You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ignite.apache.org by ak...@apache.org on 2019/01/16 11:44:05 UTC
[ignite] branch master updated: IGNITE-9845 Web Agent: Fixed NPE in
case of "-Dtrust.all=true" and not configured server trust store.
This is an automated email from the ASF dual-hosted git repository.
akuznetsov pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ignite.git
The following commit(s) were added to refs/heads/master by this push:
new 0a16208 IGNITE-9845 Web Agent: Fixed NPE in case of "-Dtrust.all=true" and not configured server trust store.
0a16208 is described below
commit 0a16208a87d4044391de7f2ce8fd497c9cd817b5
Author: Alexey Kuznetsov <ak...@apache.org>
AuthorDate: Wed Jan 16 18:43:28 2019 +0700
IGNITE-9845 Web Agent: Fixed NPE in case of "-Dtrust.all=true" and not configured server trust store.
---
.../apache/ignite/console/agent/AgentLauncher.java | 23 ++++++++++++----------
.../ignite/console/agent/rest/RestExecutor.java | 4 +++-
.../console/agent/rest/RestExecutorSelfTest.java | 7 ++++---
3 files changed, 20 insertions(+), 14 deletions(-)
diff --git a/modules/web-console/web-agent/src/main/java/org/apache/ignite/console/agent/AgentLauncher.java b/modules/web-console/web-agent/src/main/java/org/apache/ignite/console/agent/AgentLauncher.java
index 9553aac..74c8376 100644
--- a/modules/web-console/web-agent/src/main/java/org/apache/ignite/console/agent/AgentLauncher.java
+++ b/modules/web-console/web-agent/src/main/java/org/apache/ignite/console/agent/AgentLauncher.java
@@ -318,22 +318,24 @@ public class AgentLauncher {
return;
}
- boolean trustAll = Boolean.getBoolean("trust.all");
+ boolean serverTrustAll = Boolean.getBoolean("trust.all");
boolean hasServerTrustStore = cfg.serverTrustStore() != null;
- boolean hasNodeTrustStore = cfg.nodeTrustStore() != null;
- if (trustAll && hasServerTrustStore) {
+ if (serverTrustAll && hasServerTrustStore) {
log.warn("Options contains both '--server-trust-store' and '-Dtrust.all=true'. " +
- "Option '-Dtrust.all=true' will be ignored.");
+ "Option '-Dtrust.all=true' will be ignored on connect to Web server.");
- trustAll = false;
+ serverTrustAll = false;
}
- if (trustAll && hasNodeTrustStore) {
+ boolean nodeTrustAll = Boolean.getBoolean("trust.all");
+ boolean hasNodeTrustStore = cfg.nodeTrustStore() != null;
+
+ if (nodeTrustAll && hasNodeTrustStore) {
log.warn("Options contains both '--node-trust-store' and '-Dtrust.all=true'. " +
- "Option '-Dtrust.all=true' will be ignored.");
+ "Option '-Dtrust.all=true' will be ignored on connect to cluster.");
- trustAll = false;
+ nodeTrustAll = false;
}
cfg.nodeURIs(nodeURIs);
@@ -344,14 +346,14 @@ public class AgentLauncher {
List<String> cipherSuites = cfg.cipherSuites();
if (
- trustAll ||
+ serverTrustAll ||
hasServerTrustStore ||
cfg.serverKeyStore() != null
) {
OkHttpClient.Builder builder = new OkHttpClient.Builder();
X509TrustManager serverTrustMgr = trustManager(
- trustAll,
+ serverTrustAll,
cfg.serverTrustStore(),
cfg.serverTrustStorePassword()
);
@@ -381,6 +383,7 @@ public class AgentLauncher {
try (
RestExecutor restExecutor = new RestExecutor(
+ nodeTrustAll,
cfg.nodeKeyStore(), cfg.nodeKeyStorePassword(),
cfg.nodeTrustStore(), cfg.nodeTrustStorePassword(),
cipherSuites);
diff --git a/modules/web-console/web-agent/src/main/java/org/apache/ignite/console/agent/rest/RestExecutor.java b/modules/web-console/web-agent/src/main/java/org/apache/ignite/console/agent/rest/RestExecutor.java
index b452b2c..5a9783c 100644
--- a/modules/web-console/web-agent/src/main/java/org/apache/ignite/console/agent/rest/RestExecutor.java
+++ b/modules/web-console/web-agent/src/main/java/org/apache/ignite/console/agent/rest/RestExecutor.java
@@ -77,6 +77,7 @@ public class RestExecutor implements AutoCloseable {
/**
* Constructor.
*
+ * @param trustAll {@code true} If we trust to self-signed sertificates.
* @param keyStorePath Optional path to key store file.
* @param keyStorePwd Optional password for key store.
* @param trustStorePath Optional path to trust store file.
@@ -86,6 +87,7 @@ public class RestExecutor implements AutoCloseable {
* @throws IOException If failed to load content of key stores.
*/
public RestExecutor(
+ boolean trustAll,
String keyStorePath,
String keyStorePwd,
String trustStorePath,
@@ -101,7 +103,7 @@ public class RestExecutor implements AutoCloseable {
.readTimeout(0, TimeUnit.MILLISECONDS)
.dispatcher(dispatcher);
- X509TrustManager trustMgr = trustManager(Boolean.getBoolean("trust.all"), trustStorePath, trustStorePwd);
+ X509TrustManager trustMgr = trustManager(trustAll, trustStorePath, trustStorePwd);
SSLSocketFactory sslSocketFactory = sslSocketFactory(
keyStorePath, keyStorePwd,
diff --git a/modules/web-console/web-agent/src/test/java/org/apache/ignite/console/agent/rest/RestExecutorSelfTest.java b/modules/web-console/web-agent/src/test/java/org/apache/ignite/console/agent/rest/RestExecutorSelfTest.java
index 6a4fe6c..dcf53f2 100644
--- a/modules/web-console/web-agent/src/test/java/org/apache/ignite/console/agent/rest/RestExecutorSelfTest.java
+++ b/modules/web-console/web-agent/src/test/java/org/apache/ignite/console/agent/rest/RestExecutorSelfTest.java
@@ -25,6 +25,7 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.UUID;
+import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import org.apache.ignite.Ignite;
import org.apache.ignite.Ignition;
@@ -178,7 +179,7 @@ public class RestExecutorSelfTest {
) throws Exception {
try(
Ignite ignite = Ignition.getOrStart(nodeCfg);
- RestExecutor exec = new RestExecutor(keyStore, keyStorePwd, trustStore, trustStorePwd, cipherSuites)
+ RestExecutor exec = new RestExecutor(false, keyStore, keyStorePwd, trustStore, trustStorePwd, cipherSuites)
) {
Map<String, Object> params = new HashMap<>();
params.put("cmd", "top");
@@ -216,7 +217,7 @@ public class RestExecutorSelfTest {
@Test
public void nodeNoSslAgentWithSsl() throws Exception {
// Check Web Agent with SSL.
- ruleForExpectedException.expect(SSLHandshakeException.class);
+ ruleForExpectedException.expect(SSLException.class);
checkRest(
nodeConfiguration(""),
HTTPS_URI,
@@ -305,7 +306,7 @@ public class RestExecutorSelfTest {
/** */
@Test
public void differentCiphers2() throws Exception {
- ruleForExpectedException.expect(SSLHandshakeException.class);
+ ruleForExpectedException.expect(SSLException.class);
checkRest(
nodeConfiguration(JETTY_WITH_CIPHERS_2),
HTTPS_URI,