You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@zookeeper.apache.org by GitBox <gi...@apache.org> on 2019/12/10 15:55:06 UTC

[GitHub] [zookeeper] eolivelli commented on a change in pull request #1170: ZOOKEEPER-3643: Testing and documenting secure and unsecure ZK client connections

eolivelli commented on a change in pull request #1170: ZOOKEEPER-3643: Testing and documenting secure and unsecure ZK client connections
URL: https://github.com/apache/zookeeper/pull/1170#discussion_r356120687
 
 

 ##########
 File path: zookeeper-server/src/test/java/org/apache/zookeeper/test/ClientSSLTest.java
 ##########
 @@ -138,6 +118,55 @@ public void testClientServerSSL(boolean useSecurePort) throws Exception {
         }
     }
 
+    /**
+     * This test covers the case when from the same JVM we connect to both secure and unsecure
+     * clusters. In this case we can't use the Java System Properties, but we need to specify client
+     * configuration.
+     *
+     * In this test the servers has two client ports open, one used only for secure connection and one
+     * used only for unsecure connections. (the client port unification is disabled)
+     */
+    @Test
+    public void testClientCanConnectBothSecureAndUnsecure() throws Exception {
+
+      // to make sure the test is testing the case we want, we disable client port unification in the
+      // server, and also disable the property which would instruct the client to connect using SSL
+      System.clearProperty(NettyServerCnxnFactory.PORT_UNIFICATION_KEY);
+      System.clearProperty(ZKClientConfig.SECURE_CLIENT);
+
+      final int SERVER_COUNT = 3;
+      final int[] clientPorts = new int[SERVER_COUNT];
+      int[] secureClientPorts = new int[SERVER_COUNT];
+
+      MainThread[] mt = startThreeNodeSSLCluster(clientPorts, secureClientPorts);
+
+      // Servers have been set up. Now go test if both secure and unsecure connection is successful.
+      for (int i = 0; i < SERVER_COUNT; i++) {
+
+        // testing the secure connection, also do some simple operation to verify that it works
+        ZKClientConfig secureClientConfig = new ZKClientConfig();
+        secureClientConfig.setProperty(ZKClientConfig.SECURE_CLIENT, "true");
+        ZooKeeper zkSecure = ClientBase.createZKClient("127.0.0.1:" + secureClientPorts[i], TIMEOUT, secureClientConfig);
+        zkSecure.create("/test", "".getBytes(), ZooDefs.Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
 
 Review comment:
   Is there a way to check that we are using a secure connection?

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services