You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by kh...@apache.org on 2017/03/17 20:11:22 UTC
[47/49] geode git commit: GEODE-2633: When turning on fine logging,
GEODE logs the keystore password in clear text
GEODE-2633: When turning on fine logging, GEODE logs the keystore password in clear text
Project: http://git-wip-us.apache.org/repos/asf/geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/geode/commit/c02970b4
Tree: http://git-wip-us.apache.org/repos/asf/geode/tree/c02970b4
Diff: http://git-wip-us.apache.org/repos/asf/geode/diff/c02970b4
Branch: refs/heads/feature/GEODE-2420
Commit: c02970b4fdb8f3238e9bec10f9b5692eed6006df
Parents: 22750cf
Author: Kevin J. Duling <kd...@pivotal.io>
Authored: Thu Mar 9 15:21:23 2017 -0800
Committer: Ken Howe <kh...@pivotal.io>
Committed: Fri Mar 17 13:09:45 2017 -0700
----------------------------------------------------------------------
.../geode/internal/net/SocketCreator.java | 59 ++++++++++----------
.../geode/internal/util/ArgumentRedactor.java | 9 +--
2 files changed, 32 insertions(+), 36 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/geode/blob/c02970b4/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
index 742e7f3..7a8f3ad 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
@@ -14,6 +14,32 @@
*/
package org.apache.geode.internal.net;
+import org.apache.commons.lang.StringUtils;
+import org.apache.geode.GemFireConfigException;
+import org.apache.geode.SystemConnectException;
+import org.apache.geode.SystemFailure;
+import org.apache.geode.admin.internal.InetAddressUtil;
+import org.apache.geode.cache.wan.GatewaySender;
+import org.apache.geode.cache.wan.GatewayTransportFilter;
+import org.apache.geode.distributed.ClientSocketFactory;
+import org.apache.geode.distributed.internal.DistributionConfig;
+import org.apache.geode.distributed.internal.DistributionConfigImpl;
+import org.apache.geode.distributed.internal.InternalDistributedSystem;
+import org.apache.geode.internal.ClassPathLoader;
+import org.apache.geode.internal.ConnectionWatcher;
+import org.apache.geode.internal.GfeConsoleReaderFactory;
+import org.apache.geode.internal.GfeConsoleReaderFactory.GfeConsoleReader;
+import org.apache.geode.internal.admin.SSLConfig;
+import org.apache.geode.internal.cache.wan.TransportFilterServerSocket;
+import org.apache.geode.internal.cache.wan.TransportFilterSocketFactory;
+import org.apache.geode.internal.i18n.LocalizedStrings;
+import org.apache.geode.internal.logging.LogService;
+import org.apache.geode.internal.logging.log4j.LocalizedMessage;
+import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.util.ArgumentRedactor;
+import org.apache.geode.internal.util.PasswordUtil;
+import org.apache.logging.log4j.Logger;
+
import java.io.FileInputStream;
import java.io.IOException;
import java.net.BindException;
@@ -71,32 +97,6 @@ import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
-import org.apache.commons.lang.StringUtils;
-import org.apache.logging.log4j.Logger;
-
-import org.apache.geode.GemFireConfigException;
-import org.apache.geode.SystemConnectException;
-import org.apache.geode.SystemFailure;
-import org.apache.geode.admin.internal.InetAddressUtil;
-import org.apache.geode.cache.wan.GatewaySender;
-import org.apache.geode.cache.wan.GatewayTransportFilter;
-import org.apache.geode.distributed.ClientSocketFactory;
-import org.apache.geode.distributed.internal.DistributionConfig;
-import org.apache.geode.distributed.internal.DistributionConfigImpl;
-import org.apache.geode.distributed.internal.InternalDistributedSystem;
-import org.apache.geode.internal.ClassPathLoader;
-import org.apache.geode.internal.ConnectionWatcher;
-import org.apache.geode.internal.GfeConsoleReaderFactory;
-import org.apache.geode.internal.GfeConsoleReaderFactory.GfeConsoleReader;
-import org.apache.geode.internal.admin.SSLConfig;
-import org.apache.geode.internal.cache.wan.TransportFilterServerSocket;
-import org.apache.geode.internal.cache.wan.TransportFilterSocketFactory;
-import org.apache.geode.internal.i18n.LocalizedStrings;
-import org.apache.geode.internal.logging.LogService;
-import org.apache.geode.internal.logging.log4j.LocalizedMessage;
-import org.apache.geode.internal.security.SecurableCommunicationChannel;
-import org.apache.geode.internal.util.PasswordUtil;
-
/**
* Analyze configuration data (gemfire.properties) and configure sockets accordingly for SSL.
* <p>
@@ -1126,13 +1126,14 @@ public class SocketCreator {
private void printConfig() {
if (!configShown && logger.isDebugEnabled()) {
configShown = true;
- StringBuffer sb = new StringBuffer();
+ StringBuilder sb = new StringBuilder();
sb.append("SSL Configuration: \n");
- sb.append(" ssl-enabled = " + this.sslConfig.isEnabled()).append("\n");
+ sb.append(" ssl-enabled = ").append(this.sslConfig.isEnabled()).append("\n");
// add other options here....
for (String key : System.getProperties().stringPropertyNames()) { // fix for 46822
if (key.startsWith("javax.net.ssl")) {
- sb.append(" ").append(key).append(" = ").append(System.getProperty(key)).append("\n");
+ String redactedString = ArgumentRedactor.redact(key, System.getProperty(key));
+ sb.append(" ").append(key).append(" = ").append(redactedString).append("\n");
}
}
logger.debug(sb.toString());
http://git-wip-us.apache.org/repos/asf/geode/blob/c02970b4/geode-core/src/main/java/org/apache/geode/internal/util/ArgumentRedactor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/util/ArgumentRedactor.java b/geode-core/src/main/java/org/apache/geode/internal/util/ArgumentRedactor.java
index 419f3f9..8873a52 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/util/ArgumentRedactor.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/util/ArgumentRedactor.java
@@ -63,10 +63,10 @@ public class ArgumentRedactor {
/**
* Parse a string to find key=value pairs and redact the values if necessary. If more than one
- * key=value pair exists in the input, each pair must be preceeded by a hyphen '-' to delineate
+ * key=value pair exists in the input, each pair must be preceded by a hyphen '-' to delineate
* the pairs. <br>
* Example:<br>
- * Single value: "password=secret" or "--password=secret" Mulitple values: "-Dflag -Dkey=value
+ * Single value: "password=secret" or "--password=secret" Multiple values: "-Dflag -Dkey=value
* --classpath=."
*
* @param line The input to be parsed
@@ -145,10 +145,5 @@ public class ArgumentRedactor {
compareKey = compareKey.substring(2);
}
return compareKey.toLowerCase().contains("password");
- // return compareKey
- // .startsWith(DistributionConfig.GEMFIRE_PREFIX + DistributionConfig.SECURITY_PREFIX_NAME)
- // || compareKey.startsWith(
- // DistributionConfigImpl.SECURITY_SYSTEM_PREFIX + DistributionConfig.SECURITY_PREFIX_NAME)
- // || compareKey.toLowerCase().contains("password");
}
}