redis : added useSsl and sslTrustStorePath configuration parameters

#50

oxService/src/main/java/org/xdi/service/cache/RedisConfiguration.java

@@ -20,6 +20,10 @@ public class RedisConfiguration implements Serializable {
 
     private String password;
 
+    private Boolean useSsl = false;
+
+    private String sslTrustStoreFilePath = "";
+
     public String getServers() {
         return servers;
     }
@@ -52,12 +56,30 @@ public void setPassword(String password) {
         this.password = password;
     }
 
+    public Boolean getUseSsl() {
+        return useSsl != null ? useSsl : false;
+    }
+
+    public void setUseSsl(Boolean useSsl) {
+        this.useSsl = useSsl;
+    }
+
+    public String getSslTrustStoreFilePath() {
+        return sslTrustStoreFilePath;
+    }
+
+    public void setSslTrustStoreFilePath(String sslTrustStoreFilePath) {
+        this.sslTrustStoreFilePath = sslTrustStoreFilePath;
+    }
+
     @Override
     public String toString() {
         return "RedisConfiguration{" +
                 "servers='" + servers + '\'' +
                 ", defaultPutExpiration=" + defaultPutExpiration +
                 ", redisProviderType=" + redisProviderType +
+                ", useSsl=" + useSsl +
+                ", sslTrustStoreFilePath=" + sslTrustStoreFilePath +
                 '}';
     }
 }

oxService/src/main/java/org/xdi/service/cache/RedisProviderFactory.java

@@ -1,8 +1,19 @@
 package org.xdi.service.cache;
 
+import org.apache.commons.io.IOUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.security.KeyStore;
+import java.security.SecureRandom;
+
 /**
  * Important : keep it weld free. It's reused by oxd !
  *
@@ -49,4 +60,24 @@ public static void destroySilently(AbstractRedisProvider provider) {
             LOG.error("Failed to destroy redis provider.", e);
         }
     }
+
+    public static SSLSocketFactory createTrustStoreSslSocketFactory(File keystoreFile) throws Exception {
+
+        KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
+        InputStream inputStream = null;
+        try {
+            inputStream = new FileInputStream(keystoreFile);
+            trustStore.load(inputStream, null);
+        } finally {
+            IOUtils.closeQuietly(inputStream);
+        }
+
+        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+        trustManagerFactory.init(trustStore);
+        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
+
+        SSLContext sslContext = SSLContext.getInstance("TLS");
+        sslContext.init(null, trustManagers, new SecureRandom());
+        return sslContext.getSocketFactory();
+    }
 }

oxService/src/main/java/org/xdi/service/cache/RedisShardedProvider.java

@@ -2,13 +2,16 @@
 
 import org.apache.commons.lang.SerializationUtils;
 import org.apache.commons.lang.StringUtils;
+import org.apache.http.conn.ssl.DefaultHostnameVerifier;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import redis.clients.jedis.JedisPoolConfig;
 import redis.clients.jedis.JedisShardInfo;
 import redis.clients.jedis.ShardedJedis;
 import redis.clients.jedis.ShardedJedisPool;
 
+import javax.net.ssl.SSLParameters;
+import java.io.File;
 import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.List;
@@ -36,7 +39,7 @@ public void create() {
             poolConfig.setMaxTotal(1000);
             poolConfig.setMinIdle(2);
 
-            pool = new ShardedJedisPool(poolConfig, shards(redisConfiguration.getServers()));
+            pool = new ShardedJedisPool(poolConfig, shards(redisConfiguration));
 
             testConnection();
             LOG.debug("RedisShardedProvider started.");
@@ -46,17 +49,32 @@ public void create() {
         }
     }
 
-    private static List<JedisShardInfo> shards(String servers) {
-        final String[] serverWithPorts = StringUtils.split(servers.trim(), ",");
+    private static List<JedisShardInfo> shards(RedisConfiguration configuration) {
+        final String[] serverWithPorts = StringUtils.split(configuration.getServers().trim(), ",");
 
         List<JedisShardInfo> shards = new ArrayList<JedisShardInfo>();
         for (String serverWithPort : serverWithPorts) {
             serverWithPort = serverWithPort.trim();
-            if (serverWithPort.contains(":") && !serverWithPort.contains("@") && !servers.contains("//")) {
+            if (serverWithPort.contains(":") && !serverWithPort.contains("@") && !configuration.getServers().contains("//")) {
                 final String[] split = serverWithPort.trim().split(":");
                 String host = split[0];
                 int port = Integer.parseInt(split[1].trim());
-                shards.add(new JedisShardInfo(host, port));
+
+                try {
+                    final JedisShardInfo shardInfo;
+                    if (configuration.getUseSsl()) {
+                        if (StringUtils.isNotBlank(configuration.getSslTrustStoreFilePath())) {
+                            shardInfo = new JedisShardInfo(host, port, true, RedisProviderFactory.createTrustStoreSslSocketFactory(new File(configuration.getSslTrustStoreFilePath())), new SSLParameters(), new DefaultHostnameVerifier());
+                        } else {
+                            shardInfo = new JedisShardInfo(host, port, true);
+                        }
+                    } else {
+                        shardInfo = new JedisShardInfo(host, port);
+                    }
+                    shards.add(shardInfo);
+                } catch (Exception e) {
+                    LOG.error("Failed to create shard info.", e);
+                }
             } else {
                 shards.add(new JedisShardInfo(serverWithPort));
             }

oxService/src/main/java/org/xdi/service/cache/RedisStandaloneProvider.java

@@ -1,6 +1,8 @@
 package org.xdi.service.cache;
 
 import org.apache.commons.lang.SerializationUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.http.conn.ssl.DefaultHostnameVerifier;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import redis.clients.jedis.HostAndPort;
@@ -9,6 +11,8 @@
 import redis.clients.jedis.JedisPoolConfig;
 
 import javax.annotation.PreDestroy;
+import javax.net.ssl.SSLParameters;
+import java.io.File;
 import java.io.Serializable;
 
 /**
@@ -34,9 +38,18 @@ public void create() {
             poolConfig.setMaxTotal(1000);
             poolConfig.setMinIdle(2);
 
-
             HostAndPort hostAndPort = RedisClusterProvider.hosts(redisConfiguration.getServers()).iterator().next();
-            pool = new JedisPool(poolConfig, hostAndPort.getHost(), hostAndPort.getPort());
+
+            if (redisConfiguration.getUseSsl()) {
+                if (StringUtils.isNotBlank(redisConfiguration.getSslTrustStoreFilePath())) {
+                    pool = new JedisPool(poolConfig, hostAndPort.getHost(), hostAndPort.getPort(), true,
+                            RedisProviderFactory.createTrustStoreSslSocketFactory(new File(redisConfiguration.getSslTrustStoreFilePath())), new SSLParameters(), new DefaultHostnameVerifier());
+                } else {
+                    pool = new JedisPool(poolConfig, hostAndPort.getHost(), hostAndPort.getPort(), true);
+                }
+            } else {
+                pool = new JedisPool(poolConfig, hostAndPort.getHost(), hostAndPort.getPort());
+            }
 
             testConnection();
             LOG.debug("RedisStandaloneProvider started.");