You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ignite.apache.org by nt...@apache.org on 2015/07/20 18:43:05 UTC
incubator-ignite git commit: IGNITE-323 Added SSL to discovery SPI.
Repository: incubator-ignite
Updated Branches:
refs/heads/ignite-323 c84784525 -> 94af74d73
IGNITE-323 Added SSL to discovery SPI.
Project: http://git-wip-us.apache.org/repos/asf/incubator-ignite/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ignite/commit/94af74d7
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ignite/tree/94af74d7
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ignite/diff/94af74d7
Branch: refs/heads/ignite-323
Commit: 94af74d73b90fbf3c0be328d4fe36457b064ddef
Parents: c847845
Author: nikolay_tikhonov <nt...@gridgain.com>
Authored: Mon Jul 20 19:42:59 2015 +0300
Committer: nikolay_tikhonov <nt...@gridgain.com>
Committed: Mon Jul 20 19:42:59 2015 +0300
----------------------------------------------------------------------
.../communication/tcp/TcpCommunicationSpi.java | 2 +-
.../ignite/spi/discovery/tcp/ServerImpl.java | 5 ++-
.../spi/discovery/tcp/TcpDiscoverySpi.java | 34 +++++++++++++++-
.../discovery/AbstractDiscoverySelfTest.java | 13 ++++++
.../tcp/TcpDiscoverySpiSslSelfTest.java | 28 +++++++++++++
.../discovery/tcp/TcpDiscoverySslSelfTest.java | 42 ++++++++++++++++++++
.../IgniteSpiDiscoverySelfTestSuite.java | 4 ++
7 files changed, 125 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/94af74d7/modules/core/src/main/java/org/apache/ignite/spi/communication/tcp/TcpCommunicationSpi.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/spi/communication/tcp/TcpCommunicationSpi.java b/modules/core/src/main/java/org/apache/ignite/spi/communication/tcp/TcpCommunicationSpi.java
index 29aa3e2..3a6b986 100644
--- a/modules/core/src/main/java/org/apache/ignite/spi/communication/tcp/TcpCommunicationSpi.java
+++ b/modules/core/src/main/java/org/apache/ignite/spi/communication/tcp/TcpCommunicationSpi.java
@@ -1571,7 +1571,7 @@ public class TcpCommunicationSpi extends IgniteSpiAdapter
", locHost=" + locHost + ']', e);
}
catch (SSLException e) {
- throw new IgniteCheckedException("Failed to create SSL context. SSL factory: "
+ throw new IgniteSpiException("Failed to create SSL context. SSL factory: "
+ ignite.configuration().getSslContextFactory() + '.', e);
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/94af74d7/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ServerImpl.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ServerImpl.java b/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ServerImpl.java
index 4861953..40e8f92 100644
--- a/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ServerImpl.java
+++ b/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ServerImpl.java
@@ -4008,7 +4008,10 @@ class ServerImpl extends TcpDiscoveryImpl {
for (port = spi.locPort; port < spi.locPort + spi.locPortRange; port++) {
try {
- srvrSock = new ServerSocket(port, 0, spi.locHost);
+ if (spi.isSslEnabled())
+ srvrSock = spi.sslSrvSocketFactory.createServerSocket(port, 0, spi.locHost);
+ else
+ srvrSock = new ServerSocket(port, 0, spi.locHost);
break;
}
http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/94af74d7/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySpi.java
----------------------------------------------------------------------
diff --git a/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySpi.java b/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySpi.java
index 431d198..888e572 100644
--- a/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySpi.java
+++ b/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySpi.java
@@ -40,6 +40,7 @@ import org.apache.ignite.spi.discovery.tcp.ipfinder.vm.*;
import org.apache.ignite.spi.discovery.tcp.messages.*;
import org.jetbrains.annotations.*;
+import javax.net.ssl.*;
import java.io.*;
import java.net.*;
import java.util.*;
@@ -308,6 +309,12 @@ public class TcpDiscoverySpi extends IgniteSpiAdapter implements DiscoverySpi, T
/** Node authenticator. */
protected DiscoverySpiNodeAuthenticator nodeAuth;
+ /** SSL server socket factory. */
+ protected SSLServerSocketFactory sslSrvSocketFactory;
+
+ /** SSL socket factory. */
+ protected SSLSocketFactory sslSocketFactory;
+
/** Context initialization latch. */
@GridToStringExclude
private final CountDownLatch ctxInitLatch = new CountDownLatch(1);
@@ -1135,7 +1142,12 @@ public class TcpDiscoverySpi extends IgniteSpiAdapter implements DiscoverySpi, T
assert addr != null;
- Socket sock = new Socket();
+ Socket sock;
+
+ if (isSslEnabled())
+ sock = sslSocketFactory.createSocket();
+ else
+ sock = new Socket();
sock.bind(new InetSocketAddress(locHost, 0));
@@ -1607,6 +1619,19 @@ public class TcpDiscoverySpi extends IgniteSpiAdapter implements DiscoverySpi, T
assertParameter(threadPri > 0, "threadPri > 0");
assertParameter(statsPrintFreq >= 0, "statsPrintFreq >= 0");
+ if (isSslEnabled()) {
+ try {
+ SSLContext sslCtx = ignite().configuration().getSslContextFactory().createSslContext();
+
+ sslSocketFactory = sslCtx.getSocketFactory();
+ sslSrvSocketFactory = sslCtx.getServerSocketFactory();
+ }
+ catch (SSLException e) {
+ throw new IgniteSpiException("Failed to create SSL context. SSL factory: "
+ + ignite.configuration().getSslContextFactory(), e);
+ }
+ }
+
try {
locHost = U.resolveLocalHost(locAddr);
}
@@ -1671,6 +1696,13 @@ public class TcpDiscoverySpi extends IgniteSpiAdapter implements DiscoverySpi, T
}
/**
+ * @return {@code True} if ssl enabled.
+ */
+ boolean isSslEnabled() {
+ return ignite().configuration().getSslContextFactory() != null;
+ }
+
+ /**
*
*/
void printStartInfo() {
http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/94af74d7/modules/core/src/test/java/org/apache/ignite/spi/discovery/AbstractDiscoverySelfTest.java
----------------------------------------------------------------------
diff --git a/modules/core/src/test/java/org/apache/ignite/spi/discovery/AbstractDiscoverySelfTest.java b/modules/core/src/test/java/org/apache/ignite/spi/discovery/AbstractDiscoverySelfTest.java
index 61bb944..373ca68 100644
--- a/modules/core/src/test/java/org/apache/ignite/spi/discovery/AbstractDiscoverySelfTest.java
+++ b/modules/core/src/test/java/org/apache/ignite/spi/discovery/AbstractDiscoverySelfTest.java
@@ -19,6 +19,7 @@ package org.apache.ignite.spi.discovery;
import mx4j.tools.adaptor.http.*;
import org.apache.ignite.cluster.*;
+import org.apache.ignite.configuration.*;
import org.apache.ignite.internal.util.typedef.internal.*;
import org.apache.ignite.marshaller.*;
import org.apache.ignite.spi.*;
@@ -58,6 +59,9 @@ public abstract class AbstractDiscoverySelfTest<T extends IgniteSpi> extends Gri
private static final String TEST_ATTRIBUTE_NAME = "test.node.prop";
/** */
+ protected boolean useSsl = false;
+
+ /** */
protected AbstractDiscoverySelfTest() {
super(false);
}
@@ -394,6 +398,15 @@ public abstract class AbstractDiscoverySelfTest<T extends IgniteSpi> extends Gri
GridTestUtils.setFieldValue(spi, IgniteSpiAdapter.class, "spiCtx", ctx);
+ if (useSsl) {
+ IgniteMock ignite = GridTestUtils.getFieldValue(spi, IgniteSpiAdapter.class, "ignite");
+
+ IgniteConfiguration cfg = ignite.configuration()
+ .setSslContextFactory(GridTestUtils.sslContextFactory());
+
+ ignite.setStaticCfg(cfg);
+ }
+
spi.spiStart(getTestGridName() + i);
spis.add(spi);
http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/94af74d7/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySpiSslSelfTest.java
----------------------------------------------------------------------
diff --git a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySpiSslSelfTest.java b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySpiSslSelfTest.java
new file mode 100644
index 0000000..3eb8344
--- /dev/null
+++ b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySpiSslSelfTest.java
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ignite.spi.discovery.tcp;
+
+/**
+ * TCP discovery spi test with SSL.
+ */
+public class TcpDiscoverySpiSslSelfTest extends TcpDiscoverySpiSelfTest {
+ /** */
+ public TcpDiscoverySpiSslSelfTest() {
+ useSsl = true;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/94af74d7/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySslSelfTest.java
----------------------------------------------------------------------
diff --git a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySslSelfTest.java b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySslSelfTest.java
new file mode 100644
index 0000000..13f1004
--- /dev/null
+++ b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySslSelfTest.java
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ignite.spi.discovery.tcp;
+
+import org.apache.ignite.configuration.*;
+import org.apache.ignite.testframework.*;
+
+/**
+ * Test for {@link TcpDiscoverySpi} with SSL.
+ */
+public class TcpDiscoverySslSelfTest extends TcpDiscoverySelfTest {
+ /**
+ * @throws Exception If fails.
+ */
+ public TcpDiscoverySslSelfTest() throws Exception {
+ super();
+ }
+
+ /** {@inheritDoc} */
+ @Override protected IgniteConfiguration getConfiguration(String gridName) throws Exception {
+ IgniteConfiguration cfg = super.getConfiguration(gridName);
+
+ cfg.setSslContextFactory(GridTestUtils.sslContextFactory());
+
+ return cfg;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ignite/blob/94af74d7/modules/core/src/test/java/org/apache/ignite/testsuites/IgniteSpiDiscoverySelfTestSuite.java
----------------------------------------------------------------------
diff --git a/modules/core/src/test/java/org/apache/ignite/testsuites/IgniteSpiDiscoverySelfTestSuite.java b/modules/core/src/test/java/org/apache/ignite/testsuites/IgniteSpiDiscoverySelfTestSuite.java
index 6f59f14..5e7e4c6 100644
--- a/modules/core/src/test/java/org/apache/ignite/testsuites/IgniteSpiDiscoverySelfTestSuite.java
+++ b/modules/core/src/test/java/org/apache/ignite/testsuites/IgniteSpiDiscoverySelfTestSuite.java
@@ -60,6 +60,10 @@ public class IgniteSpiDiscoverySelfTestSuite extends TestSuite {
suite.addTest(new TestSuite(TcpDiscoveryRestartTest.class));
suite.addTest(new TestSuite(TcpDiscoveryMultiThreadedTest.class));
+ // SSL.
+ suite.addTest(new TestSuite(TcpDiscoverySslSelfTest.class));
+ suite.addTest(new TestSuite(TcpDiscoverySpiSslSelfTest.class));
+
return suite;
}
}