This is an automated email from the ASF dual-hosted git repository. av pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ignite.git
The following commit(s) were added to refs/heads/master by this push: new 10288411024 IGNITE-19335 CommandHandler SSL migration (from GridSslBasicContextFactory to SslContextFactory) (#10658) 10288411024 is described below commit 10288411024ac4f4be0e191a9c45257341c0abff Author: Anton Vinogradov <a...@apache.org> AuthorDate: Fri Apr 21 12:17:57 2023 +0300 IGNITE-19335 CommandHandler SSL migration (from GridSslBasicContextFactory to SslContextFactory) (#10658) --- .../ClientAbstractMultiThreadedSelfTest.java | 8 +- .../internal/client/ClientSslParametersTest.java | 16 +- .../client/ClientTcpMultiThreadedSelfTest.java | 5 +- .../client/ClientTcpSslAuthenticationSelfTest.java | 8 +- .../client/ClientTcpSslMultiThreadedSelfTest.java | 7 +- .../ClientAbstractMultiNodeSelfTest.java | 10 +- .../client/integration/ClientAbstractSelfTest.java | 7 +- .../integration/ClientTcpDirectSelfTest.java | 5 +- .../client/integration/ClientTcpSelfTest.java | 5 +- .../ClientTcpSslDirectMultiNodeSelfTest.java | 7 +- .../integration/ClientTcpSslDirectSelfTest.java | 7 +- .../integration/ClientTcpSslMultiNodeSelfTest.java | 7 +- .../client/integration/ClientTcpSslSelfTest.java | 7 +- .../internal/client/router/TcpRouterSelfTest.java | 5 +- .../client/router/TcpSslRouterSelfTest.java | 7 +- .../src/test/resources/spring-router-ssl.xml | 2 +- .../src/test/resources/spring-server-ssl-node.xml | 4 +- .../internal/commandline/CommandHandler.java | 29 +- .../internal/client/GridClientConfiguration.java | 16 +- .../internal/client/impl/GridClientImpl.java | 16 +- .../client/router/GridTcpRouterConfiguration.java | 10 +- .../client/router/impl/GridTcpRouterImpl.java | 12 +- .../client/ssl/GridSslBasicContextFactory.java | 521 --------------------- .../internal/client/ssl/GridSslContextFactory.java | 3 - .../apache/ignite/testframework/GridTestUtils.java | 21 +- 25 files changed, 95 insertions(+), 650 deletions(-) diff --git a/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientAbstractMultiThreadedSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientAbstractMultiThreadedSelfTest.java index 5543ea138fb..a2c9bf1271a 100644 --- a/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientAbstractMultiThreadedSelfTest.java +++ b/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientAbstractMultiThreadedSelfTest.java @@ -28,6 +28,8 @@ import java.util.concurrent.ConcurrentLinkedQueue; import java.util.concurrent.atomic.AtomicInteger; import java.util.concurrent.atomic.AtomicLong; import java.util.concurrent.atomic.AtomicReference; +import javax.cache.configuration.Factory; +import javax.net.ssl.SSLContext; import org.apache.ignite.Ignite; import org.apache.ignite.compute.ComputeJob; import org.apache.ignite.compute.ComputeJobAdapter; @@ -38,12 +40,12 @@ import org.apache.ignite.configuration.ConnectorConfiguration; import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.IgniteInternalFuture; import org.apache.ignite.internal.client.balancer.GridClientRoundRobinBalancer; -import org.apache.ignite.internal.client.ssl.GridSslContextFactory; import org.apache.ignite.internal.util.typedef.internal.U; import org.apache.ignite.lang.IgniteBiTuple; import org.apache.ignite.resources.IgniteInstanceResource; import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; import org.junit.Test; + import static org.apache.ignite.cache.CacheMode.PARTITIONED; import static org.apache.ignite.cache.CacheMode.REPLICATED; import static org.apache.ignite.cache.CacheWriteSynchronizationMode.FULL_ASYNC; @@ -113,7 +115,7 @@ public abstract class ClientAbstractMultiThreadedSelfTest extends GridCommonAbst /** * @return SSL context factory to use if SSL is enabled. */ - protected abstract GridSslContextFactory sslContextFactory(); + protected abstract Factory<SSLContext> sslContextFactory(); /** * @return Topology refresh frequency interval. @@ -158,7 +160,7 @@ public abstract class ClientAbstractMultiThreadedSelfTest extends GridCommonAbst if (useSsl()) { clientCfg.setSslEnabled(true); - clientCfg.setSslContextFactory(sslContextFactory()); + clientCfg.setSslFactory(sslContextFactory()); } c.setConnectorConfiguration(clientCfg); diff --git a/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientSslParametersTest.java b/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientSslParametersTest.java index 325caaaed10..27d01e4c8a2 100644 --- a/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientSslParametersTest.java +++ b/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientSslParametersTest.java @@ -23,7 +23,6 @@ import java.util.concurrent.Callable; import org.apache.ignite.configuration.CacheConfiguration; import org.apache.ignite.configuration.ConnectorConfiguration; import org.apache.ignite.configuration.IgniteConfiguration; -import org.apache.ignite.internal.client.ssl.GridSslBasicContextFactory; import org.apache.ignite.internal.util.typedef.F; import org.apache.ignite.ssl.SslContextFactory; import org.apache.ignite.testframework.GridTestUtils; @@ -67,7 +66,7 @@ public class ClientSslParametersTest extends GridCommonAbstractTest { cfg.setServers(Collections.singleton("127.0.0.1:11211")); - cfg.setSslContextFactory(createOldSslFactory()); + cfg.setSslContextFactory(createSslFactory()); return cfg; } @@ -85,19 +84,6 @@ public class ClientSslParametersTest extends GridCommonAbstractTest { return factory; } - /** - * @return SSL Factory. - */ - @NotNull private GridSslBasicContextFactory createOldSslFactory() { - GridSslBasicContextFactory factory = (GridSslBasicContextFactory)GridTestUtils.sslContextFactory(); - - factory.setCipherSuites(cipherSuites); - - factory.setProtocols(protocols); - - return factory; - } - /** {@inheritDoc} */ @Override protected void afterTest() throws Exception { stopAllGrids(); diff --git a/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientTcpMultiThreadedSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientTcpMultiThreadedSelfTest.java index 1f2d41cd844..26eabca32d0 100644 --- a/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientTcpMultiThreadedSelfTest.java +++ b/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientTcpMultiThreadedSelfTest.java @@ -17,7 +17,8 @@ package org.apache.ignite.internal.client; -import org.apache.ignite.internal.client.ssl.GridSslContextFactory; +import javax.cache.configuration.Factory; +import javax.net.ssl.SSLContext; /** * Runs multi-threaded tests on tcp binary protocol (ssl is disabled). @@ -39,7 +40,7 @@ public class ClientTcpMultiThreadedSelfTest extends ClientAbstractMultiThreadedS } /** {@inheritDoc} */ - @Override protected GridSslContextFactory sslContextFactory() { + @Override protected Factory<SSLContext> sslContextFactory() { return null; } } diff --git a/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientTcpSslAuthenticationSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientTcpSslAuthenticationSelfTest.java index b58e6326bdb..94dfeb13a9d 100644 --- a/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientTcpSslAuthenticationSelfTest.java +++ b/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientTcpSslAuthenticationSelfTest.java @@ -26,10 +26,10 @@ import org.apache.ignite.configuration.ConnectorConfiguration; import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.internal.client.balancer.GridClientRoundRobinBalancer; import org.apache.ignite.internal.client.impl.GridClientImpl; -import org.apache.ignite.internal.client.ssl.GridSslBasicContextFactory; import org.apache.ignite.internal.util.typedef.G; import org.apache.ignite.internal.util.typedef.X; import org.apache.ignite.internal.util.typedef.internal.U; +import org.apache.ignite.ssl.SslContextFactory; import org.apache.ignite.testframework.GridTestUtils; import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; import org.junit.Test; @@ -78,11 +78,11 @@ public class ClientTcpSslAuthenticationSelfTest extends GridCommonAbstractTest { clientCfg.setSslClientAuth(checkClient); clientCfg.setSslClientAuth(checkClient); - GridSslBasicContextFactory factory = (GridSslBasicContextFactory)GridTestUtils.sslContextFactory(); + SslContextFactory factory = (SslContextFactory)GridTestUtils.sslFactory(); factory.setTrustManagers(srvTrustMgr); - clientCfg.setSslContextFactory(factory); + clientCfg.setSslFactory(factory); c.setConnectorConfiguration(clientCfg); @@ -101,7 +101,7 @@ public class ClientTcpSslAuthenticationSelfTest extends GridCommonAbstractTest { cfg.setServers(Arrays.asList(U.getLocalHost().getHostAddress() + ":" + REST_TCP_PORT)); cfg.setBalancer(new GridClientRoundRobinBalancer()); - GridSslBasicContextFactory factory = (GridSslBasicContextFactory)GridTestUtils.sslContextFactory(); + SslContextFactory factory = (SslContextFactory)GridTestUtils.sslFactory(); factory.setTrustManagers(clientTrustMgr); diff --git a/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientTcpSslMultiThreadedSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientTcpSslMultiThreadedSelfTest.java index 8dbd5f60356..1d9bd94afab 100644 --- a/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientTcpSslMultiThreadedSelfTest.java +++ b/modules/clients/src/test/java/org/apache/ignite/internal/client/ClientTcpSslMultiThreadedSelfTest.java @@ -17,7 +17,8 @@ package org.apache.ignite.internal.client; -import org.apache.ignite.internal.client.ssl.GridSslContextFactory; +import javax.cache.configuration.Factory; +import javax.net.ssl.SSLContext; import org.apache.ignite.testframework.GridTestUtils; /** @@ -40,7 +41,7 @@ public class ClientTcpSslMultiThreadedSelfTest extends ClientAbstractMultiThread } /** {@inheritDoc} */ - @Override protected GridSslContextFactory sslContextFactory() { - return GridTestUtils.sslContextFactory(); + @Override protected Factory<SSLContext> sslContextFactory() { + return GridTestUtils.sslFactory(); } } diff --git a/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientAbstractMultiNodeSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientAbstractMultiNodeSelfTest.java index 0d17ee4bc9c..67a591b4bb4 100644 --- a/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientAbstractMultiNodeSelfTest.java +++ b/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientAbstractMultiNodeSelfTest.java @@ -26,6 +26,8 @@ import java.util.List; import java.util.UUID; import java.util.concurrent.Callable; import java.util.concurrent.CountDownLatch; +import javax.cache.configuration.Factory; +import javax.net.ssl.SSLContext; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteException; import org.apache.ignite.cluster.ClusterNode; @@ -50,7 +52,6 @@ import org.apache.ignite.internal.client.GridClientProtocol; import org.apache.ignite.internal.client.GridClientTopologyListener; import org.apache.ignite.internal.client.balancer.GridClientLoadBalancer; import org.apache.ignite.internal.client.balancer.GridClientRoundRobinBalancer; -import org.apache.ignite.internal.client.ssl.GridSslContextFactory; import org.apache.ignite.internal.managers.communication.GridIoMessage; import org.apache.ignite.internal.processors.cache.GridCacheContext; import org.apache.ignite.internal.processors.cache.distributed.GridDistributedLockRequest; @@ -71,6 +72,7 @@ import org.apache.ignite.testframework.GridTestUtils; import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; import org.jetbrains.annotations.Nullable; import org.junit.Test; + import static java.util.concurrent.TimeUnit.MILLISECONDS; import static org.apache.ignite.cache.CacheMode.PARTITIONED; import static org.apache.ignite.cache.CacheMode.REPLICATED; @@ -140,7 +142,7 @@ public abstract class ClientAbstractMultiNodeSelfTest extends GridCommonAbstract /** * @return SSL context factory to use if SSL or {@code null} to disable SSL usage. */ - @Nullable protected GridSslContextFactory sslContextFactory() { + @Nullable protected Factory<SSLContext> sslContextFactory() { return null; } @@ -157,11 +159,11 @@ public abstract class ClientAbstractMultiNodeSelfTest extends GridCommonAbstract clientCfg.setPort(REST_TCP_PORT_BASE); - GridSslContextFactory sslCtxFactory = sslContextFactory(); + Factory<SSLContext> sslCtxFactory = sslContextFactory(); if (sslCtxFactory != null) { clientCfg.setSslEnabled(true); - clientCfg.setSslContextFactory(sslCtxFactory); + clientCfg.setSslFactory(sslCtxFactory); } c.setConnectorConfiguration(clientCfg); diff --git a/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientAbstractSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientAbstractSelfTest.java index c06933c1928..8be7ef8b664 100644 --- a/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientAbstractSelfTest.java +++ b/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientAbstractSelfTest.java @@ -35,6 +35,7 @@ import java.util.concurrent.ThreadFactory; import java.util.concurrent.atomic.AtomicInteger; import javax.cache.Cache; import javax.cache.configuration.Factory; +import javax.net.ssl.SSLContext; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import org.apache.ignite.IgniteException; @@ -61,7 +62,6 @@ import org.apache.ignite.internal.client.GridClientNode; import org.apache.ignite.internal.client.GridClientPredicate; import org.apache.ignite.internal.client.GridClientProtocol; import org.apache.ignite.internal.client.GridServerUnreachableException; -import org.apache.ignite.internal.client.ssl.GridSslContextFactory; import org.apache.ignite.internal.util.typedef.F; import org.apache.ignite.internal.util.typedef.internal.U; import org.apache.ignite.lang.IgniteBiInClosure; @@ -70,6 +70,7 @@ import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; import org.junit.Assert; import org.junit.Test; + import static org.apache.ignite.IgniteSystemProperties.IGNITE_JETTY_PORT; import static org.apache.ignite.cache.CacheMode.PARTITIONED; import static org.apache.ignite.cache.CacheMode.REPLICATED; @@ -181,7 +182,7 @@ public abstract class ClientAbstractSelfTest extends GridCommonAbstractTest { /** * @return SSL context factory used in test. */ - protected abstract GridSslContextFactory sslContextFactory(); + protected abstract Factory<SSLContext> sslContextFactory(); /** * Get task name. @@ -223,7 +224,7 @@ public abstract class ClientAbstractSelfTest extends GridCommonAbstractTest { if (useSsl()) { clientCfg.setSslEnabled(true); - clientCfg.setSslContextFactory(sslContextFactory()); + clientCfg.setSslFactory(sslContextFactory()); } cfg.setConnectorConfiguration(clientCfg); diff --git a/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpDirectSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpDirectSelfTest.java index d115865e257..46561bd32e2 100644 --- a/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpDirectSelfTest.java +++ b/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpDirectSelfTest.java @@ -18,10 +18,11 @@ package org.apache.ignite.internal.client.integration; import java.util.Collections; +import javax.cache.configuration.Factory; +import javax.net.ssl.SSLContext; import org.apache.ignite.internal.client.GridClientConfiguration; import org.apache.ignite.internal.client.GridClientException; import org.apache.ignite.internal.client.GridClientProtocol; -import org.apache.ignite.internal.client.ssl.GridSslContextFactory; /** * @@ -43,7 +44,7 @@ public class ClientTcpDirectSelfTest extends ClientAbstractSelfTest { } /** {@inheritDoc} */ - @Override protected GridSslContextFactory sslContextFactory() { + @Override protected Factory<SSLContext> sslContextFactory() { return null; } diff --git a/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSelfTest.java index c1c1e8839a1..97be4085f8f 100644 --- a/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSelfTest.java +++ b/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSelfTest.java @@ -17,8 +17,9 @@ package org.apache.ignite.internal.client.integration; +import javax.cache.configuration.Factory; +import javax.net.ssl.SSLContext; import org.apache.ignite.internal.client.GridClientProtocol; -import org.apache.ignite.internal.client.ssl.GridSslContextFactory; /** * Tests TCP protocol. @@ -40,7 +41,7 @@ public class ClientTcpSelfTest extends ClientAbstractSelfTest { } /** {@inheritDoc} */ - @Override protected GridSslContextFactory sslContextFactory() { + @Override protected Factory<SSLContext> sslContextFactory() { return null; } } diff --git a/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSslDirectMultiNodeSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSslDirectMultiNodeSelfTest.java index b2ee1ecd4ac..ac7b4bf73cd 100644 --- a/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSslDirectMultiNodeSelfTest.java +++ b/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSslDirectMultiNodeSelfTest.java @@ -20,10 +20,11 @@ package org.apache.ignite.internal.client.integration; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; +import javax.cache.configuration.Factory; +import javax.net.ssl.SSLContext; import org.apache.ignite.internal.client.GridClientConfiguration; import org.apache.ignite.internal.client.GridClientException; import org.apache.ignite.internal.client.GridClientProtocol; -import org.apache.ignite.internal.client.ssl.GridSslContextFactory; import org.apache.ignite.testframework.GridTestUtils; /** @@ -41,8 +42,8 @@ public class ClientTcpSslDirectMultiNodeSelfTest extends ClientAbstractMultiNode } /** {@inheritDoc} */ - @Override protected GridSslContextFactory sslContextFactory() { - return GridTestUtils.sslContextFactory(); + @Override protected Factory<SSLContext> sslContextFactory() { + return GridTestUtils.sslFactory(); } /** {@inheritDoc} */ diff --git a/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSslDirectSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSslDirectSelfTest.java index 3e5e984ae57..48707963d8d 100644 --- a/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSslDirectSelfTest.java +++ b/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSslDirectSelfTest.java @@ -18,10 +18,11 @@ package org.apache.ignite.internal.client.integration; import java.util.Collections; +import javax.cache.configuration.Factory; +import javax.net.ssl.SSLContext; import org.apache.ignite.internal.client.GridClientConfiguration; import org.apache.ignite.internal.client.GridClientException; import org.apache.ignite.internal.client.GridClientProtocol; -import org.apache.ignite.internal.client.ssl.GridSslContextFactory; import org.apache.ignite.testframework.GridTestUtils; /** @@ -44,8 +45,8 @@ public class ClientTcpSslDirectSelfTest extends ClientAbstractSelfTest { } /** {@inheritDoc} */ - @Override protected GridSslContextFactory sslContextFactory() { - return GridTestUtils.sslContextFactory(); + @Override protected Factory<SSLContext> sslContextFactory() { + return GridTestUtils.sslFactory(); } /** {@inheritDoc} */ diff --git a/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSslMultiNodeSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSslMultiNodeSelfTest.java index f8b7effc4c2..939f413a985 100644 --- a/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSslMultiNodeSelfTest.java +++ b/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSslMultiNodeSelfTest.java @@ -17,8 +17,9 @@ package org.apache.ignite.internal.client.integration; +import javax.cache.configuration.Factory; +import javax.net.ssl.SSLContext; import org.apache.ignite.internal.client.GridClientProtocol; -import org.apache.ignite.internal.client.ssl.GridSslContextFactory; import org.apache.ignite.testframework.GridTestUtils; /** @@ -36,7 +37,7 @@ public class ClientTcpSslMultiNodeSelfTest extends ClientAbstractMultiNodeSelfTe } /** {@inheritDoc} */ - @Override protected GridSslContextFactory sslContextFactory() { - return GridTestUtils.sslContextFactory(); + @Override protected Factory<SSLContext> sslContextFactory() { + return GridTestUtils.sslFactory(); } } diff --git a/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSslSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSslSelfTest.java index 9b809f2327b..7a094ff86d1 100644 --- a/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSslSelfTest.java +++ b/modules/clients/src/test/java/org/apache/ignite/internal/client/integration/ClientTcpSslSelfTest.java @@ -17,8 +17,9 @@ package org.apache.ignite.internal.client.integration; +import javax.cache.configuration.Factory; +import javax.net.ssl.SSLContext; import org.apache.ignite.internal.client.GridClientProtocol; -import org.apache.ignite.internal.client.ssl.GridSslContextFactory; import org.apache.ignite.testframework.GridTestUtils; /** @@ -41,7 +42,7 @@ public class ClientTcpSslSelfTest extends ClientAbstractSelfTest { } /** {@inheritDoc} */ - @Override protected GridSslContextFactory sslContextFactory() { - return GridTestUtils.sslContextFactory(); + @Override protected Factory<SSLContext> sslContextFactory() { + return GridTestUtils.sslFactory(); } } diff --git a/modules/clients/src/test/java/org/apache/ignite/internal/client/router/TcpRouterSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/internal/client/router/TcpRouterSelfTest.java index 08daf8bd697..33e24a8d99d 100644 --- a/modules/clients/src/test/java/org/apache/ignite/internal/client/router/TcpRouterSelfTest.java +++ b/modules/clients/src/test/java/org/apache/ignite/internal/client/router/TcpRouterSelfTest.java @@ -17,7 +17,8 @@ package org.apache.ignite.internal.client.router; -import org.apache.ignite.internal.client.ssl.GridSslContextFactory; +import javax.cache.configuration.Factory; +import javax.net.ssl.SSLContext; /** * Tests the simplest use case for router: singe router proxies connections to a single node. @@ -29,7 +30,7 @@ public class TcpRouterSelfTest extends TcpRouterAbstractSelfTest { } /** {@inheritDoc} */ - @Override protected GridSslContextFactory sslContextFactory() { + @Override protected Factory<SSLContext> sslContextFactory() { return null; } } diff --git a/modules/clients/src/test/java/org/apache/ignite/internal/client/router/TcpSslRouterSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/internal/client/router/TcpSslRouterSelfTest.java index 3e710f08796..659a3abd8bc 100644 --- a/modules/clients/src/test/java/org/apache/ignite/internal/client/router/TcpSslRouterSelfTest.java +++ b/modules/clients/src/test/java/org/apache/ignite/internal/client/router/TcpSslRouterSelfTest.java @@ -17,8 +17,9 @@ package org.apache.ignite.internal.client.router; +import javax.cache.configuration.Factory; +import javax.net.ssl.SSLContext; import org.apache.ignite.IgniteCheckedException; -import org.apache.ignite.internal.client.ssl.GridSslContextFactory; import org.apache.ignite.testframework.GridTestUtils; import org.junit.Ignore; @@ -33,8 +34,8 @@ public class TcpSslRouterSelfTest extends TcpRouterAbstractSelfTest { } /** {@inheritDoc} */ - @Override protected GridSslContextFactory sslContextFactory() { - return GridTestUtils.sslContextFactory(); + @Override protected Factory<SSLContext> sslContextFactory() { + return GridTestUtils.sslFactory(); } /** diff --git a/modules/clients/src/test/resources/spring-router-ssl.xml b/modules/clients/src/test/resources/spring-router-ssl.xml index e145cce9844..f083704a618 100644 --- a/modules/clients/src/test/resources/spring-router-ssl.xml +++ b/modules/clients/src/test/resources/spring-router-ssl.xml @@ -83,7 +83,7 @@ <!-- Provide Ssl context. --> <property name="sslContextFactory"> - <bean class="org.apache.ignite.internal.client.ssl.GridSslBasicContextFactory"> + <bean class="org.apache.ignite.ssl.SslContextFactory"> <property name="keyStoreFilePath" value="${CLIENTS_MODULE_PATH}/src/test/keystore/server.jks"/> <property name="keyStorePassword" value="123456"/> <property name="trustStoreFilePath" value="${CLIENTS_MODULE_PATH}/src/test/keystore/trust-one.jks"/> diff --git a/modules/clients/src/test/resources/spring-server-ssl-node.xml b/modules/clients/src/test/resources/spring-server-ssl-node.xml index 8589a3c6ffe..eb27cc68262 100644 --- a/modules/clients/src/test/resources/spring-server-ssl-node.xml +++ b/modules/clients/src/test/resources/spring-server-ssl-node.xml @@ -68,8 +68,8 @@ <!-- Sets flag indicating whether or not SSL client authentication is required. --> <property name="sslClientAuth" value="true"/> - <property name="sslContextFactory"> - <bean class="org.apache.ignite.internal.client.ssl.GridSslBasicContextFactory"> + <property name="sslFactory"> + <bean class="org.apache.ignite.ssl.SslContextFactory"> <property name="keyStoreFilePath" value="${CLIENTS_MODULE_PATH}/src/test/keystore/server.jks"/> <property name="keyStorePassword" value="123456"/> <property name="trustStoreFilePath" value="${CLIENTS_MODULE_PATH}/src/test/keystore/trust-one.jks"/> diff --git a/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/CommandHandler.java b/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/CommandHandler.java index 967f0114cc5..6edcda692aa 100644 --- a/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/CommandHandler.java +++ b/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/CommandHandler.java @@ -27,7 +27,6 @@ import java.util.List; import java.util.Map; import java.util.Scanner; import java.util.UUID; -import java.util.stream.Collectors; import org.apache.ignite.IgniteCheckedException; import org.apache.ignite.IgniteException; import org.apache.ignite.IgniteLogger; @@ -39,7 +38,6 @@ import org.apache.ignite.internal.client.GridClientDisconnectedException; import org.apache.ignite.internal.client.GridClientHandshakeException; import org.apache.ignite.internal.client.GridServerUnreachableException; import org.apache.ignite.internal.client.impl.connection.GridClientConnectionResetException; -import org.apache.ignite.internal.client.ssl.GridSslBasicContextFactory; import org.apache.ignite.internal.logger.IgniteLoggerEx; import org.apache.ignite.internal.util.typedef.F; import org.apache.ignite.internal.util.typedef.X; @@ -572,18 +570,21 @@ public class CommandHandler { * @param args Commond args. * @return Ssl support factory. */ - @NotNull private GridSslBasicContextFactory createSslSupportFactory(ConnectionAndSslParameters args) { - GridSslBasicContextFactory factory = new GridSslBasicContextFactory(); + @NotNull private SslContextFactory createSslSupportFactory(ConnectionAndSslParameters args) { + SslContextFactory factory = new SslContextFactory(); - List<String> sslProtocols = split(args.sslProtocol(), ","); + String[] sslProtocols = split(args.sslProtocol(), ","); - String sslProtocol = F.isEmpty(sslProtocols) ? DFLT_SSL_PROTOCOL : sslProtocols.get(0); + if (F.isEmpty(sslProtocols)) + factory.setProtocol(DFLT_SSL_PROTOCOL); + else { + factory.setProtocol(sslProtocols[0]); - factory.setProtocol(sslProtocol); - factory.setKeyAlgorithm(args.sslKeyAlgorithm()); + if (sslProtocols.length > 1) + factory.setProtocols(sslProtocols); + } - if (sslProtocols.size() > 1) - factory.setProtocols(sslProtocols); + factory.setKeyAlgorithm(args.sslKeyAlgorithm()); factory.setCipherSuites(split(args.getSslCipherSuites(), ",")); @@ -601,7 +602,7 @@ public class CommandHandler { factory.setKeyStoreType(args.sslKeyStoreType()); if (F.isEmpty(args.sslTrustStorePath())) - factory.setTrustManagers(GridSslBasicContextFactory.getDisabledTrustManager()); + factory.setTrustManagers(SslContextFactory.getDisabledTrustManager()); else { factory.setTrustStoreFilePath(args.sslTrustStorePath()); @@ -713,14 +714,14 @@ public class CommandHandler { * @param delim Delimiter. * @return List with items. */ - private static List<String> split(String s, String delim) { + private static String[] split(String s, String delim) { if (F.isEmpty(s)) - return Collections.emptyList(); + return null; return Arrays.stream(s.split(delim)) .map(String::trim) .filter(item -> !item.isEmpty()) - .collect(Collectors.toList()); + .toArray(String[]::new); } /** @param rawArgs Arguments. */ diff --git a/modules/core/src/main/java/org/apache/ignite/internal/client/GridClientConfiguration.java b/modules/core/src/main/java/org/apache/ignite/internal/client/GridClientConfiguration.java index c0135a5e57f..df243597f6c 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/client/GridClientConfiguration.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/client/GridClientConfiguration.java @@ -25,18 +25,19 @@ import java.util.Collections; import java.util.Map; import java.util.Properties; import java.util.concurrent.ExecutorService; +import javax.cache.configuration.Factory; +import javax.net.ssl.SSLContext; import org.apache.ignite.internal.client.balancer.GridClientLoadBalancer; import org.apache.ignite.internal.client.balancer.GridClientRandomBalancer; import org.apache.ignite.internal.client.balancer.GridClientRoundRobinBalancer; import org.apache.ignite.internal.client.marshaller.GridClientMarshaller; import org.apache.ignite.internal.client.marshaller.optimized.GridClientOptimizedMarshaller; -import org.apache.ignite.internal.client.ssl.GridSslBasicContextFactory; -import org.apache.ignite.internal.client.ssl.GridSslContextFactory; import org.apache.ignite.internal.util.typedef.F; import org.apache.ignite.internal.util.typedef.internal.U; import org.apache.ignite.plugin.security.SecurityCredentials; import org.apache.ignite.plugin.security.SecurityCredentialsBasicProvider; import org.apache.ignite.plugin.security.SecurityCredentialsProvider; +import org.apache.ignite.ssl.SslContextFactory; import org.jetbrains.annotations.Nullable; import static org.apache.ignite.ssl.SslContextFactory.DFLT_KEY_ALGORITHM; @@ -84,7 +85,7 @@ public class GridClientConfiguration { private boolean tcpNoDelay = DFLT_TCP_NODELAY; /** SSL context factory */ - private GridSslContextFactory sslCtxFactory; + private Factory<SSLContext> sslCtxFactory; /** Flag indicating whether metrics cache is enabled. */ private boolean enableMetricsCache = true; @@ -338,9 +339,8 @@ public class GridClientConfiguration { * If it returns {@code null} then SSL is considered disabled. * * @return Factory instance. - * @see GridSslContextFactory */ - public GridSslContextFactory getSslContextFactory() { + public Factory<SSLContext> getSslContextFactory() { return sslCtxFactory; } @@ -350,7 +350,7 @@ public class GridClientConfiguration { * @param sslCtxFactory Context factory. * @return {@code this} for chaining. */ - public GridClientConfiguration setSslContextFactory(GridSslContextFactory sslCtxFactory) { + public GridClientConfiguration setSslContextFactory(Factory<SSLContext> sslCtxFactory) { this.sslCtxFactory = sslCtxFactory; return this; @@ -782,7 +782,7 @@ public class GridClientConfiguration { // if (!F.isEmpty(sslEnabled) && Boolean.parseBoolean(sslEnabled)) { - GridSslBasicContextFactory factory = new GridSslBasicContextFactory(); + SslContextFactory factory = new SslContextFactory(); factory.setProtocol(F.isEmpty(sslProto) ? DFLT_SSL_PROTOCOL : sslProto); factory.setKeyAlgorithm(F.isEmpty(sslKeyAlg) ? DFLT_KEY_ALGORITHM : sslKeyAlg); @@ -798,7 +798,7 @@ public class GridClientConfiguration { factory.setKeyStoreType(F.isEmpty(keyStoreType) ? DFLT_STORE_TYPE : keyStoreType); if (F.isEmpty(trustStorePath)) - factory.setTrustManagers(GridSslBasicContextFactory.getDisabledTrustManager()); + factory.setTrustManagers(SslContextFactory.getDisabledTrustManager()); else { factory.setTrustStoreFilePath(trustStorePath); diff --git a/modules/core/src/main/java/org/apache/ignite/internal/client/impl/GridClientImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/client/impl/GridClientImpl.java index b41b531d822..86676b3abdc 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/client/impl/GridClientImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/client/impl/GridClientImpl.java @@ -31,8 +31,8 @@ import java.util.concurrent.ConcurrentMap; import java.util.concurrent.atomic.AtomicBoolean; import java.util.logging.Level; import java.util.logging.Logger; +import javax.cache.configuration.Factory; import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLException; import org.apache.ignite.IgniteException; import org.apache.ignite.IgniteSystemProperties; import org.apache.ignite.internal.client.GridClient; @@ -60,7 +60,6 @@ import org.apache.ignite.internal.client.impl.connection.GridClientConnection; import org.apache.ignite.internal.client.impl.connection.GridClientConnectionManager; import org.apache.ignite.internal.client.impl.connection.GridClientConnectionManagerOsImpl; import org.apache.ignite.internal.client.impl.connection.GridClientTopology; -import org.apache.ignite.internal.client.ssl.GridSslContextFactory; import org.apache.ignite.internal.util.typedef.F; import org.apache.ignite.internal.util.typedef.internal.U; import org.apache.ignite.internal.util.worker.CycleThread; @@ -164,17 +163,10 @@ public class GridClientImpl implements GridClient, GridClientBeforeNodeStart { if (!beforeNodeStart && cfg.getBalancer() instanceof GridClientTopologyListener) top.addTopologyListener((GridClientTopologyListener)cfg.getBalancer()); - GridSslContextFactory factory = cfg.getSslContextFactory(); + Factory<SSLContext> factory = cfg.getSslContextFactory(); - if (factory != null) { - try { - sslCtx = factory.createSslContext(); - } - catch (SSLException e) { - throw new GridClientException("Failed to create client (unable to create SSL context, " + - "check ssl context factory configuration): " + e.getMessage(), e); - } - } + if (factory != null) + sslCtx = factory.create(); else sslCtx = null; diff --git a/modules/core/src/main/java/org/apache/ignite/internal/client/router/GridTcpRouterConfiguration.java b/modules/core/src/main/java/org/apache/ignite/internal/client/router/GridTcpRouterConfiguration.java index 03b650a071c..88bd2d7634a 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/client/router/GridTcpRouterConfiguration.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/client/router/GridTcpRouterConfiguration.java @@ -20,10 +20,11 @@ package org.apache.ignite.internal.client.router; import java.net.Socket; import java.util.Collection; import java.util.Collections; +import javax.cache.configuration.Factory; +import javax.net.ssl.SSLContext; import org.apache.ignite.IgniteLogger; import org.apache.ignite.configuration.ConnectorConfiguration; import org.apache.ignite.configuration.IgniteConfiguration; -import org.apache.ignite.internal.client.ssl.GridSslContextFactory; import org.apache.ignite.internal.util.typedef.internal.A; import org.apache.ignite.internal.util.typedef.internal.S; import org.apache.ignite.plugin.security.SecurityCredentialsProvider; @@ -75,7 +76,7 @@ public class GridTcpRouterConfiguration { private boolean sslClientAuth; /** Ssl context factory. */ - private GridSslContextFactory sslCtxFactory; + private Factory<SSLContext> sslCtxFactory; /** Collection of servers */ private Collection<String> srvrs = DFLT_SERVERS; @@ -162,9 +163,8 @@ public class GridTcpRouterConfiguration { * of both rest binary server and out coming connections. * * @return SslContextFactory instance. - * @see GridSslContextFactory */ - @Nullable public GridSslContextFactory getSslContextFactory() { + @Nullable public Factory<SSLContext> getSslContextFactory() { return sslCtxFactory; } @@ -288,7 +288,7 @@ public class GridTcpRouterConfiguration { * @param sslCtxFactory Ssl context factory. * @return {@code this} for chaining. */ - public GridTcpRouterConfiguration setSslContextFactory(GridSslContextFactory sslCtxFactory) { + public GridTcpRouterConfiguration setSslContextFactory(Factory<SSLContext> sslCtxFactory) { this.sslCtxFactory = sslCtxFactory; return this; diff --git a/modules/core/src/main/java/org/apache/ignite/internal/client/router/impl/GridTcpRouterImpl.java b/modules/core/src/main/java/org/apache/ignite/internal/client/router/impl/GridTcpRouterImpl.java index 4e06092ce79..2682a12a556 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/client/router/impl/GridTcpRouterImpl.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/client/router/impl/GridTcpRouterImpl.java @@ -23,10 +23,10 @@ import java.net.UnknownHostException; import java.nio.ByteOrder; import java.util.Collection; import java.util.UUID; +import javax.cache.configuration.Factory; import javax.management.JMException; import javax.management.ObjectName; import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLException; import org.apache.ignite.IgniteCheckedException; import org.apache.ignite.IgniteException; import org.apache.ignite.IgniteLogger; @@ -34,7 +34,6 @@ import org.apache.ignite.internal.client.GridClientException; import org.apache.ignite.internal.client.router.GridTcpRouter; import org.apache.ignite.internal.client.router.GridTcpRouterConfiguration; import org.apache.ignite.internal.client.router.GridTcpRouterMBean; -import org.apache.ignite.internal.client.ssl.GridSslContextFactory; import org.apache.ignite.internal.processors.rest.client.message.GridClientMessage; import org.apache.ignite.internal.util.nio.GridNioCodecFilter; import org.apache.ignite.internal.util.nio.GridNioFilter; @@ -118,14 +117,9 @@ public class GridTcpRouterImpl implements GridTcpRouter, GridTcpRouterMBean, Lif SSLContext sslCtx; - try { - GridSslContextFactory sslCtxFactory = cfg.getSslContextFactory(); + Factory<SSLContext> sslCtxFactory = cfg.getSslContextFactory(); - sslCtx = sslCtxFactory == null ? null : sslCtxFactory.createSslContext(); - } - catch (SSLException e) { - throw new IgniteException("Failed to create SSL context.", e); - } + sslCtx = sslCtxFactory == null ? null : sslCtxFactory.create(); for (int port = cfg.getPort(), last = port + cfg.getPortRange(); port <= last; port++) { if (startTcpServer(hostAddr, port, lsnr, parser, cfg.isNoDelay(), sslCtx, cfg.isSslClientAuth(), diff --git a/modules/core/src/main/java/org/apache/ignite/internal/client/ssl/GridSslBasicContextFactory.java b/modules/core/src/main/java/org/apache/ignite/internal/client/ssl/GridSslBasicContextFactory.java deleted file mode 100644 index e500705414d..00000000000 --- a/modules/core/src/main/java/org/apache/ignite/internal/client/ssl/GridSslBasicContextFactory.java +++ /dev/null @@ -1,521 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.internal.client.ssl; - -import java.io.FileInputStream; -import java.io.FileNotFoundException; -import java.io.IOException; -import java.io.InputStream; -import java.security.GeneralSecurityException; -import java.security.KeyStore; -import java.security.cert.X509Certificate; -import java.util.Arrays; -import java.util.Collection; -import javax.cache.configuration.Factory; -import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLException; -import javax.net.ssl.SSLParameters; -import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactory; -import javax.net.ssl.X509TrustManager; -import org.apache.ignite.internal.util.typedef.F; -import org.apache.ignite.internal.util.typedef.internal.A; -import org.apache.ignite.ssl.SSLContextWrapper; -import org.apache.ignite.ssl.SslContextFactory; - -import static org.apache.ignite.ssl.SslContextFactory.DFLT_KEY_ALGORITHM; -import static org.apache.ignite.ssl.SslContextFactory.DFLT_SSL_PROTOCOL; -import static org.apache.ignite.ssl.SslContextFactory.DFLT_STORE_TYPE; - -/** - * Basic ssl context factory that provides ssl context configuration with specified key - * and trust stores. - * <p> - * In some cases it is useful to disable certificate validation of client side (e.g. when connecting - * to a server with self-signed certificate). This can be achieved by setting a disabled trust manager - * to this factory, which can be obtained by {@link #getDisabledTrustManager()} method: - * <pre> - * GridSslBasicContextFactory factory = new GridSslBasicContextFactory(); - * factory.setTrustManagers(GridSslBasicContextFactory.getDisabledTrustManager()); - * // Rest of initialization. - * </pre> - * @deprecated Use {@link Factory} instead. - */ -@Deprecated -public class GridSslBasicContextFactory implements GridSslContextFactory { - /** SSL protocol. */ - private String proto = DFLT_SSL_PROTOCOL; - - /** Key manager algorithm. */ - private String keyAlgorithm = DFLT_KEY_ALGORITHM; - - /** Key store type. */ - private String keyStoreType = DFLT_STORE_TYPE; - - /** Path to key store file */ - private String keyStoreFilePath; - - /** Key store password */ - private char[] keyStorePwd; - - /** Trust store type. */ - private String trustStoreType = DFLT_STORE_TYPE; - - /** Path to trust store. */ - private String trustStoreFilePath; - - /** Trust store password */ - private char[] trustStorePwd; - - /** Trust managers. */ - private TrustManager[] trustMgrs; - - /** Enabled cipher suites. */ - private String[] cipherSuites; - - /** Enabled protocols. */ - private String[] protocols; - - /** - * Gets key store type used for context creation. - * - * @return Key store type. - */ - public String getKeyStoreType() { - return keyStoreType; - } - - /** - * Sets key store type used in context initialization. If not provided, {@link SslContextFactory#DFLT_STORE_TYPE} - * will be used. - * - * @param keyStoreType Key store type. - */ - public void setKeyStoreType(String keyStoreType) { - A.notNull(keyStoreType, "keyStoreType"); - - this.keyStoreType = keyStoreType; - } - - /** - * Gets trust store type used for context creation. - * - * @return trust store type. - */ - public String getTrustStoreType() { - return trustStoreType; - } - - /** - * Sets trust store type used in context initialization. If not provided, {@link SslContextFactory#DFLT_STORE_TYPE} - * will be used. - * - * @param trustStoreType Trust store type. - */ - public void setTrustStoreType(String trustStoreType) { - A.notNull(trustStoreType, "trustStoreType"); - - this.trustStoreType = trustStoreType; - } - - /** - * Gets protocol for secure transport. - * - * @return SSL protocol name. - */ - public String getProtocol() { - return proto; - } - - /** - * Sets protocol for secure transport. If not specified, {@link SslContextFactory#DFLT_SSL_PROTOCOL} will be used. - * - * @param proto SSL protocol name. - */ - public void setProtocol(String proto) { - A.notNull(proto, "proto"); - - this.proto = proto; - } - - /** - * Gets algorithm that will be used to create a key manager. If not specified, {@link SslContextFactory#DFLT_KEY_ALGORITHM} - * will be used. - * - * @return Key manager algorithm. - */ - public String getKeyAlgorithm() { - return keyAlgorithm; - } - - /** - * Sets key manager algorithm that will be used to create a key manager. Notice that in most cased default value - * suites well, however, on Android platform this value need to be set to <tt>X509<tt/>. - * - * @param keyAlgorithm Key algorithm name. - */ - public void setKeyAlgorithm(String keyAlgorithm) { - A.notNull(keyAlgorithm, "keyAlgorithm"); - - this.keyAlgorithm = keyAlgorithm; - } - - /** - * Gets path to the key store file. - * - * @return Path to key store file. - */ - public String getKeyStoreFilePath() { - return keyStoreFilePath; - } - - /** - * Sets path to the key store file. This is a mandatory parameter since - * ssl context could not be initialized without key manager. - * - * @param keyStoreFilePath Path to key store file. - */ - public void setKeyStoreFilePath(String keyStoreFilePath) { - A.notNull(keyStoreFilePath, "keyStoreFilePath"); - - this.keyStoreFilePath = keyStoreFilePath; - } - - /** - * Gets key store password. - * - * @return Key store password. - */ - public char[] getKeyStorePassword() { - return keyStorePwd; - } - - /** - * Sets key store password. - * - * @param keyStorePwd Key store password. - */ - public void setKeyStorePassword(char[] keyStorePwd) { - A.notNull(keyStorePwd, "keyStorePwd"); - - this.keyStorePwd = keyStorePwd; - } - - /** - * Gets path to the trust store file. - * - * @return Path to the trust store file. - */ - public String getTrustStoreFilePath() { - return trustStoreFilePath; - } - - /** - * Sets path to the trust store file. This is an optional parameter, - * however one of the {@code setTrustStoreFilePath(String)}, {@link #setTrustManagers(TrustManager[])} - * properties must be set. - * - * @param trustStoreFilePath Path to the trust store file. - */ - public void setTrustStoreFilePath(String trustStoreFilePath) { - this.trustStoreFilePath = trustStoreFilePath; - } - - /** - * Gets trust store password. - * - * @return Trust store password. - */ - public char[] getTrustStorePassword() { - return trustStorePwd; - } - - /** - * Sets trust store password. - * - * @param trustStorePwd Trust store password. - */ - public void setTrustStorePassword(char[] trustStorePwd) { - this.trustStorePwd = trustStorePwd; - } - - /** - * Gets pre-configured trust managers. - * - * @return Trust managers. - */ - public TrustManager[] getTrustManagers() { - return trustMgrs; - } - - /** - * Sets pre-configured trust managers. This is an optional parameter, - * however one of the {@link #setTrustStoreFilePath(String)}, {@code #setTrustManagers(TrustManager[])} - * - * @param trustMgrs Pre-configured trust managers. - */ - public void setTrustManagers(TrustManager... trustMgrs) { - this.trustMgrs = trustMgrs; - } - - /** - * Gets enabled cipher suites. - * - * @return Enabled cipher suites. - */ - public String[] getCipherSuites() { - return cipherSuites; - } - - /** - * Sets enabled cipher suites. - * - * @param cipherSuites Enabled cipher suites. - */ - public void setCipherSuites(String... cipherSuites) { - this.cipherSuites = cipherSuites; - } - - /** - * Sets enabled cipher suites. - * - * @param cipherSuites Enabled cipher suites. - */ - public void setCipherSuites(Collection<String> cipherSuites) { - if (!F.isEmpty(cipherSuites)) - setCipherSuites(cipherSuites.toArray(new String[0])); - } - - /** - * Gets enabled protocols. - * - * @return Enabled protocols. - */ - public String[] getProtocols() { - return protocols; - } - - /** - * Sets enabled protocols. - * - * @param protocols Enabled protocols. - */ - public void setProtocols(String... protocols) { - this.protocols = protocols; - } - - /** - * Sets enabled protocols. - * - * @param protocols Enabled protocols. - */ - public void setProtocols(Collection<String> protocols) { - if (!F.isEmpty(protocols)) - setProtocols(protocols.toArray(new String[0])); - } - - /** - * Returns an instance of trust manager that will always succeed regardless of certificate provided. - * - * @return Trust manager instance. - */ - public static TrustManager getDisabledTrustManager() { - return new DisabledX509TrustManager(); - } - - /** {@inheritDoc} */ - @Override public SSLContext createSslContext() throws SSLException { - checkParameters(); - - try { - KeyManagerFactory keyMgrFactory = KeyManagerFactory.getInstance(keyAlgorithm); - - KeyStore keyStore = loadKeyStore(keyStoreType, keyStoreFilePath, keyStorePwd); - - keyMgrFactory.init(keyStore, keyStorePwd); - - TrustManager[] mgrs = trustMgrs; - - if (mgrs == null) { - TrustManagerFactory trustMgrFactory = TrustManagerFactory.getInstance(keyAlgorithm); - - KeyStore trustStore = loadKeyStore(trustStoreType, trustStoreFilePath, trustStorePwd); - - trustMgrFactory.init(trustStore); - - mgrs = trustMgrFactory.getTrustManagers(); - } - - SSLContext ctx = SSLContext.getInstance(proto); - - if (cipherSuites != null || protocols != null) { - SSLParameters sslParameters = new SSLParameters(); - - if (cipherSuites != null) - sslParameters.setCipherSuites(cipherSuites); - - if (protocols != null) - sslParameters.setProtocols(protocols); - - ctx = new SSLContextWrapper(ctx, sslParameters); - } - - ctx.init(keyMgrFactory.getKeyManagers(), mgrs, null); - - return ctx; - } - catch (GeneralSecurityException e) { - throw new SSLException("Failed to initialize SSL context " + parameters(), e); - } - } - - /** - * Builds human-readable string with factory parameters. - * - * @return Parameters string. - */ - private String parameters() { - StringBuilder buf = new StringBuilder("[keyStoreType=").append(keyStoreType); - - buf.append(", proto=").append(proto).append(", keyStoreFile=").append(keyStoreFilePath); - - if (trustMgrs != null) - buf.append(", trustMgrs=").append(Arrays.toString(trustMgrs)); - else - buf.append(", trustStoreFile=").append(trustStoreFilePath); - - buf.append(']'); - - return buf.toString(); - } - - /** - * Checks that all required parameters are set. - * - * @throws SSLException If any of required parameters is missing. - */ - private void checkParameters() throws SSLException { - assert keyStoreType != null; - assert proto != null; - - checkNullParameter(keyStoreFilePath, "keyStoreFilePath"); - checkNullParameter(keyStorePwd, "keyStorePwd"); - - if (trustMgrs == null) { - if (trustStoreFilePath == null) - throw new SSLException("Failed to initialize SSL context (either trustStoreFilePath or " + - "trustManagers must be provided)"); - else - checkNullParameter(trustStorePwd, "trustStorePwd"); - } - } - - /** - * @param param Value. - * @param name Name. - * @throws SSLException If {@code null}. - */ - private void checkNullParameter(Object param, String name) throws SSLException { - if (param == null) - throw new SSLException("Failed to initialize SSL context (parameter cannot be null): " + name); - } - - /** - * By default, this method simply opens a raw file input stream. Subclasses may override this method - * if some specific location should be handled (this may be a case for Android users). - * - * @param filePath Path to the file. - * @return Opened input stream. - * @throws IOException If stream could not be opened. - */ - protected InputStream openFileInputStream(String filePath) throws IOException { - return new FileInputStream(filePath); - } - - /** - * Loads key store with configured parameters. - * - * @param keyStoreType Type of key store. - * @param storeFilePath Path to key store file. - * @param keyStorePwd Store password. - * @return Initialized key store. - * @throws SSLException If key store could not be initialized. - */ - private KeyStore loadKeyStore(String keyStoreType, String storeFilePath, char[] keyStorePwd) throws SSLException { - InputStream input = null; - - try { - KeyStore keyStore = KeyStore.getInstance(keyStoreType); - - input = openFileInputStream(storeFilePath); - - keyStore.load(input, keyStorePwd); - - return keyStore; - } - catch (GeneralSecurityException e) { - throw new SSLException("Failed to initialize key store (security exception occurred) [type=" + - keyStoreType + ", keyStorePath=" + storeFilePath + ']', e); - } - catch (FileNotFoundException e) { - throw new SSLException("Failed to initialize key store (key store file was not found): [path=" + - storeFilePath + ", msg=" + e.getMessage() + ']'); - } - catch (IOException e) { - throw new SSLException("Failed to initialize key store (I/O error occurred): " + storeFilePath, e); - } - finally { - if (input != null) { - try { - input.close(); - } - catch (IOException ignored) { - } - } - } - } - - /** {@inheritDoc} */ - @Override public String toString() { - return getClass().getSimpleName() + parameters(); - } - - /** - * Disabled trust manager, will skip all certificate checks. - */ - private static class DisabledX509TrustManager implements X509TrustManager { - /** Empty certificate array. */ - private static final X509Certificate[] CERTS = new X509Certificate[0]; - - /** {@inheritDoc} */ - @Override public void checkClientTrusted(X509Certificate[] x509Certificates, String s) { - // No-op, all clients are trusted. - } - - /** {@inheritDoc} */ - @Override public void checkServerTrusted(X509Certificate[] x509Certificates, String s) { - // No-op, all servers are trusted. - } - - /** {@inheritDoc} */ - @Override public X509Certificate[] getAcceptedIssuers() { - return CERTS; - } - } -} diff --git a/modules/core/src/main/java/org/apache/ignite/internal/client/ssl/GridSslContextFactory.java b/modules/core/src/main/java/org/apache/ignite/internal/client/ssl/GridSslContextFactory.java index 9b8a5278aac..a149d60a4b4 100644 --- a/modules/core/src/main/java/org/apache/ignite/internal/client/ssl/GridSslContextFactory.java +++ b/modules/core/src/main/java/org/apache/ignite/internal/client/ssl/GridSslContextFactory.java @@ -23,9 +23,6 @@ import javax.net.ssl.SSLException; /** * This interface provides creation of SSL context both for server and client use. - * <p> - * Usually, it is enough to configure context from a particular key and trust stores, this functionality is provided - * in {@link GridSslBasicContextFactory}. * @deprecated Use {@link Factory} instead. */ @Deprecated diff --git a/modules/core/src/test/java/org/apache/ignite/testframework/GridTestUtils.java b/modules/core/src/test/java/org/apache/ignite/testframework/GridTestUtils.java index cc3e282bf72..9cbb2ec5777 100644 --- a/modules/core/src/test/java/org/apache/ignite/testframework/GridTestUtils.java +++ b/modules/core/src/test/java/org/apache/ignite/testframework/GridTestUtils.java @@ -92,8 +92,6 @@ import org.apache.ignite.internal.IgniteFutureCancelledCheckedException; import org.apache.ignite.internal.IgniteInternalFuture; import org.apache.ignite.internal.IgniteInterruptedCheckedException; import org.apache.ignite.internal.IgniteKernal; -import org.apache.ignite.internal.client.ssl.GridSslBasicContextFactory; -import org.apache.ignite.internal.client.ssl.GridSslContextFactory; import org.apache.ignite.internal.managers.discovery.CustomMessageWrapper; import org.apache.ignite.internal.managers.discovery.DiscoveryCustomMessage; import org.apache.ignite.internal.processors.affinity.AffinityTopologyVersion; @@ -2080,28 +2078,11 @@ public final class GridTestUtils { keyMgrFactory.init(keyStore, storePass); ctx.init(keyMgrFactory.getKeyManagers(), - new TrustManager[]{GridSslBasicContextFactory.getDisabledTrustManager()}, null); + new TrustManager[]{SslContextFactory.getDisabledTrustManager()}, null); return ctx; } - /** - * Creates test-purposed SSL context factory from test key store with disabled trust manager. - * - * @return SSL context factory used in test. - */ - public static GridSslContextFactory sslContextFactory() { - GridSslBasicContextFactory factory = new GridSslBasicContextFactory(); - - factory.setKeyStoreFilePath( - U.resolveIgnitePath(GridTestProperties.getProperty("ssl.keystore.path")).getAbsolutePath()); - factory.setKeyStorePassword(keyStorePassword().toCharArray()); - - factory.setTrustManagers(GridSslBasicContextFactory.getDisabledTrustManager()); - - return factory; - } - /** * Creates test-purposed SSL context factory from test key store with disabled trust manager. *