ignite-4147 - Fail if joining node has different of cluster SSL configuration.
Project: http://git-wip-us.apache.org/repos/asf/ignite/repo Commit: http://git-wip-us.apache.org/repos/asf/ignite/commit/2eb24cad Tree: http://git-wip-us.apache.org/repos/asf/ignite/tree/2eb24cad Diff: http://git-wip-us.apache.org/repos/asf/ignite/diff/2eb24cad Branch: refs/heads/master Commit: 2eb24cad277e14322cf42155697cae78e0f80e13 Parents: b54a481 Author: dkarachentsev <[email protected]> Authored: Wed Jan 18 13:00:25 2017 +0300 Committer: dkarachentsev <[email protected]> Committed: Wed Jan 18 13:00:25 2017 +0300 ---------------------------------------------------------------------- .../ignite/spi/discovery/tcp/ClientImpl.java | 20 ++++- .../ignite/spi/discovery/tcp/ServerImpl.java | 9 ++ .../TcpDiscoverySslSecuredUnsecuredTest.java | 93 ++++++++++++++++++++ .../IgniteSpiDiscoverySelfTestSuite.java | 4 +- 4 files changed, 124 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ignite/blob/2eb24cad/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ClientImpl.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ClientImpl.java b/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ClientImpl.java index 0f5f741..9a1261c 100644 --- a/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ClientImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ClientImpl.java @@ -20,6 +20,7 @@ package org.apache.ignite.spi.discovery.tcp; import java.io.BufferedInputStream; import java.io.IOException; import java.io.InputStream; +import java.io.StreamCorruptedException; import java.net.InetSocketAddress; import java.net.Socket; import java.net.SocketTimeoutException; @@ -44,6 +45,7 @@ import java.util.concurrent.ConcurrentMap; import java.util.concurrent.CountDownLatch; import java.util.concurrent.LinkedBlockingDeque; import java.util.concurrent.atomic.AtomicReference; +import javax.net.ssl.SSLException; import org.apache.ignite.IgniteCheckedException; import org.apache.ignite.IgniteClientDisconnectedException; import org.apache.ignite.IgniteException; @@ -655,6 +657,14 @@ class ClientImpl extends TcpDiscoveryImpl { errs.add(e); + if (X.hasCause(e, SSLException.class)) + throw new IgniteSpiException("Unable to establish secure connection. " + + "Was remote cluster configured with SSL? [rmtAddr=" + addr + ", errMsg=\"" + e.getMessage() + "\"]", e); + + if (X.hasCause(e, StreamCorruptedException.class)) + throw new IgniteSpiException("Unable to establish plain connection. " + + "Was remote cluster configured with SSL? [rmtAddr=" + addr + ", errMsg=\"" + e.getMessage() + "\"]", e); + if (timeoutHelper.checkFailureTimeoutReached(e)) break; @@ -1527,7 +1537,15 @@ class ClientImpl extends TcpDiscoveryImpl { joinCnt++; - T2<SocketStream, Boolean> joinRes = joinTopology(false, spi.joinTimeout); + T2<SocketStream, Boolean> joinRes; + try { + joinRes = joinTopology(false, spi.joinTimeout); + } + catch (IgniteSpiException e) { + joinError(e); + + return; + } if (joinRes == null) { if (join) http://git-wip-us.apache.org/repos/asf/ignite/blob/2eb24cad/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ServerImpl.java ---------------------------------------------------------------------- diff --git a/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ServerImpl.java b/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ServerImpl.java index c791333..40da281 100644 --- a/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ServerImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/spi/discovery/tcp/ServerImpl.java @@ -24,6 +24,7 @@ import java.io.InputStream; import java.io.ObjectStreamException; import java.io.OutputStream; import java.io.Serializable; +import java.io.StreamCorruptedException; import java.net.ConnectException; import java.net.InetAddress; import java.net.InetSocketAddress; @@ -1218,6 +1219,14 @@ class ServerImpl extends TcpDiscoveryImpl { errs.add(e); + if (X.hasCause(e, SSLException.class)) + throw new IgniteException("Unable to establish secure connection. " + + "Was remote cluster configured with SSL? [rmtAddr=" + addr + ", errMsg=\"" + e.getMessage() + "\"]", e); + + if (X.hasCause(e, StreamCorruptedException.class)) + throw new IgniteException("Unable to establish plain connection. " + + "Was remote cluster configured with SSL? [rmtAddr=" + addr + ", errMsg=\"" + e.getMessage() + "\"]", e); + if (timeoutHelper.checkFailureTimeoutReached(e)) break; http://git-wip-us.apache.org/repos/asf/ignite/blob/2eb24cad/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySslSecuredUnsecuredTest.java ---------------------------------------------------------------------- diff --git a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySslSecuredUnsecuredTest.java b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySslSecuredUnsecuredTest.java new file mode 100644 index 0000000..2296165 --- /dev/null +++ b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySslSecuredUnsecuredTest.java @@ -0,0 +1,93 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.spi.discovery.tcp; + +import java.util.concurrent.Callable; +import org.apache.ignite.IgniteCheckedException; +import org.apache.ignite.configuration.IgniteConfiguration; +import org.apache.ignite.testframework.GridTestUtils; +import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; + +/** + * Tests cases when node connects to cluster with different SSL configuration. + * Exception with meaningful message should be thrown. + */ +public class TcpDiscoverySslSecuredUnsecuredTest extends GridCommonAbstractTest { + /** {@inheritDoc} */ + @Override protected IgniteConfiguration getConfiguration(final String gridName) throws Exception { + final IgniteConfiguration cfg = super.getConfiguration(gridName); + + cfg.setClientMode(gridName.contains("client")); + + if (gridName.contains("ssl")) + cfg.setSslContextFactory(GridTestUtils.sslFactory()); + + return cfg; + } + + /** {@inheritDoc} */ + @Override protected void afterTest() throws Exception { + stopAllGrids(); + } + + /** + * @throws Exception If failed. + */ + public void testSecuredUnsecuredServerConnection() throws Exception { + checkConnection("plain-server", "ssl-server"); + } + + /** + * @throws Exception If failed. + */ + public void testUnsecuredSecuredServerConnection() throws Exception { + checkConnection("ssl-server", "plain-server"); + } + + /** + * @throws Exception If failed. + */ + public void testSecuredClientUnsecuredServerConnection() throws Exception { + checkConnection("plain-server", "ssl-client"); + } + + /** + * @throws Exception If failed. + */ + public void testUnsecuredClientSecuredServerConnection() throws Exception { + checkConnection("ssl-server", "plain-client"); + } + + /** + * @param name1 First grid name. + * @param name2 Second grid name. + * @throws Exception If failed. + */ + @SuppressWarnings("ThrowableNotThrown") + private void checkConnection(final String name1, final String name2) throws Exception { + startGrid(name1); + + GridTestUtils.assertThrows(null, new Callable<Object>() { + @Override public Object call() throws Exception { + startGrid(name2); + + return null; + } + }, IgniteCheckedException.class, null); + } +} http://git-wip-us.apache.org/repos/asf/ignite/blob/2eb24cad/modules/core/src/test/java/org/apache/ignite/testsuites/IgniteSpiDiscoverySelfTestSuite.java ---------------------------------------------------------------------- diff --git a/modules/core/src/test/java/org/apache/ignite/testsuites/IgniteSpiDiscoverySelfTestSuite.java b/modules/core/src/test/java/org/apache/ignite/testsuites/IgniteSpiDiscoverySelfTestSuite.java index af7eb7e..98bf6da 100644 --- a/modules/core/src/test/java/org/apache/ignite/testsuites/IgniteSpiDiscoverySelfTestSuite.java +++ b/modules/core/src/test/java/org/apache/ignite/testsuites/IgniteSpiDiscoverySelfTestSuite.java @@ -34,6 +34,7 @@ import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpiConfigSelfTest; import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpiFailureTimeoutSelfTest; import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpiSelfTest; import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpiStartStopSelfTest; +import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySslSecuredUnsecuredTest; import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySslSelfTest; import org.apache.ignite.spi.discovery.tcp.ipfinder.jdbc.TcpDiscoveryJdbcIpFinderSelfTest; import org.apache.ignite.spi.discovery.tcp.ipfinder.multicast.TcpDiscoveryMulticastIpFinderSelfTest; @@ -86,7 +87,8 @@ public class IgniteSpiDiscoverySelfTestSuite extends TestSuite { // SSL. suite.addTest(new TestSuite(TcpDiscoverySslSelfTest.class)); + suite.addTest(new TestSuite(TcpDiscoverySslSecuredUnsecuredTest.class)); return suite; } -} \ No newline at end of file +}
