This is an automated email from the ASF dual-hosted git repository. burcham pushed a commit to branch feature/GEODE-8419-backport-1-13 in repository https://gitbox.apache.org/repos/asf/geode.git
commit ec649411c14b05c38aaf2edb8299a7daf7ed027b Author: Bruce Schuchardt <bschucha...@pivotal.io> AuthorDate: Wed Aug 19 15:27:07 2020 -0700 GEODE-8419: SSL/TLS protocol and cipher suite configuration is ignored (#5465) * GEODE-8419: SSL/TLS protocol and cipher suite configuration is ignored Configure cipher suites when creating an SSLEngine (cherry picked from commit 537721ff815cf40eff85fde65db9b5e787471c89) --- .../apache/geode/internal/SSLConfigJUnitTest.java | 2 +- ...LSocketHostNameVerificationIntegrationTest.java | 4 +- .../internal/net/SSLSocketIntegrationTest.java | 4 +- .../internal/net/SocketCreatorFailHandshake.java | 2 - .../admin/internal/AdminDistributedSystemImpl.java | 2 +- .../apache/geode/distributed/LocatorLauncher.java | 2 +- .../admin/remote/DistributionLocatorId.java | 2 +- .../admin/remote/RemoteTransportConfig.java | 2 +- .../geode/internal/net/SCClusterSocketCreator.java | 1 - .../geode/internal/{admin => net}/SSLConfig.java | 3 +- .../internal/net/SSLConfigurationFactory.java | 1 - .../org/apache/geode/internal/net/SSLUtil.java | 66 +++++++++------ .../apache/geode/internal/net/SocketCreator.java | 96 +++++++++++++++------- .../geode/internal/net/SocketCreatorFactory.java | 1 - .../org/apache/geode/internal/tcp/Connection.java | 2 +- .../ContextAwareSSLRMIClientSocketFactory.java | 2 +- .../management/internal/JmxManagerAdvisee.java | 2 +- .../internal/JmxManagerLocatorRequest.java | 2 +- .../geode/management/internal/ManagementAgent.java | 2 +- .../internal/api/GeodeConnectionConfig.java | 2 +- ...ClusterManagementServiceInfoRequestHandler.java | 2 +- .../functions/GetMemberInformationFunction.java | 2 +- .../net/SSLConfigurationFactoryJUnitTest.java | 1 - .../org/apache/geode/internal/net/SSLUtilTest.java | 84 +++++++++++++++++++ .../geode/internal/net/SocketCreatorJUnitTest.java | 55 ++++++++++++- .../apache/geode/internal/tcp/TCPConduitTest.java | 2 +- .../internal/cli/commands/ConnectCommand.java | 2 +- .../internal/cli/shell/JmxOperationInvoker.java | 2 +- .../geode/internal/cache/InternalHttpService.java | 2 +- .../acceptance/CacheConnectionIntegrationTest.java | 2 +- .../v1/acceptance/CacheOperationsJUnitTest.java | 2 +- .../geode/tools/pulse/tests/rules/ServerRule.java | 2 +- .../java/org/apache/geode/redis/SSLTest.java | 2 +- 33 files changed, 271 insertions(+), 89 deletions(-) diff --git a/geode-core/src/integrationTest/java/org/apache/geode/internal/SSLConfigJUnitTest.java b/geode-core/src/integrationTest/java/org/apache/geode/internal/SSLConfigJUnitTest.java index 99ec074..2a3ded9 100755 --- a/geode-core/src/integrationTest/java/org/apache/geode/internal/SSLConfigJUnitTest.java +++ b/geode-core/src/integrationTest/java/org/apache/geode/internal/SSLConfigJUnitTest.java @@ -67,7 +67,7 @@ import org.junit.Test; import org.junit.experimental.categories.Category; import org.apache.geode.distributed.internal.DistributionConfigImpl; -import org.apache.geode.internal.admin.SSLConfig; +import org.apache.geode.internal.net.SSLConfig; import org.apache.geode.internal.net.SSLConfigurationFactory; import org.apache.geode.test.junit.categories.SecurityTest; diff --git a/geode-core/src/integrationTest/java/org/apache/geode/internal/net/SSLSocketHostNameVerificationIntegrationTest.java b/geode-core/src/integrationTest/java/org/apache/geode/internal/net/SSLSocketHostNameVerificationIntegrationTest.java index 5483457..dc7df44 100755 --- a/geode-core/src/integrationTest/java/org/apache/geode/internal/net/SSLSocketHostNameVerificationIntegrationTest.java +++ b/geode-core/src/integrationTest/java/org/apache/geode/internal/net/SSLSocketHostNameVerificationIntegrationTest.java @@ -168,7 +168,7 @@ public class SSLSocketHostNameVerificationIntegrationTest { this.clientSocket = clientChannel.socket(); SSLEngine sslEngine = - this.socketCreator.createSSLEngine(this.localHost.getHostName(), 1234); + this.socketCreator.createSSLEngine(this.localHost.getHostName(), 1234, true); try { this.socketCreator.handshakeSSLSocketChannel(clientSocket.getChannel(), @@ -200,7 +200,7 @@ public class SSLSocketHostNameVerificationIntegrationTest { try { socket = serverSocket.accept(); SocketCreator sc = SocketCreatorFactory.getSocketCreatorForComponent(CLUSTER); - final SSLEngine sslEngine = sc.createSSLEngine(this.localHost.getHostName(), 1234); + final SSLEngine sslEngine = sc.createSSLEngine(this.localHost.getHostName(), 1234, false); engine = sc.handshakeSSLSocketChannel(socket.getChannel(), sslEngine, diff --git a/geode-core/src/integrationTest/java/org/apache/geode/internal/net/SSLSocketIntegrationTest.java b/geode-core/src/integrationTest/java/org/apache/geode/internal/net/SSLSocketIntegrationTest.java index 4800940..19eab4f 100755 --- a/geode-core/src/integrationTest/java/org/apache/geode/internal/net/SSLSocketIntegrationTest.java +++ b/geode-core/src/integrationTest/java/org/apache/geode/internal/net/SSLSocketIntegrationTest.java @@ -227,7 +227,7 @@ public class SSLSocketIntegrationTest { clientSocket = clientChannel.socket(); NioSslEngine engine = clusterSocketCreator.handshakeSSLSocketChannel(clientSocket.getChannel(), - clusterSocketCreator.createSSLEngine("localhost", 1234), 0, true, + clusterSocketCreator.createSSLEngine("localhost", 1234, true), 0, true, ByteBuffer.allocate(65535), new BufferPool(mock(DMStats.class))); clientChannel.configureBlocking(true); @@ -273,7 +273,7 @@ public class SSLSocketIntegrationTest { socket = serverSocket.accept(); SocketCreator sc = SocketCreatorFactory.getSocketCreatorForComponent(CLUSTER); - final SSLEngine sslEngine = sc.createSSLEngine("localhost", 1234); + final SSLEngine sslEngine = sc.createSSLEngine("localhost", 1234, false); engine = sc.handshakeSSLSocketChannel(socket.getChannel(), sslEngine, timeoutMillis, diff --git a/geode-core/src/integrationTest/java/org/apache/geode/internal/net/SocketCreatorFailHandshake.java b/geode-core/src/integrationTest/java/org/apache/geode/internal/net/SocketCreatorFailHandshake.java index 286ec43..d899baa 100644 --- a/geode-core/src/integrationTest/java/org/apache/geode/internal/net/SocketCreatorFailHandshake.java +++ b/geode-core/src/integrationTest/java/org/apache/geode/internal/net/SocketCreatorFailHandshake.java @@ -20,8 +20,6 @@ import java.util.List; import javax.net.ssl.SSLException; -import org.apache.geode.internal.admin.SSLConfig; - /* * This test class will fail the TLS handshake with an SSLException, by default. */ diff --git a/geode-core/src/main/java/org/apache/geode/admin/internal/AdminDistributedSystemImpl.java b/geode-core/src/main/java/org/apache/geode/admin/internal/AdminDistributedSystemImpl.java index 66ff10f..2c279f9 100755 --- a/geode-core/src/main/java/org/apache/geode/admin/internal/AdminDistributedSystemImpl.java +++ b/geode-core/src/main/java/org/apache/geode/admin/internal/AdminDistributedSystemImpl.java @@ -81,7 +81,6 @@ import org.apache.geode.internal.admin.GemFireVM; import org.apache.geode.internal.admin.GfManagerAgent; import org.apache.geode.internal.admin.GfManagerAgentConfig; import org.apache.geode.internal.admin.GfManagerAgentFactory; -import org.apache.geode.internal.admin.SSLConfig; import org.apache.geode.internal.admin.remote.CompactRequest; import org.apache.geode.internal.admin.remote.DistributionLocatorId; import org.apache.geode.internal.admin.remote.MissingPersistentIDsRequest; @@ -96,6 +95,7 @@ import org.apache.geode.internal.logging.Banner; import org.apache.geode.internal.logging.InternalLogWriter; import org.apache.geode.internal.logging.LogWriterFactory; import org.apache.geode.internal.logging.log4j.LogMarker; +import org.apache.geode.internal.net.SSLConfig; import org.apache.geode.internal.util.concurrent.FutureResult; import org.apache.geode.logging.internal.LoggingSession; import org.apache.geode.logging.internal.NullLoggingSession; diff --git a/geode-core/src/main/java/org/apache/geode/distributed/LocatorLauncher.java b/geode-core/src/main/java/org/apache/geode/distributed/LocatorLauncher.java index 21294a22..0cd015e 100644 --- a/geode-core/src/main/java/org/apache/geode/distributed/LocatorLauncher.java +++ b/geode-core/src/main/java/org/apache/geode/distributed/LocatorLauncher.java @@ -67,9 +67,9 @@ import org.apache.geode.distributed.internal.tcpserver.TcpSocketFactory; import org.apache.geode.internal.DistributionLocator; import org.apache.geode.internal.GemFireVersion; import org.apache.geode.internal.InternalDataSerializer; -import org.apache.geode.internal.admin.SSLConfig; import org.apache.geode.internal.inet.LocalHostUtil; import org.apache.geode.internal.lang.ObjectUtils; +import org.apache.geode.internal.net.SSLConfig; import org.apache.geode.internal.net.SSLConfigurationFactory; import org.apache.geode.internal.net.SocketCreator; import org.apache.geode.internal.process.ConnectionFailedException; diff --git a/geode-core/src/main/java/org/apache/geode/internal/admin/remote/DistributionLocatorId.java b/geode-core/src/main/java/org/apache/geode/internal/admin/remote/DistributionLocatorId.java index 2ede0a1..3af2017 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/admin/remote/DistributionLocatorId.java +++ b/geode-core/src/main/java/org/apache/geode/internal/admin/remote/DistributionLocatorId.java @@ -27,8 +27,8 @@ import org.apache.geode.InternalGemFireException; import org.apache.geode.distributed.Locator; import org.apache.geode.distributed.internal.DistributionConfig; import org.apache.geode.distributed.internal.tcpserver.HostAndPort; -import org.apache.geode.internal.admin.SSLConfig; import org.apache.geode.internal.inet.LocalHostUtil; +import org.apache.geode.internal.net.SSLConfig; import org.apache.geode.internal.net.SocketCreator; /** diff --git a/geode-core/src/main/java/org/apache/geode/internal/admin/remote/RemoteTransportConfig.java b/geode-core/src/main/java/org/apache/geode/internal/admin/remote/RemoteTransportConfig.java index 42aa306..ab43000 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/admin/remote/RemoteTransportConfig.java +++ b/geode-core/src/main/java/org/apache/geode/internal/admin/remote/RemoteTransportConfig.java @@ -36,8 +36,8 @@ import org.apache.commons.lang3.StringUtils; import org.apache.geode.distributed.internal.DistributionConfig; import org.apache.geode.distributed.internal.membership.api.MembershipInformation; import org.apache.geode.internal.Assert; -import org.apache.geode.internal.admin.SSLConfig; import org.apache.geode.internal.admin.TransportConfig; +import org.apache.geode.internal.net.SSLConfig; /** * Tranport config for RemoteGfManagerAgent. diff --git a/geode-core/src/main/java/org/apache/geode/internal/net/SCClusterSocketCreator.java b/geode-core/src/main/java/org/apache/geode/internal/net/SCClusterSocketCreator.java index 866aa44..1ff585e 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/net/SCClusterSocketCreator.java +++ b/geode-core/src/main/java/org/apache/geode/internal/net/SCClusterSocketCreator.java @@ -26,7 +26,6 @@ import javax.net.ssl.SSLServerSocket; import org.apache.geode.GemFireConfigException; import org.apache.geode.distributed.internal.tcpserver.ClusterSocketCreatorImpl; -import org.apache.geode.internal.admin.SSLConfig; import org.apache.geode.net.SSLParameterExtension; class SCClusterSocketCreator extends ClusterSocketCreatorImpl { diff --git a/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java b/geode-core/src/main/java/org/apache/geode/internal/net/SSLConfig.java similarity index 99% rename from geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java rename to geode-core/src/main/java/org/apache/geode/internal/net/SSLConfig.java index 6ed5521..80718c5 100755 --- a/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java +++ b/geode-core/src/main/java/org/apache/geode/internal/net/SSLConfig.java @@ -12,7 +12,7 @@ * or implied. See the License for the specific language governing permissions and limitations under * the License. */ -package org.apache.geode.internal.admin; +package org.apache.geode.internal.net; import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_CIPHERS; import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_ENABLED; @@ -28,7 +28,6 @@ import org.apache.commons.lang3.StringUtils; import org.apache.geode.annotations.Immutable; import org.apache.geode.distributed.internal.DistributionConfig; import org.apache.geode.distributed.internal.InternalDistributedSystem; -import org.apache.geode.internal.net.SSLUtil; import org.apache.geode.internal.security.CallbackInstantiator; import org.apache.geode.internal.security.SecurableCommunicationChannel; import org.apache.geode.net.SSLParameterExtension; diff --git a/geode-core/src/main/java/org/apache/geode/internal/net/SSLConfigurationFactory.java b/geode-core/src/main/java/org/apache/geode/internal/net/SSLConfigurationFactory.java index 259d578..8a20dfc 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/net/SSLConfigurationFactory.java +++ b/geode-core/src/main/java/org/apache/geode/internal/net/SSLConfigurationFactory.java @@ -23,7 +23,6 @@ import org.apache.commons.lang3.StringUtils; import org.apache.geode.annotations.internal.MakeNotStatic; import org.apache.geode.distributed.internal.DistributionConfig; import org.apache.geode.distributed.internal.DistributionConfigImpl; -import org.apache.geode.internal.admin.SSLConfig; import org.apache.geode.internal.security.SecurableCommunicationChannel; public class SSLConfigurationFactory { diff --git a/geode-core/src/main/java/org/apache/geode/internal/net/SSLUtil.java b/geode-core/src/main/java/org/apache/geode/internal/net/SSLUtil.java index 0d6598d..5093d86 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/net/SSLUtil.java +++ b/geode-core/src/main/java/org/apache/geode/internal/net/SSLUtil.java @@ -30,42 +30,56 @@ import javax.net.ssl.X509TrustManager; import org.apache.commons.lang3.StringUtils; -import org.apache.geode.internal.admin.SSLConfig; +import org.apache.geode.annotations.VisibleForTesting; -/** - * - * @since GemFire 8.1 - */ public class SSLUtil { - public static SSLContext getSSLContextInstance(SSLConfig sslConfig) { + /** + * This is a list of the algorithms that are tried, in order, when "any" is specified. Update + * this list as new algorithms become available and are supported by Geode. Remove old, + * no-longer trusted algorithms. + */ + protected static final String[] DEFAULT_ALGORITMS = { + "TLSv1.3", + "TLSv1.2"}; // TLSv1.3 is not available in JDK 8 at this time + + + + public static SSLContext getSSLContextInstance(SSLConfig sslConfig) + throws NoSuchAlgorithmException { String[] protocols = sslConfig.getProtocolsAsStringArray(); - SSLContext sslContext = null; - if (protocols != null && protocols.length > 0) { - for (String protocol : protocols) { - if (!protocol.equals("any")) { - try { - sslContext = SSLContext.getInstance(protocol); - break; - } catch (NoSuchAlgorithmException e) { - // continue - } + return findSSLContextForProtocols(protocols, DEFAULT_ALGORITMS); + } + + /** + * Search for a context supporting one of the given prioritized list of + * protocols. The second argument is a list of protocols to try if the + * first list contains "any". The second argument should also be in prioritized + * order. If there are no matches for any of the protocols in the second + * argument we will continue in the first argument list. + * with a first argument of A, B, any, C + * and a second argument of D, E + * the search order would be A, B, D, E, C + */ + @VisibleForTesting + protected static SSLContext findSSLContextForProtocols(final String[] protocols, + final String[] protocolsForAny) + throws NoSuchAlgorithmException { + for (String protocol : protocols) { + if (protocol.equalsIgnoreCase("any")) { + try { + return findSSLContextForProtocols(protocolsForAny, new String[0]); + } catch (NoSuchAlgorithmException e) { + // none of the default algorithms is available - continue to see if there + // are any others in the requested list } } - } - if (sslContext != null) { - return sslContext; - } - // lookup known algorithms - String[] knownAlgorithms = {"SSL", "SSLv2", "SSLv3", "TLS", "TLSv1", "TLSv1.1", "TLSv1.2"}; - for (String algo : knownAlgorithms) { try { - sslContext = SSLContext.getInstance(algo); - break; + return SSLContext.getInstance(protocol); } catch (NoSuchAlgorithmException e) { // continue } } - return sslContext; + throw new NoSuchAlgorithmException(); } /** Read an array of values from a string, whitespace or comma separated. */ diff --git a/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java index 7981d3c..77e289c 100755 --- a/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java +++ b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java @@ -78,7 +78,6 @@ import org.apache.geode.distributed.internal.tcpserver.AdvancedSocketCreatorImpl import org.apache.geode.distributed.internal.tcpserver.HostAndPort; import org.apache.geode.distributed.internal.tcpserver.TcpSocketCreatorImpl; import org.apache.geode.internal.ClassPathLoader; -import org.apache.geode.internal.admin.SSLConfig; import org.apache.geode.internal.cache.wan.TransportFilterServerSocket; import org.apache.geode.internal.cache.wan.TransportFilterSocketFactory; import org.apache.geode.internal.inet.LocalHostUtil; @@ -196,6 +195,12 @@ public class SocketCreator extends TcpSocketCreatorImpl { initialize(); } + @VisibleForTesting + SocketCreator(final SSLConfig sslConfig, SSLContext sslContext) { + this.sslConfig = sslConfig; + this.sslContext = sslContext; + } + /** returns the hostname or address for this client */ public static String getClientHostName() throws UnknownHostException { InetAddress hostAddr = LocalHostUtil.getLocalHost(); @@ -544,16 +549,48 @@ public class SocketCreator extends TcpSocketCreatorImpl { /** * Returns an SSLEngine that can be used to perform TLS handshakes and communication */ - public SSLEngine createSSLEngine(String hostName, int port) { + public SSLEngine createSSLEngine(String hostName, int port, boolean clientSocket) { SSLEngine engine = getSslContext().createSSLEngine(hostName, port); + configureSSLEngine(engine, hostName, port, clientSocket); + return engine; + } + + @VisibleForTesting + void configureSSLEngine(SSLEngine engine, String hostName, int port, boolean clientSocket) { + SSLParameters parameters = engine.getSSLParameters(); + boolean updateEngineWithParameters = false; if (sslConfig.doEndpointIdentification()) { // set server-names so that endpoint identification algorithms can find what's expected - SSLParameters parameters = engine.getSSLParameters(); if (setServerNames(parameters, new HostAndPort(hostName, port))) { - engine.setSSLParameters(parameters); + updateEngineWithParameters = true; } } - return engine; + + engine.setUseClientMode(clientSocket); + if (!clientSocket) { + engine.setNeedClientAuth(sslConfig.isRequireAuth()); + } + + if (clientSocket) { + if (checkAndEnableHostnameValidation(parameters)) { + updateEngineWithParameters = true; + } + } + + String[] protocols = this.sslConfig.getProtocolsAsStringArray(); + + if (protocols != null && !"any".equalsIgnoreCase(protocols[0])) { + engine.setEnabledProtocols(protocols); + } + + String[] ciphers = this.sslConfig.getCiphersAsStringArray(); + if (ciphers != null && !"any".equalsIgnoreCase(ciphers[0])) { + engine.setEnabledCipherSuites(ciphers); + } + + if (updateEngineWithParameters) { + engine.setSSLParameters(parameters); + } } /** @@ -575,15 +612,6 @@ public class SocketCreator extends TcpSocketCreatorImpl { ByteBuffer peerNetBuffer, BufferPool bufferPool) throws IOException { - engine.setUseClientMode(clientSocket); - if (!clientSocket) { - engine.setNeedClientAuth(sslConfig.isRequireAuth()); - } - - if (clientSocket) { - SSLParameters modifiedParams = checkAndEnableHostnameValidation(engine.getSSLParameters()); - engine.setSSLParameters(modifiedParams); - } while (!socketChannel.finishConnect()) { try { Thread.sleep(50); @@ -627,18 +655,21 @@ public class SocketCreator extends TcpSocketCreatorImpl { return nioSslEngine; } - private SSLParameters checkAndEnableHostnameValidation(SSLParameters sslParameters) { + /** + * @return true if the parameters have been modified by this method + */ + private boolean checkAndEnableHostnameValidation(SSLParameters sslParameters) { if (sslConfig.doEndpointIdentification()) { sslParameters.setEndpointIdentificationAlgorithm("HTTPS"); - } else { - if (!hostnameValidationDisabledLogShown) { - logger.info("Your SSL configuration disables hostname validation. " - + "ssl-endpoint-identification-enabled should be set to true when SSL is enabled. " - + "Please refer to the Apache GEODE SSL Documentation for SSL Property: ssl‑endpoint‑identification‑enabled"); - hostnameValidationDisabledLogShown = true; - } + return true; + } + if (!hostnameValidationDisabledLogShown) { + logger.info("Your SSL configuration disables hostname validation. " + + "ssl-endpoint-identification-enabled should be set to true when SSL is enabled. " + + "Please refer to the Apache GEODE SSL Documentation for SSL Property: ssl‑endpoint‑identification‑enabled"); + hostnameValidationDisabledLogShown = true; } - return sslParameters; + return false; } /** @@ -728,17 +759,24 @@ public class SocketCreator extends TcpSocketCreatorImpl { sslSocket.setUseClientMode(true); sslSocket.setEnableSessionCreation(true); - SSLParameters modifiedParams = - checkAndEnableHostnameValidation(sslSocket.getSSLParameters()); + SSLParameters parameters = sslSocket.getSSLParameters(); + boolean updateSSLParameters = + checkAndEnableHostnameValidation(parameters); - setServerNames(modifiedParams, addr); + if (setServerNames(parameters, addr)) { + updateSSLParameters = true; + } ; SSLParameterExtension sslParameterExtension = this.sslConfig.getSSLParameterExtension(); if (sslParameterExtension != null) { - modifiedParams = - sslParameterExtension.modifySSLClientSocketParameters(modifiedParams); + parameters = + sslParameterExtension.modifySSLClientSocketParameters(parameters); + updateSSLParameters = true; + } + + if (updateSSLParameters) { + sslSocket.setSSLParameters(parameters); } - sslSocket.setSSLParameters(modifiedParams); String[] protocols = this.sslConfig.getProtocolsAsStringArray(); diff --git a/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreatorFactory.java b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreatorFactory.java index 088bf94..b3f3d36 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreatorFactory.java +++ b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreatorFactory.java @@ -23,7 +23,6 @@ import org.apache.commons.lang3.ArrayUtils; import org.apache.geode.GemFireConfigException; import org.apache.geode.annotations.internal.MakeNotStatic; import org.apache.geode.distributed.internal.DistributionConfig; -import org.apache.geode.internal.admin.SSLConfig; import org.apache.geode.internal.security.SecurableCommunicationChannel; public class SocketCreatorFactory { diff --git a/geode-core/src/main/java/org/apache/geode/internal/tcp/Connection.java b/geode-core/src/main/java/org/apache/geode/internal/tcp/Connection.java index 48bd1b5..b93cbce 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/tcp/Connection.java +++ b/geode-core/src/main/java/org/apache/geode/internal/tcp/Connection.java @@ -1709,7 +1709,7 @@ public class Connection implements Runnable { InetSocketAddress address = (InetSocketAddress) channel.getRemoteAddress(); SSLEngine engine = getConduit().getSocketCreator().createSSLEngine(address.getHostString(), - address.getPort()); + address.getPort(), clientSocket); int packetBufferSize = engine.getSession().getPacketBufferSize(); if (inputBuffer == null || inputBuffer.capacity() < packetBufferSize) { diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/ContextAwareSSLRMIClientSocketFactory.java b/geode-core/src/main/java/org/apache/geode/management/internal/ContextAwareSSLRMIClientSocketFactory.java index 55eeb6a..135f721 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/ContextAwareSSLRMIClientSocketFactory.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/ContextAwareSSLRMIClientSocketFactory.java @@ -28,7 +28,7 @@ import javax.rmi.ssl.SslRMIClientSocketFactory; import org.apache.geode.annotations.Immutable; import org.apache.geode.distributed.internal.tcpserver.HostAndPort; -import org.apache.geode.internal.admin.SSLConfig; +import org.apache.geode.internal.net.SSLConfig; import org.apache.geode.internal.net.SSLConfigurationFactory; import org.apache.geode.internal.net.SocketCreator; import org.apache.geode.internal.net.SocketCreatorFactory; diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/JmxManagerAdvisee.java b/geode-core/src/main/java/org/apache/geode/management/internal/JmxManagerAdvisee.java index 9eb8ea3..d2b982a 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/JmxManagerAdvisee.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/JmxManagerAdvisee.java @@ -23,9 +23,9 @@ import org.apache.geode.distributed.internal.DistributionAdvisor.Profile; import org.apache.geode.distributed.internal.DistributionConfig; import org.apache.geode.distributed.internal.DistributionManager; import org.apache.geode.distributed.internal.InternalDistributedSystem; -import org.apache.geode.internal.admin.SSLConfig; import org.apache.geode.internal.cache.InternalCacheForClientAccess; import org.apache.geode.internal.inet.LocalHostUtil; +import org.apache.geode.internal.net.SSLConfig; import org.apache.geode.internal.net.SSLConfigurationFactory; import org.apache.geode.internal.security.SecurableCommunicationChannel; import org.apache.geode.management.ManagementService; diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/JmxManagerLocatorRequest.java b/geode-core/src/main/java/org/apache/geode/management/internal/JmxManagerLocatorRequest.java index 5075af7..5d4d773 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/JmxManagerLocatorRequest.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/JmxManagerLocatorRequest.java @@ -24,7 +24,7 @@ import org.apache.geode.distributed.internal.tcpserver.HostAndPort; import org.apache.geode.distributed.internal.tcpserver.TcpClient; import org.apache.geode.distributed.internal.tcpserver.TcpSocketFactory; import org.apache.geode.internal.InternalDataSerializer; -import org.apache.geode.internal.admin.SSLConfig; +import org.apache.geode.internal.net.SSLConfig; import org.apache.geode.internal.net.SSLConfigurationFactory; import org.apache.geode.internal.net.SocketCreator; import org.apache.geode.internal.security.SecurableCommunicationChannel; diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java b/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java index fc7ad22..6d721ab 100755 --- a/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/ManagementAgent.java @@ -55,9 +55,9 @@ import org.apache.geode.GemFireConfigException; import org.apache.geode.cache.internal.HttpService; import org.apache.geode.distributed.internal.DistributionConfig; import org.apache.geode.internal.GemFireVersion; -import org.apache.geode.internal.admin.SSLConfig; import org.apache.geode.internal.cache.InternalCache; import org.apache.geode.internal.inet.LocalHostUtil; +import org.apache.geode.internal.net.SSLConfig; import org.apache.geode.internal.net.SSLConfigurationFactory; import org.apache.geode.internal.net.SocketCreator; import org.apache.geode.internal.net.SocketCreatorFactory; diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/api/GeodeConnectionConfig.java b/geode-core/src/main/java/org/apache/geode/management/internal/api/GeodeConnectionConfig.java index 53c7318..5bc770c 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/api/GeodeConnectionConfig.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/api/GeodeConnectionConfig.java @@ -38,8 +38,8 @@ import org.apache.geode.distributed.internal.tcpserver.HostAndPort; import org.apache.geode.distributed.internal.tcpserver.TcpClient; import org.apache.geode.distributed.internal.tcpserver.TcpSocketFactory; import org.apache.geode.internal.InternalDataSerializer; -import org.apache.geode.internal.admin.SSLConfig; import org.apache.geode.internal.cache.GemFireCacheImpl; +import org.apache.geode.internal.net.SSLConfig; import org.apache.geode.internal.net.SSLConfigurationFactory; import org.apache.geode.internal.net.SSLUtil; import org.apache.geode.internal.net.SocketCreatorFactory; diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/configuration/handlers/ClusterManagementServiceInfoRequestHandler.java b/geode-core/src/main/java/org/apache/geode/management/internal/configuration/handlers/ClusterManagementServiceInfoRequestHandler.java index 42590b3..cf77567 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/configuration/handlers/ClusterManagementServiceInfoRequestHandler.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/configuration/handlers/ClusterManagementServiceInfoRequestHandler.java @@ -23,7 +23,7 @@ import org.apache.geode.distributed.internal.DistributionConfigImpl; import org.apache.geode.distributed.internal.InternalLocator; import org.apache.geode.distributed.internal.tcpserver.TcpHandler; import org.apache.geode.distributed.internal.tcpserver.TcpServer; -import org.apache.geode.internal.admin.SSLConfig; +import org.apache.geode.internal.net.SSLConfig; import org.apache.geode.internal.net.SSLConfigurationFactory; import org.apache.geode.internal.security.SecurableCommunicationChannel; import org.apache.geode.management.internal.configuration.messages.ClusterManagementServiceInfo; diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/functions/GetMemberInformationFunction.java b/geode-core/src/main/java/org/apache/geode/management/internal/functions/GetMemberInformationFunction.java index 62ee93e..31f0a2a 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/functions/GetMemberInformationFunction.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/functions/GetMemberInformationFunction.java @@ -35,12 +35,12 @@ import org.apache.geode.distributed.ServerLauncher; import org.apache.geode.distributed.internal.DistributionConfig; import org.apache.geode.distributed.internal.InternalDistributedSystem; import org.apache.geode.distributed.internal.InternalLocator; -import org.apache.geode.internal.admin.SSLConfig; import org.apache.geode.internal.cache.CacheClientStatus; import org.apache.geode.internal.cache.InternalCache; import org.apache.geode.internal.cache.execute.InternalFunction; import org.apache.geode.internal.cache.tier.InternalClientMembership; import org.apache.geode.internal.cache.tier.sockets.ClientProxyMembershipID; +import org.apache.geode.internal.net.SSLConfig; import org.apache.geode.internal.net.SSLConfigurationFactory; import org.apache.geode.internal.security.SecurableCommunicationChannel; import org.apache.geode.management.internal.util.ManagementUtils; diff --git a/geode-core/src/test/java/org/apache/geode/internal/net/SSLConfigurationFactoryJUnitTest.java b/geode-core/src/test/java/org/apache/geode/internal/net/SSLConfigurationFactoryJUnitTest.java index 4c96548..848b962 100644 --- a/geode-core/src/test/java/org/apache/geode/internal/net/SSLConfigurationFactoryJUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/internal/net/SSLConfigurationFactoryJUnitTest.java @@ -48,7 +48,6 @@ import org.junit.experimental.categories.Category; import org.apache.geode.GemFireConfigException; import org.apache.geode.distributed.internal.DistributionConfig; import org.apache.geode.distributed.internal.DistributionConfigImpl; -import org.apache.geode.internal.admin.SSLConfig; import org.apache.geode.internal.security.SecurableCommunicationChannel; import org.apache.geode.test.junit.categories.MembershipTest; diff --git a/geode-core/src/test/java/org/apache/geode/internal/net/SSLUtilTest.java b/geode-core/src/test/java/org/apache/geode/internal/net/SSLUtilTest.java new file mode 100644 index 0000000..524c4fb --- /dev/null +++ b/geode-core/src/test/java/org/apache/geode/internal/net/SSLUtilTest.java @@ -0,0 +1,84 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ + +package org.apache.geode.internal.net; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +import java.security.NoSuchAlgorithmException; + +import javax.net.ssl.SSLContext; + +import org.junit.Test; + +public class SSLUtilTest { + + @Test(expected = NoSuchAlgorithmException.class) + public void failWhenNothingIsRequested() throws Exception { + SSLConfig sslConfig = mock(SSLConfig.class); + when(sslConfig.getProtocolsAsStringArray()) + .thenReturn(new String[0]); + SSLUtil.getSSLContextInstance(sslConfig); + } + + @Test(expected = NoSuchAlgorithmException.class) + public void failWithAnUnknownProtocol() throws Exception { + SSLConfig sslConfig = mock(SSLConfig.class); + when(sslConfig.getProtocolsAsStringArray()) + .thenReturn(new String[] {"boulevard of broken dreams"}); + SSLUtil.getSSLContextInstance(sslConfig); + } + + @Test + public void getASpecificProtocol() throws Exception { + SSLConfig sslConfig = mock(SSLConfig.class); + when(sslConfig.getProtocolsAsStringArray()).thenReturn(new String[] {"TLSv1.2"}); + final SSLContext sslContextInstance = SSLUtil.getSSLContextInstance(sslConfig); + assertThat(sslContextInstance.getProtocol().equalsIgnoreCase("TLSv1.2")).isTrue(); + } + + @Test + public void getAnyProtocolWithAnUnknownInTheList() throws Exception { + SSLConfig sslConfig = mock(SSLConfig.class); + when(sslConfig.getProtocolsAsStringArray()) + .thenReturn(new String[] {"the dream of the blue turtles", "any", "SSL"}); + final SSLContext sslContextInstance = SSLUtil.getSSLContextInstance(sslConfig); + // make sure that we don't continue past "any" and use the following protocol (SSL) + assertThat(sslContextInstance.getProtocol().equalsIgnoreCase("SSL")).isFalse(); + String selectedProtocol = sslContextInstance.getProtocol(); + String matchedProtocol = null; + for (String algorithm : SSLUtil.DEFAULT_ALGORITMS) { + if (algorithm.equalsIgnoreCase(selectedProtocol)) { + matchedProtocol = algorithm; + } + } + assertThat(matchedProtocol).isNotNull().withFailMessage("selected protocol (" + + selectedProtocol + + ") is not in the list of default algorithms, " + + "indicating that the \"any\" setting did not work correctly"); + } + + @Test + public void getARealProtocolAfterProcessingAny() throws Exception { + final String[] algorithms = {"dream weaver", "any", "TLSv1.1"}; + final String[] algorithmsForAny = new String[] {"sweet dreams (are made of this)"}; + final SSLContext sslContextInstance = SSLUtil.findSSLContextForProtocols(algorithms, + algorithmsForAny); + assertThat(sslContextInstance.getProtocol().equalsIgnoreCase("TLSv1.1")).isTrue(); + } + +} diff --git a/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java b/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java index 9b8b99a..b15c618 100644 --- a/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java @@ -15,22 +15,28 @@ package org.apache.geode.internal.net; import static org.apache.geode.test.util.ResourceUtils.createTempFileFromResource; +import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatExceptionOfType; +import static org.mockito.ArgumentMatchers.isA; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.never; import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; import java.net.BindException; import java.net.InetAddress; import java.net.ServerSocket; import java.net.Socket; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLParameters; import javax.net.ssl.SSLSocket; import org.junit.Test; import org.junit.experimental.categories.Category; +import org.mockito.ArgumentCaptor; -import org.apache.geode.internal.admin.SSLConfig; import org.apache.geode.test.junit.categories.MembershipTest; @Category({MembershipTest.class}) @@ -98,6 +104,53 @@ public class SocketCreatorJUnitTest { } } + @Test + public void configureSSLEngine() { + SSLConfig config = new SSLConfig.Builder().setCiphers("someCipher").setEnabled(true) + .setProtocols("someProtocol").setRequireAuth(true).setKeystore("someKeystore.jks") + .setAlias("someAlias").setTruststore("someTruststore.jks") + .setEndpointIdentificationEnabled(true).build(); + SSLContext context = mock(SSLContext.class); + SSLParameters parameters = mock(SSLParameters.class); + + SocketCreator socketCreator = new SocketCreator(config, context); + + SSLEngine engine = mock(SSLEngine.class); + when(engine.getSSLParameters()).thenReturn(parameters); + + socketCreator.configureSSLEngine(engine, "somehost", 12345, true); + + verify(engine).setUseClientMode(isA(Boolean.class)); + verify(engine).setSSLParameters(parameters); + verify(engine, never()).setNeedClientAuth(isA(Boolean.class)); + + ArgumentCaptor<String[]> stringArrayCaptor = ArgumentCaptor.forClass(String[].class); + verify(engine).setEnabledProtocols(stringArrayCaptor.capture()); + assertThat(stringArrayCaptor.getValue()).containsExactly("someProtocol"); + verify(engine).setEnabledCipherSuites(stringArrayCaptor.capture()); + assertThat(stringArrayCaptor.getValue()).containsExactly("someCipher"); + } + + @Test + public void configureSSLEngineUsingAny() { + SSLConfig config = new SSLConfig.Builder().setCiphers("any").setEnabled(true) + .setProtocols("any").setRequireAuth(true).setKeystore("someKeystore.jks") + .setAlias("someAlias").setTruststore("someTruststore.jks") + .setEndpointIdentificationEnabled(true).build(); + SSLContext context = mock(SSLContext.class); + SSLParameters parameters = mock(SSLParameters.class); + + SocketCreator socketCreator = new SocketCreator(config, context); + + SSLEngine engine = mock(SSLEngine.class); + when(engine.getSSLParameters()).thenReturn(parameters); + + socketCreator.configureSSLEngine(engine, "somehost", 12345, true); + + verify(engine, never()).setEnabledCipherSuites(isA(String[].class)); + verify(engine, never()).setEnabledProtocols(isA(String[].class)); + } + private String getSingleKeyKeystore() { return createTempFileFromResource(getClass(), "/ssl/trusted.keystore").getAbsolutePath(); } diff --git a/geode-core/src/test/java/org/apache/geode/internal/tcp/TCPConduitTest.java b/geode-core/src/test/java/org/apache/geode/internal/tcp/TCPConduitTest.java index edd081d..0c30ce2 100644 --- a/geode-core/src/test/java/org/apache/geode/internal/tcp/TCPConduitTest.java +++ b/geode-core/src/test/java/org/apache/geode/internal/tcp/TCPConduitTest.java @@ -45,8 +45,8 @@ import org.apache.geode.distributed.internal.DistributionManager; import org.apache.geode.distributed.internal.direct.DirectChannel; import org.apache.geode.distributed.internal.membership.InternalDistributedMember; import org.apache.geode.distributed.internal.membership.api.Membership; -import org.apache.geode.internal.admin.SSLConfig; import org.apache.geode.internal.inet.LocalHostUtil; +import org.apache.geode.internal.net.SSLConfig; import org.apache.geode.internal.net.SocketCreator; public class TCPConduitTest { diff --git a/geode-gfsh/src/main/java/org/apache/geode/management/internal/cli/commands/ConnectCommand.java b/geode-gfsh/src/main/java/org/apache/geode/management/internal/cli/commands/ConnectCommand.java index 48b601c..4816fbf 100644 --- a/geode-gfsh/src/main/java/org/apache/geode/management/internal/cli/commands/ConnectCommand.java +++ b/geode-gfsh/src/main/java/org/apache/geode/management/internal/cli/commands/ConnectCommand.java @@ -35,7 +35,7 @@ import org.springframework.shell.core.annotation.CliCommand; import org.springframework.shell.core.annotation.CliOption; import org.apache.geode.annotations.Immutable; -import org.apache.geode.internal.admin.SSLConfig; +import org.apache.geode.internal.net.SSLConfig; import org.apache.geode.internal.net.SSLConfigurationFactory; import org.apache.geode.internal.net.SSLUtil; import org.apache.geode.internal.security.SecurableCommunicationChannel; diff --git a/geode-gfsh/src/main/java/org/apache/geode/management/internal/cli/shell/JmxOperationInvoker.java b/geode-gfsh/src/main/java/org/apache/geode/management/internal/cli/shell/JmxOperationInvoker.java index 67aed7a..2433387 100644 --- a/geode-gfsh/src/main/java/org/apache/geode/management/internal/cli/shell/JmxOperationInvoker.java +++ b/geode-gfsh/src/main/java/org/apache/geode/management/internal/cli/shell/JmxOperationInvoker.java @@ -51,7 +51,7 @@ import com.healthmarketscience.rmiio.RemoteOutputStreamClient; import org.apache.commons.io.IOUtils; import org.apache.logging.log4j.Logger; -import org.apache.geode.internal.admin.SSLConfig; +import org.apache.geode.internal.net.SSLConfig; import org.apache.geode.internal.net.SSLConfigurationFactory; import org.apache.geode.internal.security.SecurableCommunicationChannel; import org.apache.geode.logging.internal.log4j.api.LogService; diff --git a/geode-http-service/src/main/java/org/apache/geode/internal/cache/InternalHttpService.java b/geode-http-service/src/main/java/org/apache/geode/internal/cache/InternalHttpService.java index d37d645..7cb27a2 100644 --- a/geode-http-service/src/main/java/org/apache/geode/internal/cache/InternalHttpService.java +++ b/geode-http-service/src/main/java/org/apache/geode/internal/cache/InternalHttpService.java @@ -41,7 +41,7 @@ import org.apache.geode.cache.Cache; import org.apache.geode.cache.internal.HttpService; import org.apache.geode.distributed.internal.DistributionConfig; import org.apache.geode.distributed.internal.InternalDistributedSystem; -import org.apache.geode.internal.admin.SSLConfig; +import org.apache.geode.internal.net.SSLConfig; import org.apache.geode.internal.net.SSLConfigurationFactory; import org.apache.geode.internal.net.SSLUtil; import org.apache.geode.internal.security.SecurableCommunicationChannel; diff --git a/geode-protobuf/src/integrationTest/java/org/apache/geode/internal/protocol/protobuf/v1/acceptance/CacheConnectionIntegrationTest.java b/geode-protobuf/src/integrationTest/java/org/apache/geode/internal/protocol/protobuf/v1/acceptance/CacheConnectionIntegrationTest.java index 5917829..75ece12 100644 --- a/geode-protobuf/src/integrationTest/java/org/apache/geode/internal/protocol/protobuf/v1/acceptance/CacheConnectionIntegrationTest.java +++ b/geode-protobuf/src/integrationTest/java/org/apache/geode/internal/protocol/protobuf/v1/acceptance/CacheConnectionIntegrationTest.java @@ -62,9 +62,9 @@ import org.apache.geode.distributed.ConfigurationProperties; import org.apache.geode.distributed.internal.InternalDistributedSystem; import org.apache.geode.distributed.internal.tcpserver.HostAndPort; import org.apache.geode.internal.AvailablePortHelper; -import org.apache.geode.internal.admin.SSLConfig; import org.apache.geode.internal.cache.InternalCacheServer; import org.apache.geode.internal.cache.tier.Acceptor; +import org.apache.geode.internal.net.SSLConfig; import org.apache.geode.internal.net.SocketCreator; import org.apache.geode.internal.net.SocketCreatorFactory; import org.apache.geode.internal.protocol.protobuf.statistics.ProtobufClientStatistics; diff --git a/geode-protobuf/src/integrationTest/java/org/apache/geode/internal/protocol/protobuf/v1/acceptance/CacheOperationsJUnitTest.java b/geode-protobuf/src/integrationTest/java/org/apache/geode/internal/protocol/protobuf/v1/acceptance/CacheOperationsJUnitTest.java index f4d2e70..0a12f05 100644 --- a/geode-protobuf/src/integrationTest/java/org/apache/geode/internal/protocol/protobuf/v1/acceptance/CacheOperationsJUnitTest.java +++ b/geode-protobuf/src/integrationTest/java/org/apache/geode/internal/protocol/protobuf/v1/acceptance/CacheOperationsJUnitTest.java @@ -55,7 +55,7 @@ import org.apache.geode.cache.server.CacheServer; import org.apache.geode.distributed.ConfigurationProperties; import org.apache.geode.distributed.internal.tcpserver.HostAndPort; import org.apache.geode.internal.AvailablePortHelper; -import org.apache.geode.internal.admin.SSLConfig; +import org.apache.geode.internal.net.SSLConfig; import org.apache.geode.internal.net.SocketCreator; import org.apache.geode.internal.net.SocketCreatorFactory; import org.apache.geode.internal.protocol.protobuf.v1.BasicTypes; diff --git a/geode-pulse/geode-pulse-test/src/main/java/org/apache/geode/tools/pulse/tests/rules/ServerRule.java b/geode-pulse/geode-pulse-test/src/main/java/org/apache/geode/tools/pulse/tests/rules/ServerRule.java index 0e70235..db3b181 100644 --- a/geode-pulse/geode-pulse-test/src/main/java/org/apache/geode/tools/pulse/tests/rules/ServerRule.java +++ b/geode-pulse/geode-pulse-test/src/main/java/org/apache/geode/tools/pulse/tests/rules/ServerRule.java @@ -26,8 +26,8 @@ import java.util.Properties; import org.junit.rules.ExternalResource; import org.apache.geode.internal.AvailablePort; -import org.apache.geode.internal.admin.SSLConfig; import org.apache.geode.internal.cache.InternalHttpService; +import org.apache.geode.internal.net.SSLConfig; import org.apache.geode.tools.pulse.internal.data.PulseConstants; import org.apache.geode.tools.pulse.tests.Server; diff --git a/geode-redis/src/integrationTest/java/org/apache/geode/redis/SSLTest.java b/geode-redis/src/integrationTest/java/org/apache/geode/redis/SSLTest.java index 13fa4f0..4df2e6b 100644 --- a/geode-redis/src/integrationTest/java/org/apache/geode/redis/SSLTest.java +++ b/geode-redis/src/integrationTest/java/org/apache/geode/redis/SSLTest.java @@ -26,7 +26,7 @@ import org.junit.experimental.categories.Category; import redis.clients.jedis.Jedis; import org.apache.geode.distributed.internal.InternalDistributedSystem; -import org.apache.geode.internal.admin.SSLConfig; +import org.apache.geode.internal.net.SSLConfig; import org.apache.geode.internal.net.SSLConfigurationFactory; import org.apache.geode.internal.security.SecurableCommunicationChannel; import org.apache.geode.test.junit.categories.RedisTest;