You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by kh...@apache.org on 2017/03/17 20:11:22 UTC

[47/49] geode git commit: GEODE-2633: When turning on fine logging, GEODE logs the keystore password in clear text

GEODE-2633: When turning on fine logging, GEODE logs the keystore password in clear text


Project: http://git-wip-us.apache.org/repos/asf/geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/geode/commit/c02970b4
Tree: http://git-wip-us.apache.org/repos/asf/geode/tree/c02970b4
Diff: http://git-wip-us.apache.org/repos/asf/geode/diff/c02970b4

Branch: refs/heads/feature/GEODE-2420
Commit: c02970b4fdb8f3238e9bec10f9b5692eed6006df
Parents: 22750cf
Author: Kevin J. Duling <kd...@pivotal.io>
Authored: Thu Mar 9 15:21:23 2017 -0800
Committer: Ken Howe <kh...@pivotal.io>
Committed: Fri Mar 17 13:09:45 2017 -0700

----------------------------------------------------------------------
 .../geode/internal/net/SocketCreator.java       | 59 ++++++++++----------
 .../geode/internal/util/ArgumentRedactor.java   |  9 +--
 2 files changed, 32 insertions(+), 36 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/geode/blob/c02970b4/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
index 742e7f3..7a8f3ad 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
@@ -14,6 +14,32 @@
  */
 package org.apache.geode.internal.net;
 
+import org.apache.commons.lang.StringUtils;
+import org.apache.geode.GemFireConfigException;
+import org.apache.geode.SystemConnectException;
+import org.apache.geode.SystemFailure;
+import org.apache.geode.admin.internal.InetAddressUtil;
+import org.apache.geode.cache.wan.GatewaySender;
+import org.apache.geode.cache.wan.GatewayTransportFilter;
+import org.apache.geode.distributed.ClientSocketFactory;
+import org.apache.geode.distributed.internal.DistributionConfig;
+import org.apache.geode.distributed.internal.DistributionConfigImpl;
+import org.apache.geode.distributed.internal.InternalDistributedSystem;
+import org.apache.geode.internal.ClassPathLoader;
+import org.apache.geode.internal.ConnectionWatcher;
+import org.apache.geode.internal.GfeConsoleReaderFactory;
+import org.apache.geode.internal.GfeConsoleReaderFactory.GfeConsoleReader;
+import org.apache.geode.internal.admin.SSLConfig;
+import org.apache.geode.internal.cache.wan.TransportFilterServerSocket;
+import org.apache.geode.internal.cache.wan.TransportFilterSocketFactory;
+import org.apache.geode.internal.i18n.LocalizedStrings;
+import org.apache.geode.internal.logging.LogService;
+import org.apache.geode.internal.logging.log4j.LocalizedMessage;
+import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.util.ArgumentRedactor;
+import org.apache.geode.internal.util.PasswordUtil;
+import org.apache.logging.log4j.Logger;
+
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.net.BindException;
@@ -71,32 +97,6 @@ import javax.net.ssl.TrustManager;
 import javax.net.ssl.TrustManagerFactory;
 import javax.net.ssl.X509ExtendedKeyManager;
 
-import org.apache.commons.lang.StringUtils;
-import org.apache.logging.log4j.Logger;
-
-import org.apache.geode.GemFireConfigException;
-import org.apache.geode.SystemConnectException;
-import org.apache.geode.SystemFailure;
-import org.apache.geode.admin.internal.InetAddressUtil;
-import org.apache.geode.cache.wan.GatewaySender;
-import org.apache.geode.cache.wan.GatewayTransportFilter;
-import org.apache.geode.distributed.ClientSocketFactory;
-import org.apache.geode.distributed.internal.DistributionConfig;
-import org.apache.geode.distributed.internal.DistributionConfigImpl;
-import org.apache.geode.distributed.internal.InternalDistributedSystem;
-import org.apache.geode.internal.ClassPathLoader;
-import org.apache.geode.internal.ConnectionWatcher;
-import org.apache.geode.internal.GfeConsoleReaderFactory;
-import org.apache.geode.internal.GfeConsoleReaderFactory.GfeConsoleReader;
-import org.apache.geode.internal.admin.SSLConfig;
-import org.apache.geode.internal.cache.wan.TransportFilterServerSocket;
-import org.apache.geode.internal.cache.wan.TransportFilterSocketFactory;
-import org.apache.geode.internal.i18n.LocalizedStrings;
-import org.apache.geode.internal.logging.LogService;
-import org.apache.geode.internal.logging.log4j.LocalizedMessage;
-import org.apache.geode.internal.security.SecurableCommunicationChannel;
-import org.apache.geode.internal.util.PasswordUtil;
-
 /**
  * Analyze configuration data (gemfire.properties) and configure sockets accordingly for SSL.
  * <p>
@@ -1126,13 +1126,14 @@ public class SocketCreator {
   private void printConfig() {
     if (!configShown && logger.isDebugEnabled()) {
       configShown = true;
-      StringBuffer sb = new StringBuffer();
+      StringBuilder sb = new StringBuilder();
       sb.append("SSL Configuration: \n");
-      sb.append("  ssl-enabled = " + this.sslConfig.isEnabled()).append("\n");
+      sb.append("  ssl-enabled = ").append(this.sslConfig.isEnabled()).append("\n");
       // add other options here....
       for (String key : System.getProperties().stringPropertyNames()) { // fix for 46822
         if (key.startsWith("javax.net.ssl")) {
-          sb.append("  ").append(key).append(" = ").append(System.getProperty(key)).append("\n");
+          String redactedString = ArgumentRedactor.redact(key, System.getProperty(key));
+          sb.append("  ").append(key).append(" = ").append(redactedString).append("\n");
         }
       }
       logger.debug(sb.toString());

http://git-wip-us.apache.org/repos/asf/geode/blob/c02970b4/geode-core/src/main/java/org/apache/geode/internal/util/ArgumentRedactor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/util/ArgumentRedactor.java b/geode-core/src/main/java/org/apache/geode/internal/util/ArgumentRedactor.java
index 419f3f9..8873a52 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/util/ArgumentRedactor.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/util/ArgumentRedactor.java
@@ -63,10 +63,10 @@ public class ArgumentRedactor {
 
   /**
    * Parse a string to find key=value pairs and redact the values if necessary. If more than one
-   * key=value pair exists in the input, each pair must be preceeded by a hyphen '-' to delineate
+   * key=value pair exists in the input, each pair must be preceded by a hyphen '-' to delineate
    * the pairs. <br>
    * Example:<br>
-   * Single value: "password=secret" or "--password=secret" Mulitple values: "-Dflag -Dkey=value
+   * Single value: "password=secret" or "--password=secret" Multiple values: "-Dflag -Dkey=value
    * --classpath=."
    * 
    * @param line The input to be parsed
@@ -145,10 +145,5 @@ public class ArgumentRedactor {
       compareKey = compareKey.substring(2);
     }
     return compareKey.toLowerCase().contains("password");
-    // return compareKey
-    // .startsWith(DistributionConfig.GEMFIRE_PREFIX + DistributionConfig.SECURITY_PREFIX_NAME)
-    // || compareKey.startsWith(
-    // DistributionConfigImpl.SECURITY_SYSTEM_PREFIX + DistributionConfig.SECURITY_PREFIX_NAME)
-    // || compareKey.toLowerCase().contains("password");
   }
 }