You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ud...@apache.org on 2016/09/06 17:23:40 UTC
[16/18] incubator-geode git commit: GEODE-1834: initilize the
socketcreator with the correct ssl settings
GEODE-1834: initilize the socketcreator with the correct ssl settings
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/a4c38a46
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/a4c38a46
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/a4c38a46
Branch: refs/heads/feature/GEODE-420
Commit: a4c38a469d0726c8fd59f444e342d3d062c47004
Parents: bb829d3
Author: Jinmei Liao <ji...@pivotal.io>
Authored: Thu Sep 1 09:27:11 2016 -0700
Committer: Jinmei Liao <ji...@pivotal.io>
Committed: Tue Sep 6 08:27:45 2016 -0700
----------------------------------------------------------------------
.../internal/JmxManagerLocatorRequest.java | 8 +-
.../internal/cli/commands/ShellCommands.java | 21 ++-
.../ConnectToLocatorSSLDUnitTest.java | 136 +++++++++++++++++++
3 files changed, 150 insertions(+), 15 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a4c38a46/geode-core/src/main/java/com/gemstone/gemfire/management/internal/JmxManagerLocatorRequest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/JmxManagerLocatorRequest.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/JmxManagerLocatorRequest.java
index 861f51d..ac250d0 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/JmxManagerLocatorRequest.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/JmxManagerLocatorRequest.java
@@ -25,6 +25,7 @@ import java.util.Properties;
import com.gemstone.gemfire.distributed.internal.tcpserver.TcpClient;
import com.gemstone.gemfire.internal.DataSerializableFixedID;
+import com.gemstone.gemfire.internal.SocketCreator;
import com.gemstone.gemfire.internal.Version;
/**
@@ -80,13 +81,14 @@ public class JmxManagerLocatorRequest implements DataSerializableFixedID {
InetAddress networkAddress = InetAddress.getByName(locatorHost);
try {
- // Changes for 46623
- // initialize the SocketCreator with props which may contain SSL config
- // empty distConfProps will reset SocketCreator
if (sslConfigProps != null) {
distributionConfigProps.putAll(sslConfigProps);
}
+ // re-initialize the SocketCreator with the sslConfigProps. Note this initializes the SocketCreator with cluster-ssl-* settings since
+ // we are connecting to the locator only.
+ SocketCreator.getDefaultInstance(distributionConfigProps);
+
Object responseFromServer = TcpClient.requestToServer(networkAddress, locatorPort, SINGLETON, msTimeout);
return (JmxManagerLocatorResponse) responseFromServer;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a4c38a46/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ShellCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ShellCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ShellCommands.java
index 09a25a6..daa7262 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ShellCommands.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ShellCommands.java
@@ -17,6 +17,8 @@
package com.gemstone.gemfire.management.internal.cli.commands;
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.File;
@@ -38,11 +40,18 @@ import java.util.Map;
import java.util.Map.Entry;
import java.util.Properties;
import java.util.Set;
+
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
+import org.springframework.shell.core.CommandMarker;
+import org.springframework.shell.core.ExitShellRequest;
+import org.springframework.shell.core.annotation.CliAvailabilityIndicator;
+import org.springframework.shell.core.annotation.CliCommand;
+import org.springframework.shell.core.annotation.CliOption;
+
import com.gemstone.gemfire.distributed.internal.DistributionConfig;
import com.gemstone.gemfire.internal.ClassPathLoader;
import com.gemstone.gemfire.internal.DSFIDFactory;
@@ -79,14 +88,6 @@ import com.gemstone.gemfire.management.internal.web.shell.HttpOperationInvoker;
import com.gemstone.gemfire.management.internal.web.shell.RestHttpOperationInvoker;
import com.gemstone.gemfire.security.AuthenticationFailedException;
-import org.springframework.shell.core.CommandMarker;
-import org.springframework.shell.core.ExitShellRequest;
-import org.springframework.shell.core.annotation.CliAvailabilityIndicator;
-import org.springframework.shell.core.annotation.CliCommand;
-import org.springframework.shell.core.annotation.CliOption;
-
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
-
/**
*
* @since GemFire 7.0
@@ -308,10 +309,6 @@ public class ShellCommands implements CommandMarker {
// Props required to configure a SocketCreator with SSL.
// Used for gfsh->locator connection & not needed for gfsh->manager connection
if (useSsl || !sslConfigProps.isEmpty()) {
- //Fix for 51266 : Added an check for cluster-ssl-enabled proeprty
- if (!sslConfigProps.containsKey(DistributionConfig.CLUSTER_SSL_ENABLED_NAME)) {
- sslConfigProps.put(DistributionConfig.SSL_ENABLED_NAME, String.valueOf(true));
- }
sslConfigProps.put(MCAST_PORT, String.valueOf(0));
sslConfigProps.put(LOCATORS, "");
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a4c38a46/geode-core/src/test/java/com/gemstone/gemfire/management/ConnectToLocatorSSLDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/ConnectToLocatorSSLDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/ConnectToLocatorSSLDUnitTest.java
new file mode 100644
index 0000000..c90e157
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/management/ConnectToLocatorSSLDUnitTest.java
@@ -0,0 +1,136 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.gemstone.gemfire.management;
+
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import static com.gemstone.gemfire.internal.Assert.assertTrue;
+import static com.gemstone.gemfire.util.test.TestUtil.*;
+import static org.junit.Assert.*;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.OutputStream;
+import java.util.Properties;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.rules.TemporaryFolder;
+
+import com.gemstone.gemfire.distributed.Locator;
+import com.gemstone.gemfire.internal.AvailablePortHelper;
+import com.gemstone.gemfire.management.cli.Result.Status;
+import com.gemstone.gemfire.management.internal.cli.CliUtil;
+import com.gemstone.gemfire.management.internal.cli.HeadlessGfsh;
+import com.gemstone.gemfire.management.internal.cli.i18n.CliStrings;
+import com.gemstone.gemfire.management.internal.cli.result.CommandResult;
+import com.gemstone.gemfire.management.internal.cli.util.CommandStringBuilder;
+import com.gemstone.gemfire.test.dunit.Host;
+import com.gemstone.gemfire.test.dunit.VM;
+import com.gemstone.gemfire.test.dunit.internal.JUnit4DistributedTestCase;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import com.gemstone.gemfire.test.junit.rules.serializable.SerializableTemporaryFolder;
+
+@Category(DistributedTest.class)
+public class ConnectToLocatorSSLDUnitTest extends JUnit4DistributedTestCase {
+ protected VM locator = null;
+ protected File jks = null;
+ protected File securityPropsFile = null;
+
+ @Rule
+ public TemporaryFolder folder = new SerializableTemporaryFolder();
+
+ @Before
+ public void before() throws Exception {
+ final Host host = Host.getHost(0);
+ this.locator = host.getVM(0);
+ this.jks = new File(getResourcePath(getClass(), "/ssl/trusted.keystore"));
+ securityPropsFile = folder.newFile("security.properties");
+ }
+
+ @After
+ public void after() throws Exception {
+ securityPropsFile.delete();
+ CliUtil.isGfshVM = false;
+ }
+
+ @Test
+ public void testConnectToLocatorWithClusterSSL() throws Exception{
+ Properties securityProps = new Properties();
+ securityProps.setProperty(CLUSTER_SSL_ENABLED, "true");
+ securityProps.setProperty(CLUSTER_SSL_KEYSTORE, jks.getCanonicalPath());
+ securityProps.setProperty(CLUSTER_SSL_KEYSTORE_PASSWORD, "password");
+ securityProps.setProperty(CLUSTER_SSL_KEYSTORE_TYPE, "JKS");
+ securityProps.setProperty(CLUSTER_SSL_TRUSTSTORE, jks.getCanonicalPath());
+ securityProps.setProperty(CLUSTER_SSL_TRUSTSTORE_PASSWORD, "password");
+
+ setUpLocatorAndConnect(securityProps);
+ }
+
+ @Test
+ public void testConnectToLocatorWithJMXSSL() throws Exception{
+ Properties securityProps = new Properties();
+ securityProps.setProperty(JMX_MANAGER_SSL_ENABLED, "true");
+ securityProps.setProperty(JMX_MANAGER_SSL_KEYSTORE, jks.getCanonicalPath());
+ securityProps.setProperty(JMX_MANAGER_SSL_KEYSTORE_PASSWORD, "password");
+ securityProps.setProperty(JMX_MANAGER_SSL_KEYSTORE_TYPE, "JKS");
+ securityProps.setProperty(JMX_MANAGER_SSL_TRUSTSTORE, jks.getCanonicalPath());
+ securityProps.setProperty(JMX_MANAGER_SSL_TRUSTSTORE_PASSWORD, "password");
+
+ setUpLocatorAndConnect(securityProps);
+ }
+
+ public void setUpLocatorAndConnect(Properties securityProps) throws Exception{
+ // set up locator with cluster-ssl-*
+ int[] ports = AvailablePortHelper.getRandomAvailableTCPPorts(2);
+ int locatorPort = ports[0];
+ int jmxPort = ports[1];
+
+ locator.invoke(()->{
+ Properties props = new Properties();
+ props.setProperty(MCAST_PORT, "0");
+ props.put(JMX_MANAGER, "true");
+ props.put(JMX_MANAGER_START, "true");
+ props.put(JMX_MANAGER_PORT, jmxPort+"");
+ props.putAll(securityProps);
+ Locator.startLocatorAndDS(locatorPort, folder.newFile("locator.log"), props);
+ });
+
+ // saving the securityProps to a file
+ OutputStream out = new FileOutputStream(securityPropsFile);
+ securityProps.store(out, "");
+
+ // run gfsh connect command in this vm
+ CliUtil.isGfshVM = true;
+ String shellId = getClass().getSimpleName();
+ HeadlessGfsh gfsh = new HeadlessGfsh(shellId, 30, folder.newFolder("gfsh_files").getCanonicalPath());
+
+ // connect to the locator with the saved property file
+ final CommandStringBuilder command = new CommandStringBuilder(CliStrings.CONNECT);
+ command.addOption(CliStrings.CONNECT__LOCATOR, "localhost[" + locatorPort + "]");
+ command.addOption(CliStrings.CONNECT__SECURITY_PROPERTIES, securityPropsFile.getCanonicalPath());
+
+ gfsh.executeCommand(command.toString());
+ CommandResult result = (CommandResult)gfsh.getResult();
+ assertEquals(result.getStatus(), Status.OK);
+ assertTrue(result.getContent().toString().contains("Successfully connected to"));
+ }
+
+}