geode-core/src/main/java/org/apache/geode/internal/net/SSLConfig.java - geode - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
  * agreements. See the NOTICE file distributed with this work for additional information regarding
  * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance with the License. You may obtain a
  * copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License
  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
  * or implied. See the License for the specific language governing permissions and limitations under
  * the License.
  */
 package org.apache.geode.internal.net;

 import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_CIPHERS;
 import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_ENABLED;
 import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_PROTOCOLS;
 import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_REQUIRE_AUTHENTICATION;

 import java.security.KeyStore;
 import java.util.Iterator;
 import java.util.Properties;

 import org.apache.commons.lang3.StringUtils;

 import org.apache.geode.annotations.Immutable;
 import org.apache.geode.distributed.internal.DistributionConfig;
 import org.apache.geode.distributed.internal.InternalDistributedSystem;
 import org.apache.geode.internal.security.CallbackInstantiator;
 import org.apache.geode.internal.security.SecurableCommunicationChannel;
 import org.apache.geode.net.SSLParameterExtension;
 import org.apache.geode.net.internal.SSLParameterExtensionContextImpl;

 /**
  * The SSL configuration settings for a GemFire distributed system.
  *
  * This class is immutable and the way to construct it is by means of the
  * {@link SSLConfig.Builder} class.
  */
 @Immutable
 public class SSLConfig {

   private final boolean endpointIdentification;
   private final boolean useDefaultSSLContext;
   private final boolean enabled;
   private final String protocols;
   private final String ciphers;
   private final boolean requireAuth;
   private final String keystore;
   private final String keystoreType;
   private final String keystorePassword;
   private final String truststore;
   private final String truststorePassword;
   private final String truststoreType;
   private final String alias;
   @Immutable
   private final SecurableCommunicationChannel securableCommunicationChannel;

   /**
    * SSL implementation-specific key-value pairs. Each key should be prefixed with
    * <code>javax.net.ssl.</code>
    */
   @Immutable
   private final Properties properties;

   @Immutable
   private final SSLParameterExtension sslParameterExtension;

   private SSLConfig(boolean endpointIdentification,
       boolean useDefaultSSLContext,
       boolean enabled,
       String protocols,
       String ciphers,
       boolean requireAuth,
       String keystore,
       String keystoreType,
       String keystorePassword,
       String truststore,
       String truststorePassword,
       String truststoreType,
       String alias,
       SecurableCommunicationChannel securableCommunicationChannel,
       Properties properties,
       SSLParameterExtension sslParameterExtension) {
     this.endpointIdentification = endpointIdentification;
     this.useDefaultSSLContext = useDefaultSSLContext;
     this.enabled = enabled;
     this.protocols = protocols;
     this.ciphers = ciphers;
     this.requireAuth = requireAuth;
     this.keystore = keystore;
     this.keystoreType = keystoreType;
     this.keystorePassword = keystorePassword;
     this.truststore = truststore;
     this.truststorePassword = truststorePassword;
     this.truststoreType = truststoreType;
     this.alias = alias;
     this.securableCommunicationChannel = securableCommunicationChannel;
     this.properties = properties;
     this.sslParameterExtension = sslParameterExtension;
   }

   public String getAlias() {
     return alias;
   }

   public boolean doEndpointIdentification() {
     return this.endpointIdentification;
   }

   public String getKeystore() {
     return keystore;
   }

   public String getKeystorePassword() {
     return keystorePassword;
   }

   public String getKeystoreType() {
     return keystoreType;
   }

   public String getTruststore() {
     return truststore;
   }

   public String getTruststorePassword() {
     return truststorePassword;
   }

   public boolean isEnabled() {
     return this.enabled;
   }

   public boolean useDefaultSSLContext() {
     return this.useDefaultSSLContext;
   }

   public String getProtocols() {
     return this.protocols;
   }

   public String[] getProtocolsAsStringArray() {
     return SSLUtil.readArray(this.protocols);
   }

   public String getCiphers() {
     return this.ciphers;
   }

   public String[] getCiphersAsStringArray() {
     return SSLUtil.readArray(this.ciphers);
   }

   public boolean isRequireAuth() {
     return this.requireAuth;
   }

   public String getTruststoreType() {
     return truststoreType;
   }

   public Properties getProperties() {
     return this.properties;
   }

   public SecurableCommunicationChannel getSecuredCommunicationChannel() {
     return securableCommunicationChannel;
   }

   public SSLParameterExtension getSSLParameterExtension() {
     return sslParameterExtension;
   }

   @Override
   public String toString() {
     return "SSLConfig{" + "enabled=" + enabled + ", protocols='" + protocols + '\'' + ", ciphers='"
         + ciphers + '\'' + ", requireAuth=" + requireAuth + ", keystore='" + keystore + '\''
         + ", keystoreType='" + keystoreType + '\'' + ", keystorePassword='" + keystorePassword
         + '\'' + ", truststore='" + truststore + '\'' + ", truststorePassword='"
         + truststorePassword + '\'' + ", truststoreType='" + truststoreType + '\'' + ", alias='"
         + alias + '\'' + ", securableCommunicationChannel=" + securableCommunicationChannel
         + ", properties=" + properties + '\'' + ", sslParameterExtension=" + sslParameterExtension
         + '}';
   }

   /**
    * Populates a <code>Properties</code> object with the SSL-related configuration information used
    * by {@link org.apache.geode.distributed.DistributedSystem#connect}.
    *
    * @since GemFire 4.0
    */
   public void toDSProperties(Properties props) {
     props.setProperty(CLUSTER_SSL_ENABLED, String.valueOf(this.enabled));

     if (this.enabled) {
       props.setProperty(CLUSTER_SSL_PROTOCOLS, this.protocols);
       props.setProperty(CLUSTER_SSL_CIPHERS, this.ciphers);
       props.setProperty(CLUSTER_SSL_REQUIRE_AUTHENTICATION, String.valueOf(this.requireAuth));
     }
   }

   /**
    * Builder class to be used to construct SSLConfig instances.
    * In order to build an {@link SSLConfig} instance an instance of this
    * class must be created, then the corresponding setter methods invoked
    * and finally the build() method that returns the {@link SSLConfig} instance
    *
    * Example:
    * SSLConfig sslConfInstance = new SSLConfig.Builder()
    * .setAlias(alias)
    * .setKeystore(keystore)
    * ...
    * .build();
    *
    */
   public static class Builder {
     private boolean endpointIdentification;
     private boolean useDefaultSSLContext = DistributionConfig.DEFAULT_SSL_USE_DEFAULT_CONTEXT;
     private boolean enabled = DistributionConfig.DEFAULT_SSL_ENABLED;
     private String protocols = DistributionConfig.DEFAULT_SSL_PROTOCOLS;
     private String ciphers = DistributionConfig.DEFAULT_SSL_CIPHERS;
     private boolean requireAuth = DistributionConfig.DEFAULT_SSL_REQUIRE_AUTHENTICATION;
     private String keystore = DistributionConfig.DEFAULT_SSL_KEYSTORE;
     private String keystoreType = KeyStore.getDefaultType();
     private String keystorePassword = DistributionConfig.DEFAULT_SSL_KEYSTORE_PASSWORD;
     private String truststore = DistributionConfig.DEFAULT_SSL_TRUSTSTORE;
     private String truststorePassword = DistributionConfig.DEFAULT_SSL_TRUSTSTORE_PASSWORD;
     private String truststoreType = KeyStore.getDefaultType();
     private String alias = null;
     private SecurableCommunicationChannel securableCommunicationChannel = null;
     private Properties properties = new Properties();
     private SSLParameterExtension sslParameterExtension = null;

     public Builder() {}

     public SSLConfig build() {
       return new SSLConfig(endpointIdentification, useDefaultSSLContext, enabled,
           protocols, ciphers, requireAuth, keystore, keystoreType, keystorePassword,
           truststore, truststorePassword, truststoreType, alias, securableCommunicationChannel,
           properties, sslParameterExtension);
     }

     public Builder setAlias(final String alias) {
       this.alias = alias;
       return this;
     }

     public Builder setEndpointIdentificationEnabled(boolean endpointIdentification) {
       this.endpointIdentification = endpointIdentification;
       return this;
     }

     public Builder setKeystore(final String keystore) {
       this.keystore = keystore;
       return this;
     }

     public Builder setKeystorePassword(final String keystorePassword) {
       this.keystorePassword = keystorePassword;
       return this;
     }

     public Builder setKeystoreType(final String keystoreType) {
       this.keystoreType = keystoreType;
       return this;
     }

     public Builder setTruststore(final String truststore) {
       this.truststore = truststore;
       return this;
     }

     public Builder setTruststorePassword(final String truststorePassword) {
       this.truststorePassword = truststorePassword;
       return this;
     }

     public Builder setEnabled(boolean enabled) {
       this.enabled = enabled;
       return this;
     }

     public Builder setUseDefaultSSLContext(boolean useDefaultSSLContext) {
       this.useDefaultSSLContext = useDefaultSSLContext;
       return this;
     }

     public Builder setProtocols(String protocols) {
       this.protocols = protocols;
       return this;
     }

     public Builder setCiphers(String ciphers) {
       this.ciphers = ciphers;
       return this;
     }

     public Builder setRequireAuth(boolean requireAuth) {
       this.requireAuth = requireAuth;
       return this;
     }

     public Builder setTruststoreType(final String truststoreType) {
       this.truststoreType = truststoreType;
       return this;
     }

     public Builder setProperties(Properties newProps) {
       this.properties = new Properties();
       for (Iterator iter = newProps.keySet().iterator(); iter.hasNext();) {
         String key = (String) iter.next();
         this.properties.setProperty(key, newProps.getProperty(key));
       }
       return this;
     }

     public Builder setSecurableCommunicationChannel(
         final SecurableCommunicationChannel securableCommunicationChannel) {
       this.securableCommunicationChannel = securableCommunicationChannel;
       return this;
     }

     public Builder setSSLParameterExtension(
         final String sslParameterExtensionConfig) {
       if (StringUtils.isBlank(sslParameterExtensionConfig)) {
         this.sslParameterExtension = null;
         return this;
       }
       InternalDistributedSystem ids = InternalDistributedSystem.getAnyInstance();

       if (ids == null) {
         this.sslParameterExtension = null;
         return this;
       }

       SSLParameterExtension sslParameterExtension =
           CallbackInstantiator.getObjectOfTypeFromClassName(sslParameterExtensionConfig,
               SSLParameterExtension.class);
       ids.getConfig().getDistributedSystemId();

       sslParameterExtension.init(
           new SSLParameterExtensionContextImpl(ids.getConfig().getDistributedSystemId()));
       this.sslParameterExtension = sslParameterExtension;
       return this;
     }

     public String getKeystore() {
       return keystore;
     }

     public String getKeystoreType() {
       return keystoreType;
     }

     public String getKeystorePassword() {
       return keystorePassword;
     }

     public String getTruststore() {
       return truststore;
     }

     public String getTruststorePassword() {
       return truststorePassword;
     }

     public String getTruststoreType() {
       return truststoreType;
     }
   }

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more contributor license
	* agreements. See the NOTICE file distributed with this work for additional information regarding
	* copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance with the License. You may obtain a
	* copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software distributed under the License
	* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
	* or implied. See the License for the specific language governing permissions and limitations under
	* the License.
	*/
	package org.apache.geode.internal.net;

	import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_CIPHERS;
	import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_ENABLED;
	import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_PROTOCOLS;
	import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_REQUIRE_AUTHENTICATION;

	import java.security.KeyStore;
	import java.util.Iterator;
	import java.util.Properties;

	import org.apache.commons.lang3.StringUtils;

	import org.apache.geode.annotations.Immutable;
	import org.apache.geode.distributed.internal.DistributionConfig;
	import org.apache.geode.distributed.internal.InternalDistributedSystem;
	import org.apache.geode.internal.security.CallbackInstantiator;
	import org.apache.geode.internal.security.SecurableCommunicationChannel;
	import org.apache.geode.net.SSLParameterExtension;
	import org.apache.geode.net.internal.SSLParameterExtensionContextImpl;

	/**
	* The SSL configuration settings for a GemFire distributed system.
	*
	* This class is immutable and the way to construct it is by means of the
	* {@link SSLConfig.Builder} class.
	*/
	@Immutable
	public class SSLConfig {

	private final boolean endpointIdentification;
	private final boolean useDefaultSSLContext;
	private final boolean enabled;
	private final String protocols;
	private final String ciphers;
	private final boolean requireAuth;
	private final String keystore;
	private final String keystoreType;
	private final String keystorePassword;
	private final String truststore;
	private final String truststorePassword;
	private final String truststoreType;
	private final String alias;
	@Immutable
	private final SecurableCommunicationChannel securableCommunicationChannel;

	/**
	* SSL implementation-specific key-value pairs. Each key should be prefixed with
	* <code>javax.net.ssl.</code>
	*/
	@Immutable
	private final Properties properties;

	@Immutable
	private final SSLParameterExtension sslParameterExtension;

	private SSLConfig(boolean endpointIdentification,
	boolean useDefaultSSLContext,
	boolean enabled,
	String protocols,
	String ciphers,
	boolean requireAuth,
	String keystore,
	String keystoreType,
	String keystorePassword,
	String truststore,
	String truststorePassword,
	String truststoreType,
	String alias,
	SecurableCommunicationChannel securableCommunicationChannel,
	Properties properties,
	SSLParameterExtension sslParameterExtension) {
	this.endpointIdentification = endpointIdentification;
	this.useDefaultSSLContext = useDefaultSSLContext;
	this.enabled = enabled;
	this.protocols = protocols;
	this.ciphers = ciphers;
	this.requireAuth = requireAuth;
	this.keystore = keystore;
	this.keystoreType = keystoreType;
	this.keystorePassword = keystorePassword;
	this.truststore = truststore;
	this.truststorePassword = truststorePassword;
	this.truststoreType = truststoreType;
	this.alias = alias;
	this.securableCommunicationChannel = securableCommunicationChannel;
	this.properties = properties;
	this.sslParameterExtension = sslParameterExtension;
	}

	public String getAlias() {
	return alias;
	}

	public boolean doEndpointIdentification() {
	return this.endpointIdentification;
	}

	public String getKeystore() {
	return keystore;
	}

	public String getKeystorePassword() {
	return keystorePassword;
	}

	public String getKeystoreType() {
	return keystoreType;
	}

	public String getTruststore() {
	return truststore;
	}

	public String getTruststorePassword() {
	return truststorePassword;
	}

	public boolean isEnabled() {
	return this.enabled;
	}

	public boolean useDefaultSSLContext() {
	return this.useDefaultSSLContext;
	}

	public String getProtocols() {
	return this.protocols;
	}

	public String[] getProtocolsAsStringArray() {
	return SSLUtil.readArray(this.protocols);
	}

	public String getCiphers() {
	return this.ciphers;
	}

	public String[] getCiphersAsStringArray() {
	return SSLUtil.readArray(this.ciphers);
	}

	public boolean isRequireAuth() {
	return this.requireAuth;
	}

	public String getTruststoreType() {
	return truststoreType;
	}

	public Properties getProperties() {
	return this.properties;
	}

	public SecurableCommunicationChannel getSecuredCommunicationChannel() {
	return securableCommunicationChannel;
	}

	public SSLParameterExtension getSSLParameterExtension() {
	return sslParameterExtension;
	}

	@Override
	public String toString() {
	return "SSLConfig{" + "enabled=" + enabled + ", protocols='" + protocols + '\'' + ", ciphers='"
	+ ciphers + '\'' + ", requireAuth=" + requireAuth + ", keystore='" + keystore + '\''
	+ ", keystoreType='" + keystoreType + '\'' + ", keystorePassword='" + keystorePassword
	+ '\'' + ", truststore='" + truststore + '\'' + ", truststorePassword='"
	+ truststorePassword + '\'' + ", truststoreType='" + truststoreType + '\'' + ", alias='"
	+ alias + '\'' + ", securableCommunicationChannel=" + securableCommunicationChannel
	+ ", properties=" + properties + '\'' + ", sslParameterExtension=" + sslParameterExtension
	+ '}';
	}

	/**
	* Populates a <code>Properties</code> object with the SSL-related configuration information used
	* by {@link org.apache.geode.distributed.DistributedSystem#connect}.
	*
	* @since GemFire 4.0
	*/
	public void toDSProperties(Properties props) {
	props.setProperty(CLUSTER_SSL_ENABLED, String.valueOf(this.enabled));

	if (this.enabled) {
	props.setProperty(CLUSTER_SSL_PROTOCOLS, this.protocols);
	props.setProperty(CLUSTER_SSL_CIPHERS, this.ciphers);
	props.setProperty(CLUSTER_SSL_REQUIRE_AUTHENTICATION, String.valueOf(this.requireAuth));
	}
	}

	/**
	* Builder class to be used to construct SSLConfig instances.
	* In order to build an {@link SSLConfig} instance an instance of this
	* class must be created, then the corresponding setter methods invoked
	* and finally the build() method that returns the {@link SSLConfig} instance
	*
	* Example:
	* SSLConfig sslConfInstance = new SSLConfig.Builder()
	* .setAlias(alias)
	* .setKeystore(keystore)
	* ...
	* .build();
	*
	*/
	public static class Builder {
	private boolean endpointIdentification;
	private boolean useDefaultSSLContext = DistributionConfig.DEFAULT_SSL_USE_DEFAULT_CONTEXT;
	private boolean enabled = DistributionConfig.DEFAULT_SSL_ENABLED;
	private String protocols = DistributionConfig.DEFAULT_SSL_PROTOCOLS;
	private String ciphers = DistributionConfig.DEFAULT_SSL_CIPHERS;
	private boolean requireAuth = DistributionConfig.DEFAULT_SSL_REQUIRE_AUTHENTICATION;
	private String keystore = DistributionConfig.DEFAULT_SSL_KEYSTORE;
	private String keystoreType = KeyStore.getDefaultType();
	private String keystorePassword = DistributionConfig.DEFAULT_SSL_KEYSTORE_PASSWORD;
	private String truststore = DistributionConfig.DEFAULT_SSL_TRUSTSTORE;
	private String truststorePassword = DistributionConfig.DEFAULT_SSL_TRUSTSTORE_PASSWORD;
	private String truststoreType = KeyStore.getDefaultType();
	private String alias = null;
	private SecurableCommunicationChannel securableCommunicationChannel = null;
	private Properties properties = new Properties();
	private SSLParameterExtension sslParameterExtension = null;

	public Builder() {}

	public SSLConfig build() {
	return new SSLConfig(endpointIdentification, useDefaultSSLContext, enabled,
	protocols, ciphers, requireAuth, keystore, keystoreType, keystorePassword,
	truststore, truststorePassword, truststoreType, alias, securableCommunicationChannel,
	properties, sslParameterExtension);
	}

	public Builder setAlias(final String alias) {
	this.alias = alias;
	return this;
	}

	public Builder setEndpointIdentificationEnabled(boolean endpointIdentification) {
	this.endpointIdentification = endpointIdentification;
	return this;
	}

	public Builder setKeystore(final String keystore) {
	this.keystore = keystore;
	return this;
	}

	public Builder setKeystorePassword(final String keystorePassword) {
	this.keystorePassword = keystorePassword;
	return this;
	}

	public Builder setKeystoreType(final String keystoreType) {
	this.keystoreType = keystoreType;
	return this;
	}

	public Builder setTruststore(final String truststore) {
	this.truststore = truststore;
	return this;
	}

	public Builder setTruststorePassword(final String truststorePassword) {
	this.truststorePassword = truststorePassword;
	return this;
	}

	public Builder setEnabled(boolean enabled) {
	this.enabled = enabled;
	return this;
	}

	public Builder setUseDefaultSSLContext(boolean useDefaultSSLContext) {
	this.useDefaultSSLContext = useDefaultSSLContext;
	return this;
	}

	public Builder setProtocols(String protocols) {
	this.protocols = protocols;
	return this;
	}

	public Builder setCiphers(String ciphers) {
	this.ciphers = ciphers;
	return this;
	}

	public Builder setRequireAuth(boolean requireAuth) {
	this.requireAuth = requireAuth;
	return this;
	}

	public Builder setTruststoreType(final String truststoreType) {
	this.truststoreType = truststoreType;
	return this;
	}

	public Builder setProperties(Properties newProps) {
	this.properties = new Properties();
	for (Iterator iter = newProps.keySet().iterator(); iter.hasNext();) {
	String key = (String) iter.next();
	this.properties.setProperty(key, newProps.getProperty(key));
	}
	return this;
	}

	public Builder setSecurableCommunicationChannel(
	final SecurableCommunicationChannel securableCommunicationChannel) {
	this.securableCommunicationChannel = securableCommunicationChannel;
	return this;
	}

	public Builder setSSLParameterExtension(
	final String sslParameterExtensionConfig) {
	if (StringUtils.isBlank(sslParameterExtensionConfig)) {
	this.sslParameterExtension = null;
	return this;
	}
	InternalDistributedSystem ids = InternalDistributedSystem.getAnyInstance();

	if (ids == null) {
	this.sslParameterExtension = null;
	return this;
	}

	SSLParameterExtension sslParameterExtension =
	CallbackInstantiator.getObjectOfTypeFromClassName(sslParameterExtensionConfig,
	SSLParameterExtension.class);
	ids.getConfig().getDistributedSystemId();

	sslParameterExtension.init(
	new SSLParameterExtensionContextImpl(ids.getConfig().getDistributedSystemId()));
	this.sslParameterExtension = sslParameterExtension;
	return this;
	}

	public String getKeystore() {
	return keystore;
	}

	public String getKeystoreType() {
	return keystoreType;
	}

	public String getKeystorePassword() {
	return keystorePassword;
	}

	public String getTruststore() {
	return truststore;
	}

	public String getTruststorePassword() {
	return truststorePassword;
	}

	public String getTruststoreType() {
	return truststoreType;
	}
	}

	}