You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tinkerpop.apache.org by sp...@apache.org on 2019/06/06 20:49:56 UTC
[tinkerpop] 01/01: TINKERPOP-2239 Removed previously deprecated SSL
configs
This is an automated email from the ASF dual-hosted git repository.
spmallette pushed a commit to branch TINKERPOP-2239
in repository https://gitbox.apache.org/repos/asf/tinkerpop.git
commit 614249c45d548147118865ee782727afc69d228a
Author: Stephen Mallette <sp...@genoprime.com>
AuthorDate: Thu Jun 6 16:48:25 2019 -0400
TINKERPOP-2239 Removed previously deprecated SSL configs
These were originally deprecated way back in 3.2.10.
---
CHANGELOG.asciidoc | 1 +
docs/src/upgrade/release-3.5.x.asciidoc | 14 +++-
.../apache/tinkerpop/gremlin/driver/Cluster.java | 68 ------------------
.../apache/tinkerpop/gremlin/driver/Settings.java | 40 -----------
.../tinkerpop/gremlin/driver/SettingsTest.java | 8 ---
.../gremlin/server/AbstractChannelizer.java | 81 +++++++++------------
.../apache/tinkerpop/gremlin/server/Settings.java | 35 ---------
.../gremlin/server/GremlinServerIntegrateTest.java | 84 +---------------------
gremlin-server/src/test/resources/client.crt | 40 -----------
gremlin-server/src/test/resources/client.key.pk8 | 47 ------------
gremlin-server/src/test/resources/server.crt | 41 -----------
gremlin-server/src/test/resources/server.key.pk8 | 47 ------------
12 files changed, 48 insertions(+), 458 deletions(-)
diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc
index ee2ab54..5ec4456 100644
--- a/CHANGELOG.asciidoc
+++ b/CHANGELOG.asciidoc
@@ -26,6 +26,7 @@ image::https://raw.githubusercontent.com/apache/tinkerpop/master/docs/static/ima
This release also includes changes from <<release-3-4-3, 3.4.3>>.
* Removed previously deprecated `TraversalSource.withRemote()`.
+* Removed previously deprecated SSL settings: `keyCertChainFile`, `keyFile`, `keyPassword` and `trustCertChainFile` and related infrastructure.
* Removed previously deprecated `BulkDumperVertexProgram` and `BulkLoaderVertexProgram`.
== TinkerPop 3.4.0 (Avant-Gremlin Construction #3 for Theremin and Flowers)
diff --git a/docs/src/upgrade/release-3.5.x.asciidoc b/docs/src/upgrade/release-3.5.x.asciidoc
index beee29e..4ae4cfd 100644
--- a/docs/src/upgrade/release-3.5.x.asciidoc
+++ b/docs/src/upgrade/release-3.5.x.asciidoc
@@ -41,6 +41,18 @@ The following deprecated classes, methods or fields have been removed in this ve
** `org.apache.tinkerpop.gremlin.process.traversal.computer.bulkloading.OneTimeBulkLoader`
** `org.apache.tinkerpop.gremlin.process.traversal.TraversalSource#withRemote(*)`
** `org.apache.tinkerpop.gremlin.process.traversal.dsl.graph.GraphTraversalSource#withRemote(*)`
+* `gremlin-driver`
+** `org.apache.tinkerpop.gremlin.driver.Cluster.Builder#keyCertChainFile(String)`
+** `org.apache.tinkerpop.gremlin.driver.Cluster.Builder#keyFile(String)`
+** `org.apache.tinkerpop.gremlin.driver.Cluster.Builder#keyPassword(String)`
+** `org.apache.tinkerpop.gremlin.driver.Cluster.Builder#trustCertificateChainFile(String)`
+* `gremlin-server`
+** `org.apache.tinkerpop.gremlin.server.Settings.SslSettings.keyCertChainFile`
+** `org.apache.tinkerpop.gremlin.server.Settings.SslSettings.keyFile`
+** `org.apache.tinkerpop.gremlin.server.Settings.SslSettings.keyPassword`
+** `org.apache.tinkerpop.gremlin.server.Settings.SslSettings.trustCertificateChainFile`
See: link:https://issues.apache.org/jira/browse/TINKERPOP-2080[TINKERPOP-2080],
-link:https://issues.apache.org/jira/browse/TINKERPOP-2231[TINKERPOP-2231]
\ No newline at end of file
+link:https://issues.apache.org/jira/browse/TINKERPOP-2231[TINKERPOP-2231],
+link:https://issues.apache.org/jira/browse/TINKERPOP-2239[TINKERPOP-2239],
+link:http://tinkerpop.apache.org/docs/3.5.0/upgrade/#_ssl_security[3.2.10 Upgrade Documentation for SSL]
\ No newline at end of file
diff --git a/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Cluster.java b/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Cluster.java
index 113f081..3f125a7 100644
--- a/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Cluster.java
+++ b/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Cluster.java
@@ -180,11 +180,7 @@ public final class Cluster {
.port(settings.port)
.path(settings.path)
.enableSsl(settings.connectionPool.enableSsl)
- .trustCertificateChainFile(settings.connectionPool.trustCertChainFile)
.keepAliveInterval(settings.connectionPool.keepAliveInterval)
- .keyCertChainFile(settings.connectionPool.keyCertChainFile)
- .keyFile(settings.connectionPool.keyFile)
- .keyPassword(settings.connectionPool.keyPassword)
.keyStore(settings.connectionPool.keyStore)
.keyStorePassword(settings.connectionPool.keyStorePassword)
.keyStoreType(settings.connectionPool.keyStoreType)
@@ -480,21 +476,6 @@ public final class Cluster {
final Settings.ConnectionPoolSettings connectionPoolSettings = connectionPoolSettings();
final SslContextBuilder builder = SslContextBuilder.forClient();
- if (connectionPoolSettings.trustCertChainFile != null) {
- logger.warn("Using deprecated SSL trustCertChainFile support");
- builder.trustManager(new File(connectionPoolSettings.trustCertChainFile));
- }
-
- if (null != connectionPoolSettings.keyCertChainFile && null != connectionPoolSettings.keyFile) {
- logger.warn("Using deprecated SSL keyFile support");
- final File keyCertChainFile = new File(connectionPoolSettings.keyCertChainFile);
- final File keyFile = new File(connectionPoolSettings.keyFile);
-
- // note that keyPassword may be null here if the keyFile is not
- // password-protected.
- builder.keyManager(keyCertChainFile, keyFile, connectionPoolSettings.keyPassword);
- }
-
// Build JSSE SSLContext
try {
@@ -572,10 +553,6 @@ public final class Cluster {
private long keepAliveInterval = Connection.KEEP_ALIVE_INTERVAL;
private String channelizer = Channelizer.WebSocketChannelizer.class.getName();
private boolean enableSsl = false;
- private String trustCertChainFile = null;
- private String keyCertChainFile = null;
- private String keyFile = null;
- private String keyPassword = null;
private String keyStore = null;
private String keyStorePassword = null;
private String trustStore = null;
@@ -670,17 +647,6 @@ public final class Cluster {
}
/**
- * File location for a SSL Certificate Chain to use when SSL is enabled. If this value is not provided and
- * SSL is enabled, the default {@link TrustManager} will be used.
- * @deprecated As of release 3.2.10, replaced by {@link #trustStore}
- */
- @Deprecated
- public Builder trustCertificateChainFile(final String certificateChainFile) {
- this.trustCertChainFile = certificateChainFile;
- return this;
- }
-
- /**
* Length of time in milliseconds to wait on an idle connection before sending a keep-alive request. This
* setting is only relevant to {@link Channelizer} implementations that return {@code true} for
* {@link Channelizer#supportsKeepAlive()}. Set to zero to disable this feature.
@@ -691,36 +657,6 @@ public final class Cluster {
}
/**
- * The X.509 certificate chain file in PEM format.
- * @deprecated As of release 3.2.10, replaced by {@link #keyStore}
- */
- @Deprecated
- public Builder keyCertChainFile(final String keyCertChainFile) {
- this.keyCertChainFile = keyCertChainFile;
- return this;
- }
-
- /**
- * The PKCS#8 private key file in PEM format.
- * @deprecated As of release 3.2.10, replaced by {@link #keyStore}
- */
- @Deprecated
- public Builder keyFile(final String keyFile) {
- this.keyFile = keyFile;
- return this;
- }
-
- /**
- * The password of the {@link #keyFile}, or {@code null} if it's not password-protected.
- * @deprecated As of release 3.2.10, replaced by {@link #keyStorePassword}
- */
- @Deprecated
- public Builder keyPassword(final String keyPassword) {
- this.keyPassword = keyPassword;
- return this;
- }
-
- /**
* The file location of the private key in JKS or PKCS#12 format.
*/
public Builder keyStore(final String keyStore) {
@@ -1068,10 +1004,6 @@ public final class Cluster {
connectionPoolSettings.reconnectInterval = builder.reconnectInterval;
connectionPoolSettings.resultIterationBatchSize = builder.resultIterationBatchSize;
connectionPoolSettings.enableSsl = builder.enableSsl;
- connectionPoolSettings.trustCertChainFile = builder.trustCertChainFile;
- connectionPoolSettings.keyCertChainFile = builder.keyCertChainFile;
- connectionPoolSettings.keyFile = builder.keyFile;
- connectionPoolSettings.keyPassword = builder.keyPassword;
connectionPoolSettings.keyStore = builder.keyStore;
connectionPoolSettings.keyStorePassword = builder.keyStorePassword;
connectionPoolSettings.trustStore = builder.trustStore;
diff --git a/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java b/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java
index 4b339de..f4c64cc 100644
--- a/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java
+++ b/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java
@@ -174,18 +174,6 @@ final class Settings {
if (connectionPoolConf.containsKey("enableSsl"))
cpSettings.enableSsl = connectionPoolConf.getBoolean("enableSsl");
- if (connectionPoolConf.containsKey("keyCertChainFile"))
- cpSettings.keyCertChainFile = connectionPoolConf.getString("keyCertChainFile");
-
- if (connectionPoolConf.containsKey("keyFile"))
- cpSettings.keyFile = connectionPoolConf.getString("keyFile");
-
- if (connectionPoolConf.containsKey("keyPassword"))
- cpSettings.keyPassword = connectionPoolConf.getString("keyPassword");
-
- if (connectionPoolConf.containsKey("trustCertChainFile"))
- cpSettings.trustCertChainFile = connectionPoolConf.getString("trustCertChainFile");
-
if (connectionPoolConf.containsKey("keyStore"))
cpSettings.keyStore = connectionPoolConf.getString("keyStore");
@@ -261,34 +249,6 @@ final class Settings {
public boolean enableSsl = false;
/**
- * The trusted certificate in PEM format.
- * @deprecated As of release 3.2.10, replaced by {@link #trustStore}
- */
- @Deprecated
- public String trustCertChainFile = null;
-
- /**
- * The X.509 certificate chain file in PEM format.
- * @deprecated As of release 3.2.10, replaced by {@link #keyStore}
- */
- @Deprecated
- public String keyCertChainFile = null;
-
- /**
- * The PKCS#8 private key file in PEM format.
- * @deprecated As of release 3.2.10, replaced by {@link #keyStore}
- */
- @Deprecated
- public String keyFile = null;
-
- /**
- * The password of the {@link #keyFile}, or {@code null} if it's not password-protected.
- * @deprecated As of release 3.2.10, replaced by {@link #keyStorePassword}
- */
- @Deprecated
- public String keyPassword = null;
-
- /**
* JSSE keystore file path. Similar to setting JSSE property
* {@code javax.net.ssl.keyStore}.
*/
diff --git a/gremlin-driver/src/test/java/org/apache/tinkerpop/gremlin/driver/SettingsTest.java b/gremlin-driver/src/test/java/org/apache/tinkerpop/gremlin/driver/SettingsTest.java
index c140f04..1512c06 100644
--- a/gremlin-driver/src/test/java/org/apache/tinkerpop/gremlin/driver/SettingsTest.java
+++ b/gremlin-driver/src/test/java/org/apache/tinkerpop/gremlin/driver/SettingsTest.java
@@ -47,10 +47,6 @@ public class SettingsTest {
conf.setProperty("serializer.className", "my.serializers.MySerializer");
conf.setProperty("serializer.config.any", "thing");
conf.setProperty("connectionPool.enableSsl", true);
- conf.setProperty("connectionPool.keyCertChainFile", "X.509");
- conf.setProperty("connectionPool.keyFile", "PKCS#8");
- conf.setProperty("connectionPool.keyPassword", "password1");
- conf.setProperty("connectionPool.trustCertChainFile", "pem");
conf.setProperty("connectionPool.keyStore", "server.jks");
conf.setProperty("connectionPool.keyStorePassword", "password2");
conf.setProperty("connectionPool.keyStoreType", "pkcs12");
@@ -85,10 +81,6 @@ public class SettingsTest {
assertEquals("my.serializers.MySerializer", settings.serializer.className);
assertEquals("thing", settings.serializer.config.get("any"));
assertThat(settings.connectionPool.enableSsl, is(true));
- assertEquals("X.509", settings.connectionPool.keyCertChainFile);
- assertEquals("PKCS#8", settings.connectionPool.keyFile);
- assertEquals("password1", settings.connectionPool.keyPassword);
- assertEquals("pem", settings.connectionPool.trustCertChainFile);
assertEquals("server.jks", settings.connectionPool.keyStore);
assertEquals("password2", settings.connectionPool.keyStorePassword);
assertEquals("pkcs12", settings.connectionPool.keyStoreType);
diff --git a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java
index bf4df88..4458634 100644
--- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java
+++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java
@@ -46,7 +46,6 @@ import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
-import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
@@ -108,15 +107,14 @@ public abstract class AbstractChannelizer extends ChannelInitializer<SocketChann
protected final Map<String, MessageSerializer> serializers = new HashMap<>();
- private IdleStateHandler idleStateHandler;
private OpSelectorHandler opSelectorHandler;
private OpExecutorHandler opExecutorHandler;
protected Authenticator authenticator;
/**
- * This method is called from within {@link #initChannel(io.netty.channel.socket.SocketChannel)} just after
- * the SSL handler is put in the pipeline. Modify the pipeline as needed here.
+ * This method is called from within {@link #initChannel(SocketChannel)} just after the SSL handler is put in the pipeline.
+ * Modify the pipeline as needed here.
*/
public abstract void configure(final ChannelPipeline pipeline);
@@ -268,56 +266,41 @@ public abstract class AbstractChannelizer extends ChannelInitializer<SocketChann
final SslContextBuilder builder;
- // DEPRECATED: If the config has the required, deprecated settings, then use it
- if (null != sslSettings.keyCertChainFile && null != sslSettings.keyFile) {
- logger.warn("Using deprecated SSL keyFile support");
- final File keyCertChainFile = new File(sslSettings.keyCertChainFile);
- final File keyFile = new File(sslSettings.keyFile);
- final File trustCertChainFile = null == sslSettings.trustCertChainFile ? null : new File(sslSettings.trustCertChainFile);
-
- // note that keyPassword may be null here if the keyFile is not
- // password-protected. passing null to
- // trustManager is also ok (default will be used)
- builder = SslContextBuilder.forServer(keyCertChainFile, keyFile, sslSettings.keyPassword).trustManager(trustCertChainFile);
- } else {
-
- // Build JSSE SSLContext
- try {
- final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
-
- // Load private key and signed cert
- if (null != sslSettings.keyStore) {
- final String keyStoreType = null == sslSettings.keyStoreType ? KeyStore.getDefaultType() : sslSettings.keyStoreType;
- final KeyStore keystore = KeyStore.getInstance(keyStoreType);
- final char[] password = null == sslSettings.keyStorePassword ? null : sslSettings.keyStorePassword.toCharArray();
- try (final InputStream in = new FileInputStream(sslSettings.keyStore)) {
- keystore.load(in, password);
- }
- kmf.init(keystore, password);
- } else {
- throw new IllegalStateException("keyStore must be configured when SSL is enabled.");
+ // Build JSSE SSLContext
+ try {
+ final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+
+ // Load private key and signed cert
+ if (null != sslSettings.keyStore) {
+ final String keyStoreType = null == sslSettings.keyStoreType ? KeyStore.getDefaultType() : sslSettings.keyStoreType;
+ final KeyStore keystore = KeyStore.getInstance(keyStoreType);
+ final char[] password = null == sslSettings.keyStorePassword ? null : sslSettings.keyStorePassword.toCharArray();
+ try (final InputStream in = new FileInputStream(sslSettings.keyStore)) {
+ keystore.load(in, password);
}
+ kmf.init(keystore, password);
+ } else {
+ throw new IllegalStateException("keyStore must be configured when SSL is enabled.");
+ }
- builder = SslContextBuilder.forServer(kmf);
-
- // Load custom truststore for client auth certs
- if (null != sslSettings.trustStore) {
- final String keystoreType = null == sslSettings.keyStoreType ? KeyStore.getDefaultType() : sslSettings.keyStoreType;
- final KeyStore truststore = KeyStore.getInstance(keystoreType);
- final char[] password = null == sslSettings.trustStorePassword ? null : sslSettings.trustStorePassword.toCharArray();
- try (final InputStream in = new FileInputStream(sslSettings.trustStore)) {
- truststore.load(in, password);
- }
- final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
- tmf.init(truststore);
- builder.trustManager(tmf);
- }
+ builder = SslContextBuilder.forServer(kmf);
- } catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException | CertificateException | IOException e) {
- logger.error(e.getMessage());
- throw new RuntimeException("There was an error enabling SSL.", e);
+ // Load custom truststore for client auth certs
+ if (null != sslSettings.trustStore) {
+ final String keystoreType = null == sslSettings.keyStoreType ? KeyStore.getDefaultType() : sslSettings.keyStoreType;
+ final KeyStore truststore = KeyStore.getInstance(keystoreType);
+ final char[] password = null == sslSettings.trustStorePassword ? null : sslSettings.trustStorePassword.toCharArray();
+ try (final InputStream in = new FileInputStream(sslSettings.trustStore)) {
+ truststore.load(in, password);
+ }
+ final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+ tmf.init(truststore);
+ builder.trustManager(tmf);
}
+ } catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException | CertificateException | IOException e) {
+ logger.error(e.getMessage());
+ throw new RuntimeException("There was an error enabling SSL.", e);
}
if (null != sslSettings.sslCipherSuites && !sslSettings.sslCipherSuites.isEmpty()) {
diff --git a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java
index 5b5c7f0..9073aba 100644
--- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java
+++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java
@@ -434,41 +434,6 @@ public class Settings {
public boolean enabled = false;
/**
- * The X.509 certificate chain file in PEM format.
- *
- * @deprecated As of release 3.2.10, replaced by {@link #keyStore}
- */
- @Deprecated
- public String keyCertChainFile = null;
-
- /**
- * The PKCS#8 private key file in PEM format.
- *
- * @deprecated As of release 3.2.10, replaced by {@link #keyStore}
- */
- @Deprecated
- public String keyFile = null;
-
- /**
- * The password of the {@link #keyFile}, or {@code null} if it's not
- * password-protected.
- *
- * @deprecated As of release 3.2.10, replaced by {@link #keyStorePassword}
- */
- @Deprecated
- public String keyPassword = null;
-
- /**
- * Trusted certificates for verifying the remote endpoint's certificate. The
- * file should contain an X.509 certificate chain in PEM format. {@code null}
- * uses the system default.
- *
- * @deprecated As of release 3.2.10, replaced by {@link #trustStore}
- */
- @Deprecated
- public String trustCertChainFile = null;
-
- /**
* The file location of the private key in JKS or PKCS#12 format.
*/
public String keyStore;
diff --git a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerIntegrateTest.java b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerIntegrateTest.java
index f6195cf..5d5ac89 100644
--- a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerIntegrateTest.java
+++ b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerIntegrateTest.java
@@ -98,16 +98,14 @@ import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
+
/**
* Integration tests for server-side settings and processing.
*
* @author Stephen Mallette (http://stephen.genoprime.com)
*/
public class GremlinServerIntegrateTest extends AbstractGremlinServerIntegrationTest {
- private static final String PEM_SERVER_KEY = "src/test/resources/server.key.pk8";
- private static final String PEM_SERVER_CRT = "src/test/resources/server.crt";
- private static final String PEM_CLIENT_KEY = "src/test/resources/client.key.pk8";
- private static final String PEM_CLIENT_CRT = "src/test/resources/client.crt";
+
private Level previousLogLevel;
private Log4jRecordingAppender recordingAppender = null;
@@ -192,36 +190,6 @@ public class GremlinServerIntegrateTest extends AbstractGremlinServerIntegration
settings.ssl.enabled = true;
settings.ssl.overrideSslContext(createServerSslContext());
break;
- case "shouldEnableSslAndClientCertificateAuthWithLegacyPem":
- settings.ssl = new Settings.SslSettings();
- settings.ssl.enabled = true;
- settings.ssl.needClientAuth = ClientAuth.REQUIRE;
- settings.ssl.keyCertChainFile = PEM_SERVER_CRT;
- settings.ssl.keyFile = PEM_SERVER_KEY;
- settings.ssl.keyPassword = KEY_PASS;
- // Trust the client
- settings.ssl.trustCertChainFile = PEM_CLIENT_CRT;
- break;
- case "shouldEnableSslAndClientCertificateAuthAndFailWithoutCertWithLegacyPem":
- settings.ssl = new Settings.SslSettings();
- settings.ssl.enabled = true;
- settings.ssl.needClientAuth = ClientAuth.REQUIRE;
- settings.ssl.keyCertChainFile = PEM_SERVER_CRT;
- settings.ssl.keyFile = PEM_SERVER_KEY;
- settings.ssl.keyPassword = KEY_PASS;
- // Trust the client
- settings.ssl.trustCertChainFile = PEM_CLIENT_CRT;
- break;
- case "shouldEnableSslAndClientCertificateAuthAndFailWithoutTrustedClientCertWithLegacyPem":
- settings.ssl = new Settings.SslSettings();
- settings.ssl.enabled = true;
- settings.ssl.needClientAuth = ClientAuth.REQUIRE;
- settings.ssl.keyCertChainFile = PEM_SERVER_CRT;
- settings.ssl.keyFile = PEM_SERVER_KEY;
- settings.ssl.keyPassword = KEY_PASS;
- // Trust ONLY the server cert
- settings.ssl.trustCertChainFile = PEM_SERVER_CRT;
- break;
case "shouldEnableSslAndClientCertificateAuthWithPkcs12":
settings.ssl = new Settings.SslSettings();
settings.ssl.enabled = true;
@@ -593,54 +561,6 @@ public class GremlinServerIntegrateTest extends AbstractGremlinServerIntegration
cluster.close();
}
}
-
- @Test
- public void shouldEnableSslAndClientCertificateAuthWithLegacyPem() {
- final Cluster cluster = TestClientFactory.build().enableSsl(true)
- .keyCertChainFile(PEM_CLIENT_CRT).keyFile(PEM_CLIENT_KEY)
- .keyPassword(KEY_PASS).trustCertificateChainFile(PEM_SERVER_CRT).create();
- final Client client = cluster.connect();
-
- try {
- assertEquals("test", client.submit("'test'").one().getString());
- } finally {
- cluster.close();
- }
- }
-
- @Test
- public void shouldEnableSslAndClientCertificateAuthAndFailWithoutCertWithLegacyPem() {
- final Cluster cluster = TestClientFactory.build().enableSsl(true).keyStore(JKS_SERVER_KEY).keyStorePassword(KEY_PASS).sslSkipCertValidation(true).create();
- final Client client = cluster.connect();
-
- try {
- client.submit("'test'").one();
- fail("Should throw exception because ssl client auth is enabled on the server but client does not have a cert");
- } catch(Exception x) {
- final Throwable root = ExceptionUtils.getRootCause(x);
- assertThat(root, instanceOf(TimeoutException.class));
- } finally {
- cluster.close();
- }
- }
-
- @Test
- public void shouldEnableSslAndClientCertificateAuthAndFailWithoutTrustedClientCertWithLegacyPem() {
- final Cluster cluster = TestClientFactory.build().enableSsl(true)
- .keyCertChainFile(PEM_CLIENT_CRT).keyFile(PEM_CLIENT_KEY)
- .keyPassword(KEY_PASS).trustCertificateChainFile(PEM_SERVER_CRT).create();
- final Client client = cluster.connect();
-
- try {
- client.submit("'test'").one();
- fail("Should throw exception because ssl client auth is enabled on the server but does not trust client's cert");
- } catch(Exception x) {
- final Throwable root = ExceptionUtils.getRootCause(x);
- assertThat(root, instanceOf(TimeoutException.class));
- } finally {
- cluster.close();
- }
- }
@Test
public void shouldEnableSslAndClientCertificateAuthWithPkcs12() {
diff --git a/gremlin-server/src/test/resources/client.crt b/gremlin-server/src/test/resources/client.crt
deleted file mode 100644
index 297335b..0000000
--- a/gremlin-server/src/test/resources/client.crt
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
------BEGIN CERTIFICATE-----
-MIIDajCCAlICCQCG0QGj7JgLvTANBgkqhkiG9w0BAQsFADB2MQswCQYDVQQGEwJV
-UzELMAkGA1UECAwCTkMxEDAOBgNVBAcMB1JhbGVpZ2gxEzARBgNVBAoMCkNsaWVu
-dCBBcHAxDzANBgNVBAMMBmNsaWVudDEiMCAGCSqGSIb3DQEJARYTZ3JlbWxpbi11
-c2VyQGNsaWVudDAgFw0xNzAxMjMxODQzMjNaGA8yMTE2MTIzMDE4NDMyM1owdjEL
-MAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5DMRAwDgYDVQQHDAdSYWxlaWdoMRMwEQYD
-VQQKDApDbGllbnQgQXBwMQ8wDQYDVQQDDAZjbGllbnQxIjAgBgkqhkiG9w0BCQEW
-E2dyZW1saW4tdXNlckBjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQDU7U5tNN+0HCKZX31ZKMZwAUI7qGCpYXd05z5SKRWesNsrEeCLnu1DgYhL
-j+hSi2LI+RwTF45DH8zEPIzQ6HEMzuCd2uy7bdDrXv6H/tFUx9Iw0ea5oXGX1qNa
-tzjPTSmw22VXbSo+B5EG0coC5oDy9SpYb2HxeDmegI2OZL6ROFPKbCUTzyJfqTpy
-1mdgnnKTVuQdtWvj/sXDAZzRqtFHwBkHezKCOC4yLNi5+pI01+0V7FbtyCqH7iPS
-VS9VKsLuhPkzAkRh/x9CxaSrwicyzyB3Kyfg7kjmtdrUOrfgxdw+MMPog3JrGoLr
-tfvc9LUh0ImpLPngyWhwc5iNGwmLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAEi0
-IVUIbDuirNivJXXXT5eFUgfAx5iPjbR1XBjCuHO061d0B8itU7cidKs0y5mDoauy
-vuywNBih6FAsHoYLrqI1gt65fybGxq3wlhnqdLH7GDeHw65e2PB2x+M4NtQlkPTq
-dUgUtQzAo8Hc4DNR5BrvCtLjqT7Knq8QHtGLys8eoDur09894+6WeUjrgUTp88Jl
-uqrZqRHvdMW7sge73cpU1dsDJW0rJqCLZ+qA2V+ZRRCQY1oHuHeK6Dkokabaq3rr
-WrpxfppIPCusJx4nnIwu4d0gZwAKwabOS8lJPjV0frRkA0BuAEpMIbOwZ10Tw7ZM
-2HzamAOiiks4NFDSs94=
------END CERTIFICATE-----
diff --git a/gremlin-server/src/test/resources/client.key.pk8 b/gremlin-server/src/test/resources/client.key.pk8
deleted file mode 100644
index 213cce3..0000000
--- a/gremlin-server/src/test/resources/client.key.pk8
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
------BEGIN ENCRYPTED PRIVATE KEY-----
-MIIE6TAbBgkqhkiG9w0BBQMwDgQIuH3rVXHniaECAggABIIEyDzHWny/fttnN6ze
-Q/iNE1z72HBg2anTK3gHdu8W3F9W6BSLhuKaUumxcxX6IfkZmxinqwUxSNrRBswr
-s71EZ7QmX2eaeiWxlo6zP0I898fzqvSBWk6NhntV1SVG++/CMeIMZARs85OxcNGN
-fKEXtBUf5jlo+hy9bVgQRO2M1vHzek/deOHyj1eXwEi2Oxcw1ly3o9lRayIFJFou
-0olp58h8pD5qOsSfIrNG6bHBg00eP1ILE1FUPCdOfDrQEjiKKVqllCXdsUz/KjBY
-0iGYMw3aT2LELnibTy0alFswGaDBRqlzGSIGrejdGTOBj7NmeiW2yOY+aUjCkdXw
-ll862oItlJZO/B16EGgI+czdXZgcL5YRGVOu6loOlGxU60Y681Acjn9wdlxxOqXa
-te7khLGX6qm3ceMJ2DQbMO8JS6UBsGjZqq/ictwfGxNDiTeiWmoyrQvO3qkaqsEt
-iLBJdSsogzxx+hfj+xiBRorf9Gvkk6hDnzeuZl9Voak5qY7RrcmxD8ecdh3g2faO
-VFtxTAxmHJakgGF7fZ7jQoxZJzzRn+rjIhATaEH1/MMME77Z+8rkE74oxFOrizDU
-Eb4AMUV/xgrAtQLGpIFALL7oPk2r1exFgywL40q5/BcXCx65eliXtyoBIc5X+t90
-fTB8lA3K5mT2MXzwMyMPv2n8d8Ta2OjisRHjSue6AqNqifBuniVfSpHP9OUlsKaL
-u3eN8mSuPDhlo7RGG8+B7mSqGDjORR/+BJvwgFreIyurOL22g887uPwjzPXs6lll
-3VFclsrfEqNMP6kBsXlHNAxjT10WoWrF+ONPEyg9PrzTGryTRqW+ptzBqtiQrVag
-/KMee3sdg6i9GN+EGc43DNJzxxlFXvT9kBvOk66tOPEE5963k3ZikjuAX7xBVOvM
-AlqzHHW727fHXqYp0yabWTpr72RuUGQOqPZiMsWd6x65HL2I0WHP9PXTf1vMmnj3
-NgiN1paATl5L8S9Jt8WL8iLskVt2f+CAKJuQfamY5Fg54m/cJzNHV8nAMTTl+0EN
-9vUhvn672wZd9JfB4PMtrIhYFNJElJmmdAwjFrop6goXA/UGgf3M4QNiQetFGxWP
-aJ0tMSdA/ax9nGA5LU6iCwPe51ExrQJAVFw+oE3I8+J1oz1fQOl8zIgyOFwG+bJx
-/Y/JyraEssZ5RLtaGgcm9vZm8Wo8a5TQCbqhoY8x7MwyF7/VpbRZ3bGEUFnWd/yF
-1tCPeZ+q5HN79P3qfZzAcFAU3z3HawXDwQ3XO3Plix04Vjr+QFENeJxhL+3FXtLx
-4nF+Y9Fq6I5x8YQLrPYkIyRz8xWxVBQFZTeNhWx5nYWNcDXgz/S8v3ipY+EPEj9Q
-uOQWNdSJ9XOR+Ju/KSP0151guLkUwpHBCi/CFY4TgD6iFglTyLuZpW2bbim1mmDI
-LSDHwrERQWNmcNznK4PIw227w6EZqUEI0jjkANhXQG6dz1VkaTIZAoEVWHhFNi8S
-gSPkhsWN822QzxZQb+74JoUFBTifP50giaCd6p2HKw8U20FAPyseVIY3IsYatuLU
-8VhfeBQ1GLOOy8/5mRyjL+Gjn/OfNPwps9uuOogx/jGf0JhtjAEY2WNoEEB9DkUv
-AijT0ck1+DM3by4MlA==
------END ENCRYPTED PRIVATE KEY-----
diff --git a/gremlin-server/src/test/resources/server.crt b/gremlin-server/src/test/resources/server.crt
deleted file mode 100644
index b777e34..0000000
--- a/gremlin-server/src/test/resources/server.crt
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
------BEGIN CERTIFICATE-----
-MIIDrjCCApYCCQCg8hxjInTcQzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMC
-VVMxCzAJBgNVBAgMAkNBMRQwEgYDVQQHDAtTYW50YSBDbGFyYTEZMBcGA1UECgwQ
-QXBhY2hlIFRpbmtlclBvcDEQMA4GA1UECwwHR3JlbWxpbjESMBAGA1UEAwwJbG9j
-YWxob3N0MSQwIgYJKoZIhvcNAQkBFhVzcG1hbGxldHRlQGFwYWNoZS5vcmcwIBcN
-MTcwMTIzMTg0MTEwWhgPMjExNjEyMzAxODQxMTBaMIGXMQswCQYDVQQGEwJVUzEL
-MAkGA1UECAwCQ0ExFDASBgNVBAcMC1NhbnRhIENsYXJhMRkwFwYDVQQKDBBBcGFj
-aGUgVGlua2VyUG9wMRAwDgYDVQQLDAdHcmVtbGluMRIwEAYDVQQDDAlsb2NhbGhv
-c3QxJDAiBgkqhkiG9w0BCQEWFXNwbWFsbGV0dGVAYXBhY2hlLm9yZzCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK5l+5DDrSGq1n1vYIMbb95buWlo4u5s
-V8wHNmeFCuqNvGfxermHS88SSy6qvdSXISfe+kj9Jkfn1Pjx4czwcnF/q4Au3Gc6
-T9MiAKJUfb4+MwPKERacFobk6LTreKpzvXymAhhM1ktvvA7/opZ+nENDEoIJK/KS
-CY9vRWeHqI1Q+Rf5Nrqw8eySq/ZhPDlppsu5sQr1ghSsuzXhpYNhq8VBMsysL2Zi
-VF5DFMqg9yhBkxrqo70W/pjo4kQJ/iF/4d/3HHicSCVq3/NCkWMVg0HeOZ1eVaZ/
-D6EXv8cYwyaRmf7SldE7RtdbAU0M+Y0Lmuoi2evls0Oiqf8uxEDXeLUCAwEAATAN
-BgkqhkiG9w0BAQsFAAOCAQEAJFAAUxYeUbf6tAGEKCXISted10TybPW/qCxOXEPN
-TTO+xvnzksbcbzOc2X0N+yYIKtkfiuWgD9UJ4QnLSeEKmouMbkTk0ToYJj7SrviI
-f+9R1IiZMiwz+n0igETkEGOK0Ql26Z4g3kc1IueSD07QOLASTvVLtEyoya7LD4S6
-jk1LnbpbHVmgHY4kmtsg6lVQ1zkqrsDQg9goh8dI5AlNCudpd8zLxzsPbm+Q2+DC
-Wd4A2lKdh3rbY2LYpbVhBj9c6E0laaqgyGC7s37XfmyBp4wYlX/30p6RpCR2rcRW
-SKh5NXN52Xx3WuiP42wm9ZC/de8gaODrW8n44xlEaMPJ3A==
------END CERTIFICATE-----
diff --git a/gremlin-server/src/test/resources/server.key.pk8 b/gremlin-server/src/test/resources/server.key.pk8
deleted file mode 100644
index 9dc6720..0000000
--- a/gremlin-server/src/test/resources/server.key.pk8
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
------BEGIN ENCRYPTED PRIVATE KEY-----
-MIIE6TAbBgkqhkiG9w0BBQMwDgQIJi2M3dPcx+cCAggABIIEyG/0PwTaqm3ekGkn
-8daHjfcqxCpvwOku0pCCgV7AMsrsj4TvMOHOkId+xKVs4AlXV2grPfTQoMrIFFp0
-26hzpZOHEjAe9XbtzVWgphwLVeWOr5ugovyXPxdCqMBrn251y9Yg6csh5pPrsHEp
-RLTZPQPvEVIhA0tRkPPag5BSlj//nH7PnXYRm4VSRg7WQS15ieHsC1xDM9zYni/b
-ffU++twOGvCdvtGd/lqjJj3dPomKynb6Y4cEc73vQ6cQjeXN1W1Nil4QsDZ53H3U
-KvoWuEVYDf1WDFySgHMFgePHXMMWA8ZkgS6rOrV1TDnoZIhG5BSe7aJNJQdVVMub
-NAxZB4C1unIICuAtsP9IEAhevbfNGySi0jbrnun0pTD22Q95HZVycl1YWamrr1Hl
-17TmHQT7zh4GLlXVI3L/FevoswbuR7misyqE3ketNpxdLcHKs82MVLCwbLzuqm60
-tpSm/jrexhNErKU28kdPzWCwruEHdrlOuMSS8N2YgSZxHIjEId8pZED8dsnPvqhe
-CAEa3F68Js9sngeMvThYirpr0wOsSGmGCDrXTmQvTw+q8C+DJLWpjfpKZA4g624f
-E3CUojwOaPrmaEa25eYm0oYDstY8QncG7nBAuljeXWBYfxARYcLI/bLC/M/q+UeS
-gzjQgoacH4r2Y7rwEA0aeYC+9TWn5rPHPWegdc01A2e7OlYKrlu9C1aKZr//GyBM
-lEVRc0u8RL+RVhmp7ftRyATDG9kJR+zDT26hewaEa5atnPKLjf+37hu7a/6GI+2X
-dpWTzmvWal4eEkFuBg2ekl1lCsuuCUBDWyYrlhsWPYTOSKJ/PTuLq7HVqdGB9kEw
-SavnXV5LPOaY4nAzJTdRk9DHdxSwSrjZ5rvMMD1CAbob/GA9t8aYaGcAWtTwMFs4
-sps40mmab3X0LLvTblHtmRCHWswcACbH2DC6H+0awsaZNI80GxSSutKN+2vH3N0C
-6fLwP1VaYm0qPA3pI1vp9Xu5I//6Hzt3aT/R+6KhS+CH3qbJiHNzg1ywdNqgD3Pp
-bJNEiDKWdLd65bvclVVyWHovWIvvEly1TWUsp4YbdrT5asL/VV82fvo4wCttOq96
-msk9OL5vQADJ32D7vnnYadiT2tpJMjNSug7JKHutJ/cJmm8qkqNwFm/BH+w2t7kh
-elbG0f2P7FpPXVMCJPHhmI/+OBECqBHAAWgRRn91GqeGgY+Xy05orL2R/qeNdBbT
-qmrxqm7LesPgo0IqU82quTkiBERaXMu8qUYaYPGVJIskQuWqd/aArhaFmqZhK3bz
-lepJMDAaeaBT/3ULICHdhsSVAhl6iwid40ow8x1cRFoPEljZ9t6fERN1h2ptNyZT
-LRJ4DUXy4RWTHl3+AVyzwcgMpxkxRTzdjguzAjceOHEMm7UNCvSVhFHVBkG6kXXw
-940iYvhkRnn6HRcPbP5xeJp6GX8RoAl42giRO6OGnkhkepOuAcFKJCC2N5OgdKmq
-mlVGEKndriwyzyiPN8noEJksenL1iMSA7HSnM34uCJoEetTBRuv8+721bTdz8dy0
-s/GghsYztugLjho4yivn2fcxw4gMFiSiliyrfbocJnHAubDMZwEu0fpfY+0fBi9+
-e/Odgw8aTlMUKSo+UA==
------END ENCRYPTED PRIVATE KEY-----