This is an automated email from the ASF dual-hosted git repository.
av pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ignite.git
The following commit(s) were added to refs/heads/master by this push:
new 0f5b85f5ac2 IGNITE-19370 control.sh should be able to use custom SSL
factory (#10667)
0f5b85f5ac2 is described below
commit 0f5b85f5ac2e07274d11c8f9c5b84ebb343157b5
Author: Anton Vinogradov <a...@apache.org>
AuthorDate: Fri May 12 11:44:28 2023 +0300
IGNITE-19370 control.sh should be able to use custom SSL factory (#10667)
---
docs/_docs/tools/control-script.adoc | 1 +
modules/control-utility/pom.xml | 25 ++----
.../internal/commandline/CommandHandler.java | 23 ++++-
.../internal/commandline/CommonArgParser.java | 14 +++-
.../commandline/ConnectionAndSslParameters.java | 16 +++-
.../testsuites/IgniteControlUtilityTestSuite.java | 8 +-
.../util/GridCommandHandlerAbstractTest.java | 20 ++++-
...ridCommandHandlerIncompatibleSslConfigTest.java | 54 ++++++++++++
.../ignite/util/GridCommandHandlerSslTest.java | 3 +-
.../ignite/util/GridCommandHandlerTestUtils.java | 38 ---------
.../util/GridCommandHandlerWithSslFactoryTest.java | 98 ++++++++++++++++++++++
...est.java => GridCommandHandlerWithSslTest.java} | 2 +-
.../src/test/resources/ssl-factory-config.xml | 36 ++++++++
...mandHandlerClusterByClassTest_cache_help.output | 2 +-
...ridCommandHandlerClusterByClassTest_help.output | 2 +-
...dlerClusterByClassWithSSLTest_cache_help.output | 2 +-
...andHandlerClusterByClassWithSSLTest_help.output | 2 +-
17 files changed, 272 insertions(+), 74 deletions(-)
diff --git a/docs/_docs/tools/control-script.adoc
b/docs/_docs/tools/control-script.adoc
index 592c0c89b21..490c55e7f37 100644
--- a/docs/_docs/tools/control-script.adoc
+++ b/docs/_docs/tools/control-script.adoc
@@ -60,6 +60,7 @@ If you want to connect to a node that is running on a remove
machine, specify th
| --truststore-type TRUSTSTORE_TYPE | The type of the truststore. | `JKS`
| --truststore TRUSTSTORE_PATH | The path to the truststore. |
| --truststore-password TRUSTSTORE_PWD | The password to the truststore. |
+| --ssl-factory SSL_FACTORY_PATH | Custom SSL factory Spring xml file path. |
|===
diff --git a/modules/control-utility/pom.xml b/modules/control-utility/pom.xml
index 13729cbb94f..636a58590f2 100644
--- a/modules/control-utility/pom.xml
+++ b/modules/control-utility/pom.xml
@@ -41,6 +41,11 @@
<artifactId>ignite-core</artifactId>
</dependency>
+ <dependency>
+ <groupId>${project.groupId}</groupId>
+ <artifactId>ignite-spring</artifactId>
+ </dependency>
+
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>ignite-indexing</artifactId>
@@ -74,20 +79,6 @@
<scope>test</scope>
</dependency>
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-beans</artifactId>
- <version>${spring.version}</version>
- <scope>test</scope>
- </dependency>
-
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-context</artifactId>
- <version>${spring.version}</version>
- <scope>test</scope>
- </dependency>
-
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>ignite-tools</artifactId>
@@ -107,12 +98,6 @@
<scope>test</scope>
</dependency>
- <dependency>
- <groupId>${project.groupId}</groupId>
- <artifactId>ignite-spring</artifactId>
- <scope>test</scope>
- </dependency>
-
<dependency>
<groupId>org.apache.curator</groupId>
<artifactId>curator-test</artifactId>
diff --git
a/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/CommandHandler.java
b/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/CommandHandler.java
index 6edcda692aa..84f592d57e8 100644
---
a/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/CommandHandler.java
+++
b/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/CommandHandler.java
@@ -17,6 +17,7 @@
package org.apache.ignite.internal.commandline;
+import java.net.URL;
import java.time.Duration;
import java.time.LocalDateTime;
import java.time.format.DateTimeFormatter;
@@ -27,6 +28,8 @@ import java.util.List;
import java.util.Map;
import java.util.Scanner;
import java.util.UUID;
+import javax.cache.configuration.Factory;
+import javax.net.ssl.SSLContext;
import org.apache.ignite.IgniteCheckedException;
import org.apache.ignite.IgniteException;
import org.apache.ignite.IgniteLogger;
@@ -39,6 +42,8 @@ import
org.apache.ignite.internal.client.GridClientHandshakeException;
import org.apache.ignite.internal.client.GridServerUnreachableException;
import
org.apache.ignite.internal.client.impl.connection.GridClientConnectionResetException;
import org.apache.ignite.internal.logger.IgniteLoggerEx;
+import org.apache.ignite.internal.util.IgniteUtils;
+import org.apache.ignite.internal.util.spring.IgniteSpringHelperImpl;
import org.apache.ignite.internal.util.typedef.F;
import org.apache.ignite.internal.util.typedef.X;
import org.apache.ignite.internal.util.typedef.internal.SB;
@@ -48,6 +53,7 @@ import
org.apache.ignite.plugin.security.SecurityCredentialsBasicProvider;
import org.apache.ignite.plugin.security.SecurityCredentialsProvider;
import org.apache.ignite.ssl.SslContextFactory;
import org.jetbrains.annotations.NotNull;
+import org.springframework.context.ApplicationContext;
import static java.lang.System.lineSeparator;
import static java.util.Objects.nonNull;
@@ -536,8 +542,13 @@ public class CommandHandler {
if (!F.isEmpty(userName))
clientCfg.setSecurityCredentialsProvider(getSecurityCredentialsProvider(userName,
password, clientCfg));
- if (!F.isEmpty(args.sslKeyStorePath()))
+ if (!F.isEmpty(args.sslKeyStorePath()) ||
!F.isEmpty(args.sslFactoryConfigPath())) {
+ if (!F.isEmpty(args.sslKeyStorePath()) &&
!F.isEmpty(args.sslFactoryConfigPath()))
+ throw new IgniteCheckedException("Incorrect SSL configuration.
" +
+ "SSL factory config path should not be specified
simultaneously with other SSL options like keystore path.");
+
clientCfg.setSslContextFactory(createSslSupportFactory(args));
+ }
return clientCfg;
}
@@ -570,7 +581,15 @@ public class CommandHandler {
* @param args Commond args.
* @return Ssl support factory.
*/
- @NotNull private SslContextFactory
createSslSupportFactory(ConnectionAndSslParameters args) {
+ @NotNull private Factory<SSLContext>
createSslSupportFactory(ConnectionAndSslParameters args) throws
IgniteCheckedException {
+ if (!F.isEmpty(args.sslFactoryConfigPath())) {
+ URL springCfg =
IgniteUtils.resolveSpringUrl(args.sslFactoryConfigPath());
+
+ ApplicationContext ctx =
IgniteSpringHelperImpl.applicationContext(springCfg);
+
+ return (Factory<SSLContext>)ctx.getBean(Factory.class);
+ }
+
SslContextFactory factory = new SslContextFactory();
String[] sslProtocols = split(args.sslProtocol(), ",");
diff --git
a/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/CommonArgParser.java
b/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/CommonArgParser.java
index 91257db88ee..2a16b809f2f 100644
---
a/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/CommonArgParser.java
+++
b/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/CommonArgParser.java
@@ -104,6 +104,9 @@ public class CommonArgParser {
/** */
static final String CMD_ENABLE_EXPERIMENTAL = "--enable-experimental";
+ /** */
+ static final String CMD_SSL_FACTORY = "--ssl-factory";
+
/** List of optional auxiliary commands. */
private static final Set<String> AUX_COMMANDS = new HashSet<>();
@@ -126,6 +129,7 @@ public class CommonArgParser {
AUX_COMMANDS.add(CMD_SSL_PROTOCOL);
AUX_COMMANDS.add(CMD_SSL_KEY_ALGORITHM);
AUX_COMMANDS.add(CMD_SSL_CIPHER_SUITES);
+ AUX_COMMANDS.add(CMD_SSL_FACTORY);
AUX_COMMANDS.add(CMD_KEYSTORE);
AUX_COMMANDS.add(CMD_KEYSTORE_PASSWORD);
@@ -175,6 +179,7 @@ public class CommonArgParser {
list.add(optional(CMD_SSL_PROTOCOL, "SSL_PROTOCOL[, SSL_PROTOCOL_2,
..., SSL_PROTOCOL_N]"));
list.add(optional(CMD_SSL_CIPHER_SUITES, "SSL_CIPHER_1[, SSL_CIPHER_2,
..., SSL_CIPHER_N]"));
list.add(optional(CMD_SSL_KEY_ALGORITHM, "SSL_KEY_ALGORITHM"));
+ list.add(optional(CMD_SSL_FACTORY, "SSL_FACTORY_PATH"));
list.add(optional(CMD_KEYSTORE_TYPE, "KEYSTORE_TYPE"));
list.add(optional(CMD_KEYSTORE, "KEYSTORE_PATH"));
list.add(optional(CMD_KEYSTORE_PASSWORD, "KEYSTORE_PASSWORD"));
@@ -234,6 +239,8 @@ public class CommonArgParser {
Command<?> command = null;
+ String sslFactoryCfg = null;
+
while (argIter.hasNextArg()) {
String str = argIter.nextArg("").toLowerCase();
@@ -354,6 +361,11 @@ public class CommonArgParser {
experimentalEnabled = true;
break;
+ case CMD_SSL_FACTORY:
+ sslFactoryCfg = argIter.nextArg("Expected SSL factory
config path");
+
+ break;
+
default:
throw new IllegalArgumentException("Unexpected
argument: " + str);
}
@@ -374,7 +386,7 @@ public class CommonArgParser {
pingTimeout, pingInterval, autoConfirmation, verbose,
sslProtocol, sslCipherSuites,
sslKeyAlgorithm, sslKeyStorePath, sslKeyStorePassword,
sslKeyStoreType,
- sslTrustStorePath, sslTrustStorePassword, sslTrustStoreType);
+ sslTrustStorePath, sslTrustStorePassword, sslTrustStoreType,
sslFactoryCfg);
}
/**
diff --git
a/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/ConnectionAndSslParameters.java
b/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/ConnectionAndSslParameters.java
index 68fb8467dbc..c642ed0d5cd 100644
---
a/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/ConnectionAndSslParameters.java
+++
b/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/ConnectionAndSslParameters.java
@@ -74,6 +74,9 @@ public class ConnectionAndSslParameters {
/** Truststore Password. */
private char[] sslTrustStorePassword;
+ /** SSL factory config. */
+ private String sslFactoryCfgPath;
+
/** High-level command. */
private Command command;
@@ -96,12 +99,14 @@ public class ConnectionAndSslParameters {
* @param sslTrustStorePath Truststore.
* @param sslTrustStorePassword Truststore Password.
* @param sslTrustStoreType Truststore Type.
+ * @param sslFactoryCfgPath SSL Factory config.
*/
public ConnectionAndSslParameters(Command command, String host, String
port, String user, String pwd,
Long pingTimeout, Long pingInterval, boolean autoConfirmation, boolean
verbose,
String sslProtocol, String sslCipherSuites, String sslKeyAlgorithm,
String sslKeyStorePath, char[] sslKeyStorePassword, String
sslKeyStoreType,
- String sslTrustStorePath, char[] sslTrustStorePassword, String
sslTrustStoreType
+ String sslTrustStorePath, char[] sslTrustStorePassword, String
sslTrustStoreType,
+ String sslFactoryCfgPath
) {
this.command = command;
this.host = host;
@@ -126,6 +131,8 @@ public class ConnectionAndSslParameters {
this.sslTrustStorePath = sslTrustStorePath;
this.sslTrustStoreType = sslTrustStoreType;
this.sslTrustStorePassword = sslTrustStorePassword;
+
+ this.sslFactoryCfgPath = sslFactoryCfgPath;
}
/**
@@ -283,6 +290,13 @@ public class ConnectionAndSslParameters {
this.sslTrustStorePassword = sslTrustStorePassword;
}
+ /**
+ * @return Predefined SSL Factory config.
+ */
+ public String sslFactoryConfigPath() {
+ return sslFactoryCfgPath;
+ }
+
/**
* Returns {@code true} if verbose mode is enabled.
*
diff --git
a/modules/control-utility/src/test/java/org/apache/ignite/testsuites/IgniteControlUtilityTestSuite.java
b/modules/control-utility/src/test/java/org/apache/ignite/testsuites/IgniteControlUtilityTestSuite.java
index 99caa99e75f..060841b4239 100644
---
a/modules/control-utility/src/test/java/org/apache/ignite/testsuites/IgniteControlUtilityTestSuite.java
+++
b/modules/control-utility/src/test/java/org/apache/ignite/testsuites/IgniteControlUtilityTestSuite.java
@@ -27,6 +27,7 @@ import
org.apache.ignite.util.GridCommandHandlerCheckIndexesInlineSizeTest;
import org.apache.ignite.util.GridCommandHandlerClusterByClassTest;
import org.apache.ignite.util.GridCommandHandlerClusterByClassWithSSLTest;
import
org.apache.ignite.util.GridCommandHandlerConsistencyRepairCorrectnessTransactionalTest;
+import org.apache.ignite.util.GridCommandHandlerIncompatibleSslConfigTest;
import org.apache.ignite.util.GridCommandHandlerIndexingCheckSizeTest;
import org.apache.ignite.util.GridCommandHandlerIndexingClusterByClassTest;
import
org.apache.ignite.util.GridCommandHandlerIndexingClusterByClassWithSSLTest;
@@ -36,7 +37,8 @@ import
org.apache.ignite.util.GridCommandHandlerInterruptCommandTest;
import org.apache.ignite.util.GridCommandHandlerMetadataTest;
import org.apache.ignite.util.GridCommandHandlerSslTest;
import org.apache.ignite.util.GridCommandHandlerTest;
-import org.apache.ignite.util.GridCommandHandlerWithSSLTest;
+import org.apache.ignite.util.GridCommandHandlerWithSslFactoryTest;
+import org.apache.ignite.util.GridCommandHandlerWithSslTest;
import org.apache.ignite.util.KillCommandsControlShTest;
import org.junit.runner.RunWith;
import org.junit.runners.Suite;
@@ -49,7 +51,9 @@ import org.junit.runners.Suite;
CommandHandlerParsingTest.class,
GridCommandHandlerTest.class,
- GridCommandHandlerWithSSLTest.class,
+ GridCommandHandlerWithSslTest.class,
+ GridCommandHandlerWithSslFactoryTest.class,
+ GridCommandHandlerIncompatibleSslConfigTest.class,
GridCommandHandlerClusterByClassTest.class,
GridCommandHandlerClusterByClassWithSSLTest.class,
GridCommandHandlerSslTest.class,
diff --git
a/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerAbstractTest.java
b/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerAbstractTest.java
index 02c583d5459..7d74c87c864 100644
---
a/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerAbstractTest.java
+++
b/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerAbstractTest.java
@@ -31,6 +31,8 @@ import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
+import javax.cache.configuration.Factory;
+import javax.net.ssl.SSLContext;
import org.apache.ignite.Ignite;
import org.apache.ignite.IgniteDataStreamer;
import org.apache.ignite.IgniteLogger;
@@ -80,7 +82,6 @@ import static
org.apache.ignite.events.EventType.EVT_CONSISTENCY_VIOLATION;
import static
org.apache.ignite.internal.encryption.AbstractEncryptionTest.KEYSTORE_PASSWORD;
import static
org.apache.ignite.internal.encryption.AbstractEncryptionTest.KEYSTORE_PATH;
import static
org.apache.ignite.internal.processors.cache.verify.VerifyBackupPartitionsDumpTask.IDLE_DUMP_FILE_PREFIX;
-import static org.apache.ignite.util.GridCommandHandlerTestUtils.addSslParams;
/**
* Common abstract class for testing {@link CommandHandler}.
@@ -267,7 +268,7 @@ public abstract class GridCommandHandlerAbstractTest
extends GridCommonAbstractT
cfg.setConnectorConfiguration(new
ConnectorConfiguration().setSslEnabled(sslEnabled()));
if (sslEnabled())
- cfg.setSslContextFactory(GridTestUtils.sslFactory());
+ cfg.setSslContextFactory(sslFactory());
DataStorageConfiguration dsCfg = new DataStorageConfiguration()
.setWalMode(WALMode.LOG_ONLY)
@@ -393,10 +394,23 @@ public abstract class GridCommandHandlerAbstractTest
extends GridCommonAbstractT
if (sslEnabled()) {
// We shouldn't add extra args for --cache help.
if (args.size() < 2 || !args.get(0).equals("--cache") ||
!args.get(1).equals("help"))
- addSslParams(args);
+ extendSslParams(args);
}
}
+ /** Custom SSL params. */
+ protected void extendSslParams(List<String> params) {
+ params.add("--keystore");
+ params.add(GridTestUtils.keyStorePath("node01"));
+ params.add("--keystore-password");
+ params.add(GridTestUtils.keyStorePassword());
+ }
+
+ /** Custom SSL factory. */
+ protected Factory<SSLContext> sslFactory() {
+ return GridTestUtils.sslFactory();
+ }
+
/** */
protected void injectTestSystemOut() {
System.setOut(new PrintStream(testOut));
diff --git
a/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerIncompatibleSslConfigTest.java
b/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerIncompatibleSslConfigTest.java
new file mode 100644
index 00000000000..2a3dcf39154
--- /dev/null
+++
b/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerIncompatibleSslConfigTest.java
@@ -0,0 +1,54 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ignite.util;
+
+import java.util.List;
+import org.junit.Test;
+
+import static
org.apache.ignite.internal.commandline.CommandHandler.EXIT_CODE_UNEXPECTED_ERROR;
+import static org.apache.ignite.testframework.GridTestUtils.assertContains;
+
+/**
+ *
+ */
+public class GridCommandHandlerIncompatibleSslConfigTest extends
GridCommandHandlerClusterPerMethodAbstractTest {
+ /** {@inheritDoc} */
+ @Override protected boolean sslEnabled() {
+ return true;
+ }
+
+ /** {@inheritDoc} */
+ @Override protected void extendSslParams(List<String> params) {
+ params.add("--ssl-factory"); // incompatible
+ params.add("src/test/resources/some-file.xml");
+ params.add("--keystore"); // incompatible
+ params.add("src/test/resources/some-file.jks");
+ }
+
+ /** */
+ @Test
+ public void test() throws Exception {
+ startGrids(1);
+
+ injectTestSystemOut();
+
+ assertEquals(EXIT_CODE_UNEXPECTED_ERROR, execute("--set-state",
"ACTIVE"));
+
+ assertContains(log, testOut.toString(), "Incorrect SSL
configuration.");
+ }
+}
diff --git
a/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerSslTest.java
b/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerSslTest.java
index ea260fa0752..1e2b61e4573 100644
---
a/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerSslTest.java
+++
b/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerSslTest.java
@@ -34,7 +34,6 @@ import org.junit.Test;
import static
org.apache.ignite.internal.commandline.CommandHandler.EXIT_CODE_CONNECTION_FAILED;
import static
org.apache.ignite.internal.commandline.CommandHandler.EXIT_CODE_OK;
import static org.apache.ignite.testframework.GridTestUtils.assertContains;
-import static org.apache.ignite.util.GridCommandHandlerTestUtils.addSslParams;
/**
* Command line handler test with SSL.
@@ -86,7 +85,7 @@ public class GridCommandHandlerSslTest extends
GridCommandHandlerClusterPerMetho
List<String> params = new ArrayList<>();
- addSslParams(params);
+ extendSslParams(params);
if (!F.isEmpty(utilityCipherSuite)) {
params.add("--ssl-cipher-suites");
diff --git
a/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerTestUtils.java
b/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerTestUtils.java
deleted file mode 100644
index a17f7439625..00000000000
---
a/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerTestUtils.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ignite.util;
-
-import java.util.List;
-import org.apache.ignite.testframework.GridTestUtils;
-
-/**
- * Utility class for command handler.
- */
-public class GridCommandHandlerTestUtils {
- /** */
- public static void addSslParams(List<String> params) {
- params.add("--keystore");
- params.add(GridTestUtils.keyStorePath("node01"));
- params.add("--keystore-password");
- params.add(GridTestUtils.keyStorePassword());
- }
-
- /** */
- private GridCommandHandlerTestUtils() {
- }
-}
diff --git
a/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerWithSslFactoryTest.java
b/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerWithSslFactoryTest.java
new file mode 100644
index 00000000000..a8709a8ba7b
--- /dev/null
+++
b/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerWithSslFactoryTest.java
@@ -0,0 +1,98 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ignite.util;
+
+import java.util.List;
+import javax.cache.configuration.Factory;
+import javax.net.ssl.SSLContext;
+import org.apache.ignite.internal.util.typedef.internal.U;
+import org.apache.ignite.ssl.SslContextFactory;
+import org.apache.ignite.testframework.GridTestUtils;
+import org.junit.AfterClass;
+
+/**
+ *
+ */
+public class GridCommandHandlerWithSslFactoryTest extends
GridCommandHandlerWithSslTest {
+ /** Keystore path. */
+ private static final String KEYSTORE_PATH = "KEYSTORE_PATH";
+
+ /** Keystore password. */
+ private static final String KEYSTORE_PASSWORD = "KEYSTORE_PASSWORD";
+
+ /** Custorm SSL factory used. */
+ protected static volatile boolean factoryUsed;
+
+ /** {@inheritDoc} */
+ @Override protected void beforeTestsStarted() throws Exception {
+ System.setProperty(KEYSTORE_PATH,
GridTestUtils.keyStorePath("node01"));
+ System.setProperty(KEYSTORE_PASSWORD,
GridTestUtils.keyStorePassword());
+
+ super.beforeTestsStarted();
+ }
+
+ /** */
+ @AfterClass
+ public static void tearDown() {
+ System.clearProperty(KEYSTORE_PATH);
+ System.clearProperty(KEYSTORE_PASSWORD);
+ }
+
+ /** {@inheritDoc} */
+ @Override protected void afterTest() throws Exception {
+ super.afterTest();
+
+ assertTrue(factoryUsed);
+
+ factoryUsed = false;
+ }
+
+ /** {@inheritDoc} */
+ @Override protected void extendSslParams(List<String> params) {
+ params.add("--ssl-factory");
+
params.add(U.resolveIgnitePath("modules/control-utility/src/test/resources/ssl-factory-config.xml").getPath());
+ }
+
+ /** {@inheritDoc} */
+ @Override protected Factory<SSLContext> sslFactory() {
+ Factory<SSLContext> factory = super.sslFactory();
+
+ assertFalse(factory instanceof SslFactory);
+
+ return factory;
+ }
+
+ /**
+ * Custom SSL Factory.
+ */
+ public static class SslFactory extends SslContextFactory {
+ /** {@inheritDoc} */
+ @Override public SSLContext create() {
+ factoryUsed = true;
+
+ return super.create();
+ }
+ }
+
+ /** {@inheritDoc} */
+ @Override public void
testCleaningGarbageAfterCacheDestroyedAndNodeStop_ControlConsoleUtil() throws
Exception {
+
super.testCleaningGarbageAfterCacheDestroyedAndNodeStop_ControlConsoleUtil();
+
+ factoryUsed = true; // It's an SSL free test. Setting to `true` to
avoid fail on check.
+ }
+}
diff --git
a/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerWithSSLTest.java
b/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerWithSslTest.java
similarity index 93%
rename from
modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerWithSSLTest.java
rename to
modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerWithSslTest.java
index a0582ab16af..82f35c956a2 100644
---
a/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerWithSSLTest.java
+++
b/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerWithSslTest.java
@@ -20,7 +20,7 @@ package org.apache.ignite.util;
/**
*
*/
-public class GridCommandHandlerWithSSLTest extends GridCommandHandlerTest {
+public class GridCommandHandlerWithSslTest extends GridCommandHandlerTest {
/** {@inheritDoc} */
@Override protected boolean sslEnabled() {
return true;
diff --git a/modules/control-utility/src/test/resources/ssl-factory-config.xml
b/modules/control-utility/src/test/resources/ssl-factory-config.xml
new file mode 100644
index 00000000000..591ebaae9ec
--- /dev/null
+++ b/modules/control-utility/src/test/resources/ssl-factory-config.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<beans xmlns="http://www.springframework.org/schema/beans";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xmlns:context="http://www.springframework.org/schema/context";
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context
+ http://www.springframework.org/schema/context/spring-context.xsd";>
+ <context:property-placeholder/>
+ <bean name="mgr"
class="org.apache.ignite.ssl.SslContextFactory.DisabledX509TrustManager"/>
+
+ <bean
class="org.apache.ignite.util.GridCommandHandlerWithSslFactoryTest.SslFactory">
+ <property name="keyStoreFilePath" value="${KEYSTORE_PATH}"/>
+ <property name="keyStorePassword" value="${KEYSTORE_PASSWORD}"/>
+ <property name="trustManagers" ref="mgr"/>
+ </bean>
+</beans>
diff --git
a/modules/core/src/test/resources/org.apache.ignite.util/GridCommandHandlerClusterByClassTest_cache_help.output
b/modules/core/src/test/resources/org.apache.ignite.util/GridCommandHandlerClusterByClassTest_cache_help.output
index fcb323d6377..dd98c8ef8b8 100644
---
a/modules/core/src/test/resources/org.apache.ignite.util/GridCommandHandlerClusterByClassTest_cache_help.output
+++
b/modules/core/src/test/resources/org.apache.ignite.util/GridCommandHandlerClusterByClassTest_cache_help.output
@@ -7,7 +7,7 @@ Arguments: --cache help --yes
--------------------------------------------------------------------------------
The '--cache subcommand' is used to get information about and perform
actions with caches. The command has the following syntax:
- control.(sh|bat) [--host HOST_OR_IP] [--port PORT] [--user USER] [--password
PASSWORD] [--ping-interval PING_INTERVAL] [--ping-timeout PING_TIMEOUT]
[--verbose] [--ssl-protocol SSL_PROTOCOL[, SSL_PROTOCOL_2, ...,
SSL_PROTOCOL_N]] [--ssl-cipher-suites SSL_CIPHER_1[, SSL_CIPHER_2, ...,
SSL_CIPHER_N]] [--ssl-key-algorithm SSL_KEY_ALGORITHM] [--keystore-type
KEYSTORE_TYPE] [--keystore KEYSTORE_PATH] [--keystore-password
KEYSTORE_PASSWORD] [--truststore-type TRUSTSTORE_TYPE] [--truststore T [...]
+ control.(sh|bat) [--host HOST_OR_IP] [--port PORT] [--user USER] [--password
PASSWORD] [--ping-interval PING_INTERVAL] [--ping-timeout PING_TIMEOUT]
[--verbose] [--ssl-protocol SSL_PROTOCOL[, SSL_PROTOCOL_2, ...,
SSL_PROTOCOL_N]] [--ssl-cipher-suites SSL_CIPHER_1[, SSL_CIPHER_2, ...,
SSL_CIPHER_N]] [--ssl-key-algorithm SSL_KEY_ALGORITHM] [--ssl-factory
SSL_FACTORY_PATH] [--keystore-type KEYSTORE_TYPE] [--keystore KEYSTORE_PATH]
[--keystore-password KEYSTORE_PASSWORD] [--truststore-type [...]
The subcommands that take [nodeId] as an argument ('list', 'find_garbage',
'contention' and 'validate_indexes') will be executed on the given node or on
all server nodes if the option is not specified. Other commands will run on a
random server node.
diff --git
a/modules/core/src/test/resources/org.apache.ignite.util/GridCommandHandlerClusterByClassTest_help.output
b/modules/core/src/test/resources/org.apache.ignite.util/GridCommandHandlerClusterByClassTest_help.output
index d19c90f7ec5..3276607bb35 100644
---
a/modules/core/src/test/resources/org.apache.ignite.util/GridCommandHandlerClusterByClassTest_help.output
+++
b/modules/core/src/test/resources/org.apache.ignite.util/GridCommandHandlerClusterByClassTest_help.output
@@ -4,7 +4,7 @@ User: <!any!>
Time: <!any!>
Control utility script is used to execute admin commands on cluster or get
common cluster info. The command has the following syntax:
- control.(sh|bat) [--host HOST_OR_IP] [--port PORT] [--user USER] [--password
PASSWORD] [--ping-interval PING_INTERVAL] [--ping-timeout PING_TIMEOUT]
[--verbose] [--ssl-protocol SSL_PROTOCOL[, SSL_PROTOCOL_2, ...,
SSL_PROTOCOL_N]] [--ssl-cipher-suites SSL_CIPHER_1[, SSL_CIPHER_2, ...,
SSL_CIPHER_N]] [--ssl-key-algorithm SSL_KEY_ALGORITHM] [--keystore-type
KEYSTORE_TYPE] [--keystore KEYSTORE_PATH] [--keystore-password
KEYSTORE_PASSWORD] [--truststore-type TRUSTSTORE_TYPE] [--truststore T [...]
+ control.(sh|bat) [--host HOST_OR_IP] [--port PORT] [--user USER] [--password
PASSWORD] [--ping-interval PING_INTERVAL] [--ping-timeout PING_TIMEOUT]
[--verbose] [--ssl-protocol SSL_PROTOCOL[, SSL_PROTOCOL_2, ...,
SSL_PROTOCOL_N]] [--ssl-cipher-suites SSL_CIPHER_1[, SSL_CIPHER_2, ...,
SSL_CIPHER_N]] [--ssl-key-algorithm SSL_KEY_ALGORITHM] [--ssl-factory
SSL_FACTORY_PATH] [--keystore-type KEYSTORE_TYPE] [--keystore KEYSTORE_PATH]
[--keystore-password KEYSTORE_PASSWORD] [--truststore-type [...]
This utility can do the following commands:
diff --git
a/modules/core/src/test/resources/org.apache.ignite.util/GridCommandHandlerClusterByClassWithSSLTest_cache_help.output
b/modules/core/src/test/resources/org.apache.ignite.util/GridCommandHandlerClusterByClassWithSSLTest_cache_help.output
index fcb323d6377..dd98c8ef8b8 100644
---
a/modules/core/src/test/resources/org.apache.ignite.util/GridCommandHandlerClusterByClassWithSSLTest_cache_help.output
+++
b/modules/core/src/test/resources/org.apache.ignite.util/GridCommandHandlerClusterByClassWithSSLTest_cache_help.output
@@ -7,7 +7,7 @@ Arguments: --cache help --yes
--------------------------------------------------------------------------------
The '--cache subcommand' is used to get information about and perform
actions with caches. The command has the following syntax:
- control.(sh|bat) [--host HOST_OR_IP] [--port PORT] [--user USER] [--password
PASSWORD] [--ping-interval PING_INTERVAL] [--ping-timeout PING_TIMEOUT]
[--verbose] [--ssl-protocol SSL_PROTOCOL[, SSL_PROTOCOL_2, ...,
SSL_PROTOCOL_N]] [--ssl-cipher-suites SSL_CIPHER_1[, SSL_CIPHER_2, ...,
SSL_CIPHER_N]] [--ssl-key-algorithm SSL_KEY_ALGORITHM] [--keystore-type
KEYSTORE_TYPE] [--keystore KEYSTORE_PATH] [--keystore-password
KEYSTORE_PASSWORD] [--truststore-type TRUSTSTORE_TYPE] [--truststore T [...]
+ control.(sh|bat) [--host HOST_OR_IP] [--port PORT] [--user USER] [--password
PASSWORD] [--ping-interval PING_INTERVAL] [--ping-timeout PING_TIMEOUT]
[--verbose] [--ssl-protocol SSL_PROTOCOL[, SSL_PROTOCOL_2, ...,
SSL_PROTOCOL_N]] [--ssl-cipher-suites SSL_CIPHER_1[, SSL_CIPHER_2, ...,
SSL_CIPHER_N]] [--ssl-key-algorithm SSL_KEY_ALGORITHM] [--ssl-factory
SSL_FACTORY_PATH] [--keystore-type KEYSTORE_TYPE] [--keystore KEYSTORE_PATH]
[--keystore-password KEYSTORE_PASSWORD] [--truststore-type [...]
The subcommands that take [nodeId] as an argument ('list', 'find_garbage',
'contention' and 'validate_indexes') will be executed on the given node or on
all server nodes if the option is not specified. Other commands will run on a
random server node.
diff --git
a/modules/core/src/test/resources/org.apache.ignite.util/GridCommandHandlerClusterByClassWithSSLTest_help.output
b/modules/core/src/test/resources/org.apache.ignite.util/GridCommandHandlerClusterByClassWithSSLTest_help.output
index d19c90f7ec5..3276607bb35 100644
---
a/modules/core/src/test/resources/org.apache.ignite.util/GridCommandHandlerClusterByClassWithSSLTest_help.output
+++
b/modules/core/src/test/resources/org.apache.ignite.util/GridCommandHandlerClusterByClassWithSSLTest_help.output
@@ -4,7 +4,7 @@ User: <!any!>
Time: <!any!>
Control utility script is used to execute admin commands on cluster or get
common cluster info. The command has the following syntax:
- control.(sh|bat) [--host HOST_OR_IP] [--port PORT] [--user USER] [--password
PASSWORD] [--ping-interval PING_INTERVAL] [--ping-timeout PING_TIMEOUT]
[--verbose] [--ssl-protocol SSL_PROTOCOL[, SSL_PROTOCOL_2, ...,
SSL_PROTOCOL_N]] [--ssl-cipher-suites SSL_CIPHER_1[, SSL_CIPHER_2, ...,
SSL_CIPHER_N]] [--ssl-key-algorithm SSL_KEY_ALGORITHM] [--keystore-type
KEYSTORE_TYPE] [--keystore KEYSTORE_PATH] [--keystore-password
KEYSTORE_PASSWORD] [--truststore-type TRUSTSTORE_TYPE] [--truststore T [...]
+ control.(sh|bat) [--host HOST_OR_IP] [--port PORT] [--user USER] [--password
PASSWORD] [--ping-interval PING_INTERVAL] [--ping-timeout PING_TIMEOUT]
[--verbose] [--ssl-protocol SSL_PROTOCOL[, SSL_PROTOCOL_2, ...,
SSL_PROTOCOL_N]] [--ssl-cipher-suites SSL_CIPHER_1[, SSL_CIPHER_2, ...,
SSL_CIPHER_N]] [--ssl-key-algorithm SSL_KEY_ALGORITHM] [--ssl-factory
SSL_FACTORY_PATH] [--keystore-type KEYSTORE_TYPE] [--keystore KEYSTORE_PATH]
[--keystore-password KEYSTORE_PASSWORD] [--truststore-type [...]
This utility can do the following commands:
