geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From u..@apache.org
Subject [07/27] incubator-geode git commit: GEODE-1372 Geode UDP communications are not secure when SSL is configured
Date Tue, 30 Aug 2016 02:57:51 GMT
GEODE-1372 Geode UDP communications are not secure when SSL is configured

This branch contains Diffe Hellman encoding of UDP communications in Geode
using the encryption scheme that is already available for client/server
communications.  The current implementation uses security-client-dhalgo
to enable encryption.

Membership views hold the public keys of peers.  GMSEncrypt is a new
object that is held by JGroupsMessenger and is used to perform the
encryption/decryption.

GMSJoinLeave is modified to send a new member's public key to the
membership coordinator.  The coordinator sends its public key back prior
to announcing the new membership view with the new member.  This should
be changed to have the coordinator's public key be sent to the joining
member and the coordinator should get the new member's public key from
a locator as well.

GMSEncrypt needs to be changed to record time spent encrypting and
decrypting in DistributionStats as well as the number of encryptions/decryptions
performed.


Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/3909cabc
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/3909cabc
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/3909cabc

Branch: refs/heads/feature/GEODE-420
Commit: 3909cabc0f958636fbba2458c6af2ecbc1bf2b4b
Parents: 43e9ecd
Author: Bruce Schuchardt <bschuchardt@pivotal.io>
Authored: Mon May 9 15:59:33 2016 -0700
Committer: Hitesh Khamesra <hkhamesra@pivotal.io>
Committed: Mon Aug 29 10:39:17 2016 -0700

----------------------------------------------------------------------
 .../membership/gms/messenger/GMSEncrypt.java    | 44 +-----------------
 .../gms/messenger/JGroupsMessenger.java         |  4 +-
 .../gms/messenger/GMSEncryptJUnitTest.java      | 47 +-------------------
 3 files changed, 5 insertions(+), 90 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/3909cabc/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncrypt.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncrypt.java
b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncrypt.java
index 7cec567..5c251ac 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncrypt.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncrypt.java
@@ -19,9 +19,7 @@ package com.gemstone.gemfire.distributed.internal.membership.gms.messenger;
 
 import java.math.BigInteger;
 import java.security.*;
-import java.security.spec.EncodedKeySpec;
 import java.security.spec.InvalidKeySpecException;
-import java.security.spec.PKCS8EncodedKeySpec;
 import java.security.spec.X509EncodedKeySpec;
 import java.util.HashMap;
 import java.util.Map;
@@ -37,14 +35,12 @@ import javax.crypto.spec.SecretKeySpec;
 import com.gemstone.gemfire.distributed.internal.membership.InternalDistributedMember;
 import com.gemstone.gemfire.distributed.internal.membership.NetView;
 import com.gemstone.gemfire.distributed.internal.membership.gms.Services;
-
 import org.apache.logging.log4j.Logger;
 
 import com.gemstone.gemfire.distributed.internal.DistributionConfig;
 import com.gemstone.gemfire.internal.logging.LogService;
 
-public class GMSEncrypt implements Cloneable{
-  
+public class GMSEncrypt {
   public static long encodingsPerformed;
   public static long decodingsPerformed;
 
@@ -85,16 +81,6 @@ public class GMSEncrypt implements Cloneable{
     this.view.setPublicKey(services.getJoinLeave().getMemberID(), getPublicKeyBytes());
     // TODO remove ciphers for departed members
   }
-  
-  protected void installView(NetView view, InternalDistributedMember mbr) {
-    this.view = view;
-    this.view.setPublicKey(mbr, getPublicKeyBytes());
-    // TODO remove ciphers for departed members
-  }
-
-  protected GMSEncrypt() {
-    
-  }
 
   public GMSEncrypt(Services services) throws  Exception {
     this.services = services;
@@ -113,34 +99,6 @@ public class GMSEncrypt implements Cloneable{
     return dhPublicKey.getEncoded();
   }
 
-  @Override
-  protected GMSEncrypt clone() throws CloneNotSupportedException {
-    try {
-      GMSEncrypt gmsEncrypt = new GMSEncrypt();
-      gmsEncrypt.dhSKAlgo = this.dhSKAlgo;
-
-      X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(this.dhPublicKey.getEncoded());
-      KeyFactory keyFact = KeyFactory.getInstance("DH");
-      // PublicKey pubKey = keyFact.generatePublic(x509KeySpec);
-      gmsEncrypt.dhPublicKey = keyFact.generatePublic(x509KeySpec);
-      final String format = this.dhPrivateKey.getFormat();
-      System.out.println("private key format " + format);
-      System.out.println("public ksy format " + this.dhPublicKey.getFormat());
-      PKCS8EncodedKeySpec x509KeySpecPKey = new PKCS8EncodedKeySpec(this.dhPrivateKey.getEncoded());
-      
-      keyFact = KeyFactory.getInstance("DH");
-      // PublicKey pubKey = keyFact.generatePublic(x509KeySpec);
-      gmsEncrypt.dhPrivateKey = keyFact.generatePrivate(x509KeySpecPKey);
-
-      return gmsEncrypt;
-    } catch (Exception e) {
-      throw new RuntimeException("Unable to clone", e);
-    }
-  }
-
-
-
-
   /**
    * Initialize the Diffie-Hellman keys. This method is not thread safe
    */

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/3909cabc/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/JGroupsMessenger.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/JGroupsMessenger.java
b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/JGroupsMessenger.java
index b94be45..89f7dec 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/JGroupsMessenger.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/JGroupsMessenger.java
@@ -355,7 +355,7 @@ public class JGroupsMessenger implements Messenger {
 
     addressesWithIoExceptionsProcessed.clear();
     if (encrypt != null) {
-      encrypt.installView(v);
+//      encrypt.installView(v);
     }
   }
   
@@ -572,7 +572,7 @@ public class JGroupsMessenger implements Messenger {
   @Override
   public Set<InternalDistributedMember> send(DistributionMessage msg, NetView alternateView)
{
     if (this.encrypt != null) {
-      this.encrypt.installView(alternateView);
+     // this.encrypt.installView(alternateView);
     }
     return send(msg, true);
   }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/3909cabc/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncryptJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncryptJUnitTest.java
b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncryptJUnitTest.java
index de90328..a591e47 100755
--- a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncryptJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncryptJUnitTest.java
@@ -66,51 +66,8 @@ public class GMSEncryptJUnitTest {
     netView.setPublicKey(mockMembers[1], gmsEncrypt1.getPublicKeyBytes());
     netView.setPublicKey(mockMembers[2], gmsEncrypt2.getPublicKeyBytes());
 
-    gmsEncrypt1.installView(netView, mockMembers[1]);
-    gmsEncrypt2.installView(netView, mockMembers[2]);
-
-    // sender encrypts a message, so use receiver's public key
-    String ch = "Hello world";
-    byte[] challenge =  ch.getBytes();
-    byte[]  encryptedChallenge =  gmsEncrypt1.encryptData(challenge, mockMembers[2]);
-
-    // receiver decrypts the message using the sender's public key
-    byte[] decryptBytes = gmsEncrypt2.decryptData(encryptedChallenge,  mockMembers[1]);
-
-    // now send a response
-    String response = "Hello yourself!";
-    byte[] responseBytes = response.getBytes();
-    byte[] encryptedResponse = gmsEncrypt2.encryptData(responseBytes, mockMembers[1]);
-
-    // receiver decodes the response
-    byte[] decryptedResponse = gmsEncrypt1.decryptData(encryptedResponse,  mockMembers[2]);
-
-    Assert.assertFalse(Arrays.equals(challenge, encryptedChallenge));
-
-    Assert.assertTrue(Arrays.equals(challenge, decryptBytes));
-
-    Assert.assertFalse(Arrays.equals(responseBytes, encryptedResponse));
-
-    Assert.assertTrue(Arrays.equals(responseBytes, decryptedResponse));
-
-  }
-  
-  @Test
-  public void testPublicKeyPrivateKeyFromSameMember() throws Exception{
-    initMocks();
-
-    GMSEncrypt gmsEncrypt1 = new GMSEncrypt(services); // this will be the sender
-    GMSEncrypt gmsEncrypt2 = new GMSEncrypt(services); // this will be the receiver
-    
-    gmsEncrypt1 = gmsEncrypt1.clone();
-    gmsEncrypt2 = gmsEncrypt2.clone();
-
-    // establish the public keys for the sender and receiver
-    netView.setPublicKey(mockMembers[1], gmsEncrypt1.getPublicKeyBytes());
-    netView.setPublicKey(mockMembers[2], gmsEncrypt2.getPublicKeyBytes());
-
-    gmsEncrypt1.installView(netView, mockMembers[1]);
-    gmsEncrypt2.installView(netView, mockMembers[2]);
+    gmsEncrypt1.installView(netView);
+    gmsEncrypt2.installView(netView);
 
     // sender encrypts a message, so use receiver's public key
     String ch = "Hello world";


Mime
View raw message