geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From u..@apache.org
Subject [04/50] [abbrv] incubator-geode git commit: GEODE-420: adding ssl-http-service-require-authentication property
Date Tue, 13 Sep 2016 19:11:51 GMT
GEODE-420: adding ssl-http-service-require-authentication property


Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/8754dae4
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/8754dae4
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/8754dae4

Branch: refs/heads/develop
Commit: 8754dae48af43f2159b8f0295e9a443d8de6a71a
Parents: 6179a69
Author: Udo Kohlmeyer <ukohlmeyer@pivotal.io>
Authored: Wed Aug 17 15:44:25 2016 +1000
Committer: Udo Kohlmeyer <ukohlmeyer@pivotal.io>
Committed: Wed Aug 17 15:44:25 2016 +1000

----------------------------------------------------------------------
 .../distributed/ConfigurationProperties.java    |   9 +
 .../internal/DistributionConfig.java            |  33 +++-
 .../internal/DistributionConfigImpl.java        |  12 ++
 .../gemfire/internal/admin/SSLConfig.java       |   4 +-
 .../internal/net/SSLConfigurationFactory.java   |  36 ++--
 .../gemfire/distributed/LocatorDUnitTest.java   |   4 +-
 .../net/SSLConfigurationFactoryTest.java        | 163 +++++++++++++++++++
 7 files changed, 240 insertions(+), 21 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8754dae4/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java
b/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java
index 11e961e..fdb3bf6 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java
@@ -1758,4 +1758,13 @@ public interface ConfigurationProperties {
    * <U>Since</U>: Geode 1.0
    */
   String SSL_DEFAULT_ALIAS = "ssl-default-alias";
+  /**
+   * The static String definition of the <i>"ssl-http-service-require-authentication"</i>
property
+   *
+   * <U>Description</U>If false allows client side's http connection to be authenticated
without a 2-way SSL authentication.
+   * </p>
+   * <U>Default</U>: "false"</p>
+   * <U>Since</U>: Geode 1.0
+   */
+  String SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION = "ssl-http-service-require-authentication";
 }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8754dae4/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
index 126342f..8e2a60b 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
@@ -1631,12 +1631,12 @@ public interface DistributionConfig extends Config, LogConfig {
   @ConfigAttribute(type = int[].class)
   String MEMBERSHIP_PORT_RANGE_NAME = MEMBERSHIP_PORT_RANGE;
 
-  /** set this boolean to restrict membership/communications to use ports in the ephemeral
range */
+  /**
+   * set this boolean to restrict membership/communications to use ports in the ephemeral
range
+   */
   String RESTRICT_MEMBERSHIP_PORT_RANGE = GEMFIRE_PREFIX + "use-ephemeral-ports";
 
-  int[] DEFAULT_MEMBERSHIP_PORT_RANGE = Boolean.getBoolean(RESTRICT_MEMBERSHIP_PORT_RANGE)
-      ?  new int[] { 32769, 61000 }
-      :  new int[] {  1024, 65535 };
+  int[] DEFAULT_MEMBERSHIP_PORT_RANGE = Boolean.getBoolean(RESTRICT_MEMBERSHIP_PORT_RANGE)
? new int[] { 32769, 61000 } : new int[] { 1024, 65535 };
 
   @ConfigAttributeGetter(name = MEMBERSHIP_PORT_RANGE)
   int[] getMembershipPortRange();
@@ -4540,6 +4540,31 @@ public interface DistributionConfig extends Config, LogConfig {
   @ConfigAttribute(type = String.class)
   String SSL_TRUSTSTORE_PASSWORD_NAME = SSL_TRUSTSTORE_PASSWORD;
 
+  /**
+   * Returns the value of the {@link ConfigurationProperties#SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION}
+   * property.
+   */
+  @ConfigAttributeGetter(name = SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION)
+  boolean getSSLHTTPRequireAuthentication();
+
+  /**
+   * Sets the value of the {@link ConfigurationProperties#SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION}
+   * property.
+   */
+  @ConfigAttributeSetter(name = SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION)
+  void setSSLHTTPRequireAuthentication(boolean requiresAuthenatication);
+
+  /**
+   * The name of the {@link ConfigurationProperties#SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION}
property
+   */
+  @ConfigAttribute(type = Boolean.class)
+  String SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION_NAME = SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION;
+
+  /**
+   * The default value for http service ssl mutual authentication
+   */
+  boolean DEFAULT_SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION = false;
+
   //*************** Initializers to gather all the annotations in this class ************************
 
   Map<String, ConfigAttribute> attributes = new HashMap<>();

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8754dae4/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
index 26263d3..a5a9aa6 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
@@ -556,6 +556,7 @@ public class DistributionConfigImpl extends AbstractDistributionConfig
implement
   private String sslKeyStorePassword = DEFAULT_SSL_KEYSTORE_PASSWORD;
   private String sslTrustStore = DEFAULT_SSL_TRUSTSTORE;
   private String sslTrustStorePassword = DEFAULT_SSL_TRUSTSTORE_PASSWORD;
+  private boolean sslHttpServiceRequireAuthentication = DEFAULT_SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION;
 
   private String locatorSSLAlias = DEFAULT_SSL_ALIAS;
 
@@ -772,6 +773,7 @@ public class DistributionConfigImpl extends AbstractDistributionConfig
implement
     this.sslTrustStorePassword = other.getSSLTrustStorePassword();
     this.sslProperties = other.getSSLProperties();
     this.sslDefaultAlias = other.getSSLDefaultAlias();
+    this.sslHttpServiceRequireAuthentication = other.getSSLHTTPRequireAuthentication();
 
 
   }
@@ -2642,6 +2644,16 @@ public class DistributionConfigImpl extends AbstractDistributionConfig
implement
     this.sslTrustStorePassword = sslTrustStorePassword;
   }
 
+  @Override
+  public boolean getSSLHTTPRequireAuthentication() {
+    return sslHttpServiceRequireAuthentication;
+  }
+
+  @Override
+  public void setSSLHTTPRequireAuthentication(final boolean requiresAuthenatication) {
+    this.sslHttpServiceRequireAuthentication = requiresAuthenatication;
+  }
+
   ///////////////////////  Utility Methods  ///////////////////////
 
   /**

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8754dae4/geode-core/src/main/java/com/gemstone/gemfire/internal/admin/SSLConfig.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/admin/SSLConfig.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/admin/SSLConfig.java
index 977d44d..ebf3a7e 100755
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/admin/SSLConfig.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/admin/SSLConfig.java
@@ -30,8 +30,6 @@ import com.gemstone.gemfire.management.internal.SSLUtil;
  */
 public class SSLConfig {
 
-  //private static final String PREFIX = "javax.net.ssl.";
-
   private boolean enabled = DistributionConfig.DEFAULT_SSL_ENABLED;
   private String protocols = DistributionConfig.DEFAULT_SSL_PROTOCOLS;
   private String ciphers = DistributionConfig.DEFAULT_SSL_CIPHERS;
@@ -150,6 +148,8 @@ public class SSLConfig {
     this.truststoreType = truststoreType;
   }
 
+
+
   public Properties getProperties() {
     return this.properties;
   }

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8754dae4/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java
b/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java
index 9873d03..33378b8 100644
--- a/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java
+++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java
@@ -62,33 +62,33 @@ public class SSLConfigurationFactory {
   }
 
   private SSLConfig createSSLConfigForComponent(final SSLEnabledComponent sslEnabledComponent)
{
-    SSLConfig sslConfig = new SSLConfig();
-    configureClusterSSL(sslConfig, sslEnabledComponent);
+    SSLConfig sslConfig = createSSLConfig(sslEnabledComponent);
     SSLEnabledComponent[] sslEnabledComponents = distributionConfig.getSSLEnabledComponents();
-    if(sslEnabledComponents.length == 0)
-    {
+    if (sslEnabledComponents.length == 0) {
       sslConfig = configureLegacyClusterSSL(sslConfig);
     }
     sslConfig.setSslEnabledComponent(sslEnabledComponent);
     switch (sslEnabledComponent) {
       case ALL: {
-
+        //Create a SSLConfig separate for HTTP Service. As the require-authentication might
differ
+        createSSLConfigForComponent(SSLEnabledComponent.HTTP_SERVICE);
+        break;
       }
       case CLUSTER: {
         if (sslEnabledComponents.length > 0) {
-          sslConfig.setAlias(distributionConfig.getClusterSSLAlias());
+          sslConfig = setAliasForComponent(sslConfig, distributionConfig.getClusterSSLAlias());
         }
         break;
       }
       case LOCATOR: {
         if (sslEnabledComponents.length > 0) {
-          sslConfig.setAlias(distributionConfig.getLocatorSSLAlias());
+          sslConfig = setAliasForComponent(sslConfig, distributionConfig.getLocatorSSLAlias());
         }
         break;
       }
       case SERVER: {
         if (sslEnabledComponents.length > 0) {
-          sslConfig.setAlias(distributionConfig.getServerSSLAlias());
+          sslConfig = setAliasForComponent(sslConfig, distributionConfig.getServerSSLAlias());
         } else {
           sslConfig = configureLegacyServerSSL(sslConfig);
         }
@@ -96,7 +96,7 @@ public class SSLConfigurationFactory {
       }
       case GATEWAY: {
         if (sslEnabledComponents.length > 0) {
-          sslConfig.setAlias(distributionConfig.getGatewaySSLAlias());
+          sslConfig = setAliasForComponent(sslConfig, distributionConfig.getGatewaySSLAlias());
         } else {
           sslConfig = configureLegacyGatewaySSL(sslConfig);
         }
@@ -104,7 +104,8 @@ public class SSLConfigurationFactory {
       }
       case HTTP_SERVICE: {
         if (sslEnabledComponents.length > 0) {
-          sslConfig.setAlias(distributionConfig.getHTTPServiceSSLAlias());
+          sslConfig = setAliasForComponent(sslConfig, distributionConfig.getHTTPServiceSSLAlias());
+          sslConfig.setRequireAuth(distributionConfig.getSSLHTTPRequireAuthentication());
         } else {
           sslConfig = configureLegacyHttpServiceSSL(sslConfig);
         }
@@ -112,7 +113,7 @@ public class SSLConfigurationFactory {
       }
       case JMX: {
         if (sslEnabledComponents.length > 0) {
-          sslConfig.setAlias(distributionConfig.getJMXManagerSSLAlias());
+          sslConfig = setAliasForComponent(sslConfig, distributionConfig.getJMXManagerSSLAlias());
         } else {
           sslConfig = configureLegacyJMXSSL(sslConfig);
         }
@@ -123,7 +124,15 @@ public class SSLConfigurationFactory {
     return sslConfig;
   }
 
-  private void configureClusterSSL(final SSLConfig sslConfig, final SSLEnabledComponent sslEnabledComponent)
{
+  private SSLConfig setAliasForComponent(final SSLConfig sslConfig, final String clusterSSLAlias)
{
+    if (!StringUtils.isEmpty(clusterSSLAlias)) {
+      sslConfig.setAlias(clusterSSLAlias);
+    }
+    return sslConfig;
+  }
+
+  private SSLConfig createSSLConfig(final SSLEnabledComponent sslEnabledComponent) {
+    SSLConfig sslConfig = new SSLConfig();
     sslConfig.setCiphers(distributionConfig.getSSLCiphers());
     sslConfig.setEnabled(determineIfSSLEnabledForSSLComponent(sslEnabledComponent));
     sslConfig.setKeystore(distributionConfig.getSSLKeyStore());
@@ -133,6 +142,8 @@ public class SSLConfigurationFactory {
     sslConfig.setTruststorePassword(distributionConfig.getSSLTrustStorePassword());
     sslConfig.setProtocols(distributionConfig.getSSLProtocols());
     sslConfig.setRequireAuth(distributionConfig.getSSLRequireAuthentication());
+    sslConfig.setAlias(distributionConfig.getSSLDefaultAlias());
+    return sslConfig;
   }
 
   private boolean determineIfSSLEnabledForSSLComponent(final SSLEnabledComponent sslEnabledComponent)
{
@@ -296,6 +307,7 @@ public class SSLConfigurationFactory {
     registeredSSLConfig.clear();
   }
 
+  @Deprecated
   public static SSLConfig getSSLConfigForComponent(final boolean useSSL,
                                                    final boolean needClientAuth,
                                                    final String protocols,

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8754dae4/geode-core/src/test/java/com/gemstone/gemfire/distributed/LocatorDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/distributed/LocatorDUnitTest.java
b/geode-core/src/test/java/com/gemstone/gemfire/distributed/LocatorDUnitTest.java
index 2bff100..8bfce23 100755
--- a/geode-core/src/test/java/com/gemstone/gemfire/distributed/LocatorDUnitTest.java
+++ b/geode-core/src/test/java/com/gemstone/gemfire/distributed/LocatorDUnitTest.java
@@ -130,6 +130,7 @@ public class LocatorDUnitTest extends JUnit4DistributedTestCase {
       system.disconnect();
       system = null;
     }
+    SocketCreatorFactory.close();
   }
 
   ////////  Test Methods
@@ -437,7 +438,6 @@ public class LocatorDUnitTest extends JUnit4DistributedTestCase {
   @Test
   @Category(FlakyTest.class)
   public void testStartTwoLocatorsOneWithSSLAndTheOtherNonSSL() throws Exception {
-    SocketCreatorFactory.close();
     IgnoredException expectedException = IgnoredException.addIgnoredException("Unrecognized
SSL message, plaintext connection");
     disconnectAllFromDS();
     Host host = Host.getHost(0);
@@ -497,7 +497,6 @@ public class LocatorDUnitTest extends JUnit4DistributedTestCase {
   @Test
   @Category(FlakyTest.class)
   public void testStartTwoLocatorsOneWithNonSSLAndTheOtherSSL() throws Exception {
-    SocketCreatorFactory.close();
     IgnoredException expectedException = IgnoredException.addIgnoredException("Remote host
closed connection during handshake");
     disconnectAllFromDS();
     Host host = Host.getHost(0);
@@ -551,7 +550,6 @@ public class LocatorDUnitTest extends JUnit4DistributedTestCase {
   @Test
   @Category(FlakyTest.class)
   public void testStartTwoLocatorsWithDifferentSSLCertificates() throws Exception {
-    SocketCreatorFactory.close();
     IgnoredException expectedException = IgnoredException.addIgnoredException("Remote host
closed connection during handshake");
     IgnoredException expectedException2 = IgnoredException.addIgnoredException("unable to
find valid certification path to requested target");
     IgnoredException expectedException3 = IgnoredException.addIgnoredException("Received
fatal alert: certificate_unknown");

http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8754dae4/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactoryTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactoryTest.java
b/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactoryTest.java
new file mode 100644
index 0000000..067333e
--- /dev/null
+++ b/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactoryTest.java
@@ -0,0 +1,163 @@
+package com.gemstone.gemfire.internal.net;
+
+import static com.gemstone.gemfire.distributed.ConfigurationProperties.*;
+import static org.junit.Assert.*;
+
+import java.util.Properties;
+
+import org.apache.commons.lang.StringUtils;
+import org.junit.After;
+import org.junit.Test;
+
+import com.gemstone.gemfire.distributed.internal.DistributionConfig;
+import com.gemstone.gemfire.distributed.internal.DistributionConfigImpl;
+import com.gemstone.gemfire.internal.admin.SSLConfig;
+import com.gemstone.gemfire.test.dunit.internal.JUnit4DistributedTestCase;
+
+public class SSLConfigurationFactoryTest extends JUnit4DistributedTestCase {
+
+  @After
+  public void tearDownTest()
+  {
+    SSLConfigurationFactory.close();
+  }
+
+  @Test
+  public void getSSLConfigForComponentALL() throws Exception {
+    Properties properties = new Properties();
+    properties.setProperty(SSL_ENABLED_COMPONENTS, "all");
+    properties.setProperty(SSL_KEYSTORE, "someKeyStore");
+    properties.setProperty(SSL_KEYSTORE_PASSWORD, "keystorePassword");
+    properties.setProperty(SSL_KEYSTORE_TYPE, "JKS");
+    properties.setProperty(SSL_TRUSTSTORE, "someKeyStore");
+    properties.setProperty(SSL_TRUSTSTORE_PASSWORD, "keystorePassword");
+    properties.setProperty(SSL_DEFAULT_ALIAS, "defaultAlias");
+    properties.setProperty(SSL_CIPHERS, "any");
+    properties.setProperty(SSL_PROTOCOLS, "any");
+    DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
+    SSLConfigurationFactory.setDistributionConfig(distributionConfig);
+    for (SSLEnabledComponent sslEnabledComponent : SSLEnabledComponent.values()) {
+      assertSSLConfig(properties, SSLConfigurationFactory.getSSLConfigForComponent(sslEnabledComponent),
sslEnabledComponent, distributionConfig);
+    }
+  }
+
+  @Test
+  public void getSSLConfigForComponentHTTPService() throws Exception {
+    Properties properties = new Properties();
+    properties.setProperty(SSL_ENABLED_COMPONENTS, SSLEnabledComponent.HTTP_SERVICE.getConstant());
+    properties.setProperty(SSL_KEYSTORE, "someKeyStore");
+    properties.setProperty(SSL_KEYSTORE_PASSWORD, "keystorePassword");
+    properties.setProperty(SSL_KEYSTORE_TYPE, "JKS");
+    properties.setProperty(SSL_TRUSTSTORE, "someKeyStore");
+    properties.setProperty(SSL_TRUSTSTORE_PASSWORD, "keystorePassword");
+    properties.setProperty(SSL_DEFAULT_ALIAS, "defaultAlias");
+    properties.setProperty(SSL_CIPHERS, "any");
+    properties.setProperty(SSL_PROTOCOLS, "any");
+    DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
+    SSLConfigurationFactory.setDistributionConfig(distributionConfig);
+    for (SSLEnabledComponent sslEnabledComponent : SSLEnabledComponent.values()) {
+      assertSSLConfig(properties, SSLConfigurationFactory.getSSLConfigForComponent(sslEnabledComponent),
sslEnabledComponent, distributionConfig);
+    }
+  }
+
+  @Test
+  public void getSSLConfigForComponentHTTPServiceWithAlias() throws Exception {
+    Properties properties = new Properties();
+    properties.setProperty(SSL_ENABLED_COMPONENTS, SSLEnabledComponent.HTTP_SERVICE.getConstant());
+    properties.setProperty(SSL_KEYSTORE, "someKeyStore");
+    properties.setProperty(SSL_KEYSTORE_PASSWORD, "keystorePassword");
+    properties.setProperty(SSL_KEYSTORE_TYPE, "JKS");
+    properties.setProperty(SSL_TRUSTSTORE, "someKeyStore");
+    properties.setProperty(SSL_TRUSTSTORE_PASSWORD, "keystorePassword");
+    properties.setProperty(SSL_DEFAULT_ALIAS, "defaultAlias");
+    properties.setProperty(SSL_HTTP_SERVICE_ALIAS, "httpAlias");
+    properties.setProperty(SSL_CIPHERS, "any");
+    properties.setProperty(SSL_PROTOCOLS, "any");
+    DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
+    SSLConfigurationFactory.setDistributionConfig(distributionConfig);
+    for (SSLEnabledComponent sslEnabledComponent : SSLEnabledComponent.values()) {
+      assertSSLConfig(properties, SSLConfigurationFactory.getSSLConfigForComponent(sslEnabledComponent),
sslEnabledComponent, distributionConfig);
+    }
+  }
+
+  @Test
+  public void getSSLConfigForComponentHTTPServiceWithMutualAuth() throws Exception {
+    Properties properties = new Properties();
+    properties.setProperty(SSL_ENABLED_COMPONENTS, SSLEnabledComponent.HTTP_SERVICE.getConstant());
+    properties.setProperty(SSL_KEYSTORE, "someKeyStore");
+    properties.setProperty(SSL_KEYSTORE_PASSWORD, "keystorePassword");
+    properties.setProperty(SSL_KEYSTORE_TYPE, "JKS");
+    properties.setProperty(SSL_TRUSTSTORE, "someKeyStore");
+    properties.setProperty(SSL_TRUSTSTORE_PASSWORD, "keystorePassword");
+    properties.setProperty(SSL_DEFAULT_ALIAS, "defaultAlias");
+    properties.setProperty(SSL_HTTP_SERVICE_ALIAS, "httpAlias");
+    properties.setProperty(SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION, "true");
+    properties.setProperty(SSL_CIPHERS, "any");
+    properties.setProperty(SSL_PROTOCOLS, "any");
+    DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
+    SSLConfigurationFactory.setDistributionConfig(distributionConfig);
+    for (SSLEnabledComponent sslEnabledComponent : SSLEnabledComponent.values()) {
+      assertSSLConfig(properties, SSLConfigurationFactory.getSSLConfigForComponent(sslEnabledComponent),
sslEnabledComponent, distributionConfig);
+    }
+  }
+
+  private void assertSSLConfig(final Properties properties,
+                               final SSLConfig sslConfig,
+                               final SSLEnabledComponent expectedSSLEnabledComponent,
+                               final DistributionConfigImpl distributionConfig) {
+    assertEquals(isSSLComponentEnabled(expectedSSLEnabledComponent, distributionConfig.getSSLEnabledComponents()),
sslConfig.isEnabled());
+    assertEquals(properties.getProperty(SSL_KEYSTORE), sslConfig.getKeystore());
+    assertEquals(properties.getProperty(SSL_KEYSTORE_PASSWORD), sslConfig.getKeystorePassword());
+    assertEquals(properties.getProperty(SSL_KEYSTORE_TYPE), sslConfig.getKeystoreType());
+    assertEquals(properties.getProperty(SSL_TRUSTSTORE), sslConfig.getTruststore());
+    assertEquals(properties.getProperty(SSL_TRUSTSTORE_PASSWORD), sslConfig.getTruststorePassword());
+    assertEquals(properties.getProperty(SSL_CIPHERS), sslConfig.getCiphers());
+    assertEquals(properties.getProperty(SSL_PROTOCOLS), sslConfig.getProtocols());
+    assertEquals(getCorrectAlias(expectedSSLEnabledComponent, properties), sslConfig.getAlias());
+    assertEquals(requiresAuthentication(properties, expectedSSLEnabledComponent), sslConfig.isRequireAuth());
+    assertEquals(expectedSSLEnabledComponent, sslConfig.getSslEnabledComponent());
+  }
+
+  private boolean requiresAuthentication(final Properties properties, final SSLEnabledComponent
expectedSSLEnabledComponent) {
+    boolean defaultAuthentication = expectedSSLEnabledComponent.equals(SSLEnabledComponent.HTTP_SERVICE)
? DistributionConfig.DEFAULT_SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION : DistributionConfig.DEFAULT_SSL_REQUIRE_AUTHENTICATION;
+    String httpRequiresAuthentication = properties.getProperty(SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION);
+
+    return httpRequiresAuthentication == null ? defaultAuthentication : Boolean.parseBoolean(httpRequiresAuthentication);
+  }
+
+  private String getCorrectAlias(final SSLEnabledComponent expectedSSLEnabledComponent, final
Properties properties) {
+    switch (expectedSSLEnabledComponent) {
+      case ALL:
+        return properties.getProperty(SSL_DEFAULT_ALIAS);
+      case CLUSTER:
+        return getAliasForComponent(properties, SSL_CLUSTER_ALIAS);
+      case GATEWAY:
+        return getAliasForComponent(properties, SSL_GATEWAY_ALIAS);
+      case HTTP_SERVICE:
+        return getAliasForComponent(properties, SSL_HTTP_SERVICE_ALIAS);
+      case JMX:
+        return getAliasForComponent(properties, SSL_JMX_MANAGER_ALIAS);
+      case LOCATOR:
+        return getAliasForComponent(properties, SSL_LOCATOR_ALIAS);
+      case SERVER:
+        return getAliasForComponent(properties, SSL_SERVER_ALIAS);
+      default:
+        return properties.getProperty(SSL_DEFAULT_ALIAS);
+    }
+  }
+
+  private String getAliasForComponent(final Properties properties, final String componentAliasProperty)
{
+    String aliasProperty = properties.getProperty(componentAliasProperty);
+    return !StringUtils.isEmpty(aliasProperty) ? aliasProperty : properties.getProperty(SSL_DEFAULT_ALIAS);
+  }
+
+  private boolean isSSLComponentEnabled(final SSLEnabledComponent expectedSSLEnabledComponent,
final SSLEnabledComponent[] sslEnabledComponents) {
+    for (SSLEnabledComponent sslEnabledComponent : sslEnabledComponents) {
+      if (SSLEnabledComponent.ALL.equals(sslEnabledComponent) || sslEnabledComponent.equals(expectedSSLEnabledComponent))
{
+        return true;
+      }
+    }
+    return false;
+  }
+
+}
\ No newline at end of file


Mime
View raw message