Examples with SslContextFactory org.apache.ignite.ssl.SslContextFactory used on opensource projects

Example 6 with SslContextFactory

use of org.apache.ignite.ssl.SslContextFactory in project ignite by apache.

the class PlatformConfigurationUtils method readSslContextFactory.

/**
 * Reads the SSL context factory.
 *
 * @param in Reader.
 * @return Config.
 */
private static SslContextFactory readSslContextFactory(BinaryRawReader in) {
    SslContextFactory f = new SslContextFactory();
    f.setKeyAlgorithm(in.readString());
    f.setKeyStoreType(in.readString());
    f.setKeyStoreFilePath(in.readString());
    String pwd = in.readString();
    if (pwd != null)
        f.setKeyStorePassword(pwd.toCharArray());
    f.setProtocol(in.readString());
    f.setTrustStoreType(in.readString());
    String path = in.readString();
    if (path != null)
        f.setTrustStoreFilePath(path);
    else
        f.setTrustManagers(SslContextFactory.getDisabledTrustManager());
    pwd = in.readString();
    if (pwd != null)
        f.setTrustStorePassword(pwd.toCharArray());
    return f;
}

Example 7 with SslContextFactory

use of org.apache.ignite.ssl.SslContextFactory in project ignite by apache.

the class JdbcThinSSLUtil method getSSLSocketFactory.

/**
 * @param connProps Connection properties.
 * @return SSL socket factory.
 * @throws SQLException On error.
 */
private static SSLSocketFactory getSSLSocketFactory(ConnectionProperties connProps) throws SQLException {
    String sslFactory = connProps.getSslFactory();
    String cipherSuites = connProps.getSslCipherSuites();
    String cliCertKeyStoreUrl = connProps.getSslClientCertificateKeyStoreUrl();
    String cliCertKeyStorePwd = connProps.getSslClientCertificateKeyStorePassword();
    String cliCertKeyStoreType = connProps.getSslClientCertificateKeyStoreType();
    String trustCertKeyStoreUrl = connProps.getSslTrustCertificateKeyStoreUrl();
    String trustCertKeyStorePwd = connProps.getSslTrustCertificateKeyStorePassword();
    String trustCertKeyStoreType = connProps.getSslTrustCertificateKeyStoreType();
    String sslProtocol = connProps.getSslProtocol();
    String keyAlgorithm = connProps.getSslKeyAlgorithm();
    if (!F.isEmpty(sslFactory)) {
        try {
            Class<Factory<SSLSocketFactory>> cls = (Class<Factory<SSLSocketFactory>>) JdbcThinSSLUtil.class.getClassLoader().loadClass(sslFactory);
            Factory<SSLSocketFactory> f = cls.newInstance();
            return f.create();
        } catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) {
            throw new SQLException("Could not fount SSL factory class: " + sslFactory, SqlStateCode.CLIENT_CONNECTION_FAILED, e);
        }
    }
    if (cliCertKeyStoreUrl == null && cliCertKeyStorePwd == null && cliCertKeyStoreType == null && trustCertKeyStoreUrl == null && trustCertKeyStorePwd == null && trustCertKeyStoreType == null && sslProtocol == null && cipherSuites == null) {
        try {
            return SSLContext.getDefault().getSocketFactory();
        } catch (NoSuchAlgorithmException e) {
            throw new SQLException("Could not create default SSL context", SqlStateCode.CLIENT_CONNECTION_FAILED, e);
        }
    }
    if (cliCertKeyStoreUrl == null)
        cliCertKeyStoreUrl = System.getProperty("javax.net.ssl.keyStore");
    if (cliCertKeyStorePwd == null)
        cliCertKeyStorePwd = System.getProperty("javax.net.ssl.keyStorePassword");
    if (cliCertKeyStoreType == null)
        cliCertKeyStoreType = System.getProperty("javax.net.ssl.keyStoreType", DFLT_STORE_TYPE);
    if (trustCertKeyStoreUrl == null)
        trustCertKeyStoreUrl = System.getProperty("javax.net.ssl.trustStore");
    if (trustCertKeyStorePwd == null)
        trustCertKeyStorePwd = System.getProperty("javax.net.ssl.trustStorePassword");
    if (trustCertKeyStoreType == null)
        trustCertKeyStoreType = System.getProperty("javax.net.ssl.trustStoreType", DFLT_STORE_TYPE);
    if (sslProtocol == null)
        sslProtocol = DFLT_SSL_PROTOCOL;
    if (keyAlgorithm == null)
        keyAlgorithm = DFLT_KEY_ALGORITHM;
    SslContextFactory f = new SslContextFactory();
    f.setProtocol(sslProtocol);
    f.setKeyAlgorithm(keyAlgorithm);
    f.setKeyStoreFilePath(cliCertKeyStoreUrl);
    f.setKeyStoreType(cliCertKeyStoreType);
    f.setKeyStorePassword((cliCertKeyStorePwd == null) ? EMPTY_CHARS : cliCertKeyStorePwd.toCharArray());
    if (connProps.isSslTrustAll())
        f.setTrustManagers(TRUST_ALL_MANAGER);
    else {
        f.setTrustStoreFilePath(trustCertKeyStoreUrl);
        f.setTrustStoreType(trustCertKeyStoreType);
        f.setTrustStorePassword((trustCertKeyStorePwd == null) ? EMPTY_CHARS : trustCertKeyStorePwd.toCharArray());
    }
    if (!F.isEmpty(cipherSuites))
        f.setCipherSuites(cipherSuites.split(","));
    try {
        final SSLContext sslContext = f.create();
        return sslContext.getSocketFactory();
    } catch (IgniteException e) {
        final Throwable cause = e.getCause();
        // Unwrap.
        if (cause instanceof SSLException)
            throw new SQLException(cause.getMessage(), SqlStateCode.CLIENT_CONNECTION_FAILED, e);
        else
            throw new SQLException("Unknown error.", SqlStateCode.CLIENT_CONNECTION_FAILED, e);
    }
}

Example 8 with SslContextFactory

use of org.apache.ignite.ssl.SslContextFactory in project ignite by apache.

the class SecurityTest method testEncryption.

/**
 * Test SSL/TLS encryption.
 */
@Test
public void testEncryption() throws Exception {
    // Server-side security configuration
    IgniteConfiguration srvCfg = Config.getServerConfiguration();
    SslContextFactory sslCfg = new SslContextFactory();
    Function<String, String> rsrcPath = rsrc -> Paths.get(IGNITE_HOME == null ? "." : IGNITE_HOME, "modules", "core", "src", "test", "resources", rsrc).toString();
    sslCfg.setKeyStoreFilePath(rsrcPath.apply("/server.jks"));
    sslCfg.setKeyStorePassword("123456".toCharArray());
    sslCfg.setTrustStoreFilePath(rsrcPath.apply("/trust.jks"));
    sslCfg.setTrustStorePassword("123456".toCharArray());
    srvCfg.setClientConnectorConfiguration(new ClientConnectorConfiguration().setSslEnabled(true).setSslClientAuth(true));
    srvCfg.setSslContextFactory(sslCfg);
    // Client-side security configuration
    ClientConfiguration clientCfg = new ClientConfiguration().setAddresses(Config.SERVER);
    try (Ignite ignored = Ignition.start(srvCfg)) {
        boolean failed;
        try (IgniteClient client = Ignition.startClient(clientCfg)) {
            client.<Integer, String>cache(Config.DEFAULT_CACHE_NAME).put(1, "1");
            failed = false;
        } catch (Exception ex) {
            failed = true;
        }
        assertTrue("Client connection without SSL must fail", failed);
        // Not using user-supplied SSL Context Factory:
        try (IgniteClient client = Ignition.startClient(clientCfg.setSslMode(SslMode.REQUIRED).setSslClientCertificateKeyStorePath(rsrcPath.apply("/client.jks")).setSslClientCertificateKeyStoreType(DFLT_STORE_TYPE).setSslClientCertificateKeyStorePassword("123456").setSslTrustCertificateKeyStorePath(rsrcPath.apply("/trust.jks")).setSslTrustCertificateKeyStoreType(DFLT_STORE_TYPE).setSslTrustCertificateKeyStorePassword("123456").setSslKeyAlgorithm(DFLT_KEY_ALGORITHM).setSslTrustAll(false).setSslProtocol(SslProtocol.TLS))) {
            client.<Integer, String>cache(Config.DEFAULT_CACHE_NAME).put(1, "1");
        }
        // Using user-supplied SSL Context Factory
        try (IgniteClient client = Ignition.startClient(clientCfg.setSslMode(SslMode.REQUIRED).setSslContextFactory(sslCfg))) {
            client.<Integer, String>cache(Config.DEFAULT_CACHE_NAME).put(1, "1");
        }
    }
}

Example 9 with SslContextFactory

use of org.apache.ignite.ssl.SslContextFactory in project ignite by apache.

the class CommonSecurityCheckTest method getConfiguration.

/**
 * @param instanceName Instance name.
 */
@Override
protected IgniteConfiguration getConfiguration(String instanceName) throws Exception {
    IgniteConfiguration cfg = super.getConfiguration(instanceName);
    cfg.setActiveOnStart(false);
    boolean isClient = instanceName.endsWith("2");
    String name = isClient ? "client_" + instanceName : "srv_" + instanceName;
    cfg.setPluginProviders(getPluginProvider(name));
    SslContextFactory sslFactory = (SslContextFactory) GridTestUtils.sslFactory();
    cfg.setSslContextFactory(sslFactory);
    cfg.setConnectorConfiguration(new ConnectorConfiguration().setSslEnabled(true).setSslClientAuth(true).setSslClientAuth(true).setSslFactory(sslFactory));
    cfg.setClientConnectorConfiguration(new ClientConnectorConfiguration().setSslEnabled(true).setSslClientAuth(true).setUseIgniteSslContextFactory(false).setSslContextFactory(sslFactory));
    if (instanceName.endsWith("0"))
        cfg.setGridLogger(listeningLog);
    if (isClient)
        cfg.setClientMode(true);
    if (!fail) {
        Map<String, String> attrs = new UserAttributesFactory().create();
        cfg.setUserAttributes(attrs);
    }
    return cfg;
}

Example 10 with SslContextFactory

use of org.apache.ignite.ssl.SslContextFactory in project ignite by apache.

the class GridTestUtils method sslTrustedFactory.

/**
 * Creates test-purposed SSL context factory from specified key store and trust store.
 *
 * @param keyStore Key store name.
 * @param trustStore Trust store name.
 * @return SSL context factory used in test.
 */
public static Factory<SSLContext> sslTrustedFactory(String keyStore, String trustStore) {
    SslContextFactory factory = new SslContextFactory();
    factory.setKeyStoreFilePath(keyStorePath(keyStore));
    factory.setKeyStorePassword(keyStorePassword().toCharArray());
    factory.setTrustStoreFilePath(keyStorePath(trustStore));
    factory.setTrustStorePassword(keyStorePassword().toCharArray());
    return factory;
}