From 4135c785354c8bfbe5a220cd0358f21d51f63a06 Mon Sep 17 00:00:00 2001 From: "dennis.mercuriali" Date: Thu, 13 Mar 2025 12:54:54 +0100 Subject: [PATCH 1/4] #200 support for pkcs12 server certs --- .gitignore | 1 + .../network/netty/NettyChannelAcceptor.java | 81 +++++++++++------- .../test/java/blazingcache/SimpleSSLTest.java | 22 ++++- .../src/test/resources/cert1.key | 30 +++++++ .../src/test/resources/cert1.p12 | Bin 0 -> 2611 bytes .../src/test/resources/cert1_chain.pem | 21 +++++ 6 files changed, 121 insertions(+), 34 deletions(-) create mode 100644 blazingcache-core/src/test/resources/cert1.key create mode 100644 blazingcache-core/src/test/resources/cert1.p12 create mode 100644 blazingcache-core/src/test/resources/cert1_chain.pem diff --git a/.gitignore b/.gitignore index 09c70ec..8b5edd3 100644 --- a/.gitignore +++ b/.gitignore @@ -11,4 +11,5 @@ **/.settings/ **/.DS_Store/ /.idea/ +**/*.iml /.vscode/ diff --git a/blazingcache-core/src/main/java/blazingcache/network/netty/NettyChannelAcceptor.java b/blazingcache-core/src/main/java/blazingcache/network/netty/NettyChannelAcceptor.java index ac55976..9141aed 100644 --- a/blazingcache-core/src/main/java/blazingcache/network/netty/NettyChannelAcceptor.java +++ b/blazingcache-core/src/main/java/blazingcache/network/netty/NettyChannelAcceptor.java @@ -38,6 +38,8 @@ import io.netty.handler.ssl.SslProvider; import io.netty.handler.ssl.util.SelfSignedCertificate; import java.io.File; +import java.io.FileInputStream; +import java.security.KeyStore; import java.util.List; import java.util.concurrent.ExecutionException; import java.util.concurrent.ExecutorService; @@ -48,6 +50,8 @@ import java.util.concurrent.atomic.AtomicLong; import java.util.logging.Level; import java.util.logging.Logger; +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SSLException; /** * Accepts connections from workers @@ -165,21 +169,38 @@ public void start() throws Exception { SelfSignedCertificate ssc = new SelfSignedCertificate(); try { sslCtx = SslContextBuilder - .forServer(ssc.certificate(), ssc.privateKey()) - .sslProvider(useOpenSSL ? SslProvider.OPENSSL : SslProvider.JDK) - .ciphers(sslCiphers) - .build(); + .forServer(ssc.certificate(), ssc.privateKey()) + .sslProvider(useOpenSSL ? SslProvider.OPENSSL : SslProvider.JDK) + .ciphers(sslCiphers) + .build(); } finally { ssc.delete(); } } else { - LOGGER.log(Level.SEVERE, "start SSL with certificate " + sslCertFile.getAbsolutePath() + " chain file " + sslCertChainFile.getAbsolutePath() + ", useOpenSSL:" + useOpenSSL); + LOGGER.log(Level.SEVERE, "start SSL with certificate " + sslCertFile.getAbsolutePath() + + " chain file " + (sslCertChainFile == null ? "null" : sslCertChainFile.getAbsolutePath()) + + ", useOpenSSL:" + useOpenSSL); if (sslCiphers != null) { LOGGER.log(Level.SEVERE, "required sslCiphers " + sslCiphers); } - sslCtx = SslContextBuilder.forServer(sslCertChainFile, sslCertFile, sslCertPassword) - .sslProvider(useOpenSSL ? SslProvider.OPENSSL : SslProvider.JDK) - .ciphers(sslCiphers).build(); + SslContextBuilder builder; + if (sslCertFile.getName().endsWith(".p12") || sslCertFile.getName().endsWith(".pfx")) { + try (FileInputStream fis = new FileInputStream(sslCertFile)) { + KeyStore ks = KeyStore.getInstance("PKCS12"); + ks.load(fis, sslCertPassword.toCharArray()); + + KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); + kmf.init(ks, sslCertPassword.toCharArray()); + + builder = SslContextBuilder.forServer(kmf); + } catch (Exception e) { + throw new SSLException("provided certFile looks like a PKCS12 file but could not be loaded", e); + } + } else { + builder = SslContextBuilder.forServer(sslCertChainFile, sslCertFile, sslCertPassword); + } + sslCtx = builder.sslProvider(useOpenSSL ? SslProvider.OPENSSL : SslProvider.JDK) + .ciphers(sslCiphers).build(); } } @@ -205,31 +226,31 @@ public Thread newThread(Runnable r) { } ServerBootstrap b = new ServerBootstrap(); b.group(bossGroup, workerGroup) - .channel(NetworkUtils.isEnableEpollNative() ? EpollServerSocketChannel.class : NioServerSocketChannel.class) - .childHandler(new ChannelInitializer() { - @Override - public void initChannel(SocketChannel ch) throws Exception { - NettyChannel session = new NettyChannel("unnamed", ch, callbackExecutor, null); - if (acceptor != null) { - acceptor.createConnection(session); - } + .channel(NetworkUtils.isEnableEpollNative() ? EpollServerSocketChannel.class : NioServerSocketChannel.class) + .childHandler(new ChannelInitializer() { + @Override + public void initChannel(SocketChannel ch) throws Exception { + NettyChannel session = new NettyChannel("unnamed", ch, callbackExecutor, null); + if (acceptor != null) { + acceptor.createConnection(session); + } // ch.pipeline().addLast(new LoggingHandler()); - // Add SSL handler first to encrypt and decrypt everything. - if (ssl) { - ch.pipeline().addLast(sslCtx.newHandler(ch.alloc())); + // Add SSL handler first to encrypt and decrypt everything. + if (ssl) { + ch.pipeline().addLast(sslCtx.newHandler(ch.alloc())); + } + + ch.pipeline().addLast("lengthprepender", new LengthFieldPrepender(4)); + ch.pipeline().addLast("lengthbaseddecoder", new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4, 0, 4)); + ch.pipeline().addLast("messageencoder", new DataMessageEncoder()); + ch.pipeline().addLast("messagedecoder", new DataMessageDecoder()); + ch.pipeline().addLast(new InboundMessageHandler(session)); } - - ch.pipeline().addLast("lengthprepender", new LengthFieldPrepender(4)); - ch.pipeline().addLast("lengthbaseddecoder", new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4, 0, 4)); - ch.pipeline().addLast("messageencoder", new DataMessageEncoder()); - ch.pipeline().addLast("messagedecoder", new DataMessageDecoder()); - ch.pipeline().addLast(new InboundMessageHandler(session)); - } - }) - .option(ChannelOption.SO_BACKLOG, 128) - .option(ChannelOption.SO_REUSEADDR, true) - .childOption(ChannelOption.SO_KEEPALIVE, true); + }) + .option(ChannelOption.SO_BACKLOG, 128) + .option(ChannelOption.SO_REUSEADDR, true) + .childOption(ChannelOption.SO_KEEPALIVE, true); ChannelFuture f = b.bind(host, port).sync(); // (7) this.channel = f.channel(); diff --git a/blazingcache-core/src/test/java/blazingcache/SimpleSSLTest.java b/blazingcache-core/src/test/java/blazingcache/SimpleSSLTest.java index 43f0bb1..1d03488 100644 --- a/blazingcache-core/src/test/java/blazingcache/SimpleSSLTest.java +++ b/blazingcache-core/src/test/java/blazingcache/SimpleSSLTest.java @@ -27,6 +27,7 @@ import blazingcache.server.CacheServer; import io.netty.handler.ssl.util.SelfSignedCertificate; import java.io.File; +import java.net.URL; import java.nio.charset.StandardCharsets; import org.junit.Assert; import org.junit.Test; @@ -35,21 +36,34 @@ public class SimpleSSLTest { @Test public void basicTestSslSelfSigned() throws Exception { - basicTestSsl(null, null); + basicTestSsl(null, null, null); } @Test public void basicTestSslWithCert() throws Exception { SelfSignedCertificate ssc = new SelfSignedCertificate(); - basicTestSsl(ssc.privateKey(), ssc.certificate()); + basicTestSsl(ssc.privateKey(), ssc.certificate(), null); } - private void basicTestSsl(File certificateFile, File certificateChain) throws Exception { + @Test + public void basicTestSslWithPwdProtectedCert() throws Exception { + File cert = new File(this.getClass().getClassLoader().getResource("cert1.key").getFile()); + File chain = new File(this.getClass().getClassLoader().getResource("cert1_chain.pem").getFile()); + basicTestSsl(cert, chain, "blazingcache1"); + } + + @Test + public void basicTestSslWithPKCS12() throws Exception { + File cert = new File(this.getClass().getClassLoader().getResource("cert1.p12").getFile()); + basicTestSsl(cert, null, "blazingcache1"); + } + + private void basicTestSsl(File certificateFile, File certificateChain, String certificateFilePassword) throws Exception { byte[] data = "testdata".getBytes(StandardCharsets.UTF_8); ServerHostData serverHostData = new ServerHostData("localhost", 1234, "test", true, null); try (CacheServer cacheServer = new CacheServer("ciao", serverHostData)) { - cacheServer.setupSsl(certificateFile, null, certificateChain, null); + cacheServer.setupSsl(certificateFile, certificateFilePassword, certificateChain, null); cacheServer.start(); try (CacheClient client1 = new CacheClient("theClient1", "ciao", new NettyCacheServerLocator(serverHostData)); CacheClient client2 = new CacheClient("theClient2", "ciao", new NettyCacheServerLocator(serverHostData));) { diff --git a/blazingcache-core/src/test/resources/cert1.key b/blazingcache-core/src/test/resources/cert1.key new file mode 100644 index 0000000..5f756c5 --- /dev/null +++ b/blazingcache-core/src/test/resources/cert1.key @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQI0cy6qzGPdncCAggA +MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBD4YpSngAfZjRa9qJ87LmpVBIIE +0JyIDCAHYufKL06QAJgmtoUjDxK28y7S7HkT/RB+6UDLtaWy6XDaFtXOfAymQsgx +L48rX9JkYjPR+O/A+3ddbA7yMiGUYnPH2mk0WCJdehGGI9D1oBkf18qyKIbV0fqE +W5wcpggFYY+issTxX5njhr4Q1iyiA94SHmZG/0TPL3dKlN9XkKVW2eNkm2xH6W3m +AEX4uRC3x2VH0sTW1i7eHhisSz6STlMtdzl4j/SzWsBwNnCHfu8v3GIvGwI9OQ63 +OKean6Dv68vmTitFPIHEDeWiZ2dD2SbRJhANxjDrn6buT1IVLZ4AGvS0+MrmQZSf +oJan0z9A0G9q/xnwfAq9RGlswK2fDJCt+rtpVJdTSLr7OP0cWxqBaFFM3ZL+eoFK +wOxcI4hmNlnbvk6+lYUY7G2i+ZXcGQz+jE/ArJ07NJUH8YXbh7DDV69HqkilJRM4 +f/JpVjMk0zT/ygzRosgGW2MndBGiBV1EP835Nd7zzkKfyvT98+o0zEp9r7FZP7mv +qLuQGSaiACgWlcc7YG9cjEPqbMQ/6jwlOACwLo7hvE/JcRZHN23ib7ssg8hvlpi7 +EW60ZK9fGtJgMm9CDgn0UVdVaCXNXUonuI2r3AD6B7xhlV0ScEZ2T+myQ7vvMvNi +vlK6NbCmms0PgbG0jvzFlAeXw8hWq7cuTbv6dBDokNjQ9XM6GZPDG/ynYpFb7SnK +eznAHtWPYnDjSRtYWaqU3sTWqh0BkAR3xaL0/jRDm3MJBhcE8U3gEugVC5yHML7q +4Ux+aBt/Gq0jT6M3PZENheN8c5wso9shL3M8m+mQ760sHNYH3vTGF+4Z/AOBsgpU +sYTgrPLMScxDfTomf/srT9XG6P+Cd2X5d6pLMWy8FS5/R3GNRRDkOnI3BlkkTR8Y +0Kw8Z7CE05Uw8rUwlkpSGrGwWxq5+ZMN7YnvJH4I3P0FMzl8BSPmVI3XGyaibpBi +reU36l0QekkDIoVa3erMnB0FYO6R29XpY83BGbtiQlrS8Mw47zMHJRo3W4Zl7TdF +2vdNjoKw+Fe3tvMkOT1cNBzHyU00uSaKFB8kxTOv/sLkXeGUUT1n+SLscaxqfGV6 +Ctxwims18/ItUsMkMAHX3fedRbBXRV99Cr5wBg9NPc3j+NAC2c5w/8Xt+e66C6lB +bFPRlRXyPJlWCEPrGQEX4OgVQI//JtiRaB39wjCDW+RCYlz2a1fDVy4mfOuu3jp5 +RBz1WxL+gJWbpGbXwqBv8jofxm7DtQl8wghWbCGmNTj4pXtPQBA4zamdvi/s2qrL +IZerX0k5zZnY5KQYUgpxybpU28ua9fgrIxzA/Tg5V5dL34WjF3S4IQBqz4PYLVMh +t0Uz6l8s8ccLkZ0e0j9vsFM91oiAn2RIOBheoLg2vNJeLl5KGi+gl3SoiEigdwG8 +hTAO8FR+iCoYz+ApOV6H1rqs3g4cWWP/RKWxjBFJ4qERXBDNvBtbA97b/yDnv7hh +X3ZtXtsml9sT4gOZmAtZD3VviJWiuSWpfEcN/DWaNtMLzyQ1WW8Ai+iKqMODjcw/ +EnU+/kl2zWvOpbRGK2G8HI7FJVWo6dPfApXdY16ITMXKY35uQAD6HqP2vbPGeBrh +QcZh2pbF3v86Kmwlcj0dTWS4UBSPWJtyeIresTOp3+be +-----END ENCRYPTED PRIVATE KEY----- diff --git a/blazingcache-core/src/test/resources/cert1.p12 b/blazingcache-core/src/test/resources/cert1.p12 new file mode 100644 index 0000000000000000000000000000000000000000..08cf782ecd40bee05dbd6f373a3b08a519d5b2fe GIT binary patch literal 2611 zcmai$XEYlM8^{V*K)N0kHu34kE8Y6bKR4BD)uhom#rPQq06txLz zMXcJjN6lVd_q^}v{dhk-=Q+>sf1dMv`<(}cr4|PQ$Wd6T6$&chaP9CD7=RLxgQc1P zVW~#1@em3NQvWBS$iaf7uF>@p*>w~ACjp?$e+^(5N*5*c&j>}`0zs7BY^RpL;1+>E z2pI}W0r}rGAQhMl#YsVB7p@I(A_oD4L3I5mflLe=v>p`_l#huZDEt+cyp6GG$5=eP z?hXF6u~EZsN^TjoZdq+9rN&;T{LB5~hrMroy9t49((nblAe9#TZ?hO4?RVmd#o>1(H(9uZm63Eajy$cZzOuo6k9E8+OV5!~erBYb4$a7~86n}US zolrg|BT)f`ZARld<0^@X$kD62EEJx>UZOup`DWz2FFrB=n-MHg9w*~>TdYzd#)*&p zF1+lx5{tW~?2bE^PUJco({C&4mCr!nd?%!Y`NBKpA$Qt%Qhnz0LPscP$!;UZ9h0le zB#`|>AvTjTargR)xe!jzZs8ORcF=TN$Fzvrx{+ajcG=0a)!d!JMjO9CH5dmUem{>Z z;zD~QJ%PB^bA^zJX)1Y(L%fF%`vv%fDA6GN<^a13;oTbB=-8f$Y%;FVlE6Afu94B+ zGEjs*iHSkq18K>YU=wMEk!nBb{NCwhu;_x_xd|vLxa%Qbv9ekD(xJ+<{|^&71BlvO zSW;##z@YDfnwbE(hD0_KXm*<+zBP@$S=8GjOVoK}S~N zj6Sl+^jtMfj3Z^=X76J}5UaYSq!4FA)=q-QHiCUR<*L0`_d_CSE5=A@z}M&a!5*ne zR`TABmlEsB{AmI1wbUP(znOWi@!(ZWHimmLLF|!t6tJdzYYK2hzb5b1Q4tpqF3xof z(Iw7Zu8_#ssT9+q$nae>kK3*6O)~e<58CZR zhYWPYmftl94i%B*2ljfUWLb3JWXZdf+dFTv(IIQy{%tcTG zMz0zGQ?l7))RB?Lsy<&v628PcS^3wL)v^#3;kst#(-U z?GM#2)w2s_O{@1)*z98SWU!DASuWU@#xxf3f0=IDl2~WyB3#nL@ZQk^j0nJexg0Gw%0e1?o#^!u4GY0L z?@QenG>VkV7LNLj8FQW`8Q-^>`mV`;7vr-jH;|N8uI&6*cY>CetIlTCIa1C^KMF_N z^VOIQ z_4~JGw?#@GSJPqYb~Hj55d+Gnt6 zKIz(uy+iwh7Jmhg0d;*~8Isb`dgc*Co);S7#zO1r#w*3=Rv!^|PdhA_o9bdD`C zhbg=eQIV$PHBSbKn7Wn`=g-tWw5Dl5rO?0)>U>9R)#QX=iszao$KQg{pDd9l1 zad6lMCwycL!gh;n0zV?TJ%~l9111Ul66! zc0tY(vvMnYZxd^VNLHtPpE-QWAqAR7A*9RXXs?`i+7RdxSvd435>$kO%OZP|EvjGJ ztE;_1EH`Zyw@PQ2&Hx?NFd&Z44(U1qDq(m!)n^^gO&^zE}?(tKP7eHEb@R zrF0N!E9Crro>weVHVnQ@siIUllfDz6()_1x<7hxY9=W_=L{{HcP<-i&o<*Mr!j_8s ziagUmFu;cKE4BWXvk9@PS$JJ<%z2l*;&jGy3qSDV>?x_apN_&1U1Lx z)q#WAh8;xdWj^`Bia*w@;q|-ARZOLLmhtOJ9v?;#rW&HO|5rT}oLxsH{zgxR8hcF( zzN-C*7XVVsL5A=!iLd z&c)fJWc_+Qp8Mvc3rK1WUL9lb2$-FG)LvVeN$-)Tg;k}km*=Jz)BC=ubgkz3QP9NK zh+1aHX}`P>*V1-^9F6Q!zV4$)G37cy^D|zugjku0pES-xLM~I$B8wf_Yy CU$q_p literal 0 HcmV?d00001 diff --git a/blazingcache-core/src/test/resources/cert1_chain.pem b/blazingcache-core/src/test/resources/cert1_chain.pem new file mode 100644 index 0000000..b3f6103 --- /dev/null +++ b/blazingcache-core/src/test/resources/cert1_chain.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDXzCCAkegAwIBAgIUI9HMRW+gfFWKIV3y+Nu3jCj+ZpowDQYJKoZIhvcNAQEL +BQAwPjELMAkGA1UEBhMCSVQxCzAJBgNVBAgMAlJBMRAwDgYDVQQKDAdEaWVubmVh +MRAwDgYDVQQLDAdEaWVubmVhMCAXDTI1MDMxMzExNDUwN1oYDzIxMjUwMjE3MTE0 +NTA3WjA+MQswCQYDVQQGEwJJVDELMAkGA1UECAwCUkExEDAOBgNVBAoMB0RpZW5u +ZWExEDAOBgNVBAsMB0RpZW5uZWEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQCtpMg1OcPN985H9cVRy9S9fqHZWCH9EuSHrtFgD+l+XA72lDVI6Z20NNQA +OJoKLEnpJyfeMTYVvr13zo49OefPsEh4xQTp4RnmYFynAptw/pI/7LjPe6w0jgsu +HhTKN9IHyoJykELkfTmGoj21aWP7dK4/OBZUuoIgbI26oWNRahHpsoc8pxf/M5tM +aZZxAQm0Vk2dA7U7qHWjFopwsEQwRGKSl1SRRtoIut5QYdN7SRRZeJXdzqdUmcjx +mEBsOiRoaCa+p6C6MKwhVCAPUdV3UM1v0W/jWVB/NVe/x/vjiqEJITbNvyFRxw57 +c39A9TgqPFFV8cYNWJPEo+DyKJ4DAgMBAAGjUzBRMB0GA1UdDgQWBBRSxJLBO4Xu +H/ImY7eJ7nlm4+doajAfBgNVHSMEGDAWgBRSxJLBO4XuH/ImY7eJ7nlm4+doajAP +BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQChpeQew+D/Vp15izU6 +dOlrwVjeJfj5r2nkpQOAtx8G8lNjfXt7+5zKz/s4WsD+L8JrMLGPQy6roXP2kx2t +ZhClGTRojPhFiOdcJ2l2fwzXFW3kREPhvHuKOzr1O3U4nguKO9+vE4prlfX1hL48 +N11WULA1vd5H6zI/Yn7l6i9RiCp9hwYZKGq9zgiZzhq5+YSVSN+nkEycEDmBDl4+ +frBoamxgE1dapdfHcKrEz8HXplCzmkx1JEkAdvB/+Jwf4RkeIhqcPreyhBR7Axqj +U4iCziFwHkNuRa55T1YfZaZMo0zPOOHkb0OR/dRR3DYF5wwtO+tR11AKPUdj7sns +sdxJ +-----END CERTIFICATE----- From 42ac74498f2dc8eb7c9139aeeb632a4b8f2794f4 Mon Sep 17 00:00:00 2001 From: "dennis.mercuriali" Date: Thu, 13 Mar 2025 14:55:34 +0100 Subject: [PATCH 2/4] #200 allow to set secure ssl on client --- .../blazingcache/client/CacheClientBuilder.java | 3 +++ .../network/netty/GenericNettyBrokerLocator.java | 10 ++++++++++ .../blazingcache/network/netty/NettyConnector.java | 13 ++++++------- .../blazingcache/jcache/BlazingCacheManager.java | 4 ++++ 4 files changed, 23 insertions(+), 7 deletions(-) diff --git a/blazingcache-core/src/main/java/blazingcache/client/CacheClientBuilder.java b/blazingcache-core/src/main/java/blazingcache/client/CacheClientBuilder.java index 17a59ad..345ad33 100644 --- a/blazingcache-core/src/main/java/blazingcache/client/CacheClientBuilder.java +++ b/blazingcache-core/src/main/java/blazingcache/client/CacheClientBuilder.java @@ -53,6 +53,7 @@ public class CacheClientBuilder { private Object cacheServer; private int port = 1025; private boolean ssl = false; + private boolean sslInsecure = true; private boolean jmx = false; private EntrySerializer entrySerializer = new JDKEntrySerializer(); private MetricsProvider metricsProvider; @@ -290,11 +291,13 @@ public CacheClient build() { locator = new NettyCacheServerLocator(host, port, ssl); ((GenericNettyBrokerLocator) locator).setConnectTimeout(connectTimeout); ((GenericNettyBrokerLocator) locator).setSocketTimeout(socketTimeout); + ((GenericNettyBrokerLocator) locator).setSslInsecure(sslInsecure); break; case CLUSTERED: locator = new ZKCacheServerLocator(zkConnectString, zkSessionTimeout, zkPath); ((GenericNettyBrokerLocator) locator).setConnectTimeout(connectTimeout); ((GenericNettyBrokerLocator) locator).setSocketTimeout(socketTimeout); + ((GenericNettyBrokerLocator) locator).setSslInsecure(sslInsecure); break; case LOCAL: if (cacheServer == null) { diff --git a/blazingcache-core/src/main/java/blazingcache/network/netty/GenericNettyBrokerLocator.java b/blazingcache-core/src/main/java/blazingcache/network/netty/GenericNettyBrokerLocator.java index 048cea5..4aaa7a3 100644 --- a/blazingcache-core/src/main/java/blazingcache/network/netty/GenericNettyBrokerLocator.java +++ b/blazingcache-core/src/main/java/blazingcache/network/netty/GenericNettyBrokerLocator.java @@ -44,6 +44,7 @@ public abstract class GenericNettyBrokerLocator implements ServerLocator { protected int connectTimeout = 60000; protected int socketTimeout = 240000; + protected boolean sslInsecure = true; public int getConnectTimeout() { return connectTimeout; @@ -61,6 +62,14 @@ public void setSocketTimeout(int socketTimeout) { this.socketTimeout = socketTimeout; } + public boolean isSslInsecure() { + return sslInsecure; + } + + public void setSslInsecure(boolean sslInsecure) { + this.sslInsecure = sslInsecure; + } + @Override public Channel connect(ChannelEventListener messageReceiver, ConnectionRequestInfo clientInfo) throws InterruptedException, ServerNotAvailableException, ServerRejectedConnectionException { boolean ok = false; @@ -82,6 +91,7 @@ public Channel connect(ChannelEventListener messageReceiver, ConnectionRequestIn connector.setConnectTimeout(connectTimeout); connector.setSocketTimeout(socketTimeout); connector.setSsl(broker.isSsl()); + connector.setSslInsecure(sslInsecure); NettyChannel channel; try { channel = connector.connect(); diff --git a/blazingcache-core/src/main/java/blazingcache/network/netty/NettyConnector.java b/blazingcache-core/src/main/java/blazingcache/network/netty/NettyConnector.java index 58ea3ac..a989353 100644 --- a/blazingcache-core/src/main/java/blazingcache/network/netty/NettyConnector.java +++ b/blazingcache-core/src/main/java/blazingcache/network/netty/NettyConnector.java @@ -40,7 +40,6 @@ import io.netty.handler.timeout.ReadTimeoutHandler; import java.util.concurrent.ExecutorService; import java.util.concurrent.Executors; -import java.util.logging.Level; import java.util.logging.Logger; /** @@ -59,7 +58,7 @@ public class NettyConnector implements AutoCloseable { private EventLoopGroup group; private SslContext sslCtx; private boolean ssl; - private boolean sslUnsecure = true; + private boolean sslInsecure = true; protected int connectTimeout = 60000; protected int socketTimeout = 240000; private final ExecutorService callbackExecutor = Executors.newCachedThreadPool(); @@ -100,12 +99,12 @@ public void setSsl(boolean ssl) { this.ssl = ssl; } - public boolean isSslUnsecure() { - return sslUnsecure; + public boolean isSslInsecure() { + return sslInsecure; } - public void setSslUnsecure(boolean sslUnsecure) { - this.sslUnsecure = sslUnsecure; + public void setSslInsecure(boolean sslInsecure) { + this.sslInsecure = sslInsecure; } private ChannelEventListener receiver; @@ -117,7 +116,7 @@ public NettyConnector(ChannelEventListener receiver) { public NettyChannel connect() throws Exception { if (ssl) { boolean useOpenSSL = NetworkUtils.isOpenSslAvailable(); - if (sslUnsecure) { + if (sslInsecure) { this.sslCtx = SslContextBuilder .forClient() .sslProvider(useOpenSSL ? SslProvider.OPENSSL : SslProvider.JDK) diff --git a/blazingcache-jcache/src/main/java/blazingcache/jcache/BlazingCacheManager.java b/blazingcache-jcache/src/main/java/blazingcache/jcache/BlazingCacheManager.java index 18eb40e..101b321 100644 --- a/blazingcache-jcache/src/main/java/blazingcache/jcache/BlazingCacheManager.java +++ b/blazingcache-jcache/src/main/java/blazingcache/jcache/BlazingCacheManager.java @@ -110,6 +110,7 @@ public class BlazingCacheManager implements CacheManager { String mode = properties_and_params.getProperty("blazingcache.mode", "local"); int sockettimeout = Integer.parseInt(properties_and_params.getProperty("blazingcache.zookeeper.sockettimeout", "0")); int connecttimeout = Integer.parseInt(properties_and_params.getProperty("blazingcache.zookeeper.connecttimeout", "10000")); + boolean clientSSLInsecure = Boolean.parseBoolean(properties_and_params.getProperty("blazingcache.locator.client.sslinsecure", "true")); switch (mode) { case "clustered": { String connect = properties_and_params.getProperty("blazingcache.zookeeper.connectstring", "localhost:1281"); @@ -118,6 +119,7 @@ public class BlazingCacheManager implements CacheManager { locator = new ZKCacheServerLocator(connect, timeout, path); ((ZKCacheServerLocator) locator).setSocketTimeout(sockettimeout); ((ZKCacheServerLocator) locator).setConnectTimeout(connecttimeout); + ((ZKCacheServerLocator) locator).setSslInsecure(clientSSLInsecure); this.client = new CacheClient(clientId, secret, locator); this.embeddedServer = null; } @@ -136,6 +138,7 @@ public class BlazingCacheManager implements CacheManager { locator = new ZKCacheServerLocator(connect, timeout, path); ((ZKCacheServerLocator) locator).setSocketTimeout(sockettimeout); ((ZKCacheServerLocator) locator).setConnectTimeout(connecttimeout); + ((ZKCacheServerLocator) locator).setSslInsecure(clientSSLInsecure); this.client = new CacheClient(clientId, secret, locator); ServerHostData hostData = new ServerHostData(host, port, "", ssl, new HashMap<>()); this.embeddedServer = new CacheServer(secret, hostData); @@ -149,6 +152,7 @@ public class BlazingCacheManager implements CacheManager { locator = new NettyCacheServerLocator(host, port, ssl); ((NettyCacheServerLocator) locator).setSocketTimeout(sockettimeout); ((NettyCacheServerLocator) locator).setConnectTimeout(connecttimeout); + ((NettyCacheServerLocator) locator).setSslInsecure(clientSSLInsecure); this.client = new CacheClient(clientId, secret, locator); this.embeddedServer = null; break; From 384545c93670734dffafd43ad401a400fa045272 Mon Sep 17 00:00:00 2001 From: "dennis.mercuriali" Date: Thu, 13 Mar 2025 16:40:11 +0100 Subject: [PATCH 3/4] #200 allow to set secure ssl on client --- .../src/main/java/blazingcache/client/CacheClient.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/blazingcache-core/src/main/java/blazingcache/client/CacheClient.java b/blazingcache-core/src/main/java/blazingcache/client/CacheClient.java index 472fe66..1703afa 100644 --- a/blazingcache-core/src/main/java/blazingcache/client/CacheClient.java +++ b/blazingcache-core/src/main/java/blazingcache/client/CacheClient.java @@ -363,7 +363,7 @@ public CacheClient(String clientId, String sharedSecret, ServerLocator brokerLoc } private CacheClient(String clientId, String sharedSecret, ServerLocator brokerLocator, - boolean offHeap, ByteBufAllocator allocator, MetricsProvider metricsProvider) { + boolean offHeap, ByteBufAllocator allocator, MetricsProvider metricsProvider) { this.offHeap = offHeap; this.brokerLocator = brokerLocator; this.sharedSecret = sharedSecret; @@ -712,7 +712,7 @@ private void performEviction() throws InterruptedException { @Override public void accept(EntryHandle t) { if ((maxMemory > 0 && releasedMemory < to_release) - || (maxLocalEntryAge > 0 && t.getLastGetTime() < maxAgeTsNanos)) { + || (maxLocalEntryAge > 0 && t.getLastGetTime() < maxAgeTsNanos)) { evictable.add(t); releasedMemory += t.getSerializedDataLength(); } @@ -758,7 +758,7 @@ public void accept(EntryHandle t) { private boolean checkPerformEvictionForMaxLocalEntryAge(final long now) { return maxLocalEntryAge > 0 - && now - lastPerformedEvictionTimestamp >= maxLocalEntryAge / 2; + && now - lastPerformedEvictionTimestamp >= maxLocalEntryAge / 2; } @Override From 75ef2ccd97c956fd7aeb9a138ee0bc6258bff26c Mon Sep 17 00:00:00 2001 From: "dennis.mercuriali" Date: Fri, 14 Mar 2025 08:49:14 +0100 Subject: [PATCH 4/4] fix apache.rat --- pom.xml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pom.xml b/pom.xml index 3a7e5e8..03653be 100644 --- a/pom.xml +++ b/pom.xml @@ -137,6 +137,9 @@ **/target/**/* + + **/test/resources/* + **/README.md **/README.rst