IGNITE-9845 Web Agent: Fixed NPE in case of "-Dtrust.all=true" and not configured...
authorAlexey Kuznetsov <akuznetsov@apache.org>
Wed, 16 Jan 2019 11:43:28 +0000 (18:43 +0700)
committerAlexey Kuznetsov <akuznetsov@apache.org>
Wed, 16 Jan 2019 11:43:28 +0000 (18:43 +0700)
modules/web-console/web-agent/src/main/java/org/apache/ignite/console/agent/AgentLauncher.java
modules/web-console/web-agent/src/main/java/org/apache/ignite/console/agent/rest/RestExecutor.java
modules/web-console/web-agent/src/test/java/org/apache/ignite/console/agent/rest/RestExecutorSelfTest.java

index 9553aac..74c8376 100644 (file)
@@ -318,22 +318,24 @@ public class AgentLauncher {
             return;
         }
 
-        boolean trustAll = Boolean.getBoolean("trust.all");
+        boolean serverTrustAll = Boolean.getBoolean("trust.all");
         boolean hasServerTrustStore = cfg.serverTrustStore() != null;
-        boolean hasNodeTrustStore = cfg.nodeTrustStore() != null;
 
-        if (trustAll && hasServerTrustStore) {
+        if (serverTrustAll && hasServerTrustStore) {
             log.warn("Options contains both '--server-trust-store' and '-Dtrust.all=true'. " +
-                "Option '-Dtrust.all=true' will be ignored.");
+                "Option '-Dtrust.all=true' will be ignored on connect to Web server.");
 
-            trustAll = false;
+            serverTrustAll = false;
         }
 
-        if (trustAll && hasNodeTrustStore) {
+        boolean nodeTrustAll = Boolean.getBoolean("trust.all");
+        boolean hasNodeTrustStore = cfg.nodeTrustStore() != null;
+
+        if (nodeTrustAll && hasNodeTrustStore) {
             log.warn("Options contains both '--node-trust-store' and '-Dtrust.all=true'. " +
-                "Option '-Dtrust.all=true' will be ignored.");
+                "Option '-Dtrust.all=true' will be ignored on connect to cluster.");
 
-            trustAll = false;
+            nodeTrustAll = false;
         }
 
         cfg.nodeURIs(nodeURIs);
@@ -344,14 +346,14 @@ public class AgentLauncher {
         List<String> cipherSuites = cfg.cipherSuites();
 
         if (
-            trustAll ||
+            serverTrustAll ||
             hasServerTrustStore ||
             cfg.serverKeyStore() != null
         ) {
             OkHttpClient.Builder builder = new OkHttpClient.Builder();
 
             X509TrustManager serverTrustMgr = trustManager(
-                trustAll,
+                serverTrustAll,
                 cfg.serverTrustStore(),
                 cfg.serverTrustStorePassword()
             );
@@ -381,6 +383,7 @@ public class AgentLauncher {
 
         try (
             RestExecutor restExecutor = new RestExecutor(
+                nodeTrustAll,
                 cfg.nodeKeyStore(), cfg.nodeKeyStorePassword(),
                 cfg.nodeTrustStore(), cfg.nodeTrustStorePassword(),
                 cipherSuites);
index b452b2c..5a9783c 100644 (file)
@@ -77,6 +77,7 @@ public class RestExecutor implements AutoCloseable {
     /**
      * Constructor.
      *
+     * @param trustAll {@code true} If we trust to self-signed sertificates.
      * @param keyStorePath Optional path to key store file.
      * @param keyStorePwd Optional password for key store.
      * @param trustStorePath Optional path to trust store file.
@@ -86,6 +87,7 @@ public class RestExecutor implements AutoCloseable {
      * @throws IOException If failed to load content of key stores.
      */
     public RestExecutor(
+        boolean trustAll,
         String keyStorePath,
         String keyStorePwd,
         String trustStorePath,
@@ -101,7 +103,7 @@ public class RestExecutor implements AutoCloseable {
             .readTimeout(0, TimeUnit.MILLISECONDS)
             .dispatcher(dispatcher);
 
-        X509TrustManager trustMgr = trustManager(Boolean.getBoolean("trust.all"), trustStorePath, trustStorePwd);
+        X509TrustManager trustMgr = trustManager(trustAll, trustStorePath, trustStorePwd);
 
         SSLSocketFactory sslSocketFactory = sslSocketFactory(
             keyStorePath, keyStorePwd,
index 6a4fe6c..dcf53f2 100644 (file)
@@ -25,6 +25,7 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.UUID;
+import javax.net.ssl.SSLException;
 import javax.net.ssl.SSLHandshakeException;
 import org.apache.ignite.Ignite;
 import org.apache.ignite.Ignition;
@@ -178,7 +179,7 @@ public class RestExecutorSelfTest {
     ) throws Exception {
         try(
             Ignite ignite = Ignition.getOrStart(nodeCfg);
-            RestExecutor exec = new RestExecutor(keyStore, keyStorePwd, trustStore, trustStorePwd, cipherSuites)
+            RestExecutor exec = new RestExecutor(false, keyStore, keyStorePwd, trustStore, trustStorePwd, cipherSuites)
         ) {
             Map<String, Object> params = new HashMap<>();
             params.put("cmd", "top");
@@ -216,7 +217,7 @@ public class RestExecutorSelfTest {
     @Test
     public void nodeNoSslAgentWithSsl() throws Exception {
         // Check Web Agent with SSL.
-        ruleForExpectedException.expect(SSLHandshakeException.class);
+        ruleForExpectedException.expect(SSLException.class);
         checkRest(
             nodeConfiguration(""),
             HTTPS_URI,
@@ -305,7 +306,7 @@ public class RestExecutorSelfTest {
     /** */
     @Test
     public void differentCiphers2() throws Exception {
-        ruleForExpectedException.expect(SSLHandshakeException.class);
+        ruleForExpectedException.expect(SSLException.class);
         checkRest(
             nodeConfiguration(JETTY_WITH_CIPHERS_2),
             HTTPS_URI,