geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From aba...@apache.org
Subject [3/4] geode git commit: GEODE-3393: One-way SSL commit failing with userHome/.keystore not found. This now closes #682
Date Mon, 21 Aug 2017 19:35:01 GMT
GEODE-3393: One-way SSL commit failing with userHome/.keystore not found. This now closes #682

Signed-off-by: Galen O'Sullivan <gosulivan@pivotal.io>
(cherry picked from commit 684f85d2881dd1b0b68bc49b303fb45a8b17452d)


Project: http://git-wip-us.apache.org/repos/asf/geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/geode/commit/49220c3b
Tree: http://git-wip-us.apache.org/repos/asf/geode/tree/49220c3b
Diff: http://git-wip-us.apache.org/repos/asf/geode/diff/49220c3b

Branch: refs/heads/release/1.2.1
Commit: 49220c3be5326c6a58c36f0fca8fedc00ba5c7d1
Parents: aa36d3c
Author: Udo Kohlmeyer <ukohlmeyer@pivotal.io>
Authored: Thu Aug 3 14:13:06 2017 -0700
Committer: Anthony Baker <abaker@apache.org>
Committed: Mon Aug 21 12:08:57 2017 -0700

----------------------------------------------------------------------
 .../apache/geode/internal/admin/SSLConfig.java  |  5 ++-
 .../geode/internal/net/SocketCreator.java       | 38 ++++++-----------
 .../net/SSLConfigurationFactoryJUnitTest.java   |  6 ++-
 .../internal/net/SocketCreatorJUnitTest.java    | 43 ++++++++++++++++++++
 4 files changed, 62 insertions(+), 30 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/geode/blob/49220c3b/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java b/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java
index 0171933..65e4694 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java
@@ -16,6 +16,7 @@ package org.apache.geode.internal.admin;
 
 import static org.apache.geode.distributed.ConfigurationProperties.*;
 
+import java.security.KeyStore;
 import java.util.Iterator;
 import java.util.Properties;
 
@@ -33,11 +34,11 @@ public class SSLConfig {
   private String ciphers = DistributionConfig.DEFAULT_SSL_CIPHERS;
   private boolean requireAuth = DistributionConfig.DEFAULT_SSL_REQUIRE_AUTHENTICATION;
   private String keystore = DistributionConfig.DEFAULT_SSL_KEYSTORE;
-  private String keystoreType = DistributionConfig.DEFAULT_CLUSTER_SSL_KEYSTORE_TYPE;
+  private String keystoreType = KeyStore.getDefaultType();
   private String keystorePassword = DistributionConfig.DEFAULT_SSL_KEYSTORE_PASSWORD;
   private String truststore = DistributionConfig.DEFAULT_SSL_TRUSTSTORE;
   private String truststorePassword = DistributionConfig.DEFAULT_SSL_TRUSTSTORE_PASSWORD;
-  private String truststoreType = DistributionConfig.DEFAULT_CLUSTER_SSL_KEYSTORE_TYPE;
+  private String truststoreType = KeyStore.getDefaultType();
   private String alias = null;
   private SecurableCommunicationChannel securableCommunicationChannel = null;
 

http://git-wip-us.apache.org/repos/asf/geode/blob/49220c3b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
index fec81ca..5f4cfb1 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java
@@ -331,7 +331,6 @@ public class SocketCreator {
    * <p>
    * Caller must synchronize on the SocketCreator instance.
    */
-  @SuppressWarnings("hiding")
   private void initialize() {
     try {
       // set p2p values...
@@ -382,7 +381,7 @@ public class SocketCreator {
 
   /**
    * Creates & configures the SSLContext when SSL is enabled.
-   * 
+   *
    * @return new SSLContext configured using the given protocols & properties
    *
    * @throws GeneralSecurityException if security information can not be found
@@ -400,7 +399,7 @@ public class SocketCreator {
 
   /**
    * Used by CacheServerLauncher and SystemAdmin to read the properties from console
-   * 
+   *
    * @param env Map in which the properties are to be read from console.
    */
   public static void readSSLProperties(Map<String, String> env) {
@@ -411,7 +410,7 @@ public class SocketCreator {
    * Used to read the properties from console. AgentLauncher calls this method directly &
ignores
    * gemfire.properties. CacheServerLauncher and SystemAdmin call this through
    * {@link #readSSLProperties(Map)} and do NOT ignore gemfire.properties.
-   * 
+   *
    * @param env Map in which the properties are to be read from console.
    * @param ignoreGemFirePropsFile if <code>false</code> existing gemfire.properties
file is read,
    *        if <code>true</code>, properties from gemfire.properties file are
ignored.
@@ -541,6 +540,10 @@ public class SocketCreator {
       NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
     GfeConsoleReader consoleReader = GfeConsoleReaderFactory.getDefaultConsoleReader();
 
+    if (sslConfig.getKeystore() == null) {
+      return null;
+    }
+
     KeyManager[] keyManagers = null;
     String keyStoreType = sslConfig.getKeystoreType();
     if (StringUtils.isEmpty(keyStoreType)) {
@@ -615,7 +618,7 @@ public class SocketCreator {
 
     /**
      * Constructor.
-     * 
+     *
      * @param mgr The X509KeyManager used as a delegate
      * @param keyAlias The alias name of the server's keypair and supporting certificate
chain
      */
@@ -795,7 +798,7 @@ public class SocketCreator {
   /**
    * Creates or bind server socket to a random port selected from tcp-port-range which is
same as
    * membership-port-range.
-   * 
+   *
    * @param ba
    * @param backlog
    * @param isBindAddress
@@ -815,7 +818,7 @@ public class SocketCreator {
   /**
    * Creates or bind server socket to a random port selected from tcp-port-range which is
same as
    * membership-port-range.
-   * 
+   *
    * @param ba
    * @param backlog
    * @param isBindAddress
@@ -1025,14 +1028,6 @@ public class SocketCreator {
               ex);
           throw ex;
         }
-      } catch (SSLException ex) {
-        logger
-            .fatal(
-                LocalizedMessage.create(
-                    LocalizedStrings.SocketCreator_SSL_ERROR_IN_CONNECTING_TO_PEER_0_1,
-                    new Object[] {socket.getInetAddress(), Integer.valueOf(socket.getPort())}),
-                ex);
-        throw ex;
       }
     }
   }
@@ -1112,16 +1107,7 @@ public class SocketCreator {
               .create(LocalizedStrings.SocketCreator_SSL_ERROR_IN_AUTHENTICATING_PEER), ex);
           throw ex;
         }
-      } catch (SSLException ex) {
-        logger
-            .fatal(
-                LocalizedMessage.create(
-                    LocalizedStrings.SocketCreator_SSL_ERROR_IN_CONNECTING_TO_PEER_0_1,
-                    new Object[] {socket.getInetAddress(), Integer.valueOf(socket.getPort())}),
-                ex);
-        throw ex;
       }
-
     }
   }
 
@@ -1223,7 +1209,7 @@ public class SocketCreator {
 
   /**
    * This method uses JNDI to look up an address in DNS and return its name
-   * 
+   *
    * @param addr
    *
    * @return the host name associated with the address or null if lookup isn't possible or
there is
@@ -1299,7 +1285,7 @@ public class SocketCreator {
    * Fails Assertion if the conversion would result in <code>java.lang.UnknownHostException</code>.
    * <p>
    * Any leading slashes on host will be ignored.
-   * 
+   *
    * @param host string version the InetAddress
    *
    * @return the host converted to InetAddress instance

http://git-wip-us.apache.org/repos/asf/geode/blob/49220c3b/geode-core/src/test/java/org/apache/geode/internal/net/SSLConfigurationFactoryJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/internal/net/SSLConfigurationFactoryJUnitTest.java
b/geode-core/src/test/java/org/apache/geode/internal/net/SSLConfigurationFactoryJUnitTest.java
index 31c2469..1d2fe70 100644
--- a/geode-core/src/test/java/org/apache/geode/internal/net/SSLConfigurationFactoryJUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/internal/net/SSLConfigurationFactoryJUnitTest.java
@@ -49,6 +49,8 @@ import org.junit.experimental.categories.Category;
 
 import java.util.Properties;
 
+import java.security.KeyStore;
+
 @Category({UnitTest.class, MembershipTest.class})
 public class SSLConfigurationFactoryJUnitTest {
 
@@ -214,11 +216,11 @@ public class SSLConfigurationFactoryJUnitTest {
     properties.setProperty(CLUSTER_SSL_ENABLED, "true");
     properties.setProperty(MCAST_PORT, "0");
     System.setProperty(SSLConfigurationFactory.JAVAX_KEYSTORE, "keystore");
-    System.setProperty(SSLConfigurationFactory.JAVAX_KEYSTORE_TYPE, "JKS");
+    System.setProperty(SSLConfigurationFactory.JAVAX_KEYSTORE_TYPE, KeyStore.getDefaultType());
     System.setProperty(SSLConfigurationFactory.JAVAX_KEYSTORE_PASSWORD, "keystorePassword");
     System.setProperty(SSLConfigurationFactory.JAVAX_TRUSTSTORE, "truststore");
     System.setProperty(SSLConfigurationFactory.JAVAX_TRUSTSTORE_PASSWORD, "truststorePassword");
-    System.setProperty(SSLConfigurationFactory.JAVAX_TRUSTSTORE_TYPE, "JKS");
+    System.setProperty(SSLConfigurationFactory.JAVAX_TRUSTSTORE_TYPE, KeyStore.getDefaultType());
     DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
     SSLConfigurationFactory.setDistributionConfig(distributionConfig);
     SSLConfig sslConfig =

http://git-wip-us.apache.org/repos/asf/geode/blob/49220c3b/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java
b/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java
new file mode 100644
index 0000000..b258ee1
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information
regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version
2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain
a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under
the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
express
+ * or implied. See the License for the specific language governing permissions and limitations
under
+ * the License.
+ */
+package org.apache.geode.internal.net;
+
+import org.apache.geode.internal.admin.SSLConfig;
+import org.apache.geode.test.junit.categories.UnitTest;
+import org.apache.geode.util.test.TestUtil;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+@Category(UnitTest.class)
+public class SocketCreatorJUnitTest {
+
+  @Test
+  public void testCreateSocketCreatorWithKeystoreUnset() throws Exception {
+    SSLConfig testSSLConfig = new SSLConfig();
+    testSSLConfig.setEnabled(true);
+    testSSLConfig.setKeystore(null);
+    testSSLConfig.setKeystorePassword("");
+    testSSLConfig.setTruststore(getSingleKeyKeystore());
+    testSSLConfig.setTruststorePassword("password");
+    // GEODE-3393: This would fail with java.io.FileNotFoundException: $USER_HOME/.keystore
+    new SocketCreator(testSSLConfig);
+
+  }
+
+  private String getSingleKeyKeystore() {
+    return TestUtil.getResourcePath(getClass(), "/ssl/trusted.keystore");
+  }
+
+}


Mime
View raw message