Example 1 with GfeConsoleReader
use of org.apache.geode.internal.GfeConsoleReaderFactory.GfeConsoleReader in project geode by apache.
the class SocketCreator method getKeyManagers.
private KeyManager[] getKeyManagers() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
GfeConsoleReader consoleReader = GfeConsoleReaderFactory.getDefaultConsoleReader();
KeyManager[] keyManagers = null;
String keyStoreType = sslConfig.getKeystoreType();
if (StringUtils.isEmpty(keyStoreType)) {
// read from console, default on empty
if (consoleReader.isSupported()) {
keyStoreType = consoleReader.readLine("Please enter the keyStoreType (javax.net.ssl.keyStoreType) : ");
} else {
keyStoreType = KeyStore.getDefaultType();
}
}
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
String keyStoreFilePath = sslConfig.getKeystore();
if (StringUtils.isEmpty(keyStoreFilePath)) {
if (consoleReader.isSupported()) {
keyStoreFilePath = consoleReader.readLine("Please enter the keyStore location (javax.net.ssl.keyStore) : ");
} else {
keyStoreFilePath = System.getProperty("user.home") + System.getProperty("file.separator") + ".keystore";
}
}
FileInputStream fileInputStream = new FileInputStream(keyStoreFilePath);
String passwordString = sslConfig.getKeystorePassword();
char[] password = null;
if (passwordString != null) {
if (passwordString.trim().equals("")) {
String encryptedPass = System.getenv("javax.net.ssl.keyStorePassword");
if (!StringUtils.isEmpty(encryptedPass)) {
String toDecrypt = "encrypted(" + encryptedPass + ")";
passwordString = PasswordUtil.decrypt(toDecrypt);
password = passwordString.toCharArray();
}
// read from the console
if (StringUtils.isEmpty(passwordString) && consoleReader != null) {
password = consoleReader.readPassword("Please enter password for keyStore (javax.net.ssl.keyStorePassword) : ");
}
} else {
password = passwordString.toCharArray();
}
}
keyStore.load(fileInputStream, password);
// default algorithm can be changed by setting property "ssl.KeyManagerFactory.algorithm" in
// security properties
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, password);
keyManagers = keyManagerFactory.getKeyManagers();
// follow the security tip in java doc
if (password != null) {
java.util.Arrays.fill(password, ' ');
}
KeyManager[] extendedKeyManagers = new KeyManager[keyManagers.length];
for (int i = 0; i < keyManagers.length; i++) {
extendedKeyManagers[i] = new ExtendedAliasKeyManager(keyManagers[i], sslConfig.getAlias());
}
return extendedKeyManagers;
}
Also used :
GfeConsoleReader(org.apache.geode.internal.GfeConsoleReaderFactory.GfeConsoleReader)
KeyManager(javax.net.ssl.KeyManager)
X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
Example 2 with GfeConsoleReader
use of org.apache.geode.internal.GfeConsoleReaderFactory.GfeConsoleReader in project geode by apache.
the class SocketCreator method getTrustManagers.
private TrustManager[] getTrustManagers() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
TrustManager[] trustManagers = null;
GfeConsoleReader consoleReader = GfeConsoleReaderFactory.getDefaultConsoleReader();
String trustStoreType = sslConfig.getTruststoreType();
if (StringUtils.isEmpty(trustStoreType)) {
// read from console, default on empty
if (consoleReader.isSupported()) {
trustStoreType = consoleReader.readLine("Please enter the trustStoreType (javax.net.ssl.trustStoreType) : ");
} else {
trustStoreType = KeyStore.getDefaultType();
}
}
KeyStore ts = KeyStore.getInstance(trustStoreType);
String trustStorePath = sslConfig.getTruststore();
if (StringUtils.isEmpty(trustStorePath)) {
if (consoleReader.isSupported()) {
trustStorePath = consoleReader.readLine("Please enter the trustStore location (javax.net.ssl.trustStore) : ");
}
}
FileInputStream fis = new FileInputStream(trustStorePath);
String passwordString = sslConfig.getTruststorePassword();
char[] password = null;
if (passwordString != null) {
if (passwordString.trim().equals("")) {
if (!StringUtils.isEmpty(passwordString)) {
String toDecrypt = "encrypted(" + passwordString + ")";
passwordString = PasswordUtil.decrypt(toDecrypt);
password = passwordString.toCharArray();
}
// read from the console
if (StringUtils.isEmpty(passwordString) && consoleReader.isSupported()) {
password = consoleReader.readPassword("Please enter password for trustStore (javax.net.ssl.trustStorePassword) : ");
}
} else {
password = passwordString.toCharArray();
}
}
ts.load(fis, password);
// default algorithm can be changed by setting property "ssl.TrustManagerFactory.algorithm" in
// security properties
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ts);
trustManagers = tmf.getTrustManagers();
// follow the security tip in java doc
if (password != null) {
java.util.Arrays.fill(password, ' ');
}
return trustManagers;
}
Also used :
GfeConsoleReader(org.apache.geode.internal.GfeConsoleReaderFactory.GfeConsoleReader)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
KeyStore(java.security.KeyStore)
FileInputStream(java.io.FileInputStream)
TrustManager(javax.net.ssl.TrustManager)
Example 3 with GfeConsoleReader
use of org.apache.geode.internal.GfeConsoleReaderFactory.GfeConsoleReader in project geode by apache.
the class SocketCreator method readSSLProperties.
/**
* Used to read the properties from console. AgentLauncher calls this method directly & ignores
* gemfire.properties. CacheServerLauncher and SystemAdmin call this through
* {@link #readSSLProperties(Map)} and do NOT ignore gemfire.properties.
*
* @param env Map in which the properties are to be read from console.
* @param ignoreGemFirePropsFile if <code>false</code> existing gemfire.properties file is read,
* if <code>true</code>, properties from gemfire.properties file are ignored.
*/
public static void readSSLProperties(Map<String, String> env, boolean ignoreGemFirePropsFile) {
Properties props = new Properties();
DistributionConfigImpl.loadGemFireProperties(props, ignoreGemFirePropsFile);
for (Object entry : props.entrySet()) {
Map.Entry<String, String> ent = (Map.Entry<String, String>) entry;
// if the value of ssl props is empty, read them from console
if (ent.getKey().startsWith(DistributionConfig.SSL_SYSTEM_PROPS_NAME) || ent.getKey().startsWith(DistributionConfig.SYS_PROP_NAME)) {
String key = ent.getKey();
if (key.startsWith(DistributionConfig.SYS_PROP_NAME)) {
key = key.substring(DistributionConfig.SYS_PROP_NAME.length());
}
if (ent.getValue() == null || ent.getValue().trim().equals("")) {
GfeConsoleReader consoleReader = GfeConsoleReaderFactory.getDefaultConsoleReader();
if (!consoleReader.isSupported()) {
throw new GemFireConfigException("SSL properties are empty, but a console is not available");
}
if (key.toLowerCase().contains("password")) {
char[] password = consoleReader.readPassword("Please enter " + key + ": ");
env.put(key, PasswordUtil.encrypt(new String(password), false));
} else {
String val = consoleReader.readLine("Please enter " + key + ": ");
env.put(key, val);
}
}
}
}
}
Also used :
GfeConsoleReader(org.apache.geode.internal.GfeConsoleReaderFactory.GfeConsoleReader)
GemFireConfigException(org.apache.geode.GemFireConfigException)
Properties(java.util.Properties)
Map(java.util.Map)
HashMap(java.util.HashMap)
Aggregations
GfeConsoleReader (org.apache.geode.internal.GfeConsoleReaderFactory.GfeConsoleReader)3
FileInputStream (java.io.FileInputStream)2
KeyStore (java.security.KeyStore)2
HashMap (java.util.HashMap)1
Map (java.util.Map)1
Properties (java.util.Properties)1
KeyManager (javax.net.ssl.KeyManager)1
KeyManagerFactory (javax.net.ssl.KeyManagerFactory)1
TrustManager (javax.net.ssl.TrustManager)1
TrustManagerFactory (javax.net.ssl.TrustManagerFactory)1
X509ExtendedKeyManager (javax.net.ssl.X509ExtendedKeyManager)1
GemFireConfigException (org.apache.geode.GemFireConfigException)1
