You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ud...@apache.org on 2017/08/03 21:13:10 UTC
geode git commit: GEODE-3393: One-way SSL commit failing with
userHome/.keystore not found
Repository: geode
Updated Branches:
refs/heads/feature/GEODE-3393 [created] 4f5262fa9
GEODE-3393: One-way SSL commit failing with userHome/.keystore not found
Project: http://git-wip-us.apache.org/repos/asf/geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/geode/commit/4f5262fa
Tree: http://git-wip-us.apache.org/repos/asf/geode/tree/4f5262fa
Diff: http://git-wip-us.apache.org/repos/asf/geode/diff/4f5262fa
Branch: refs/heads/feature/GEODE-3393
Commit: 4f5262fa91e715efb5400507a19fd683a7078bf4
Parents: f52ebca
Author: Udo Kohlmeyer <uk...@pivotal.io>
Authored: Thu Aug 3 14:13:06 2017 -0700
Committer: Udo Kohlmeyer <uk...@pivotal.io>
Committed: Thu Aug 3 14:13:06 2017 -0700
----------------------------------------------------------------------
.../apache/geode/internal/admin/SSLConfig.java | 5 +-
.../geode/internal/net/SocketCreator.java | 266 +++++++++++--------
.../internal/net/SocketCreatorJUnitTest.java | 26 ++
3 files changed, 190 insertions(+), 107 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/geode/blob/4f5262fa/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java b/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java
index 0171933..65e4694 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java
@@ -16,6 +16,7 @@ package org.apache.geode.internal.admin;
import static org.apache.geode.distributed.ConfigurationProperties.*;
+import java.security.KeyStore;
import java.util.Iterator;
import java.util.Properties;
@@ -33,11 +34,11 @@ public class SSLConfig {
private String ciphers = DistributionConfig.DEFAULT_SSL_CIPHERS;
private boolean requireAuth = DistributionConfig.DEFAULT_SSL_REQUIRE_AUTHENTICATION;
private String keystore = DistributionConfig.DEFAULT_SSL_KEYSTORE;
- private String keystoreType = DistributionConfig.DEFAULT_CLUSTER_SSL_KEYSTORE_TYPE;
+ private String keystoreType = KeyStore.getDefaultType();
private String keystorePassword = DistributionConfig.DEFAULT_SSL_KEYSTORE_PASSWORD;
private String truststore = DistributionConfig.DEFAULT_SSL_TRUSTSTORE;
private String truststorePassword = DistributionConfig.DEFAULT_SSL_TRUSTSTORE_PASSWORD;
- private String truststoreType = DistributionConfig.DEFAULT_CLUSTER_SSL_KEYSTORE_TYPE;
+ private String truststoreType = KeyStore.getDefaultType();
private String alias = null;
private SecurableCommunicationChannel securableCommunicationChannel = null;
http://git-wip-us.apache.org/repos/asf/geode/blob/4f5262fa/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
index dbe18a9..0caf18a 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
@@ -14,6 +14,32 @@
*/
package org.apache.geode.internal.net;
+import org.apache.commons.lang.StringUtils;
+import org.apache.geode.GemFireConfigException;
+import org.apache.geode.SystemConnectException;
+import org.apache.geode.SystemFailure;
+import org.apache.geode.admin.internal.InetAddressUtil;
+import org.apache.geode.cache.wan.GatewaySender;
+import org.apache.geode.cache.wan.GatewayTransportFilter;
+import org.apache.geode.distributed.ClientSocketFactory;
+import org.apache.geode.distributed.internal.DistributionConfig;
+import org.apache.geode.distributed.internal.DistributionConfigImpl;
+import org.apache.geode.distributed.internal.InternalDistributedSystem;
+import org.apache.geode.internal.ClassPathLoader;
+import org.apache.geode.internal.ConnectionWatcher;
+import org.apache.geode.internal.GfeConsoleReaderFactory;
+import org.apache.geode.internal.GfeConsoleReaderFactory.GfeConsoleReader;
+import org.apache.geode.internal.admin.SSLConfig;
+import org.apache.geode.internal.cache.wan.TransportFilterServerSocket;
+import org.apache.geode.internal.cache.wan.TransportFilterSocketFactory;
+import org.apache.geode.internal.i18n.LocalizedStrings;
+import org.apache.geode.internal.logging.LogService;
+import org.apache.geode.internal.logging.log4j.LocalizedMessage;
+import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.util.ArgumentRedactor;
+import org.apache.geode.internal.util.PasswordUtil;
+import org.apache.logging.log4j.Logger;
+
import java.io.FileInputStream;
import java.io.IOException;
import java.net.BindException;
@@ -49,7 +75,6 @@ import java.util.Map;
import java.util.Properties;
import java.util.Random;
import java.util.Set;
-
import javax.naming.Context;
import javax.naming.NamingEnumeration;
import javax.naming.directory.Attribute;
@@ -72,51 +97,16 @@ import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
-import org.apache.commons.lang.StringUtils;
-import org.apache.logging.log4j.Logger;
-
-import org.apache.geode.GemFireConfigException;
-import org.apache.geode.SystemConnectException;
-import org.apache.geode.SystemFailure;
-import org.apache.geode.admin.internal.InetAddressUtil;
-import org.apache.geode.cache.wan.GatewaySender;
-import org.apache.geode.cache.wan.GatewayTransportFilter;
-import org.apache.geode.distributed.ClientSocketFactory;
-import org.apache.geode.distributed.internal.DistributionConfig;
-import org.apache.geode.distributed.internal.DistributionConfigImpl;
-import org.apache.geode.distributed.internal.InternalDistributedSystem;
-import org.apache.geode.internal.ClassPathLoader;
-import org.apache.geode.internal.ConnectionWatcher;
-import org.apache.geode.internal.GfeConsoleReaderFactory;
-import org.apache.geode.internal.GfeConsoleReaderFactory.GfeConsoleReader;
-import org.apache.geode.internal.admin.SSLConfig;
-import org.apache.geode.internal.cache.wan.TransportFilterServerSocket;
-import org.apache.geode.internal.cache.wan.TransportFilterSocketFactory;
-import org.apache.geode.internal.i18n.LocalizedStrings;
-import org.apache.geode.internal.logging.LogService;
-import org.apache.geode.internal.logging.log4j.LocalizedMessage;
-import org.apache.geode.internal.security.SecurableCommunicationChannel;
-import org.apache.geode.internal.util.ArgumentRedactor;
-import org.apache.geode.internal.util.PasswordUtil;
-
/**
- * Analyze configuration data (gemfire.properties) and configure sockets accordingly for SSL.
- * <p>
- * gemfire.useSSL = (true|false) default false.<br/>
- * gemfire.ssl.debug = (true|false) default false.<br/>
- * gemfire.ssl.needClientAuth = (true|false) default true.<br/>
- * gemfire.ssl.protocols = <i>list of protocols</i><br/>
- * gemfire.ssl.ciphers = <i>list of cipher suites</i><br/>
- * <p>
- * The following may be included to configure the certificates used by the Sun Provider.
- * <p>
- * javax.net.ssl.trustStore = <i>pathname</i><br/>
- * javax.net.ssl.trustStorePassword = <i>password</i><br/>
- * javax.net.ssl.keyStore = <i>pathname</i><br/>
- * javax.net.ssl.keyStorePassword = <i>password</i><br/>
- * <p>
- * Additional properties will be set as System properties to be available as needed by other
- * provider implementations.
+ * Analyze configuration data (gemfire.properties) and configure sockets accordingly for SSL. <p>
+ * gemfire.useSSL = (true|false) default false.<br/> gemfire.ssl.debug = (true|false) default
+ * false.<br/> gemfire.ssl.needClientAuth = (true|false) default true.<br/> gemfire.ssl.protocols =
+ * <i>list of protocols</i><br/> gemfire.ssl.ciphers = <i>list of cipher suites</i><br/> <p> The
+ * following may be included to configure the certificates used by the Sun Provider. <p>
+ * javax.net.ssl.trustStore = <i>pathname</i><br/> javax.net.ssl.trustStorePassword =
+ * <i>password</i><br/> javax.net.ssl.keyStore = <i>pathname</i><br/> javax.net.ssl.keyStorePassword
+ * = <i>password</i><br/> <p> Additional properties will be set as System properties to be available
+ * as needed by other provider implementations.
*/
public class SocketCreator {
@@ -191,7 +181,7 @@ public class SocketCreator {
Set myInterfaces = getMyAddresses();
boolean preferIPv6 = SocketCreator.useIPv6Addresses;
String lhName = null;
- for (Iterator<InetAddress> it = myInterfaces.iterator(); lhName == null && it.hasNext();) {
+ for (Iterator<InetAddress> it = myInterfaces.iterator(); lhName == null && it.hasNext(); ) {
InetAddress addr = it.next();
if (addr.isLoopbackAddress() || addr.isAnyLocalAddress()) {
break;
@@ -261,14 +251,20 @@ public class SocketCreator {
// Constructor
// -------------------------------------------------------------------------
+ SocketCreator() {
+ }
+
/**
* Constructs new SocketCreator instance.
*/
public SocketCreator(final SSLConfig sslConfig) {
- this.sslConfig = sslConfig;
+ setSslConfig(sslConfig);
initialize();
}
+ private void setSslConfig(SSLConfig sslConfig) {
+ this.sslConfig = sslConfig;
+ }
// -------------------------------------------------------------------------
// Static instance accessors
@@ -329,11 +325,8 @@ public class SocketCreator {
// -------------------------------------------------------------------------
/**
- * Initialize this SocketCreator.
- * <p>
- * Caller must synchronize on the SocketCreator instance.
+ * Initialize this SocketCreator. <p> Caller must synchronize on the SocketCreator instance.
*/
- @SuppressWarnings("hiding")
private void initialize() {
try {
// set p2p values...
@@ -384,9 +377,7 @@ public class SocketCreator {
/**
* Creates & configures the SSLContext when SSL is enabled.
- *
* @return new SSLContext configured using the given protocols & properties
- *
* @throws GeneralSecurityException if security information can not be found
* @throws IOException if information can not be loaded
*/
@@ -402,7 +393,6 @@ public class SocketCreator {
/**
* Used by CacheServerLauncher and SystemAdmin to read the properties from console
- *
* @param env Map in which the properties are to be read from console.
*/
public static void readSSLProperties(Map<String, String> env) {
@@ -411,12 +401,11 @@ public class SocketCreator {
/**
* Used to read the properties from console. AgentLauncher calls this method directly & ignores
- * gemfire.properties. CacheServerLauncher and SystemAdmin call this through
- * {@link #readSSLProperties(Map)} and do NOT ignore gemfire.properties.
- *
+ * gemfire.properties. CacheServerLauncher and SystemAdmin call this through {@link
+ * #readSSLProperties(Map)} and do NOT ignore gemfire.properties.
* @param env Map in which the properties are to be read from console.
* @param ignoreGemFirePropsFile if <code>false</code> existing gemfire.properties file is read,
- * if <code>true</code>, properties from gemfire.properties file are ignored.
+ * if <code>true</code>, properties from gemfire.properties file are ignored.
*/
public static void readSSLProperties(Map<String, String> env, boolean ignoreGemFirePropsFile) {
Properties props = new Properties();
@@ -479,6 +468,11 @@ public class SocketCreator {
TrustManager[] trustManagers = null;
GfeConsoleReader consoleReader = GfeConsoleReaderFactory.getDefaultConsoleReader();
+ if(sslConfig.getTruststore() == null)
+ {
+ return trustManagers;
+ }
+
String trustStoreType = sslConfig.getTruststoreType();
if (StringUtils.isEmpty(trustStoreType)) {
// read from console, default on empty
@@ -537,6 +531,11 @@ public class SocketCreator {
NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
GfeConsoleReader consoleReader = GfeConsoleReaderFactory.getDefaultConsoleReader();
+// If the keystore path is not set aka null, return a null keyManager
+ if (sslConfig.getKeystore() == null) {
+ return null;
+ }
+
KeyManager[] keyManagers = null;
String keyStoreType = sslConfig.getKeystoreType();
if (StringUtils.isEmpty(keyStoreType)) {
@@ -555,8 +554,7 @@ public class SocketCreator {
keyStoreFilePath = consoleReader
.readLine("Please enter the keyStore location (javax.net.ssl.keyStore) : ");
} else {
- keyStoreFilePath =
- System.getProperty("user.home") + System.getProperty("file.separator") + ".keystore";
+ keyStoreFilePath = constructKeystorePathFromUserHome();
}
}
@@ -603,6 +601,83 @@ public class SocketCreator {
return extendedKeyManagers;
}
+ String constructKeystorePathFromUserHome() {
+ String keyStoreFilePath;
+ keyStoreFilePath =
+ System.getProperty("user.home") + System.getProperty("file.separator") + ".keystore";
+ return keyStoreFilePath;
+ }
+
+// private KeyManager[] getKeyManagers2(Properties sysProps)
+// throws KeyStoreException, FileNotFoundException, IOException,
+// NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
+//
+// KeyManager[] keyManagers = null;
+// String keyStoreType = sysProps.getProperty("javax.net.ssl.keyStoreType");
+// GfeConsoleReader consoleReader = GfeConsoleReaderFactory.getDefaultConsoleReader();
+// if (keyStoreType == null) {
+// keyStoreType = System.getProperty("javax.net.ssl.keyStoreType", KeyStore.getDefaultType());
+// } else if (keyStoreType.trim().equals("")) {
+// // read from console, default on empty
+// if (consoleReader.isSupported()) {
+// keyStoreType = consoleReader.readLine("Please enter the keyStoreType (javax.net.ssl.keyStoreType) : ");
+// }
+// if (isEmpty(keyStoreType)) {
+// keyStoreType = KeyStore.getDefaultType();
+// }
+// }
+// KeyStore ks = KeyStore.getInstance(keyStoreType);
+// String keyStoreFilePath = sysProps.getProperty("javax.net.ssl.keyStore");
+// if (keyStoreFilePath == null) {
+// keyStoreFilePath = System.getProperty("javax.net.ssl.keyStore");
+// }
+// if (keyStoreFilePath != null) {
+// if (keyStoreFilePath.trim().equals("")) {
+// keyStoreFilePath = System.getenv("javax.net.ssl.keyStore");
+// //read from console
+// if (isEmpty(keyStoreFilePath) && consoleReader.isSupported()) {
+// keyStoreFilePath = consoleReader.readLine("Please enter the keyStore location (javax.net.ssl.keyStore) : ");
+// }
+// if (isEmpty(keyStoreFilePath)) {
+// keyStoreFilePath = System.getProperty("user.home") + System.getProperty("file.separator") + ".keystore";
+// }
+// }
+// FileInputStream fis = null;
+// fis = new FileInputStream(keyStoreFilePath);
+// String passwordString = sysProps.getProperty("javax.net.ssl.keyStorePassword");
+// if (passwordString == null) {
+// passwordString = System.getProperty("javax.net.ssl.keyStorePassword");
+// }
+// char [] password = null;
+// if (passwordString != null) {
+// if (passwordString.trim().equals("")) {
+// String encryptedPass = System.getenv("javax.net.ssl.keyStorePassword");
+// if (!isEmpty(encryptedPass)) {
+// String toDecrypt = "encrypted(" + encryptedPass + ")";
+// passwordString = PasswordUtil.decrypt(toDecrypt);
+// password = passwordString.toCharArray();
+// }
+// //read from the console
+// if (isEmpty(passwordString) && consoleReader != null) {
+// password = consoleReader.readPassword("Please enter password for keyStore (javax.net.ssl.keyStorePassword) : ");
+// }
+// } else {
+// password = passwordString.toCharArray();
+// }
+// }
+// ks.load(fis, password);
+// // default algorithm can be changed by setting property "ssl.KeyManagerFactory.algorithm" in security properties
+// KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+// kmf.init(ks, password);
+// keyManagers = kmf.getKeyManagers();
+// // follow the security tip in java doc
+// if (password != null) {
+// java.util.Arrays.fill(password, ' ');
+// }
+// }
+// return keyManagers;
+// }
+
private static class ExtendedAliasKeyManager extends X509ExtendedKeyManager {
private final X509ExtendedKeyManager delegate;
@@ -611,7 +686,6 @@ public class SocketCreator {
/**
* Constructor.
- *
* @param mgr The X509KeyManager used as a delegate
* @param keyAlias The alias name of the server's keypair and supporting certificate chain
*/
@@ -628,7 +702,7 @@ public class SocketCreator {
@Override
public String chooseClientAlias(final String[] strings, final Principal[] principals,
- final Socket socket) {
+ final Socket socket) {
if (!StringUtils.isEmpty(this.keyAlias)) {
return keyAlias;
}
@@ -665,7 +739,7 @@ public class SocketCreator {
@Override
public String chooseEngineServerAlias(final String keyType, final Principal[] principals,
- final SSLEngine sslEngine) {
+ final SSLEngine sslEngine) {
if (!StringUtils.isEmpty(this.keyAlias)) {
PrivateKey key = this.delegate.getPrivateKey(this.keyAlias);
return getKeyAlias(keyType, key);
@@ -707,7 +781,8 @@ public class SocketCreator {
}
public ServerSocket createServerSocket(int nport, int backlog, InetAddress bindAddr,
- List<GatewayTransportFilter> transportFilters, int socketBufferSize) throws IOException {
+ List<GatewayTransportFilter> transportFilters,
+ int socketBufferSize) throws IOException {
if (transportFilters.isEmpty()) {
return createServerSocket(nport, backlog, bindAddr, socketBufferSize);
} else {
@@ -741,12 +816,13 @@ public class SocketCreator {
}
public ServerSocket createServerSocket(int nport, int backlog, InetAddress bindAddr,
- int socketBufferSize) throws IOException {
+ int socketBufferSize) throws IOException {
return createServerSocket(nport, backlog, bindAddr, socketBufferSize, sslConfig.isEnabled());
}
private ServerSocket createServerSocket(int nport, int backlog, InetAddress bindAddr,
- int socketBufferSize, boolean sslConnection) throws IOException {
+ int socketBufferSize, boolean sslConnection)
+ throws IOException {
printConfig();
if (sslConnection) {
if (this.sslContext == null) {
@@ -791,18 +867,11 @@ public class SocketCreator {
/**
* Creates or bind server socket to a random port selected from tcp-port-range which is same as
* membership-port-range.
- *
- * @param ba
- * @param backlog
- * @param isBindAddress
- * @param tcpBufferSize
- *
* @return Returns the new server socket.
- *
- * @throws IOException
*/
public ServerSocket createServerSocketUsingPortRange(InetAddress ba, int backlog,
- boolean isBindAddress, boolean useNIO, int tcpBufferSize, int[] tcpPortRange)
+ boolean isBindAddress, boolean useNIO,
+ int tcpBufferSize, int[] tcpPortRange)
throws IOException {
return createServerSocketUsingPortRange(ba, backlog, isBindAddress, useNIO, tcpBufferSize,
tcpPortRange, sslConfig.isEnabled());
@@ -811,20 +880,13 @@ public class SocketCreator {
/**
* Creates or bind server socket to a random port selected from tcp-port-range which is same as
* membership-port-range.
- *
- * @param ba
- * @param backlog
- * @param isBindAddress
- * @param tcpBufferSize
* @param sslConnection whether to connect using SSL
- *
* @return Returns the new server socket.
- *
- * @throws IOException
*/
public ServerSocket createServerSocketUsingPortRange(InetAddress ba, int backlog,
- boolean isBindAddress, boolean useNIO, int tcpBufferSize, int[] tcpPortRange,
- boolean sslConnection) throws IOException {
+ boolean isBindAddress, boolean useNIO,
+ int tcpBufferSize, int[] tcpPortRange,
+ boolean sslConnection) throws IOException {
ServerSocket socket = null;
int localPort = 0;
int startingPort = 0;
@@ -915,7 +977,7 @@ public class SocketCreator {
* socket factory
*/
public Socket connect(InetAddress inetadd, int port, int timeout,
- ConnectionWatcher optionalWatcher, boolean clientSide) throws IOException {
+ ConnectionWatcher optionalWatcher, boolean clientSide) throws IOException {
return connect(inetadd, port, timeout, optionalWatcher, clientSide, -1);
}
@@ -925,7 +987,7 @@ public class SocketCreator {
* socket factory
*/
public Socket connect(InetAddress inetadd, int port, int timeout,
- ConnectionWatcher optionalWatcher, boolean clientSide, int socketBufferSize)
+ ConnectionWatcher optionalWatcher, boolean clientSide, int socketBufferSize)
throws IOException {
return connect(inetadd, port, timeout, optionalWatcher, clientSide, socketBufferSize,
sslConfig.isEnabled());
@@ -937,8 +999,8 @@ public class SocketCreator {
* socket factory
*/
public Socket connect(InetAddress inetadd, int port, int timeout,
- ConnectionWatcher optionalWatcher, boolean clientSide, int socketBufferSize,
- boolean sslConnection) throws IOException {
+ ConnectionWatcher optionalWatcher, boolean clientSide, int socketBufferSize,
+ boolean sslConnection) throws IOException {
Socket socket = null;
SocketAddress sockaddr = new InetSocketAddress(inetadd, port);
printConfig();
@@ -1017,7 +1079,7 @@ public class SocketCreator {
logger.fatal(
LocalizedMessage.create(
LocalizedStrings.SocketCreator_SSL_ERROR_IN_AUTHENTICATING_PEER_0_1,
- new Object[] {socket.getInetAddress(), Integer.valueOf(socket.getPort())}),
+ new Object[]{socket.getInetAddress(), Integer.valueOf(socket.getPort())}),
ex);
throw ex;
}
@@ -1026,7 +1088,7 @@ public class SocketCreator {
.fatal(
LocalizedMessage.create(
LocalizedStrings.SocketCreator_SSL_ERROR_IN_CONNECTING_TO_PEER_0_1,
- new Object[] {socket.getInetAddress(), Integer.valueOf(socket.getPort())}),
+ new Object[]{socket.getInetAddress(), Integer.valueOf(socket.getPort())}),
ex);
throw ex;
}
@@ -1099,7 +1161,7 @@ public class SocketCreator {
.fatal(
LocalizedMessage.create(
LocalizedStrings.SocketCreator_SSL_ERROR_IN_CONNECTING_TO_PEER_0_1,
- new Object[] {socket.getInetAddress(), Integer.valueOf(socket.getPort())}),
+ new Object[]{socket.getInetAddress(), Integer.valueOf(socket.getPort())}),
ex);
throw ex;
} catch (SSLPeerUnverifiedException ex) {
@@ -1113,7 +1175,7 @@ public class SocketCreator {
.fatal(
LocalizedMessage.create(
LocalizedStrings.SocketCreator_SSL_ERROR_IN_CONNECTING_TO_PEER_0_1,
- new Object[] {socket.getInetAddress(), Integer.valueOf(socket.getPort())}),
+ new Object[]{socket.getInetAddress(), Integer.valueOf(socket.getPort())}),
ex);
throw ex;
}
@@ -1219,11 +1281,8 @@ public class SocketCreator {
/**
* This method uses JNDI to look up an address in DNS and return its name
- *
- * @param addr
- *
* @return the host name associated with the address or null if lookup isn't possible or there is
- * no host name for this address
+ * no host name for this address
*/
public static String reverseDNS(InetAddress addr) {
byte[] addrBytes = addr.getAddress();
@@ -1239,10 +1298,10 @@ public class SocketCreator {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.dns.DnsContextFactory");
DirContext ctx = new InitialDirContext(env);
- Attributes attrs = ctx.getAttributes(lookup, new String[] {"PTR"});
- for (NamingEnumeration ae = attrs.getAll(); ae.hasMoreElements();) {
+ Attributes attrs = ctx.getAttributes(lookup, new String[]{"PTR"});
+ for (NamingEnumeration ae = attrs.getAll(); ae.hasMoreElements(); ) {
Attribute attr = (Attribute) ae.next();
- for (Enumeration vals = attr.getAll(); vals.hasMoreElements();) {
+ for (Enumeration vals = attr.getAll(); vals.hasMoreElements(); ) {
Object elem = vals.nextElement();
if ("PTR".equals(attr.getID()) && elem != null) {
return elem.toString();
@@ -1270,7 +1329,7 @@ public class SocketCreator {
Enumeration en = NetworkInterface.getNetworkInterfaces();
while (en.hasMoreElements()) {
NetworkInterface i = (NetworkInterface) en.nextElement();
- for (Enumeration en2 = i.getInetAddresses(); en2.hasMoreElements();) {
+ for (Enumeration en2 = i.getInetAddresses(); en2.hasMoreElements(); ) {
InetAddress addr = (InetAddress) en2.nextElement();
if (host.equals(addr)) {
return true;
@@ -1293,11 +1352,8 @@ public class SocketCreator {
/**
* Converts the string host to an instance of InetAddress. Returns null if the string is empty.
* Fails Assertion if the conversion would result in <code>java.lang.UnknownHostException</code>.
- * <p>
- * Any leading slashes on host will be ignored.
- *
+ * <p> Any leading slashes on host will be ignored.
* @param host string version the InetAddress
- *
* @return the host converted to InetAddress instance
*/
public static InetAddress toInetAddress(String host) {
http://git-wip-us.apache.org/repos/asf/geode/blob/4f5262fa/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java b/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java
new file mode 100644
index 0000000..f6d263f
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java
@@ -0,0 +1,26 @@
+package org.apache.geode.internal.net;
+
+import org.apache.geode.internal.admin.SSLConfig;
+import org.apache.geode.test.junit.categories.UnitTest;
+import org.apache.geode.util.test.TestUtil;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+@Category(UnitTest.class)
+public class SocketCreatorJUnitTest {
+
+ @Test
+ public void testCreateSocketCreatorWithKeystoreUnset() throws Exception {
+ SSLConfig testSSLConfig = new SSLConfig();
+ testSSLConfig.setEnabled(true);
+ testSSLConfig.setKeystore(null);
+ testSSLConfig.setTruststore(getSingleKeyKeystore());
+ testSSLConfig.setTruststorePassword("password");
+ SocketCreator socketCreator = new SocketCreator(testSSLConfig);
+ }
+
+ private String getSingleKeyKeystore() {
+ return TestUtil.getResourcePath(getClass(), "/ssl/trusted.keystore");
+ }
+
+}
\ No newline at end of file