Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id C0166200B7E for ; Tue, 6 Sep 2016 23:28:26 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id BF0B2160ACB; Tue, 6 Sep 2016 21:28:26 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 68104160AA9 for ; Tue, 6 Sep 2016 23:28:25 +0200 (CEST) Received: (qmail 67275 invoked by uid 500); 6 Sep 2016 21:28:24 -0000 Mailing-List: contact commits-help@geode.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@geode.incubator.apache.org Delivered-To: mailing list commits@geode.incubator.apache.org Received: (qmail 67266 invoked by uid 99); 6 Sep 2016 21:28:24 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 06 Sep 2016 21:28:24 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 337761A7B85 for ; Tue, 6 Sep 2016 21:28:24 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -4.646 X-Spam-Level: X-Spam-Status: No, score=-4.646 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.426] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id oSc-JeoYiYc0 for ; Tue, 6 Sep 2016 21:28:19 +0000 (UTC) Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with SMTP id 28CA75F369 for ; Tue, 6 Sep 2016 21:28:18 +0000 (UTC) Received: (qmail 66451 invoked by uid 99); 6 Sep 2016 21:28:17 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 06 Sep 2016 21:28:17 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 340B4E02D4; Tue, 6 Sep 2016 21:28:17 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: udo@apache.org To: commits@geode.incubator.apache.org Date: Tue, 06 Sep 2016 21:28:17 -0000 Message-Id: <484acf10e7b04799ab8936fa8498a8cc@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [1/3] incubator-geode git commit: GEODE-1792: ssl-ciphers and ssl-protocols are comma delimited. Changed JMX_MANAGER_SSL_ALIAS -> JMX_SSL_ALIAS archived-at: Tue, 06 Sep 2016 21:28:26 -0000 Repository: incubator-geode Updated Branches: refs/heads/feature/GEODE-420 6853f56dd -> 9626269f3 GEODE-1792: ssl-ciphers and ssl-protocols are comma delimited. Changed JMX_MANAGER_SSL_ALIAS -> JMX_SSL_ALIAS Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/156d2d15 Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/156d2d15 Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/156d2d15 Branch: refs/heads/feature/GEODE-420 Commit: 156d2d151c714ece94604f1ac0f0563af096fd8c Parents: c6f5997 Author: Udo Kohlmeyer Authored: Tue Sep 6 15:50:18 2016 +1000 Committer: Udo Kohlmeyer Committed: Tue Sep 6 15:50:18 2016 +1000 ---------------------------------------------------------------------- .../distributed/ConfigurationProperties.java | 6 +- .../internal/AbstractDistributionConfig.java | 2 +- .../internal/DistributionConfig.java | 16 +- .../internal/DistributionConfigImpl.java | 18 ++- .../internal/net/SSLConfigurationFactory.java | 2 +- .../gemfire/internal/net/SocketCreator.java | 3 +- .../gemfire/management/GemFireProperties.java | 161 ++++++++++++++++++- .../internal/beans/BeanUtilFuncs.java | 17 ++ .../gemfire/distributed/LocatorDUnitTest.java | 5 +- .../net/SSLConfigurationFactoryTest.java | 2 +- .../net/SocketCreatorFactoryJUnitTest.java | 4 +- .../gemfire/management/JMXMBeanDUnitTest.java | 6 +- 12 files changed, 206 insertions(+), 36 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/156d2d15/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java index df85aca..6db4142 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java @@ -849,7 +849,7 @@ public interface ConfigurationProperties { * Default: ""

* Since: Geode 1.0 */ - String SSL_JMX_MANAGER_ALIAS = "ssl-jmx-alias"; + String SSL_JMX_ALIAS = "ssl-jmx-alias"; /** * The static String definition of the "jmx-manager-ssl-ciphers" property *

@@ -871,7 +871,7 @@ public interface ConfigurationProperties { * Ignored if jmx-manager is false. *

* Default: "false" - * @deprecated Since Geode 1.0 use {@link #SSL_ENABLED_COMPONENTS} with optional {@link #SSL_JMX_MANAGER_ALIAS} + * @deprecated Since Geode 1.0 use {@link #SSL_ENABLED_COMPONENTS} with optional {@link #SSL_JMX_ALIAS} */ @Deprecated String JMX_MANAGER_SSL_ENABLED = "jmx-manager-ssl-enabled"; @@ -1813,7 +1813,7 @@ public interface ConfigurationProperties { * * DescriptionThis property will be set when using multi-key keystores. This will define the alias that * the ssl connection factory would use when no alias has been set for the different component aliases. - * {@link #SSL_CLUSTER_ALIAS}, {@link #SSL_SERVER_ALIAS},{@link #SSL_LOCATOR_ALIAS},{@link #SSL_GATEWAY_ALIAS},{@link #SSL_JMX_MANAGER_ALIAS} , {@link #SSL_HTTP_SERVICE_ALIAS} + * {@link #SSL_CLUSTER_ALIAS}, {@link #SSL_SERVER_ALIAS},{@link #SSL_LOCATOR_ALIAS},{@link #SSL_GATEWAY_ALIAS},{@link #SSL_JMX_ALIAS} , {@link #SSL_HTTP_SERVICE_ALIAS} *

* Default: ""

* Since: Geode 1.0 http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/156d2d15/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/AbstractDistributionConfig.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/AbstractDistributionConfig.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/AbstractDistributionConfig.java index f92511e..ce77c5e 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/AbstractDistributionConfig.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/AbstractDistributionConfig.java @@ -885,7 +885,7 @@ public abstract class AbstractDistributionConfig extends AbstractConfig implemen m.put(JMX_MANAGER, "If true then this member is willing to be a jmx manager. Defaults to false except on a locator."); m.put(JMX_MANAGER_START, "If true then the jmx manager will be started when the cache is created. Defaults to false."); m.put(JMX_MANAGER_SSL_ENABLED, "If true then the jmx manager will only allow SSL clients to connect. Defaults to false. This property is ignored if jmx-manager-port is \"0\"."); - m.put(SSL_JMX_MANAGER_ALIAS, LocalizedStrings.AbstractDistributionConfig_JMX_MANAGER_SSL_ALIAS_0.toLocalizedString(Boolean.valueOf(DEFAULT_SSL_ALIAS))); + m.put(SSL_JMX_ALIAS, LocalizedStrings.AbstractDistributionConfig_JMX_MANAGER_SSL_ALIAS_0.toLocalizedString(Boolean.valueOf(DEFAULT_SSL_ALIAS))); m.put(JMX_MANAGER_SSL_CIPHERS, "List of available SSL cipher suites that are to be enabled for JMX Manager. Defaults to \"" + DEFAULT_JMX_MANAGER_SSL_CIPHERS + "\" meaning your provider''s defaults."); m.put(JMX_MANAGER_SSL_PROTOCOLS, "List of available SSL protocols that are to be enabled for JMX Manager. Defaults to \"" + DEFAULT_JMX_MANAGER_SSL_PROTOCOLS + "\" meaning defaults of your provider."); m.put(JMX_MANAGER_SSL_REQUIRE_AUTHENTICATION, "If set to false, ciphers and protocols that permit anonymous JMX Clients are allowed. Defaults to \"" + DEFAULT_JMX_MANAGER_SSL_REQUIRE_AUTHENTICATION + "\"."); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/156d2d15/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java index 4ad95c6..628231b 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java @@ -4316,27 +4316,27 @@ public interface DistributionConfig extends Config, LogConfig { String HTTP_SERVICE_SSL_ALIAS_NAME = SSL_HTTP_SERVICE_ALIAS; /** - * Returns the value of the {@link ConfigurationProperties#SSL_JMX_MANAGER_ALIAS} + * Returns the value of the {@link ConfigurationProperties#SSL_JMX_ALIAS} * property. * @since Geode 1.0 */ - @ConfigAttributeGetter(name = SSL_JMX_MANAGER_ALIAS) - String getJMXManagerSSLAlias(); + @ConfigAttributeGetter(name = SSL_JMX_ALIAS) + String getJMXSSLAlias(); /** - * Sets the value of the {@link ConfigurationProperties#SSL_JMX_MANAGER_ALIAS} + * Sets the value of the {@link ConfigurationProperties#SSL_JMX_ALIAS} * property. * @since Geode 1.0 */ - @ConfigAttributeSetter(name = SSL_JMX_MANAGER_ALIAS) - void setJMXManagerSSLAlias(String alias); + @ConfigAttributeSetter(name = SSL_JMX_ALIAS) + void setJMXSSLAlias(String alias); /** - * The name of the {@link ConfigurationProperties#SSL_JMX_MANAGER_ALIAS} property + * The name of the {@link ConfigurationProperties#SSL_JMX_ALIAS} property * @since Geode 1.0 */ @ConfigAttribute(type = String.class) - String JMX_MANAGER_SSL_ALIAS_NAME = SSL_JMX_MANAGER_ALIAS; + String JMX_SSL_ALIAS_NAME = SSL_JMX_ALIAS; /** * Returns the value of the {@link ConfigurationProperties#SSL_SERVER_ALIAS} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/156d2d15/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java index 1ac92d0..bcc0413 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java @@ -26,13 +26,11 @@ import java.lang.reflect.Method; import java.net.InetAddress; import java.net.URL; import java.net.UnknownHostException; -import java.util.Arrays; import java.util.Collections; import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; import java.util.Map; -import java.util.Objects; import java.util.Properties; import java.util.Set; @@ -770,7 +768,7 @@ public class DistributionConfigImpl extends AbstractDistributionConfig implement this.clusterSSLAlias = other.getClusterSSLAlias(); this.gatewaySSLAlias = other.getGatewaySSLAlias(); this.httpServiceSSLAlias = other.getHTTPServiceSSLAlias(); - this.jmxManagerSSLAlias = other.getJMXManagerSSLAlias(); + this.jmxManagerSSLAlias = other.getJMXSSLAlias(); this.serverSSLAlias = other.getServerSSLAlias(); this.locatorSSLAlias = other.getLocatorSSLAlias(); @@ -993,7 +991,7 @@ public class DistributionConfigImpl extends AbstractDistributionConfig implement return StringUtils.isEmpty(getHTTPServiceSSLAlias()) ? true : (getSSLEnabledComponents().length > 1 ? !StringUtils.isEmpty(getSSLDefaultAlias()) : true); } case JMX: { - return StringUtils.isEmpty(getJMXManagerSSLAlias()) ? true : (getSSLEnabledComponents().length > 1 ? !StringUtils.isEmpty(getSSLDefaultAlias()) : true); + return StringUtils.isEmpty(getJMXSSLAlias()) ? true : (getSSLEnabledComponents().length > 1 ? !StringUtils.isEmpty(getSSLDefaultAlias()) : true); } case LOCATOR: { return StringUtils.isEmpty(getLocatorSSLAlias()) ? true : (getSSLEnabledComponents().length > 1 ? !StringUtils.isEmpty(getSSLDefaultAlias()) : true); @@ -1470,6 +1468,10 @@ public class DistributionConfigImpl extends AbstractDistributionConfig implement continue; } Object propVal = me.getValue(); + if(propName.equals(SSL_CIPHERS) || propName.equals(SSL_PROTOCOLS)) + { + propVal = convertCommaDelimitedToSpaceDelimitedString((String)propVal); + } if (propVal != null && (propVal instanceof String)) { // weed out extraneous non-string properties this.setAttribute(propName, ((String) propVal).trim(), this.sourceMap.get(propName)); } @@ -1490,6 +1492,10 @@ public class DistributionConfigImpl extends AbstractDistributionConfig implement this.modifiable = false; } + private String convertCommaDelimitedToSpaceDelimitedString(final String propVal) { + return propVal.replace(","," "); + } + public void close() { // Clear the extra stuff from System properties Properties props = System.getProperties(); @@ -2559,12 +2565,12 @@ public class DistributionConfigImpl extends AbstractDistributionConfig implement } @Override - public String getJMXManagerSSLAlias() { + public String getJMXSSLAlias() { return jmxManagerSSLAlias; } @Override - public void setJMXManagerSSLAlias(final String alias) { + public void setJMXSSLAlias(final String alias) { jmxManagerSSLAlias = alias; } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/156d2d15/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java index df4f49c..1339f5a 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java @@ -128,7 +128,7 @@ public class SSLConfigurationFactory { } case JMX: { if (sslEnabledComponents.length > 0) { - sslConfig = setAliasForComponent(sslConfig, getDistributionConfig().getJMXManagerSSLAlias()); + sslConfig = setAliasForComponent(sslConfig, getDistributionConfig().getJMXSSLAlias()); } else { sslConfig = configureLegacyJMXSSL(sslConfig); } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/156d2d15/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SocketCreator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SocketCreator.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SocketCreator.java index 0a2bfa3..6ddd0a2 100755 --- a/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SocketCreator.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SocketCreator.java @@ -1019,11 +1019,12 @@ public class SocketCreator { } serverSocket.setEnableSessionCreation(true); - // restrict cyphers + // restrict protocols String[] protocols = this.sslConfig.getProtocolsAsStringArray(); if (!"any".equalsIgnoreCase(protocols[0])) { serverSocket.setEnabledProtocols(protocols); } + // restrict ciphers String[] ciphers = this.sslConfig.getCiphersAsStringArray(); if (!"any".equalsIgnoreCase(ciphers[0])) { serverSocket.setEnabledCipherSuites(ciphers); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/156d2d15/geode-core/src/main/java/com/gemstone/gemfire/management/GemFireProperties.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/GemFireProperties.java b/geode-core/src/main/java/com/gemstone/gemfire/management/GemFireProperties.java index 410d658..61f4072 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/management/GemFireProperties.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/management/GemFireProperties.java @@ -17,6 +17,7 @@ package com.gemstone.gemfire.management; +import com.gemstone.gemfire.internal.security.SecurableComponent; /** * Composite Data type to be used by member to depict gemfire properties in key value manner @@ -478,7 +479,7 @@ public class GemFireProperties { */ @Deprecated private String jmxManagerSSLTrustStorePassword; - private String jmxManagerSSLAlias; + private String jmxSSLAlias; private boolean clusterSSLEnabled; private String clusterSSLProtocols; @@ -636,6 +637,20 @@ public class GemFireProperties { * Specifies whether the default transaction mode should be distributed. */ private boolean distributedTransactions; + + private String locatorSSLAlias; + + private SecurableComponent[] sslEnabledComponents; + private String sslProtocols; + private String sslCiphers; + private boolean sslRequireAuthentication; + private String sslKeyStore; + private String sslKeyStoreType; + private String sslKeyStorePassword; + private String sslTrustStore; + private String sslTrustStorePassword; + private boolean sslHttpServiceRequireAuthentication; + private String sslDefaultAlias; /** @@ -1018,22 +1033,22 @@ public class GemFireProperties { } -// public void setSslEnabled(boolean sslEnabled) { +// public void setSSLEnabled(boolean sslEnabled) { // this.sslEnabled = sslEnabled; // // } // -// public void setSslCiphers(String sslCiphers) { +// public void setSSLCiphers(String sslCiphers) { // this.sslCiphers = sslCiphers; // // } // -// public void setSslProtocols(String sslProtocols) { +// public void setSSLProtocols(String sslProtocols) { // this.sslProtocols = sslProtocols; // // } // -// public void setSslRequireAuthentication(boolean sslRequireAuthentication) { +// public void setSSLRequireAuthentication(boolean sslRequireAuthentication) { // this.sslRequireAuthentication = sslRequireAuthentication; // // } @@ -1721,4 +1736,140 @@ public class GemFireProperties { public boolean getDistributedTransactions() { return this.distributedTransactions; } + + public String getJmxSSLAlias() { + return jmxSSLAlias; + } + + public void setJmxSSLAlias(final String jmxSSLAlias) { + this.jmxSSLAlias = jmxSSLAlias; + } + + public String getClusterSSLAlias() { + return clusterSSLAlias; + } + + public void setClusterSSLAlias(final String clusterSSLAlias) { + this.clusterSSLAlias = clusterSSLAlias; + } + + public String getServerSSLAlias() { + return serverSSLAlias; + } + + public void setServerSSLAlias(final String serverSSLAlias) { + this.serverSSLAlias = serverSSLAlias; + } + + public String getGatewaySSLAlias() { + return gatewaySSLAlias; + } + + public void setGatewaySSLAlias(final String gatewaySSLAlias) { + this.gatewaySSLAlias = gatewaySSLAlias; + } + + public String getHttpServiceSSLAlias() { + return httpServiceSSLAlias; + } + + public void setHttpServiceSSLAlias(final String httpServiceSSLAlias) { + this.httpServiceSSLAlias = httpServiceSSLAlias; + } + + public String getLocatorSSLAlias() { + return locatorSSLAlias; + } + + public void setLocatorSSLAlias(final String locatorSSLAlias) { + this.locatorSSLAlias = locatorSSLAlias; + } + + public SecurableComponent[] getSSLEnabledComponents() { + return sslEnabledComponents; + } + + public void setSSLEnabledComponents(final SecurableComponent[] sslEnabledComponents) { + this.sslEnabledComponents = sslEnabledComponents; + } + + public String getSSLProtocols() { + return sslProtocols; + } + + public void setSSLProtocols(final String sslProtocols) { + this.sslProtocols = sslProtocols; + } + + public String getSSLCiphers() { + return sslCiphers; + } + + public void setSSLCiphers(final String sslCiphers) { + this.sslCiphers = sslCiphers; + } + + public boolean isSSLRequireAuthentication() { + return sslRequireAuthentication; + } + + public void setSSLRequireAuthentication(final boolean sslRequireAuthentication) { + this.sslRequireAuthentication = sslRequireAuthentication; + } + + public String getSSLKeyStore() { + return sslKeyStore; + } + + public void setSSLKeyStore(final String sslKeyStore) { + this.sslKeyStore = sslKeyStore; + } + + public String getSSLKeyStoreType() { + return sslKeyStoreType; + } + + public void setSSLKeyStoreType(final String sslKeyStoreType) { + this.sslKeyStoreType = sslKeyStoreType; + } + + public String getSSLKeyStorePassword() { + return sslKeyStorePassword; + } + + public void setSSLKeyStorePassword(final String sslKeyStorePassword) { + this.sslKeyStorePassword = sslKeyStorePassword; + } + + public String getSSLTrustStore() { + return sslTrustStore; + } + + public void setSSLTrustStore(final String sslTrustStore) { + this.sslTrustStore = sslTrustStore; + } + + public String getSSLTrustStorePassword() { + return sslTrustStorePassword; + } + + public void setSSLTrustStorePassword(final String sslTrustStorePassword) { + this.sslTrustStorePassword = sslTrustStorePassword; + } + + public boolean isSSLHttpServiceRequireAuthentication() { + return sslHttpServiceRequireAuthentication; + } + + public void setSSLHttpServiceRequireAuthentication(final boolean sslHttpServiceRequireAuthentication) { + this.sslHttpServiceRequireAuthentication = sslHttpServiceRequireAuthentication; + } + + public String getSSLDefaultAlias() { + return sslDefaultAlias; + } + + public void setSSLDefaultAlias(final String sslDefaultAlias) { + this.sslDefaultAlias = sslDefaultAlias; + } } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/156d2d15/geode-core/src/main/java/com/gemstone/gemfire/management/internal/beans/BeanUtilFuncs.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/beans/BeanUtilFuncs.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/beans/BeanUtilFuncs.java index 9d62fbf..8e05d74 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/beans/BeanUtilFuncs.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/beans/BeanUtilFuncs.java @@ -333,6 +333,23 @@ public class BeanUtilFuncs { gemFirePropertyData.setHttpServiceBindAddress(config.getHttpServiceBindAddress()); gemFirePropertyData.setStartDevRestApi(config.getStartDevRestApi()); + gemFirePropertyData.setSSLCiphers(config.getSSLCiphers()); + gemFirePropertyData.setSSLEnabledComponents(config.getSSLEnabledComponents()); + gemFirePropertyData.setSSLHttpServiceRequireAuthentication(config.getSSLHTTPRequireAuthentication()); + gemFirePropertyData.setSSLKeyStore(config.getSSLKeyStore()); + gemFirePropertyData.setSSLKeyStoreType(config.getSSLKeyStoreType()); + gemFirePropertyData.setSSLKeyStorePassword(config.getSSLKeyStorePassword()); + gemFirePropertyData.setSSLTrustStore(config.getSSLTrustStore()); + gemFirePropertyData.setSSLTrustStorePassword(config.getSSLTrustStorePassword()); + + gemFirePropertyData.setClusterSSLAlias(config.getClusterSSLAlias()); + gemFirePropertyData.setServerSSLAlias(config.getServerSSLAlias()); + gemFirePropertyData.setJmxSSLAlias(config.getJMXSSLAlias()); + gemFirePropertyData.setGatewaySSLAlias(config.getGatewaySSLAlias()); + gemFirePropertyData.setLocatorSSLAlias(config.getLocatorSSLAlias()); + gemFirePropertyData.setHttpServiceSSLAlias(config.getHTTPServiceSSLAlias()); + gemFirePropertyData.setSSLDefaultAlias(config.getSSLDefaultAlias()); + return gemFirePropertyData; } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/156d2d15/geode-core/src/test/java/com/gemstone/gemfire/distributed/LocatorDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/distributed/LocatorDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/distributed/LocatorDUnitTest.java index fc0e93b..a373e82 100755 --- a/geode-core/src/test/java/com/gemstone/gemfire/distributed/LocatorDUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/distributed/LocatorDUnitTest.java @@ -55,7 +55,6 @@ import com.gemstone.gemfire.internal.AvailablePortHelper; import com.gemstone.gemfire.internal.cache.GemFireCacheImpl; import com.gemstone.gemfire.internal.logging.InternalLogWriter; import com.gemstone.gemfire.internal.logging.LocalLogWriter; -import com.gemstone.gemfire.internal.net.SocketCreatorFactory; import com.gemstone.gemfire.internal.security.SecurableComponent; import com.gemstone.gemfire.internal.tcp.Connection; import com.gemstone.gemfire.test.dunit.DistributedTestUtils; @@ -365,8 +364,8 @@ public class LocatorDUnitTest extends JUnit4DistributedTestCase { properties.put(MEMBER_TIMEOUT, "2000"); properties.put(LOG_LEVEL, LogWriterUtils.getDUnitLogLevel()); properties.put(ENABLE_CLUSTER_CONFIGURATION, "false"); - properties.put(SSL_CIPHERS, "any"); - properties.put(SSL_PROTOCOLS, "any"); + properties.put(SSL_CIPHERS, "TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"); + properties.put(SSL_PROTOCOLS, "TLSv1,TLSv1.1,TLSv1.2"); properties.put(SSL_KEYSTORE, getSingleKeyKeystore()); properties.put(SSL_KEYSTORE_PASSWORD, "password"); properties.put(SSL_KEYSTORE_TYPE, "JKS"); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/156d2d15/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactoryTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactoryTest.java b/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactoryTest.java index d890457..3cbe55e 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactoryTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactoryTest.java @@ -155,7 +155,7 @@ public class SSLConfigurationFactoryTest extends JUnit4DistributedTestCase { case HTTP_SERVICE: return getAliasForComponent(properties, SSL_HTTP_SERVICE_ALIAS); case JMX: - return getAliasForComponent(properties, SSL_JMX_MANAGER_ALIAS); + return getAliasForComponent(properties, SSL_JMX_ALIAS); case LOCATOR: return getAliasForComponent(properties, SSL_LOCATOR_ALIAS); case SERVER: http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/156d2d15/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SocketCreatorFactoryJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SocketCreatorFactoryJUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SocketCreatorFactoryJUnitTest.java index c55c661..06de622 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SocketCreatorFactoryJUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SocketCreatorFactoryJUnitTest.java @@ -216,8 +216,8 @@ public class SocketCreatorFactoryJUnitTest extends JSSESocketJUnitTest { properties.setProperty(MCAST_PORT, "0"); properties.setProperty(SSL_REQUIRE_AUTHENTICATION, "true"); - properties.setProperty(SSL_CIPHERS, "any"); - properties.setProperty(SSL_PROTOCOLS, "TLSv1.2"); + properties.setProperty(SSL_CIPHERS, "MD2withRSA,MD5withRSA,SHA1withRSA,SHA256withRSA,SHA384withRSA,SHA512withRS"); + properties.setProperty(SSL_PROTOCOLS, "TLSv1,TLSv1.1,TLSv1.2"); properties.setProperty(SSL_KEYSTORE, jks.getCanonicalPath()); properties.setProperty(SSL_KEYSTORE_PASSWORD, "password"); properties.setProperty(SSL_KEYSTORE_TYPE, "JKS"); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/156d2d15/geode-core/src/test/java/com/gemstone/gemfire/management/JMXMBeanDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/JMXMBeanDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/JMXMBeanDUnitTest.java index f08c172..3c1f944 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/management/JMXMBeanDUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/JMXMBeanDUnitTest.java @@ -22,9 +22,6 @@ import static org.junit.Assert.*; import java.io.File; import java.io.IOException; -import java.io.Serializable; -import java.net.Socket; -import java.rmi.server.RMIClientSocketFactory; import java.util.HashMap; import java.util.Map; import java.util.Properties; @@ -43,7 +40,6 @@ import org.junit.experimental.categories.Category; import com.gemstone.gemfire.distributed.LocatorLauncher; import com.gemstone.gemfire.internal.AvailablePortHelper; -import com.gemstone.gemfire.internal.net.SocketCreator; import com.gemstone.gemfire.internal.security.SecurableComponent; import com.gemstone.gemfire.test.dunit.DistributedTestCase; import com.gemstone.gemfire.test.dunit.DistributedTestUtils; @@ -246,7 +242,7 @@ public class JMXMBeanDUnitTest extends DistributedTestCase { if (useMultiKey) { properties.setProperty(SSL_KEYSTORE, getMultiKeyKeystore()); properties.setProperty(SSL_TRUSTSTORE, getMultiKeyTruststore()); - properties.setProperty(SSL_JMX_MANAGER_ALIAS, "jmxkey"); + properties.setProperty(SSL_JMX_ALIAS, "jmxkey"); } } }