You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ab...@apache.org on 2017/08/21 19:35:01 UTC
[3/4] geode git commit: GEODE-3393: One-way SSL commit failing with
userHome/.keystore not found. This now closes #682
GEODE-3393: One-way SSL commit failing with userHome/.keystore not found. This now closes #682
Signed-off-by: Galen O'Sullivan <go...@pivotal.io>
(cherry picked from commit 684f85d2881dd1b0b68bc49b303fb45a8b17452d)
Project: http://git-wip-us.apache.org/repos/asf/geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/geode/commit/49220c3b
Tree: http://git-wip-us.apache.org/repos/asf/geode/tree/49220c3b
Diff: http://git-wip-us.apache.org/repos/asf/geode/diff/49220c3b
Branch: refs/heads/release/1.2.1
Commit: 49220c3be5326c6a58c36f0fca8fedc00ba5c7d1
Parents: aa36d3c
Author: Udo Kohlmeyer <uk...@pivotal.io>
Authored: Thu Aug 3 14:13:06 2017 -0700
Committer: Anthony Baker <ab...@apache.org>
Committed: Mon Aug 21 12:08:57 2017 -0700
----------------------------------------------------------------------
.../apache/geode/internal/admin/SSLConfig.java | 5 ++-
.../geode/internal/net/SocketCreator.java | 38 ++++++-----------
.../net/SSLConfigurationFactoryJUnitTest.java | 6 ++-
.../internal/net/SocketCreatorJUnitTest.java | 43 ++++++++++++++++++++
4 files changed, 62 insertions(+), 30 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/geode/blob/49220c3b/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java b/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java
index 0171933..65e4694 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java
@@ -16,6 +16,7 @@ package org.apache.geode.internal.admin;
import static org.apache.geode.distributed.ConfigurationProperties.*;
+import java.security.KeyStore;
import java.util.Iterator;
import java.util.Properties;
@@ -33,11 +34,11 @@ public class SSLConfig {
private String ciphers = DistributionConfig.DEFAULT_SSL_CIPHERS;
private boolean requireAuth = DistributionConfig.DEFAULT_SSL_REQUIRE_AUTHENTICATION;
private String keystore = DistributionConfig.DEFAULT_SSL_KEYSTORE;
- private String keystoreType = DistributionConfig.DEFAULT_CLUSTER_SSL_KEYSTORE_TYPE;
+ private String keystoreType = KeyStore.getDefaultType();
private String keystorePassword = DistributionConfig.DEFAULT_SSL_KEYSTORE_PASSWORD;
private String truststore = DistributionConfig.DEFAULT_SSL_TRUSTSTORE;
private String truststorePassword = DistributionConfig.DEFAULT_SSL_TRUSTSTORE_PASSWORD;
- private String truststoreType = DistributionConfig.DEFAULT_CLUSTER_SSL_KEYSTORE_TYPE;
+ private String truststoreType = KeyStore.getDefaultType();
private String alias = null;
private SecurableCommunicationChannel securableCommunicationChannel = null;
http://git-wip-us.apache.org/repos/asf/geode/blob/49220c3b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
index fec81ca..5f4cfb1 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
@@ -331,7 +331,6 @@ public class SocketCreator {
* <p>
* Caller must synchronize on the SocketCreator instance.
*/
- @SuppressWarnings("hiding")
private void initialize() {
try {
// set p2p values...
@@ -382,7 +381,7 @@ public class SocketCreator {
/**
* Creates & configures the SSLContext when SSL is enabled.
- *
+ *
* @return new SSLContext configured using the given protocols & properties
*
* @throws GeneralSecurityException if security information can not be found
@@ -400,7 +399,7 @@ public class SocketCreator {
/**
* Used by CacheServerLauncher and SystemAdmin to read the properties from console
- *
+ *
* @param env Map in which the properties are to be read from console.
*/
public static void readSSLProperties(Map<String, String> env) {
@@ -411,7 +410,7 @@ public class SocketCreator {
* Used to read the properties from console. AgentLauncher calls this method directly & ignores
* gemfire.properties. CacheServerLauncher and SystemAdmin call this through
* {@link #readSSLProperties(Map)} and do NOT ignore gemfire.properties.
- *
+ *
* @param env Map in which the properties are to be read from console.
* @param ignoreGemFirePropsFile if <code>false</code> existing gemfire.properties file is read,
* if <code>true</code>, properties from gemfire.properties file are ignored.
@@ -541,6 +540,10 @@ public class SocketCreator {
NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
GfeConsoleReader consoleReader = GfeConsoleReaderFactory.getDefaultConsoleReader();
+ if (sslConfig.getKeystore() == null) {
+ return null;
+ }
+
KeyManager[] keyManagers = null;
String keyStoreType = sslConfig.getKeystoreType();
if (StringUtils.isEmpty(keyStoreType)) {
@@ -615,7 +618,7 @@ public class SocketCreator {
/**
* Constructor.
- *
+ *
* @param mgr The X509KeyManager used as a delegate
* @param keyAlias The alias name of the server's keypair and supporting certificate chain
*/
@@ -795,7 +798,7 @@ public class SocketCreator {
/**
* Creates or bind server socket to a random port selected from tcp-port-range which is same as
* membership-port-range.
- *
+ *
* @param ba
* @param backlog
* @param isBindAddress
@@ -815,7 +818,7 @@ public class SocketCreator {
/**
* Creates or bind server socket to a random port selected from tcp-port-range which is same as
* membership-port-range.
- *
+ *
* @param ba
* @param backlog
* @param isBindAddress
@@ -1025,14 +1028,6 @@ public class SocketCreator {
ex);
throw ex;
}
- } catch (SSLException ex) {
- logger
- .fatal(
- LocalizedMessage.create(
- LocalizedStrings.SocketCreator_SSL_ERROR_IN_CONNECTING_TO_PEER_0_1,
- new Object[] {socket.getInetAddress(), Integer.valueOf(socket.getPort())}),
- ex);
- throw ex;
}
}
}
@@ -1112,16 +1107,7 @@ public class SocketCreator {
.create(LocalizedStrings.SocketCreator_SSL_ERROR_IN_AUTHENTICATING_PEER), ex);
throw ex;
}
- } catch (SSLException ex) {
- logger
- .fatal(
- LocalizedMessage.create(
- LocalizedStrings.SocketCreator_SSL_ERROR_IN_CONNECTING_TO_PEER_0_1,
- new Object[] {socket.getInetAddress(), Integer.valueOf(socket.getPort())}),
- ex);
- throw ex;
}
-
}
}
@@ -1223,7 +1209,7 @@ public class SocketCreator {
/**
* This method uses JNDI to look up an address in DNS and return its name
- *
+ *
* @param addr
*
* @return the host name associated with the address or null if lookup isn't possible or there is
@@ -1299,7 +1285,7 @@ public class SocketCreator {
* Fails Assertion if the conversion would result in <code>java.lang.UnknownHostException</code>.
* <p>
* Any leading slashes on host will be ignored.
- *
+ *
* @param host string version the InetAddress
*
* @return the host converted to InetAddress instance
http://git-wip-us.apache.org/repos/asf/geode/blob/49220c3b/geode-core/src/test/java/org/apache/geode/internal/net/SSLConfigurationFactoryJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/internal/net/SSLConfigurationFactoryJUnitTest.java b/geode-core/src/test/java/org/apache/geode/internal/net/SSLConfigurationFactoryJUnitTest.java
index 31c2469..1d2fe70 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/net/SSLConfigurationFactoryJUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/net/SSLConfigurationFactoryJUnitTest.java
@@ -49,6 +49,8 @@ import org.junit.experimental.categories.Category;
import java.util.Properties;
+import java.security.KeyStore;
+
@Category({UnitTest.class, MembershipTest.class})
public class SSLConfigurationFactoryJUnitTest {
@@ -214,11 +216,11 @@ public class SSLConfigurationFactoryJUnitTest {
properties.setProperty(CLUSTER_SSL_ENABLED, "true");
properties.setProperty(MCAST_PORT, "0");
System.setProperty(SSLConfigurationFactory.JAVAX_KEYSTORE, "keystore");
- System.setProperty(SSLConfigurationFactory.JAVAX_KEYSTORE_TYPE, "JKS");
+ System.setProperty(SSLConfigurationFactory.JAVAX_KEYSTORE_TYPE, KeyStore.getDefaultType());
System.setProperty(SSLConfigurationFactory.JAVAX_KEYSTORE_PASSWORD, "keystorePassword");
System.setProperty(SSLConfigurationFactory.JAVAX_TRUSTSTORE, "truststore");
System.setProperty(SSLConfigurationFactory.JAVAX_TRUSTSTORE_PASSWORD, "truststorePassword");
- System.setProperty(SSLConfigurationFactory.JAVAX_TRUSTSTORE_TYPE, "JKS");
+ System.setProperty(SSLConfigurationFactory.JAVAX_TRUSTSTORE_TYPE, KeyStore.getDefaultType());
DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
SSLConfigurationFactory.setDistributionConfig(distributionConfig);
SSLConfig sslConfig =
http://git-wip-us.apache.org/repos/asf/geode/blob/49220c3b/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java b/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java
new file mode 100644
index 0000000..b258ee1
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.internal.net;
+
+import org.apache.geode.internal.admin.SSLConfig;
+import org.apache.geode.test.junit.categories.UnitTest;
+import org.apache.geode.util.test.TestUtil;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+@Category(UnitTest.class)
+public class SocketCreatorJUnitTest {
+
+ @Test
+ public void testCreateSocketCreatorWithKeystoreUnset() throws Exception {
+ SSLConfig testSSLConfig = new SSLConfig();
+ testSSLConfig.setEnabled(true);
+ testSSLConfig.setKeystore(null);
+ testSSLConfig.setKeystorePassword("");
+ testSSLConfig.setTruststore(getSingleKeyKeystore());
+ testSSLConfig.setTruststorePassword("password");
+ // GEODE-3393: This would fail with java.io.FileNotFoundException: $USER_HOME/.keystore
+ new SocketCreator(testSSLConfig);
+
+ }
+
+ private String getSingleKeyKeystore() {
+ return TestUtil.getResourcePath(getClass(), "/ssl/trusted.keystore");
+ }
+
+}