geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From u..@apache.org
Subject [3/3] incubator-geode git commit: GEODE-420: ssl-default-alias property addition and validation rules
Date Mon, 15 Aug 2016 18:25:16 GMT
GEODE-420: ssl-default-alias property addition and validation rules


Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/bc2868af
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/bc2868af
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/bc2868af

Branch: refs/heads/feature/GEODE-420
Commit: bc2868afd78a6d1b0efe65ca9dd7d65d2a04a64c
Parents: 8db6da0
Author: Udo Kohlmeyer <ukohlmeyer@pivotal.io>
Authored: Tue Aug 16 04:25:06 2016 +1000
Committer: Udo Kohlmeyer <ukohlmeyer@pivotal.io>
Committed: Tue Aug 16 04:25:06 2016 +1000

----------------------------------------------------------------------
 .../controllers/RestAPIsWithSSLDUnitTest.java   |   8 +-
 .../distributed/ConfigurationProperties.java    |  59 ++---
 .../internal/AbstractDistributionConfig.java    |  65 ++++--
 .../internal/DistributionConfig.java            |  95 ++++----
 .../internal/DistributionConfigImpl.java        |  25 ++-
 .../gemfire/internal/i18n/LocalizedStrings.java | 224 ++++++++-----------
 .../gemfire/internal/net/SocketCreator.java     |   2 +-
 .../gemfire/distributed/LocatorDUnitTest.java   |  18 +-
 .../net/SocketCreatorFactoryJUnitTest.java      |  47 ++--
 .../gemfire/management/JMXMBeanDUnitTest.java   |   3 +-
 10 files changed, 298 insertions(+), 248 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/bc2868af/geode-assembly/src/test/java/com/gemstone/gemfire/rest/internal/web/controllers/RestAPIsWithSSLDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-assembly/src/test/java/com/gemstone/gemfire/rest/internal/web/controllers/RestAPIsWithSSLDUnitTest.java
b/geode-assembly/src/test/java/com/gemstone/gemfire/rest/internal/web/controllers/RestAPIsWithSSLDUnitTest.java
index 945a5e8..1d91016 100644
--- a/geode-assembly/src/test/java/com/gemstone/gemfire/rest/internal/web/controllers/RestAPIsWithSSLDUnitTest.java
+++ b/geode-assembly/src/test/java/com/gemstone/gemfire/rest/internal/web/controllers/RestAPIsWithSSLDUnitTest.java
@@ -316,7 +316,7 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
       sslPropertyConverter(sslProperties, props, SSL_REQUIRE_AUTHENTICATION, null);
       sslPropertyConverter(sslProperties, props, SSL_TRUSTSTORE, null);
       sslPropertyConverter(sslProperties, props, SSL_TRUSTSTORE_PASSWORD, null);
-      sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_ALIAS, null);
+      sslPropertyConverter(sslProperties, props, SSL_HTTP_SERVICE_ALIAS, null);
       sslPropertyConverter(sslProperties, props, SSL_ENABLED_COMPONENTS, null);
     }
     return props;
@@ -414,7 +414,7 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
       if (!StringUtils.isEmpty(properties.getProperty(INVALID_CLIENT_ALIAS))) {
         return properties.getProperty(INVALID_CLIENT_ALIAS);
       } else {
-        return properties.getProperty(HTTP_SERVICE_SSL_ALIAS);
+        return properties.getProperty(SSL_HTTP_SERVICE_ALIAS);
       }
     }).build();
 
@@ -491,7 +491,7 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
     props.setProperty(SSL_TRUSTSTORE_PASSWORD, "password");
     props.setProperty(SSL_KEYSTORE_TYPE, "JKS");
     props.setProperty(SSL_ENABLED_COMPONENTS, SSLEnabledComponents.HTTP_SERVICE);
-    props.setProperty(HTTP_SERVICE_SSL_ALIAS, "httpservicekey");
+    props.setProperty(SSL_HTTP_SERVICE_ALIAS, "httpservicekey");
     String restEndpoint = startInfraWithSSL(props, false);
     validateConnection(restEndpoint, "SSL", props);
   }
@@ -506,7 +506,7 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase {
     props.setProperty(SSL_TRUSTSTORE_PASSWORD, "password");
     props.setProperty(SSL_KEYSTORE_TYPE, "JKS");
     props.setProperty(SSL_ENABLED_COMPONENTS, SSLEnabledComponents.HTTP_SERVICE);
-    props.setProperty(HTTP_SERVICE_SSL_ALIAS, "httpservicekey");
+    props.setProperty(SSL_HTTP_SERVICE_ALIAS, "httpservicekey");
     props.setProperty(INVALID_CLIENT_ALIAS, "someAlias");
     String restEndpoint = startInfraWithSSL(props, false);
     validateConnection(restEndpoint, "SSL", props);

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/bc2868af/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java
b/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java
index 2b024d4..11e961e 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java
@@ -168,16 +168,14 @@ public interface ConfigurationProperties {
   String CLUSTER_SSL_PREFIX = "cluster-ssl";
 
   /**
-   * The static String definition of the <i>"cluster-ssl-alias"</i> property
-   * <a name="cluster-ssl-alias"/a></p>
-   * <U>Description</U>: This property is to be used if a specific key is to
be used out of a keystore with multiple keys in it.
-   * This alias will be used for all other SSL communication (HTTP Service,JMX,SERVER,GATEWAY)
unless specifically overridden by their
-   * corresponding aliases {@link #GATEWAY_SSL_ALIAS}, {@link #HTTP_SERVICE_SSL_ALIAS}, {@link
#JMX_MANAGER_SSL_ALIAS}, {@link #SERVER_SSL_ALIAS}
+   * The static String definition of the <i>"ssl-cluster-alias"</i> property
+   * <a name="ssl-cluster-alias"/a></p>
+   * <U>Description</U>: This property is to be used if a specific key is to
be used out of a keystore for the cluster ssl certificate.
    * </p>
    * <U>Default</U>: "" </p>
    * <U>Since</U>: Geode 1.0
    */
-  String CLUSTER_SSL_ALIAS = "cluster-ssl-alias";
+  String SSL_CLUSTER_ALIAS = "ssl-cluster-alias";
   /**
    * The static String definition of the <i>"cluster-ssl-ciphers"</i> property
    * <a name="cluster-ssl-ciphers"/a></p>
@@ -447,15 +445,15 @@ public interface ConfigurationProperties {
    */
   String ENFORCE_UNIQUE_HOST = "enforce-unique-host";
   /**
-   * The static String definition of the <i>"gateway-ssl-alias"</i> property
-   * <a name="gateway-ssl-alias"/a></p>
+   * The static String definition of the <i>"ssl-gateway-alias"</i> property
+   * <a name="ssl-gateway-alias"/a></p>
    * <U>Description</U>: This property is to be used if a specific key is to
be used for the SSL communications for the Gateways.
    * </p>
    * <U><i>Optional</i></U>
    * <U>Default</U>: "" </p>
    * <U>Since</U>: Geode 1.0
    */
-  String GATEWAY_SSL_ALIAS = "gateway-ssl-alias";
+  String SSL_GATEWAY_ALIAS = "ssl-gateway-alias";
   /**
    * The static String definition of the <i>"gateway-ssl-ciphers"</i> property
    * <a name="gateway-ssl-ciphers"/a></p>
@@ -476,7 +474,7 @@ public interface ConfigurationProperties {
    * </p>
    * <U>Default</U>: <code>false</code></p>
    * <U>Since</U>: GemFire 8.0
-   * @deprecated Since Geode 1.0 use {@link #CLUSTER_SSL_ENABLED} with the optional {@link
#GATEWAY_SSL_ALIAS}
+   * @deprecated Since Geode 1.0 use {@link #SSL_ENABLED_COMPONENTS} with the optional {@link
#SSL_GATEWAY_ALIAS}
    */
   String GATEWAY_SSL_ENABLED = "gateway-ssl-enabled";
   /**
@@ -593,15 +591,15 @@ public interface ConfigurationProperties {
    */
   String HTTP_SERVICE_PORT = "http-service-port";
   /**
-   * The static String definition of the <i>"http-service-ssl-alias"</i> property
-   * <a name="http-service-ssl-alias"/a></p>
+   * The static String definition of the <i>"ssl-http-service-alias"</i> property
+   * <a name="ssl-http-service-alias"/a></p>
    * <U>Description</U>: This property is to be used if a specific key is to
be used for the SSL communications for the HTTP service.
    * </p>
    * <U><i>Optional</i></U>
    * <U>Default</U>: "" </p>
    * <U>Since</U>: Geode 1.0
    */
-  String HTTP_SERVICE_SSL_ALIAS = "http-service-ssl-alias";
+  String SSL_HTTP_SERVICE_ALIAS = "ssl-http-service-alias";
   /**
    * The static String definition of the <i>"http-service-ssl-ciphers"</i> property
    * <a name="http-service-ssl-ciphers"/a></p>
@@ -623,7 +621,7 @@ public interface ConfigurationProperties {
    * </p>
    * <U>Default</U>: <code>false</code></p>
    * <U>Since</U>: GemFire 8.1
-   * @deprecated Since Geode 1.0 use {@link #CLUSTER_SSL_ENABLED} with optional {@link #HTTP_SERVICE_SSL_ALIAS}
+   * @deprecated Since Geode 1.0 use {@link #SSL_ENABLED_COMPONENTS} with optional {@link
#SSL_HTTP_SERVICE_ALIAS}
    */
   String HTTP_SERVICE_SSL_ENABLED = "http-service-ssl-enabled";
   /**
@@ -824,15 +822,15 @@ public interface ConfigurationProperties {
    */
   String JMX_MANAGER_UPDATE_RATE = "jmx-manager-update-rate";
   /**
-   * The static String definition of the <i>"jmx-manager-ssl-alias"</i> property
-   * <a name="jmx-manager-ssl-alias"/a></p>
+   * The static String definition of the <i>"ssl-jmx-manager-alias"</i> property
+   * <a name="ssl-jmx-manager-alias"/a></p>
    * <U>Description</U>: This property is to be used if a specific key is to
be used for the SSL communications for the jmx manager.
    * </p>
    * <U><i>Optional</i></U>
    * <U>Default</U>: "" </p>
    * <U>Since</U>: Geode 1.0
    */
-  String JMX_MANAGER_SSL_ALIAS = "jmx-manager-ssl-alias";
+  String SSL_JMX_MANAGER_ALIAS = "ssl-jmx-manager-alias";
   /**
    * The static String definition of the <i>"jmx-manager-ssl-ciphers"</i> property
    * <a name="jmx-manager-ssl-ciphers"/a></p>
@@ -853,7 +851,7 @@ public interface ConfigurationProperties {
    * Ignored if jmx-manager is false.
    * </p>
    * <U>Default</U>: "false"
-   * @deprecated Since Geode 1.0 use {@link #CLUSTER_SSL_ENABLED} with optional {@link #JMX_MANAGER_SSL_ALIAS}
+   * @deprecated Since Geode 1.0 use {@link #SSL_ENABLED_COMPONENTS} with optional {@link
#SSL_JMX_MANAGER_ALIAS}
    */
   String JMX_MANAGER_SSL_ENABLED = "jmx-manager-ssl-enabled";
   /**
@@ -943,8 +941,8 @@ public interface ConfigurationProperties {
    */
   String LOAD_CLUSTER_CONFIGURATION_FROM_DIR = "load-cluster-configuration-from-dir";
   /**
-   * The static String definition of the <i>"locator-ssl-alias"</i> property
-   * <a name="locator-ssl-alias"/a></p>
+   * The static String definition of the <i>"ssl-locator-alias"</i> property
+   * <a name="ssl-locator-alias"/a></p>
    * <U>Description</U>: This property is to be used if a specific key is to
be used for the SSL communications for the locator.
    * These Communications would be either locator-client or locator-server
    * </p>
@@ -952,7 +950,7 @@ public interface ConfigurationProperties {
    * <U>Default</U>: "" </p>
    * <U>Since</U>: Geode 1.0
    */
-  String LOCATOR_SSL_ALIAS = "locator-ssl-alias";
+  String SSL_LOCATOR_ALIAS = "ssl-locator-alias";
   /**
    * The static String definition of the <i>"locator-wait-time"</i> property
    * <a name="locator-wait-time"/a><p>
@@ -1324,15 +1322,15 @@ public interface ConfigurationProperties {
    */
   String SERVER_BIND_ADDRESS = "server-bind-address";
   /**
-   * The static String definition of the <i>"server-ssl-alias"</i> property
-   * <a name="server-ssl-alias"/a></p>
+   * The static String definition of the <i>"ssl-server-alias"</i> property
+   * <a name="ssl-server-alias"/a></p>
    * <U>Description</U>: This property is to be used if a specific key is to
be used for the SSL communications for client-server.
    * </p>
    * <U><i>Optional</i></U>
    * <U>Default</U>: "" </p>
    * <U>Since</U>: Geode 1.0
    */
-  String SERVER_SSL_ALIAS = "server-ssl-alias";
+  String SSL_SERVER_ALIAS = "ssl-server-alias";
   /**
    * The static String definition of the <i>"server-ssl-ciphers"</i> property
    * <a name="server-ssl-ciphers"/a></p>
@@ -1353,7 +1351,7 @@ public interface ConfigurationProperties {
    * </p>
    * <U>Default</U>: <code>false</code></p>
    * <U>Since</U>: GemFire 8.0
-   * @deprecated Since Geode 1.0 use {@link #CLUSTER_SSL_ENABLED} with optional {@link #SERVER_SSL_ALIAS}
+   * @deprecated Since Geode 1.0 use {@link #SSL_ENABLED_COMPONENTS} with optional {@link
#SSL_SERVER_ALIAS}
    */
   @Deprecated
   String SERVER_SSL_ENABLED = "server-ssl-enabled";
@@ -1749,4 +1747,15 @@ public interface ConfigurationProperties {
    * <U>Since</U>: Geode 1.0
    */
   String SSL_TRUSTSTORE_PASSWORD = "ssl-truststore-password";
+  /**
+   * The static String definition of the <i>"ssl-default-alias"</i> property
+   *
+   * <U>Description</U>This property will be set when using multi-key keystores.
This will define the alias that
+   * the ssl connection factory would use when no alias has been set for the different component
aliases.
+   * {@link #SSL_CLUSTER_ALIAS}, {@link #SSL_SERVER_ALIAS},{@link #SSL_LOCATOR_ALIAS},{@link
#SSL_GATEWAY_ALIAS},{@link #SSL_JMX_MANAGER_ALIAS} , {@link #SSL_HTTP_SERVICE_ALIAS}
+   * </p>
+   * <U>Default</U>: ""</p>
+   * <U>Since</U>: Geode 1.0
+   */
+  String SSL_DEFAULT_ALIAS = "ssl-default-alias";
 }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/bc2868af/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/AbstractDistributionConfig.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/AbstractDistributionConfig.java
b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/AbstractDistributionConfig.java
index 33b0124..e070cf4 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/AbstractDistributionConfig.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/AbstractDistributionConfig.java
@@ -186,7 +186,6 @@ public abstract class AbstractDistributionConfig extends AbstractConfig
implemen
     return value;
   }
 
-
   @ConfigAttributeChecker(name = DISTRIBUTED_SYSTEM_ID)
   protected int checkDistributedSystemId(int value) {
     String distributedSystemListener = System.getProperty(DistributionConfig.GEMFIRE_PREFIX
+ "DistributedSystemListener");
@@ -361,7 +360,6 @@ public abstract class AbstractDistributionConfig extends AbstractConfig
implemen
     return params;
   }
 
-
   @ConfigAttributeChecker(name = MEMBERSHIP_PORT_RANGE)
   protected int[] checkMembershipPortRange(int[] value) {
     minMaxCheck(MEMBERSHIP_PORT_RANGE, value[0], DEFAULT_MEMBERSHIP_PORT_RANGE[0], value[1]);
@@ -377,7 +375,6 @@ public abstract class AbstractDistributionConfig extends AbstractConfig
implemen
     return value;
   }
 
-
   /**
    * @since GemFire 5.7
    */
@@ -400,7 +397,6 @@ public abstract class AbstractDistributionConfig extends AbstractConfig
implemen
     return value;
   }
 
-
   @ConfigAttributeChecker(name = SECURITY_PEER_AUTHENTICATOR)
   protected String checkSecurityPeerAuthenticator(String value) {
     if (value != null && value.length() > 0 && getMcastPort() != 0) {
@@ -412,7 +408,6 @@ public abstract class AbstractDistributionConfig extends AbstractConfig
implemen
     return value;
   }
 
-
   @ConfigAttributeChecker(name = SECURITY_LOG_LEVEL)
   protected int checkSecurityLogLevel(int value) {
     if (value < MIN_LOG_LEVEL) {
@@ -428,7 +423,6 @@ public abstract class AbstractDistributionConfig extends AbstractConfig
implemen
     return value;
   }
 
-
   @ConfigAttributeChecker(name = MEMCACHED_PROTOCOL)
   protected String checkMemcachedProtocol(String protocol) {
     if (protocol == null || (!protocol.equalsIgnoreCase(GemFireMemcachedServer.Protocol.ASCII.name())
&& !protocol.equalsIgnoreCase(GemFireMemcachedServer.Protocol.BINARY
@@ -470,6 +464,9 @@ public abstract class AbstractDistributionConfig extends AbstractConfig
implemen
   @ConfigAttributeChecker(name = SSL_ENABLED_COMPONENTS)
   protected SSLEnabledComponent[] checkLegacySSLWhenSSLEnabledComponentsSet(SSLEnabledComponent[]
value) {
     for (SSLEnabledComponent component : value) {
+      if (!isAliasCorrectlyConfiguredForComponents(component)) {
+        throw new IllegalArgumentException(LocalizedStrings.AbstractDistributionConfig_SSL_ENABLED_COMPONENTS_INVALID_ALIAS_OPTIONS.toLocalizedString());
+      }
       switch (component) {
         case ALL:
         case CLUSTER:
@@ -493,7 +490,7 @@ public abstract class AbstractDistributionConfig extends AbstractConfig
implemen
           }));
       }
     }
-    for (SSLEnabledComponent component : value) {
+    if (value.length > 0) {
       if (getClusterSSLEnabled() || getJmxManagerSSLEnabled() || getHttpServiceSSLEnabled()
|| getServerSSLEnabled() || getGatewaySSLEnabled()) {
         throw new IllegalArgumentException(LocalizedStrings.AbstractDistributionConfig_SSL_ENABLED_COMPONENTS_SET_INVALID_DEPRECATED_SSL_SET.toLocalizedString());
       }
@@ -501,6 +498,44 @@ public abstract class AbstractDistributionConfig extends AbstractConfig
implemen
     return value;
   }
 
+  private boolean isAliasCorrectlyConfiguredForComponents(final SSLEnabledComponent component)
{
+    switch (component) {
+      case ALL: {
+        //If the default alias is not set, then check that all the other component aliases
are set
+        if (StringUtils.isEmpty(getSSLDefaultAlias())) {
+          boolean correctAlias = true;
+          correctAlias &= isAliasCorrectlyConfiguredForComponents(SSLEnabledComponent.CLUSTER);
+          correctAlias &= isAliasCorrectlyConfiguredForComponents(SSLEnabledComponent.GATEWAY);
+          correctAlias &= isAliasCorrectlyConfiguredForComponents(SSLEnabledComponent.HTTP_SERVICE);
+          correctAlias &= isAliasCorrectlyConfiguredForComponents(SSLEnabledComponent.JMX);
+          correctAlias &= isAliasCorrectlyConfiguredForComponents(SSLEnabledComponent.LOCATOR);
+          correctAlias &= isAliasCorrectlyConfiguredForComponents(SSLEnabledComponent.SERVER);
+          return correctAlias;
+        }
+      }
+      case CLUSTER: {
+        return StringUtils.isEmpty(getClusterSSLAlias()) ? true : (getSSLEnabledComponents().length
> 1 ? !StringUtils.isEmpty(getSSLDefaultAlias()) : true);
+      }
+      case GATEWAY: {
+        return StringUtils.isEmpty(getGatewaySSLAlias()) ? true : (getSSLEnabledComponents().length
> 1 ? !StringUtils.isEmpty(getSSLDefaultAlias()) : true);
+      }
+      case HTTP_SERVICE: {
+        return StringUtils.isEmpty(getHTTPServiceSSLAlias()) ? true : (getSSLEnabledComponents().length
> 1 ? !StringUtils.isEmpty(getSSLDefaultAlias()) : true);
+      }
+      case JMX: {
+        return StringUtils.isEmpty(getJMXManagerSSLAlias()) ? true : (getSSLEnabledComponents().length
> 1 ? !StringUtils.isEmpty(getSSLDefaultAlias()) : true);
+      }
+      case LOCATOR: {
+        return StringUtils.isEmpty(getLocatorSSLAlias()) ? true : (getSSLEnabledComponents().length
> 1 ? !StringUtils.isEmpty(getSSLDefaultAlias()) : true);
+      }
+      case SERVER: {
+        return StringUtils.isEmpty(getServerSSLAlias()) ? true : (getSSLEnabledComponents().length
> 1 ? !StringUtils.isEmpty(getSSLDefaultAlias()) : true);
+      }
+      default:
+        return false;
+    }
+  }
+
   // AbstractConfig overriding methods
 
   @Override
@@ -562,8 +597,8 @@ public abstract class AbstractDistributionConfig extends AbstractConfig
implemen
       throw new InternalGemFireException("the attribute setter must have one and only one
parametter");
     }
 
-
-    checkAttribute(attName, attValue);
+    //Moved this to the outside loop to complete the setting of configuration before checking
their validity.
+    //    checkAttribute(attName, attValue);
     try {
       setter.invoke(this, attValue);
     } catch (Exception e) {
@@ -770,7 +805,7 @@ public abstract class AbstractDistributionConfig extends AbstractConfig
implemen
 
     m.put(STATISTIC_SAMPLING_ENABLED, LocalizedStrings.AbstractDistributionConfig_STATISTIC_SAMPLING_ENABLED_NAME_0.toLocalizedString(Boolean.valueOf(DEFAULT_STATISTIC_SAMPLING_ENABLED)));
 
-    m.put(CLUSTER_SSL_ALIAS, LocalizedStrings.AbstractDistributionConfig_CLUSTER_SSL_ALIAS_0.toLocalizedString(Boolean.valueOf(DEFAULT_CLUSTER_SSL_ALIAS)));
+    m.put(SSL_CLUSTER_ALIAS, LocalizedStrings.AbstractDistributionConfig_CLUSTER_SSL_ALIAS_0.toLocalizedString(Boolean.valueOf(DEFAULT_SSL_ALIAS)));
 
     m.put(CLUSTER_SSL_ENABLED, LocalizedStrings.AbstractDistributionConfig_SSL_ENABLED_NAME_0.toLocalizedString(Boolean.valueOf(DEFAULT_SSL_ENABLED)));
 
@@ -863,7 +898,7 @@ public abstract class AbstractDistributionConfig extends AbstractConfig
implemen
     m.put(JMX_MANAGER, "If true then this member is willing to be a jmx manager. Defaults
to false except on a locator.");
     m.put(JMX_MANAGER_START, "If true then the jmx manager will be started when the cache
is created. Defaults to false.");
     m.put(JMX_MANAGER_SSL_ENABLED, "If true then the jmx manager will only allow SSL clients
to connect. Defaults to false. This property is ignored if jmx-manager-port is \"0\".");
-    m.put(JMX_MANAGER_SSL_ALIAS, LocalizedStrings.AbstractDistributionConfig_JMX_MANAGER_SSL_ALIAS_0.toLocalizedString(Boolean.valueOf(DEFAULT_CLUSTER_SSL_ALIAS)));
+    m.put(SSL_JMX_MANAGER_ALIAS, LocalizedStrings.AbstractDistributionConfig_JMX_MANAGER_SSL_ALIAS_0.toLocalizedString(Boolean.valueOf(DEFAULT_SSL_ALIAS)));
     m.put(JMX_MANAGER_SSL_CIPHERS, "List of available SSL cipher suites that are to be enabled
for JMX Manager. Defaults to \"" + DEFAULT_JMX_MANAGER_SSL_CIPHERS + "\" meaning your provider''s
defaults.");
     m.put(JMX_MANAGER_SSL_PROTOCOLS, "List of available SSL protocols that are to be enabled
for JMX Manager. Defaults to \"" + DEFAULT_JMX_MANAGER_SSL_PROTOCOLS + "\" meaning defaults
of your provider.");
     m.put(JMX_MANAGER_SSL_REQUIRE_AUTHENTICATION, "If set to false, ciphers and protocols
that permit anonymous JMX Clients are allowed. Defaults to \"" + DEFAULT_JMX_MANAGER_SSL_REQUIRE_AUTHENTICATION
+ "\".");
@@ -880,7 +915,7 @@ public abstract class AbstractDistributionConfig extends AbstractConfig
implemen
     m.put(JMX_MANAGER_ACCESS_FILE, "The name of the file the jmx manager will use to define
the access level of authenticated clients. Default is \"\" which causes the jmx manager to
allow all clients all access. This property is ignored if jmx-manager-port is \"0\".");
     m.put(JMX_MANAGER_HTTP_PORT, "By default when a jmx-manager is started it will also start
an http server on this port. This server is used by the GemFire Pulse application. Setting
this property to zero disables the http server. It defaults to 8080. Ignored if jmx-manager
is false.");
     m.put(JMX_MANAGER_UPDATE_RATE, "The rate in milliseconds at which this member will send
updates to each jmx manager. Default is " + DEFAULT_JMX_MANAGER_UPDATE_RATE + ". Values must
be in the range " + MIN_JMX_MANAGER_UPDATE_RATE + ".." + MAX_JMX_MANAGER_UPDATE_RATE + ".");
-    m.put(LOCATOR_SSL_ALIAS, LocalizedStrings.AbstractDistributionConfig_LOCATOR_SSL_ALIAS_0.toLocalizedString(Boolean.valueOf(DEFAULT_CLUSTER_SSL_ALIAS)));
+    m.put(SSL_LOCATOR_ALIAS, LocalizedStrings.AbstractDistributionConfig_LOCATOR_SSL_ALIAS_0.toLocalizedString(Boolean.valueOf(DEFAULT_SSL_ALIAS)));
     m.put(MEMCACHED_PORT, "The port GemFireMemcachedServer will listen on. Default is 0.
Set to zero to disable GemFireMemcachedServer.");
     m.put(MEMCACHED_PROTOCOL, "The protocol that GemFireMemcachedServer understands. Default
is ASCII. Values may be ASCII or BINARY");
     m.put(MEMCACHED_BIND_ADDRESS, "The address the GemFireMemcachedServer will listen on
for remote connections. Default is \"\" which causes the GemFireMemcachedServer to listen
on the host's default address. This property is ignored if memcached-port is \"0\".");
@@ -891,7 +926,7 @@ public abstract class AbstractDistributionConfig extends AbstractConfig
implemen
     m.put(USE_CLUSTER_CONFIGURATION, LocalizedStrings.AbstractDistributionConfig_USE_SHARED_CONFIGURATION.toLocalizedString());
     m.put(LOAD_CLUSTER_CONFIGURATION_FROM_DIR, LocalizedStrings.AbstractDistributionConfig_LOAD_SHARED_CONFIGURATION_FROM_DIR.toLocalizedString(SharedConfiguration.CLUSTER_CONFIG_ARTIFACTS_DIR_NAME));
     m.put(CLUSTER_CONFIGURATION_DIR, LocalizedStrings.AbstractDistributionConfig_CLUSTER_CONFIGURATION_DIR.toLocalizedString());
-    m.put(SERVER_SSL_ALIAS, LocalizedStrings.AbstractDistributionConfig_SERVER_SSL_ALIAS_0.toLocalizedString(Boolean.valueOf(DEFAULT_CLUSTER_SSL_ALIAS)));
+    m.put(SSL_SERVER_ALIAS, LocalizedStrings.AbstractDistributionConfig_SERVER_SSL_ALIAS_0.toLocalizedString(Boolean.valueOf(DEFAULT_SSL_ALIAS)));
     m.put(SERVER_SSL_ENABLED, "If true then the cache server will only allow SSL clients
to connect. Defaults to false.");
     m.put(SERVER_SSL_CIPHERS, "List of available SSL cipher suites that are to be enabled
for CacheServer. Defaults to \"" + DEFAULT_SERVER_SSL_CIPHERS + "\" meaning your provider''s
defaults.");
     m.put(SERVER_SSL_PROTOCOLS, "List of available SSL protocols that are to be enabled for
CacheServer. Defaults to \"" + DEFAULT_SERVER_SSL_PROTOCOLS + "\" meaning defaults of your
provider.");
@@ -907,7 +942,7 @@ public abstract class AbstractDistributionConfig extends AbstractConfig
implemen
 
     m.put(SERVER_SSL_TRUSTSTORE_PASSWORD, "Password to unlock the keystore file (store password)
specified by  javax.net.ssl.trustStore.");
 
-    m.put(GATEWAY_SSL_ALIAS, LocalizedStrings.AbstractDistributionConfig_GATEWAY_SSL_ALIAS_0.toLocalizedString(Boolean.valueOf(DEFAULT_CLUSTER_SSL_ALIAS)));
+    m.put(SSL_GATEWAY_ALIAS, LocalizedStrings.AbstractDistributionConfig_GATEWAY_SSL_ALIAS_0.toLocalizedString(Boolean.valueOf(DEFAULT_SSL_ALIAS)));
     m.put(GATEWAY_SSL_ENABLED, "If true then the gateway receiver will only allow SSL gateway
sender to connect. Defaults to false.");
     m.put(GATEWAY_SSL_CIPHERS, "List of available SSL cipher suites that are to be enabled
for Gateway Receiver. Defaults to \"" + DEFAULT_GATEWAY_SSL_CIPHERS + "\" meaning your provider''s
defaults.");
     m.put(GATEWAY_SSL_PROTOCOLS, "List of available SSL protocols that are to be enabled
for Gateway Receiver. Defaults to \"" + DEFAULT_GATEWAY_SSL_PROTOCOLS + "\" meaning defaults
of your provider.");
@@ -923,7 +958,7 @@ public abstract class AbstractDistributionConfig extends AbstractConfig
implemen
 
     m.put(GATEWAY_SSL_TRUSTSTORE_PASSWORD, "Password to unlock the keystore file (store password)
specified by  javax.net.ssl.trustStore.");
 
-    m.put(HTTP_SERVICE_SSL_ALIAS, LocalizedStrings.AbstractDistributionConfig_HTTP_SERVICE_SSL_ALIAS_0.toLocalizedString(Boolean.valueOf(DEFAULT_CLUSTER_SSL_ALIAS)));
+    m.put(SSL_HTTP_SERVICE_ALIAS, LocalizedStrings.AbstractDistributionConfig_HTTP_SERVICE_SSL_ALIAS_0.toLocalizedString(Boolean.valueOf(DEFAULT_SSL_ALIAS)));
     m.put(HTTP_SERVICE_PORT, "If non zero, then the gemfire developer REST service will be
deployed and started when the cache is created. Default value is 0.");
     m.put(HTTP_SERVICE_BIND_ADDRESS, "The address where gemfire developer REST service will
listen for remote REST connections. Default is \"\" which causes the Rest service to listen
on the host's default address.");
 

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/bc2868af/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
index f7ce665..126342f 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
@@ -4188,148 +4188,148 @@ public interface DistributionConfig extends Config, LogConfig {
 
 
   /**
-   * Returns the value of the {@link ConfigurationProperties#CLUSTER_SSL_ALIAS}
+   * Returns the value of the {@link ConfigurationProperties#SSL_CLUSTER_ALIAS}
    * property.
    * @since Geode 1.0
    */
-  @ConfigAttributeGetter(name = CLUSTER_SSL_ALIAS)
+  @ConfigAttributeGetter(name = SSL_CLUSTER_ALIAS)
   String getClusterSSLAlias();
 
   /**
-   * Sets the value of the {@link ConfigurationProperties#CLUSTER_SSL_ALIAS}
+   * Sets the value of the {@link ConfigurationProperties#SSL_CLUSTER_ALIAS}
    * property.
    * @since Geode 1.0
    */
-  @ConfigAttributeSetter(name = CLUSTER_SSL_ALIAS)
+  @ConfigAttributeSetter(name = SSL_CLUSTER_ALIAS)
   void setClusterSSLAlias(String alias);
 
   /**
    * The Default Cluster SSL alias
    * @since Geode 1.0
    */
-  String DEFAULT_CLUSTER_SSL_ALIAS = "";
+  String DEFAULT_SSL_ALIAS = "";
 
   /**
-   * The name of the {@link ConfigurationProperties#CLUSTER_SSL_ALIAS} property
+   * The name of the {@link ConfigurationProperties#SSL_CLUSTER_ALIAS} property
    * @since Geode 1.0
    */
   @ConfigAttribute(type = String.class)
-  String CLUSTER_SSL_ALIAS_NAME = CLUSTER_SSL_ALIAS;
+  String CLUSTER_SSL_ALIAS_NAME = SSL_CLUSTER_ALIAS;
 
   /**
-   * Returns the value of the {@link ConfigurationProperties#LOCATOR_SSL_ALIAS}
+   * Returns the value of the {@link ConfigurationProperties#SSL_LOCATOR_ALIAS}
    * property.
    * @since Geode 1.0
    */
-  @ConfigAttributeGetter(name = LOCATOR_SSL_ALIAS)
+  @ConfigAttributeGetter(name = SSL_LOCATOR_ALIAS)
   String getLocatorSSLAlias();
 
   /**
-   * Sets the value of the {@link ConfigurationProperties#LOCATOR_SSL_ALIAS}
+   * Sets the value of the {@link ConfigurationProperties#SSL_LOCATOR_ALIAS}
    * property.
    * @since Geode 1.0
    */
-  @ConfigAttributeSetter(name = LOCATOR_SSL_ALIAS)
+  @ConfigAttributeSetter(name = SSL_LOCATOR_ALIAS)
   void setLocatorSSLAlias(String alias);
 
   /**
-   * The name of the {@link ConfigurationProperties#LOCATOR_SSL_ALIAS} property
+   * The name of the {@link ConfigurationProperties#SSL_LOCATOR_ALIAS} property
    * @since Geode 1.0
    */
   @ConfigAttribute(type = String.class)
-  String LOCATOR_SSL_ALIAS_NAME = LOCATOR_SSL_ALIAS;
+  String LOCATOR_SSL_ALIAS_NAME = SSL_LOCATOR_ALIAS;
 
   /**
-   * Returns the value of the {@link ConfigurationProperties#GATEWAY_SSL_ALIAS}
+   * Returns the value of the {@link ConfigurationProperties#SSL_GATEWAY_ALIAS}
    * property.
    * @since Geode 1.0
    */
-  @ConfigAttributeGetter(name = GATEWAY_SSL_ALIAS)
+  @ConfigAttributeGetter(name = SSL_GATEWAY_ALIAS)
   String getGatewaySSLAlias();
 
   /**
-   * Sets the value of the {@link ConfigurationProperties#GATEWAY_SSL_ALIAS}
+   * Sets the value of the {@link ConfigurationProperties#SSL_GATEWAY_ALIAS}
    * property.
    * @since Geode 1.0
    */
-  @ConfigAttributeSetter(name = GATEWAY_SSL_ALIAS)
+  @ConfigAttributeSetter(name = SSL_GATEWAY_ALIAS)
   void setGatewaySSLAlias(String alias);
 
   /**
-   * The name of the {@link ConfigurationProperties#GATEWAY_SSL_ALIAS} property
+   * The name of the {@link ConfigurationProperties#SSL_GATEWAY_ALIAS} property
    * @since Geode 1.0
    */
   @ConfigAttribute(type = String.class)
-  String GATEWAY_SSL_ALIAS_NAME = GATEWAY_SSL_ALIAS;
+  String GATEWAY_SSL_ALIAS_NAME = SSL_GATEWAY_ALIAS;
 
   /**
-   * Returns the value of the {@link ConfigurationProperties#CLUSTER_SSL_ALIAS}
+   * Returns the value of the {@link ConfigurationProperties#SSL_CLUSTER_ALIAS}
    * property.
    * @since Geode 1.0
    */
-  @ConfigAttributeGetter(name = HTTP_SERVICE_SSL_ALIAS)
+  @ConfigAttributeGetter(name = SSL_HTTP_SERVICE_ALIAS)
   String getHTTPServiceSSLAlias();
 
   /**
-   * Sets the value of the {@link ConfigurationProperties#HTTP_SERVICE_SSL_ALIAS}
+   * Sets the value of the {@link ConfigurationProperties#SSL_HTTP_SERVICE_ALIAS}
    * property.
    * @since Geode 1.0
    */
-  @ConfigAttributeSetter(name = HTTP_SERVICE_SSL_ALIAS)
+  @ConfigAttributeSetter(name = SSL_HTTP_SERVICE_ALIAS)
   void setHTTPServiceSSLAlias(String alias);
 
   /**
-   * The name of the {@link ConfigurationProperties#HTTP_SERVICE_SSL_ALIAS} property
+   * The name of the {@link ConfigurationProperties#SSL_HTTP_SERVICE_ALIAS} property
    * @since Geode 1.0
    */
   @ConfigAttribute(type = String.class)
-  String HTTP_SERVICE_SSL_ALIAS_NAME = HTTP_SERVICE_SSL_ALIAS;
+  String HTTP_SERVICE_SSL_ALIAS_NAME = SSL_HTTP_SERVICE_ALIAS;
 
   /**
-   * Returns the value of the {@link ConfigurationProperties#JMX_MANAGER_SSL_ALIAS}
+   * Returns the value of the {@link ConfigurationProperties#SSL_JMX_MANAGER_ALIAS}
    * property.
    * @since Geode 1.0
    */
-  @ConfigAttributeGetter(name = JMX_MANAGER_SSL_ALIAS)
+  @ConfigAttributeGetter(name = SSL_JMX_MANAGER_ALIAS)
   String getJMXManagerSSLAlias();
 
   /**
-   * Sets the value of the {@link ConfigurationProperties#JMX_MANAGER_SSL_ALIAS}
+   * Sets the value of the {@link ConfigurationProperties#SSL_JMX_MANAGER_ALIAS}
    * property.
    * @since Geode 1.0
    */
-  @ConfigAttributeSetter(name = JMX_MANAGER_SSL_ALIAS)
+  @ConfigAttributeSetter(name = SSL_JMX_MANAGER_ALIAS)
   void setJMXManagerSSLAlias(String alias);
 
   /**
-   * The name of the {@link ConfigurationProperties#JMX_MANAGER_SSL_ALIAS} property
+   * The name of the {@link ConfigurationProperties#SSL_JMX_MANAGER_ALIAS} property
    * @since Geode 1.0
    */
   @ConfigAttribute(type = String.class)
-  String JMX_MANAGER_SSL_ALIAS_NAME = JMX_MANAGER_SSL_ALIAS;
+  String JMX_MANAGER_SSL_ALIAS_NAME = SSL_JMX_MANAGER_ALIAS;
 
   /**
-   * Returns the value of the {@link ConfigurationProperties#SERVER_SSL_ALIAS}
+   * Returns the value of the {@link ConfigurationProperties#SSL_SERVER_ALIAS}
    * property.
    * @since Geode 1.0
    */
-  @ConfigAttributeGetter(name = SERVER_SSL_ALIAS)
+  @ConfigAttributeGetter(name = SSL_SERVER_ALIAS)
   String getServerSSLAlias();
 
   /**
-   * Sets the value of the {@link ConfigurationProperties#SERVER_SSL_ALIAS}
+   * Sets the value of the {@link ConfigurationProperties#SSL_SERVER_ALIAS}
    * property.
    * @since Geode 1.0
    */
-  @ConfigAttributeSetter(name = SERVER_SSL_ALIAS)
+  @ConfigAttributeSetter(name = SSL_SERVER_ALIAS)
   void setServerSSLAlias(String alias);
 
   /**
-   * The name of the {@link ConfigurationProperties#SERVER_SSL_ALIAS} property
+   * The name of the {@link ConfigurationProperties#SSL_SERVER_ALIAS} property
    * @since Geode 1.0
    */
   @ConfigAttribute(type = String.class)
-  String SERVER_SSL_ALIAS_NAME = SERVER_SSL_ALIAS;
+  String SERVER_SSL_ALIAS_NAME = SSL_SERVER_ALIAS;
 
   /**
    * Returns the value of the {@link ConfigurationProperties#SSL_ENABLED_COMPONENTS}
@@ -4501,6 +4501,26 @@ public interface DistributionConfig extends Config, LogConfig {
   String SSL_TRUSTSTORE_NAME = SSL_TRUSTSTORE;
 
   /**
+   * Returns the value of the {@link ConfigurationProperties#SSL_DEFAULT_ALIAS}
+   * property.
+   */
+  @ConfigAttributeGetter(name = SSL_DEFAULT_ALIAS)
+  String getSSLDefaultAlias();
+
+  /**
+   * Sets the value of the {@link ConfigurationProperties#SSL_DEFAULT_ALIAS}
+   * property.
+   */
+  @ConfigAttributeSetter(name = SSL_DEFAULT_ALIAS)
+  void setSSLDefaultAlias(String sslDefaultAlias);
+
+  /**
+   * The name of the {@link ConfigurationProperties#SSL_DEFAULT_ALIAS} property
+   */
+  @ConfigAttribute(type = String.class)
+  String SSL_DEFAULT_ALIAS_NAME = SSL_DEFAULT_ALIAS;
+
+  /**
    * Returns the value of the {@link ConfigurationProperties#SSL_TRUSTSTORE_PASSWORD}
    * property.
    */
@@ -4520,7 +4540,6 @@ public interface DistributionConfig extends Config, LogConfig {
   @ConfigAttribute(type = String.class)
   String SSL_TRUSTSTORE_PASSWORD_NAME = SSL_TRUSTSTORE_PASSWORD;
 
-
   //*************** Initializers to gather all the annotations in this class ************************
 
   Map<String, ConfigAttribute> attributes = new HashMap<>();

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/bc2868af/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
index 25b9b1e..7c2d551 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
@@ -197,7 +197,7 @@ public class DistributionConfigImpl extends AbstractDistributionConfig
implement
   @Deprecated
   private String clusterSSLTrustStorePassword = DEFAULT_SSL_TRUSTSTORE_PASSWORD;
 
-  private String clusterSSLAlias = DEFAULT_CLUSTER_SSL_ALIAS;
+  private String clusterSSLAlias = DEFAULT_SSL_ALIAS;
 
   /**
    * multicast send buffer size, in bytes
@@ -472,7 +472,7 @@ public class DistributionConfigImpl extends AbstractDistributionConfig
implement
   @Deprecated
   private String jmxManagerSSLTrustStorePassword = DEFAULT_JMX_MANAGER_SSL_TRUSTSTORE_PASSWORD;
 
-  private String jmxManagerSSLAlias = clusterSSLAlias;
+  private String jmxManagerSSLAlias = DEFAULT_SSL_ALIAS;
 
   @Deprecated
   private boolean serverSSLEnabled = DEFAULT_SERVER_SSL_ENABLED;
@@ -495,7 +495,7 @@ public class DistributionConfigImpl extends AbstractDistributionConfig
implement
   @Deprecated
   private String serverSSLTrustStorePassword = DEFAULT_SERVER_SSL_TRUSTSTORE_PASSWORD;
 
-  private String serverSSLAlias = clusterSSLAlias;
+  private String serverSSLAlias = DEFAULT_SSL_ALIAS;
 
   @Deprecated
   private boolean gatewaySSLEnabled = DEFAULT_GATEWAY_SSL_ENABLED;
@@ -519,7 +519,7 @@ public class DistributionConfigImpl extends AbstractDistributionConfig
implement
   private String gatewaySSLTrustStorePassword = DEFAULT_GATEWAY_SSL_TRUSTSTORE_PASSWORD;
 
 
-  private String gatewaySSLAlias = clusterSSLAlias;
+  private String gatewaySSLAlias = DEFAULT_SSL_ALIAS;
 
   @Deprecated
   private boolean httpServiceSSLEnabled = DEFAULT_HTTP_SERVICE_SSL_ENABLED;
@@ -542,7 +542,7 @@ public class DistributionConfigImpl extends AbstractDistributionConfig
implement
   @Deprecated
   private String httpServiceSSLTrustStorePassword = DEFAULT_HTTP_SERVICE_SSL_TRUSTSTORE_PASSWORD;
 
-  private String httpServiceSSLAlias = clusterSSLAlias;
+  private String httpServiceSSLAlias = DEFAULT_SSL_ALIAS;
 
   private SSLEnabledComponent[] sslEnabledComponents = DEFAULT_SSL_ENABLED_COMPONENTS;
 
@@ -555,7 +555,9 @@ public class DistributionConfigImpl extends AbstractDistributionConfig
implement
   private String sslTrustStore = DEFAULT_SSL_TRUSTSTORE;
   private String sslTrustStorePassword = DEFAULT_SSL_TRUSTSTORE_PASSWORD;
 
-  private String locatorSSLAlias = clusterSSLAlias;
+  private String locatorSSLAlias = DEFAULT_SSL_ALIAS;
+
+  private String sslDefaultAlias = DEFAULT_SSL_ALIAS;
 
   private Map<String, ConfigSource> sourceMap = Collections.synchronizedMap(new HashMap<String,
ConfigSource>());
 
@@ -767,6 +769,7 @@ public class DistributionConfigImpl extends AbstractDistributionConfig
implement
     this.sslTrustStore = other.getSSLTrustStore();
     this.sslTrustStorePassword = other.getSSLTrustStorePassword();
     this.sslProperties = other.getSSLProperties();
+    this.sslDefaultAlias = other.getSSLDefaultAlias();
 
 
   }
@@ -2553,6 +2556,16 @@ public class DistributionConfigImpl extends AbstractDistributionConfig
implement
   }
 
   @Override
+  public String getSSLDefaultAlias() {
+    return sslDefaultAlias;
+  }
+
+  @Override
+  public void setSSLDefaultAlias(final String sslDefaultAlias) {
+    this.sslDefaultAlias = sslDefaultAlias;
+  }
+
+  @Override
   public String getSSLTrustStorePassword() {
     return sslTrustStorePassword;
   }



Mime
View raw message