You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ec...@apache.org on 2019/06/11 14:57:21 UTC
[geode] branch feature/GEODE-6833 created (now 85feb52)
This is an automated email from the ASF dual-hosted git repository.
echobravo pushed a change to branch feature/GEODE-6833
in repository https://gitbox.apache.org/repos/asf/geode.git.
at 85feb52 GEODE-6833: Adding new test and test cert files.
This branch includes the following new commits:
new 85feb52 GEODE-6833: Adding new test and test cert files.
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[geode] 01/01: GEODE-6833: Adding new test and test cert files.
Posted by ec...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
echobravo pushed a commit to branch feature/GEODE-6833
in repository https://gitbox.apache.org/repos/asf/geode.git
commit 85feb52d986745dd20b8b244b563ab6b4fc66a8a
Author: Ernest Burghardt <eb...@pivotal.io>
AuthorDate: Tue Jun 11 08:42:57 2019 -0600
GEODE-6833: Adding new test and test cert files.
---
.../SSLDualServerNoClientAuthDUnitTest.java | 210 +++++++++++++++++++++
.../cache/client/internal/geodeserver1.keystore | Bin 0 -> 2389 bytes
.../cache/client/internal/geodeserver1.truststore | Bin 0 -> 1770 bytes
.../cache/client/internal/geodeserver2.keystore | Bin 0 -> 2389 bytes
.../cache/client/internal/geodeserver2.truststore | Bin 0 -> 1770 bytes
.../org/apache/geode/internal/tcp/Connection.java | 4 +
6 files changed, 214 insertions(+)
diff --git a/geode-core/src/distributedTest/java/org/apache/geode/cache/client/internal/SSLDualServerNoClientAuthDUnitTest.java b/geode-core/src/distributedTest/java/org/apache/geode/cache/client/internal/SSLDualServerNoClientAuthDUnitTest.java
new file mode 100644
index 0000000..581bae6
--- /dev/null
+++ b/geode-core/src/distributedTest/java/org/apache/geode/cache/client/internal/SSLDualServerNoClientAuthDUnitTest.java
@@ -0,0 +1,210 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.cache.client.internal;
+
+import static org.apache.geode.distributed.ConfigurationProperties.LOCATORS;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_ENABLED_COMPONENTS;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE_PASSWORD;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_REQUIRE_AUTHENTICATION;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE_PASSWORD;
+import static org.apache.geode.test.dunit.VM.getVM;
+import static org.apache.geode.test.util.ResourceUtils.createTempFileFromResource;
+import static org.junit.Assert.assertEquals;
+
+import java.io.File;
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.util.Properties;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import org.apache.geode.cache.Cache;
+import org.apache.geode.cache.CacheFactory;
+import org.apache.geode.cache.Region;
+import org.apache.geode.cache.RegionFactory;
+import org.apache.geode.cache.RegionShortcut;
+import org.apache.geode.distributed.Locator;
+import org.apache.geode.test.dunit.VM;
+import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase;
+import org.apache.geode.test.junit.categories.MembershipTest;
+
+@Category(MembershipTest.class)
+public class SSLDualServerNoClientAuthDUnitTest extends JUnit4DistributedTestCase {
+
+ private Cache cache;
+ private int cacheServerPort;
+ private String hostName;
+
+ private static final String SERVER_1_KEYSTORE = "geodeserver1.keystore";
+ private static final String SERVER_1_TRUSTSTORE = "geodeserver1.truststore";
+
+ private static final String SERVER_2_KEYSTORE = "geodeserver2.keystore";
+ private static final String SERVER_2_TRUSTSTORE = "geodeserver2.truststore";
+
+
+ private static SSLDualServerNoClientAuthDUnitTest
+ instance = new SSLDualServerNoClientAuthDUnitTest();
+
+ @Before
+ public void setUp() {
+ disconnectAllFromDS();
+ }
+
+ @After
+ public void tearDown() {
+ VM serverVM = getVM(1);
+ VM server2VM = getVM(2);
+ VM locator = getVM(3);
+
+ locator.invoke(() -> closeLocatorTask());
+ server2VM.invoke(() -> closeCacheTask());
+ serverVM.invoke(() -> closeCacheTask());
+ }
+
+ @Test
+ public void testSSLServerWithNoAuth() {
+ VM serverVM = getVM(1);
+ VM server2VM = getVM(2);
+
+ VM locator = getVM(3);
+
+ Integer locatorPort = locator.invoke(() -> {return setUpLocatorTask();});
+ boolean cacheServerSslenabled = true;
+
+ serverVM.invoke(() -> setUpServerVMTask(locatorPort));
+ server2VM.invoke(() -> setUpServerVMTask(locatorPort));
+
+ server2VM.invoke(() -> doServerRegionTestTask());
+ serverVM.invoke(() -> doServerRegionTestTask());
+ }
+
+ private void createCache(Properties props) throws Exception {
+ cache = new CacheFactory(props).create();
+ if (cache == null) {
+ throw new Exception("CacheFactory.create() returned null ");
+ }
+ }
+
+ private Integer setUpLocator() throws Exception {
+ Properties gemFireProps = new Properties();
+
+ String cacheServerSslprotocols = "any";
+ String cacheServerSslciphers = "any";
+ boolean cacheServerSslRequireAuth = false;
+
+ System.setProperty("javax.net.debug", "all");
+
+ String keyStore =
+ createTempFileFromResource(SSLDualServerNoClientAuthDUnitTest.class, SERVER_1_KEYSTORE)
+ .getAbsolutePath();
+ String trustStore =
+ createTempFileFromResource(SSLDualServerNoClientAuthDUnitTest.class, SERVER_1_TRUSTSTORE)
+ .getAbsolutePath();
+ gemFireProps.setProperty(SSL_ENABLED_COMPONENTS, "cluster");
+ gemFireProps.setProperty(SSL_REQUIRE_AUTHENTICATION, "" + cacheServerSslRequireAuth);
+ gemFireProps.setProperty(SSL_KEYSTORE, "" + keyStore);
+ gemFireProps.setProperty(SSL_KEYSTORE_PASSWORD, "password");
+ gemFireProps.setProperty(SSL_TRUSTSTORE, "" + trustStore);
+ gemFireProps.setProperty(SSL_TRUSTSTORE_PASSWORD, "password");
+
+ StringWriter sw = new StringWriter();
+ PrintWriter writer = new PrintWriter(sw);
+ gemFireProps.list(writer);
+
+ Locator.startLocatorAndDS(0, new File(""), gemFireProps);
+
+ return Locator.getLocator().getPort();
+ }
+
+ private void setUpAndConnectToDistributedSystem(Integer locatorPort) throws Exception {
+ Properties gemFireProps = new Properties();
+
+ String cacheServerSslprotocols = "any";
+ String cacheServerSslciphers = "any";
+ boolean cacheServerSslRequireAuth = false;
+
+ System.setProperty("javax.net.debug", "all");
+ String keyStore;
+ String trustStore;
+ if ( VM.getCurrentVMNum() == 1 ) {
+ keyStore =
+ createTempFileFromResource(SSLDualServerNoClientAuthDUnitTest.class, SERVER_1_KEYSTORE)
+ .getAbsolutePath();
+ trustStore =
+ createTempFileFromResource(SSLDualServerNoClientAuthDUnitTest.class,
+ SERVER_1_TRUSTSTORE)
+ .getAbsolutePath();
+ } else {
+ keyStore =
+ createTempFileFromResource(SSLDualServerNoClientAuthDUnitTest.class, SERVER_2_KEYSTORE)
+ .getAbsolutePath();
+ trustStore =
+ createTempFileFromResource(SSLDualServerNoClientAuthDUnitTest.class,
+ SERVER_2_TRUSTSTORE)
+ .getAbsolutePath();
+ }
+ gemFireProps.setProperty(SSL_ENABLED_COMPONENTS, "cluster");
+ gemFireProps.setProperty(SSL_REQUIRE_AUTHENTICATION, "" + cacheServerSslRequireAuth);
+ gemFireProps.setProperty(SSL_KEYSTORE, "" + keyStore);
+ gemFireProps.setProperty(SSL_KEYSTORE_PASSWORD, "password");
+ gemFireProps.setProperty(SSL_TRUSTSTORE, "" + trustStore);
+ gemFireProps.setProperty(SSL_TRUSTSTORE_PASSWORD, "password");
+
+ gemFireProps.setProperty(LOCATORS, "localhost[" + locatorPort + "]");
+
+
+ StringWriter sw = new StringWriter();
+ PrintWriter writer = new PrintWriter(sw);
+ gemFireProps.list(writer);
+ createCache(gemFireProps);
+
+ RegionFactory factory = cache.createRegionFactory(RegionShortcut.REPLICATE);
+ Region r = factory.create("serverRegion");
+ r.put("serverkey", "servervalue");
+ }
+
+ private void doServerRegionTest() {
+ Region<String, String> region = cache.getRegion("serverRegion");
+ assertEquals("servervalue", region.get("serverkey"));
+ }
+
+ private static Integer setUpLocatorTask() throws Exception{
+ return instance.setUpLocator();
+ }
+
+ private static void setUpServerVMTask(Integer locatorPort) throws Exception {
+ instance.setUpAndConnectToDistributedSystem(locatorPort);
+ }
+
+ private static void doServerRegionTestTask() {
+ instance.doServerRegionTest();
+ }
+
+ private static void closeCacheTask() {
+ if (instance != null && instance.cache != null) {
+ instance.cache.close();
+ }
+ }
+ private static void closeLocatorTask() {
+ if (instance != null && instance.cache != null) {
+ Locator.getLocator().stop();
+ }
+ }
+}
diff --git a/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver1.keystore b/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver1.keystore
new file mode 100644
index 0000000..a476390
Binary files /dev/null and b/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver1.keystore differ
diff --git a/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver1.truststore b/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver1.truststore
new file mode 100644
index 0000000..b869598
Binary files /dev/null and b/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver1.truststore differ
diff --git a/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver2.keystore b/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver2.keystore
new file mode 100644
index 0000000..1b74b0d
Binary files /dev/null and b/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver2.keystore differ
diff --git a/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver2.truststore b/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver2.truststore
new file mode 100644
index 0000000..18c7194
Binary files /dev/null and b/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver2.truststore differ
diff --git a/geode-core/src/main/java/org/apache/geode/internal/tcp/Connection.java b/geode-core/src/main/java/org/apache/geode/internal/tcp/Connection.java
index a9cb8d9..215b04b 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/tcp/Connection.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/tcp/Connection.java
@@ -79,7 +79,9 @@ import org.apache.geode.internal.logging.LoggingThread;
import org.apache.geode.internal.net.BufferPool;
import org.apache.geode.internal.net.NioFilter;
import org.apache.geode.internal.net.NioPlainEngine;
+import org.apache.geode.internal.net.SSLConfigurationFactory;
import org.apache.geode.internal.net.SocketCreator;
+import org.apache.geode.internal.security.SecurableCommunicationChannel;
import org.apache.geode.internal.tcp.MsgReader.Header;
import org.apache.geode.internal.util.concurrent.ReentrantSemaphore;
@@ -1835,6 +1837,8 @@ public class Connection implements Runnable {
if (!clientSocket) {
engine.setWantClientAuth(true);
engine.setNeedClientAuth(true);
+// engine.setNeedClientAuth(SSLConfigurationFactory.getSSLConfigForComponent(getConduit().config,
+// SecurableCommunicationChannel.CLUSTER).isRequireAuth());
}
int packetBufferSize = engine.getSession().getPacketBufferSize();