You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by mm...@apache.org on 2020/08/04 22:00:33 UTC
[geode-native] branch GEODE-8398-sni-support-dotnet created (now
8f7f35e)
This is an automated email from the ASF dual-hosted git repository.
mmartell pushed a change to branch GEODE-8398-sni-support-dotnet
in repository https://gitbox.apache.org/repos/asf/geode-native.git.
at 8f7f35e Move sni-test-config directory to the project root
This branch includes the following new commits:
new a4ea0b6 WIP: Sooooo close! Almost have hostname/port issues worked out for SNI connection
new 4b37701 WIP: More progress - looks like we're actually hitting the proxy and doing things (~80% sure)
new a62dbbc Fix currentWorkingDir on Windows
new dcd14c0 Add updated SNI test: - use new SniConfigPath variable
new d67422b Add the new SetSniProxy API
new 8f7f35e Move sni-test-config directory to the project root
The 6 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[geode-native] 04/06: Add updated SNI test: - use new SniConfigPath
variable
Posted by mm...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
mmartell pushed a commit to branch GEODE-8398-sni-support-dotnet
in repository https://gitbox.apache.org/repos/asf/geode-native.git
commit dcd14c0d57611885e3db5d76506950664c117075
Author: Mike Martell <mm...@pivotal.io>
AuthorDate: Tue Aug 4 14:58:16 2020 -0700
Add updated SNI test:
- use new SniConfigPath variable
---
clicache/integration-test2/CMakeLists.txt | 1 +
clicache/integration-test2/Config.cs.in | 5 ++
clicache/integration-test2/SNITests.cs | 137 ++++++++++++++++++++++++++++++
3 files changed, 143 insertions(+)
diff --git a/clicache/integration-test2/CMakeLists.txt b/clicache/integration-test2/CMakeLists.txt
index a6c31d4..fc23361 100644
--- a/clicache/integration-test2/CMakeLists.txt
+++ b/clicache/integration-test2/CMakeLists.txt
@@ -48,6 +48,7 @@ add_library( ${PROJECT_NAME} SHARED
packages.config
AutoSerializationTests.cs
SerializationTests.cs
+ SNITests.cs
)
set_source_files_properties(
diff --git a/clicache/integration-test2/Config.cs.in b/clicache/integration-test2/Config.cs.in
index 9ec3f65..4111ec2 100644
--- a/clicache/integration-test2/Config.cs.in
+++ b/clicache/integration-test2/Config.cs.in
@@ -38,4 +38,9 @@ public class Config
{
get { return @"@CMAKE_CURRENT_SOURCE_DIR@/../../ssl_keys/client_keys"; }
}
+
+ public static string SniConfigPath
+ {
+ get { return @"@CMAKE_CURRENT_SOURCE_DIR@/../../sni-test-config"; }
+ }
}
diff --git a/clicache/integration-test2/SNITests.cs b/clicache/integration-test2/SNITests.cs
new file mode 100644
index 0000000..3e96ce5
--- /dev/null
+++ b/clicache/integration-test2/SNITests.cs
@@ -0,0 +1,137 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+using System;
+using System.Diagnostics;
+using System.IO;
+using Xunit;
+using PdxTests;
+using System.Collections;
+using System.Collections.Generic;
+using Xunit.Abstractions;
+
+namespace Apache.Geode.Client.IntegrationTests
+{
+ [Trait("Category", "Integration")]
+ public class SNITests : TestBase, IDisposable
+ {
+ string currentWorkingDirectory;
+ Process dockerProcess;
+ private readonly Cache cache_;
+
+ public SNITests(ITestOutputHelper testOutputHelper) : base(testOutputHelper)
+ {
+ currentWorkingDirectory = Directory.GetCurrentDirectory();
+ var clientTruststore = Config.SslClientKeyPath + @"/truststore_sni.pem";
+
+
+
+ var cacheFactory = new CacheFactory();
+ cacheFactory.Set("log-level", "none");
+ cacheFactory.Set("log-file", "c:/temp/SNITest-csharp.log");
+ cacheFactory.Set("ssl-enabled", "true");
+ cacheFactory.Set("ssl-truststore", clientTruststore);
+
+ cache_ = cacheFactory.Create();
+
+ var pd = "--project-directory " + Config.SniConfigPath + " up -d";
+ var dc = Process.Start(@"C:\Program Files\docker\docker\resources\bin\docker-compose.exe", "-f " + Config.SniConfigPath + "/docker-compose.yml" + " up -d");
+ dc.WaitForExit();
+
+ var d = Process.Start(@"C:\Program Files\docker\docker\resources\bin\docker.exe", "exec -t geode gfsh run --file=/geode/scripts/geode-starter.gfsh");
+ d.WaitForExit();
+ }
+
+ public void Dispose()
+ {
+
+ var dockerComposeProc = Process.Start(@"C:\Program Files\docker\docker\resources\bin\docker-compose.exe", "stop");
+ dockerComposeProc.WaitForExit();
+
+ var dockerProc = Process.Start(@"C:\Program Files\docker\docker\resources\bin\docker.exe", "container prune -f");
+ dockerProc.WaitForExit();
+
+ }
+
+ private string RunDockerCommand(string dockerCommand)
+ {
+ ProcessStartInfo startInfo = new ProcessStartInfo();
+ startInfo.RedirectStandardOutput = true;
+ startInfo.UseShellExecute = false;
+ startInfo.FileName = @"C:\Program Files\Docker\Docker\resources\bin\docker.exe";
+ startInfo.Arguments = dockerCommand;
+ dockerProcess = Process.Start(startInfo);
+ String rVal = dockerProcess.StandardOutput.ReadToEnd();
+ dockerProcess.WaitForExit();
+ return rVal;
+ }
+
+ private int ParseProxyPort(string proxyString)
+ {
+ int colonPosition = proxyString.IndexOf(":");
+ string portNumberString = proxyString.Substring(colonPosition + 1);
+ return Int32.Parse(portNumberString);
+ }
+
+ [Fact]
+ public void ConnectViaProxyTest()
+ {
+ var portString = RunDockerCommand("port haproxy");
+ var portNumber = ParseProxyPort(portString);
+
+ cache_.GetPoolManager()
+ .CreateFactory()
+ .SetSniProxy("localhost", portNumber)
+ .AddLocator("locator-maeve", 10334)
+ .Create("pool");
+
+ var region = cache_.CreateRegionFactory(RegionShortcut.PROXY)
+ .SetPoolName("pool")
+ .Create<string, string>("jellyfish");
+
+ region.Put("1", "one");
+ var value = region.Get("1");
+
+ Assert.Equal("one", value);
+ cache_.Close();
+ }
+
+ [Fact]
+ public void ConnectionFailsTest()
+ {
+ cache_.GetPoolManager()
+ .CreateFactory()
+ .AddLocator("localhost", 10334)
+ .Create("pool");
+
+ var region = cache_.CreateRegionFactory(RegionShortcut.PROXY)
+ .SetPoolName("pool")
+ .Create<string, string>("region");
+
+ Assert.Throws<NotConnectedException>(() => region.Put("1", "one"));
+ }
+
+ [Fact]
+ public void DoNothingTest()
+ {
+ cache_.GetPoolManager()
+ .CreateFactory()
+ .AddLocator("localhost", 10334)
+ .Create("pool");
+ }
+ }
+}
\ No newline at end of file
[geode-native] 06/06: Move sni-test-config directory to the project
root
Posted by mm...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
mmartell pushed a commit to branch GEODE-8398-sni-support-dotnet
in repository https://gitbox.apache.org/repos/asf/geode-native.git
commit 8f7f35e7be69db6d019c75ab8fe2d2666c772214
Author: Mike Martell <mm...@pivotal.io>
AuthorDate: Tue Aug 4 15:00:02 2020 -0700
Move sni-test-config directory to the project root
---
sni-test-config/docker-compose.yml | 43 +++++++++++++
sni-test-config/geode-config/gemfire.properties | 19 ++++++
sni-test-config/geode-config/gfsecurity.properties | 27 ++++++++
.../geode-config/locator-maeve-keystore.jks | Bin 0 -> 2048 bytes
.../geode-config/server-clementine-keystore.jks | Bin 0 -> 2059 bytes
.../geode-config/server-dolores-keystore.jks | Bin 0 -> 2050 bytes
sni-test-config/geode-config/truststore.jks | Bin 0 -> 8095 bytes
sni-test-config/geode-config/truststore.p12 | Bin 0 -> 8983 bytes
sni-test-config/geode-config/truststore_sni.pem | 68 +++++++++++++++++++++
sni-test-config/haproxy.cfg | 44 +++++++++++++
sni-test-config/scripts/forever | 20 ++++++
sni-test-config/scripts/geode-starter-2.gfsh | 23 +++++++
sni-test-config/scripts/geode-starter.gfsh | 22 +++++++
13 files changed, 266 insertions(+)
diff --git a/sni-test-config/docker-compose.yml b/sni-test-config/docker-compose.yml
new file mode 100644
index 0000000..b0a6100
--- /dev/null
+++ b/sni-test-config/docker-compose.yml
@@ -0,0 +1,43 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+version: '3'
+services:
+ geode:
+ container_name: 'geode'
+ image: 'apachegeode/geode'
+ expose:
+ - '10334'
+ - '40404'
+ entrypoint: 'sh'
+ command: ["-c", "while true; do sleep 600; done"]
+ networks:
+ geode-sni-test:
+ volumes:
+ - ./geode-config:/geode/config:ro
+ - ./scripts:/geode/scripts
+ haproxy:
+ container_name: 'haproxy'
+ image: 'haproxy:2.1'
+ ports:
+ - "15443"
+ networks:
+ geode-sni-test:
+ volumes:
+ - ./haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro
+networks:
+ geode-sni-test:
+
diff --git a/sni-test-config/geode-config/gemfire.properties b/sni-test-config/geode-config/gemfire.properties
new file mode 100644
index 0000000..1f13fb0
--- /dev/null
+++ b/sni-test-config/geode-config/gemfire.properties
@@ -0,0 +1,19 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+statistic-sampling-enabled=true
+statistic-archive-file=statArchive.gfs
diff --git a/sni-test-config/geode-config/gfsecurity.properties b/sni-test-config/geode-config/gfsecurity.properties
new file mode 100644
index 0000000..813d260
--- /dev/null
+++ b/sni-test-config/geode-config/gfsecurity.properties
@@ -0,0 +1,27 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+security-log-level=info
+security-peer-verifymember-timeout=1000
+ssl-keystore-password=geode
+ssl-truststore=/geode/config/truststore.jks
+ssl-truststore-password=geode
+ssl-require-authentication=false
+ssl-web-require-authentication=false
+ssl-enabled-components=all
+ssl-endpoint-identification-enabled=false
+
diff --git a/sni-test-config/geode-config/locator-maeve-keystore.jks b/sni-test-config/geode-config/locator-maeve-keystore.jks
new file mode 100644
index 0000000..a29cf0f
Binary files /dev/null and b/sni-test-config/geode-config/locator-maeve-keystore.jks differ
diff --git a/sni-test-config/geode-config/server-clementine-keystore.jks b/sni-test-config/geode-config/server-clementine-keystore.jks
new file mode 100644
index 0000000..380de6c
Binary files /dev/null and b/sni-test-config/geode-config/server-clementine-keystore.jks differ
diff --git a/sni-test-config/geode-config/server-dolores-keystore.jks b/sni-test-config/geode-config/server-dolores-keystore.jks
new file mode 100644
index 0000000..cb2c4c5
Binary files /dev/null and b/sni-test-config/geode-config/server-dolores-keystore.jks differ
diff --git a/sni-test-config/geode-config/truststore.jks b/sni-test-config/geode-config/truststore.jks
new file mode 100644
index 0000000..ffcdaf3
Binary files /dev/null and b/sni-test-config/geode-config/truststore.jks differ
diff --git a/sni-test-config/geode-config/truststore.p12 b/sni-test-config/geode-config/truststore.p12
new file mode 100644
index 0000000..339d775
Binary files /dev/null and b/sni-test-config/geode-config/truststore.p12 differ
diff --git a/sni-test-config/geode-config/truststore_sni.pem b/sni-test-config/geode-config/truststore_sni.pem
new file mode 100644
index 0000000..b4e8cda
--- /dev/null
+++ b/sni-test-config/geode-config/truststore_sni.pem
@@ -0,0 +1,68 @@
+-----BEGIN CERTIFICATE-----
+MIICrDCCAZSgAwIBAgIEXozDxjANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1s
+b2NhdG9yLW1hZXZlMB4XDTIwMDQwNzE4MTc0MloXDTI1MDQwNzE4MTc0MlowGDEW
+MBQGA1UEAwwNbG9jYXRvci1tYWV2ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAOJ3jM2Rb50L+1fXyhZbaOHMuVUVGJ5jQV9wH3ijjeCEckaF29LbEtG8
+swMaxSoi4Sp/A4dp/7VI9CFZJKOX3zooZcuHyR7GSta4wH3oO55w0AfyTGeG6KF2
+Ekzj8pDPHyn/141rFAUPmMDnCfbF69Uixfi2XPxEJZw2GDN/YIHndY+X1pJ4ZuXS
+SmrORSEOSmrN9X7pqbL5D2cy15cmTK5449ZqLEfZS72Mv3gve1Ax2JMWCBEwLdob
+xW5utgmEe1/WhlhPzFr5C92znF/5Eucil/Rr+yynp31X+/QYBemYwOxbeZotHBZJ
+tMLMzaInydrZ04wgHRftNeN0TIZkPmcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA
+Jj1OSCWoILzWLBU1cAiQK8Gt0DVkqcpO4/vc3CoiU2T/em74cBzTwqmgrBvykWgq
+f05jWQcod2yNg8trHrgx8F9CfyyvTXRIxttyfmbD7DAQk+qn9QBSbRJFfzo8VfNp
+dGcT7KV9UDVyzltiTorqQJHUx3acUgtLYS2XUVlbGclhnNafRO44uobOsteAG01v
+YqFa8ZaZM7qcZ88mbbKLXn6lo203JguM+TM0P7wHnzcww9sLmsP8W2cvsvefwCl4
+O7OYcjhcbEph+mIC3/zN8vF6d8xtLiMSGk6BNCHd003MBEhZHizyquGtAFLaEafX
+V6sLm65i8uF2glnQfwS5JQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICrDCCAZSgAwIBAgIEXozDxjANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1s
+b2NhdG9yLW1hZXZlMB4XDTIwMDQwNzE4MTc0MloXDTI1MDQwNzE4MTc0MlowGDEW
+MBQGA1UEAwwNbG9jYXRvci1tYWV2ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAOJ3jM2Rb50L+1fXyhZbaOHMuVUVGJ5jQV9wH3ijjeCEckaF29LbEtG8
+swMaxSoi4Sp/A4dp/7VI9CFZJKOX3zooZcuHyR7GSta4wH3oO55w0AfyTGeG6KF2
+Ekzj8pDPHyn/141rFAUPmMDnCfbF69Uixfi2XPxEJZw2GDN/YIHndY+X1pJ4ZuXS
+SmrORSEOSmrN9X7pqbL5D2cy15cmTK5449ZqLEfZS72Mv3gve1Ax2JMWCBEwLdob
+xW5utgmEe1/WhlhPzFr5C92znF/5Eucil/Rr+yynp31X+/QYBemYwOxbeZotHBZJ
+tMLMzaInydrZ04wgHRftNeN0TIZkPmcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA
+Jj1OSCWoILzWLBU1cAiQK8Gt0DVkqcpO4/vc3CoiU2T/em74cBzTwqmgrBvykWgq
+f05jWQcod2yNg8trHrgx8F9CfyyvTXRIxttyfmbD7DAQk+qn9QBSbRJFfzo8VfNp
+dGcT7KV9UDVyzltiTorqQJHUx3acUgtLYS2XUVlbGclhnNafRO44uobOsteAG01v
+YqFa8ZaZM7qcZ88mbbKLXn6lo203JguM+TM0P7wHnzcww9sLmsP8W2cvsvefwCl4
+O7OYcjhcbEph+mIC3/zN8vF6d8xtLiMSGk6BNCHd003MBEhZHizyquGtAFLaEafX
+V6sLm65i8uF2glnQfwS5JQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICtDCCAZygAwIBAgIEXozGnzANBgkqhkiG9w0BAQsFADAcMRowGAYDVQQDDBFz
+ZXJ2ZXItY2xlbWVudGluZTAeFw0yMDA0MDcxODI5NTFaFw0yNTA0MDcxODI5NTFa
+MBwxGjAYBgNVBAMMEXNlcnZlci1jbGVtZW50aW5lMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEA6IzshjujS5c58AH8nJHBhlqjfNpacoNxhxykeCVsExa9
+vi0l8ezi35pte06j7gpMWhDYHokrHaw6ymp9iTi7D91yIPGeMMNUli8DnzgAzpeY
+V8SGgkrVBalkVe0GimAHXMrzeZF+8D2BEdvDAsIUbrZRACElPlLUoiO93xZZ8ad+
+fAfLVetH4lDJ54FT7ia+St6L0QxSrDLvrqmc/58ZunkQBnQcd4tMjCD1kX4l+5Q1
+eF+Rc/SbY+/8HfyCZcA98voC3dKF13U+0YAf/0ahin+8Ckm6BL/StUxFNftTtJ7l
+iKf56Y3FbSQ84Q9Te8feb05XidkF74Gifa4Q7gOzjwIDAQABMA0GCSqGSIb3DQEB
+CwUAA4IBAQDKvYcnVFryhupo156bB33BU14KN8b5joVyQLeGb2Tx+icZd/jFhqSQ
+c3f8VV+aG9+CtRi/6wesdzf9/CVF+J4ARJ7j3i60NlJi4vQJlZnou+JSBgbBiDkW
+p12ITsw7l1k2zxH8hoMPNbMK1EC/+uwVRJt92L52uShLw9zKtE4MLZxZVa7Amkf4
+zRc78fHwwPXoMjLcQxw+8JRjlciWr/hZccuppXI4qb17l6HAMvW4vCslao0c9pSp
+Opg5Q0PwVXFROIvCANdxNI9ptSrH78Thxh4rggnHs+OZF02D22oTkjquU4Xrar3u
+FXlIS8UmdkqAXGIJf0pqa48aXcqeipRe
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICrjCCAZagAwIBAgIEXozE5DANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5z
+ZXJ2ZXItZG9sb3JlczAeFw0yMDA0MDcxODIyMjhaFw0yNTA0MDcxODIyMjhaMBkx
+FzAVBgNVBAMMDnNlcnZlci1kb2xvcmVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAyRTzsWsih9Boz2/aRFJsgJNDn8/C207kpvJ9lj0uBWNdZGJ86T4i
+CwvIyMFvxeYQB0qO0AHf6FvJfMgunRlCj3fD01s7AHj8kCFoM/akgo04M7iJfSkU
+dDCVuRbrFtz31akNckyxRw/oORiQ6NYGxnuAvtFdjE8jFc77WVXVU5QuqVEueJXs
+HM+t6VGEn+7GwPsSJMIuEERd+05ZlghB1HoQD4Wu4+b/CXU+8aFRad0HRXHInBl0
+0QABETcMtpe3xIotC7H1nsAMipb0jyl3p+1a49FbrAktsiko8Y2iRVv3kZ58xfx9
+2Unmw+ViEb5bVRFytqb5AIgARI/+XX1zBwIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
+AQB39QXR3HLEju8B1oNCH1UciZetMxvORC2fwgXhqjbJ2YkHlykaLAAKv6DOSyc2
+HE40F2Q/Y0p0NC41+4YIiujgzKWaDI1Gw22PlceE2B49dO8evmldN2NixkirJbtm
+bEtjINAxHXbhXn8GgUKJxSqtFPTX/fG7OCYvkvGItQAhSrGo9r5ACuDYkTZsBAZp
+9jHc50TZsQ7od4jsPXrtZ6S2doOA0TdQ/+XzNyoadbG0YZbRtUVmhJN7gQfkBcjH
+/AnYeYJL1kg39AuO3PsFhgWCsR2eNizGCh7CnHx7xpJnLYAw/01TGidsku/oYFiI
+5SthBjGC992gTekW54hYtMBU
+-----END CERTIFICATE-----
diff --git a/sni-test-config/haproxy.cfg b/sni-test-config/haproxy.cfg
new file mode 100644
index 0000000..c451ef6
--- /dev/null
+++ b/sni-test-config/haproxy.cfg
@@ -0,0 +1,44 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+defaults
+ timeout client 1000
+ timeout connect 1000
+ timeout server 1000
+
+frontend sniproxy
+ bind *:15443
+ mode tcp
+ tcp-request inspect-delay 5s
+ tcp-request content accept if { req_ssl_hello_type 1 }
+ use_backend locators-maeve if { req.ssl_sni -i locator-maeve }
+ use_backend servers-dolores if { req.ssl_sni -i server-dolores }
+ use_backend servers-clementine if { req.ssl_sni -i server-clementine }
+ default_backend locators-maeve
+ log stdout format raw local0 debug
+
+backend locators-maeve
+ mode tcp
+ server locator1 geode:10334
+
+backend servers-dolores
+ mode tcp
+ server server1 geode:40404
+
+backend servers-clementine
+ mode tcp
+ server server1 geode:40405
diff --git a/sni-test-config/scripts/forever b/sni-test-config/scripts/forever
new file mode 100644
index 0000000..4fecfa8
--- /dev/null
+++ b/sni-test-config/scripts/forever
@@ -0,0 +1,20 @@
+#!/usr/bin/env sh
+
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+while true; do sleep 600; done
diff --git a/sni-test-config/scripts/geode-starter-2.gfsh b/sni-test-config/scripts/geode-starter-2.gfsh
new file mode 100644
index 0000000..38600aa
--- /dev/null
+++ b/sni-test-config/scripts/geode-starter-2.gfsh
@@ -0,0 +1,23 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+start locator --name=locator-maeve --hostname-for-clients=locator-maeve --properties-file=/geode/config/gemfire.properties --security-properties-file=/geode/config/gfsecurity.properties --J=-Dgemfire.ssl-keystore=/geode/config/locator-maeve-keystore.jks
+start server --name=server-dolores --group=group-dolores --hostname-for-clients=server-dolores --locators=localhost[10334] --properties-file=/geode/config/gemfire.properties --security-properties-file=/geode/config/gfsecurity.properties --J=-Dgemfire.ssl-keystore=/geode/config/server-dolores-keystore.jks
+start server --name=server-clementine --group=group-clementine --hostname-for-clients=server-clementine --server-port=40405 --locators=localhost[10334] --properties-file=/geode/config/gemfire.properties --security-properties-file=/geode/config/gfsecurity.properties --J=-Dgemfire.ssl-keystore=/geode/config/server-clementine-keystore.jks
+connect --locator=localhost[10334] --use-ssl=true --security-properties-file=/geode/config/gfsecurity.properties
+create region --name=region-dolores --group=group-dolores --type=REPLICATE
+create region --name=region-clementine --group=group-clementine --type=REPLICATE
diff --git a/sni-test-config/scripts/geode-starter.gfsh b/sni-test-config/scripts/geode-starter.gfsh
new file mode 100644
index 0000000..9ceecad
--- /dev/null
+++ b/sni-test-config/scripts/geode-starter.gfsh
@@ -0,0 +1,22 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+start locator --name=locator-maeve --hostname-for-clients=locator-maeve --properties-file=/geode/config/gemfire.properties --security-properties-file=/geode/config/gfsecurity.properties --J=-Dgemfire.ssl-keystore=/geode/config/locator-maeve-keystore.jks
+start server --name=server-dolores --max-heap=256m --hostname-for-clients=server-dolores --locators=localhost[10334] --properties-file=/geode/config/gemfire.properties --security-properties-file=/geode/config/gfsecurity.properties --J=-Dgemfire.ssl-keystore=/geode/config/server-dolores-keystore.jks
+connect --locator=localhost[10334] --use-ssl=true --security-properties-file=/geode/config/gfsecurity.properties
+create region --name=jellyfish --type=REPLICATE
+
[geode-native] 02/06: WIP: More progress - looks like we're
actually hitting the proxy and doing things (~80% sure)
Posted by mm...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
mmartell pushed a commit to branch GEODE-8398-sni-support-dotnet
in repository https://gitbox.apache.org/repos/asf/geode-native.git
commit 4b3770159c2ceac0c9469782481ce2f74c3f1817
Author: Blake Bender <bb...@bblake-a01.vmware.com>
AuthorDate: Fri Jul 31 16:11:24 2020 -0700
WIP: More progress - looks like we're actually hitting the proxy and doing things (~80% sure)
---
cppcache/src/TcpSslConn.hpp | 18 +++++++-----------
cppcache/src/TcrConnection.cpp | 20 ++++++++++++++++----
cppcache/src/ThinClientLocatorHelper.cpp | 3 +--
cppcache/src/ThinClientPoolDM.hpp | 2 ++
4 files changed, 26 insertions(+), 17 deletions(-)
diff --git a/cppcache/src/TcpSslConn.hpp b/cppcache/src/TcpSslConn.hpp
index eb6afe0..e01eba5 100644
--- a/cppcache/src/TcpSslConn.hpp
+++ b/cppcache/src/TcpSslConn.hpp
@@ -53,15 +53,14 @@ class TcpSslConn : public TcpConn {
void createSocket(ACE_HANDLE sock) override;
public:
- TcpSslConn(
- std::chrono::microseconds waitSeconds, int32_t maxBuffSizePool,
- const std::string& sniProxyHostname, uint16_t sniProxyPort,
- const std::string& pubkeyfile, const std::string& privkeyfile,
- const std::string& pemPassword)
- : TcpConn(sniProxyHostname.c_str(), sniProxyPort, waitSeconds, maxBuffSizePool),
+ TcpSslConn(const std::string& hostname, std::chrono::microseconds waitSeconds,
+ int32_t maxBuffSizePool, const std::string& sniProxyHostname,
+ uint16_t sniProxyPort, const std::string& pubkeyfile,
+ const std::string& privkeyfile, const std::string& pemPassword)
+ : TcpConn(sniProxyHostname.c_str(), sniProxyPort, waitSeconds,
+ maxBuffSizePool),
m_ssl(nullptr),
- m_sniPort(sniProxyPort),
- m_sniHostname(sniProxyHostname),
+ m_sniHostname(hostname),
m_pubkeyfile(pubkeyfile),
m_privkeyfile(privkeyfile),
m_pemPassword(pemPassword) {}
@@ -72,7 +71,6 @@ class TcpSslConn : public TcpConn {
const std::string& pemPassword)
: TcpConn(hostname.c_str(), port, connect_timeout, maxBuffSizePool),
m_ssl(nullptr),
- m_sniPort(0),
m_sniHostname(""),
m_pubkeyfile(pubkeyfile),
m_privkeyfile(privkeyfile),
@@ -89,8 +87,6 @@ class TcpSslConn : public TcpConn {
m_privkeyfile(privkeyfile),
m_pemPassword(pemPassword) {}
-
-
virtual ~TcpSslConn() override {}
private:
diff --git a/cppcache/src/TcrConnection.cpp b/cppcache/src/TcrConnection.cpp
index 79a5002..e6f432d 100644
--- a/cppcache/src/TcrConnection.cpp
+++ b/cppcache/src/TcrConnection.cpp
@@ -432,10 +432,22 @@ Connector* TcrConnection::createConnection(
->getDistributedSystem()
.getSystemProperties();
if (systemProperties.sslEnabled()) {
- socket = new TcpSslConn(endpoint, connectTimeout, maxBuffSizePool,
- systemProperties.sslTrustStore().c_str(),
- systemProperties.sslKeyStore().c_str(),
- systemProperties.sslKeystorePassword().c_str());
+ auto sniProxyHostname = m_poolDM->getSNIProxyHostname();
+ auto sniPort = m_poolDM->getSNIPort();
+ if (sniProxyHostname.empty()) {
+ socket = new TcpSslConn(endpoint, connectTimeout, maxBuffSizePool,
+ systemProperties.sslTrustStore().c_str(),
+ systemProperties.sslKeyStore().c_str(),
+ systemProperties.sslKeystorePassword().c_str());
+ } else {
+ auto ipaddr = std::string(endpoint);
+ auto hostname = ipaddr.substr(0, ipaddr.find(':'));
+ socket = new TcpSslConn(hostname, connectTimeout, maxBuffSizePool,
+ sniProxyHostname, sniPort,
+ systemProperties.sslTrustStore().c_str(),
+ systemProperties.sslKeyStore().c_str(),
+ systemProperties.sslKeystorePassword().c_str());
+ }
} else {
socket = new TcpConn(endpoint, connectTimeout, maxBuffSizePool);
}
diff --git a/cppcache/src/ThinClientLocatorHelper.cpp b/cppcache/src/ThinClientLocatorHelper.cpp
index bbed2a0..c325d60 100644
--- a/cppcache/src/ThinClientLocatorHelper.cpp
+++ b/cppcache/src/ThinClientLocatorHelper.cpp
@@ -93,8 +93,7 @@ Connector* ThinClientLocatorHelper::createConnection(
systemProperties.sslTrustStore(), systemProperties.sslKeyStore(),
systemProperties.sslKeystorePassword());
} else {
- socket = new TcpSslConn(
- waitSeconds, maxBuffSizePool, m_sniProxyHost,
+ socket = new TcpSslConn(hostname, waitSeconds, maxBuffSizePool, m_sniProxyHost,
m_sniProxyPort, systemProperties.sslTrustStore(),
systemProperties.sslKeyStore(),
systemProperties.sslKeystorePassword());
diff --git a/cppcache/src/ThinClientPoolDM.hpp b/cppcache/src/ThinClientPoolDM.hpp
index 711e906..ffd3d90 100644
--- a/cppcache/src/ThinClientPoolDM.hpp
+++ b/cppcache/src/ThinClientPoolDM.hpp
@@ -168,6 +168,8 @@ class ThinClientPoolDM
GfErrType getConnectionToAnEndPoint(std::string epNameStr,
TcrConnection*& conn);
+ const std::string getSNIProxyHostname() { return m_attrs->getSniProxyHost(); }
+ uint16_t getSNIPort() { return m_attrs->getSniProxyPort(); }
virtual inline bool isSticky() { return m_sticky; }
virtual TcrEndpoint* getEndPoint(
const std::shared_ptr<BucketServerLocation>& serverLocation,
[geode-native] 01/06: WIP: Sooooo close! Almost have hostname/port
issues worked out for SNI connection
Posted by mm...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
mmartell pushed a commit to branch GEODE-8398-sni-support-dotnet
in repository https://gitbox.apache.org/repos/asf/geode-native.git
commit a4ea0b647395e815077455eb70650e181eaf282a
Author: Blake Bender <bb...@bblake-a01.vmware.com>
AuthorDate: Fri Jul 31 15:29:15 2020 -0700
WIP: Sooooo close! Almost have hostname/port issues worked out for SNI connection
---
cppcache/include/geode/PoolFactory.hpp | 5 ++
cppcache/integration/test/SNITest.cpp | 26 ++++----
.../sni-test-config/geode-config/truststore.p12 | Bin 0 -> 8983 bytes
.../geode-config/truststore_sni.pem | 68 +++++++++++++++++++++
cppcache/src/PoolAttributes.cpp | 39 +-----------
cppcache/src/PoolAttributes.hpp | 14 ++++-
cppcache/src/PoolFactory.cpp | 21 +++++--
cppcache/src/TcpSslConn.cpp | 18 ++++--
cppcache/src/TcpSslConn.hpp | 42 ++++++++++---
cppcache/src/ThinClientLocatorHelper.cpp | 28 +++++++--
cppcache/src/ThinClientLocatorHelper.hpp | 5 ++
cppcache/src/ThinClientPoolDM.cpp | 4 +-
cryptoimpl/SSLImpl.cpp | 6 +-
cryptoimpl/SSLImpl.hpp | 3 +-
cryptoimpl/Ssl.hpp | 3 +-
ssl_keys/client_keys/truststore_sni.pem | 68 +++++++++++++++++++++
16 files changed, 270 insertions(+), 80 deletions(-)
diff --git a/cppcache/include/geode/PoolFactory.hpp b/cppcache/include/geode/PoolFactory.hpp
index 195e28d..d554482 100644
--- a/cppcache/include/geode/PoolFactory.hpp
+++ b/cppcache/include/geode/PoolFactory.hpp
@@ -427,6 +427,11 @@ class APACHE_GEODE_EXPORT PoolFactory {
PoolFactory& addServer(const std::string& host, int port);
/**
+ * Set proxy info for SNI connection. Used for connecting via SNI proxy.
+ */
+ PoolFactory& setSniProxy(const std::string& hostname, const int port);
+
+ /**
* If set to <code>true</code> then the created pool will have
* server-to-client
* subscriptions enabled.
diff --git a/cppcache/integration/test/SNITest.cpp b/cppcache/integration/test/SNITest.cpp
index 7e70619..ba8b7d0 100644
--- a/cppcache/integration/test/SNITest.cpp
+++ b/cppcache/integration/test/SNITest.cpp
@@ -28,6 +28,7 @@
#include <geode/RegionShortcut.hpp>
#include "framework/Cluster.h"
+#include "framework/TestConfig.h"
namespace snitest {
@@ -41,7 +42,8 @@ class SNITest : public ::testing::Test {
protected:
SNITest() {
certificatePassword = std::string("apachegeode");
- currentWorkingDirectory = boost::filesystem::current_path();
+ clientSslKeysDir = boost::filesystem::path(
+ getFrameworkString(FrameworkVariable::TestClientSslKeysDir));
}
~SNITest() override = default;
@@ -108,16 +110,16 @@ class SNITest : public ::testing::Test {
}
std::string certificatePassword;
- boost::filesystem::path currentWorkingDirectory;
+ boost::filesystem::path clientSslKeysDir;
};
-TEST_F(SNITest, DISABLED_connectViaProxyTest) {
+TEST_F(SNITest, connectViaProxyTest) {
const auto clientTruststore =
- (currentWorkingDirectory /
- boost::filesystem::path("sni-test-config/geode-config/truststore.jks"));
+ (clientSslKeysDir / boost::filesystem::path("/truststore_sni.pem"));
auto cache = CacheFactory()
- .set("log-level", "DEBUG")
+ .set("log-level", "debug")
+ .set("log-file", "SNITest.log")
.set("ssl-enabled", "true")
.set("ssl-truststore", clientTruststore.string())
.create();
@@ -127,7 +129,8 @@ TEST_F(SNITest, DISABLED_connectViaProxyTest) {
cache.getPoolManager()
.createFactory()
- .addLocator("localhost", portNumber)
+ .setSniProxy("localhost", portNumber)
+ .addLocator("locator-maeve", 10334)
.create("pool");
auto region = cache.createRegionFactory(RegionShortcut::PROXY)
@@ -141,8 +144,7 @@ TEST_F(SNITest, DISABLED_connectViaProxyTest) {
TEST_F(SNITest, connectionFailsTest) {
const auto clientTruststore =
- (currentWorkingDirectory /
- boost::filesystem::path("sni-test-config/geode-config/truststore.jks"));
+ (clientSslKeysDir / boost::filesystem::path("/truststore_sni.pem"));
auto cache = CacheFactory()
.set("log-level", "DEBUG")
@@ -152,7 +154,8 @@ TEST_F(SNITest, connectionFailsTest) {
cache.getPoolManager()
.createFactory()
- .addLocator("localhost", 10334)
+ .setSniProxy("badProxyName", 40000)
+ .addLocator("locator-maeve", 10334)
.create("pool");
auto region = cache.createRegionFactory(RegionShortcut::PROXY)
@@ -166,8 +169,7 @@ TEST_F(SNITest, connectionFailsTest) {
TEST_F(SNITest, doNothingTest) {
const auto clientTruststore =
- (currentWorkingDirectory /
- boost::filesystem::path("sni-test-config/geode-config/truststore.jks"));
+ (clientSslKeysDir / boost::filesystem::path("/truststore_sni.pem"));
auto cache = CacheFactory()
.set("log-level", "DEBUG")
diff --git a/cppcache/integration/test/sni-test-config/geode-config/truststore.p12 b/cppcache/integration/test/sni-test-config/geode-config/truststore.p12
new file mode 100644
index 0000000..339d775
Binary files /dev/null and b/cppcache/integration/test/sni-test-config/geode-config/truststore.p12 differ
diff --git a/cppcache/integration/test/sni-test-config/geode-config/truststore_sni.pem b/cppcache/integration/test/sni-test-config/geode-config/truststore_sni.pem
new file mode 100644
index 0000000..1857ce6
--- /dev/null
+++ b/cppcache/integration/test/sni-test-config/geode-config/truststore_sni.pem
@@ -0,0 +1,68 @@
+-----BEGIN CERTIFICATE-----
+MIICrDCCAZSgAwIBAgIEXozDxjANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1s
+b2NhdG9yLW1hZXZlMB4XDTIwMDQwNzE4MTc0MloXDTI1MDQwNzE4MTc0MlowGDEW
+MBQGA1UEAwwNbG9jYXRvci1tYWV2ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAOJ3jM2Rb50L+1fXyhZbaOHMuVUVGJ5jQV9wH3ijjeCEckaF29LbEtG8
+swMaxSoi4Sp/A4dp/7VI9CFZJKOX3zooZcuHyR7GSta4wH3oO55w0AfyTGeG6KF2
+Ekzj8pDPHyn/141rFAUPmMDnCfbF69Uixfi2XPxEJZw2GDN/YIHndY+X1pJ4ZuXS
+SmrORSEOSmrN9X7pqbL5D2cy15cmTK5449ZqLEfZS72Mv3gve1Ax2JMWCBEwLdob
+xW5utgmEe1/WhlhPzFr5C92znF/5Eucil/Rr+yynp31X+/QYBemYwOxbeZotHBZJ
+tMLMzaInydrZ04wgHRftNeN0TIZkPmcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA
+Jj1OSCWoILzWLBU1cAiQK8Gt0DVkqcpO4/vc3CoiU2T/em74cBzTwqmgrBvykWgq
+f05jWQcod2yNg8trHrgx8F9CfyyvTXRIxttyfmbD7DAQk+qn9QBSbRJFfzo8VfNp
+dGcT7KV9UDVyzltiTorqQJHUx3acUgtLYS2XUVlbGclhnNafRO44uobOsteAG01v
+YqFa8ZaZM7qcZ88mbbKLXn6lo203JguM+TM0P7wHnzcww9sLmsP8W2cvsvefwCl4
+O7OYcjhcbEph+mIC3/zN8vF6d8xtLiMSGk6BNCHd003MBEhZHizyquGtAFLaEafX
+V6sLm65i8uF2glnQfwS5JQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICrDCCAZSgAwIBAgIEXozDxjANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1s
+b2NhdG9yLW1hZXZlMB4XDTIwMDQwNzE4MTc0MloXDTI1MDQwNzE4MTc0MlowGDEW
+MBQGA1UEAwwNbG9jYXRvci1tYWV2ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAOJ3jM2Rb50L+1fXyhZbaOHMuVUVGJ5jQV9wH3ijjeCEckaF29LbEtG8
+swMaxSoi4Sp/A4dp/7VI9CFZJKOX3zooZcuHyR7GSta4wH3oO55w0AfyTGeG6KF2
+Ekzj8pDPHyn/141rFAUPmMDnCfbF69Uixfi2XPxEJZw2GDN/YIHndY+X1pJ4ZuXS
+SmrORSEOSmrN9X7pqbL5D2cy15cmTK5449ZqLEfZS72Mv3gve1Ax2JMWCBEwLdob
+xW5utgmEe1/WhlhPzFr5C92znF/5Eucil/Rr+yynp31X+/QYBemYwOxbeZotHBZJ
+tMLMzaInydrZ04wgHRftNeN0TIZkPmcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA
+Jj1OSCWoILzWLBU1cAiQK8Gt0DVkqcpO4/vc3CoiU2T/em74cBzTwqmgrBvykWgq
+f05jWQcod2yNg8trHrgx8F9CfyyvTXRIxttyfmbD7DAQk+qn9QBSbRJFfzo8VfNp
+dGcT7KV9UDVyzltiTorqQJHUx3acUgtLYS2XUVlbGclhnNafRO44uobOsteAG01v
+YqFa8ZaZM7qcZ88mbbKLXn6lo203JguM+TM0P7wHnzcww9sLmsP8W2cvsvefwCl4
+O7OYcjhcbEph+mIC3/zN8vF6d8xtLiMSGk6BNCHd003MBEhZHizyquGtAFLaEafX
+V6sLm65i8uF2glnQfwS5JQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICtDCCAZygAwIBAgIEXozGnzANBgkqhkiG9w0BAQsFADAcMRowGAYDVQQDDBFz
+ZXJ2ZXItY2xlbWVudGluZTAeFw0yMDA0MDcxODI5NTFaFw0yNTA0MDcxODI5NTFa
+MBwxGjAYBgNVBAMMEXNlcnZlci1jbGVtZW50aW5lMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEA6IzshjujS5c58AH8nJHBhlqjfNpacoNxhxykeCVsExa9
+vi0l8ezi35pte06j7gpMWhDYHokrHaw6ymp9iTi7D91yIPGeMMNUli8DnzgAzpeY
+V8SGgkrVBalkVe0GimAHXMrzeZF+8D2BEdvDAsIUbrZRACElPlLUoiO93xZZ8ad+
+fAfLVetH4lDJ54FT7ia+St6L0QxSrDLvrqmc/58ZunkQBnQcd4tMjCD1kX4l+5Q1
+eF+Rc/SbY+/8HfyCZcA98voC3dKF13U+0YAf/0ahin+8Ckm6BL/StUxFNftTtJ7l
+iKf56Y3FbSQ84Q9Te8feb05XidkF74Gifa4Q7gOzjwIDAQABMA0GCSqGSIb3DQEB
+CwUAA4IBAQDKvYcnVFryhupo156bB33BU14KN8b5joVyQLeGb2Tx+icZd/jFhqSQ
+c3f8VV+aG9+CtRi/6wesdzf9/CVF+J4ARJ7j3i60NlJi4vQJlZnou+JSBgbBiDkW
+p12ITsw7l1k2zxH8hoMPNbMK1EC/+uwVRJt92L52uShLw9zKtE4MLZxZVa7Amkf4
+zRc78fHwwPXoMjLcQxw+8JRjlciWr/hZccuppXI4qb17l6HAMvW4vCslao0c9pSp
+Opg5Q0PwVXFROIvCANdxNI9ptSrH78Thxh4rggnHs+OZF02D22oTkjquU4Xrar3u
+FXlIS8UmdkqAXGIJf0pqa48aXcqeipRe
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICrjCCAZagAwIBAgIEXozE5DANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5z
+ZXJ2ZXItZG9sb3JlczAeFw0yMDA0MDcxODIyMjhaFw0yNTA0MDcxODIyMjhaMBkx
+FzAVBgNVBAMMDnNlcnZlci1kb2xvcmVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAyRTzsWsih9Boz2/aRFJsgJNDn8/C207kpvJ9lj0uBWNdZGJ86T4i
+CwvIyMFvxeYQB0qO0AHf6FvJfMgunRlCj3fD01s7AHj8kCFoM/akgo04M7iJfSkU
+dDCVuRbrFtz31akNckyxRw/oORiQ6NYGxnuAvtFdjE8jFc77WVXVU5QuqVEueJXs
+HM+t6VGEn+7GwPsSJMIuEERd+05ZlghB1HoQD4Wu4+b/CXU+8aFRad0HRXHInBl0
+0QABETcMtpe3xIotC7H1nsAMipb0jyl3p+1a49FbrAktsiko8Y2iRVv3kZ58xfx9
+2Unmw+ViEb5bVRFytqb5AIgARI/+XX1zBwIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
+AQB39QXR3HLEju8B1oNCH1UciZetMxvORC2fwgXhqjbJ2YkHlykaLAAKv6DOSyc2
+HE40F2Q/Y0p0NC41+4YIiujgzKWaDI1Gw22PlceE2B49dO8evmldN2NixkirJbtm
+bEtjINAxHXbhXn8GgUKJxSqtFPTX/fG7OCYvkvGItQAhSrGo9r5ACuDYkTZsBAZp
+9jHc50TZsQ7od4jsPXrtZ6S2doOA0TdQ/+XzNyoadbG0YZbRtUVmhJN7gQfkBcjH
+/AnYeYJL1kg39AuO3PsFhgWCsR2eNizGCh7CnHx7xpJnLYAw/01TGidsku/oYFiI
+5SthBjGC992gTekW54hYtMBU
+-----END CERTIFICATE-----
diff --git a/cppcache/src/PoolAttributes.cpp b/cppcache/src/PoolAttributes.cpp
index 2b4230d..206e1a4 100644
--- a/cppcache/src/PoolAttributes.cpp
+++ b/cppcache/src/PoolAttributes.cpp
@@ -44,46 +44,13 @@ PoolAttributes::PoolAttributes()
m_subsEnabled(PoolFactory::DEFAULT_SUBSCRIPTION_ENABLED),
m_multiuserSecurityMode(PoolFactory::DEFAULT_MULTIUSER_SECURE_MODE),
m_isPRSingleHopEnabled(PoolFactory::DEFAULT_PR_SINGLE_HOP_ENABLED),
- m_serverGrp(PoolFactory::DEFAULT_SERVER_GROUP) {}
+ m_serverGrp(PoolFactory::DEFAULT_SERVER_GROUP),
+ m_sniProxyPort(0) {}
+
std::shared_ptr<PoolAttributes> PoolAttributes::clone() {
return std::make_shared<PoolAttributes>(*this);
}
-/** Return true if all the attributes are equal to those of other. */
-bool PoolAttributes::operator==(const PoolAttributes& other) const {
- if (m_isThreadLocalConn != other.m_isThreadLocalConn) return false;
- if (m_freeConnTimeout != other.m_freeConnTimeout) return false;
- if (m_loadCondInterval != other.m_loadCondInterval) return false;
- if (m_sockBufferSize != other.m_sockBufferSize) return false;
- if (m_readTimeout != other.m_readTimeout) return false;
- if (m_minConns != other.m_minConns) return false;
- if (m_maxConns != other.m_maxConns) return false;
- if (m_retryAttempts != other.m_retryAttempts) return false;
- if (m_statsInterval != other.m_statsInterval) return false;
- if (m_redundancy != other.m_redundancy) return false;
- if (m_msgTrackTimeout != other.m_msgTrackTimeout) return false;
- if (m_subsAckInterval != other.m_subsAckInterval) return false;
- if (m_idleTimeout != other.m_idleTimeout) return false;
- if (m_pingInterval != other.m_pingInterval) return false;
- if (m_updateLocatorListInterval != other.m_updateLocatorListInterval) {
- return false;
- }
- if (m_subsEnabled != other.m_subsEnabled) return false;
- if (m_multiuserSecurityMode != other.m_multiuserSecurityMode) return false;
- if (m_isPRSingleHopEnabled != other.m_isPRSingleHopEnabled) return false;
- if (m_serverGrp != other.m_serverGrp) return false;
-
- if (m_initLocList.size() != other.m_initLocList.size()) return false;
- if (m_initServList.size() != other.m_initServList.size()) return false;
-
- if (!compareVectorOfStrings(m_initLocList, other.m_initLocList)) return false;
- if (!compareVectorOfStrings(m_initServList, other.m_initServList)) {
- return false;
- }
-
- return true;
-}
-
bool PoolAttributes::compareVectorOfStrings(
const std::vector<std::string>& thisVector,
const std::vector<std::string>& otherVector) {
diff --git a/cppcache/src/PoolAttributes.hpp b/cppcache/src/PoolAttributes.hpp
index 3fee900..44d9633 100644
--- a/cppcache/src/PoolAttributes.hpp
+++ b/cppcache/src/PoolAttributes.hpp
@@ -121,6 +121,14 @@ class PoolAttributes {
m_statsInterval = statisticInterval;
}
+ const std::string& getSniProxyHost() const { return m_sniProxyHost; }
+
+ void setSniProxyHost(const std::string& host) { m_sniProxyHost = host; }
+
+ int getSniProxyPort() const { return m_sniProxyPort; }
+
+ void setSniProxyPort(const int port) { m_sniProxyPort = port; }
+
const std::string& getServerGroup() const { return m_serverGrp; }
void setServerGroup(std::string group) { m_serverGrp = group; }
@@ -168,9 +176,6 @@ class PoolAttributes {
std::shared_ptr<PoolAttributes> clone();
- /** Return true if all the attributes are equal to those of other. */
- bool operator==(const PoolAttributes& other) const;
-
private:
bool m_isThreadLocalConn;
std::chrono::milliseconds m_freeConnTimeout;
@@ -197,6 +202,9 @@ class PoolAttributes {
std::vector<std::string> m_initLocList;
std::vector<std::string> m_initServList;
+ std::string m_sniProxyHost;
+ int m_sniProxyPort;
+
static bool compareVectorOfStrings(
const std::vector<std::string>& thisVector,
const std::vector<std::string>& otherVector);
diff --git a/cppcache/src/PoolFactory.cpp b/cppcache/src/PoolFactory.cpp
index 0ee2518..9a43f64 100644
--- a/cppcache/src/PoolFactory.cpp
+++ b/cppcache/src/PoolFactory.cpp
@@ -185,6 +185,13 @@ PoolFactory& PoolFactory::addServer(const std::string& host, int port) {
return *this;
}
+PoolFactory& PoolFactory::setSniProxy(const std::string& hostname,
+ const int port) {
+ m_attrs->setSniProxyHost(hostname);
+ m_attrs->setSniProxyPort(port);
+ return *this;
+}
+
PoolFactory& PoolFactory::setSubscriptionEnabled(bool enabled) {
m_attrs->setSubscriptionEnabled(enabled);
return *this;
@@ -304,15 +311,17 @@ PoolFactory& PoolFactory::addCheck(const std::string& host, int port) {
std::to_string(port));
}
- ACE_INET_Addr addr(port, host.c_str());
+ if (m_attrs->getSniProxyHost().empty()) {
+ ACE_INET_Addr addr(port, host.c_str());
#ifdef WITH_IPV6
- // check unknown host
- // ACE will not initialize port if hostname is not resolved.
- if (port != addr.get_port_number()) {
+ // check unknown host
+ // ACE will not initialize port if hostname is not resolved.
+ if (port != addr.get_port_number()) {
#else
- if (!(addr.get_ip_address())) {
+ if (!(addr.get_ip_address())) {
#endif
- throw IllegalArgumentException("Unknown host " + host);
+ throw IllegalArgumentException("Unknown host " + host);
+ }
}
return *this;
}
diff --git a/cppcache/src/TcpSslConn.cpp b/cppcache/src/TcpSslConn.cpp
index 104b4b4..72cb7e1 100644
--- a/cppcache/src/TcpSslConn.cpp
+++ b/cppcache/src/TcpSslConn.cpp
@@ -28,6 +28,16 @@
namespace apache {
namespace geode {
namespace client {
+void TcpSslConn::initSsl(const std::string& pubkeyfile, const std::string&,
+ const std::string& pemPassword,
+ const std::string& sniHostname,
+ const uint16_t sniPort) {
+ LOGDEBUG(
+ "*** TcpSslConn init, pubkeyfile = %s, pemPassword = %s, sniHostname = "
+ "%s",
+ pubkeyfile.c_str(), pemPassword.c_str(), sniHostname.c_str());
+ m_sniPort = sniPort;
+}
Ssl* TcpSslConn::getSSLImpl(ACE_HANDLE sock, const char* pubkeyfile,
const char* privkeyfile) {
@@ -50,13 +60,13 @@ Ssl* TcpSslConn::getSSLImpl(ACE_HANDLE sock, const char* pubkeyfile,
throw IllegalStateException(msg);
}
return reinterpret_cast<Ssl*>(
- func(sock, pubkeyfile, privkeyfile, m_pemPassword));
+ func(sock, pubkeyfile, privkeyfile, m_pemPassword.c_str()));
}
void TcpSslConn::createSocket(ACE_HANDLE sock) {
LOGDEBUG("Creating SSL socket stream");
try {
- m_ssl = getSSLImpl(sock, m_pubkeyfile, m_privkeyfile);
+ m_ssl = getSSLImpl(sock, m_pubkeyfile.c_str(), m_privkeyfile.c_str());
} catch (std::exception& e) {
throw SslException(e.what());
}
@@ -87,15 +97,13 @@ void TcpSslConn::connect() {
ACE_OS::signal(SIGPIPE, SIG_IGN); // Ignore broken pipe
- // m_ssl->init();
-
std::chrono::microseconds waitMicroSeconds = m_waitMilliSeconds;
LOGDEBUG("Connecting SSL socket stream to %s:%d waiting %s micro sec",
m_addr.get_host_name(), m_addr.get_port_number(),
to_string(waitMicroSeconds).c_str());
- int32_t retVal = m_ssl->connect(m_addr, waitMicroSeconds);
+ int32_t retVal = m_ssl->connect(m_addr, m_sniHostname, waitMicroSeconds);
if (retVal == -1) {
char msg[256];
diff --git a/cppcache/src/TcpSslConn.hpp b/cppcache/src/TcpSslConn.hpp
index c14a5b5..eb6afe0 100644
--- a/cppcache/src/TcpSslConn.hpp
+++ b/cppcache/src/TcpSslConn.hpp
@@ -33,11 +33,12 @@ class TcpSslConn : public TcpConn {
private:
Ssl* m_ssl;
ACE_DLL m_dll;
- const char* m_pubkeyfile;
- const char* m_privkeyfile;
- const char* m_pemPassword;
- // adongre: Added for Ticket #758
- // Pass extra parameter for the password
+ uint16_t m_sniPort;
+ std::string m_sniHostname;
+ std::string m_pubkeyfile;
+ std::string m_privkeyfile;
+ std::string m_pemPassword;
+
typedef void* (*gf_create_SslImpl)(ACE_HANDLE, const char*, const char*,
const char*);
typedef void (*gf_destroy_SslImpl)(void*);
@@ -52,12 +53,27 @@ class TcpSslConn : public TcpConn {
void createSocket(ACE_HANDLE sock) override;
public:
- TcpSslConn(const char* hostname, int32_t port,
+ TcpSslConn(
std::chrono::microseconds waitSeconds, int32_t maxBuffSizePool,
- const char* pubkeyfile, const char* privkeyfile,
- const char* pemPassword)
- : TcpConn(hostname, port, waitSeconds, maxBuffSizePool),
+ const std::string& sniProxyHostname, uint16_t sniProxyPort,
+ const std::string& pubkeyfile, const std::string& privkeyfile,
+ const std::string& pemPassword)
+ : TcpConn(sniProxyHostname.c_str(), sniProxyPort, waitSeconds, maxBuffSizePool),
+ m_ssl(nullptr),
+ m_sniPort(sniProxyPort),
+ m_sniHostname(sniProxyHostname),
+ m_pubkeyfile(pubkeyfile),
+ m_privkeyfile(privkeyfile),
+ m_pemPassword(pemPassword) {}
+
+ TcpSslConn(const std::string& hostname, uint16_t port,
+ std::chrono::microseconds connect_timeout, int32_t maxBuffSizePool,
+ const std::string& pubkeyfile, const std::string& privkeyfile,
+ const std::string& pemPassword)
+ : TcpConn(hostname.c_str(), port, connect_timeout, maxBuffSizePool),
m_ssl(nullptr),
+ m_sniPort(0),
+ m_sniHostname(""),
m_pubkeyfile(pubkeyfile),
m_privkeyfile(privkeyfile),
m_pemPassword(pemPassword) {}
@@ -67,14 +83,20 @@ class TcpSslConn : public TcpConn {
const char* privkeyfile, const char* pemPassword)
: TcpConn(ipaddr, waitSeconds, maxBuffSizePool),
m_ssl(nullptr),
+ m_sniPort(0),
+ m_sniHostname(""),
m_pubkeyfile(pubkeyfile),
m_privkeyfile(privkeyfile),
m_pemPassword(pemPassword) {}
- // TODO: Watch out for virt dtor calling virt methods!
+
virtual ~TcpSslConn() override {}
+ private:
+ void initSsl(const std::string& pubkeyfile, const std::string& privkeyfile,
+ const std::string& pemPassword,
+ const std::string& sniHostname = "", const uint16_t sniPort = 0);
// Close this tcp connection
void close() override;
diff --git a/cppcache/src/ThinClientLocatorHelper.cpp b/cppcache/src/ThinClientLocatorHelper.cpp
index e7174ce..bbed2a0 100644
--- a/cppcache/src/ThinClientLocatorHelper.cpp
+++ b/cppcache/src/ThinClientLocatorHelper.cpp
@@ -66,6 +66,18 @@ ThinClientLocatorHelper::ThinClientLocatorHelper(
}
}
+ThinClientLocatorHelper::ThinClientLocatorHelper(
+ const std::vector<std::string>& locatorAddresses,
+ const std::string& sniProxyHost, int sniProxyPort,
+ const ThinClientPoolDM* poolDM)
+ : m_poolDM(poolDM),
+ m_sniProxyHost(sniProxyHost),
+ m_sniProxyPort(sniProxyPort) {
+ for (auto&& locatorAddress : locatorAddresses) {
+ m_locHostPort.emplace_back(locatorAddress);
+ }
+}
+
Connector* ThinClientLocatorHelper::createConnection(
Connector*& conn, const char* hostname, int32_t port,
std::chrono::microseconds waitSeconds, int32_t maxBuffSizePool) {
@@ -75,10 +87,18 @@ Connector* ThinClientLocatorHelper::createConnection(
->getDistributedSystem()
.getSystemProperties();
if (systemProperties.sslEnabled()) {
- socket = new TcpSslConn(hostname, port, waitSeconds, maxBuffSizePool,
- systemProperties.sslTrustStore().c_str(),
- systemProperties.sslKeyStore().c_str(),
- systemProperties.sslKeystorePassword().c_str());
+ if (m_sniProxyHost.empty()) {
+ socket = new TcpSslConn(
+ hostname, static_cast<uint16_t>(port), waitSeconds, maxBuffSizePool,
+ systemProperties.sslTrustStore(), systemProperties.sslKeyStore(),
+ systemProperties.sslKeystorePassword());
+ } else {
+ socket = new TcpSslConn(
+ waitSeconds, maxBuffSizePool, m_sniProxyHost,
+ m_sniProxyPort, systemProperties.sslTrustStore(),
+ systemProperties.sslKeyStore(),
+ systemProperties.sslKeystorePassword());
+ }
} else {
socket = new TcpConn(hostname, port, waitSeconds, maxBuffSizePool);
}
diff --git a/cppcache/src/ThinClientLocatorHelper.hpp b/cppcache/src/ThinClientLocatorHelper.hpp
index c72f950..df522a3 100644
--- a/cppcache/src/ThinClientLocatorHelper.hpp
+++ b/cppcache/src/ThinClientLocatorHelper.hpp
@@ -44,6 +44,9 @@ class ThinClientLocatorHelper {
public:
ThinClientLocatorHelper(const std::vector<std::string>& locatorAddresses,
const ThinClientPoolDM* poolDM);
+ ThinClientLocatorHelper(const std::vector<std::string>& locatorAddresses,
+ const std::string& sniProxyHost, int sniProxyPort,
+ const ThinClientPoolDM* poolDM);
GfErrType getEndpointForNewFwdConn(
ServerLocation& outEndpoint, std::string& additionalLoc,
const std::set<ServerLocation>& exclEndPts,
@@ -71,6 +74,8 @@ class ThinClientLocatorHelper {
const ThinClientPoolDM* m_poolDM;
ThinClientLocatorHelper(const ThinClientLocatorHelper&);
ThinClientLocatorHelper& operator=(const ThinClientLocatorHelper&);
+ std::string m_sniProxyHost;
+ int m_sniProxyPort;
};
} // namespace client
} // namespace geode
diff --git a/cppcache/src/ThinClientPoolDM.cpp b/cppcache/src/ThinClientPoolDM.cpp
index aab3200..8b7022d 100644
--- a/cppcache/src/ThinClientPoolDM.cpp
+++ b/cppcache/src/ThinClientPoolDM.cpp
@@ -186,7 +186,9 @@ ThinClientPoolDM::ThinClientPoolDM(const char* name,
throw IllegalStateException(msg);
}
reset();
- m_locHelper = new ThinClientLocatorHelper(m_attrs->m_initLocList, this);
+ m_locHelper = new ThinClientLocatorHelper(m_attrs->m_initLocList,
+ m_attrs->m_sniProxyHost,
+ m_attrs->m_sniProxyPort, this);
m_stats = new PoolStats(
cacheImpl->getStatisticsManager().getStatisticsFactory(), m_poolName);
diff --git a/cryptoimpl/SSLImpl.cpp b/cryptoimpl/SSLImpl.cpp
index dad15a5..fe98e2e 100644
--- a/cryptoimpl/SSLImpl.cpp
+++ b/cryptoimpl/SSLImpl.cpp
@@ -18,7 +18,9 @@
#include "SSLImpl.hpp"
#include <cstdint>
+#include <iostream>
#include <stdexcept>
+#include <string>
#include <ace/Guard_T.h>
@@ -116,9 +118,11 @@ int SSLImpl::listen(ACE_INET_Addr addr, std::chrono::microseconds waitSeconds) {
}
}
-int SSLImpl::connect(ACE_INET_Addr ipaddr,
+int SSLImpl::connect(ACE_INET_Addr ipaddr, const std::string &proxyHostname,
std::chrono::microseconds waitSeconds) {
ACE_SSL_SOCK_Connector conn;
+
+ SSL_set_tlsext_host_name(m_io->ssl(), proxyHostname.c_str());
if (waitSeconds > std::chrono::microseconds::zero()) {
ACE_Time_Value wtime(waitSeconds);
return conn.connect(*m_io, ipaddr, &wtime);
diff --git a/cryptoimpl/SSLImpl.hpp b/cryptoimpl/SSLImpl.hpp
index a70e965..9e6095b 100644
--- a/cryptoimpl/SSLImpl.hpp
+++ b/cryptoimpl/SSLImpl.hpp
@@ -66,7 +66,8 @@ class SSLImpl : public apache::geode::client::Ssl {
int setOption(int, int, void*, int) override;
int listen(ACE_INET_Addr, std::chrono::microseconds) override;
- int connect(ACE_INET_Addr, std::chrono::microseconds) override;
+ int connect(ACE_INET_Addr, const std::string& proxyHostname,
+ std::chrono::microseconds) override;
ssize_t recv(void*, size_t, const ACE_Time_Value*, size_t*) override;
ssize_t send(const void*, size_t, const ACE_Time_Value*, size_t*) override;
int getLocalAddr(ACE_Addr&) override;
diff --git a/cryptoimpl/Ssl.hpp b/cryptoimpl/Ssl.hpp
index 45b8da5..16b20ba 100644
--- a/cryptoimpl/Ssl.hpp
+++ b/cryptoimpl/Ssl.hpp
@@ -33,7 +33,8 @@ class Ssl {
virtual ~Ssl() {}
virtual int setOption(int, int, void*, int) = 0;
virtual int listen(ACE_INET_Addr, std::chrono::microseconds) = 0;
- virtual int connect(ACE_INET_Addr, std::chrono::microseconds) = 0;
+ virtual int connect(ACE_INET_Addr, const std::string& proxyHostname,
+ std::chrono::microseconds) = 0;
virtual ssize_t recv(void*, size_t, const ACE_Time_Value*, size_t*) = 0;
virtual ssize_t send(const void*, size_t, const ACE_Time_Value*, size_t*) = 0;
virtual int getLocalAddr(ACE_Addr&) = 0;
diff --git a/ssl_keys/client_keys/truststore_sni.pem b/ssl_keys/client_keys/truststore_sni.pem
new file mode 100644
index 0000000..1857ce6
--- /dev/null
+++ b/ssl_keys/client_keys/truststore_sni.pem
@@ -0,0 +1,68 @@
+-----BEGIN CERTIFICATE-----
+MIICrDCCAZSgAwIBAgIEXozDxjANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1s
+b2NhdG9yLW1hZXZlMB4XDTIwMDQwNzE4MTc0MloXDTI1MDQwNzE4MTc0MlowGDEW
+MBQGA1UEAwwNbG9jYXRvci1tYWV2ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAOJ3jM2Rb50L+1fXyhZbaOHMuVUVGJ5jQV9wH3ijjeCEckaF29LbEtG8
+swMaxSoi4Sp/A4dp/7VI9CFZJKOX3zooZcuHyR7GSta4wH3oO55w0AfyTGeG6KF2
+Ekzj8pDPHyn/141rFAUPmMDnCfbF69Uixfi2XPxEJZw2GDN/YIHndY+X1pJ4ZuXS
+SmrORSEOSmrN9X7pqbL5D2cy15cmTK5449ZqLEfZS72Mv3gve1Ax2JMWCBEwLdob
+xW5utgmEe1/WhlhPzFr5C92znF/5Eucil/Rr+yynp31X+/QYBemYwOxbeZotHBZJ
+tMLMzaInydrZ04wgHRftNeN0TIZkPmcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA
+Jj1OSCWoILzWLBU1cAiQK8Gt0DVkqcpO4/vc3CoiU2T/em74cBzTwqmgrBvykWgq
+f05jWQcod2yNg8trHrgx8F9CfyyvTXRIxttyfmbD7DAQk+qn9QBSbRJFfzo8VfNp
+dGcT7KV9UDVyzltiTorqQJHUx3acUgtLYS2XUVlbGclhnNafRO44uobOsteAG01v
+YqFa8ZaZM7qcZ88mbbKLXn6lo203JguM+TM0P7wHnzcww9sLmsP8W2cvsvefwCl4
+O7OYcjhcbEph+mIC3/zN8vF6d8xtLiMSGk6BNCHd003MBEhZHizyquGtAFLaEafX
+V6sLm65i8uF2glnQfwS5JQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICrDCCAZSgAwIBAgIEXozDxjANBgkqhkiG9w0BAQsFADAYMRYwFAYDVQQDDA1s
+b2NhdG9yLW1hZXZlMB4XDTIwMDQwNzE4MTc0MloXDTI1MDQwNzE4MTc0MlowGDEW
+MBQGA1UEAwwNbG9jYXRvci1tYWV2ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAOJ3jM2Rb50L+1fXyhZbaOHMuVUVGJ5jQV9wH3ijjeCEckaF29LbEtG8
+swMaxSoi4Sp/A4dp/7VI9CFZJKOX3zooZcuHyR7GSta4wH3oO55w0AfyTGeG6KF2
+Ekzj8pDPHyn/141rFAUPmMDnCfbF69Uixfi2XPxEJZw2GDN/YIHndY+X1pJ4ZuXS
+SmrORSEOSmrN9X7pqbL5D2cy15cmTK5449ZqLEfZS72Mv3gve1Ax2JMWCBEwLdob
+xW5utgmEe1/WhlhPzFr5C92znF/5Eucil/Rr+yynp31X+/QYBemYwOxbeZotHBZJ
+tMLMzaInydrZ04wgHRftNeN0TIZkPmcCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEA
+Jj1OSCWoILzWLBU1cAiQK8Gt0DVkqcpO4/vc3CoiU2T/em74cBzTwqmgrBvykWgq
+f05jWQcod2yNg8trHrgx8F9CfyyvTXRIxttyfmbD7DAQk+qn9QBSbRJFfzo8VfNp
+dGcT7KV9UDVyzltiTorqQJHUx3acUgtLYS2XUVlbGclhnNafRO44uobOsteAG01v
+YqFa8ZaZM7qcZ88mbbKLXn6lo203JguM+TM0P7wHnzcww9sLmsP8W2cvsvefwCl4
+O7OYcjhcbEph+mIC3/zN8vF6d8xtLiMSGk6BNCHd003MBEhZHizyquGtAFLaEafX
+V6sLm65i8uF2glnQfwS5JQ==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICtDCCAZygAwIBAgIEXozGnzANBgkqhkiG9w0BAQsFADAcMRowGAYDVQQDDBFz
+ZXJ2ZXItY2xlbWVudGluZTAeFw0yMDA0MDcxODI5NTFaFw0yNTA0MDcxODI5NTFa
+MBwxGjAYBgNVBAMMEXNlcnZlci1jbGVtZW50aW5lMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEA6IzshjujS5c58AH8nJHBhlqjfNpacoNxhxykeCVsExa9
+vi0l8ezi35pte06j7gpMWhDYHokrHaw6ymp9iTi7D91yIPGeMMNUli8DnzgAzpeY
+V8SGgkrVBalkVe0GimAHXMrzeZF+8D2BEdvDAsIUbrZRACElPlLUoiO93xZZ8ad+
+fAfLVetH4lDJ54FT7ia+St6L0QxSrDLvrqmc/58ZunkQBnQcd4tMjCD1kX4l+5Q1
+eF+Rc/SbY+/8HfyCZcA98voC3dKF13U+0YAf/0ahin+8Ckm6BL/StUxFNftTtJ7l
+iKf56Y3FbSQ84Q9Te8feb05XidkF74Gifa4Q7gOzjwIDAQABMA0GCSqGSIb3DQEB
+CwUAA4IBAQDKvYcnVFryhupo156bB33BU14KN8b5joVyQLeGb2Tx+icZd/jFhqSQ
+c3f8VV+aG9+CtRi/6wesdzf9/CVF+J4ARJ7j3i60NlJi4vQJlZnou+JSBgbBiDkW
+p12ITsw7l1k2zxH8hoMPNbMK1EC/+uwVRJt92L52uShLw9zKtE4MLZxZVa7Amkf4
+zRc78fHwwPXoMjLcQxw+8JRjlciWr/hZccuppXI4qb17l6HAMvW4vCslao0c9pSp
+Opg5Q0PwVXFROIvCANdxNI9ptSrH78Thxh4rggnHs+OZF02D22oTkjquU4Xrar3u
+FXlIS8UmdkqAXGIJf0pqa48aXcqeipRe
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICrjCCAZagAwIBAgIEXozE5DANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5z
+ZXJ2ZXItZG9sb3JlczAeFw0yMDA0MDcxODIyMjhaFw0yNTA0MDcxODIyMjhaMBkx
+FzAVBgNVBAMMDnNlcnZlci1kb2xvcmVzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAyRTzsWsih9Boz2/aRFJsgJNDn8/C207kpvJ9lj0uBWNdZGJ86T4i
+CwvIyMFvxeYQB0qO0AHf6FvJfMgunRlCj3fD01s7AHj8kCFoM/akgo04M7iJfSkU
+dDCVuRbrFtz31akNckyxRw/oORiQ6NYGxnuAvtFdjE8jFc77WVXVU5QuqVEueJXs
+HM+t6VGEn+7GwPsSJMIuEERd+05ZlghB1HoQD4Wu4+b/CXU+8aFRad0HRXHInBl0
+0QABETcMtpe3xIotC7H1nsAMipb0jyl3p+1a49FbrAktsiko8Y2iRVv3kZ58xfx9
+2Unmw+ViEb5bVRFytqb5AIgARI/+XX1zBwIDAQABMA0GCSqGSIb3DQEBCwUAA4IB
+AQB39QXR3HLEju8B1oNCH1UciZetMxvORC2fwgXhqjbJ2YkHlykaLAAKv6DOSyc2
+HE40F2Q/Y0p0NC41+4YIiujgzKWaDI1Gw22PlceE2B49dO8evmldN2NixkirJbtm
+bEtjINAxHXbhXn8GgUKJxSqtFPTX/fG7OCYvkvGItQAhSrGo9r5ACuDYkTZsBAZp
+9jHc50TZsQ7od4jsPXrtZ6S2doOA0TdQ/+XzNyoadbG0YZbRtUVmhJN7gQfkBcjH
+/AnYeYJL1kg39AuO3PsFhgWCsR2eNizGCh7CnHx7xpJnLYAw/01TGidsku/oYFiI
+5SthBjGC992gTekW54hYtMBU
+-----END CERTIFICATE-----
[geode-native] 05/06: Add the new SetSniProxy API
Posted by mm...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
mmartell pushed a commit to branch GEODE-8398-sni-support-dotnet
in repository https://gitbox.apache.org/repos/asf/geode-native.git
commit d67422b3719313232cc3fd1547180ebb21e5e913
Author: Mike Martell <mm...@pivotal.io>
AuthorDate: Tue Aug 4 14:59:08 2020 -0700
Add the new SetSniProxy API
---
clicache/src/PoolFactory.cpp | 16 ++++++++++++++++
clicache/src/PoolFactory.hpp | 14 ++++++++++++++
2 files changed, 30 insertions(+)
diff --git a/clicache/src/PoolFactory.cpp b/clicache/src/PoolFactory.cpp
index c72da35..9c62562 100644
--- a/clicache/src/PoolFactory.cpp
+++ b/clicache/src/PoolFactory.cpp
@@ -285,6 +285,22 @@ namespace Apache
return this;
}
+ PoolFactory^ PoolFactory::SetSniProxy(String^ hostname, Int32 port)
+ {
+ _GF_MG_EXCEPTION_TRY2/* due to auto replace */
+
+ try
+ {
+ m_nativeptr->get()->setSniProxy( marshal_as<std::string>(hostname), port );
+ }
+ finally
+ {
+ GC::KeepAlive(m_nativeptr);
+ }
+
+ _GF_MG_EXCEPTION_CATCH_ALL2/* due to auto replace */
+ return this;
+ }
PoolFactory^ PoolFactory::SetSubscriptionEnabled( Boolean enabled )
{
diff --git a/clicache/src/PoolFactory.hpp b/clicache/src/PoolFactory.hpp
index e6f703e..7d0e3c3 100644
--- a/clicache/src/PoolFactory.hpp
+++ b/clicache/src/PoolFactory.hpp
@@ -280,6 +280,20 @@ namespace Apache
PoolFactory^ AddServer(String^ host, Int32 port);
/// <summary>
+ /// Set proxy info for SNI connection.
+ /// </summary>
+ /// <remarks>
+ /// Used for connecting via SNI proxy.
+ /// </remarks>
+ /// <param>
+ /// host the host name or ip address that the server is listening on.
+ /// </param>
+ /// <param>
+ /// port the port that the server is listening on.
+ /// </param>
+ PoolFactory^ SetSniProxy(String^ hostname, Int32 port);
+
+ /// <summary>
/// Enable subscriptions.
/// </summary>
/// <remarks>
[geode-native] 03/06: Fix currentWorkingDir on Windows
Posted by mm...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
mmartell pushed a commit to branch GEODE-8398-sni-support-dotnet
in repository https://gitbox.apache.org/repos/asf/geode-native.git
commit a62dbbcb38143691763d0ed6254ffce4dfcc6b0f
Author: Mike Martell <mm...@pivotal.io>
AuthorDate: Mon Aug 3 11:21:11 2020 -0700
Fix currentWorkingDir on Windows
---
cppcache/integration/test/SNITest.cpp | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/cppcache/integration/test/SNITest.cpp b/cppcache/integration/test/SNITest.cpp
index ba8b7d0..9a5e93c 100644
--- a/cppcache/integration/test/SNITest.cpp
+++ b/cppcache/integration/test/SNITest.cpp
@@ -44,6 +44,7 @@ class SNITest : public ::testing::Test {
certificatePassword = std::string("apachegeode");
clientSslKeysDir = boost::filesystem::path(
getFrameworkString(FrameworkVariable::TestClientSslKeysDir));
+ currentWorkingDirectory = boost::filesystem::current_path();
}
~SNITest() override = default;
@@ -111,8 +112,11 @@ class SNITest : public ::testing::Test {
std::string certificatePassword;
boost::filesystem::path clientSslKeysDir;
+ boost::filesystem::path currentWorkingDirectory;
};
+TEST_F(SNITest, DISABLED_connectViaProxyTest){};
+
TEST_F(SNITest, connectViaProxyTest) {
const auto clientTruststore =
(clientSslKeysDir / boost::filesystem::path("/truststore_sni.pem"));
@@ -135,7 +139,7 @@ TEST_F(SNITest, connectViaProxyTest) {
auto region = cache.createRegionFactory(RegionShortcut::PROXY)
.setPoolName("pool")
- .create("region");
+ .create("jellyfish");
region->put("1", "one");