
system.disconnect();
system = null;
}
+ SocketCreatorFactory.close();
}
//////// Test Methods
@@ -437,7 +438,6 @@ public class LocatorDUnitTest extends JUnit4DistributedTestCase {
@Test
@Category(FlakyTest.class)
public void testStartTwoLocatorsOneWithSSLAndTheOtherNonSSL() throws Exception {
- SocketCreatorFactory.close();
IgnoredException expectedException = IgnoredException.addIgnoredException("Unrecognized SSL message, plaintext connection");
disconnectAllFromDS();
Host host = Host.getHost(0);
@@ -497,7 +497,6 @@ public class LocatorDUnitTest extends JUnit4DistributedTestCase {
@Test
@Category(FlakyTest.class)
public void testStartTwoLocatorsOneWithNonSSLAndTheOtherSSL() throws Exception {
- SocketCreatorFactory.close();
IgnoredException expectedException = IgnoredException.addIgnoredException("Remote host closed connection during handshake");
disconnectAllFromDS();
Host host = Host.getHost(0);
@@ -551,7 +550,6 @@ public class LocatorDUnitTest extends JUnit4DistributedTestCase {
@Test
@Category(FlakyTest.class)
public void testStartTwoLocatorsWithDifferentSSLCertificates() throws Exception {
- SocketCreatorFactory.close();
IgnoredException expectedException = IgnoredException.addIgnoredException("Remote host closed connection during handshake");
IgnoredException expectedException2 = IgnoredException.addIgnoredException("unable to find valid certification path to requested target");
IgnoredException expectedException3 = IgnoredException.addIgnoredException("Received fatal alert: certificate_unknown");
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8754dae4/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactoryTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactoryTest.java b/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactoryTest.java
new file mode 100644
index 0000000..067333e
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactoryTest.java
@@ -0,0 +1,163 @@
+package com.gemstone.gemfire.internal.net;
+
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import static org.junit.Assert.*;
+
+import java.util.Properties;
+
+import org.apache.commons.lang.StringUtils;
+import org.junit.After;
+import org.junit.Test;
+
+import com.gemstone.gemfire.distributed.internal.DistributionConfig;
+import com.gemstone.gemfire.distributed.internal.DistributionConfigImpl;
+import com.gemstone.gemfire.internal.admin.SSLConfig;
+import com.gemstone.gemfire.test.dunit.internal.JUnit4DistributedTestCase;
+
+public class SSLConfigurationFactoryTest extends JUnit4DistributedTestCase {
+
+ @After
+ public void tearDownTest()
+ {
+ SSLConfigurationFactory.close();
+ }
+
+ @Test
+ public void getSSLConfigForComponentALL() throws Exception {
+ Properties properties = new Properties();
+ properties.setProperty(SSL_ENABLED_COMPONENTS, "all");
+ properties.setProperty(SSL_KEYSTORE, "someKeyStore");
+ properties.setProperty(SSL_KEYSTORE_PASSWORD, "keystorePassword");
+ properties.setProperty(SSL_KEYSTORE_TYPE, "JKS");
+ properties.setProperty(SSL_TRUSTSTORE, "someKeyStore");
+ properties.setProperty(SSL_TRUSTSTORE_PASSWORD, "keystorePassword");
+ properties.setProperty(SSL_DEFAULT_ALIAS, "defaultAlias");
+ properties.setProperty(SSL_CIPHERS, "any");
+ properties.setProperty(SSL_PROTOCOLS, "any");
+ DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
+ SSLConfigurationFactory.setDistributionConfig(distributionConfig);
+ for (SSLEnabledComponent sslEnabledComponent : SSLEnabledComponent.values()) {
+ assertSSLConfig(properties, SSLConfigurationFactory.getSSLConfigForComponent(sslEnabledComponent), sslEnabledComponent, distributionConfig);
+ }
+ }
+
+ @Test
+ public void getSSLConfigForComponentHTTPService() throws Exception {
+ Properties properties = new Properties();
+ properties.setProperty(SSL_ENABLED_COMPONENTS, SSLEnabledComponent.HTTP_SERVICE.getConstant());
+ properties.setProperty(SSL_KEYSTORE, "someKeyStore");
+ properties.setProperty(SSL_KEYSTORE_PASSWORD, "keystorePassword");
+ properties.setProperty(SSL_KEYSTORE_TYPE, "JKS");
+ properties.setProperty(SSL_TRUSTSTORE, "someKeyStore");
+ properties.setProperty(SSL_TRUSTSTORE_PASSWORD, "keystorePassword");
+ properties.setProperty(SSL_DEFAULT_ALIAS, "defaultAlias");
+ properties.setProperty(SSL_CIPHERS, "any");
+ properties.setProperty(SSL_PROTOCOLS, "any");
+ DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
+ SSLConfigurationFactory.setDistributionConfig(distributionConfig);
+ for (SSLEnabledComponent sslEnabledComponent : SSLEnabledComponent.values()) {
+ assertSSLConfig(properties, SSLConfigurationFactory.getSSLConfigForComponent(sslEnabledComponent), sslEnabledComponent, distributionConfig);
+ }
+ }
+
+ @Test
+ public void getSSLConfigForComponentHTTPServiceWithAlias() throws Exception {
+ Properties properties = new Properties();
+ properties.setProperty(SSL_ENABLED_COMPONENTS, SSLEnabledComponent.HTTP_SERVICE.getConstant());
+ properties.setProperty(SSL_KEYSTORE, "someKeyStore");
+ properties.setProperty(SSL_KEYSTORE_PASSWORD, "keystorePassword");
+ properties.setProperty(SSL_KEYSTORE_TYPE, "JKS");
+ properties.setProperty(SSL_TRUSTSTORE, "someKeyStore");
+ properties.setProperty(SSL_TRUSTSTORE_PASSWORD, "keystorePassword");
+ properties.setProperty(SSL_DEFAULT_ALIAS, "defaultAlias");
+ properties.setProperty(SSL_HTTP_SERVICE_ALIAS, "httpAlias");
+ properties.setProperty(SSL_CIPHERS, "any");
+ properties.setProperty(SSL_PROTOCOLS, "any");
+ DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
+ SSLConfigurationFactory.setDistributionConfig(distributionConfig);
+ for (SSLEnabledComponent sslEnabledComponent : SSLEnabledComponent.values()) {
+ assertSSLConfig(properties, SSLConfigurationFactory.getSSLConfigForComponent(sslEnabledComponent), sslEnabledComponent, distributionConfig);
+ }
+ }
+
+ @Test
+ public void getSSLConfigForComponentHTTPServiceWithMutualAuth() throws Exception {
+ Properties properties = new Properties();
+ properties.setProperty(SSL_ENABLED_COMPONENTS, SSLEnabledComponent.HTTP_SERVICE.getConstant());
+ properties.setProperty(SSL_KEYSTORE, "someKeyStore");
+ properties.setProperty(SSL_KEYSTORE_PASSWORD, "keystorePassword");
+ properties.setProperty(SSL_KEYSTORE_TYPE, "JKS");
+ properties.setProperty(SSL_TRUSTSTORE, "someKeyStore");
+ properties.setProperty(SSL_TRUSTSTORE_PASSWORD, "keystorePassword");
+ properties.setProperty(SSL_DEFAULT_ALIAS, "defaultAlias");
+ properties.setProperty(SSL_HTTP_SERVICE_ALIAS, "httpAlias");
+ properties.setProperty(SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION, "true");
+ properties.setProperty(SSL_CIPHERS, "any");
+ properties.setProperty(SSL_PROTOCOLS, "any");
+ DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
+ SSLConfigurationFactory.setDistributionConfig(distributionConfig);
+ for (SSLEnabledComponent sslEnabledComponent : SSLEnabledComponent.values()) {
+ assertSSLConfig(properties, SSLConfigurationFactory.getSSLConfigForComponent(sslEnabledComponent), sslEnabledComponent, distributionConfig);
+ }
+ }
+
+ private void assertSSLConfig(final Properties properties,
+ final SSLConfig sslConfig,
+ final SSLEnabledComponent expectedSSLEnabledComponent,
+ final DistributionConfigImpl distributionConfig) {
+ assertEquals(isSSLComponentEnabled(expectedSSLEnabledComponent, distributionConfig.getSSLEnabledComponents()), sslConfig.isEnabled());
+ assertEquals(properties.getProperty(SSL_KEYSTORE), sslConfig.getKeystore());
+ assertEquals(properties.getProperty(SSL_KEYSTORE_PASSWORD), sslConfig.getKeystorePassword());
+ assertEquals(properties.getProperty(SSL_KEYSTORE_TYPE), sslConfig.getKeystoreType());
+ assertEquals(properties.getProperty(SSL_TRUSTSTORE), sslConfig.getTruststore());
+ assertEquals(properties.getProperty(SSL_TRUSTSTORE_PASSWORD), sslConfig.getTruststorePassword());
+ assertEquals(properties.getProperty(SSL_CIPHERS), sslConfig.getCiphers());
+ assertEquals(properties.getProperty(SSL_PROTOCOLS), sslConfig.getProtocols());
+ assertEquals(getCorrectAlias(expectedSSLEnabledComponent, properties), sslConfig.getAlias());
+ assertEquals(requiresAuthentication(properties, expectedSSLEnabledComponent), sslConfig.isRequireAuth());
+ assertEquals(expectedSSLEnabledComponent, sslConfig.getSslEnabledComponent());
+ }
+
+ private boolean requiresAuthentication(final Properties properties, final SSLEnabledComponent expectedSSLEnabledComponent) {
+ boolean defaultAuthentication = expectedSSLEnabledComponent.equals(SSLEnabledComponent.HTTP_SERVICE) ? DistributionConfig.DEFAULT_SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION : DistributionConfig.DEFAULT_SSL_REQUIRE_AUTHENTICATION;
+ String httpRequiresAuthentication = properties.getProperty(SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION);
+
+ return httpRequiresAuthentication == null ? defaultAuthentication : Boolean.parseBoolean(httpRequiresAuthentication);
+ }
+
+ private String getCorrectAlias(final SSLEnabledComponent expectedSSLEnabledComponent, final Properties properties) {
+ switch (expectedSSLEnabledComponent) {
+ case ALL:
+ return properties.getProperty(SSL_DEFAULT_ALIAS);
+ case CLUSTER:
+ return getAliasForComponent(properties, SSL_CLUSTER_ALIAS);
+ case GATEWAY:
+ return getAliasForComponent(properties, SSL_GATEWAY_ALIAS);
+ case HTTP_SERVICE:
+ return getAliasForComponent(properties, SSL_HTTP_SERVICE_ALIAS);
+ case JMX:
+ return getAliasForComponent(properties, SSL_JMX_MANAGER_ALIAS);
+ case LOCATOR:
+ return getAliasForComponent(properties, SSL_LOCATOR_ALIAS);
+ case SERVER:
+ return getAliasForComponent(properties, SSL_SERVER_ALIAS);
+ default:
+ return properties.getProperty(SSL_DEFAULT_ALIAS);
+ }
+ }
+
+ private String getAliasForComponent(final Properties properties, final String componentAliasProperty) {
+ String aliasProperty = properties.getProperty(componentAliasProperty);
+ return !StringUtils.isEmpty(aliasProperty) ? aliasProperty : properties.getProperty(SSL_DEFAULT_ALIAS);
+ }
+
+ private boolean isSSLComponentEnabled(final SSLEnabledComponent expectedSSLEnabledComponent, final SSLEnabledComponent[] sslEnabledComponents) {
+ for (SSLEnabledComponent sslEnabledComponent : sslEnabledComponents) {
+ if (SSLEnabledComponent.ALL.equals(sslEnabledComponent) || sslEnabledComponent.equals(expectedSSLEnabledComponent)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+}
\ No newline at end of file