GEODE-420: adding ssl-http-service-require-authentication property
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/8754dae4 Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/8754dae4 Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/8754dae4 Branch: refs/heads/develop Commit: 8754dae48af43f2159b8f0295e9a443d8de6a71a Parents: 6179a69 Author: Udo Kohlmeyer <[email protected]> Authored: Wed Aug 17 15:44:25 2016 +1000 Committer: Udo Kohlmeyer <[email protected]> Committed: Wed Aug 17 15:44:25 2016 +1000 ---------------------------------------------------------------------- .../distributed/ConfigurationProperties.java | 9 + .../internal/DistributionConfig.java | 33 +++- .../internal/DistributionConfigImpl.java | 12 ++ .../gemfire/internal/admin/SSLConfig.java | 4 +- .../internal/net/SSLConfigurationFactory.java | 36 ++-- .../gemfire/distributed/LocatorDUnitTest.java | 4 +- .../net/SSLConfigurationFactoryTest.java | 163 +++++++++++++++++++ 7 files changed, 240 insertions(+), 21 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8754dae4/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java index 11e961e..fdb3bf6 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/ConfigurationProperties.java @@ -1758,4 +1758,13 @@ public interface ConfigurationProperties { * <U>Since</U>: Geode 1.0 */ String SSL_DEFAULT_ALIAS = "ssl-default-alias"; + /** + * The static String definition of the <i>"ssl-http-service-require-authentication"</i> property + * + * <U>Description</U>If false allows client side's http connection to be authenticated without a 2-way SSL authentication. + * </p> + * <U>Default</U>: "false"</p> + * <U>Since</U>: Geode 1.0 + */ + String SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION = "ssl-http-service-require-authentication"; } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8754dae4/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java index 126342f..8e2a60b 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java @@ -1631,12 +1631,12 @@ public interface DistributionConfig extends Config, LogConfig { @ConfigAttribute(type = int[].class) String MEMBERSHIP_PORT_RANGE_NAME = MEMBERSHIP_PORT_RANGE; - /** set this boolean to restrict membership/communications to use ports in the ephemeral range */ + /** + * set this boolean to restrict membership/communications to use ports in the ephemeral range + */ String RESTRICT_MEMBERSHIP_PORT_RANGE = GEMFIRE_PREFIX + "use-ephemeral-ports"; - int[] DEFAULT_MEMBERSHIP_PORT_RANGE = Boolean.getBoolean(RESTRICT_MEMBERSHIP_PORT_RANGE) - ? new int[] { 32769, 61000 } - : new int[] { 1024, 65535 }; + int[] DEFAULT_MEMBERSHIP_PORT_RANGE = Boolean.getBoolean(RESTRICT_MEMBERSHIP_PORT_RANGE) ? new int[] { 32769, 61000 } : new int[] { 1024, 65535 }; @ConfigAttributeGetter(name = MEMBERSHIP_PORT_RANGE) int[] getMembershipPortRange(); @@ -4540,6 +4540,31 @@ public interface DistributionConfig extends Config, LogConfig { @ConfigAttribute(type = String.class) String SSL_TRUSTSTORE_PASSWORD_NAME = SSL_TRUSTSTORE_PASSWORD; + /** + * Returns the value of the {@link ConfigurationProperties#SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION} + * property. + */ + @ConfigAttributeGetter(name = SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION) + boolean getSSLHTTPRequireAuthentication(); + + /** + * Sets the value of the {@link ConfigurationProperties#SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION} + * property. + */ + @ConfigAttributeSetter(name = SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION) + void setSSLHTTPRequireAuthentication(boolean requiresAuthenatication); + + /** + * The name of the {@link ConfigurationProperties#SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION} property + */ + @ConfigAttribute(type = Boolean.class) + String SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION_NAME = SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION; + + /** + * The default value for http service ssl mutual authentication + */ + boolean DEFAULT_SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION = false; + //*************** Initializers to gather all the annotations in this class ************************ Map<String, ConfigAttribute> attributes = new HashMap<>(); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8754dae4/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java index 26263d3..a5a9aa6 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java @@ -556,6 +556,7 @@ public class DistributionConfigImpl extends AbstractDistributionConfig implement private String sslKeyStorePassword = DEFAULT_SSL_KEYSTORE_PASSWORD; private String sslTrustStore = DEFAULT_SSL_TRUSTSTORE; private String sslTrustStorePassword = DEFAULT_SSL_TRUSTSTORE_PASSWORD; + private boolean sslHttpServiceRequireAuthentication = DEFAULT_SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION; private String locatorSSLAlias = DEFAULT_SSL_ALIAS; @@ -772,6 +773,7 @@ public class DistributionConfigImpl extends AbstractDistributionConfig implement this.sslTrustStorePassword = other.getSSLTrustStorePassword(); this.sslProperties = other.getSSLProperties(); this.sslDefaultAlias = other.getSSLDefaultAlias(); + this.sslHttpServiceRequireAuthentication = other.getSSLHTTPRequireAuthentication(); } @@ -2642,6 +2644,16 @@ public class DistributionConfigImpl extends AbstractDistributionConfig implement this.sslTrustStorePassword = sslTrustStorePassword; } + @Override + public boolean getSSLHTTPRequireAuthentication() { + return sslHttpServiceRequireAuthentication; + } + + @Override + public void setSSLHTTPRequireAuthentication(final boolean requiresAuthenatication) { + this.sslHttpServiceRequireAuthentication = requiresAuthenatication; + } + /////////////////////// Utility Methods /////////////////////// /** http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8754dae4/geode-core/src/main/java/com/gemstone/gemfire/internal/admin/SSLConfig.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/admin/SSLConfig.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/admin/SSLConfig.java index 977d44d..ebf3a7e 100755 --- a/geode-core/src/main/java/com/gemstone/gemfire/internal/admin/SSLConfig.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/admin/SSLConfig.java @@ -30,8 +30,6 @@ import com.gemstone.gemfire.management.internal.SSLUtil; */ public class SSLConfig { - //private static final String PREFIX = "javax.net.ssl."; - private boolean enabled = DistributionConfig.DEFAULT_SSL_ENABLED; private String protocols = DistributionConfig.DEFAULT_SSL_PROTOCOLS; private String ciphers = DistributionConfig.DEFAULT_SSL_CIPHERS; @@ -150,6 +148,8 @@ public class SSLConfig { this.truststoreType = truststoreType; } + + public Properties getProperties() { return this.properties; } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8754dae4/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java b/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java index 9873d03..33378b8 100644 --- a/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java +++ b/geode-core/src/main/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactory.java @@ -62,33 +62,33 @@ public class SSLConfigurationFactory { } private SSLConfig createSSLConfigForComponent(final SSLEnabledComponent sslEnabledComponent) { - SSLConfig sslConfig = new SSLConfig(); - configureClusterSSL(sslConfig, sslEnabledComponent); + SSLConfig sslConfig = createSSLConfig(sslEnabledComponent); SSLEnabledComponent[] sslEnabledComponents = distributionConfig.getSSLEnabledComponents(); - if(sslEnabledComponents.length == 0) - { + if (sslEnabledComponents.length == 0) { sslConfig = configureLegacyClusterSSL(sslConfig); } sslConfig.setSslEnabledComponent(sslEnabledComponent); switch (sslEnabledComponent) { case ALL: { - + //Create a SSLConfig separate for HTTP Service. As the require-authentication might differ + createSSLConfigForComponent(SSLEnabledComponent.HTTP_SERVICE); + break; } case CLUSTER: { if (sslEnabledComponents.length > 0) { - sslConfig.setAlias(distributionConfig.getClusterSSLAlias()); + sslConfig = setAliasForComponent(sslConfig, distributionConfig.getClusterSSLAlias()); } break; } case LOCATOR: { if (sslEnabledComponents.length > 0) { - sslConfig.setAlias(distributionConfig.getLocatorSSLAlias()); + sslConfig = setAliasForComponent(sslConfig, distributionConfig.getLocatorSSLAlias()); } break; } case SERVER: { if (sslEnabledComponents.length > 0) { - sslConfig.setAlias(distributionConfig.getServerSSLAlias()); + sslConfig = setAliasForComponent(sslConfig, distributionConfig.getServerSSLAlias()); } else { sslConfig = configureLegacyServerSSL(sslConfig); } @@ -96,7 +96,7 @@ public class SSLConfigurationFactory { } case GATEWAY: { if (sslEnabledComponents.length > 0) { - sslConfig.setAlias(distributionConfig.getGatewaySSLAlias()); + sslConfig = setAliasForComponent(sslConfig, distributionConfig.getGatewaySSLAlias()); } else { sslConfig = configureLegacyGatewaySSL(sslConfig); } @@ -104,7 +104,8 @@ public class SSLConfigurationFactory { } case HTTP_SERVICE: { if (sslEnabledComponents.length > 0) { - sslConfig.setAlias(distributionConfig.getHTTPServiceSSLAlias()); + sslConfig = setAliasForComponent(sslConfig, distributionConfig.getHTTPServiceSSLAlias()); + sslConfig.setRequireAuth(distributionConfig.getSSLHTTPRequireAuthentication()); } else { sslConfig = configureLegacyHttpServiceSSL(sslConfig); } @@ -112,7 +113,7 @@ public class SSLConfigurationFactory { } case JMX: { if (sslEnabledComponents.length > 0) { - sslConfig.setAlias(distributionConfig.getJMXManagerSSLAlias()); + sslConfig = setAliasForComponent(sslConfig, distributionConfig.getJMXManagerSSLAlias()); } else { sslConfig = configureLegacyJMXSSL(sslConfig); } @@ -123,7 +124,15 @@ public class SSLConfigurationFactory { return sslConfig; } - private void configureClusterSSL(final SSLConfig sslConfig, final SSLEnabledComponent sslEnabledComponent) { + private SSLConfig setAliasForComponent(final SSLConfig sslConfig, final String clusterSSLAlias) { + if (!StringUtils.isEmpty(clusterSSLAlias)) { + sslConfig.setAlias(clusterSSLAlias); + } + return sslConfig; + } + + private SSLConfig createSSLConfig(final SSLEnabledComponent sslEnabledComponent) { + SSLConfig sslConfig = new SSLConfig(); sslConfig.setCiphers(distributionConfig.getSSLCiphers()); sslConfig.setEnabled(determineIfSSLEnabledForSSLComponent(sslEnabledComponent)); sslConfig.setKeystore(distributionConfig.getSSLKeyStore()); @@ -133,6 +142,8 @@ public class SSLConfigurationFactory { sslConfig.setTruststorePassword(distributionConfig.getSSLTrustStorePassword()); sslConfig.setProtocols(distributionConfig.getSSLProtocols()); sslConfig.setRequireAuth(distributionConfig.getSSLRequireAuthentication()); + sslConfig.setAlias(distributionConfig.getSSLDefaultAlias()); + return sslConfig; } private boolean determineIfSSLEnabledForSSLComponent(final SSLEnabledComponent sslEnabledComponent) { @@ -296,6 +307,7 @@ public class SSLConfigurationFactory { registeredSSLConfig.clear(); } + @Deprecated public static SSLConfig getSSLConfigForComponent(final boolean useSSL, final boolean needClientAuth, final String protocols, http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8754dae4/geode-core/src/test/java/com/gemstone/gemfire/distributed/LocatorDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/distributed/LocatorDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/distributed/LocatorDUnitTest.java index 2bff100..8bfce23 100755 --- a/geode-core/src/test/java/com/gemstone/gemfire/distributed/LocatorDUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/distributed/LocatorDUnitTest.java @@ -130,6 +130,7 @@ public class LocatorDUnitTest extends JUnit4DistributedTestCase { system.disconnect(); system = null; } + SocketCreatorFactory.close(); } //////// Test Methods @@ -437,7 +438,6 @@ public class LocatorDUnitTest extends JUnit4DistributedTestCase { @Test @Category(FlakyTest.class) public void testStartTwoLocatorsOneWithSSLAndTheOtherNonSSL() throws Exception { - SocketCreatorFactory.close(); IgnoredException expectedException = IgnoredException.addIgnoredException("Unrecognized SSL message, plaintext connection"); disconnectAllFromDS(); Host host = Host.getHost(0); @@ -497,7 +497,6 @@ public class LocatorDUnitTest extends JUnit4DistributedTestCase { @Test @Category(FlakyTest.class) public void testStartTwoLocatorsOneWithNonSSLAndTheOtherSSL() throws Exception { - SocketCreatorFactory.close(); IgnoredException expectedException = IgnoredException.addIgnoredException("Remote host closed connection during handshake"); disconnectAllFromDS(); Host host = Host.getHost(0); @@ -551,7 +550,6 @@ public class LocatorDUnitTest extends JUnit4DistributedTestCase { @Test @Category(FlakyTest.class) public void testStartTwoLocatorsWithDifferentSSLCertificates() throws Exception { - SocketCreatorFactory.close(); IgnoredException expectedException = IgnoredException.addIgnoredException("Remote host closed connection during handshake"); IgnoredException expectedException2 = IgnoredException.addIgnoredException("unable to find valid certification path to requested target"); IgnoredException expectedException3 = IgnoredException.addIgnoredException("Received fatal alert: certificate_unknown"); http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/8754dae4/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactoryTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactoryTest.java b/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactoryTest.java new file mode 100644 index 0000000..067333e --- /dev/null +++ b/geode-core/src/test/java/com/gemstone/gemfire/internal/net/SSLConfigurationFactoryTest.java @@ -0,0 +1,163 @@ +package com.gemstone.gemfire.internal.net; + +import static com.gemstone.gemfire.distributed.ConfigurationProperties.*; +import static org.junit.Assert.*; + +import java.util.Properties; + +import org.apache.commons.lang.StringUtils; +import org.junit.After; +import org.junit.Test; + +import com.gemstone.gemfire.distributed.internal.DistributionConfig; +import com.gemstone.gemfire.distributed.internal.DistributionConfigImpl; +import com.gemstone.gemfire.internal.admin.SSLConfig; +import com.gemstone.gemfire.test.dunit.internal.JUnit4DistributedTestCase; + +public class SSLConfigurationFactoryTest extends JUnit4DistributedTestCase { + + @After + public void tearDownTest() + { + SSLConfigurationFactory.close(); + } + + @Test + public void getSSLConfigForComponentALL() throws Exception { + Properties properties = new Properties(); + properties.setProperty(SSL_ENABLED_COMPONENTS, "all"); + properties.setProperty(SSL_KEYSTORE, "someKeyStore"); + properties.setProperty(SSL_KEYSTORE_PASSWORD, "keystorePassword"); + properties.setProperty(SSL_KEYSTORE_TYPE, "JKS"); + properties.setProperty(SSL_TRUSTSTORE, "someKeyStore"); + properties.setProperty(SSL_TRUSTSTORE_PASSWORD, "keystorePassword"); + properties.setProperty(SSL_DEFAULT_ALIAS, "defaultAlias"); + properties.setProperty(SSL_CIPHERS, "any"); + properties.setProperty(SSL_PROTOCOLS, "any"); + DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties); + SSLConfigurationFactory.setDistributionConfig(distributionConfig); + for (SSLEnabledComponent sslEnabledComponent : SSLEnabledComponent.values()) { + assertSSLConfig(properties, SSLConfigurationFactory.getSSLConfigForComponent(sslEnabledComponent), sslEnabledComponent, distributionConfig); + } + } + + @Test + public void getSSLConfigForComponentHTTPService() throws Exception { + Properties properties = new Properties(); + properties.setProperty(SSL_ENABLED_COMPONENTS, SSLEnabledComponent.HTTP_SERVICE.getConstant()); + properties.setProperty(SSL_KEYSTORE, "someKeyStore"); + properties.setProperty(SSL_KEYSTORE_PASSWORD, "keystorePassword"); + properties.setProperty(SSL_KEYSTORE_TYPE, "JKS"); + properties.setProperty(SSL_TRUSTSTORE, "someKeyStore"); + properties.setProperty(SSL_TRUSTSTORE_PASSWORD, "keystorePassword"); + properties.setProperty(SSL_DEFAULT_ALIAS, "defaultAlias"); + properties.setProperty(SSL_CIPHERS, "any"); + properties.setProperty(SSL_PROTOCOLS, "any"); + DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties); + SSLConfigurationFactory.setDistributionConfig(distributionConfig); + for (SSLEnabledComponent sslEnabledComponent : SSLEnabledComponent.values()) { + assertSSLConfig(properties, SSLConfigurationFactory.getSSLConfigForComponent(sslEnabledComponent), sslEnabledComponent, distributionConfig); + } + } + + @Test + public void getSSLConfigForComponentHTTPServiceWithAlias() throws Exception { + Properties properties = new Properties(); + properties.setProperty(SSL_ENABLED_COMPONENTS, SSLEnabledComponent.HTTP_SERVICE.getConstant()); + properties.setProperty(SSL_KEYSTORE, "someKeyStore"); + properties.setProperty(SSL_KEYSTORE_PASSWORD, "keystorePassword"); + properties.setProperty(SSL_KEYSTORE_TYPE, "JKS"); + properties.setProperty(SSL_TRUSTSTORE, "someKeyStore"); + properties.setProperty(SSL_TRUSTSTORE_PASSWORD, "keystorePassword"); + properties.setProperty(SSL_DEFAULT_ALIAS, "defaultAlias"); + properties.setProperty(SSL_HTTP_SERVICE_ALIAS, "httpAlias"); + properties.setProperty(SSL_CIPHERS, "any"); + properties.setProperty(SSL_PROTOCOLS, "any"); + DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties); + SSLConfigurationFactory.setDistributionConfig(distributionConfig); + for (SSLEnabledComponent sslEnabledComponent : SSLEnabledComponent.values()) { + assertSSLConfig(properties, SSLConfigurationFactory.getSSLConfigForComponent(sslEnabledComponent), sslEnabledComponent, distributionConfig); + } + } + + @Test + public void getSSLConfigForComponentHTTPServiceWithMutualAuth() throws Exception { + Properties properties = new Properties(); + properties.setProperty(SSL_ENABLED_COMPONENTS, SSLEnabledComponent.HTTP_SERVICE.getConstant()); + properties.setProperty(SSL_KEYSTORE, "someKeyStore"); + properties.setProperty(SSL_KEYSTORE_PASSWORD, "keystorePassword"); + properties.setProperty(SSL_KEYSTORE_TYPE, "JKS"); + properties.setProperty(SSL_TRUSTSTORE, "someKeyStore"); + properties.setProperty(SSL_TRUSTSTORE_PASSWORD, "keystorePassword"); + properties.setProperty(SSL_DEFAULT_ALIAS, "defaultAlias"); + properties.setProperty(SSL_HTTP_SERVICE_ALIAS, "httpAlias"); + properties.setProperty(SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION, "true"); + properties.setProperty(SSL_CIPHERS, "any"); + properties.setProperty(SSL_PROTOCOLS, "any"); + DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties); + SSLConfigurationFactory.setDistributionConfig(distributionConfig); + for (SSLEnabledComponent sslEnabledComponent : SSLEnabledComponent.values()) { + assertSSLConfig(properties, SSLConfigurationFactory.getSSLConfigForComponent(sslEnabledComponent), sslEnabledComponent, distributionConfig); + } + } + + private void assertSSLConfig(final Properties properties, + final SSLConfig sslConfig, + final SSLEnabledComponent expectedSSLEnabledComponent, + final DistributionConfigImpl distributionConfig) { + assertEquals(isSSLComponentEnabled(expectedSSLEnabledComponent, distributionConfig.getSSLEnabledComponents()), sslConfig.isEnabled()); + assertEquals(properties.getProperty(SSL_KEYSTORE), sslConfig.getKeystore()); + assertEquals(properties.getProperty(SSL_KEYSTORE_PASSWORD), sslConfig.getKeystorePassword()); + assertEquals(properties.getProperty(SSL_KEYSTORE_TYPE), sslConfig.getKeystoreType()); + assertEquals(properties.getProperty(SSL_TRUSTSTORE), sslConfig.getTruststore()); + assertEquals(properties.getProperty(SSL_TRUSTSTORE_PASSWORD), sslConfig.getTruststorePassword()); + assertEquals(properties.getProperty(SSL_CIPHERS), sslConfig.getCiphers()); + assertEquals(properties.getProperty(SSL_PROTOCOLS), sslConfig.getProtocols()); + assertEquals(getCorrectAlias(expectedSSLEnabledComponent, properties), sslConfig.getAlias()); + assertEquals(requiresAuthentication(properties, expectedSSLEnabledComponent), sslConfig.isRequireAuth()); + assertEquals(expectedSSLEnabledComponent, sslConfig.getSslEnabledComponent()); + } + + private boolean requiresAuthentication(final Properties properties, final SSLEnabledComponent expectedSSLEnabledComponent) { + boolean defaultAuthentication = expectedSSLEnabledComponent.equals(SSLEnabledComponent.HTTP_SERVICE) ? DistributionConfig.DEFAULT_SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION : DistributionConfig.DEFAULT_SSL_REQUIRE_AUTHENTICATION; + String httpRequiresAuthentication = properties.getProperty(SSL_HTTP_SERVICE_REQUIRE_AUTHENTICATION); + + return httpRequiresAuthentication == null ? defaultAuthentication : Boolean.parseBoolean(httpRequiresAuthentication); + } + + private String getCorrectAlias(final SSLEnabledComponent expectedSSLEnabledComponent, final Properties properties) { + switch (expectedSSLEnabledComponent) { + case ALL: + return properties.getProperty(SSL_DEFAULT_ALIAS); + case CLUSTER: + return getAliasForComponent(properties, SSL_CLUSTER_ALIAS); + case GATEWAY: + return getAliasForComponent(properties, SSL_GATEWAY_ALIAS); + case HTTP_SERVICE: + return getAliasForComponent(properties, SSL_HTTP_SERVICE_ALIAS); + case JMX: + return getAliasForComponent(properties, SSL_JMX_MANAGER_ALIAS); + case LOCATOR: + return getAliasForComponent(properties, SSL_LOCATOR_ALIAS); + case SERVER: + return getAliasForComponent(properties, SSL_SERVER_ALIAS); + default: + return properties.getProperty(SSL_DEFAULT_ALIAS); + } + } + + private String getAliasForComponent(final Properties properties, final String componentAliasProperty) { + String aliasProperty = properties.getProperty(componentAliasProperty); + return !StringUtils.isEmpty(aliasProperty) ? aliasProperty : properties.getProperty(SSL_DEFAULT_ALIAS); + } + + private boolean isSSLComponentEnabled(final SSLEnabledComponent expectedSSLEnabledComponent, final SSLEnabledComponent[] sslEnabledComponents) { + for (SSLEnabledComponent sslEnabledComponent : sslEnabledComponents) { + if (SSLEnabledComponent.ALL.equals(sslEnabledComponent) || sslEnabledComponent.equals(expectedSSLEnabledComponent)) { + return true; + } + } + return false; + } + +} \ No newline at end of file
