Repository: geode Updated Branches: refs/heads/feature/GEODE-3393 [created] 4f5262fa9
GEODE-3393: One-way SSL commit failing with userHome/.keystore not found Project: http://git-wip-us.apache.org/repos/asf/geode/repo Commit: http://git-wip-us.apache.org/repos/asf/geode/commit/4f5262fa Tree: http://git-wip-us.apache.org/repos/asf/geode/tree/4f5262fa Diff: http://git-wip-us.apache.org/repos/asf/geode/diff/4f5262fa Branch: refs/heads/feature/GEODE-3393 Commit: 4f5262fa91e715efb5400507a19fd683a7078bf4 Parents: f52ebca Author: Udo Kohlmeyer <[email protected]> Authored: Thu Aug 3 14:13:06 2017 -0700 Committer: Udo Kohlmeyer <[email protected]> Committed: Thu Aug 3 14:13:06 2017 -0700 ---------------------------------------------------------------------- .../apache/geode/internal/admin/SSLConfig.java | 5 +- .../geode/internal/net/SocketCreator.java | 266 +++++++++++-------- .../internal/net/SocketCreatorJUnitTest.java | 26 ++ 3 files changed, 190 insertions(+), 107 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/geode/blob/4f5262fa/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java b/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java index 0171933..65e4694 100755 --- a/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java +++ b/geode-core/src/main/java/org/apache/geode/internal/admin/SSLConfig.java @@ -16,6 +16,7 @@ package org.apache.geode.internal.admin; import static org.apache.geode.distributed.ConfigurationProperties.*; +import java.security.KeyStore; import java.util.Iterator; import java.util.Properties; @@ -33,11 +34,11 @@ public class SSLConfig { private String ciphers = DistributionConfig.DEFAULT_SSL_CIPHERS; private boolean requireAuth = DistributionConfig.DEFAULT_SSL_REQUIRE_AUTHENTICATION; private String keystore = DistributionConfig.DEFAULT_SSL_KEYSTORE; - private String keystoreType = DistributionConfig.DEFAULT_CLUSTER_SSL_KEYSTORE_TYPE; + private String keystoreType = KeyStore.getDefaultType(); private String keystorePassword = DistributionConfig.DEFAULT_SSL_KEYSTORE_PASSWORD; private String truststore = DistributionConfig.DEFAULT_SSL_TRUSTSTORE; private String truststorePassword = DistributionConfig.DEFAULT_SSL_TRUSTSTORE_PASSWORD; - private String truststoreType = DistributionConfig.DEFAULT_CLUSTER_SSL_KEYSTORE_TYPE; + private String truststoreType = KeyStore.getDefaultType(); private String alias = null; private SecurableCommunicationChannel securableCommunicationChannel = null; http://git-wip-us.apache.org/repos/asf/geode/blob/4f5262fa/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java index dbe18a9..0caf18a 100755 --- a/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java +++ b/geode-core/src/main/java/org/apache/geode/internal/net/SocketCreator.java @@ -14,6 +14,32 @@ */ package org.apache.geode.internal.net; +import org.apache.commons.lang.StringUtils; +import org.apache.geode.GemFireConfigException; +import org.apache.geode.SystemConnectException; +import org.apache.geode.SystemFailure; +import org.apache.geode.admin.internal.InetAddressUtil; +import org.apache.geode.cache.wan.GatewaySender; +import org.apache.geode.cache.wan.GatewayTransportFilter; +import org.apache.geode.distributed.ClientSocketFactory; +import org.apache.geode.distributed.internal.DistributionConfig; +import org.apache.geode.distributed.internal.DistributionConfigImpl; +import org.apache.geode.distributed.internal.InternalDistributedSystem; +import org.apache.geode.internal.ClassPathLoader; +import org.apache.geode.internal.ConnectionWatcher; +import org.apache.geode.internal.GfeConsoleReaderFactory; +import org.apache.geode.internal.GfeConsoleReaderFactory.GfeConsoleReader; +import org.apache.geode.internal.admin.SSLConfig; +import org.apache.geode.internal.cache.wan.TransportFilterServerSocket; +import org.apache.geode.internal.cache.wan.TransportFilterSocketFactory; +import org.apache.geode.internal.i18n.LocalizedStrings; +import org.apache.geode.internal.logging.LogService; +import org.apache.geode.internal.logging.log4j.LocalizedMessage; +import org.apache.geode.internal.security.SecurableCommunicationChannel; +import org.apache.geode.internal.util.ArgumentRedactor; +import org.apache.geode.internal.util.PasswordUtil; +import org.apache.logging.log4j.Logger; + import java.io.FileInputStream; import java.io.IOException; import java.net.BindException; @@ -49,7 +75,6 @@ import java.util.Map; import java.util.Properties; import java.util.Random; import java.util.Set; - import javax.naming.Context; import javax.naming.NamingEnumeration; import javax.naming.directory.Attribute; @@ -72,51 +97,16 @@ import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509ExtendedKeyManager; -import org.apache.commons.lang.StringUtils; -import org.apache.logging.log4j.Logger; - -import org.apache.geode.GemFireConfigException; -import org.apache.geode.SystemConnectException; -import org.apache.geode.SystemFailure; -import org.apache.geode.admin.internal.InetAddressUtil; -import org.apache.geode.cache.wan.GatewaySender; -import org.apache.geode.cache.wan.GatewayTransportFilter; -import org.apache.geode.distributed.ClientSocketFactory; -import org.apache.geode.distributed.internal.DistributionConfig; -import org.apache.geode.distributed.internal.DistributionConfigImpl; -import org.apache.geode.distributed.internal.InternalDistributedSystem; -import org.apache.geode.internal.ClassPathLoader; -import org.apache.geode.internal.ConnectionWatcher; -import org.apache.geode.internal.GfeConsoleReaderFactory; -import org.apache.geode.internal.GfeConsoleReaderFactory.GfeConsoleReader; -import org.apache.geode.internal.admin.SSLConfig; -import org.apache.geode.internal.cache.wan.TransportFilterServerSocket; -import org.apache.geode.internal.cache.wan.TransportFilterSocketFactory; -import org.apache.geode.internal.i18n.LocalizedStrings; -import org.apache.geode.internal.logging.LogService; -import org.apache.geode.internal.logging.log4j.LocalizedMessage; -import org.apache.geode.internal.security.SecurableCommunicationChannel; -import org.apache.geode.internal.util.ArgumentRedactor; -import org.apache.geode.internal.util.PasswordUtil; - /** - * Analyze configuration data (gemfire.properties) and configure sockets accordingly for SSL. - * <p> - * gemfire.useSSL = (true|false) default false.<br/> - * gemfire.ssl.debug = (true|false) default false.<br/> - * gemfire.ssl.needClientAuth = (true|false) default true.<br/> - * gemfire.ssl.protocols = <i>list of protocols</i><br/> - * gemfire.ssl.ciphers = <i>list of cipher suites</i><br/> - * <p> - * The following may be included to configure the certificates used by the Sun Provider. - * <p> - * javax.net.ssl.trustStore = <i>pathname</i><br/> - * javax.net.ssl.trustStorePassword = <i>password</i><br/> - * javax.net.ssl.keyStore = <i>pathname</i><br/> - * javax.net.ssl.keyStorePassword = <i>password</i><br/> - * <p> - * Additional properties will be set as System properties to be available as needed by other - * provider implementations. + * Analyze configuration data (gemfire.properties) and configure sockets accordingly for SSL. <p> + * gemfire.useSSL = (true|false) default false.<br/> gemfire.ssl.debug = (true|false) default + * false.<br/> gemfire.ssl.needClientAuth = (true|false) default true.<br/> gemfire.ssl.protocols = + * <i>list of protocols</i><br/> gemfire.ssl.ciphers = <i>list of cipher suites</i><br/> <p> The + * following may be included to configure the certificates used by the Sun Provider. <p> + * javax.net.ssl.trustStore = <i>pathname</i><br/> javax.net.ssl.trustStorePassword = + * <i>password</i><br/> javax.net.ssl.keyStore = <i>pathname</i><br/> javax.net.ssl.keyStorePassword + * = <i>password</i><br/> <p> Additional properties will be set as System properties to be available + * as needed by other provider implementations. */ public class SocketCreator { @@ -191,7 +181,7 @@ public class SocketCreator { Set myInterfaces = getMyAddresses(); boolean preferIPv6 = SocketCreator.useIPv6Addresses; String lhName = null; - for (Iterator<InetAddress> it = myInterfaces.iterator(); lhName == null && it.hasNext();) { + for (Iterator<InetAddress> it = myInterfaces.iterator(); lhName == null && it.hasNext(); ) { InetAddress addr = it.next(); if (addr.isLoopbackAddress() || addr.isAnyLocalAddress()) { break; @@ -261,14 +251,20 @@ public class SocketCreator { // Constructor // ------------------------------------------------------------------------- + SocketCreator() { + } + /** * Constructs new SocketCreator instance. */ public SocketCreator(final SSLConfig sslConfig) { - this.sslConfig = sslConfig; + setSslConfig(sslConfig); initialize(); } + private void setSslConfig(SSLConfig sslConfig) { + this.sslConfig = sslConfig; + } // ------------------------------------------------------------------------- // Static instance accessors @@ -329,11 +325,8 @@ public class SocketCreator { // ------------------------------------------------------------------------- /** - * Initialize this SocketCreator. - * <p> - * Caller must synchronize on the SocketCreator instance. + * Initialize this SocketCreator. <p> Caller must synchronize on the SocketCreator instance. */ - @SuppressWarnings("hiding") private void initialize() { try { // set p2p values... @@ -384,9 +377,7 @@ public class SocketCreator { /** * Creates & configures the SSLContext when SSL is enabled. - * * @return new SSLContext configured using the given protocols & properties - * * @throws GeneralSecurityException if security information can not be found * @throws IOException if information can not be loaded */ @@ -402,7 +393,6 @@ public class SocketCreator { /** * Used by CacheServerLauncher and SystemAdmin to read the properties from console - * * @param env Map in which the properties are to be read from console. */ public static void readSSLProperties(Map<String, String> env) { @@ -411,12 +401,11 @@ public class SocketCreator { /** * Used to read the properties from console. AgentLauncher calls this method directly & ignores - * gemfire.properties. CacheServerLauncher and SystemAdmin call this through - * {@link #readSSLProperties(Map)} and do NOT ignore gemfire.properties. - * + * gemfire.properties. CacheServerLauncher and SystemAdmin call this through {@link + * #readSSLProperties(Map)} and do NOT ignore gemfire.properties. * @param env Map in which the properties are to be read from console. * @param ignoreGemFirePropsFile if <code>false</code> existing gemfire.properties file is read, - * if <code>true</code>, properties from gemfire.properties file are ignored. + * if <code>true</code>, properties from gemfire.properties file are ignored. */ public static void readSSLProperties(Map<String, String> env, boolean ignoreGemFirePropsFile) { Properties props = new Properties(); @@ -479,6 +468,11 @@ public class SocketCreator { TrustManager[] trustManagers = null; GfeConsoleReader consoleReader = GfeConsoleReaderFactory.getDefaultConsoleReader(); + if(sslConfig.getTruststore() == null) + { + return trustManagers; + } + String trustStoreType = sslConfig.getTruststoreType(); if (StringUtils.isEmpty(trustStoreType)) { // read from console, default on empty @@ -537,6 +531,11 @@ public class SocketCreator { NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException { GfeConsoleReader consoleReader = GfeConsoleReaderFactory.getDefaultConsoleReader(); +// If the keystore path is not set aka null, return a null keyManager + if (sslConfig.getKeystore() == null) { + return null; + } + KeyManager[] keyManagers = null; String keyStoreType = sslConfig.getKeystoreType(); if (StringUtils.isEmpty(keyStoreType)) { @@ -555,8 +554,7 @@ public class SocketCreator { keyStoreFilePath = consoleReader .readLine("Please enter the keyStore location (javax.net.ssl.keyStore) : "); } else { - keyStoreFilePath = - System.getProperty("user.home") + System.getProperty("file.separator") + ".keystore"; + keyStoreFilePath = constructKeystorePathFromUserHome(); } } @@ -603,6 +601,83 @@ public class SocketCreator { return extendedKeyManagers; } + String constructKeystorePathFromUserHome() { + String keyStoreFilePath; + keyStoreFilePath = + System.getProperty("user.home") + System.getProperty("file.separator") + ".keystore"; + return keyStoreFilePath; + } + +// private KeyManager[] getKeyManagers2(Properties sysProps) +// throws KeyStoreException, FileNotFoundException, IOException, +// NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException { +// +// KeyManager[] keyManagers = null; +// String keyStoreType = sysProps.getProperty("javax.net.ssl.keyStoreType"); +// GfeConsoleReader consoleReader = GfeConsoleReaderFactory.getDefaultConsoleReader(); +// if (keyStoreType == null) { +// keyStoreType = System.getProperty("javax.net.ssl.keyStoreType", KeyStore.getDefaultType()); +// } else if (keyStoreType.trim().equals("")) { +// // read from console, default on empty +// if (consoleReader.isSupported()) { +// keyStoreType = consoleReader.readLine("Please enter the keyStoreType (javax.net.ssl.keyStoreType) : "); +// } +// if (isEmpty(keyStoreType)) { +// keyStoreType = KeyStore.getDefaultType(); +// } +// } +// KeyStore ks = KeyStore.getInstance(keyStoreType); +// String keyStoreFilePath = sysProps.getProperty("javax.net.ssl.keyStore"); +// if (keyStoreFilePath == null) { +// keyStoreFilePath = System.getProperty("javax.net.ssl.keyStore"); +// } +// if (keyStoreFilePath != null) { +// if (keyStoreFilePath.trim().equals("")) { +// keyStoreFilePath = System.getenv("javax.net.ssl.keyStore"); +// //read from console +// if (isEmpty(keyStoreFilePath) && consoleReader.isSupported()) { +// keyStoreFilePath = consoleReader.readLine("Please enter the keyStore location (javax.net.ssl.keyStore) : "); +// } +// if (isEmpty(keyStoreFilePath)) { +// keyStoreFilePath = System.getProperty("user.home") + System.getProperty("file.separator") + ".keystore"; +// } +// } +// FileInputStream fis = null; +// fis = new FileInputStream(keyStoreFilePath); +// String passwordString = sysProps.getProperty("javax.net.ssl.keyStorePassword"); +// if (passwordString == null) { +// passwordString = System.getProperty("javax.net.ssl.keyStorePassword"); +// } +// char [] password = null; +// if (passwordString != null) { +// if (passwordString.trim().equals("")) { +// String encryptedPass = System.getenv("javax.net.ssl.keyStorePassword"); +// if (!isEmpty(encryptedPass)) { +// String toDecrypt = "encrypted(" + encryptedPass + ")"; +// passwordString = PasswordUtil.decrypt(toDecrypt); +// password = passwordString.toCharArray(); +// } +// //read from the console +// if (isEmpty(passwordString) && consoleReader != null) { +// password = consoleReader.readPassword("Please enter password for keyStore (javax.net.ssl.keyStorePassword) : "); +// } +// } else { +// password = passwordString.toCharArray(); +// } +// } +// ks.load(fis, password); +// // default algorithm can be changed by setting property "ssl.KeyManagerFactory.algorithm" in security properties +// KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); +// kmf.init(ks, password); +// keyManagers = kmf.getKeyManagers(); +// // follow the security tip in java doc +// if (password != null) { +// java.util.Arrays.fill(password, ' '); +// } +// } +// return keyManagers; +// } + private static class ExtendedAliasKeyManager extends X509ExtendedKeyManager { private final X509ExtendedKeyManager delegate; @@ -611,7 +686,6 @@ public class SocketCreator { /** * Constructor. - * * @param mgr The X509KeyManager used as a delegate * @param keyAlias The alias name of the server's keypair and supporting certificate chain */ @@ -628,7 +702,7 @@ public class SocketCreator { @Override public String chooseClientAlias(final String[] strings, final Principal[] principals, - final Socket socket) { + final Socket socket) { if (!StringUtils.isEmpty(this.keyAlias)) { return keyAlias; } @@ -665,7 +739,7 @@ public class SocketCreator { @Override public String chooseEngineServerAlias(final String keyType, final Principal[] principals, - final SSLEngine sslEngine) { + final SSLEngine sslEngine) { if (!StringUtils.isEmpty(this.keyAlias)) { PrivateKey key = this.delegate.getPrivateKey(this.keyAlias); return getKeyAlias(keyType, key); @@ -707,7 +781,8 @@ public class SocketCreator { } public ServerSocket createServerSocket(int nport, int backlog, InetAddress bindAddr, - List<GatewayTransportFilter> transportFilters, int socketBufferSize) throws IOException { + List<GatewayTransportFilter> transportFilters, + int socketBufferSize) throws IOException { if (transportFilters.isEmpty()) { return createServerSocket(nport, backlog, bindAddr, socketBufferSize); } else { @@ -741,12 +816,13 @@ public class SocketCreator { } public ServerSocket createServerSocket(int nport, int backlog, InetAddress bindAddr, - int socketBufferSize) throws IOException { + int socketBufferSize) throws IOException { return createServerSocket(nport, backlog, bindAddr, socketBufferSize, sslConfig.isEnabled()); } private ServerSocket createServerSocket(int nport, int backlog, InetAddress bindAddr, - int socketBufferSize, boolean sslConnection) throws IOException { + int socketBufferSize, boolean sslConnection) + throws IOException { printConfig(); if (sslConnection) { if (this.sslContext == null) { @@ -791,18 +867,11 @@ public class SocketCreator { /** * Creates or bind server socket to a random port selected from tcp-port-range which is same as * membership-port-range. - * - * @param ba - * @param backlog - * @param isBindAddress - * @param tcpBufferSize - * * @return Returns the new server socket. - * - * @throws IOException */ public ServerSocket createServerSocketUsingPortRange(InetAddress ba, int backlog, - boolean isBindAddress, boolean useNIO, int tcpBufferSize, int[] tcpPortRange) + boolean isBindAddress, boolean useNIO, + int tcpBufferSize, int[] tcpPortRange) throws IOException { return createServerSocketUsingPortRange(ba, backlog, isBindAddress, useNIO, tcpBufferSize, tcpPortRange, sslConfig.isEnabled()); @@ -811,20 +880,13 @@ public class SocketCreator { /** * Creates or bind server socket to a random port selected from tcp-port-range which is same as * membership-port-range. - * - * @param ba - * @param backlog - * @param isBindAddress - * @param tcpBufferSize * @param sslConnection whether to connect using SSL - * * @return Returns the new server socket. - * - * @throws IOException */ public ServerSocket createServerSocketUsingPortRange(InetAddress ba, int backlog, - boolean isBindAddress, boolean useNIO, int tcpBufferSize, int[] tcpPortRange, - boolean sslConnection) throws IOException { + boolean isBindAddress, boolean useNIO, + int tcpBufferSize, int[] tcpPortRange, + boolean sslConnection) throws IOException { ServerSocket socket = null; int localPort = 0; int startingPort = 0; @@ -915,7 +977,7 @@ public class SocketCreator { * socket factory */ public Socket connect(InetAddress inetadd, int port, int timeout, - ConnectionWatcher optionalWatcher, boolean clientSide) throws IOException { + ConnectionWatcher optionalWatcher, boolean clientSide) throws IOException { return connect(inetadd, port, timeout, optionalWatcher, clientSide, -1); } @@ -925,7 +987,7 @@ public class SocketCreator { * socket factory */ public Socket connect(InetAddress inetadd, int port, int timeout, - ConnectionWatcher optionalWatcher, boolean clientSide, int socketBufferSize) + ConnectionWatcher optionalWatcher, boolean clientSide, int socketBufferSize) throws IOException { return connect(inetadd, port, timeout, optionalWatcher, clientSide, socketBufferSize, sslConfig.isEnabled()); @@ -937,8 +999,8 @@ public class SocketCreator { * socket factory */ public Socket connect(InetAddress inetadd, int port, int timeout, - ConnectionWatcher optionalWatcher, boolean clientSide, int socketBufferSize, - boolean sslConnection) throws IOException { + ConnectionWatcher optionalWatcher, boolean clientSide, int socketBufferSize, + boolean sslConnection) throws IOException { Socket socket = null; SocketAddress sockaddr = new InetSocketAddress(inetadd, port); printConfig(); @@ -1017,7 +1079,7 @@ public class SocketCreator { logger.fatal( LocalizedMessage.create( LocalizedStrings.SocketCreator_SSL_ERROR_IN_AUTHENTICATING_PEER_0_1, - new Object[] {socket.getInetAddress(), Integer.valueOf(socket.getPort())}), + new Object[]{socket.getInetAddress(), Integer.valueOf(socket.getPort())}), ex); throw ex; } @@ -1026,7 +1088,7 @@ public class SocketCreator { .fatal( LocalizedMessage.create( LocalizedStrings.SocketCreator_SSL_ERROR_IN_CONNECTING_TO_PEER_0_1, - new Object[] {socket.getInetAddress(), Integer.valueOf(socket.getPort())}), + new Object[]{socket.getInetAddress(), Integer.valueOf(socket.getPort())}), ex); throw ex; } @@ -1099,7 +1161,7 @@ public class SocketCreator { .fatal( LocalizedMessage.create( LocalizedStrings.SocketCreator_SSL_ERROR_IN_CONNECTING_TO_PEER_0_1, - new Object[] {socket.getInetAddress(), Integer.valueOf(socket.getPort())}), + new Object[]{socket.getInetAddress(), Integer.valueOf(socket.getPort())}), ex); throw ex; } catch (SSLPeerUnverifiedException ex) { @@ -1113,7 +1175,7 @@ public class SocketCreator { .fatal( LocalizedMessage.create( LocalizedStrings.SocketCreator_SSL_ERROR_IN_CONNECTING_TO_PEER_0_1, - new Object[] {socket.getInetAddress(), Integer.valueOf(socket.getPort())}), + new Object[]{socket.getInetAddress(), Integer.valueOf(socket.getPort())}), ex); throw ex; } @@ -1219,11 +1281,8 @@ public class SocketCreator { /** * This method uses JNDI to look up an address in DNS and return its name - * - * @param addr - * * @return the host name associated with the address or null if lookup isn't possible or there is - * no host name for this address + * no host name for this address */ public static String reverseDNS(InetAddress addr) { byte[] addrBytes = addr.getAddress(); @@ -1239,10 +1298,10 @@ public class SocketCreator { Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.dns.DnsContextFactory"); DirContext ctx = new InitialDirContext(env); - Attributes attrs = ctx.getAttributes(lookup, new String[] {"PTR"}); - for (NamingEnumeration ae = attrs.getAll(); ae.hasMoreElements();) { + Attributes attrs = ctx.getAttributes(lookup, new String[]{"PTR"}); + for (NamingEnumeration ae = attrs.getAll(); ae.hasMoreElements(); ) { Attribute attr = (Attribute) ae.next(); - for (Enumeration vals = attr.getAll(); vals.hasMoreElements();) { + for (Enumeration vals = attr.getAll(); vals.hasMoreElements(); ) { Object elem = vals.nextElement(); if ("PTR".equals(attr.getID()) && elem != null) { return elem.toString(); @@ -1270,7 +1329,7 @@ public class SocketCreator { Enumeration en = NetworkInterface.getNetworkInterfaces(); while (en.hasMoreElements()) { NetworkInterface i = (NetworkInterface) en.nextElement(); - for (Enumeration en2 = i.getInetAddresses(); en2.hasMoreElements();) { + for (Enumeration en2 = i.getInetAddresses(); en2.hasMoreElements(); ) { InetAddress addr = (InetAddress) en2.nextElement(); if (host.equals(addr)) { return true; @@ -1293,11 +1352,8 @@ public class SocketCreator { /** * Converts the string host to an instance of InetAddress. Returns null if the string is empty. * Fails Assertion if the conversion would result in <code>java.lang.UnknownHostException</code>. - * <p> - * Any leading slashes on host will be ignored. - * + * <p> Any leading slashes on host will be ignored. * @param host string version the InetAddress - * * @return the host converted to InetAddress instance */ public static InetAddress toInetAddress(String host) { http://git-wip-us.apache.org/repos/asf/geode/blob/4f5262fa/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java b/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java new file mode 100644 index 0000000..f6d263f --- /dev/null +++ b/geode-core/src/test/java/org/apache/geode/internal/net/SocketCreatorJUnitTest.java @@ -0,0 +1,26 @@ +package org.apache.geode.internal.net; + +import org.apache.geode.internal.admin.SSLConfig; +import org.apache.geode.test.junit.categories.UnitTest; +import org.apache.geode.util.test.TestUtil; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +@Category(UnitTest.class) +public class SocketCreatorJUnitTest { + + @Test + public void testCreateSocketCreatorWithKeystoreUnset() throws Exception { + SSLConfig testSSLConfig = new SSLConfig(); + testSSLConfig.setEnabled(true); + testSSLConfig.setKeystore(null); + testSSLConfig.setTruststore(getSingleKeyKeystore()); + testSSLConfig.setTruststorePassword("password"); + SocketCreator socketCreator = new SocketCreator(testSSLConfig); + } + + private String getSingleKeyKeystore() { + return TestUtil.getResourcePath(getClass(), "/ssl/trusted.keystore"); + } + +} \ No newline at end of file
