You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tinkerpop.apache.org by rd...@apache.org on 2018/08/13 19:29:00 UTC
tinkerpop git commit: TINKERPOP-2023 added tests and some fixes
Repository: tinkerpop
Updated Branches:
refs/heads/TINKERPOP-2023 48347f235 -> 2da958b03
TINKERPOP-2023 added tests and some fixes
Project: http://git-wip-us.apache.org/repos/asf/tinkerpop/repo
Commit: http://git-wip-us.apache.org/repos/asf/tinkerpop/commit/2da958b0
Tree: http://git-wip-us.apache.org/repos/asf/tinkerpop/tree/2da958b0
Diff: http://git-wip-us.apache.org/repos/asf/tinkerpop/diff/2da958b0
Branch: refs/heads/TINKERPOP-2023
Commit: 2da958b03dda0af828e8bccacac029e64c95c1cc
Parents: 48347f2
Author: Robert Dale <ro...@gmail.com>
Authored: Mon Aug 13 15:28:40 2018 -0400
Committer: Robert Dale <ro...@gmail.com>
Committed: Mon Aug 13 15:28:40 2018 -0400
----------------------------------------------------------------------
.../src/reference/gremlin-applications.asciidoc | 2 +-
.../tinkerpop/gremlin/driver/Settings.java | 28 ++-
.../tinkerpop/gremlin/driver/SettingsTest.java | 17 ++
.../AbstractGremlinServerIntegrationTest.java | 14 +-
.../server/GremlinServerIntegrateTest.java | 192 +++++++++++++++++--
...ctGremlinServerChannelizerIntegrateTest.java | 2 +
.../src/test/resources/client-key.jks | Bin 0 -> 2241 bytes
.../src/test/resources/client-key.p12 | Bin 0 -> 2583 bytes
.../src/test/resources/client-trust.jks | Bin 0 -> 969 bytes
.../src/test/resources/client-trust.p12 | Bin 0 -> 1202 bytes
.../src/test/resources/server-key.jks | Bin 0 -> 2258 bytes
.../src/test/resources/server-key.p12 | Bin 0 -> 2613 bytes
.../src/test/resources/server-trust.jks | Bin 0 -> 952 bytes
.../src/test/resources/server-trust.p12 | Bin 0 -> 1186 bytes
gremlin-server/src/test/resources/server.jks | Bin 2258 -> 0 bytes
gremlin-server/src/test/resources/server.p12 | Bin 2613 -> 0 bytes
16 files changed, 228 insertions(+), 27 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/2da958b0/docs/src/reference/gremlin-applications.asciidoc
----------------------------------------------------------------------
diff --git a/docs/src/reference/gremlin-applications.asciidoc b/docs/src/reference/gremlin-applications.asciidoc
index 1f64f46..8ad8a0a 100644
--- a/docs/src/reference/gremlin-applications.asciidoc
+++ b/docs/src/reference/gremlin-applications.asciidoc
@@ -735,7 +735,7 @@ The following table describes the various configuration options for the Gremlin
|connectionPool.keyPassword |The password of the `keyFile` if it is password-protected. |_none_
|connectionPool.keyStore |The private key in JKS or PKCS#12 format. |_none_
|connectionPool.keyStorePassword |The password of the `keyStore` if it is password-protected. |_none_
-|connectionPool.keyStoreType |JKS (Java 8 default) or PKCS#12 (Java 9+ default)|_none_
+|connectionPool.keyStoreType |`JKS` (Java 8 default) or `PKCS12` (Java 9+ default)|_none_
|connectionPool.maxContentLength |The maximum length in bytes that a message can be sent to the server. This number can be no greater than the setting of the same name in the server configuration. |65536
|connectionPool.maxInProcessPerConnection |The maximum number of in-flight requests that can occur on a connection. |4
|connectionPool.maxSimultaneousUsagePerConnection |The maximum number of times that a connection can be borrowed from the pool simultaneously. |16
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/2da958b0/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java
----------------------------------------------------------------------
diff --git a/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java b/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java
index 009a0bf..4d54792 100644
--- a/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java
+++ b/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java
@@ -181,6 +181,32 @@ final class Settings {
if (connectionPoolConf.containsKey("trustCertChainFile"))
cpSettings.trustCertChainFile = connectionPoolConf.getString("trustCertChainFile");
+ if (connectionPoolConf.containsKey("keyStore"))
+ cpSettings.keyStore = connectionPoolConf.getString("keyStore");
+
+ if (connectionPoolConf.containsKey("keyStorePassword"))
+ cpSettings.keyStorePassword = connectionPoolConf.getString("keyStorePassword");
+
+ if (connectionPoolConf.containsKey("keyStoreType"))
+ cpSettings.keyStoreType = connectionPoolConf.getString("keyStoreType");
+
+ if (connectionPoolConf.containsKey("trustStore"))
+ cpSettings.trustStore = connectionPoolConf.getString("trustStore");
+
+ if (connectionPoolConf.containsKey("trustStorePassword"))
+ cpSettings.trustStorePassword = connectionPoolConf.getString("trustStorePassword");
+
+ if (connectionPoolConf.containsKey("sslEnabledProtocols"))
+ cpSettings.sslEnabledProtocols = connectionPoolConf.getList("sslEnabledProtocols").stream().map(Object::toString)
+ .collect(Collectors.toList());
+
+ if (connectionPoolConf.containsKey("sslCipherSuites"))
+ cpSettings.sslCipherSuites = connectionPoolConf.getList("sslCipherSuites").stream().map(Object::toString)
+ .collect(Collectors.toList());
+
+ if (connectionPoolConf.containsKey("sslSkipCertValidation"))
+ cpSettings.sslSkipCertValidation = connectionPoolConf.getBoolean("sslSkipCertValidation");
+
if (connectionPoolConf.containsKey("minSize"))
cpSettings.minSize = connectionPoolConf.getInt("minSize");
@@ -283,7 +309,7 @@ final class Settings {
public String trustStorePassword;
/**
- * JSSE keystore format. Similar to setting JSSE property
+ * JSSE keystore format. 'jks' or 'pkcs12'. Similar to setting JSSE property
* {@code javax.net.ssl.keyStoreType}.
*/
public String keyStoreType;
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/2da958b0/gremlin-driver/src/test/java/org/apache/tinkerpop/gremlin/driver/SettingsTest.java
----------------------------------------------------------------------
diff --git a/gremlin-driver/src/test/java/org/apache/tinkerpop/gremlin/driver/SettingsTest.java b/gremlin-driver/src/test/java/org/apache/tinkerpop/gremlin/driver/SettingsTest.java
index c373879..56e0ec8 100644
--- a/gremlin-driver/src/test/java/org/apache/tinkerpop/gremlin/driver/SettingsTest.java
+++ b/gremlin-driver/src/test/java/org/apache/tinkerpop/gremlin/driver/SettingsTest.java
@@ -49,6 +49,14 @@ public class SettingsTest {
conf.setProperty("connectionPool.keyFile", "PKCS#8");
conf.setProperty("connectionPool.keyPassword", "password1");
conf.setProperty("connectionPool.trustCertChainFile", "pem");
+ conf.setProperty("connectionPool.keyStore", "server.jks");
+ conf.setProperty("connectionPool.keyStorePassword", "password2");
+ conf.setProperty("connectionPool.keyStoreType", "pkcs12");
+ conf.setProperty("connectionPool.trustStore", "trust.jks");
+ conf.setProperty("connectionPool.trustStorePassword", "password3");
+ conf.setProperty("connectionPool.sslEnabledProtocols", Arrays.asList("TLSv1.1","TLSv1.2"));
+ conf.setProperty("connectionPool.sslCipherSuites", Arrays.asList("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"));
+ conf.setProperty("connectionPool.sslSkipCertValidation", true);
conf.setProperty("connectionPool.minSize", 100);
conf.setProperty("connectionPool.maxSize", 200);
conf.setProperty("connectionPool.minSimultaneousUsagePerConnection", 300);
@@ -71,6 +79,7 @@ public class SettingsTest {
assertEquals("password1", settings.password);
assertEquals("JaasIt", settings.jaasEntry);
assertEquals("protocol0", settings.protocol);
+ assertEquals(Arrays.asList("255.0.0.1", "255.0.0.2", "255.0.0.3"), settings.hosts);
assertEquals("my.serializers.MySerializer", settings.serializer.className);
assertEquals("thing", settings.serializer.config.get("any"));
assertEquals(true, settings.connectionPool.enableSsl);
@@ -78,6 +87,14 @@ public class SettingsTest {
assertEquals("PKCS#8", settings.connectionPool.keyFile);
assertEquals("password1", settings.connectionPool.keyPassword);
assertEquals("pem", settings.connectionPool.trustCertChainFile);
+ assertEquals("server.jks", settings.connectionPool.keyStore);
+ assertEquals("password2", settings.connectionPool.keyStorePassword);
+ assertEquals("pkcs12", settings.connectionPool.keyStoreType);
+ assertEquals("trust.jks", settings.connectionPool.trustStore);
+ assertEquals("password3", settings.connectionPool.trustStorePassword);
+ assertEquals(Arrays.asList("TLSv1.1","TLSv1.2"), settings.connectionPool.sslEnabledProtocols);
+ assertEquals(Arrays.asList("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"), settings.connectionPool.sslCipherSuites);
+ assertEquals(true, settings.connectionPool.sslSkipCertValidation);
assertEquals(100, settings.connectionPool.minSize);
assertEquals(200, settings.connectionPool.maxSize);
assertEquals(300, settings.connectionPool.minSimultaneousUsagePerConnection);
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/2da958b0/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/AbstractGremlinServerIntegrationTest.java
----------------------------------------------------------------------
diff --git a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/AbstractGremlinServerIntegrationTest.java b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/AbstractGremlinServerIntegrationTest.java
index 0543a59..c5e3966 100644
--- a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/AbstractGremlinServerIntegrationTest.java
+++ b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/AbstractGremlinServerIntegrationTest.java
@@ -40,10 +40,16 @@ import static org.junit.Assume.assumeThat;
public abstract class AbstractGremlinServerIntegrationTest {
public static final String KEY_PASS = "changeit";
- public static final String JKS_SERVER_KEY = "src/test/resources/server.jks";
- public static final String JKS_CLIENT_KEY = "src/test/resources/client.jks";
- public static final String P12_SERVER_KEY = "src/test/resources/server.p12";
- public static final String P12_CLIENT_KEY = "src/test/resources/client.p12";
+ public static final String JKS_SERVER_KEY = "src/test/resources/server-key.jks";
+ public static final String JKS_SERVER_TRUST = "src/test/resources/server-trust.jks";
+ public static final String JKS_CLIENT_KEY = "src/test/resources/client-key.jks";
+ public static final String JKS_CLIENT_TRUST = "src/test/resources/client-trust.jks";
+ public static final String P12_SERVER_KEY = "src/test/resources/server-key.p12";
+ public static final String P12_SERVER_TRUST = "src/test/resources/server-trust.p12";
+ public static final String P12_CLIENT_KEY = "src/test/resources/client-key.p12";
+ public static final String P12_CLIENT_TRUST = "src/test/resources/client-trust.p12";
+ public static final String KEYSTORE_TYPE_JKS = "jks";
+ public static final String KEYSTORE_TYPE_PKCS12 = "pkcs12";
protected GremlinServer server;
private Settings overriddenSettings;
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/2da958b0/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerIntegrateTest.java
----------------------------------------------------------------------
diff --git a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerIntegrateTest.java b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerIntegrateTest.java
index 238d2b2..a4e9478 100644
--- a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerIntegrateTest.java
+++ b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerIntegrateTest.java
@@ -74,6 +74,7 @@ import org.junit.Test;
import java.lang.reflect.Field;
import java.nio.channels.ClosedChannelException;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
@@ -195,42 +196,97 @@ public class GremlinServerIntegrateTest extends AbstractGremlinServerIntegration
settings.ssl.enabled = true;
settings.ssl.keyStore = JKS_SERVER_KEY;
settings.ssl.keyStorePassword = KEY_PASS;
+ settings.ssl.keyStoreType = KEYSTORE_TYPE_JKS;
break;
case "shouldEnableSslWithSslContextProgrammaticallySpecified":
settings.ssl = new Settings.SslSettings();
settings.ssl.enabled = true;
settings.ssl.overrideSslContext(createServerSslContext());
break;
- case "shouldEnableSslAndClientCertificateAuth":
+ case "shouldEnableSslAndClientCertificateAuthWithLegacyPem":
settings.ssl = new Settings.SslSettings();
settings.ssl.enabled = true;
settings.ssl.needClientAuth = ClientAuth.REQUIRE;
settings.ssl.keyCertChainFile = PEM_SERVER_CRT;
settings.ssl.keyFile = PEM_SERVER_KEY;
- settings.ssl.keyPassword =KEY_PASS;
+ settings.ssl.keyPassword = KEY_PASS;
// Trust the client
settings.ssl.trustCertChainFile = PEM_CLIENT_CRT;
- break;
- case "shouldEnableSslAndClientCertificateAuthAndFailWithoutCert":
+ break;
+ case "shouldEnableSslAndClientCertificateAuthAndFailWithoutCertWithLegacyPem":
settings.ssl = new Settings.SslSettings();
settings.ssl.enabled = true;
settings.ssl.needClientAuth = ClientAuth.REQUIRE;
settings.ssl.keyCertChainFile = PEM_SERVER_CRT;
settings.ssl.keyFile = PEM_SERVER_KEY;
- settings.ssl.keyPassword =KEY_PASS;
+ settings.ssl.keyPassword = KEY_PASS;
// Trust the client
settings.ssl.trustCertChainFile = PEM_CLIENT_CRT;
- break;
- case "shouldEnableSslAndClientCertificateAuthAndFailWithoutTrustedClientCert":
+ break;
+ case "shouldEnableSslAndClientCertificateAuthAndFailWithoutTrustedClientCertWithLegacyPem":
settings.ssl = new Settings.SslSettings();
settings.ssl.enabled = true;
settings.ssl.needClientAuth = ClientAuth.REQUIRE;
settings.ssl.keyCertChainFile = PEM_SERVER_CRT;
settings.ssl.keyFile = PEM_SERVER_KEY;
- settings.ssl.keyPassword =KEY_PASS;
+ settings.ssl.keyPassword = KEY_PASS;
// Trust ONLY the server cert
settings.ssl.trustCertChainFile = PEM_SERVER_CRT;
- break;
+ break;
+ case "shouldEnableSslAndClientCertificateAuthWithPkcs12":
+ settings.ssl = new Settings.SslSettings();
+ settings.ssl.enabled = true;
+ settings.ssl.needClientAuth = ClientAuth.REQUIRE;
+ settings.ssl.keyStore = P12_SERVER_KEY;
+ settings.ssl.keyStorePassword = KEY_PASS;
+ settings.ssl.keyStoreType = KEYSTORE_TYPE_PKCS12;
+ settings.ssl.trustStore = P12_SERVER_TRUST;
+ settings.ssl.trustStorePassword = KEY_PASS;
+ break;
+ case "shouldEnableSslAndClientCertificateAuth":
+ settings.ssl = new Settings.SslSettings();
+ settings.ssl.enabled = true;
+ settings.ssl.needClientAuth = ClientAuth.REQUIRE;
+ settings.ssl.keyStore = JKS_SERVER_KEY;
+ settings.ssl.keyStorePassword = KEY_PASS;
+ settings.ssl.keyStoreType = KEYSTORE_TYPE_JKS;
+ settings.ssl.trustStore = JKS_SERVER_TRUST;
+ settings.ssl.trustStorePassword = KEY_PASS;
+ break;
+ case "shouldEnableSslAndClientCertificateAuthAndFailWithoutCert":
+ settings.ssl = new Settings.SslSettings();
+ settings.ssl.enabled = true;
+ settings.ssl.needClientAuth = ClientAuth.REQUIRE;
+ settings.ssl.keyStore = JKS_SERVER_KEY;
+ settings.ssl.keyStorePassword = KEY_PASS;
+ settings.ssl.keyStoreType = KEYSTORE_TYPE_JKS;
+ settings.ssl.trustStore = JKS_SERVER_TRUST;
+ settings.ssl.trustStorePassword = KEY_PASS;
+ break;
+ case "shouldEnableSslAndClientCertificateAuthAndFailWithoutTrustedClientCert":
+ settings.ssl = new Settings.SslSettings();
+ settings.ssl.enabled = true;
+ settings.ssl.needClientAuth = ClientAuth.REQUIRE;
+ settings.ssl.keyStore = JKS_SERVER_KEY;
+ settings.ssl.keyStorePassword = KEY_PASS;
+ settings.ssl.keyStoreType = KEYSTORE_TYPE_JKS;
+ break;
+ case "shouldEnableSslAndFailIfProtocolsDontMatch":
+ settings.ssl = new Settings.SslSettings();
+ settings.ssl.enabled = true;
+ settings.ssl.keyStore = JKS_SERVER_KEY;
+ settings.ssl.keyStorePassword = KEY_PASS;
+ settings.ssl.keyStoreType = KEYSTORE_TYPE_JKS;
+ settings.ssl.sslEnabledProtocols = Arrays.asList("TLSv1.1");
+ break;
+ case "shouldEnableSslAndFailIfCiphersDontMatch":
+ settings.ssl = new Settings.SslSettings();
+ settings.ssl.enabled = true;
+ settings.ssl.keyStore = JKS_SERVER_KEY;
+ settings.ssl.keyStorePassword = KEY_PASS;
+ settings.ssl.keyStoreType = KEYSTORE_TYPE_JKS;
+ settings.ssl.sslCipherSuites = Arrays.asList("TLS_DHE_RSA_WITH_AES_128_CBC_SHA");
+ break;
case "shouldUseSimpleSandbox":
settings.scriptEngines.get("gremlin-groovy").config = getScriptEngineConfForSimpleSandbox();
break;
@@ -532,21 +588,21 @@ public class GremlinServerIntegrateTest extends AbstractGremlinServerIntegration
}
@Test
- public void shouldEnableSslAndClientCertificateAuth() {
- final Cluster cluster = TestClientFactory.build().enableSsl(true)
- .keyCertChainFile(PEM_CLIENT_CRT).keyFile(PEM_CLIENT_KEY)
- .keyPassword(KEY_PASS).trustCertificateChainFile(PEM_SERVER_CRT).create();
- final Client client = cluster.connect();
+ public void shouldEnableSslAndClientCertificateAuthWithLegacyPem() {
+ final Cluster cluster = TestClientFactory.build().enableSsl(true)
+ .keyCertChainFile(PEM_CLIENT_CRT).keyFile(PEM_CLIENT_KEY)
+ .keyPassword(KEY_PASS).trustCertificateChainFile(PEM_SERVER_CRT).create();
+ final Client client = cluster.connect();
try {
- assertEquals("test", client.submit("'test'").one().getString());
+ assertEquals("test", client.submit("'test'").one().getString());
} finally {
cluster.close();
}
}
@Test
- public void shouldEnableSslAndClientCertificateAuthAndFailWithoutCert() {
+ public void shouldEnableSslAndClientCertificateAuthAndFailWithoutCertWithLegacyPem() {
final Cluster cluster = TestClientFactory.build().enableSsl(true).keyStore(JKS_SERVER_KEY).keyStorePassword(KEY_PASS).sslSkipCertValidation(true).create();
final Client client = cluster.connect();
@@ -562,11 +618,11 @@ public class GremlinServerIntegrateTest extends AbstractGremlinServerIntegration
}
@Test
- public void shouldEnableSslAndClientCertificateAuthAndFailWithoutTrustedClientCert() {
- final Cluster cluster = TestClientFactory.build().enableSsl(true)
- .keyCertChainFile(PEM_CLIENT_CRT).keyFile(PEM_CLIENT_KEY)
- .keyPassword(KEY_PASS).trustCertificateChainFile(PEM_SERVER_CRT).create();
- final Client client = cluster.connect();
+ public void shouldEnableSslAndClientCertificateAuthAndFailWithoutTrustedClientCertWithLegacyPem() {
+ final Cluster cluster = TestClientFactory.build().enableSsl(true)
+ .keyCertChainFile(PEM_CLIENT_CRT).keyFile(PEM_CLIENT_KEY)
+ .keyPassword(KEY_PASS).trustCertificateChainFile(PEM_SERVER_CRT).create();
+ final Client client = cluster.connect();
try {
client.submit("'test'").one();
@@ -578,6 +634,100 @@ public class GremlinServerIntegrateTest extends AbstractGremlinServerIntegration
cluster.close();
}
}
+
+ @Test
+ public void shouldEnableSslAndClientCertificateAuthWithPkcs12() {
+ final Cluster cluster = TestClientFactory.build().enableSsl(true).keyStore(P12_CLIENT_KEY).keyStorePassword(KEY_PASS)
+ .keyStoreType(KEYSTORE_TYPE_PKCS12).trustStore(P12_CLIENT_TRUST).trustStorePassword(KEY_PASS).create();
+ final Client client = cluster.connect();
+
+ try {
+ assertEquals("test", client.submit("'test'").one().getString());
+ } finally {
+ cluster.close();
+ }
+ }
+
+ @Test
+ public void shouldEnableSslAndClientCertificateAuth() {
+ final Cluster cluster = TestClientFactory.build().enableSsl(true).keyStore(JKS_CLIENT_KEY).keyStorePassword(KEY_PASS)
+ .keyStoreType(KEYSTORE_TYPE_JKS).trustStore(JKS_CLIENT_TRUST).trustStorePassword(KEY_PASS).create();
+ final Client client = cluster.connect();
+
+ try {
+ assertEquals("test", client.submit("'test'").one().getString());
+ } finally {
+ cluster.close();
+ }
+ }
+
+ @Test
+ public void shouldEnableSslAndClientCertificateAuthAndFailWithoutCert() {
+ final Cluster cluster = TestClientFactory.build().enableSsl(true).keyStore(JKS_SERVER_KEY).keyStorePassword(KEY_PASS)
+ .keyStoreType(KEYSTORE_TYPE_JKS).sslSkipCertValidation(true).create();
+ final Client client = cluster.connect();
+
+ try {
+ client.submit("'test'").one();
+ fail("Should throw exception because ssl client auth is enabled on the server but client does not have a cert");
+ } catch (Exception x) {
+ final Throwable root = ExceptionUtils.getRootCause(x);
+ assertThat(root, instanceOf(TimeoutException.class));
+ } finally {
+ cluster.close();
+ }
+ }
+
+ @Test
+ public void shouldEnableSslAndClientCertificateAuthAndFailWithoutTrustedClientCert() {
+ final Cluster cluster = TestClientFactory.build().enableSsl(true).keyStore(JKS_CLIENT_KEY).keyStorePassword(KEY_PASS)
+ .keyStoreType(KEYSTORE_TYPE_JKS).trustStore(JKS_CLIENT_TRUST).trustStorePassword(KEY_PASS).create();
+ final Client client = cluster.connect();
+
+ try {
+ client.submit("'test'").one();
+ fail("Should throw exception because ssl client auth is enabled on the server but does not trust client's cert");
+ } catch (Exception x) {
+ final Throwable root = ExceptionUtils.getRootCause(x);
+ assertThat(root, instanceOf(TimeoutException.class));
+ } finally {
+ cluster.close();
+ }
+ }
+
+ @Test
+ public void shouldEnableSslAndFailIfProtocolsDontMatch() {
+ final Cluster cluster = TestClientFactory.build().enableSsl(true).keyStore(JKS_SERVER_KEY).keyStorePassword(KEY_PASS)
+ .sslSkipCertValidation(true).sslEnabledProtocols(Arrays.asList("TLSv1.2")).create();
+ final Client client = cluster.connect();
+
+ try {
+ client.submit("'test'").one();
+ fail("Should throw exception because ssl client requires TLSv1.2 whereas server supports only TLSv1.1");
+ } catch (Exception x) {
+ final Throwable root = ExceptionUtils.getRootCause(x);
+ assertThat(root, instanceOf(TimeoutException.class));
+ } finally {
+ cluster.close();
+ }
+ }
+
+ @Test
+ public void shouldEnableSslAndFailIfCiphersDontMatch() {
+ final Cluster cluster = TestClientFactory.build().enableSsl(true).keyStore(JKS_SERVER_KEY).keyStorePassword(KEY_PASS)
+ .sslSkipCertValidation(true).sslCipherSuites(Arrays.asList("SSL_RSA_WITH_RC4_128_SHA")).create();
+ final Client client = cluster.connect();
+
+ try {
+ client.submit("'test'").one();
+ fail("Should throw exception because ssl client requires TLSv1.2 whereas server supports only TLSv1.1");
+ } catch (Exception x) {
+ final Throwable root = ExceptionUtils.getRootCause(x);
+ assertThat(root, instanceOf(TimeoutException.class));
+ } finally {
+ cluster.close();
+ }
+ }
@Test
public void shouldRespectHighWaterMarkSettingAndSucceed() throws Exception {
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/2da958b0/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/channel/AbstractGremlinServerChannelizerIntegrateTest.java
----------------------------------------------------------------------
diff --git a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/channel/AbstractGremlinServerChannelizerIntegrateTest.java b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/channel/AbstractGremlinServerChannelizerIntegrateTest.java
index 300a7f4..ced5247 100644
--- a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/channel/AbstractGremlinServerChannelizerIntegrateTest.java
+++ b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/channel/AbstractGremlinServerChannelizerIntegrateTest.java
@@ -102,6 +102,7 @@ abstract class AbstractGremlinServerChannelizerIntegrateTest extends AbstractGre
settings.ssl.enabled = true;
settings.ssl.keyStore = JKS_SERVER_KEY;
settings.ssl.keyStorePassword = KEY_PASS;
+ settings.ssl.keyStoreType = KEYSTORE_TYPE_JKS;
break;
case "shouldWorkWithAuth":
if (authSettings != null) {
@@ -113,6 +114,7 @@ abstract class AbstractGremlinServerChannelizerIntegrateTest extends AbstractGre
settings.ssl.enabled = true;
settings.ssl.keyStore = JKS_SERVER_KEY;
settings.ssl.keyStorePassword = KEY_PASS;
+ settings.ssl.keyStoreType = KEYSTORE_TYPE_JKS;
if (authSettings != null) {
settings.authentication = getAuthSettings();
}
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/2da958b0/gremlin-server/src/test/resources/client-key.jks
----------------------------------------------------------------------
diff --git a/gremlin-server/src/test/resources/client-key.jks b/gremlin-server/src/test/resources/client-key.jks
new file mode 100644
index 0000000..39df02b
Binary files /dev/null and b/gremlin-server/src/test/resources/client-key.jks differ
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/2da958b0/gremlin-server/src/test/resources/client-key.p12
----------------------------------------------------------------------
diff --git a/gremlin-server/src/test/resources/client-key.p12 b/gremlin-server/src/test/resources/client-key.p12
new file mode 100644
index 0000000..74f182c
Binary files /dev/null and b/gremlin-server/src/test/resources/client-key.p12 differ
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/2da958b0/gremlin-server/src/test/resources/client-trust.jks
----------------------------------------------------------------------
diff --git a/gremlin-server/src/test/resources/client-trust.jks b/gremlin-server/src/test/resources/client-trust.jks
new file mode 100644
index 0000000..d8b5479
Binary files /dev/null and b/gremlin-server/src/test/resources/client-trust.jks differ
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/2da958b0/gremlin-server/src/test/resources/client-trust.p12
----------------------------------------------------------------------
diff --git a/gremlin-server/src/test/resources/client-trust.p12 b/gremlin-server/src/test/resources/client-trust.p12
new file mode 100644
index 0000000..2100e94
Binary files /dev/null and b/gremlin-server/src/test/resources/client-trust.p12 differ
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/2da958b0/gremlin-server/src/test/resources/server-key.jks
----------------------------------------------------------------------
diff --git a/gremlin-server/src/test/resources/server-key.jks b/gremlin-server/src/test/resources/server-key.jks
new file mode 100644
index 0000000..85dbe67
Binary files /dev/null and b/gremlin-server/src/test/resources/server-key.jks differ
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/2da958b0/gremlin-server/src/test/resources/server-key.p12
----------------------------------------------------------------------
diff --git a/gremlin-server/src/test/resources/server-key.p12 b/gremlin-server/src/test/resources/server-key.p12
new file mode 100644
index 0000000..4d1aad7
Binary files /dev/null and b/gremlin-server/src/test/resources/server-key.p12 differ
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/2da958b0/gremlin-server/src/test/resources/server-trust.jks
----------------------------------------------------------------------
diff --git a/gremlin-server/src/test/resources/server-trust.jks b/gremlin-server/src/test/resources/server-trust.jks
new file mode 100644
index 0000000..a53cf47
Binary files /dev/null and b/gremlin-server/src/test/resources/server-trust.jks differ
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/2da958b0/gremlin-server/src/test/resources/server-trust.p12
----------------------------------------------------------------------
diff --git a/gremlin-server/src/test/resources/server-trust.p12 b/gremlin-server/src/test/resources/server-trust.p12
new file mode 100644
index 0000000..a055de0
Binary files /dev/null and b/gremlin-server/src/test/resources/server-trust.p12 differ
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/2da958b0/gremlin-server/src/test/resources/server.jks
----------------------------------------------------------------------
diff --git a/gremlin-server/src/test/resources/server.jks b/gremlin-server/src/test/resources/server.jks
deleted file mode 100644
index 85dbe67..0000000
Binary files a/gremlin-server/src/test/resources/server.jks and /dev/null differ
http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/2da958b0/gremlin-server/src/test/resources/server.p12
----------------------------------------------------------------------
diff --git a/gremlin-server/src/test/resources/server.p12 b/gremlin-server/src/test/resources/server.p12
deleted file mode 100644
index 4d1aad7..0000000
Binary files a/gremlin-server/src/test/resources/server.p12 and /dev/null differ