You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ec...@apache.org on 2019/06/11 14:57:22 UTC
[geode] 01/01: GEODE-6833: Adding new test and test cert files.
This is an automated email from the ASF dual-hosted git repository.
echobravo pushed a commit to branch feature/GEODE-6833
in repository https://gitbox.apache.org/repos/asf/geode.git
commit 85feb52d986745dd20b8b244b563ab6b4fc66a8a
Author: Ernest Burghardt <eb...@pivotal.io>
AuthorDate: Tue Jun 11 08:42:57 2019 -0600
GEODE-6833: Adding new test and test cert files.
---
.../SSLDualServerNoClientAuthDUnitTest.java | 210 +++++++++++++++++++++
.../cache/client/internal/geodeserver1.keystore | Bin 0 -> 2389 bytes
.../cache/client/internal/geodeserver1.truststore | Bin 0 -> 1770 bytes
.../cache/client/internal/geodeserver2.keystore | Bin 0 -> 2389 bytes
.../cache/client/internal/geodeserver2.truststore | Bin 0 -> 1770 bytes
.../org/apache/geode/internal/tcp/Connection.java | 4 +
6 files changed, 214 insertions(+)
diff --git a/geode-core/src/distributedTest/java/org/apache/geode/cache/client/internal/SSLDualServerNoClientAuthDUnitTest.java b/geode-core/src/distributedTest/java/org/apache/geode/cache/client/internal/SSLDualServerNoClientAuthDUnitTest.java
new file mode 100644
index 0000000..581bae6
--- /dev/null
+++ b/geode-core/src/distributedTest/java/org/apache/geode/cache/client/internal/SSLDualServerNoClientAuthDUnitTest.java
@@ -0,0 +1,210 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.geode.cache.client.internal;
+
+import static org.apache.geode.distributed.ConfigurationProperties.LOCATORS;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_ENABLED_COMPONENTS;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE_PASSWORD;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_REQUIRE_AUTHENTICATION;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE_PASSWORD;
+import static org.apache.geode.test.dunit.VM.getVM;
+import static org.apache.geode.test.util.ResourceUtils.createTempFileFromResource;
+import static org.junit.Assert.assertEquals;
+
+import java.io.File;
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.util.Properties;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+
+import org.apache.geode.cache.Cache;
+import org.apache.geode.cache.CacheFactory;
+import org.apache.geode.cache.Region;
+import org.apache.geode.cache.RegionFactory;
+import org.apache.geode.cache.RegionShortcut;
+import org.apache.geode.distributed.Locator;
+import org.apache.geode.test.dunit.VM;
+import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase;
+import org.apache.geode.test.junit.categories.MembershipTest;
+
+@Category(MembershipTest.class)
+public class SSLDualServerNoClientAuthDUnitTest extends JUnit4DistributedTestCase {
+
+ private Cache cache;
+ private int cacheServerPort;
+ private String hostName;
+
+ private static final String SERVER_1_KEYSTORE = "geodeserver1.keystore";
+ private static final String SERVER_1_TRUSTSTORE = "geodeserver1.truststore";
+
+ private static final String SERVER_2_KEYSTORE = "geodeserver2.keystore";
+ private static final String SERVER_2_TRUSTSTORE = "geodeserver2.truststore";
+
+
+ private static SSLDualServerNoClientAuthDUnitTest
+ instance = new SSLDualServerNoClientAuthDUnitTest();
+
+ @Before
+ public void setUp() {
+ disconnectAllFromDS();
+ }
+
+ @After
+ public void tearDown() {
+ VM serverVM = getVM(1);
+ VM server2VM = getVM(2);
+ VM locator = getVM(3);
+
+ locator.invoke(() -> closeLocatorTask());
+ server2VM.invoke(() -> closeCacheTask());
+ serverVM.invoke(() -> closeCacheTask());
+ }
+
+ @Test
+ public void testSSLServerWithNoAuth() {
+ VM serverVM = getVM(1);
+ VM server2VM = getVM(2);
+
+ VM locator = getVM(3);
+
+ Integer locatorPort = locator.invoke(() -> {return setUpLocatorTask();});
+ boolean cacheServerSslenabled = true;
+
+ serverVM.invoke(() -> setUpServerVMTask(locatorPort));
+ server2VM.invoke(() -> setUpServerVMTask(locatorPort));
+
+ server2VM.invoke(() -> doServerRegionTestTask());
+ serverVM.invoke(() -> doServerRegionTestTask());
+ }
+
+ private void createCache(Properties props) throws Exception {
+ cache = new CacheFactory(props).create();
+ if (cache == null) {
+ throw new Exception("CacheFactory.create() returned null ");
+ }
+ }
+
+ private Integer setUpLocator() throws Exception {
+ Properties gemFireProps = new Properties();
+
+ String cacheServerSslprotocols = "any";
+ String cacheServerSslciphers = "any";
+ boolean cacheServerSslRequireAuth = false;
+
+ System.setProperty("javax.net.debug", "all");
+
+ String keyStore =
+ createTempFileFromResource(SSLDualServerNoClientAuthDUnitTest.class, SERVER_1_KEYSTORE)
+ .getAbsolutePath();
+ String trustStore =
+ createTempFileFromResource(SSLDualServerNoClientAuthDUnitTest.class, SERVER_1_TRUSTSTORE)
+ .getAbsolutePath();
+ gemFireProps.setProperty(SSL_ENABLED_COMPONENTS, "cluster");
+ gemFireProps.setProperty(SSL_REQUIRE_AUTHENTICATION, "" + cacheServerSslRequireAuth);
+ gemFireProps.setProperty(SSL_KEYSTORE, "" + keyStore);
+ gemFireProps.setProperty(SSL_KEYSTORE_PASSWORD, "password");
+ gemFireProps.setProperty(SSL_TRUSTSTORE, "" + trustStore);
+ gemFireProps.setProperty(SSL_TRUSTSTORE_PASSWORD, "password");
+
+ StringWriter sw = new StringWriter();
+ PrintWriter writer = new PrintWriter(sw);
+ gemFireProps.list(writer);
+
+ Locator.startLocatorAndDS(0, new File(""), gemFireProps);
+
+ return Locator.getLocator().getPort();
+ }
+
+ private void setUpAndConnectToDistributedSystem(Integer locatorPort) throws Exception {
+ Properties gemFireProps = new Properties();
+
+ String cacheServerSslprotocols = "any";
+ String cacheServerSslciphers = "any";
+ boolean cacheServerSslRequireAuth = false;
+
+ System.setProperty("javax.net.debug", "all");
+ String keyStore;
+ String trustStore;
+ if ( VM.getCurrentVMNum() == 1 ) {
+ keyStore =
+ createTempFileFromResource(SSLDualServerNoClientAuthDUnitTest.class, SERVER_1_KEYSTORE)
+ .getAbsolutePath();
+ trustStore =
+ createTempFileFromResource(SSLDualServerNoClientAuthDUnitTest.class,
+ SERVER_1_TRUSTSTORE)
+ .getAbsolutePath();
+ } else {
+ keyStore =
+ createTempFileFromResource(SSLDualServerNoClientAuthDUnitTest.class, SERVER_2_KEYSTORE)
+ .getAbsolutePath();
+ trustStore =
+ createTempFileFromResource(SSLDualServerNoClientAuthDUnitTest.class,
+ SERVER_2_TRUSTSTORE)
+ .getAbsolutePath();
+ }
+ gemFireProps.setProperty(SSL_ENABLED_COMPONENTS, "cluster");
+ gemFireProps.setProperty(SSL_REQUIRE_AUTHENTICATION, "" + cacheServerSslRequireAuth);
+ gemFireProps.setProperty(SSL_KEYSTORE, "" + keyStore);
+ gemFireProps.setProperty(SSL_KEYSTORE_PASSWORD, "password");
+ gemFireProps.setProperty(SSL_TRUSTSTORE, "" + trustStore);
+ gemFireProps.setProperty(SSL_TRUSTSTORE_PASSWORD, "password");
+
+ gemFireProps.setProperty(LOCATORS, "localhost[" + locatorPort + "]");
+
+
+ StringWriter sw = new StringWriter();
+ PrintWriter writer = new PrintWriter(sw);
+ gemFireProps.list(writer);
+ createCache(gemFireProps);
+
+ RegionFactory factory = cache.createRegionFactory(RegionShortcut.REPLICATE);
+ Region r = factory.create("serverRegion");
+ r.put("serverkey", "servervalue");
+ }
+
+ private void doServerRegionTest() {
+ Region<String, String> region = cache.getRegion("serverRegion");
+ assertEquals("servervalue", region.get("serverkey"));
+ }
+
+ private static Integer setUpLocatorTask() throws Exception{
+ return instance.setUpLocator();
+ }
+
+ private static void setUpServerVMTask(Integer locatorPort) throws Exception {
+ instance.setUpAndConnectToDistributedSystem(locatorPort);
+ }
+
+ private static void doServerRegionTestTask() {
+ instance.doServerRegionTest();
+ }
+
+ private static void closeCacheTask() {
+ if (instance != null && instance.cache != null) {
+ instance.cache.close();
+ }
+ }
+ private static void closeLocatorTask() {
+ if (instance != null && instance.cache != null) {
+ Locator.getLocator().stop();
+ }
+ }
+}
diff --git a/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver1.keystore b/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver1.keystore
new file mode 100644
index 0000000..a476390
Binary files /dev/null and b/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver1.keystore differ
diff --git a/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver1.truststore b/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver1.truststore
new file mode 100644
index 0000000..b869598
Binary files /dev/null and b/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver1.truststore differ
diff --git a/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver2.keystore b/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver2.keystore
new file mode 100644
index 0000000..1b74b0d
Binary files /dev/null and b/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver2.keystore differ
diff --git a/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver2.truststore b/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver2.truststore
new file mode 100644
index 0000000..18c7194
Binary files /dev/null and b/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver2.truststore differ
diff --git a/geode-core/src/main/java/org/apache/geode/internal/tcp/Connection.java b/geode-core/src/main/java/org/apache/geode/internal/tcp/Connection.java
index a9cb8d9..215b04b 100644
--- a/geode-core/src/main/java/org/apache/geode/internal/tcp/Connection.java
+++ b/geode-core/src/main/java/org/apache/geode/internal/tcp/Connection.java
@@ -79,7 +79,9 @@ import org.apache.geode.internal.logging.LoggingThread;
import org.apache.geode.internal.net.BufferPool;
import org.apache.geode.internal.net.NioFilter;
import org.apache.geode.internal.net.NioPlainEngine;
+import org.apache.geode.internal.net.SSLConfigurationFactory;
import org.apache.geode.internal.net.SocketCreator;
+import org.apache.geode.internal.security.SecurableCommunicationChannel;
import org.apache.geode.internal.tcp.MsgReader.Header;
import org.apache.geode.internal.util.concurrent.ReentrantSemaphore;
@@ -1835,6 +1837,8 @@ public class Connection implements Runnable {
if (!clientSocket) {
engine.setWantClientAuth(true);
engine.setNeedClientAuth(true);
+// engine.setNeedClientAuth(SSLConfigurationFactory.getSSLConfigForComponent(getConduit().config,
+// SecurableCommunicationChannel.CLUSTER).isRequireAuth());
}
int packetBufferSize = engine.getSession().getPacketBufferSize();