geode-core/src/main/java/org/apache/geode/internal/net/SSLConfigurationFactory.java - geode - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
  * agreements. See the NOTICE file distributed with this work for additional information regarding
  * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance with the License. You may obtain a
  * copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License
  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
  * or implied. See the License for the specific language governing permissions and limitations under
  * the License.
  */

 package org.apache.geode.internal.net;

 import java.util.Properties;

 import org.apache.commons.lang3.ArrayUtils;
 import org.apache.commons.lang3.StringUtils;

 import org.apache.geode.annotations.internal.MakeNotStatic;
 import org.apache.geode.distributed.internal.DistributionConfig;
 import org.apache.geode.distributed.internal.DistributionConfigImpl;
 import org.apache.geode.internal.security.SecurableCommunicationChannel;

 public class SSLConfigurationFactory {
   public static final String JAVAX_KEYSTORE = "javax.net.ssl.keyStore";
   public static final String JAVAX_KEYSTORE_TYPE = "javax.net.ssl.keyStoreType";
   public static final String JAVAX_KEYSTORE_PASSWORD = "javax.net.ssl.keyStorePassword";
   public static final String JAVAX_TRUSTSTORE = "javax.net.ssl.trustStore";
   public static final String JAVAX_TRUSTSTORE_TYPE = "javax.net.ssl.trustStoreType";
   public static final String JAVAX_TRUSTSTORE_PASSWORD = "javax.net.ssl.trustStorePassword";
   public static final String GEODE_SSL_CONFIG_PROPERTIES =
       "org.apache.geode.internal.net.ssl.config";

   @MakeNotStatic
   private static SSLConfigurationFactory instance = new SSLConfigurationFactory();

   private SSLConfigurationFactory() {}

   private static synchronized SSLConfigurationFactory getInstance() {
     if (instance == null) {
       instance = new SSLConfigurationFactory();
     }
     return instance;
   }

   private SSLConfig createSSLConfigForComponent(final DistributionConfig distributionConfig,
       final SecurableCommunicationChannel sslEnabledComponent) {
     SSLConfig.Builder sslConfigBuilder =
         createSSLConfigBuilder(distributionConfig, sslEnabledComponent);
     SecurableCommunicationChannel[] sslEnabledComponents =
         distributionConfig.getSecurableCommunicationChannels();
     if (sslEnabledComponents.length == 0) {
       configureLegacyClusterSSL(distributionConfig, sslConfigBuilder);
     }
     sslConfigBuilder.setSecurableCommunicationChannel(sslEnabledComponent);

     switch (sslEnabledComponent) {
       case ALL: {
         break;
       }
       case CLUSTER: {
         if (sslEnabledComponents.length > 0) {
           setAliasForComponent(sslConfigBuilder, distributionConfig.getClusterSSLAlias());
         } else {
           configureLegacyClusterSSL(distributionConfig, sslConfigBuilder);
         }
         break;
       }
       case LOCATOR: {
         if (sslEnabledComponents.length > 0) {
           setAliasForComponent(sslConfigBuilder, distributionConfig.getLocatorSSLAlias());
         }
         break;
       }
       case SERVER: {
         if (sslEnabledComponents.length > 0) {
           setAliasForComponent(sslConfigBuilder, distributionConfig.getServerSSLAlias());
         } else {
           configureLegacyServerSSL(distributionConfig, sslConfigBuilder);
         }
         break;
       }
       case GATEWAY: {
         if (sslEnabledComponents.length > 0) {
           setAliasForComponent(sslConfigBuilder, distributionConfig.getGatewaySSLAlias());
         } else {
           configureLegacyGatewaySSL(distributionConfig, sslConfigBuilder);
         }
         break;
       }
       case WEB: {
         if (sslEnabledComponents.length > 0) {
           setAliasForComponent(sslConfigBuilder, distributionConfig.getHTTPServiceSSLAlias());
           sslConfigBuilder.setRequireAuth(distributionConfig.getSSLWebRequireAuthentication());
         } else {
           configureLegacyHttpServiceSSL(distributionConfig, sslConfigBuilder);
         }
         break;
       }
       case JMX: {
         if (sslEnabledComponents.length > 0) {
           setAliasForComponent(sslConfigBuilder, distributionConfig.getJMXSSLAlias());
         } else {
           configureLegacyJMXSSL(distributionConfig, sslConfigBuilder);
         }
         break;
       }
     }
     configureSSLPropertiesFromSystemProperties(sslConfigBuilder);
     return sslConfigBuilder.build();
   }

   private SSLConfig.Builder setAliasForComponent(SSLConfig.Builder sslConfigBuilder,
       final String clusterSSLAlias) {
     if (!StringUtils.isEmpty(clusterSSLAlias)) {
       sslConfigBuilder.setAlias(clusterSSLAlias);
     }
     return sslConfigBuilder;
   }

   private SSLConfig.Builder createSSLConfigBuilder(final DistributionConfig distributionConfig,
       final SecurableCommunicationChannel sslEnabledComponent) {
     SSLConfig.Builder sslConfigBuilder = new SSLConfig.Builder();
     sslConfigBuilder.setCiphers(distributionConfig.getSSLCiphers());
     sslConfigBuilder
         .setEndpointIdentificationEnabled(distributionConfig.getSSLEndPointIdentificationEnabled());
     sslConfigBuilder
         .setEnabled(determineIfSSLEnabledForSSLComponent(distributionConfig, sslEnabledComponent));
     sslConfigBuilder.setKeystore(distributionConfig.getSSLKeyStore());
     sslConfigBuilder.setKeystorePassword(distributionConfig.getSSLKeyStorePassword());
     sslConfigBuilder.setKeystoreType(distributionConfig.getSSLKeyStoreType());
     sslConfigBuilder.setTruststore(distributionConfig.getSSLTrustStore());
     sslConfigBuilder.setTruststorePassword(distributionConfig.getSSLTrustStorePassword());
     sslConfigBuilder.setTruststoreType(distributionConfig.getSSLTrustStoreType());
     sslConfigBuilder.setProtocols(distributionConfig.getSSLProtocols());
     sslConfigBuilder.setRequireAuth(distributionConfig.getSSLRequireAuthentication());
     sslConfigBuilder.setAlias(distributionConfig.getSSLDefaultAlias());
     sslConfigBuilder.setUseDefaultSSLContext(distributionConfig.getSSLUseDefaultContext());
     sslConfigBuilder.setSSLParameterExtension(distributionConfig.getSSLParameterExtension());

     return sslConfigBuilder;
   }

   private boolean determineIfSSLEnabledForSSLComponent(final DistributionConfig distributionConfig,
       final SecurableCommunicationChannel sslEnabledComponent) {
     if (ArrayUtils.contains(distributionConfig.getSecurableCommunicationChannels(),
         SecurableCommunicationChannel.ALL)) {
       return true;
     }

     return ArrayUtils.contains(distributionConfig.getSecurableCommunicationChannels(),
         sslEnabledComponent);
   }

   /**
    * Configure a SSLConfig.Builder for the cluster using the legacy configuration
    *
    * @return A SSLConfig.Builder object describing the ssl config for the server component
    * @deprecated as of Geode 1.0
    */
   private SSLConfig.Builder configureLegacyClusterSSL(final DistributionConfig distributionConfig,
       SSLConfig.Builder sslConfigBuilder) {
     sslConfigBuilder.setCiphers(distributionConfig.getClusterSSLCiphers());
     sslConfigBuilder.setEnabled(distributionConfig.getClusterSSLEnabled());
     sslConfigBuilder.setKeystore(distributionConfig.getClusterSSLKeyStore());
     sslConfigBuilder.setKeystorePassword(distributionConfig.getClusterSSLKeyStorePassword());
     sslConfigBuilder.setKeystoreType(distributionConfig.getClusterSSLKeyStoreType());
     sslConfigBuilder.setTruststore(distributionConfig.getClusterSSLTrustStore());
     sslConfigBuilder.setTruststorePassword(distributionConfig.getClusterSSLTrustStorePassword());
     sslConfigBuilder.setTruststoreType(distributionConfig.getClusterSSLKeyStoreType());
     sslConfigBuilder.setProtocols(distributionConfig.getClusterSSLProtocols());
     sslConfigBuilder.setRequireAuth(distributionConfig.getClusterSSLRequireAuthentication());
     return sslConfigBuilder;
   }

   /**
    * Configure a SSLConfig.Builder for the server using the legacy configuration
    *
    * @return A SSLConfig.Builder object describing the ssl config for the server component
    * @deprecated as of Geode 1.0
    */
   private SSLConfig.Builder configureLegacyServerSSL(final DistributionConfig distributionConfig,
       final SSLConfig.Builder sslConfigBuilder) {
     sslConfigBuilder.setCiphers(distributionConfig.getServerSSLCiphers());
     sslConfigBuilder.setEnabled(distributionConfig.getServerSSLEnabled());
     sslConfigBuilder.setKeystore(distributionConfig.getServerSSLKeyStore());
     sslConfigBuilder.setKeystorePassword(distributionConfig.getServerSSLKeyStorePassword());
     sslConfigBuilder.setKeystoreType(distributionConfig.getServerSSLKeyStoreType());
     sslConfigBuilder.setTruststore(distributionConfig.getServerSSLTrustStore());
     sslConfigBuilder.setTruststorePassword(distributionConfig.getServerSSLTrustStorePassword());
     sslConfigBuilder.setTruststoreType(distributionConfig.getServerSSLKeyStoreType());
     sslConfigBuilder.setProtocols(distributionConfig.getServerSSLProtocols());
     sslConfigBuilder.setRequireAuth(distributionConfig.getServerSSLRequireAuthentication());
     return sslConfigBuilder;
   }

   /**
    * Configure a SSLConfig.Builder for the jmx using the legacy configuration
    *
    * @return A SSLConfig.Builder object describing the ssl config for the jmx component
    * @deprecated as of Geode 1.0
    */
   private SSLConfig.Builder configureLegacyJMXSSL(final DistributionConfig distributionConfig,
       SSLConfig.Builder sslConfigBuilder) {
     sslConfigBuilder.setCiphers(distributionConfig.getJmxManagerSSLCiphers());
     sslConfigBuilder.setEnabled(distributionConfig.getJmxManagerSSLEnabled());
     sslConfigBuilder.setKeystore(distributionConfig.getJmxManagerSSLKeyStore());
     sslConfigBuilder.setKeystorePassword(distributionConfig.getJmxManagerSSLKeyStorePassword());
     sslConfigBuilder.setKeystoreType(distributionConfig.getJmxManagerSSLKeyStoreType());
     sslConfigBuilder.setTruststore(distributionConfig.getJmxManagerSSLTrustStore());
     sslConfigBuilder.setTruststorePassword(distributionConfig.getJmxManagerSSLTrustStorePassword());
     sslConfigBuilder.setTruststoreType(distributionConfig.getJmxManagerSSLKeyStoreType());
     sslConfigBuilder.setProtocols(distributionConfig.getJmxManagerSSLProtocols());
     sslConfigBuilder.setRequireAuth(distributionConfig.getJmxManagerSSLRequireAuthentication());
     return sslConfigBuilder;
   }

   /**
    * Configure a SSLConfig.Builder for the gateway using the legacy configuration
    *
    * @return A sslConfig object describing the ssl config for the gateway component
    * @deprecated as of Geode 1.0
    */
   private SSLConfig.Builder configureLegacyGatewaySSL(final DistributionConfig distributionConfig,
       SSLConfig.Builder sslConfigBuilder) {
     sslConfigBuilder.setCiphers(distributionConfig.getGatewaySSLCiphers());
     sslConfigBuilder.setEnabled(distributionConfig.getGatewaySSLEnabled());
     sslConfigBuilder.setKeystore(distributionConfig.getGatewaySSLKeyStore());
     sslConfigBuilder.setKeystorePassword(distributionConfig.getGatewaySSLKeyStorePassword());
     sslConfigBuilder.setKeystoreType(distributionConfig.getGatewaySSLKeyStoreType());
     sslConfigBuilder.setTruststore(distributionConfig.getGatewaySSLTrustStore());
     sslConfigBuilder.setTruststorePassword(distributionConfig.getGatewaySSLTrustStorePassword());
     sslConfigBuilder.setProtocols(distributionConfig.getGatewaySSLProtocols());
     sslConfigBuilder.setRequireAuth(distributionConfig.getGatewaySSLRequireAuthentication());
     return sslConfigBuilder;
   }

   /**
    * Configure a SSLConfig.Builder for the http service using the legacy configuration
    *
    * @return A SSLConfig.Builder object describing the ssl config for the http service component
    * @deprecated as of Geode 1.0
    */
   private SSLConfig.Builder configureLegacyHttpServiceSSL(
       final DistributionConfig distributionConfig,
       SSLConfig.Builder sslConfigBuilder) {
     sslConfigBuilder.setCiphers(distributionConfig.getHttpServiceSSLCiphers());
     sslConfigBuilder.setEnabled(distributionConfig.getHttpServiceSSLEnabled());
     sslConfigBuilder.setKeystore(distributionConfig.getHttpServiceSSLKeyStore());
     sslConfigBuilder.setKeystorePassword(distributionConfig.getHttpServiceSSLKeyStorePassword());
     sslConfigBuilder.setKeystoreType(distributionConfig.getHttpServiceSSLKeyStoreType());
     sslConfigBuilder.setTruststore(distributionConfig.getHttpServiceSSLTrustStore());
     sslConfigBuilder
         .setTruststorePassword(distributionConfig.getHttpServiceSSLTrustStorePassword());
     sslConfigBuilder.setTruststoreType(distributionConfig.getHttpServiceSSLKeyStoreType());
     sslConfigBuilder.setProtocols(distributionConfig.getHttpServiceSSLProtocols());
     sslConfigBuilder.setRequireAuth(distributionConfig.getHttpServiceSSLRequireAuthentication());
     return sslConfigBuilder;
   }

   private SSLConfig.Builder configureSSLPropertiesFromSystemProperties(
       SSLConfig.Builder sslConfigBuilder) {
     return configureSSLPropertiesFromSystemProperties(sslConfigBuilder, null);
   }

   private SSLConfig.Builder configureSSLPropertiesFromSystemProperties(
       SSLConfig.Builder sslConfigBuilder,
       Properties properties) {
     if (StringUtils.isEmpty(sslConfigBuilder.getKeystore())) {
       sslConfigBuilder.setKeystore(getValueFromSystemProperties(properties, JAVAX_KEYSTORE));
     }
     if (StringUtils.isEmpty(sslConfigBuilder.getKeystoreType())) {
       sslConfigBuilder
           .setKeystoreType(getValueFromSystemProperties(properties, JAVAX_KEYSTORE_TYPE));
     }
     if (StringUtils.isEmpty(sslConfigBuilder.getKeystorePassword())) {
       sslConfigBuilder
           .setKeystorePassword(getValueFromSystemProperties(properties, JAVAX_KEYSTORE_PASSWORD));
     }
     if (StringUtils.isEmpty(sslConfigBuilder.getTruststore())) {
       sslConfigBuilder.setTruststore(getValueFromSystemProperties(properties, JAVAX_TRUSTSTORE));
     }
     if (StringUtils.isEmpty(sslConfigBuilder.getTruststorePassword())) {
       sslConfigBuilder.setTruststorePassword(
           getValueFromSystemProperties(properties, JAVAX_TRUSTSTORE_PASSWORD));
     }
     if (StringUtils.isEmpty(sslConfigBuilder.getTruststoreType())) {
       sslConfigBuilder
           .setTruststoreType(getValueFromSystemProperties(properties, JAVAX_TRUSTSTORE_TYPE));
     }
     return sslConfigBuilder;
   }

   private String getValueFromSystemProperties(final Properties properties, String property) {
     String propertyValue = null;
     if (properties != null) {
       propertyValue = properties.getProperty(property);
     }
     if (property != null) {
       propertyValue = System.getProperty(property);
       if (propertyValue != null) {
         if (propertyValue.trim().equals("")) {
           propertyValue = System.getenv(property);
         }
       }
     }
     return propertyValue;
   }

   @Deprecated
   public static SSLConfig getSSLConfigForComponent(final boolean useSSL,
       final boolean needClientAuth, final String protocols, final String ciphers,
       final Properties gfsecurityProps, final String alias) {
     SSLConfig.Builder sslConfigBuilder = new SSLConfig.Builder();
     sslConfigBuilder.setAlias(alias);
     sslConfigBuilder.setCiphers(ciphers);
     sslConfigBuilder.setProtocols(protocols);
     sslConfigBuilder.setRequireAuth(needClientAuth);
     sslConfigBuilder.setEnabled(useSSL);

     getInstance().configureSSLPropertiesFromSystemProperties(sslConfigBuilder, gfsecurityProps);

     return sslConfigBuilder.build();
   }

   public static SSLConfig getSSLConfigForComponent(DistributionConfig distributionConfig,
       SecurableCommunicationChannel sslEnabledComponent) {
     return getInstance().createSSLConfigForComponent(distributionConfig, sslEnabledComponent);
   }

   public static SSLConfig getSSLConfigForComponent(Properties properties,
       SecurableCommunicationChannel sslEnabledComponent) {
     return getInstance().createSSLConfigForComponent(new DistributionConfigImpl(properties),
         sslEnabledComponent);
   }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more contributor license
	* agreements. See the NOTICE file distributed with this work for additional information regarding
	* copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance with the License. You may obtain a
	* copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software distributed under the License
	* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
	* or implied. See the License for the specific language governing permissions and limitations under
	* the License.
	*/

	package org.apache.geode.internal.net;

	import java.util.Properties;

	import org.apache.commons.lang3.ArrayUtils;
	import org.apache.commons.lang3.StringUtils;

	import org.apache.geode.annotations.internal.MakeNotStatic;
	import org.apache.geode.distributed.internal.DistributionConfig;
	import org.apache.geode.distributed.internal.DistributionConfigImpl;
	import org.apache.geode.internal.security.SecurableCommunicationChannel;

	public class SSLConfigurationFactory {
	public static final String JAVAX_KEYSTORE = "javax.net.ssl.keyStore";
	public static final String JAVAX_KEYSTORE_TYPE = "javax.net.ssl.keyStoreType";
	public static final String JAVAX_KEYSTORE_PASSWORD = "javax.net.ssl.keyStorePassword";
	public static final String JAVAX_TRUSTSTORE = "javax.net.ssl.trustStore";
	public static final String JAVAX_TRUSTSTORE_TYPE = "javax.net.ssl.trustStoreType";
	public static final String JAVAX_TRUSTSTORE_PASSWORD = "javax.net.ssl.trustStorePassword";
	public static final String GEODE_SSL_CONFIG_PROPERTIES =
	"org.apache.geode.internal.net.ssl.config";

	@MakeNotStatic
	private static SSLConfigurationFactory instance = new SSLConfigurationFactory();

	private SSLConfigurationFactory() {}

	private static synchronized SSLConfigurationFactory getInstance() {
	if (instance == null) {
	instance = new SSLConfigurationFactory();
	}
	return instance;
	}

	private SSLConfig createSSLConfigForComponent(final DistributionConfig distributionConfig,
	final SecurableCommunicationChannel sslEnabledComponent) {
	SSLConfig.Builder sslConfigBuilder =
	createSSLConfigBuilder(distributionConfig, sslEnabledComponent);
	SecurableCommunicationChannel[] sslEnabledComponents =
	distributionConfig.getSecurableCommunicationChannels();
	if (sslEnabledComponents.length == 0) {
	configureLegacyClusterSSL(distributionConfig, sslConfigBuilder);
	}
	sslConfigBuilder.setSecurableCommunicationChannel(sslEnabledComponent);

	switch (sslEnabledComponent) {
	case ALL: {
	break;
	}
	case CLUSTER: {
	if (sslEnabledComponents.length > 0) {
	setAliasForComponent(sslConfigBuilder, distributionConfig.getClusterSSLAlias());
	} else {
	configureLegacyClusterSSL(distributionConfig, sslConfigBuilder);
	}
	break;
	}
	case LOCATOR: {
	if (sslEnabledComponents.length > 0) {
	setAliasForComponent(sslConfigBuilder, distributionConfig.getLocatorSSLAlias());
	}
	break;
	}
	case SERVER: {
	if (sslEnabledComponents.length > 0) {
	setAliasForComponent(sslConfigBuilder, distributionConfig.getServerSSLAlias());
	} else {
	configureLegacyServerSSL(distributionConfig, sslConfigBuilder);
	}
	break;
	}
	case GATEWAY: {
	if (sslEnabledComponents.length > 0) {
	setAliasForComponent(sslConfigBuilder, distributionConfig.getGatewaySSLAlias());
	} else {
	configureLegacyGatewaySSL(distributionConfig, sslConfigBuilder);
	}
	break;
	}
	case WEB: {
	if (sslEnabledComponents.length > 0) {
	setAliasForComponent(sslConfigBuilder, distributionConfig.getHTTPServiceSSLAlias());
	sslConfigBuilder.setRequireAuth(distributionConfig.getSSLWebRequireAuthentication());
	} else {
	configureLegacyHttpServiceSSL(distributionConfig, sslConfigBuilder);
	}
	break;
	}
	case JMX: {
	if (sslEnabledComponents.length > 0) {
	setAliasForComponent(sslConfigBuilder, distributionConfig.getJMXSSLAlias());
	} else {
	configureLegacyJMXSSL(distributionConfig, sslConfigBuilder);
	}
	break;
	}
	}
	configureSSLPropertiesFromSystemProperties(sslConfigBuilder);
	return sslConfigBuilder.build();
	}

	private SSLConfig.Builder setAliasForComponent(SSLConfig.Builder sslConfigBuilder,
	final String clusterSSLAlias) {
	if (!StringUtils.isEmpty(clusterSSLAlias)) {
	sslConfigBuilder.setAlias(clusterSSLAlias);
	}
	return sslConfigBuilder;
	}

	private SSLConfig.Builder createSSLConfigBuilder(final DistributionConfig distributionConfig,
	final SecurableCommunicationChannel sslEnabledComponent) {
	SSLConfig.Builder sslConfigBuilder = new SSLConfig.Builder();
	sslConfigBuilder.setCiphers(distributionConfig.getSSLCiphers());
	sslConfigBuilder
	.setEndpointIdentificationEnabled(distributionConfig.getSSLEndPointIdentificationEnabled());
	sslConfigBuilder
	.setEnabled(determineIfSSLEnabledForSSLComponent(distributionConfig, sslEnabledComponent));
	sslConfigBuilder.setKeystore(distributionConfig.getSSLKeyStore());
	sslConfigBuilder.setKeystorePassword(distributionConfig.getSSLKeyStorePassword());
	sslConfigBuilder.setKeystoreType(distributionConfig.getSSLKeyStoreType());
	sslConfigBuilder.setTruststore(distributionConfig.getSSLTrustStore());
	sslConfigBuilder.setTruststorePassword(distributionConfig.getSSLTrustStorePassword());
	sslConfigBuilder.setTruststoreType(distributionConfig.getSSLTrustStoreType());
	sslConfigBuilder.setProtocols(distributionConfig.getSSLProtocols());
	sslConfigBuilder.setRequireAuth(distributionConfig.getSSLRequireAuthentication());
	sslConfigBuilder.setAlias(distributionConfig.getSSLDefaultAlias());
	sslConfigBuilder.setUseDefaultSSLContext(distributionConfig.getSSLUseDefaultContext());
	sslConfigBuilder.setSSLParameterExtension(distributionConfig.getSSLParameterExtension());

	return sslConfigBuilder;
	}

	private boolean determineIfSSLEnabledForSSLComponent(final DistributionConfig distributionConfig,
	final SecurableCommunicationChannel sslEnabledComponent) {
	if (ArrayUtils.contains(distributionConfig.getSecurableCommunicationChannels(),
	SecurableCommunicationChannel.ALL)) {
	return true;
	}

	return ArrayUtils.contains(distributionConfig.getSecurableCommunicationChannels(),
	sslEnabledComponent);
	}

	/**
	* Configure a SSLConfig.Builder for the cluster using the legacy configuration
	*
	* @return A SSLConfig.Builder object describing the ssl config for the server component
	* @deprecated as of Geode 1.0
	*/
	private SSLConfig.Builder configureLegacyClusterSSL(final DistributionConfig distributionConfig,
	SSLConfig.Builder sslConfigBuilder) {
	sslConfigBuilder.setCiphers(distributionConfig.getClusterSSLCiphers());
	sslConfigBuilder.setEnabled(distributionConfig.getClusterSSLEnabled());
	sslConfigBuilder.setKeystore(distributionConfig.getClusterSSLKeyStore());
	sslConfigBuilder.setKeystorePassword(distributionConfig.getClusterSSLKeyStorePassword());
	sslConfigBuilder.setKeystoreType(distributionConfig.getClusterSSLKeyStoreType());
	sslConfigBuilder.setTruststore(distributionConfig.getClusterSSLTrustStore());
	sslConfigBuilder.setTruststorePassword(distributionConfig.getClusterSSLTrustStorePassword());
	sslConfigBuilder.setTruststoreType(distributionConfig.getClusterSSLKeyStoreType());
	sslConfigBuilder.setProtocols(distributionConfig.getClusterSSLProtocols());
	sslConfigBuilder.setRequireAuth(distributionConfig.getClusterSSLRequireAuthentication());
	return sslConfigBuilder;
	}

	/**
	* Configure a SSLConfig.Builder for the server using the legacy configuration
	*
	* @return A SSLConfig.Builder object describing the ssl config for the server component
	* @deprecated as of Geode 1.0
	*/
	private SSLConfig.Builder configureLegacyServerSSL(final DistributionConfig distributionConfig,
	final SSLConfig.Builder sslConfigBuilder) {
	sslConfigBuilder.setCiphers(distributionConfig.getServerSSLCiphers());
	sslConfigBuilder.setEnabled(distributionConfig.getServerSSLEnabled());
	sslConfigBuilder.setKeystore(distributionConfig.getServerSSLKeyStore());
	sslConfigBuilder.setKeystorePassword(distributionConfig.getServerSSLKeyStorePassword());
	sslConfigBuilder.setKeystoreType(distributionConfig.getServerSSLKeyStoreType());
	sslConfigBuilder.setTruststore(distributionConfig.getServerSSLTrustStore());
	sslConfigBuilder.setTruststorePassword(distributionConfig.getServerSSLTrustStorePassword());
	sslConfigBuilder.setTruststoreType(distributionConfig.getServerSSLKeyStoreType());
	sslConfigBuilder.setProtocols(distributionConfig.getServerSSLProtocols());
	sslConfigBuilder.setRequireAuth(distributionConfig.getServerSSLRequireAuthentication());
	return sslConfigBuilder;
	}

	/**
	* Configure a SSLConfig.Builder for the jmx using the legacy configuration
	*
	* @return A SSLConfig.Builder object describing the ssl config for the jmx component
	* @deprecated as of Geode 1.0
	*/
	private SSLConfig.Builder configureLegacyJMXSSL(final DistributionConfig distributionConfig,
	SSLConfig.Builder sslConfigBuilder) {
	sslConfigBuilder.setCiphers(distributionConfig.getJmxManagerSSLCiphers());
	sslConfigBuilder.setEnabled(distributionConfig.getJmxManagerSSLEnabled());
	sslConfigBuilder.setKeystore(distributionConfig.getJmxManagerSSLKeyStore());
	sslConfigBuilder.setKeystorePassword(distributionConfig.getJmxManagerSSLKeyStorePassword());
	sslConfigBuilder.setKeystoreType(distributionConfig.getJmxManagerSSLKeyStoreType());
	sslConfigBuilder.setTruststore(distributionConfig.getJmxManagerSSLTrustStore());
	sslConfigBuilder.setTruststorePassword(distributionConfig.getJmxManagerSSLTrustStorePassword());
	sslConfigBuilder.setTruststoreType(distributionConfig.getJmxManagerSSLKeyStoreType());
	sslConfigBuilder.setProtocols(distributionConfig.getJmxManagerSSLProtocols());
	sslConfigBuilder.setRequireAuth(distributionConfig.getJmxManagerSSLRequireAuthentication());
	return sslConfigBuilder;
	}

	/**
	* Configure a SSLConfig.Builder for the gateway using the legacy configuration
	*
	* @return A sslConfig object describing the ssl config for the gateway component
	* @deprecated as of Geode 1.0
	*/
	private SSLConfig.Builder configureLegacyGatewaySSL(final DistributionConfig distributionConfig,
	SSLConfig.Builder sslConfigBuilder) {
	sslConfigBuilder.setCiphers(distributionConfig.getGatewaySSLCiphers());
	sslConfigBuilder.setEnabled(distributionConfig.getGatewaySSLEnabled());
	sslConfigBuilder.setKeystore(distributionConfig.getGatewaySSLKeyStore());
	sslConfigBuilder.setKeystorePassword(distributionConfig.getGatewaySSLKeyStorePassword());
	sslConfigBuilder.setKeystoreType(distributionConfig.getGatewaySSLKeyStoreType());
	sslConfigBuilder.setTruststore(distributionConfig.getGatewaySSLTrustStore());
	sslConfigBuilder.setTruststorePassword(distributionConfig.getGatewaySSLTrustStorePassword());
	sslConfigBuilder.setProtocols(distributionConfig.getGatewaySSLProtocols());
	sslConfigBuilder.setRequireAuth(distributionConfig.getGatewaySSLRequireAuthentication());
	return sslConfigBuilder;
	}

	/**
	* Configure a SSLConfig.Builder for the http service using the legacy configuration
	*
	* @return A SSLConfig.Builder object describing the ssl config for the http service component
	* @deprecated as of Geode 1.0
	*/
	private SSLConfig.Builder configureLegacyHttpServiceSSL(
	final DistributionConfig distributionConfig,
	SSLConfig.Builder sslConfigBuilder) {
	sslConfigBuilder.setCiphers(distributionConfig.getHttpServiceSSLCiphers());
	sslConfigBuilder.setEnabled(distributionConfig.getHttpServiceSSLEnabled());
	sslConfigBuilder.setKeystore(distributionConfig.getHttpServiceSSLKeyStore());
	sslConfigBuilder.setKeystorePassword(distributionConfig.getHttpServiceSSLKeyStorePassword());
	sslConfigBuilder.setKeystoreType(distributionConfig.getHttpServiceSSLKeyStoreType());
	sslConfigBuilder.setTruststore(distributionConfig.getHttpServiceSSLTrustStore());
	sslConfigBuilder
	.setTruststorePassword(distributionConfig.getHttpServiceSSLTrustStorePassword());
	sslConfigBuilder.setTruststoreType(distributionConfig.getHttpServiceSSLKeyStoreType());
	sslConfigBuilder.setProtocols(distributionConfig.getHttpServiceSSLProtocols());
	sslConfigBuilder.setRequireAuth(distributionConfig.getHttpServiceSSLRequireAuthentication());
	return sslConfigBuilder;
	}

	private SSLConfig.Builder configureSSLPropertiesFromSystemProperties(
	SSLConfig.Builder sslConfigBuilder) {
	return configureSSLPropertiesFromSystemProperties(sslConfigBuilder, null);
	}

	private SSLConfig.Builder configureSSLPropertiesFromSystemProperties(
	SSLConfig.Builder sslConfigBuilder,
	Properties properties) {
	if (StringUtils.isEmpty(sslConfigBuilder.getKeystore())) {
	sslConfigBuilder.setKeystore(getValueFromSystemProperties(properties, JAVAX_KEYSTORE));
	}
	if (StringUtils.isEmpty(sslConfigBuilder.getKeystoreType())) {
	sslConfigBuilder
	.setKeystoreType(getValueFromSystemProperties(properties, JAVAX_KEYSTORE_TYPE));
	}
	if (StringUtils.isEmpty(sslConfigBuilder.getKeystorePassword())) {
	sslConfigBuilder
	.setKeystorePassword(getValueFromSystemProperties(properties, JAVAX_KEYSTORE_PASSWORD));
	}
	if (StringUtils.isEmpty(sslConfigBuilder.getTruststore())) {
	sslConfigBuilder.setTruststore(getValueFromSystemProperties(properties, JAVAX_TRUSTSTORE));
	}
	if (StringUtils.isEmpty(sslConfigBuilder.getTruststorePassword())) {
	sslConfigBuilder.setTruststorePassword(
	getValueFromSystemProperties(properties, JAVAX_TRUSTSTORE_PASSWORD));
	}
	if (StringUtils.isEmpty(sslConfigBuilder.getTruststoreType())) {
	sslConfigBuilder
	.setTruststoreType(getValueFromSystemProperties(properties, JAVAX_TRUSTSTORE_TYPE));
	}
	return sslConfigBuilder;
	}

	private String getValueFromSystemProperties(final Properties properties, String property) {
	String propertyValue = null;
	if (properties != null) {
	propertyValue = properties.getProperty(property);
	}
	if (property != null) {
	propertyValue = System.getProperty(property);
	if (propertyValue != null) {
	if (propertyValue.trim().equals("")) {
	propertyValue = System.getenv(property);
	}
	}
	}
	return propertyValue;
	}

	@Deprecated
	public static SSLConfig getSSLConfigForComponent(final boolean useSSL,
	final boolean needClientAuth, final String protocols, final String ciphers,
	final Properties gfsecurityProps, final String alias) {
	SSLConfig.Builder sslConfigBuilder = new SSLConfig.Builder();
	sslConfigBuilder.setAlias(alias);
	sslConfigBuilder.setCiphers(ciphers);
	sslConfigBuilder.setProtocols(protocols);
	sslConfigBuilder.setRequireAuth(needClientAuth);
	sslConfigBuilder.setEnabled(useSSL);

	getInstance().configureSSLPropertiesFromSystemProperties(sslConfigBuilder, gfsecurityProps);

	return sslConfigBuilder.build();
	}

	public static SSLConfig getSSLConfigForComponent(DistributionConfig distributionConfig,
	SecurableCommunicationChannel sslEnabledComponent) {
	return getInstance().createSSLConfigForComponent(distributionConfig, sslEnabledComponent);
	}

	public static SSLConfig getSSLConfigForComponent(Properties properties,
	SecurableCommunicationChannel sslEnabledComponent) {
	return getInstance().createSSLConfigForComponent(new DistributionConfigImpl(properties),
	sslEnabledComponent);
	}
	}