use of org.apache.geode.internal.security.SecurableCommunicationChannel in project geode by apache.
the class SSLConfigurationFactoryJUnitTest method getSSLConfigForComponentHTTPServiceWithMutualAuth.
@Test
public void getSSLConfigForComponentHTTPServiceWithMutualAuth() throws Exception {
Properties properties = new Properties();
properties.setProperty(SSL_ENABLED_COMPONENTS, SecurableCommunicationChannel.WEB.getConstant());
properties.setProperty(SSL_KEYSTORE, "someKeyStore");
properties.setProperty(SSL_KEYSTORE_PASSWORD, "keystorePassword");
properties.setProperty(SSL_KEYSTORE_TYPE, "JKS");
properties.setProperty(SSL_TRUSTSTORE, "someKeyStore");
properties.setProperty(SSL_TRUSTSTORE_PASSWORD, "keystorePassword");
properties.setProperty(SSL_DEFAULT_ALIAS, "defaultAlias");
properties.setProperty(SSL_WEB_ALIAS, "httpAlias");
properties.setProperty(SSL_WEB_SERVICE_REQUIRE_AUTHENTICATION, "true");
properties.setProperty(SSL_CIPHERS, "any");
properties.setProperty(SSL_PROTOCOLS, "any");
DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
SSLConfigurationFactory.setDistributionConfig(distributionConfig);
for (SecurableCommunicationChannel securableCommunicationChannel : SecurableCommunicationChannel.values()) {
assertSSLConfig(properties, SSLConfigurationFactory.getSSLConfigForComponent(securableCommunicationChannel), securableCommunicationChannel, distributionConfig);
}
}
use of org.apache.geode.internal.security.SecurableCommunicationChannel in project geode by apache.
the class SSLConfigurationFactory method createSSLConfigForComponent.
private SSLConfig createSSLConfigForComponent(final SecurableCommunicationChannel sslEnabledComponent) {
SSLConfig sslConfig = createSSLConfig(sslEnabledComponent);
SecurableCommunicationChannel[] sslEnabledComponents = getDistributionConfig().getSecurableCommunicationChannels();
if (sslEnabledComponents.length == 0) {
sslConfig = configureLegacyClusterSSL(sslConfig);
}
sslConfig.setSecurableCommunicationChannel(sslEnabledComponent);
switch(sslEnabledComponent) {
case ALL:
{
// Create a SSLConfig separate for HTTP Service. As the require-authentication might differ
createSSLConfigForComponent(SecurableCommunicationChannel.WEB);
break;
}
case CLUSTER:
{
if (sslEnabledComponents.length > 0) {
sslConfig = setAliasForComponent(sslConfig, getDistributionConfig().getClusterSSLAlias());
} else {
sslConfig = configureLegacyClusterSSL(sslConfig);
}
break;
}
case LOCATOR:
{
if (sslEnabledComponents.length > 0) {
sslConfig = setAliasForComponent(sslConfig, getDistributionConfig().getLocatorSSLAlias());
}
break;
}
case SERVER:
{
if (sslEnabledComponents.length > 0) {
sslConfig = setAliasForComponent(sslConfig, getDistributionConfig().getServerSSLAlias());
} else {
sslConfig = configureLegacyServerSSL(sslConfig);
}
break;
}
case GATEWAY:
{
if (sslEnabledComponents.length > 0) {
sslConfig = setAliasForComponent(sslConfig, getDistributionConfig().getGatewaySSLAlias());
} else {
sslConfig = configureLegacyGatewaySSL(sslConfig);
}
break;
}
case WEB:
{
if (sslEnabledComponents.length > 0) {
sslConfig = setAliasForComponent(sslConfig, getDistributionConfig().getHTTPServiceSSLAlias());
sslConfig.setRequireAuth(getDistributionConfig().getSSLWebRequireAuthentication());
} else {
sslConfig = configureLegacyHttpServiceSSL(sslConfig);
}
break;
}
case JMX:
{
if (sslEnabledComponents.length > 0) {
sslConfig = setAliasForComponent(sslConfig, getDistributionConfig().getJMXSSLAlias());
} else {
sslConfig = configureLegacyJMXSSL(sslConfig);
}
break;
}
}
configureSSLPropertiesFromSystemProperties(sslConfig);
return sslConfig;
}
use of org.apache.geode.internal.security.SecurableCommunicationChannel in project geode by apache.
the class AbstractConfig method commaDelimitedStringToSecurableCommunicationChannels.
private SecurableCommunicationChannel[] commaDelimitedStringToSecurableCommunicationChannels(final String tokenizeString) {
StringTokenizer stringTokenizer = new StringTokenizer(tokenizeString, ",");
SecurableCommunicationChannel[] returnArray = new SecurableCommunicationChannel[stringTokenizer.countTokens()];
for (int i = 0; i < returnArray.length; i++) {
String name = stringTokenizer.nextToken();
try {
returnArray[i] = SecurableCommunicationChannel.getEnum(name);
} catch (Exception e) {
throw new IllegalArgumentException(e);
}
}
return returnArray;
}
use of org.apache.geode.internal.security.SecurableCommunicationChannel in project geode by apache.
the class DistributionConfigImpl method validateSSLEnabledComponentsConfiguration.
private void validateSSLEnabledComponentsConfiguration() {
Object value = null;
try {
Method method = getters.get(ConfigurationProperties.SSL_ENABLED_COMPONENTS);
if (method != null) {
value = method.invoke(this, new Object[] {});
}
} catch (Exception e) {
if (e instanceof RuntimeException) {
throw (RuntimeException) e;
}
if (e.getCause() instanceof RuntimeException) {
throw (RuntimeException) e.getCause();
} else {
throw new InternalGemFireException("error invoking getter for property" + ConfigurationProperties.SSL_ENABLED_COMPONENTS);
}
}
SecurableCommunicationChannel[] sslEnabledComponents = (SecurableCommunicationChannel[]) value;
for (SecurableCommunicationChannel securableCommunicationChannel : sslEnabledComponents) {
if (!isAliasCorrectlyConfiguredForComponents(securableCommunicationChannel)) {
throw new IllegalArgumentException(LocalizedStrings.AbstractDistributionConfig_SSL_ENABLED_COMPONENTS_INVALID_ALIAS_OPTIONS.toLocalizedString());
}
}
}
use of org.apache.geode.internal.security.SecurableCommunicationChannel in project geode by apache.
the class SSLConfigurationFactoryJUnitTest method getSSLConfigForComponentALL.
@Test
public void getSSLConfigForComponentALL() throws Exception {
Properties properties = new Properties();
properties.setProperty(SSL_ENABLED_COMPONENTS, "all");
properties.setProperty(SSL_KEYSTORE, "someKeyStore");
properties.setProperty(SSL_KEYSTORE_PASSWORD, "keystorePassword");
properties.setProperty(SSL_KEYSTORE_TYPE, "JKS");
properties.setProperty(SSL_TRUSTSTORE, "someKeyStore");
properties.setProperty(SSL_TRUSTSTORE_PASSWORD, "keystorePassword");
properties.setProperty(SSL_DEFAULT_ALIAS, "defaultAlias");
properties.setProperty(SSL_CIPHERS, "any");
properties.setProperty(SSL_PROTOCOLS, "any");
DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
SSLConfigurationFactory.setDistributionConfig(distributionConfig);
for (SecurableCommunicationChannel securableCommunicationChannel : SecurableCommunicationChannel.values()) {
assertSSLConfig(properties, SSLConfigurationFactory.getSSLConfigForComponent(securableCommunicationChannel), securableCommunicationChannel, distributionConfig);
}
}
Aggregations