This is an automated email from the ASF dual-hosted git repository. av pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ignite.git
The following commit(s) were added to refs/heads/master by this push: new 0f5b85f5ac2 IGNITE-19370 control.sh should be able to use custom SSL factory (#10667) 0f5b85f5ac2 is described below commit 0f5b85f5ac2e07274d11c8f9c5b84ebb343157b5 Author: Anton Vinogradov <a...@apache.org> AuthorDate: Fri May 12 11:44:28 2023 +0300 IGNITE-19370 control.sh should be able to use custom SSL factory (#10667) --- docs/_docs/tools/control-script.adoc | 1 + modules/control-utility/pom.xml | 25 ++---- .../internal/commandline/CommandHandler.java | 23 ++++- .../internal/commandline/CommonArgParser.java | 14 +++- .../commandline/ConnectionAndSslParameters.java | 16 +++- .../testsuites/IgniteControlUtilityTestSuite.java | 8 +- .../util/GridCommandHandlerAbstractTest.java | 20 ++++- ...ridCommandHandlerIncompatibleSslConfigTest.java | 54 ++++++++++++ .../ignite/util/GridCommandHandlerSslTest.java | 3 +- .../ignite/util/GridCommandHandlerTestUtils.java | 38 --------- .../util/GridCommandHandlerWithSslFactoryTest.java | 98 ++++++++++++++++++++++ ...est.java => GridCommandHandlerWithSslTest.java} | 2 +- .../src/test/resources/ssl-factory-config.xml | 36 ++++++++ ...mandHandlerClusterByClassTest_cache_help.output | 2 +- ...ridCommandHandlerClusterByClassTest_help.output | 2 +- ...dlerClusterByClassWithSSLTest_cache_help.output | 2 +- ...andHandlerClusterByClassWithSSLTest_help.output | 2 +- 17 files changed, 272 insertions(+), 74 deletions(-) diff --git a/docs/_docs/tools/control-script.adoc b/docs/_docs/tools/control-script.adoc index 592c0c89b21..490c55e7f37 100644 --- a/docs/_docs/tools/control-script.adoc +++ b/docs/_docs/tools/control-script.adoc @@ -60,6 +60,7 @@ If you want to connect to a node that is running on a remove machine, specify th | --truststore-type TRUSTSTORE_TYPE | The type of the truststore. | `JKS` | --truststore TRUSTSTORE_PATH | The path to the truststore. | | --truststore-password TRUSTSTORE_PWD | The password to the truststore. | +| --ssl-factory SSL_FACTORY_PATH | Custom SSL factory Spring xml file path. | |=== diff --git a/modules/control-utility/pom.xml b/modules/control-utility/pom.xml index 13729cbb94f..636a58590f2 100644 --- a/modules/control-utility/pom.xml +++ b/modules/control-utility/pom.xml @@ -41,6 +41,11 @@ <artifactId>ignite-core</artifactId> </dependency> + <dependency> + <groupId>${project.groupId}</groupId> + <artifactId>ignite-spring</artifactId> + </dependency> + <dependency> <groupId>${project.groupId}</groupId> <artifactId>ignite-indexing</artifactId> @@ -74,20 +79,6 @@ <scope>test</scope> </dependency> - <dependency> - <groupId>org.springframework</groupId> - <artifactId>spring-beans</artifactId> - <version>${spring.version}</version> - <scope>test</scope> - </dependency> - - <dependency> - <groupId>org.springframework</groupId> - <artifactId>spring-context</artifactId> - <version>${spring.version}</version> - <scope>test</scope> - </dependency> - <dependency> <groupId>${project.groupId}</groupId> <artifactId>ignite-tools</artifactId> @@ -107,12 +98,6 @@ <scope>test</scope> </dependency> - <dependency> - <groupId>${project.groupId}</groupId> - <artifactId>ignite-spring</artifactId> - <scope>test</scope> - </dependency> - <dependency> <groupId>org.apache.curator</groupId> <artifactId>curator-test</artifactId> diff --git a/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/CommandHandler.java b/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/CommandHandler.java index 6edcda692aa..84f592d57e8 100644 --- a/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/CommandHandler.java +++ b/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/CommandHandler.java @@ -17,6 +17,7 @@ package org.apache.ignite.internal.commandline; +import java.net.URL; import java.time.Duration; import java.time.LocalDateTime; import java.time.format.DateTimeFormatter; @@ -27,6 +28,8 @@ import java.util.List; import java.util.Map; import java.util.Scanner; import java.util.UUID; +import javax.cache.configuration.Factory; +import javax.net.ssl.SSLContext; import org.apache.ignite.IgniteCheckedException; import org.apache.ignite.IgniteException; import org.apache.ignite.IgniteLogger; @@ -39,6 +42,8 @@ import org.apache.ignite.internal.client.GridClientHandshakeException; import org.apache.ignite.internal.client.GridServerUnreachableException; import org.apache.ignite.internal.client.impl.connection.GridClientConnectionResetException; import org.apache.ignite.internal.logger.IgniteLoggerEx; +import org.apache.ignite.internal.util.IgniteUtils; +import org.apache.ignite.internal.util.spring.IgniteSpringHelperImpl; import org.apache.ignite.internal.util.typedef.F; import org.apache.ignite.internal.util.typedef.X; import org.apache.ignite.internal.util.typedef.internal.SB; @@ -48,6 +53,7 @@ import org.apache.ignite.plugin.security.SecurityCredentialsBasicProvider; import org.apache.ignite.plugin.security.SecurityCredentialsProvider; import org.apache.ignite.ssl.SslContextFactory; import org.jetbrains.annotations.NotNull; +import org.springframework.context.ApplicationContext; import static java.lang.System.lineSeparator; import static java.util.Objects.nonNull; @@ -536,8 +542,13 @@ public class CommandHandler { if (!F.isEmpty(userName)) clientCfg.setSecurityCredentialsProvider(getSecurityCredentialsProvider(userName, password, clientCfg)); - if (!F.isEmpty(args.sslKeyStorePath())) + if (!F.isEmpty(args.sslKeyStorePath()) || !F.isEmpty(args.sslFactoryConfigPath())) { + if (!F.isEmpty(args.sslKeyStorePath()) && !F.isEmpty(args.sslFactoryConfigPath())) + throw new IgniteCheckedException("Incorrect SSL configuration. " + + "SSL factory config path should not be specified simultaneously with other SSL options like keystore path."); + clientCfg.setSslContextFactory(createSslSupportFactory(args)); + } return clientCfg; } @@ -570,7 +581,15 @@ public class CommandHandler { * @param args Commond args. * @return Ssl support factory. */ - @NotNull private SslContextFactory createSslSupportFactory(ConnectionAndSslParameters args) { + @NotNull private Factory<SSLContext> createSslSupportFactory(ConnectionAndSslParameters args) throws IgniteCheckedException { + if (!F.isEmpty(args.sslFactoryConfigPath())) { + URL springCfg = IgniteUtils.resolveSpringUrl(args.sslFactoryConfigPath()); + + ApplicationContext ctx = IgniteSpringHelperImpl.applicationContext(springCfg); + + return (Factory<SSLContext>)ctx.getBean(Factory.class); + } + SslContextFactory factory = new SslContextFactory(); String[] sslProtocols = split(args.sslProtocol(), ","); diff --git a/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/CommonArgParser.java b/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/CommonArgParser.java index 91257db88ee..2a16b809f2f 100644 --- a/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/CommonArgParser.java +++ b/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/CommonArgParser.java @@ -104,6 +104,9 @@ public class CommonArgParser { /** */ static final String CMD_ENABLE_EXPERIMENTAL = "--enable-experimental"; + /** */ + static final String CMD_SSL_FACTORY = "--ssl-factory"; + /** List of optional auxiliary commands. */ private static final Set<String> AUX_COMMANDS = new HashSet<>(); @@ -126,6 +129,7 @@ public class CommonArgParser { AUX_COMMANDS.add(CMD_SSL_PROTOCOL); AUX_COMMANDS.add(CMD_SSL_KEY_ALGORITHM); AUX_COMMANDS.add(CMD_SSL_CIPHER_SUITES); + AUX_COMMANDS.add(CMD_SSL_FACTORY); AUX_COMMANDS.add(CMD_KEYSTORE); AUX_COMMANDS.add(CMD_KEYSTORE_PASSWORD); @@ -175,6 +179,7 @@ public class CommonArgParser { list.add(optional(CMD_SSL_PROTOCOL, "SSL_PROTOCOL[, SSL_PROTOCOL_2, ..., SSL_PROTOCOL_N]")); list.add(optional(CMD_SSL_CIPHER_SUITES, "SSL_CIPHER_1[, SSL_CIPHER_2, ..., SSL_CIPHER_N]")); list.add(optional(CMD_SSL_KEY_ALGORITHM, "SSL_KEY_ALGORITHM")); + list.add(optional(CMD_SSL_FACTORY, "SSL_FACTORY_PATH")); list.add(optional(CMD_KEYSTORE_TYPE, "KEYSTORE_TYPE")); list.add(optional(CMD_KEYSTORE, "KEYSTORE_PATH")); list.add(optional(CMD_KEYSTORE_PASSWORD, "KEYSTORE_PASSWORD")); @@ -234,6 +239,8 @@ public class CommonArgParser { Command<?> command = null; + String sslFactoryCfg = null; + while (argIter.hasNextArg()) { String str = argIter.nextArg("").toLowerCase(); @@ -354,6 +361,11 @@ public class CommonArgParser { experimentalEnabled = true; break; + case CMD_SSL_FACTORY: + sslFactoryCfg = argIter.nextArg("Expected SSL factory config path"); + + break; + default: throw new IllegalArgumentException("Unexpected argument: " + str); } @@ -374,7 +386,7 @@ public class CommonArgParser { pingTimeout, pingInterval, autoConfirmation, verbose, sslProtocol, sslCipherSuites, sslKeyAlgorithm, sslKeyStorePath, sslKeyStorePassword, sslKeyStoreType, - sslTrustStorePath, sslTrustStorePassword, sslTrustStoreType); + sslTrustStorePath, sslTrustStorePassword, sslTrustStoreType, sslFactoryCfg); } /** diff --git a/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/ConnectionAndSslParameters.java b/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/ConnectionAndSslParameters.java index 68fb8467dbc..c642ed0d5cd 100644 --- a/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/ConnectionAndSslParameters.java +++ b/modules/control-utility/src/main/java/org/apache/ignite/internal/commandline/ConnectionAndSslParameters.java @@ -74,6 +74,9 @@ public class ConnectionAndSslParameters { /** Truststore Password. */ private char[] sslTrustStorePassword; + /** SSL factory config. */ + private String sslFactoryCfgPath; + /** High-level command. */ private Command command; @@ -96,12 +99,14 @@ public class ConnectionAndSslParameters { * @param sslTrustStorePath Truststore. * @param sslTrustStorePassword Truststore Password. * @param sslTrustStoreType Truststore Type. + * @param sslFactoryCfgPath SSL Factory config. */ public ConnectionAndSslParameters(Command command, String host, String port, String user, String pwd, Long pingTimeout, Long pingInterval, boolean autoConfirmation, boolean verbose, String sslProtocol, String sslCipherSuites, String sslKeyAlgorithm, String sslKeyStorePath, char[] sslKeyStorePassword, String sslKeyStoreType, - String sslTrustStorePath, char[] sslTrustStorePassword, String sslTrustStoreType + String sslTrustStorePath, char[] sslTrustStorePassword, String sslTrustStoreType, + String sslFactoryCfgPath ) { this.command = command; this.host = host; @@ -126,6 +131,8 @@ public class ConnectionAndSslParameters { this.sslTrustStorePath = sslTrustStorePath; this.sslTrustStoreType = sslTrustStoreType; this.sslTrustStorePassword = sslTrustStorePassword; + + this.sslFactoryCfgPath = sslFactoryCfgPath; } /** @@ -283,6 +290,13 @@ public class ConnectionAndSslParameters { this.sslTrustStorePassword = sslTrustStorePassword; } + /** + * @return Predefined SSL Factory config. + */ + public String sslFactoryConfigPath() { + return sslFactoryCfgPath; + } + /** * Returns {@code true} if verbose mode is enabled. * diff --git a/modules/control-utility/src/test/java/org/apache/ignite/testsuites/IgniteControlUtilityTestSuite.java b/modules/control-utility/src/test/java/org/apache/ignite/testsuites/IgniteControlUtilityTestSuite.java index 99caa99e75f..060841b4239 100644 --- a/modules/control-utility/src/test/java/org/apache/ignite/testsuites/IgniteControlUtilityTestSuite.java +++ b/modules/control-utility/src/test/java/org/apache/ignite/testsuites/IgniteControlUtilityTestSuite.java @@ -27,6 +27,7 @@ import org.apache.ignite.util.GridCommandHandlerCheckIndexesInlineSizeTest; import org.apache.ignite.util.GridCommandHandlerClusterByClassTest; import org.apache.ignite.util.GridCommandHandlerClusterByClassWithSSLTest; import org.apache.ignite.util.GridCommandHandlerConsistencyRepairCorrectnessTransactionalTest; +import org.apache.ignite.util.GridCommandHandlerIncompatibleSslConfigTest; import org.apache.ignite.util.GridCommandHandlerIndexingCheckSizeTest; import org.apache.ignite.util.GridCommandHandlerIndexingClusterByClassTest; import org.apache.ignite.util.GridCommandHandlerIndexingClusterByClassWithSSLTest; @@ -36,7 +37,8 @@ import org.apache.ignite.util.GridCommandHandlerInterruptCommandTest; import org.apache.ignite.util.GridCommandHandlerMetadataTest; import org.apache.ignite.util.GridCommandHandlerSslTest; import org.apache.ignite.util.GridCommandHandlerTest; -import org.apache.ignite.util.GridCommandHandlerWithSSLTest; +import org.apache.ignite.util.GridCommandHandlerWithSslFactoryTest; +import org.apache.ignite.util.GridCommandHandlerWithSslTest; import org.apache.ignite.util.KillCommandsControlShTest; import org.junit.runner.RunWith; import org.junit.runners.Suite; @@ -49,7 +51,9 @@ import org.junit.runners.Suite; CommandHandlerParsingTest.class, GridCommandHandlerTest.class, - GridCommandHandlerWithSSLTest.class, + GridCommandHandlerWithSslTest.class, + GridCommandHandlerWithSslFactoryTest.class, + GridCommandHandlerIncompatibleSslConfigTest.class, GridCommandHandlerClusterByClassTest.class, GridCommandHandlerClusterByClassWithSSLTest.class, GridCommandHandlerSslTest.class, diff --git a/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerAbstractTest.java b/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerAbstractTest.java index 02c583d5459..7d74c87c864 100644 --- a/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerAbstractTest.java +++ b/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerAbstractTest.java @@ -31,6 +31,8 @@ import java.util.List; import java.util.logging.Level; import java.util.logging.Logger; import java.util.stream.Collectors; +import javax.cache.configuration.Factory; +import javax.net.ssl.SSLContext; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteDataStreamer; import org.apache.ignite.IgniteLogger; @@ -80,7 +82,6 @@ import static org.apache.ignite.events.EventType.EVT_CONSISTENCY_VIOLATION; import static org.apache.ignite.internal.encryption.AbstractEncryptionTest.KEYSTORE_PASSWORD; import static org.apache.ignite.internal.encryption.AbstractEncryptionTest.KEYSTORE_PATH; import static org.apache.ignite.internal.processors.cache.verify.VerifyBackupPartitionsDumpTask.IDLE_DUMP_FILE_PREFIX; -import static org.apache.ignite.util.GridCommandHandlerTestUtils.addSslParams; /** * Common abstract class for testing {@link CommandHandler}. @@ -267,7 +268,7 @@ public abstract class GridCommandHandlerAbstractTest extends GridCommonAbstractT cfg.setConnectorConfiguration(new ConnectorConfiguration().setSslEnabled(sslEnabled())); if (sslEnabled()) - cfg.setSslContextFactory(GridTestUtils.sslFactory()); + cfg.setSslContextFactory(sslFactory()); DataStorageConfiguration dsCfg = new DataStorageConfiguration() .setWalMode(WALMode.LOG_ONLY) @@ -393,10 +394,23 @@ public abstract class GridCommandHandlerAbstractTest extends GridCommonAbstractT if (sslEnabled()) { // We shouldn't add extra args for --cache help. if (args.size() < 2 || !args.get(0).equals("--cache") || !args.get(1).equals("help")) - addSslParams(args); + extendSslParams(args); } } + /** Custom SSL params. */ + protected void extendSslParams(List<String> params) { + params.add("--keystore"); + params.add(GridTestUtils.keyStorePath("node01")); + params.add("--keystore-password"); + params.add(GridTestUtils.keyStorePassword()); + } + + /** Custom SSL factory. */ + protected Factory<SSLContext> sslFactory() { + return GridTestUtils.sslFactory(); + } + /** */ protected void injectTestSystemOut() { System.setOut(new PrintStream(testOut)); diff --git a/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerIncompatibleSslConfigTest.java b/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerIncompatibleSslConfigTest.java new file mode 100644 index 00000000000..2a3dcf39154 --- /dev/null +++ b/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerIncompatibleSslConfigTest.java @@ -0,0 +1,54 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.util; + +import java.util.List; +import org.junit.Test; + +import static org.apache.ignite.internal.commandline.CommandHandler.EXIT_CODE_UNEXPECTED_ERROR; +import static org.apache.ignite.testframework.GridTestUtils.assertContains; + +/** + * + */ +public class GridCommandHandlerIncompatibleSslConfigTest extends GridCommandHandlerClusterPerMethodAbstractTest { + /** {@inheritDoc} */ + @Override protected boolean sslEnabled() { + return true; + } + + /** {@inheritDoc} */ + @Override protected void extendSslParams(List<String> params) { + params.add("--ssl-factory"); // incompatible + params.add("src/test/resources/some-file.xml"); + params.add("--keystore"); // incompatible + params.add("src/test/resources/some-file.jks"); + } + + /** */ + @Test + public void test() throws Exception { + startGrids(1); + + injectTestSystemOut(); + + assertEquals(EXIT_CODE_UNEXPECTED_ERROR, execute("--set-state", "ACTIVE")); + + assertContains(log, testOut.toString(), "Incorrect SSL configuration."); + } +} diff --git a/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerSslTest.java b/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerSslTest.java index ea260fa0752..1e2b61e4573 100644 --- a/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerSslTest.java +++ b/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerSslTest.java @@ -34,7 +34,6 @@ import org.junit.Test; import static org.apache.ignite.internal.commandline.CommandHandler.EXIT_CODE_CONNECTION_FAILED; import static org.apache.ignite.internal.commandline.CommandHandler.EXIT_CODE_OK; import static org.apache.ignite.testframework.GridTestUtils.assertContains; -import static org.apache.ignite.util.GridCommandHandlerTestUtils.addSslParams; /** * Command line handler test with SSL. @@ -86,7 +85,7 @@ public class GridCommandHandlerSslTest extends GridCommandHandlerClusterPerMetho List<String> params = new ArrayList<>(); - addSslParams(params); + extendSslParams(params); if (!F.isEmpty(utilityCipherSuite)) { params.add("--ssl-cipher-suites"); diff --git a/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerTestUtils.java b/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerTestUtils.java deleted file mode 100644 index a17f7439625..00000000000 --- a/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerTestUtils.java +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ignite.util; - -import java.util.List; -import org.apache.ignite.testframework.GridTestUtils; - -/** - * Utility class for command handler. - */ -public class GridCommandHandlerTestUtils { - /** */ - public static void addSslParams(List<String> params) { - params.add("--keystore"); - params.add(GridTestUtils.keyStorePath("node01")); - params.add("--keystore-password"); - params.add(GridTestUtils.keyStorePassword()); - } - - /** */ - private GridCommandHandlerTestUtils() { - } -} diff --git a/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerWithSslFactoryTest.java b/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerWithSslFactoryTest.java new file mode 100644 index 00000000000..a8709a8ba7b --- /dev/null +++ b/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerWithSslFactoryTest.java @@ -0,0 +1,98 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.util; + +import java.util.List; +import javax.cache.configuration.Factory; +import javax.net.ssl.SSLContext; +import org.apache.ignite.internal.util.typedef.internal.U; +import org.apache.ignite.ssl.SslContextFactory; +import org.apache.ignite.testframework.GridTestUtils; +import org.junit.AfterClass; + +/** + * + */ +public class GridCommandHandlerWithSslFactoryTest extends GridCommandHandlerWithSslTest { + /** Keystore path. */ + private static final String KEYSTORE_PATH = "KEYSTORE_PATH"; + + /** Keystore password. */ + private static final String KEYSTORE_PASSWORD = "KEYSTORE_PASSWORD"; + + /** Custorm SSL factory used. */ + protected static volatile boolean factoryUsed; + + /** {@inheritDoc} */ + @Override protected void beforeTestsStarted() throws Exception { + System.setProperty(KEYSTORE_PATH, GridTestUtils.keyStorePath("node01")); + System.setProperty(KEYSTORE_PASSWORD, GridTestUtils.keyStorePassword()); + + super.beforeTestsStarted(); + } + + /** */ + @AfterClass + public static void tearDown() { + System.clearProperty(KEYSTORE_PATH); + System.clearProperty(KEYSTORE_PASSWORD); + } + + /** {@inheritDoc} */ + @Override protected void afterTest() throws Exception { + super.afterTest(); + + assertTrue(factoryUsed); + + factoryUsed = false; + } + + /** {@inheritDoc} */ + @Override protected void extendSslParams(List<String> params) { + params.add("--ssl-factory"); + params.add(U.resolveIgnitePath("modules/control-utility/src/test/resources/ssl-factory-config.xml").getPath()); + } + + /** {@inheritDoc} */ + @Override protected Factory<SSLContext> sslFactory() { + Factory<SSLContext> factory = super.sslFactory(); + + assertFalse(factory instanceof SslFactory); + + return factory; + } + + /** + * Custom SSL Factory. + */ + public static class SslFactory extends SslContextFactory { + /** {@inheritDoc} */ + @Override public SSLContext create() { + factoryUsed = true; + + return super.create(); + } + } + + /** {@inheritDoc} */ + @Override public void testCleaningGarbageAfterCacheDestroyedAndNodeStop_ControlConsoleUtil() throws Exception { + super.testCleaningGarbageAfterCacheDestroyedAndNodeStop_ControlConsoleUtil(); + + factoryUsed = true; // It's an SSL free test. Setting to `true` to avoid fail on check. + } +} diff --git a/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerWithSSLTest.java b/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerWithSslTest.java similarity index 93% rename from modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerWithSSLTest.java rename to modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerWithSslTest.java index a0582ab16af..82f35c956a2 100644 --- a/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerWithSSLTest.java +++ b/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerWithSslTest.java @@ -20,7 +20,7 @@ package org.apache.ignite.util; /** * */ -public class GridCommandHandlerWithSSLTest extends GridCommandHandlerTest { +public class GridCommandHandlerWithSslTest extends GridCommandHandlerTest { /** {@inheritDoc} */ @Override protected boolean sslEnabled() { return true; diff --git a/modules/control-utility/src/test/resources/ssl-factory-config.xml b/modules/control-utility/src/test/resources/ssl-factory-config.xml new file mode 100644 index 00000000000..591ebaae9ec --- /dev/null +++ b/modules/control-utility/src/test/resources/ssl-factory-config.xml @@ -0,0 +1,36 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xsi:schemaLocation=" + http://www.springframework.org/schema/beans + http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context + http://www.springframework.org/schema/context/spring-context.xsd"> + <context:property-placeholder/> + <bean name="mgr" class="org.apache.ignite.ssl.SslContextFactory.DisabledX509TrustManager"/> + + <bean class="org.apache.ignite.util.GridCommandHandlerWithSslFactoryTest.SslFactory"> + <property name="keyStoreFilePath" value="${KEYSTORE_PATH}"/> + <property name="keyStorePassword" value="${KEYSTORE_PASSWORD}"/> + <property name="trustManagers" ref="mgr"/> + </bean> +</beans> diff --git a/modules/core/src/test/resources/org.apache.ignite.util/GridCommandHandlerClusterByClassTest_cache_help.output b/modules/core/src/test/resources/org.apache.ignite.util/GridCommandHandlerClusterByClassTest_cache_help.output index fcb323d6377..dd98c8ef8b8 100644 --- a/modules/core/src/test/resources/org.apache.ignite.util/GridCommandHandlerClusterByClassTest_cache_help.output +++ b/modules/core/src/test/resources/org.apache.ignite.util/GridCommandHandlerClusterByClassTest_cache_help.output @@ -7,7 +7,7 @@ Arguments: --cache help --yes -------------------------------------------------------------------------------- The '--cache subcommand' is used to get information about and perform actions with caches. The command has the following syntax: - control.(sh|bat) [--host HOST_OR_IP] [--port PORT] [--user USER] [--password PASSWORD] [--ping-interval PING_INTERVAL] [--ping-timeout PING_TIMEOUT] [--verbose] [--ssl-protocol SSL_PROTOCOL[, SSL_PROTOCOL_2, ..., SSL_PROTOCOL_N]] [--ssl-cipher-suites SSL_CIPHER_1[, SSL_CIPHER_2, ..., SSL_CIPHER_N]] [--ssl-key-algorithm SSL_KEY_ALGORITHM] [--keystore-type KEYSTORE_TYPE] [--keystore KEYSTORE_PATH] [--keystore-password KEYSTORE_PASSWORD] [--truststore-type TRUSTSTORE_TYPE] [--truststore T [...] + control.(sh|bat) [--host HOST_OR_IP] [--port PORT] [--user USER] [--password PASSWORD] [--ping-interval PING_INTERVAL] [--ping-timeout PING_TIMEOUT] [--verbose] [--ssl-protocol SSL_PROTOCOL[, SSL_PROTOCOL_2, ..., SSL_PROTOCOL_N]] [--ssl-cipher-suites SSL_CIPHER_1[, SSL_CIPHER_2, ..., SSL_CIPHER_N]] [--ssl-key-algorithm SSL_KEY_ALGORITHM] [--ssl-factory SSL_FACTORY_PATH] [--keystore-type KEYSTORE_TYPE] [--keystore KEYSTORE_PATH] [--keystore-password KEYSTORE_PASSWORD] [--truststore-type [...] The subcommands that take [nodeId] as an argument ('list', 'find_garbage', 'contention' and 'validate_indexes') will be executed on the given node or on all server nodes if the option is not specified. Other commands will run on a random server node. diff --git a/modules/core/src/test/resources/org.apache.ignite.util/GridCommandHandlerClusterByClassTest_help.output b/modules/core/src/test/resources/org.apache.ignite.util/GridCommandHandlerClusterByClassTest_help.output index d19c90f7ec5..3276607bb35 100644 --- a/modules/core/src/test/resources/org.apache.ignite.util/GridCommandHandlerClusterByClassTest_help.output +++ b/modules/core/src/test/resources/org.apache.ignite.util/GridCommandHandlerClusterByClassTest_help.output @@ -4,7 +4,7 @@ User: <!any!> Time: <!any!> Control utility script is used to execute admin commands on cluster or get common cluster info. The command has the following syntax: - control.(sh|bat) [--host HOST_OR_IP] [--port PORT] [--user USER] [--password PASSWORD] [--ping-interval PING_INTERVAL] [--ping-timeout PING_TIMEOUT] [--verbose] [--ssl-protocol SSL_PROTOCOL[, SSL_PROTOCOL_2, ..., SSL_PROTOCOL_N]] [--ssl-cipher-suites SSL_CIPHER_1[, SSL_CIPHER_2, ..., SSL_CIPHER_N]] [--ssl-key-algorithm SSL_KEY_ALGORITHM] [--keystore-type KEYSTORE_TYPE] [--keystore KEYSTORE_PATH] [--keystore-password KEYSTORE_PASSWORD] [--truststore-type TRUSTSTORE_TYPE] [--truststore T [...] + control.(sh|bat) [--host HOST_OR_IP] [--port PORT] [--user USER] [--password PASSWORD] [--ping-interval PING_INTERVAL] [--ping-timeout PING_TIMEOUT] [--verbose] [--ssl-protocol SSL_PROTOCOL[, SSL_PROTOCOL_2, ..., SSL_PROTOCOL_N]] [--ssl-cipher-suites SSL_CIPHER_1[, SSL_CIPHER_2, ..., SSL_CIPHER_N]] [--ssl-key-algorithm SSL_KEY_ALGORITHM] [--ssl-factory SSL_FACTORY_PATH] [--keystore-type KEYSTORE_TYPE] [--keystore KEYSTORE_PATH] [--keystore-password KEYSTORE_PASSWORD] [--truststore-type [...] This utility can do the following commands: diff --git a/modules/core/src/test/resources/org.apache.ignite.util/GridCommandHandlerClusterByClassWithSSLTest_cache_help.output b/modules/core/src/test/resources/org.apache.ignite.util/GridCommandHandlerClusterByClassWithSSLTest_cache_help.output index fcb323d6377..dd98c8ef8b8 100644 --- a/modules/core/src/test/resources/org.apache.ignite.util/GridCommandHandlerClusterByClassWithSSLTest_cache_help.output +++ b/modules/core/src/test/resources/org.apache.ignite.util/GridCommandHandlerClusterByClassWithSSLTest_cache_help.output @@ -7,7 +7,7 @@ Arguments: --cache help --yes -------------------------------------------------------------------------------- The '--cache subcommand' is used to get information about and perform actions with caches. The command has the following syntax: - control.(sh|bat) [--host HOST_OR_IP] [--port PORT] [--user USER] [--password PASSWORD] [--ping-interval PING_INTERVAL] [--ping-timeout PING_TIMEOUT] [--verbose] [--ssl-protocol SSL_PROTOCOL[, SSL_PROTOCOL_2, ..., SSL_PROTOCOL_N]] [--ssl-cipher-suites SSL_CIPHER_1[, SSL_CIPHER_2, ..., SSL_CIPHER_N]] [--ssl-key-algorithm SSL_KEY_ALGORITHM] [--keystore-type KEYSTORE_TYPE] [--keystore KEYSTORE_PATH] [--keystore-password KEYSTORE_PASSWORD] [--truststore-type TRUSTSTORE_TYPE] [--truststore T [...] + control.(sh|bat) [--host HOST_OR_IP] [--port PORT] [--user USER] [--password PASSWORD] [--ping-interval PING_INTERVAL] [--ping-timeout PING_TIMEOUT] [--verbose] [--ssl-protocol SSL_PROTOCOL[, SSL_PROTOCOL_2, ..., SSL_PROTOCOL_N]] [--ssl-cipher-suites SSL_CIPHER_1[, SSL_CIPHER_2, ..., SSL_CIPHER_N]] [--ssl-key-algorithm SSL_KEY_ALGORITHM] [--ssl-factory SSL_FACTORY_PATH] [--keystore-type KEYSTORE_TYPE] [--keystore KEYSTORE_PATH] [--keystore-password KEYSTORE_PASSWORD] [--truststore-type [...] The subcommands that take [nodeId] as an argument ('list', 'find_garbage', 'contention' and 'validate_indexes') will be executed on the given node or on all server nodes if the option is not specified. Other commands will run on a random server node. diff --git a/modules/core/src/test/resources/org.apache.ignite.util/GridCommandHandlerClusterByClassWithSSLTest_help.output b/modules/core/src/test/resources/org.apache.ignite.util/GridCommandHandlerClusterByClassWithSSLTest_help.output index d19c90f7ec5..3276607bb35 100644 --- a/modules/core/src/test/resources/org.apache.ignite.util/GridCommandHandlerClusterByClassWithSSLTest_help.output +++ b/modules/core/src/test/resources/org.apache.ignite.util/GridCommandHandlerClusterByClassWithSSLTest_help.output @@ -4,7 +4,7 @@ User: <!any!> Time: <!any!> Control utility script is used to execute admin commands on cluster or get common cluster info. The command has the following syntax: - control.(sh|bat) [--host HOST_OR_IP] [--port PORT] [--user USER] [--password PASSWORD] [--ping-interval PING_INTERVAL] [--ping-timeout PING_TIMEOUT] [--verbose] [--ssl-protocol SSL_PROTOCOL[, SSL_PROTOCOL_2, ..., SSL_PROTOCOL_N]] [--ssl-cipher-suites SSL_CIPHER_1[, SSL_CIPHER_2, ..., SSL_CIPHER_N]] [--ssl-key-algorithm SSL_KEY_ALGORITHM] [--keystore-type KEYSTORE_TYPE] [--keystore KEYSTORE_PATH] [--keystore-password KEYSTORE_PASSWORD] [--truststore-type TRUSTSTORE_TYPE] [--truststore T [...] + control.(sh|bat) [--host HOST_OR_IP] [--port PORT] [--user USER] [--password PASSWORD] [--ping-interval PING_INTERVAL] [--ping-timeout PING_TIMEOUT] [--verbose] [--ssl-protocol SSL_PROTOCOL[, SSL_PROTOCOL_2, ..., SSL_PROTOCOL_N]] [--ssl-cipher-suites SSL_CIPHER_1[, SSL_CIPHER_2, ..., SSL_CIPHER_N]] [--ssl-key-algorithm SSL_KEY_ALGORITHM] [--ssl-factory SSL_FACTORY_PATH] [--keystore-type KEYSTORE_TYPE] [--keystore KEYSTORE_PATH] [--keystore-password KEYSTORE_PASSWORD] [--truststore-type [...] This utility can do the following commands: