You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ji...@apache.org on 2017/08/10 20:51:04 UTC
[1/3] geode git commit: GEODE-3328: refactor ConnectCommand
Repository: geode
Updated Branches:
refs/heads/develop 1bd15f8a2 -> 7352fcc7e
http://git-wip-us.apache.org/repos/asf/geode/blob/7352fcc7/geode-web/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectCommandWithSSLTest.java
----------------------------------------------------------------------
diff --git a/geode-web/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectCommandWithSSLTest.java b/geode-web/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectCommandWithSSLTest.java
new file mode 100644
index 0000000..7c4fb44
--- /dev/null
+++ b/geode-web/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectCommandWithSSLTest.java
@@ -0,0 +1,303 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package org.apache.geode.management.internal.cli.commands;
+
+import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_CIPHERS;
+import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_ENABLED;
+import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_KEYSTORE;
+import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_KEYSTORE_PASSWORD;
+import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_KEYSTORE_TYPE;
+import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_PROTOCOLS;
+import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_TRUSTSTORE;
+import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_TRUSTSTORE_PASSWORD;
+import static org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_SSL_CIPHERS;
+import static org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_SSL_ENABLED;
+import static org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_SSL_KEYSTORE;
+import static org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_SSL_KEYSTORE_PASSWORD;
+import static org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_SSL_KEYSTORE_TYPE;
+import static org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_SSL_PROTOCOLS;
+import static org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_SSL_TRUSTSTORE;
+import static org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_SSL_TRUSTSTORE_PASSWORD;
+import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_CIPHERS;
+import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_ENABLED;
+import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_KEYSTORE;
+import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_KEYSTORE_PASSWORD;
+import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_KEYSTORE_TYPE;
+import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_PROTOCOLS;
+import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_TRUSTSTORE;
+import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_TRUSTSTORE_PASSWORD;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_CIPHERS;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_ENABLED_COMPONENTS;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE_PASSWORD;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE_TYPE;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_PROTOCOLS;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE_PASSWORD;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE_TYPE;
+import static org.assertj.core.api.Assertions.assertThat;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.OutputStream;
+import java.net.URISyntaxException;
+import java.util.Properties;
+
+import javax.net.ssl.HttpsURLConnection;
+
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.contrib.java.lang.system.RestoreSystemProperties;
+import org.junit.experimental.categories.Category;
+import org.junit.rules.TemporaryFolder;
+
+import org.apache.geode.security.SecurableCommunicationChannels;
+import org.apache.geode.test.dunit.IgnoredException;
+import org.apache.geode.test.dunit.rules.GfshShellConnectionRule;
+import org.apache.geode.test.dunit.rules.LocatorServerStartupRule;
+import org.apache.geode.test.dunit.rules.MemberVM;
+import org.apache.geode.test.junit.categories.DistributedTest;
+
+@Category(DistributedTest.class)
+public class ConnectCommandWithSSLTest {
+
+ private static File jks;
+
+ static {
+ try {
+ jks = new File(ConnectCommandWithSSLTest.class.getClassLoader()
+ .getResource("ssl/trusted.keystore").toURI());
+ } catch (URISyntaxException e) {
+ e.printStackTrace();
+ }
+ }
+
+ private static Properties sslProperties = new Properties() {
+ {
+ setProperty(SSL_ENABLED_COMPONENTS, SecurableCommunicationChannels.ALL);
+ setProperty(SSL_KEYSTORE, jks.getAbsolutePath());
+ setProperty(SSL_KEYSTORE_PASSWORD, "password");
+ setProperty(SSL_KEYSTORE_TYPE, "JKS");
+ setProperty(SSL_TRUSTSTORE, jks.getAbsolutePath());
+ setProperty(SSL_TRUSTSTORE_PASSWORD, "password");
+ setProperty(SSL_TRUSTSTORE_TYPE, "JKS");
+ setProperty(SSL_CIPHERS, "any");
+ setProperty(SSL_PROTOCOLS, "any");
+ }
+ };
+
+ private static Properties jmxSslProperties = new Properties() {
+ {
+ setProperty(JMX_MANAGER_SSL_ENABLED, "true");
+ setProperty(JMX_MANAGER_SSL_KEYSTORE, jks.getAbsolutePath());
+ setProperty(JMX_MANAGER_SSL_KEYSTORE_PASSWORD, "password");
+ setProperty(JMX_MANAGER_SSL_KEYSTORE_TYPE, "JKS");
+ setProperty(JMX_MANAGER_SSL_TRUSTSTORE, jks.getAbsolutePath());
+ setProperty(JMX_MANAGER_SSL_TRUSTSTORE_PASSWORD, "password");
+ setProperty(JMX_MANAGER_SSL_CIPHERS, "any");
+ setProperty(JMX_MANAGER_SSL_PROTOCOLS, "any");
+ }
+ };
+
+ private static Properties clusterSslProperties = new Properties() {
+ {
+ setProperty(CLUSTER_SSL_ENABLED, "true");
+ setProperty(CLUSTER_SSL_KEYSTORE, jks.getAbsolutePath());
+ setProperty(CLUSTER_SSL_KEYSTORE_PASSWORD, "password");
+ setProperty(CLUSTER_SSL_KEYSTORE_TYPE, "JKS");
+ setProperty(CLUSTER_SSL_TRUSTSTORE, jks.getAbsolutePath());
+ setProperty(CLUSTER_SSL_TRUSTSTORE_PASSWORD, "password");
+ setProperty(CLUSTER_SSL_CIPHERS, "any");
+ setProperty(CLUSTER_SSL_PROTOCOLS, "any");
+ }
+ };
+
+ private static Properties httpSslProperties = new Properties() {
+ {
+ setProperty(HTTP_SERVICE_SSL_ENABLED, "true");
+ setProperty(HTTP_SERVICE_SSL_KEYSTORE, jks.getAbsolutePath());
+ setProperty(HTTP_SERVICE_SSL_KEYSTORE_PASSWORD, "password");
+ setProperty(HTTP_SERVICE_SSL_KEYSTORE_TYPE, "JKS");
+ setProperty(HTTP_SERVICE_SSL_TRUSTSTORE, jks.getAbsolutePath());
+ setProperty(HTTP_SERVICE_SSL_TRUSTSTORE_PASSWORD, "password");
+ setProperty(HTTP_SERVICE_SSL_CIPHERS, "any");
+ setProperty(HTTP_SERVICE_SSL_PROTOCOLS, "any");
+ }
+ };
+
+ @Rule
+ public TemporaryFolder temporaryFolder = new TemporaryFolder();
+
+ @Rule
+ public LocatorServerStartupRule lsRule = new LocatorServerStartupRule();
+
+ @Rule
+ public RestoreSystemProperties restoreSystemProperties = new RestoreSystemProperties();
+
+ private static MemberVM locator;
+ private OutputStream out = null;
+ private File sslConfigFile = null;
+
+ @Before
+ public void before() throws Exception {
+ locator = lsRule.startLocatorVM(0, sslProperties);
+ HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> true);
+ IgnoredException.addIgnoredException("javax.net.ssl.SSLException: Unrecognized SSL message");
+ sslConfigFile = temporaryFolder.newFile("ssl.properties");
+ out = new FileOutputStream(sslConfigFile);
+ }
+
+ @Rule
+ public GfshShellConnectionRule gfsh = new GfshShellConnectionRule();
+
+ @Test
+ public void connectWithNoSSL() throws Exception {
+ gfsh.connect(locator.getPort(), GfshShellConnectionRule.PortType.locator);
+ assertThat(gfsh.isConnected()).isFalse();
+ // should fail at connecting to locator stage
+ assertThat(gfsh.getGfshOutput()).doesNotContain("Connecting to Manager at");
+ assertThat(gfsh.getGfshOutput())
+ .contains("trying to connect a non-SSL-enabled client to an SSL-enabled locator");
+
+ gfsh.connect(locator.getJmxPort(), GfshShellConnectionRule.PortType.jmxManger);
+ assertThat(gfsh.isConnected()).isFalse();
+ assertThat(gfsh.getGfshOutput()).contains("non-JRMP server at remote endpoint");
+
+ gfsh.connect(locator.getHttpPort(), GfshShellConnectionRule.PortType.http);
+ assertThat(gfsh.isConnected()).isFalse();
+ assertThat(gfsh.getGfshOutput()).contains("Unexpected end of file from server");
+ }
+
+ @Test
+ public void connectWithSSL() throws Exception {
+ sslProperties.store(out, null);
+
+ gfsh.connect(locator.getPort(), GfshShellConnectionRule.PortType.locator,
+ "security-properties-file", sslConfigFile.getAbsolutePath());
+ assertThat(gfsh.isConnected()).isTrue();
+ gfsh.disconnect();
+
+ gfsh.connect(locator.getJmxPort(), GfshShellConnectionRule.PortType.jmxManger,
+ "security-properties-file", sslConfigFile.getAbsolutePath());
+ assertThat(gfsh.isConnected()).isTrue();
+ gfsh.disconnect();
+
+ gfsh.connect(locator.getHttpPort(), GfshShellConnectionRule.PortType.http,
+ "security-properties-file", sslConfigFile.getAbsolutePath());
+ assertThat(gfsh.isConnected()).isTrue();
+ }
+
+ @Test
+ public void connectWithJmxSSL() throws Exception {
+ jmxSslProperties.store(out, null);
+ // can't connect locator
+ gfsh.connect(locator.getPort(), GfshShellConnectionRule.PortType.locator,
+ "security-properties-file", sslConfigFile.getAbsolutePath());
+ assertThat(gfsh.isConnected()).isFalse();
+ assertThat(gfsh.getGfshOutput()).doesNotContain("Connecting to Manager at");
+ assertThat(gfsh.getGfshOutput())
+ .contains("trying to connect a non-SSL-enabled client to an SSL-enabled locator");
+
+ // can connect to jmx
+ gfsh.connect(locator.getJmxPort(), GfshShellConnectionRule.PortType.jmxManger,
+ "security-properties-file", sslConfigFile.getAbsolutePath());
+ assertThat(gfsh.isConnected()).isTrue();
+ gfsh.disconnect();
+
+ // cannot conect to http
+ gfsh.connect(locator.getHttpPort(), GfshShellConnectionRule.PortType.http,
+ "security-properties-file", sslConfigFile.getAbsolutePath());
+ assertThat(gfsh.isConnected()).isFalse();
+ }
+
+ @Test
+ /*
+ * apparently cluster-ssl-* configurations are copied to jmx-ssl-* and http-server-ssl-*, so
+ * connection to other channels will succeed as well. see DistributionConfigImpl around line 986:
+ * if (!isConnected) { copySSLPropsToServerSSLProps(); copySSLPropsToJMXSSLProps();
+ * copyClusterSSLPropsToGatewaySSLProps(); copySSLPropsToHTTPSSLProps(); }
+ */
+ public void connectWithClusterSSL() throws Exception {
+ clusterSslProperties.store(out, null);
+ // can connect to locator and jmx
+ gfsh.connect(locator.getPort(), GfshShellConnectionRule.PortType.locator,
+ "security-properties-file", sslConfigFile.getAbsolutePath());
+ assertThat(gfsh.isConnected()).isTrue();
+ gfsh.disconnect();
+
+ // can connect to jmx
+ gfsh.connect(locator.getJmxPort(), GfshShellConnectionRule.PortType.jmxManger,
+ "security-properties-file", sslConfigFile.getAbsolutePath());
+ assertThat(gfsh.isConnected()).isTrue();
+ gfsh.disconnect();
+
+ // can conect to http
+ gfsh.connect(locator.getHttpPort(), GfshShellConnectionRule.PortType.http,
+ "security-properties-file", sslConfigFile.getAbsolutePath());
+ assertThat(gfsh.isConnected()).isTrue();
+ }
+
+ @Test
+ public void connectWithHttpSSL() throws Exception {
+ httpSslProperties.store(out, null);
+ // can connect to locator and jmx
+ gfsh.connect(locator.getPort(), GfshShellConnectionRule.PortType.locator,
+ "security-properties-file", sslConfigFile.getAbsolutePath());
+ assertThat(gfsh.isConnected()).isFalse();
+
+ // can connect to jmx
+ gfsh.connect(locator.getJmxPort(), GfshShellConnectionRule.PortType.jmxManger,
+ "security-properties-file", sslConfigFile.getAbsolutePath());
+ assertThat(gfsh.isConnected()).isFalse();
+
+ // cannot conect to http
+ gfsh.connect(locator.getHttpPort(), GfshShellConnectionRule.PortType.http,
+ "security-properties-file", sslConfigFile.getAbsolutePath());
+ assertThat(gfsh.isConnected()).isTrue();
+ }
+
+ @Test
+ public void connectWithClusterAndJmxSSL() throws Exception {
+ Properties combined = new Properties();
+ combined.putAll(jmxSslProperties);
+ combined.putAll(clusterSslProperties);
+ combined.store(out, null);
+
+ // can connect to both locator and jmx
+ gfsh.connect(locator.getPort(), GfshShellConnectionRule.PortType.locator,
+ "security-properties-file", sslConfigFile.getAbsolutePath());
+ assertThat(gfsh.isConnected()).isTrue();
+ }
+
+
+ @Test
+ public void connectWithSSLAndThenWithNoSSL() throws Exception {
+ sslProperties.store(out, null);
+
+ // can connect to both locator and jmx
+ gfsh.connect(locator.getPort(), GfshShellConnectionRule.PortType.locator,
+ "security-properties-file", sslConfigFile.getAbsolutePath());
+ assertThat(gfsh.isConnected()).isTrue();
+ gfsh.disconnect();
+
+ // reconnect again with no SSL should fail
+ gfsh.connect(locator.getPort(), GfshShellConnectionRule.PortType.locator);
+ assertThat(gfsh.isConnected()).isFalse();
+ // it should fail at connecting to locator, not connecting to manager
+ assertThat(gfsh.getGfshOutput()).doesNotContain("Connecting to Manager at");
+ }
+}
http://git-wip-us.apache.org/repos/asf/geode/blob/7352fcc7/geode-web/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectCommandWithSecurityTest.java
----------------------------------------------------------------------
diff --git a/geode-web/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectCommandWithSecurityTest.java b/geode-web/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectCommandWithSecurityTest.java
new file mode 100644
index 0000000..838924a
--- /dev/null
+++ b/geode-web/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectCommandWithSecurityTest.java
@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package org.apache.geode.management.internal.cli.commands;
+
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import org.apache.geode.security.SimpleTestSecurityManager;
+import org.apache.geode.test.dunit.rules.GfshShellConnectionRule;
+import org.apache.geode.test.dunit.rules.LocatorStarterRule;
+import org.apache.geode.test.junit.categories.IntegrationTest;
+
+@Category(IntegrationTest.class)
+public class ConnectCommandWithSecurityTest {
+
+ @ClassRule
+ public static LocatorStarterRule locator =
+ new LocatorStarterRule().withSecurityManager(SimpleTestSecurityManager.class).withAutoStart();
+
+ @Rule
+ public GfshShellConnectionRule gfsh = new GfshShellConnectionRule();
+
+ @Test
+ public void connectToLocator() throws Exception {
+ gfsh.secureConnectAndVerify(locator.getPort(), GfshShellConnectionRule.PortType.locator, "test",
+ "test");
+ }
+
+ @Test
+ public void connectOverJmx() throws Exception {
+ gfsh.secureConnectAndVerify(locator.getJmxPort(), GfshShellConnectionRule.PortType.jmxManger,
+ "test", "test");
+ }
+
+ @Test
+ public void connectOverHttp() throws Exception {
+ gfsh.secureConnectAndVerify(locator.getHttpPort(), GfshShellConnectionRule.PortType.http,
+ "test", "test");
+ }
+}
http://git-wip-us.apache.org/repos/asf/geode/blob/7352fcc7/geode-web/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectToLocatorSSLOverHttpTest.java
----------------------------------------------------------------------
diff --git a/geode-web/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectToLocatorSSLOverHttpTest.java b/geode-web/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectToLocatorSSLOverHttpTest.java
deleted file mode 100644
index e5b8d25..0000000
--- a/geode-web/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectToLocatorSSLOverHttpTest.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
- * agreements. See the NOTICE file distributed with this work for additional information regarding
- * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance with the License. You may obtain a
- * copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-
-package org.apache.geode.management.internal.cli.commands;
-
-import javax.net.ssl.HttpsURLConnection;
-
-import org.apache.geode.management.ConnectToLocatorSSLDUnitTest;
-import org.apache.geode.management.internal.cli.i18n.CliStrings;
-import org.apache.geode.test.dunit.Host;
-import org.apache.geode.test.dunit.rules.GfshShellConnectionRule;
-
-public class ConnectToLocatorSSLOverHttpTest extends ConnectToLocatorSSLDUnitTest {
-
- protected void connect() throws Exception {
- final int httpPort = locator.getHttpPort();
- final String securityPropsFilePath = securityPropsFile.getCanonicalPath();
- Host.getHost(0).getVM(1).invoke(() -> {
- // Our SSL certificate used for tests does not match the hostname "localhost"
- HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> true);
-
- GfshShellConnectionRule gfshConnector = new GfshShellConnectionRule();
- gfshConnector.connectAndVerify(httpPort, GfshShellConnectionRule.PortType.http,
- CliStrings.CONNECT__SECURITY_PROPERTIES, securityPropsFilePath,
- CliStrings.CONNECT__USE_SSL, "true");
- gfshConnector.executeAndVerifyCommand("list members");
- gfshConnector.close();
- });
- }
-}
-
[2/3] geode git commit: GEODE-3328: refactor ConnectCommand
Posted by ji...@apache.org.
http://git-wip-us.apache.org/repos/asf/geode/blob/7352fcc7/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/StartMemberUtils.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/StartMemberUtils.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/StartMemberUtils.java
index fd95387..3e1053a 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/StartMemberUtils.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/StartMemberUtils.java
@@ -83,16 +83,17 @@ public class StartMemberUtils {
}
static void addGemFirePropertyFile(final List<String> commandLine,
- final String gemfirePropertiesPathname) {
- if (org.apache.geode.internal.lang.StringUtils.isNotBlank(gemfirePropertiesPathname)) {
- commandLine.add("-DgemfirePropertyFile=" + gemfirePropertiesPathname);
+ final File gemfirePropertiesFile) {
+ if (gemfirePropertiesFile != null) {
+ commandLine.add("-DgemfirePropertyFile=" + gemfirePropertiesFile.getAbsolutePath());
}
}
static void addGemFireSecurityPropertyFile(final List<String> commandLine,
- final String gemfireSecurityPropertiesPathname) {
- if (org.apache.geode.internal.lang.StringUtils.isNotBlank(gemfireSecurityPropertiesPathname)) {
- commandLine.add("-DgemfireSecurityPropertyFile=" + gemfireSecurityPropertiesPathname);
+ final File gemfireSecurityPropertiesFile) {
+ if (gemfireSecurityPropertiesFile != null) {
+ commandLine
+ .add("-DgemfireSecurityPropertyFile=" + gemfireSecurityPropertiesFile.getAbsolutePath());
}
}
http://git-wip-us.apache.org/repos/asf/geode/blob/7352fcc7/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/StartServerCommand.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/StartServerCommand.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/StartServerCommand.java
index 432a065..9b743c8 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/StartServerCommand.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/StartServerCommand.java
@@ -142,14 +142,14 @@ public class StartServerCommand implements GfshCommand {
help = CliStrings.START_SERVER__MESSAGE__TIME__TO__LIVE__HELP) final Integer messageTimeToLive,
@CliOption(key = CliStrings.START_SERVER__OFF_HEAP_MEMORY_SIZE,
help = CliStrings.START_SERVER__OFF_HEAP_MEMORY_SIZE__HELP) final String offHeapMemorySize,
- @CliOption(key = CliStrings.START_SERVER__PROPERTIES, optionContext = ConverterHint.FILE_PATH,
- help = CliStrings.START_SERVER__PROPERTIES__HELP) String gemfirePropertiesPathname,
+ @CliOption(key = CliStrings.START_SERVER__PROPERTIES, optionContext = ConverterHint.FILE,
+ help = CliStrings.START_SERVER__PROPERTIES__HELP) File gemfirePropertiesFile,
@CliOption(key = CliStrings.START_SERVER__REBALANCE, unspecifiedDefaultValue = "false",
specifiedDefaultValue = "true",
help = CliStrings.START_SERVER__REBALANCE__HELP) final Boolean rebalance,
@CliOption(key = CliStrings.START_SERVER__SECURITY_PROPERTIES,
- optionContext = ConverterHint.FILE_PATH,
- help = CliStrings.START_SERVER__SECURITY_PROPERTIES__HELP) String gemfireSecurityPropertiesPathname,
+ optionContext = ConverterHint.FILE,
+ help = CliStrings.START_SERVER__SECURITY_PROPERTIES__HELP) File gemfireSecurityPropertiesFile,
@CliOption(key = CliStrings.START_SERVER__SERVER_BIND_ADDRESS,
unspecifiedDefaultValue = CacheServer.DEFAULT_BIND_ADDRESS,
help = CliStrings.START_SERVER__SERVER_BIND_ADDRESS__HELP) final String serverBindAddress,
@@ -206,23 +206,16 @@ public class StartServerCommand implements GfshCommand {
CliStrings.format(CliStrings.CACHE_XML_NOT_FOUND_MESSAGE, cacheXmlPathname));
}
- gemfirePropertiesPathname = CliUtil.resolvePathname(gemfirePropertiesPathname);
-
- if (StringUtils.isNotBlank(gemfirePropertiesPathname)
- && !IOUtils.isExistingPathname(gemfirePropertiesPathname)) {
+ if (gemfirePropertiesFile != null && !gemfirePropertiesFile.exists()) {
return ResultBuilder.createUserErrorResult(
CliStrings.format(CliStrings.GEODE_0_PROPERTIES_1_NOT_FOUND_MESSAGE, StringUtils.EMPTY,
- gemfirePropertiesPathname));
+ gemfirePropertiesFile.getAbsolutePath()));
}
- gemfireSecurityPropertiesPathname =
- CliUtil.resolvePathname(gemfireSecurityPropertiesPathname);
-
- if (StringUtils.isNotBlank(gemfireSecurityPropertiesPathname)
- && !IOUtils.isExistingPathname(gemfireSecurityPropertiesPathname)) {
+ if (gemfireSecurityPropertiesFile != null && !gemfireSecurityPropertiesFile.exists()) {
return ResultBuilder.createUserErrorResult(
CliStrings.format(CliStrings.GEODE_0_PROPERTIES_1_NOT_FOUND_MESSAGE, "Security ",
- gemfireSecurityPropertiesPathname));
+ gemfireSecurityPropertiesFile.getAbsolutePath()));
}
File serverPidFile = new File(workingDirectory, ProcessType.SERVER.getPidFileName());
@@ -309,9 +302,8 @@ public class StartServerCommand implements GfshCommand {
ServerLauncher serverLauncher = serverLauncherBuilder.build();
String[] serverCommandLine = createStartServerCommandLine(serverLauncher,
- gemfirePropertiesPathname, gemfireSecurityPropertiesPathname, gemfireProperties,
- classpath, includeSystemClasspath, jvmArgsOpts, disableExitWhenOutOfMemory, initialHeap,
- maxHeap);
+ gemfirePropertiesFile, gemfireSecurityPropertiesFile, gemfireProperties, classpath,
+ includeSystemClasspath, jvmArgsOpts, disableExitWhenOutOfMemory, initialHeap, maxHeap);
if (getGfsh().getDebug()) {
getGfsh().logInfo(StringUtils.join(serverCommandLine, StringUtils.SPACE), null);
@@ -428,7 +420,7 @@ public class StartServerCommand implements GfshCommand {
}
String[] createStartServerCommandLine(final ServerLauncher launcher,
- final String gemfirePropertiesPathname, final String gemfireSecurityPropertiesPathname,
+ final File gemfirePropertiesFile, final File gemfireSecurityPropertiesFile,
final Properties gemfireProperties, final String userClasspath,
final Boolean includeSystemClasspath, final String[] jvmArgsOpts,
final Boolean disableExitWhenOutOfMemory, final String initialHeap, final String maxHeap)
@@ -441,8 +433,8 @@ public class StartServerCommand implements GfshCommand {
commandLine.add(getServerClasspath(Boolean.TRUE.equals(includeSystemClasspath), userClasspath));
StartMemberUtils.addCurrentLocators(this, commandLine, gemfireProperties);
- StartMemberUtils.addGemFirePropertyFile(commandLine, gemfirePropertiesPathname);
- StartMemberUtils.addGemFireSecurityPropertyFile(commandLine, gemfireSecurityPropertiesPathname);
+ StartMemberUtils.addGemFirePropertyFile(commandLine, gemfirePropertiesFile);
+ StartMemberUtils.addGemFireSecurityPropertyFile(commandLine, gemfireSecurityPropertiesFile);
StartMemberUtils.addGemFireSystemProperties(commandLine, gemfireProperties);
StartMemberUtils.addJvmArgumentsAndOptions(commandLine, jvmArgsOpts);
http://git-wip-us.apache.org/repos/asf/geode/blob/7352fcc7/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/UserInputProperty.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/UserInputProperty.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/UserInputProperty.java
new file mode 100644
index 0000000..5169dab
--- /dev/null
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/UserInputProperty.java
@@ -0,0 +1,120 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package org.apache.geode.management.internal.cli.commands;
+
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_CIPHERS;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_ENABLED_COMPONENTS;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE_PASSWORD;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE_TYPE;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_PROTOCOLS;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE_PASSWORD;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE_TYPE;
+
+import org.apache.commons.lang.StringUtils;
+
+import org.apache.geode.distributed.internal.DistributionConfig;
+import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.management.internal.cli.shell.Gfsh;
+import org.apache.geode.management.internal.security.ResourceConstants;
+
+public class UserInputProperty {
+ public static UserInputProperty USERNAME =
+ new UserInputProperty(ResourceConstants.USER_NAME, "user", false);
+ public static UserInputProperty PASSWORD =
+ new UserInputProperty(ResourceConstants.PASSWORD, "password", "", true);
+ public static UserInputProperty KEYSTORE =
+ new UserInputProperty(SSL_KEYSTORE, "key-store", "", false);
+ public static UserInputProperty KEYSTORE_PASSWORD =
+ new UserInputProperty(SSL_KEYSTORE_PASSWORD, "key-store-password", "", true);
+ public static UserInputProperty KEYSTORE_TYPE =
+ new UserInputProperty(SSL_KEYSTORE_TYPE, "key-store-type", "JKS", false);
+ public static UserInputProperty TRUSTSTORE =
+ new UserInputProperty(SSL_TRUSTSTORE, "trust-store", "", false);
+ public static UserInputProperty TRUSTSTORE_PASSWORD =
+ new UserInputProperty(SSL_TRUSTSTORE_PASSWORD, "trust-store-password", "", true);
+ public static UserInputProperty TRUSTSTORE_TYPE =
+ new UserInputProperty(SSL_TRUSTSTORE_TYPE, "trust-store-type", "JKS", false);
+ public static UserInputProperty CIPHERS = new UserInputProperty(SSL_CIPHERS, "ssl-ciphers",
+ DistributionConfig.DEFAULT_SSL_CIPHERS, false);
+ public static UserInputProperty PROTOCOL = new UserInputProperty(SSL_PROTOCOLS, "ssl-protocols",
+ DistributionConfig.DEFAULT_SSL_PROTOCOLS, false);
+ public static UserInputProperty COMPONENT = new UserInputProperty(SSL_ENABLED_COMPONENTS,
+ "ssl-enabled-components", SecurableCommunicationChannel.ALL.getConstant(), false);
+
+ private final String key;
+ private final String prompt;
+ private final boolean isMasked;
+ private final String defaultValue;
+
+ // use this if this property does not allow an empty string and has no default value
+ UserInputProperty(String key, String prompt, boolean isMasked) {
+ this(key, prompt, null, isMasked);
+ }
+
+ // if you allow an empty string for this property, supply a default value of ""
+ UserInputProperty(String key, String prompt, String defaultValue, boolean isMasked) {
+ this.key = key;
+ this.prompt = prompt;
+ this.defaultValue = defaultValue;
+ this.isMasked = isMasked;
+ }
+
+ public String promptForAcceptableValue(Gfsh gfsh) {
+ if (gfsh.isQuietMode() || gfsh.isHeadlessMode()) {
+ return defaultValue == null ? "" : defaultValue;
+ }
+
+ String value = promptForUserInput(gfsh);
+
+ if (value.length() > 0) {
+ return value;
+ }
+
+ // when user input an empty string and a default value is supplied, return the default value
+ if (value.length() == 0 && defaultValue != null) {
+ return defaultValue;
+ }
+
+ // otherwise prompt till we get a non-empty value, only when this property has no default value
+ while (value.length() == 0) {
+ value = promptForUserInput(gfsh);
+ }
+ return value;
+ }
+
+ private String promptForUserInput(Gfsh gfsh) {
+ String promptText = (StringUtils.isBlank(defaultValue)) ? prompt + ": "
+ : prompt + "(default: " + defaultValue + ")" + ": ";
+ String value;
+
+ if (isMasked) {
+ value = gfsh.readPassword(promptText);
+ } else {
+ value = gfsh.readText(promptText);
+ }
+ // when gfsh is mocked or quiet mode, the above would return null
+ if (value == null) {
+ value = "";
+ }
+ return value;
+ }
+
+ public String getKey() {
+ return key;
+ }
+}
http://git-wip-us.apache.org/repos/asf/geode/blob/7352fcc7/geode-core/src/main/java/org/apache/geode/management/internal/cli/i18n/CliStrings.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/i18n/CliStrings.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/i18n/CliStrings.java
index 58c8ef7..7562005 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/i18n/CliStrings.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/i18n/CliStrings.java
@@ -544,9 +544,9 @@ public class CliStrings {
"Network address of the Locator in the form: host[port].";
public static final String CONNECT__URL = "url";
public static final String CONNECT__DEFAULT_BASE_URL =
- "http://localhost:" + DistributionConfig.DEFAULT_HTTP_SERVICE_PORT + "/gemfire/v1";
+ "http://localhost:" + DistributionConfig.DEFAULT_HTTP_SERVICE_PORT + "/geode-mgmt/v1";
public static final String CONNECT__DEFAULT_SSL_BASE_URL =
- "https://localhost:" + DistributionConfig.DEFAULT_HTTP_SERVICE_PORT + "/gemfire/v1";
+ "https://localhost:" + DistributionConfig.DEFAULT_HTTP_SERVICE_PORT + "/geode-mgmt/v1";
public static final String CONNECT__URL__HELP =
"Indicates the base URL to the Manager's HTTP service. For example: 'http://<host>:<port>/gemfire/v1' Default is '"
+ CONNECT__DEFAULT_BASE_URL + "'";
http://git-wip-us.apache.org/repos/asf/geode/blob/7352fcc7/geode-core/src/main/java/org/apache/geode/management/internal/cli/shell/Gfsh.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/shell/Gfsh.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/shell/Gfsh.java
index a69ce36..503c252 100755
--- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/shell/Gfsh.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/shell/Gfsh.java
@@ -475,14 +475,14 @@ public class Gfsh extends JLineShell {
return signalHandler;
}
- public String readPassword(String textToPrompt) throws IOException {
+ public String readPassword(String textToPrompt) {
if (isHeadlessMode && isQuietMode())
return null;
return readWithMask(textToPrompt, '*');
}
- public String readText(String textToPrompt) throws IOException {
+ public String readText(String textToPrompt) {
if (isHeadlessMode && isQuietMode())
return null;
@@ -618,12 +618,20 @@ public class Gfsh extends JLineShell {
return success;
}
- public String interact(String textToPrompt) throws IOException {
- return reader.readLine(textToPrompt);
+ public String interact(String textToPrompt) {
+ try {
+ return reader.readLine(textToPrompt);
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ }
}
- public String readWithMask(String textToPrompt, Character mask) throws IOException {
- return reader.readLine(textToPrompt, mask);
+ public String readWithMask(String textToPrompt, Character mask) {
+ try {
+ return reader.readLine(textToPrompt, mask);
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ }
}
@Override
http://git-wip-us.apache.org/repos/asf/geode/blob/7352fcc7/geode-core/src/main/java/org/apache/geode/management/internal/cli/shell/JmxOperationInvoker.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/shell/JmxOperationInvoker.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/shell/JmxOperationInvoker.java
index 7ae7c3b..5066496 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/shell/JmxOperationInvoker.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/shell/JmxOperationInvoker.java
@@ -17,35 +17,17 @@ package org.apache.geode.management.internal.cli.shell;
import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_PREFIX;
import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_PREFIX;
-import org.apache.commons.lang.StringUtils;
-import org.apache.geode.distributed.internal.DistributionConfig;
-import org.apache.geode.internal.util.ArrayUtils;
-import org.apache.geode.internal.util.IOUtils;
-import org.apache.geode.management.DistributedSystemMXBean;
-import org.apache.geode.management.MemberMXBean;
-import org.apache.geode.management.internal.MBeanJMXAdapter;
-import org.apache.geode.management.internal.ManagementConstants;
-import org.apache.geode.management.internal.cli.CliUtil;
-import org.apache.geode.management.internal.cli.CommandRequest;
-import org.apache.geode.management.internal.cli.LogWrapper;
-import org.apache.geode.management.internal.cli.commands.ShellCommands;
-import org.apache.geode.management.internal.cli.i18n.CliStrings;
-
-import java.io.File;
import java.io.IOException;
-import java.io.InputStream;
import java.net.MalformedURLException;
-import java.net.URL;
import java.text.MessageFormat;
import java.util.Arrays;
import java.util.HashMap;
-import java.util.Iterator;
import java.util.Map;
-import java.util.Map.Entry;
import java.util.Properties;
import java.util.Set;
import java.util.TreeSet;
import java.util.concurrent.atomic.AtomicBoolean;
+
import javax.management.AttributeNotFoundException;
import javax.management.InstanceNotFoundException;
import javax.management.JMX;
@@ -63,6 +45,18 @@ import javax.management.remote.JMXConnectorFactory;
import javax.management.remote.JMXServiceURL;
import javax.rmi.ssl.SslRMIClientSocketFactory;
+import org.apache.geode.distributed.internal.DistributionConfig;
+import org.apache.geode.internal.admin.SSLConfig;
+import org.apache.geode.internal.net.SSLConfigurationFactory;
+import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.internal.util.ArrayUtils;
+import org.apache.geode.management.DistributedSystemMXBean;
+import org.apache.geode.management.MemberMXBean;
+import org.apache.geode.management.internal.MBeanJMXAdapter;
+import org.apache.geode.management.internal.ManagementConstants;
+import org.apache.geode.management.internal.cli.CommandRequest;
+import org.apache.geode.management.internal.cli.LogWrapper;
+
/**
* OperationInvoker JMX Implementation
*
@@ -99,9 +93,8 @@ public class JmxOperationInvoker implements OperationInvoker {
private int clusterId = CLUSTER_ID_WHEN_NOT_CONNECTED;
- public JmxOperationInvoker(final String host, final int port, final String userName,
- final String password, final Map<String, String> sslConfigProps,
- String gfSecurityPropertiesPath) throws Exception {
+ public JmxOperationInvoker(final String host, final int port, Properties gfProperties)
+ throws Exception {
final Set<String> propsToClear = new TreeSet<String>();
try {
this.managerHost = host;
@@ -112,36 +105,41 @@ public class JmxOperationInvoker implements OperationInvoker {
final Map<String, Object> env = new HashMap<String, Object>();
env.put(JMXConnectionListener.CHECK_PERIOD_PROP, JMXConnectionListener.CHECK_PERIOD);
+ env.put(JMXConnector.CREDENTIALS, gfProperties);
- if (userName != null && userName.length() > 0) {
- env.put(JMXConnector.CREDENTIALS, new String[] {userName, password});
- }
- Set<Entry<String, String>> entrySet = sslConfigProps.entrySet();
- for (Iterator<Entry<String, String>> it = entrySet.iterator(); it.hasNext();) {
- Entry<String, String> entry = it.next();
- String key = entry.getKey();
- String value = entry.getValue();
- key = checkforSystemPropertyPrefix(key);
- if ((key.equals(Gfsh.SSL_ENABLED_CIPHERS) || key.equals(Gfsh.SSL_ENABLED_PROTOCOLS))
- && "any".equals(value)) {
- continue;
- }
- System.setProperty(key, value);
- propsToClear.add(key);
- }
+ SSLConfig sslConfig = SSLConfigurationFactory.getSSLConfigForComponent(gfProperties,
+ SecurableCommunicationChannel.JMX);
- if (!sslConfigProps.isEmpty()) {
- if (System.getProperty(Gfsh.SSL_KEYSTORE) != null
- || System.getProperty(Gfsh.SSL_TRUSTSTORE) != null) {
- // use ssl to connect
- env.put("com.sun.jndi.rmi.factory.socket", new SslRMIClientSocketFactory());
+ if (sslConfig.isEnabled()) {
+ if (sslConfig.getKeystore() != null) {
+ System.setProperty(SSLConfigurationFactory.JAVAX_KEYSTORE, sslConfig.getKeystore());
+ propsToClear.add(SSLConfigurationFactory.JAVAX_KEYSTORE);
}
- }
-
- // Check for JMX Credentials if empty put properties instance directly so that
- // jmx management interceptor can read it for custom security properties
- if (!env.containsKey(JMXConnector.CREDENTIALS)) {
- env.put(JMXConnector.CREDENTIALS, readProperties(gfSecurityPropertiesPath));
+ if (sslConfig.getKeystorePassword() != null) {
+ System.setProperty(SSLConfigurationFactory.JAVAX_KEYSTORE_PASSWORD,
+ sslConfig.getKeystorePassword());
+ propsToClear.add(SSLConfigurationFactory.JAVAX_KEYSTORE_PASSWORD);
+ }
+ if (sslConfig.getKeystoreType() != null) {
+ System.setProperty(SSLConfigurationFactory.JAVAX_KEYSTORE_TYPE,
+ sslConfig.getKeystoreType());
+ propsToClear.add(SSLConfigurationFactory.JAVAX_KEYSTORE_TYPE);
+ }
+ if (sslConfig.getTruststore() != null) {
+ System.setProperty(SSLConfigurationFactory.JAVAX_TRUSTSTORE, sslConfig.getTruststore());
+ propsToClear.add(SSLConfigurationFactory.JAVAX_TRUSTSTORE);
+ }
+ if (sslConfig.getTruststorePassword() != null) {
+ System.setProperty(SSLConfigurationFactory.JAVAX_TRUSTSTORE_PASSWORD,
+ sslConfig.getTruststorePassword());
+ propsToClear.add(SSLConfigurationFactory.JAVAX_TRUSTSTORE_PASSWORD);
+ }
+ if (sslConfig.getTruststoreType() != null) {
+ System.setProperty(SSLConfigurationFactory.JAVAX_TRUSTSTORE_TYPE,
+ sslConfig.getTruststoreType());
+ propsToClear.add(SSLConfigurationFactory.JAVAX_TRUSTSTORE_TYPE);
+ }
+ env.put("com.sun.jndi.rmi.factory.socket", new SslRMIClientSocketFactory());
}
this.url = new JMXServiceURL(MessageFormat.format(JMX_URL_FORMAT,
@@ -184,57 +182,6 @@ public class JmxOperationInvoker implements OperationInvoker {
}
}
- // Copied from ShellCommands.java
- private Properties readProperties(String gfSecurityPropertiesPath) throws MalformedURLException {
- Gfsh gfshInstance = Gfsh.getCurrentInstance();
- // reference to hold resolved gfSecurityPropertiesPath
- String gfSecurityPropertiesPathToUse = CliUtil.resolvePathname(gfSecurityPropertiesPath);
- URL gfSecurityPropertiesUrl = null;
-
- // Case 1: User has specified gfSecurity properties file
- if (StringUtils.isNotBlank(gfSecurityPropertiesPathToUse)) {
- // User specified gfSecurity properties doesn't exist
- if (!IOUtils.isExistingPathname(gfSecurityPropertiesPathToUse)) {
- gfshInstance
- .printAsSevere(CliStrings.format(CliStrings.GEODE_0_PROPERTIES_1_NOT_FOUND_MESSAGE,
- "Security ", gfSecurityPropertiesPathToUse));
- } else {
- gfSecurityPropertiesUrl = new File(gfSecurityPropertiesPathToUse).toURI().toURL();
- }
- } else if (gfSecurityPropertiesPath == null) {
- // Use default "gfsecurity.properties"
- // in current dir, user's home or classpath
- gfSecurityPropertiesUrl = ShellCommands.getFileUrl("gfsecurity.properties");
- }
- // if 'gfSecurityPropertiesPath' OR gfsecurity.properties has resolvable path
- if (gfSecurityPropertiesUrl != null) {
- gfshInstance.logToFile("Using security properties file : "
- + CliUtil.decodeWithDefaultCharSet(gfSecurityPropertiesUrl.getPath()), null);
- return loadPropertiesFromURL(gfSecurityPropertiesUrl);
- }
- return null;
- }
-
- static Properties loadPropertiesFromURL(URL gfSecurityPropertiesUrl) {
- Properties props = new Properties();
- if (gfSecurityPropertiesUrl != null) {
- InputStream inputStream = null;
- try {
-
- inputStream = gfSecurityPropertiesUrl.openStream();
- props.load(inputStream);
- } catch (IOException io) {
- throw new RuntimeException(
- CliStrings.format(CliStrings.CONNECT__MSG__COULD_NOT_READ_CONFIG_FROM_0,
- CliUtil.decodeWithDefaultCharSet(gfSecurityPropertiesUrl.getPath())),
- io);
- } finally {
- IOUtils.close(inputStream);
- }
- }
- return props;
- }
-
private String checkforSystemPropertyPrefix(String key) {
String returnKey = key;
if (key.startsWith("javax.")) {
http://git-wip-us.apache.org/repos/asf/geode/blob/7352fcc7/geode-core/src/main/java/org/apache/geode/management/internal/cli/util/GfshConsoleReader.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/util/GfshConsoleReader.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/util/GfshConsoleReader.java
index 9251d7e..a635c50 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/util/GfshConsoleReader.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/util/GfshConsoleReader.java
@@ -15,8 +15,6 @@
package org.apache.geode.management.internal.cli.util;
-import java.io.IOException;
-
import org.apache.geode.internal.GfeConsoleReaderFactory.GfeConsoleReader;
import org.apache.geode.management.internal.cli.shell.Gfsh;
@@ -44,11 +42,7 @@ public class GfshConsoleReader extends GfeConsoleReader {
public String readLine(String textToPrompt) {
String lineRead = null;
if (isSupported()) {
- try {
- lineRead = gfsh.interact(textToPrompt);
- } catch (IOException e) {
- lineRead = null;
- }
+ lineRead = gfsh.interact(textToPrompt);
}
return lineRead;
}
@@ -56,12 +50,8 @@ public class GfshConsoleReader extends GfeConsoleReader {
public char[] readPassword(String textToPrompt) {
char[] password = null;
if (isSupported()) {
- try {
- String passwordString = gfsh.readWithMask(textToPrompt, '*');
- password = passwordString.toCharArray();
- } catch (IOException e) {
- password = null;
- }
+ String passwordString = gfsh.readWithMask(textToPrompt, '*');
+ password = passwordString.toCharArray();
}
return password;
}
http://git-wip-us.apache.org/repos/asf/geode/blob/7352fcc7/geode-core/src/main/java/org/apache/geode/management/internal/configuration/utils/ClusterConfigurationStatusRetriever.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/configuration/utils/ClusterConfigurationStatusRetriever.java b/geode-core/src/main/java/org/apache/geode/management/internal/configuration/utils/ClusterConfigurationStatusRetriever.java
index 3080809..86681b1 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/configuration/utils/ClusterConfigurationStatusRetriever.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/configuration/utils/ClusterConfigurationStatusRetriever.java
@@ -14,6 +14,11 @@
*/
package org.apache.geode.management.internal.configuration.utils;
+import java.io.IOException;
+import java.net.InetAddress;
+import java.util.Properties;
+import java.util.Set;
+
import org.apache.geode.distributed.LocatorLauncher;
import org.apache.geode.distributed.internal.tcpserver.TcpClient;
import org.apache.geode.internal.cache.persistence.PersistentMemberPattern;
@@ -21,22 +26,17 @@ import org.apache.geode.management.internal.cli.shell.Gfsh;
import org.apache.geode.management.internal.configuration.messages.SharedConfigurationStatusRequest;
import org.apache.geode.management.internal.configuration.messages.SharedConfigurationStatusResponse;
-import java.io.IOException;
-import java.net.InetAddress;
-import java.net.InetSocketAddress;
-import java.util.Set;
-
public class ClusterConfigurationStatusRetriever {
private static final int NUM_ATTEMPTS_FOR_SHARED_CONFIGURATION_STATUS = 3;
- public static String fromLocator(String locatorHostName, int locatorPort)
+ public static String fromLocator(String locatorHostName, int locatorPort, Properties configProps)
throws ClassNotFoundException, IOException {
final StringBuilder buffer = new StringBuilder();
try {
final InetAddress networkAddress = InetAddress.getByName(locatorHostName);
- TcpClient client = new TcpClient();
+ TcpClient client = new TcpClient(configProps);
SharedConfigurationStatusResponse statusResponse =
(SharedConfigurationStatusResponse) client.requestToServer(networkAddress, locatorPort,
new SharedConfigurationStatusRequest(), 10000, true);
@@ -114,6 +114,7 @@ public class ClusterConfigurationStatusRetriever {
public static String fromLocator(LocatorLauncher.LocatorState locatorState)
throws ClassNotFoundException, IOException {
- return fromLocator(locatorState.getHost(), Integer.parseInt(locatorState.getPort()));
+ return fromLocator(locatorState.getHost(), Integer.parseInt(locatorState.getPort()),
+ new Properties());
}
}
http://git-wip-us.apache.org/repos/asf/geode/blob/7352fcc7/geode-core/src/test/java/org/apache/geode/internal/net/SSLConfigurationFactoryJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/internal/net/SSLConfigurationFactoryJUnitTest.java b/geode-core/src/test/java/org/apache/geode/internal/net/SSLConfigurationFactoryJUnitTest.java
index 31c2469..47f0d2b 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/net/SSLConfigurationFactoryJUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/net/SSLConfigurationFactoryJUnitTest.java
@@ -32,22 +32,24 @@ import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTOR
import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE_PASSWORD;
import static org.apache.geode.distributed.ConfigurationProperties.SSL_WEB_ALIAS;
import static org.apache.geode.distributed.ConfigurationProperties.SSL_WEB_SERVICE_REQUIRE_AUTHENTICATION;
+import static org.assertj.core.api.Assertions.assertThat;
import static org.junit.Assert.assertEquals;
+import java.util.Properties;
+
import org.apache.commons.lang.StringUtils;
-import org.apache.geode.distributed.internal.DistributionConfig;
-import org.apache.geode.distributed.internal.DistributionConfigImpl;
-import org.apache.geode.internal.admin.SSLConfig;
-import org.apache.geode.internal.security.SecurableCommunicationChannel;
-import org.apache.geode.test.junit.categories.MembershipTest;
-import org.apache.geode.test.junit.categories.UnitTest;
import org.junit.After;
import org.junit.Rule;
import org.junit.Test;
import org.junit.contrib.java.lang.system.RestoreSystemProperties;
import org.junit.experimental.categories.Category;
-import java.util.Properties;
+import org.apache.geode.distributed.internal.DistributionConfig;
+import org.apache.geode.distributed.internal.DistributionConfigImpl;
+import org.apache.geode.internal.admin.SSLConfig;
+import org.apache.geode.internal.security.SecurableCommunicationChannel;
+import org.apache.geode.test.junit.categories.MembershipTest;
+import org.apache.geode.test.junit.categories.UnitTest;
@Category({UnitTest.class, MembershipTest.class})
public class SSLConfigurationFactoryJUnitTest {
@@ -280,6 +282,27 @@ public class SSLConfigurationFactoryJUnitTest {
assertEquals(true, sslConfig.isEnabled());
}
+ @Test
+ public void setDistributionConfig() throws Exception {
+ Properties properties = new Properties();
+ properties.setProperty(SSL_ENABLED_COMPONENTS, "all");
+ properties.setProperty(SSL_KEYSTORE, "someKeyStore");
+ DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
+ SSLConfigurationFactory.setDistributionConfig(distributionConfig);
+
+ SSLConfig sslConfig =
+ SSLConfigurationFactory.getSSLConfigForComponent(SecurableCommunicationChannel.LOCATOR);
+ assertThat(sslConfig.isEnabled()).isTrue();
+ assertThat(sslConfig.getKeystore()).isEqualTo("someKeyStore");
+
+ properties.setProperty(SSL_ENABLED_COMPONENTS, SecurableCommunicationChannel.JMX.getConstant());
+ properties.setProperty(SSL_KEYSTORE, "someOtherKeyStore");
+ sslConfig = SSLConfigurationFactory.getSSLConfigForComponent(properties,
+ SecurableCommunicationChannel.LOCATOR);
+ assertThat(sslConfig.isEnabled()).isFalse();
+ assertThat(sslConfig.getKeystore()).isEqualTo("someOtherKeyStore");
+ }
+
private void assertSSLConfig(final Properties properties, final SSLConfig sslConfig,
final SecurableCommunicationChannel expectedSecurableComponent,
final DistributionConfigImpl distributionConfig) {
http://git-wip-us.apache.org/repos/asf/geode/blob/7352fcc7/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorSSLDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorSSLDUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorSSLDUnitTest.java
deleted file mode 100644
index 866f4ef..0000000
--- a/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorSSLDUnitTest.java
+++ /dev/null
@@ -1,104 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
- * agreements. See the NOTICE file distributed with this work for additional information regarding
- * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance with the License. You may obtain a
- * copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-package org.apache.geode.management;
-
-import static org.apache.geode.distributed.ConfigurationProperties.SSL_CIPHERS;
-import static org.apache.geode.distributed.ConfigurationProperties.SSL_ENABLED_COMPONENTS;
-import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE;
-import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE_PASSWORD;
-import static org.apache.geode.distributed.ConfigurationProperties.SSL_PROTOCOLS;
-import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE;
-import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE_PASSWORD;
-import static org.apache.geode.util.test.TestUtil.getResourcePath;
-
-import java.io.File;
-import java.io.FileOutputStream;
-import java.io.OutputStream;
-import java.util.Properties;
-
-import org.junit.Before;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-import org.junit.rules.RuleChain;
-import org.junit.rules.TemporaryFolder;
-
-import org.apache.geode.management.internal.cli.i18n.CliStrings;
-import org.apache.geode.security.SecurableCommunicationChannels;
-import org.apache.geode.test.dunit.Host;
-import org.apache.geode.test.dunit.rules.CleanupDUnitVMsRule;
-import org.apache.geode.test.dunit.rules.GfshShellConnectionRule;
-import org.apache.geode.test.dunit.rules.LocatorServerStartupRule;
-import org.apache.geode.test.dunit.rules.MemberVM;
-import org.apache.geode.test.junit.categories.DistributedTest;
-import org.apache.geode.test.junit.rules.serializable.SerializableTemporaryFolder;
-
-@Category(DistributedTest.class)
-public class ConnectToLocatorSSLDUnitTest {
- private TemporaryFolder folder = new SerializableTemporaryFolder();
- private LocatorServerStartupRule lsRule = new LocatorServerStartupRule();
- private CleanupDUnitVMsRule cleanupDUnitVMsRule = new CleanupDUnitVMsRule();
-
- @Rule
- public RuleChain ruleChain =
- RuleChain.outerRule(folder).around(cleanupDUnitVMsRule).around(lsRule);
-
- private File jks = null;
- protected File securityPropsFile = null;
- private Properties securityProps;
- protected MemberVM locator;
-
- @Before
- public void before() throws Exception {
- jks = new File(getResourcePath(getClass(), "/ssl/trusted.keystore"));
- securityPropsFile = folder.newFile("security.properties");
- securityProps = new Properties();
- }
-
- protected void connect() throws Exception {
- final int locatorPort = locator.getPort();
- final String securityPropsFilePath = securityPropsFile.getCanonicalPath();
-
- // when gfsh uses SSL, it leaves SSL state behind to contaminate other tests. So we pushed
- // gfsh into a VM and uses a CleanupDUnitVM rule to clean it up after each test.
- Host.getHost(0).getVM(1).invoke(() -> {
- GfshShellConnectionRule gfshConnector = new GfshShellConnectionRule();
- gfshConnector.connectAndVerify(locatorPort, GfshShellConnectionRule.PortType.locator,
- CliStrings.CONNECT__SECURITY_PROPERTIES, securityPropsFilePath);
- gfshConnector.executeAndVerifyCommand("list members");
- gfshConnector.close();
- });
-
- }
-
- @Test
- public void testConnectToLocator_withSSL() throws Exception {
- securityProps.setProperty(SSL_ENABLED_COMPONENTS, SecurableCommunicationChannels.ALL);
- securityProps.setProperty(SSL_KEYSTORE, jks.getCanonicalPath());
- securityProps.setProperty(SSL_KEYSTORE_PASSWORD, "password");
- securityProps.setProperty(SSL_TRUSTSTORE, jks.getCanonicalPath());
- securityProps.setProperty(SSL_TRUSTSTORE_PASSWORD, "password");
- securityProps.setProperty(SSL_PROTOCOLS, "TLSv1.2");
- securityProps.setProperty(SSL_CIPHERS, "any");
-
- // start up the locator
- locator = lsRule.startLocatorVM(0, securityProps);
- // saving the securityProps to a file
- OutputStream out = new FileOutputStream(securityPropsFile);
- securityProps.store(out, null);
-
- connect();
- }
-}
http://git-wip-us.apache.org/repos/asf/geode/blob/7352fcc7/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorWithLegacySSLDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorWithLegacySSLDUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorWithLegacySSLDUnitTest.java
deleted file mode 100644
index d7db489..0000000
--- a/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorWithLegacySSLDUnitTest.java
+++ /dev/null
@@ -1,118 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
- * agreements. See the NOTICE file distributed with this work for additional information regarding
- * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance with the License. You may obtain a
- * copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under the License
- * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
- * or implied. See the License for the specific language governing permissions and limitations under
- * the License.
- */
-package org.apache.geode.management;
-
-import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_ENABLED;
-import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_KEYSTORE;
-import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_KEYSTORE_PASSWORD;
-import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_KEYSTORE_TYPE;
-import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_TRUSTSTORE;
-import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_TRUSTSTORE_PASSWORD;
-import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_ENABLED;
-import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_KEYSTORE;
-import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_KEYSTORE_PASSWORD;
-import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_KEYSTORE_TYPE;
-import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_TRUSTSTORE;
-import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_TRUSTSTORE_PASSWORD;
-import static org.apache.geode.util.test.TestUtil.getResourcePath;
-
-import java.io.File;
-import java.io.FileOutputStream;
-import java.io.OutputStream;
-import java.util.Properties;
-
-import org.junit.Before;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-import org.junit.rules.RuleChain;
-import org.junit.rules.TemporaryFolder;
-
-import org.apache.geode.management.internal.cli.i18n.CliStrings;
-import org.apache.geode.test.dunit.Host;
-import org.apache.geode.test.dunit.rules.CleanupDUnitVMsRule;
-import org.apache.geode.test.dunit.rules.GfshShellConnectionRule;
-import org.apache.geode.test.dunit.rules.LocatorServerStartupRule;
-import org.apache.geode.test.dunit.rules.MemberVM;
-import org.apache.geode.test.junit.categories.DistributedTest;
-import org.apache.geode.test.junit.rules.serializable.SerializableTemporaryFolder;
-
-@Category(DistributedTest.class)
-public class ConnectToLocatorWithLegacySSLDUnitTest {
- private TemporaryFolder folder = new SerializableTemporaryFolder();
- private LocatorServerStartupRule lsRule = new LocatorServerStartupRule();
- private CleanupDUnitVMsRule cleanupDUnitVMsRule = new CleanupDUnitVMsRule();
-
- @Rule
- public RuleChain ruleChain =
- RuleChain.outerRule(folder).around(cleanupDUnitVMsRule).around(lsRule);
-
- private File jks = null;
- protected File securityPropsFile = null;
- private Properties securityProps;
- protected MemberVM locator;
-
- @Before
- public void before() throws Exception {
- jks = new File(getResourcePath(getClass(), "/ssl/trusted.keystore"));
- securityPropsFile = folder.newFile("security.properties");
- securityProps = new Properties();
- }
-
- protected void startUpLocatorAndConnect(Properties properties) throws Exception {
- locator = lsRule.startLocatorVM(0, securityProps);
- // saving the securityProps to a file
- OutputStream out = new FileOutputStream(securityPropsFile);
- securityProps.store(out, null);
-
- final int locatorPort = locator.getPort();
- final String securityPropsFilePath = securityPropsFile.getCanonicalPath();
-
- // when gfsh uses SSL, it leaves SSL state behind to contaminate other tests. So we pushed
- // gfsh into a VM and uses a CleanupDUnitVM rule to clean it up after each test.
- Host.getHost(0).getVM(1).invoke(() -> {
- GfshShellConnectionRule gfshConnector = new GfshShellConnectionRule();
- gfshConnector.connectAndVerify(locatorPort, GfshShellConnectionRule.PortType.locator,
- CliStrings.CONNECT__SECURITY_PROPERTIES, securityPropsFilePath);
- gfshConnector.executeAndVerifyCommand("list members");
- gfshConnector.close();
- });
- }
-
- @Test
- public void testConnectToLocator_withLegacyClusterSSL() throws Exception {
- securityProps.setProperty(CLUSTER_SSL_ENABLED, "true");
- securityProps.setProperty(CLUSTER_SSL_KEYSTORE, jks.getCanonicalPath());
- securityProps.setProperty(CLUSTER_SSL_KEYSTORE_PASSWORD, "password");
- securityProps.setProperty(CLUSTER_SSL_KEYSTORE_TYPE, "JKS");
- securityProps.setProperty(CLUSTER_SSL_TRUSTSTORE, jks.getCanonicalPath());
- securityProps.setProperty(CLUSTER_SSL_TRUSTSTORE_PASSWORD, "password");
-
- startUpLocatorAndConnect(securityProps);
- }
-
- @Test
- public void testConnectToLocator_withLegacyJMXManagerSSL() throws Exception {
- securityProps.setProperty(JMX_MANAGER_SSL_ENABLED, "true");
- securityProps.setProperty(JMX_MANAGER_SSL_KEYSTORE, jks.getCanonicalPath());
- securityProps.setProperty(JMX_MANAGER_SSL_KEYSTORE_PASSWORD, "password");
- securityProps.setProperty(JMX_MANAGER_SSL_KEYSTORE_TYPE, "JKS");
- securityProps.setProperty(JMX_MANAGER_SSL_TRUSTSTORE, jks.getCanonicalPath());
- securityProps.setProperty(JMX_MANAGER_SSL_TRUSTSTORE_PASSWORD, "password");
-
- startUpLocatorAndConnect(securityProps);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/geode/blob/7352fcc7/geode-core/src/test/java/org/apache/geode/management/internal/cli/GfshParserConverterTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/cli/GfshParserConverterTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/cli/GfshParserConverterTest.java
index 3c42e0b..1ad22d4 100644
--- a/geode-core/src/test/java/org/apache/geode/management/internal/cli/GfshParserConverterTest.java
+++ b/geode-core/src/test/java/org/apache/geode/management/internal/cli/GfshParserConverterTest.java
@@ -17,7 +17,16 @@ package org.apache.geode.management.internal.cli;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Matchers.any;
import static org.mockito.Mockito.doReturn;
-import static org.mockito.Mockito.spy;
+
+import java.util.Arrays;
+import java.util.List;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+import org.junit.ClassRule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.springframework.shell.event.ParseResult;
import org.apache.geode.management.internal.cli.converters.DiskStoreNameConverter;
import org.apache.geode.management.internal.cli.converters.FilePathConverter;
@@ -25,15 +34,6 @@ import org.apache.geode.management.internal.cli.converters.FilePathStringConvert
import org.apache.geode.management.internal.cli.converters.RegionPathConverter;
import org.apache.geode.test.dunit.rules.GfshParserRule;
import org.apache.geode.test.junit.categories.IntegrationTest;
-import org.junit.ClassRule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-import org.springframework.shell.event.ParseResult;
-
-import java.util.Arrays;
-import java.util.List;
-import java.util.Set;
-import java.util.stream.Collectors;
@Category(IntegrationTest.class)
public class GfshParserConverterTest {
@@ -152,12 +152,12 @@ public class GfshParserConverterTest {
doReturn(roots).when(spy).getRoots();
doReturn(siblings).when(spy).getSiblings(any());
- String command = "start server --properties-file=";
+ String command = "start server --cache-xml-file=";
commandCandidate = parser.complete(command);
assertThat(commandCandidate.size()).isEqualTo(2);
assertThat(commandCandidate.getFirstCandidate()).isEqualTo(command + "/logs");
- command = "start server --properties-file=sibling";
+ command = "start server --cache-xml-file=sibling";
commandCandidate = parser.complete(command);
assertThat(commandCandidate.size()).isEqualTo(2);
assertThat(commandCandidate.getFirstCandidate()).isEqualTo(command + "1");
@@ -170,6 +170,7 @@ public class GfshParserConverterTest {
assertThat(commandCandidate.getFirstCandidate()).isEqualTo(command + "1");
}
+
@Test
public void testRegionPathConverter() throws Exception {
RegionPathConverter spy = parser.spyConverter(RegionPathConverter.class);
http://git-wip-us.apache.org/repos/asf/geode/blob/7352fcc7/geode-core/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectCommandTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectCommandTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectCommandTest.java
new file mode 100644
index 0000000..3a5c584
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectCommandTest.java
@@ -0,0 +1,300 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package org.apache.geode.management.internal.cli.commands;
+
+import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_KEYSTORE;
+import static org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_SSL_KEYSTORE;
+import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_KEYSTORE;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE_PASSWORD;
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyBoolean;
+import static org.mockito.Mockito.doCallRealMethod;
+import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.spy;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import java.io.File;
+import java.util.Properties;
+
+import org.junit.Before;
+import org.junit.ClassRule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.mockito.ArgumentCaptor;
+
+import org.apache.geode.management.internal.cli.i18n.CliStrings;
+import org.apache.geode.management.internal.cli.result.CommandResult;
+import org.apache.geode.management.internal.cli.shell.Gfsh;
+import org.apache.geode.management.internal.cli.shell.OperationInvoker;
+import org.apache.geode.test.dunit.rules.GfshParserRule;
+import org.apache.geode.test.junit.categories.UnitTest;
+
+@Category(UnitTest.class)
+public class ConnectCommandTest {
+
+ @ClassRule
+ public static GfshParserRule gfshParserRule = new GfshParserRule();
+
+ private ConnectCommand connectCommand;
+
+ private Gfsh gfsh = mock(Gfsh.class);
+
+ private CommandResult result;
+ private Properties properties;
+ private ArgumentCaptor<File> fileCaptor;
+
+ @Before
+ public void before() throws Exception {
+ properties = new Properties();
+ when(gfsh.getOperationInvoker()).thenReturn(mock(OperationInvoker.class));
+ // using spy instead of mock because we want to call the real method when we do connect
+ connectCommand = spy(ConnectCommand.class);
+ when(connectCommand.getGfsh()).thenReturn(gfsh);
+ doReturn(properties).when(connectCommand).loadProperties(any());
+ CommandResult result = mock(CommandResult.class);
+ when(connectCommand.httpConnect(any(), any())).thenReturn(result);
+ when(connectCommand.jmxConnect(any(), anyBoolean(), any(), any(), anyBoolean()))
+ .thenReturn(result);
+ fileCaptor = ArgumentCaptor.forClass(File.class);
+ }
+
+ @Test
+ public void whenGfshIsAlreadyConnected() throws Exception {
+ when(gfsh.isConnectedAndReady()).thenReturn(true);
+ result = gfshParserRule.executeCommandWithInstance(connectCommand, "connect");
+ assertThat(result.nextLine()).contains("Already connected to");
+ }
+
+ @Test
+ public void promptForPasswordIfUsernameIsGiven() throws Exception {
+ doReturn(properties).when(connectCommand).resolveSslProperties(any(), anyBoolean(), any(),
+ any());
+ result = gfshParserRule.executeCommandWithInstance(connectCommand, "connect --user=user");
+ verify(gfsh).readPassword(CliStrings.CONNECT__PASSWORD + ": ");
+
+ assertThat(properties.getProperty("security-username")).isEqualTo("user");
+ assertThat(properties.getProperty("security-password")).isEqualTo("");
+ }
+
+ @Test
+ public void notPromptForPasswordIfUsernameIsGiven() throws Exception {
+ doReturn(properties).when(connectCommand).resolveSslProperties(any(), anyBoolean(), any(),
+ any());
+ result = gfshParserRule.executeCommandWithInstance(connectCommand,
+ "connect --user=user --password=pass");
+ verify(gfsh, times(0)).readPassword(CliStrings.CONNECT__PASSWORD + ": ");
+
+ assertThat(properties.getProperty("security-username")).isEqualTo("user");
+ assertThat(properties.getProperty("security-password")).isEqualTo("pass");
+ }
+
+ @Test
+ public void notPromptForPasswordIfuserNameisGivenInFile() throws Exception {
+ // username specified in property file won't promot for password
+ properties.setProperty("security-username", "user");
+ doReturn(properties).when(connectCommand).loadProperties(any(File.class));
+
+ result = gfshParserRule.executeCommandWithInstance(connectCommand, "connect");
+ verify(gfsh, times(0)).readPassword(CliStrings.CONNECT__PASSWORD + ": ");
+
+ assertThat(properties).doesNotContainKey("security-password");
+ }
+
+ @Test
+ public void plainConnectNotLoadFileNotPrompt() throws Exception {
+ result = gfshParserRule.executeCommandWithInstance(connectCommand, "connect");
+ // will not try to load from any file
+ verify(connectCommand).loadProperties(null, null);
+
+ // will not try to prompt
+ verify(gfsh, times(0)).readText(any());
+ verify(gfsh, times(0)).readPassword(any());
+ }
+
+ @Test
+ public void connectUseSsl() throws Exception {
+ result = gfshParserRule.executeCommandWithInstance(connectCommand, "connect --use-ssl");
+
+ // will not try to load from any file
+ verify(connectCommand).loadProperties(null, null);
+
+ // gfsh will prompt for the all the ssl properties
+ verify(gfsh).readText("key-store: ");
+ verify(gfsh).readPassword("key-store-password: ");
+ verify(gfsh).readText("key-store-type(default: JKS): ");
+ verify(gfsh).readText("trust-store: ");
+ verify(gfsh).readPassword("trust-store-password: ");
+ verify(gfsh).readText("trust-store-type(default: JKS): ");
+ verify(gfsh).readText("ssl-ciphers(default: any): ");
+ verify(gfsh).readText("ssl-protocols(default: any): ");
+
+ // verify the resulting properties has correct values
+ assertThat(properties).hasSize(9);
+ assertThat(properties.getProperty("ssl-keystore")).isEqualTo("");
+ assertThat(properties.getProperty("ssl-keystore-password")).isEqualTo("");
+ assertThat(properties.getProperty("ssl-keystore-type")).isEqualTo("JKS");
+ assertThat(properties.getProperty("ssl-truststore")).isEqualTo("");
+ assertThat(properties.getProperty("ssl-truststore-password")).isEqualTo("");
+ assertThat(properties.getProperty("ssl-truststore-type")).isEqualTo("JKS");
+ assertThat(properties.getProperty("ssl-ciphers")).isEqualTo("any");
+ assertThat(properties.getProperty("ssl-protocols")).isEqualTo("any");
+ assertThat(properties.getProperty("ssl-enabled-components")).isEqualTo("all");
+ }
+
+ @Test
+ public void securityFileContainsSSLPropsAndNoUseSSL() throws Exception {
+ properties.setProperty(SSL_KEYSTORE, "keystore");
+ result = gfshParserRule.executeCommandWithInstance(connectCommand,
+ "connect --security-properties-file=test");
+
+ // will try to load from this file
+ verify(connectCommand).loadProperties(any(), fileCaptor.capture());
+ assertThat(fileCaptor.getValue()).hasName("test");
+
+ // it will prompt for missing properties
+ verify(gfsh, times(6)).readText(any());
+ verify(gfsh, times(2)).readPassword(any());
+ }
+
+ @Test
+ public void securityFileContainsNoSSLPropsAndNoUseSSL() throws Exception {
+ result = gfshParserRule.executeCommandWithInstance(connectCommand,
+ "connect --security-properties-file=test");
+
+ // will try to load from this file
+ verify(connectCommand).loadProperties(any(), fileCaptor.capture());
+ assertThat(fileCaptor.getValue()).hasName("test");
+
+ // it will prompt for missing properties
+ verify(gfsh, times(0)).readText(any());
+ verify(gfsh, times(0)).readPassword(any());
+ }
+
+ @Test
+ public void connectUseLegacySecurityPropertiesFile() throws Exception {
+ properties.setProperty(JMX_MANAGER_SSL_KEYSTORE, "jmx-keystore");
+ result = gfshParserRule.executeCommandWithInstance(connectCommand,
+ "connect --security-properties-file=test --key-store=keystore --key-store-password=password");
+
+ // wil try to load from this file
+ verify(connectCommand).loadProperties(fileCaptor.capture());
+ assertThat(fileCaptor.getValue()).hasName("test");
+
+ // it will not prompt for missing properties
+ verify(gfsh, times(0)).readText(any());
+ verify(gfsh, times(0)).readPassword(any());
+
+ // the command option will be ignored
+ assertThat(properties).hasSize(1);
+ assertThat(properties.get(JMX_MANAGER_SSL_KEYSTORE)).isEqualTo("jmx-keystore");
+ }
+
+ @Test
+ public void connectUseSecurityPropertiesFile_promptForMissing() throws Exception {
+ properties.setProperty(SSL_KEYSTORE, "keystore");
+ properties.setProperty(SSL_KEYSTORE_PASSWORD, "password");
+ result = gfshParserRule.executeCommandWithInstance(connectCommand,
+ "connect --security-properties-file=test");
+
+ // since nothing is loaded, will prompt for all missing values
+ verify(gfsh, times(6)).readText(any());
+ verify(gfsh, times(1)).readPassword(any());
+ }
+
+ @Test
+ public void connectUseSecurityPropertiesFileAndOption_promptForMissing() throws Exception {
+ properties.setProperty(SSL_KEYSTORE, "keystore");
+ properties.setProperty(SSL_KEYSTORE_PASSWORD, "password");
+ result = gfshParserRule.executeCommandWithInstance(connectCommand,
+ "connect --security-properties-file=test --key-store=keystore2 --trust-store=truststore2");
+
+ // since nothing is loaded, will prompt for all missing values
+ verify(gfsh, times(5)).readText(any());
+ verify(gfsh, times(1)).readPassword(any());
+
+ assertThat(properties).hasSize(9);
+ assertThat(properties.getProperty("ssl-keystore")).isEqualTo("keystore2");
+ assertThat(properties.getProperty("ssl-keystore-password")).isEqualTo("password");
+ assertThat(properties.getProperty("ssl-keystore-type")).isEqualTo("JKS");
+ assertThat(properties.getProperty("ssl-truststore")).isEqualTo("truststore2");
+ assertThat(properties.getProperty("ssl-truststore-password")).isEqualTo("");
+ assertThat(properties.getProperty("ssl-truststore-type")).isEqualTo("JKS");
+ assertThat(properties.getProperty("ssl-ciphers")).isEqualTo("any");
+ assertThat(properties.getProperty("ssl-protocols")).isEqualTo("any");
+ assertThat(properties.getProperty("ssl-enabled-components")).isEqualTo("all");
+ }
+
+ @Test
+ public void containsLegacySSLConfigTest_ssl() throws Exception {
+ properties.setProperty(SSL_KEYSTORE, "keystore");
+ assertThat(connectCommand.containsLegacySSLConfig(properties)).isFalse();
+ }
+
+ @Test
+ public void containsLegacySSLConfigTest_cluster() throws Exception {
+ properties.setProperty(CLUSTER_SSL_KEYSTORE, "cluster-keystore");
+ assertThat(connectCommand.containsLegacySSLConfig(properties)).isTrue();
+ }
+
+ @Test
+ public void containsLegacySSLConfigTest_jmx() throws Exception {
+ properties.setProperty(JMX_MANAGER_SSL_KEYSTORE, "jmx-keystore");
+ assertThat(connectCommand.containsLegacySSLConfig(properties)).isTrue();
+ }
+
+ @Test
+ public void containsLegacySSLConfigTest_http() throws Exception {
+ properties.setProperty(HTTP_SERVICE_SSL_KEYSTORE, "http-keystore");
+ assertThat(connectCommand.containsLegacySSLConfig(properties)).isTrue();
+ }
+
+ @Test
+ public void loadPropertiesWithNull() throws Exception {
+ doCallRealMethod().when(connectCommand).loadProperties(any());
+ assertThat(connectCommand.loadProperties(null, null)).isEmpty();
+ }
+
+ @Test
+ public void isSslImpliedByOptions() throws Exception {
+ assertThat(connectCommand.isSslImpliedBySslOptions(null)).isFalse();
+
+ assertThat(connectCommand.isSslImpliedBySslOptions(null, null, null)).isFalse();
+
+ assertThat(connectCommand.isSslImpliedBySslOptions(null, "test")).isTrue();
+ }
+
+ @Test
+ public void resolveSslProperties() throws Exception {
+ // assume properties loaded from either file has an ssl property
+ properties.setProperty(SSL_KEYSTORE, "keystore");
+ properties = connectCommand.resolveSslProperties(gfsh, false, null, null);
+ assertThat(properties).hasSize(9);
+
+ properties.clear();
+
+ properties.setProperty(SSL_KEYSTORE, "keystore");
+ properties =
+ connectCommand.resolveSslProperties(gfsh, false, null, null, "keystore2", "password");
+ assertThat(properties).hasSize(9);
+ assertThat(properties.getProperty(SSL_KEYSTORE)).isEqualTo("keystore2");
+ assertThat(properties.getProperty(SSL_KEYSTORE_PASSWORD)).isEqualTo("password");
+ }
+}
http://git-wip-us.apache.org/repos/asf/geode/blob/7352fcc7/geode-core/src/test/java/org/apache/geode/management/internal/cli/commands/GfshCommandJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/cli/commands/GfshCommandJUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/cli/commands/GfshCommandJUnitTest.java
index 67c3f5a..da60c7a 100644
--- a/geode-core/src/test/java/org/apache/geode/management/internal/cli/commands/GfshCommandJUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/management/internal/cli/commands/GfshCommandJUnitTest.java
@@ -29,6 +29,24 @@ import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertSame;
import static org.junit.Assert.assertTrue;
+import java.io.File;
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Properties;
+import java.util.Set;
+
+import org.jmock.Expectations;
+import org.jmock.Mockery;
+import org.jmock.lib.concurrent.Synchroniser;
+import org.jmock.lib.legacy.ClassImposteriser;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
import org.apache.geode.cache.execute.Function;
import org.apache.geode.cache.execute.FunctionService;
import org.apache.geode.distributed.DistributedMember;
@@ -41,23 +59,6 @@ import org.apache.geode.management.cli.CliMetaData;
import org.apache.geode.management.internal.cli.i18n.CliStrings;
import org.apache.geode.management.internal.cli.util.MemberNotFoundException;
import org.apache.geode.test.junit.categories.UnitTest;
-import org.jmock.Expectations;
-import org.jmock.Mockery;
-import org.jmock.lib.concurrent.Synchroniser;
-import org.jmock.lib.legacy.ClassImposteriser;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-
-import java.io.File;
-import java.io.PrintWriter;
-import java.io.StringWriter;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-import java.util.Properties;
-import java.util.Set;
/**
* The GfshCommandJUnitTest class is a test suite of test cases testing the contract and
@@ -412,11 +413,7 @@ public class GfshCommandJUnitTest {
assertTrue(commandLine.isEmpty());
StartMemberUtils.addGemFirePropertyFile(commandLine, null);
assertTrue(commandLine.isEmpty());
- StartMemberUtils.addGemFirePropertyFile(commandLine, org.apache.commons.lang.StringUtils.EMPTY);
- assertTrue(commandLine.isEmpty());
- StartMemberUtils.addGemFirePropertyFile(commandLine, " ");
- assertTrue(commandLine.isEmpty());
- StartMemberUtils.addGemFirePropertyFile(commandLine, "/path/to/gemfire.properties");
+ StartMemberUtils.addGemFirePropertyFile(commandLine, new File("/path/to/gemfire.properties"));
assertFalse(commandLine.isEmpty());
assertTrue(commandLine.contains("-DgemfirePropertyFile=/path/to/gemfire.properties"));
}
http://git-wip-us.apache.org/repos/asf/geode/blob/7352fcc7/geode-core/src/test/java/org/apache/geode/management/internal/cli/commands/UserInputPropertyTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/management/internal/cli/commands/UserInputPropertyTest.java b/geode-core/src/test/java/org/apache/geode/management/internal/cli/commands/UserInputPropertyTest.java
new file mode 100644
index 0000000..3527afd
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/management/internal/cli/commands/UserInputPropertyTest.java
@@ -0,0 +1,102 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package org.apache.geode.management.internal.cli.commands;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import org.apache.geode.management.internal.cli.shell.Gfsh;
+import org.apache.geode.test.junit.categories.UnitTest;
+
+@Category(UnitTest.class)
+public class UserInputPropertyTest {
+
+ private UserInputProperty userInputProperty;
+ private Gfsh gfsh;
+
+ @Before
+ public void setUp() throws Exception {
+ gfsh = mock(Gfsh.class);
+ }
+
+ @Test
+ public void propertyWithNoDefaultVaueWillPromptTillAValueIsSupplied_interactive()
+ throws Exception {
+ userInputProperty = new UserInputProperty("key", "prompt", false);
+
+ when(gfsh.readText(any())).thenReturn("").thenReturn("").thenReturn("value");
+ String input = userInputProperty.promptForAcceptableValue(gfsh);
+
+ assertThat(input).isEqualTo("value");
+ verify(gfsh, times(0)).readPassword(any());
+ verify(gfsh, times(3)).readText(any());
+ }
+
+ @Test
+ public void propertyWithNoDefaultValue_quietMode() throws Exception {
+ when(gfsh.isQuietMode()).thenReturn(true);
+ userInputProperty = new UserInputProperty("key", "prompt", false);
+ String input = userInputProperty.promptForAcceptableValue(gfsh);
+ assertThat(input).isEqualTo("");
+ verify(gfsh, times(0)).readPassword(any());
+ verify(gfsh, times(0)).readText(any());
+ }
+
+ @Test
+ public void propertyWithDefaultValue_Interactive() throws Exception {
+ userInputProperty = new UserInputProperty("key", "prompt", "value", false);
+ String input = userInputProperty.promptForAcceptableValue(gfsh);
+ assertThat(input).isEqualTo("value");
+ verify(gfsh, times(0)).readPassword(any());
+ verify(gfsh).readText(any());
+ }
+
+ @Test
+ public void propertyWithEmptyDefaultValue_Interactive() throws Exception {
+ userInputProperty = new UserInputProperty("key", "prompt", "", false);
+ String input = userInputProperty.promptForAcceptableValue(gfsh);
+ assertThat(input).isEqualTo("");
+ verify(gfsh, times(0)).readPassword(any());
+ verify(gfsh).readText(any());
+ }
+
+ @Test
+ public void propertyWithDefaultValue_Interactive_masked() throws Exception {
+ userInputProperty = new UserInputProperty("key", "prompt", "value", true);
+ String input = userInputProperty.promptForAcceptableValue(gfsh);
+ assertThat(input).isEqualTo("value");
+ verify(gfsh).readPassword(any());
+ verify(gfsh, times(0)).readText(any());
+ }
+
+ @Test
+ public void propertyWithDefaultValue_Quiet() throws Exception {
+ when(gfsh.isQuietMode()).thenReturn(true);
+ userInputProperty = new UserInputProperty("key", "prompt", "value", false);
+ String input = userInputProperty.promptForAcceptableValue(gfsh);
+ assertThat(input).isEqualTo("value");
+ verify(gfsh, times(0)).readPassword(any());
+ verify(gfsh, times(0)).readText(any());
+ }
+}
http://git-wip-us.apache.org/repos/asf/geode/blob/7352fcc7/geode-cq/src/test/java/org/apache/geode/management/CacheServerManagementDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-cq/src/test/java/org/apache/geode/management/CacheServerManagementDUnitTest.java b/geode-cq/src/test/java/org/apache/geode/management/CacheServerManagementDUnitTest.java
index 2cd69dd..a8d3997 100644
--- a/geode-cq/src/test/java/org/apache/geode/management/CacheServerManagementDUnitTest.java
+++ b/geode-cq/src/test/java/org/apache/geode/management/CacheServerManagementDUnitTest.java
@@ -14,17 +14,41 @@
*/
package org.apache.geode.management;
-import org.junit.Ignore;
-import org.junit.experimental.categories.Category;
-import org.junit.Test;
+import static org.apache.geode.distributed.ConfigurationProperties.ENABLE_CLUSTER_CONFIGURATION;
+import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_HTTP_PORT;
+import static org.apache.geode.distributed.ConfigurationProperties.LOCATORS;
+import static org.apache.geode.distributed.ConfigurationProperties.LOG_LEVEL;
+import static org.apache.geode.distributed.ConfigurationProperties.MCAST_PORT;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
-import static org.junit.Assert.*;
+import java.io.File;
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.util.Properties;
-import org.apache.geode.test.junit.categories.DistributedTest;
+import javax.management.InstanceNotFoundException;
+import javax.management.MBeanServer;
+import javax.management.Notification;
+import javax.management.NotificationListener;
+import javax.management.ObjectName;
+
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
import org.apache.geode.cache.Cache;
import org.apache.geode.cache.client.internal.LocatorTestBase;
-import org.apache.geode.cache.query.*;
+import org.apache.geode.cache.query.IndexExistsException;
+import org.apache.geode.cache.query.IndexInvalidException;
+import org.apache.geode.cache.query.IndexNameConflictException;
+import org.apache.geode.cache.query.QueryService;
+import org.apache.geode.cache.query.RegionNotFoundException;
import org.apache.geode.cache.query.cq.dunit.CqQueryDUnitTest;
import org.apache.geode.cache.query.internal.cq.CqService;
import org.apache.geode.cache.server.CacheServer;
@@ -36,17 +60,15 @@ import org.apache.geode.internal.cache.GemFireCacheImpl;
import org.apache.geode.management.internal.JmxManagerLocatorRequest;
import org.apache.geode.management.internal.MBeanJMXAdapter;
import org.apache.geode.management.internal.SystemManagementService;
-import org.apache.geode.test.dunit.*;
-
-import javax.management.*;
-import java.io.File;
-import java.io.IOException;
-import java.net.InetAddress;
-import java.net.UnknownHostException;
-import java.util.Collections;
-import java.util.Properties;
-
-import static org.apache.geode.distributed.ConfigurationProperties.*;
+import org.apache.geode.test.dunit.Assert;
+import org.apache.geode.test.dunit.Host;
+import org.apache.geode.test.dunit.LogWriterUtils;
+import org.apache.geode.test.dunit.NetworkUtils;
+import org.apache.geode.test.dunit.SerializableRunnable;
+import org.apache.geode.test.dunit.VM;
+import org.apache.geode.test.dunit.Wait;
+import org.apache.geode.test.dunit.WaitCriterion;
+import org.apache.geode.test.junit.categories.DistributedTest;
/**
* Cache Server related management test cases
@@ -219,7 +241,7 @@ public class CacheServerManagementDUnitTest extends LocatorTestBase {
// Step 4:
JmxManagerLocatorRequest.send(locator.getHost().getHostName(), locatorPort,
- CONNECT_LOCATOR_TIMEOUT_MS, Collections.<String, String>emptyMap());
+ CONNECT_LOCATOR_TIMEOUT_MS, new Properties());
// Step 5:
locator.invoke("Check locator", () -> {
http://git-wip-us.apache.org/repos/asf/geode/blob/7352fcc7/geode-web/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectCommandIntegrationTest.java
----------------------------------------------------------------------
diff --git a/geode-web/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectCommandIntegrationTest.java b/geode-web/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectCommandIntegrationTest.java
new file mode 100644
index 0000000..bead33d
--- /dev/null
+++ b/geode-web/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectCommandIntegrationTest.java
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package org.apache.geode.management.internal.cli.commands;
+
+import org.junit.ClassRule;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import org.apache.geode.test.dunit.rules.GfshShellConnectionRule;
+import org.apache.geode.test.dunit.rules.LocatorStarterRule;
+import org.apache.geode.test.junit.categories.IntegrationTest;
+
+@Category(IntegrationTest.class)
+public class ConnectCommandIntegrationTest {
+
+ @ClassRule
+ public static LocatorStarterRule locator = new LocatorStarterRule().withAutoStart();
+
+ @Rule
+ public GfshShellConnectionRule gfsh = new GfshShellConnectionRule();
+
+ @Test
+ public void connectToLocator() throws Exception {
+ gfsh.connectAndVerify(locator);
+ }
+
+ @Test
+ public void connectOverJmx() throws Exception {
+ gfsh.connectAndVerify(locator.getJmxPort(), GfshShellConnectionRule.PortType.jmxManger);
+ }
+
+ @Test
+ public void connectOverHttp() throws Exception {
+ gfsh.connectAndVerify(locator.getHttpPort(), GfshShellConnectionRule.PortType.http);
+ }
+}
[3/3] geode git commit: GEODE-3328: refactor ConnectCommand
Posted by ji...@apache.org.
GEODE-3328: refactor ConnectCommand
* connect command will prompt for missing ssl configs if ssl is indicated by any options
* command ssl options will override the properties loaded in the file
* reworked connect with ssl so that the configuration won't get cached accidentally.
* have auto connect also prompt for missing ssl configs, not in the socket creator
* change the properties file type in the start server and start locator command to be File instead of String
Project: http://git-wip-us.apache.org/repos/asf/geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/geode/commit/7352fcc7
Tree: http://git-wip-us.apache.org/repos/asf/geode/tree/7352fcc7
Diff: http://git-wip-us.apache.org/repos/asf/geode/diff/7352fcc7
Branch: refs/heads/develop
Commit: 7352fcc7e485984b57d72373b468440d09556b5a
Parents: 1bd15f8
Author: Jinmei Liao <ji...@pivotal.io>
Authored: Sat Jul 29 21:32:50 2017 -0700
Committer: Jinmei Liao <ji...@pivotal.io>
Committed: Thu Aug 10 13:50:31 2017 -0700
----------------------------------------------------------------------
.../distributed/ConfigurationProperties.java | 4 +
.../internal/tcpserver/TcpClient.java | 12 +-
.../internal/net/SSLConfigurationFactory.java | 202 ++++----
.../internal/JmxManagerLocatorRequest.java | 47 +-
.../internal/beans/BeanUtilFuncs.java | 1 +
.../cli/AbstractCliAroundInterceptor.java | 18 +-
.../internal/cli/commands/ConnectCommand.java | 482 ++++++++-----------
.../internal/cli/commands/ShellCommands.java | 77 ++-
.../cli/commands/StartLocatorCommand.java | 148 ++----
.../internal/cli/commands/StartMemberUtils.java | 13 +-
.../cli/commands/StartServerCommand.java | 34 +-
.../cli/commands/UserInputProperty.java | 120 +++++
.../internal/cli/i18n/CliStrings.java | 4 +-
.../management/internal/cli/shell/Gfsh.java | 20 +-
.../internal/cli/shell/JmxOperationInvoker.java | 147 ++----
.../internal/cli/util/GfshConsoleReader.java | 16 +-
.../ClusterConfigurationStatusRetriever.java | 17 +-
.../net/SSLConfigurationFactoryJUnitTest.java | 37 +-
.../ConnectToLocatorSSLDUnitTest.java | 104 ----
.../ConnectToLocatorWithLegacySSLDUnitTest.java | 118 -----
.../internal/cli/GfshParserConverterTest.java | 25 +-
.../cli/commands/ConnectCommandTest.java | 300 ++++++++++++
.../cli/commands/GfshCommandJUnitTest.java | 41 +-
.../cli/commands/UserInputPropertyTest.java | 102 ++++
.../CacheServerManagementDUnitTest.java | 58 ++-
.../commands/ConnectCommandIntegrationTest.java | 50 ++
.../cli/commands/ConnectCommandWithSSLTest.java | 303 ++++++++++++
.../ConnectCommandWithSecurityTest.java | 55 +++
.../ConnectToLocatorSSLOverHttpTest.java | 43 --
29 files changed, 1551 insertions(+), 1047 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/geode/blob/7352fcc7/geode-core/src/main/java/org/apache/geode/distributed/ConfigurationProperties.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/distributed/ConfigurationProperties.java b/geode-core/src/main/java/org/apache/geode/distributed/ConfigurationProperties.java
index 91a6443..aae7d8a 100644
--- a/geode-core/src/main/java/org/apache/geode/distributed/ConfigurationProperties.java
+++ b/geode-core/src/main/java/org/apache/geode/distributed/ConfigurationProperties.java
@@ -687,6 +687,10 @@ public interface ConfigurationProperties {
*/
String SSL_WEB_ALIAS = "ssl-web-alias";
+
+ @Deprecated
+ String HTTP_SERVICE_SSL_PREFIX = "http-service-ssl-";
+
/**
* The static String definition of the <i>"http-service-ssl-ciphers"</i> property <a
* name="http-service-ssl-ciphers"/a>
http://git-wip-us.apache.org/repos/asf/geode/blob/7352fcc7/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpClient.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpClient.java b/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpClient.java
index d406891..933b25d 100644
--- a/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpClient.java
+++ b/geode-core/src/main/java/org/apache/geode/distributed/internal/tcpserver/TcpClient.java
@@ -24,9 +24,9 @@ import java.net.InetSocketAddress;
import java.net.Socket;
import java.util.HashMap;
import java.util.Map;
+import java.util.Properties;
import javax.net.ssl.SSLException;
-import javax.net.ssl.SSLHandshakeException;
import org.apache.logging.log4j.Logger;
@@ -36,7 +36,9 @@ import org.apache.geode.distributed.internal.DistributionConfig;
import org.apache.geode.internal.Version;
import org.apache.geode.internal.VersionedDataInputStream;
import org.apache.geode.internal.VersionedDataOutputStream;
+import org.apache.geode.internal.admin.SSLConfig;
import org.apache.geode.internal.logging.LogService;
+import org.apache.geode.internal.net.SSLConfigurationFactory;
import org.apache.geode.internal.net.SocketCreator;
import org.apache.geode.internal.net.SocketCreatorFactory;
import org.apache.geode.internal.security.SecurableCommunicationChannel;
@@ -72,6 +74,12 @@ public class TcpClient {
this(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.LOCATOR));
}
+ public TcpClient(Properties properties) {
+ SSLConfig sslConfig = SSLConfigurationFactory.getSSLConfigForComponent(properties,
+ SecurableCommunicationChannel.LOCATOR);
+ this.socketCreator = new SocketCreator(sslConfig);
+ }
+
/**
* Constructs a new TcpClient
*
@@ -310,7 +318,7 @@ public class TcpClient {
Object readObject = DataSerializer.readObject(in);
if (!(readObject instanceof VersionResponse)) {
throw new LocatorCancelException(
- "Unrecognisable response received: object is null. This could be the result of trying to connect a non-SSL-enabled locator to an SSL-enabled locator.");
+ "Unrecognisable response received: This could be the result of trying to connect a non-SSL-enabled client to an SSL-enabled locator.");
}
VersionResponse response = (VersionResponse) readObject;
if (response != null) {
http://git-wip-us.apache.org/repos/asf/geode/blob/7352fcc7/geode-core/src/main/java/org/apache/geode/internal/net/SSLConfigurationFactory.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/net/SSLConfigurationFactory.java b/geode-core/src/main/java/org/apache/geode/internal/net/SSLConfigurationFactory.java
index 4b98617..00ccb74 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/net/SSLConfigurationFactory.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/net/SSLConfigurationFactory.java
@@ -24,6 +24,7 @@ import org.apache.commons.lang.StringUtils;
import org.apache.geode.GemFireConfigException;
import org.apache.geode.distributed.internal.DistributionConfig;
+import org.apache.geode.distributed.internal.DistributionConfigImpl;
import org.apache.geode.internal.admin.SSLConfig;
import org.apache.geode.internal.security.SecurableCommunicationChannel;
@@ -63,6 +64,11 @@ public class SSLConfigurationFactory {
getInstance().distributionConfig = distributionConfig;
}
+ /**
+ * @deprecated since GEODE 1.3, use #{getSSLConfigForComponent({@link DistributionConfig} ,
+ * {@link SecurableCommunicationChannel})} instead
+ */
+ @Deprecated
public static SSLConfig getSSLConfigForComponent(
SecurableCommunicationChannel sslEnabledComponent) {
SSLConfig sslConfig = getInstance().getRegisteredSSLConfigForComponent(sslEnabledComponent);
@@ -80,64 +86,68 @@ public class SSLConfigurationFactory {
private SSLConfig createSSLConfigForComponent(
final SecurableCommunicationChannel sslEnabledComponent) {
- SSLConfig sslConfig = createSSLConfig(sslEnabledComponent);
+ return createSSLConfigForComponent(getDistributionConfig(), sslEnabledComponent);
+ }
+
+ private SSLConfig createSSLConfigForComponent(final DistributionConfig distributionConfig,
+ final SecurableCommunicationChannel sslEnabledComponent) {
+ SSLConfig sslConfig = createSSLConfig(distributionConfig, sslEnabledComponent);
SecurableCommunicationChannel[] sslEnabledComponents =
- getDistributionConfig().getSecurableCommunicationChannels();
+ distributionConfig.getSecurableCommunicationChannels();
if (sslEnabledComponents.length == 0) {
- sslConfig = configureLegacyClusterSSL(sslConfig);
+ sslConfig = configureLegacyClusterSSL(distributionConfig, sslConfig);
}
sslConfig.setSecurableCommunicationChannel(sslEnabledComponent);
switch (sslEnabledComponent) {
case ALL: {
// Create a SSLConfig separate for HTTP Service. As the require-authentication might differ
- createSSLConfigForComponent(SecurableCommunicationChannel.WEB);
+ createSSLConfigForComponent(distributionConfig, SecurableCommunicationChannel.WEB);
break;
}
case CLUSTER: {
if (sslEnabledComponents.length > 0) {
- sslConfig = setAliasForComponent(sslConfig, getDistributionConfig().getClusterSSLAlias());
+ sslConfig = setAliasForComponent(sslConfig, distributionConfig.getClusterSSLAlias());
} else {
- sslConfig = configureLegacyClusterSSL(sslConfig);
+ sslConfig = configureLegacyClusterSSL(distributionConfig, sslConfig);
}
break;
}
case LOCATOR: {
if (sslEnabledComponents.length > 0) {
- sslConfig = setAliasForComponent(sslConfig, getDistributionConfig().getLocatorSSLAlias());
+ sslConfig = setAliasForComponent(sslConfig, distributionConfig.getLocatorSSLAlias());
}
break;
}
case SERVER: {
if (sslEnabledComponents.length > 0) {
- sslConfig = setAliasForComponent(sslConfig, getDistributionConfig().getServerSSLAlias());
+ sslConfig = setAliasForComponent(sslConfig, distributionConfig.getServerSSLAlias());
} else {
- sslConfig = configureLegacyServerSSL(sslConfig);
+ sslConfig = configureLegacyServerSSL(distributionConfig, sslConfig);
}
break;
}
case GATEWAY: {
if (sslEnabledComponents.length > 0) {
- sslConfig = setAliasForComponent(sslConfig, getDistributionConfig().getGatewaySSLAlias());
+ sslConfig = setAliasForComponent(sslConfig, distributionConfig.getGatewaySSLAlias());
} else {
- sslConfig = configureLegacyGatewaySSL(sslConfig);
+ sslConfig = configureLegacyGatewaySSL(distributionConfig, sslConfig);
}
break;
}
case WEB: {
if (sslEnabledComponents.length > 0) {
- sslConfig =
- setAliasForComponent(sslConfig, getDistributionConfig().getHTTPServiceSSLAlias());
- sslConfig.setRequireAuth(getDistributionConfig().getSSLWebRequireAuthentication());
+ sslConfig = setAliasForComponent(sslConfig, distributionConfig.getHTTPServiceSSLAlias());
+ sslConfig.setRequireAuth(distributionConfig.getSSLWebRequireAuthentication());
} else {
- sslConfig = configureLegacyHttpServiceSSL(sslConfig);
+ sslConfig = configureLegacyHttpServiceSSL(distributionConfig, sslConfig);
}
break;
}
case JMX: {
if (sslEnabledComponents.length > 0) {
- sslConfig = setAliasForComponent(sslConfig, getDistributionConfig().getJMXSSLAlias());
+ sslConfig = setAliasForComponent(sslConfig, distributionConfig.getJMXSSLAlias());
} else {
- sslConfig = configureLegacyJMXSSL(sslConfig);
+ sslConfig = configureLegacyJMXSSL(distributionConfig, sslConfig);
}
break;
}
@@ -153,33 +163,35 @@ public class SSLConfigurationFactory {
return sslConfig;
}
- private SSLConfig createSSLConfig(final SecurableCommunicationChannel sslEnabledComponent) {
+ private SSLConfig createSSLConfig(final DistributionConfig distributionConfig,
+ final SecurableCommunicationChannel sslEnabledComponent) {
SSLConfig sslConfig = new SSLConfig();
- sslConfig.setCiphers(getDistributionConfig().getSSLCiphers());
- sslConfig.setEnabled(determineIfSSLEnabledForSSLComponent(sslEnabledComponent));
- sslConfig.setKeystore(getDistributionConfig().getSSLKeyStore());
- sslConfig.setKeystorePassword(getDistributionConfig().getSSLKeyStorePassword());
- sslConfig.setKeystoreType(getDistributionConfig().getSSLKeyStoreType());
- sslConfig.setTruststore(getDistributionConfig().getSSLTrustStore());
- sslConfig.setTruststorePassword(getDistributionConfig().getSSLTrustStorePassword());
- sslConfig.setTruststoreType(getDistributionConfig().getSSLTrustStoreType());
- sslConfig.setProtocols(getDistributionConfig().getSSLProtocols());
- sslConfig.setRequireAuth(getDistributionConfig().getSSLRequireAuthentication());
- sslConfig.setAlias(getDistributionConfig().getSSLDefaultAlias());
+ sslConfig.setCiphers(distributionConfig.getSSLCiphers());
+ sslConfig
+ .setEnabled(determineIfSSLEnabledForSSLComponent(distributionConfig, sslEnabledComponent));
+ sslConfig.setKeystore(distributionConfig.getSSLKeyStore());
+ sslConfig.setKeystorePassword(distributionConfig.getSSLKeyStorePassword());
+ sslConfig.setKeystoreType(distributionConfig.getSSLKeyStoreType());
+ sslConfig.setTruststore(distributionConfig.getSSLTrustStore());
+ sslConfig.setTruststorePassword(distributionConfig.getSSLTrustStorePassword());
+ sslConfig.setTruststoreType(distributionConfig.getSSLTrustStoreType());
+ sslConfig.setProtocols(distributionConfig.getSSLProtocols());
+ sslConfig.setRequireAuth(distributionConfig.getSSLRequireAuthentication());
+ sslConfig.setAlias(distributionConfig.getSSLDefaultAlias());
return sslConfig;
}
- private boolean determineIfSSLEnabledForSSLComponent(
+ private boolean determineIfSSLEnabledForSSLComponent(final DistributionConfig distributionConfig,
final SecurableCommunicationChannel sslEnabledComponent) {
- if (ArrayUtils.contains(getDistributionConfig().getSecurableCommunicationChannels(),
+ if (ArrayUtils.contains(distributionConfig.getSecurableCommunicationChannels(),
SecurableCommunicationChannel.NONE)) {
return false;
}
- if (ArrayUtils.contains(getDistributionConfig().getSecurableCommunicationChannels(),
+ if (ArrayUtils.contains(distributionConfig.getSecurableCommunicationChannels(),
SecurableCommunicationChannel.ALL)) {
return true;
}
- return ArrayUtils.contains(getDistributionConfig().getSecurableCommunicationChannels(),
+ return ArrayUtils.contains(distributionConfig.getSecurableCommunicationChannels(),
sslEnabledComponent) ? true : false;
}
@@ -189,17 +201,18 @@ public class SSLConfigurationFactory {
* @return A sslConfig object describing the ssl config for the server component
* @deprecated as of Geode 1.0
*/
- private SSLConfig configureLegacyClusterSSL(SSLConfig sslConfig) {
- sslConfig.setCiphers(getDistributionConfig().getClusterSSLCiphers());
- sslConfig.setEnabled(getDistributionConfig().getClusterSSLEnabled());
- sslConfig.setKeystore(getDistributionConfig().getClusterSSLKeyStore());
- sslConfig.setKeystorePassword(getDistributionConfig().getClusterSSLKeyStorePassword());
- sslConfig.setKeystoreType(getDistributionConfig().getClusterSSLKeyStoreType());
- sslConfig.setTruststore(getDistributionConfig().getClusterSSLTrustStore());
- sslConfig.setTruststorePassword(getDistributionConfig().getClusterSSLTrustStorePassword());
- sslConfig.setTruststoreType(getDistributionConfig().getClusterSSLKeyStoreType());
- sslConfig.setProtocols(getDistributionConfig().getClusterSSLProtocols());
- sslConfig.setRequireAuth(getDistributionConfig().getClusterSSLRequireAuthentication());
+ private SSLConfig configureLegacyClusterSSL(final DistributionConfig distributionConfig,
+ final SSLConfig sslConfig) {
+ sslConfig.setCiphers(distributionConfig.getClusterSSLCiphers());
+ sslConfig.setEnabled(distributionConfig.getClusterSSLEnabled());
+ sslConfig.setKeystore(distributionConfig.getClusterSSLKeyStore());
+ sslConfig.setKeystorePassword(distributionConfig.getClusterSSLKeyStorePassword());
+ sslConfig.setKeystoreType(distributionConfig.getClusterSSLKeyStoreType());
+ sslConfig.setTruststore(distributionConfig.getClusterSSLTrustStore());
+ sslConfig.setTruststorePassword(distributionConfig.getClusterSSLTrustStorePassword());
+ sslConfig.setTruststoreType(distributionConfig.getClusterSSLKeyStoreType());
+ sslConfig.setProtocols(distributionConfig.getClusterSSLProtocols());
+ sslConfig.setRequireAuth(distributionConfig.getClusterSSLRequireAuthentication());
return sslConfig;
}
@@ -209,17 +222,18 @@ public class SSLConfigurationFactory {
* @return A sslConfig object describing the ssl config for the server component
* @deprecated as of Geode 1.0
*/
- private SSLConfig configureLegacyServerSSL(SSLConfig sslConfig) {
- sslConfig.setCiphers(getDistributionConfig().getServerSSLCiphers());
- sslConfig.setEnabled(getDistributionConfig().getServerSSLEnabled());
- sslConfig.setKeystore(getDistributionConfig().getServerSSLKeyStore());
- sslConfig.setKeystorePassword(getDistributionConfig().getServerSSLKeyStorePassword());
- sslConfig.setKeystoreType(getDistributionConfig().getServerSSLKeyStoreType());
- sslConfig.setTruststore(getDistributionConfig().getServerSSLTrustStore());
- sslConfig.setTruststorePassword(getDistributionConfig().getServerSSLTrustStorePassword());
- sslConfig.setTruststoreType(getDistributionConfig().getServerSSLKeyStoreType());
- sslConfig.setProtocols(getDistributionConfig().getServerSSLProtocols());
- sslConfig.setRequireAuth(getDistributionConfig().getServerSSLRequireAuthentication());
+ private SSLConfig configureLegacyServerSSL(final DistributionConfig distributionConfig,
+ final SSLConfig sslConfig) {
+ sslConfig.setCiphers(distributionConfig.getServerSSLCiphers());
+ sslConfig.setEnabled(distributionConfig.getServerSSLEnabled());
+ sslConfig.setKeystore(distributionConfig.getServerSSLKeyStore());
+ sslConfig.setKeystorePassword(distributionConfig.getServerSSLKeyStorePassword());
+ sslConfig.setKeystoreType(distributionConfig.getServerSSLKeyStoreType());
+ sslConfig.setTruststore(distributionConfig.getServerSSLTrustStore());
+ sslConfig.setTruststorePassword(distributionConfig.getServerSSLTrustStorePassword());
+ sslConfig.setTruststoreType(distributionConfig.getServerSSLKeyStoreType());
+ sslConfig.setProtocols(distributionConfig.getServerSSLProtocols());
+ sslConfig.setRequireAuth(distributionConfig.getServerSSLRequireAuthentication());
return sslConfig;
}
@@ -229,17 +243,18 @@ public class SSLConfigurationFactory {
* @return A sslConfig object describing the ssl config for the jmx component
* @deprecated as of Geode 1.0
*/
- private SSLConfig configureLegacyJMXSSL(SSLConfig sslConfig) {
- sslConfig.setCiphers(getDistributionConfig().getJmxManagerSSLCiphers());
- sslConfig.setEnabled(getDistributionConfig().getJmxManagerSSLEnabled());
- sslConfig.setKeystore(getDistributionConfig().getJmxManagerSSLKeyStore());
- sslConfig.setKeystorePassword(getDistributionConfig().getJmxManagerSSLKeyStorePassword());
- sslConfig.setKeystoreType(getDistributionConfig().getJmxManagerSSLKeyStoreType());
- sslConfig.setTruststore(getDistributionConfig().getJmxManagerSSLTrustStore());
- sslConfig.setTruststorePassword(getDistributionConfig().getJmxManagerSSLTrustStorePassword());
- sslConfig.setTruststoreType(getDistributionConfig().getJmxManagerSSLKeyStoreType());
- sslConfig.setProtocols(getDistributionConfig().getJmxManagerSSLProtocols());
- sslConfig.setRequireAuth(getDistributionConfig().getJmxManagerSSLRequireAuthentication());
+ private SSLConfig configureLegacyJMXSSL(final DistributionConfig distributionConfig,
+ final SSLConfig sslConfig) {
+ sslConfig.setCiphers(distributionConfig.getJmxManagerSSLCiphers());
+ sslConfig.setEnabled(distributionConfig.getJmxManagerSSLEnabled());
+ sslConfig.setKeystore(distributionConfig.getJmxManagerSSLKeyStore());
+ sslConfig.setKeystorePassword(distributionConfig.getJmxManagerSSLKeyStorePassword());
+ sslConfig.setKeystoreType(distributionConfig.getJmxManagerSSLKeyStoreType());
+ sslConfig.setTruststore(distributionConfig.getJmxManagerSSLTrustStore());
+ sslConfig.setTruststorePassword(distributionConfig.getJmxManagerSSLTrustStorePassword());
+ sslConfig.setTruststoreType(distributionConfig.getJmxManagerSSLKeyStoreType());
+ sslConfig.setProtocols(distributionConfig.getJmxManagerSSLProtocols());
+ sslConfig.setRequireAuth(distributionConfig.getJmxManagerSSLRequireAuthentication());
return sslConfig;
}
@@ -249,16 +264,17 @@ public class SSLConfigurationFactory {
* @return A sslConfig object describing the ssl config for the gateway component
* @deprecated as of Geode 1.0
*/
- private SSLConfig configureLegacyGatewaySSL(SSLConfig sslConfig) {
- sslConfig.setCiphers(getDistributionConfig().getGatewaySSLCiphers());
- sslConfig.setEnabled(getDistributionConfig().getGatewaySSLEnabled());
- sslConfig.setKeystore(getDistributionConfig().getGatewaySSLKeyStore());
- sslConfig.setKeystorePassword(getDistributionConfig().getGatewaySSLKeyStorePassword());
- sslConfig.setKeystoreType(getDistributionConfig().getGatewaySSLKeyStoreType());
- sslConfig.setTruststore(getDistributionConfig().getGatewaySSLTrustStore());
- sslConfig.setTruststorePassword(getDistributionConfig().getGatewaySSLTrustStorePassword());
- sslConfig.setProtocols(getDistributionConfig().getGatewaySSLProtocols());
- sslConfig.setRequireAuth(getDistributionConfig().getGatewaySSLRequireAuthentication());
+ private SSLConfig configureLegacyGatewaySSL(final DistributionConfig distributionConfig,
+ final SSLConfig sslConfig) {
+ sslConfig.setCiphers(distributionConfig.getGatewaySSLCiphers());
+ sslConfig.setEnabled(distributionConfig.getGatewaySSLEnabled());
+ sslConfig.setKeystore(distributionConfig.getGatewaySSLKeyStore());
+ sslConfig.setKeystorePassword(distributionConfig.getGatewaySSLKeyStorePassword());
+ sslConfig.setKeystoreType(distributionConfig.getGatewaySSLKeyStoreType());
+ sslConfig.setTruststore(distributionConfig.getGatewaySSLTrustStore());
+ sslConfig.setTruststorePassword(distributionConfig.getGatewaySSLTrustStorePassword());
+ sslConfig.setProtocols(distributionConfig.getGatewaySSLProtocols());
+ sslConfig.setRequireAuth(distributionConfig.getGatewaySSLRequireAuthentication());
return sslConfig;
}
@@ -268,17 +284,18 @@ public class SSLConfigurationFactory {
* @return A sslConfig object describing the ssl config for the http service component
* @deprecated as of Geode 1.0
*/
- private SSLConfig configureLegacyHttpServiceSSL(SSLConfig sslConfig) {
- sslConfig.setCiphers(getDistributionConfig().getHttpServiceSSLCiphers());
- sslConfig.setEnabled(getDistributionConfig().getHttpServiceSSLEnabled());
- sslConfig.setKeystore(getDistributionConfig().getHttpServiceSSLKeyStore());
- sslConfig.setKeystorePassword(getDistributionConfig().getHttpServiceSSLKeyStorePassword());
- sslConfig.setKeystoreType(getDistributionConfig().getHttpServiceSSLKeyStoreType());
- sslConfig.setTruststore(getDistributionConfig().getHttpServiceSSLTrustStore());
- sslConfig.setTruststorePassword(getDistributionConfig().getHttpServiceSSLTrustStorePassword());
- sslConfig.setTruststoreType(getDistributionConfig().getHttpServiceSSLKeyStoreType());
- sslConfig.setProtocols(getDistributionConfig().getHttpServiceSSLProtocols());
- sslConfig.setRequireAuth(getDistributionConfig().getHttpServiceSSLRequireAuthentication());
+ private SSLConfig configureLegacyHttpServiceSSL(final DistributionConfig distributionConfig,
+ final SSLConfig sslConfig) {
+ sslConfig.setCiphers(distributionConfig.getHttpServiceSSLCiphers());
+ sslConfig.setEnabled(distributionConfig.getHttpServiceSSLEnabled());
+ sslConfig.setKeystore(distributionConfig.getHttpServiceSSLKeyStore());
+ sslConfig.setKeystorePassword(distributionConfig.getHttpServiceSSLKeyStorePassword());
+ sslConfig.setKeystoreType(distributionConfig.getHttpServiceSSLKeyStoreType());
+ sslConfig.setTruststore(distributionConfig.getHttpServiceSSLTrustStore());
+ sslConfig.setTruststorePassword(distributionConfig.getHttpServiceSSLTrustStorePassword());
+ sslConfig.setTruststoreType(distributionConfig.getHttpServiceSSLKeyStoreType());
+ sslConfig.setProtocols(distributionConfig.getHttpServiceSSLProtocols());
+ sslConfig.setRequireAuth(distributionConfig.getHttpServiceSSLRequireAuthentication());
return sslConfig;
}
@@ -357,4 +374,15 @@ public class SSLConfigurationFactory {
return sslConfig;
}
+
+ public static SSLConfig getSSLConfigForComponent(DistributionConfig distributionConfig,
+ SecurableCommunicationChannel sslEnabledComponent) {
+ return getInstance().createSSLConfigForComponent(distributionConfig, sslEnabledComponent);
+ }
+
+ public static SSLConfig getSSLConfigForComponent(Properties properties,
+ SecurableCommunicationChannel sslEnabledComponent) {
+ return getInstance().createSSLConfigForComponent(new DistributionConfigImpl(properties),
+ sslEnabledComponent);
+ }
}
http://git-wip-us.apache.org/repos/asf/geode/blob/7352fcc7/geode-core/src/main/java/org/apache/geode/management/internal/JmxManagerLocatorRequest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/JmxManagerLocatorRequest.java b/geode-core/src/main/java/org/apache/geode/management/internal/JmxManagerLocatorRequest.java
index eb71d38..dcf9b22 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/JmxManagerLocatorRequest.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/JmxManagerLocatorRequest.java
@@ -19,14 +19,16 @@ import java.io.DataOutput;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
-import java.util.Map;
import java.util.Properties;
-import org.apache.geode.distributed.internal.DistributionConfigImpl;
+import org.apache.geode.distributed.internal.tcpserver.LocatorCancelException;
import org.apache.geode.distributed.internal.tcpserver.TcpClient;
import org.apache.geode.internal.DataSerializableFixedID;
import org.apache.geode.internal.Version;
-import org.apache.geode.internal.net.*;
+import org.apache.geode.internal.admin.SSLConfig;
+import org.apache.geode.internal.net.SSLConfigurationFactory;
+import org.apache.geode.internal.net.SocketCreator;
+import org.apache.geode.internal.security.SecurableCommunicationChannel;
/**
* Sent to a locator to request it to find (and possibly start) a jmx manager for us. It returns a
@@ -37,10 +39,6 @@ import org.apache.geode.internal.net.*;
*/
public class JmxManagerLocatorRequest implements DataSerializableFixedID {
- public JmxManagerLocatorRequest() {
- super();
- }
-
public void fromData(DataInput in) throws IOException, ClassNotFoundException {}
public void toData(DataOutput out) throws IOException {}
@@ -69,38 +67,25 @@ public class JmxManagerLocatorRequest implements DataSerializableFixedID {
* have trouble communicating with it.
*/
public static JmxManagerLocatorResponse send(String locatorHost, int locatorPort, int msTimeout,
- Map<String, String> sslConfigProps) throws IOException {
- Properties distributionConfigProps = new Properties();
+ Properties sslConfigProps) throws IOException, ClassNotFoundException {
InetAddress networkAddress = InetAddress.getByName(locatorHost);
InetSocketAddress inetSockAddr = new InetSocketAddress(networkAddress, locatorPort);
- try {
- if (sslConfigProps != null) {
- distributionConfigProps.putAll(sslConfigProps);
- }
-
- TcpClient client = new TcpClient(new DistributionConfigImpl(distributionConfigProps));
- Object responseFromServer = client.requestToServer(inetSockAddr, SINGLETON, msTimeout, true);
+ // simply need to turn sslConfigProps into sslConfig for locator
+ SSLConfig sslConfig = SSLConfigurationFactory.getSSLConfigForComponent(sslConfigProps,
+ SecurableCommunicationChannel.LOCATOR);
+ SocketCreator socketCreator = new SocketCreator(sslConfig);
+ TcpClient client = new TcpClient(socketCreator);
+ Object responseFromServer = client.requestToServer(inetSockAddr, SINGLETON, msTimeout, true);
+ if (responseFromServer instanceof JmxManagerLocatorResponse)
return (JmxManagerLocatorResponse) responseFromServer;
- } catch (ClassNotFoundException unexpected) {
- throw new IllegalStateException(unexpected);
- } catch (ClassCastException unexpected) {
- // FIXME - Abhishek: object read is type "int" instead of
- // JmxManagerLocatorResponse when the Locator is using SSL & the request
- // didn't use SSL -> this causes ClassCastException. Not sure how to make
- // locator meaningful message
- throw new IllegalStateException(unexpected);
- } finally {
- distributionConfigProps.clear();
+ else {
+ throw new LocatorCancelException(
+ "Unrecognisable response received: This could be the result of trying to connect a non-SSL-enabled client to an SSL-enabled locator.");
}
}
- public static JmxManagerLocatorResponse send(String locatorHost, int locatorPort, int msTimeout)
- throws IOException {
- return send(locatorHost, locatorPort, msTimeout, null);
- }
-
@Override
public Version[] getSerializationVersions() {
// TODO Auto-generated method stub
http://git-wip-us.apache.org/repos/asf/geode/blob/7352fcc7/geode-core/src/main/java/org/apache/geode/management/internal/beans/BeanUtilFuncs.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/beans/BeanUtilFuncs.java b/geode-core/src/main/java/org/apache/geode/management/internal/beans/BeanUtilFuncs.java
index 16d45bc..31a198b 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/beans/BeanUtilFuncs.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/beans/BeanUtilFuncs.java
@@ -308,6 +308,7 @@ public class BeanUtilFuncs {
gemFirePropertyData.setSSLKeyStore(config.getSSLKeyStore());
gemFirePropertyData.setSSLKeyStoreType(config.getSSLKeyStoreType());
gemFirePropertyData.setSSLKeyStorePassword(config.getSSLKeyStorePassword());
+
gemFirePropertyData.setSSLTrustStore(config.getSSLTrustStore());
gemFirePropertyData.setSSLTrustStorePassword(config.getSSLTrustStorePassword());
gemFirePropertyData.setSSLTrustStoreType(config.getSSLTrustStoreType());
http://git-wip-us.apache.org/repos/asf/geode/blob/7352fcc7/geode-core/src/main/java/org/apache/geode/management/internal/cli/AbstractCliAroundInterceptor.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/AbstractCliAroundInterceptor.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/AbstractCliAroundInterceptor.java
index 3e1357d..1b84649 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/AbstractCliAroundInterceptor.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/AbstractCliAroundInterceptor.java
@@ -16,8 +16,6 @@ package org.apache.geode.management.internal.cli;
import org.apache.geode.management.internal.cli.shell.Gfsh;
-import java.io.IOException;
-
/**
* Semi-complete implementation of {@link CliAroundInterceptor} for convenience for implementors.
*
@@ -66,7 +64,7 @@ public abstract class AbstractCliAroundInterceptor implements CliAroundIntercept
return gfsh != null && !gfsh.isQuietMode() && !gfsh.isHeadlessMode();
}
- protected String interact(String message) throws IOException {
+ protected String interact(String message) {
return Gfsh.getCurrentInstance().interact(message);
}
@@ -83,18 +81,12 @@ public abstract class AbstractCliAroundInterceptor implements CliAroundIntercept
Response response = null;
do {
- try {
- String userInput = interact(message);
-
- if (isNullOrEmpty(userInput)) {
- return defaultResponse;
- }
- response = Response.fromString(userInput);
+ String userInput = interact(message);
- } catch (IOException ioex) {
- severe("Could not read user response", ioex);
- // What can you do except try again???
+ if (isNullOrEmpty(userInput)) {
+ return defaultResponse;
}
+ response = Response.fromString(userInput);
} while (response == null);
http://git-wip-us.apache.org/repos/asf/geode/blob/7352fcc7/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ConnectCommand.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ConnectCommand.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ConnectCommand.java
index be556a4..274f61c 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ConnectCommand.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ConnectCommand.java
@@ -15,26 +15,19 @@
package org.apache.geode.management.internal.cli.commands;
-import static org.apache.geode.distributed.ConfigurationProperties.LOCATORS;
-import static org.apache.geode.distributed.ConfigurationProperties.MCAST_PORT;
-import static org.apache.geode.distributed.ConfigurationProperties.SSL_CIPHERS;
-import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE;
-import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE_PASSWORD;
-import static org.apache.geode.distributed.ConfigurationProperties.SSL_PROTOCOLS;
-import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE;
-import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE_PASSWORD;
-import static org.apache.geode.management.internal.cli.shell.Gfsh.SSL_ENABLED_CIPHERS;
-import static org.apache.geode.management.internal.cli.shell.Gfsh.SSL_ENABLED_PROTOCOLS;
+import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_PREFIX;
+import static org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_SSL_PREFIX;
+import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_PREFIX;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
-import java.net.URL;
+import java.net.MalformedURLException;
import java.security.KeyStore;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.LinkedHashMap;
+import java.util.Arrays;
import java.util.Map;
+import java.util.Objects;
+import java.util.Properties;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
@@ -46,16 +39,16 @@ import org.springframework.shell.core.annotation.CliCommand;
import org.springframework.shell.core.annotation.CliOption;
import org.apache.geode.internal.DSFIDFactory;
+import org.apache.geode.internal.admin.SSLConfig;
import org.apache.geode.internal.lang.Initializer;
-import org.apache.geode.internal.util.IOUtils;
-import org.apache.geode.internal.util.PasswordUtil;
+import org.apache.geode.internal.net.SSLConfigurationFactory;
+import org.apache.geode.internal.security.SecurableCommunicationChannel;
import org.apache.geode.management.cli.CliMetaData;
import org.apache.geode.management.cli.ConverterHint;
import org.apache.geode.management.cli.Result;
import org.apache.geode.management.internal.JmxManagerLocatorRequest;
import org.apache.geode.management.internal.JmxManagerLocatorResponse;
import org.apache.geode.management.internal.SSLUtil;
-import org.apache.geode.management.internal.cli.CliUtil;
import org.apache.geode.management.internal.cli.LogWrapper;
import org.apache.geode.management.internal.cli.converters.ConnectionEndpointConverter;
import org.apache.geode.management.internal.cli.domain.ConnectToLocatorResult;
@@ -65,6 +58,7 @@ import org.apache.geode.management.internal.cli.result.ResultBuilder;
import org.apache.geode.management.internal.cli.shell.Gfsh;
import org.apache.geode.management.internal.cli.shell.JmxOperationInvoker;
import org.apache.geode.management.internal.cli.util.ConnectionEndpoint;
+import org.apache.geode.management.internal.security.ResourceConstants;
import org.apache.geode.management.internal.web.domain.LinkIndex;
import org.apache.geode.management.internal.web.http.support.SimpleHttpRequester;
import org.apache.geode.management.internal.web.shell.HttpOperationInvoker;
@@ -75,6 +69,12 @@ public class ConnectCommand implements GfshCommand {
// millis that connect --locator will wait for a response from the locator.
public final static int CONNECT_LOCATOR_TIMEOUT_MS = 60000; // see bug 45971
+ static UserInputProperty[] USERINPUTPROPERTIES =
+ {UserInputProperty.KEYSTORE, UserInputProperty.KEYSTORE_PASSWORD,
+ UserInputProperty.KEYSTORE_TYPE, UserInputProperty.TRUSTSTORE,
+ UserInputProperty.TRUSTSTORE_PASSWORD, UserInputProperty.TRUSTSTORE_TYPE,
+ UserInputProperty.CIPHERS, UserInputProperty.PROTOCOL, UserInputProperty.COMPONENT};
+
@CliCommand(value = {CliStrings.CONNECT}, help = CliStrings.CONNECT__HELP)
@CliMetaData(shellOnly = true, relatedTopic = {CliStrings.TOPIC_GFSH, CliStrings.TOPIC_GEODE_JMX,
CliStrings.TOPIC_GEODE_MANAGER})
@@ -82,118 +82,178 @@ public class ConnectCommand implements GfshCommand {
@CliOption(key = {CliStrings.CONNECT__LOCATOR},
unspecifiedDefaultValue = ConnectionEndpointConverter.DEFAULT_LOCATOR_ENDPOINTS,
optionContext = ConnectionEndpoint.LOCATOR_OPTION_CONTEXT,
- help = CliStrings.CONNECT__LOCATOR__HELP) ConnectionEndpoint locatorTcpHostPort,
+ help = CliStrings.CONNECT__LOCATOR__HELP) ConnectionEndpoint locatorEndPoint,
@CliOption(key = {CliStrings.CONNECT__JMX_MANAGER},
- unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE,
optionContext = ConnectionEndpoint.JMXMANAGER_OPTION_CONTEXT,
- help = CliStrings.CONNECT__JMX_MANAGER__HELP) ConnectionEndpoint memberRmiHostPort,
- @CliOption(key = {CliStrings.CONNECT__USE_HTTP}, mandatory = false,
- specifiedDefaultValue = "true", unspecifiedDefaultValue = "false",
+ help = CliStrings.CONNECT__JMX_MANAGER__HELP) ConnectionEndpoint jmxManagerEndPoint,
+ @CliOption(key = {CliStrings.CONNECT__USE_HTTP}, specifiedDefaultValue = "true",
+ unspecifiedDefaultValue = "false",
help = CliStrings.CONNECT__USE_HTTP__HELP) boolean useHttp,
- @CliOption(key = {CliStrings.CONNECT__URL}, mandatory = false,
+ @CliOption(key = {CliStrings.CONNECT__URL},
unspecifiedDefaultValue = CliStrings.CONNECT__DEFAULT_BASE_URL,
help = CliStrings.CONNECT__URL__HELP) String url,
@CliOption(key = {CliStrings.CONNECT__USERNAME},
- unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE,
help = CliStrings.CONNECT__USERNAME__HELP) String userName,
@CliOption(key = {CliStrings.CONNECT__PASSWORD},
- unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE,
help = CliStrings.CONNECT__PASSWORD__HELP) String password,
@CliOption(key = {CliStrings.CONNECT__KEY_STORE},
- unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE,
help = CliStrings.CONNECT__KEY_STORE__HELP) String keystore,
@CliOption(key = {CliStrings.CONNECT__KEY_STORE_PASSWORD},
- unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE,
help = CliStrings.CONNECT__KEY_STORE_PASSWORD__HELP) String keystorePassword,
@CliOption(key = {CliStrings.CONNECT__TRUST_STORE},
- unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE,
help = CliStrings.CONNECT__TRUST_STORE__HELP) String truststore,
@CliOption(key = {CliStrings.CONNECT__TRUST_STORE_PASSWORD},
- unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE,
help = CliStrings.CONNECT__TRUST_STORE_PASSWORD__HELP) String truststorePassword,
@CliOption(key = {CliStrings.CONNECT__SSL_CIPHERS},
- unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE,
help = CliStrings.CONNECT__SSL_CIPHERS__HELP) String sslCiphers,
@CliOption(key = {CliStrings.CONNECT__SSL_PROTOCOLS},
- unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE,
help = CliStrings.CONNECT__SSL_PROTOCOLS__HELP) String sslProtocols,
- @CliOption(key = CliStrings.CONNECT__SECURITY_PROPERTIES,
- optionContext = ConverterHint.FILE_PATH,
- unspecifiedDefaultValue = CliMetaData.ANNOTATION_NULL_VALUE,
- help = CliStrings.CONNECT__SECURITY_PROPERTIES__HELP) final String gfSecurityPropertiesPath,
+ @CliOption(key = CliStrings.CONNECT__SECURITY_PROPERTIES, optionContext = ConverterHint.FILE,
+ help = CliStrings.CONNECT__SECURITY_PROPERTIES__HELP) final File gfSecurityPropertiesFile,
@CliOption(key = {CliStrings.CONNECT__USE_SSL}, specifiedDefaultValue = "true",
unspecifiedDefaultValue = "false",
- help = CliStrings.CONNECT__USE_SSL__HELP) final boolean useSsl) {
- Result result;
- String passwordToUse = PasswordUtil.decrypt(password);
- String keystoreToUse = keystore;
- String keystorePasswordToUse = keystorePassword;
- String truststoreToUse = truststore;
- String truststorePasswordToUse = truststorePassword;
- String sslCiphersToUse = sslCiphers;
- String sslProtocolsToUse = sslProtocols;
+ help = CliStrings.CONNECT__USE_SSL__HELP) boolean useSsl)
+ throws MalformedURLException {
+ Result result;
Gfsh gfsh = getGfsh();
+
+ // bail out if gfsh is already connected.
if (gfsh != null && gfsh.isConnectedAndReady()) {
return ResultBuilder
.createInfoResult("Already connected to: " + getGfsh().getOperationInvoker().toString());
}
- Map<String, String> sslConfigProps = null;
- try {
- if (userName != null && userName.length() > 0) {
- if (passwordToUse == null || passwordToUse.length() == 0) {
- passwordToUse = gfsh.readPassword(CliStrings.CONNECT__PASSWORD + ": ");
- }
- if (passwordToUse == null || passwordToUse.length() == 0) {
- return ResultBuilder
- .createConnectionErrorResult(CliStrings.CONNECT__MSG__JMX_PASSWORD_MUST_BE_SPECIFIED);
- }
- }
+ // ssl options are passed in in the order defined in USERINPUTPROPERTIES, note the two types
+ // are null, because we don't have connect command options for them yet
+ Properties gfProperties = resolveSslProperties(gfsh, useSsl, null, gfSecurityPropertiesFile,
+ keystore, keystorePassword, null, truststore, truststorePassword, null, sslCiphers,
+ sslProtocols, null);
- sslConfigProps = this.readSSLConfiguration(useSsl, keystoreToUse, keystorePasswordToUse,
- truststoreToUse, truststorePasswordToUse, sslCiphersToUse, sslProtocolsToUse,
- gfSecurityPropertiesPath);
- } catch (IOException e) {
- return handleExcpetion(e, null);
+ if (containsSSLConfig(gfProperties) || containsLegacySSLConfig(gfProperties)) {
+ useSsl = true;
+ }
+
+ // if username is specified in the option but password is not, prompt for the password
+ // note if gfProperties has username but no password, we would not prompt for password yet,
+ // because we may not need username/password combination to connect.
+ if (userName != null) {
+ gfProperties.setProperty(ResourceConstants.USER_NAME, userName);
+ if (password == null) {
+ password = UserInputProperty.PASSWORD.promptForAcceptableValue(gfsh);
+ }
+ gfProperties.setProperty(UserInputProperty.PASSWORD.getKey(), password);
}
+ // TODO: refactor this to be more readable, like
+ /*
+ * if(useHttp) connectOverHttp else if(jmxManagerEndPoint==null) connectToLocator to get the
+ * jmxManagerEndPoint else connectTo jmxManagerEndPoint
+ */
if (useHttp) {
- result = httpConnect(sslConfigProps, useSsl, url, userName, passwordToUse);
+ result = httpConnect(gfProperties, url);
} else {
- result = jmxConnect(sslConfigProps, memberRmiHostPort, locatorTcpHostPort, useSsl, userName,
- passwordToUse, gfSecurityPropertiesPath, false);
+ result = jmxConnect(gfProperties, useSsl, jmxManagerEndPoint, locatorEndPoint, false);
}
return result;
}
+ /**
+ *
+ * @param gfsh
+ * @param useSsl if true, and no files/options passed, we would still insist on prompting for ssl
+ * config (considered only when the last three parameters are null)
+ * @param gfPropertiesFile gemfire properties file, can be null
+ * @param gfSecurityPropertiesFile gemfire security properties file, can be null
+ * @param sslOptionValues an array of 9 in this order, as defined in USERINPUTPROPERTIES
+ * @return the properties
+ */
+ Properties resolveSslProperties(Gfsh gfsh, boolean useSsl, File gfPropertiesFile,
+ File gfSecurityPropertiesFile, String... sslOptionValues) {
- private Result httpConnect(Map<String, String> sslConfigProps, boolean useSsl, String url,
- String userName, String passwordToUse) {
- Gfsh gfsh = getGfsh();
- try {
- Map<String, String> securityProperties = new HashMap<String, String>();
+ // first trying to load the sslProperties from the file
+ Properties gfProperties = loadProperties(gfPropertiesFile, gfSecurityPropertiesFile);
- // at this point, if userName is not empty, password should not be empty either
- if (userName != null && userName.length() > 0) {
- securityProperties.put("security-username", userName);
- securityProperties.put("security-password", passwordToUse);
+ // if the security file is a legacy ssl security file, then the rest of the command options, if
+ // any, are ignored. Because we are not trying to add/replace the legacy ssl values using the
+ // command line values. all command line ssl values updates the ssl-* options.
+ if (containsLegacySSLConfig(gfProperties)) {
+ return gfProperties;
+ }
+
+ // if nothing indicates we should prompt for missing ssl config info, return immediately
+ if (!(useSsl || containsSSLConfig(gfProperties) || isSslImpliedBySslOptions(sslOptionValues))) {
+ return gfProperties;
+ }
+
+ // if use ssl is implied by any of the options, then command option will add to/update the
+ // properties loaded from file. If the ssl config is not specified anywhere, prompt user for it.
+ for (int i = 0; i < USERINPUTPROPERTIES.length; i++) {
+ UserInputProperty userInputProperty = USERINPUTPROPERTIES[i];
+ String sslOptionValue = null;
+ if (sslOptionValues != null && sslOptionValues.length > i) {
+ sslOptionValue = sslOptionValues[i];
}
+ String sslConfigValue = gfProperties.getProperty(userInputProperty.getKey());
- if (useSsl) {
- configureHttpsURLConnection(sslConfigProps);
+ // if this option is specified, always use this value
+ if (sslOptionValue != null) {
+ gfProperties.setProperty(userInputProperty.getKey(), sslOptionValue);
+ }
+ // if option is not specified and not present in the original properties, prompt for it
+ else if (sslConfigValue == null) {
+ gfProperties.setProperty(userInputProperty.getKey(),
+ userInputProperty.promptForAcceptableValue(gfsh));
+ }
+ }
+
+ return gfProperties;
+ }
+
+ boolean isSslImpliedBySslOptions(String... sslOptions) {
+ if (sslOptions == null) {
+ return false;
+ }
+ return Arrays.stream(sslOptions).anyMatch(Objects::nonNull);
+ }
+
+ Properties loadProperties(File... files) {
+ Properties properties = new Properties();
+ if (files == null) {
+ return properties;
+ }
+ for (File file : files) {
+ if (file != null) {
+ properties.putAll(ShellCommands.loadProperties(file));
+ }
+ }
+ return properties;
+ }
+
+ static boolean containsLegacySSLConfig(Properties properties) {
+ return properties.stringPropertyNames().stream()
+ .anyMatch(key -> key.startsWith(CLUSTER_SSL_PREFIX)
+ || key.startsWith(JMX_MANAGER_SSL_PREFIX) || key.startsWith(HTTP_SERVICE_SSL_PREFIX));
+ }
+
+ static boolean containsSSLConfig(Properties properties) {
+ return properties.stringPropertyNames().stream().anyMatch(key -> key.startsWith("ssl-"));
+ }
+
+
+ Result httpConnect(Properties gfProperties, String url) {
+ Gfsh gfsh = getGfsh();
+ try {
+ SSLConfig sslConfig = SSLConfigurationFactory.getSSLConfigForComponent(gfProperties,
+ SecurableCommunicationChannel.WEB);
+ if (sslConfig.isEnabled()) {
+ configureHttpsURLConnection(sslConfig);
if (url.startsWith("http:")) {
url = url.replace("http:", "https:");
}
}
- Iterator<String> it = sslConfigProps.keySet().iterator();
- while (it.hasNext()) {
- String secKey = it.next();
- securityProperties.put(secKey, sslConfigProps.get(secKey));
- }
-
// This is so that SSL termination results in https URLs being returned
String query = (url.startsWith("https")) ? "?scheme=https" : "";
@@ -201,14 +261,14 @@ public class ConnectCommand implements GfshCommand {
"Sending HTTP request for Link Index at (%1$s)...", url.concat("/index").concat(query)));
LinkIndex linkIndex =
- new SimpleHttpRequester(gfsh, CONNECT_LOCATOR_TIMEOUT_MS, securityProperties)
+ new SimpleHttpRequester(gfsh, CONNECT_LOCATOR_TIMEOUT_MS, (Map) gfProperties)
.exchange(url.concat("/index").concat(query), LinkIndex.class);
LogWrapper.getInstance()
.warning(String.format("Received Link Index (%1$s)", linkIndex.toString()));
HttpOperationInvoker operationInvoker =
- new RestHttpOperationInvoker(linkIndex, gfsh, url, securityProperties);
+ new RestHttpOperationInvoker(linkIndex, gfsh, url, (Map) gfProperties);
Initializer.init(operationInvoker);
gfsh.setOperationInvoker(operationInvoker);
@@ -226,244 +286,103 @@ public class ConnectCommand implements GfshCommand {
// if it's security exception, and we already sent in username and password, still retuns the
// connection error
- if (userName != null) {
+ if (gfProperties.containsKey(ResourceConstants.USER_NAME)) {
return handleExcpetion(e, null);
}
// otherwise, prompt for username and password and retry the conenction
- try {
- userName = gfsh.readText(CliStrings.CONNECT__USERNAME + ": ");
- passwordToUse = gfsh.readPassword(CliStrings.CONNECT__PASSWORD + ": ");
- return httpConnect(sslConfigProps, useSsl, url, userName, passwordToUse);
- } catch (IOException ioe) {
- return handleExcpetion(ioe, null);
- }
+ gfProperties.setProperty(UserInputProperty.USERNAME.getKey(),
+ UserInputProperty.USERNAME.promptForAcceptableValue(gfsh));
+ gfProperties.setProperty(UserInputProperty.PASSWORD.getKey(),
+ UserInputProperty.PASSWORD.promptForAcceptableValue(gfsh));
+ return httpConnect(gfProperties, url);
+
} finally {
Gfsh.redirectInternalJavaLoggers();
}
}
- private Result jmxConnect(Map<String, String> sslConfigProps,
- ConnectionEndpoint memberRmiHostPort, ConnectionEndpoint locatorTcpHostPort, boolean useSsl,
- String userName, String passwordToUse, String gfSecurityPropertiesPath, boolean retry) {
- ConnectionEndpoint hostPortToConnect = null;
+ Result jmxConnect(Properties gfProperties, boolean useSsl, ConnectionEndpoint memberRmiHostPort,
+ ConnectionEndpoint locatorTcpHostPort, boolean retry) {
+ ConnectionEndpoint jmxHostPortToConnect = null;
Gfsh gfsh = getGfsh();
try {
-
- // trying to find the hostPortToConnect, if rmi host port exists, use that, otherwise, use
+ // trying to find the rmi host and port, if rmi host port exists, use that, otherwise, use
// locator to find the rmi host port
if (memberRmiHostPort != null) {
- hostPortToConnect = memberRmiHostPort;
+ jmxHostPortToConnect = memberRmiHostPort;
} else {
- // Props required to configure a SocketCreator with SSL.
- // Used for gfsh->locator connection & not needed for gfsh->manager connection
- if (useSsl || !sslConfigProps.isEmpty()) {
- sslConfigProps.put(MCAST_PORT, String.valueOf(0));
- sslConfigProps.put(LOCATORS, "");
-
- String sslInfoLogMsg = "Connecting to Locator via SSL.";
- if (useSsl) {
- sslInfoLogMsg = CliStrings.CONNECT__USE_SSL + " is set to true. " + sslInfoLogMsg;
- }
- gfsh.logToFile(sslInfoLogMsg, null);
+ if (useSsl) {
+ gfsh.logToFile(
+ CliStrings.CONNECT__USE_SSL + " is set to true. Connecting to Locator via SSL.",
+ null);
}
Gfsh.println(CliStrings.format(CliStrings.CONNECT__MSG__CONNECTING_TO_LOCATOR_AT_0,
new Object[] {locatorTcpHostPort.toString(false)}));
ConnectToLocatorResult connectToLocatorResult =
connectToLocator(locatorTcpHostPort.getHost(), locatorTcpHostPort.getPort(),
- CONNECT_LOCATOR_TIMEOUT_MS, sslConfigProps);
- hostPortToConnect = connectToLocatorResult.getMemberEndpoint();
+ CONNECT_LOCATOR_TIMEOUT_MS, gfProperties);
+ jmxHostPortToConnect = connectToLocatorResult.getMemberEndpoint();
// when locator is configured to use SSL (ssl-enabled=true) but manager is not
// (jmx-manager-ssl=false)
- if ((useSsl || !sslConfigProps.isEmpty())
- && !connectToLocatorResult.isJmxManagerSslEnabled()) {
+ if (useSsl && !connectToLocatorResult.isJmxManagerSslEnabled()) {
gfsh.logInfo(
CliStrings.CONNECT__USE_SSL
+ " is set to true. But JMX Manager doesn't support SSL, connecting without SSL.",
null);
- sslConfigProps.clear();
+ useSsl = false;
}
}
- if (!sslConfigProps.isEmpty()) {
+ if (useSsl) {
gfsh.logToFile("Connecting to manager via SSL.", null);
}
// print out the connecting endpoint
if (!retry) {
Gfsh.println(CliStrings.format(CliStrings.CONNECT__MSG__CONNECTING_TO_MANAGER_AT_0,
- new Object[] {hostPortToConnect.toString(false)}));
+ new Object[] {jmxHostPortToConnect.toString(false)}));
}
InfoResultData infoResultData = ResultBuilder.createInfoResultData();
- JmxOperationInvoker operationInvoker =
- new JmxOperationInvoker(hostPortToConnect.getHost(), hostPortToConnect.getPort(),
- userName, passwordToUse, sslConfigProps, gfSecurityPropertiesPath);
+ JmxOperationInvoker operationInvoker = new JmxOperationInvoker(jmxHostPortToConnect.getHost(),
+ jmxHostPortToConnect.getPort(), gfProperties);
gfsh.setOperationInvoker(operationInvoker);
- infoResultData.addLine(
- CliStrings.format(CliStrings.CONNECT__MSG__SUCCESS, hostPortToConnect.toString(false)));
- LogWrapper.getInstance().info(
- CliStrings.format(CliStrings.CONNECT__MSG__SUCCESS, hostPortToConnect.toString(false)));
+ infoResultData.addLine(CliStrings.format(CliStrings.CONNECT__MSG__SUCCESS,
+ jmxHostPortToConnect.toString(false)));
+ LogWrapper.getInstance().info(CliStrings.format(CliStrings.CONNECT__MSG__SUCCESS,
+ jmxHostPortToConnect.toString(false)));
return ResultBuilder.buildResult(infoResultData);
} catch (Exception e) {
// all other exceptions, just logs it and returns a connection error
if (!(e instanceof SecurityException) && !(e instanceof AuthenticationFailedException)) {
- return handleExcpetion(e, hostPortToConnect);
+ return handleExcpetion(e, jmxHostPortToConnect);
}
// if it's security exception, and we already sent in username and password, still returns the
// connection error
- if (userName != null) {
- return handleExcpetion(e, hostPortToConnect);
+ if (gfProperties.containsKey(ResourceConstants.USER_NAME)) {
+ return handleExcpetion(e, jmxHostPortToConnect);
}
// otherwise, prompt for username and password and retry the conenction
- try {
- userName = gfsh.readText(CliStrings.CONNECT__USERNAME + ": ");
- passwordToUse = gfsh.readPassword(CliStrings.CONNECT__PASSWORD + ": ");
- // GEODE-2250 If no value for both username and password, at this point we need to error to
- // avoid a stack overflow.
- if (userName == null && passwordToUse == null)
- return handleExcpetion(e, hostPortToConnect);
- return jmxConnect(sslConfigProps, hostPortToConnect, null, useSsl, userName, passwordToUse,
- gfSecurityPropertiesPath, true);
- } catch (IOException ioe) {
- return handleExcpetion(ioe, hostPortToConnect);
- }
+ gfProperties.setProperty(UserInputProperty.USERNAME.getKey(),
+ UserInputProperty.USERNAME.promptForAcceptableValue(gfsh));
+ gfProperties.setProperty(UserInputProperty.PASSWORD.getKey(),
+ UserInputProperty.PASSWORD.promptForAcceptableValue(gfsh));
+ return jmxConnect(gfProperties, useSsl, jmxHostPortToConnect, null, true);
+
} finally {
Gfsh.redirectInternalJavaLoggers();
}
}
- /**
- * Common code to read SSL information. Used by JMX, Locator & HTTP mode connect
- */
- private Map<String, String> readSSLConfiguration(boolean useSsl, String keystoreToUse,
- String keystorePasswordToUse, String truststoreToUse, String truststorePasswordToUse,
- String sslCiphersToUse, String sslProtocolsToUse, String gfSecurityPropertiesPath)
- throws IOException {
-
- Gfsh gfshInstance = getGfsh();
- final Map<String, String> sslConfigProps = new LinkedHashMap<String, String>();
-
- // JMX SSL Config 1:
- // First from gfsecurity properties file if it's specified OR
- // if the default gfsecurity.properties exists useSsl==true
- if (useSsl || gfSecurityPropertiesPath != null) {
- // reference to hold resolved gfSecurityPropertiesPath
- String gfSecurityPropertiesPathToUse = CliUtil.resolvePathname(gfSecurityPropertiesPath);
- URL gfSecurityPropertiesUrl = null;
-
- // Case 1: User has specified gfSecurity properties file
- if (StringUtils.isNotBlank(gfSecurityPropertiesPathToUse)) {
- // User specified gfSecurity properties doesn't exist
- if (!IOUtils.isExistingPathname(gfSecurityPropertiesPathToUse)) {
- gfshInstance
- .printAsSevere(CliStrings.format(CliStrings.GEODE_0_PROPERTIES_1_NOT_FOUND_MESSAGE,
- "Security ", gfSecurityPropertiesPathToUse));
- } else {
- gfSecurityPropertiesUrl = new File(gfSecurityPropertiesPathToUse).toURI().toURL();
- }
- } else if (useSsl && gfSecurityPropertiesPath == null) {
- // Case 2: User has specified to useSsl but hasn't specified
- // gfSecurity properties file. Use default "gfsecurity.properties"
- // in current dir, user's home or classpath
- gfSecurityPropertiesUrl = ShellCommands.getFileUrl("gfsecurity.properties");
- }
- // if 'gfSecurityPropertiesPath' OR gfsecurity.properties has resolvable path
- if (gfSecurityPropertiesUrl != null) {
- gfshInstance.logToFile("Using security properties file : "
- + CliUtil.decodeWithDefaultCharSet(gfSecurityPropertiesUrl.getPath()), null);
- Map<String, String> gfsecurityProps =
- ShellCommands.loadPropertiesFromURL(gfSecurityPropertiesUrl);
- // command line options (if any) would override props in gfsecurity.properties
- sslConfigProps.putAll(gfsecurityProps);
- }
- }
-
- int numTimesPrompted = 0;
- /*
- * Using do-while here for a case when --use-ssl=true is specified but no SSL options were
- * specified & there was no gfsecurity properties specified or readable in default gfsh
- * directory.
- *
- * NOTE: 2nd round of prompting is done only when sslConfigProps map is empty & useSsl is true -
- * so we won't over-write any previous values.
- */
- do {
- // JMX SSL Config 2: Now read the options
- if (numTimesPrompted > 0) {
- Gfsh.println("Please specify these SSL Configuration properties: ");
- }
-
- if (numTimesPrompted > 0) {
- // NOTE: sslConfigProps map was empty
- keystoreToUse = gfshInstance.readText(CliStrings.CONNECT__KEY_STORE + ": ");
- }
- if (keystoreToUse != null && keystoreToUse.length() > 0) {
- if (keystorePasswordToUse == null || keystorePasswordToUse.length() == 0) {
- // Check whether specified in gfsecurity props earlier
- keystorePasswordToUse = sslConfigProps.get(SSL_KEYSTORE_PASSWORD);
- if (keystorePasswordToUse == null || keystorePasswordToUse.length() == 0) {
- // not even in properties file, prompt user for it
- keystorePasswordToUse =
- gfshInstance.readPassword(CliStrings.CONNECT__KEY_STORE_PASSWORD + ": ");
- sslConfigProps.put(SSL_KEYSTORE_PASSWORD, keystorePasswordToUse);
- }
- } else {// For cases where password is already part of command option
- sslConfigProps.put(SSL_KEYSTORE_PASSWORD, keystorePasswordToUse);
- }
- sslConfigProps.put(SSL_KEYSTORE, keystoreToUse);
- }
-
- if (numTimesPrompted > 0) {
- truststoreToUse = gfshInstance.readText(CliStrings.CONNECT__TRUST_STORE + ": ");
- }
- if (truststoreToUse != null && truststoreToUse.length() > 0) {
- if (truststorePasswordToUse == null || truststorePasswordToUse.length() == 0) {
- // Check whether specified in gfsecurity props earlier?
- truststorePasswordToUse = sslConfigProps.get(SSL_TRUSTSTORE_PASSWORD);
- if (truststorePasswordToUse == null || truststorePasswordToUse.length() == 0) {
- // not even in properties file, prompt user for it
- truststorePasswordToUse =
- gfshInstance.readPassword(CliStrings.CONNECT__TRUST_STORE_PASSWORD + ": ");
- sslConfigProps.put(SSL_TRUSTSTORE_PASSWORD, truststorePasswordToUse);
- }
- } else {// For cases where password is already part of command option
- sslConfigProps.put(SSL_TRUSTSTORE_PASSWORD, truststorePasswordToUse);
- }
- sslConfigProps.put(SSL_TRUSTSTORE, truststoreToUse);
- }
-
- if (numTimesPrompted > 0) {
- sslCiphersToUse = gfshInstance.readText(CliStrings.CONNECT__SSL_CIPHERS + ": ");
- }
- if (sslCiphersToUse != null && sslCiphersToUse.length() > 0) {
- // sslConfigProps.put(DistributionConfig.CLUSTER_SSL_CIPHERS_NAME, sslCiphersToUse);
- sslConfigProps.put(SSL_ENABLED_CIPHERS, sslCiphersToUse);
- }
-
- if (numTimesPrompted > 0) {
- sslProtocolsToUse = gfshInstance.readText(CliStrings.CONNECT__SSL_PROTOCOLS + ": ");
- }
- if (sslProtocolsToUse != null && sslProtocolsToUse.length() > 0) {
- // sslConfigProps.put(DistributionConfig.CLUSTER_SSL_PROTOCOLS_NAME, sslProtocolsToUse);
- sslConfigProps.put(SSL_ENABLED_PROTOCOLS, sslProtocolsToUse);
- }
-
- // SSL is required to be used but no SSL config found
- } while (useSsl && sslConfigProps.isEmpty() && (0 == numTimesPrompted++)
- && !gfshInstance.isQuietMode());
- return sslConfigProps;
- }
-
-
public static ConnectToLocatorResult connectToLocator(String host, int port, int timeout,
- Map<String, String> props) throws IOException {
+ Properties props) throws IOException, ClassNotFoundException {
// register DSFID types first; invoked explicitly so that all message type
// initializations do not happen in first deserialization on a possibly
// "precious" thread
@@ -497,48 +416,34 @@ public class ConnectCommand implements GfshCommand {
locatorResponse.isJmxManagerSslEnabled());
}
- private void configureHttpsURLConnection(Map<String, String> sslConfigProps) throws Exception {
- String keystoreToUse = sslConfigProps.get(SSL_KEYSTORE);
- String keystorePasswordToUse = sslConfigProps.get(SSL_KEYSTORE_PASSWORD);
- String truststoreToUse = sslConfigProps.get(SSL_TRUSTSTORE);
- String truststorePasswordToUse = sslConfigProps.get(SSL_TRUSTSTORE_PASSWORD);
- // Ciphers are not passed to HttpsURLConnection. Could not find a clean way
- // to pass this attribute to socket layer (see #51645)
- String sslCiphersToUse = sslConfigProps.get(SSL_CIPHERS);
- String sslProtocolsToUse = sslConfigProps.get(SSL_PROTOCOLS);
-
- // Commenting the code to set cipher suites in GFSH rest connect (see #51645)
- /*
- * if(sslCiphersToUse != null){ System.setProperty("https.cipherSuites", sslCiphersToUse); }
- */
+ private void configureHttpsURLConnection(SSLConfig sslConfig) throws Exception {
FileInputStream keyStoreStream = null;
FileInputStream trustStoreStream = null;
try {
-
KeyManagerFactory keyManagerFactory = null;
- if (StringUtils.isNotBlank(keystoreToUse)) {
- KeyStore clientKeys = KeyStore.getInstance("JKS");
- keyStoreStream = new FileInputStream(keystoreToUse);
- clientKeys.load(keyStoreStream, keystorePasswordToUse.toCharArray());
+ if (StringUtils.isNotBlank(sslConfig.getKeystore())) {
+ KeyStore clientKeys = KeyStore.getInstance(sslConfig.getKeystoreType());
+ keyStoreStream = new FileInputStream(sslConfig.getKeystore());
+ clientKeys.load(keyStoreStream, sslConfig.getKeystorePassword().toCharArray());
keyManagerFactory =
KeyManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
- keyManagerFactory.init(clientKeys, keystorePasswordToUse.toCharArray());
+ keyManagerFactory.init(clientKeys, sslConfig.getKeystorePassword().toCharArray());
}
// load server public key
TrustManagerFactory trustManagerFactory = null;
- if (StringUtils.isNotBlank(truststoreToUse)) {
- KeyStore serverPub = KeyStore.getInstance("JKS");
- trustStoreStream = new FileInputStream(truststoreToUse);
- serverPub.load(trustStoreStream, truststorePasswordToUse.toCharArray());
+ if (StringUtils.isNotBlank(sslConfig.getTruststore())) {
+ KeyStore serverPub = KeyStore.getInstance(sslConfig.getTruststoreType());
+ trustStoreStream = new FileInputStream(sslConfig.getTruststore());
+ serverPub.load(trustStoreStream, sslConfig.getTruststorePassword().toCharArray());
trustManagerFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(serverPub);
}
SSLContext ssl =
- SSLContext.getInstance(SSLUtil.getSSLAlgo(SSLUtil.readArray(sslProtocolsToUse)));
+ SSLContext.getInstance(SSLUtil.getSSLAlgo(SSLUtil.readArray(sslConfig.getProtocols())));
ssl.init(keyManagerFactory != null ? keyManagerFactory.getKeyManagers() : null,
trustManagerFactory != null ? trustManagerFactory.getTrustManagers() : null,
@@ -552,13 +457,9 @@ public class ConnectCommand implements GfshCommand {
if (trustStoreStream != null) {
trustStoreStream.close();
}
-
}
-
-
}
-
private Result handleExcpetion(Exception e, ConnectionEndpoint hostPortToConnect) {
String errorMessage = e.getMessage();
if (hostPortToConnect != null) {
@@ -568,5 +469,4 @@ public class ConnectCommand implements GfshCommand {
LogWrapper.getInstance().severe(errorMessage, e);
return ResultBuilder.createConnectionErrorResult(errorMessage);
}
-
}
http://git-wip-us.apache.org/repos/asf/geode/blob/7352fcc7/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ShellCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ShellCommands.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ShellCommands.java
index 1aea253..84ee5db 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ShellCommands.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ShellCommands.java
@@ -25,10 +25,7 @@ import java.io.InputStreamReader;
import java.io.Writer;
import java.net.MalformedURLException;
import java.net.URL;
-import java.util.Collections;
-import java.util.HashSet;
import java.util.Iterator;
-import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Properties;
@@ -38,7 +35,6 @@ import org.springframework.shell.core.ExitShellRequest;
import org.springframework.shell.core.annotation.CliCommand;
import org.springframework.shell.core.annotation.CliOption;
-import org.apache.geode.distributed.internal.DistributionConfig;
import org.apache.geode.internal.ClassPathLoader;
import org.apache.geode.internal.lang.SystemUtils;
import org.apache.geode.internal.util.IOUtils;
@@ -62,52 +58,43 @@ import org.apache.geode.management.internal.cli.shell.jline.GfshHistory;
* @since GemFire 7.0
*/
public class ShellCommands implements GfshCommand {
+ static Properties loadProperties(URL url) {
+ Properties properties = new Properties();
- /* package-private */
- static Map<String, String> loadPropertiesFromURL(URL gfSecurityPropertiesUrl) {
- Map<String, String> propsMap = Collections.emptyMap();
+ if (url == null) {
+ return properties;
+ }
- if (gfSecurityPropertiesUrl != null) {
- InputStream inputStream = null;
- try {
- Properties props = new Properties();
- inputStream = gfSecurityPropertiesUrl.openStream();
- props.load(inputStream);
- if (!props.isEmpty()) {
- Set<String> jmxSpecificProps = new HashSet<String>();
- propsMap = new LinkedHashMap<String, String>();
- Set<Entry<Object, Object>> entrySet = props.entrySet();
- for (Entry<Object, Object> entry : entrySet) {
-
- String key = (String) entry.getKey();
- if (key.endsWith(DistributionConfig.JMX_SSL_PROPS_SUFFIX)) {
- key =
- key.substring(0, key.length() - DistributionConfig.JMX_SSL_PROPS_SUFFIX.length());
- jmxSpecificProps.add(key);
-
- propsMap.put(key, (String) entry.getValue());
- } else if (!jmxSpecificProps.contains(key)) {// Prefer properties ending with "-jmx"
- // over default SSL props.
- propsMap.put(key, (String) entry.getValue());
- }
- }
- props.clear();
- jmxSpecificProps.clear();
- }
- } catch (IOException io) {
- throw new RuntimeException(
- CliStrings.format(CliStrings.CONNECT__MSG__COULD_NOT_READ_CONFIG_FROM_0,
- CliUtil.decodeWithDefaultCharSet(gfSecurityPropertiesUrl.getPath())),
- io);
- } finally {
- IOUtils.close(inputStream);
- }
+ try (InputStream inputStream = url.openStream()) {
+ properties.load(inputStream);
+ } catch (IOException io) {
+ throw new RuntimeException(
+ CliStrings.format(CliStrings.CONNECT__MSG__COULD_NOT_READ_CONFIG_FROM_0,
+ CliUtil.decodeWithDefaultCharSet(url.getPath())),
+ io);
+ }
+
+ return properties;
+ }
+
+ static Properties loadProperties(File propertyFile) {
+ try {
+ return loadProperties(propertyFile.toURI().toURL());
+ } catch (MalformedURLException e) {
+ throw new RuntimeException(
+ CliStrings.format("Failed to load configuration properties from pathname (%1$s)!",
+ propertyFile.getAbsolutePath()),
+ e);
}
- return propsMap;
}
- // Copied from DistributedSystem.java
- public static URL getFileUrl(String fileName) {
+ /**
+ * try to find the file in the current dir or the user home or the classpath in this order
+ *
+ * @param fileName the name of the file
+ * @return URL if the file is found, otherwise null
+ */
+ public static URL searchFile(String fileName) {
File file = new File(fileName);
if (file.exists()) {
http://git-wip-us.apache.org/repos/asf/geode/blob/7352fcc7/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/StartLocatorCommand.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/StartLocatorCommand.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/StartLocatorCommand.java
index 5b289a5..72ccfbb 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/StartLocatorCommand.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/StartLocatorCommand.java
@@ -17,17 +17,13 @@ package org.apache.geode.management.internal.cli.commands;
import java.io.File;
import java.net.InetAddress;
-import java.net.MalformedURLException;
import java.util.ArrayList;
-import java.util.HashMap;
import java.util.List;
-import java.util.Map;
import java.util.Properties;
import java.util.concurrent.TimeUnit;
import javax.management.MalformedObjectNameException;
import javax.net.ssl.SSLException;
-import javax.net.ssl.SSLHandshakeException;
import org.springframework.shell.core.annotation.CliCommand;
import org.springframework.shell.core.annotation.CliOption;
@@ -47,9 +43,7 @@ import org.apache.geode.internal.util.IOUtils;
import org.apache.geode.management.cli.CliMetaData;
import org.apache.geode.management.cli.ConverterHint;
import org.apache.geode.management.cli.Result;
-import org.apache.geode.management.internal.cli.CliUtil;
import org.apache.geode.management.internal.cli.GfshParser;
-import org.apache.geode.management.internal.cli.LogWrapper;
import org.apache.geode.management.internal.cli.domain.ConnectToLocatorResult;
import org.apache.geode.management.internal.cli.i18n.CliStrings;
import org.apache.geode.management.internal.cli.result.InfoResultData;
@@ -100,12 +94,11 @@ public class StartLocatorCommand implements GfshCommand {
help = CliStrings.START_LOCATOR__PORT__HELP) final Integer port,
@CliOption(key = CliStrings.START_LOCATOR__DIR,
help = CliStrings.START_LOCATOR__DIR__HELP) String workingDirectory,
- @CliOption(key = CliStrings.START_LOCATOR__PROPERTIES,
- optionContext = ConverterHint.FILE_PATH,
- help = CliStrings.START_LOCATOR__PROPERTIES__HELP) String gemfirePropertiesPathname,
+ @CliOption(key = CliStrings.START_LOCATOR__PROPERTIES, optionContext = ConverterHint.FILE,
+ help = CliStrings.START_LOCATOR__PROPERTIES__HELP) File gemfirePropertiesFile,
@CliOption(key = CliStrings.START_LOCATOR__SECURITY_PROPERTIES,
- optionContext = ConverterHint.FILE_PATH,
- help = CliStrings.START_LOCATOR__SECURITY_PROPERTIES__HELP) String gemfireSecurityPropertiesPathname,
+ optionContext = ConverterHint.FILE,
+ help = CliStrings.START_LOCATOR__SECURITY_PROPERTIES__HELP) File gemfireSecurityPropertiesFile,
@CliOption(key = CliStrings.START_LOCATOR__INITIALHEAP,
help = CliStrings.START_LOCATOR__INITIALHEAP__HELP) final String initialHeap,
@CliOption(key = CliStrings.START_LOCATOR__MAXHEAP,
@@ -135,23 +128,16 @@ public class StartLocatorCommand implements GfshCommand {
workingDirectory = StartMemberUtils.resolveWorkingDir(workingDirectory, memberName);
- gemfirePropertiesPathname = CliUtil.resolvePathname(gemfirePropertiesPathname);
-
- if (StringUtils.isNotBlank(gemfirePropertiesPathname)
- && !IOUtils.isExistingPathname(gemfirePropertiesPathname)) {
+ if (gemfirePropertiesFile != null && !gemfirePropertiesFile.exists()) {
return ResultBuilder.createUserErrorResult(
CliStrings.format(CliStrings.GEODE_0_PROPERTIES_1_NOT_FOUND_MESSAGE, StringUtils.EMPTY,
- gemfirePropertiesPathname));
+ gemfirePropertiesFile.getAbsolutePath()));
}
- gemfireSecurityPropertiesPathname =
- CliUtil.resolvePathname(gemfireSecurityPropertiesPathname);
-
- if (StringUtils.isNotBlank(gemfireSecurityPropertiesPathname)
- && !IOUtils.isExistingPathname(gemfireSecurityPropertiesPathname)) {
+ if (gemfireSecurityPropertiesFile != null && !gemfireSecurityPropertiesFile.exists()) {
return ResultBuilder.createUserErrorResult(
CliStrings.format(CliStrings.GEODE_0_PROPERTIES_1_NOT_FOUND_MESSAGE, "Security ",
- gemfireSecurityPropertiesPathname));
+ gemfireSecurityPropertiesFile.getAbsolutePath()));
}
File locatorPidFile = new File(workingDirectory, ProcessType.LOCATOR.getPidFileName());
@@ -200,8 +186,8 @@ public class StartLocatorCommand implements GfshCommand {
LocatorLauncher locatorLauncher = locatorLauncherBuilder.build();
String[] locatorCommandLine = createStartLocatorCommandLine(locatorLauncher,
- gemfirePropertiesPathname, gemfireSecurityPropertiesPathname, gemfireProperties,
- classpath, includeSystemClasspath, jvmArgsOpts, initialHeap, maxHeap);
+ gemfirePropertiesFile, gemfireSecurityPropertiesFile, gemfireProperties, classpath,
+ includeSystemClasspath, jvmArgsOpts, initialHeap, maxHeap);
final Process locatorProcess = new ProcessBuilder(locatorCommandLine)
.directory(new File(locatorLauncher.getWorkingDirectory())).start();
@@ -240,7 +226,7 @@ public class StartLocatorCommand implements GfshCommand {
new File(locatorLauncher.getWorkingDirectory()))),
null);
- locatorState = LocatorLauncher.LocatorState.fromDirectory(workingDirectory, memberName);
+ LocatorLauncher.LocatorState.fromDirectory(workingDirectory, memberName);
do {
if (locatorProcess.isAlive()) {
Gfsh.print(".");
@@ -289,33 +275,39 @@ public class StartLocatorCommand implements GfshCommand {
if (asyncStart) {
infoResultData.addLine(
String.format(CliStrings.ASYNC_PROCESS_LAUNCH_MESSAGE, CliStrings.LOCATOR_TERM_NAME));
+ return ResultBuilder.buildResult(infoResultData);
+ }
+
+ infoResultData.addLine(locatorState.toString());
+ String locatorHostName;
+ InetAddress bindAddr = locatorLauncher.getBindAddress();
+ if (bindAddr != null) {
+ locatorHostName = bindAddr.getCanonicalHostName();
} else {
- infoResultData.addLine(locatorState.toString());
-
- String locatorHostName;
- InetAddress bindAddr = locatorLauncher.getBindAddress();
- if (bindAddr != null) {
- locatorHostName = bindAddr.getCanonicalHostName();
- } else {
- locatorHostName = StringUtils.defaultIfBlank(locatorLauncher.getHostnameForClients(),
- HostUtils.getLocalHost());
- }
+ locatorHostName = StringUtils.defaultIfBlank(locatorLauncher.getHostnameForClients(),
+ HostUtils.getLocalHost());
+ }
- int locatorPort = Integer.parseInt(locatorState.getPort());
+ int locatorPort = Integer.parseInt(locatorState.getPort());
- // AUTO-CONNECT
- // If the connect succeeds add the connected message to the result,
- // Else, ask the user to use the "connect" command to connect to the Locator.
- if (shouldAutoConnect(connect)) {
- doAutoConnect(locatorHostName, locatorPort, gemfirePropertiesPathname,
- gemfireSecurityPropertiesPathname, infoResultData);
- }
- // Report on the state of the Shared Configuration service if enabled...
- if (enableSharedConfiguration) {
- infoResultData.addLine(
- ClusterConfigurationStatusRetriever.fromLocator(locatorHostName, locatorPort));
- }
+
+ ConnectCommand connectCommand = new ConnectCommand();
+ Properties configProperties = connectCommand.resolveSslProperties(getGfsh(), false,
+ gemfirePropertiesFile, gemfireSecurityPropertiesFile);
+
+ // AUTO-CONNECT
+ // If the connect succeeds add the connected message to the result,
+ // Else, ask the user to use the "connect" command to connect to the Locator.
+ if (shouldAutoConnect(connect)) {
+ doAutoConnect(locatorHostName, locatorPort, configProperties, infoResultData);
}
+
+ // Report on the state of the Shared Configuration service if enabled...
+ if (enableSharedConfiguration) {
+ infoResultData.addLine(ClusterConfigurationStatusRetriever.fromLocator(locatorHostName,
+ locatorPort, configProperties));
+ }
+
return ResultBuilder.buildResult(infoResultData);
} catch (IllegalArgumentException e) {
String message = e.getMessage();
@@ -348,38 +340,29 @@ public class StartLocatorCommand implements GfshCommand {
// With execute option (-e), there could be multiple commands which might presume that a prior
// "start locator" has formed the connection.
private boolean shouldAutoConnect(final boolean connect) {
- return (connect && !(getGfsh() == null || isConnectedAndReady()));
+ return (connect && !isConnectedAndReady());
}
private void doAutoConnect(final String locatorHostname, final int locatorPort,
- final String gemfirePropertiesPathname, final String gemfireSecurityPropertiesPathname,
- final InfoResultData infoResultData) {
+ final Properties configurationProperties, final InfoResultData infoResultData) {
boolean connectSuccess = false;
boolean jmxManagerAuthEnabled = false;
boolean jmxManagerSslEnabled = false;
- Map<String, String> configurationProperties = loadConfigurationProperties(
- gemfireSecurityPropertiesPathname, loadConfigurationProperties(gemfirePropertiesPathname));
- Map<String, String> locatorConfigurationProperties = new HashMap<>(configurationProperties);
-
String responseFailureMessage = null;
for (int attempts = 0; (attempts < 10 && !connectSuccess); attempts++) {
try {
ConnectToLocatorResult connectToLocatorResult =
ConnectCommand.connectToLocator(locatorHostname, locatorPort,
- ConnectCommand.CONNECT_LOCATOR_TIMEOUT_MS / 4, locatorConfigurationProperties);
+ ConnectCommand.CONNECT_LOCATOR_TIMEOUT_MS / 4, configurationProperties);
ConnectionEndpoint memberEndpoint = connectToLocatorResult.getMemberEndpoint();
jmxManagerSslEnabled = connectToLocatorResult.isJmxManagerSslEnabled();
- if (!jmxManagerSslEnabled) {
- configurationProperties.clear();
- }
-
getGfsh().setOperationInvoker(new JmxOperationInvoker(memberEndpoint.getHost(),
- memberEndpoint.getPort(), null, null, configurationProperties, null));
+ memberEndpoint.getPort(), configurationProperties));
String shellAndLogMessage = CliStrings.format(CliStrings.CONNECT__MSG__SUCCESS,
"JMX Manager " + memberEndpoint.toString(false));
@@ -403,16 +386,9 @@ public class StartLocatorCommand implements GfshCommand {
jmxManagerAuthEnabled = true;
break; // no need to continue after AuthenticationFailedException
} catch (SSLException ignore) {
- if (ignore instanceof SSLHandshakeException) {
- // try to connect again without SSL since the SSL handshake failed implying a plain text
- // connection...
- locatorConfigurationProperties.clear();
- } else {
- // another type of SSL error occurred (possibly a configuration issue); pass the buck...
- getGfsh().logToFile(ignore.getMessage(), ignore);
- responseFailureMessage = "Check your SSL configuration and try again.";
- break;
- }
+ // another type of SSL error occurred (possibly a configuration issue); pass the buck...
+ getGfsh().logToFile(ignore.getMessage(), ignore);
+ responseFailureMessage = "Check your SSL configuration and try again.";
} catch (Exception ignore) {
getGfsh().logToFile(ignore.getMessage(), ignore);
responseFailureMessage = "Failed to connect; unknown cause: " + ignore.getMessage();
@@ -431,30 +407,6 @@ public class StartLocatorCommand implements GfshCommand {
}
- private Map<String, String> loadConfigurationProperties(
- final String configurationPropertiesPathname) {
- return loadConfigurationProperties(configurationPropertiesPathname, null);
- }
-
- private Map<String, String> loadConfigurationProperties(
- final String configurationPropertiesPathname, Map<String, String> configurationProperties) {
- configurationProperties =
- (configurationProperties != null ? configurationProperties : new HashMap<>());
-
- if (IOUtils.isExistingPathname(configurationPropertiesPathname)) {
- try {
- configurationProperties.putAll(ShellCommands
- .loadPropertiesFromURL(new File(configurationPropertiesPathname).toURI().toURL()));
- } catch (MalformedURLException ignore) {
- LogWrapper.getInstance()
- .warning(String.format(
- "Failed to load GemFire configuration properties from pathname (%1$s)!",
- configurationPropertiesPathname), ignore);
- }
- }
- return configurationProperties;
- }
-
private void doOnConnectionFailure(final String locatorHostName, final int locatorPort,
final boolean jmxManagerAuthEnabled, final boolean jmxManagerSslEnabled,
final InfoResultData infoResultData) {
@@ -481,7 +433,7 @@ public class StartLocatorCommand implements GfshCommand {
}
String[] createStartLocatorCommandLine(final LocatorLauncher launcher,
- final String gemfirePropertiesPathname, final String gemfireSecurityPropertiesPathname,
+ final File gemfirePropertiesFile, final File gemfireSecurityPropertiesFile,
final Properties gemfireProperties, final String userClasspath,
final Boolean includeSystemClasspath, final String[] jvmArgsOpts, final String initialHeap,
final String maxHeap) throws MalformedObjectNameException {
@@ -494,8 +446,8 @@ public class StartLocatorCommand implements GfshCommand {
.add(getLocatorClasspath(Boolean.TRUE.equals(includeSystemClasspath), userClasspath));
StartMemberUtils.addCurrentLocators(this, commandLine, gemfireProperties);
- StartMemberUtils.addGemFirePropertyFile(commandLine, gemfirePropertiesPathname);
- StartMemberUtils.addGemFireSecurityPropertyFile(commandLine, gemfireSecurityPropertiesPathname);
+ StartMemberUtils.addGemFirePropertyFile(commandLine, gemfirePropertiesFile);
+ StartMemberUtils.addGemFireSecurityPropertyFile(commandLine, gemfireSecurityPropertiesFile);
StartMemberUtils.addGemFireSystemProperties(commandLine, gemfireProperties);
StartMemberUtils.addJvmArgumentsAndOptions(commandLine, jvmArgsOpts);
StartMemberUtils.addInitialHeap(commandLine, initialHeap);