From ee5e45bd7d6565e1258d5f359a04ac960b934f94 Mon Sep 17 00:00:00 2001 From: buaacss Date: Tue, 18 Sep 2018 00:31:49 +0800 Subject: [PATCH 01/13] refine zhandle fd --- .../zookeeper-client-c/CMakeLists.txt | 11 +- .../zookeeper-client-c/cmake_config.h.in | 3 + .../zookeeper-client-c/src/zk_adaptor.h | 30 +++- .../zookeeper-client-c/src/zookeeper.c | 169 ++++++++++++++---- 4 files changed, 176 insertions(+), 37 deletions(-) diff --git a/zookeeper-client/zookeeper-client-c/CMakeLists.txt b/zookeeper-client/zookeeper-client-c/CMakeLists.txt index b010b1685a4..287320fb9c4 100644 --- a/zookeeper-client/zookeeper-client-c/CMakeLists.txt +++ b/zookeeper-client/zookeeper-client-c/CMakeLists.txt @@ -156,6 +156,7 @@ add_library(hashtable STATIC ${hashtable_sources}) target_include_directories(hashtable PUBLIC include) target_link_libraries(hashtable PUBLIC $<$,$>:m>) + # zookeeper library set(zookeeper_sources src/zookeeper.c @@ -175,10 +176,18 @@ if(WIN32) list(APPEND zookeeper_sources src/winport.c) endif() + +set(SSL_ENABLED 1) +#find_package(PkgConfig REQUIRED) +#set(ENV{PKG_CONFIG_PATH} "/opt/local/lib/pkgconfig") +#pkg_search_module(OPENSSL REQUIRED openssl) add_library(zookeeper STATIC ${zookeeper_sources}) -target_include_directories(zookeeper PUBLIC include ${CMAKE_CURRENT_BINARY_DIR}/include generated) +target_include_directories(zookeeper PUBLIC include ${CMAKE_CURRENT_BINARY_DIR}/include generated /opt/local/include) +link_directories(/opt/local/lib) target_link_libraries(zookeeper PUBLIC hashtable + ssl + crypto $<$:rt> # clock_gettime $<$:ws2_32>) # Winsock 2.0 diff --git a/zookeeper-client/zookeeper-client-c/cmake_config.h.in b/zookeeper-client/zookeeper-client-c/cmake_config.h.in index 33bcc6cb0dd..39eaaa87d6f 100644 --- a/zookeeper-client/zookeeper-client-c/cmake_config.h.in +++ b/zookeeper-client/zookeeper-client-c/cmake_config.h.in @@ -130,6 +130,9 @@ /* Define to 1 if SOCK_CLOEXEC is available and wanted */ #cmakedefine SOCK_CLOEXEC_ENABLED 1 +/* Define to 1 if SSL is available an wanted */ +#cmakedefine SSL_ENABLED 1 + /* poll() second argument type */ #define POLL_NFDS_TYPE nfds_t diff --git a/zookeeper-client/zookeeper-client-c/src/zk_adaptor.h b/zookeeper-client/zookeeper-client-c/src/zk_adaptor.h index 97995e36ace..ef319b9e6af 100644 --- a/zookeeper-client/zookeeper-client-c/src/zk_adaptor.h +++ b/zookeeper-client/zookeeper-client-c/src/zk_adaptor.h @@ -19,6 +19,7 @@ #ifndef ZK_ADAPTOR_H_ #define ZK_ADAPTOR_H_ #include +#include #ifdef THREADED #ifndef WIN32 #include @@ -182,14 +183,35 @@ typedef struct _auth_list_head { } auth_list_head_t; /** - * This structure represents the connection to zookeeper. + * This structure represents the certificates to zookeeper. */ -struct _zhandle { +typedef struct _zcert { + char *ca; + char *cert; + char *key; + char *passwd; +} zcert_t; + +/** + * This structure represents the socket to zookeeper. + */ +typedef struct _zsock { #ifdef WIN32 - SOCKET fd; // the descriptor used to talk to zookeeper + SOCKET sock; #else - int fd; // the descriptor used to talk to zookeeper + int sock; #endif + zcert_t *cert; + SSL *ssl_sock; + SSL_CTX *ssl_ctx; +} zsock_t; + +/** + * This structure represents the connection to zookeeper. + */ +struct _zhandle { + + zsock_t *fd; // Hostlist and list of addresses char *hostname; // hostname contains list of zookeeper servers to connect to diff --git a/zookeeper-client/zookeeper-client-c/src/zookeeper.c b/zookeeper-client/zookeeper-client-c/src/zookeeper.c index 239ffa2f3cd..f5e2408f00c 100644 --- a/zookeeper-client/zookeeper-client-c/src/zookeeper.c +++ b/zookeeper-client/zookeeper-client-c/src/zookeeper.c @@ -79,6 +79,9 @@ #include #endif +#include +#include + #ifdef __MACH__ // OS X #include #include @@ -305,9 +308,22 @@ static void abort_singlethreaded(zhandle_t *zh) abort(); } -static sendsize_t zookeeper_send(socket_t s, const void* buf, size_t len) +static ssize_t zookeeper_send(zsock_t *fd, const void* buf, size_t len) { - return send(s, buf, len, SEND_FLAGS); +#ifdef SSL_ENABLED + return (ssize_t)SSL_write(fd->ssl_sock, buf, (int)len); +#else + return send(fd->sock, buf, len, SEND_FLAGS); +#endif +} + +static ssize_t zookeeper_recv(zsock_t *fd, void *buf, size_t len, int flags) +{ +#ifdef SSL_ENABLED + return (ssize_t)SSL_read(fd->ssl_sock, buf, (int)len); +#else + return recv(fd->sock, buf, len, flags); +#endif } /** @@ -537,6 +553,20 @@ zk_hashtable *child_result_checker(zhandle_t *zh, int rc) return rc==ZOK ? zh->active_child_watchers : 0; } +static void close_zsock(zsock_t *fd) +{ + if (fd->sock != -1) { +#ifdef SSL_ENABLED + SSL_free(fd->ssl_sock); + fd->ssl_sock = NULL; + SSL_CTX_free(fd->ssl_ctx); + fd->ssl_ctx = NULL; +#endif + close(fd->sock); + fd->sock = -1; + } +} + /** * Frees and closes everything associated with a handle, * including the handle itself. @@ -552,9 +582,8 @@ static void destroy(zhandle_t *zh) free(zh->hostname); zh->hostname = NULL; } - if (zh->fd != -1) { - close(zh->fd); - zh->fd = -1; + if (zh->fd->sock != -1) { + close_zsock(zh->fd); memset(&zh->addr_cur, 0, sizeof(zh->addr_cur)); zh->state = 0; } @@ -1009,10 +1038,9 @@ int update_addrs(zhandle_t *zh) // If we need to do a reconfig and we're currently connected to a server, // then force close that connection so on next interest() call we'll make a // new connection - if (zh->reconfig == 1 && zh->fd != -1) + if (zh->reconfig == 1 && zh->fd->sock != -1) { - close(zh->fd); - zh->fd = -1; + close_zsock(zh->fd); zh->state = ZOO_NOTCONNECTED_STATE; } @@ -1059,7 +1087,7 @@ struct sockaddr* zookeeper_get_connected_host(zhandle_t *zh, if (zh->state!=ZOO_CONNECTED_STATE) { return NULL; } - if (getpeername(zh->fd, addr, addr_len)==-1) { + if (getpeername(zh->fd->sock, addr, addr_len)==-1) { return NULL; } return addr; @@ -1135,6 +1163,7 @@ static zhandle_t *zookeeper_init_internal(const char *host, watcher_fn watcher, int errnosave = 0; zhandle_t *zh = NULL; char *index_chroot = NULL; + char *index_cert = NULL; // Create our handle zh = calloc(1, sizeof(*zh)); @@ -1149,6 +1178,9 @@ static zhandle_t *zookeeper_init_internal(const char *host, watcher_fn watcher, log_env(zh); } + zh->fd = calloc(1, sizeof(zsock_t)); + zh->fd->sock = -1; + #ifdef _WIN32 if (Win32WSAStartup()){ LOG_ERROR(LOGCALLBACK(zh), "Error initializing ws2_32.dll"); @@ -1167,7 +1199,6 @@ static zhandle_t *zookeeper_init_internal(const char *host, watcher_fn watcher, flags); zh->hostname = NULL; - zh->fd = -1; zh->state = ZOO_NOTCONNECTED_STATE; zh->context = context; zh->recv_timeout = recv_timeout; @@ -1184,6 +1215,16 @@ static zhandle_t *zookeeper_init_internal(const char *host, watcher_fn watcher, errno=EINVAL; goto abort; } + /*index_cert = strchr(host, '|'); + if (index_cert) { + strtok(host, "|"); + char **c = calloc(4, sizeof(char *)); + for (int i = 0; i < 4; i++) { + c[i] = strtok(NULL, ","); + } + zh->fd->cert = calloc(1, sizeof(zcert_t)); + memcpy(zh->fd->cert, &((zcert_t) {.ca = c[0], .cert = c[1], .key = c[2], .passwd = c[3]}), sizeof(zcert_t)); + }*/ //parse the host to get the chroot if available index_chroot = strchr(host, '/'); if (index_chroot) { @@ -1201,7 +1242,6 @@ static zhandle_t *zookeeper_init_internal(const char *host, watcher_fn watcher, zh->hostname = strncpy(zh->hostname, host, (index_chroot - host)); //strncpy does not null terminate *(zh->hostname + (index_chroot - host)) = '\0'; - } else { zh->chroot = NULL; zh->hostname = strdup(host); @@ -1213,6 +1253,8 @@ static zhandle_t *zookeeper_init_internal(const char *host, watcher_fn watcher, if (zh->hostname == 0) { goto abort; } + + if(update_addrs(zh) != 0) { goto abort; } @@ -1547,7 +1589,7 @@ static __attribute__ ((unused)) int get_queue_len(buffer_head_t *list) * 0 if send would block while sending the buffer (or a send was incomplete), * 1 if success */ -static int send_buffer(socket_t fd, buffer_list_t *buff) +static int send_buffer(zhandle_t *zh, buffer_list_t *buff) { int len = buff->len; int off = buff->curr_offset; @@ -1557,7 +1599,7 @@ static int send_buffer(socket_t fd, buffer_list_t *buff) /* we need to send the length at the beginning */ int nlen = htonl(len); char *b = (char*)&nlen; - rc = zookeeper_send(fd, b + off, sizeof(nlen) - off); + rc = zookeeper_send(zh->fd, b + off, sizeof(nlen) - off); if (rc == -1) { #ifdef _WIN32 if (WSAGetLastError() != WSAEWOULDBLOCK) { @@ -1576,7 +1618,7 @@ static int send_buffer(socket_t fd, buffer_list_t *buff) if (off >= 4) { /* want off to now represent the offset into the buffer */ off -= sizeof(buff->len); - rc = zookeeper_send(fd, buff->buffer + off, len - off); + rc = zookeeper_send(zh->fd, buff->buffer + off, len - off); if (rc == -1) { #ifdef _WIN32 if (WSAGetLastError() != WSAEWOULDBLOCK) { @@ -1605,7 +1647,7 @@ static int recv_buffer(zhandle_t *zh, buffer_list_t *buff) /* if buffer is less than 4, we are reading in the length */ if (off < 4) { char *buffer = (char*)&(buff->len); - rc = recv(zh->fd, buffer+off, sizeof(int)-off, 0); + rc = zookeeper_recv(zh->fd, buffer+off, sizeof(int)-off, 0); switch (rc) { case 0: errno = EHOSTDOWN; @@ -1631,7 +1673,7 @@ static int recv_buffer(zhandle_t *zh, buffer_list_t *buff) /* want off to now represent the offset into the buffer */ off -= sizeof(buff->len); - rc = recv(zh->fd, buff->buffer+off, buff->len-off, 0); + rc = zookeeper_recv(zh->fd, buff->buffer+off, buff->len-off, 0); /* dirty hack to make new client work against old server * old server sends 40 bytes to finish connection handshake, @@ -1751,7 +1793,7 @@ static int is_connected(zhandle_t* zh) static void cleanup(zhandle_t *zh,int rc) { - close(zh->fd); + close_zsock(zh->fd); if (is_unrecoverable(zh)) { LOG_DEBUG(LOGCALLBACK(zh), "Calling a watcher for a ZOO_SESSION_EVENT and the state=%s", state2String(zh->state)); @@ -1761,7 +1803,6 @@ static void cleanup(zhandle_t *zh,int rc) PROCESS_SESSION_EVENT(zh, ZOO_CONNECTING_STATE); } cleanup_bufs(zh,1,rc); - zh->fd = -1; LOG_DEBUG(LOGCALLBACK(zh), "Previous connection=%s delay=%d", zoo_get_current_server(zh), zh->delay); @@ -2124,7 +2165,7 @@ static int ping_rw_server(zhandle_t* zh) return 0; } - ssize = zookeeper_send(sock, "isro", 4); + ssize = zookeeper_send(zh->fd, "isro", 4); if (ssize < 0) { rc = 0; goto out; @@ -2213,6 +2254,70 @@ static socket_t zookeeper_connect(zhandle_t *zh, LOG_DEBUG(LOGCALLBACK(zh), "[zk] connect()\n"); rc = connect(fd, (struct sockaddr *)addr, addr_len); + if (zh->fd->cert != NULL) { + SSL_CTX *ctx = NULL; + SSL *ssl = NULL; + const SSL_METHOD *method; + + SSL_library_init(); + SSL_load_error_strings(); + OpenSSL_add_all_algorithms(); + method = TLSv1_client_method(); + ctx = SSL_CTX_new(method); + + SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); + + /*SERVER CA FILE*/ + if (SSL_CTX_load_verify_locations(ctx, zh->fd->cert->ca, 0) != 1) { + SSL_CTX_free(ctx); + printf("Failed to load CA file %s", zh->fd->cert->ca); + exit(1); + } + if (SSL_CTX_set_default_verify_paths(ctx) != 1) { + SSL_CTX_free(ctx); + printf("Call to SSL_CTX_set_default_verify_paths failed"); + exit(1); + } + /*CLIENT CA FILE*/ + if (SSL_CTX_use_certificate_file(ctx, zh->fd->cert->cert, SSL_FILETYPE_PEM) != 1) { + SSL_CTX_free(ctx); + printf("Failed to load client certificate from %s", zh->fd->cert->cert); + exit(1); + } + /*CLIENT PRIVATE KEY*/ + SSL_CTX_set_default_passwd_cb_userdata(ctx, zh->fd->cert->passwd); + if (SSL_CTX_use_PrivateKey_file(ctx, zh->fd->cert->key, SSL_FILETYPE_PEM) != 1) { + SSL_CTX_free(ctx); + printf("Failed to load client private key from %s", zh->fd->cert->key); + exit(1); + } + /*CHECK*/ + if (SSL_CTX_check_private_key(ctx) != 1) { + SSL_CTX_free(ctx); + printf("SSL_CTX_check_private_key failed"); + exit(1); + } + /*MULTIPLE HANDSHAKE*/ + SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); + + ssl = SSL_new(ctx); + if (ssl == NULL) { + printf("SSL_new error.\n"); + } + SSL_set_fd(ssl, fd); + + int err = SSL_ERROR_NONE; + do { + err = SSL_get_error(ssl, SSL_connect(ssl)); + } while (err != SSL_ERROR_NONE); + + zh->fd->ssl_sock = ssl; + zh->fd->ssl_ctx = ctx; + if (errno == SSL_ERROR_NONE) { + errno = EWOULDBLOCK; + } + } + #ifdef _WIN32 errno = GetLastError(); @@ -2271,7 +2376,7 @@ int zookeeper_interest(zhandle_t *zh, socket_t *fd, int *interest, return api_epilog(zh, rc); } - *fd = zh->fd; + *fd = zh->fd->sock; *interest = 0; tv->tv_sec = 0; tv->tv_usec = 0; @@ -2301,8 +2406,8 @@ int zookeeper_interest(zhandle_t *zh, socket_t *fd, int *interest, // No need to delay -- grab the next server and attempt connection zoo_cycle_next_server(zh); } - zh->fd = socket(zh->addr_cur.ss_family, sock_flags, 0); - if (zh->fd < 0) { + zh->fd->sock = socket(zh->addr_cur.ss_family, sock_flags, 0); + if (zh->fd->sock < 0) { rc = handle_socket_error_msg(zh, __LINE__, ZSYSTEMERROR, @@ -2310,10 +2415,10 @@ int zookeeper_interest(zhandle_t *zh, socket_t *fd, int *interest, return api_epilog(zh, rc); } - zookeeper_set_sock_nodelay(zh, zh->fd); - zookeeper_set_sock_noblock(zh, zh->fd); + zookeeper_set_sock_nodelay(zh, zh->fd->sock); + zookeeper_set_sock_noblock(zh, zh->fd->sock); - rc = zookeeper_connect(zh, &zh->addr_cur, zh->fd); + rc = zookeeper_connect(zh, &zh->addr_cur, zh->fd->sock); if (rc == -1) { /* we are handling the non-blocking connect according to @@ -2340,7 +2445,7 @@ int zookeeper_interest(zhandle_t *zh, socket_t *fd, int *interest, } *tv = get_timeval(zh->recv_timeout/3); } - *fd = zh->fd; + *fd = zh->fd->sock; zh->last_recv = now; zh->last_send = now; zh->last_ping = now; @@ -2348,7 +2453,7 @@ int zookeeper_interest(zhandle_t *zh, socket_t *fd, int *interest, zh->ping_rw_timeout = MIN_RW_TIMEOUT; } - if (zh->fd != -1) { + if (zh->fd->sock != -1) { int idle_recv = calculate_interval(&zh->last_recv, &now); int idle_send = calculate_interval(&zh->last_send, &now); int recv_to = zh->recv_timeout*2/3 - idle_recv; @@ -2432,12 +2537,12 @@ int zookeeper_interest(zhandle_t *zh, socket_t *fd, int *interest, static int check_events(zhandle_t *zh, int events) { - if (zh->fd == -1) + if (zh->fd->sock == -1) return ZINVALIDSTATE; if ((events&ZOOKEEPER_WRITE)&&(zh->state == ZOO_CONNECTING_STATE)) { int rc, error; socklen_t len = sizeof(error); - rc = getsockopt(zh->fd, SOL_SOCKET, SO_ERROR, &error, &len); + rc = getsockopt(zh->fd->sock, SOL_SOCKET, SO_ERROR, &error, &len); /* the description in section 16.4 "Non-blocking connect" * in UNIX Network Programming vol 1, 3rd edition, points out * that sometimes the error is in errno and sometimes in error */ @@ -2784,7 +2889,7 @@ static void isSocketReadable(zhandle_t* zh) { #ifndef _WIN32 struct pollfd fds; - fds.fd = zh->fd; + fds.fd = zh->fd->sock; fds.events = POLLIN; if (poll(&fds,1,0)<=0) { // socket not readable -- no more responses to process @@ -4214,7 +4319,7 @@ int flush_send_queue(zhandle_t*zh, int timeout) // Poll the socket rc = select((int)(zh->fd)+1, NULL, &pollSet, NULL, &wait); #else - fds.fd = zh->fd; + fds.fd = zh->fd->sock; fds.events = POLLOUT; fds.revents = 0; rc = poll(&fds, 1, timeout-elapsed); @@ -4226,7 +4331,7 @@ int flush_send_queue(zhandle_t*zh, int timeout) } } - rc = send_buffer(zh->fd, zh->to_send.head); + rc = send_buffer(zh, zh->to_send.head); if(rc==0 && timeout==0){ /* send_buffer would block while sending this buffer */ rc = ZOK; From e17cf476e6270374f42d6769147be39af191f2a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=99=88=E7=A1=95=E5=AE=9E?= Date: Wed, 19 Sep 2018 17:55:51 +0800 Subject: [PATCH 02/13] refine cli.c opt to getopt --- .../zookeeper-client-c/include/zookeeper.h | 5 + zookeeper-client/zookeeper-client-c/src/cli.c | 100 +++++++++++------- .../zookeeper-client-c/src/zookeeper.c | 32 +++--- 3 files changed, 83 insertions(+), 54 deletions(-) diff --git a/zookeeper-client/zookeeper-client-c/include/zookeeper.h b/zookeeper-client/zookeeper-client-c/include/zookeeper.h index 2f435d4fc8b..0e1040a78f1 100644 --- a/zookeeper-client/zookeeper-client-c/include/zookeeper.h +++ b/zookeeper-client/zookeeper-client-c/include/zookeeper.h @@ -32,6 +32,8 @@ #include /* for struct sock_addr and socklen_t */ #endif +#define SSL_ENABLED 1 + #include #include @@ -485,6 +487,9 @@ typedef void (*log_callback_fn)(const char *message); ZOOAPI zhandle_t *zookeeper_init(const char *host, watcher_fn fn, int recv_timeout, const clientid_t *clientid, void *context, int flags); +ZOOAPI zhandle_t *zookeeper_init_ssl(const char *host, const char *cert, watcher_fn fn, + int recv_timeout, const clientid_t *clientid, void *context, int flags); + /** * \brief create a handle to communicate with zookeeper. * diff --git a/zookeeper-client/zookeeper-client-c/src/cli.c b/zookeeper-client/zookeeper-client-c/src/cli.c index 6ca4a415f94..ad39212e5bf 100644 --- a/zookeeper-client/zookeeper-client-c/src/cli.c +++ b/zookeeper-client/zookeeper-client-c/src/cli.c @@ -45,6 +45,7 @@ int write(int _Filehandle, const void * _Buf, unsigned int _MaxCharCount); #include #include #include +#include #ifdef YCA #include @@ -56,7 +57,8 @@ static zhandle_t *zh; static clientid_t myid; static const char *clientIdFile = 0; struct timeval startTime; -static char cmd[1024]; +static char *cmd; +static char *cert; static int batchMode=0; static int to_send=0; @@ -665,49 +667,68 @@ int main(int argc, char **argv) { int flags, i; FILE *fh; - if (argc < 2) { + int opt; + int option_index = 0; + opterr = 0; + static struct option long_options[] = { + {"host", required_argument, NULL, 'h'}, //hostPort + {"myid", optional_argument, NULL, 'i'}, //myId + {"cmd", optional_argument, NULL, 'c'}, //cmd + {"cert", optional_argument, NULL, 's'}, //certificates files + {NULL, 0, NULL, 0}, + }; + flags = 0; + while ((opt = getopt_long(argc, argv, "h:m::rc::s::", long_options, &option_index)) != -1) { + switch (opt) { + case 'h': + hostPort = strdup(optarg); + break; + case 'i': + clientIdFile = strdup(optarg); + fh = fopen(clientIdFile, "r"); + if (fh) { + if (fread(&myid, sizeof(myid), 1, fh) != sizeof(myid)) { + memset(&myid, 0, sizeof(myid)); + } + fclose(fh); + } + break; + case 'r': + flags = ZOOKEEPER_READ; + break; + case 'c': + cmd = strdup(optarg); + batchMode = 1; + fprintf(stderr,"Batch mode: %s\n",cmd); + break; + case 's': + cert = strdup(optarg); + break; + case '?': + if (optopt == 'h') { + fprintf (stderr, "Option -%c requires host list.\n", optopt); + } else if (isprint (optopt)) { + fprintf (stderr, "Unknown option `-%c'.\n", optopt); + } else { + fprintf (stderr, + "Unknown option character `\\x%x'.\n", + optopt); + return 1; + } + } + } + + if (!hostPort) { fprintf(stderr, - "USAGE %s zookeeper_host_list [clientid_file|cmd:(ls|ls2|create|create2|od|...)]\n", + "USAGE %s -h zookeeper_host_list -i clientid_file -c (ls|ls2|create|create2|od|...) -s ca,cert,key,passwd \n", argv[0]); fprintf(stderr, - "Version: ZooKeeper cli (c client) version %d.%d.%d\n", + "Version: ZooKeeper cli (c client) version %d.%d.%d\n", ZOO_MAJOR_VERSION, ZOO_MINOR_VERSION, ZOO_PATCH_VERSION); return 2; } - if (argc > 2) { - if(strncmp("cmd:",argv[2],4)==0){ - size_t cmdlen = strlen(argv[2]); - if (cmdlen > sizeof(cmd)) { - fprintf(stderr, - "Command length %zu exceeds max length of %zu\n", - cmdlen, - sizeof(cmd)); - return 2; - } - strncpy(cmd, argv[2]+4, sizeof(cmd)); - batchMode=1; - fprintf(stderr,"Batch mode: %s\n",cmd); - }else{ - clientIdFile = argv[2]; - fh = fopen(clientIdFile, "r"); - if (fh) { - if (fread(&myid, sizeof(myid), 1, fh) != sizeof(myid)) { - memset(&myid, 0, sizeof(myid)); - } - fclose(fh); - } - } - } - - flags = 0; - for (i = 1; i < argc; ++i) { - if (strcmp("-r", argv[i]) == 0) { - flags = ZOO_READONLY; - break; - } - } #ifdef YCA strcpy(appId,"yahoo.example.yca_test"); @@ -726,8 +747,11 @@ int main(int argc, char **argv) { verbose = 0; zoo_set_debug_level(ZOO_LOG_LEVEL_WARN); zoo_deterministic_conn_order(1); // enable deterministic order - hostPort = argv[1]; - zh = zookeeper_init(hostPort, watcher, 30000, &myid, NULL, flags); + if (!cert) { + zh = zookeeper_init(hostPort, watcher, 30000, &myid, NULL, flags); + } else { + zh = zookeeper_init_ssl(hostPort, cert, watcher, 30000, &myid, NULL, flags); + } if (!zh) { return errno; } diff --git a/zookeeper-client/zookeeper-client-c/src/zookeeper.c b/zookeeper-client/zookeeper-client-c/src/zookeeper.c index f5e2408f00c..390accf6bfb 100644 --- a/zookeeper-client/zookeeper-client-c/src/zookeeper.c +++ b/zookeeper-client/zookeeper-client-c/src/zookeeper.c @@ -85,6 +85,8 @@ #ifdef __MACH__ // OS X #include #include +#include + #endif #ifdef WIN32 @@ -1158,7 +1160,7 @@ static void log_env(zhandle_t *zh) { */ static zhandle_t *zookeeper_init_internal(const char *host, watcher_fn watcher, int recv_timeout, const clientid_t *clientid, void *context, int flags, - log_callback_fn log_callback) + log_callback_fn log_callback, zcert_t *cert) { int errnosave = 0; zhandle_t *zh = NULL; @@ -1180,6 +1182,10 @@ static zhandle_t *zookeeper_init_internal(const char *host, watcher_fn watcher, zh->fd = calloc(1, sizeof(zsock_t)); zh->fd->sock = -1; + if (cert) { + zh->fd->cert = calloc(1, sizeof(zcert_t)); + memcpy(zh->fd->cert, cert, sizeof(zcert_t)); + } #ifdef _WIN32 if (Win32WSAStartup()){ @@ -1215,16 +1221,6 @@ static zhandle_t *zookeeper_init_internal(const char *host, watcher_fn watcher, errno=EINVAL; goto abort; } - /*index_cert = strchr(host, '|'); - if (index_cert) { - strtok(host, "|"); - char **c = calloc(4, sizeof(char *)); - for (int i = 0; i < 4; i++) { - c[i] = strtok(NULL, ","); - } - zh->fd->cert = calloc(1, sizeof(zcert_t)); - memcpy(zh->fd->cert, &((zcert_t) {.ca = c[0], .cert = c[1], .key = c[2], .passwd = c[3]}), sizeof(zcert_t)); - }*/ //parse the host to get the chroot if available index_chroot = strchr(host, '/'); if (index_chroot) { @@ -1253,12 +1249,9 @@ static zhandle_t *zookeeper_init_internal(const char *host, watcher_fn watcher, if (zh->hostname == 0) { goto abort; } - - if(update_addrs(zh) != 0) { goto abort; } - if (clientid) { memcpy(&zh->client_id, clientid, sizeof(zh->client_id)); } else { @@ -1293,14 +1286,21 @@ static zhandle_t *zookeeper_init_internal(const char *host, watcher_fn watcher, zhandle_t *zookeeper_init(const char *host, watcher_fn watcher, int recv_timeout, const clientid_t *clientid, void *context, int flags) { - return zookeeper_init_internal(host, watcher, recv_timeout, clientid, context, flags, NULL); + return zookeeper_init_internal(host, watcher, recv_timeout, clientid, context, flags, NULL, NULL); } zhandle_t *zookeeper_init2(const char *host, watcher_fn watcher, int recv_timeout, const clientid_t *clientid, void *context, int flags, log_callback_fn log_callback) { - return zookeeper_init_internal(host, watcher, recv_timeout, clientid, context, flags, log_callback); + return zookeeper_init_internal(host, watcher, recv_timeout, clientid, context, flags, log_callback, NULL); +} + +zhandle_t *zookeeper_init_ssl(const char *host, const char *cert, watcher_fn watcher, + int recv_timeout, const clientid_t *clientid, void *context, int flags) +{ + zcert_t *zcert = &((zcert_t) {.ca = strtok(cert, ","), .cert = strtok(NULL, ","), .key = strtok(NULL, ","), .passwd = strtok(NULL, ",")}); + return zookeeper_init_internal(host, watcher, recv_timeout, clientid, context, flags, NULL, zcert); } /** From 87458a62497af8f7bb294e28be682066e9ca12ea Mon Sep 17 00:00:00 2001 From: buaacss Date: Fri, 21 Sep 2018 22:40:13 +0800 Subject: [PATCH 03/13] refine with getopt --- .../zookeeper-client-c/CMakeLists.txt | 1 - .../zookeeper-client-c/cmake_config.h.in | 3 -- .../zookeeper-client-c/include/zookeeper.h | 2 -- zookeeper-client/zookeeper-client-c/src/cli.c | 2 +- .../zookeeper-client-c/src/zookeeper.c | 29 ++++++++----------- 5 files changed, 13 insertions(+), 24 deletions(-) diff --git a/zookeeper-client/zookeeper-client-c/CMakeLists.txt b/zookeeper-client/zookeeper-client-c/CMakeLists.txt index 287320fb9c4..85a4ac83fc5 100644 --- a/zookeeper-client/zookeeper-client-c/CMakeLists.txt +++ b/zookeeper-client/zookeeper-client-c/CMakeLists.txt @@ -177,7 +177,6 @@ if(WIN32) endif() -set(SSL_ENABLED 1) #find_package(PkgConfig REQUIRED) #set(ENV{PKG_CONFIG_PATH} "/opt/local/lib/pkgconfig") #pkg_search_module(OPENSSL REQUIRED openssl) diff --git a/zookeeper-client/zookeeper-client-c/cmake_config.h.in b/zookeeper-client/zookeeper-client-c/cmake_config.h.in index 39eaaa87d6f..33bcc6cb0dd 100644 --- a/zookeeper-client/zookeeper-client-c/cmake_config.h.in +++ b/zookeeper-client/zookeeper-client-c/cmake_config.h.in @@ -130,9 +130,6 @@ /* Define to 1 if SOCK_CLOEXEC is available and wanted */ #cmakedefine SOCK_CLOEXEC_ENABLED 1 -/* Define to 1 if SSL is available an wanted */ -#cmakedefine SSL_ENABLED 1 - /* poll() second argument type */ #define POLL_NFDS_TYPE nfds_t diff --git a/zookeeper-client/zookeeper-client-c/include/zookeeper.h b/zookeeper-client/zookeeper-client-c/include/zookeeper.h index 0e1040a78f1..23d1690fd5a 100644 --- a/zookeeper-client/zookeeper-client-c/include/zookeeper.h +++ b/zookeeper-client/zookeeper-client-c/include/zookeeper.h @@ -32,8 +32,6 @@ #include /* for struct sock_addr and socklen_t */ #endif -#define SSL_ENABLED 1 - #include #include diff --git a/zookeeper-client/zookeeper-client-c/src/cli.c b/zookeeper-client/zookeeper-client-c/src/cli.c index ad39212e5bf..681d673112f 100644 --- a/zookeeper-client/zookeeper-client-c/src/cli.c +++ b/zookeeper-client/zookeeper-client-c/src/cli.c @@ -664,7 +664,7 @@ int main(int argc, char **argv) { char appId[64]; #endif int bufoff = 0; - int flags, i; + int flags; FILE *fh; int opt; diff --git a/zookeeper-client/zookeeper-client-c/src/zookeeper.c b/zookeeper-client/zookeeper-client-c/src/zookeeper.c index 390accf6bfb..5e3133b2779 100644 --- a/zookeeper-client/zookeeper-client-c/src/zookeeper.c +++ b/zookeeper-client/zookeeper-client-c/src/zookeeper.c @@ -312,20 +312,16 @@ static void abort_singlethreaded(zhandle_t *zh) static ssize_t zookeeper_send(zsock_t *fd, const void* buf, size_t len) { -#ifdef SSL_ENABLED - return (ssize_t)SSL_write(fd->ssl_sock, buf, (int)len); -#else + if (fd->ssl_sock) + return (ssize_t)SSL_write(fd->ssl_sock, buf, (int)len); return send(fd->sock, buf, len, SEND_FLAGS); -#endif } static ssize_t zookeeper_recv(zsock_t *fd, void *buf, size_t len, int flags) { -#ifdef SSL_ENABLED - return (ssize_t)SSL_read(fd->ssl_sock, buf, (int)len); -#else + if (fd->ssl_sock) + return (ssize_t)SSL_read(fd->ssl_sock, buf, (int)len); return recv(fd->sock, buf, len, flags); -#endif } /** @@ -558,12 +554,12 @@ zk_hashtable *child_result_checker(zhandle_t *zh, int rc) static void close_zsock(zsock_t *fd) { if (fd->sock != -1) { -#ifdef SSL_ENABLED - SSL_free(fd->ssl_sock); - fd->ssl_sock = NULL; - SSL_CTX_free(fd->ssl_ctx); - fd->ssl_ctx = NULL; -#endif + if (fd->ssl_sock) { + SSL_free(fd->ssl_sock); + fd->ssl_sock = NULL; + SSL_CTX_free(fd->ssl_ctx); + fd->ssl_ctx = NULL; + } close(fd->sock); fd->sock = -1; } @@ -1165,7 +1161,6 @@ static zhandle_t *zookeeper_init_internal(const char *host, watcher_fn watcher, int errnosave = 0; zhandle_t *zh = NULL; char *index_chroot = NULL; - char *index_cert = NULL; // Create our handle zh = calloc(1, sizeof(*zh)); @@ -1299,7 +1294,7 @@ zhandle_t *zookeeper_init2(const char *host, watcher_fn watcher, zhandle_t *zookeeper_init_ssl(const char *host, const char *cert, watcher_fn watcher, int recv_timeout, const clientid_t *clientid, void *context, int flags) { - zcert_t *zcert = &((zcert_t) {.ca = strtok(cert, ","), .cert = strtok(NULL, ","), .key = strtok(NULL, ","), .passwd = strtok(NULL, ",")}); + zcert_t *zcert = &((zcert_t) {.ca = strtok(strdup(cert), ","), .cert = strtok(NULL, ","), .key = strtok(NULL, ","), .passwd = strtok(NULL, ",")}); return zookeeper_init_internal(host, watcher, recv_timeout, clientid, context, flags, NULL, zcert); } @@ -2262,7 +2257,7 @@ static socket_t zookeeper_connect(zhandle_t *zh, SSL_library_init(); SSL_load_error_strings(); OpenSSL_add_all_algorithms(); - method = TLSv1_client_method(); + method = TLS_client_method(); ctx = SSL_CTX_new(method); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); From bea73aadf911f17a5bb1661a14593780cb5584e7 Mon Sep 17 00:00:00 2001 From: buaacss Date: Sat, 22 Sep 2018 00:04:55 +0800 Subject: [PATCH 04/13] define HAVE_OPENSSL_H --- .../zookeeper-client-c/CMakeLists.txt | 17 +++++++++-------- zookeeper-client/zookeeper-client-c/src/cli.c | 5 +++++ .../zookeeper-client-c/src/zk_adaptor.h | 4 ++++ .../zookeeper-client-c/src/zookeeper.c | 12 ++++++++++++ 4 files changed, 30 insertions(+), 8 deletions(-) diff --git a/zookeeper-client/zookeeper-client-c/CMakeLists.txt b/zookeeper-client/zookeeper-client-c/CMakeLists.txt index 85a4ac83fc5..8bc01f48df8 100644 --- a/zookeeper-client/zookeeper-client-c/CMakeLists.txt +++ b/zookeeper-client/zookeeper-client-c/CMakeLists.txt @@ -176,20 +176,21 @@ if(WIN32) list(APPEND zookeeper_sources src/winport.c) endif() - -#find_package(PkgConfig REQUIRED) -#set(ENV{PKG_CONFIG_PATH} "/opt/local/lib/pkgconfig") -#pkg_search_module(OPENSSL REQUIRED openssl) add_library(zookeeper STATIC ${zookeeper_sources}) -target_include_directories(zookeeper PUBLIC include ${CMAKE_CURRENT_BINARY_DIR}/include generated /opt/local/include) -link_directories(/opt/local/lib) +target_include_directories(zookeeper PUBLIC include ${CMAKE_CURRENT_BINARY_DIR}/include generated) target_link_libraries(zookeeper PUBLIC hashtable - ssl - crypto $<$:rt> # clock_gettime $<$:ws2_32>) # Winsock 2.0 +option(WITH_OPENSSL "openssl directory" OFF) +if(WITH_OPENSSL) + add_compile_definitions(HAVE_OPENSSL_H) + include_directories(${WITH_OPENSSL}/include) + link_directories(${WITH_OPENSSL}/lib) + link_libraries(ssl crypto) +endif() + if(WANT_SYNCAPI AND NOT WIN32) find_package(Threads REQUIRED) target_link_libraries(zookeeper PUBLIC Threads::Threads) diff --git a/zookeeper-client/zookeeper-client-c/src/cli.c b/zookeeper-client/zookeeper-client-c/src/cli.c index 681d673112f..ef88658e937 100644 --- a/zookeeper-client/zookeeper-client-c/src/cli.c +++ b/zookeeper-client/zookeeper-client-c/src/cli.c @@ -747,11 +747,16 @@ int main(int argc, char **argv) { verbose = 0; zoo_set_debug_level(ZOO_LOG_LEVEL_WARN); zoo_deterministic_conn_order(1); // enable deterministic order +#ifdef HAVE_OPENSSL_H if (!cert) { zh = zookeeper_init(hostPort, watcher, 30000, &myid, NULL, flags); } else { zh = zookeeper_init_ssl(hostPort, cert, watcher, 30000, &myid, NULL, flags); } +#else + zh = zookeeper_init(hostPort, watcher, 30000, &myid, NULL, flags); +#endif + if (!zh) { return errno; } diff --git a/zookeeper-client/zookeeper-client-c/src/zk_adaptor.h b/zookeeper-client/zookeeper-client-c/src/zk_adaptor.h index ef319b9e6af..6e32c67fccb 100644 --- a/zookeeper-client/zookeeper-client-c/src/zk_adaptor.h +++ b/zookeeper-client/zookeeper-client-c/src/zk_adaptor.h @@ -19,7 +19,9 @@ #ifndef ZK_ADAPTOR_H_ #define ZK_ADAPTOR_H_ #include +#ifdef HAVE_OPENSSL_H #include +#endif #ifdef THREADED #ifndef WIN32 #include @@ -202,8 +204,10 @@ typedef struct _zsock { int sock; #endif zcert_t *cert; +#ifdef HAVE_OPENSSL_H SSL *ssl_sock; SSL_CTX *ssl_ctx; +#endif } zsock_t; /** diff --git a/zookeeper-client/zookeeper-client-c/src/zookeeper.c b/zookeeper-client/zookeeper-client-c/src/zookeeper.c index 5e3133b2779..9486fd37355 100644 --- a/zookeeper-client/zookeeper-client-c/src/zookeeper.c +++ b/zookeeper-client/zookeeper-client-c/src/zookeeper.c @@ -79,8 +79,10 @@ #include #endif +#ifdef HAVE_OPENSSL_H #include #include +#endif #ifdef __MACH__ // OS X #include @@ -312,15 +314,19 @@ static void abort_singlethreaded(zhandle_t *zh) static ssize_t zookeeper_send(zsock_t *fd, const void* buf, size_t len) { +#ifdef HAVE_OPENSSL_H if (fd->ssl_sock) return (ssize_t)SSL_write(fd->ssl_sock, buf, (int)len); +#endif return send(fd->sock, buf, len, SEND_FLAGS); } static ssize_t zookeeper_recv(zsock_t *fd, void *buf, size_t len, int flags) { +#ifdef HAVE_OPENSSL_H if (fd->ssl_sock) return (ssize_t)SSL_read(fd->ssl_sock, buf, (int)len); +#endif return recv(fd->sock, buf, len, flags); } @@ -554,12 +560,14 @@ zk_hashtable *child_result_checker(zhandle_t *zh, int rc) static void close_zsock(zsock_t *fd) { if (fd->sock != -1) { +#ifdef HAVE_OPENSSL_H if (fd->ssl_sock) { SSL_free(fd->ssl_sock); fd->ssl_sock = NULL; SSL_CTX_free(fd->ssl_ctx); fd->ssl_ctx = NULL; } +#endif close(fd->sock); fd->sock = -1; } @@ -1291,12 +1299,14 @@ zhandle_t *zookeeper_init2(const char *host, watcher_fn watcher, return zookeeper_init_internal(host, watcher, recv_timeout, clientid, context, flags, log_callback, NULL); } +#ifdef HAVE_OPENSSL_H zhandle_t *zookeeper_init_ssl(const char *host, const char *cert, watcher_fn watcher, int recv_timeout, const clientid_t *clientid, void *context, int flags) { zcert_t *zcert = &((zcert_t) {.ca = strtok(strdup(cert), ","), .cert = strtok(NULL, ","), .key = strtok(NULL, ","), .passwd = strtok(NULL, ",")}); return zookeeper_init_internal(host, watcher, recv_timeout, clientid, context, flags, NULL, zcert); } +#endif /** * Set a new list of zk servers to connect to. Disconnect will occur if @@ -2249,6 +2259,7 @@ static socket_t zookeeper_connect(zhandle_t *zh, LOG_DEBUG(LOGCALLBACK(zh), "[zk] connect()\n"); rc = connect(fd, (struct sockaddr *)addr, addr_len); +#ifdef HAVE_OPENSSL_H if (zh->fd->cert != NULL) { SSL_CTX *ctx = NULL; SSL *ssl = NULL; @@ -2312,6 +2323,7 @@ static socket_t zookeeper_connect(zhandle_t *zh, errno = EWOULDBLOCK; } } +#endif #ifdef _WIN32 errno = GetLastError(); From f4f4bd7acd56a816c8d5e241f063837253755b71 Mon Sep 17 00:00:00 2001 From: buaacss Date: Mon, 24 Sep 2018 15:25:47 +0800 Subject: [PATCH 05/13] add unit test & ssl cert creator --- .../zookeeper-client-c/CMakeLists.txt | 7 ++-- .../zookeeper-client-c/include/zookeeper.h | 35 ++++++++++++++++++ .../zookeeper-client-c/src/zk_adaptor.h | 29 --------------- .../zookeeper-client-c/src/zookeeper.c | 2 +- .../zookeeper-client-c/ssl/cert_creator.sh | 18 +++++++++ .../zookeeper-client-c/ssl/client.crt | 20 ++++++++++ .../zookeeper-client-c/ssl/client.csr | 17 +++++++++ .../zookeeper-client-c/ssl/client.jks | Bin 0 -> 2169 bytes .../zookeeper-client-c/ssl/client.pkcs12 | Bin 0 -> 2421 bytes .../zookeeper-client-c/ssl/clientkey.pem | 27 ++++++++++++++ .../zookeeper-client-c/ssl/clienttrust.jks | Bin 0 -> 1823 bytes .../zookeeper-client-c/ssl/root.crt | 21 +++++++++++ .../zookeeper-client-c/ssl/root.srl | 1 + .../zookeeper-client-c/ssl/rootkey.pem | 27 ++++++++++++++ .../zookeeper-client-c/ssl/server.crt | 20 ++++++++++ .../zookeeper-client-c/ssl/server.csr | 17 +++++++++ .../zookeeper-client-c/ssl/server.jks | Bin 0 -> 3106 bytes .../zookeeper-client-c/ssl/server.pkcs12 | Bin 0 -> 2421 bytes .../zookeeper-client-c/ssl/serverkey.pem | 27 ++++++++++++++ .../zookeeper-client-c/ssl/servertrust.jks | Bin 0 -> 1823 bytes .../zookeeper-client-c/tests/TestClient.cc | 22 ++++++++++- .../tests/TestZookeeperInit.cc | 2 +- .../zookeeper-client-c/tests/ZKMocks.cc | 2 +- .../zookeeper-client-c/tests/zkServer.sh | 9 ++++- .../zookeeper-client-c/tests/zoo.cfg | 12 ++++++ 25 files changed, 277 insertions(+), 38 deletions(-) create mode 100644 zookeeper-client/zookeeper-client-c/ssl/cert_creator.sh create mode 100644 zookeeper-client/zookeeper-client-c/ssl/client.crt create mode 100644 zookeeper-client/zookeeper-client-c/ssl/client.csr create mode 100644 zookeeper-client/zookeeper-client-c/ssl/client.jks create mode 100644 zookeeper-client/zookeeper-client-c/ssl/client.pkcs12 create mode 100644 zookeeper-client/zookeeper-client-c/ssl/clientkey.pem create mode 100644 zookeeper-client/zookeeper-client-c/ssl/clienttrust.jks create mode 100644 zookeeper-client/zookeeper-client-c/ssl/root.crt create mode 100644 zookeeper-client/zookeeper-client-c/ssl/root.srl create mode 100644 zookeeper-client/zookeeper-client-c/ssl/rootkey.pem create mode 100644 zookeeper-client/zookeeper-client-c/ssl/server.crt create mode 100644 zookeeper-client/zookeeper-client-c/ssl/server.csr create mode 100644 zookeeper-client/zookeeper-client-c/ssl/server.jks create mode 100644 zookeeper-client/zookeeper-client-c/ssl/server.pkcs12 create mode 100644 zookeeper-client/zookeeper-client-c/ssl/serverkey.pem create mode 100644 zookeeper-client/zookeeper-client-c/ssl/servertrust.jks create mode 100644 zookeeper-client/zookeeper-client-c/tests/zoo.cfg diff --git a/zookeeper-client/zookeeper-client-c/CMakeLists.txt b/zookeeper-client/zookeeper-client-c/CMakeLists.txt index 8bc01f48df8..b66613230e8 100644 --- a/zookeeper-client/zookeeper-client-c/CMakeLists.txt +++ b/zookeeper-client/zookeeper-client-c/CMakeLists.txt @@ -56,7 +56,7 @@ option(WANT_CPPUNIT "Enables CppUnit and tests" ${DEFAULT_WANT_CPPUNIT}) # SOCK_CLOEXEC option(WANT_SOCK_CLOEXEC "Enables SOCK_CLOEXEC on sockets" OFF) include(CheckSymbolExists) -check_symbol_exists(SOCK_CLOEXEC sys/socket.h HAVE_SOCK_CLOEXEC) +check_symbol_exists(zktest_runnerSOCK_CLOEXEC sys/socket.h HAVE_SOCK_CLOEXEC) if(WANT_SOCK_CLOEXEC AND HAVE_SOCK_CLOEXEC) set(SOCK_CLOEXEC_ENABLED 1) endif() @@ -185,10 +185,10 @@ target_link_libraries(zookeeper PUBLIC option(WITH_OPENSSL "openssl directory" OFF) if(WITH_OPENSSL) - add_compile_definitions(HAVE_OPENSSL_H) + target_compile_definitions(zookeeper PUBLIC HAVE_OPENSSL_H) include_directories(${WITH_OPENSSL}/include) link_directories(${WITH_OPENSSL}/lib) - link_libraries(ssl crypto) + target_link_libraries(zookeeper PUBLIC ssl crypto) endif() if(WANT_SYNCAPI AND NOT WIN32) @@ -233,6 +233,7 @@ if(WANT_SYNCAPI) endif() if(WANT_CPPUNIT) + set (CMAKE_CXX_STANDARD 11) add_executable(zktest ${test_sources}) target_include_directories(zktest PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}) diff --git a/zookeeper-client/zookeeper-client-c/include/zookeeper.h b/zookeeper-client/zookeeper-client-c/include/zookeeper.h index 23d1690fd5a..f4f539a80cb 100644 --- a/zookeeper-client/zookeeper-client-c/include/zookeeper.h +++ b/zookeeper-client/zookeeper-client-c/include/zookeeper.h @@ -32,6 +32,10 @@ #include /* for struct sock_addr and socklen_t */ #endif +#ifdef HAVE_OPENSSL_H +#include +#endif + #include #include @@ -273,6 +277,33 @@ extern ZOOAPI const int ZOO_NOTWATCHING_EVENT; */ typedef struct _zhandle zhandle_t; +/** + * This structure represents the certificates to zookeeper. + */ +typedef struct _zcert { + char *ca; + char *cert; + char *key; + char *passwd; +} zcert_t; + +/** + * This structure represents the socket to zookeeper. + */ +typedef struct _zsock { +#ifdef WIN32 + SOCKET sock; +#else + int sock; +#endif + zcert_t *cert; +#ifdef HAVE_OPENSSL_H + SSL *ssl_sock; + SSL_CTX *ssl_ctx; +#endif +} zsock_t; + + /** * \brief client id structure. * @@ -485,8 +516,12 @@ typedef void (*log_callback_fn)(const char *message); ZOOAPI zhandle_t *zookeeper_init(const char *host, watcher_fn fn, int recv_timeout, const clientid_t *clientid, void *context, int flags); +#ifdef HAVE_OPENSSL_H ZOOAPI zhandle_t *zookeeper_init_ssl(const char *host, const char *cert, watcher_fn fn, int recv_timeout, const clientid_t *clientid, void *context, int flags); +#endif + +ZOOAPI void close_zsock(zsock_t *zsock); /** * \brief create a handle to communicate with zookeeper. diff --git a/zookeeper-client/zookeeper-client-c/src/zk_adaptor.h b/zookeeper-client/zookeeper-client-c/src/zk_adaptor.h index 6e32c67fccb..07be8702bd9 100644 --- a/zookeeper-client/zookeeper-client-c/src/zk_adaptor.h +++ b/zookeeper-client/zookeeper-client-c/src/zk_adaptor.h @@ -19,9 +19,6 @@ #ifndef ZK_ADAPTOR_H_ #define ZK_ADAPTOR_H_ #include -#ifdef HAVE_OPENSSL_H -#include -#endif #ifdef THREADED #ifndef WIN32 #include @@ -184,32 +181,6 @@ typedef struct _auth_list_head { #endif } auth_list_head_t; -/** - * This structure represents the certificates to zookeeper. - */ -typedef struct _zcert { - char *ca; - char *cert; - char *key; - char *passwd; -} zcert_t; - -/** - * This structure represents the socket to zookeeper. - */ -typedef struct _zsock { -#ifdef WIN32 - SOCKET sock; -#else - int sock; -#endif - zcert_t *cert; -#ifdef HAVE_OPENSSL_H - SSL *ssl_sock; - SSL_CTX *ssl_ctx; -#endif -} zsock_t; - /** * This structure represents the connection to zookeeper. */ diff --git a/zookeeper-client/zookeeper-client-c/src/zookeeper.c b/zookeeper-client/zookeeper-client-c/src/zookeeper.c index 9486fd37355..1b40705ede3 100644 --- a/zookeeper-client/zookeeper-client-c/src/zookeeper.c +++ b/zookeeper-client/zookeeper-client-c/src/zookeeper.c @@ -557,7 +557,7 @@ zk_hashtable *child_result_checker(zhandle_t *zh, int rc) return rc==ZOK ? zh->active_child_watchers : 0; } -static void close_zsock(zsock_t *fd) +void close_zsock(zsock_t *fd) { if (fd->sock != -1) { #ifdef HAVE_OPENSSL_H diff --git a/zookeeper-client/zookeeper-client-c/ssl/cert_creator.sh b/zookeeper-client/zookeeper-client-c/ssl/cert_creator.sh new file mode 100644 index 00000000000..3272f9f66da --- /dev/null +++ b/zookeeper-client/zookeeper-client-c/ssl/cert_creator.sh @@ -0,0 +1,18 @@ +#!/bin/bash +openssl genrsa -out rootkey.pem 2048 +openssl req -x509 -new -key rootkey.pem -out root.crt +openssl genrsa -out clientkey.pem 2048 +openssl req -new -key clientkey.pem -out client.csr +openssl x509 -req -in client.csr -CA root.crt -CAkey rootkey.pem -CAcreateserial -days 3650 -out client.crt +openssl genrsa -out serverkey.pem 2048 +openssl req -new -key serverkey.pem -out server.csr +openssl x509 -req -in server.csr -CA root.crt -CAkey rootkey.pem -CAcreateserial -days 3650 -out server.crt +openssl pkcs12 -export -in client.crt -inkey clientkey.pem -out client.pkcs12 +openssl pkcs12 -export -in server.crt -inkey serverkey.pem -out server.pkcs12 +keytool -importkeystore -srckeystore client.pkcs12 -destkeystore client.jks -srcstoretype pkcs12 +keytool -importkeystore -srckeystore server.pkcs12 -destkeystore server.jks -srcstoretype pkcs12 +keytool -importcert -keystore server.jks -file root.crt +keytool -importcert -alias ca -file root.crt -keystore clienttrust.jks +keytool -importcert -alias clientcert -file client.crt -keystore clienttrust.jks +keytool -importcert -alias ca -file root.crt -keystore servertrust.jks +keytool -importcert -alias servercert -file server.crt -keystore servertrust.jks diff --git a/zookeeper-client/zookeeper-client-c/ssl/client.crt b/zookeeper-client/zookeeper-client-c/ssl/client.crt new file mode 100644 index 00000000000..a07388a05d0 --- /dev/null +++ b/zookeeper-client/zookeeper-client-c/ssl/client.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDMTCCAhkCFAFt7iNPOa4n/F+PBG+k95JUgBAmMA0GCSqGSIb3DQEBCwUAMFUx +CzAJBgNVBAYTAkNOMQswCQYDVQQIDAJCSjELMAkGA1UEBwwCQkoxEDAOBgNVBAoM +B2luYWdvcmExDDAKBgNVBAsMA29yZzEMMAoGA1UEAwwDd3liMB4XDTE4MDkyMzE1 +MTQzOFoXDTI4MDkyMDE1MTQzOFowVTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkJK +MQswCQYDVQQHDAJCSjEQMA4GA1UECgwHaW5hZ29yYTEMMAoGA1UECwwDb3JnMQww +CgYDVQQDDAN3eWIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiGJ0S +sqTG2tyxubxwvgAUfQ8MNb/s1geMR+Vym2tfVa76UGPLFkXuyCn29/6UQKXbyY0H +7I3YGOEu3SjYtRbHolDlLSugw4sTY7QDDzJlowLtlrdSikjQxhQ7NVcHAb5xg+8y +yULx1bU0cKuEf6p5szQahquwC1OaVcwWvsz7p9GIIERpJpQ0Xm/7Hltn01p/QHvY +dn+BiNfrDA1SJywR8ft5GLTgzv17+/lLyOpurU680NHtp5kyfGu/k0GKC2yIF9CK +C8hqhnVO631FlfDi8Fg2X2U7Xv90I6YqORSvxeq4VPoBqKG5ROlyxnQwegLsKhpj +ykvzjE4oJBqC+S5JAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGqvvklExngx1Asz +i9RNZUyc4Wq4C96a8ItDbeS108vYQm3ds9oJFaXGWSXvyI+TuOCHcT0jqO4zyM/l +yO/+EbYjbMcP8AmqrBAUcB4nHmrxE48us6Ifi5+Kc8+QJS6a1u7hVQWv3+JYjUjT +Zs/J7PuHQPWwuNuvpitiqhfOKNtIKTqswe4RIJiuaPrpfFRRibUt/P3FC5Oc5mPF +oE8C2iJ0b+uli+vJ5+fZLJBieOusF8JLMWUlx2476YfljtlcpvCSTpJw6pdmiKsj +lHWQ0TmJC8yWebAdcO8wl23JzBDj4uOQB0XNZkrxqQwdqlZjD36NoAz/iqnyg7b2 +fbaNb9I= +-----END CERTIFICATE----- diff --git a/zookeeper-client/zookeeper-client-c/ssl/client.csr b/zookeeper-client/zookeeper-client-c/ssl/client.csr new file mode 100644 index 00000000000..483b232dd9b --- /dev/null +++ b/zookeeper-client/zookeeper-client-c/ssl/client.csr @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICyzCCAbMCAQAwVTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkJKMQswCQYDVQQH +DAJCSjEQMA4GA1UECgwHaW5hZ29yYTEMMAoGA1UECwwDb3JnMQwwCgYDVQQDDAN3 +eWIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiGJ0SsqTG2tyxubxw +vgAUfQ8MNb/s1geMR+Vym2tfVa76UGPLFkXuyCn29/6UQKXbyY0H7I3YGOEu3SjY +tRbHolDlLSugw4sTY7QDDzJlowLtlrdSikjQxhQ7NVcHAb5xg+8yyULx1bU0cKuE +f6p5szQahquwC1OaVcwWvsz7p9GIIERpJpQ0Xm/7Hltn01p/QHvYdn+BiNfrDA1S +JywR8ft5GLTgzv17+/lLyOpurU680NHtp5kyfGu/k0GKC2yIF9CKC8hqhnVO631F +lfDi8Fg2X2U7Xv90I6YqORSvxeq4VPoBqKG5ROlyxnQwegLsKhpjykvzjE4oJBqC ++S5JAgMBAAGgMTAWBgkqhkiG9w0BCQIxCQwHaW5hZ29yYTAXBgkqhkiG9w0BCQcx +CgwIdGVzdHBhc3MwDQYJKoZIhvcNAQELBQADggEBAJK1KXQLOWQkaGpqu3WjN7Uq +9Z4Yi72D2JcsWL0IH9nW10Ru2tmid3ZDpd+ie12NnrE6dudmJ7ZkTvZDKCYviB1H +G1ov2HWjWm/lGftjTf63iJ6KYo1Cf+5xThgARv9fkRu/tfGWGdHpJM9U7X2MNJ7x +4UUROiR90AeMU6SwFaC8vohGM30pGGhoaXNbBQfVevxJtCpGcr65A6uFTQnXTaSO +hPcGl5smTf2sbgaVvK7o0PDpYjreHQr3QKpUNLBfLt7uk2tjk1VbNhIYr/1X3RTJ +NF6iysxmjYcsr2V6vN8vxvILY0uRSojAE6qNekEa6ia8Wr16G7ZZMyEF2D/Rpoo= +-----END CERTIFICATE REQUEST----- diff --git a/zookeeper-client/zookeeper-client-c/ssl/client.jks b/zookeeper-client/zookeeper-client-c/ssl/client.jks new file mode 100644 index 0000000000000000000000000000000000000000..a1524425cd2535e6fad1e3aef03d3698346d61d1 GIT binary patch literal 2169 zcmcJQ`8N~{7sqF@WR`5hL?s#fGR>Hjy%Bn8WM8s8#3YYx##Y%!QAaou`~&X~_niB==bm%V{hoWim$$%M0001>y#W3SAa*ai zB(U4m0s!!XFjPJsX1@SLO#sLTR0W9wf&2hIDj(D=(|dE8@;Sp2 ze+C;w<{8N8uS?=w+ef7lMfX-5_r2=Z-`MfLT;sy$I3|)-#EijmB>Ec%HH#xY&424~ ziM?um3)`4)KiZl|mn=6NtevJZQEKPRrvEq? z6%yR1F=Kb`fL#BY)FWdB!tzDdTJWJxTt-&hiV6yvmChqbGiC*KC3Q9)|eJOsLjc z;jBem!}0@gc3ny9DLpKPVQWH7;uQj-QJ=f>y@G0AS|tk-^*LR1uke|}Y~$z?`nl1A z&Pd-4K+VXU_v4DYPOr)iXBfsMxA`7hhu*W<@tvQOF-$S_*#_F^|@63f{2GlrF!8zx6>aHL|+h#4=8o}up)BY~VG z+1K#`dos*i6OvT~CflH!*7!*XeXX0iP`HuQVUr&3sMYadl zIY8}2KiV^G+epD_vW{bBR7;8U68=dd7TENAl+7kzi_S??2J=IT2EWvc& z$U19ix5MPTQV4Fj`|L(}IXi^2QIJ?O%{aB#tzhMvT>;}G{xU`W^Jp!M4gdhw!cf6j z3>72=LI497QC2#&O4}Z3d}R81rhS}@mHQ_2I9k z7eOxph!|m*R?GZ|;LZQch7|gHIMi-h6MH007nv$Q)_K|Z((&$8!THp&18nq!@>qjp z*8}TW4YlI-6mjAcu&}0g31}hrsco{^Kqo>^%SjOUGWhzEX7}lp;fCWuRW~S=5%tHV z6RPTlZWyXe zRR{5?gTt`j1U|gqWHJ}h8HR}j&8tciUlYFHv{aUtrf#6kL0}*N_-}>wPGCA$hcRHY1cRmw4imgB_ zxiB)fG=^;YO2>CGk1-g@s=ww!618N|uElvIVvzMTG6hX(D< zji@^uw1mkE?CuqrnVv}(H0`@|cBKM#xYCg*9GhAU+fA;}5lZcohR_qup!nLC)Rhtm2W^2cc)fy>n&}+6SwMTK?QrEb(8ndx# z7VT{-YBe27v?v!XDX%@}y?5XH<9B}Ne7@&=|NDF~WJnY{fCEE@=x{=mZ(7_u;0Bxm zRFNTyKr%$`2bRK+Ip+R}IIGAUV?WR^JAm!S>-#4GV8l70|89T*I5BV_IL!wpm8;qP zm7N{TcAd;YX`L2+doOr~wxywwlM^jvBL`L9OxjSiH;yX?UQI`(t9Mjarl5lK`;o95 zQ)MGo?tElwOrGS~l}3oDCDlCF9nc>Uy|-URb$j@dLo`yq8(vgBiLw@g^1taxT?af8 z%Id3M9luvtX3j(cx4i^OMcL+D8T1C;ON{A@4fm|D`U58c?GZ=V&c7uT>~E)B(F(CJ zi$+E6|L!O;m~iW9-kUjNfh2vfhBP_71m0_vkLOG9X>03JvI|E+!;2iWraxrR22Gz` z@$S-iMOxmsk8f}&XSE|tUp5njh$tOAv|7(E)Bmo0Ie|4jP`GY;^bwe@uYsU#cW!IZ zYMoYEhr3!)TGm`JrljV6YK52Z_fBHgfJk!a{_pXx1TrSH_v}E-#jOD!t@YpvO0=WJRHLw2d3S2 z`D&nCFrL1-3)UypHOcP{)R@8d+T`mI0aAd$vv1SFhc=ImgVG~)B5FN%fdV3*I|0L@ z&IPCNZyzr;i3h!0g|dewYZ^0;|YplxIg3I=3VyJv92Z zv>e=1b30xut31o*4*ezv#8G>tb4*!pCE<1QiR)V{6p6nKqpEfzQJ!gNH%WUQbt~Q0yU*|&8W{@`uqA5z`-tkr*={zFc1)0 zG9)-?n!_DGm*F1ru*Ab!N`fiFcOmoA2)4tEyd-0WsUEarE0fj*}Ip;_ER`m~w5oex$(On&XK)bPloW7+kq zt0Qatp}K8{)mq6_(Q6E@3BSGC{PDH}#%S3yW+(xA`mkWgc%iK6vI+iV5g^{9!3_S4 zy@bXucz^uR_?J`7PL0nkJrBkSjgyh545$K;gbY1&7hLL4O;NYA+f)T^O-t#&ASu?( z*C-@}Ws_sHY+nf<54cxQ9d;H4^Z&9~?$A81gkw7bd3zn=Wz}bL@<}ryJ@daVft!}D z^_F}-YSGq8 zI81H$aSF3?!{n*OqD@E_zx$wHTzzBM`Q5D80s!~3 z#5B?-_sR5R-ePm~c_UTWfvT)Hu~pap z^SgTdFB5mtW9e)DN&YO@erN!U)LYNAS(neszMjQ$ z4fA=Kct+dc*AOfxx3hf>GSwi|4Ae@HgT1ZxR#OhQn;`;dfJAFZp#TT1?#q}_QZ&k?&McSDmY(eOI|N~ z;<{PkBW4q@L$A7GnW$6H>3H6GWaak=9vR`~Rnbfi*(U)WDK~fw{+^iMhj|iK$=#GZP~dlSo|j z9^YQZ2i;rwG)1%Op3e7{SRZb{%f_kI=F#?@mywa1mBAp?klTQhjX9KsO_<5q560o( zVRG_U%uS5^3+?Q3#>*4kjs zN8Wz3C#+<2_>`rmEp*7TvuRx>&!ZFfPh=eUxUNKF+4H;NYehE{tTX+&|I+_GjrPWRGFWcGI`ByTin~8>$C5B+&azj zoo~6bbIc95osigmIsAIjlY@)B^f_%-h_f8r6T`Et`BELDT<#gkB`tO>Gwy6VxxMX- z(C)(5<%{2nN&ZSHE(q@4+#I)hhjkyfRw>h?|9Tq_O|x${`|{XSpy;Wy)LHu%?;~oI zelOAu{4vGD|Cwc-OsrY&o#&qSXy?#8^bO9{!?Z$Lq&uAjC9NO0s7Eaclh@2J#?jWflnou?Fl4ct8q- zSy&C285#d0hdD4&0mGb;VeRHJ*7BG6vAk{&++w zxGN{D@t9Oun;Q9&y?=(^v?JYbdmeI3n0R90OrBju*~S~I?7rONbUdAfNGQ17nBjjdwG7X>`k)n0J8TR3?OGrv*lVy3s#wg+{2TsS6TZ5qzb zxUaDJz0pahk5{*v6s&HkUsbu;M5=A|2JYZlp=ZSQo%y}|VuylDrrH#fxcuL8(dn0? z>K&?Yl+`zOTz}2O8>Fry`0;n8#Fhu={#O6~>3!l=-devs7cRbCKGUcsd;es|F7BKT z@e5ttC$ic~{a)9)PW|xcLxfp;s&(A|66IxDmLltqzS+>_@#OFp{5pXruTN&f4l-LFqRe|}SELQ=)+ zHR6Z74O3N*=UKmOf7*95X4!{Hev=AbO;77stvsc4!bQtY?laRWH^>&eH<+G#@{GXa zM~^44yPi$+`nZxuc2!t1e_ihap8s7dKQ(XrR=ce?|B{(Fzx*>Bi{cel!TE>NW`x>b HiHipSgsQ7v literal 0 HcmV?d00001 diff --git a/zookeeper-client/zookeeper-client-c/ssl/root.crt b/zookeeper-client/zookeeper-client-c/ssl/root.crt new file mode 100644 index 00000000000..5f47d16411b --- /dev/null +++ b/zookeeper-client/zookeeper-client-c/ssl/root.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDiDCCAnCgAwIBAgIUXlu8TY0B4Iu1DikVan7ln0sYr1cwDQYJKoZIhvcNAQEL +BQAwVTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkJKMQswCQYDVQQHDAJCSjEQMA4G +A1UECgwHaW5hZ29yYTEMMAoGA1UECwwDb3JnMQwwCgYDVQQDDAN3eWIwHhcNMTgw +OTIzMTUxNDEzWhcNMTgxMDIzMTUxNDEzWjBVMQswCQYDVQQGEwJDTjELMAkGA1UE +CAwCQkoxCzAJBgNVBAcMAkJKMRAwDgYDVQQKDAdpbmFnb3JhMQwwCgYDVQQLDANv +cmcxDDAKBgNVBAMMA3d5YjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +ALFph+a5u00035qtUwniS06bkKkBQPJqLisSwjmJgq5pDOLI38howPGudCim590X +rRWwcK41+b/y6TgZ9ENiX/b/GCO5Sc18cY5+fXNQ6Qe7jS1EUDCIKqgDzJyHbiUD +5DUCSp2Go42HbUy+916uKXe57QtrbDcxtsgYt9NX13LkwaNKLwk8qBcEwbxcDKaD +0n4BHm3MGaSEPoSY3LbJt4bMErtx63ej7RYZ+mRzcFOLs4Neq7g7jgsqdQLi/y6x +wpY/gzb04zUQcuVDGs0/6O9YfCL7oi1R+JRIT+Y5fhxdNo3c5/IZ1E38qSAMLMZF +4J/FNLZsgS/RoUHW8kWNSzkCAwEAAaNQME4wHQYDVR0OBBYEFLXD9Cw+DU4OMBIC +mRoZfL/HOy+4MB8GA1UdIwQYMBaAFLXD9Cw+DU4OMBICmRoZfL/HOy+4MAwGA1Ud +EwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAK2zdgV36W9d+iQmY8daNVPIJauA +pmdnlHqV1AboSvxIWiBHI2CsSJJ5fWVZ6QePmE6WxIvtjOEIkJHIoZkMunJrM7F6 +PvTeCUHEp79ABIx6oxPJklEosU3Clv3FkPOn/nGnUsKm/OG3INCiZAJdPt8Q/icE +Ur94ufSviMBbOi+AxRGXi7WlN2NIvsVx/UqN5U56I+3Qf3HA1PvIJaC8wbdHdjXI +utma6EYJrbuzWYkBlL2VvrFAQ5NJedd096ZIMqz3JYOVfs4RFC87UPUkaPjR7HvQ +7tnMGVel7YQsRTDQWtUkxqoMyFxTRT1iKlFZK6gR+ingIPGun+oSUAWIACI= +-----END CERTIFICATE----- diff --git a/zookeeper-client/zookeeper-client-c/ssl/root.srl b/zookeeper-client/zookeeper-client-c/ssl/root.srl new file mode 100644 index 00000000000..cbac64e55e1 --- /dev/null +++ b/zookeeper-client/zookeeper-client-c/ssl/root.srl @@ -0,0 +1 @@ +016DEE234F39AE27FC5F8F046FA4F79254801027 diff --git a/zookeeper-client/zookeeper-client-c/ssl/rootkey.pem b/zookeeper-client/zookeeper-client-c/ssl/rootkey.pem new file mode 100644 index 00000000000..0dd9a24f1b9 --- /dev/null +++ b/zookeeper-client/zookeeper-client-c/ssl/rootkey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAsWmH5rm7TTTfmq1TCeJLTpuQqQFA8mouKxLCOYmCrmkM4sjf +yGjA8a50KKbn3RetFbBwrjX5v/LpOBn0Q2Jf9v8YI7lJzXxxjn59c1DpB7uNLURQ +MIgqqAPMnIduJQPkNQJKnYajjYdtTL73Xq4pd7ntC2tsNzG2yBi301fXcuTBo0ov +CTyoFwTBvFwMpoPSfgEebcwZpIQ+hJjctsm3hswSu3Hrd6PtFhn6ZHNwU4uzg16r +uDuOCyp1AuL/LrHClj+DNvTjNRBy5UMazT/o71h8IvuiLVH4lEhP5jl+HF02jdzn +8hnUTfypIAwsxkXgn8U0tmyBL9GhQdbyRY1LOQIDAQABAoIBAQCY4jQ24/9AfTvj +81EHx3bV+sEiou3w+QdoHvY41wNCgUyVcj1GWt9KZee70Hkm0exaMH4p4mGixBWu +Ps978h54n0OSJW4wIflJrj81TJhEDZ+PTrs711vLBdshWKPWShAyjhL2xLvUjsvl +wvsxICyj/BkGKkBLIBA/Ru3CtoP3gTJY86AagzeGY7SSzd57gHGNXuuzmMDKbKbI +sxT48qcRFPdZfPQKstxSXsiI8EOePWBh5iJNapqIVB5zkWRLCellvReD4o8vyYnD +h/WpFHR0i8UXW0vn1klWF5Tns6rQlZCOaj4SzLoQ9zIeUDIs9KqJ0/hZRLmOhdrb +uKm238DBAoGBAOIsJqsVRIGXM0ESyDYiZuZ0m7WCVlLHFklvPe9qT/XKAb0GIWxs +tiW0IPelYn8h3oAYsWEqrQGy4A9F2jv8SqiX4vyduvGAnj9QnmfF5XeYjCq9NMDv +Dpj+1kn7Aeu8oIzfkLSrwWfusWPkNaiRRooQtPR4NBxlO8BXo+jrjU19AoGBAMjP +LUP0+DtX5WXMUx7WN7ve909Xwg3/ulvBq16HySesq9XjNEIoiu4In87ozS6O4vef +OqBH+1aI/4mfTJNF66Q7ABXQyk/n78F5Qb/zq8GH0y6ymUOcbcJ9arh7ZZ1XqqvN +ZhcKBur6Pa0HwOa/POpR7jVEj70rDFga1JnFlhFtAoGBAKgK78wLaDP02GMQBmua +UeQGXa6VoXetbhSvr0/UKIbRSUtdY7YAa7FFzXzSh4U37+4y6o/sOlDZy3nth4Es +KXhsKX1R4BURYAJg7uDhe2XJlNMocyqqM6lfJm4fLkUtiAhDD2v9dRy4j1pNs8SD +8+ofEaPWL7mtSaDWPPWRFhKtAoGAMpsjiTC/LhVkllb7y5WozgvOv4waN3Tu/hi8 +m0IVC46Ub36muNWGzZ4WyAobS1RvFoBmQeZiDNjRrVkb7zF7xROpXdYUZjbJUTTB +wSIjcs5MBkS0IznU32LD9mICpbhmJo3I4J2CSM1vpZ+CmaQwMc0b/wicQMwMfFem +pGoK+7ECgYAjy4RCe9pEW+llW7249KWAtxADyYbHRT1zUQQj3rYfFRlHat3DZ183 +SxPRxYJ3/099XxSDkKDvs+tlUr79BUQN0HfXqs6Mue/g6+0vOrQjWlXraHf+RRjp +Fppa+CYUYr1yG5wX3hi3GEaRPMPWzC3g/aD5sAM9bPU70JJz/qC7Eg== +-----END RSA PRIVATE KEY----- diff --git a/zookeeper-client/zookeeper-client-c/ssl/server.crt b/zookeeper-client/zookeeper-client-c/ssl/server.crt new file mode 100644 index 00000000000..3b901c1ae89 --- /dev/null +++ b/zookeeper-client/zookeeper-client-c/ssl/server.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDMTCCAhkCFAFt7iNPOa4n/F+PBG+k95JUgBAnMA0GCSqGSIb3DQEBCwUAMFUx +CzAJBgNVBAYTAkNOMQswCQYDVQQIDAJCSjELMAkGA1UEBwwCQkoxEDAOBgNVBAoM +B2luYWdvcmExDDAKBgNVBAsMA29yZzEMMAoGA1UEAwwDd3liMB4XDTE4MDkyMzE1 +MTQ1N1oXDTI4MDkyMDE1MTQ1N1owVTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkJK +MQswCQYDVQQHDAJCSjEQMA4GA1UECgwHaW5hZ29yYTEMMAoGA1UECwwDb3JnMQww +CgYDVQQDDAN3eWIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQXW8i +zV2qoLUF+0BKunEERgislPcXDT5JoowR+XOkMyfkfgM71iYxjipmnrGy44mmtEw0 +tCFEBU6r/RE/fkSEIEiODApJosv2Fj4yQdp4RIlJKgJbxg3NCpGrN1mjL0/wg5gQ +SIArZoCvTsSFsjXURAyJSRGj7Xqi0ACBt0JIkq3wi6dpsWmHfUTr9pUB64n9tbtu +W91qFM1iZFQCZrCJQF8ktGKVUTI/1u/xTu3IGbJZEyN7jE2iFPQue7M0BvKe9Msu +00tipXPhzsr4SLwVSlVnDYMow6QdOYK/aEBNjMUbxIvmzpWeJYQdyLzvbTS5OLYX +9S7XQaGYEx5++us7AgMBAAEwDQYJKoZIhvcNAQELBQADggEBABTaNlNkHNKRoTGc +Tmv0DXaVfileeRbNrweH5WYw1npcfi5I5g9QUH3fUrThPfztrQ1jL0bZPFR/OS+7 +oWd0N0OerTey9XqbMRi+KaKj9ySFdIOCycvqBb627MaMtQLgw41B1jciWTLHAjon +IhmvH/bH0Gpq1BBKwRpnhiyapNY2O5k8xiehxvsqPYH6B7FednRrSo2xDyv5tgPG +Ninoa4zr/D0cn6AkSGVwVVppV+/J6BR3KVyOQ8r3mJHHcK/tq0HMQF5jXhXiWl4u +kC3iRddFxSrw4EGfzJ869KVxJC6ZuOf6BN6q2bUuOdsoWY3B8sVkQGBRoQ6iQdFm +xd6bIEY= +-----END CERTIFICATE----- diff --git a/zookeeper-client/zookeeper-client-c/ssl/server.csr b/zookeeper-client/zookeeper-client-c/ssl/server.csr new file mode 100644 index 00000000000..ea79c8b52ef --- /dev/null +++ b/zookeeper-client/zookeeper-client-c/ssl/server.csr @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICyzCCAbMCAQAwVTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkJKMQswCQYDVQQH +DAJCSjEQMA4GA1UECgwHaW5hZ29yYTEMMAoGA1UECwwDb3JnMQwwCgYDVQQDDAN3 +eWIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQXW8izV2qoLUF+0BK +unEERgislPcXDT5JoowR+XOkMyfkfgM71iYxjipmnrGy44mmtEw0tCFEBU6r/RE/ +fkSEIEiODApJosv2Fj4yQdp4RIlJKgJbxg3NCpGrN1mjL0/wg5gQSIArZoCvTsSF +sjXURAyJSRGj7Xqi0ACBt0JIkq3wi6dpsWmHfUTr9pUB64n9tbtuW91qFM1iZFQC +ZrCJQF8ktGKVUTI/1u/xTu3IGbJZEyN7jE2iFPQue7M0BvKe9Msu00tipXPhzsr4 +SLwVSlVnDYMow6QdOYK/aEBNjMUbxIvmzpWeJYQdyLzvbTS5OLYX9S7XQaGYEx5+ ++us7AgMBAAGgMTAWBgkqhkiG9w0BCQIxCQwHaW5hZ29yYTAXBgkqhkiG9w0BCQcx +CgwIdGVzdHBhc3MwDQYJKoZIhvcNAQELBQADggEBAHaJQjfgUlxdkdhk7w97ZlEu +nTu825NF+XmMRIZ81HVJV2Io2U1tLhS2LR4LxF5JLpYFLvJaHVc+oDi/GLu/5XX9 +cXuQaXCnCMgr9TaRQOpPcJcX9tWmfbXPr5U4fevn7AaeJvFvbZTa8yoFQD7CJcme +TNFPx6Kv3/bnmYfvDuxYalFuQNCrFDujF+imjXUPmtFVXB6FsVD69yw17gjfpHsU +dwC29piTbTeYpeJ59udbyuK5fIj5bA7UjNBQeJYwp47g6nAHF8qskPBqWgNLUvQU +e+D5JH6S4gZhOCAxB45lvxS2+hLoemosX6tjT+A3sNKbNaWIJI3f93jpc8UVYBE= +-----END CERTIFICATE REQUEST----- diff --git a/zookeeper-client/zookeeper-client-c/ssl/server.jks b/zookeeper-client/zookeeper-client-c/ssl/server.jks new file mode 100644 index 0000000000000000000000000000000000000000..28f9ddfff56034788390753017b44182ced3818d GIT binary patch literal 3106 zcmcJRc{J4f8^`B6i*;lh%M_BWj4)G%MlmKsW9(EymSi8YBwHG5Aw~(Il6}c~B}+#3 ztwNF|l?aJ6*@h`guDbW0-~HY5JLmV;{p0h;`}29udCuoK@7MD@KNvq4AP@-r=K(+f z1_T0}*|uL!gFr9<9Rb}!?_%RpU<0543d|1xFc35XI@c1kYA5k z5OAHI#R3^CLdcVV<6dugpCHo8qnpU8*Pj#zVCAA^xA>yU8^ioovqF#4p^=MeZ!Rt!>TZ=O{WY3TTANTYk-vukHylzZXwr+jeJSwp#MU(>2a zlW6H2+Kd+`DS_P7#mg^}hVNL{iwz=ePGFLE*EEP67n0+@+FZNG;B@4<=SIHBcP+X_ zy+iGxBDqScbk>fv==zCh;>ls;#25x(Svd?fXMm8@(104lgCP zT`l5K@-P;vN~Dl^@3QxBtu9W9*clWH)2qDIojSY+xEicYWyLN;3Pj#P=;z4|TpuN; znCGNsHjxOrV%mBAYVX_D&!GlaqY1S!s}-b|IdR0#^OpmIr(-5sYLNpm@v@ZA)+a;h zw@e?q+*mUCC}1CJA?fSUo?_3w=l+HNJI~Xqvj{pUS+%AHlVoV$hH+%W(qc5G&N2 zwC}=o<*AvAQaR1S@A>&%t~-NT={Pj(SvgCK^=X<07974H2m}b$Le`U8)!C`2V`EdE zSa5z!aQm#~HixK4z8Fk9i{OwO*$7X3F@i1GuG@{t_Y$d7LpCp}DI;trTr2f`^Jg;X z6w;7t%+eQq*Bd<`+Ef8N%e|G80?U>qH>=H3!?c0*HhpUf9s4MZUkyu93lXD9h zv|P8UU-u z{H&}=wUu0;XWu7SoIY`bQ;59G^84~&y@Oq4!Y^n=h9u;s@NVJ=?$#L(${p-h0)b`E z&R?D}YW~}EWVBf|=a~}A#*TKbQ@#caPwQnlFZrRm2Pnb8xRWW~>q_h{qn$b%hr0u6!oa~9hC z`A{>vR7xAi={~m`ZI))I=^Em10$Unct#(+aTfI3ijxa&gkLbvs5M046ljFm2tC2 zA2c=@WjyDVbw`h#484S^tg+@xXM8ny zqK!rvR+F+k)CE@GFNLhwyVlk3?moyzZrSZ}?cklfVb!DQ$2#|CcW$6G!q?d=ZTgucC4PQWLo72(hUDaZ%F4}R;pr?QK>lok_A^#mVwZOXqlD0-WqaOM zXwu47>89eO&WKJ2YH@;)*^{Zx%=eK|O0WC04t-xdTCIe8d%%*`vfSaQWpA3jD~IsX zx#Rs^N!?$&1~xwU(F7fXDuVRfi@qQWnZ|<28P{@Y(Vhm4EZcJVfX57OiiaAerdzc3mBonf zbW1K-ne$kY2(+c)EW99cfC@->_8{}3G^5hq)jX}e)+0donGeWi2qV`WFM6BDRYlsC z)E!OWMqL6=ZYx!`-o{6&GN-V7z8|%B_u^+4&V)#97=!wP5o@tz>_WBiKfBobShes996s zV`fE6v$eW%SOvT|atfR+qDk zUS$~zBtJ=Mtklv@(hC~#V-=7Nm9k_bQ>cCX2<4+Dt1_ literal 0 HcmV?d00001 diff --git a/zookeeper-client/zookeeper-client-c/ssl/server.pkcs12 b/zookeeper-client/zookeeper-client-c/ssl/server.pkcs12 new file mode 100644 index 0000000000000000000000000000000000000000..75deadc2684b6b73301633fc43d56f98c299f762 GIT binary patch literal 2421 zcmV-*35xbGf(dZ~0Ru3C2{#4_Duzgg_YDCD0ic2jC%TQpoft@xiy_7~}Mo~fdwZsyCKLtHW!Ysf(nqo1`Z-PRPejvNtw z9d~hr>A&tv9Te0B44wo{7zQ$yItzuQhcwsAdhBx_SSX;FquH{iT#}tx2>xG15591- zTR@0p2Jd=@KaW4HWcQi4yYgY@A>}B|R?&zyv;j%wU2l*nWehHdNJA5QuJ0n4!i%)U z?65h3sKrPx*Y$|!!uhMbhBgB7l0i?3K3G03*f z!<=}hoXiY1AGsG-S64OTN}ZY2`TD1n5B%iAdYy=_QuU|F1e1}J(@Kv|$|_<89>Ybo zEhz=A-Y6yt<1jhaHnuUG;)-idy;5VKMYG^tpbzlSwaqjhOf7N{VHH7ces_;vPqJbQlR%}Vp2QO*<=+2S5p_K0vV;LUb}| zx17dgiGsZm6n@|V|MvLeOyZbaaibddzDyfUx33ZyDClko*KdkNUqEqD>}_2l#`jzJ z&>vU&75C`Fpmu8kq!>XZ4+VFF1ib+^4)zXM!i&pG&`bve2zm|Z9hm`}gn|%H-7It- zS)&`{=vh|TU|e-6 zh?%C?*xWewNH&1}m4t2Q07mXbI@m^t)RBU+`_TFj^Zor`18y9L-j3s=uHZWJ#Ye4~ z0~>L|?OONX&o8=d|HBaT`3Na<_4vJfBoFoFd^1_>&LNQUeQRHngzTMeGyAw&*3KO4~1i^Q8PKV)%dqaGGs6vgFU3SB#+wE&$FGyEkLn z8sh@X&BI^(T4Bgwpu|GQ~a!f@9vYPCRtWm@jI1qG1o#d3G} z=^$^YB!=v+<(bXsJZeu>1*d-$!0B<4JKxEj~N3Bc-F! z0oCV2g1Om-1hpWck3>O>|C3R<8g@Sg1Y?nkRPNq7VC-xbD z_1H6W2IS1&$p6QxYt4pFrp%iv-^&)e%eJMEzLlJ5c?2?rA~H_1$#O`{^T7&Xm-HSp zLR|qj)A?IKpY&1f_T{C+^g`ys8q#6(VG6LWsBFkca5d^stHL$^9k+QKo76&9Jm&M@1*6a?xk^N6Ny3~`=yBC1| z?+pXhT$O=Cz> zUY{$66yM2NJ)TUk_8V=P1xf(^uvt~u<>pBEY;qFDn7CFx~<%~4xnfDH*+1{7|No2f*u{huD zV6{dkAGc=`b0~{VBG~=kW_q83SGuShMAZuokS3d(RU;<2uh#a-0s;sCz72S4 literal 0 HcmV?d00001 diff --git a/zookeeper-client/zookeeper-client-c/ssl/serverkey.pem b/zookeeper-client/zookeeper-client-c/ssl/serverkey.pem new file mode 100644 index 00000000000..2b6607000a4 --- /dev/null +++ b/zookeeper-client/zookeeper-client-c/ssl/serverkey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA0F1vIs1dqqC1BftASrpxBEYIrJT3Fw0+SaKMEflzpDMn5H4D +O9YmMY4qZp6xsuOJprRMNLQhRAVOq/0RP35EhCBIjgwKSaLL9hY+MkHaeESJSSoC +W8YNzQqRqzdZoy9P8IOYEEiAK2aAr07EhbI11EQMiUkRo+16otAAgbdCSJKt8Iun +abFph31E6/aVAeuJ/bW7blvdahTNYmRUAmawiUBfJLRilVEyP9bv8U7tyBmyWRMj +e4xNohT0LnuzNAbynvTLLtNLYqVz4c7K+Ei8FUpVZw2DKMOkHTmCv2hATYzFG8SL +5s6VniWEHci87200uTi2F/Uu10GhmBMefvrrOwIDAQABAoIBADzTyenjAgEZwT7p +xi8Klouk1ktrgWadWx2r8jAdHoFE3dR6ZP9G2QeGdSJYGZAblMexwr1wCHYPBpR2 +4F4kwmO/+O5e3XH5sIk6nRWW2+xYNavCM8YO32CIQVY2ZliZK0EPaYj3YVNKLS8A +U6akC8rXwsEhL6EnZrG4/yzfDt6YTHGmBzC+bQ6YB84Wp1pqe9zi+i93qdf5neUD +pB5gLX21vFwvl6ooxCLpLQxK26ZDMMqAO6WpLh6umxmkbZ1Ru2MxOvgpJMDjtHnx +wEyiippTnm8ArdQTpywAx0NGuBiOABgN016ZcVsqUGca/oDcudVGNaeV++MWJLik +MxkgXsECgYEA8INc1PAn/HJSIEUt7nmCM1uO+L6sP2IfHnrTyUuvBf7EBWhxN4oy +b+xtm1kLJp5KHCC3gB+HOhgTP2Z+Y8A+QMSXyFG0/rS20vrsBHLLap3nX9/Ex9fz +aOcuQUvHtFWd5Jz6S9D+u5ipd8h6s2N/Tws5/crIc+M6We6vZvMqTUMCgYEA3cgj +hIIh44PkkWG00+fs3gBQToJGGywl/UfHOiKCMtaovzBoXlk0TE/qNtEAEoIxVQ9m +NPhLrQtqUdBmHj3JwXgj+vouBeUbrTCqAt0D1Np7Md4AySsBpJovm4er9J2O9Inz +XRbDs9n5kK0k204De/+rnPsTUF/0+kipTNt2zqkCgYBKLtpVO3W54bD/DxdptMS5 +/oWMp5MNQcCDcDMepV9oo/nmCR7SmKeR6gSso7xSvwPwxQ6UUCUvf/l/1qcpMUSC +SaDfQoRnA2pYjNh7TsT7L5UL90MEuND1DEkyDqOcNcQrnVd+Rwoq5p1uusFNz2SX +BsluRDursuxujLZBNMNZbQKBgQCwYLKedz+sSQBF/oZo4FGoXGeBiGlowruTqrnu +qfMRq1WYd08Jebf12LhTz/NWxOOm2hBWoADPJfzwA+SyuEDz9C/pMX3YglR4b/NF +Q7AAX6EKD5xgYCt2VIj4D/XZHFTMdclthuUs63VmccyV/H0Y6EP7HFJH4YhaY98A +mKjrwQKBgCDwmVzPgoqtbVe8VBi0gWWulGXCkJU7an0uteK1v9fzGGCJ1a665FjL +DeugIXjHBoKwDSBuGotoTYyxmkyt7xPwrWne1Qtl3L1bio+EQ9I9ZIi+3arzA78s +dbyS8RgjAR1Iu1y+0yOAPWOlhK9drf0W+tPQDFQWmoKNgGgrYFbK +-----END RSA PRIVATE KEY----- diff --git a/zookeeper-client/zookeeper-client-c/ssl/servertrust.jks b/zookeeper-client/zookeeper-client-c/ssl/servertrust.jks new file mode 100644 index 0000000000000000000000000000000000000000..d02568e58190f452d04686beaf117bd728468452 GIT binary patch literal 1823 zcmezO_TO6u1_mZLW=c+EU|>vRXAu9wz#5@vYGBF0z}#cd#N1)f#8j|=nTe5!NhB_M zk8dyIgYK<-nxa{CPv?6}tPeNfW#iOp^Jx3d%gD&h%3u&`$Zf#M#vIDRCd}mQ2jg(? zFgba_IP74KfB_#!85a+GW?o`?eo>+!j{z4*gqw#szbGBXW9DHluS_zK6X!LwFt9W- zHZ(OfF*J?>aSaXNTv}P%#HfVqK}J>v<|amd27@L>E~X|%Muv@a6{X_YpNp zzZdBS{+Qz7|ID&ZCf2O?&ht-_SA74hRN&D$=K5g%QIl;sjrtcCI$rza+Usq}#LURR zxH!PT&p;L!b+UXcVk{zC4}a0I|cT z+?5m7cucCSO^tlX-ao@{+L7+JJr6l1Ogyo0CeN;-Y~zhpc3Me*`nye>bLr@pnaW7i-JcV50~en)8EAGj2v%OxO94IF-0HaJU5Ih&Lc!j!h5(;;4EOVZRpBl~ObKl;5rA-O41Sh>2#cag{!z3R;-Y@g$MN0zUd?j+rEI38x(!_;^bNsTu@Rm)j(~PSWJG-8}{b`!PwW^pp zJ&$Mn0Rgr5gSI@h{quG$Z?eAIO`DKFr($9lFhJviL!c+FfX(&#vomAaDTdiih1FJxt15%4-FmENW^Ysob;>zOvk z)E6H6t!3Nzi+y8USxL56??!&@pWB#^nQ6Yr?s@&kR%ZSJ6_3<{(5TGt_a|S7lxxQH zIiLDIW8(3G^>0@@o^gmvjuU+p6{j~r_mS&$*P~h=9yrcFGvDgV(n1xznLD2UV!5~K z=2kt++ZvI*2R|K6aYzVU$hXMxV%pJrvlZN)Jy`F!?q{hHpON3PS%(%y-8=N(2>_-x Bm>vKC literal 0 HcmV?d00001 diff --git a/zookeeper-client/zookeeper-client-c/tests/TestClient.cc b/zookeeper-client/zookeeper-client-c/tests/TestClient.cc index 2006c458783..2b2a4120b48 100644 --- a/zookeeper-client/zookeeper-client-c/tests/TestClient.cc +++ b/zookeeper-client/zookeeper-client-c/tests/TestClient.cc @@ -209,6 +209,9 @@ class Zookeeper_simpleSystem : public CPPUNIT_NS::TestFixture CPPUNIT_TEST(testNullData); #ifdef ZOO_IPV6_ENABLED CPPUNIT_TEST(testIPV6); +#endif +#ifdef HAVE_OPENSSL_H + CPPUNIT_TEST(testSSL); #endif CPPUNIT_TEST(testCreate); CPPUNIT_TEST(testPath); @@ -265,6 +268,13 @@ class Zookeeper_simpleSystem : public CPPUNIT_NS::TestFixture sleep(1); return zk; } + + zhandle_t *createSSLClient(const char *hp, const char *cert, watchctx_t *ctx) { + zhandle_t *zk = zookeeper_init_ssl(hp, cert, watcher, 30000, 0, ctx, 0); + ctx->zh = zk; + sleep(1); + return zk; + } zhandle_t *createchClient(watchctx_t *ctx, const char* chroot) { zhandle_t *zk = zookeeper_init(chroot, watcher, 10000, 0, ctx, 0); @@ -361,7 +371,7 @@ class Zookeeper_simpleSystem : public CPPUNIT_NS::TestFixture sleep(1); zh->io_count = 0; //close socket - close(zh->fd); + close_zsock(zh->fd); sleep(1); //Check that doIo isn't spinning CPPUNIT_ASSERT(zh->io_count < 2); @@ -752,6 +762,16 @@ class Zookeeper_simpleSystem : public CPPUNIT_NS::TestFixture CPPUNIT_ASSERT_EQUAL((int) ZOK, rc); } + void testSSL() { + watchctx_t ctx; + zhandle_t *zk = createSSLClient("127.0.0.1:22281", "../ssl/server.crt,../ssl/client.crt,../ssl/clientkey.pem,testpass", &ctx); + CPPUNIT_ASSERT(zk); + int rc = 0; + rc = zoo_create(zk, "/ssl", NULL, -1, + &ZOO_OPEN_ACL_UNSAFE, 0, 0, 0); + CPPUNIT_ASSERT_EQUAL((int) ZOK, rc); + } + void testNullData() { watchctx_t ctx; zhandle_t *zk = createClient(&ctx); diff --git a/zookeeper-client/zookeeper-client-c/tests/TestZookeeperInit.cc b/zookeeper-client/zookeeper-client-c/tests/TestZookeeperInit.cc index 6f43e050905..06501924499 100644 --- a/zookeeper-client/zookeeper-client-c/tests/TestZookeeperInit.cc +++ b/zookeeper-client/zookeeper-client-c/tests/TestZookeeperInit.cc @@ -102,7 +102,7 @@ class Zookeeper_init : public CPPUNIT_NS::TestFixture &cid,(void*)1,0); CPPUNIT_ASSERT(zh != NULL); - CPPUNIT_ASSERT(zh->fd == -1); + CPPUNIT_ASSERT(zh->fd->sock == -1); CPPUNIT_ASSERT(zh->hostname != NULL); CPPUNIT_ASSERT_EQUAL(EXPECTED_ADDRS_COUNT,zh->addrs.count); CPPUNIT_ASSERT_EQUAL(EXPECTED_HOST,string(zh->hostname)); diff --git a/zookeeper-client/zookeeper-client-c/tests/ZKMocks.cc b/zookeeper-client/zookeeper-client-c/tests/ZKMocks.cc index 1310ab9d4b8..2e74996372c 100644 --- a/zookeeper-client/zookeeper-client-c/tests/ZKMocks.cc +++ b/zookeeper-client/zookeeper-client-c/tests/ZKMocks.cc @@ -528,7 +528,7 @@ void forceConnected(zhandle_t* zh){ zh->state=ZOO_CONNECTED_STATE; // Simulate we're connected to the first host in our host list - zh->fd=ZookeeperServer::FD; + zh->fd->sock=ZookeeperServer::FD; assert(zh->addrs.count > 0); zh->addr_cur = zh->addrs.data[0]; zh->addrs.next++; diff --git a/zookeeper-client/zookeeper-client-c/tests/zkServer.sh b/zookeeper-client/zookeeper-client-c/tests/zkServer.sh index a61cf55fac9..6575c9f4a1b 100755 --- a/zookeeper-client/zookeeper-client-c/tests/zkServer.sh +++ b/zookeeper-client/zookeeper-client-c/tests/zkServer.sh @@ -117,8 +117,13 @@ start|startClean) pid=$! echo -n $! > /tmp/zk.pid else - mkdir -p "${base_dir}/build/tmp/zkdata" - java -cp "$CLASSPATH" org.apache.zookeeper.server.ZooKeeperServerMain $ZOOPORT "${base_dir}/build/tmp/zkdata" 3000 $ZKMAXCNXNS &> "${base_dir}/build/tmp/zk.log" & + tmpdir="${base_dir}/build/tmp" + mkdir -p "${tmpdir}/zkdata" + rm -f "${tmpdir}/zkdata/myid" && echo 1 > "${tmpdir}/zkdata/myid" + + sed "s#TMPDIR#${tmpdir}#g" ${base_dir}/zookeeper-client/zookeeper-client-c/tests/zoo.cfg > "${tmpdir}/zoo.cfg" + + java -cp "$CLASSPATH" org.apache.zookeeper.server.ZooKeeperServerMain ${tmpdir}/zoo.cfg &> "${base_dir}/build/tmp/zk.log" & pid=$! echo -n $pid > "${base_dir}/build/tmp/zk.pid" fi diff --git a/zookeeper-client/zookeeper-client-c/tests/zoo.cfg b/zookeeper-client/zookeeper-client-c/tests/zoo.cfg new file mode 100644 index 00000000000..0785c7786f9 --- /dev/null +++ b/zookeeper-client/zookeeper-client-c/tests/zoo.cfg @@ -0,0 +1,12 @@ +tickTime=500 +initLimit=10 +syncLimit=5 +dataDir=TMPDIR/zkdata + +clientPort=22181 +secureClientPort=22281 +serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory +ssl.keyStore.location=../ssl/server.jks +ssl.keyStore.password=testpass +ssl.trustStore.location=../ssl/servertrust.jks +ssl.trustStore.password=testpass From b27dca2a82e3170122fa5fc1c8a566f0a928fed7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=99=88=E7=A1=95=E5=AE=9E?= Date: Tue, 25 Sep 2018 13:16:29 +0800 Subject: [PATCH 06/13] refine for license --- .../zookeeper-client-c/ssl/cert_creator.sh | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/zookeeper-client/zookeeper-client-c/ssl/cert_creator.sh b/zookeeper-client/zookeeper-client-c/ssl/cert_creator.sh index 3272f9f66da..a1640d0e7f5 100644 --- a/zookeeper-client/zookeeper-client-c/ssl/cert_creator.sh +++ b/zookeeper-client/zookeeper-client-c/ssl/cert_creator.sh @@ -1,4 +1,21 @@ -#!/bin/bash +#!/usr/bin/env bash + +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + openssl genrsa -out rootkey.pem 2048 openssl req -x509 -new -key rootkey.pem -out root.crt openssl genrsa -out clientkey.pem 2048 From 1c89601d40ce3bae96667eccb2d6ce3c804d1baa Mon Sep 17 00:00:00 2001 From: buaacss Date: Tue, 25 Sep 2018 23:21:39 +0800 Subject: [PATCH 07/13] refine init process --- zookeeper-client/zookeeper-client-c/CMakeLists.txt | 2 +- zookeeper-client/zookeeper-client-c/src/zookeeper.c | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/zookeeper-client/zookeeper-client-c/CMakeLists.txt b/zookeeper-client/zookeeper-client-c/CMakeLists.txt index b66613230e8..f905f45c0a1 100644 --- a/zookeeper-client/zookeeper-client-c/CMakeLists.txt +++ b/zookeeper-client/zookeeper-client-c/CMakeLists.txt @@ -56,7 +56,7 @@ option(WANT_CPPUNIT "Enables CppUnit and tests" ${DEFAULT_WANT_CPPUNIT}) # SOCK_CLOEXEC option(WANT_SOCK_CLOEXEC "Enables SOCK_CLOEXEC on sockets" OFF) include(CheckSymbolExists) -check_symbol_exists(zktest_runnerSOCK_CLOEXEC sys/socket.h HAVE_SOCK_CLOEXEC) +check_symbol_exists(SOCK_CLOEXEC sys/socket.h HAVE_SOCK_CLOEXEC) if(WANT_SOCK_CLOEXEC AND HAVE_SOCK_CLOEXEC) set(SOCK_CLOEXEC_ENABLED 1) endif() diff --git a/zookeeper-client/zookeeper-client-c/src/zookeeper.c b/zookeeper-client/zookeeper-client-c/src/zookeeper.c index 1b40705ede3..714f8b01105 100644 --- a/zookeeper-client/zookeeper-client-c/src/zookeeper.c +++ b/zookeeper-client/zookeeper-client-c/src/zookeeper.c @@ -2265,9 +2265,7 @@ static socket_t zookeeper_connect(zhandle_t *zh, SSL *ssl = NULL; const SSL_METHOD *method; - SSL_library_init(); - SSL_load_error_strings(); - OpenSSL_add_all_algorithms(); + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); method = TLS_client_method(); ctx = SSL_CTX_new(method); From dda421d991071730c84c1c51b4186bbc2aaa826b Mon Sep 17 00:00:00 2001 From: buaacss Date: Thu, 27 Sep 2018 00:20:43 +0800 Subject: [PATCH 08/13] reconnect --- .../zookeeper-client-c/include/zookeeper.h | 1 + .../zookeeper-client-c/src/zookeeper.c | 132 +++++++++--------- 2 files changed, 68 insertions(+), 65 deletions(-) diff --git a/zookeeper-client/zookeeper-client-c/include/zookeeper.h b/zookeeper-client/zookeeper-client-c/include/zookeeper.h index f4f539a80cb..2daac085731 100644 --- a/zookeeper-client/zookeeper-client-c/include/zookeeper.h +++ b/zookeeper-client/zookeeper-client-c/include/zookeeper.h @@ -110,6 +110,7 @@ enum ZOO_ERRORS { ZRECONFIGINPROGRESS = -14, /*!< Reconfiguration requested while another reconfiguration is currently in progress. This is currently not supported. Please retry. */ + ZSSLCONNECTIONERROR = -15, /** API errors. * This is never thrown by the server, it shouldn't be used other than diff --git a/zookeeper-client/zookeeper-client-c/src/zookeeper.c b/zookeeper-client/zookeeper-client-c/src/zookeeper.c index 714f8b01105..36acfbac46c 100644 --- a/zookeeper-client/zookeeper-client-c/src/zookeeper.c +++ b/zookeeper-client/zookeeper-client-c/src/zookeeper.c @@ -1798,7 +1798,10 @@ static int is_connected(zhandle_t* zh) static void cleanup(zhandle_t *zh,int rc) { - close_zsock(zh->fd); + if (rc != 2) { + close_zsock(zh->fd); + } + if (is_unrecoverable(zh)) { LOG_DEBUG(LOGCALLBACK(zh), "Calling a watcher for a ZOO_SESSION_EVENT and the state=%s", state2String(zh->state)); @@ -2259,70 +2262,6 @@ static socket_t zookeeper_connect(zhandle_t *zh, LOG_DEBUG(LOGCALLBACK(zh), "[zk] connect()\n"); rc = connect(fd, (struct sockaddr *)addr, addr_len); -#ifdef HAVE_OPENSSL_H - if (zh->fd->cert != NULL) { - SSL_CTX *ctx = NULL; - SSL *ssl = NULL; - const SSL_METHOD *method; - - OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); - method = TLS_client_method(); - ctx = SSL_CTX_new(method); - - SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); - - /*SERVER CA FILE*/ - if (SSL_CTX_load_verify_locations(ctx, zh->fd->cert->ca, 0) != 1) { - SSL_CTX_free(ctx); - printf("Failed to load CA file %s", zh->fd->cert->ca); - exit(1); - } - if (SSL_CTX_set_default_verify_paths(ctx) != 1) { - SSL_CTX_free(ctx); - printf("Call to SSL_CTX_set_default_verify_paths failed"); - exit(1); - } - /*CLIENT CA FILE*/ - if (SSL_CTX_use_certificate_file(ctx, zh->fd->cert->cert, SSL_FILETYPE_PEM) != 1) { - SSL_CTX_free(ctx); - printf("Failed to load client certificate from %s", zh->fd->cert->cert); - exit(1); - } - /*CLIENT PRIVATE KEY*/ - SSL_CTX_set_default_passwd_cb_userdata(ctx, zh->fd->cert->passwd); - if (SSL_CTX_use_PrivateKey_file(ctx, zh->fd->cert->key, SSL_FILETYPE_PEM) != 1) { - SSL_CTX_free(ctx); - printf("Failed to load client private key from %s", zh->fd->cert->key); - exit(1); - } - /*CHECK*/ - if (SSL_CTX_check_private_key(ctx) != 1) { - SSL_CTX_free(ctx); - printf("SSL_CTX_check_private_key failed"); - exit(1); - } - /*MULTIPLE HANDSHAKE*/ - SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY); - - ssl = SSL_new(ctx); - if (ssl == NULL) { - printf("SSL_new error.\n"); - } - SSL_set_fd(ssl, fd); - - int err = SSL_ERROR_NONE; - do { - err = SSL_get_error(ssl, SSL_connect(ssl)); - } while (err != SSL_ERROR_NONE); - - zh->fd->ssl_sock = ssl; - zh->fd->ssl_ctx = ctx; - if (errno == SSL_ERROR_NONE) { - errno = EWOULDBLOCK; - } - } -#endif - #ifdef _WIN32 errno = GetLastError(); @@ -2544,6 +2483,68 @@ static int check_events(zhandle_t *zh, int events) { if (zh->fd->sock == -1) return ZINVALIDSTATE; +#ifdef HAVE_OPENSSL_H + if (!is_connected(zh) && zh->fd->cert != NULL) { + if (!zh->fd->ssl_sock) { + const SSL_METHOD *method; + + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + method = TLS_client_method(); + zh->fd->ssl_ctx = SSL_CTX_new(method); + + SSL_CTX **ctx = &zh->fd->ssl_ctx; + + SSL_CTX_set_verify(*ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); + + /*SERVER CA FILE*/ + if (SSL_CTX_load_verify_locations(*ctx, zh->fd->cert->ca, 0) != 1) { + SSL_CTX_free(*ctx); + printf("Failed to load CA file %s", zh->fd->cert->ca); + exit(1); + } + if (SSL_CTX_set_default_verify_paths(*ctx) != 1) { + SSL_CTX_free(*ctx); + printf("Call to SSL_CTX_set_default_verify_paths failed"); + exit(1); + } + /*CLIENT CA FILE*/ + if (SSL_CTX_use_certificate_file(*ctx, zh->fd->cert->cert, SSL_FILETYPE_PEM) != 1) { + SSL_CTX_free(*ctx); + printf("Failed to load client certificate from %s", zh->fd->cert->cert); + exit(1); + } + /*CLIENT PRIVATE KEY*/ + SSL_CTX_set_default_passwd_cb_userdata(*ctx, zh->fd->cert->passwd); + if (SSL_CTX_use_PrivateKey_file(*ctx, zh->fd->cert->key, SSL_FILETYPE_PEM) != 1) { + SSL_CTX_free(*ctx); + printf("Failed to load client private key from %s", zh->fd->cert->key); + exit(1); + } + /*CHECK*/ + if (SSL_CTX_check_private_key(*ctx) != 1) { + SSL_CTX_free(*ctx); + printf("SSL_CTX_check_private_key failed"); + exit(1); + } + /*MULTIPLE HANDSHAKE*/ + SSL_CTX_set_mode(*ctx, SSL_MODE_AUTO_RETRY); + + zh->fd->ssl_sock = SSL_new(*ctx); + if (zh->fd->ssl_sock == NULL) { + return handle_socket_error_msg(zh,__LINE__,ZSSLCONNECTIONERROR, + "error creating ssl context"); + } + SSL_set_fd(zh->fd->ssl_sock, zh->fd->sock); + } + + int err = SSL_get_error(zh->fd->ssl_sock, SSL_connect(zh->fd->ssl_sock)); + if (err != SSL_ERROR_NONE) + return handle_socket_error_msg(zh,__LINE__,err, + "ssl handshaking..."); + + } +#endif + if ((events&ZOOKEEPER_WRITE)&&(zh->state == ZOO_CONNECTING_STATE)) { int rc, error; socklen_t len = sizeof(error); @@ -2564,6 +2565,7 @@ static int check_events(zhandle_t *zh, int events) LOG_INFO(LOGCALLBACK(zh), "initiated connection to server %s", format_endpoint_info(&zh->addr_cur)); return ZOK; } + if (zh->to_send.head && (events&ZOOKEEPER_WRITE)) { /* make the flush call non-blocking by specifying a 0 timeout */ int rc=flush_send_queue(zh,0); From f0cdf848e16d9b7f0e5d8bd8c36b805baa6fc75b Mon Sep 17 00:00:00 2001 From: buaacss Date: Thu, 27 Sep 2018 00:27:09 +0800 Subject: [PATCH 09/13] reconnect --- zookeeper-client/zookeeper-client-c/src/zookeeper.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/zookeeper-client/zookeeper-client-c/src/zookeeper.c b/zookeeper-client/zookeeper-client-c/src/zookeeper.c index 36acfbac46c..c7d080d09a7 100644 --- a/zookeeper-client/zookeeper-client-c/src/zookeeper.c +++ b/zookeeper-client/zookeeper-client-c/src/zookeeper.c @@ -2539,8 +2539,9 @@ static int check_events(zhandle_t *zh, int events) int err = SSL_get_error(zh->fd->ssl_sock, SSL_connect(zh->fd->ssl_sock)); if (err != SSL_ERROR_NONE) - return handle_socket_error_msg(zh,__LINE__,err, - "ssl handshaking..."); + return ZSSLCONNECTIONERROR; + /*return handle_socket_error_msg(zh,__LINE__,err, + "ssl handshaking...");*/ } #endif From bba630e3eb4037518bcabcf2928c074f697b0ec2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=99=88=E7=A1=95=E5=AE=9E?= Date: Thu, 27 Sep 2018 17:26:38 +0800 Subject: [PATCH 10/13] refine init ssl --- .../zookeeper-client-c/src/zookeeper.c | 115 +++++++++--------- 1 file changed, 60 insertions(+), 55 deletions(-) diff --git a/zookeeper-client/zookeeper-client-c/src/zookeeper.c b/zookeeper-client/zookeeper-client-c/src/zookeeper.c index c7d080d09a7..3107198e455 100644 --- a/zookeeper-client/zookeeper-client-c/src/zookeeper.c +++ b/zookeeper-client/zookeeper-client-c/src/zookeeper.c @@ -2479,70 +2479,75 @@ int zookeeper_interest(zhandle_t *zh, socket_t *fd, int *interest, return api_epilog(zh,ZOK); } -static int check_events(zhandle_t *zh, int events) -{ - if (zh->fd->sock == -1) - return ZINVALIDSTATE; #ifdef HAVE_OPENSSL_H - if (!is_connected(zh) && zh->fd->cert != NULL) { - if (!zh->fd->ssl_sock) { - const SSL_METHOD *method; +static int init_ssl(zhandle_t *zh) +{ + if (!zh->fd->ssl_sock) { + const SSL_METHOD *method; - OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); - method = TLS_client_method(); - zh->fd->ssl_ctx = SSL_CTX_new(method); + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + method = TLS_client_method(); + zh->fd->ssl_ctx = SSL_CTX_new(method); - SSL_CTX **ctx = &zh->fd->ssl_ctx; + SSL_CTX **ctx = &zh->fd->ssl_ctx; - SSL_CTX_set_verify(*ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); + SSL_CTX_set_verify(*ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); - /*SERVER CA FILE*/ - if (SSL_CTX_load_verify_locations(*ctx, zh->fd->cert->ca, 0) != 1) { - SSL_CTX_free(*ctx); - printf("Failed to load CA file %s", zh->fd->cert->ca); - exit(1); - } - if (SSL_CTX_set_default_verify_paths(*ctx) != 1) { - SSL_CTX_free(*ctx); - printf("Call to SSL_CTX_set_default_verify_paths failed"); - exit(1); - } - /*CLIENT CA FILE*/ - if (SSL_CTX_use_certificate_file(*ctx, zh->fd->cert->cert, SSL_FILETYPE_PEM) != 1) { - SSL_CTX_free(*ctx); - printf("Failed to load client certificate from %s", zh->fd->cert->cert); - exit(1); - } - /*CLIENT PRIVATE KEY*/ - SSL_CTX_set_default_passwd_cb_userdata(*ctx, zh->fd->cert->passwd); - if (SSL_CTX_use_PrivateKey_file(*ctx, zh->fd->cert->key, SSL_FILETYPE_PEM) != 1) { - SSL_CTX_free(*ctx); - printf("Failed to load client private key from %s", zh->fd->cert->key); - exit(1); - } - /*CHECK*/ - if (SSL_CTX_check_private_key(*ctx) != 1) { - SSL_CTX_free(*ctx); - printf("SSL_CTX_check_private_key failed"); - exit(1); - } - /*MULTIPLE HANDSHAKE*/ - SSL_CTX_set_mode(*ctx, SSL_MODE_AUTO_RETRY); + /*SERVER CA FILE*/ + if (SSL_CTX_load_verify_locations(*ctx, zh->fd->cert->ca, 0) != 1) { + SSL_CTX_free(*ctx); + printf("Failed to load CA file %s", zh->fd->cert->ca); + exit(1); + } + if (SSL_CTX_set_default_verify_paths(*ctx) != 1) { + SSL_CTX_free(*ctx); + printf("Call to SSL_CTX_set_default_verify_paths failed"); + exit(1); + } + /*CLIENT CA FILE*/ + if (SSL_CTX_use_certificate_file(*ctx, zh->fd->cert->cert, SSL_FILETYPE_PEM) != 1) { + SSL_CTX_free(*ctx); + printf("Failed to load client certificate from %s", zh->fd->cert->cert); + exit(1); + } + /*CLIENT PRIVATE KEY*/ + SSL_CTX_set_default_passwd_cb_userdata(*ctx, zh->fd->cert->passwd); + if (SSL_CTX_use_PrivateKey_file(*ctx, zh->fd->cert->key, SSL_FILETYPE_PEM) != 1) { + SSL_CTX_free(*ctx); + printf("Failed to load client private key from %s", zh->fd->cert->key); + exit(1); + } + /*CHECK*/ + if (SSL_CTX_check_private_key(*ctx) != 1) { + SSL_CTX_free(*ctx); + printf("SSL_CTX_check_private_key failed"); + exit(1); + } + /*MULTIPLE HANDSHAKE*/ + SSL_CTX_set_mode(*ctx, SSL_MODE_AUTO_RETRY); - zh->fd->ssl_sock = SSL_new(*ctx); - if (zh->fd->ssl_sock == NULL) { - return handle_socket_error_msg(zh,__LINE__,ZSSLCONNECTIONERROR, - "error creating ssl context"); - } - SSL_set_fd(zh->fd->ssl_sock, zh->fd->sock); + zh->fd->ssl_sock = SSL_new(*ctx); + if (zh->fd->ssl_sock == NULL) { + return handle_socket_error_msg(zh,__LINE__,ZSSLCONNECTIONERROR, + "error creating ssl context"); } + SSL_set_fd(zh->fd->ssl_sock, zh->fd->sock); + } - int err = SSL_get_error(zh->fd->ssl_sock, SSL_connect(zh->fd->ssl_sock)); - if (err != SSL_ERROR_NONE) - return ZSSLCONNECTIONERROR; - /*return handle_socket_error_msg(zh,__LINE__,err, - "ssl handshaking...");*/ + return SSL_get_error(zh->fd->ssl_sock, SSL_connect(zh->fd->ssl_sock)); +} +#endif +static int check_events(zhandle_t *zh, int events) +{ + if (zh->fd->sock == -1) + return ZINVALIDSTATE; + +#ifdef HAVE_OPENSSL_H + if (!is_connected(zh) && zh->fd->cert != NULL) { + if (init_ssl(zh) != SSL_ERROR_NONE) { + return ZSSLCONNECTIONERROR; + } } #endif From ec09ea5fc8384fef448220df54c85aa6ae2b3faf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=99=88=E7=A1=95=E5=AE=9E?= Date: Wed, 27 Feb 2019 16:58:16 +0800 Subject: [PATCH 11/13] skip declaration-after-statement --- zookeeper-client/zookeeper-client-c/src/cli.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/zookeeper-client/zookeeper-client-c/src/cli.c b/zookeeper-client/zookeeper-client-c/src/cli.c index ef88658e937..7402e1e8a51 100644 --- a/zookeeper-client/zookeeper-client-c/src/cli.c +++ b/zookeeper-client/zookeeper-client-c/src/cli.c @@ -653,6 +653,13 @@ void processline(char *line) { } int main(int argc, char **argv) { + static struct option long_options[] = { + {"host", required_argument, NULL, 'h'}, //hostPort + {"myid", optional_argument, NULL, 'i'}, //myId + {"cmd", optional_argument, NULL, 'c'}, //cmd + {"cert", optional_argument, NULL, 's'}, //certificates files + {NULL, 0, NULL, 0}, + }; #ifndef THREADED fd_set rfds, wfds, efds; int processed=0; @@ -669,14 +676,7 @@ int main(int argc, char **argv) { int opt; int option_index = 0; - opterr = 0; - static struct option long_options[] = { - {"host", required_argument, NULL, 'h'}, //hostPort - {"myid", optional_argument, NULL, 'i'}, //myId - {"cmd", optional_argument, NULL, 'c'}, //cmd - {"cert", optional_argument, NULL, 's'}, //certificates files - {NULL, 0, NULL, 0}, - }; + flags = 0; while ((opt = getopt_long(argc, argv, "h:m::rc::s::", long_options, &option_index)) != -1) { switch (opt) { From 010dec1ed1c05b4c52afa37b306a75263ece3a38 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E9=99=88=E7=A1=95=E5=AE=9E?= Date: Wed, 27 Feb 2019 18:04:20 +0800 Subject: [PATCH 12/13] unittest for close --- zookeeper-client/zookeeper-client-c/tests/TestZookeeperClose.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/zookeeper-client/zookeeper-client-c/tests/TestZookeeperClose.cc b/zookeeper-client/zookeeper-client-c/tests/TestZookeeperClose.cc index 6d704364f98..f20910f506f 100644 --- a/zookeeper-client/zookeeper-client-c/tests/TestZookeeperClose.cc +++ b/zookeeper-client/zookeeper-client-c/tests/TestZookeeperClose.cc @@ -110,7 +110,7 @@ class Zookeeper_close : public CPPUNIT_NS::TestFixture zh=zookeeper_init("localhost:2121",watcher,10000,0,0,0); CPPUNIT_ASSERT(zh!=0); // simulate connected state - zh->fd=ZookeeperServer::FD; + zh->fd->sock=ZookeeperServer::FD; zh->state=ZOO_CONNECTED_STATE; Mock_flush_send_queue zkMock; // do not actually free the memory while in zookeeper_close() From 8d6ea45ef46600d3f7e0555f645269e9130dd0a5 Mon Sep 17 00:00:00 2001 From: buaacss Date: Thu, 28 Feb 2019 23:34:07 +0800 Subject: [PATCH 13/13] skip unit test for ssl --- zookeeper-client/zookeeper-client-c/tests/TestClient.cc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/zookeeper-client/zookeeper-client-c/tests/TestClient.cc b/zookeeper-client/zookeeper-client-c/tests/TestClient.cc index 2b2a4120b48..501c4a65792 100644 --- a/zookeeper-client/zookeeper-client-c/tests/TestClient.cc +++ b/zookeeper-client/zookeeper-client-c/tests/TestClient.cc @@ -269,12 +269,14 @@ class Zookeeper_simpleSystem : public CPPUNIT_NS::TestFixture return zk; } +#ifdef HAVE_OPENSSL_H zhandle_t *createSSLClient(const char *hp, const char *cert, watchctx_t *ctx) { zhandle_t *zk = zookeeper_init_ssl(hp, cert, watcher, 30000, 0, ctx, 0); ctx->zh = zk; sleep(1); return zk; } +#endif zhandle_t *createchClient(watchctx_t *ctx, const char* chroot) { zhandle_t *zk = zookeeper_init(chroot, watcher, 10000, 0, ctx, 0); @@ -762,6 +764,7 @@ class Zookeeper_simpleSystem : public CPPUNIT_NS::TestFixture CPPUNIT_ASSERT_EQUAL((int) ZOK, rc); } +#ifdef HAVE_OPENSSL_H void testSSL() { watchctx_t ctx; zhandle_t *zk = createSSLClient("127.0.0.1:22281", "../ssl/server.crt,../ssl/client.crt,../ssl/clientkey.pem,testpass", &ctx); @@ -771,6 +774,7 @@ class Zookeeper_simpleSystem : public CPPUNIT_NS::TestFixture &ZOO_OPEN_ACL_UNSAFE, 0, 0, 0); CPPUNIT_ASSERT_EQUAL((int) ZOK, rc); } +#endif void testNullData() { watchctx_t ctx;