[incubator-servicecomb-saga] branch master updated (877a278 -> 49cf51b)
This is an automated email from the ASF dual-hosted git repository. ningjiang pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/incubator-servicecomb-saga.git. from 877a278 SCB-571 reformate the code of omega-transport-dubbo new 20382b8 SCB-569 Add document for enabling SSL new 49cf51b SCB-569 Add reference of enabling SSL in user guide The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: docs/enable_ssl.md | 87 ++ docs/user_guide.md | 4 +++ 2 files changed, 91 insertions(+) create mode 100644 docs/enable_ssl.md -- To stop receiving notification emails like this one, please contact ningji...@apache.org.
[incubator-servicecomb-saga] 01/02: SCB-569 Add document for enabling SSL
This is an automated email from the ASF dual-hosted git repository. ningjiang pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/incubator-servicecomb-saga.git commit 20382b88ef782a7d8f2db52c1e5531824da3556c Author: Yang BoAuthorDate: Wed May 9 15:45:20 2018 +0800 SCB-569 Add document for enabling SSL --- docs/enable_ssl.md | 87 ++ 1 file changed, 87 insertions(+) diff --git a/docs/enable_ssl.md b/docs/enable_ssl.md new file mode 100644 index 000..759ccb0 --- /dev/null +++ b/docs/enable_ssl.md @@ -0,0 +1,87 @@ +# Enable TLS for omega-alpha communication + +Saga now supports TLS for communication between omega and alpha server. Client side authentication(Mutual authentication) is also supported. + +## Prepare Certificates + +You can use the following commands to generate self-signed certificates for testing. + +The client certificates is only needed if you want to use mutual authentication. + + +``` +# Changes these CN's to match your hosts in your environment if needed. +SERVER_CN=localhost +CLIENT_CN=localhost # Used when doing mutual TLS + +echo Generate CA key: +openssl genrsa -passout pass: -des3 -out ca.key 4096 +echo Generate CA certificate: +# Generates ca.crt which is the trustCertCollectionFile +openssl req -passin pass: -new -x509 -days 365 -key ca.key -out ca.crt -subj "/CN=${SERVER_CN}" +echo Generate server key: +openssl genrsa -passout pass: -des3 -out server.key 4096 +echo Generate server signing request: +openssl req -passin pass: -new -key server.key -out server.csr -subj "/CN=${SERVER_CN}" +echo Self-signed server certificate: +# Generates server.crt which is the certChainFile for the server +openssl x509 -req -passin pass: -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt +echo Remove passphrase from server key: +openssl rsa -passin pass: -in server.key -out server.key +echo Generate client key +openssl genrsa -passout pass: -des3 -out client.key 4096 +echo Generate client signing request: +openssl req -passin pass: -new -key client.key -out client.csr -subj "/CN=${CLIENT_CN}" +echo Self-signed client certificate: +# Generates client.crt which is the clientCertChainFile for the client (need for mutual TLS only) +openssl x509 -passin pass: -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt +echo Remove passphrase from client key: +openssl rsa -passin pass: -in client.key -out client.key +echo Converting the private keys to X.509: +# Generates client.pem which is the clientPrivateKeyFile for the Client (needed for mutual TLS only) +openssl pkcs8 -topk8 -nocrypt -in client.key -out client.pem +# Generates server.pem which is the privateKeyFile for the Server +openssl pkcs8 -topk8 -nocrypt -in server.key -out server.pem +``` + +## Enable TLS for Alpha Server + +1. Edit the application.yaml file for alpha-server, add the ssl configuration under the `alpha.server` section. + +``` +alpha: + server: +ssl: + enable: true + cert: server.crt + key: server.pem + mutualAuth: true + clientCert: client.crt +``` + +2. Put the server.crt and server.pem files under the root directory of the alpha-server. If you want to use mutual authentication, Merge all the client certificates into one file client.crt, then put the client.crt under the root directory. + +3. Restart alpha-server. + + +## Enable TLS for Omega + +1. Get the CA certificate chain, you may need to merge multiple CA certificates into one file if you are running alpha server in cluster. + +2. Edit the application.yaml file for the client application, add the ssl configuration under the `alpha.cluster` section. + +``` +alpha: + cluster: +address: alpha-server.servicecomb.io:8080 +ssl: + enable: false + certChain: ca.crt + mutualAuth: false + cert: client.crt + key: client.pem +``` +3. Put the ca.crt file under the client application root directory. If you want to use mutual authentication, also put the client.crt and client.pem under the root directory. + +4. Restart the client application. + -- To stop receiving notification emails like this one, please contact ningji...@apache.org.
[incubator-servicecomb-java-chassis] 02/03: [SCB-532] support create recursive dependency class
This is an automated email from the ASF dual-hosted git repository. wujimin pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/incubator-servicecomb-java-chassis.git commit ca7e837dec761c5a7729f47148f3696d887f2d9d Author: wujiminAuthorDate: Thu May 10 15:47:55 2018 +0800 [SCB-532] support create recursive dependency class --- .../swagger/converter/AbstractConverter.java | 7 +-- .../swagger/converter/SwaggerToClassGenerator.java | 34 .../converter/model/ModelImplConverter.java| 27 +++--- .../converter/property/ArrayPropertyConverter.java | 3 +- .../converter/model/TestModelImplConverter.java| 4 +- .../TestSwaggerToClassGenerator_base.java | 55 +++ .../TestSwaggerToClassGenerator_create.java| 61 + .../TestSwaggerToClassGenerator_reuse.java | 63 ++ .../swaggerToClassGenerator/ToClassSchema.java | 42 +++ .../swaggerToClassGenerator/model/DependTypeA.java | 29 ++ .../swaggerToClassGenerator/model/DependTypeB.java | 29 ++ .../swaggerToClassGenerator/model/Generic.java | 39 ++ .../model/RecursiveSelfType.java | 29 ++ 13 files changed, 409 insertions(+), 13 deletions(-) diff --git a/swagger/swagger-generator/generator-core/src/main/java/org/apache/servicecomb/swagger/converter/AbstractConverter.java b/swagger/swagger-generator/generator-core/src/main/java/org/apache/servicecomb/swagger/converter/AbstractConverter.java index f23f8da..fbd9e48 100644 --- a/swagger/swagger-generator/generator-core/src/main/java/org/apache/servicecomb/swagger/converter/AbstractConverter.java +++ b/swagger/swagger-generator/generator-core/src/main/java/org/apache/servicecomb/swagger/converter/AbstractConverter.java @@ -41,9 +41,10 @@ public abstract class AbstractConverter implements Converter { Map vendorExtensions = findVendorExtensions(def); String canonical = ClassUtils.getClassName(vendorExtensions); if (!StringUtils.isEmpty(canonical)) { - Class clsResult = ClassUtils.getClassByName(swaggerToClassGenerator.getClassLoader(), canonical); - if (clsResult != null) { -return typeFactory.constructType(clsResult); + try { +return swaggerToClassGenerator.getTypeFactory().constructFromCanonical(canonical); + } catch (Throwable e) { +// ignore this } } diff --git a/swagger/swagger-generator/generator-core/src/main/java/org/apache/servicecomb/swagger/converter/SwaggerToClassGenerator.java b/swagger/swagger-generator/generator-core/src/main/java/org/apache/servicecomb/swagger/converter/SwaggerToClassGenerator.java index 3205c02..1db2db3 100644 --- a/swagger/swagger-generator/generator-core/src/main/java/org/apache/servicecomb/swagger/converter/SwaggerToClassGenerator.java +++ b/swagger/swagger-generator/generator-core/src/main/java/org/apache/servicecomb/swagger/converter/SwaggerToClassGenerator.java @@ -22,6 +22,7 @@ import java.util.Map; import java.util.Map.Entry; import org.apache.servicecomb.common.javassist.ClassConfig; +import org.apache.servicecomb.common.javassist.CtTypeJavaType; import org.apache.servicecomb.common.javassist.JavassistUtils; import org.apache.servicecomb.common.javassist.MethodConfig; import org.apache.servicecomb.swagger.generator.core.SwaggerConst; @@ -39,6 +40,8 @@ import io.swagger.models.Response; import io.swagger.models.Swagger; import io.swagger.models.parameters.Parameter; import io.swagger.models.properties.Property; +import javassist.ClassPool; +import javassist.CtClass; /** * generate interface from swagger @@ -85,6 +88,8 @@ public class SwaggerToClassGenerator { private TypeFactory typeFactory; + private ClassPool classPool; + // key is swagger model or property @VisibleForTesting protected Map
[incubator-servicecomb-java-chassis] branch master updated (5c29a7c -> 2f8de34)
This is an automated email from the ASF dual-hosted git repository. wujimin pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/incubator-servicecomb-java-chassis.git. from 5c29a7c [scb-533] swagger model switch to new JavassistUtils new dac247e [SCB-532] convert CtClass to fake JavaType, and JavassistUtils extract return CtClass method new ca7e837 [SCB-532] support create recursive dependency class new 2f8de34 [SCB-532] add test case in edge demo The 3 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../servicecomb/common/javassist/CtType.java | 12 + .../{ParameterConfig.java => CtTypeJavaType.java} | 33 .../common/javassist/JavassistUtils.java | 45 ++-- .../servicecomb/common/javassist/TestCtType.java | 25 + .../common/javassist/TestCtTypeJavaType.java | 28 ++ .../servicecomb/demo/edge/business/Impl.java | 13 + .../servicecomb/demo/edge/consumer/Consumer.java | 41 +- .../servicecomb/demo/edge/model/DependTypeA.java | 15 +++--- .../{AppClientDataRsp.java => DependTypeB.java}| 24 + ...ppClientDataRsp.java => RecursiveSelfType.java} | 24 + .../swagger/converter/AbstractConverter.java | 7 +-- .../swagger/converter/SwaggerToClassGenerator.java | 34 .../converter/model/ModelImplConverter.java| 27 +++--- .../converter/property/ArrayPropertyConverter.java | 3 +- .../converter/model/TestModelImplConverter.java| 4 +- .../TestSwaggerToClassGenerator_base.java | 55 +++ .../TestSwaggerToClassGenerator_create.java| 61 + .../TestSwaggerToClassGenerator_reuse.java | 63 ++ .../swaggerToClassGenerator/ToClassSchema.java | 26 ++--- .../swaggerToClassGenerator/model/DependTypeA.java | 15 +++--- .../swaggerToClassGenerator/model/DependTypeB.java | 15 +++--- .../swaggerToClassGenerator/model/Generic.java | 23 .../model/RecursiveSelfType.java | 15 +++--- 23 files changed, 499 insertions(+), 109 deletions(-) copy common/common-javassist/src/main/java/org/apache/servicecomb/common/javassist/{ParameterConfig.java => CtTypeJavaType.java} (61%) copy swagger/swagger-generator/generator-core/src/test/java/org/apache/servicecomb/swagger/extend/TestModelResolverExt.java => common/common-javassist/src/test/java/org/apache/servicecomb/common/javassist/TestCtTypeJavaType.java (56%) copy core/src/test/java/org/apache/servicecomb/core/provider/Person.java => demo/demo-edge/model/src/main/java/org/apache/servicecomb/demo/edge/model/DependTypeA.java (80%) copy demo/demo-edge/model/src/main/java/org/apache/servicecomb/demo/edge/model/{AppClientDataRsp.java => DependTypeB.java} (75%) copy demo/demo-edge/model/src/main/java/org/apache/servicecomb/demo/edge/model/{AppClientDataRsp.java => RecursiveSelfType.java} (72%) create mode 100644 swagger/swagger-generator/generator-springmvc/src/test/java/org/apache/servicecomb/swagger/converter/swaggerToClassGenerator/TestSwaggerToClassGenerator_base.java create mode 100644 swagger/swagger-generator/generator-springmvc/src/test/java/org/apache/servicecomb/swagger/converter/swaggerToClassGenerator/TestSwaggerToClassGenerator_create.java create mode 100644 swagger/swagger-generator/generator-springmvc/src/test/java/org/apache/servicecomb/swagger/converter/swaggerToClassGenerator/TestSwaggerToClassGenerator_reuse.java copy archetypes/business-service-springmvc/src/main/resources/archetype-resources/src/main/java/HelloImpl.java => swagger/swagger-generator/generator-springmvc/src/test/java/org/apache/servicecomb/swagger/converter/swaggerToClassGenerator/ToClassSchema.java (58%) copy core/src/test/java/org/apache/servicecomb/core/provider/Person.java => swagger/swagger-generator/generator-springmvc/src/test/java/org/apache/servicecomb/swagger/converter/swaggerToClassGenerator/model/DependTypeA.java (78%) copy core/src/test/java/org/apache/servicecomb/core/provider/Person.java => swagger/swagger-generator/generator-springmvc/src/test/java/org/apache/servicecomb/swagger/converter/swaggerToClassGenerator/model/DependTypeB.java (78%) copy common/common-protobuf/src/test/java/io/protostuff/runtime/model/User.java => swagger/swagger-generator/generator-springmvc/src/test/java/org/apache/servicecomb/swagger/converter/swaggerToClassGenerator/model/Generic.java (72%) copy core/src/test/java/org/apache/servicecomb/core/provider/Person.java => swagger/swagger-generator/generator-springmvc/src/test/java/org/apache/servicecomb/swagger/converter/swaggerToClassGenerator/model/RecursiveSelfType.java (74%) -- To stop receiving
[incubator-servicecomb-java-chassis] 01/03: [SCB-532] convert CtClass to fake JavaType, and JavassistUtils extract return CtClass method
This is an automated email from the ASF dual-hosted git repository. wujimin pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/incubator-servicecomb-java-chassis.git commit dac247e48329d07ab7cd6c43da600145704c98ca Author: wujiminAuthorDate: Thu May 10 15:24:33 2018 +0800 [SCB-532] convert CtClass to fake JavaType, and JavassistUtils extract return CtClass method --- .../servicecomb/common/javassist/CtType.java | 12 + .../common/javassist/CtTypeJavaType.java | 52 ++ .../common/javassist/JavassistUtils.java | 45 +-- .../servicecomb/common/javassist/TestCtType.java | 25 +++ .../common/javassist/TestCtTypeJavaType.java | 48 5 files changed, 178 insertions(+), 4 deletions(-) diff --git a/common/common-javassist/src/main/java/org/apache/servicecomb/common/javassist/CtType.java b/common/common-javassist/src/main/java/org/apache/servicecomb/common/javassist/CtType.java index d0da1e0..4c53818 100644 --- a/common/common-javassist/src/main/java/org/apache/servicecomb/common/javassist/CtType.java +++ b/common/common-javassist/src/main/java/org/apache/servicecomb/common/javassist/CtType.java @@ -22,6 +22,7 @@ import javassist.ClassPool; import javassist.CtClass; import javassist.CtPrimitiveType; import javassist.NotFoundException; +import javassist.bytecode.SignatureAttribute.ClassType; public class CtType { private static final ClassPool PRIMITIVE_CLASSPOOL = JavassistUtils.getOrCreateClassPool(int.class.getClassLoader()); @@ -32,11 +33,22 @@ public class CtType { private String genericSignature; + public CtType(CtClass ctClass) { +ClassType classType = new ClassType(ctClass.getName(), null); +init(ctClass, false, classType.encode()); + } + public CtType(CtClass ctClass, boolean hasGenericTypes, String genericSignature) { init(ctClass, hasGenericTypes, genericSignature); } public CtType(JavaType javaType) { +if (CtTypeJavaType.class.isInstance(javaType)) { + CtType ctType = ((CtTypeJavaType) javaType).getType(); + init(ctType.ctClass, ctType.hasGenericTypes, ctType.genericSignature); + return; +} + ClassLoader classLoader = javaType.getRawClass().getClassLoader(); try { ClassPool classPool = JavassistUtils.getOrCreateClassPool(classLoader); diff --git a/common/common-javassist/src/main/java/org/apache/servicecomb/common/javassist/CtTypeJavaType.java b/common/common-javassist/src/main/java/org/apache/servicecomb/common/javassist/CtTypeJavaType.java new file mode 100644 index 000..6e03bd9 --- /dev/null +++ b/common/common-javassist/src/main/java/org/apache/servicecomb/common/javassist/CtTypeJavaType.java @@ -0,0 +1,52 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.servicecomb.common.javassist; + +import com.fasterxml.jackson.databind.type.SimpleType; + +/** + * just a wrapper for CtType + * pending create class from CtClass to support recursive dependency class + */ +public class CtTypeJavaType extends SimpleType { + private CtType type; + + public CtTypeJavaType(CtType type) { +super(CtTypeJavaType.class); +this.type = type; + } + + public CtType getType() { +return type; + } + + @Override + protected String buildCanonicalName() { +return type.getCtClass().getName(); + } + + @Override + public String getGenericSignature() { +return type.getGenericSignature(); + } + + + @Override + public StringBuilder getGenericSignature(StringBuilder sb) { +return sb.append(type.getGenericSignature()); + } +} diff --git a/common/common-javassist/src/main/java/org/apache/servicecomb/common/javassist/JavassistUtils.java b/common/common-javassist/src/main/java/org/apache/servicecomb/common/javassist/JavassistUtils.java index 025ea94..66bb661 100644 --- a/common/common-javassist/src/main/java/org/apache/servicecomb/common/javassist/JavassistUtils.java +++ b/common/common-javassist/src/main/java/org/apache/servicecomb/common/javassist/JavassistUtils.java @@ -139,7 +139,7 @@ public final class JavassistUtils { return createClass(null, config); }
[incubator-servicecomb-saga] 02/02: SCB-569 Add reference of enabling SSL in user guide
This is an automated email from the ASF dual-hosted git repository. ningjiang pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/incubator-servicecomb-saga.git commit 49cf51b1ad599d706e86b18dace9e23e85f91dd5 Author: Yang BoAuthorDate: Thu May 10 17:52:16 2018 +0800 SCB-569 Add reference of enabling SSL in user guide --- docs/user_guide.md | 4 1 file changed, 4 insertions(+) diff --git a/docs/user_guide.md b/docs/user_guide.md index 4e244d3..58a2b2b 100644 --- a/docs/user_guide.md +++ b/docs/user_guide.md @@ -127,3 +127,7 @@ Take a transfer money application as an example: ``` Then you can start your micro-services and access all saga events via http://${alpha-server:port}/events. + +## Enable SSL for Alpha and Omega + +See [Enabling SSL](enable_ssl.md) for details. -- To stop receiving notification emails like this one, please contact ningji...@apache.org.