Repository: geode Updated Branches: refs/heads/feature/GEODE-3393 a21003823 -> 26f37c08f (forced update)
GEODE-3393: One-way SSL commit failing with userHome/.keystore not found Signed-off-by: Galen O'Sullivan <gosuli...@pivotal.io> Project: http://git-wip-us.apache.org/repos/asf/geode/repo Commit: http://git-wip-us.apache.org/repos/asf/geode/commit/26f37c08 Tree: http://git-wip-us.apache.org/repos/asf/geode/tree/26f37c08 Diff: http://git-wip-us.apache.org/repos/asf/geode/diff/26f37c08 Branch: refs/heads/feature/GEODE-3393 Commit: 26f37c08f92513abae115487324949d7e347c280 Parents: f52ebca Author: Udo Kohlmeyer <ukohlme...@pivotal.io> Authored: Thu Aug 3 14:13:06 2017 -0700 Committer: Udo Kohlmeyer <ukohlme...@pivotal.io> Committed: Thu Aug 3 15:31:34 2017 -0700 ---------------------------------------------------------------------- .../apache/geode/internal/admin/SSLConfig.java | 5 +-- .../geode/internal/net/SocketCreator.java | 38 +++++++------------- .../internal/net/SocketCreatorJUnitTest.java | 29 +++++++++++++++ 3 files changed, 44 insertions(+), 28 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/geode/blob/26f37c08/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java b/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java index 0171933..65e4694 100755 --- a/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java +++ b/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java @@ -16,6 +16,7 @@ package org.apache.geode.internal.admin; import static org.apache.geode.distributed.ConfigurationProperties.*; +import java.security.KeyStore; import java.util.Iterator; import java.util.Properties; @@ -33,11 +34,11 @@ public class SSLConfig { private String ciphers = DistributionConfig.DEFAULT_SSL_CIPHERS; private boolean requireAuth = DistributionConfig.DEFAULT_SSL_REQUIRE_AUTHENTICATION; private String keystore = DistributionConfig.DEFAULT_SSL_KEYSTORE; - private String keystoreType = DistributionConfig.DEFAULT_CLUSTER_SSL_KEYSTORE_TYPE; + private String keystoreType = KeyStore.getDefaultType(); private String keystorePassword = DistributionConfig.DEFAULT_SSL_KEYSTORE_PASSWORD; private String truststore = DistributionConfig.DEFAULT_SSL_TRUSTSTORE; private String truststorePassword = DistributionConfig.DEFAULT_SSL_TRUSTSTORE_PASSWORD; - private String truststoreType = DistributionConfig.DEFAULT_CLUSTER_SSL_KEYSTORE_TYPE; + private String truststoreType = KeyStore.getDefaultType(); private String alias = null; private SecurableCommunicationChannel securableCommunicationChannel = null; http://git-wip-us.apache.org/repos/asf/geode/blob/26f37c08/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java index dbe18a9..47fd766 100755 --- a/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java +++ b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java @@ -333,7 +333,6 @@ public class SocketCreator { * <p> * Caller must synchronize on the SocketCreator instance. */ - @SuppressWarnings("hiding") private void initialize() { try { // set p2p values... @@ -384,7 +383,7 @@ public class SocketCreator { /** * Creates & configures the SSLContext when SSL is enabled. - * + * * @return new SSLContext configured using the given protocols & properties * * @throws GeneralSecurityException if security information can not be found @@ -402,7 +401,7 @@ public class SocketCreator { /** * Used by CacheServerLauncher and SystemAdmin to read the properties from console - * + * * @param env Map in which the properties are to be read from console. */ public static void readSSLProperties(Map<String, String> env) { @@ -413,7 +412,7 @@ public class SocketCreator { * Used to read the properties from console. AgentLauncher calls this method directly & ignores * gemfire.properties. CacheServerLauncher and SystemAdmin call this through * {@link #readSSLProperties(Map)} and do NOT ignore gemfire.properties. - * + * * @param env Map in which the properties are to be read from console. * @param ignoreGemFirePropsFile if <code>false</code> existing gemfire.properties file is read, * if <code>true</code>, properties from gemfire.properties file are ignored. @@ -537,6 +536,10 @@ public class SocketCreator { NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException { GfeConsoleReader consoleReader = GfeConsoleReaderFactory.getDefaultConsoleReader(); + if (sslConfig.getKeystore() == null) { + return null; + } + KeyManager[] keyManagers = null; String keyStoreType = sslConfig.getKeystoreType(); if (StringUtils.isEmpty(keyStoreType)) { @@ -611,7 +614,7 @@ public class SocketCreator { /** * Constructor. - * + * * @param mgr The X509KeyManager used as a delegate * @param keyAlias The alias name of the server's keypair and supporting certificate chain */ @@ -791,7 +794,7 @@ public class SocketCreator { /** * Creates or bind server socket to a random port selected from tcp-port-range which is same as * membership-port-range. - * + * * @param ba * @param backlog * @param isBindAddress @@ -811,7 +814,7 @@ public class SocketCreator { /** * Creates or bind server socket to a random port selected from tcp-port-range which is same as * membership-port-range. - * + * * @param ba * @param backlog * @param isBindAddress @@ -1021,14 +1024,6 @@ public class SocketCreator { ex); throw ex; } - } catch (SSLException ex) { - logger - .fatal( - LocalizedMessage.create( - LocalizedStrings.SocketCreator_SSL_ERROR_IN_CONNECTING_TO_PEER_0_1, - new Object[] {socket.getInetAddress(), Integer.valueOf(socket.getPort())}), - ex); - throw ex; } } } @@ -1108,16 +1103,7 @@ public class SocketCreator { .create(LocalizedStrings.SocketCreator_SSL_ERROR_IN_AUTHENTICATING_PEER), ex); throw ex; } - } catch (SSLException ex) { - logger - .fatal( - LocalizedMessage.create( - LocalizedStrings.SocketCreator_SSL_ERROR_IN_CONNECTING_TO_PEER_0_1, - new Object[] {socket.getInetAddress(), Integer.valueOf(socket.getPort())}), - ex); - throw ex; } - } } @@ -1219,7 +1205,7 @@ public class SocketCreator { /** * This method uses JNDI to look up an address in DNS and return its name - * + * * @param addr * * @return the host name associated with the address or null if lookup isn't possible or there is @@ -1295,7 +1281,7 @@ public class SocketCreator { * Fails Assertion if the conversion would result in <code>java.lang.UnknownHostException</code>. * <p> * Any leading slashes on host will be ignored. - * + * * @param host string version the InetAddress * * @return the host converted to InetAddress instance http://git-wip-us.apache.org/repos/asf/geode/blob/26f37c08/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java b/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java new file mode 100644 index 0000000..482b5f9 --- /dev/null +++ b/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java @@ -0,0 +1,29 @@ +package org.apache.geode.internal.net; + +import org.apache.geode.internal.admin.SSLConfig; +import org.apache.geode.test.junit.categories.UnitTest; +import org.apache.geode.util.test.TestUtil; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +@Category(UnitTest.class) +public class SocketCreatorJUnitTest { + + @Test + public void testCreateSocketCreatorWithKeystoreUnset() throws Exception { + SSLConfig testSSLConfig = new SSLConfig(); + testSSLConfig.setEnabled(true); + testSSLConfig.setKeystore(null); + testSSLConfig.setKeystorePassword(""); + testSSLConfig.setTruststore(getSingleKeyKeystore()); + testSSLConfig.setTruststorePassword("password"); + //GEODE-3393: This would fail with java.io.FileNotFoundException: $USER_HOME/.keystore + new SocketCreator(testSSLConfig); + + } + + private String getSingleKeyKeystore() { + return TestUtil.getResourcePath(getClass(), "/ssl/trusted.keystore"); + } + +} \ No newline at end of file