geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bschucha...@apache.org
Subject [geode] branch feature/GEODE-4439 updated: GEODE-4439 Refactor HandShake.java
Date Wed, 31 Jan 2018 22:48:30 GMT
This is an automated email from the ASF dual-hosted git repository.

bschuchardt pushed a commit to branch feature/GEODE-4439
in repository https://gitbox.apache.org/repos/asf/geode.git


The following commit(s) were added to refs/heads/feature/GEODE-4439 by this push:
     new fc5a8be  GEODE-4439 Refactor HandShake.java
fc5a8be is described below

commit fc5a8be7afc68dc5b1ba65d505b6dff8185dbbbe
Author: Bruce Schuchardt <bschuchardt@pivotal.io>
AuthorDate: Wed Jan 31 14:47:42 2018 -0800

    GEODE-4439 Refactor HandShake.java
    
    fixing test failures
---
 .../client/internal/ClientSideHandshakeImpl.java   |  6 +--
 .../internal/cache/tier/sockets/AcceptorImpl.java  |  4 +-
 .../internal/cache/tier/sockets/EncryptorImpl.java | 61 +++++++++-------------
 .../internal/cache/tier/sockets/Handshake.java     | 12 +++--
 4 files changed, 36 insertions(+), 47 deletions(-)

diff --git a/geode-core/src/main/java/org/apache/geode/cache/client/internal/ClientSideHandshakeImpl.java
b/geode-core/src/main/java/org/apache/geode/cache/client/internal/ClientSideHandshakeImpl.java
index e617da1..57cd90e 100644
--- a/geode-core/src/main/java/org/apache/geode/cache/client/internal/ClientSideHandshakeImpl.java
+++ b/geode-core/src/main/java/org/apache/geode/cache/client/internal/ClientSideHandshakeImpl.java
@@ -443,11 +443,7 @@ public class ClientSideHandshakeImpl extends Handshake implements ClientSideHand
     return super.writeCredential(dos, dis, authInit, isNotification, member, heapdos);
   }
 
-  /**
-   * Handshake implements the Diffie-Hellman encryption algorithms
-   *
-   * @return
-   */
+  @Override
   public Encryptor getEncryptor() {
     return encryptor;
   }
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java
b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java
index 08d237a..5aff86c 100755
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/AcceptorImpl.java
@@ -1817,7 +1817,7 @@ public class AcceptorImpl implements Acceptor, Runnable, CommBufferPool
{
     releaseCommBuffer(Message.setTLCommBuffer(null));
   }
 
-  private class ClientQueueInitializerTask implements Runnable {
+  private static class ClientQueueInitializerTask implements Runnable {
     private final Socket socket;
     private final boolean isPrimaryServerToClient;
     private final AcceptorImpl acceptor;
@@ -1838,7 +1838,7 @@ public class AcceptorImpl implements Acceptor, Runnable, CommBufferPool
{
             acceptor.getAcceptorId(), acceptor.isNotifyBySubscription());
       } catch (IOException ex) {
         closeSocket(socket);
-        if (isRunning()) {
+        if (acceptor.isRunning()) {
           if (!acceptor.loggedAcceptError) {
             acceptor.loggedAcceptError = true;
             if (ex instanceof SocketTimeoutException) {
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/EncryptorImpl.java
b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/EncryptorImpl.java
index cea4b0b..a7aa072 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/EncryptorImpl.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/EncryptorImpl.java
@@ -74,7 +74,7 @@ import org.apache.geode.internal.logging.InternalLogWriter;
 import org.apache.geode.security.AuthenticationFailedException;
 import org.apache.geode.security.GemFireSecurityException;
 
-public class EncryptorImpl implements Encryptor{
+public class EncryptorImpl implements Encryptor {
   // Parameters for the Diffie-Hellman key exchange
   private static final BigInteger dhP =
       new BigInteger("13528702063991073999718992897071702177131142188276542919088770094024269"
@@ -93,33 +93,33 @@ public class EncryptorImpl implements Encryptor{
   private static final int dhL = 1023;
 
   private Cipher _encrypt;
-  private Cipher _decrypt = null;
+  private Cipher _decrypt;
 
-  private PublicKey clientPublicKey = null;
+  private PublicKey clientPublicKey;
 
-  private String clientSKAlgo = null;
+  private String clientSKAlgo;
 
-  private static PrivateKey dhPrivateKey = null;
+  private static PrivateKey dhPrivateKey;
 
-  private static PublicKey dhPublicKey = null;
+  private static PublicKey dhPublicKey;
 
-  private static String dhSKAlgo = null;
+  private static String dhSKAlgo;
 
   // Members for server authentication using digital signature
 
-  private static String certificateFilePath = null;
+  private static String certificateFilePath;
 
-  private static HashMap certificateMap = null;
+  private static HashMap certificateMap;
 
-  private static String privateKeyAlias = null;
+  private static String privateKeyAlias;
 
-  private static String privateKeySubject = null;
+  private static String privateKeySubject;
 
-  private static PrivateKey privateKeyEncrypt = null;
+  private static PrivateKey privateKeyEncrypt;
 
-  private static String privateKeySignAlgo = null;
+  private static String privateKeySignAlgo;
 
-  private static SecureRandom random = null;
+  private static SecureRandom random;
 
   private byte appSecureMode = (byte) 0;
 
@@ -141,7 +141,7 @@ public class EncryptorImpl implements Encryptor{
   }
 
   public static byte[] decryptBytes(byte[] data, Cipher decrypt) throws Exception {
-      return decrypt.doFinal(data);
+    return decrypt.doFinal(data);
   }
 
   protected Cipher getDecryptCipher(String dhSKAlgo, PublicKey publicKey) throws Exception
{
@@ -347,20 +347,18 @@ public class EncryptorImpl implements Encryptor{
   }
 
   boolean isEnabled() {
-    return dhSKAlgo == null || dhSKAlgo.length() == 0;
+    return dhSKAlgo != null && dhSKAlgo.length() > 0;
   }
 
   byte writeEncryptedCredential(DataOutputStream dos, DataInputStream dis, boolean isNotification,
-                                        DistributedMember member, HeapDataOutputStream heapdos)
-      throws IOException {
+      DistributedMember member, HeapDataOutputStream heapdos) throws IOException {
     byte acceptanceCode;
     try {
       logWriter.fine("HandShake: using Diffie-Hellman key exchange with algo " + dhSKAlgo);
       boolean requireAuthentication =
           (certificateFilePath != null && certificateFilePath.length() > 0);
       if (requireAuthentication) {
-        logWriter
-            .fine("HandShake: server authentication using digital " + "signature required");
+        logWriter.fine("HandShake: server authentication using digital " + "signature required");
       }
       // Credentials with encryption indicator
       heapdos.writeByte(CREDENTIALS_DHENCRYPT);
@@ -407,8 +405,7 @@ public class EncryptorImpl implements Encryptor{
             throw new AuthenticationFailedException(
                 "Mismatch in client " + "challenge bytes. Malicious server?");
           }
-          logWriter
-              .fine("HandShake: Successfully verified the " + "digital signature from server");
+          logWriter.fine("HandShake: Successfully verified the " + "digital signature from
server");
         }
 
         // Read server challenge bytes
@@ -442,17 +439,15 @@ public class EncryptorImpl implements Encryptor{
   }
 
   byte writeEncryptedCredentials(DataOutputStream dos, DataInputStream dis,
-                                 Properties p_credentials,
-                                 boolean isNotification, DistributedMember member,
-                                 HeapDataOutputStream heapdos) throws IOException {
+      Properties p_credentials, boolean isNotification, DistributedMember member,
+      HeapDataOutputStream heapdos) throws IOException {
     byte acceptanceCode;
     try {
       logWriter.fine("HandShake: using Diffie-Hellman key exchange with algo " + dhSKAlgo);
       boolean requireAuthentication =
           (certificateFilePath != null && certificateFilePath.length() > 0);
       if (requireAuthentication) {
-        logWriter
-            .fine("HandShake: server authentication using digital " + "signature required");
+        logWriter.fine("HandShake: server authentication using digital signature required");
       }
       // Credentials with encryption indicator
       heapdos.writeByte(CREDENTIALS_DHENCRYPT);
@@ -498,8 +493,7 @@ public class EncryptorImpl implements Encryptor{
             throw new AuthenticationFailedException(
                 "Mismatch in client " + "challenge bytes. Malicious server?");
           }
-          logWriter
-              .fine("HandShake: Successfully verified the " + "digital signature from server");
+          logWriter.fine("HandShake: Successfully verified the " + "digital signature from
server");
         }
 
         byte[] challenge = DataSerializer.readByteArray(dis);
@@ -535,9 +529,8 @@ public class EncryptorImpl implements Encryptor{
     return acceptanceCode;
   }
 
-  void readEncryptedCredentials(DataInputStream dis, DataOutputStream dos,
-                                DistributedSystem system, boolean requireAuthentication)
-      throws Exception {
+  void readEncryptedCredentials(DataInputStream dis, DataOutputStream dos, DistributedSystem
system,
+      boolean requireAuthentication) throws Exception {
     this.appSecureMode = CREDENTIALS_DHENCRYPT;
     boolean sendAuthentication = dis.readBoolean();
     InternalLogWriter securityLogWriter = (InternalLogWriter) system.getSecurityLogWriter();
@@ -619,9 +612,7 @@ public class EncryptorImpl implements Encryptor{
   }
 
   static Properties getDecryptedCredentials(DataInputStream dis, DataOutputStream dos,
-                                            DistributedSystem system,
-                                            boolean requireAuthentication,
-                                            Properties credentials)
+      DistributedSystem system, boolean requireAuthentication, Properties credentials)
       throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException,
       SignatureException, NoSuchPaddingException, InvalidAlgorithmParameterException,
       IllegalBlockSizeException, BadPaddingException, ClassNotFoundException {
diff --git a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/Handshake.java
b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/Handshake.java
index cf9a876..71599d7 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/Handshake.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/Handshake.java
@@ -255,7 +255,8 @@ public abstract class Handshake {
       return;
     }
 
-    byte acceptanceCode = encryptor.writeEncryptedCredentials(dos, dis, p_credentials, isNotification,
member, heapdos);
+    byte acceptanceCode = encryptor.writeEncryptedCredentials(dos, dis, p_credentials,
+        isNotification, member, heapdos);
     if (acceptanceCode != REPLY_OK && acceptanceCode != REPLY_AUTH_NOT_REQUIRED)
{
       // Ignore the useless data
       dis.readByte();
@@ -281,8 +282,8 @@ public abstract class Handshake {
   }
 
   // This assumes that authentication is the last piece of info in handshake
-  Properties readCredential(DataInputStream dis, DataOutputStream dos,
-      DistributedSystem system) throws GemFireSecurityException, IOException {
+  Properties readCredential(DataInputStream dis, DataOutputStream dos, DistributedSystem
system)
+      throws GemFireSecurityException, IOException {
 
     Properties credentials = null;
     boolean requireAuthentication = securityService.isClientSecurityRequired();
@@ -290,7 +291,7 @@ public abstract class Handshake {
       byte secureMode = dis.readByte();
       throwIfMissingRequiredCredentials(requireAuthentication, secureMode != CREDENTIALS_NONE);
       if (secureMode == CREDENTIALS_NORMAL) {
-encryptor.setAppSecureMode(CREDENTIALS_NORMAL);
+        encryptor.setAppSecureMode(CREDENTIALS_NORMAL);
       } else if (secureMode == CREDENTIALS_DHENCRYPT) {
         encryptor.readEncryptedCredentials(dis, dos, system, requireAuthentication);
       }
@@ -446,7 +447,8 @@ encryptor.setAppSecureMode(CREDENTIALS_NORMAL);
           DataSerializer.readProperties(dis); // ignore the credentials
         }
       } else if (secureMode == CREDENTIALS_DHENCRYPT) {
-        credentials = EncryptorImpl.getDecryptedCredentials(dis, dos, system, requireAuthentication,
credentials);
+        credentials = EncryptorImpl.getDecryptedCredentials(dis, dos, system, requireAuthentication,
+            credentials);
       } else if (secureMode == SECURITY_MULTIUSER_NOTIFICATIONCHANNEL) {
         // hitesh there will be no credential CCP will get credential(Principal) using
         // ServerConnection..

-- 
To stop receiving notification emails like this one, please contact
bschuchardt@apache.org.

Mime
View raw message