This is an automated email from the ASF dual-hosted git repository.
av pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ignite.git
The following commit(s) were added to refs/heads/master by this push:
new 10288411024 IGNITE-19335 CommandHandler SSL migration (from
GridSslBasicContextFactory to SslContextFactory) (#10658)
10288411024 is described below
commit 10288411024ac4f4be0e191a9c45257341c0abff
Author: Anton Vinogradov <[email protected]>
AuthorDate: Fri Apr 21 12:17:57 2023 +0300
IGNITE-19335 CommandHandler SSL migration (from GridSslBasicContextFactory
to SslContextFactory) (#10658)
---
.../ClientAbstractMultiThreadedSelfTest.java | 8 +-
.../internal/client/ClientSslParametersTest.java | 16 +-
.../client/ClientTcpMultiThreadedSelfTest.java | 5 +-
.../client/ClientTcpSslAuthenticationSelfTest.java | 8 +-
.../client/ClientTcpSslMultiThreadedSelfTest.java | 7 +-
.../ClientAbstractMultiNodeSelfTest.java | 10 +-
.../client/integration/ClientAbstractSelfTest.java | 7 +-
.../integration/ClientTcpDirectSelfTest.java | 5 +-
.../client/integration/ClientTcpSelfTest.java | 5 +-
.../ClientTcpSslDirectMultiNodeSelfTest.java | 7 +-
.../integration/ClientTcpSslDirectSelfTest.java | 7 +-
.../integration/ClientTcpSslMultiNodeSelfTest.java | 7 +-
.../client/integration/ClientTcpSslSelfTest.java | 7 +-
.../internal/client/router/TcpRouterSelfTest.java | 5 +-
.../client/router/TcpSslRouterSelfTest.java | 7 +-
.../src/test/resources/spring-router-ssl.xml | 2 +-
.../src/test/resources/spring-server-ssl-node.xml | 4 +-
.../internal/commandline/CommandHandler.java | 29 +-
.../internal/client/GridClientConfiguration.java | 16 +-
.../internal/client/impl/GridClientImpl.java | 16 +-
.../client/router/GridTcpRouterConfiguration.java | 10 +-
.../client/router/impl/GridTcpRouterImpl.java | 12 +-
.../client/ssl/GridSslBasicContextFactory.java | 521 ---------------------
.../internal/client/ssl/GridSslContextFactory.java | 3 -
.../apache/ignite/testframework/GridTestUtils.java | 21 +-
25 files changed, 95 insertions(+), 650 deletions(-)
diff --git
a/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientAbstractMultiThreadedSelfTest.java
b/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientAbstractMultiThreadedSelfTest.java
index 5543ea138fb..a2c9bf1271a 100644
---
a/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientAbstractMultiThreadedSelfTest.java
+++
b/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientAbstractMultiThreadedSelfTest.java
@@ -28,6 +28,8 @@ import java.util.concurrent.ConcurrentLinkedQueue;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.atomic.AtomicLong;
import java.util.concurrent.atomic.AtomicReference;
+import javax.cache.configuration.Factory;
+import javax.net.ssl.SSLContext;
import org.apache.ignite.Ignite;
import org.apache.ignite.compute.ComputeJob;
import org.apache.ignite.compute.ComputeJobAdapter;
@@ -38,12 +40,12 @@ import
org.apache.ignite.configuration.ConnectorConfiguration;
import org.apache.ignite.configuration.IgniteConfiguration;
import org.apache.ignite.internal.IgniteInternalFuture;
import org.apache.ignite.internal.client.balancer.GridClientRoundRobinBalancer;
-import org.apache.ignite.internal.client.ssl.GridSslContextFactory;
import org.apache.ignite.internal.util.typedef.internal.U;
import org.apache.ignite.lang.IgniteBiTuple;
import org.apache.ignite.resources.IgniteInstanceResource;
import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest;
import org.junit.Test;
+
import static org.apache.ignite.cache.CacheMode.PARTITIONED;
import static org.apache.ignite.cache.CacheMode.REPLICATED;
import static org.apache.ignite.cache.CacheWriteSynchronizationMode.FULL_ASYNC;
@@ -113,7 +115,7 @@ public abstract class ClientAbstractMultiThreadedSelfTest
extends GridCommonAbst
/**
* @return SSL context factory to use if SSL is enabled.
*/
- protected abstract GridSslContextFactory sslContextFactory();
+ protected abstract Factory<SSLContext> sslContextFactory();
/**
* @return Topology refresh frequency interval.
@@ -158,7 +160,7 @@ public abstract class ClientAbstractMultiThreadedSelfTest
extends GridCommonAbst
if (useSsl()) {
clientCfg.setSslEnabled(true);
- clientCfg.setSslContextFactory(sslContextFactory());
+ clientCfg.setSslFactory(sslContextFactory());
}
c.setConnectorConfiguration(clientCfg);
diff --git
a/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientSslParametersTest.java
b/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientSslParametersTest.java
index 325caaaed10..27d01e4c8a2 100644
---
a/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientSslParametersTest.java
+++
b/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientSslParametersTest.java
@@ -23,7 +23,6 @@ import java.util.concurrent.Callable;
import org.apache.ignite.configuration.CacheConfiguration;
import org.apache.ignite.configuration.ConnectorConfiguration;
import org.apache.ignite.configuration.IgniteConfiguration;
-import org.apache.ignite.internal.client.ssl.GridSslBasicContextFactory;
import org.apache.ignite.internal.util.typedef.F;
import org.apache.ignite.ssl.SslContextFactory;
import org.apache.ignite.testframework.GridTestUtils;
@@ -67,7 +66,7 @@ public class ClientSslParametersTest extends
GridCommonAbstractTest {
cfg.setServers(Collections.singleton("127.0.0.1:11211"));
- cfg.setSslContextFactory(createOldSslFactory());
+ cfg.setSslContextFactory(createSslFactory());
return cfg;
}
@@ -85,19 +84,6 @@ public class ClientSslParametersTest extends
GridCommonAbstractTest {
return factory;
}
- /**
- * @return SSL Factory.
- */
- @NotNull private GridSslBasicContextFactory createOldSslFactory() {
- GridSslBasicContextFactory factory =
(GridSslBasicContextFactory)GridTestUtils.sslContextFactory();
-
- factory.setCipherSuites(cipherSuites);
-
- factory.setProtocols(protocols);
-
- return factory;
- }
-
/** {@inheritDoc} */
@Override protected void afterTest() throws Exception {
stopAllGrids();
diff --git
a/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientTcpMultiThreadedSelfTest.java
b/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientTcpMultiThreadedSelfTest.java
index 1f2d41cd844..26eabca32d0 100644
---
a/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientTcpMultiThreadedSelfTest.java
+++
b/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientTcpMultiThreadedSelfTest.java
@@ -17,7 +17,8 @@
package org.apache.ignite.internal.client;
-import org.apache.ignite.internal.client.ssl.GridSslContextFactory;
+import javax.cache.configuration.Factory;
+import javax.net.ssl.SSLContext;
/**
* Runs multi-threaded tests on tcp binary protocol (ssl is disabled).
@@ -39,7 +40,7 @@ public class ClientTcpMultiThreadedSelfTest extends
ClientAbstractMultiThreadedS
}
/** {@inheritDoc} */
- @Override protected GridSslContextFactory sslContextFactory() {
+ @Override protected Factory<SSLContext> sslContextFactory() {
return null;
}
}
diff --git
a/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientTcpSslAuthenticationSelfTest.java
b/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientTcpSslAuthenticationSelfTest.java
index b58e6326bdb..94dfeb13a9d 100644
---
a/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientTcpSslAuthenticationSelfTest.java
+++
b/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientTcpSslAuthenticationSelfTest.java
@@ -26,10 +26,10 @@ import
org.apache.ignite.configuration.ConnectorConfiguration;
import org.apache.ignite.configuration.IgniteConfiguration;
import org.apache.ignite.internal.client.balancer.GridClientRoundRobinBalancer;
import org.apache.ignite.internal.client.impl.GridClientImpl;
-import org.apache.ignite.internal.client.ssl.GridSslBasicContextFactory;
import org.apache.ignite.internal.util.typedef.G;
import org.apache.ignite.internal.util.typedef.X;
import org.apache.ignite.internal.util.typedef.internal.U;
+import org.apache.ignite.ssl.SslContextFactory;
import org.apache.ignite.testframework.GridTestUtils;
import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest;
import org.junit.Test;
@@ -78,11 +78,11 @@ public class ClientTcpSslAuthenticationSelfTest extends
GridCommonAbstractTest {
clientCfg.setSslClientAuth(checkClient);
clientCfg.setSslClientAuth(checkClient);
- GridSslBasicContextFactory factory =
(GridSslBasicContextFactory)GridTestUtils.sslContextFactory();
+ SslContextFactory factory =
(SslContextFactory)GridTestUtils.sslFactory();
factory.setTrustManagers(srvTrustMgr);
- clientCfg.setSslContextFactory(factory);
+ clientCfg.setSslFactory(factory);
c.setConnectorConfiguration(clientCfg);
@@ -101,7 +101,7 @@ public class ClientTcpSslAuthenticationSelfTest extends
GridCommonAbstractTest {
cfg.setServers(Arrays.asList(U.getLocalHost().getHostAddress() + ":" +
REST_TCP_PORT));
cfg.setBalancer(new GridClientRoundRobinBalancer());
- GridSslBasicContextFactory factory =
(GridSslBasicContextFactory)GridTestUtils.sslContextFactory();
+ SslContextFactory factory =
(SslContextFactory)GridTestUtils.sslFactory();
factory.setTrustManagers(clientTrustMgr);
diff --git
a/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientTcpSslMultiThreadedSelfTest.java
b/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientTcpSslMultiThreadedSelfTest.java
index 8dbd5f60356..1d9bd94afab 100644
---
a/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientTcpSslMultiThreadedSelfTest.java
+++
b/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientTcpSslMultiThreadedSelfTest.java
@@ -17,7 +17,8 @@
package org.apache.ignite.internal.client;
-import org.apache.ignite.internal.client.ssl.GridSslContextFactory;
+import javax.cache.configuration.Factory;
+import javax.net.ssl.SSLContext;
import org.apache.ignite.testframework.GridTestUtils;
/**
@@ -40,7 +41,7 @@ public class ClientTcpSslMultiThreadedSelfTest extends
ClientAbstractMultiThread
}
/** {@inheritDoc} */
- @Override protected GridSslContextFactory sslContextFactory() {
- return GridTestUtils.sslContextFactory();
+ @Override protected Factory<SSLContext> sslContextFactory() {
+ return GridTestUtils.sslFactory();
}
}
diff --git
a/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientAbstractMultiNodeSelfTest.java
b/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientAbstractMultiNodeSelfTest.java
index 0d17ee4bc9c..67a591b4bb4 100644
---
a/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientAbstractMultiNodeSelfTest.java
+++
b/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientAbstractMultiNodeSelfTest.java
@@ -26,6 +26,8 @@ import java.util.List;
import java.util.UUID;
import java.util.concurrent.Callable;
import java.util.concurrent.CountDownLatch;
+import javax.cache.configuration.Factory;
+import javax.net.ssl.SSLContext;
import org.apache.ignite.Ignite;
import org.apache.ignite.IgniteException;
import org.apache.ignite.cluster.ClusterNode;
@@ -50,7 +52,6 @@ import org.apache.ignite.internal.client.GridClientProtocol;
import org.apache.ignite.internal.client.GridClientTopologyListener;
import org.apache.ignite.internal.client.balancer.GridClientLoadBalancer;
import org.apache.ignite.internal.client.balancer.GridClientRoundRobinBalancer;
-import org.apache.ignite.internal.client.ssl.GridSslContextFactory;
import org.apache.ignite.internal.managers.communication.GridIoMessage;
import org.apache.ignite.internal.processors.cache.GridCacheContext;
import
org.apache.ignite.internal.processors.cache.distributed.GridDistributedLockRequest;
@@ -71,6 +72,7 @@ import org.apache.ignite.testframework.GridTestUtils;
import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest;
import org.jetbrains.annotations.Nullable;
import org.junit.Test;
+
import static java.util.concurrent.TimeUnit.MILLISECONDS;
import static org.apache.ignite.cache.CacheMode.PARTITIONED;
import static org.apache.ignite.cache.CacheMode.REPLICATED;
@@ -140,7 +142,7 @@ public abstract class ClientAbstractMultiNodeSelfTest
extends GridCommonAbstract
/**
* @return SSL context factory to use if SSL or {@code null} to disable
SSL usage.
*/
- @Nullable protected GridSslContextFactory sslContextFactory() {
+ @Nullable protected Factory<SSLContext> sslContextFactory() {
return null;
}
@@ -157,11 +159,11 @@ public abstract class ClientAbstractMultiNodeSelfTest
extends GridCommonAbstract
clientCfg.setPort(REST_TCP_PORT_BASE);
- GridSslContextFactory sslCtxFactory = sslContextFactory();
+ Factory<SSLContext> sslCtxFactory = sslContextFactory();
if (sslCtxFactory != null) {
clientCfg.setSslEnabled(true);
- clientCfg.setSslContextFactory(sslCtxFactory);
+ clientCfg.setSslFactory(sslCtxFactory);
}
c.setConnectorConfiguration(clientCfg);
diff --git
a/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientAbstractSelfTest.java
b/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientAbstractSelfTest.java
index c06933c1928..8be7ef8b664 100644
---
a/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientAbstractSelfTest.java
+++
b/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientAbstractSelfTest.java
@@ -35,6 +35,7 @@ import java.util.concurrent.ThreadFactory;
import java.util.concurrent.atomic.AtomicInteger;
import javax.cache.Cache;
import javax.cache.configuration.Factory;
+import javax.net.ssl.SSLContext;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.apache.ignite.IgniteException;
@@ -61,7 +62,6 @@ import org.apache.ignite.internal.client.GridClientNode;
import org.apache.ignite.internal.client.GridClientPredicate;
import org.apache.ignite.internal.client.GridClientProtocol;
import org.apache.ignite.internal.client.GridServerUnreachableException;
-import org.apache.ignite.internal.client.ssl.GridSslContextFactory;
import org.apache.ignite.internal.util.typedef.F;
import org.apache.ignite.internal.util.typedef.internal.U;
import org.apache.ignite.lang.IgniteBiInClosure;
@@ -70,6 +70,7 @@ import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.junit.Assert;
import org.junit.Test;
+
import static org.apache.ignite.IgniteSystemProperties.IGNITE_JETTY_PORT;
import static org.apache.ignite.cache.CacheMode.PARTITIONED;
import static org.apache.ignite.cache.CacheMode.REPLICATED;
@@ -181,7 +182,7 @@ public abstract class ClientAbstractSelfTest extends
GridCommonAbstractTest {
/**
* @return SSL context factory used in test.
*/
- protected abstract GridSslContextFactory sslContextFactory();
+ protected abstract Factory<SSLContext> sslContextFactory();
/**
* Get task name.
@@ -223,7 +224,7 @@ public abstract class ClientAbstractSelfTest extends
GridCommonAbstractTest {
if (useSsl()) {
clientCfg.setSslEnabled(true);
- clientCfg.setSslContextFactory(sslContextFactory());
+ clientCfg.setSslFactory(sslContextFactory());
}
cfg.setConnectorConfiguration(clientCfg);
diff --git
a/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpDirectSelfTest.java
b/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpDirectSelfTest.java
index d115865e257..46561bd32e2 100644
---
a/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpDirectSelfTest.java
+++
b/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpDirectSelfTest.java
@@ -18,10 +18,11 @@
package org.apache.ignite.internal.client.integration;
import java.util.Collections;
+import javax.cache.configuration.Factory;
+import javax.net.ssl.SSLContext;
import org.apache.ignite.internal.client.GridClientConfiguration;
import org.apache.ignite.internal.client.GridClientException;
import org.apache.ignite.internal.client.GridClientProtocol;
-import org.apache.ignite.internal.client.ssl.GridSslContextFactory;
/**
*
@@ -43,7 +44,7 @@ public class ClientTcpDirectSelfTest extends
ClientAbstractSelfTest {
}
/** {@inheritDoc} */
- @Override protected GridSslContextFactory sslContextFactory() {
+ @Override protected Factory<SSLContext> sslContextFactory() {
return null;
}
diff --git
a/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSelfTest.java
b/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSelfTest.java
index c1c1e8839a1..97be4085f8f 100644
---
a/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSelfTest.java
+++
b/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSelfTest.java
@@ -17,8 +17,9 @@
package org.apache.ignite.internal.client.integration;
+import javax.cache.configuration.Factory;
+import javax.net.ssl.SSLContext;
import org.apache.ignite.internal.client.GridClientProtocol;
-import org.apache.ignite.internal.client.ssl.GridSslContextFactory;
/**
* Tests TCP protocol.
@@ -40,7 +41,7 @@ public class ClientTcpSelfTest extends ClientAbstractSelfTest
{
}
/** {@inheritDoc} */
- @Override protected GridSslContextFactory sslContextFactory() {
+ @Override protected Factory<SSLContext> sslContextFactory() {
return null;
}
}
diff --git
a/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSslDirectMultiNodeSelfTest.java
b/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSslDirectMultiNodeSelfTest.java
index b2ee1ecd4ac..ac7b4bf73cd 100644
---
a/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSslDirectMultiNodeSelfTest.java
+++
b/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSslDirectMultiNodeSelfTest.java
@@ -20,10 +20,11 @@ package org.apache.ignite.internal.client.integration;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
+import javax.cache.configuration.Factory;
+import javax.net.ssl.SSLContext;
import org.apache.ignite.internal.client.GridClientConfiguration;
import org.apache.ignite.internal.client.GridClientException;
import org.apache.ignite.internal.client.GridClientProtocol;
-import org.apache.ignite.internal.client.ssl.GridSslContextFactory;
import org.apache.ignite.testframework.GridTestUtils;
/**
@@ -41,8 +42,8 @@ public class ClientTcpSslDirectMultiNodeSelfTest extends
ClientAbstractMultiNode
}
/** {@inheritDoc} */
- @Override protected GridSslContextFactory sslContextFactory() {
- return GridTestUtils.sslContextFactory();
+ @Override protected Factory<SSLContext> sslContextFactory() {
+ return GridTestUtils.sslFactory();
}
/** {@inheritDoc} */
diff --git
a/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSslDirectSelfTest.java
b/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSslDirectSelfTest.java
index 3e5e984ae57..48707963d8d 100644
---
a/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSslDirectSelfTest.java
+++
b/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSslDirectSelfTest.java
@@ -18,10 +18,11 @@
package org.apache.ignite.internal.client.integration;
import java.util.Collections;
+import javax.cache.configuration.Factory;
+import javax.net.ssl.SSLContext;
import org.apache.ignite.internal.client.GridClientConfiguration;
import org.apache.ignite.internal.client.GridClientException;
import org.apache.ignite.internal.client.GridClientProtocol;
-import org.apache.ignite.internal.client.ssl.GridSslContextFactory;
import org.apache.ignite.testframework.GridTestUtils;
/**
@@ -44,8 +45,8 @@ public class ClientTcpSslDirectSelfTest extends
ClientAbstractSelfTest {
}
/** {@inheritDoc} */
- @Override protected GridSslContextFactory sslContextFactory() {
- return GridTestUtils.sslContextFactory();
+ @Override protected Factory<SSLContext> sslContextFactory() {
+ return GridTestUtils.sslFactory();
}
/** {@inheritDoc} */
diff --git
a/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSslMultiNodeSelfTest.java
b/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSslMultiNodeSelfTest.java
index f8b7effc4c2..939f413a985 100644
---
a/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSslMultiNodeSelfTest.java
+++
b/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSslMultiNodeSelfTest.java
@@ -17,8 +17,9 @@
package org.apache.ignite.internal.client.integration;
+import javax.cache.configuration.Factory;
+import javax.net.ssl.SSLContext;
import org.apache.ignite.internal.client.GridClientProtocol;
-import org.apache.ignite.internal.client.ssl.GridSslContextFactory;
import org.apache.ignite.testframework.GridTestUtils;
/**
@@ -36,7 +37,7 @@ public class ClientTcpSslMultiNodeSelfTest extends
ClientAbstractMultiNodeSelfTe
}
/** {@inheritDoc} */
- @Override protected GridSslContextFactory sslContextFactory() {
- return GridTestUtils.sslContextFactory();
+ @Override protected Factory<SSLContext> sslContextFactory() {
+ return GridTestUtils.sslFactory();
}
}
diff --git
a/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSslSelfTest.java
b/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSslSelfTest.java
index 9b809f2327b..7a094ff86d1 100644
---
a/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSslSelfTest.java
+++
b/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSslSelfTest.java
@@ -17,8 +17,9 @@
package org.apache.ignite.internal.client.integration;
+import javax.cache.configuration.Factory;
+import javax.net.ssl.SSLContext;
import org.apache.ignite.internal.client.GridClientProtocol;
-import org.apache.ignite.internal.client.ssl.GridSslContextFactory;
import org.apache.ignite.testframework.GridTestUtils;
/**
@@ -41,7 +42,7 @@ public class ClientTcpSslSelfTest extends
ClientAbstractSelfTest {
}
/** {@inheritDoc} */
- @Override protected GridSslContextFactory sslContextFactory() {
- return GridTestUtils.sslContextFactory();
+ @Override protected Factory<SSLContext> sslContextFactory() {
+ return GridTestUtils.sslFactory();
}
}
diff --git
a/modules/clients/src/test/java/org/apache/ignite/internal/client/router/TcpRouterSelfTest.java
b/modules/clients/src/test/java/org/apache/ignite/internal/client/router/TcpRouterSelfTest.java
index 08daf8bd697..33e24a8d99d 100644
---
a/modules/clients/src/test/java/org/apache/ignite/internal/client/router/TcpRouterSelfTest.java
+++
b/modules/clients/src/test/java/org/apache/ignite/internal/client/router/TcpRouterSelfTest.java
@@ -17,7 +17,8 @@
package org.apache.ignite.internal.client.router;
-import org.apache.ignite.internal.client.ssl.GridSslContextFactory;
+import javax.cache.configuration.Factory;
+import javax.net.ssl.SSLContext;
/**
* Tests the simplest use case for router: singe router proxies connections to
a single node.
@@ -29,7 +30,7 @@ public class TcpRouterSelfTest extends
TcpRouterAbstractSelfTest {
}
/** {@inheritDoc} */
- @Override protected GridSslContextFactory sslContextFactory() {
+ @Override protected Factory<SSLContext> sslContextFactory() {
return null;
}
}
diff --git
a/modules/clients/src/test/java/org/apache/ignite/internal/client/router/TcpSslRouterSelfTest.java
b/modules/clients/src/test/java/org/apache/ignite/internal/client/router/TcpSslRouterSelfTest.java
index 3e710f08796..659a3abd8bc 100644
---
a/modules/clients/src/test/java/org/apache/ignite/internal/client/router/TcpSslRouterSelfTest.java
+++
b/modules/clients/src/test/java/org/apache/ignite/internal/client/router/TcpSslRouterSelfTest.java
@@ -17,8 +17,9 @@
package org.apache.ignite.internal.client.router;
+import javax.cache.configuration.Factory;
+import javax.net.ssl.SSLContext;
import org.apache.ignite.IgniteCheckedException;
-import org.apache.ignite.internal.client.ssl.GridSslContextFactory;
import org.apache.ignite.testframework.GridTestUtils;
import org.junit.Ignore;
@@ -33,8 +34,8 @@ public class TcpSslRouterSelfTest extends
TcpRouterAbstractSelfTest {
}
/** {@inheritDoc} */
- @Override protected GridSslContextFactory sslContextFactory() {
- return GridTestUtils.sslContextFactory();
+ @Override protected Factory<SSLContext> sslContextFactory() {
+ return GridTestUtils.sslFactory();
}
/**
diff --git a/modules/clients/src/test/resources/spring-router-ssl.xml
b/modules/clients/src/test/resources/spring-router-ssl.xml
index e145cce9844..f083704a618 100644
--- a/modules/clients/src/test/resources/spring-router-ssl.xml
+++ b/modules/clients/src/test/resources/spring-router-ssl.xml
@@ -83,7 +83,7 @@
<!-- Provide Ssl context. -->
<property name="sslContextFactory">
- <bean
class="org.apache.ignite.internal.client.ssl.GridSslBasicContextFactory">
+ <bean class="org.apache.ignite.ssl.SslContextFactory">
<property name="keyStoreFilePath"
value="${CLIENTS_MODULE_PATH}/src/test/keystore/server.jks"/>
<property name="keyStorePassword" value="123456"/>
<property name="trustStoreFilePath"
value="${CLIENTS_MODULE_PATH}/src/test/keystore/trust-one.jks"/>
diff --git a/modules/clients/src/test/resources/spring-server-ssl-node.xml
b/modules/clients/src/test/resources/spring-server-ssl-node.xml
index 8589a3c6ffe..eb27cc68262 100644
--- a/modules/clients/src/test/resources/spring-server-ssl-node.xml
+++ b/modules/clients/src/test/resources/spring-server-ssl-node.xml
@@ -68,8 +68,8 @@
<!-- Sets flag indicating whether or not SSL client
authentication is required. -->
<property name="sslClientAuth" value="true"/>
- <property name="sslContextFactory">
- <bean
class="org.apache.ignite.internal.client.ssl.GridSslBasicContextFactory">
+ <property name="sslFactory">
+ <bean class="org.apache.ignite.ssl.SslContextFactory">
<property name="keyStoreFilePath"
value="${CLIENTS_MODULE_PATH}/src/test/keystore/server.jks"/>
<property name="keyStorePassword" value="123456"/>
<property name="trustStoreFilePath"
value="${CLIENTS_MODULE_PATH}/src/test/keystore/trust-one.jks"/>
diff --git
a/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/CommandHandler.java
b/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/CommandHandler.java
index 967f0114cc5..6edcda692aa 100644
---
a/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/CommandHandler.java
+++
b/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/CommandHandler.java
@@ -27,7 +27,6 @@ import java.util.List;
import java.util.Map;
import java.util.Scanner;
import java.util.UUID;
-import java.util.stream.Collectors;
import org.apache.ignite.IgniteCheckedException;
import org.apache.ignite.IgniteException;
import org.apache.ignite.IgniteLogger;
@@ -39,7 +38,6 @@ import
org.apache.ignite.internal.client.GridClientDisconnectedException;
import org.apache.ignite.internal.client.GridClientHandshakeException;
import org.apache.ignite.internal.client.GridServerUnreachableException;
import
org.apache.ignite.internal.client.impl.connection.GridClientConnectionResetException;
-import org.apache.ignite.internal.client.ssl.GridSslBasicContextFactory;
import org.apache.ignite.internal.logger.IgniteLoggerEx;
import org.apache.ignite.internal.util.typedef.F;
import org.apache.ignite.internal.util.typedef.X;
@@ -572,18 +570,21 @@ public class CommandHandler {
* @param args Commond args.
* @return Ssl support factory.
*/
- @NotNull private GridSslBasicContextFactory
createSslSupportFactory(ConnectionAndSslParameters args) {
- GridSslBasicContextFactory factory = new GridSslBasicContextFactory();
+ @NotNull private SslContextFactory
createSslSupportFactory(ConnectionAndSslParameters args) {
+ SslContextFactory factory = new SslContextFactory();
- List<String> sslProtocols = split(args.sslProtocol(), ",");
+ String[] sslProtocols = split(args.sslProtocol(), ",");
- String sslProtocol = F.isEmpty(sslProtocols) ? DFLT_SSL_PROTOCOL :
sslProtocols.get(0);
+ if (F.isEmpty(sslProtocols))
+ factory.setProtocol(DFLT_SSL_PROTOCOL);
+ else {
+ factory.setProtocol(sslProtocols[0]);
- factory.setProtocol(sslProtocol);
- factory.setKeyAlgorithm(args.sslKeyAlgorithm());
+ if (sslProtocols.length > 1)
+ factory.setProtocols(sslProtocols);
+ }
- if (sslProtocols.size() > 1)
- factory.setProtocols(sslProtocols);
+ factory.setKeyAlgorithm(args.sslKeyAlgorithm());
factory.setCipherSuites(split(args.getSslCipherSuites(), ","));
@@ -601,7 +602,7 @@ public class CommandHandler {
factory.setKeyStoreType(args.sslKeyStoreType());
if (F.isEmpty(args.sslTrustStorePath()))
-
factory.setTrustManagers(GridSslBasicContextFactory.getDisabledTrustManager());
+
factory.setTrustManagers(SslContextFactory.getDisabledTrustManager());
else {
factory.setTrustStoreFilePath(args.sslTrustStorePath());
@@ -713,14 +714,14 @@ public class CommandHandler {
* @param delim Delimiter.
* @return List with items.
*/
- private static List<String> split(String s, String delim) {
+ private static String[] split(String s, String delim) {
if (F.isEmpty(s))
- return Collections.emptyList();
+ return null;
return Arrays.stream(s.split(delim))
.map(String::trim)
.filter(item -> !item.isEmpty())
- .collect(Collectors.toList());
+ .toArray(String[]::new);
}
/** @param rawArgs Arguments. */
diff --git
a/modules/core/src/main/java/org/apache/ignite/internal/client/GridClientConfiguration.java
b/modules/core/src/main/java/org/apache/ignite/internal/client/GridClientConfiguration.java
index c0135a5e57f..df243597f6c 100644
---
a/modules/core/src/main/java/org/apache/ignite/internal/client/GridClientConfiguration.java
+++
b/modules/core/src/main/java/org/apache/ignite/internal/client/GridClientConfiguration.java
@@ -25,18 +25,19 @@ import java.util.Collections;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.ExecutorService;
+import javax.cache.configuration.Factory;
+import javax.net.ssl.SSLContext;
import org.apache.ignite.internal.client.balancer.GridClientLoadBalancer;
import org.apache.ignite.internal.client.balancer.GridClientRandomBalancer;
import org.apache.ignite.internal.client.balancer.GridClientRoundRobinBalancer;
import org.apache.ignite.internal.client.marshaller.GridClientMarshaller;
import
org.apache.ignite.internal.client.marshaller.optimized.GridClientOptimizedMarshaller;
-import org.apache.ignite.internal.client.ssl.GridSslBasicContextFactory;
-import org.apache.ignite.internal.client.ssl.GridSslContextFactory;
import org.apache.ignite.internal.util.typedef.F;
import org.apache.ignite.internal.util.typedef.internal.U;
import org.apache.ignite.plugin.security.SecurityCredentials;
import org.apache.ignite.plugin.security.SecurityCredentialsBasicProvider;
import org.apache.ignite.plugin.security.SecurityCredentialsProvider;
+import org.apache.ignite.ssl.SslContextFactory;
import org.jetbrains.annotations.Nullable;
import static org.apache.ignite.ssl.SslContextFactory.DFLT_KEY_ALGORITHM;
@@ -84,7 +85,7 @@ public class GridClientConfiguration {
private boolean tcpNoDelay = DFLT_TCP_NODELAY;
/** SSL context factory */
- private GridSslContextFactory sslCtxFactory;
+ private Factory<SSLContext> sslCtxFactory;
/** Flag indicating whether metrics cache is enabled. */
private boolean enableMetricsCache = true;
@@ -338,9 +339,8 @@ public class GridClientConfiguration {
* If it returns {@code null} then SSL is considered disabled.
*
* @return Factory instance.
- * @see GridSslContextFactory
*/
- public GridSslContextFactory getSslContextFactory() {
+ public Factory<SSLContext> getSslContextFactory() {
return sslCtxFactory;
}
@@ -350,7 +350,7 @@ public class GridClientConfiguration {
* @param sslCtxFactory Context factory.
* @return {@code this} for chaining.
*/
- public GridClientConfiguration setSslContextFactory(GridSslContextFactory
sslCtxFactory) {
+ public GridClientConfiguration setSslContextFactory(Factory<SSLContext>
sslCtxFactory) {
this.sslCtxFactory = sslCtxFactory;
return this;
@@ -782,7 +782,7 @@ public class GridClientConfiguration {
//
if (!F.isEmpty(sslEnabled) && Boolean.parseBoolean(sslEnabled)) {
- GridSslBasicContextFactory factory = new
GridSslBasicContextFactory();
+ SslContextFactory factory = new SslContextFactory();
factory.setProtocol(F.isEmpty(sslProto) ? DFLT_SSL_PROTOCOL :
sslProto);
factory.setKeyAlgorithm(F.isEmpty(sslKeyAlg) ? DFLT_KEY_ALGORITHM
: sslKeyAlg);
@@ -798,7 +798,7 @@ public class GridClientConfiguration {
factory.setKeyStoreType(F.isEmpty(keyStoreType) ? DFLT_STORE_TYPE
: keyStoreType);
if (F.isEmpty(trustStorePath))
-
factory.setTrustManagers(GridSslBasicContextFactory.getDisabledTrustManager());
+
factory.setTrustManagers(SslContextFactory.getDisabledTrustManager());
else {
factory.setTrustStoreFilePath(trustStorePath);
diff --git
a/modules/core/src/main/java/org/apache/ignite/internal/client/impl/GridClientImpl.java
b/modules/core/src/main/java/org/apache/ignite/internal/client/impl/GridClientImpl.java
index b41b531d822..86676b3abdc 100644
---
a/modules/core/src/main/java/org/apache/ignite/internal/client/impl/GridClientImpl.java
+++
b/modules/core/src/main/java/org/apache/ignite/internal/client/impl/GridClientImpl.java
@@ -31,8 +31,8 @@ import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.logging.Level;
import java.util.logging.Logger;
+import javax.cache.configuration.Factory;
import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLException;
import org.apache.ignite.IgniteException;
import org.apache.ignite.IgniteSystemProperties;
import org.apache.ignite.internal.client.GridClient;
@@ -60,7 +60,6 @@ import
org.apache.ignite.internal.client.impl.connection.GridClientConnection;
import
org.apache.ignite.internal.client.impl.connection.GridClientConnectionManager;
import
org.apache.ignite.internal.client.impl.connection.GridClientConnectionManagerOsImpl;
import org.apache.ignite.internal.client.impl.connection.GridClientTopology;
-import org.apache.ignite.internal.client.ssl.GridSslContextFactory;
import org.apache.ignite.internal.util.typedef.F;
import org.apache.ignite.internal.util.typedef.internal.U;
import org.apache.ignite.internal.util.worker.CycleThread;
@@ -164,17 +163,10 @@ public class GridClientImpl implements GridClient,
GridClientBeforeNodeStart {
if (!beforeNodeStart && cfg.getBalancer() instanceof
GridClientTopologyListener)
top.addTopologyListener((GridClientTopologyListener)cfg.getBalancer());
- GridSslContextFactory factory = cfg.getSslContextFactory();
+ Factory<SSLContext> factory = cfg.getSslContextFactory();
- if (factory != null) {
- try {
- sslCtx = factory.createSslContext();
- }
- catch (SSLException e) {
- throw new GridClientException("Failed to create client
(unable to create SSL context, " +
- "check ssl context factory configuration): " +
e.getMessage(), e);
- }
- }
+ if (factory != null)
+ sslCtx = factory.create();
else
sslCtx = null;
diff --git
a/modules/core/src/main/java/org/apache/ignite/internal/client/router/GridTcpRouterConfiguration.java
b/modules/core/src/main/java/org/apache/ignite/internal/client/router/GridTcpRouterConfiguration.java
index 03b650a071c..88bd2d7634a 100644
---
a/modules/core/src/main/java/org/apache/ignite/internal/client/router/GridTcpRouterConfiguration.java
+++
b/modules/core/src/main/java/org/apache/ignite/internal/client/router/GridTcpRouterConfiguration.java
@@ -20,10 +20,11 @@ package org.apache.ignite.internal.client.router;
import java.net.Socket;
import java.util.Collection;
import java.util.Collections;
+import javax.cache.configuration.Factory;
+import javax.net.ssl.SSLContext;
import org.apache.ignite.IgniteLogger;
import org.apache.ignite.configuration.ConnectorConfiguration;
import org.apache.ignite.configuration.IgniteConfiguration;
-import org.apache.ignite.internal.client.ssl.GridSslContextFactory;
import org.apache.ignite.internal.util.typedef.internal.A;
import org.apache.ignite.internal.util.typedef.internal.S;
import org.apache.ignite.plugin.security.SecurityCredentialsProvider;
@@ -75,7 +76,7 @@ public class GridTcpRouterConfiguration {
private boolean sslClientAuth;
/** Ssl context factory. */
- private GridSslContextFactory sslCtxFactory;
+ private Factory<SSLContext> sslCtxFactory;
/** Collection of servers */
private Collection<String> srvrs = DFLT_SERVERS;
@@ -162,9 +163,8 @@ public class GridTcpRouterConfiguration {
* of both rest binary server and out coming connections.
*
* @return SslContextFactory instance.
- * @see GridSslContextFactory
*/
- @Nullable public GridSslContextFactory getSslContextFactory() {
+ @Nullable public Factory<SSLContext> getSslContextFactory() {
return sslCtxFactory;
}
@@ -288,7 +288,7 @@ public class GridTcpRouterConfiguration {
* @param sslCtxFactory Ssl context factory.
* @return {@code this} for chaining.
*/
- public GridTcpRouterConfiguration
setSslContextFactory(GridSslContextFactory sslCtxFactory) {
+ public GridTcpRouterConfiguration setSslContextFactory(Factory<SSLContext>
sslCtxFactory) {
this.sslCtxFactory = sslCtxFactory;
return this;
diff --git
a/modules/core/src/main/java/org/apache/ignite/internal/client/router/impl/GridTcpRouterImpl.java
b/modules/core/src/main/java/org/apache/ignite/internal/client/router/impl/GridTcpRouterImpl.java
index 4e06092ce79..2682a12a556 100644
---
a/modules/core/src/main/java/org/apache/ignite/internal/client/router/impl/GridTcpRouterImpl.java
+++
b/modules/core/src/main/java/org/apache/ignite/internal/client/router/impl/GridTcpRouterImpl.java
@@ -23,10 +23,10 @@ import java.net.UnknownHostException;
import java.nio.ByteOrder;
import java.util.Collection;
import java.util.UUID;
+import javax.cache.configuration.Factory;
import javax.management.JMException;
import javax.management.ObjectName;
import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLException;
import org.apache.ignite.IgniteCheckedException;
import org.apache.ignite.IgniteException;
import org.apache.ignite.IgniteLogger;
@@ -34,7 +34,6 @@ import org.apache.ignite.internal.client.GridClientException;
import org.apache.ignite.internal.client.router.GridTcpRouter;
import org.apache.ignite.internal.client.router.GridTcpRouterConfiguration;
import org.apache.ignite.internal.client.router.GridTcpRouterMBean;
-import org.apache.ignite.internal.client.ssl.GridSslContextFactory;
import
org.apache.ignite.internal.processors.rest.client.message.GridClientMessage;
import org.apache.ignite.internal.util.nio.GridNioCodecFilter;
import org.apache.ignite.internal.util.nio.GridNioFilter;
@@ -118,14 +117,9 @@ public class GridTcpRouterImpl implements GridTcpRouter,
GridTcpRouterMBean, Lif
SSLContext sslCtx;
- try {
- GridSslContextFactory sslCtxFactory = cfg.getSslContextFactory();
+ Factory<SSLContext> sslCtxFactory = cfg.getSslContextFactory();
- sslCtx = sslCtxFactory == null ? null :
sslCtxFactory.createSslContext();
- }
- catch (SSLException e) {
- throw new IgniteException("Failed to create SSL context.", e);
- }
+ sslCtx = sslCtxFactory == null ? null : sslCtxFactory.create();
for (int port = cfg.getPort(), last = port + cfg.getPortRange(); port
<= last; port++) {
if (startTcpServer(hostAddr, port, lsnr, parser, cfg.isNoDelay(),
sslCtx, cfg.isSslClientAuth(),
diff --git
a/modules/core/src/main/java/org/apache/ignite/internal/client/ssl/GridSslBasicContextFactory.java
b/modules/core/src/main/java/org/apache/ignite/internal/client/ssl/GridSslBasicContextFactory.java
deleted file mode 100644
index e500705414d..00000000000
---
a/modules/core/src/main/java/org/apache/ignite/internal/client/ssl/GridSslBasicContextFactory.java
+++ /dev/null
@@ -1,521 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ignite.internal.client.ssl;
-
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.GeneralSecurityException;
-import java.security.KeyStore;
-import java.security.cert.X509Certificate;
-import java.util.Arrays;
-import java.util.Collection;
-import javax.cache.configuration.Factory;
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLException;
-import javax.net.ssl.SSLParameters;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
-import javax.net.ssl.X509TrustManager;
-import org.apache.ignite.internal.util.typedef.F;
-import org.apache.ignite.internal.util.typedef.internal.A;
-import org.apache.ignite.ssl.SSLContextWrapper;
-import org.apache.ignite.ssl.SslContextFactory;
-
-import static org.apache.ignite.ssl.SslContextFactory.DFLT_KEY_ALGORITHM;
-import static org.apache.ignite.ssl.SslContextFactory.DFLT_SSL_PROTOCOL;
-import static org.apache.ignite.ssl.SslContextFactory.DFLT_STORE_TYPE;
-
-/**
- * Basic ssl context factory that provides ssl context configuration with
specified key
- * and trust stores.
- * <p>
- * In some cases it is useful to disable certificate validation of client side
(e.g. when connecting
- * to a server with self-signed certificate). This can be achieved by setting
a disabled trust manager
- * to this factory, which can be obtained by {@link
#getDisabledTrustManager()} method:
- * <pre>
- * GridSslBasicContextFactory factory = new GridSslBasicContextFactory();
- *
factory.setTrustManagers(GridSslBasicContextFactory.getDisabledTrustManager());
- * // Rest of initialization.
- * </pre>
- * @deprecated Use {@link Factory} instead.
- */
-@Deprecated
-public class GridSslBasicContextFactory implements GridSslContextFactory {
- /** SSL protocol. */
- private String proto = DFLT_SSL_PROTOCOL;
-
- /** Key manager algorithm. */
- private String keyAlgorithm = DFLT_KEY_ALGORITHM;
-
- /** Key store type. */
- private String keyStoreType = DFLT_STORE_TYPE;
-
- /** Path to key store file */
- private String keyStoreFilePath;
-
- /** Key store password */
- private char[] keyStorePwd;
-
- /** Trust store type. */
- private String trustStoreType = DFLT_STORE_TYPE;
-
- /** Path to trust store. */
- private String trustStoreFilePath;
-
- /** Trust store password */
- private char[] trustStorePwd;
-
- /** Trust managers. */
- private TrustManager[] trustMgrs;
-
- /** Enabled cipher suites. */
- private String[] cipherSuites;
-
- /** Enabled protocols. */
- private String[] protocols;
-
- /**
- * Gets key store type used for context creation.
- *
- * @return Key store type.
- */
- public String getKeyStoreType() {
- return keyStoreType;
- }
-
- /**
- * Sets key store type used in context initialization. If not provided,
{@link SslContextFactory#DFLT_STORE_TYPE}
- * will be used.
- *
- * @param keyStoreType Key store type.
- */
- public void setKeyStoreType(String keyStoreType) {
- A.notNull(keyStoreType, "keyStoreType");
-
- this.keyStoreType = keyStoreType;
- }
-
- /**
- * Gets trust store type used for context creation.
- *
- * @return trust store type.
- */
- public String getTrustStoreType() {
- return trustStoreType;
- }
-
- /**
- * Sets trust store type used in context initialization. If not provided,
{@link SslContextFactory#DFLT_STORE_TYPE}
- * will be used.
- *
- * @param trustStoreType Trust store type.
- */
- public void setTrustStoreType(String trustStoreType) {
- A.notNull(trustStoreType, "trustStoreType");
-
- this.trustStoreType = trustStoreType;
- }
-
- /**
- * Gets protocol for secure transport.
- *
- * @return SSL protocol name.
- */
- public String getProtocol() {
- return proto;
- }
-
- /**
- * Sets protocol for secure transport. If not specified, {@link
SslContextFactory#DFLT_SSL_PROTOCOL} will be used.
- *
- * @param proto SSL protocol name.
- */
- public void setProtocol(String proto) {
- A.notNull(proto, "proto");
-
- this.proto = proto;
- }
-
- /**
- * Gets algorithm that will be used to create a key manager. If not
specified, {@link SslContextFactory#DFLT_KEY_ALGORITHM}
- * will be used.
- *
- * @return Key manager algorithm.
- */
- public String getKeyAlgorithm() {
- return keyAlgorithm;
- }
-
- /**
- * Sets key manager algorithm that will be used to create a key manager.
Notice that in most cased default value
- * suites well, however, on Android platform this value need to be set to
<tt>X509<tt/>.
- *
- * @param keyAlgorithm Key algorithm name.
- */
- public void setKeyAlgorithm(String keyAlgorithm) {
- A.notNull(keyAlgorithm, "keyAlgorithm");
-
- this.keyAlgorithm = keyAlgorithm;
- }
-
- /**
- * Gets path to the key store file.
- *
- * @return Path to key store file.
- */
- public String getKeyStoreFilePath() {
- return keyStoreFilePath;
- }
-
- /**
- * Sets path to the key store file. This is a mandatory parameter since
- * ssl context could not be initialized without key manager.
- *
- * @param keyStoreFilePath Path to key store file.
- */
- public void setKeyStoreFilePath(String keyStoreFilePath) {
- A.notNull(keyStoreFilePath, "keyStoreFilePath");
-
- this.keyStoreFilePath = keyStoreFilePath;
- }
-
- /**
- * Gets key store password.
- *
- * @return Key store password.
- */
- public char[] getKeyStorePassword() {
- return keyStorePwd;
- }
-
- /**
- * Sets key store password.
- *
- * @param keyStorePwd Key store password.
- */
- public void setKeyStorePassword(char[] keyStorePwd) {
- A.notNull(keyStorePwd, "keyStorePwd");
-
- this.keyStorePwd = keyStorePwd;
- }
-
- /**
- * Gets path to the trust store file.
- *
- * @return Path to the trust store file.
- */
- public String getTrustStoreFilePath() {
- return trustStoreFilePath;
- }
-
- /**
- * Sets path to the trust store file. This is an optional parameter,
- * however one of the {@code setTrustStoreFilePath(String)}, {@link
#setTrustManagers(TrustManager[])}
- * properties must be set.
- *
- * @param trustStoreFilePath Path to the trust store file.
- */
- public void setTrustStoreFilePath(String trustStoreFilePath) {
- this.trustStoreFilePath = trustStoreFilePath;
- }
-
- /**
- * Gets trust store password.
- *
- * @return Trust store password.
- */
- public char[] getTrustStorePassword() {
- return trustStorePwd;
- }
-
- /**
- * Sets trust store password.
- *
- * @param trustStorePwd Trust store password.
- */
- public void setTrustStorePassword(char[] trustStorePwd) {
- this.trustStorePwd = trustStorePwd;
- }
-
- /**
- * Gets pre-configured trust managers.
- *
- * @return Trust managers.
- */
- public TrustManager[] getTrustManagers() {
- return trustMgrs;
- }
-
- /**
- * Sets pre-configured trust managers. This is an optional parameter,
- * however one of the {@link #setTrustStoreFilePath(String)}, {@code
#setTrustManagers(TrustManager[])}
- *
- * @param trustMgrs Pre-configured trust managers.
- */
- public void setTrustManagers(TrustManager... trustMgrs) {
- this.trustMgrs = trustMgrs;
- }
-
- /**
- * Gets enabled cipher suites.
- *
- * @return Enabled cipher suites.
- */
- public String[] getCipherSuites() {
- return cipherSuites;
- }
-
- /**
- * Sets enabled cipher suites.
- *
- * @param cipherSuites Enabled cipher suites.
- */
- public void setCipherSuites(String... cipherSuites) {
- this.cipherSuites = cipherSuites;
- }
-
- /**
- * Sets enabled cipher suites.
- *
- * @param cipherSuites Enabled cipher suites.
- */
- public void setCipherSuites(Collection<String> cipherSuites) {
- if (!F.isEmpty(cipherSuites))
- setCipherSuites(cipherSuites.toArray(new String[0]));
- }
-
- /**
- * Gets enabled protocols.
- *
- * @return Enabled protocols.
- */
- public String[] getProtocols() {
- return protocols;
- }
-
- /**
- * Sets enabled protocols.
- *
- * @param protocols Enabled protocols.
- */
- public void setProtocols(String... protocols) {
- this.protocols = protocols;
- }
-
- /**
- * Sets enabled protocols.
- *
- * @param protocols Enabled protocols.
- */
- public void setProtocols(Collection<String> protocols) {
- if (!F.isEmpty(protocols))
- setProtocols(protocols.toArray(new String[0]));
- }
-
- /**
- * Returns an instance of trust manager that will always succeed
regardless of certificate provided.
- *
- * @return Trust manager instance.
- */
- public static TrustManager getDisabledTrustManager() {
- return new DisabledX509TrustManager();
- }
-
- /** {@inheritDoc} */
- @Override public SSLContext createSslContext() throws SSLException {
- checkParameters();
-
- try {
- KeyManagerFactory keyMgrFactory =
KeyManagerFactory.getInstance(keyAlgorithm);
-
- KeyStore keyStore = loadKeyStore(keyStoreType, keyStoreFilePath,
keyStorePwd);
-
- keyMgrFactory.init(keyStore, keyStorePwd);
-
- TrustManager[] mgrs = trustMgrs;
-
- if (mgrs == null) {
- TrustManagerFactory trustMgrFactory =
TrustManagerFactory.getInstance(keyAlgorithm);
-
- KeyStore trustStore = loadKeyStore(trustStoreType,
trustStoreFilePath, trustStorePwd);
-
- trustMgrFactory.init(trustStore);
-
- mgrs = trustMgrFactory.getTrustManagers();
- }
-
- SSLContext ctx = SSLContext.getInstance(proto);
-
- if (cipherSuites != null || protocols != null) {
- SSLParameters sslParameters = new SSLParameters();
-
- if (cipherSuites != null)
- sslParameters.setCipherSuites(cipherSuites);
-
- if (protocols != null)
- sslParameters.setProtocols(protocols);
-
- ctx = new SSLContextWrapper(ctx, sslParameters);
- }
-
- ctx.init(keyMgrFactory.getKeyManagers(), mgrs, null);
-
- return ctx;
- }
- catch (GeneralSecurityException e) {
- throw new SSLException("Failed to initialize SSL context " +
parameters(), e);
- }
- }
-
- /**
- * Builds human-readable string with factory parameters.
- *
- * @return Parameters string.
- */
- private String parameters() {
- StringBuilder buf = new
StringBuilder("[keyStoreType=").append(keyStoreType);
-
- buf.append(", proto=").append(proto).append(",
keyStoreFile=").append(keyStoreFilePath);
-
- if (trustMgrs != null)
- buf.append(", trustMgrs=").append(Arrays.toString(trustMgrs));
- else
- buf.append(", trustStoreFile=").append(trustStoreFilePath);
-
- buf.append(']');
-
- return buf.toString();
- }
-
- /**
- * Checks that all required parameters are set.
- *
- * @throws SSLException If any of required parameters is missing.
- */
- private void checkParameters() throws SSLException {
- assert keyStoreType != null;
- assert proto != null;
-
- checkNullParameter(keyStoreFilePath, "keyStoreFilePath");
- checkNullParameter(keyStorePwd, "keyStorePwd");
-
- if (trustMgrs == null) {
- if (trustStoreFilePath == null)
- throw new SSLException("Failed to initialize SSL context
(either trustStoreFilePath or " +
- "trustManagers must be provided)");
- else
- checkNullParameter(trustStorePwd, "trustStorePwd");
- }
- }
-
- /**
- * @param param Value.
- * @param name Name.
- * @throws SSLException If {@code null}.
- */
- private void checkNullParameter(Object param, String name) throws
SSLException {
- if (param == null)
- throw new SSLException("Failed to initialize SSL context
(parameter cannot be null): " + name);
- }
-
- /**
- * By default, this method simply opens a raw file input stream.
Subclasses may override this method
- * if some specific location should be handled (this may be a case for
Android users).
- *
- * @param filePath Path to the file.
- * @return Opened input stream.
- * @throws IOException If stream could not be opened.
- */
- protected InputStream openFileInputStream(String filePath) throws
IOException {
- return new FileInputStream(filePath);
- }
-
- /**
- * Loads key store with configured parameters.
- *
- * @param keyStoreType Type of key store.
- * @param storeFilePath Path to key store file.
- * @param keyStorePwd Store password.
- * @return Initialized key store.
- * @throws SSLException If key store could not be initialized.
- */
- private KeyStore loadKeyStore(String keyStoreType, String storeFilePath,
char[] keyStorePwd) throws SSLException {
- InputStream input = null;
-
- try {
- KeyStore keyStore = KeyStore.getInstance(keyStoreType);
-
- input = openFileInputStream(storeFilePath);
-
- keyStore.load(input, keyStorePwd);
-
- return keyStore;
- }
- catch (GeneralSecurityException e) {
- throw new SSLException("Failed to initialize key store (security
exception occurred) [type=" +
- keyStoreType + ", keyStorePath=" + storeFilePath + ']', e);
- }
- catch (FileNotFoundException e) {
- throw new SSLException("Failed to initialize key store (key store
file was not found): [path=" +
- storeFilePath + ", msg=" + e.getMessage() + ']');
- }
- catch (IOException e) {
- throw new SSLException("Failed to initialize key store (I/O error
occurred): " + storeFilePath, e);
- }
- finally {
- if (input != null) {
- try {
- input.close();
- }
- catch (IOException ignored) {
- }
- }
- }
- }
-
- /** {@inheritDoc} */
- @Override public String toString() {
- return getClass().getSimpleName() + parameters();
- }
-
- /**
- * Disabled trust manager, will skip all certificate checks.
- */
- private static class DisabledX509TrustManager implements X509TrustManager {
- /** Empty certificate array. */
- private static final X509Certificate[] CERTS = new X509Certificate[0];
-
- /** {@inheritDoc} */
- @Override public void checkClientTrusted(X509Certificate[]
x509Certificates, String s) {
- // No-op, all clients are trusted.
- }
-
- /** {@inheritDoc} */
- @Override public void checkServerTrusted(X509Certificate[]
x509Certificates, String s) {
- // No-op, all servers are trusted.
- }
-
- /** {@inheritDoc} */
- @Override public X509Certificate[] getAcceptedIssuers() {
- return CERTS;
- }
- }
-}
diff --git
a/modules/core/src/main/java/org/apache/ignite/internal/client/ssl/GridSslContextFactory.java
b/modules/core/src/main/java/org/apache/ignite/internal/client/ssl/GridSslContextFactory.java
index 9b8a5278aac..a149d60a4b4 100644
---
a/modules/core/src/main/java/org/apache/ignite/internal/client/ssl/GridSslContextFactory.java
+++
b/modules/core/src/main/java/org/apache/ignite/internal/client/ssl/GridSslContextFactory.java
@@ -23,9 +23,6 @@ import javax.net.ssl.SSLException;
/**
* This interface provides creation of SSL context both for server and client
use.
- * <p>
- * Usually, it is enough to configure context from a particular key and trust
stores, this functionality is provided
- * in {@link GridSslBasicContextFactory}.
* @deprecated Use {@link Factory} instead.
*/
@Deprecated
diff --git
a/modules/core/src/test/java/org/apache/ignite/testframework/GridTestUtils.java
b/modules/core/src/test/java/org/apache/ignite/testframework/GridTestUtils.java
index cc3e282bf72..9cbb2ec5777 100644
---
a/modules/core/src/test/java/org/apache/ignite/testframework/GridTestUtils.java
+++
b/modules/core/src/test/java/org/apache/ignite/testframework/GridTestUtils.java
@@ -92,8 +92,6 @@ import
org.apache.ignite.internal.IgniteFutureCancelledCheckedException;
import org.apache.ignite.internal.IgniteInternalFuture;
import org.apache.ignite.internal.IgniteInterruptedCheckedException;
import org.apache.ignite.internal.IgniteKernal;
-import org.apache.ignite.internal.client.ssl.GridSslBasicContextFactory;
-import org.apache.ignite.internal.client.ssl.GridSslContextFactory;
import org.apache.ignite.internal.managers.discovery.CustomMessageWrapper;
import org.apache.ignite.internal.managers.discovery.DiscoveryCustomMessage;
import org.apache.ignite.internal.processors.affinity.AffinityTopologyVersion;
@@ -2080,28 +2078,11 @@ public final class GridTestUtils {
keyMgrFactory.init(keyStore, storePass);
ctx.init(keyMgrFactory.getKeyManagers(),
- new
TrustManager[]{GridSslBasicContextFactory.getDisabledTrustManager()}, null);
+ new TrustManager[]{SslContextFactory.getDisabledTrustManager()},
null);
return ctx;
}
- /**
- * Creates test-purposed SSL context factory from test key store with
disabled trust manager.
- *
- * @return SSL context factory used in test.
- */
- public static GridSslContextFactory sslContextFactory() {
- GridSslBasicContextFactory factory = new GridSslBasicContextFactory();
-
- factory.setKeyStoreFilePath(
-
U.resolveIgnitePath(GridTestProperties.getProperty("ssl.keystore.path")).getAbsolutePath());
- factory.setKeyStorePassword(keyStorePassword().toCharArray());
-
-
factory.setTrustManagers(GridSslBasicContextFactory.getDisabledTrustManager());
-
- return factory;
- }
-
/**
* Creates test-purposed SSL context factory from test key store with
disabled trust manager.
*
