You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ud...@apache.org on 2017/08/14 22:32:01 UTC
[1/2] geode git commit: GEODE-3393: One-way SSL commit failing with
userHome/.keystore not found. This now closes #682
Repository: geode
Updated Branches:
refs/heads/develop 13ad4b6e0 -> 87bee0843
GEODE-3393: One-way SSL commit failing with userHome/.keystore not found. This now closes #682
Signed-off-by: Galen O'Sullivan <go...@pivotal.io>
Project: http://git-wip-us.apache.org/repos/asf/geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/geode/commit/684f85d2
Tree: http://git-wip-us.apache.org/repos/asf/geode/tree/684f85d2
Diff: http://git-wip-us.apache.org/repos/asf/geode/diff/684f85d2
Branch: refs/heads/develop
Commit: 684f85d2881dd1b0b68bc49b303fb45a8b17452d
Parents: c1129c7
Author: Udo Kohlmeyer <uk...@pivotal.io>
Authored: Thu Aug 3 14:13:06 2017 -0700
Committer: Udo Kohlmeyer <uk...@pivotal.io>
Committed: Mon Aug 14 15:31:36 2017 -0700
----------------------------------------------------------------------
.../apache/geode/internal/admin/SSLConfig.java | 5 ++-
.../geode/internal/net/SocketCreator.java | 38 ++++++-----------
.../net/SSLConfigurationFactoryJUnitTest.java | 6 ++-
.../internal/net/SocketCreatorJUnitTest.java | 43 ++++++++++++++++++++
4 files changed, 62 insertions(+), 30 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/geode/blob/684f85d2/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java b/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java
index 0171933..65e4694 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java
@@ -16,6 +16,7 @@ package org.apache.geode.internal.admin;
import static org.apache.geode.distributed.ConfigurationProperties.*;
+import java.security.KeyStore;
import java.util.Iterator;
import java.util.Properties;
@@ -33,11 +34,11 @@ public class SSLConfig {
private String ciphers = DistributionConfig.DEFAULT_SSL_CIPHERS;
private boolean requireAuth = DistributionConfig.DEFAULT_SSL_REQUIRE_AUTHENTICATION;
private String keystore = DistributionConfig.DEFAULT_SSL_KEYSTORE;
- private String keystoreType = DistributionConfig.DEFAULT_CLUSTER_SSL_KEYSTORE_TYPE;
+ private String keystoreType = KeyStore.getDefaultType();
private String keystorePassword = DistributionConfig.DEFAULT_SSL_KEYSTORE_PASSWORD;
private String truststore = DistributionConfig.DEFAULT_SSL_TRUSTSTORE;
private String truststorePassword = DistributionConfig.DEFAULT_SSL_TRUSTSTORE_PASSWORD;
- private String truststoreType = DistributionConfig.DEFAULT_CLUSTER_SSL_KEYSTORE_TYPE;
+ private String truststoreType = KeyStore.getDefaultType();
private String alias = null;
private SecurableCommunicationChannel securableCommunicationChannel = null;
http://git-wip-us.apache.org/repos/asf/geode/blob/684f85d2/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
index dbe18a9..47fd766 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
@@ -333,7 +333,6 @@ public class SocketCreator {
* <p>
* Caller must synchronize on the SocketCreator instance.
*/
- @SuppressWarnings("hiding")
private void initialize() {
try {
// set p2p values...
@@ -384,7 +383,7 @@ public class SocketCreator {
/**
* Creates & configures the SSLContext when SSL is enabled.
- *
+ *
* @return new SSLContext configured using the given protocols & properties
*
* @throws GeneralSecurityException if security information can not be found
@@ -402,7 +401,7 @@ public class SocketCreator {
/**
* Used by CacheServerLauncher and SystemAdmin to read the properties from console
- *
+ *
* @param env Map in which the properties are to be read from console.
*/
public static void readSSLProperties(Map<String, String> env) {
@@ -413,7 +412,7 @@ public class SocketCreator {
* Used to read the properties from console. AgentLauncher calls this method directly & ignores
* gemfire.properties. CacheServerLauncher and SystemAdmin call this through
* {@link #readSSLProperties(Map)} and do NOT ignore gemfire.properties.
- *
+ *
* @param env Map in which the properties are to be read from console.
* @param ignoreGemFirePropsFile if <code>false</code> existing gemfire.properties file is read,
* if <code>true</code>, properties from gemfire.properties file are ignored.
@@ -537,6 +536,10 @@ public class SocketCreator {
NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
GfeConsoleReader consoleReader = GfeConsoleReaderFactory.getDefaultConsoleReader();
+ if (sslConfig.getKeystore() == null) {
+ return null;
+ }
+
KeyManager[] keyManagers = null;
String keyStoreType = sslConfig.getKeystoreType();
if (StringUtils.isEmpty(keyStoreType)) {
@@ -611,7 +614,7 @@ public class SocketCreator {
/**
* Constructor.
- *
+ *
* @param mgr The X509KeyManager used as a delegate
* @param keyAlias The alias name of the server's keypair and supporting certificate chain
*/
@@ -791,7 +794,7 @@ public class SocketCreator {
/**
* Creates or bind server socket to a random port selected from tcp-port-range which is same as
* membership-port-range.
- *
+ *
* @param ba
* @param backlog
* @param isBindAddress
@@ -811,7 +814,7 @@ public class SocketCreator {
/**
* Creates or bind server socket to a random port selected from tcp-port-range which is same as
* membership-port-range.
- *
+ *
* @param ba
* @param backlog
* @param isBindAddress
@@ -1021,14 +1024,6 @@ public class SocketCreator {
ex);
throw ex;
}
- } catch (SSLException ex) {
- logger
- .fatal(
- LocalizedMessage.create(
- LocalizedStrings.SocketCreator_SSL_ERROR_IN_CONNECTING_TO_PEER_0_1,
- new Object[] {socket.getInetAddress(), Integer.valueOf(socket.getPort())}),
- ex);
- throw ex;
}
}
}
@@ -1108,16 +1103,7 @@ public class SocketCreator {
.create(LocalizedStrings.SocketCreator_SSL_ERROR_IN_AUTHENTICATING_PEER), ex);
throw ex;
}
- } catch (SSLException ex) {
- logger
- .fatal(
- LocalizedMessage.create(
- LocalizedStrings.SocketCreator_SSL_ERROR_IN_CONNECTING_TO_PEER_0_1,
- new Object[] {socket.getInetAddress(), Integer.valueOf(socket.getPort())}),
- ex);
- throw ex;
}
-
}
}
@@ -1219,7 +1205,7 @@ public class SocketCreator {
/**
* This method uses JNDI to look up an address in DNS and return its name
- *
+ *
* @param addr
*
* @return the host name associated with the address or null if lookup isn't possible or there is
@@ -1295,7 +1281,7 @@ public class SocketCreator {
* Fails Assertion if the conversion would result in <code>java.lang.UnknownHostException</code>.
* <p>
* Any leading slashes on host will be ignored.
- *
+ *
* @param host string version the InetAddress
*
* @return the host converted to InetAddress instance
http://git-wip-us.apache.org/repos/asf/geode/blob/684f85d2/geode-core/src/test/java/org/apache/geode/internal/net/SSLConfigurationFactoryJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/internal/net/SSLConfigurationFactoryJUnitTest.java b/geode-core/src/test/java/org/apache/geode/internal/net/SSLConfigurationFactoryJUnitTest.java
index 47f0d2b..cd7585c 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/net/SSLConfigurationFactoryJUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/net/SSLConfigurationFactoryJUnitTest.java
@@ -51,6 +51,8 @@ import org.apache.geode.internal.security.SecurableCommunicationChannel;
import org.apache.geode.test.junit.categories.MembershipTest;
import org.apache.geode.test.junit.categories.UnitTest;
+import java.security.KeyStore;
+
@Category({UnitTest.class, MembershipTest.class})
public class SSLConfigurationFactoryJUnitTest {
@@ -216,11 +218,11 @@ public class SSLConfigurationFactoryJUnitTest {
properties.setProperty(CLUSTER_SSL_ENABLED, "true");
properties.setProperty(MCAST_PORT, "0");
System.setProperty(SSLConfigurationFactory.JAVAX_KEYSTORE, "keystore");
- System.setProperty(SSLConfigurationFactory.JAVAX_KEYSTORE_TYPE, "JKS");
+ System.setProperty(SSLConfigurationFactory.JAVAX_KEYSTORE_TYPE, KeyStore.getDefaultType());
System.setProperty(SSLConfigurationFactory.JAVAX_KEYSTORE_PASSWORD, "keystorePassword");
System.setProperty(SSLConfigurationFactory.JAVAX_TRUSTSTORE, "truststore");
System.setProperty(SSLConfigurationFactory.JAVAX_TRUSTSTORE_PASSWORD, "truststorePassword");
- System.setProperty(SSLConfigurationFactory.JAVAX_TRUSTSTORE_TYPE, "JKS");
+ System.setProperty(SSLConfigurationFactory.JAVAX_TRUSTSTORE_TYPE, KeyStore.getDefaultType());
DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
SSLConfigurationFactory.setDistributionConfig(distributionConfig);
SSLConfig sslConfig =
http://git-wip-us.apache.org/repos/asf/geode/blob/684f85d2/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java b/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java
new file mode 100644
index 0000000..b258ee1
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.internal.net;
+
+import org.apache.geode.internal.admin.SSLConfig;
+import org.apache.geode.test.junit.categories.UnitTest;
+import org.apache.geode.util.test.TestUtil;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+@Category(UnitTest.class)
+public class SocketCreatorJUnitTest {
+
+ @Test
+ public void testCreateSocketCreatorWithKeystoreUnset() throws Exception {
+ SSLConfig testSSLConfig = new SSLConfig();
+ testSSLConfig.setEnabled(true);
+ testSSLConfig.setKeystore(null);
+ testSSLConfig.setKeystorePassword("");
+ testSSLConfig.setTruststore(getSingleKeyKeystore());
+ testSSLConfig.setTruststorePassword("password");
+ // GEODE-3393: This would fail with java.io.FileNotFoundException: $USER_HOME/.keystore
+ new SocketCreator(testSSLConfig);
+
+ }
+
+ private String getSingleKeyKeystore() {
+ return TestUtil.getResourcePath(getClass(), "/ssl/trusted.keystore");
+ }
+
+}
[2/2] geode git commit: Merge branch 'develop' of
https://git-wip-us.apache.org/repos/asf/geode into develop
Posted by ud...@apache.org.
Merge branch 'develop' of https://git-wip-us.apache.org/repos/asf/geode into develop
Project: http://git-wip-us.apache.org/repos/asf/geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/geode/commit/87bee084
Tree: http://git-wip-us.apache.org/repos/asf/geode/tree/87bee084
Diff: http://git-wip-us.apache.org/repos/asf/geode/diff/87bee084
Branch: refs/heads/develop
Commit: 87bee0843d255187c8a53ccb4ffd57534168f873
Parents: 684f85d 13ad4b6
Author: Udo Kohlmeyer <uk...@pivotal.io>
Authored: Mon Aug 14 15:31:49 2017 -0700
Committer: Udo Kohlmeyer <uk...@pivotal.io>
Committed: Mon Aug 14 15:31:49 2017 -0700
----------------------------------------------------------------------
geode-book/Gemfile.lock | 2 +-
.../source/subnavs/geode-subnav.erb | 54 +-
.../how_region_versioning_works.html.md.erb | 4 +-
.../disk_free_space_monitoring.html.md.erb | 2 +-
.../heap_use/off_heap_management.html.md.erb | 2 +-
.../region_compression.html.md.erb | 2 +-
geode-docs/reference/book_intro.html.md.erb | 20 +-
.../statistics/statistics_list.html.md.erb | 1310 ------------------
.../reference/statistics_list.html.md.erb | 1310 ++++++++++++++++++
.../topics/cache-elements-list.html.md.erb | 4 +-
.../reference/topics/cache_xml.html.md.erb | 50 +-
.../chapter_overview_cache_xml.html.md.erb | 8 +-
...chapter_overview_regionshortcuts.html.md.erb | 54 +-
.../client-cache-elements-list.html.md.erb | 2 +-
.../reference/topics/client-cache.html.md.erb | 42 +-
.../topics/gemfire_properties.html.md.erb | 46 +-
.../reference/topics/gfe_cache_xml.html.md.erb | 78 +-
...handling_exceptions_and_failures.html.md.erb | 10 +-
...mory_requirements_for_cache_data.html.md.erb | 30 +-
...on-ascii_strings_in_config_files.html.md.erb | 6 +-
.../region_shortcuts_reference.html.md.erb | 2 +-
21 files changed, 1516 insertions(+), 1522 deletions(-)
----------------------------------------------------------------------