GEODE-1834: initilize the socketcreator with the correct ssl settings
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/a4c38a46 Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/a4c38a46 Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/a4c38a46 Branch: refs/heads/feature/GEODE-420 Commit: a4c38a469d0726c8fd59f444e342d3d062c47004 Parents: bb829d3 Author: Jinmei Liao <[email protected]> Authored: Thu Sep 1 09:27:11 2016 -0700 Committer: Jinmei Liao <[email protected]> Committed: Tue Sep 6 08:27:45 2016 -0700 ---------------------------------------------------------------------- .../internal/JmxManagerLocatorRequest.java | 8 +- .../internal/cli/commands/ShellCommands.java | 21 ++- .../ConnectToLocatorSSLDUnitTest.java | 136 +++++++++++++++++++ 3 files changed, 150 insertions(+), 15 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a4c38a46/geode-core/src/main/java/com/gemstone/gemfire/management/internal/JmxManagerLocatorRequest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/JmxManagerLocatorRequest.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/JmxManagerLocatorRequest.java index 861f51d..ac250d0 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/JmxManagerLocatorRequest.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/JmxManagerLocatorRequest.java @@ -25,6 +25,7 @@ import java.util.Properties; import com.gemstone.gemfire.distributed.internal.tcpserver.TcpClient; import com.gemstone.gemfire.internal.DataSerializableFixedID; +import com.gemstone.gemfire.internal.SocketCreator; import com.gemstone.gemfire.internal.Version; /** @@ -80,13 +81,14 @@ public class JmxManagerLocatorRequest implements DataSerializableFixedID { InetAddress networkAddress = InetAddress.getByName(locatorHost); try { - // Changes for 46623 - // initialize the SocketCreator with props which may contain SSL config - // empty distConfProps will reset SocketCreator if (sslConfigProps != null) { distributionConfigProps.putAll(sslConfigProps); } + // re-initialize the SocketCreator with the sslConfigProps. Note this initializes the SocketCreator with cluster-ssl-* settings since + // we are connecting to the locator only. + SocketCreator.getDefaultInstance(distributionConfigProps); + Object responseFromServer = TcpClient.requestToServer(networkAddress, locatorPort, SINGLETON, msTimeout); return (JmxManagerLocatorResponse) responseFromServer; http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a4c38a46/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ShellCommands.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ShellCommands.java b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ShellCommands.java index 09a25a6..daa7262 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ShellCommands.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ShellCommands.java @@ -17,6 +17,8 @@ package com.gemstone.gemfire.management.internal.cli.commands; +import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; + import java.io.BufferedReader; import java.io.BufferedWriter; import java.io.File; @@ -38,11 +40,18 @@ import java.util.Map; import java.util.Map.Entry; import java.util.Properties; import java.util.Set; + import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManagerFactory; +import org.springframework.shell.core.CommandMarker; +import org.springframework.shell.core.ExitShellRequest; +import org.springframework.shell.core.annotation.CliAvailabilityIndicator; +import org.springframework.shell.core.annotation.CliCommand; +import org.springframework.shell.core.annotation.CliOption; + import com.gemstone.gemfire.distributed.internal.DistributionConfig; import com.gemstone.gemfire.internal.ClassPathLoader; import com.gemstone.gemfire.internal.DSFIDFactory; @@ -79,14 +88,6 @@ import com.gemstone.gemfire.management.internal.web.shell.HttpOperationInvoker; import com.gemstone.gemfire.management.internal.web.shell.RestHttpOperationInvoker; import com.gemstone.gemfire.security.AuthenticationFailedException; -import org.springframework.shell.core.CommandMarker; -import org.springframework.shell.core.ExitShellRequest; -import org.springframework.shell.core.annotation.CliAvailabilityIndicator; -import org.springframework.shell.core.annotation.CliCommand; -import org.springframework.shell.core.annotation.CliOption; - -import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; - /** * * @since GemFire 7.0 @@ -308,10 +309,6 @@ public class ShellCommands implements CommandMarker { // Props required to configure a SocketCreator with SSL. // Used for gfsh->locator connection & not needed for gfsh->manager connection if (useSsl || !sslConfigProps.isEmpty()) { - //Fix for 51266 : Added an check for cluster-ssl-enabled proeprty - if (!sslConfigProps.containsKey(DistributionConfig.CLUSTER_SSL_ENABLED_NAME)) { - sslConfigProps.put(DistributionConfig.SSL_ENABLED_NAME, String.valueOf(true)); - } sslConfigProps.put(MCAST_PORT, String.valueOf(0)); sslConfigProps.put(LOCATORS, ""); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/a4c38a46/geode-core/src/test/java/com/gemstone/gemfire/management/ConnectToLocatorSSLDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/management/ConnectToLocatorSSLDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/management/ConnectToLocatorSSLDUnitTest.java new file mode 100644 index 0000000..c90e157 --- /dev/null +++ b/geode-core/src/test/java/com/gemstone/gemfire/management/ConnectToLocatorSSLDUnitTest.java @@ -0,0 +1,136 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.gemstone.gemfire.management; + +import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; +import static com.gemstone.gemfire.internal.Assert.assertTrue; +import static com.gemstone.gemfire.util.test.TestUtil.*; +import static org.junit.Assert.*; + +import java.io.File; +import java.io.FileOutputStream; +import java.io.OutputStream; +import java.util.Properties; + +import org.junit.After; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; +import org.junit.rules.TemporaryFolder; + +import com.gemstone.gemfire.distributed.Locator; +import com.gemstone.gemfire.internal.AvailablePortHelper; +import com.gemstone.gemfire.management.cli.Result.Status; +import com.gemstone.gemfire.management.internal.cli.CliUtil; +import com.gemstone.gemfire.management.internal.cli.HeadlessGfsh; +import com.gemstone.gemfire.management.internal.cli.i18n.CliStrings; +import com.gemstone.gemfire.management.internal.cli.result.CommandResult; +import com.gemstone.gemfire.management.internal.cli.util.CommandStringBuilder; +import com.gemstone.gemfire.test.dunit.Host; +import com.gemstone.gemfire.test.dunit.VM; +import com.gemstone.gemfire.test.dunit.internal.JUnit4DistributedTestCase; +import com.gemstone.gemfire.test.junit.categories.DistributedTest; +import com.gemstone.gemfire.test.junit.rules.serializable.SerializableTemporaryFolder; + +@Category(DistributedTest.class) +public class ConnectToLocatorSSLDUnitTest extends JUnit4DistributedTestCase { + protected VM locator = null; + protected File jks = null; + protected File securityPropsFile = null; + + @Rule + public TemporaryFolder folder = new SerializableTemporaryFolder(); + + @Before + public void before() throws Exception { + final Host host = Host.getHost(0); + this.locator = host.getVM(0); + this.jks = new File(getResourcePath(getClass(), "/ssl/trusted.keystore")); + securityPropsFile = folder.newFile("security.properties"); + } + + @After + public void after() throws Exception { + securityPropsFile.delete(); + CliUtil.isGfshVM = false; + } + + @Test + public void testConnectToLocatorWithClusterSSL() throws Exception{ + Properties securityProps = new Properties(); + securityProps.setProperty(CLUSTER_SSL_ENABLED, "true"); + securityProps.setProperty(CLUSTER_SSL_KEYSTORE, jks.getCanonicalPath()); + securityProps.setProperty(CLUSTER_SSL_KEYSTORE_PASSWORD, "password"); + securityProps.setProperty(CLUSTER_SSL_KEYSTORE_TYPE, "JKS"); + securityProps.setProperty(CLUSTER_SSL_TRUSTSTORE, jks.getCanonicalPath()); + securityProps.setProperty(CLUSTER_SSL_TRUSTSTORE_PASSWORD, "password"); + + setUpLocatorAndConnect(securityProps); + } + + @Test + public void testConnectToLocatorWithJMXSSL() throws Exception{ + Properties securityProps = new Properties(); + securityProps.setProperty(JMX_MANAGER_SSL_ENABLED, "true"); + securityProps.setProperty(JMX_MANAGER_SSL_KEYSTORE, jks.getCanonicalPath()); + securityProps.setProperty(JMX_MANAGER_SSL_KEYSTORE_PASSWORD, "password"); + securityProps.setProperty(JMX_MANAGER_SSL_KEYSTORE_TYPE, "JKS"); + securityProps.setProperty(JMX_MANAGER_SSL_TRUSTSTORE, jks.getCanonicalPath()); + securityProps.setProperty(JMX_MANAGER_SSL_TRUSTSTORE_PASSWORD, "password"); + + setUpLocatorAndConnect(securityProps); + } + + public void setUpLocatorAndConnect(Properties securityProps) throws Exception{ + // set up locator with cluster-ssl-* + int[] ports = AvailablePortHelper.getRandomAvailableTCPPorts(2); + int locatorPort = ports[0]; + int jmxPort = ports[1]; + + locator.invoke(()->{ + Properties props = new Properties(); + props.setProperty(MCAST_PORT, "0"); + props.put(JMX_MANAGER, "true"); + props.put(JMX_MANAGER_START, "true"); + props.put(JMX_MANAGER_PORT, jmxPort+""); + props.putAll(securityProps); + Locator.startLocatorAndDS(locatorPort, folder.newFile("locator.log"), props); + }); + + // saving the securityProps to a file + OutputStream out = new FileOutputStream(securityPropsFile); + securityProps.store(out, ""); + + // run gfsh connect command in this vm + CliUtil.isGfshVM = true; + String shellId = getClass().getSimpleName(); + HeadlessGfsh gfsh = new HeadlessGfsh(shellId, 30, folder.newFolder("gfsh_files").getCanonicalPath()); + + // connect to the locator with the saved property file + final CommandStringBuilder command = new CommandStringBuilder(CliStrings.CONNECT); + command.addOption(CliStrings.CONNECT__LOCATOR, "localhost[" + locatorPort + "]"); + command.addOption(CliStrings.CONNECT__SECURITY_PROPERTIES, securityPropsFile.getCanonicalPath()); + + gfsh.executeCommand(command.toString()); + CommandResult result = (CommandResult)gfsh.getResult(); + assertEquals(result.getStatus(), Status.OK); + assertTrue(result.getContent().toString().contains("Successfully connected to")); + } + +}
