Return-Path: <commits-return-12114-archive-asf-public=cust-asf.ponee.io@geode.incubator.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id B7AFA200B73
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Mon, 29 Aug 2016 23:39:11 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id B61A6160AC8; Mon, 29 Aug 2016 21:39:11 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id D48B0160ACA
	for <archive-asf-public@cust-asf.ponee.io>; Mon, 29 Aug 2016 23:39:10 +0200 (CEST)
Received: (qmail 8857 invoked by uid 500); 29 Aug 2016 21:39:08 -0000
Mailing-List: contact commits-help@geode.incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@geode.incubator.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@geode.incubator.apache.org>
List-Post: <mailto:commits@geode.incubator.apache.org>
List-Id: <commits.geode.incubator.apache.org>
Reply-To: dev@geode.incubator.apache.org
Delivered-To: mailing list commits@geode.incubator.apache.org
Received: (qmail 8823 invoked by uid 99); 29 Aug 2016 21:39:08 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 29 Aug 2016 21:39:08 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id DBEE7C00B6
	for <commits@geode.apache.org>; Mon, 29 Aug 2016 21:39:07 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -4.646
X-Spam-Level: 
X-Spam-Status: No, score=-4.646 tagged_above=-999 required=6.31
	tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1,
	RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01,
	RP_MATCHES_RCVD=-1.426] autolearn=disabled
Received: from mx1-lw-eu.apache.org ([10.40.0.8])
	by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024)
	with ESMTP id BUO5BX6eDlPo for <commits@geode.apache.org>;
	Mon, 29 Aug 2016 21:39:05 +0000 (UTC)
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with SMTP id 8AAA95FBB5
	for <commits@geode.incubator.apache.org>; Mon, 29 Aug 2016 21:39:04 +0000 (UTC)
Received: (qmail 5988 invoked by uid 99); 29 Aug 2016 21:39:03 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 29 Aug 2016 21:39:03 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33)
	id 91712E17A9; Mon, 29 Aug 2016 21:39:03 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: hiteshkhamesra@apache.org
To: commits@geode.incubator.apache.org
Date: Mon, 29 Aug 2016 21:39:08 -0000
Message-Id: <67a2bb406285411d9ded6bb5b1efbda1@git.apache.org>
In-Reply-To: <b78ac6be86e641b1b22963ca27c1d2bd@git.apache.org>
References: <b78ac6be86e641b1b22963ca27c1d2bd@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [06/24] incubator-geode git commit: GEODE-1372 Geode UDP
 communications are not secure when SSL is configured
archived-at: Mon, 29 Aug 2016 21:39:11 -0000

GEODE-1372 Geode UDP communications are not secure when SSL is configured

This branch contains Diffe Hellman encoding of UDP communications in Geode
using the encryption scheme that is already available for client/server
communications.  The current implementation uses security-client-dhalgo
to enable encryption.

Membership views hold the public keys of peers.  GMSEncrypt is a new
object that is held by JGroupsMessenger and is used to perform the
encryption/decryption.

GMSJoinLeave is modified to send a new member's public key to the
membership coordinator.  The coordinator sends its public key back prior
to announcing the new membership view with the new member.  This should
be changed to have the coordinator's public key be sent to the joining
member and the coordinator should get the new member's public key from
a locator as well.

GMSEncrypt needs to be changed to record time spent encrypting and
decrypting in DistributionStats as well as the number of encryptions/decryptions
performed.


Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/3909cabc
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/3909cabc
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/3909cabc

Branch: refs/heads/develop
Commit: 3909cabc0f958636fbba2458c6af2ecbc1bf2b4b
Parents: 43e9ecd
Author: Bruce Schuchardt <bschuchardt@pivotal.io>
Authored: Mon May 9 15:59:33 2016 -0700
Committer: Hitesh Khamesra <hkhamesra@pivotal.io>
Committed: Mon Aug 29 10:39:17 2016 -0700

----------------------------------------------------------------------
 .../membership/gms/messenger/GMSEncrypt.java    | 44 +-----------------
 .../gms/messenger/JGroupsMessenger.java         |  4 +-
 .../gms/messenger/GMSEncryptJUnitTest.java      | 47 +-------------------
 3 files changed, 5 insertions(+), 90 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/3909cabc/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncrypt.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncrypt.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncrypt.java
index 7cec567..5c251ac 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncrypt.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncrypt.java
@@ -19,9 +19,7 @@ package com.gemstone.gemfire.distributed.internal.membership.gms.messenger;
 
 import java.math.BigInteger;
 import java.security.*;
-import java.security.spec.EncodedKeySpec;
 import java.security.spec.InvalidKeySpecException;
-import java.security.spec.PKCS8EncodedKeySpec;
 import java.security.spec.X509EncodedKeySpec;
 import java.util.HashMap;
 import java.util.Map;
@@ -37,14 +35,12 @@ import javax.crypto.spec.SecretKeySpec;
 import com.gemstone.gemfire.distributed.internal.membership.InternalDistributedMember;
 import com.gemstone.gemfire.distributed.internal.membership.NetView;
 import com.gemstone.gemfire.distributed.internal.membership.gms.Services;
-
 import org.apache.logging.log4j.Logger;
 
 import com.gemstone.gemfire.distributed.internal.DistributionConfig;
 import com.gemstone.gemfire.internal.logging.LogService;
 
-public class GMSEncrypt implements Cloneable{
-  
+public class GMSEncrypt {
   public static long encodingsPerformed;
   public static long decodingsPerformed;
 
@@ -85,16 +81,6 @@ public class GMSEncrypt implements Cloneable{
     this.view.setPublicKey(services.getJoinLeave().getMemberID(), getPublicKeyBytes());
     // TODO remove ciphers for departed members
   }
-  
-  protected void installView(NetView view, InternalDistributedMember mbr) {
-    this.view = view;
-    this.view.setPublicKey(mbr, getPublicKeyBytes());
-    // TODO remove ciphers for departed members
-  }
-
-  protected GMSEncrypt() {
-    
-  }
 
   public GMSEncrypt(Services services) throws  Exception {
     this.services = services;
@@ -113,34 +99,6 @@ public class GMSEncrypt implements Cloneable{
     return dhPublicKey.getEncoded();
   }
 
-  @Override
-  protected GMSEncrypt clone() throws CloneNotSupportedException {
-    try {
-      GMSEncrypt gmsEncrypt = new GMSEncrypt();
-      gmsEncrypt.dhSKAlgo = this.dhSKAlgo;
-
-      X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(this.dhPublicKey.getEncoded());
-      KeyFactory keyFact = KeyFactory.getInstance("DH");
-      // PublicKey pubKey = keyFact.generatePublic(x509KeySpec);
-      gmsEncrypt.dhPublicKey = keyFact.generatePublic(x509KeySpec);
-      final String format = this.dhPrivateKey.getFormat();
-      System.out.println("private key format " + format);
-      System.out.println("public ksy format " + this.dhPublicKey.getFormat());
-      PKCS8EncodedKeySpec x509KeySpecPKey = new PKCS8EncodedKeySpec(this.dhPrivateKey.getEncoded());
-      
-      keyFact = KeyFactory.getInstance("DH");
-      // PublicKey pubKey = keyFact.generatePublic(x509KeySpec);
-      gmsEncrypt.dhPrivateKey = keyFact.generatePrivate(x509KeySpecPKey);
-
-      return gmsEncrypt;
-    } catch (Exception e) {
-      throw new RuntimeException("Unable to clone", e);
-    }
-  }
-
-
-
-
   /**
    * Initialize the Diffie-Hellman keys. This method is not thread safe
    */

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/3909cabc/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/JGroupsMessenger.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/JGroupsMessenger.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/JGroupsMessenger.java
index b94be45..89f7dec 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/JGroupsMessenger.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/JGroupsMessenger.java
@@ -355,7 +355,7 @@ public class JGroupsMessenger implements Messenger {
 
     addressesWithIoExceptionsProcessed.clear();
     if (encrypt != null) {
-      encrypt.installView(v);
+//      encrypt.installView(v);
     }
   }
   
@@ -572,7 +572,7 @@ public class JGroupsMessenger implements Messenger {
   @Override
   public Set<InternalDistributedMember> send(DistributionMessage msg, NetView alternateView) {
     if (this.encrypt != null) {
-      this.encrypt.installView(alternateView);
+     // this.encrypt.installView(alternateView);
     }
     return send(msg, true);
   }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/3909cabc/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncryptJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncryptJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncryptJUnitTest.java
index de90328..a591e47 100755
--- a/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncryptJUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/distributed/internal/membership/gms/messenger/GMSEncryptJUnitTest.java
@@ -66,51 +66,8 @@ public class GMSEncryptJUnitTest {
     netView.setPublicKey(mockMembers[1], gmsEncrypt1.getPublicKeyBytes());
     netView.setPublicKey(mockMembers[2], gmsEncrypt2.getPublicKeyBytes());
 
-    gmsEncrypt1.installView(netView, mockMembers[1]);
-    gmsEncrypt2.installView(netView, mockMembers[2]);
-
-    // sender encrypts a message, so use receiver's public key
-    String ch = "Hello world";
-    byte[] challenge =  ch.getBytes();
-    byte[]  encryptedChallenge =  gmsEncrypt1.encryptData(challenge, mockMembers[2]);
-
-    // receiver decrypts the message using the sender's public key
-    byte[] decryptBytes = gmsEncrypt2.decryptData(encryptedChallenge,  mockMembers[1]);
-
-    // now send a response
-    String response = "Hello yourself!";
-    byte[] responseBytes = response.getBytes();
-    byte[] encryptedResponse = gmsEncrypt2.encryptData(responseBytes, mockMembers[1]);
-
-    // receiver decodes the response
-    byte[] decryptedResponse = gmsEncrypt1.decryptData(encryptedResponse,  mockMembers[2]);
-
-    Assert.assertFalse(Arrays.equals(challenge, encryptedChallenge));
-
-    Assert.assertTrue(Arrays.equals(challenge, decryptBytes));
-
-    Assert.assertFalse(Arrays.equals(responseBytes, encryptedResponse));
-
-    Assert.assertTrue(Arrays.equals(responseBytes, decryptedResponse));
-
-  }
-  
-  @Test
-  public void testPublicKeyPrivateKeyFromSameMember() throws Exception{
-    initMocks();
-
-    GMSEncrypt gmsEncrypt1 = new GMSEncrypt(services); // this will be the sender
-    GMSEncrypt gmsEncrypt2 = new GMSEncrypt(services); // this will be the receiver
-    
-    gmsEncrypt1 = gmsEncrypt1.clone();
-    gmsEncrypt2 = gmsEncrypt2.clone();
-
-    // establish the public keys for the sender and receiver
-    netView.setPublicKey(mockMembers[1], gmsEncrypt1.getPublicKeyBytes());
-    netView.setPublicKey(mockMembers[2], gmsEncrypt2.getPublicKeyBytes());
-
-    gmsEncrypt1.installView(netView, mockMembers[1]);
-    gmsEncrypt2.installView(netView, mockMembers[2]);
+    gmsEncrypt1.installView(netView);
+    gmsEncrypt2.installView(netView);
 
     // sender encrypts a message, so use receiver's public key
     String ch = "Hello world";