You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ds...@apache.org on 2015/10/17 01:52:54 UTC

[08/13] incubator-geode git commit: ssl-* attributes now act as defaults for cluster-ssl-*

ssl-* attributes now act as defaults for cluster-ssl-*


Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/738551a2
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/738551a2
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/738551a2

Branch: refs/heads/feature/GEODE-417
Commit: 738551a2bb0e67d19af8e52a93a2098c94d22947
Parents: 348d0d9
Author: Darrel Schneider <ds...@pivotal.io>
Authored: Thu Oct 8 17:19:24 2015 -0700
Committer: Darrel Schneider <ds...@pivotal.io>
Committed: Fri Oct 16 16:44:55 2015 -0700

----------------------------------------------------------------------
 .../internal/DistributionConfigImpl.java        | 27 ++++++++++-------
 .../gemfire/internal/SSLConfigJUnitTest.java    | 31 ++++++++++++++++++++
 2 files changed, 48 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/738551a2/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java b/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
index 34b0507..960eff8 100644
--- a/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
+++ b/gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
@@ -705,8 +705,8 @@ public class DistributionConfigImpl
     
     // this is case of locator and DS is started through
     // Locator.startLocatorAndDS, In this case I don't need to validate SSL
-    // properties. This fix is till the time we support SSL properties. Once SSl
-    // properties is depprecated, boolean isConnected will be removed
+    // properties. This fix is till the time we support SSL properties. Once SSL
+    // properties are deprecated, boolean isConnected will be removed
     if (!isConnected) {
       validateOldSSLVsNewSSLProperties(props);
     }
@@ -730,11 +730,18 @@ public class DistributionConfigImpl
     }
     computeMcastPortDefault();
     if (!isConnected) {
+      // Allow attributes to be modified
+      this.modifiable = true;
+      try {
       copySSLPropsToClusterSSLProps();
       copySSLPropsToServerSSLProps();
       copySSLPropsToJMXSSLProps();
       copyClusterSSLPropsToGatewaySSLProps();
       copySSLPropsToHTTPSSLProps();
+      } finally {
+        // Make attributes read only
+        this.modifiable = false;
+      }
     }
   }
   
@@ -805,35 +812,35 @@ public class DistributionConfigImpl
     boolean p2pSSLOverRidden = this.sourceMap.get(SSL_ENABLED_NAME)!=null;
     
     if(p2pSSLOverRidden && !clusterSSLOverriden) {
-      this.clusterSSLEnabled  = this.sslEnabled;
+      this.setClusterSSLEnabled(true);
       this.sourceMap.put(CLUSTER_SSL_ENABLED_NAME,this.sourceMap.get(SSL_ENABLED_NAME));
       
       if(this.sourceMap.get(SSL_CIPHERS_NAME)!=null) {
-        this.clusterSSLCiphers = this.sslCiphers;
+        setClusterSSLCiphers(this.sslCiphers);
         this.sourceMap.put(CLUSTER_SSL_CIPHERS_NAME,this.sourceMap.get(SSL_CIPHERS_NAME));
       }
       
       if(this.sourceMap.get(SSL_PROTOCOLS_NAME)!=null) {
-        this.clusterSSLProtocols = this.sslProtocols;
+        setClusterSSLProtocols(this.sslProtocols);
         this.sourceMap.put(CLUSTER_SSL_PROTOCOLS_NAME,this.sourceMap.get(SSL_PROTOCOLS_NAME));
       }
       
       if(this.sourceMap.get(SSL_REQUIRE_AUTHENTICATION_NAME)!=null) {
-        this.clusterSSLRequireAuthentication = this.sslRequireAuthentication;
+        setClusterSSLRequireAuthentication(this.sslRequireAuthentication);
         this.sourceMap.put(CLUSTER_SSL_REQUIRE_AUTHENTICATION_NAME,this.sourceMap.get(SSL_REQUIRE_AUTHENTICATION_NAME));
       }      
     }  
-    if (false/*clusterSSLOverriden*/) {
+    if (clusterSSLOverriden) {
       if (this.sourceMap.get(CLUSTER_SSL_CIPHERS_NAME)==null && this.sourceMap.get(SSL_CIPHERS_NAME) != null) {
-        this.setServerSSLCiphers(this.sslCiphers);
+        setClusterSSLCiphers(this.sslCiphers);
         this.sourceMap.put(CLUSTER_SSL_CIPHERS_NAME, this.sourceMap.get(SSL_CIPHERS_NAME));
       }
       if (this.sourceMap.get(CLUSTER_SSL_PROTOCOLS_NAME)==null && this.sourceMap.get(SSL_PROTOCOLS_NAME) != null) {
-        this.setServerSSLProtocols(this.sslProtocols);
+        setClusterSSLProtocols(this.sslProtocols);
         this.sourceMap.put(CLUSTER_SSL_PROTOCOLS_NAME, this.sourceMap.get(SSL_PROTOCOLS_NAME));
       }
       if (this.sourceMap.get(CLUSTER_SSL_REQUIRE_AUTHENTICATION_NAME)==null && this.sourceMap.get(SSL_REQUIRE_AUTHENTICATION_NAME) != null) {
-        this.setServerSSLRequireAuthentication(this.sslRequireAuthentication);
+        setClusterSSLRequireAuthentication(this.sslRequireAuthentication);
         this.sourceMap.put(CLUSTER_SSL_REQUIRE_AUTHENTICATION_NAME, this.sourceMap.get(SSL_REQUIRE_AUTHENTICATION_NAME));
       }
     }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/738551a2/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
----------------------------------------------------------------------
diff --git a/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java b/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
index 96cb410..656deee 100755
--- a/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
+++ b/gemfire-core/src/test/java/com/gemstone/gemfire/internal/SSLConfigJUnitTest.java
@@ -150,6 +150,37 @@ public class SSLConfigJUnitTest {
   }
   
   @Test
+  /**
+   * Make sure that the old ssl-* properties work correctly
+   * with the new cluster-ssl-* properties.
+   */
+  public void testDeprecatedSSLWithCluster() {
+    Properties props = new Properties();
+    props.setProperty("ssl-ciphers", "RSA_WITH_GARBAGE" );
+    props.setProperty("ssl-protocols", "SSLv7" );
+    props.setProperty("ssl-require-authentication", String.valueOf( false ) );
+    props.setProperty("ssl-enabled", String.valueOf( true ) );
+    props.setProperty("mcast-port", "0" );
+    DistributionConfigImpl config = new DistributionConfigImpl( props );
+    isEqual( config.getClusterSSLEnabled(), true );
+    isEqual( config.getClusterSSLCiphers(), "RSA_WITH_GARBAGE" );
+    isEqual( config.getClusterSSLProtocols(), "SSLv7" );
+    isEqual( config.getClusterSSLRequireAuthentication(), false );
+    
+    // now do the same thing but just set cluster-ssl-enabled
+    props.setProperty("ssl-ciphers", "RSA_WITH_GARBAGE" );
+    props.setProperty("ssl-protocols", "SSLv7" );
+    props.setProperty("ssl-require-authentication", String.valueOf( false ) );
+    props.setProperty("cluster-ssl-enabled", String.valueOf( true ) );
+    props.setProperty("mcast-port", "0" );
+    config = new DistributionConfigImpl( props );
+    isEqual( config.getClusterSSLEnabled(), true );
+    isEqual( config.getClusterSSLCiphers(), "RSA_WITH_GARBAGE" );
+    isEqual( config.getClusterSSLProtocols(), "SSLv7" );
+    isEqual( config.getClusterSSLRequireAuthentication(), false );
+  }
+  
+  @Test
   public void testClusterSSL( ) throws Exception {
     Properties props = new Properties();
     props.setProperty("cluster-ssl-ciphers", "RSA_WITH_GARBAGE" );