You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ignite.apache.org by ag...@apache.org on 2017/02/09 17:43:15 UTC
[15/24] ignite git commit: ignite-4147 - Fail if joining node has
different of cluster SSL configuration.
ignite-4147 - Fail if joining node has different of cluster SSL configuration.
Project: http://git-wip-us.apache.org/repos/asf/ignite/repo
Commit: http://git-wip-us.apache.org/repos/asf/ignite/commit/2eb24cad
Tree: http://git-wip-us.apache.org/repos/asf/ignite/tree/2eb24cad
Diff: http://git-wip-us.apache.org/repos/asf/ignite/diff/2eb24cad
Branch: refs/heads/master
Commit: 2eb24cad277e14322cf42155697cae78e0f80e13
Parents: b54a481
Author: dkarachentsev <dk...@gridgain.com>
Authored: Wed Jan 18 13:00:25 2017 +0300
Committer: dkarachentsev <dk...@gridgain.com>
Committed: Wed Jan 18 13:00:25 2017 +0300
----------------------------------------------------------------------
.../ignite/spi/discovery/tcp/ClientImpl.java | 20 ++++-
.../ignite/spi/discovery/tcp/ServerImpl.java | 9 ++
.../TcpDiscoverySslSecuredUnsecuredTest.java | 93 ++++++++++++++++++++
.../IgniteSpiDiscoverySelfTestSuite.java | 4 +-
4 files changed, 124 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ignite/blob/2eb24cad/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ClientImpl.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ClientImpl.java b/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ClientImpl.java
index 0f5f741..9a1261c 100644
--- a/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ClientImpl.java
+++ b/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ClientImpl.java
@@ -20,6 +20,7 @@ package org.apache.ignite.spi.discovery.tcp;
import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.io.StreamCorruptedException;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.SocketTimeoutException;
@@ -44,6 +45,7 @@ import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.LinkedBlockingDeque;
import java.util.concurrent.atomic.AtomicReference;
+import javax.net.ssl.SSLException;
import org.apache.ignite.IgniteCheckedException;
import org.apache.ignite.IgniteClientDisconnectedException;
import org.apache.ignite.IgniteException;
@@ -655,6 +657,14 @@ class ClientImpl extends TcpDiscoveryImpl {
errs.add(e);
+ if (X.hasCause(e, SSLException.class))
+ throw new IgniteSpiException("Unable to establish secure connection. " +
+ "Was remote cluster configured with SSL? [rmtAddr=" + addr + ", errMsg=\"" + e.getMessage() + "\"]", e);
+
+ if (X.hasCause(e, StreamCorruptedException.class))
+ throw new IgniteSpiException("Unable to establish plain connection. " +
+ "Was remote cluster configured with SSL? [rmtAddr=" + addr + ", errMsg=\"" + e.getMessage() + "\"]", e);
+
if (timeoutHelper.checkFailureTimeoutReached(e))
break;
@@ -1527,7 +1537,15 @@ class ClientImpl extends TcpDiscoveryImpl {
joinCnt++;
- T2<SocketStream, Boolean> joinRes = joinTopology(false, spi.joinTimeout);
+ T2<SocketStream, Boolean> joinRes;
+ try {
+ joinRes = joinTopology(false, spi.joinTimeout);
+ }
+ catch (IgniteSpiException e) {
+ joinError(e);
+
+ return;
+ }
if (joinRes == null) {
if (join)
http://git-wip-us.apache.org/repos/asf/ignite/blob/2eb24cad/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ServerImpl.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ServerImpl.java b/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ServerImpl.java
index c791333..40da281 100644
--- a/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ServerImpl.java
+++ b/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ServerImpl.java
@@ -24,6 +24,7 @@ import java.io.InputStream;
import java.io.ObjectStreamException;
import java.io.OutputStream;
import java.io.Serializable;
+import java.io.StreamCorruptedException;
import java.net.ConnectException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
@@ -1218,6 +1219,14 @@ class ServerImpl extends TcpDiscoveryImpl {
errs.add(e);
+ if (X.hasCause(e, SSLException.class))
+ throw new IgniteException("Unable to establish secure connection. " +
+ "Was remote cluster configured with SSL? [rmtAddr=" + addr + ", errMsg=\"" + e.getMessage() + "\"]", e);
+
+ if (X.hasCause(e, StreamCorruptedException.class))
+ throw new IgniteException("Unable to establish plain connection. " +
+ "Was remote cluster configured with SSL? [rmtAddr=" + addr + ", errMsg=\"" + e.getMessage() + "\"]", e);
+
if (timeoutHelper.checkFailureTimeoutReached(e))
break;
http://git-wip-us.apache.org/repos/asf/ignite/blob/2eb24cad/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySslSecuredUnsecuredTest.java
----------------------------------------------------------------------
diff --git a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySslSecuredUnsecuredTest.java b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySslSecuredUnsecuredTest.java
new file mode 100644
index 0000000..2296165
--- /dev/null
+++ b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySslSecuredUnsecuredTest.java
@@ -0,0 +1,93 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ignite.spi.discovery.tcp;
+
+import java.util.concurrent.Callable;
+import org.apache.ignite.IgniteCheckedException;
+import org.apache.ignite.configuration.IgniteConfiguration;
+import org.apache.ignite.testframework.GridTestUtils;
+import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest;
+
+/**
+ * Tests cases when node connects to cluster with different SSL configuration.
+ * Exception with meaningful message should be thrown.
+ */
+public class TcpDiscoverySslSecuredUnsecuredTest extends GridCommonAbstractTest {
+ /** {@inheritDoc} */
+ @Override protected IgniteConfiguration getConfiguration(final String gridName) throws Exception {
+ final IgniteConfiguration cfg = super.getConfiguration(gridName);
+
+ cfg.setClientMode(gridName.contains("client"));
+
+ if (gridName.contains("ssl"))
+ cfg.setSslContextFactory(GridTestUtils.sslFactory());
+
+ return cfg;
+ }
+
+ /** {@inheritDoc} */
+ @Override protected void afterTest() throws Exception {
+ stopAllGrids();
+ }
+
+ /**
+ * @throws Exception If failed.
+ */
+ public void testSecuredUnsecuredServerConnection() throws Exception {
+ checkConnection("plain-server", "ssl-server");
+ }
+
+ /**
+ * @throws Exception If failed.
+ */
+ public void testUnsecuredSecuredServerConnection() throws Exception {
+ checkConnection("ssl-server", "plain-server");
+ }
+
+ /**
+ * @throws Exception If failed.
+ */
+ public void testSecuredClientUnsecuredServerConnection() throws Exception {
+ checkConnection("plain-server", "ssl-client");
+ }
+
+ /**
+ * @throws Exception If failed.
+ */
+ public void testUnsecuredClientSecuredServerConnection() throws Exception {
+ checkConnection("ssl-server", "plain-client");
+ }
+
+ /**
+ * @param name1 First grid name.
+ * @param name2 Second grid name.
+ * @throws Exception If failed.
+ */
+ @SuppressWarnings("ThrowableNotThrown")
+ private void checkConnection(final String name1, final String name2) throws Exception {
+ startGrid(name1);
+
+ GridTestUtils.assertThrows(null, new Callable<Object>() {
+ @Override public Object call() throws Exception {
+ startGrid(name2);
+
+ return null;
+ }
+ }, IgniteCheckedException.class, null);
+ }
+}
http://git-wip-us.apache.org/repos/asf/ignite/blob/2eb24cad/modules/core/src/test/java/org/apache/ignite/testsuites/IgniteSpiDiscoverySelfTestSuite.java
----------------------------------------------------------------------
diff --git a/modules/core/src/test/java/org/apache/ignite/testsuites/IgniteSpiDiscoverySelfTestSuite.java b/modules/core/src/test/java/org/apache/ignite/testsuites/IgniteSpiDiscoverySelfTestSuite.java
index af7eb7e..98bf6da 100644
--- a/modules/core/src/test/java/org/apache/ignite/testsuites/IgniteSpiDiscoverySelfTestSuite.java
+++ b/modules/core/src/test/java/org/apache/ignite/testsuites/IgniteSpiDiscoverySelfTestSuite.java
@@ -34,6 +34,7 @@ import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpiConfigSelfTest;
import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpiFailureTimeoutSelfTest;
import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpiSelfTest;
import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpiStartStopSelfTest;
+import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySslSecuredUnsecuredTest;
import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySslSelfTest;
import org.apache.ignite.spi.discovery.tcp.ipfinder.jdbc.TcpDiscoveryJdbcIpFinderSelfTest;
import org.apache.ignite.spi.discovery.tcp.ipfinder.multicast.TcpDiscoveryMulticastIpFinderSelfTest;
@@ -86,7 +87,8 @@ public class IgniteSpiDiscoverySelfTestSuite extends TestSuite {
// SSL.
suite.addTest(new TestSuite(TcpDiscoverySslSelfTest.class));
+ suite.addTest(new TestSuite(TcpDiscoverySslSecuredUnsecuredTest.class));
return suite;
}
-}
\ No newline at end of file
+}