Author: fpj
Date: Thu Jun 23 17:42:11 2016
New Revision: 1749951
URL: http://svn.apache.org/viewvc?rev=1749951&view=rev
Log:
ZOOKEEPER-2297: NPE is thrown while creating "key manager" and "trust manager"
(Arshad Mohammad via fpj)
Modified:
zookeeper/trunk/CHANGES.txt
zookeeper/trunk/src/java/main/org/apache/zookeeper/server/auth/ProviderRegistry.java
zookeeper/trunk/src/java/main/org/apache/zookeeper/server/quorum/QuorumPeerConfig.java
zookeeper/trunk/src/java/test/org/apache/zookeeper/server/quorum/QuorumPeerConfigTest.java
zookeeper/trunk/src/java/test/org/apache/zookeeper/test/SSLAuthTest.java
Modified: zookeeper/trunk/CHANGES.txt
URL:
http://svn.apache.org/viewvc/zookeeper/trunk/CHANGES.txt?rev=1749951&r1=1749950&r2=1749951&view=diff
==============================================================================
--- zookeeper/trunk/CHANGES.txt (original)
+++ zookeeper/trunk/CHANGES.txt Thu Jun 23 17:42:11 2016
@@ -314,6 +314,9 @@ BUGFIXES:
ZOOKEEPER-2137: Make testPortChange() less flaky
(Michael Han via phunt)
+ ZOOKEEPER-2297: NPE is thrown while creating "key manager" and "trust
manager"
+ (Arshad Mohammad via fpj)
+
IMPROVEMENTS:
ZOOKEEPER-2024 Major throughput improvement with mixed workloads (Kfir
Lev-Ari via shralex)
Modified:
zookeeper/trunk/src/java/main/org/apache/zookeeper/server/auth/ProviderRegistry.java
URL:
http://svn.apache.org/viewvc/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/auth/ProviderRegistry.java?rev=1749951&r1=1749950&r2=1749951&view=diff
==============================================================================
---
zookeeper/trunk/src/java/main/org/apache/zookeeper/server/auth/ProviderRegistry.java
(original)
+++
zookeeper/trunk/src/java/main/org/apache/zookeeper/server/auth/ProviderRegistry.java
Thu Jun 23 17:42:11 2016
@@ -39,10 +39,8 @@ public class ProviderRegistry {
return;
IPAuthenticationProvider ipp = new IPAuthenticationProvider();
DigestAuthenticationProvider digp = new
DigestAuthenticationProvider();
- X509AuthenticationProvider x509p = new
X509AuthenticationProvider();
authenticationProviders.put(ipp.getScheme(), ipp);
authenticationProviders.put(digp.getScheme(), digp);
- authenticationProviders.put(x509p.getScheme(), x509p);
Enumeration<Object> en = System.getProperties().keys();
while (en.hasMoreElements()) {
String k = (String) en.nextElement();
Modified:
zookeeper/trunk/src/java/main/org/apache/zookeeper/server/quorum/QuorumPeerConfig.java
URL:
http://svn.apache.org/viewvc/zookeeper/trunk/src/java/main/org/apache/zookeeper/server/quorum/QuorumPeerConfig.java?rev=1749951&r1=1749950&r2=1749951&view=diff
==============================================================================
---
zookeeper/trunk/src/java/main/org/apache/zookeeper/server/quorum/QuorumPeerConfig.java
(original)
+++
zookeeper/trunk/src/java/main/org/apache/zookeeper/server/quorum/QuorumPeerConfig.java
Thu Jun 23 17:42:11 2016
@@ -37,6 +37,7 @@ import java.util.Properties;
import java.util.Map.Entry;
import org.apache.zookeeper.common.StringUtils;
+import org.apache.zookeeper.common.ZKConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;
@@ -330,6 +331,9 @@ public class QuorumPeerConfig {
this.secureClientPortAddress = new
InetSocketAddress(secureClientPort);
LOG.info("secureClientPortAddress is {}",
this.secureClientPortAddress.toString());
}
+ if (this.secureClientPortAddress != null) {
+ configureSSLAuth();
+ }
if (tickTime == 0) {
throw new IllegalArgumentException("tickTime is not set");
@@ -353,6 +357,26 @@ public class QuorumPeerConfig {
}
}
}
+
+ /**
+ * Configure SSL authentication only if it is not configured.
+ *
+ * @throws ConfigException
+ * If authentication scheme is configured but authentication
+ * provider is not configured.
+ */
+ private void configureSSLAuth() throws ConfigException {
+ String sslAuthProp = "zookeeper.authProvider." +
System.getProperty(ZKConfig.SSL_AUTHPROVIDER, "x509");
+ if (System.getProperty(sslAuthProp) == null) {
+ if ("zookeeper.authProvider.x509".equals(sslAuthProp)) {
+ System.setProperty("zookeeper.authProvider.x509",
+
"org.apache.zookeeper.server.auth.X509AuthenticationProvider");
+ } else {
+ throw new ConfigException("No auth provider configured for the
SSL authentication scheme '"
+ + System.getProperty(ZKConfig.SSL_AUTHPROVIDER) +
"'.");
+ }
+ }
+ }
/**
* Backward compatibility -- It would backup static config file on bootup
Modified:
zookeeper/trunk/src/java/test/org/apache/zookeeper/server/quorum/QuorumPeerConfigTest.java
URL:
http://svn.apache.org/viewvc/zookeeper/trunk/src/java/test/org/apache/zookeeper/server/quorum/QuorumPeerConfigTest.java?rev=1749951&r1=1749950&r2=1749951&view=diff
==============================================================================
---
zookeeper/trunk/src/java/test/org/apache/zookeeper/server/quorum/QuorumPeerConfigTest.java
(original)
+++
zookeeper/trunk/src/java/test/org/apache/zookeeper/server/quorum/QuorumPeerConfigTest.java
Thu Jun 23 17:42:11 2016
@@ -19,12 +19,14 @@
package org.apache.zookeeper.server.quorum;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.fail;
import java.io.File;
import java.io.IOException;
import java.util.Properties;
+import org.apache.zookeeper.common.ZKConfig;
import org.apache.zookeeper.server.quorum.QuorumPeerConfig.ConfigException;
import org.junit.Test;
@@ -67,6 +69,40 @@ public class QuorumPeerConfigTest {
}
}
+ /**
+ * https://issues.apache.org/jira/browse/ZOOKEEPER-2297
+ */
+ @Test
+ public void testConfigureSSLAuthGetsConfiguredIfSecurePortConfigured()
+ throws IOException, ConfigException {
+ String sslAuthProp = "zookeeper.authProvider.x509";
+ QuorumPeerConfig quorumPeerConfig = new QuorumPeerConfig();
+ Properties zkProp = getDefaultZKProperties();
+ zkProp.setProperty("secureClientPort", "12345");
+ quorumPeerConfig.parseProperties(zkProp);
+ String expected =
"org.apache.zookeeper.server.auth.X509AuthenticationProvider";
+ String result = System.getProperty(sslAuthProp);
+ assertEquals(expected, result);
+ }
+
+ /**
+ * https://issues.apache.org/jira/browse/ZOOKEEPER-2297
+ */
+ @Test
+ public void testCustomSSLAuth()
+ throws IOException{
+ System.setProperty(ZKConfig.SSL_AUTHPROVIDER, "y509");
+ QuorumPeerConfig quorumPeerConfig = new QuorumPeerConfig();
+ try {
+ Properties zkProp = getDefaultZKProperties();
+ zkProp.setProperty("secureClientPort", "12345");
+ quorumPeerConfig.parseProperties(zkProp);
+ fail("ConfigException is expected");
+ } catch (ConfigException e) {
+ assertNotNull(e.getMessage());
+ }
+ }
+
private Properties getDefaultZKProperties() {
Properties zkProp = new Properties();
zkProp.setProperty("dataDir", new File("myDataDir").getAbsolutePath());
Modified:
zookeeper/trunk/src/java/test/org/apache/zookeeper/test/SSLAuthTest.java
URL:
http://svn.apache.org/viewvc/zookeeper/trunk/src/java/test/org/apache/zookeeper/test/SSLAuthTest.java?rev=1749951&r1=1749950&r2=1749951&view=diff
==============================================================================
--- zookeeper/trunk/src/java/test/org/apache/zookeeper/test/SSLAuthTest.java
(original)
+++ zookeeper/trunk/src/java/test/org/apache/zookeeper/test/SSLAuthTest.java
Thu Jun 23 17:42:11 2016
@@ -43,6 +43,7 @@ public class SSLAuthTest extends ClientB
System.setProperty(ZKConfig.SSL_TRUSTSTORE_LOCATION, testDataPath +
"/ssl/testTrustStore.jks");
System.setProperty(ZKConfig.SSL_TRUSTSTORE_PASSWD, "testpass");
System.setProperty("javax.net.debug", "ssl");
+ System.setProperty("zookeeper.authProvider.x509",
"org.apache.zookeeper.server.auth.X509AuthenticationProvider");
String host = "localhost";
int port = PortAssignment.unique();
@@ -65,6 +66,7 @@ public class SSLAuthTest extends ClientB
System.clearProperty(ZKConfig.SSL_TRUSTSTORE_LOCATION);
System.clearProperty(ZKConfig.SSL_TRUSTSTORE_PASSWD);
System.clearProperty("javax.net.debug");
+ System.clearProperty("zookeeper.authProvider.x509");
}
@Test
