You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kafka.apache.org by ju...@apache.org on 2016/01/07 00:01:21 UTC
kafka git commit: KAFKA-2850; Fix SSL invalid endpoint validation test
Repository: kafka
Updated Branches:
refs/heads/trunk 5aad4999d -> 85039ab43
KAFKA-2850; Fix SSL invalid endpoint validation test
Use invalid hostname to ensure that test works in all environments
Author: Rajini Sivaram <ra...@googlemail.com>
Reviewers: Ismael Juma <is...@juma.me.uk>, Jun Rao <ju...@gmail.com>
Closes #546 from rajinisivaram/KAFKA-2850
Project: http://git-wip-us.apache.org/repos/asf/kafka/repo
Commit: http://git-wip-us.apache.org/repos/asf/kafka/commit/85039ab4
Tree: http://git-wip-us.apache.org/repos/asf/kafka/tree/85039ab4
Diff: http://git-wip-us.apache.org/repos/asf/kafka/diff/85039ab4
Branch: refs/heads/trunk
Commit: 85039ab43664577524bf99453cf2b972d3724f60
Parents: 5aad499
Author: Rajini Sivaram <ra...@googlemail.com>
Authored: Wed Jan 6 15:01:18 2016 -0800
Committer: Jun Rao <ju...@gmail.com>
Committed: Wed Jan 6 15:01:18 2016 -0800
----------------------------------------------------------------------
.../common/network/SslTransportLayerTest.java | 24 +++++++++++---------
.../org/apache/kafka/test/TestSslUtils.java | 9 ++++++--
2 files changed, 20 insertions(+), 13 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/kafka/blob/85039ab4/clients/src/test/java/org/apache/kafka/common/network/SslTransportLayerTest.java
----------------------------------------------------------------------
diff --git a/clients/src/test/java/org/apache/kafka/common/network/SslTransportLayerTest.java b/clients/src/test/java/org/apache/kafka/common/network/SslTransportLayerTest.java
index d8a037c..d4f1464 100644
--- a/clients/src/test/java/org/apache/kafka/common/network/SslTransportLayerTest.java
+++ b/clients/src/test/java/org/apache/kafka/common/network/SslTransportLayerTest.java
@@ -67,8 +67,8 @@ public class SslTransportLayerTest {
@Before
public void setup() throws Exception {
// Create certificates for use by client and server. Add server cert to client truststore and vice versa.
- serverCertStores = new CertStores(true);
- clientCertStores = new CertStores(false);
+ serverCertStores = new CertStores(true, "localhost");
+ clientCertStores = new CertStores(false, "localhost");
sslServerConfigs = serverCertStores.getTrustingConfig(clientCertStores);
sslClientConfigs = clientCertStores.getTrustingConfig(serverCertStores);
@@ -102,19 +102,21 @@ public class SslTransportLayerTest {
}
/**
- * Tests that server certificate with invalid IP address is not accepted by
- * a client that validates server endpoint. Certificate uses "localhost" as
- * common name, test uses host IP to trigger endpoint validation failure.
+ * Tests that server certificate with invalid host name is not accepted by
+ * a client that validates server endpoint. Server certificate uses
+ * wrong hostname as common name to trigger endpoint validation failure.
*/
@Test
public void testInvalidEndpointIdentification() throws Exception {
String node = "0";
- String serverHost = InetAddress.getLocalHost().getHostAddress();
- server = new SslEchoServer(sslServerConfigs, serverHost);
- server.start();
+ serverCertStores = new CertStores(true, "notahost");
+ clientCertStores = new CertStores(false, "localhost");
+ sslServerConfigs = serverCertStores.getTrustingConfig(clientCertStores);
+ sslClientConfigs = clientCertStores.getTrustingConfig(serverCertStores);
+ createEchoServer(sslServerConfigs);
sslClientConfigs.put(SslConfigs.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG, "HTTPS");
createSelector(sslClientConfigs);
- InetSocketAddress addr = new InetSocketAddress(serverHost, server.port);
+ InetSocketAddress addr = new InetSocketAddress("localhost", server.port);
selector.connect(node, addr, BUFFER_SIZE, BUFFER_SIZE);
waitForChannelClose(node);
@@ -458,11 +460,11 @@ public class SslTransportLayerTest {
Map<String, Object> sslConfig;
- CertStores(boolean server) throws Exception {
+ CertStores(boolean server, String host) throws Exception {
String name = server ? "server" : "client";
Mode mode = server ? Mode.SERVER : Mode.CLIENT;
File truststoreFile = File.createTempFile(name + "TS", ".jks");
- sslConfig = TestSslUtils.createSslConfig(!server, true, mode, truststoreFile, name);
+ sslConfig = TestSslUtils.createSslConfig(!server, true, mode, truststoreFile, name, host);
if (server)
sslConfig.put(SslConfigs.PRINCIPAL_BUILDER_CLASS_CONFIG, Class.forName(SslConfigs.DEFAULT_PRINCIPAL_BUILDER_CLASS));
}
http://git-wip-us.apache.org/repos/asf/kafka/blob/85039ab4/clients/src/test/java/org/apache/kafka/test/TestSslUtils.java
----------------------------------------------------------------------
diff --git a/clients/src/test/java/org/apache/kafka/test/TestSslUtils.java b/clients/src/test/java/org/apache/kafka/test/TestSslUtils.java
index c389502..2507e59 100644
--- a/clients/src/test/java/org/apache/kafka/test/TestSslUtils.java
+++ b/clients/src/test/java/org/apache/kafka/test/TestSslUtils.java
@@ -214,6 +214,11 @@ public class TestSslUtils {
public static Map<String, Object> createSslConfig(boolean useClientCert, boolean trustStore, Mode mode, File trustStoreFile, String certAlias)
throws IOException, GeneralSecurityException {
+ return createSslConfig(useClientCert, trustStore, mode, trustStoreFile, certAlias, "localhost");
+ }
+
+ public static Map<String, Object> createSslConfig(boolean useClientCert, boolean trustStore, Mode mode, File trustStoreFile, String certAlias, String host)
+ throws IOException, GeneralSecurityException {
Map<String, X509Certificate> certs = new HashMap<String, X509Certificate>();
File keyStoreFile;
Password password;
@@ -228,13 +233,13 @@ public class TestSslUtils {
if (useClientCert) {
keyStoreFile = File.createTempFile("clientKS", ".jks");
KeyPair cKP = generateKeyPair("RSA");
- X509Certificate cCert = generateCertificate("CN=localhost, O=client", cKP, 30, "SHA1withRSA");
+ X509Certificate cCert = generateCertificate("CN=" + host + ", O=client", cKP, 30, "SHA1withRSA");
createKeyStore(keyStoreFile.getPath(), password, "client", cKP.getPrivate(), cCert);
certs.put(certAlias, cCert);
} else {
keyStoreFile = File.createTempFile("serverKS", ".jks");
KeyPair sKP = generateKeyPair("RSA");
- X509Certificate sCert = generateCertificate("CN=localhost, O=server", sKP, 30,
+ X509Certificate sCert = generateCertificate("CN=" + host + ", O=server", sKP, 30,
"SHA1withRSA");
createKeyStore(keyStoreFile.getPath(), password, password, "server", sKP.getPrivate(), sCert);
certs.put(certAlias, sCert);