You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ds...@apache.org on 2015/10/17 01:52:47 UTC
[01/13] incubator-geode git commit: started work on fixing ssl prop
inheritance
Repository: incubator-geode
Updated Branches:
refs/heads/feature/GEODE-417 [created] 389030d66
started work on fixing ssl prop inheritance
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/93840484
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/93840484
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/93840484
Branch: refs/heads/feature/GEODE-417
Commit: 938404841c2503c979d719ed95abcc138a987379
Parents: c8043d8
Author: Darrel Schneider <ds...@pivotal.io>
Authored: Thu Oct 8 14:05:50 2015 -0700
Committer: Darrel Schneider <ds...@pivotal.io>
Committed: Fri Oct 16 16:28:04 2015 -0700
----------------------------------------------------------------------
.../internal/DistributionConfigImpl.java | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/93840484/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java b/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
index 3707ff3..1fca4df 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
@@ -819,6 +819,20 @@ public class DistributionConfigImpl
}
this.clusterSSLProperties.putAll(this.sslProperties);
}
+ if (false/*clusterSSLOverriden*/) {
+ if (this.sourceMap.get(CLUSTER_SSL_CIPHERS_NAME)==null && this.sourceMap.get(SSL_CIPHERS_NAME) != null) {
+ this.setServerSSLCiphers(this.sslCiphers);
+ this.sourceMap.put(CLUSTER_SSL_CIPHERS_NAME, this.sourceMap.get(SSL_CIPHERS_NAME));
+ }
+ if (this.sourceMap.get(CLUSTER_SSL_PROTOCOLS_NAME)==null && this.sourceMap.get(SSL_PROTOCOLS_NAME) != null) {
+ this.setServerSSLProtocols(this.sslProtocols);
+ this.sourceMap.put(CLUSTER_SSL_PROTOCOLS_NAME, this.sourceMap.get(SSL_PROTOCOLS_NAME));
+ }
+ if (this.sourceMap.get(CLUSTER_SSL_REQUIRE_AUTHENTICATION_NAME)==null && this.sourceMap.get(SSL_REQUIRE_AUTHENTICATION_NAME) != null) {
+ this.setServerSSLRequireAuthentication(this.sslRequireAuthentication);
+ this.sourceMap.put(CLUSTER_SSL_REQUIRE_AUTHENTICATION_NAME, this.sourceMap.get(SSL_REQUIRE_AUTHENTICATION_NAME));
+ }
+ }
}
/*
@@ -2120,6 +2134,12 @@ public class DistributionConfigImpl
// use sslProperties as base and let props with suffix GATEWAY_SSL_PROPS_SUFFIX override that base
this.gatewaySslProperties.setProperty(attName, attValue);
}
+// if (!this.httpServiceSSLProperties.containsKey(attName)) {
+// this.httpServiceSSLProperties.setProperty(attName, attValue);
+// }
+// if (!this.clusterSSLProperties.containsKey(attName)) {
+// this.clusterSSLProperties.setProperty(attName, attValue);
+// }
}
}
[06/13] incubator-geode git commit: GEODE-417: fix ssl property
validation
Posted by ds...@apache.org.
GEODE-417: fix ssl property validation
Now if the old deprecated ssl property is set and the new
cluster-ssl property is set you only get an exception if
they are set to different values.
Also the exception message now says "Use ..." instead of "Prefer way is to use...".
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/832e8600
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/832e8600
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/832e8600
Branch: refs/heads/feature/GEODE-417
Commit: 832e8600053f8d473ac45ed48fb96a1716c5b27c
Parents: 9384048
Author: Darrel Schneider <ds...@pivotal.io>
Authored: Thu Oct 8 15:18:27 2015 -0700
Committer: Darrel Schneider <ds...@pivotal.io>
Committed: Fri Oct 16 16:44:34 2015 -0700
----------------------------------------------------------------------
.../internal/DistributionConfigImpl.java | 35 +++++++------
.../gemfire/internal/SSLConfigJUnitTest.java | 53 ++++++++++++++------
2 files changed, 59 insertions(+), 29 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/832e8600/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java b/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
index 1fca4df..43a1aee 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
@@ -744,27 +744,24 @@ public class DistributionConfigImpl
if(sslEnabledString != null && clusterSSLEnabledString != null){
boolean sslEnabled = new Boolean(sslEnabledString).booleanValue();
boolean clusterSSLEnabled =new Boolean(clusterSSLEnabledString).booleanValue();
- if (sslEnabled != DEFAULT_SSL_ENABLED
- && clusterSSLEnabled != DEFAULT_CLUSTER_SSL_ENABLED) {
+ if (sslEnabled != clusterSSLEnabled) {
throw new IllegalArgumentException(
- "Gemfire property \'ssl-enabled\' and \'cluster-ssl-enabled\' can not be used at the same time. Prefer way is to use all \'cluster-ssl*\' properties instead of \'ssl-*\'.");
+ "Gemfire property \'ssl-enabled\' and \'cluster-ssl-enabled\' can not be used at the same time. Use all \'cluster-ssl*\' properties instead of \'ssl-*\'.");
}
}
String sslCipher = (String)props.get(SSL_CIPHERS_NAME);
String clusterSSLCipher = (String)props.get(CLUSTER_SSL_CIPHERS_NAME);
- if (sslCipher != null && sslCipher != DEFAULT_SSL_CIPHERS
- && clusterSSLCipher != null && clusterSSLCipher != DEFAULT_CLUSTER_SSL_CIPHERS) {
+ if (sslCipher != null && clusterSSLCipher != null && !sslCipher.equals(clusterSSLCipher)) {
throw new IllegalArgumentException(
- "Gemfire property \'ssl-cipher\' and \'cluster-ssl-cipher\' can not be used at the same time. Prefer way is to use all \'cluster-ssl*\' properties instead of \'ssl-*\'.");
+ "Gemfire property \'ssl-cipher\' and \'cluster-ssl-cipher\' can not be used at the same time. Use all \'cluster-ssl*\' properties instead of \'ssl-*\'.");
}
String sslProtocol = (String)props.get(SSL_PROTOCOLS_NAME);
String clusterSSLProtocol = (String)props.get(CLUSTER_SSL_PROTOCOLS_NAME);
- if (sslProtocol != null && sslProtocol != DEFAULT_SSL_PROTOCOLS
- && clusterSSLProtocol != null && clusterSSLProtocol != DEFAULT_CLUSTER_SSL_PROTOCOLS ) {
+ if (sslProtocol != null && clusterSSLProtocol != null && !sslProtocol.equals(clusterSSLProtocol)) {
throw new IllegalArgumentException(
- "Gemfire property \'ssl-protocols\' and \'cluster-ssl-protocols\' can not be used at the same time. Prefer way is to use all \'cluster-ssl*\' properties instead of \'ssl-*\'.");
+ "Gemfire property \'ssl-protocols\' and \'cluster-ssl-protocols\' can not be used at the same time. Use all \'cluster-ssl*\' properties instead of \'ssl-*\'.");
}
String sslReqAuthString = (String)props.get(SSL_REQUIRE_AUTHENTICATION_NAME);
@@ -772,10 +769,9 @@ public class DistributionConfigImpl
if(sslReqAuthString != null && clusterReqAuthString != null){
boolean sslReqAuth = new Boolean(sslReqAuthString).booleanValue();
boolean clusterSSLReqAuth =new Boolean(clusterReqAuthString).booleanValue();
- if (sslReqAuth != DEFAULT_SSL_REQUIRE_AUTHENTICATION
- && clusterSSLReqAuth != DEFAULT_CLUSTER_SSL_REQUIRE_AUTHENTICATION) {
+ if (sslReqAuth != clusterSSLReqAuth) {
throw new IllegalArgumentException(
- "Gemfire property \'ssl-require-authentication\' and \'cluster-ssl-require-authentication\' can not be used at the same time. Prefer way is to use all \'cluster-ssl*\' properties instead of \'ssl-*\'.");
+ "Gemfire property \'ssl-require-authentication\' and \'cluster-ssl-require-authentication\' can not be used at the same time. Use all \'cluster-ssl*\' properties instead of \'ssl-*\'.");
}
}
@@ -784,14 +780,23 @@ public class DistributionConfigImpl
if(jmxSSLString != null && jmxSSLEnabledString != null){
boolean jmxSSL = new Boolean(jmxSSLString).booleanValue();
boolean jmxSSLEnabled =new Boolean(jmxSSLEnabledString).booleanValue();
- if (jmxSSL != DEFAULT_SSL_ENABLED
- && jmxSSLEnabled != DEFAULT_CLUSTER_SSL_ENABLED) {
+ if (jmxSSL != jmxSSLEnabled) {
throw new IllegalArgumentException(
- "Gemfire property \'jmx-manager-ssl\' and \'jmx-manager-ssl-enabled\' can not be used at the same time. Prefer way is to use \'jmx-manager-ssl-enabled\' instead of \'jmx-manager-ssl\'.");
+ "Gemfire property \'jmx-manager-ssl\' and \'jmx-manager-ssl-enabled\' can not be used at the same time. Use \'jmx-manager-ssl-enabled\' instead of \'jmx-manager-ssl\'.");
}
}
}
+ private static boolean equals(Object o1, Object o2) {
+ if (o1 != null) {
+ return o1.equals(o2);
+ } else if (o2 != null) {
+ return o2.equals(o1);
+ } else {
+ return o1 == o2;
+ }
+ }
+
/*
* ssl-* properties will be copied in cluster-ssl-* properties. Socket is using cluster-ssl-* properties
*/
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/832e8600/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java b/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
index de1f31a..595d791 100755
--- a/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
+++ b/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
@@ -254,11 +254,8 @@ public class SSLConfigJUnitTest {
boolean jmxManagerSslRequireAuth = true;
Properties gemFireProps = new Properties();
- gemFireProps.put(DistributionConfig.JMX_MANAGER_SSL_NAME, String.valueOf(jmxManagerSsl));
- gemFireProps.put(DistributionConfig.JMX_MANAGER_SSL_ENABLED_NAME, String.valueOf(jmxManagerSslenabled));
- gemFireProps.put(DistributionConfig.JMX_MANAGER_SSL_PROTOCOLS_NAME, jmxManagerSslprotocols);
- gemFireProps.put(DistributionConfig.JMX_MANAGER_SSL_CIPHERS_NAME, jmxManagerSslciphers);
- gemFireProps.put(DistributionConfig.JMX_MANAGER_SSL_REQUIRE_AUTHENTICATION_NAME, String.valueOf(jmxManagerSslRequireAuth));
+ gemFireProps.put(DistributionConfig.JMX_MANAGER_SSL_NAME, "true");
+ gemFireProps.put(DistributionConfig.JMX_MANAGER_SSL_ENABLED_NAME, "false");
try{
DistributionConfigImpl config = new DistributionConfigImpl( gemFireProps );
fail("Expected IllegalArgumentException");
@@ -267,6 +264,15 @@ public class SSLConfigJUnitTest {
throw new Exception( "did not get expected exception, got this instead...", e );
}
}
+ // make sure they can both be set to the same value
+ gemFireProps = new Properties();
+ gemFireProps.put(DistributionConfig.JMX_MANAGER_SSL_NAME, "true");
+ gemFireProps.put(DistributionConfig.JMX_MANAGER_SSL_ENABLED_NAME, "true");
+ new DistributionConfigImpl( gemFireProps );
+ gemFireProps = new Properties();
+ gemFireProps.put(DistributionConfig.JMX_MANAGER_SSL_NAME, "false");
+ gemFireProps.put(DistributionConfig.JMX_MANAGER_SSL_ENABLED_NAME, "false");
+ new DistributionConfigImpl( gemFireProps );
gemFireProps = new Properties();
gemFireProps.put(DistributionConfig.CLUSTER_SSL_ENABLED_NAME, String.valueOf(sslenabled));
@@ -379,7 +385,7 @@ public class SSLConfigJUnitTest {
Properties gemFireProps = new Properties();
gemFireProps.setProperty( "mcast-port", "0" );
gemFireProps.put(DistributionConfig.SSL_ENABLED_NAME, "true");
- gemFireProps.put(DistributionConfig.CLUSTER_SSL_ENABLED_NAME, "true");
+ gemFireProps.put(DistributionConfig.CLUSTER_SSL_ENABLED_NAME, "false");
DistributionConfigImpl config = null;
try{
config = new DistributionConfigImpl( gemFireProps );
@@ -393,9 +399,8 @@ public class SSLConfigJUnitTest {
//ssl-protocol and cluster-ssl-protocol set at the same time
gemFireProps = new Properties();
gemFireProps.setProperty( "mcast-port", "0" );
- gemFireProps.put(DistributionConfig.SSL_ENABLED_NAME, "true");
gemFireProps.put(DistributionConfig.SSL_PROTOCOLS_NAME, sslprotocols);
- gemFireProps.put(DistributionConfig.CLUSTER_SSL_ENABLED_NAME, "false");
+ gemFireProps.put(DistributionConfig.CLUSTER_SSL_ENABLED_NAME, "true");
gemFireProps.put(DistributionConfig.CLUSTER_SSL_PROTOCOLS_NAME, clusterSslprotocols);
try{
config = new DistributionConfigImpl( gemFireProps );
@@ -405,13 +410,19 @@ public class SSLConfigJUnitTest {
throw new Exception( "did not get expected exception, got this instead...", e );
}
}
+ // make sure they can both be set to the same value
+ gemFireProps = new Properties();
+ gemFireProps.setProperty( "mcast-port", "0" );
+ gemFireProps.put(DistributionConfig.SSL_PROTOCOLS_NAME, sslprotocols);
+ gemFireProps.put(DistributionConfig.CLUSTER_SSL_ENABLED_NAME, "true");
+ gemFireProps.put(DistributionConfig.CLUSTER_SSL_PROTOCOLS_NAME, sslprotocols);
+ config = new DistributionConfigImpl( gemFireProps );
//ssl-cipher and cluster-ssl-cipher set at the same time
gemFireProps = new Properties();
gemFireProps.setProperty( "mcast-port", "0" );
- gemFireProps.put(DistributionConfig.SSL_ENABLED_NAME, "true");
gemFireProps.put(DistributionConfig.SSL_CIPHERS_NAME, sslciphers);
- gemFireProps.put(DistributionConfig.CLUSTER_SSL_ENABLED_NAME, "false");
+ gemFireProps.put(DistributionConfig.CLUSTER_SSL_ENABLED_NAME, "true");
gemFireProps.put(DistributionConfig.CLUSTER_SSL_CIPHERS_NAME, clusterSslciphers);
try{
config = new DistributionConfigImpl( gemFireProps );
@@ -421,22 +432,36 @@ public class SSLConfigJUnitTest {
throw new Exception( "did not get expected exception, got this instead...", e );
}
}
+ // make sure they can both be set to the same value
+ gemFireProps = new Properties();
+ gemFireProps.setProperty( "mcast-port", "0" );
+ gemFireProps.put(DistributionConfig.SSL_CIPHERS_NAME, clusterSslciphers);
+ gemFireProps.put(DistributionConfig.CLUSTER_SSL_ENABLED_NAME, "true");
+ gemFireProps.put(DistributionConfig.CLUSTER_SSL_CIPHERS_NAME, clusterSslciphers);
+ config = new DistributionConfigImpl( gemFireProps );
//ssl-require-authentication and cluster-ssl-require-authentication set at the same time
gemFireProps = new Properties();
gemFireProps.setProperty( "mcast-port", "0" );
- gemFireProps.put(DistributionConfig.SSL_ENABLED_NAME, "true");
gemFireProps.put(DistributionConfig.SSL_REQUIRE_AUTHENTICATION_NAME, "true");
- gemFireProps.put(DistributionConfig.CLUSTER_SSL_ENABLED_NAME, "false");
- gemFireProps.put(DistributionConfig.CLUSTER_SSL_REQUIRE_AUTHENTICATION_NAME, "true");
+ gemFireProps.put(DistributionConfig.CLUSTER_SSL_ENABLED_NAME, "true");
+ gemFireProps.put(DistributionConfig.CLUSTER_SSL_REQUIRE_AUTHENTICATION_NAME, "false");
try{
config = new DistributionConfigImpl( gemFireProps );
- //fail("Expected IllegalArgumentException");
+ fail("Expected IllegalArgumentException");
}catch(IllegalArgumentException e){
if (! e.toString().contains( "Gemfire property \'ssl-require-authentication\' and \'cluster-ssl-require-authentication\' can not be used at the same time") ) {
throw new Exception( "did not get expected exception, got this instead...", e );
}
}
+ // make sure they can both be set to the same value
+ gemFireProps = new Properties();
+ gemFireProps.setProperty( "mcast-port", "0" );
+ gemFireProps.put(DistributionConfig.SSL_REQUIRE_AUTHENTICATION_NAME, "false");
+ gemFireProps.put(DistributionConfig.CLUSTER_SSL_ENABLED_NAME, "true");
+ gemFireProps.put(DistributionConfig.CLUSTER_SSL_REQUIRE_AUTHENTICATION_NAME, "false");
+ config = new DistributionConfigImpl( gemFireProps );
+
// only ssl-* properties provided. same should reflect in cluster-ssl properties
gemFireProps = new Properties();
[08/13] incubator-geode git commit: ssl-* attributes now act as
defaults for cluster-ssl-*
Posted by ds...@apache.org.
ssl-* attributes now act as defaults for cluster-ssl-*
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/738551a2
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/738551a2
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/738551a2
Branch: refs/heads/feature/GEODE-417
Commit: 738551a2bb0e67d19af8e52a93a2098c94d22947
Parents: 348d0d9
Author: Darrel Schneider <ds...@pivotal.io>
Authored: Thu Oct 8 17:19:24 2015 -0700
Committer: Darrel Schneider <ds...@pivotal.io>
Committed: Fri Oct 16 16:44:55 2015 -0700
----------------------------------------------------------------------
.../internal/DistributionConfigImpl.java | 27 ++++++++++-------
.../gemfire/internal/SSLConfigJUnitTest.java | 31 ++++++++++++++++++++
2 files changed, 48 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/738551a2/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java b/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
index 34b0507..960eff8 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
@@ -705,8 +705,8 @@ public class DistributionConfigImpl
// this is case of locator and DS is started through
// Locator.startLocatorAndDS, In this case I don't need to validate SSL
- // properties. This fix is till the time we support SSL properties. Once SSl
- // properties is depprecated, boolean isConnected will be removed
+ // properties. This fix is till the time we support SSL properties. Once SSL
+ // properties are deprecated, boolean isConnected will be removed
if (!isConnected) {
validateOldSSLVsNewSSLProperties(props);
}
@@ -730,11 +730,18 @@ public class DistributionConfigImpl
}
computeMcastPortDefault();
if (!isConnected) {
+ // Allow attributes to be modified
+ this.modifiable = true;
+ try {
copySSLPropsToClusterSSLProps();
copySSLPropsToServerSSLProps();
copySSLPropsToJMXSSLProps();
copyClusterSSLPropsToGatewaySSLProps();
copySSLPropsToHTTPSSLProps();
+ } finally {
+ // Make attributes read only
+ this.modifiable = false;
+ }
}
}
@@ -805,35 +812,35 @@ public class DistributionConfigImpl
boolean p2pSSLOverRidden = this.sourceMap.get(SSL_ENABLED_NAME)!=null;
if(p2pSSLOverRidden && !clusterSSLOverriden) {
- this.clusterSSLEnabled = this.sslEnabled;
+ this.setClusterSSLEnabled(true);
this.sourceMap.put(CLUSTER_SSL_ENABLED_NAME,this.sourceMap.get(SSL_ENABLED_NAME));
if(this.sourceMap.get(SSL_CIPHERS_NAME)!=null) {
- this.clusterSSLCiphers = this.sslCiphers;
+ setClusterSSLCiphers(this.sslCiphers);
this.sourceMap.put(CLUSTER_SSL_CIPHERS_NAME,this.sourceMap.get(SSL_CIPHERS_NAME));
}
if(this.sourceMap.get(SSL_PROTOCOLS_NAME)!=null) {
- this.clusterSSLProtocols = this.sslProtocols;
+ setClusterSSLProtocols(this.sslProtocols);
this.sourceMap.put(CLUSTER_SSL_PROTOCOLS_NAME,this.sourceMap.get(SSL_PROTOCOLS_NAME));
}
if(this.sourceMap.get(SSL_REQUIRE_AUTHENTICATION_NAME)!=null) {
- this.clusterSSLRequireAuthentication = this.sslRequireAuthentication;
+ setClusterSSLRequireAuthentication(this.sslRequireAuthentication);
this.sourceMap.put(CLUSTER_SSL_REQUIRE_AUTHENTICATION_NAME,this.sourceMap.get(SSL_REQUIRE_AUTHENTICATION_NAME));
}
}
- if (false/*clusterSSLOverriden*/) {
+ if (clusterSSLOverriden) {
if (this.sourceMap.get(CLUSTER_SSL_CIPHERS_NAME)==null && this.sourceMap.get(SSL_CIPHERS_NAME) != null) {
- this.setServerSSLCiphers(this.sslCiphers);
+ setClusterSSLCiphers(this.sslCiphers);
this.sourceMap.put(CLUSTER_SSL_CIPHERS_NAME, this.sourceMap.get(SSL_CIPHERS_NAME));
}
if (this.sourceMap.get(CLUSTER_SSL_PROTOCOLS_NAME)==null && this.sourceMap.get(SSL_PROTOCOLS_NAME) != null) {
- this.setServerSSLProtocols(this.sslProtocols);
+ setClusterSSLProtocols(this.sslProtocols);
this.sourceMap.put(CLUSTER_SSL_PROTOCOLS_NAME, this.sourceMap.get(SSL_PROTOCOLS_NAME));
}
if (this.sourceMap.get(CLUSTER_SSL_REQUIRE_AUTHENTICATION_NAME)==null && this.sourceMap.get(SSL_REQUIRE_AUTHENTICATION_NAME) != null) {
- this.setServerSSLRequireAuthentication(this.sslRequireAuthentication);
+ setClusterSSLRequireAuthentication(this.sslRequireAuthentication);
this.sourceMap.put(CLUSTER_SSL_REQUIRE_AUTHENTICATION_NAME, this.sourceMap.get(SSL_REQUIRE_AUTHENTICATION_NAME));
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/738551a2/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java b/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
index 96cb410..656deee 100755
--- a/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
+++ b/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
@@ -150,6 +150,37 @@ public class SSLConfigJUnitTest {
}
@Test
+ /**
+ * Make sure that the old ssl-* properties work correctly
+ * with the new cluster-ssl-* properties.
+ */
+ public void testDeprecatedSSLWithCluster() {
+ Properties props = new Properties();
+ props.setProperty("ssl-ciphers", "RSA_WITH_GARBAGE" );
+ props.setProperty("ssl-protocols", "SSLv7" );
+ props.setProperty("ssl-require-authentication", String.valueOf( false ) );
+ props.setProperty("ssl-enabled", String.valueOf( true ) );
+ props.setProperty("mcast-port", "0" );
+ DistributionConfigImpl config = new DistributionConfigImpl( props );
+ isEqual( config.getClusterSSLEnabled(), true );
+ isEqual( config.getClusterSSLCiphers(), "RSA_WITH_GARBAGE" );
+ isEqual( config.getClusterSSLProtocols(), "SSLv7" );
+ isEqual( config.getClusterSSLRequireAuthentication(), false );
+
+ // now do the same thing but just set cluster-ssl-enabled
+ props.setProperty("ssl-ciphers", "RSA_WITH_GARBAGE" );
+ props.setProperty("ssl-protocols", "SSLv7" );
+ props.setProperty("ssl-require-authentication", String.valueOf( false ) );
+ props.setProperty("cluster-ssl-enabled", String.valueOf( true ) );
+ props.setProperty("mcast-port", "0" );
+ config = new DistributionConfigImpl( props );
+ isEqual( config.getClusterSSLEnabled(), true );
+ isEqual( config.getClusterSSLCiphers(), "RSA_WITH_GARBAGE" );
+ isEqual( config.getClusterSSLProtocols(), "SSLv7" );
+ isEqual( config.getClusterSSLRequireAuthentication(), false );
+ }
+
+ @Test
public void testClusterSSL( ) throws Exception {
Properties props = new Properties();
props.setProperty("cluster-ssl-ciphers", "RSA_WITH_GARBAGE" );
[05/13] incubator-geode git commit: the default config tests now
validate all ssl properties
Posted by ds...@apache.org.
the default config tests now validate all ssl properties
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/8fe7c91c
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/8fe7c91c
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/8fe7c91c
Branch: refs/heads/feature/GEODE-417
Commit: 8fe7c91c2143443ddb0aaafc8100f18afb337f3e
Parents: e47ae53
Author: Darrel Schneider <ds...@pivotal.io>
Authored: Thu Oct 8 13:39:06 2015 -0700
Committer: Darrel Schneider <ds...@pivotal.io>
Committed: Fri Oct 16 16:28:04 2015 -0700
----------------------------------------------------------------------
.../gemfire/internal/SSLConfigJUnitTest.java | 128 +++++++++----------
1 file changed, 60 insertions(+), 68 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8fe7c91c/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java b/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
index 419281c..34d7ee5 100755
--- a/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
+++ b/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
@@ -103,17 +103,14 @@ public class SSLConfigJUnitTest {
Properties props = new Properties( );
// default mcast-port is not 0.
props.setProperty( "ssl-enabled", "true" );
-
try {
new DistributionConfigImpl( props );
+ fail("Expected IllegalArgumentException");
} catch ( IllegalArgumentException e ) {
if (! e.toString().matches( ".*Could not set \"ssl-enabled.*" ) ) {
throw new Exception( "did not get expected exception, got this instead...", e );
}
}
-
- props.setProperty( "mcast-port", "0" );
- new DistributionConfigImpl( props );
}
@Test
@@ -121,17 +118,14 @@ public class SSLConfigJUnitTest {
Properties props = new Properties( );
// default mcast-port is not 0.
props.setProperty( "cluster-ssl-enabled", "true" );
-
try {
new DistributionConfigImpl( props );
+ fail("Expected IllegalArgumentException");
} catch ( IllegalArgumentException e ) {
if (! e.toString().matches( ".*Could not set \"cluster-ssl-enabled.*" ) ) {
throw new Exception( "did not get expected exception, got this instead...", e );
}
}
-
- props.setProperty( "mcast-port", "0" );
- new DistributionConfigImpl( props );
}
@Test
@@ -250,78 +244,76 @@ public class SSLConfigJUnitTest {
isEqual( config.getClusterSSLRequireAuthentication(), requireAuth );
}
- @Test
- public void testManagerDefaultConfig() throws Exception {
- boolean sslenabled = false;
- String sslprotocols = "any";
- String sslciphers = "any";
- boolean requireAuth = true;
-
- boolean jmxManagerSsl = false;
- boolean jmxManagerSslenabled = false;
- String jmxManagerSslprotocols = "any";
- String jmxManagerSslciphers = "any";
- boolean jmxManagerSslRequireAuth = true;
+ public void testClusterDefaultConfig() throws Exception {
+ DistributionConfigImpl config = new DistributionConfigImpl( new Properties() );
+ isEqual( config.getClusterSSLEnabled(), false );
+ isEqual( config.getClusterSSLProtocols(), "any" );
+ isEqual( config.getClusterSSLCiphers(), "any" );
+ isEqual( config.getClusterSSLRequireAuthentication(), true );
+ isEqual( config.getClusterSSLKeyStore(), "" );
+ isEqual( config.getClusterSSLKeyStoreType(), "" );
+ isEqual( config.getClusterSSLKeyStorePassword(), "" );
+ isEqual( config.getClusterSSLTrustStore(), "" );
+ isEqual( config.getClusterSSLTrustStorePassword(), "" );
+ isEqual( config.getClusterSSLProperties(), new Properties() );
+ }
+ public void testManagerDefaultConfig() throws Exception {
DistributionConfigImpl config = new DistributionConfigImpl( new Properties() );
- isEqual( config.getClusterSSLEnabled(), sslenabled );
- isEqual( config.getClusterSSLProtocols(), sslprotocols );
- isEqual( config.getClusterSSLCiphers(), sslciphers );
- isEqual( config.getClusterSSLRequireAuthentication(), requireAuth );
-
- isEqual( config.getJmxManagerSSLEnabled(), jmxManagerSsl);
- isEqual( config.getJmxManagerSSLEnabled(), jmxManagerSslenabled );
- isEqual( config.getJmxManagerSSLProtocols(), jmxManagerSslprotocols );
- isEqual( config.getJmxManagerSSLCiphers(), jmxManagerSslciphers );
- isEqual( config.getJmxManagerSSLRequireAuthentication(), jmxManagerSslRequireAuth );
+ isEqual( config.getJmxManagerSSLEnabled(), false );
+ isEqual( config.getJmxManagerSSLProtocols(), "any" );
+ isEqual( config.getJmxManagerSSLCiphers(), "any" );
+ isEqual( config.getJmxManagerSSLRequireAuthentication(), true );
+ isEqual( config.getJmxManagerSSLKeyStore(), "" );
+ isEqual( config.getJmxManagerSSLKeyStoreType(), "" );
+ isEqual( config.getJmxManagerSSLKeyStorePassword(), "" );
+ isEqual( config.getJmxManagerSSLTrustStore(), "" );
+ isEqual( config.getJmxManagerSSLTrustStorePassword(), "" );
+ isEqual( config.getJmxSSLProperties(), new Properties() );
}
@Test
public void testCacheServerDefaultConfig() throws Exception {
- boolean sslenabled = false;
- String sslprotocols = "any";
- String sslciphers = "any";
- boolean requireAuth = true;
-
- boolean cacheServerSslenabled = false;
- String cacheServerSslprotocols = "any";
- String cacheServerSslciphers = "any";
- boolean cacheServerSslRequireAuth = true;
-
DistributionConfigImpl config = new DistributionConfigImpl( new Properties() );
- isEqual( config.getClusterSSLEnabled(), sslenabled );
- isEqual( config.getClusterSSLProtocols(), sslprotocols );
- isEqual( config.getClusterSSLCiphers(), sslciphers );
- isEqual( config.getClusterSSLRequireAuthentication(), requireAuth );
-
- isEqual( config.getServerSSLEnabled(), cacheServerSslenabled );
- isEqual( config.getServerSSLProtocols(), cacheServerSslprotocols );
- isEqual( config.getServerSSLCiphers(), cacheServerSslciphers );
- isEqual( config.getServerSSLRequireAuthentication(), cacheServerSslRequireAuth );
+ isEqual( config.getServerSSLEnabled(), false );
+ isEqual( config.getServerSSLProtocols(), "any" );
+ isEqual( config.getServerSSLCiphers(), "any" );
+ isEqual( config.getServerSSLRequireAuthentication(), true );
+ isEqual( config.getServerSSLKeyStore(), "" );
+ isEqual( config.getServerSSLKeyStoreType(), "" );
+ isEqual( config.getServerSSLKeyStorePassword(), "" );
+ isEqual( config.getServerSSLTrustStore(), "" );
+ isEqual( config.getServerSSLTrustStorePassword(), "" );
+ isEqual( config.getServerSSLProperties(), new Properties() );
}
@Test
public void testGatewayDefaultConfig() throws Exception {
- boolean sslenabled = false;
- String sslprotocols = "any";
- String sslciphers = "any";
- boolean requireAuth = true;
-
- boolean gatewaySslenabled = false;
- String gatewaySslprotocols = "any";
- String gatewaySslciphers = "any";
- boolean gatewaySslRequireAuth = true;
-
DistributionConfigImpl config = new DistributionConfigImpl( new Properties() );
- isEqual( config.getClusterSSLEnabled(), sslenabled );
- isEqual( config.getClusterSSLProtocols(), sslprotocols );
- isEqual( config.getClusterSSLCiphers(), sslciphers );
- isEqual( config.getClusterSSLRequireAuthentication(), requireAuth );
-
- isEqual( config.getGatewaySSLEnabled(), gatewaySslenabled );
- isEqual( config.getGatewaySSLProtocols(), gatewaySslprotocols );
- isEqual( config.getGatewaySSLCiphers(), gatewaySslciphers );
- isEqual( config.getGatewaySSLRequireAuthentication(), gatewaySslRequireAuth );
+ isEqual( config.getGatewaySSLEnabled(), false );
+ isEqual( config.getGatewaySSLProtocols(), "any" );
+ isEqual( config.getGatewaySSLCiphers(), "any" );
+ isEqual( config.getGatewaySSLRequireAuthentication(), true );
+ isEqual( config.getGatewaySSLKeyStore(), "" );
+ isEqual( config.getGatewaySSLKeyStoreType(), "" );
+ isEqual( config.getGatewaySSLKeyStorePassword(), "" );
+ isEqual( config.getGatewaySSLTrustStore(), "" );
+ isEqual( config.getGatewaySSLTrustStorePassword(), "" );
+ isEqual( config.getGatewaySSLProperties(), new Properties() );
+ }
+
+ public void testHttpServiceDefaultConfig() throws Exception {
+ DistributionConfigImpl config = new DistributionConfigImpl( new Properties() );
+ isEqual( config.getHttpServiceSSLEnabled(), false );
+ isEqual( config.getHttpServiceSSLProtocols(), "any" );
+ isEqual( config.getHttpServiceSSLCiphers(), "any" );
+ isEqual( config.getHttpServiceSSLRequireAuthentication(), false );
+ isEqual( config.getHttpServiceSSLKeyStore(), "" );
+ isEqual( config.getHttpServiceSSLKeyStoreType(), "" );
+ isEqual( config.getHttpServiceSSLKeyStorePassword(), "" );
+ isEqual( config.getHttpServiceSSLTrustStore(), "" );
+ isEqual( config.getHttpServiceSSLTrustStorePassword(), "" );
+ isEqual( config.getHttpServiceSSLProperties(), new Properties() );
}
[11/13] incubator-geode git commit: no more warnings
Posted by ds...@apache.org.
no more warnings
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/b0508aec
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/b0508aec
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/b0508aec
Branch: refs/heads/feature/GEODE-417
Commit: b0508aec6580c254b5aacaa68a79ccaf36e738c5
Parents: 738551a
Author: Darrel Schneider <ds...@pivotal.io>
Authored: Fri Oct 9 09:26:08 2015 -0700
Committer: Darrel Schneider <ds...@pivotal.io>
Committed: Fri Oct 16 16:44:56 2015 -0700
----------------------------------------------------------------------
.../java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/b0508aec/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java b/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
index 656deee..908b710 100755
--- a/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
+++ b/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
@@ -597,6 +597,7 @@ public class SSLConfigJUnitTest {
@Test
+ @SuppressWarnings("deprecation")
public void testManagerConfig() throws Exception {
boolean sslenabled = false;
String sslprotocols = "any";
@@ -613,7 +614,7 @@ public class SSLConfigJUnitTest {
gemFireProps.put(DistributionConfig.JMX_MANAGER_SSL_NAME, "true");
gemFireProps.put(DistributionConfig.JMX_MANAGER_SSL_ENABLED_NAME, "false");
try{
- DistributionConfigImpl config = new DistributionConfigImpl( gemFireProps );
+ new DistributionConfigImpl( gemFireProps );
fail("Expected IllegalArgumentException");
}catch(IllegalArgumentException e){
if (! e.toString().contains( "Gemfire property \'jmx-manager-ssl\' and \'jmx-manager-ssl-enabled\' can not be used at the same time")) {
@@ -725,6 +726,7 @@ public class SSLConfigJUnitTest {
}
@Test
+ @SuppressWarnings("deprecation")
public void testCustomizedClusterSslConfig() throws Exception {
boolean sslenabled = true;
[03/13] incubator-geode git commit: improved test51531
Posted by ds...@apache.org.
improved test51531
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/7d348fe9
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/7d348fe9
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/7d348fe9
Branch: refs/heads/feature/GEODE-417
Commit: 7d348fe9cb87aaa9f03e891e9c8180b403008c54
Parents: e45f5e3
Author: Darrel Schneider <ds...@pivotal.io>
Authored: Thu Oct 8 11:00:08 2015 -0700
Committer: Darrel Schneider <ds...@pivotal.io>
Committed: Fri Oct 16 16:28:04 2015 -0700
----------------------------------------------------------------------
.../gemfire/internal/SSLConfigIntegrationJUnitTest.java | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/7d348fe9/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigIntegrationJUnitTest.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigIntegrationJUnitTest.java b/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigIntegrationJUnitTest.java
index 3005ed9..27623d7 100644
--- a/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigIntegrationJUnitTest.java
+++ b/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigIntegrationJUnitTest.java
@@ -22,6 +22,7 @@ public class SSLConfigIntegrationJUnitTest {
@Test
public void test51531() {
Cache mCache = new CacheFactory().set("mcast-port", "0").set("jmx-manager", "true").create();
+ try {
ManagementService mService = ManagementService.getManagementService(mCache);
MemberMXBean mMemberBean = mService.getMemberMXBean();
GemFireProperties mGemFireProperties = mMemberBean.listGemFireProperties();
@@ -30,6 +31,10 @@ public class SSLConfigIntegrationJUnitTest {
assertTrue(mGemFireProperties.isClusterSSLRequireAuthentication());
assertTrue(mGemFireProperties.isGatewaySSLRequireAuthentication());
assertTrue(mGemFireProperties.isJmxManagerSSLRequireAuthentication());
- mCache.close();
+ // unlike all others, http-server defaults to false
+ assertFalse(mGemFireProperties.isHttpServiceSSLRequireAuthentication());
+ } finally {
+ mCache.close();
+ }
}
}
[10/13] incubator-geode git commit: fixed javadocs of ssl properties
Posted by ds...@apache.org.
fixed javadocs of ssl properties
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/9c8eaac2
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/9c8eaac2
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/9c8eaac2
Branch: refs/heads/feature/GEODE-417
Commit: 9c8eaac2c945960a8d3cf683bc23981e9bfcde51
Parents: 1012ae4
Author: Darrel Schneider <ds...@pivotal.io>
Authored: Fri Oct 9 11:22:38 2015 -0700
Committer: Darrel Schneider <ds...@pivotal.io>
Committed: Fri Oct 16 16:44:56 2015 -0700
----------------------------------------------------------------------
.../gemfire/distributed/DistributedSystem.java | 260 +++++++++++++------
1 file changed, 184 insertions(+), 76 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9c8eaac2/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/DistributedSystem.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/DistributedSystem.java b/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/DistributedSystem.java
index 7446eff..0aedb51 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/DistributedSystem.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/DistributedSystem.java
@@ -919,11 +919,7 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
*
* <dl>
* <a name="jmx-manager-ssl"><dt>jmx-manager-ssl</dt></a>
- * <dd><U>Description</U>: If true and jmx-manager-port is not zero then the jmx-manager
- * will only accept ssl connections. Note that the ssl-enabled property does not apply to the jmx-manager
- * but the other ssl properties do. This allows ssl to be configured for just the jmx-manager
- * without needing to configure it for the other GemFire connections.
- * Ignored if jmx-manager is false.
+ * <dd><U>Description</U>: See jmx-manager-ssl-enabled.
* </dd>
* <dd><U>Default</U>: "false"</dd>
* <dd><U>Deprecated</U>: as of 8.0 use <a href="#jmx-manager-ssl-enabled"><code>jmx-manager-ssl-enabled</code></a> instead.</dd>
@@ -931,42 +927,55 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
*
* <dl>
* <a name="jmx-manager-ssl-enabled"><dt>jmx-manager-ssl-enabled</dt></a>
- * <dd><U>Description</U>: If true and jmx-manager-port is not zero then the jmx-manager
- * will only accept ssl connections. Note that the ssl-enabled property does not apply to the jmx-manager
- * but the other ssl properties do. This allows ssl to be configured for just the jmx-manager
- * without needing to configure it for the other GemFire connections.
- * Ignored if jmx-manager is false.
+ * <dd><U>Description</U>: If specified then it determines if the jmx manager
+ * will use ssl.
+ * If not specified its value is inherited from cluster-ssl-enabled.
* </dd>
- * <dd><U>Default</U>: "false"</dd>
+ * <dd><U>Default</U>: <code>false</code></dd>
+ * <dd><U>Since</U>: 8.0</dd>
* </dl>
*
* <dl>
* <a name="jmx-manager-ssl-ciphers"><dt>jmx-manager-ssl-ciphers</dt></a>
- * <dd><U>Description</U>: A space seperated list of the SSL cipher suites to enable.
+ * <dd><U>Description</U>: If specified then it determines the ssl ciphers
+ * to use for the jmx manager.
+ * If not specified its value is inherited from cluster-ssl-ciphers.
+ * This property is ignored if jmx-manager-ssl-enabled is false.
+ * Value is a space separated list of the SSL cipher suites.
* Those listed must be supported by the available providers.
- * </dd>
- * <dd><U>Default</U>: "any"</dd>
+ * </dd>
+ * <dd><U>Default</U>: <code>any</code></dd>
* </dl>
- *
+ *
* <dl>
* <a name="jmx-manager-ssl-protocols"><dt>jmx-manager-ssl-protocols</dt></a>
- * <dd><U>Description</U>: A space seperated list of the SSL protocols to enable.
+ * <dd><U>Description</U>: If specified then it determines the ssl protocols
+ * to use for the jmx manager.
+ * If not specified its value is inherited from cluster-ssl-protocols.
+ * This property is ignored if jmx-manager-ssl-enabled is false.
+ * Value is a space separated list of the SSL protocols.
* Those listed must be supported by the available providers.
* </dd>
- * <dd><U>Default</U>: "any"</dd>
+ * <dd><U>Default</U>: <code>any</code></dd>
* </dl>
- *
+ *
* <dl>
* <a name="jmx-manager-ssl-require-authentication"><dt>jmx-manager-ssl-require-authentication</dt></a>
- * <dd><U>Description</U>: If false, allow ciphers that do not require the client
- * side of the connection to be authenticated.
- * </dd>
- * <dd><U>Default</U>: "true"</dd>
+ * <dd><U>Description</U>: If specified then it determines if ssl authentication
+ * will be done by the jmx manager on incoming connections.
+ * If not specified its value is inherited from cluster-ssl-require-authentication.
+ * This property is ignored if jmx-manager-ssl-enabled is false.
+ * </dd>
+ * <dd><U>Default</U>: <code>true</code></dd>
* </dl>
*
* <dl>
* <a name="jmx-manager-ssl-keystore"><dt>jmx-manager-ssl-keystore</dt></a>
- * <dd><U>Description</U>Location of the Java keystore file containing
+ * <dd><U>Description</U>If specified then it determines the ssl keystore
+ * to use for the jmx manager.
+ * If not specified its value is inherited from cluster-ssl-keystore.
+ * This property is ignored if jmx-manager-ssl-enabled is false.
+ * Value is the location of the Java keystore file containing
* certificate and private key.
* </dd>
* <dd><U>Default</U>: ""</dd>
@@ -975,7 +984,11 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
*
* <dl>
* <a name="jmx-manager-ssl-keystore-type"><dt>jmx-manager-ssl-keystore-type</dt></a>
- * <dd><U>Description</U>For Java keystore file format, this property has the
+ * <dd><U>Description</U>If specified then it determines the ssl keystore type
+ * to use for the jmx manager.
+ * If not specified its value is inherited from cluster-ssl-keystore-type.
+ * This property is ignored if jmx-manager-ssl-enabled is false.
+ * For Java keystore file format, this property has the
* value jks (or JKS).
* </dd>
* <dd><U>Default</U>: ""</dd>
@@ -984,8 +997,11 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
*
* <dl>
* <a name="jmx-manager-ssl-keystore-password"><dt>jmx-manager-ssl-keystore-password</dt></a>
- * <dd><U>Description</U>Password to access the private key from the keystore
- * file specified by javax.net.ssl.keyStore.
+ * <dd><U>Description</U>If specified then it determines the ssl keystore password
+ * to use for the jmx manager.
+ * If not specified its value is inherited from cluster-ssl-keystore-password.
+ * This property is ignored if jmx-manager-ssl-enabled is false.
+ * Value is the password to access the private key from the keystore.
* </dd>
* <dd><U>Default</U>: ""</dd>
* <dd><U>Since</U>: 8.0</dd>
@@ -993,17 +1009,24 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
*
* <dl>
* <a name="jmx-manager-ssl-truststore"><dt>jmx-manager-ssl-truststore</dt></a>
- * <dd><U>Description</U>Location of the Java keystore file containing the
- * collection of CA certificates trusted by manager (trust store).
+ * <dd><U>Description</U>If specified then it determines the ssl truststore
+ * to use for the jmx manager.
+ * If not specified its value is inherited from cluster-ssl-truststore.
+ * This property is ignored if jmx-manager-ssl-enabled is false.
+ * Value is the location of the Java keystore file containing the
+ * collection of CA certificates trusted by server (trust store).
* </dd>
* <dd><U>Default</U>: ""</dd>
* <dd><U>Since</U>: 8.0</dd>
* </dl>
- *
+ *
* <dl>
* <a name="jmx-manager-ssl-truststore-password"><dt>jmx-manager-ssl-truststore-password</dt></a>
- * <dd><U>Description</U>Password to unlock the keystore file (store password)
- * specified by javax.net.ssl.trustStore.
+ * <dd><U>Description</U>If specified then it determines the ssl truststore password
+ * to use for the jmx manager.
+ * If not specified its value is inherited from cluster-ssl-truststore-password.
+ * This property is ignored if jmx-manager-ssl-enabled is false.
+ * Value is the password to unlock the truststore file.
* </dd>
* <dd><U>Default</U>: ""</dd>
* <dd><U>Since</U>: 8.0</dd>
@@ -1106,10 +1129,9 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
*
* <dl>
* <a name="http-service-ssl-enabled"><dt>http-service-ssl-enabled</dt></a>
- * <dd><U>Description</U>: Specifies if http service is started with separate ssl configuration.
- * If not specified, global property cluster-ssl-enabled (and its other related properties) are used
- * to secure http service. All http-service-ssl-* properties are inherited from cluster-ssl-* properties.
- * User can ovverride them using specific http-service-ssl-* property.
+ * <dd><U>Description</U>: If specified then it determines if the http service
+ * will use ssl.
+ * If not specified its value is inherited from cluster-ssl-enabled.
* </dd>
* <dd><U>Default</U>: <code>false</code></dd>
* <dd><U>Since</U>: 8.1</dd>
@@ -1117,7 +1139,11 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
*
* <dl>
* <a name="http-service-ssl-ciphers"><dt>http-service-ssl-ciphers</dt></a>
- * <dd><U>Description</U>: A space separated list of the SSL cipher suites to enable.
+ * <dd><U>Description</U>: If specified then it determines the ssl ciphers
+ * to use for the http service.
+ * If not specified its value is inherited from cluster-ssl-ciphers.
+ * This property is ignored if http-service-ssl-enabled is false.
+ * Value is a space separated list of the SSL cipher suites.
* Those listed must be supported by the available providers.
* </dd>
* <dd><U>Default</U>: <code>any</code></dd>
@@ -1126,7 +1152,11 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
*
* <dl>
* <a name="http-service-ssl-protocols"><dt>http-service-ssl-protocols</dt></a>
- * <dd><U>Description</U>: A space separated list of the SSL protocols to enable.
+ * <dd><U>Description</U>: If specified then it determines the ssl protocols
+ * to use for the http service.
+ * If not specified its value is inherited from cluster-ssl-protocols.
+ * This property is ignored if http-service-ssl-enabled is false.
+ * Value is a space separated list of the SSL protocols.
* Those listed must be supported by the available providers.
* </dd>
* <dd><U>Default</U>: <code>any</code></dd>
@@ -1135,8 +1165,10 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
*
* <dl>
* <a name="http-service-ssl-require-authentication"><dt>http-service-ssl-require-authentication</dt></a>
- * <dd><U>Description</U>: If false, allow ciphers that do not require the client
- * side of the connection to be authenticated.
+ * <dd><U>Description</U>: If specified then it determines if ssl authentication
+ * will be done by the http service.
+ * If not specified its value is inherited from cluster-ssl-require-authentication.
+ * This property is ignored if http-service-ssl-enabled is false.
* </dd>
* <dd><U>Default</U>: <code>false</code></dd>
* <dd><U>Since</U>: 8.1</dd>
@@ -1144,7 +1176,11 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
*
* <dl>
* <a name="http-service-ssl-keystore"><dt>http-service-ssl-keystore</dt></a>
- * <dd><U>Description</U>Location of the Java keystore file containing
+ * <dd><U>Description</U>If specified then it determines the ssl keystore
+ * to use for the http service.
+ * If not specified its value is inherited from cluster-ssl-keystore.
+ * This property is ignored if http-service-ssl-enabled is false.
+ * Value is the location of the Java keystore file containing
* certificate and private key.
* </dd>
* <dd><U>Default</U>: ""</dd>
@@ -1153,7 +1189,11 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
*
* <dl>
* <a name="http-service-ssl-keystore-type"><dt>http-service-ssl-keystore-type</dt></a>
- * <dd><U>Description</U>For Java keystore file format, this property has the
+ * <dd><U>Description</U>If specified then it determines the ssl keystore type
+ * to use for the http service.
+ * If not specified its value is inherited from cluster-ssl-keystore-type.
+ * This property is ignored if http-service-ssl-enabled is false.
+ * For Java keystore file format, this property has the
* value jks (or JKS).
* </dd>
* <dd><U>Default</U>: ""</dd>
@@ -1162,8 +1202,11 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
*
* <dl>
* <a name="http-service-ssl-keystore-password"><dt>http-service-ssl-keystore-password</dt></a>
- * <dd><U>Description</U>Password to access the private key from the keystore
- * file specified by javax.net.ssl.keyStore.
+ * <dd><U>Description</U>If specified then it determines the ssl keystore password
+ * to use for the http service.
+ * If not specified its value is inherited from cluster-ssl-keystore-password.
+ * This property is ignored if http-service-ssl-enabled is false.
+ * Value is the password to access the private key from the keystore.
* </dd>
* <dd><U>Default</U>: ""</dd>
* <dd><U>Since</U>: 8.1</dd>
@@ -1171,7 +1214,11 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
*
* <dl>
* <a name="http-service-ssl-truststore"><dt>http-service-ssl-truststore</dt></a>
- * <dd><U>Description</U>Location of the Java keystore file containing the
+ * <dd><U>Description</U>If specified then it determines the ssl truststore
+ * to use for the http service.
+ * If not specified its value is inherited from cluster-ssl-truststore.
+ * This property is ignored if http-service-ssl-enabled is false.
+ * Value is the location of the Java keystore file containing the
* collection of CA certificates trusted by server (trust store).
* </dd>
* <dd><U>Default</U>: ""</dd>
@@ -1180,8 +1227,11 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
*
* <dl>
* <a name="http-service-ssl-truststore-password"><dt>http-service-ssl-truststore-password</dt></a>
- * <dd><U>Description</U>Password to unlock the keystore file (store password)
- * specified by javax.net.ssl.trustStore.
+ * <dd><U>Description</U>If specified then it determines the ssl truststore password
+ * to use for the http service.
+ * If not specified its value is inherited from cluster-ssl-truststore-password.
+ * This property is ignored if http-service-ssl-enabled is false.
+ * Value is the password to unlock the truststore file.
* </dd>
* <dd><U>Default</U>: ""</dd>
* <dd><U>Since</U>: 8.1</dd>
@@ -1259,9 +1309,10 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
*
* <dl>
* <a name="server-ssl-enabled"><dt>server-ssl-enabled</dt></a>
- * <dd><U>Description</U>: Specifies if server is started with separate ssl configuration.
- * If not specified global property ssl-enabled (and its other related properties) are used
- * to create server socket
+ * <dd><U>Description</U>: If specified then it determines if client server connections
+ * will use ssl. These properties can be used on both the server side and
+ * the client side.
+ * If not specified its value is inherited from cluster-ssl-enabled.
* </dd>
* <dd><U>Default</U>: <code>false</code></dd>
* <dd><U>Since</U>: 8.0</dd>
@@ -1269,7 +1320,11 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
*
* <dl>
* <a name="server-ssl-ciphers"><dt>server-ssl-ciphers</dt></a>
- * <dd><U>Description</U>: A space seperated list of the SSL cipher suites to enable.
+ * <dd><U>Description</U>: If specified then it determines the ssl ciphers
+ * to use for client server connections.
+ * If not specified its value is inherited from cluster-ssl-ciphers.
+ * This property is ignored if server-ssl-enabled is false.
+ * Value is a space separated list of the SSL cipher suites.
* Those listed must be supported by the available providers.
* </dd>
* <dd><U>Default</U>: <code>any</code></dd>
@@ -1278,7 +1333,11 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
*
* <dl>
* <a name="server-ssl-protocols"><dt>server-ssl-protocols</dt></a>
- * <dd><U>Description</U>: A space seperated list of the SSL protocols to enable.
+ * <dd><U>Description</U>: If specified then it determines the ssl protocols
+ * to use for client server connections.
+ * If not specified its value is inherited from cluster-ssl-protocols.
+ * This property is ignored if server-ssl-enabled is false.
+ * Value is a space separated list of the SSL protocols.
* Those listed must be supported by the available providers.
* </dd>
* <dd><U>Default</U>: <code>any</code></dd>
@@ -1287,8 +1346,10 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
*
* <dl>
* <a name="server-ssl-require-authentication"><dt>server-ssl-require-authentication</dt></a>
- * <dd><U>Description</U>: If false, allow ciphers that do not require the client
- * side of the connection to be authenticated.
+ * <dd><U>Description</U>: If specified then it determines if ssl authentication
+ * will be done for the other side of client server connections.
+ * If not specified its value is inherited from cluster-ssl-require-authentication.
+ * This property is ignored if server-ssl-enabled is false.
* </dd>
* <dd><U>Default</U>: <code>true</code></dd>
* <dd><U>Since</U>: 8.0</dd>
@@ -1296,7 +1357,11 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
*
* <dl>
* <a name="server-ssl-keystore"><dt>server-ssl-keystore</dt></a>
- * <dd><U>Description</U>Location of the Java keystore file containing
+ * <dd><U>Description</U>If specified then it determines the ssl keystore
+ * to use for client server connections.
+ * If not specified its value is inherited from cluster-ssl-keystore.
+ * This property is ignored if server-ssl-enabled is false.
+ * Value is the location of the Java keystore file containing
* certificate and private key.
* </dd>
* <dd><U>Default</U>: ""</dd>
@@ -1305,7 +1370,11 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
*
* <dl>
* <a name="server-ssl-keystore-type"><dt>server-ssl-keystore-type</dt></a>
- * <dd><U>Description</U>For Java keystore file format, this property has the
+ * <dd><U>Description</U>If specified then it determines the ssl keystore type
+ * to use for client server connections.
+ * If not specified its value is inherited from cluster-ssl-keystore-type.
+ * This property is ignored if server-ssl-enabled is false.
+ * For Java keystore file format, this property has the
* value jks (or JKS).
* </dd>
* <dd><U>Default</U>: ""</dd>
@@ -1314,8 +1383,11 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
*
* <dl>
* <a name="server-ssl-keystore-password"><dt>server-ssl-keystore-password</dt></a>
- * <dd><U>Description</U>Password to access the private key from the keystore
- * file specified by javax.net.ssl.keyStore.
+ * <dd><U>Description</U>If specified then it determines the ssl keystore password
+ * to use for client server connections.
+ * If not specified its value is inherited from cluster-ssl-keystore-password.
+ * This property is ignored if server-ssl-enabled is false.
+ * Value is the password to access the private key from the keystore.
* </dd>
* <dd><U>Default</U>: ""</dd>
* <dd><U>Since</U>: 8.0</dd>
@@ -1323,17 +1395,24 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
*
* <dl>
* <a name="server-ssl-truststore"><dt>server-ssl-truststore</dt></a>
- * <dd><U>Description</U>Location of the Java keystore file containing the
+ * <dd><U>Description</U>If specified then it determines the ssl truststore
+ * to use for client server connections.
+ * If not specified its value is inherited from cluster-ssl-truststore.
+ * This property is ignored if server-ssl-enabled is false.
+ * Value is the location of the Java keystore file containing the
* collection of CA certificates trusted by server (trust store).
* </dd>
* <dd><U>Default</U>: ""</dd>
* <dd><U>Since</U>: 8.0</dd>
* </dl>
- *
+ *
* <dl>
* <a name="server-ssl-truststore-password"><dt>server-ssl-truststore-password</dt></a>
- * <dd><U>Description</U>Password to unlock the keystore file (store password)
- * specified by javax.net.ssl.trustStore.
+ * <dd><U>Description</U>If specified then it determines the ssl truststore password
+ * to use for client server connections.
+ * If not specified its value is inherited from cluster-ssl-truststore-password.
+ * This property is ignored if server-ssl-enabled is false.
+ * Value is the password to unlock the truststore file.
* </dd>
* <dd><U>Default</U>: ""</dd>
* <dd><U>Since</U>: 8.0</dd>
@@ -1343,9 +1422,10 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
*
* <dl>
* <a name="gateway-ssl-enabled"><dt>gateway-ssl-enabled</dt></a>
- * <dd><U>Description</U>: Specifies if gateway is started with separate ssl configuration.
- * If not specified global property ssl-enabled (and its other related properties) are used
- * to create gateway socket
+ * <dd><U>Description</U>: If specified then it determines if gateway connections
+ * will use ssl. These properties can be used on both the server side and
+ * the client side.
+ * If not specified its value is inherited from cluster-ssl-enabled.
* </dd>
* <dd><U>Default</U>: <code>false</code></dd>
* <dd><U>Since</U>: 8.0</dd>
@@ -1353,7 +1433,11 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
*
* <dl>
* <a name="gateway-ssl-ciphers"><dt>gateway-ssl-ciphers</dt></a>
- * <dd><U>Description</U>: A space seperated list of the SSL cipher suites to enable.
+ * <dd><U>Description</U>: If specified then it determines the ssl ciphers
+ * to use for gateway connections.
+ * If not specified its value is inherited from cluster-ssl-ciphers.
+ * This property is ignored if gateway-ssl-enabled is false.
+ * Value is a space separated list of the SSL cipher suites.
* Those listed must be supported by the available providers.
* </dd>
* <dd><U>Default</U>: <code>any</code></dd>
@@ -1362,7 +1446,11 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
*
* <dl>
* <a name="gateway-ssl-protocols"><dt>gateway-ssl-protocols</dt></a>
- * <dd><U>Description</U>: A space seperated list of the SSL protocols to enable.
+ * <dd><U>Description</U>: If specified then it determines the ssl protocols
+ * to use for gateway connections.
+ * If not specified its value is inherited from cluster-ssl-protocols.
+ * This property is ignored if gateway-ssl-enabled is false.
+ * Value is a space separated list of the SSL protocols.
* Those listed must be supported by the available providers.
* </dd>
* <dd><U>Default</U>: <code>any</code></dd>
@@ -1371,8 +1459,10 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
*
* <dl>
* <a name="gateway-ssl-require-authentication"><dt>gateway-ssl-require-authentication</dt></a>
- * <dd><U>Description</U>: If false, allow ciphers that do not require the Gateway Sender
- * side of the connection to be authenticated.
+ * <dd><U>Description</U>: If specified then it determines if ssl authentication
+ * will be done for the other side of gateway connections.
+ * If not specified its value is inherited from cluster-ssl-require-authentication.
+ * This property is ignored if gateway-ssl-enabled is false.
* </dd>
* <dd><U>Default</U>: <code>true</code></dd>
* <dd><U>Since</U>: 8.0</dd>
@@ -1380,7 +1470,11 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
*
* <dl>
* <a name="gateway-ssl-keystore"><dt>gateway-ssl-keystore</dt></a>
- * <dd><U>Description</U>Location of the Java keystore file containing
+ * <dd><U>Description</U>If specified then it determines the ssl keystore
+ * to use for gateway connections.
+ * If not specified its value is inherited from cluster-ssl-keystore.
+ * This property is ignored if gateway-ssl-enabled is false.
+ * Value is the location of the Java keystore file containing
* certificate and private key.
* </dd>
* <dd><U>Default</U>: ""</dd>
@@ -1389,7 +1483,11 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
*
* <dl>
* <a name="gateway-ssl-keystore-type"><dt>gateway-ssl-keystore-type</dt></a>
- * <dd><U>Description</U>For Java keystore file format, this property has the
+ * <dd><U>Description</U>If specified then it determines the ssl keystore type
+ * to use for gateway connections.
+ * If not specified its value is inherited from cluster-ssl-keystore-type.
+ * This property is ignored if gateway-ssl-enabled is false.
+ * For Java keystore file format, this property has the
* value jks (or JKS).
* </dd>
* <dd><U>Default</U>: ""</dd>
@@ -1398,8 +1496,11 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
*
* <dl>
* <a name="gateway-ssl-keystore-password"><dt>gateway-ssl-keystore-password</dt></a>
- * <dd><U>Description</U>Password to access the private key from the keystore
- * file specified by javax.net.ssl.keyStore.
+ * <dd><U>Description</U>If specified then it determines the ssl keystore password
+ * to use for gateway connections.
+ * If not specified its value is inherited from cluster-ssl-keystore-password.
+ * This property is ignored if gateway-ssl-enabled is false.
+ * Value is the password to access the private key from the keystore.
* </dd>
* <dd><U>Default</U>: ""</dd>
* <dd><U>Since</U>: 8.0</dd>
@@ -1407,17 +1508,24 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
*
* <dl>
* <a name="gateway-ssl-truststore"><dt>gateway-ssl-truststore</dt></a>
- * <dd><U>Description</U>Location of the Java keystore file containing the
+ * <dd><U>Description</U>If specified then it determines the ssl truststore
+ * to use for gateway connections.
+ * If not specified its value is inherited from cluster-ssl-truststore.
+ * This property is ignored if gateway-ssl-enabled is false.
+ * Value is the location of the Java keystore file containing the
* collection of CA certificates trusted by server (trust store).
* </dd>
* <dd><U>Default</U>: ""</dd>
* <dd><U>Since</U>: 8.0</dd>
* </dl>
- *
+ *
* <dl>
* <a name="gateway-ssl-truststore-password"><dt>gateway-ssl-truststore-password</dt></a>
- * <dd><U>Description</U>Password to unlock the keystore file (store password)
- * specified by javax.net.ssl.trustStore.
+ * <dd><U>Description</U>If specified then it determines the ssl truststore password
+ * to use for gateway connections.
+ * If not specified its value is inherited from cluster-ssl-truststore-password.
+ * This property is ignored if gateway-ssl-enabled is false.
+ * Value is the password to unlock the truststore file.
* </dd>
* <dd><U>Default</U>: ""</dd>
* <dd><U>Since</U>: 8.0</dd>
[12/13] incubator-geode git commit: cleaned up code
Posted by ds...@apache.org.
cleaned up code
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/9dd48c37
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/9dd48c37
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/9dd48c37
Branch: refs/heads/feature/GEODE-417
Commit: 9dd48c37e411e50a33c89983ffd5fa0fb43cd3c5
Parents: b0508ae
Author: Darrel Schneider <ds...@pivotal.io>
Authored: Fri Oct 9 09:36:05 2015 -0700
Committer: Darrel Schneider <ds...@pivotal.io>
Committed: Fri Oct 16 16:44:56 2015 -0700
----------------------------------------------------------------------
.../internal/DistributionConfigImpl.java | 25 ++++++++++----------
1 file changed, 13 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9dd48c37/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java b/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
index 960eff8..c9bcd01 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
@@ -134,9 +134,13 @@ public class DistributionConfigImpl
protected int logDiskSpaceLimit = DEFAULT_LOG_DISK_SPACE_LIMIT;
protected int logFileSizeLimit = DEFAULT_LOG_FILE_SIZE_LIMIT;
+ @SuppressWarnings("deprecation")
protected boolean sslEnabled = DEFAULT_SSL_ENABLED;
+ @SuppressWarnings("deprecation")
protected String sslProtocols = DEFAULT_SSL_PROTOCOLS;
+ @SuppressWarnings("deprecation")
protected String sslCiphers = DEFAULT_SSL_CIPHERS;
+ @SuppressWarnings("deprecation")
protected boolean sslRequireAuthentication = DEFAULT_SSL_REQUIRE_AUTHENTICATION;
protected boolean clusterSSLEnabled = DEFAULT_CLUSTER_SSL_ENABLED;
@@ -329,6 +333,7 @@ public class DistributionConfigImpl
private int jmxManagerHttpPort = DEFAULT_HTTP_SERVICE_PORT;
private int jmxManagerUpdateRate = DEFAULT_JMX_MANAGER_UPDATE_RATE;
+ @SuppressWarnings("deprecation")
private boolean jmxManagerSSL = DEFAULT_JMX_MANAGER_SSL;
private boolean jmxManagerSSLEnabled = DEFAULT_JMX_MANAGER_SSL_ENABLED;
private boolean jmxManagerSslRequireAuthentication = DEFAULT_JMX_MANAGER_SSL_REQUIRE_AUTHENTICATION;
@@ -395,6 +400,7 @@ public class DistributionConfigImpl
* Create a new <code>DistributionConfigImpl</code> from the
* contents of another <code>DistributionConfig</code>.
*/
+ @SuppressWarnings("deprecation")
public DistributionConfigImpl(DistributionConfig other) {
this.name = other.getName();
this.tcpPort = other.getTcpPort();
@@ -745,6 +751,7 @@ public class DistributionConfigImpl
}
}
+ @SuppressWarnings("deprecation")
private void validateOldSSLVsNewSSLProperties(Map props) {
String sslEnabledString = (String)props.get(SSL_ENABLED_NAME);
String clusterSSLEnabledString =(String)props.get(CLUSTER_SSL_ENABLED_NAME);
@@ -794,19 +801,10 @@ public class DistributionConfigImpl
}
}
- private static boolean equals(Object o1, Object o2) {
- if (o1 != null) {
- return o1.equals(o2);
- } else if (o2 != null) {
- return o2.equals(o1);
- } else {
- return o1 == o2;
- }
- }
-
/*
* ssl-* properties will be copied in cluster-ssl-* properties. Socket is using cluster-ssl-* properties
*/
+ @SuppressWarnings("deprecation")
private void copySSLPropsToClusterSSLProps() {
boolean clusterSSLOverriden = this.sourceMap.get(CLUSTER_SSL_ENABLED_NAME)!=null;
boolean p2pSSLOverRidden = this.sourceMap.get(SSL_ENABLED_NAME)!=null;
@@ -851,6 +849,7 @@ public class DistributionConfigImpl
* if jmx-manager-ssl-enabled is false, then use the properties from cluster-ssl-* properties
* if jmx-manager-ssl-*properties are given then use them, and copy the unspecified jmx-manager properties from cluster-properties
*/
+ @SuppressWarnings("deprecation")
private void copySSLPropsToJMXSSLProps() {
boolean jmxSSLEnabledOverriden = this.sourceMap.get(JMX_MANAGER_SSL_ENABLED_NAME)!=null;
boolean jmxSSLOverriden = this.sourceMap.get(JMX_MANAGER_SSL_NAME)!=null;
@@ -1220,6 +1219,7 @@ public class DistributionConfigImpl
}
}
+ @SuppressWarnings("deprecation")
public static boolean specialPropName(String propName) {
return propName.equalsIgnoreCase(SSL_ENABLED_NAME) ||
propName.equalsIgnoreCase(CLUSTER_SSL_ENABLED_NAME) ||
@@ -1307,6 +1307,7 @@ public class DistributionConfigImpl
}
}
+ @SuppressWarnings("deprecation")
private void initialize(Map props) {
// Allow attributes to be modified
this.modifiable = true;
@@ -1355,9 +1356,9 @@ public class DistributionConfigImpl
props.remove(SECURITY_SYSTEM_PREFIX + SECURITY_PEER_AUTH_INIT_NAME);
props.remove(SECURITY_SYSTEM_PREFIX + SECURITY_PEER_AUTHENTICATOR_NAME);
- Iterator iter = security.keySet().iterator();
+ Iterator<Object> iter = security.keySet().iterator();
while (iter.hasNext()) {
- props.remove(SECURITY_SYSTEM_PREFIX + (String)iter.next());
+ props.remove(SECURITY_SYSTEM_PREFIX + iter.next());
}
System.setProperties(props);
}
[02/13] incubator-geode git commit: Fixed javadocs of default value
of ssl-require-authentication. It used to say "any" but now says "true".
Posted by ds...@apache.org.
Fixed javadocs of default value of ssl-require-authentication. It used to say "any" but now says "true".
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/e47ae53f
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/e47ae53f
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/e47ae53f
Branch: refs/heads/feature/GEODE-417
Commit: e47ae53f2bba009544a86f057f84954dcd5f0dfd
Parents: 7d348fe
Author: Darrel Schneider <ds...@pivotal.io>
Authored: Thu Oct 8 11:05:40 2015 -0700
Committer: Darrel Schneider <ds...@pivotal.io>
Committed: Fri Oct 16 16:28:04 2015 -0700
----------------------------------------------------------------------
.../java/com/gemstone/gemfire/distributed/DistributedSystem.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/e47ae53f/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/DistributedSystem.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/DistributedSystem.java b/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/DistributedSystem.java
index 21be43f..7446eff 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/DistributedSystem.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/DistributedSystem.java
@@ -1290,7 +1290,7 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
* <dd><U>Description</U>: If false, allow ciphers that do not require the client
* side of the connection to be authenticated.
* </dd>
- * <dd><U>Default</U>: <code>any</code></dd>
+ * <dd><U>Default</U>: <code>true</code></dd>
* <dd><U>Since</U>: 8.0</dd>
* </dl>
*
@@ -1374,7 +1374,7 @@ import com.gemstone.gemfire.security.GemFireSecurityException;
* <dd><U>Description</U>: If false, allow ciphers that do not require the Gateway Sender
* side of the connection to be authenticated.
* </dd>
- * <dd><U>Default</U>: <code>any</code></dd>
+ * <dd><U>Default</U>: <code>true</code></dd>
* <dd><U>Since</U>: 8.0</dd>
* </dl>
*
[13/13] incubator-geode git commit: fixes SSLConfig unit test imports
Posted by ds...@apache.org.
fixes SSLConfig unit test imports
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/389030d6
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/389030d6
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/389030d6
Branch: refs/heads/feature/GEODE-417
Commit: 389030d666c928ad7c5a09e6d642ff4d7be70919
Parents: 9c8eaac
Author: Darrel Schneider <ds...@pivotal.io>
Authored: Fri Oct 16 16:34:04 2015 -0700
Committer: Darrel Schneider <ds...@pivotal.io>
Committed: Fri Oct 16 16:44:57 2015 -0700
----------------------------------------------------------------------
.../gemstone/gemfire/internal/SSLConfigIntegrationJUnitTest.java | 1 +
.../test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java | 1 +
2 files changed, 2 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/389030d6/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigIntegrationJUnitTest.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigIntegrationJUnitTest.java b/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigIntegrationJUnitTest.java
index 27623d7..ae9a633 100644
--- a/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigIntegrationJUnitTest.java
+++ b/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigIntegrationJUnitTest.java
@@ -1,5 +1,6 @@
package com.gemstone.gemfire.internal;
+import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import org.junit.Test;
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/389030d6/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java b/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
index 2f7b053..0c7ba16 100755
--- a/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
+++ b/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
@@ -10,6 +10,7 @@ package com.gemstone.gemfire.internal;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.fail;
import java.util.Map.Entry;
import java.util.Properties;
[04/13] incubator-geode git commit: more test cleanup
Posted by ds...@apache.org.
more test cleanup
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/c8043d80
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/c8043d80
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/c8043d80
Branch: refs/heads/feature/GEODE-417
Commit: c8043d804e989ec8d706d2d94a4c50f8d1c58f06
Parents: 8fe7c91
Author: Darrel Schneider <ds...@pivotal.io>
Authored: Thu Oct 8 14:05:17 2015 -0700
Committer: Darrel Schneider <ds...@pivotal.io>
Committed: Fri Oct 16 16:28:04 2015 -0700
----------------------------------------------------------------------
.../gemfire/internal/SSLConfigJUnitTest.java | 144 +++++--------------
1 file changed, 36 insertions(+), 108 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/c8043d80/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java b/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
index 34d7ee5..de1f31a 100755
--- a/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
+++ b/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
@@ -86,11 +86,11 @@ public class SSLConfigJUnitTest {
JMX_SSL_PROPS_SUBSET_MAP.put("jmx-manager-ssl-keystore", "/export/gemfire-configs/manager.keystore");
JMX_SSL_PROPS_SUBSET_MAP.put("jmx-manager-ssl-truststore", "/export/gemfire-configs/manager.truststore");
- // Partially over-ridden SSL Properties for GemFire JMX Manager connections
+ // Partially over-ridden SSL Properties for GemFire CacheServer connections
SERVER_PROPS_SUBSET_MAP.put("server-ssl-keystore", "/export/gemfire-configs/cacheserver.keystore");
SERVER_PROPS_SUBSET_MAP.put("server-ssl-truststore", "/export/gemfire-configs/cacheserver.truststore");
- // Partially over-ridden SSL Properties for GemFire JMX Manager connections
+ // Partially over-ridden SSL Properties for GemFire gateway connections
GATEWAY_PROPS_SUBSET_MAP.put("gateway-ssl-keystore", "/export/gemfire-configs/gateway.keystore");
GATEWAY_PROPS_SUBSET_MAP.put("gateway-ssl-truststore", "/export/gemfire-configs/gateway.truststore");
@@ -129,121 +129,42 @@ public class SSLConfigJUnitTest {
}
@Test
- public void testConfigCopyWithSSL( ) throws Exception {
- boolean sslenabled = false;
- String sslprotocols = "any";
- String sslciphers = "any";
- boolean requireAuth = true;
-
+ public void testConfigCopyWithSSL( ) {
DistributionConfigImpl config = new DistributionConfigImpl( new Properties() );
- isEqual( config.getSSLEnabled(), sslenabled );
- isEqual( config.getSSLProtocols(), sslprotocols );
- isEqual( config.getSSLCiphers(), sslciphers );
- isEqual( config.getSSLRequireAuthentication(), requireAuth );
+ isEqual( config.getSSLEnabled(), false );
+ isEqual( config.getSSLProtocols(), "any" );
+ isEqual( config.getSSLCiphers(), "any" );
+ isEqual( config.getSSLRequireAuthentication(), true );
Properties props = new Properties();
- sslciphers = "RSA_WITH_GARBAGE";
- props.setProperty("ssl-ciphers", sslciphers );
-
- config = new DistributionConfigImpl( props );
- isEqual( config.getSSLEnabled(), sslenabled );
- isEqual( config.getSSLProtocols(), sslprotocols );
- isEqual( config.getSSLCiphers(), sslciphers );
- isEqual( config.getSSLRequireAuthentication(), requireAuth );
-
- sslprotocols = "SSLv7";
- props.setProperty("ssl-protocols", sslprotocols );
-
- config = new DistributionConfigImpl( props );
- isEqual( config.getSSLEnabled(), sslenabled );
- isEqual( config.getSSLProtocols(), sslprotocols );
- isEqual( config.getSSLCiphers(), sslciphers );
- isEqual( config.getSSLRequireAuthentication(), requireAuth );
-
- requireAuth = false;
- props.setProperty("ssl-require-authentication", String.valueOf( requireAuth ) );
-
- config = new DistributionConfigImpl( props );
- isEqual( config.getSSLEnabled(), sslenabled );
- isEqual( config.getSSLProtocols(), sslprotocols );
- isEqual( config.getSSLCiphers(), sslciphers );
- isEqual( config.getSSLRequireAuthentication(), requireAuth );
-
- sslenabled = true;
- props.setProperty("ssl-enabled", String.valueOf( sslenabled ) );
+ props.setProperty("ssl-ciphers", "RSA_WITH_GARBAGE" );
+ props.setProperty("ssl-protocols", "SSLv7" );
+ props.setProperty("ssl-require-authentication", String.valueOf( false ) );
+ props.setProperty("ssl-enabled", String.valueOf( true ) );
props.setProperty("mcast-port", "0" );
-
config = new DistributionConfigImpl( props );
- isEqual( config.getSSLEnabled(), sslenabled );
- isEqual( config.getSSLProtocols(), sslprotocols );
- isEqual( config.getSSLCiphers(), sslciphers );
- isEqual( config.getSSLRequireAuthentication(), requireAuth );
-
- config = new DistributionConfigImpl( config );
- isEqual( config.getSSLEnabled(), sslenabled );
- isEqual( config.getSSLProtocols(), sslprotocols );
- isEqual( config.getSSLCiphers(), sslciphers );
- isEqual( config.getSSLRequireAuthentication(), requireAuth );
+ isEqual( config.getSSLEnabled(), true );
+ isEqual( config.getSSLCiphers(), "RSA_WITH_GARBAGE" );
+ isEqual( config.getSSLProtocols(), "SSLv7" );
+ isEqual( config.getSSLRequireAuthentication(), false );
}
@Test
public void testConfigCopyWithClusterSSL( ) throws Exception {
- boolean sslenabled = false;
- String sslprotocols = "any";
- String sslciphers = "any";
- boolean requireAuth = true;
-
- DistributionConfigImpl config = new DistributionConfigImpl( new Properties() );
- isEqual( config.getClusterSSLEnabled(), sslenabled );
- isEqual( config.getClusterSSLProtocols(), sslprotocols );
- isEqual( config.getClusterSSLCiphers(), sslciphers );
- isEqual( config.getClusterSSLRequireAuthentication(), requireAuth );
-
Properties props = new Properties();
- sslciphers = "RSA_WITH_GARBAGE";
- props.setProperty("cluster-ssl-ciphers", sslciphers );
-
- config = new DistributionConfigImpl( props );
- isEqual( config.getClusterSSLEnabled(), sslenabled );
- isEqual( config.getClusterSSLProtocols(), sslprotocols );
- isEqual( config.getClusterSSLCiphers(), sslciphers );
- isEqual( config.getClusterSSLRequireAuthentication(), requireAuth );
-
- sslprotocols = "SSLv7";
- props.setProperty("cluster-ssl-protocols", sslprotocols );
-
- config = new DistributionConfigImpl( props );
- isEqual( config.getClusterSSLEnabled(), sslenabled );
- isEqual( config.getClusterSSLProtocols(), sslprotocols );
- isEqual( config.getClusterSSLCiphers(), sslciphers );
- isEqual( config.getClusterSSLRequireAuthentication(), requireAuth );
-
- requireAuth = false;
- props.setProperty("cluster-ssl-require-authentication", String.valueOf( requireAuth ) );
-
- config = new DistributionConfigImpl( props );
- isEqual( config.getClusterSSLEnabled(), sslenabled );
- isEqual( config.getClusterSSLProtocols(), sslprotocols );
- isEqual( config.getClusterSSLCiphers(), sslciphers );
- isEqual( config.getClusterSSLRequireAuthentication(), requireAuth );
-
- sslenabled = true;
- props.setProperty("cluster-ssl-enabled", String.valueOf( sslenabled ) );
+ props.setProperty("cluster-ssl-ciphers", "RSA_WITH_GARBAGE" );
+ props.setProperty("cluster-ssl-protocols", "SSLv7" );
+ props.setProperty("cluster-ssl-require-authentication", String.valueOf( false ) );
+ props.setProperty("cluster-ssl-enabled", String.valueOf( true ) );
props.setProperty("mcast-port", "0" );
-
- config = new DistributionConfigImpl( props );
- isEqual( config.getClusterSSLEnabled(), sslenabled );
- isEqual( config.getClusterSSLProtocols(), sslprotocols );
- isEqual( config.getClusterSSLCiphers(), sslciphers );
- isEqual( config.getClusterSSLRequireAuthentication(), requireAuth );
-
- config = new DistributionConfigImpl( config );
- isEqual( config.getClusterSSLEnabled(), sslenabled );
- isEqual( config.getClusterSSLProtocols(), sslprotocols );
- isEqual( config.getClusterSSLCiphers(), sslciphers );
- isEqual( config.getClusterSSLRequireAuthentication(), requireAuth );
+ DistributionConfigImpl config = new DistributionConfigImpl( props );
+ isEqual( config.getClusterSSLEnabled(), true );
+ isEqual( config.getClusterSSLCiphers(), "RSA_WITH_GARBAGE" );
+ isEqual( config.getClusterSSLProtocols(), "SSLv7" );
+ isEqual( config.getClusterSSLRequireAuthentication(), false );
}
+ @Test
public void testClusterDefaultConfig() throws Exception {
DistributionConfigImpl config = new DistributionConfigImpl( new Properties() );
isEqual( config.getClusterSSLEnabled(), false );
@@ -258,6 +179,7 @@ public class SSLConfigJUnitTest {
isEqual( config.getClusterSSLProperties(), new Properties() );
}
+ @Test
public void testManagerDefaultConfig() throws Exception {
DistributionConfigImpl config = new DistributionConfigImpl( new Properties() );
isEqual( config.getJmxManagerSSLEnabled(), false );
@@ -302,6 +224,7 @@ public class SSLConfigJUnitTest {
isEqual( config.getGatewaySSLProperties(), new Properties() );
}
+ @Test
public void testHttpServiceDefaultConfig() throws Exception {
DistributionConfigImpl config = new DistributionConfigImpl( new Properties() );
isEqual( config.getHttpServiceSSLEnabled(), false );
@@ -338,6 +261,7 @@ public class SSLConfigJUnitTest {
gemFireProps.put(DistributionConfig.JMX_MANAGER_SSL_REQUIRE_AUTHENTICATION_NAME, String.valueOf(jmxManagerSslRequireAuth));
try{
DistributionConfigImpl config = new DistributionConfigImpl( gemFireProps );
+ fail("Expected IllegalArgumentException");
}catch(IllegalArgumentException e){
if (! e.toString().contains( "Gemfire property \'jmx-manager-ssl\' and \'jmx-manager-ssl-enabled\' can not be used at the same time")) {
throw new Exception( "did not get expected exception, got this instead...", e );
@@ -459,13 +383,14 @@ public class SSLConfigJUnitTest {
DistributionConfigImpl config = null;
try{
config = new DistributionConfigImpl( gemFireProps );
+ fail("Expected IllegalArgumentException");
}catch(IllegalArgumentException e){
if (! e.toString().contains( "Gemfire property \'ssl-enabled\' and \'cluster-ssl-enabled\' can not be used at the same time")) {
throw new Exception( "did not get expected exception, got this instead...", e );
}
}
- //ssl-protocol and clsuter-ssl-protocol set at the same time
+ //ssl-protocol and cluster-ssl-protocol set at the same time
gemFireProps = new Properties();
gemFireProps.setProperty( "mcast-port", "0" );
gemFireProps.put(DistributionConfig.SSL_ENABLED_NAME, "true");
@@ -474,13 +399,14 @@ public class SSLConfigJUnitTest {
gemFireProps.put(DistributionConfig.CLUSTER_SSL_PROTOCOLS_NAME, clusterSslprotocols);
try{
config = new DistributionConfigImpl( gemFireProps );
+ fail("Expected IllegalArgumentException");
}catch(IllegalArgumentException e){
if (! e.toString().contains( "Gemfire property \'ssl-protocols\' and \'cluster-ssl-protocols\' can not be used at the same time") ) {
throw new Exception( "did not get expected exception, got this instead...", e );
}
}
- //ssl-cipher and clsuter-ssl-cipher set at the same time
+ //ssl-cipher and cluster-ssl-cipher set at the same time
gemFireProps = new Properties();
gemFireProps.setProperty( "mcast-port", "0" );
gemFireProps.put(DistributionConfig.SSL_ENABLED_NAME, "true");
@@ -489,13 +415,14 @@ public class SSLConfigJUnitTest {
gemFireProps.put(DistributionConfig.CLUSTER_SSL_CIPHERS_NAME, clusterSslciphers);
try{
config = new DistributionConfigImpl( gemFireProps );
+ fail("Expected IllegalArgumentException");
}catch(IllegalArgumentException e){
if (! e.toString().contains( "Gemfire property \'ssl-cipher\' and \'cluster-ssl-cipher\' can not be used at the same time") ) {
throw new Exception( "did not get expected exception, got this instead...", e );
}
}
- //ssl-require-authentication and clsuter-ssl-require-authentication set at the same time
+ //ssl-require-authentication and cluster-ssl-require-authentication set at the same time
gemFireProps = new Properties();
gemFireProps.setProperty( "mcast-port", "0" );
gemFireProps.put(DistributionConfig.SSL_ENABLED_NAME, "true");
@@ -504,6 +431,7 @@ public class SSLConfigJUnitTest {
gemFireProps.put(DistributionConfig.CLUSTER_SSL_REQUIRE_AUTHENTICATION_NAME, "true");
try{
config = new DistributionConfigImpl( gemFireProps );
+ //fail("Expected IllegalArgumentException");
}catch(IllegalArgumentException e){
if (! e.toString().contains( "Gemfire property \'ssl-require-authentication\' and \'cluster-ssl-require-authentication\' can not be used at the same time") ) {
throw new Exception( "did not get expected exception, got this instead...", e );
@@ -538,7 +466,7 @@ public class SSLConfigJUnitTest {
Properties clusterSSLProperties = config.getClusterSSLProperties();
isEqual( SSL_PROPS_MAP, clusterSSLProperties );
- //only clutser-ssl-properties provided.
+ //only cluster-ssl-properties provided.
gemFireProps = new Properties();
gemFireProps.setProperty("mcast-port", "0");
gemFireProps.put(DistributionConfig.CLUSTER_SSL_ENABLED_NAME, String.valueOf(clusterSslenabled));
[07/13] incubator-geode git commit: GEODE-419: use javax.net.ssl.*
properties even if ssl-enabled is not set
Posted by ds...@apache.org.
GEODE-419: use javax.net.ssl.* properties even if ssl-enabled is not set
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/348d0d93
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/348d0d93
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/348d0d93
Branch: refs/heads/feature/GEODE-417
Commit: 348d0d93a936783fc929296c5a9fe82c0c00baa0
Parents: 832e860
Author: Darrel Schneider <ds...@pivotal.io>
Authored: Thu Oct 8 16:41:12 2015 -0700
Committer: Darrel Schneider <ds...@pivotal.io>
Committed: Fri Oct 16 16:44:48 2015 -0700
----------------------------------------------------------------------
.../internal/DistributionConfigImpl.java | 13 +-
.../gemfire/internal/SSLConfigJUnitTest.java | 327 ++++++++++++++++++-
2 files changed, 332 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/348d0d93/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java b/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
index 43a1aee..34b0507 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
@@ -822,7 +822,6 @@ public class DistributionConfigImpl
this.clusterSSLRequireAuthentication = this.sslRequireAuthentication;
this.sourceMap.put(CLUSTER_SSL_REQUIRE_AUTHENTICATION_NAME,this.sourceMap.get(SSL_REQUIRE_AUTHENTICATION_NAME));
}
- this.clusterSSLProperties.putAll(this.sslProperties);
}
if (false/*clusterSSLOverriden*/) {
if (this.sourceMap.get(CLUSTER_SSL_CIPHERS_NAME)==null && this.sourceMap.get(SSL_CIPHERS_NAME) != null) {
@@ -2139,12 +2138,12 @@ public class DistributionConfigImpl
// use sslProperties as base and let props with suffix GATEWAY_SSL_PROPS_SUFFIX override that base
this.gatewaySslProperties.setProperty(attName, attValue);
}
-// if (!this.httpServiceSSLProperties.containsKey(attName)) {
-// this.httpServiceSSLProperties.setProperty(attName, attValue);
-// }
-// if (!this.clusterSSLProperties.containsKey(attName)) {
-// this.clusterSSLProperties.setProperty(attName, attValue);
-// }
+ if (!this.httpServiceSSLProperties.containsKey(attName)) {
+ this.httpServiceSSLProperties.setProperty(attName, attValue);
+ }
+ if (!this.clusterSSLProperties.containsKey(attName)) {
+ this.clusterSSLProperties.setProperty(attName, attValue);
+ }
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/348d0d93/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java b/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
index 595d791..96cb410 100755
--- a/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
+++ b/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
@@ -150,11 +150,17 @@ public class SSLConfigJUnitTest {
}
@Test
- public void testConfigCopyWithClusterSSL( ) throws Exception {
+ public void testClusterSSL( ) throws Exception {
Properties props = new Properties();
props.setProperty("cluster-ssl-ciphers", "RSA_WITH_GARBAGE" );
props.setProperty("cluster-ssl-protocols", "SSLv7" );
props.setProperty("cluster-ssl-require-authentication", String.valueOf( false ) );
+ props.setProperty("cluster-ssl-keystore", "clusterKeyStore");
+ props.setProperty("cluster-ssl-keystore-type", "clusterKeyStoreType");
+ props.setProperty("cluster-ssl-keystore-password", "clusterKeyStorePassword");
+ props.setProperty("cluster-ssl-truststore", "clusterTrustStore");
+ props.setProperty("cluster-ssl-truststore-password", "clusterTrustStorePassword");
+ props.setProperty("javax.net.ssl.FOO", "BAR");
props.setProperty("cluster-ssl-enabled", String.valueOf( true ) );
props.setProperty("mcast-port", "0" );
DistributionConfigImpl config = new DistributionConfigImpl( props );
@@ -162,6 +168,325 @@ public class SSLConfigJUnitTest {
isEqual( config.getClusterSSLCiphers(), "RSA_WITH_GARBAGE" );
isEqual( config.getClusterSSLProtocols(), "SSLv7" );
isEqual( config.getClusterSSLRequireAuthentication(), false );
+ isEqual( config.getClusterSSLKeyStore(), "clusterKeyStore" );
+ isEqual( config.getClusterSSLKeyStoreType(), "clusterKeyStoreType" );
+ isEqual( config.getClusterSSLKeyStorePassword(), "clusterKeyStorePassword" );
+ isEqual( config.getClusterSSLTrustStore(), "clusterTrustStore" );
+ isEqual( config.getClusterSSLTrustStorePassword(), "clusterTrustStorePassword" );
+ Properties expectedSSLProps = new Properties();
+ expectedSSLProps.setProperty("javax.net.ssl.keyStore", "clusterKeyStore");
+ expectedSSLProps.setProperty("javax.net.ssl.keyStoreType", "clusterKeyStoreType");
+ expectedSSLProps.setProperty("javax.net.ssl.keyStorePassword", "clusterKeyStorePassword");
+ expectedSSLProps.setProperty("javax.net.ssl.trustStore", "clusterTrustStore");
+ expectedSSLProps.setProperty("javax.net.ssl.trustStorePassword", "clusterTrustStorePassword");
+ expectedSSLProps.setProperty("javax.net.ssl.FOO", "BAR");
+ isEqual( expectedSSLProps, config.getClusterSSLProperties() );
+ }
+
+ @Test
+ public void testServerSSL( ) throws Exception {
+ Properties props = new Properties();
+ props.setProperty("server-ssl-ciphers", "RSA_WITH_GARBAGE" );
+ props.setProperty("server-ssl-protocols", "SSLv7" );
+ props.setProperty("server-ssl-require-authentication", String.valueOf( false ) );
+ props.setProperty("server-ssl-keystore", "serverKeyStore");
+ props.setProperty("server-ssl-keystore-type", "serverKeyStoreType");
+ props.setProperty("server-ssl-keystore-password", "serverKeyStorePassword");
+ props.setProperty("server-ssl-truststore", "serverTrustStore");
+ props.setProperty("server-ssl-truststore-password", "serverTrustStorePassword");
+ props.setProperty("javax.net.ssl.FOO", "BAR");
+ props.setProperty("server-ssl-enabled", String.valueOf( true ) );
+ props.setProperty("mcast-port", "0" );
+ DistributionConfigImpl config = new DistributionConfigImpl( props );
+ isEqual( config.getServerSSLEnabled(), true );
+ isEqual( config.getServerSSLCiphers(), "RSA_WITH_GARBAGE" );
+ isEqual( config.getServerSSLProtocols(), "SSLv7" );
+ isEqual( config.getServerSSLRequireAuthentication(), false );
+ isEqual( config.getServerSSLKeyStore(), "serverKeyStore" );
+ isEqual( config.getServerSSLKeyStoreType(), "serverKeyStoreType" );
+ isEqual( config.getServerSSLKeyStorePassword(), "serverKeyStorePassword" );
+ isEqual( config.getServerSSLTrustStore(), "serverTrustStore" );
+ isEqual( config.getServerSSLTrustStorePassword(), "serverTrustStorePassword" );
+ Properties expectedSSLProps = new Properties();
+ expectedSSLProps.setProperty("javax.net.ssl.keyStore", "serverKeyStore");
+ expectedSSLProps.setProperty("javax.net.ssl.keyStoreType", "serverKeyStoreType");
+ expectedSSLProps.setProperty("javax.net.ssl.keyStorePassword", "serverKeyStorePassword");
+ expectedSSLProps.setProperty("javax.net.ssl.trustStore", "serverTrustStore");
+ expectedSSLProps.setProperty("javax.net.ssl.trustStorePassword", "serverTrustStorePassword");
+ expectedSSLProps.setProperty("javax.net.ssl.FOO", "BAR");
+ isEqual( expectedSSLProps, config.getServerSSLProperties() );
+ }
+
+ @Test
+ public void testGatewaySSL( ) throws Exception {
+ Properties props = new Properties();
+ props.setProperty("gateway-ssl-ciphers", "RSA_WITH_GARBAGE" );
+ props.setProperty("gateway-ssl-protocols", "SSLv7" );
+ props.setProperty("gateway-ssl-require-authentication", String.valueOf( false ) );
+ props.setProperty("gateway-ssl-keystore", "gatewayKeyStore");
+ props.setProperty("gateway-ssl-keystore-type", "gatewayKeyStoreType");
+ props.setProperty("gateway-ssl-keystore-password", "gatewayKeyStorePassword");
+ props.setProperty("gateway-ssl-truststore", "gatewayTrustStore");
+ props.setProperty("gateway-ssl-truststore-password", "gatewayTrustStorePassword");
+ props.setProperty("javax.net.ssl.FOO", "BAR");
+ props.setProperty("gateway-ssl-enabled", String.valueOf( true ) );
+ props.setProperty("mcast-port", "0" );
+ DistributionConfigImpl config = new DistributionConfigImpl( props );
+ isEqual( config.getGatewaySSLEnabled(), true );
+ isEqual( config.getGatewaySSLCiphers(), "RSA_WITH_GARBAGE" );
+ isEqual( config.getGatewaySSLProtocols(), "SSLv7" );
+ isEqual( config.getGatewaySSLRequireAuthentication(), false );
+ isEqual( config.getGatewaySSLKeyStore(), "gatewayKeyStore" );
+ isEqual( config.getGatewaySSLKeyStoreType(), "gatewayKeyStoreType" );
+ isEqual( config.getGatewaySSLKeyStorePassword(), "gatewayKeyStorePassword" );
+ isEqual( config.getGatewaySSLTrustStore(), "gatewayTrustStore" );
+ isEqual( config.getGatewaySSLTrustStorePassword(), "gatewayTrustStorePassword" );
+ Properties expectedSSLProps = new Properties();
+ expectedSSLProps.setProperty("javax.net.ssl.keyStore", "gatewayKeyStore");
+ expectedSSLProps.setProperty("javax.net.ssl.keyStoreType", "gatewayKeyStoreType");
+ expectedSSLProps.setProperty("javax.net.ssl.keyStorePassword", "gatewayKeyStorePassword");
+ expectedSSLProps.setProperty("javax.net.ssl.trustStore", "gatewayTrustStore");
+ expectedSSLProps.setProperty("javax.net.ssl.trustStorePassword", "gatewayTrustStorePassword");
+ expectedSSLProps.setProperty("javax.net.ssl.FOO", "BAR");
+ isEqual( expectedSSLProps, config.getGatewaySSLProperties() );
+ }
+
+ @Test
+ public void testJmxManagerSSL( ) throws Exception {
+ Properties props = new Properties();
+ props.setProperty("jmx-manager-ssl-ciphers", "RSA_WITH_GARBAGE" );
+ props.setProperty("jmx-manager-ssl-protocols", "SSLv7" );
+ props.setProperty("jmx-manager-ssl-require-authentication", String.valueOf( false ) );
+ props.setProperty("jmx-manager-ssl-keystore", "jmx-managerKeyStore");
+ props.setProperty("jmx-manager-ssl-keystore-type", "jmx-managerKeyStoreType");
+ props.setProperty("jmx-manager-ssl-keystore-password", "jmx-managerKeyStorePassword");
+ props.setProperty("jmx-manager-ssl-truststore", "jmx-managerTrustStore");
+ props.setProperty("jmx-manager-ssl-truststore-password", "jmx-managerTrustStorePassword");
+ props.setProperty("javax.net.ssl.FOO", "BAR");
+ props.setProperty("jmx-manager-ssl-enabled", String.valueOf( true ) );
+ props.setProperty("mcast-port", "0" );
+ DistributionConfigImpl config = new DistributionConfigImpl( props );
+ isEqual( config.getJmxManagerSSLEnabled(), true );
+ isEqual( config.getJmxManagerSSLCiphers(), "RSA_WITH_GARBAGE" );
+ isEqual( config.getJmxManagerSSLProtocols(), "SSLv7" );
+ isEqual( config.getJmxManagerSSLRequireAuthentication(), false );
+ isEqual( config.getJmxManagerSSLKeyStore(), "jmx-managerKeyStore" );
+ isEqual( config.getJmxManagerSSLKeyStoreType(), "jmx-managerKeyStoreType" );
+ isEqual( config.getJmxManagerSSLKeyStorePassword(), "jmx-managerKeyStorePassword" );
+ isEqual( config.getJmxManagerSSLTrustStore(), "jmx-managerTrustStore" );
+ isEqual( config.getJmxManagerSSLTrustStorePassword(), "jmx-managerTrustStorePassword" );
+ Properties expectedSSLProps = new Properties();
+ expectedSSLProps.setProperty("javax.net.ssl.keyStore", "jmx-managerKeyStore");
+ expectedSSLProps.setProperty("javax.net.ssl.keyStoreType", "jmx-managerKeyStoreType");
+ expectedSSLProps.setProperty("javax.net.ssl.keyStorePassword", "jmx-managerKeyStorePassword");
+ expectedSSLProps.setProperty("javax.net.ssl.trustStore", "jmx-managerTrustStore");
+ expectedSSLProps.setProperty("javax.net.ssl.trustStorePassword", "jmx-managerTrustStorePassword");
+ expectedSSLProps.setProperty("javax.net.ssl.FOO", "BAR");
+ isEqual( expectedSSLProps, config.getJmxSSLProperties() );
+ }
+
+ @Test
+ public void testHttpServiceSSL( ) throws Exception {
+ Properties props = new Properties();
+ props.setProperty("http-service-ssl-ciphers", "RSA_WITH_GARBAGE" );
+ props.setProperty("http-service-ssl-protocols", "SSLv7" );
+ props.setProperty("http-service-ssl-require-authentication", String.valueOf( false ) );
+ props.setProperty("http-service-ssl-keystore", "http-serviceKeyStore");
+ props.setProperty("http-service-ssl-keystore-type", "http-serviceKeyStoreType");
+ props.setProperty("http-service-ssl-keystore-password", "http-serviceKeyStorePassword");
+ props.setProperty("http-service-ssl-truststore", "http-serviceTrustStore");
+ props.setProperty("http-service-ssl-truststore-password", "http-serviceTrustStorePassword");
+ props.setProperty("javax.net.ssl.FOO", "BAR");
+ props.setProperty("http-service-ssl-enabled", String.valueOf( true ) );
+ props.setProperty("mcast-port", "0" );
+ DistributionConfigImpl config = new DistributionConfigImpl( props );
+ isEqual( config.getHttpServiceSSLEnabled(), true );
+ isEqual( config.getHttpServiceSSLCiphers(), "RSA_WITH_GARBAGE" );
+ isEqual( config.getHttpServiceSSLProtocols(), "SSLv7" );
+ isEqual( config.getHttpServiceSSLRequireAuthentication(), false );
+ isEqual( config.getHttpServiceSSLKeyStore(), "http-serviceKeyStore" );
+ isEqual( config.getHttpServiceSSLKeyStoreType(), "http-serviceKeyStoreType" );
+ isEqual( config.getHttpServiceSSLKeyStorePassword(), "http-serviceKeyStorePassword" );
+ isEqual( config.getHttpServiceSSLTrustStore(), "http-serviceTrustStore" );
+ isEqual( config.getHttpServiceSSLTrustStorePassword(), "http-serviceTrustStorePassword" );
+ Properties expectedSSLProps = new Properties();
+ expectedSSLProps.setProperty("javax.net.ssl.keyStore", "http-serviceKeyStore");
+ expectedSSLProps.setProperty("javax.net.ssl.keyStoreType", "http-serviceKeyStoreType");
+ expectedSSLProps.setProperty("javax.net.ssl.keyStorePassword", "http-serviceKeyStorePassword");
+ expectedSSLProps.setProperty("javax.net.ssl.trustStore", "http-serviceTrustStore");
+ expectedSSLProps.setProperty("javax.net.ssl.trustStorePassword", "http-serviceTrustStorePassword");
+ expectedSSLProps.setProperty("javax.net.ssl.FOO", "BAR");
+ isEqual( expectedSSLProps, config.getHttpServiceSSLProperties() );
+ }
+
+ /**
+ * Test that a javax.net.ssl.* property has lower precedence than the corresponding cluster-ssl-* property
+ */
+ @Test
+ public void testJavaxDoesNotOverrideCluster() {
+ Properties props = new Properties();
+ props.setProperty("cluster-ssl-keystore", "clusterKeyStore");
+ props.setProperty("cluster-ssl-keystore-type", "clusterKeyStoreType");
+ props.setProperty("cluster-ssl-keystore-password", "clusterKeyStorePassword");
+ props.setProperty("cluster-ssl-truststore", "clusterTrustStore");
+ props.setProperty("cluster-ssl-truststore-password", "clusterTrustStorePassword");
+ props.setProperty("javax.net.ssl.keyStore", "BOGUS");
+ props.setProperty("javax.net.ssl.keyStoreType", "BOGUS");
+ props.setProperty("javax.net.ssl.keyStorePassword", "BOGUS");
+ props.setProperty("javax.net.ssl.trustStore", "BOGUS");
+ props.setProperty("javax.net.ssl.trustStorePassword", "BOGUS");
+ props.setProperty("cluster-ssl-enabled", String.valueOf( true ) );
+ props.setProperty("mcast-port", "0" );
+ DistributionConfigImpl config = new DistributionConfigImpl( props );
+ isEqual( config.getClusterSSLEnabled(), true );
+ isEqual( config.getClusterSSLKeyStore(), "clusterKeyStore" );
+ isEqual( config.getClusterSSLKeyStoreType(), "clusterKeyStoreType" );
+ isEqual( config.getClusterSSLKeyStorePassword(), "clusterKeyStorePassword" );
+ isEqual( config.getClusterSSLTrustStore(), "clusterTrustStore" );
+ isEqual( config.getClusterSSLTrustStorePassword(), "clusterTrustStorePassword" );
+ Properties expectedSSLProps = new Properties();
+ expectedSSLProps.setProperty("javax.net.ssl.keyStore", "clusterKeyStore");
+ expectedSSLProps.setProperty("javax.net.ssl.keyStoreType", "clusterKeyStoreType");
+ expectedSSLProps.setProperty("javax.net.ssl.keyStorePassword", "clusterKeyStorePassword");
+ expectedSSLProps.setProperty("javax.net.ssl.trustStore", "clusterTrustStore");
+ expectedSSLProps.setProperty("javax.net.ssl.trustStorePassword", "clusterTrustStorePassword");
+ isEqual( expectedSSLProps, config.getClusterSSLProperties() );
+ }
+
+ /**
+ * Test that a javax.net.ssl.* property has lower precedence than the corresponding server-ssl-* property
+ */
+ @Test
+ public void testJavaxDoesNotOverrideServer() {
+ Properties props = new Properties();
+ props.setProperty("server-ssl-keystore", "serverKeyStore");
+ props.setProperty("server-ssl-keystore-type", "serverKeyStoreType");
+ props.setProperty("server-ssl-keystore-password", "serverKeyStorePassword");
+ props.setProperty("server-ssl-truststore", "serverTrustStore");
+ props.setProperty("server-ssl-truststore-password", "serverTrustStorePassword");
+ props.setProperty("javax.net.ssl.keyStore", "BOGUS");
+ props.setProperty("javax.net.ssl.keyStoreType", "BOGUS");
+ props.setProperty("javax.net.ssl.keyStorePassword", "BOGUS");
+ props.setProperty("javax.net.ssl.trustStore", "BOGUS");
+ props.setProperty("javax.net.ssl.trustStorePassword", "BOGUS");
+ props.setProperty("server-ssl-enabled", String.valueOf( true ) );
+ props.setProperty("mcast-port", "0" );
+ DistributionConfigImpl config = new DistributionConfigImpl( props );
+ isEqual( config.getServerSSLEnabled(), true );
+ isEqual( config.getServerSSLKeyStore(), "serverKeyStore" );
+ isEqual( config.getServerSSLKeyStoreType(), "serverKeyStoreType" );
+ isEqual( config.getServerSSLKeyStorePassword(), "serverKeyStorePassword" );
+ isEqual( config.getServerSSLTrustStore(), "serverTrustStore" );
+ isEqual( config.getServerSSLTrustStorePassword(), "serverTrustStorePassword" );
+ Properties expectedSSLProps = new Properties();
+ expectedSSLProps.setProperty("javax.net.ssl.keyStore", "serverKeyStore");
+ expectedSSLProps.setProperty("javax.net.ssl.keyStoreType", "serverKeyStoreType");
+ expectedSSLProps.setProperty("javax.net.ssl.keyStorePassword", "serverKeyStorePassword");
+ expectedSSLProps.setProperty("javax.net.ssl.trustStore", "serverTrustStore");
+ expectedSSLProps.setProperty("javax.net.ssl.trustStorePassword", "serverTrustStorePassword");
+ isEqual( expectedSSLProps, config.getServerSSLProperties() );
+ }
+
+ /**
+ * Test that a javax.net.ssl.* property has lower precedence than the corresponding gateway-ssl-* property
+ */
+ @Test
+ public void testJavaxDoesNotOverrideGateway() {
+ Properties props = new Properties();
+ props.setProperty("gateway-ssl-keystore", "gatewayKeyStore");
+ props.setProperty("gateway-ssl-keystore-type", "gatewayKeyStoreType");
+ props.setProperty("gateway-ssl-keystore-password", "gatewayKeyStorePassword");
+ props.setProperty("gateway-ssl-truststore", "gatewayTrustStore");
+ props.setProperty("gateway-ssl-truststore-password", "gatewayTrustStorePassword");
+ props.setProperty("javax.net.ssl.keyStore", "BOGUS");
+ props.setProperty("javax.net.ssl.keyStoreType", "BOGUS");
+ props.setProperty("javax.net.ssl.keyStorePassword", "BOGUS");
+ props.setProperty("javax.net.ssl.trustStore", "BOGUS");
+ props.setProperty("javax.net.ssl.trustStorePassword", "BOGUS");
+ props.setProperty("gateway-ssl-enabled", String.valueOf( true ) );
+ props.setProperty("mcast-port", "0" );
+ DistributionConfigImpl config = new DistributionConfigImpl( props );
+ isEqual( config.getGatewaySSLEnabled(), true );
+ isEqual( config.getGatewaySSLKeyStore(), "gatewayKeyStore" );
+ isEqual( config.getGatewaySSLKeyStoreType(), "gatewayKeyStoreType" );
+ isEqual( config.getGatewaySSLKeyStorePassword(), "gatewayKeyStorePassword" );
+ isEqual( config.getGatewaySSLTrustStore(), "gatewayTrustStore" );
+ isEqual( config.getGatewaySSLTrustStorePassword(), "gatewayTrustStorePassword" );
+ Properties expectedSSLProps = new Properties();
+ expectedSSLProps.setProperty("javax.net.ssl.keyStore", "gatewayKeyStore");
+ expectedSSLProps.setProperty("javax.net.ssl.keyStoreType", "gatewayKeyStoreType");
+ expectedSSLProps.setProperty("javax.net.ssl.keyStorePassword", "gatewayKeyStorePassword");
+ expectedSSLProps.setProperty("javax.net.ssl.trustStore", "gatewayTrustStore");
+ expectedSSLProps.setProperty("javax.net.ssl.trustStorePassword", "gatewayTrustStorePassword");
+ isEqual( expectedSSLProps, config.getGatewaySSLProperties() );
+ }
+
+ /**
+ * Test that a javax.net.ssl.* property has lower precedence than the corresponding jmx-manager-ssl-* property
+ */
+ @Test
+ public void testJavaxDoesNotOverrideJmxManager() {
+ Properties props = new Properties();
+ props.setProperty("jmx-manager-ssl-keystore", "jmx-managerKeyStore");
+ props.setProperty("jmx-manager-ssl-keystore-type", "jmx-managerKeyStoreType");
+ props.setProperty("jmx-manager-ssl-keystore-password", "jmx-managerKeyStorePassword");
+ props.setProperty("jmx-manager-ssl-truststore", "jmx-managerTrustStore");
+ props.setProperty("jmx-manager-ssl-truststore-password", "jmx-managerTrustStorePassword");
+ props.setProperty("javax.net.ssl.keyStore", "BOGUS");
+ props.setProperty("javax.net.ssl.keyStoreType", "BOGUS");
+ props.setProperty("javax.net.ssl.keyStorePassword", "BOGUS");
+ props.setProperty("javax.net.ssl.trustStore", "BOGUS");
+ props.setProperty("javax.net.ssl.trustStorePassword", "BOGUS");
+ props.setProperty("jmx-manager-ssl-enabled", String.valueOf( true ) );
+ props.setProperty("mcast-port", "0" );
+ DistributionConfigImpl config = new DistributionConfigImpl( props );
+ isEqual( config.getJmxManagerSSLEnabled(), true );
+ isEqual( config.getJmxManagerSSLKeyStore(), "jmx-managerKeyStore" );
+ isEqual( config.getJmxManagerSSLKeyStoreType(), "jmx-managerKeyStoreType" );
+ isEqual( config.getJmxManagerSSLKeyStorePassword(), "jmx-managerKeyStorePassword" );
+ isEqual( config.getJmxManagerSSLTrustStore(), "jmx-managerTrustStore" );
+ isEqual( config.getJmxManagerSSLTrustStorePassword(), "jmx-managerTrustStorePassword" );
+ Properties expectedSSLProps = new Properties();
+ expectedSSLProps.setProperty("javax.net.ssl.keyStore", "jmx-managerKeyStore");
+ expectedSSLProps.setProperty("javax.net.ssl.keyStoreType", "jmx-managerKeyStoreType");
+ expectedSSLProps.setProperty("javax.net.ssl.keyStorePassword", "jmx-managerKeyStorePassword");
+ expectedSSLProps.setProperty("javax.net.ssl.trustStore", "jmx-managerTrustStore");
+ expectedSSLProps.setProperty("javax.net.ssl.trustStorePassword", "jmx-managerTrustStorePassword");
+ isEqual( expectedSSLProps, config.getJmxSSLProperties() );
+ }
+
+ /**
+ * Test that a javax.net.ssl.* property has lower precedence than the corresponding http-service-ssl-* property
+ */
+ @Test
+ public void testJavaxDoesNotOverrideHttpService() {
+ Properties props = new Properties();
+ props.setProperty("http-service-ssl-keystore", "http-serviceKeyStore");
+ props.setProperty("http-service-ssl-keystore-type", "http-serviceKeyStoreType");
+ props.setProperty("http-service-ssl-keystore-password", "http-serviceKeyStorePassword");
+ props.setProperty("http-service-ssl-truststore", "http-serviceTrustStore");
+ props.setProperty("http-service-ssl-truststore-password", "http-serviceTrustStorePassword");
+ props.setProperty("javax.net.ssl.keyStore", "BOGUS");
+ props.setProperty("javax.net.ssl.keyStoreType", "BOGUS");
+ props.setProperty("javax.net.ssl.keyStorePassword", "BOGUS");
+ props.setProperty("javax.net.ssl.trustStore", "BOGUS");
+ props.setProperty("javax.net.ssl.trustStorePassword", "BOGUS");
+ props.setProperty("http-service-ssl-enabled", String.valueOf( true ) );
+ props.setProperty("mcast-port", "0" );
+ DistributionConfigImpl config = new DistributionConfigImpl( props );
+ isEqual( config.getHttpServiceSSLEnabled(), true );
+ isEqual( config.getHttpServiceSSLKeyStore(), "http-serviceKeyStore" );
+ isEqual( config.getHttpServiceSSLKeyStoreType(), "http-serviceKeyStoreType" );
+ isEqual( config.getHttpServiceSSLKeyStorePassword(), "http-serviceKeyStorePassword" );
+ isEqual( config.getHttpServiceSSLTrustStore(), "http-serviceTrustStore" );
+ isEqual( config.getHttpServiceSSLTrustStorePassword(), "http-serviceTrustStorePassword" );
+ Properties expectedSSLProps = new Properties();
+ expectedSSLProps.setProperty("javax.net.ssl.keyStore", "http-serviceKeyStore");
+ expectedSSLProps.setProperty("javax.net.ssl.keyStoreType", "http-serviceKeyStoreType");
+ expectedSSLProps.setProperty("javax.net.ssl.keyStorePassword", "http-serviceKeyStorePassword");
+ expectedSSLProps.setProperty("javax.net.ssl.trustStore", "http-serviceTrustStore");
+ expectedSSLProps.setProperty("javax.net.ssl.trustStorePassword", "http-serviceTrustStorePassword");
+ isEqual( expectedSSLProps, config.getHttpServiceSSLProperties() );
}
@Test
[09/13] incubator-geode git commit: removed some logging that was not
needed
Posted by ds...@apache.org.
removed some logging that was not needed
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/1012ae42
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/1012ae42
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/1012ae42
Branch: refs/heads/feature/GEODE-417
Commit: 1012ae42a21ef109ec6b1d24cf1ae8ae3610533c
Parents: 9dd48c3
Author: Darrel Schneider <ds...@pivotal.io>
Authored: Fri Oct 9 10:42:14 2015 -0700
Committer: Darrel Schneider <ds...@pivotal.io>
Committed: Fri Oct 16 16:44:56 2015 -0700
----------------------------------------------------------------------
.../java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/1012ae42/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java b/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
index 908b710..2f7b053 100755
--- a/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
+++ b/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
@@ -1493,7 +1493,7 @@ public class SSLConfigJUnitTest {
// Add "-cacheserver" suffix for CacheServer properties.
gfSecurityProps.put(entry.getKey(), entry.getValue());
}
- gfSecurityProps.list(System.out);
+ //gfSecurityProps.list(System.out);
return gfSecurityProps;
}
@@ -1513,7 +1513,7 @@ public class SSLConfigJUnitTest {
for (Entry<Object, Object> entry : entrySet) {
gfSecurityProps.put(entry.getKey(), entry.getValue());
}
- gfSecurityProps.list(System.out);
+ //gfSecurityProps.list(System.out);
return gfSecurityProps;
}