Skip to content

IGN-11747 [IGNITE-9298] control.sh does not support SSL in 5.2.1-p14 #102

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
a-polyakov wants to merge 1 commit into
base: ignite-2.5.1-master
Choose a base branch
from
Open

IGN-11747 [IGNITE-9298] control.sh does not support SSL in 5.2.1-p14 #102

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
86 changes: 85 additions & 1 deletion modules/core/src/main/java/org/apache/ignite/internal/commandline/Arguments.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,33 @@ public class Arguments {
/** Ping interval for grid client. See {@link GridClientConfiguration#pingInterval}.*/
private long pingInterval;

/** */
private boolean sslEnable;

/** */
private String sslProtocol;

/** */
private String sslAlgorithm;

/** */
private String sslKeyStorePath;

/** */
private String sslKeyStoreType;

/** */
private char sslKeyStorePassword[];

/** */
private String sslTrustStorePath;

/** */
private String sslTrustStoreType;

/** */
private char sslTrustStorePassword[];

/**
* @param cmd Command.
* @param host Host.
Expand All @@ -95,7 +122,10 @@ public class Arguments {
*/
public Arguments(Command cmd, String host, String port, String user, String pwd, String baselineAct,
String baselineArgs, VisorTxTaskArg txArg, CacheArguments cacheArgs, String walAct, String walArgs,
Long pingTimeout, Long pingInterval, boolean autoConfirmation) {
Long pingTimeout, Long pingInterval, boolean autoConfirmation,
boolean sslEnable, String sslProtocol, String sslAlgorithm,
String sslKeyStorePath, String sslKeyStoreType, char sslKeyStorePassword[],
String sslTrustStorePath, String sslTrustStoreType, char sslTrustStorePassword[]) {
this.cmd = cmd;
this.host = host;
this.port = port;
Expand All @@ -110,6 +140,15 @@ public Arguments(Command cmd, String host, String port, String user, String pwd,
this.pingTimeout = pingTimeout;
this.pingInterval = pingInterval;
this.autoConfirmation = autoConfirmation;
this.sslEnable = sslEnable;
this.sslProtocol = sslProtocol;
this.sslAlgorithm = sslAlgorithm;
this.sslKeyStorePath = sslKeyStorePath;
this.sslKeyStoreType = sslKeyStoreType;
this.sslKeyStorePassword = sslKeyStorePassword;
this.sslTrustStorePath = sslTrustStorePath;
this.sslTrustStoreType = sslTrustStoreType;
this.sslTrustStorePassword = sslTrustStorePassword;
}

/**
Expand Down Expand Up @@ -213,4 +252,49 @@ public long pingInterval() {
public boolean autoConfirmation() {
return autoConfirmation;
}

/** */
public boolean isSslEnable() {
return sslEnable;
}

/** */
public String getSslProtocol() {
return sslProtocol;
}

/** */
public String getSslAlgorithm() {
return sslAlgorithm;
}

/** */
public String getSslKeyStorePath() {
return sslKeyStorePath;
}

/** */
public String getSslKeyStoreType() {
return sslKeyStoreType;
}

/** */
public char[] getSslKeyStorePassword() {
return sslKeyStorePassword;
}

/** */
public String getSslTrustStorePath() {
return sslTrustStorePath;
}

/** */
public String getSslTrustStoreType() {
return sslTrustStoreType;
}

/** */
public char[] getSslTrustStorePassword() {
return sslTrustStorePassword;
}
}
149 changes: 146 additions & 3 deletions modules/core/src/main/java/org/apache/ignite/internal/commandline/CommandHandler.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@
import org.apache.ignite.internal.client.GridClientNode;
import org.apache.ignite.internal.client.GridServerUnreachableException;
import org.apache.ignite.internal.client.impl.connection.GridClientConnectionResetException;
import org.apache.ignite.internal.client.ssl.GridSslBasicContextFactory;
import org.apache.ignite.internal.commandline.cache.CacheArguments;
import org.apache.ignite.internal.commandline.cache.CacheCommand;
import org.apache.ignite.internal.processors.cache.verify.CacheInfo;
Expand Down Expand Up @@ -95,10 +96,10 @@
import org.apache.ignite.internal.visor.verify.VisorViewCacheTask;
import org.apache.ignite.internal.visor.verify.VisorViewCacheTaskArg;
import org.apache.ignite.internal.visor.verify.VisorViewCacheTaskResult;
import org.apache.ignite.lang.IgniteClosure;
import org.apache.ignite.lang.IgniteProductVersion;
import org.apache.ignite.plugin.security.SecurityCredentials;
import org.apache.ignite.plugin.security.SecurityCredentialsBasicProvider;
import org.apache.ignite.ssl.SslContextFactory;

import static org.apache.ignite.IgniteSystemProperties.IGNITE_ENABLE_EXPERIMENTAL_COMMAND;
import static org.apache.ignite.internal.IgniteVersionUtils.ACK_VER_STR;
Expand Down Expand Up @@ -161,6 +162,35 @@ public class CommandHandler {
/** */
private static final String CMD_SKIP_ZEROS = "--skipZeros";

// SSL configuration section

/** */
protected static final String CMD_SSL_ENABLED = "--ssl_enabled";

/** */
protected static final String CMD_SSL_PROTOCOL = "--ssl_protocol";

/** */
protected static final String CMD_SSL_ALGORITHM = "--ssl_algorithm";

/** */
protected static final String CMD_SSL_KEY_STORE_PATH = "--ssl_key_store_path";

/** */
protected static final String CMD_SSL_KEY_STORE_TYPE = "--ssl_key_store_type";

/** */
protected static final String CMD_SSL_KEY_STORE_PASSWORD = "--ssl_key_store_password";

/** */
protected static final String CMD_SSL_TRUSTSTORE_PATH = "--ssl_truststore_path";

/** */
protected static final String CMD_SSL_TRUSTSTORE_TYPE = "--ssl_truststore_type";

/** */
protected static final String CMD_SSL_TRUSTSTORE_PASSWORD = "--ssl_truststore_password";

/** List of optional auxiliary commands. */
private static final Set<String> AUX_COMMANDS = new HashSet<>();

Expand All @@ -173,6 +203,15 @@ public class CommandHandler {
AUX_COMMANDS.add(CMD_AUTO_CONFIRMATION);
AUX_COMMANDS.add(CMD_PING_INTERVAL);
AUX_COMMANDS.add(CMD_PING_TIMEOUT);
AUX_COMMANDS.add(CMD_SSL_ENABLED);
AUX_COMMANDS.add(CMD_SSL_PROTOCOL);
AUX_COMMANDS.add(CMD_SSL_ALGORITHM);
AUX_COMMANDS.add(CMD_SSL_KEY_STORE_PATH);
AUX_COMMANDS.add(CMD_SSL_KEY_STORE_TYPE);
AUX_COMMANDS.add(CMD_SSL_KEY_STORE_PASSWORD);
AUX_COMMANDS.add(CMD_SSL_TRUSTSTORE_PATH);
AUX_COMMANDS.add(CMD_SSL_TRUSTSTORE_TYPE);
AUX_COMMANDS.add(CMD_SSL_TRUSTSTORE_PASSWORD);
}

/** Broadcast uuid. */
Expand Down Expand Up @@ -1240,7 +1279,15 @@ private boolean isConnectionError(Throwable e) {
private void usage(String desc, Command cmd, String... args) {
log(desc);
log(" control.sh [--host HOST_OR_IP] [--port PORT] [--user USER] [--password PASSWORD] " +
" [--ping-interval PING_INTERVAL] [--ping-timeout PING_TIMEOUT] " + cmd.text() + String.join("", args));
" [--ping-interval PING_INTERVAL] [--ping-timeout PING_TIMEOUT] " +
"[" + CMD_SSL_ENABLED + "] " +
"[" + CMD_SSL_KEY_STORE_PATH + " PATH] " +
"[" + CMD_SSL_KEY_STORE_TYPE + " jks] " +
"[" + CMD_SSL_KEY_STORE_PASSWORD + " PASSWORD] " +
"[" + CMD_SSL_TRUSTSTORE_PATH + " PATH] " +
"[" + CMD_SSL_TRUSTSTORE_TYPE + " jks] " +
"[" + CMD_SSL_TRUSTSTORE_PASSWORD + " PASSWORD]" +
cmd.text() + String.join("", args));
nl();
}

Expand Down Expand Up @@ -1315,6 +1362,24 @@ Arguments parseAndValidate(List<String> rawArgs) {

VisorTxTaskArg txArgs = null;

boolean sslEnable= false;

String sslProtocol = SslContextFactory.DFLT_SSL_PROTOCOL;

String sslAlgorithm = SslContextFactory.DFLT_KEY_ALGORITHM;

String sslKeyStorePath = null;

String sslKeyStoreType = SslContextFactory.DFLT_STORE_TYPE;

char sslKeyStorePassword[] = null;

String sslTrustStorePath = null;

String sslTrustStoreType = SslContextFactory.DFLT_STORE_TYPE;

char sslTrustStorePassword[] = null;

while (hasNextArg()) {
String str = nextArg("").toLowerCase();

Expand Down Expand Up @@ -1432,6 +1497,51 @@ Arguments parseAndValidate(List<String> rawArgs) {

break;

case CMD_SSL_ENABLED:
sslEnable = true;

break;

case CMD_SSL_PROTOCOL:
sslProtocol = nextArg("Expected ssl protocol");

break;

case CMD_SSL_ALGORITHM:
sslAlgorithm = nextArg("Expected ssl algorithm");

break;

case CMD_SSL_KEY_STORE_PATH:
sslKeyStorePath = nextArg("Expected ssl key store path");

break;

case CMD_SSL_KEY_STORE_TYPE:
sslKeyStoreType = nextArg("Expected ssl key store type");

break;

case CMD_SSL_KEY_STORE_PASSWORD:
sslKeyStorePassword = nextArg("Expected ssl key store password").toCharArray();

break;

case CMD_SSL_TRUSTSTORE_PATH:
sslTrustStorePath = nextArg("Expected ssl trust store path");

break;

case CMD_SSL_TRUSTSTORE_TYPE:
sslTrustStoreType = nextArg("Expected ssl trust store type");

break;

case CMD_SSL_TRUSTSTORE_PASSWORD:
sslTrustStorePassword = nextArg("Expected ssl trust store password").toCharArray();

break;

default:
throw new IllegalArgumentException("Unexpected argument: " + str);
}
Expand All @@ -1455,7 +1565,10 @@ Arguments parseAndValidate(List<String> rawArgs) {
throw new IllegalArgumentException("Both user and password should be specified");

return new Arguments(cmd, host, port, user, pwd, baselineAct, baselineArgs, txArgs, cacheArgs, walAct, walArgs,
pingTimeout, pingInterval, autoConfirmation);
pingTimeout, pingInterval, autoConfirmation,
sslEnable, sslProtocol, sslAlgorithm,
sslKeyStorePath, sslKeyStoreType, sslKeyStorePassword,
sslTrustStorePath, sslTrustStoreType, sslTrustStorePassword);
}

/**
Expand Down Expand Up @@ -1861,6 +1974,36 @@ public int execute(List<String> rawArgs) {
new SecurityCredentialsBasicProvider(new SecurityCredentials(args.user(), args.password())));
}

if (args.isSslEnable()){
GridSslBasicContextFactory factory = new GridSslBasicContextFactory();

factory.setProtocol(args.getSslProtocol());
factory.setKeyAlgorithm(args.getSslAlgorithm());

if (args.getSslKeyStorePath()==null)
throw new IllegalArgumentException("SSL key store location is not specified.");

factory.setKeyStoreFilePath(args.getSslKeyStorePath());

if (args.getSslKeyStorePassword()!=null)
factory.setKeyStorePassword(args.getSslKeyStorePassword());

factory.setKeyStoreType(args.getSslKeyStoreType());

if (args.getSslTrustStorePath()==null)
factory.setTrustManagers(GridSslBasicContextFactory.getDisabledTrustManager());
else {
factory.setTrustStoreFilePath(args.getSslTrustStorePath());

if (args.getSslTrustStorePassword()!=null)
factory.setTrustStorePassword(args.getSslTrustStorePassword());

factory.setTrustStoreType(args.getSslTrustStoreType());
}

clientCfg.setSslContextFactory(factory);
}

try (GridClient client = GridClientFactory.start(clientCfg)) {
switch (args.command()) {
case ACTIVATE:
Expand Down
Loading