diff options
| author | Shireesh Anjal <shireesh@gluster.com> | 2011-06-09 19:46:40 +0530 |
|---|---|---|
| committer | Shireesh Anjal <shireesh@gluster.com> | 2011-06-09 19:54:08 +0530 |
| commit | 03deae0a3067483df28299d7690a10e182d1ef2f (patch) | |
| tree | 9104e6ff0d2bd5642f65b1f2487bc3a6fb43dc37 /src/com.gluster.storage.management.client | |
| parent | 81e667e15bb51c6f998050c5dee231fb433845c9 (diff) | |
SSL communication between console and gateway
Diffstat (limited to 'src/com.gluster.storage.management.client')
7 files changed, 87 insertions, 14 deletions
diff --git a/src/com.gluster.storage.management.client/.classpath b/src/com.gluster.storage.management.client/.classpath index b8f71a37..d216a8fe 100644 --- a/src/com.gluster.storage.management.client/.classpath +++ b/src/com.gluster.storage.management.client/.classpath @@ -1,10 +1,11 @@ <?xml version="1.0" encoding="UTF-8"?> <classpath> + <classpathentry exported="true" kind="lib" path="keystore/"/> <classpathentry exported="true" kind="lib" path="lib/jersey-1.5/jersey-client-1.5.jar" sourcepath="/data/downloads/sun/jersey/sources/jersey-client-1.5-sources.jar"/> <classpathentry exported="true" kind="lib" path="lib/jersey-1.5/jersey-core-1.5.jar" sourcepath="/data/downloads/sun/jersey/sources/jersey-core-1.5-sources.jar"/> <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.6"/> <classpathentry kind="con" path="org.eclipse.pde.core.requiredPlugins"/> - <classpathentry kind="src" path="src"/> + <classpathentry excluding="keystore/" kind="src" path="src"/> <classpathentry combineaccessrules="false" kind="src" path="/com.gluster.storage.management.core"/> <classpathentry kind="output" path="bin"/> </classpath> diff --git a/src/com.gluster.storage.management.client/META-INF/MANIFEST.MF b/src/com.gluster.storage.management.client/META-INF/MANIFEST.MF index 43ae7c3e..56cfe32e 100644 --- a/src/com.gluster.storage.management.client/META-INF/MANIFEST.MF +++ b/src/com.gluster.storage.management.client/META-INF/MANIFEST.MF @@ -11,4 +11,5 @@ Export-Package: com.gluster.storage.management.client, com.gluster.storage.management.client.constants Bundle-ClassPath: ., lib/jersey-1.5/jersey-client-1.5.jar, - lib/jersey-1.5/jersey-core-1.5.jar + lib/jersey-1.5/jersey-core-1.5.jar, + keystore/ diff --git a/src/com.gluster.storage.management.client/build.properties b/src/com.gluster.storage.management.client/build.properties index 271ce382..4dded7a7 100644 --- a/src/com.gluster.storage.management.client/build.properties +++ b/src/com.gluster.storage.management.client/build.properties @@ -2,7 +2,13 @@ source.. = src/ output.. = bin/ bin.includes = .,\ META-INF/,\ - lib/jersey-1.5/jersey-client-1.5.jar,\ - lib/jersey-1.5/jersey-core-1.5.jar -src.includes = lib/jersey-1.4/jersey-client-1.4.jar,\ - lib/jersey-1.4/jersey-core-1.4.jar + lib/,\ + keystore/ +src.includes = src/,\ + lib/,\ + keystore/,\ + build.properties,\ + .project,\ + .classpath,\ + .settings/,\ + META-INF/ diff --git a/src/com.gluster.storage.management.client/keystore/gmc-trusted.keystore b/src/com.gluster.storage.management.client/keystore/gmc-trusted.keystore Binary files differnew file mode 100644 index 00000000..5517b6e5 --- /dev/null +++ b/src/com.gluster.storage.management.client/keystore/gmc-trusted.keystore diff --git a/src/com.gluster.storage.management.client/src/com/gluster/storage/management/client/AbstractClient.java b/src/com.gluster.storage.management.client/src/com/gluster/storage/management/client/AbstractClient.java index 4aa029b8..e8df26cb 100644 --- a/src/com.gluster.storage.management.client/src/com/gluster/storage/management/client/AbstractClient.java +++ b/src/com.gluster.storage.management.client/src/com/gluster/storage/management/client/AbstractClient.java @@ -1,10 +1,21 @@ package com.gluster.storage.management.client;
+import static com.gluster.storage.management.client.constants.ClientConstants.ALGORITHM_SUNX509;
+import static com.gluster.storage.management.client.constants.ClientConstants.KEYSTORE_TYPE_JKS;
+import static com.gluster.storage.management.client.constants.ClientConstants.PROTOCOL_TLS;
+import static com.gluster.storage.management.client.constants.ClientConstants.TRUSTED_KEYSTORE;
+import static com.gluster.storage.management.client.constants.ClientConstants.TRUSTED_KEYSTORE_ACCESS;
+
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
-import java.net.URI;
+import java.security.KeyStore;
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.TrustManagerFactory;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
@@ -15,6 +26,7 @@ import com.sun.jersey.api.client.ClientResponse; import com.sun.jersey.api.client.WebResource;
import com.sun.jersey.api.client.config.DefaultClientConfig;
import com.sun.jersey.api.representation.Form;
+import com.sun.jersey.client.urlconnection.HTTPSProperties;
import com.sun.jersey.core.util.MultivaluedMapImpl;
public abstract class AbstractClient {
@@ -43,9 +55,55 @@ public abstract class AbstractClient { public AbstractClient(String securityToken, String clusterName) {
this.clusterName = clusterName;
setSecurityToken(securityToken);
- URI baseURI = new ClientUtil().getServerBaseURI();
+
+ SSLContext context = initializeSSLContext();
+ DefaultClientConfig config = createClientConfig(context);
+
// this must be after setting clusterName as sub-classes may refer to cluster name in the getResourcePath method
- resource = Client.create(new DefaultClientConfig()).resource(baseURI).path(getResourcePath());
+ resource = Client.create(config).resource(ClientUtil.getServerBaseURI()).path(getResourcePath());
+ }
+
+ private DefaultClientConfig createClientConfig(SSLContext context) {
+ DefaultClientConfig config = new DefaultClientConfig();
+ config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES,
+ new HTTPSProperties(createHostnameVerifier(), context));
+ return config;
+ }
+
+ private HostnameVerifier createHostnameVerifier() {
+ HostnameVerifier hostnameVerifier = new HostnameVerifier() {
+ @Override
+ public boolean verify(String arg0, SSLSession arg1) {
+ return true;
+ }
+ };
+ return hostnameVerifier;
+ }
+
+ private SSLContext initializeSSLContext() {
+ SSLContext context = null;
+ try {
+ context = SSLContext.getInstance(PROTOCOL_TLS);
+
+ KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE_JKS);
+ keyStore.load(loadResource(TRUSTED_KEYSTORE), TRUSTED_KEYSTORE_ACCESS.toCharArray());
+
+ KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(ALGORITHM_SUNX509);
+ keyManagerFactory.init(keyStore, TRUSTED_KEYSTORE_ACCESS.toCharArray());
+
+ TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(ALGORITHM_SUNX509);
+ trustManagerFactory.init(keyStore);
+
+ context.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
+ } catch (Exception e) {
+ throw new GlusterRuntimeException(
+ "Couldn't initialize SSL Context with Gluster Management Gateway! Error: " + e, e);
+ }
+ return context;
+ }
+
+ private InputStream loadResource(String resourcePath) {
+ return this.getClass().getClassLoader().getResourceAsStream(resourcePath);
}
/**
diff --git a/src/com.gluster.storage.management.client/src/com/gluster/storage/management/client/constants/ClientConstants.java b/src/com.gluster.storage.management.client/src/com/gluster/storage/management/client/constants/ClientConstants.java index 853cfe96..4726fc36 100644 --- a/src/com.gluster.storage.management.client/src/com/gluster/storage/management/client/constants/ClientConstants.java +++ b/src/com.gluster.storage.management.client/src/com/gluster/storage/management/client/constants/ClientConstants.java @@ -25,8 +25,15 @@ package com.gluster.storage.management.client.constants; */ public class ClientConstants { public static final String SYS_PROP_SERVER_URL = "gluster.server.url"; - public static final String DEFAULT_SERVER_URL = "http://localhost:8080/glustermc/linux.gtk.x86_64"; - public static final String WEB_CONTEXT = "glustermc"; + public static final String DEFAULT_SERVER_URL = "https://localhost:8443/glustermg/linux.gtk.x86_64"; + public static final String CONTEXT_ROOT = "glustermg"; public static final String WEB_RESOURCE_BASE_PATH = "resources"; + + // SSL related + public static final String TRUSTED_KEYSTORE = "gmc-trusted.keystore"; + public static final String TRUSTED_KEYSTORE_ACCESS = "gluster"; + public static final String PROTOCOL_TLS = "TLS"; + public static final String ALGORITHM_SUNX509 = "SunX509"; + public static final String KEYSTORE_TYPE_JKS = "JKS"; } diff --git a/src/com.gluster.storage.management.client/src/com/gluster/storage/management/client/utils/ClientUtil.java b/src/com.gluster.storage.management.client/src/com/gluster/storage/management/client/utils/ClientUtil.java index 23d2f9fd..4f7ea64e 100644 --- a/src/com.gluster.storage.management.client/src/com/gluster/storage/management/client/utils/ClientUtil.java +++ b/src/com.gluster.storage.management.client/src/com/gluster/storage/management/client/utils/ClientUtil.java @@ -8,13 +8,13 @@ import com.gluster.storage.management.client.constants.ClientConstants; public class ClientUtil { - public URI getServerBaseURI() { + public static URI getServerBaseURI() { return UriBuilder.fromUri(getBaseURL()).path(ClientConstants.WEB_RESOURCE_BASE_PATH).build(); } - private String getBaseURL() { + private static String getBaseURL() { // remove the platform path (e.g. /linux.gtk.x86_64) from the URL return System.getProperty(ClientConstants.SYS_PROP_SERVER_URL, ClientConstants.DEFAULT_SERVER_URL) - .replaceAll("glustermc\\/.*", "glustermc\\/"); + .replaceAll(ClientConstants.CONTEXT_ROOT + "\\/.*", ClientConstants.CONTEXT_ROOT + "\\/"); } } |