Skip to content

Commit

Permalink
ZOOKEEPER-2297: NPE is thrown while creating "key manager" and "trust…
Browse files Browse the repository at this point in the history 
… manager" (Arshad Mohammad via fpj)

git-svn-id: https://svn.apache.org/repos/asf/zookeeper/trunk@1749951 13f79535-47bb-0310-9956-ffa450edef68
  • Loading branch information
@fpj
fpj committed Jun 23, 2016
1 parent 4f7354c commit aa4a217
Show file tree
Hide file tree
Showing 5 changed files with 65 additions and 2 deletions.
3 changes: 3 additions & 0 deletions CHANGES.txt
View file
Expand Up @@ -314,6 +314,9 @@ BUGFIXES:
ZOOKEEPER-2137: Make testPortChange() less flaky
(Michael Han via phunt)

ZOOKEEPER-2297: NPE is thrown while creating "key manager" and "trust manager"
(Arshad Mohammad via fpj)

IMPROVEMENTS:
ZOOKEEPER-2024 Major throughput improvement with mixed workloads (Kfir Lev-Ari via shralex)

Expand Down
2 changes: 0 additions & 2 deletions src/java/main/org/apache/zookeeper/server/auth/ProviderRegistry.java
View file
Expand Up @@ -39,10 +39,8 @@ public static void initialize() {
return;
IPAuthenticationProvider ipp = new IPAuthenticationProvider();
DigestAuthenticationProvider digp = new DigestAuthenticationProvider();
X509AuthenticationProvider x509p = new X509AuthenticationProvider();
authenticationProviders.put(ipp.getScheme(), ipp);
authenticationProviders.put(digp.getScheme(), digp);
authenticationProviders.put(x509p.getScheme(), x509p);
Enumeration<Object> en = System.getProperties().keys();
while (en.hasMoreElements()) {
String k = (String) en.nextElement();
Expand Down
24 changes: 24 additions & 0 deletions src/java/main/org/apache/zookeeper/server/quorum/QuorumPeerConfig.java
View file
Expand Up @@ -37,6 +37,7 @@
import java.util.Map.Entry;

import org.apache.zookeeper.common.StringUtils;
import org.apache.zookeeper.common.ZKConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;
Expand Down Expand Up @@ -330,6 +331,9 @@ public void parseProperties(Properties zkProp)
this.secureClientPortAddress = new InetSocketAddress(secureClientPort);
LOG.info("secureClientPortAddress is {}", this.secureClientPortAddress.toString());
}
if (this.secureClientPortAddress != null) {
configureSSLAuth();
}

if (tickTime == 0) {
throw new IllegalArgumentException("tickTime is not set");
Expand All @@ -354,6 +358,26 @@ public void parseProperties(Properties zkProp)
}
}

/**
* Configure SSL authentication only if it is not configured.
*
* @throws ConfigException
* If authentication scheme is configured but authentication
* provider is not configured.
*/
private void configureSSLAuth() throws ConfigException {
String sslAuthProp = "zookeeper.authProvider." + System.getProperty(ZKConfig.SSL_AUTHPROVIDER, "x509");
if (System.getProperty(sslAuthProp) == null) {
if ("zookeeper.authProvider.x509".equals(sslAuthProp)) {
System.setProperty("zookeeper.authProvider.x509",
"org.apache.zookeeper.server.auth.X509AuthenticationProvider");
} else {
throw new ConfigException("No auth provider configured for the SSL authentication scheme '"
+ System.getProperty(ZKConfig.SSL_AUTHPROVIDER) + "'.");
}
}
}

/**
* Backward compatibility -- It would backup static config file on bootup
* if users write dynamic configuration in "zoo.cfg".
Expand Down
36 changes: 36 additions & 0 deletions src/java/test/org/apache/zookeeper/server/quorum/QuorumPeerConfigTest.java
View file
Expand Up @@ -19,12 +19,14 @@
package org.apache.zookeeper.server.quorum;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.fail;

import java.io.File;
import java.io.IOException;
import java.util.Properties;

import org.apache.zookeeper.common.ZKConfig;
import org.apache.zookeeper.server.quorum.QuorumPeerConfig.ConfigException;
import org.junit.Test;

Expand Down Expand Up @@ -67,6 +69,40 @@ public void testErrorMessageWhenclientPortNotSetButclientPortAddressSet()
}
}

/**
* https://issues.apache.org/jira/browse/ZOOKEEPER-2297
*/
@Test
public void testConfigureSSLAuthGetsConfiguredIfSecurePortConfigured()
throws IOException, ConfigException {
String sslAuthProp = "zookeeper.authProvider.x509";
QuorumPeerConfig quorumPeerConfig = new QuorumPeerConfig();
Properties zkProp = getDefaultZKProperties();
zkProp.setProperty("secureClientPort", "12345");
quorumPeerConfig.parseProperties(zkProp);
String expected = "org.apache.zookeeper.server.auth.X509AuthenticationProvider";
String result = System.getProperty(sslAuthProp);
assertEquals(expected, result);
}

/**
* https://issues.apache.org/jira/browse/ZOOKEEPER-2297
*/
@Test
public void testCustomSSLAuth()
throws IOException{
System.setProperty(ZKConfig.SSL_AUTHPROVIDER, "y509");
QuorumPeerConfig quorumPeerConfig = new QuorumPeerConfig();
try {
Properties zkProp = getDefaultZKProperties();
zkProp.setProperty("secureClientPort", "12345");
quorumPeerConfig.parseProperties(zkProp);
fail("ConfigException is expected");
} catch (ConfigException e) {
assertNotNull(e.getMessage());
}
}

private Properties getDefaultZKProperties() {
Properties zkProp = new Properties();
zkProp.setProperty("dataDir", new File("myDataDir").getAbsolutePath());
Expand Down
2 changes: 2 additions & 0 deletions src/java/test/org/apache/zookeeper/test/SSLAuthTest.java
View file
Expand Up @@ -43,6 +43,7 @@ public void setUp() throws Exception {
System.setProperty(ZKConfig.SSL_TRUSTSTORE_LOCATION, testDataPath + "/ssl/testTrustStore.jks");
System.setProperty(ZKConfig.SSL_TRUSTSTORE_PASSWD, "testpass");
System.setProperty("javax.net.debug", "ssl");
System.setProperty("zookeeper.authProvider.x509", "org.apache.zookeeper.server.auth.X509AuthenticationProvider");

String host = "localhost";
int port = PortAssignment.unique();
Expand All @@ -65,6 +66,7 @@ public void teardown() throws Exception {
System.clearProperty(ZKConfig.SSL_TRUSTSTORE_LOCATION);
System.clearProperty(ZKConfig.SSL_TRUSTSTORE_PASSWD);
System.clearProperty("javax.net.debug");
System.clearProperty("zookeeper.authProvider.x509");
}

@Test
Expand Down

0 comments on commit aa4a217

Please sign in to comment.