You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ds...@apache.org on 2015/10/17 01:52:54 UTC
[08/13] incubator-geode git commit: ssl-* attributes now act as
defaults for cluster-ssl-*
ssl-* attributes now act as defaults for cluster-ssl-*
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/738551a2
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/738551a2
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/738551a2
Branch: refs/heads/feature/GEODE-417
Commit: 738551a2bb0e67d19af8e52a93a2098c94d22947
Parents: 348d0d9
Author: Darrel Schneider <ds...@pivotal.io>
Authored: Thu Oct 8 17:19:24 2015 -0700
Committer: Darrel Schneider <ds...@pivotal.io>
Committed: Fri Oct 16 16:44:55 2015 -0700
----------------------------------------------------------------------
.../internal/DistributionConfigImpl.java | 27 ++++++++++-------
.../gemfire/internal/SSLConfigJUnitTest.java | 31 ++++++++++++++++++++
2 files changed, 48 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/738551a2/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java b/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
index 34b0507..960eff8 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
@@ -705,8 +705,8 @@ public class DistributionConfigImpl
// this is case of locator and DS is started through
// Locator.startLocatorAndDS, In this case I don't need to validate SSL
- // properties. This fix is till the time we support SSL properties. Once SSl
- // properties is depprecated, boolean isConnected will be removed
+ // properties. This fix is till the time we support SSL properties. Once SSL
+ // properties are deprecated, boolean isConnected will be removed
if (!isConnected) {
validateOldSSLVsNewSSLProperties(props);
}
@@ -730,11 +730,18 @@ public class DistributionConfigImpl
}
computeMcastPortDefault();
if (!isConnected) {
+ // Allow attributes to be modified
+ this.modifiable = true;
+ try {
copySSLPropsToClusterSSLProps();
copySSLPropsToServerSSLProps();
copySSLPropsToJMXSSLProps();
copyClusterSSLPropsToGatewaySSLProps();
copySSLPropsToHTTPSSLProps();
+ } finally {
+ // Make attributes read only
+ this.modifiable = false;
+ }
}
}
@@ -805,35 +812,35 @@ public class DistributionConfigImpl
boolean p2pSSLOverRidden = this.sourceMap.get(SSL_ENABLED_NAME)!=null;
if(p2pSSLOverRidden && !clusterSSLOverriden) {
- this.clusterSSLEnabled = this.sslEnabled;
+ this.setClusterSSLEnabled(true);
this.sourceMap.put(CLUSTER_SSL_ENABLED_NAME,this.sourceMap.get(SSL_ENABLED_NAME));
if(this.sourceMap.get(SSL_CIPHERS_NAME)!=null) {
- this.clusterSSLCiphers = this.sslCiphers;
+ setClusterSSLCiphers(this.sslCiphers);
this.sourceMap.put(CLUSTER_SSL_CIPHERS_NAME,this.sourceMap.get(SSL_CIPHERS_NAME));
}
if(this.sourceMap.get(SSL_PROTOCOLS_NAME)!=null) {
- this.clusterSSLProtocols = this.sslProtocols;
+ setClusterSSLProtocols(this.sslProtocols);
this.sourceMap.put(CLUSTER_SSL_PROTOCOLS_NAME,this.sourceMap.get(SSL_PROTOCOLS_NAME));
}
if(this.sourceMap.get(SSL_REQUIRE_AUTHENTICATION_NAME)!=null) {
- this.clusterSSLRequireAuthentication = this.sslRequireAuthentication;
+ setClusterSSLRequireAuthentication(this.sslRequireAuthentication);
this.sourceMap.put(CLUSTER_SSL_REQUIRE_AUTHENTICATION_NAME,this.sourceMap.get(SSL_REQUIRE_AUTHENTICATION_NAME));
}
}
- if (false/*clusterSSLOverriden*/) {
+ if (clusterSSLOverriden) {
if (this.sourceMap.get(CLUSTER_SSL_CIPHERS_NAME)==null && this.sourceMap.get(SSL_CIPHERS_NAME) != null) {
- this.setServerSSLCiphers(this.sslCiphers);
+ setClusterSSLCiphers(this.sslCiphers);
this.sourceMap.put(CLUSTER_SSL_CIPHERS_NAME, this.sourceMap.get(SSL_CIPHERS_NAME));
}
if (this.sourceMap.get(CLUSTER_SSL_PROTOCOLS_NAME)==null && this.sourceMap.get(SSL_PROTOCOLS_NAME) != null) {
- this.setServerSSLProtocols(this.sslProtocols);
+ setClusterSSLProtocols(this.sslProtocols);
this.sourceMap.put(CLUSTER_SSL_PROTOCOLS_NAME, this.sourceMap.get(SSL_PROTOCOLS_NAME));
}
if (this.sourceMap.get(CLUSTER_SSL_REQUIRE_AUTHENTICATION_NAME)==null && this.sourceMap.get(SSL_REQUIRE_AUTHENTICATION_NAME) != null) {
- this.setServerSSLRequireAuthentication(this.sslRequireAuthentication);
+ setClusterSSLRequireAuthentication(this.sslRequireAuthentication);
this.sourceMap.put(CLUSTER_SSL_REQUIRE_AUTHENTICATION_NAME, this.sourceMap.get(SSL_REQUIRE_AUTHENTICATION_NAME));
}
}
http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/738551a2/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java b/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
index 96cb410..656deee 100755
--- a/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
+++ b/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
@@ -150,6 +150,37 @@ public class SSLConfigJUnitTest {
}
@Test
+ /**
+ * Make sure that the old ssl-* properties work correctly
+ * with the new cluster-ssl-* properties.
+ */
+ public void testDeprecatedSSLWithCluster() {
+ Properties props = new Properties();
+ props.setProperty("ssl-ciphers", "RSA_WITH_GARBAGE" );
+ props.setProperty("ssl-protocols", "SSLv7" );
+ props.setProperty("ssl-require-authentication", String.valueOf( false ) );
+ props.setProperty("ssl-enabled", String.valueOf( true ) );
+ props.setProperty("mcast-port", "0" );
+ DistributionConfigImpl config = new DistributionConfigImpl( props );
+ isEqual( config.getClusterSSLEnabled(), true );
+ isEqual( config.getClusterSSLCiphers(), "RSA_WITH_GARBAGE" );
+ isEqual( config.getClusterSSLProtocols(), "SSLv7" );
+ isEqual( config.getClusterSSLRequireAuthentication(), false );
+
+ // now do the same thing but just set cluster-ssl-enabled
+ props.setProperty("ssl-ciphers", "RSA_WITH_GARBAGE" );
+ props.setProperty("ssl-protocols", "SSLv7" );
+ props.setProperty("ssl-require-authentication", String.valueOf( false ) );
+ props.setProperty("cluster-ssl-enabled", String.valueOf( true ) );
+ props.setProperty("mcast-port", "0" );
+ config = new DistributionConfigImpl( props );
+ isEqual( config.getClusterSSLEnabled(), true );
+ isEqual( config.getClusterSSLCiphers(), "RSA_WITH_GARBAGE" );
+ isEqual( config.getClusterSSLProtocols(), "SSLv7" );
+ isEqual( config.getClusterSSLRequireAuthentication(), false );
+ }
+
+ @Test
public void testClusterSSL( ) throws Exception {
Properties props = new Properties();
props.setProperty("cluster-ssl-ciphers", "RSA_WITH_GARBAGE" );