geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From u..@apache.org
Subject [2/2] incubator-geode git commit: GEODE-420: Added SSLConfigurationFactory to have a single location that determines the SSLConfiguration. Amended all affected classes
Date Thu, 21 Jul 2016 16:16:52 GMT
GEODE-420: Added SSLConfigurationFactory to have a single location that determines the SSLConfiguration. Amended all affected classes


Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/9891f06e
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/9891f06e
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/9891f06e

Branch: refs/heads/feature/GEODE-420
Commit: 9891f06ed5f7222851c3176a160172ac2f8d0feb
Parents: 399a638
Author: Udo Kohlmeyer <ukohlmeyer@pivotal.io>
Authored: Thu Jul 21 09:16:45 2016 -0700
Committer: Udo Kohlmeyer <ukohlmeyer@pivotal.io>
Committed: Thu Jul 21 09:16:45 2016 -0700

----------------------------------------------------------------------
 .../controllers/RestAPIsWithSSLDUnitTest.java   | 314 ++++++++++++++----
 .../internal/InternalDistributedSystem.java     |   1 +
 .../gemfire/internal/admin/SSLConfig.java       | 217 ++++++++-----
 .../internal/net/SSLConfigurationFactory.java   | 279 ++++++++++++++++
 .../internal/net/SSLEnabledComponent.java       |  53 ++++
 .../gemfire/internal/net/SocketCreator.java     | 316 ++++++++-----------
 .../internal/net/SocketCreatorFactory.java      | 112 ++-----
 .../management/internal/JettyHelper.java        | 116 +++----
 .../management/internal/ManagementAgent.java    |   5 +-
 .../gemfire/management/internal/RestAgent.java  |   9 +-
 .../internal/DistributionConfigJUnitTest.java   |   3 +
 .../InternalDistributedSystemJUnitTest.java     |  45 ++-
 .../internal/net/JSSESocketJUnitTest.java       |   9 +-
 .../net/SocketCreatorFactoryJUnitTest.java      |   1 +
 .../internal/JettyHelperJUnitTest.java          |   8 +-
 ...eateAlterDestroyRegionCommandsDUnitTest.java |  14 +-
 .../internal/JUnit4DistributedTestCase.java     |   2 +
 .../tools/pulse/testbed/driver/PulseUITest.java |   4 +-
 .../tools/pulse/tests/PulseAbstractTest.java    |   4 +-
 19 files changed, 998 insertions(+), 514 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9891f06e/geode-assembly/src/test/java/com/gemstone/gemfire/rest/internal/web/controllers/RestAPIsWithSSLDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-assembly/src/test/java/com/gemstone/gemfire/rest/internal/web/controllers/RestAPIsWithSSLDUnitTest.java b/geode-assembly/src/test/java/com/gemstone/gemfire/rest/internal/web/controllers/RestAPIsWithSSLDUnitTest.java
index f01ab4b..f641c09 100644
--- a/geode-assembly/src/test/java/com/gemstone/gemfire/rest/internal/web/controllers/RestAPIsWithSSLDUnitTest.java
+++ b/geode-assembly/src/test/java/com/gemstone/gemfire/rest/internal/web/controllers/RestAPIsWithSSLDUnitTest.java
@@ -16,20 +16,50 @@
  */
 package com.gemstone.gemfire.rest.internal.web.controllers;
 
-import org.junit.experimental.categories.Category;
-import org.junit.Test;
-
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
 import static org.junit.Assert.*;
 
-import com.gemstone.gemfire.test.junit.categories.DistributedTest;
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.net.BindException;
+import java.security.KeyStore;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+import javax.net.ssl.SSLContext;
 
-import com.gemstone.gemfire.cache.*;
+import org.apache.http.HttpEntity;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.conn.ssl.SSLContexts;
+import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
+import org.json.JSONObject;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import com.gemstone.gemfire.cache.AttributesFactory;
+import com.gemstone.gemfire.cache.Cache;
+import com.gemstone.gemfire.cache.CacheFactory;
+import com.gemstone.gemfire.cache.DataPolicy;
+import com.gemstone.gemfire.cache.Region;
+import com.gemstone.gemfire.cache.RegionAttributes;
+import com.gemstone.gemfire.cache.RegionFactory;
+import com.gemstone.gemfire.cache.RegionShortcut;
 import com.gemstone.gemfire.cache.client.ClientCache;
 import com.gemstone.gemfire.cache.client.ClientCacheFactory;
 import com.gemstone.gemfire.cache.client.ClientRegionShortcut;
 import com.gemstone.gemfire.cache.client.internal.LocatorTestBase;
 import com.gemstone.gemfire.cache.server.CacheServer;
 import com.gemstone.gemfire.distributed.DistributedSystem;
+import com.gemstone.gemfire.distributed.SSLEnabledComponents;
 import com.gemstone.gemfire.distributed.internal.InternalDistributedSystem;
 import com.gemstone.gemfire.internal.AvailablePort;
 import com.gemstone.gemfire.internal.AvailablePortHelper;
@@ -39,30 +69,10 @@ import com.gemstone.gemfire.test.dunit.Host;
 import com.gemstone.gemfire.test.dunit.IgnoredException;
 import com.gemstone.gemfire.test.dunit.NetworkUtils;
 import com.gemstone.gemfire.test.dunit.VM;
+import com.gemstone.gemfire.test.junit.categories.DistributedTest;
 import com.gemstone.gemfire.util.test.TestUtil;
-import org.apache.http.HttpEntity;
-import org.apache.http.client.methods.CloseableHttpResponse;
-import org.apache.http.client.methods.HttpGet;
-import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
-import org.apache.http.conn.ssl.SSLContexts;
-import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
-import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.impl.client.HttpClients;
-import org.json.JSONObject;
-
-import javax.net.ssl.SSLContext;
-import java.io.*;
-import java.net.BindException;
-import java.security.KeyStore;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Properties;
-
-import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
 
 /**
- * 
  * @since GemFire 8.0
  */
 @Category(DistributedTest.class)
@@ -98,8 +108,12 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
   }
 
   @SuppressWarnings("deprecation")
-  protected int startBridgeServer(String hostName, int restServicePort, final String locators, final String[] regions,
-      final Properties sslProperties, boolean clusterLevel) {
+  protected int startBridgeServer(String hostName,
+                                  int restServicePort,
+                                  final String locators,
+                                  final String[] regions,
+                                  final Properties sslProperties,
+                                  boolean clusterLevel) {
 
     Properties props = new Properties();
     props.setProperty(MCAST_PORT, "0");
@@ -109,7 +123,7 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
     props.setProperty(HTTP_SERVICE_PORT, String.valueOf(restServicePort));
 
     System.setProperty("javax.net.debug", "ssl,handshake");
-    configureSSL(props, sslProperties, clusterLevel);
+    props = configureSSL(props, sslProperties, clusterLevel);
 
     DistributedSystem ds = getSystem(props);
     Cache cache = CacheFactory.create(ds);
@@ -161,8 +175,9 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
 
     region.putAll(userMap);
 
-    if (clientCache != null)
+    if (clientCache != null) {
       clientCache.getLogger().info("Gemfire Cache Client: Puts successfully done");
+    }
 
   }
 
@@ -193,14 +208,13 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
       final String hostName = server.getHost().getHostName();
       final int restServicePort = AvailablePortHelper.getRandomAvailableTCPPort();
       startBridgeServer(hostName, restServicePort, locators, new String[] { REGION_NAME }, sslProperties, clusterLevel);
+      //          String restEndpoint = "https://" + hostName + ":" + restServicePort + "/gemfire-api/v1";
       return "https://" + hostName + ":" + restServicePort + "/gemfire-api/v1";
     });
 
     // create a client cache
     client.invoke("Create ClientCache", () -> {
-      new ClientCacheFactory()
-          .setPdxReadSerialized(true)
-          .addPoolLocator(locatorHostName, locatorPort).create();
+      new ClientCacheFactory().setPdxReadSerialized(true).addPoolLocator(locatorHostName, locatorPort).create();
       return null;
     });
 
@@ -226,14 +240,13 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
 
     // stop the client and make sure the bridge server notifies
     // stopBridgeMemberVM(client);
-    locator.invoke(()-> closeCache());
-    manager.invoke(()-> closeCache());
-    server.invoke(()-> closeCache());
-    client.invoke(()-> closeCache());
+    locator.invoke(() -> closeCache());
+    manager.invoke(() -> closeCache());
+    server.invoke(() -> closeCache());
+    client.invoke(() -> closeCache());
   }
 
-  private void closeCache()
-  {
+  private void closeCache() {
     GemFireCacheImpl cache = GemFireCacheImpl.getInstance();
     if (cache != null && !cache.isClosed()) {
       cache.close();
@@ -248,20 +261,17 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
     }
   }
 
-  private void configureSSL(Properties props, Properties sslProperties, boolean clusterLevel) {
+  private Properties configureSSL(Properties props, Properties sslProperties, boolean clusterLevel) {
 
     if (clusterLevel) {
       sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_ENABLED, CLUSTER_SSL_ENABLED);
       sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_KEYSTORE, CLUSTER_SSL_KEYSTORE);
-      sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_KEYSTORE_PASSWORD,
-          CLUSTER_SSL_KEYSTORE_PASSWORD);
+      sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_KEYSTORE_PASSWORD, CLUSTER_SSL_KEYSTORE_PASSWORD);
       sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_KEYSTORE_TYPE, CLUSTER_SSL_KEYSTORE_TYPE);
       sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_PROTOCOLS, CLUSTER_SSL_PROTOCOLS);
-      sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_REQUIRE_AUTHENTICATION,
-          CLUSTER_SSL_REQUIRE_AUTHENTICATION);
+      sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_REQUIRE_AUTHENTICATION, CLUSTER_SSL_REQUIRE_AUTHENTICATION);
       sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_TRUSTSTORE, CLUSTER_SSL_TRUSTSTORE);
-      sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_TRUSTSTORE_PASSWORD,
-          CLUSTER_SSL_TRUSTSTORE_PASSWORD);
+      sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_TRUSTSTORE_PASSWORD, CLUSTER_SSL_TRUSTSTORE_PASSWORD);
     } else {
       sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_ENABLED, null);
       sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_KEYSTORE, null);
@@ -272,6 +282,20 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
       sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_TRUSTSTORE, null);
       sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_TRUSTSTORE_PASSWORD, null);
     }
+    String sslEnabledComponentsProperty = sslProperties.getProperty(SSL_ENABLED_COMPONENTS);
+    if (sslEnabledComponentsProperty != null && sslEnabledComponentsProperty.length() > 0) {
+      sslPropertyConverter(sslProperties, props, CLUSTER_SSL_ENABLED, null);
+      sslPropertyConverter(sslProperties, props, CLUSTER_SSL_KEYSTORE, null);
+      sslPropertyConverter(sslProperties, props, CLUSTER_SSL_KEYSTORE_PASSWORD, null);
+      sslPropertyConverter(sslProperties, props, CLUSTER_SSL_KEYSTORE_TYPE, null);
+      sslPropertyConverter(sslProperties, props, CLUSTER_SSL_PROTOCOLS, null);
+      sslPropertyConverter(sslProperties, props, CLUSTER_SSL_REQUIRE_AUTHENTICATION, null);
+      sslPropertyConverter(sslProperties, props, CLUSTER_SSL_TRUSTSTORE, null);
+      sslPropertyConverter(sslProperties, props, CLUSTER_SSL_TRUSTSTORE_PASSWORD, null);
+      sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_ALIAS, null);
+      sslPropertyConverter(sslProperties, props, SSL_ENABLED_COMPONENTS, null);
+    }
+    return props;
   }
 
   private int startManager(final String locators, final String[] regions, final Properties sslProperties) throws IOException {
@@ -291,21 +315,18 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
     while (true) {
       try {
         DistributedSystem ds = getSystem(props);
-        System.out.println("Creating cache with http-service-port " + props.getProperty(HTTP_SERVICE_PORT, "7070")
-            + " and jmx-manager-port " + props.getProperty(JMX_MANAGER_PORT, "1099"));
+        System.out.println("Creating cache with http-service-port " + props.getProperty(HTTP_SERVICE_PORT, "7070") + " and jmx-manager-port " + props.getProperty(JMX_MANAGER_PORT, "1099"));
         cache = CacheFactory.create(ds);
         System.out.println("Successfully created cache.");
         break;
       } catch (ManagementException ex) {
-        if ((ex.getCause() instanceof BindException)
-            || (ex.getCause() != null && ex.getCause().getCause() instanceof BindException)) {
+        if ((ex.getCause() instanceof BindException) || (ex.getCause() != null && ex.getCause().getCause() instanceof BindException)) {
           //close cache and disconnect
           GemFireCacheImpl existingInstance = GemFireCacheImpl.getInstance();
           if (existingInstance != null) {
             existingInstance.close();
           }
-          InternalDistributedSystem ids = InternalDistributedSystem
-              .getConnectedInstance();
+          InternalDistributedSystem ids = InternalDistributedSystem.getConnectedInstance();
           if (ids != null) {
             ids.disconnect();
           }
@@ -357,14 +378,13 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
 
     // this is needed
     SSLContext sslcontext = SSLContexts.custom()
-        .loadTrustMaterial(clientKeys, new TrustSelfSignedStrategy())
-        .loadKeyMaterial(clientKeys, "password".toCharArray())
-        .build();
+                                       .loadTrustMaterial(clientKeys, new TrustSelfSignedStrategy())
+                                       .loadKeyMaterial(clientKeys, "password".toCharArray())
+                                       .build();
 
     // Host checking is disabled here , as tests might run on multiple hosts and
     // host entries can not be assumed
-    SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext,
-        SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
+    SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
 
     CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
 
@@ -413,16 +433,176 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
   public void testSimpleSSL() throws Exception {
 
     Properties props = new Properties();
+    props.setProperty(CLUSTER_SSL_ENABLED, "true");
+    props.setProperty(CLUSTER_SSL_KEYSTORE, jks.getCanonicalPath());
+    props.setProperty(CLUSTER_SSL_KEYSTORE_PASSWORD, "password");
+    props.setProperty(CLUSTER_SSL_KEYSTORE_TYPE, "JKS");
+    props.setProperty(SSL_ENABLED_COMPONENTS, SSLEnabledComponents.HTTP_SERVICE);
+    String restEndpoint = startInfraWithSSL(props, false);
+    validateConnection(restEndpoint, "SSL");
+  }
+
+  @Test
+  public void testSSLWithoutKeyStoreType() throws Exception {
+    Properties props = new Properties();
+    props.setProperty(CLUSTER_SSL_ENABLED, "true");
+    props.setProperty(CLUSTER_SSL_KEYSTORE, jks.getCanonicalPath());
+    props.setProperty(CLUSTER_SSL_KEYSTORE_PASSWORD, "password");
+    props.setProperty(SSL_ENABLED_COMPONENTS, SSLEnabledComponents.HTTP_SERVICE);
+
+    String restEndpoint = startInfraWithSSL(props, false);
+    validateConnection(restEndpoint, "SSL");
+  }
+
+  @Test
+  public void testSSLWithSSLProtocol() throws Exception {
+    Properties props = new Properties();
+    props.setProperty(CLUSTER_SSL_ENABLED, "true");
+    props.setProperty(CLUSTER_SSL_KEYSTORE, jks.getCanonicalPath());
+    props.setProperty(CLUSTER_SSL_KEYSTORE_PASSWORD, "password");
+    props.setProperty(CLUSTER_SSL_KEYSTORE_TYPE, "JKS");
+    props.setProperty(CLUSTER_SSL_PROTOCOLS, "SSL");
+    props.setProperty(SSL_ENABLED_COMPONENTS, SSLEnabledComponents.HTTP_SERVICE);
+
+    String restEndpoint = startInfraWithSSL(props, false);
+    validateConnection(restEndpoint, "SSL");
+  }
+
+  @Test
+  public void testSSLWithTLSProtocol() throws Exception {
+    Properties props = new Properties();
+    props.setProperty(CLUSTER_SSL_ENABLED, "true");
+    props.setProperty(CLUSTER_SSL_KEYSTORE, jks.getCanonicalPath());
+    props.setProperty(CLUSTER_SSL_KEYSTORE_PASSWORD, "password");
+    props.setProperty(CLUSTER_SSL_KEYSTORE_TYPE, "JKS");
+    props.setProperty(CLUSTER_SSL_PROTOCOLS, "TLS");
+    props.setProperty(SSL_ENABLED_COMPONENTS, SSLEnabledComponents.HTTP_SERVICE);
+
+    String restEndpoint = startInfraWithSSL(props, false);
+    validateConnection(restEndpoint, "TLS");
+  }
+
+  @Test
+  public void testSSLWithTLSv11Protocol() throws Exception {
+    Properties props = new Properties();
+    props.setProperty(CLUSTER_SSL_ENABLED, "true");
+    props.setProperty(CLUSTER_SSL_KEYSTORE, jks.getCanonicalPath());
+    props.setProperty(CLUSTER_SSL_KEYSTORE_PASSWORD, "password");
+    props.setProperty(CLUSTER_SSL_KEYSTORE_TYPE, "JKS");
+    props.setProperty(CLUSTER_SSL_PROTOCOLS, "TLSv1.1");
+    props.setProperty(SSL_ENABLED_COMPONENTS, SSLEnabledComponents.HTTP_SERVICE);
+
+    String restEndpoint = startInfraWithSSL(props, false);
+    validateConnection(restEndpoint, "TLSv1.1");
+  }
+
+  @Test
+  public void testSSLWithTLSv12Protocol() throws Exception {
+    Properties props = new Properties();
+    props.setProperty(CLUSTER_SSL_ENABLED, "true");
+    props.setProperty(CLUSTER_SSL_KEYSTORE, jks.getCanonicalPath());
+    props.setProperty(CLUSTER_SSL_KEYSTORE_PASSWORD, "password");
+    props.setProperty(CLUSTER_SSL_KEYSTORE_TYPE, "JKS");
+    props.setProperty(CLUSTER_SSL_PROTOCOLS, "TLSv1.2");
+    props.setProperty(SSL_ENABLED_COMPONENTS, SSLEnabledComponents.HTTP_SERVICE);
+
+    String restEndpoint = startInfraWithSSL(props, false);
+    validateConnection(restEndpoint, "TLSv1.2");
+  }
+
+  @Test
+  public void testWithMultipleProtocol() throws Exception {
+    Properties props = new Properties();
+    props.setProperty(CLUSTER_SSL_ENABLED, "true");
+    props.setProperty(CLUSTER_SSL_KEYSTORE, jks.getCanonicalPath());
+    props.setProperty(CLUSTER_SSL_KEYSTORE_PASSWORD, "password");
+    props.setProperty(CLUSTER_SSL_KEYSTORE_TYPE, "JKS");
+    props.setProperty(CLUSTER_SSL_PROTOCOLS, "SSL,TLSv1.2");
+    props.setProperty(SSL_ENABLED_COMPONENTS, SSLEnabledComponents.HTTP_SERVICE);
+
+    String restEndpoint = startInfraWithSSL(props, false);
+    validateConnection(restEndpoint, "TLSv1.2");
+  }
+
+  @Test
+  public void testSSLWithCipherSuite() throws Exception {
+    System.setProperty("javax.net.debug", "ssl");
+    Properties props = new Properties();
+    props.setProperty(CLUSTER_SSL_ENABLED, "true");
+    props.setProperty(CLUSTER_SSL_KEYSTORE, jks.getCanonicalPath());
+    props.setProperty(CLUSTER_SSL_KEYSTORE_PASSWORD, "password");
+    props.setProperty(CLUSTER_SSL_KEYSTORE_TYPE, "JKS");
+    props.setProperty(CLUSTER_SSL_PROTOCOLS, "TLSv1.2");
+    props.setProperty(SSL_ENABLED_COMPONENTS, SSLEnabledComponents.HTTP_SERVICE);
+
+    SSLContext ssl = SSLContext.getInstance("TLSv1.2");
+
+    ssl.init(null, null, new java.security.SecureRandom());
+    String[] cipherSuites = ssl.getSocketFactory().getSupportedCipherSuites();
+
+    props.setProperty(CLUSTER_SSL_CIPHERS, cipherSuites[0]);
+
+    String restEndpoint = startInfraWithSSL(props, false);
+    validateConnection(restEndpoint, "TLSv1.2");
+  }
+
+  @Test
+  public void testSSLWithMultipleCipherSuite() throws Exception {
+    Properties props = new Properties();
+    props.setProperty(CLUSTER_SSL_ENABLED, "true");
+    props.setProperty(CLUSTER_SSL_KEYSTORE, jks.getCanonicalPath());
+    props.setProperty(CLUSTER_SSL_KEYSTORE_PASSWORD, "password");
+    props.setProperty(CLUSTER_SSL_KEYSTORE_TYPE, "JKS");
+    props.setProperty(CLUSTER_SSL_PROTOCOLS, "TLSv1.2");
+    props.setProperty(SSL_ENABLED_COMPONENTS, SSLEnabledComponents.HTTP_SERVICE);
+
+    SSLContext ssl = SSLContext.getInstance("TLSv1.2");
+
+    ssl.init(null, null, new java.security.SecureRandom());
+    String[] cipherSuites = ssl.getSocketFactory().getSupportedCipherSuites();
+
+    props.setProperty(CLUSTER_SSL_CIPHERS, cipherSuites[0] + "," + cipherSuites[1]);
+
+    String restEndpoint = startInfraWithSSL(props, false);
+    validateConnection(restEndpoint, "TLSv1.2");
+  }
+
+  @Test
+  public void testMutualAuthentication() throws Exception {
+    Properties props = new Properties();
+
+    props.setProperty(HTTP_SERVICE_SSL_TRUSTSTORE, jks.getCanonicalPath());
+
+    props.setProperty(HTTP_SERVICE_SSL_TRUSTSTORE_PASSWORD, "password");
+
+    props.setProperty(CLUSTER_SSL_ENABLED, "true");
+    props.setProperty(CLUSTER_SSL_KEYSTORE, jks.getCanonicalPath());
+    props.setProperty(CLUSTER_SSL_KEYSTORE_PASSWORD, "password");
+    props.setProperty(CLUSTER_SSL_TRUSTSTORE, jks.getCanonicalPath());
+    props.setProperty(CLUSTER_SSL_TRUSTSTORE_PASSWORD, "password");
+    props.setProperty(CLUSTER_SSL_KEYSTORE_TYPE, "JKS");
+    props.setProperty(CLUSTER_SSL_PROTOCOLS, "SSL");
+    props.setProperty(CLUSTER_SSL_REQUIRE_AUTHENTICATION, "true");
+    props.setProperty(SSL_ENABLED_COMPONENTS, SSLEnabledComponents.HTTP_SERVICE);
+
+    String restEndpoint = startInfraWithSSL(props, false);
+    validateConnection(restEndpoint, "SSL");
+  }
+
+  @Test
+  public void testSimpleSSLLegacy() throws Exception {
+
+    Properties props = new Properties();
     props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true");
     props.setProperty(HTTP_SERVICE_SSL_KEYSTORE, jks.getCanonicalPath());
     props.setProperty(HTTP_SERVICE_SSL_KEYSTORE_PASSWORD, "password");
     props.setProperty(HTTP_SERVICE_SSL_KEYSTORE_TYPE, "JKS");
-    String restEndpoint = startInfraWithSSL(props,false);
+    String restEndpoint = startInfraWithSSL(props, false);
     validateConnection(restEndpoint, "SSL");
   }
 
   @Test
-  public void testSSLWithoutKeyStoreType() throws Exception {
+  public void testSSLWithoutKeyStoreTypeLegacy() throws Exception {
     Properties props = new Properties();
     props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true");
     props.setProperty(HTTP_SERVICE_SSL_KEYSTORE, jks.getCanonicalPath());
@@ -433,7 +613,7 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
   }
 
   @Test
-  public void testSSLWithSSLProtocol() throws Exception {
+  public void testSSLWithSSLProtocolLegacy() throws Exception {
     Properties props = new Properties();
     props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true");
     props.setProperty(HTTP_SERVICE_SSL_KEYSTORE, jks.getCanonicalPath());
@@ -445,7 +625,7 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
   }
 
   @Test
-  public void testSSLWithTLSProtocol() throws Exception {
+  public void testSSLWithTLSProtocolLegacy() throws Exception {
     Properties props = new Properties();
     props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true");
     props.setProperty(HTTP_SERVICE_SSL_KEYSTORE, jks.getCanonicalPath());
@@ -457,7 +637,7 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
   }
 
   @Test
-  public void testSSLWithTLSv11Protocol() throws Exception {
+  public void testSSLWithTLSv11ProtocolLegacy() throws Exception {
     Properties props = new Properties();
     props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true");
     props.setProperty(HTTP_SERVICE_SSL_KEYSTORE, jks.getCanonicalPath());
@@ -469,7 +649,7 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
   }
 
   @Test
-  public void testSSLWithTLSv12Protocol() throws Exception {
+  public void testSSLWithTLSv12ProtocolLegacy() throws Exception {
     Properties props = new Properties();
     props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true");
     props.setProperty(HTTP_SERVICE_SSL_KEYSTORE, jks.getCanonicalPath());
@@ -481,7 +661,7 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
   }
 
   @Test
-  public void testWithMultipleProtocol() throws Exception {
+  public void testWithMultipleProtocolLegacy() throws Exception {
     Properties props = new Properties();
     props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true");
     props.setProperty(HTTP_SERVICE_SSL_KEYSTORE, jks.getCanonicalPath());
@@ -493,7 +673,7 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
   }
 
   @Test
-  public void testSSLWithCipherSuite() throws Exception {
+  public void testSSLWithCipherSuiteLegacy() throws Exception {
     System.setProperty("javax.net.debug", "ssl");
     Properties props = new Properties();
     props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true");
@@ -513,7 +693,7 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
   }
 
   @Test
-  public void testSSLWithMultipleCipherSuite() throws Exception {
+  public void testSSLWithMultipleCipherSuiteLegacy() throws Exception {
     Properties props = new Properties();
     props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true");
     props.setProperty(HTTP_SERVICE_SSL_KEYSTORE, jks.getCanonicalPath());
@@ -532,7 +712,7 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
   }
 
   @Test
-  public void testMutualAuthentication() throws Exception {
+  public void testMutualAuthenticationLegacy() throws Exception {
     Properties props = new Properties();
     props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true");
     props.setProperty(HTTP_SERVICE_SSL_KEYSTORE, jks.getCanonicalPath());

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9891f06e/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/InternalDistributedSystem.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/InternalDistributedSystem.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/InternalDistributedSystem.java
index 5e2ce3f..699e7f2 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/InternalDistributedSystem.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/InternalDistributedSystem.java
@@ -101,6 +101,7 @@ import com.gemstone.gemfire.internal.logging.log4j.AlertAppender;
 import com.gemstone.gemfire.internal.logging.log4j.LocalizedMessage;
 import com.gemstone.gemfire.internal.logging.log4j.LogWriterAppender;
 import com.gemstone.gemfire.internal.logging.log4j.LogWriterAppenders;
+import com.gemstone.gemfire.internal.net.SSLConfigurationFactory;
 import com.gemstone.gemfire.internal.net.SocketCreatorFactory;
 import com.gemstone.gemfire.internal.offheap.MemoryAllocator;
 import com.gemstone.gemfire.internal.offheap.OffHeapStorage;

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9891f06e/geode-core/src/main/java/com/gemstone/gemfire/internal/admin/SSLConfig.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/admin/SSLConfig.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/admin/SSLConfig.java
index 76ac625..33a6e05 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/admin/SSLConfig.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/admin/SSLConfig.java
@@ -16,115 +16,180 @@
  */
 package com.gemstone.gemfire.internal.admin;
 
-import com.gemstone.gemfire.distributed.internal.DistributionConfig;
-
 import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
 
 import java.util.Iterator;
 import java.util.Properties;
 
+import com.gemstone.gemfire.distributed.internal.DistributionConfig;
+import com.gemstone.gemfire.management.internal.SSLUtil;
+
 /**
  * The SSL configuration settings for a GemFire distributed system.
- *
- *
  */
 public class SSLConfig {
-  
+
   //private static final String PREFIX = "javax.net.ssl.";
 
   private boolean enabled = DistributionConfig.DEFAULT_CLUSTER_SSL_ENABLED;
   private String protocols = DistributionConfig.DEFAULT_CLUSTER_SSL_PROTOCOLS;
   private String ciphers = DistributionConfig.DEFAULT_CLUSTER_SSL_CIPHERS;
   private boolean requireAuth = DistributionConfig.DEFAULT_CLUSTER_SSL_REQUIRE_AUTHENTICATION;
-  
-  /** 
-   * SSL implementation-specific key-value pairs. Each key should be prefixed 
+  private String keystore = DistributionConfig.DEFAULT_CLUSTER_SSL_KEYSTORE;
+  private String keystoreType = DistributionConfig.DEFAULT_CLUSTER_SSL_KEYSTORE_TYPE;
+  private String keystorePassword = DistributionConfig.DEFAULT_CLUSTER_SSL_KEYSTORE_PASSWORD;
+  private String truststore = DistributionConfig.DEFAULT_CLUSTER_SSL_TRUSTSTORE;
+  private String truststorePassword = DistributionConfig.DEFAULT_CLUSTER_SSL_TRUSTSTORE_PASSWORD;
+  private String truststoreType = DistributionConfig.DEFAULT_CLUSTER_SSL_KEYSTORE_TYPE;
+  private String alias = null;
+
+  /**
+   * SSL implementation-specific key-value pairs. Each key should be prefixed
    * with <code>javax.net.ssl.</code>
    */
   private Properties properties = new Properties();
 
   public SSLConfig() {
   }
-  
-  public SSLConfig(boolean enabled) {
+
+  public String getAlias() {
+    return alias;
+  }
+
+  public void setAlias(final String alias) {
+    this.alias = alias;
+  }
+
+  public String getKeystore() {
+    return keystore;
+  }
+
+  public void setKeystore(final String keystore) {
+    this.keystore = keystore;
+  }
+
+  public String getKeystorePassword() {
+    return keystorePassword;
+  }
+
+  public void setKeystorePassword(final String keystorePassword) {
+    this.keystorePassword = keystorePassword;
+  }
+
+  public String getKeystoreType() {
+    return keystoreType;
+  }
+
+  public void setKeystoreType(final String keystoreType) {
+    this.keystoreType = keystoreType;
+  }
+
+  public String getTruststore() {
+    return truststore;
+  }
+
+  public void setTruststore(final String truststore) {
+    this.truststore = truststore;
+  }
+
+  public String getTruststorePassword() {
+    return truststorePassword;
+  }
+
+  public void setTruststorePassword(final String truststorePassword) {
+    this.truststorePassword = truststorePassword;
+  }
+
+  public boolean isEnabled() {
+    return this.enabled;
+  }
+
+  public void setEnabled(boolean enabled) {
     this.enabled = enabled;
   }
-  
-	public boolean isEnabled() {
-		return this.enabled;
-	}
-	public void setEnabled(boolean enabled) {
-		this.enabled = enabled;
-	}
-
-	public String getProtocols() {
-		return this.protocols;
-	}
-	public void setProtocols(String protocols) {
-		this.protocols = protocols;
-	}
-
-	public String getCiphers() {
-		return this.ciphers;
-	}
-	public void setCiphers(String ciphers) {
-		this.ciphers = ciphers;
-	}
-
-	public boolean isRequireAuth() {
-		return this.requireAuth;
-	}
-	public void setRequireAuth(boolean requireAuth) {
-		this.requireAuth = requireAuth;
-	}
-
-	public Properties getProperties() {
-		return this.properties;
-	}
-	public void setProperties(Properties newProps) {
-          this.properties = new Properties();
-          for (Iterator iter = newProps.keySet().iterator(); iter.hasNext();) {
-            String key = (String) iter.next();
-//            String value = newProps.getProperty(key);
-            this.properties.setProperty(key, newProps.getProperty(key));
-          }
-	}
-
-	/**
-	 * Returns a string representation of the object.
-	 * 
-	 * @return a string representation of the object
-	 */
-	@Override
-	public String toString() {
-		final StringBuffer sb = new StringBuffer("[SSLConfig: ");
-		sb.append("enabled=").append(this.enabled);
-		sb.append(", protocols=").append(this.protocols);
-		sb.append(", ciphers=").append(this.ciphers);
-		sb.append(", requireAuth=").append(this.requireAuth);
-		sb.append(", properties=").append(this.properties);
-		sb.append("]");
-		return sb.toString();
-	}
+
+  public String getProtocols() {
+    return this.protocols;
+  }
+
+  public String[] getProtocolsAsStringArray() {
+    return SSLUtil.readArray(this.protocols);
+  }
+
+  public void setProtocols(String protocols) {
+    this.protocols = protocols;
+  }
+
+  public String getCiphers() {
+    return this.ciphers;
+  }
+
+  public String[] getCiphersAsStringArray() {
+    return SSLUtil.readArray(this.ciphers);
+  }
+
+  public void setCiphers(String ciphers) {
+    this.ciphers = ciphers;
+  }
+
+  public boolean isRequireAuth() {
+    return this.requireAuth;
+  }
+
+  public void setRequireAuth(boolean requireAuth) {
+    this.requireAuth = requireAuth;
+  }
+
+  public String getTruststoreType() {
+    return truststoreType;
+  }
+
+  public void setTruststoreType(final String truststoreType) {
+    this.truststoreType = truststoreType;
+  }
+
+  public Properties getProperties() {
+    return this.properties;
+  }
+
+  public void setProperties(Properties newProps) {
+    this.properties = new Properties();
+    for (Iterator iter = newProps.keySet().iterator(); iter.hasNext(); ) {
+      String key = (String) iter.next();
+      //            String value = newProps.getProperty(key);
+      this.properties.setProperty(key, newProps.getProperty(key));
+    }
+  }
+
+  /**
+   * Returns a string representation of the object.
+   * @return a string representation of the object
+   */
+  @Override
+  public String toString() {
+    final StringBuffer sb = new StringBuffer("[SSLConfig: ");
+    sb.append("enabled=").append(this.enabled);
+    sb.append(", protocols=").append(this.protocols);
+    sb.append(", ciphers=").append(this.ciphers);
+    sb.append(", requireAuth=").append(this.requireAuth);
+    sb.append(", properties=").append(this.properties);
+    sb.append("]");
+    return sb.toString();
+  }
 
   /**
    * Populates a <code>Properties</code> object with the SSL-related
    * configuration information used by {@link
    * com.gemstone.gemfire.distributed.DistributedSystem#connect}.
-   *
    * @since GemFire 4.0
    */
   public void toDSProperties(Properties props) {
-    props.setProperty(CLUSTER_SSL_ENABLED,
-                      String.valueOf(this.enabled));
+    props.setProperty(CLUSTER_SSL_ENABLED, String.valueOf(this.enabled));
 
     if (this.enabled) {
-      props.setProperty(CLUSTER_SSL_PROTOCOLS,
-                        this.protocols); 
-      props.setProperty(CLUSTER_SSL_CIPHERS,
-                        this.ciphers);
-      props.setProperty(CLUSTER_SSL_REQUIRE_AUTHENTICATION,
-                        String.valueOf(this.requireAuth));
+      props.setProperty(CLUSTER_SSL_PROTOCOLS, this.protocols);
+      props.setProperty(CLUSTER_SSL_CIPHERS, this.ciphers);
+      props.setProperty(CLUSTER_SSL_REQUIRE_AUTHENTICATION, String.valueOf(this.requireAuth));
     }
   }
 

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9891f06e/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java
new file mode 100644
index 0000000..a876975
--- /dev/null
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java
@@ -0,0 +1,279 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.gemstone.gemfire.internal.net;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+
+import org.apache.commons.lang.ArrayUtils;
+import org.springframework.util.StringUtils;
+
+import com.gemstone.gemfire.distributed.internal.DistributionConfig;
+import com.gemstone.gemfire.distributed.internal.DistributionConfigImpl;
+import com.gemstone.gemfire.internal.admin.SSLConfig;
+
+public class SSLConfigurationFactory {
+
+  private static SSLConfigurationFactory instance = new SSLConfigurationFactory();
+  private DistributionConfig distributionConfig = new DistributionConfigImpl(new Properties());
+  private Map<SSLEnabledComponent, SSLConfig> registeredSSLConfig = new HashMap<>();
+
+  private SSLConfigurationFactory() {
+  }
+
+  private synchronized static SSLConfigurationFactory getInstance() {
+    if (instance == null) {
+      instance = new SSLConfigurationFactory();
+    }
+    return instance;
+  }
+
+  public static void setDistributionConfig(final DistributionConfig distributionConfig) {
+    getInstance().distributionConfig = distributionConfig;
+  }
+
+  public static SSLConfig getSSLConfigForComponent(SSLEnabledComponent sslEnabledComponent) {
+    SSLConfig sslConfig = getInstance().getRegisteredSSLConfigForComponent(sslEnabledComponent);
+    if (sslConfig == null) {
+      sslConfig = getInstance().createSSLConfigForComponent(sslEnabledComponent);
+    }
+    return sslConfig;
+  }
+
+  private SSLConfig createSSLConfigForComponent(final SSLEnabledComponent sslEnabledComponent) {
+    SSLConfig sslConfig = new SSLConfig();
+    configureClusterSSL(sslConfig, sslEnabledComponent);
+    String[] sslEnabledComponents = distributionConfig.getSSLEnabledComponents();
+    switch (sslEnabledComponent) {
+      case ALL: {
+
+      }
+      case CLUSTER: {
+        break;
+      }
+      case SERVER: {
+        if (sslEnabledComponents.length > 0) {
+          sslConfig.setAlias(distributionConfig.getServerSSLAlias());
+        } else {
+          sslConfig = configureLegacyServerSSL(sslConfig);
+        }
+        break;
+      }
+      case GATEWAY: {
+        if (sslEnabledComponents.length > 0) {
+          sslConfig.setAlias(distributionConfig.getGatewaySSLAlias());
+        } else {
+          sslConfig = configureLegacyGatewaySSL(sslConfig);
+        }
+        break;
+      }
+      case HTTP_SERVICE: {
+        if (sslEnabledComponents.length > 0) {
+          sslConfig.setAlias(distributionConfig.getHTTPServiceSSLAlias());
+        } else {
+          sslConfig = configureLegacyHttpServiceSSL(sslConfig);
+        }
+        break;
+      }
+      case JMX: {
+        if (sslEnabledComponents.length > 0) {
+          sslConfig.setAlias(distributionConfig.getJMXManagerSSLAlias());
+        } else {
+          sslConfig = configureLegacyJMXSSL(sslConfig);
+        }
+        break;
+      }
+    }
+    configureSSLPropertiesFromSystemProperties(sslConfig);
+    return sslConfig;
+  }
+
+  private void configureClusterSSL(final SSLConfig sslConfig, final SSLEnabledComponent sslEnabledComponent) {
+    sslConfig.setCiphers(distributionConfig.getClusterSSLCiphers());
+    sslConfig.setEnabled(determineIfSSLEnabledForSSLComponent(sslEnabledComponent));
+    sslConfig.setKeystore(distributionConfig.getClusterSSLKeyStore());
+    sslConfig.setKeystorePassword(distributionConfig.getClusterSSLKeyStorePassword());
+    sslConfig.setKeystoreType(distributionConfig.getClusterSSLKeyStoreType());
+    sslConfig.setTruststore(distributionConfig.getClusterSSLTrustStore());
+    sslConfig.setTruststorePassword(distributionConfig.getClusterSSLTrustStorePassword());
+    sslConfig.setProtocols(distributionConfig.getClusterSSLProtocols());
+    sslConfig.setRequireAuth(distributionConfig.getClusterSSLRequireAuthentication());
+    sslConfig.setAlias(distributionConfig.getClusterSSLAlias());
+  }
+
+  private boolean determineIfSSLEnabledForSSLComponent(final SSLEnabledComponent sslEnabledComponent) {
+    if (ArrayUtils.contains(distributionConfig.getSSLEnabledComponents(), SSLEnabledComponent.ALL.getConstant().toLowerCase())) {
+      return true;
+    }
+    if (distributionConfig.getSSLEnabledComponents().length == 0 && distributionConfig.getClusterSSLEnabled()) {
+      return true;
+    }
+    return ArrayUtils.contains(distributionConfig.getSSLEnabledComponents(), sslEnabledComponent.getConstant().toLowerCase()) ? true : false;
+  }
+
+  /**
+   * Configure a sslConfig for the server using the legacy configuration
+   * @return A sslConfig object describing the ssl config for the server component
+   *
+   * @deprecated as of Geode 1.0
+   */
+  private SSLConfig configureLegacyServerSSL(SSLConfig sslConfig) {
+    sslConfig.setCiphers(distributionConfig.getServerSSLCiphers());
+    sslConfig.setEnabled(distributionConfig.getServerSSLEnabled());
+    sslConfig.setKeystore(distributionConfig.getServerSSLKeyStore());
+    sslConfig.setKeystorePassword(distributionConfig.getServerSSLKeyStorePassword());
+    sslConfig.setKeystoreType(distributionConfig.getServerSSLKeyStoreType());
+    sslConfig.setTruststore(distributionConfig.getServerSSLTrustStore());
+    sslConfig.setTruststorePassword(distributionConfig.getServerSSLTrustStorePassword());
+    sslConfig.setProtocols(distributionConfig.getServerSSLProtocols());
+    sslConfig.setRequireAuth(distributionConfig.getServerSSLRequireAuthentication());
+    return sslConfig;
+  }
+
+  /**
+   * Configure a sslConfig for the jmx using the legacy configuration
+   * @return A sslConfig object describing the ssl config for the jmx component
+   *
+   * @deprecated as of Geode 1.0
+   */
+  private SSLConfig configureLegacyJMXSSL(SSLConfig sslConfig) {
+    sslConfig.setCiphers(distributionConfig.getJmxManagerSSLCiphers());
+    sslConfig.setEnabled(distributionConfig.getJmxManagerSSLEnabled());
+    sslConfig.setKeystore(distributionConfig.getJmxManagerSSLKeyStore());
+    sslConfig.setKeystorePassword(distributionConfig.getJmxManagerSSLKeyStorePassword());
+    sslConfig.setKeystoreType(distributionConfig.getJmxManagerSSLKeyStoreType());
+    sslConfig.setTruststore(distributionConfig.getJmxManagerSSLTrustStore());
+    sslConfig.setTruststorePassword(distributionConfig.getJmxManagerSSLTrustStorePassword());
+    sslConfig.setProtocols(distributionConfig.getJmxManagerSSLProtocols());
+    sslConfig.setRequireAuth(distributionConfig.getJmxManagerSSLRequireAuthentication());
+    return sslConfig;
+  }
+
+  /**
+   * Configure a sslConfig for the gateway using the legacy configuration
+   * @return A sslConfig object describing the ssl config for the gateway component
+   *
+   * @deprecated as of Geode 1.0
+   */
+  private SSLConfig configureLegacyGatewaySSL(SSLConfig sslConfig) {
+    sslConfig.setCiphers(distributionConfig.getGatewaySSLCiphers());
+    sslConfig.setEnabled(distributionConfig.getGatewaySSLEnabled());
+    sslConfig.setKeystore(distributionConfig.getGatewaySSLKeyStore());
+    sslConfig.setKeystorePassword(distributionConfig.getGatewaySSLKeyStorePassword());
+    sslConfig.setKeystoreType(distributionConfig.getGatewaySSLKeyStoreType());
+    sslConfig.setTruststore(distributionConfig.getGatewaySSLTrustStore());
+    sslConfig.setTruststorePassword(distributionConfig.getGatewaySSLTrustStorePassword());
+    sslConfig.setProtocols(distributionConfig.getGatewaySSLProtocols());
+    sslConfig.setRequireAuth(distributionConfig.getGatewaySSLRequireAuthentication());
+    return sslConfig;
+  }
+
+  /**
+   * Configure a sslConfig for the http service using the legacy configuration
+   * @return A sslConfig object describing the ssl config for the http service component
+   *
+   * @deprecated as of Geode 1.0
+   */
+  private SSLConfig configureLegacyHttpServiceSSL(SSLConfig sslConfig) {
+    sslConfig.setCiphers(distributionConfig.getHttpServiceSSLCiphers());
+    sslConfig.setEnabled(distributionConfig.getHttpServiceSSLEnabled());
+    sslConfig.setKeystore(distributionConfig.getHttpServiceSSLKeyStore());
+    sslConfig.setKeystorePassword(distributionConfig.getHttpServiceSSLKeyStorePassword());
+    sslConfig.setKeystoreType(distributionConfig.getHttpServiceSSLKeyStoreType());
+    sslConfig.setTruststore(distributionConfig.getHttpServiceSSLTrustStore());
+    sslConfig.setTruststorePassword(distributionConfig.getHttpServiceSSLTrustStorePassword());
+    sslConfig.setProtocols(distributionConfig.getHttpServiceSSLProtocols());
+    sslConfig.setRequireAuth(distributionConfig.getHttpServiceSSLRequireAuthentication());
+    return sslConfig;
+  }
+
+  private SSLConfig configureSSLPropertiesFromSystemProperties(SSLConfig sslConfig) {
+    return configureSSLPropertiesFromSystemProperties(sslConfig, null);
+  }
+
+  private SSLConfig configureSSLPropertiesFromSystemProperties(SSLConfig sslConfig, Properties properties) {
+    if (StringUtils.isEmpty(sslConfig.getKeystore())) {
+      sslConfig.setKeystore(getValueFromSystemProperties(properties, "javax.net.ssl.keyStore"));
+    }
+    if (StringUtils.isEmpty(sslConfig.getKeystoreType())) {
+      sslConfig.setKeystoreType(getValueFromSystemProperties(properties, "javax.net.ssl.keyStoreType"));
+    }
+    if (StringUtils.isEmpty(sslConfig.getKeystorePassword())) {
+      sslConfig.setKeystorePassword(getValueFromSystemProperties(properties, "javax.net.ssl.keyStorePassword"));
+    }
+    if (StringUtils.isEmpty(sslConfig.getTruststore())) {
+      sslConfig.setTruststore(getValueFromSystemProperties(properties, "javax.net.ssl.trustStore"));
+    }
+    if (StringUtils.isEmpty(sslConfig.getTruststorePassword())) {
+      sslConfig.setTruststorePassword(getValueFromSystemProperties(properties, "javax.net.ssl.trustStorePassword"));
+    }
+    if (StringUtils.isEmpty(sslConfig.getTruststoreType())) {
+      sslConfig.setTruststoreType(getValueFromSystemProperties(properties, "javax.net.ssl.trustStoreType"));
+    }
+    return sslConfig;
+  }
+
+  private String getValueFromSystemProperties(final Properties properties, String property) {
+    String propertyValue = null;
+    if (properties != null) {
+      propertyValue = properties.getProperty(property);
+    }
+    if (property != null) {
+      propertyValue = System.getProperty(property);
+      if (propertyValue != null) {
+        if (propertyValue.trim().equals("")) {
+          propertyValue = System.getenv(property);
+        }
+      }
+    }
+    return propertyValue;
+  }
+
+  private SSLConfig getRegisteredSSLConfigForComponent(final SSLEnabledComponent sslEnabledComponent) {
+    return registeredSSLConfig.get(sslEnabledComponent);
+  }
+
+  public static void close() {
+    getInstance().clearSSLConfigForAllComponents();
+    getInstance().distributionConfig = null;
+    instance = null;
+  }
+
+  private void clearSSLConfigForAllComponents() {
+    registeredSSLConfig.clear();
+  }
+
+  public static SSLConfig getSSLConfigForComponent(final boolean useSSL,
+                                                   final boolean needClientAuth,
+                                                   final String protocols,
+                                                   final String ciphers,
+                                                   final Properties gfsecurityProps,
+                                                   final String alias) {
+    SSLConfig sslConfig = new SSLConfig();
+    sslConfig.setAlias(alias);
+    sslConfig.setCiphers(ciphers);
+    sslConfig.setProtocols(protocols);
+    sslConfig.setRequireAuth(needClientAuth);
+    sslConfig.setEnabled(useSSL);
+
+    sslConfig = getInstance().configureSSLPropertiesFromSystemProperties(sslConfig, gfsecurityProps);
+
+    return sslConfig;
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9891f06e/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLEnabledComponent.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLEnabledComponent.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLEnabledComponent.java
new file mode 100644
index 0000000..b479372
--- /dev/null
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLEnabledComponent.java
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gemstone.gemfire.internal.net;
+
+import org.springframework.util.StringUtils;
+
+import com.gemstone.gemfire.GemFireConfigException;
+import com.gemstone.gemfire.distributed.SSLEnabledComponents;
+
+public enum SSLEnabledComponent {
+  ALL(SSLEnabledComponents.ALL),
+  CLUSTER(SSLEnabledComponents.CLUSTER),
+  SERVER(SSLEnabledComponents.SERVER),
+  JMX(SSLEnabledComponents.JMX),
+  HTTP_SERVICE(SSLEnabledComponents.HTTP_SERVICE),
+  GATEWAY(SSLEnabledComponents.GATEWAY),
+  NONE("NO_COMPONENT");
+
+  private String constant;
+
+  SSLEnabledComponent(final String constant) {
+    this.constant = constant;
+  }
+
+  public static SSLEnabledComponent getEnum(String enumString) {
+    for (SSLEnabledComponent sslEnabledComponent : SSLEnabledComponent.values()) {
+      if (!StringUtils.isEmpty(enumString)) {
+        if (sslEnabledComponent.constant.equals(enumString)) {
+          return sslEnabledComponent;
+        }
+      }
+    }
+    throw new GemFireConfigException("There is no registered component for the name: " + enumString);
+  }
+
+  public String getConstant() {
+    return constant;
+  }
+}

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9891f06e/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SocketCreator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SocketCreator.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SocketCreator.java
index 45aa8a5..d00c9cf 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SocketCreator.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SocketCreator.java
@@ -72,6 +72,7 @@ import javax.net.ssl.TrustManagerFactory;
 import javax.net.ssl.X509ExtendedKeyManager;
 
 import org.apache.logging.log4j.Logger;
+import org.springframework.util.StringUtils;
 
 import com.gemstone.gemfire.GemFireConfigException;
 import com.gemstone.gemfire.SystemConnectException;
@@ -87,6 +88,7 @@ import com.gemstone.gemfire.internal.ClassPathLoader;
 import com.gemstone.gemfire.internal.ConnectionWatcher;
 import com.gemstone.gemfire.internal.GfeConsoleReaderFactory;
 import com.gemstone.gemfire.internal.GfeConsoleReaderFactory.GfeConsoleReader;
+import com.gemstone.gemfire.internal.admin.SSLConfig;
 import com.gemstone.gemfire.internal.cache.wan.TransportFilterServerSocket;
 import com.gemstone.gemfire.internal.cache.wan.TransportFilterSocketFactory;
 import com.gemstone.gemfire.internal.i18n.LocalizedStrings;
@@ -156,25 +158,25 @@ public class SocketCreator {
    */
   private boolean ready = false;
 
-  /**
-   * True if configured to use SSL
-   */
-  private boolean useSSL;
-
-  /**
-   * True if configured to require client authentication
-   */
-  private boolean needClientAuth;
-
-  /**
-   * Space-delimited list of SSL protocols to use, 'any' allows any
-   */
-  private String[] protocols;
-
-  /**
-   * Space-delimited list of SSL ciphers to use, 'any' allows any
-   */
-  private String[] ciphers;
+  //  /**
+  //   * True if configured to use SSL
+  //   */
+  //  private boolean useSSL;
+  //
+  //  /**
+  //   * True if configured to require client authentication
+  //   */
+  //  private boolean needClientAuth;
+  //
+  //  /**
+  //   * Space-delimited list of SSL protocols to use, 'any' allows any
+  //   */
+  //  private String[] protocols;
+  //
+  //  /**
+  //   * Space-delimited list of SSL ciphers to use, 'any' allows any
+  //   */
+  //  private String[] ciphers;
 
   /**
    * Only print this SocketCreator's config once
@@ -186,6 +188,8 @@ public class SocketCreator {
    */
   private SSLContext sslContext;
 
+  private SSLConfig sslConfig;
+
   static {
     InetAddress inetAddress = null;
     try {
@@ -251,7 +255,6 @@ public class SocketCreator {
    */
   public static final boolean ENABLE_TCP_KEEP_ALIVE;
 
-
   static {
     // bug #49484 - customers want tcp/ip keep-alive turned on by default
     // to avoid dropped connections.  It can be turned off by setting this
@@ -271,21 +274,11 @@ public class SocketCreator {
   /**
    * Constructs new SocketCreator instance.
    */
-  SocketCreator() {
-    this(false, false, null, null, null, null);
+  SocketCreator(final SSLConfig sslConfig) {
+    this.sslConfig = sslConfig;
+    initialize();
   }
 
-  /**
-   * Constructs new SocketCreator instance.
-   */
-  SocketCreator(final boolean useSSL,
-                final boolean needClientAuth,
-                final String[] protocols,
-                final String[] ciphers,
-                final Properties props,
-                final String alias) {
-    initialize(useSSL, needClientAuth, protocols, ciphers, props, alias);
-  }
 
   // -------------------------------------------------------------------------
   //   Static instance accessors
@@ -350,35 +343,19 @@ public class SocketCreator {
    * Initialize this SocketCreator.
    * <p>
    * Caller must synchronize on the SocketCreator instance.
-   * @param useSSL true if ssl is to be enabled
-   * @param needClientAuth true if client authentication is required
-   * @param protocols array of ssl protocols to use
-   * @param ciphers array of ssl ciphers to use
-   * @param props vendor properties passed in through gfsecurity.properties
    */
   @SuppressWarnings("hiding")
-  private void initialize(final boolean useSSL,
-                          final boolean needClientAuth,
-                          final String[] protocols,
-                          final String[] ciphers,
-                          final Properties props,
-                          final String alias) {
+  private void initialize() {
     try {
-      this.useSSL = useSSL;
-      this.needClientAuth = needClientAuth;
-
-      this.protocols = protocols;
-      this.ciphers = ciphers;
-
       // set p2p values...
-      if (this.useSSL) {
+      if (this.sslConfig.isEnabled()) {
         System.setProperty("p2p.useSSL", "true");
         System.setProperty("p2p.oldIO", "true");
         System.setProperty("p2p.nodirectBuffers", "true");
 
         try {
           if (sslContext == null) {
-            sslContext = createAndConfigureSSLContext(protocols, props, alias);
+            sslContext = createAndConfigureSSLContext();
             SSLContext.setDefault(sslContext);
           }
         } catch (Exception e) {
@@ -414,20 +391,16 @@ public class SocketCreator {
 
   /**
    * Creates & configures the SSLContext when SSL is enabled.
-   * @param protocolNames valid SSL protocols for this connection
-   * @param props vendor properties passed in through gfsecurity.properties
-   *
    * @return new SSLContext configured using the given protocols & properties
    *
    * @throws GeneralSecurityException if security information can not be found
    * @throws IOException if information can not be loaded
    */
-  private SSLContext createAndConfigureSSLContext(final String[] protocolNames, final Properties props, final String alias)
-    throws GeneralSecurityException, IOException {
+  private SSLContext createAndConfigureSSLContext() throws GeneralSecurityException, IOException {
 
-    SSLContext newSSLContext = getSSLContextInstance(protocolNames);
-    KeyManager[] keyManagers = getKeyManagers(props, alias);
-    TrustManager[] trustManagers = getTrustManagers(props);
+    SSLContext newSSLContext = getSSLContextInstance();
+    KeyManager[] keyManagers = getKeyManagers();
+    TrustManager[] trustManagers = getTrustManagers();
 
     newSSLContext.init(keyManagers, trustManagers, null /* use the default secure random*/);
     return newSSLContext;
@@ -481,7 +454,8 @@ public class SocketCreator {
     }
   }
 
-  private SSLContext getSSLContextInstance(String[] protocols) {
+  private SSLContext getSSLContextInstance() {
+    String[] protocols = sslConfig.getProtocolsAsStringArray();
     SSLContext sslContext = null;
     if (protocols != null && protocols.length > 0) {
       for (String protocol : protocols) {
@@ -511,142 +485,119 @@ public class SocketCreator {
     return sslContext;
   }
 
-  private TrustManager[] getTrustManagers(Properties sysProps) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
+  private TrustManager[] getTrustManagers() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
     TrustManager[] trustManagers = null;
-    String trustStoreType = sysProps.getProperty("javax.net.ssl.trustStoreType");
     GfeConsoleReader consoleReader = GfeConsoleReaderFactory.getDefaultConsoleReader();
 
-    if (trustStoreType == null) {
-      trustStoreType = System.getProperty("javax.net.ssl.trustStoreType", KeyStore.getDefaultType());
-    } else if (trustStoreType.trim().equals("")) {
+    String trustStoreType = sslConfig.getTruststoreType();
+    if (StringUtils.isEmpty(trustStoreType)) {
       //read from console, default on empty
       if (consoleReader.isSupported()) {
         trustStoreType = consoleReader.readLine("Please enter the trustStoreType (javax.net.ssl.trustStoreType) : ");
-      }
-      if (isEmpty(trustStoreType)) {
+      } else {
         trustStoreType = KeyStore.getDefaultType();
       }
     }
+
     KeyStore ts = KeyStore.getInstance(trustStoreType);
-    String trustStorePath = System.getProperty("javax.net.ssl.trustStore");
-    if (trustStorePath == null) {
-      trustStorePath = sysProps.getProperty("javax.net.ssl.trustStore");
-    }
-    if (trustStorePath != null) {
-      if (trustStorePath.trim().equals("")) {
-        trustStorePath = System.getenv("javax.net.ssl.trustStore");
-        //read from console
-        if (isEmpty(trustStorePath) && consoleReader.isSupported()) {
-          trustStorePath = consoleReader.readLine("Please enter the trustStore location (javax.net.ssl.trustStore) : ");
-        }
-      }
-      FileInputStream fis = new FileInputStream(trustStorePath);
-      String passwordString = System.getProperty("javax.net.ssl.trustStorePassword");
-      if (passwordString == null) {
-        passwordString = sysProps.getProperty("javax.net.ssl.trustStorePassword");
+    String trustStorePath = sslConfig.getTruststore();
+    if (StringUtils.isEmpty(trustStorePath)) {
+      if (consoleReader.isSupported()) {
+        trustStorePath = consoleReader.readLine("Please enter the trustStore location (javax.net.ssl.trustStore) : ");
       }
-      char[] password = null;
-      if (passwordString != null) {
-        if (passwordString.trim().equals("")) {
-          String encryptedPass = System.getenv("javax.net.ssl.trustStorePassword");
-          if (!isEmpty(encryptedPass)) {
-            String toDecrypt = "encrypted(" + encryptedPass + ")";
-            passwordString = PasswordUtil.decrypt(toDecrypt);
-            password = passwordString.toCharArray();
-          }
-          //read from the console
-          if (isEmpty(passwordString) && consoleReader.isSupported()) {
-            password = consoleReader.readPassword("Please enter password for trustStore (javax.net.ssl.trustStorePassword) : ");
-          }
-        } else {
+    }
+    FileInputStream fis = new FileInputStream(trustStorePath);
+    String passwordString = sslConfig.getTruststorePassword();
+    char[] password = null;
+    if (passwordString != null) {
+      if (passwordString.trim().equals("")) {
+        if (!StringUtils.isEmpty(passwordString)) {
+          String toDecrypt = "encrypted(" + passwordString + ")";
+          passwordString = PasswordUtil.decrypt(toDecrypt);
           password = passwordString.toCharArray();
         }
-      }
-      ts.load(fis, password);
-
-      // default algorithm can be changed by setting property "ssl.TrustManagerFactory.algorithm" in security properties
-      TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
-      tmf.init(ts);
-      trustManagers = tmf.getTrustManagers();
-      // follow the security tip in java doc
-      if (password != null) {
-        java.util.Arrays.fill(password, ' ');
+        //read from the console
+        if (StringUtils.isEmpty(passwordString) && consoleReader.isSupported()) {
+          password = consoleReader.readPassword("Please enter password for trustStore (javax.net.ssl.trustStorePassword) : ");
+        }
+      } else {
+        password = passwordString.toCharArray();
       }
     }
+    ts.load(fis, password);
+
+    // default algorithm can be changed by setting property "ssl.TrustManagerFactory.algorithm" in security properties
+    TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+    tmf.init(ts);
+    trustManagers = tmf.getTrustManagers();
+    // follow the security tip in java doc
+    if (password != null) {
+      java.util.Arrays.fill(password, ' ');
+    }
+
     return trustManagers;
   }
 
-  private KeyManager[] getKeyManagers(final Properties sysProps, final String alias)
-    throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
-    String keyStoreType = sysProps.getProperty("javax.net.ssl.keyStoreType");
+  private KeyManager[] getKeyManagers() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
     GfeConsoleReader consoleReader = GfeConsoleReaderFactory.getDefaultConsoleReader();
 
     KeyManager[] keyManagers = null;
-
-    if (keyStoreType == null) {
-      keyStoreType = System.getProperty("javax.net.ssl.keyStoreType", KeyStore.getDefaultType());
-    } else if (keyStoreType.trim().equals("")) {
+    String keyStoreType = sslConfig.getKeystoreType();
+    if (StringUtils.isEmpty(keyStoreType)) {
       // read from console, default on empty
       if (consoleReader.isSupported()) {
         keyStoreType = consoleReader.readLine("Please enter the keyStoreType (javax.net.ssl.keyStoreType) : ");
-      }
-      if (isEmpty(keyStoreType)) {
+      } else {
         keyStoreType = KeyStore.getDefaultType();
       }
     }
     KeyStore keyStore = KeyStore.getInstance(keyStoreType);
-    String keyStoreFilePath = sysProps.getProperty("javax.net.ssl.keyStore");
-    if (keyStoreFilePath == null) {
-      keyStoreFilePath = System.getProperty("javax.net.ssl.keyStore");
-    }
-    if (keyStoreFilePath != null) {
-      if (keyStoreFilePath.trim().equals("")) {
-        keyStoreFilePath = System.getenv("javax.net.ssl.keyStore");
-        //read from console
-        if (isEmpty(keyStoreFilePath) && consoleReader.isSupported()) {
-          keyStoreFilePath = consoleReader.readLine("Please enter the keyStore location (javax.net.ssl.keyStore) : ");
-        }
-        if (isEmpty(keyStoreFilePath)) {
-          keyStoreFilePath = System.getProperty("user.home") + System.getProperty("file.separator") + ".keystore";
-        }
-      }
-      FileInputStream fileInputStream = new FileInputStream(keyStoreFilePath);
-      String passwordString = sysProps.getProperty("javax.net.ssl.keyStorePassword");
-      if (passwordString == null) {
-        passwordString = System.getProperty("javax.net.ssl.keyStorePassword");
+    String keyStoreFilePath = sslConfig.getKeystore();
+    if (StringUtils.isEmpty(keyStoreFilePath)) {
+      if (consoleReader.isSupported()) {
+        keyStoreFilePath = consoleReader.readLine("Please enter the keyStore location (javax.net.ssl.keyStore) : ");
+      } else {
+        keyStoreFilePath = System.getProperty("user.home") + System.getProperty("file.separator") + ".keystore";
       }
-      char[] password = null;
-      if (passwordString != null) {
-        if (passwordString.trim().equals("")) {
-          String encryptedPass = System.getenv("javax.net.ssl.keyStorePassword");
-          if (!isEmpty(encryptedPass)) {
-            String toDecrypt = "encrypted(" + encryptedPass + ")";
-            passwordString = PasswordUtil.decrypt(toDecrypt);
-            password = passwordString.toCharArray();
-          }
-          //read from the console
-          if (isEmpty(passwordString) && consoleReader != null) {
-            password = consoleReader.readPassword("Please enter password for keyStore (javax.net.ssl.keyStorePassword) : ");
-          }
-        } else {
+    }
+
+    FileInputStream fileInputStream = new FileInputStream(keyStoreFilePath);
+    String passwordString = sslConfig.getKeystorePassword();
+    char[] password = null;
+    if (passwordString != null) {
+      if (passwordString.trim().equals("")) {
+        String encryptedPass = System.getenv("javax.net.ssl.keyStorePassword");
+        if (!StringUtils.isEmpty(encryptedPass)) {
+          String toDecrypt = "encrypted(" + encryptedPass + ")";
+          passwordString = PasswordUtil.decrypt(toDecrypt);
           password = passwordString.toCharArray();
         }
-      }
-      keyStore.load(fileInputStream, password);
-      // default algorithm can be changed by setting property "ssl.KeyManagerFactory.algorithm" in security properties
-      KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
-      keyManagerFactory.init(keyStore, password);
-      keyManagers = keyManagerFactory.getKeyManagers();
-      // follow the security tip in java doc
-      if (password != null) {
-        java.util.Arrays.fill(password, ' ');
+        //read from the console
+        if (StringUtils.isEmpty(passwordString) && consoleReader != null) {
+          password = consoleReader.readPassword("Please enter password for keyStore (javax.net.ssl.keyStorePassword) : ");
+        }
+      } else {
+        password = passwordString.toCharArray();
       }
     }
+    keyStore.load(fileInputStream, password);
+    // default algorithm can be changed by setting property "ssl.KeyManagerFactory.algorithm" in security properties
+    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+    keyManagerFactory.init(keyStore, password);
+    keyManagers = keyManagerFactory.getKeyManagers();
+    // follow the security tip in java doc
+    if (password != null) {
+      java.util.Arrays.fill(password, ' ');
+    }
+
     KeyManager[] extendedKeyManagers = new KeyManager[keyManagers.length];
 
-    for (int i = 0; i < keyManagers.length; i++) {
-      extendedKeyManagers[i] = new ExtendedAliasKeyManager(keyManagers[i], alias);
+    for (int i = 0; i < keyManagers.length; i++)
+
+    {
+      extendedKeyManagers[i] = new ExtendedAliasKeyManager(keyManagers[i], sslConfig.getAlias());
     }
+
     return extendedKeyManagers;
   }
 
@@ -706,10 +657,6 @@ public class SocketCreator {
 
   }
 
-  private boolean isEmpty(String string) {
-    return (string == null || string.trim().equals(""));
-  }
-
   // -------------------------------------------------------------------------
   //   Public methods
   // -------------------------------------------------------------------------
@@ -718,7 +665,7 @@ public class SocketCreator {
    * Returns true if this SocketCreator is configured to use SSL.
    */
   public boolean useSSL() {
-    return this.useSSL;
+    return this.sslConfig.isEnabled();
   }
 
   /**
@@ -759,11 +706,11 @@ public class SocketCreator {
    * SSL configuration is left up to JSSE properties in java.security file.
    */
   public ServerSocket createServerSocket(int nport, int backlog, InetAddress bindAddr) throws IOException {
-    return createServerSocket(nport, backlog, bindAddr, -1, useSSL);
+    return createServerSocket(nport, backlog, bindAddr, -1, sslConfig.isEnabled());
   }
 
   public ServerSocket createServerSocket(int nport, int backlog, InetAddress bindAddr, int socketBufferSize) throws IOException {
-    return createServerSocket(nport, backlog, bindAddr, socketBufferSize, useSSL);
+    return createServerSocket(nport, backlog, bindAddr, socketBufferSize, sslConfig.isEnabled());
   }
 
   private ServerSocket createServerSocket(int nport, int backlog, InetAddress bindAddr, int socketBufferSize, boolean sslConnection) throws IOException {
@@ -825,7 +772,7 @@ public class SocketCreator {
                                                        boolean useNIO,
                                                        int tcpBufferSize,
                                                        int[] tcpPortRange) throws IOException {
-    return createServerSocketUsingPortRange(ba, backlog, isBindAddress, useNIO, tcpBufferSize, tcpPortRange, this.useSSL);
+    return createServerSocketUsingPortRange(ba, backlog, isBindAddress, useNIO, tcpBufferSize, tcpPortRange, sslConfig.isEnabled());
   }
 
   /**
@@ -944,7 +891,7 @@ public class SocketCreator {
    */
   public Socket connect(InetAddress inetadd, int port, int timeout, ConnectionWatcher optionalWatcher, boolean clientSide, int socketBufferSize)
     throws IOException {
-    return connect(inetadd, port, timeout, optionalWatcher, clientSide, socketBufferSize, this.useSSL);
+    return connect(inetadd, port, timeout, optionalWatcher, clientSide, socketBufferSize, sslConfig.isEnabled());
   }
 
   /**
@@ -1030,7 +977,7 @@ public class SocketCreator {
           logger.debug(LocalizedMessage.create(LocalizedStrings.SocketCreator_SSL_CONNECTION_FROM_PEER_0, ((X509Certificate) peer[0]).getSubjectDN()));
         }
       } catch (SSLPeerUnverifiedException ex) {
-        if (this.needClientAuth) {
+        if (this.sslConfig.isRequireAuth()) {
           logger.fatal(LocalizedMessage.create(LocalizedStrings.SocketCreator_SSL_ERROR_IN_AUTHENTICATING_PEER_0_1, new Object[] {
             socket.getInetAddress(), Integer.valueOf(socket.getPort())
           }), ex);
@@ -1054,18 +1001,20 @@ public class SocketCreator {
    */
   private void finishServerSocket(SSLServerSocket serverSocket) throws IOException {
     serverSocket.setUseClientMode(false);
-    if (this.needClientAuth) {
+    if (this.sslConfig.isRequireAuth()) {
       //serverSocket.setWantClientAuth( true );
       serverSocket.setNeedClientAuth(true);
     }
     serverSocket.setEnableSessionCreation(true);
 
     // restrict cyphers
-    if (!"any".equalsIgnoreCase(this.protocols[0])) {
-      serverSocket.setEnabledProtocols(this.protocols);
+    String[] protocols = this.sslConfig.getProtocolsAsStringArray();
+    if (!"any".equalsIgnoreCase(protocols[0])) {
+      serverSocket.setEnabledProtocols(protocols);
     }
-    if (!"any".equalsIgnoreCase(this.ciphers[0])) {
-      serverSocket.setEnabledCipherSuites(this.ciphers);
+    String[] ciphers = this.sslConfig.getCiphersAsStringArray();
+    if (!"any".equalsIgnoreCase(ciphers[0])) {
+      serverSocket.setEnabledCipherSuites(ciphers);
     }
   }
 
@@ -1080,12 +1029,15 @@ public class SocketCreator {
       sslSocket.setUseClientMode(true);
       sslSocket.setEnableSessionCreation(true);
 
+      String[] protocols = this.sslConfig.getProtocolsAsStringArray();
+
       // restrict cyphers
-      if (this.protocols != null && !"any".equalsIgnoreCase(this.protocols[0])) {
-        sslSocket.setEnabledProtocols(this.protocols);
+      if (protocols != null && !"any".equalsIgnoreCase(protocols[0])) {
+        sslSocket.setEnabledProtocols(protocols);
       }
-      if (this.ciphers != null && !"any".equalsIgnoreCase(this.ciphers[0])) {
-        sslSocket.setEnabledCipherSuites(this.ciphers);
+      String[] ciphers = this.sslConfig.getCiphersAsStringArray();
+      if (ciphers != null && !"any".equalsIgnoreCase(ciphers[0])) {
+        sslSocket.setEnabledCipherSuites(ciphers);
       }
 
       try {
@@ -1096,7 +1048,7 @@ public class SocketCreator {
           logger.debug(LocalizedMessage.create(LocalizedStrings.SocketCreator_SSL_CONNECTION_FROM_PEER_0, ((X509Certificate) peer[0]).getSubjectDN()));
         }
       } catch (SSLPeerUnverifiedException ex) {
-        if (this.needClientAuth) {
+        if (this.sslConfig.isRequireAuth()) {
           logger.fatal(LocalizedMessage.create(LocalizedStrings.SocketCreator_SSL_ERROR_IN_AUTHENTICATING_PEER), ex);
           throw ex;
         }
@@ -1117,7 +1069,7 @@ public class SocketCreator {
       configShown = true;
       StringBuffer sb = new StringBuffer();
       sb.append("SSL Configuration: \n");
-      sb.append("  ssl-enabled = " + this.useSSL).append("\n");
+      sb.append("  ssl-enabled = " + this.sslConfig.isEnabled()).append("\n");
       // add other options here....
       for (String key : System.getProperties().stringPropertyNames()) { // fix for 46822
         if (key.startsWith("javax.net.ssl")) {

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/9891f06e/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SocketCreatorFactory.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SocketCreatorFactory.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SocketCreatorFactory.java
index ae31215..8a30f66 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SocketCreatorFactory.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SocketCreatorFactory.java
@@ -27,12 +27,13 @@ import org.apache.commons.lang.ArrayUtils;
 import com.gemstone.gemfire.distributed.SSLEnabledComponents;
 import com.gemstone.gemfire.distributed.internal.DistributionConfig;
 import com.gemstone.gemfire.distributed.internal.DistributionConfigImpl;
+import com.gemstone.gemfire.internal.admin.SSLConfig;
 
 public class SocketCreatorFactory {
 
   private static SocketCreatorFactory instance = new SocketCreatorFactory();
   private static final String NON_SSL = "Non_SSL";
-  private Map<String, SocketCreator> socketCreators = new HashMap<>();
+  private Map<SSLEnabledComponent, SocketCreator> socketCreators = new HashMap<>();
   private DistributionConfig distributionConfig;
 
   private SocketCreatorFactory() {
@@ -52,6 +53,7 @@ public class SocketCreatorFactory {
     } else {
       this.distributionConfig = distributionConfig;
     }
+    SSLConfigurationFactory.setDistributionConfig(this.distributionConfig);
   }
 
   private static SocketCreatorFactory getInstance() {
@@ -62,120 +64,68 @@ public class SocketCreatorFactory {
   }
 
   public static SocketCreator getClusterSSLSocketCreator() {
-    DistributionConfig distributionConfig = getInstance().distributionConfig;
-    if (distributionConfig.getSSLEnabledComponents().length == 0) {
-      return getInstance().getOrCreateSocketCreatorForSSLEnabledComponent(SSLEnabledComponents.CLUSTER, null);
-    } else {
-      return getInstance().getOrCreateSocketCreatorForSSLEnabledComponent(SSLEnabledComponents.CLUSTER, distributionConfig.getClusterSSLAlias());
-    }
+    SSLConfig sslConfigForComponent = SSLConfigurationFactory.getSSLConfigForComponent(SSLEnabledComponent.CLUSTER);
+    return getInstance().getOrCreateSocketCreatorForSSLEnabledComponent(SSLEnabledComponent.CLUSTER, sslConfigForComponent);
   }
 
   public static SocketCreator getServerSSLSocketCreator() {
-    DistributionConfig distributionConfig = getInstance().distributionConfig;
-    if (distributionConfig.getSSLEnabledComponents().length == 0) {
-      return getInstance().getOrCreateSocketCreatorForSSLEnabledComponent(SSLEnabledComponents.SERVER, null, distributionConfig.getServerSSLEnabled(), distributionConfig
-        .getServerSSLRequireAuthentication(), createStringArrayFromString(distributionConfig.getServerSSLProtocols()), createStringArrayFromString(distributionConfig
-        .getServerSSLCiphers()), distributionConfig.getServerSSLProperties());
-    } else {
-      return getInstance().getOrCreateSocketCreatorForSSLEnabledComponent(SSLEnabledComponents.SERVER, distributionConfig.getServerSSLAlias());
-    }
+    SSLConfig sslConfigForComponent = SSLConfigurationFactory.getSSLConfigForComponent(SSLEnabledComponent.SERVER);
+    return getInstance().getOrCreateSocketCreatorForSSLEnabledComponent(SSLEnabledComponent.SERVER, sslConfigForComponent);
   }
 
   public static SocketCreator getGatewaySSLSocketCreator() {
-    DistributionConfig distributionConfig = getInstance().distributionConfig;
-    if (distributionConfig.getSSLEnabledComponents().length == 0) {
-      return getInstance().getOrCreateSocketCreatorForSSLEnabledComponent(SSLEnabledComponents.GATEWAY, null, distributionConfig.getGatewaySSLEnabled(), distributionConfig
-        .getGatewaySSLRequireAuthentication(), createStringArrayFromString(distributionConfig.getGatewaySSLProtocols()), createStringArrayFromString(distributionConfig
-        .getGatewaySSLCiphers()), distributionConfig.getGatewaySSLProperties());
-    } else {
-      return getInstance().getOrCreateSocketCreatorForSSLEnabledComponent(SSLEnabledComponents.GATEWAY, distributionConfig.getGatewaySSLAlias());
-    }
+    SSLConfig sslConfigForComponent = SSLConfigurationFactory.getSSLConfigForComponent(SSLEnabledComponent.GATEWAY);
+    return getInstance().getOrCreateSocketCreatorForSSLEnabledComponent(SSLEnabledComponent.GATEWAY, sslConfigForComponent);
   }
 
   public static SocketCreator getJMXManagerSSLSocketCreator() {
-    DistributionConfig distributionConfig = getInstance().distributionConfig;
-    if (distributionConfig.getSSLEnabledComponents().length == 0) {
-      return getInstance().getOrCreateSocketCreatorForSSLEnabledComponent(SSLEnabledComponents.JMX, null, distributionConfig.getJmxManagerSSLEnabled(), distributionConfig
-        .getJmxManagerSSLRequireAuthentication(), createStringArrayFromString(distributionConfig.getJmxManagerSSLProtocols()), createStringArrayFromString(distributionConfig
-        .getJmxManagerSSLCiphers()), distributionConfig.getJmxSSLProperties());
-    } else {
-      return getInstance().getOrCreateSocketCreatorForSSLEnabledComponent(SSLEnabledComponents.JMX, distributionConfig.getJMXManagerSSLAlias());
-    }
+    SSLConfig sslConfigForComponent = SSLConfigurationFactory.getSSLConfigForComponent(SSLEnabledComponent.JMX);
+    return getInstance().getOrCreateSocketCreatorForSSLEnabledComponent(SSLEnabledComponent.JMX, sslConfigForComponent);
   }
 
   public static SocketCreator getHTTPServiceSSLSocketCreator() {
-    DistributionConfig distributionConfig = getInstance().distributionConfig;
-    if (distributionConfig.getSSLEnabledComponents().length == 0) {
-      return getInstance().getOrCreateSocketCreatorForSSLEnabledComponent(SSLEnabledComponents.HTTP_SERVICE, null, distributionConfig.getHttpServiceSSLEnabled(), distributionConfig
-        .getHttpServiceSSLRequireAuthentication(), createStringArrayFromString(distributionConfig.getHttpServiceSSLProtocols()), createStringArrayFromString(distributionConfig
-        .getHttpServiceSSLCiphers()), distributionConfig.getHttpServiceSSLProperties());
-    } else {
-      return getInstance().getOrCreateSocketCreatorForSSLEnabledComponent(SSLEnabledComponents.HTTP_SERVICE, distributionConfig.getHTTPServiceSSLAlias());
-    }
+    SSLConfig sslConfigForComponent = SSLConfigurationFactory.getSSLConfigForComponent(SSLEnabledComponent.HTTP_SERVICE);
+    return getInstance().getOrCreateSocketCreatorForSSLEnabledComponent(SSLEnabledComponent.HTTP_SERVICE, sslConfigForComponent);
   }
 
-  private SocketCreator getSSLSocketCreator(String sslComponent,
-                                            String alias,
-                                            DistributionConfig distributionConfig,
-                                            final boolean useSSL,
-                                            final boolean needClientAuth,
-                                            final String[] protocols,
-                                            final String[] ciphers,
-                                            final Properties props) {
-    if (useSSL) {
+  private SocketCreator getSSLSocketCreator(final SSLEnabledComponent sslComponent, final DistributionConfig distributionConfig, final SSLConfig sslConfig) {
+    if (sslConfig.isEnabled()) {
       if (ArrayUtils.contains(distributionConfig.getSSLEnabledComponents(), SSLEnabledComponents.ALL)) {
-        return createSSLSocketCreator(SSLEnabledComponents.ALL, alias, useSSL, needClientAuth, protocols, ciphers, props);
-      } else if (distributionConfig.getSSLEnabledComponents().length == 0 || ArrayUtils.contains(distributionConfig.getSSLEnabledComponents(), sslComponent)) {
-        return createSSLSocketCreator(sslComponent, alias, useSSL, needClientAuth, protocols, ciphers, props);
+        return createSSLSocketCreator(SSLEnabledComponent.ALL, sslConfig);
+      } else if (ArrayUtils.contains(distributionConfig.getSSLEnabledComponents(), sslComponent.getConstant())) {
+        return createSSLSocketCreator(sslComponent, sslConfig);
       }
     }
-    return createSSLSocketCreator(NON_SSL, null, false, false, null, null, null);
+    return createSSLSocketCreator(SSLEnabledComponent.NONE, sslConfig);
   }
 
 
-  private SocketCreator getOrCreateSocketCreatorForSSLEnabledComponent(String sslEnabledComponent, String alias) {
-    return getOrCreateSocketCreatorForSSLEnabledComponent(sslEnabledComponent, alias, distributionConfig.getClusterSSLEnabled(), distributionConfig.getClusterSSLRequireAuthentication(), createStringArrayFromString(distributionConfig
-      .getClusterSSLProtocols()), createStringArrayFromString(distributionConfig.getClusterSSLCiphers()), distributionConfig.getClusterSSLProperties());
-  }
-
-  private SocketCreator getOrCreateSocketCreatorForSSLEnabledComponent(String sslEnabledComponent,
-                                                                       String alias,
-                                                                       boolean useSSL,
-                                                                       boolean needClientAuth,
-                                                                       String[] protocols,
-                                                                       String[] ciphers,
-                                                                       Properties props) {
+  private SocketCreator getOrCreateSocketCreatorForSSLEnabledComponent(final SSLEnabledComponent sslEnabledComponent, final SSLConfig sslConfig) {
     SocketCreator socketCreator = getSocketCreatorForComponent(sslEnabledComponent);
     if (socketCreator == null) {
-      return getSSLSocketCreator(sslEnabledComponent, alias, distributionConfig, useSSL, needClientAuth, protocols, ciphers, props);
+      return getSSLSocketCreator(sslEnabledComponent, distributionConfig, sslConfig);
     } else {
       return socketCreator;
     }
   }
 
-  private SocketCreator createSSLSocketCreator(final String sslEnableComponent,
-                                               final String alias,
-                                               final boolean useSSL,
-                                               final boolean needClientAuth,
-                                               final String[] protocols,
-                                               final String[] ciphers,
-                                               final Properties props) {
+  private SocketCreator createSSLSocketCreator(final SSLEnabledComponent sslEnableComponent, final SSLConfig sslConfig) {
     SocketCreator socketCreator = null;
-    if (useSSL) {
-      socketCreator = new SocketCreator(useSSL, needClientAuth, protocols, ciphers, props, alias);
+    if (sslConfig.isEnabled()) {
+      socketCreator = new SocketCreator(sslConfig);
       addSocketCreatorForComponent(sslEnableComponent, socketCreator);
     } else {
-      socketCreator = new SocketCreator();
-      addSocketCreatorForComponent(NON_SSL, socketCreator);
+      socketCreator = new SocketCreator(sslConfig);
+      addSocketCreatorForComponent(SSLEnabledComponent.NONE, socketCreator);
     }
     return socketCreator;
   }
 
-  private synchronized void addSocketCreatorForComponent(String sslEnabledComponent, SocketCreator socketCreator) {
+  private synchronized void addSocketCreatorForComponent(SSLEnabledComponent sslEnabledComponent, SocketCreator socketCreator) {
     socketCreators.put(sslEnabledComponent, socketCreator);
   }
 
-  private synchronized SocketCreator getSocketCreatorForComponent(String sslEnabledComponent) {
+  private synchronized SocketCreator getSocketCreatorForComponent(SSLEnabledComponent sslEnabledComponent) {
     return socketCreators.get(sslEnabledComponent);
   }
 
@@ -203,7 +153,7 @@ public class SocketCreatorFactory {
    * @param ciphers
    * @param gfsecurityProps
    *
-   * @return
+   * @return SocketCreator for the defined properties
    *
    * @deprecated as of Geode 1.0
    */
@@ -213,13 +163,15 @@ public class SocketCreatorFactory {
                                                        final String protocols,
                                                        final String ciphers,
                                                        final Properties gfsecurityProps) {
-    return new SocketCreator(useSSL, needClientAuth, createStringArrayFromString(protocols), createStringArrayFromString(ciphers), gfsecurityProps, null);
+    SSLConfig sslConfig = SSLConfigurationFactory.getSSLConfigForComponent(useSSL, needClientAuth, protocols, ciphers, gfsecurityProps, null);
+    return new SocketCreator(sslConfig);
   }
 
   public static void close() {
     getInstance().clearSocketCreators();
     getInstance().distributionConfig = null;
     instance = null;
+    SSLConfigurationFactory.close();
   }
 
   private synchronized void clearSocketCreators() {


Mime
View raw message