You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tinkerpop.apache.org by sp...@apache.org on 2019/06/06 20:49:55 UTC
[tinkerpop] branch TINKERPOP-2239 created (now 614249c)
This is an automated email from the ASF dual-hosted git repository.
spmallette pushed a change to branch TINKERPOP-2239
in repository https://gitbox.apache.org/repos/asf/tinkerpop.git.
at 614249c TINKERPOP-2239 Removed previously deprecated SSL configs
This branch includes the following new commits:
new 614249c TINKERPOP-2239 Removed previously deprecated SSL configs
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[tinkerpop] 01/01: TINKERPOP-2239 Removed previously deprecated SSL
configs
Posted by sp...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
spmallette pushed a commit to branch TINKERPOP-2239
in repository https://gitbox.apache.org/repos/asf/tinkerpop.git
commit 614249c45d548147118865ee782727afc69d228a
Author: Stephen Mallette <sp...@genoprime.com>
AuthorDate: Thu Jun 6 16:48:25 2019 -0400
TINKERPOP-2239 Removed previously deprecated SSL configs
These were originally deprecated way back in 3.2.10.
---
CHANGELOG.asciidoc | 1 +
docs/src/upgrade/release-3.5.x.asciidoc | 14 +++-
.../apache/tinkerpop/gremlin/driver/Cluster.java | 68 ------------------
.../apache/tinkerpop/gremlin/driver/Settings.java | 40 -----------
.../tinkerpop/gremlin/driver/SettingsTest.java | 8 ---
.../gremlin/server/AbstractChannelizer.java | 81 +++++++++------------
.../apache/tinkerpop/gremlin/server/Settings.java | 35 ---------
.../gremlin/server/GremlinServerIntegrateTest.java | 84 +---------------------
gremlin-server/src/test/resources/client.crt | 40 -----------
gremlin-server/src/test/resources/client.key.pk8 | 47 ------------
gremlin-server/src/test/resources/server.crt | 41 -----------
gremlin-server/src/test/resources/server.key.pk8 | 47 ------------
12 files changed, 48 insertions(+), 458 deletions(-)
diff --git a/CHANGELOG.asciidoc b/CHANGELOG.asciidoc
index ee2ab54..5ec4456 100644
--- a/CHANGELOG.asciidoc
+++ b/CHANGELOG.asciidoc
@@ -26,6 +26,7 @@ image::https://raw.githubusercontent.com/apache/tinkerpop/master/docs/static/ima
This release also includes changes from <<release-3-4-3, 3.4.3>>.
* Removed previously deprecated `TraversalSource.withRemote()`.
+* Removed previously deprecated SSL settings: `keyCertChainFile`, `keyFile`, `keyPassword` and `trustCertChainFile` and related infrastructure.
* Removed previously deprecated `BulkDumperVertexProgram` and `BulkLoaderVertexProgram`.
== TinkerPop 3.4.0 (Avant-Gremlin Construction #3 for Theremin and Flowers)
diff --git a/docs/src/upgrade/release-3.5.x.asciidoc b/docs/src/upgrade/release-3.5.x.asciidoc
index beee29e..4ae4cfd 100644
--- a/docs/src/upgrade/release-3.5.x.asciidoc
+++ b/docs/src/upgrade/release-3.5.x.asciidoc
@@ -41,6 +41,18 @@ The following deprecated classes, methods or fields have been removed in this ve
** `org.apache.tinkerpop.gremlin.process.traversal.computer.bulkloading.OneTimeBulkLoader`
** `org.apache.tinkerpop.gremlin.process.traversal.TraversalSource#withRemote(*)`
** `org.apache.tinkerpop.gremlin.process.traversal.dsl.graph.GraphTraversalSource#withRemote(*)`
+* `gremlin-driver`
+** `org.apache.tinkerpop.gremlin.driver.Cluster.Builder#keyCertChainFile(String)`
+** `org.apache.tinkerpop.gremlin.driver.Cluster.Builder#keyFile(String)`
+** `org.apache.tinkerpop.gremlin.driver.Cluster.Builder#keyPassword(String)`
+** `org.apache.tinkerpop.gremlin.driver.Cluster.Builder#trustCertificateChainFile(String)`
+* `gremlin-server`
+** `org.apache.tinkerpop.gremlin.server.Settings.SslSettings.keyCertChainFile`
+** `org.apache.tinkerpop.gremlin.server.Settings.SslSettings.keyFile`
+** `org.apache.tinkerpop.gremlin.server.Settings.SslSettings.keyPassword`
+** `org.apache.tinkerpop.gremlin.server.Settings.SslSettings.trustCertificateChainFile`
See: link:https://issues.apache.org/jira/browse/TINKERPOP-2080[TINKERPOP-2080],
-link:https://issues.apache.org/jira/browse/TINKERPOP-2231[TINKERPOP-2231]
\ No newline at end of file
+link:https://issues.apache.org/jira/browse/TINKERPOP-2231[TINKERPOP-2231],
+link:https://issues.apache.org/jira/browse/TINKERPOP-2239[TINKERPOP-2239],
+link:http://tinkerpop.apache.org/docs/3.5.0/upgrade/#_ssl_security[3.2.10 Upgrade Documentation for SSL]
\ No newline at end of file
diff --git a/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Cluster.java b/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Cluster.java
index 113f081..3f125a7 100644
--- a/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Cluster.java
+++ b/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Cluster.java
@@ -180,11 +180,7 @@ public final class Cluster {
.port(settings.port)
.path(settings.path)
.enableSsl(settings.connectionPool.enableSsl)
- .trustCertificateChainFile(settings.connectionPool.trustCertChainFile)
.keepAliveInterval(settings.connectionPool.keepAliveInterval)
- .keyCertChainFile(settings.connectionPool.keyCertChainFile)
- .keyFile(settings.connectionPool.keyFile)
- .keyPassword(settings.connectionPool.keyPassword)
.keyStore(settings.connectionPool.keyStore)
.keyStorePassword(settings.connectionPool.keyStorePassword)
.keyStoreType(settings.connectionPool.keyStoreType)
@@ -480,21 +476,6 @@ public final class Cluster {
final Settings.ConnectionPoolSettings connectionPoolSettings = connectionPoolSettings();
final SslContextBuilder builder = SslContextBuilder.forClient();
- if (connectionPoolSettings.trustCertChainFile != null) {
- logger.warn("Using deprecated SSL trustCertChainFile support");
- builder.trustManager(new File(connectionPoolSettings.trustCertChainFile));
- }
-
- if (null != connectionPoolSettings.keyCertChainFile && null != connectionPoolSettings.keyFile) {
- logger.warn("Using deprecated SSL keyFile support");
- final File keyCertChainFile = new File(connectionPoolSettings.keyCertChainFile);
- final File keyFile = new File(connectionPoolSettings.keyFile);
-
- // note that keyPassword may be null here if the keyFile is not
- // password-protected.
- builder.keyManager(keyCertChainFile, keyFile, connectionPoolSettings.keyPassword);
- }
-
// Build JSSE SSLContext
try {
@@ -572,10 +553,6 @@ public final class Cluster {
private long keepAliveInterval = Connection.KEEP_ALIVE_INTERVAL;
private String channelizer = Channelizer.WebSocketChannelizer.class.getName();
private boolean enableSsl = false;
- private String trustCertChainFile = null;
- private String keyCertChainFile = null;
- private String keyFile = null;
- private String keyPassword = null;
private String keyStore = null;
private String keyStorePassword = null;
private String trustStore = null;
@@ -670,17 +647,6 @@ public final class Cluster {
}
/**
- * File location for a SSL Certificate Chain to use when SSL is enabled. If this value is not provided and
- * SSL is enabled, the default {@link TrustManager} will be used.
- * @deprecated As of release 3.2.10, replaced by {@link #trustStore}
- */
- @Deprecated
- public Builder trustCertificateChainFile(final String certificateChainFile) {
- this.trustCertChainFile = certificateChainFile;
- return this;
- }
-
- /**
* Length of time in milliseconds to wait on an idle connection before sending a keep-alive request. This
* setting is only relevant to {@link Channelizer} implementations that return {@code true} for
* {@link Channelizer#supportsKeepAlive()}. Set to zero to disable this feature.
@@ -691,36 +657,6 @@ public final class Cluster {
}
/**
- * The X.509 certificate chain file in PEM format.
- * @deprecated As of release 3.2.10, replaced by {@link #keyStore}
- */
- @Deprecated
- public Builder keyCertChainFile(final String keyCertChainFile) {
- this.keyCertChainFile = keyCertChainFile;
- return this;
- }
-
- /**
- * The PKCS#8 private key file in PEM format.
- * @deprecated As of release 3.2.10, replaced by {@link #keyStore}
- */
- @Deprecated
- public Builder keyFile(final String keyFile) {
- this.keyFile = keyFile;
- return this;
- }
-
- /**
- * The password of the {@link #keyFile}, or {@code null} if it's not password-protected.
- * @deprecated As of release 3.2.10, replaced by {@link #keyStorePassword}
- */
- @Deprecated
- public Builder keyPassword(final String keyPassword) {
- this.keyPassword = keyPassword;
- return this;
- }
-
- /**
* The file location of the private key in JKS or PKCS#12 format.
*/
public Builder keyStore(final String keyStore) {
@@ -1068,10 +1004,6 @@ public final class Cluster {
connectionPoolSettings.reconnectInterval = builder.reconnectInterval;
connectionPoolSettings.resultIterationBatchSize = builder.resultIterationBatchSize;
connectionPoolSettings.enableSsl = builder.enableSsl;
- connectionPoolSettings.trustCertChainFile = builder.trustCertChainFile;
- connectionPoolSettings.keyCertChainFile = builder.keyCertChainFile;
- connectionPoolSettings.keyFile = builder.keyFile;
- connectionPoolSettings.keyPassword = builder.keyPassword;
connectionPoolSettings.keyStore = builder.keyStore;
connectionPoolSettings.keyStorePassword = builder.keyStorePassword;
connectionPoolSettings.trustStore = builder.trustStore;
diff --git a/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java b/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java
index 4b339de..f4c64cc 100644
--- a/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java
+++ b/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java
@@ -174,18 +174,6 @@ final class Settings {
if (connectionPoolConf.containsKey("enableSsl"))
cpSettings.enableSsl = connectionPoolConf.getBoolean("enableSsl");
- if (connectionPoolConf.containsKey("keyCertChainFile"))
- cpSettings.keyCertChainFile = connectionPoolConf.getString("keyCertChainFile");
-
- if (connectionPoolConf.containsKey("keyFile"))
- cpSettings.keyFile = connectionPoolConf.getString("keyFile");
-
- if (connectionPoolConf.containsKey("keyPassword"))
- cpSettings.keyPassword = connectionPoolConf.getString("keyPassword");
-
- if (connectionPoolConf.containsKey("trustCertChainFile"))
- cpSettings.trustCertChainFile = connectionPoolConf.getString("trustCertChainFile");
-
if (connectionPoolConf.containsKey("keyStore"))
cpSettings.keyStore = connectionPoolConf.getString("keyStore");
@@ -261,34 +249,6 @@ final class Settings {
public boolean enableSsl = false;
/**
- * The trusted certificate in PEM format.
- * @deprecated As of release 3.2.10, replaced by {@link #trustStore}
- */
- @Deprecated
- public String trustCertChainFile = null;
-
- /**
- * The X.509 certificate chain file in PEM format.
- * @deprecated As of release 3.2.10, replaced by {@link #keyStore}
- */
- @Deprecated
- public String keyCertChainFile = null;
-
- /**
- * The PKCS#8 private key file in PEM format.
- * @deprecated As of release 3.2.10, replaced by {@link #keyStore}
- */
- @Deprecated
- public String keyFile = null;
-
- /**
- * The password of the {@link #keyFile}, or {@code null} if it's not password-protected.
- * @deprecated As of release 3.2.10, replaced by {@link #keyStorePassword}
- */
- @Deprecated
- public String keyPassword = null;
-
- /**
* JSSE keystore file path. Similar to setting JSSE property
* {@code javax.net.ssl.keyStore}.
*/
diff --git a/gremlin-driver/src/test/java/org/apache/tinkerpop/gremlin/driver/SettingsTest.java b/gremlin-driver/src/test/java/org/apache/tinkerpop/gremlin/driver/SettingsTest.java
index c140f04..1512c06 100644
--- a/gremlin-driver/src/test/java/org/apache/tinkerpop/gremlin/driver/SettingsTest.java
+++ b/gremlin-driver/src/test/java/org/apache/tinkerpop/gremlin/driver/SettingsTest.java
@@ -47,10 +47,6 @@ public class SettingsTest {
conf.setProperty("serializer.className", "my.serializers.MySerializer");
conf.setProperty("serializer.config.any", "thing");
conf.setProperty("connectionPool.enableSsl", true);
- conf.setProperty("connectionPool.keyCertChainFile", "X.509");
- conf.setProperty("connectionPool.keyFile", "PKCS#8");
- conf.setProperty("connectionPool.keyPassword", "password1");
- conf.setProperty("connectionPool.trustCertChainFile", "pem");
conf.setProperty("connectionPool.keyStore", "server.jks");
conf.setProperty("connectionPool.keyStorePassword", "password2");
conf.setProperty("connectionPool.keyStoreType", "pkcs12");
@@ -85,10 +81,6 @@ public class SettingsTest {
assertEquals("my.serializers.MySerializer", settings.serializer.className);
assertEquals("thing", settings.serializer.config.get("any"));
assertThat(settings.connectionPool.enableSsl, is(true));
- assertEquals("X.509", settings.connectionPool.keyCertChainFile);
- assertEquals("PKCS#8", settings.connectionPool.keyFile);
- assertEquals("password1", settings.connectionPool.keyPassword);
- assertEquals("pem", settings.connectionPool.trustCertChainFile);
assertEquals("server.jks", settings.connectionPool.keyStore);
assertEquals("password2", settings.connectionPool.keyStorePassword);
assertEquals("pkcs12", settings.connectionPool.keyStoreType);
diff --git a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java
index bf4df88..4458634 100644
--- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java
+++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java
@@ -46,7 +46,6 @@ import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
-import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
@@ -108,15 +107,14 @@ public abstract class AbstractChannelizer extends ChannelInitializer<SocketChann
protected final Map<String, MessageSerializer> serializers = new HashMap<>();
- private IdleStateHandler idleStateHandler;
private OpSelectorHandler opSelectorHandler;
private OpExecutorHandler opExecutorHandler;
protected Authenticator authenticator;
/**
- * This method is called from within {@link #initChannel(io.netty.channel.socket.SocketChannel)} just after
- * the SSL handler is put in the pipeline. Modify the pipeline as needed here.
+ * This method is called from within {@link #initChannel(SocketChannel)} just after the SSL handler is put in the pipeline.
+ * Modify the pipeline as needed here.
*/
public abstract void configure(final ChannelPipeline pipeline);
@@ -268,56 +266,41 @@ public abstract class AbstractChannelizer extends ChannelInitializer<SocketChann
final SslContextBuilder builder;
- // DEPRECATED: If the config has the required, deprecated settings, then use it
- if (null != sslSettings.keyCertChainFile && null != sslSettings.keyFile) {
- logger.warn("Using deprecated SSL keyFile support");
- final File keyCertChainFile = new File(sslSettings.keyCertChainFile);
- final File keyFile = new File(sslSettings.keyFile);
- final File trustCertChainFile = null == sslSettings.trustCertChainFile ? null : new File(sslSettings.trustCertChainFile);
-
- // note that keyPassword may be null here if the keyFile is not
- // password-protected. passing null to
- // trustManager is also ok (default will be used)
- builder = SslContextBuilder.forServer(keyCertChainFile, keyFile, sslSettings.keyPassword).trustManager(trustCertChainFile);
- } else {
-
- // Build JSSE SSLContext
- try {
- final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
-
- // Load private key and signed cert
- if (null != sslSettings.keyStore) {
- final String keyStoreType = null == sslSettings.keyStoreType ? KeyStore.getDefaultType() : sslSettings.keyStoreType;
- final KeyStore keystore = KeyStore.getInstance(keyStoreType);
- final char[] password = null == sslSettings.keyStorePassword ? null : sslSettings.keyStorePassword.toCharArray();
- try (final InputStream in = new FileInputStream(sslSettings.keyStore)) {
- keystore.load(in, password);
- }
- kmf.init(keystore, password);
- } else {
- throw new IllegalStateException("keyStore must be configured when SSL is enabled.");
+ // Build JSSE SSLContext
+ try {
+ final KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+
+ // Load private key and signed cert
+ if (null != sslSettings.keyStore) {
+ final String keyStoreType = null == sslSettings.keyStoreType ? KeyStore.getDefaultType() : sslSettings.keyStoreType;
+ final KeyStore keystore = KeyStore.getInstance(keyStoreType);
+ final char[] password = null == sslSettings.keyStorePassword ? null : sslSettings.keyStorePassword.toCharArray();
+ try (final InputStream in = new FileInputStream(sslSettings.keyStore)) {
+ keystore.load(in, password);
}
+ kmf.init(keystore, password);
+ } else {
+ throw new IllegalStateException("keyStore must be configured when SSL is enabled.");
+ }
- builder = SslContextBuilder.forServer(kmf);
-
- // Load custom truststore for client auth certs
- if (null != sslSettings.trustStore) {
- final String keystoreType = null == sslSettings.keyStoreType ? KeyStore.getDefaultType() : sslSettings.keyStoreType;
- final KeyStore truststore = KeyStore.getInstance(keystoreType);
- final char[] password = null == sslSettings.trustStorePassword ? null : sslSettings.trustStorePassword.toCharArray();
- try (final InputStream in = new FileInputStream(sslSettings.trustStore)) {
- truststore.load(in, password);
- }
- final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
- tmf.init(truststore);
- builder.trustManager(tmf);
- }
+ builder = SslContextBuilder.forServer(kmf);
- } catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException | CertificateException | IOException e) {
- logger.error(e.getMessage());
- throw new RuntimeException("There was an error enabling SSL.", e);
+ // Load custom truststore for client auth certs
+ if (null != sslSettings.trustStore) {
+ final String keystoreType = null == sslSettings.keyStoreType ? KeyStore.getDefaultType() : sslSettings.keyStoreType;
+ final KeyStore truststore = KeyStore.getInstance(keystoreType);
+ final char[] password = null == sslSettings.trustStorePassword ? null : sslSettings.trustStorePassword.toCharArray();
+ try (final InputStream in = new FileInputStream(sslSettings.trustStore)) {
+ truststore.load(in, password);
+ }
+ final TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+ tmf.init(truststore);
+ builder.trustManager(tmf);
}
+ } catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException | CertificateException | IOException e) {
+ logger.error(e.getMessage());
+ throw new RuntimeException("There was an error enabling SSL.", e);
}
if (null != sslSettings.sslCipherSuites && !sslSettings.sslCipherSuites.isEmpty()) {
diff --git a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java
index 5b5c7f0..9073aba 100644
--- a/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java
+++ b/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java
@@ -434,41 +434,6 @@ public class Settings {
public boolean enabled = false;
/**
- * The X.509 certificate chain file in PEM format.
- *
- * @deprecated As of release 3.2.10, replaced by {@link #keyStore}
- */
- @Deprecated
- public String keyCertChainFile = null;
-
- /**
- * The PKCS#8 private key file in PEM format.
- *
- * @deprecated As of release 3.2.10, replaced by {@link #keyStore}
- */
- @Deprecated
- public String keyFile = null;
-
- /**
- * The password of the {@link #keyFile}, or {@code null} if it's not
- * password-protected.
- *
- * @deprecated As of release 3.2.10, replaced by {@link #keyStorePassword}
- */
- @Deprecated
- public String keyPassword = null;
-
- /**
- * Trusted certificates for verifying the remote endpoint's certificate. The
- * file should contain an X.509 certificate chain in PEM format. {@code null}
- * uses the system default.
- *
- * @deprecated As of release 3.2.10, replaced by {@link #trustStore}
- */
- @Deprecated
- public String trustCertChainFile = null;
-
- /**
* The file location of the private key in JKS or PKCS#12 format.
*/
public String keyStore;
diff --git a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerIntegrateTest.java b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerIntegrateTest.java
index f6195cf..5d5ac89 100644
--- a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerIntegrateTest.java
+++ b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerIntegrateTest.java
@@ -98,16 +98,14 @@ import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
+
/**
* Integration tests for server-side settings and processing.
*
* @author Stephen Mallette (http://stephen.genoprime.com)
*/
public class GremlinServerIntegrateTest extends AbstractGremlinServerIntegrationTest {
- private static final String PEM_SERVER_KEY = "src/test/resources/server.key.pk8";
- private static final String PEM_SERVER_CRT = "src/test/resources/server.crt";
- private static final String PEM_CLIENT_KEY = "src/test/resources/client.key.pk8";
- private static final String PEM_CLIENT_CRT = "src/test/resources/client.crt";
+
private Level previousLogLevel;
private Log4jRecordingAppender recordingAppender = null;
@@ -192,36 +190,6 @@ public class GremlinServerIntegrateTest extends AbstractGremlinServerIntegration
settings.ssl.enabled = true;
settings.ssl.overrideSslContext(createServerSslContext());
break;
- case "shouldEnableSslAndClientCertificateAuthWithLegacyPem":
- settings.ssl = new Settings.SslSettings();
- settings.ssl.enabled = true;
- settings.ssl.needClientAuth = ClientAuth.REQUIRE;
- settings.ssl.keyCertChainFile = PEM_SERVER_CRT;
- settings.ssl.keyFile = PEM_SERVER_KEY;
- settings.ssl.keyPassword = KEY_PASS;
- // Trust the client
- settings.ssl.trustCertChainFile = PEM_CLIENT_CRT;
- break;
- case "shouldEnableSslAndClientCertificateAuthAndFailWithoutCertWithLegacyPem":
- settings.ssl = new Settings.SslSettings();
- settings.ssl.enabled = true;
- settings.ssl.needClientAuth = ClientAuth.REQUIRE;
- settings.ssl.keyCertChainFile = PEM_SERVER_CRT;
- settings.ssl.keyFile = PEM_SERVER_KEY;
- settings.ssl.keyPassword = KEY_PASS;
- // Trust the client
- settings.ssl.trustCertChainFile = PEM_CLIENT_CRT;
- break;
- case "shouldEnableSslAndClientCertificateAuthAndFailWithoutTrustedClientCertWithLegacyPem":
- settings.ssl = new Settings.SslSettings();
- settings.ssl.enabled = true;
- settings.ssl.needClientAuth = ClientAuth.REQUIRE;
- settings.ssl.keyCertChainFile = PEM_SERVER_CRT;
- settings.ssl.keyFile = PEM_SERVER_KEY;
- settings.ssl.keyPassword = KEY_PASS;
- // Trust ONLY the server cert
- settings.ssl.trustCertChainFile = PEM_SERVER_CRT;
- break;
case "shouldEnableSslAndClientCertificateAuthWithPkcs12":
settings.ssl = new Settings.SslSettings();
settings.ssl.enabled = true;
@@ -593,54 +561,6 @@ public class GremlinServerIntegrateTest extends AbstractGremlinServerIntegration
cluster.close();
}
}
-
- @Test
- public void shouldEnableSslAndClientCertificateAuthWithLegacyPem() {
- final Cluster cluster = TestClientFactory.build().enableSsl(true)
- .keyCertChainFile(PEM_CLIENT_CRT).keyFile(PEM_CLIENT_KEY)
- .keyPassword(KEY_PASS).trustCertificateChainFile(PEM_SERVER_CRT).create();
- final Client client = cluster.connect();
-
- try {
- assertEquals("test", client.submit("'test'").one().getString());
- } finally {
- cluster.close();
- }
- }
-
- @Test
- public void shouldEnableSslAndClientCertificateAuthAndFailWithoutCertWithLegacyPem() {
- final Cluster cluster = TestClientFactory.build().enableSsl(true).keyStore(JKS_SERVER_KEY).keyStorePassword(KEY_PASS).sslSkipCertValidation(true).create();
- final Client client = cluster.connect();
-
- try {
- client.submit("'test'").one();
- fail("Should throw exception because ssl client auth is enabled on the server but client does not have a cert");
- } catch(Exception x) {
- final Throwable root = ExceptionUtils.getRootCause(x);
- assertThat(root, instanceOf(TimeoutException.class));
- } finally {
- cluster.close();
- }
- }
-
- @Test
- public void shouldEnableSslAndClientCertificateAuthAndFailWithoutTrustedClientCertWithLegacyPem() {
- final Cluster cluster = TestClientFactory.build().enableSsl(true)
- .keyCertChainFile(PEM_CLIENT_CRT).keyFile(PEM_CLIENT_KEY)
- .keyPassword(KEY_PASS).trustCertificateChainFile(PEM_SERVER_CRT).create();
- final Client client = cluster.connect();
-
- try {
- client.submit("'test'").one();
- fail("Should throw exception because ssl client auth is enabled on the server but does not trust client's cert");
- } catch(Exception x) {
- final Throwable root = ExceptionUtils.getRootCause(x);
- assertThat(root, instanceOf(TimeoutException.class));
- } finally {
- cluster.close();
- }
- }
@Test
public void shouldEnableSslAndClientCertificateAuthWithPkcs12() {
diff --git a/gremlin-server/src/test/resources/client.crt b/gremlin-server/src/test/resources/client.crt
deleted file mode 100644
index 297335b..0000000
--- a/gremlin-server/src/test/resources/client.crt
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
------BEGIN CERTIFICATE-----
-MIIDajCCAlICCQCG0QGj7JgLvTANBgkqhkiG9w0BAQsFADB2MQswCQYDVQQGEwJV
-UzELMAkGA1UECAwCTkMxEDAOBgNVBAcMB1JhbGVpZ2gxEzARBgNVBAoMCkNsaWVu
-dCBBcHAxDzANBgNVBAMMBmNsaWVudDEiMCAGCSqGSIb3DQEJARYTZ3JlbWxpbi11
-c2VyQGNsaWVudDAgFw0xNzAxMjMxODQzMjNaGA8yMTE2MTIzMDE4NDMyM1owdjEL
-MAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5DMRAwDgYDVQQHDAdSYWxlaWdoMRMwEQYD
-VQQKDApDbGllbnQgQXBwMQ8wDQYDVQQDDAZjbGllbnQxIjAgBgkqhkiG9w0BCQEW
-E2dyZW1saW4tdXNlckBjbGllbnQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQDU7U5tNN+0HCKZX31ZKMZwAUI7qGCpYXd05z5SKRWesNsrEeCLnu1DgYhL
-j+hSi2LI+RwTF45DH8zEPIzQ6HEMzuCd2uy7bdDrXv6H/tFUx9Iw0ea5oXGX1qNa
-tzjPTSmw22VXbSo+B5EG0coC5oDy9SpYb2HxeDmegI2OZL6ROFPKbCUTzyJfqTpy
-1mdgnnKTVuQdtWvj/sXDAZzRqtFHwBkHezKCOC4yLNi5+pI01+0V7FbtyCqH7iPS
-VS9VKsLuhPkzAkRh/x9CxaSrwicyzyB3Kyfg7kjmtdrUOrfgxdw+MMPog3JrGoLr
-tfvc9LUh0ImpLPngyWhwc5iNGwmLAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAEi0
-IVUIbDuirNivJXXXT5eFUgfAx5iPjbR1XBjCuHO061d0B8itU7cidKs0y5mDoauy
-vuywNBih6FAsHoYLrqI1gt65fybGxq3wlhnqdLH7GDeHw65e2PB2x+M4NtQlkPTq
-dUgUtQzAo8Hc4DNR5BrvCtLjqT7Knq8QHtGLys8eoDur09894+6WeUjrgUTp88Jl
-uqrZqRHvdMW7sge73cpU1dsDJW0rJqCLZ+qA2V+ZRRCQY1oHuHeK6Dkokabaq3rr
-WrpxfppIPCusJx4nnIwu4d0gZwAKwabOS8lJPjV0frRkA0BuAEpMIbOwZ10Tw7ZM
-2HzamAOiiks4NFDSs94=
------END CERTIFICATE-----
diff --git a/gremlin-server/src/test/resources/client.key.pk8 b/gremlin-server/src/test/resources/client.key.pk8
deleted file mode 100644
index 213cce3..0000000
--- a/gremlin-server/src/test/resources/client.key.pk8
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
------BEGIN ENCRYPTED PRIVATE KEY-----
-MIIE6TAbBgkqhkiG9w0BBQMwDgQIuH3rVXHniaECAggABIIEyDzHWny/fttnN6ze
-Q/iNE1z72HBg2anTK3gHdu8W3F9W6BSLhuKaUumxcxX6IfkZmxinqwUxSNrRBswr
-s71EZ7QmX2eaeiWxlo6zP0I898fzqvSBWk6NhntV1SVG++/CMeIMZARs85OxcNGN
-fKEXtBUf5jlo+hy9bVgQRO2M1vHzek/deOHyj1eXwEi2Oxcw1ly3o9lRayIFJFou
-0olp58h8pD5qOsSfIrNG6bHBg00eP1ILE1FUPCdOfDrQEjiKKVqllCXdsUz/KjBY
-0iGYMw3aT2LELnibTy0alFswGaDBRqlzGSIGrejdGTOBj7NmeiW2yOY+aUjCkdXw
-ll862oItlJZO/B16EGgI+czdXZgcL5YRGVOu6loOlGxU60Y681Acjn9wdlxxOqXa
-te7khLGX6qm3ceMJ2DQbMO8JS6UBsGjZqq/ictwfGxNDiTeiWmoyrQvO3qkaqsEt
-iLBJdSsogzxx+hfj+xiBRorf9Gvkk6hDnzeuZl9Voak5qY7RrcmxD8ecdh3g2faO
-VFtxTAxmHJakgGF7fZ7jQoxZJzzRn+rjIhATaEH1/MMME77Z+8rkE74oxFOrizDU
-Eb4AMUV/xgrAtQLGpIFALL7oPk2r1exFgywL40q5/BcXCx65eliXtyoBIc5X+t90
-fTB8lA3K5mT2MXzwMyMPv2n8d8Ta2OjisRHjSue6AqNqifBuniVfSpHP9OUlsKaL
-u3eN8mSuPDhlo7RGG8+B7mSqGDjORR/+BJvwgFreIyurOL22g887uPwjzPXs6lll
-3VFclsrfEqNMP6kBsXlHNAxjT10WoWrF+ONPEyg9PrzTGryTRqW+ptzBqtiQrVag
-/KMee3sdg6i9GN+EGc43DNJzxxlFXvT9kBvOk66tOPEE5963k3ZikjuAX7xBVOvM
-AlqzHHW727fHXqYp0yabWTpr72RuUGQOqPZiMsWd6x65HL2I0WHP9PXTf1vMmnj3
-NgiN1paATl5L8S9Jt8WL8iLskVt2f+CAKJuQfamY5Fg54m/cJzNHV8nAMTTl+0EN
-9vUhvn672wZd9JfB4PMtrIhYFNJElJmmdAwjFrop6goXA/UGgf3M4QNiQetFGxWP
-aJ0tMSdA/ax9nGA5LU6iCwPe51ExrQJAVFw+oE3I8+J1oz1fQOl8zIgyOFwG+bJx
-/Y/JyraEssZ5RLtaGgcm9vZm8Wo8a5TQCbqhoY8x7MwyF7/VpbRZ3bGEUFnWd/yF
-1tCPeZ+q5HN79P3qfZzAcFAU3z3HawXDwQ3XO3Plix04Vjr+QFENeJxhL+3FXtLx
-4nF+Y9Fq6I5x8YQLrPYkIyRz8xWxVBQFZTeNhWx5nYWNcDXgz/S8v3ipY+EPEj9Q
-uOQWNdSJ9XOR+Ju/KSP0151guLkUwpHBCi/CFY4TgD6iFglTyLuZpW2bbim1mmDI
-LSDHwrERQWNmcNznK4PIw227w6EZqUEI0jjkANhXQG6dz1VkaTIZAoEVWHhFNi8S
-gSPkhsWN822QzxZQb+74JoUFBTifP50giaCd6p2HKw8U20FAPyseVIY3IsYatuLU
-8VhfeBQ1GLOOy8/5mRyjL+Gjn/OfNPwps9uuOogx/jGf0JhtjAEY2WNoEEB9DkUv
-AijT0ck1+DM3by4MlA==
------END ENCRYPTED PRIVATE KEY-----
diff --git a/gremlin-server/src/test/resources/server.crt b/gremlin-server/src/test/resources/server.crt
deleted file mode 100644
index b777e34..0000000
--- a/gremlin-server/src/test/resources/server.crt
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
------BEGIN CERTIFICATE-----
-MIIDrjCCApYCCQCg8hxjInTcQzANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMC
-VVMxCzAJBgNVBAgMAkNBMRQwEgYDVQQHDAtTYW50YSBDbGFyYTEZMBcGA1UECgwQ
-QXBhY2hlIFRpbmtlclBvcDEQMA4GA1UECwwHR3JlbWxpbjESMBAGA1UEAwwJbG9j
-YWxob3N0MSQwIgYJKoZIhvcNAQkBFhVzcG1hbGxldHRlQGFwYWNoZS5vcmcwIBcN
-MTcwMTIzMTg0MTEwWhgPMjExNjEyMzAxODQxMTBaMIGXMQswCQYDVQQGEwJVUzEL
-MAkGA1UECAwCQ0ExFDASBgNVBAcMC1NhbnRhIENsYXJhMRkwFwYDVQQKDBBBcGFj
-aGUgVGlua2VyUG9wMRAwDgYDVQQLDAdHcmVtbGluMRIwEAYDVQQDDAlsb2NhbGhv
-c3QxJDAiBgkqhkiG9w0BCQEWFXNwbWFsbGV0dGVAYXBhY2hlLm9yZzCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK5l+5DDrSGq1n1vYIMbb95buWlo4u5s
-V8wHNmeFCuqNvGfxermHS88SSy6qvdSXISfe+kj9Jkfn1Pjx4czwcnF/q4Au3Gc6
-T9MiAKJUfb4+MwPKERacFobk6LTreKpzvXymAhhM1ktvvA7/opZ+nENDEoIJK/KS
-CY9vRWeHqI1Q+Rf5Nrqw8eySq/ZhPDlppsu5sQr1ghSsuzXhpYNhq8VBMsysL2Zi
-VF5DFMqg9yhBkxrqo70W/pjo4kQJ/iF/4d/3HHicSCVq3/NCkWMVg0HeOZ1eVaZ/
-D6EXv8cYwyaRmf7SldE7RtdbAU0M+Y0Lmuoi2evls0Oiqf8uxEDXeLUCAwEAATAN
-BgkqhkiG9w0BAQsFAAOCAQEAJFAAUxYeUbf6tAGEKCXISted10TybPW/qCxOXEPN
-TTO+xvnzksbcbzOc2X0N+yYIKtkfiuWgD9UJ4QnLSeEKmouMbkTk0ToYJj7SrviI
-f+9R1IiZMiwz+n0igETkEGOK0Ql26Z4g3kc1IueSD07QOLASTvVLtEyoya7LD4S6
-jk1LnbpbHVmgHY4kmtsg6lVQ1zkqrsDQg9goh8dI5AlNCudpd8zLxzsPbm+Q2+DC
-Wd4A2lKdh3rbY2LYpbVhBj9c6E0laaqgyGC7s37XfmyBp4wYlX/30p6RpCR2rcRW
-SKh5NXN52Xx3WuiP42wm9ZC/de8gaODrW8n44xlEaMPJ3A==
------END CERTIFICATE-----
diff --git a/gremlin-server/src/test/resources/server.key.pk8 b/gremlin-server/src/test/resources/server.key.pk8
deleted file mode 100644
index 9dc6720..0000000
--- a/gremlin-server/src/test/resources/server.key.pk8
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
------BEGIN ENCRYPTED PRIVATE KEY-----
-MIIE6TAbBgkqhkiG9w0BBQMwDgQIJi2M3dPcx+cCAggABIIEyG/0PwTaqm3ekGkn
-8daHjfcqxCpvwOku0pCCgV7AMsrsj4TvMOHOkId+xKVs4AlXV2grPfTQoMrIFFp0
-26hzpZOHEjAe9XbtzVWgphwLVeWOr5ugovyXPxdCqMBrn251y9Yg6csh5pPrsHEp
-RLTZPQPvEVIhA0tRkPPag5BSlj//nH7PnXYRm4VSRg7WQS15ieHsC1xDM9zYni/b
-ffU++twOGvCdvtGd/lqjJj3dPomKynb6Y4cEc73vQ6cQjeXN1W1Nil4QsDZ53H3U
-KvoWuEVYDf1WDFySgHMFgePHXMMWA8ZkgS6rOrV1TDnoZIhG5BSe7aJNJQdVVMub
-NAxZB4C1unIICuAtsP9IEAhevbfNGySi0jbrnun0pTD22Q95HZVycl1YWamrr1Hl
-17TmHQT7zh4GLlXVI3L/FevoswbuR7misyqE3ketNpxdLcHKs82MVLCwbLzuqm60
-tpSm/jrexhNErKU28kdPzWCwruEHdrlOuMSS8N2YgSZxHIjEId8pZED8dsnPvqhe
-CAEa3F68Js9sngeMvThYirpr0wOsSGmGCDrXTmQvTw+q8C+DJLWpjfpKZA4g624f
-E3CUojwOaPrmaEa25eYm0oYDstY8QncG7nBAuljeXWBYfxARYcLI/bLC/M/q+UeS
-gzjQgoacH4r2Y7rwEA0aeYC+9TWn5rPHPWegdc01A2e7OlYKrlu9C1aKZr//GyBM
-lEVRc0u8RL+RVhmp7ftRyATDG9kJR+zDT26hewaEa5atnPKLjf+37hu7a/6GI+2X
-dpWTzmvWal4eEkFuBg2ekl1lCsuuCUBDWyYrlhsWPYTOSKJ/PTuLq7HVqdGB9kEw
-SavnXV5LPOaY4nAzJTdRk9DHdxSwSrjZ5rvMMD1CAbob/GA9t8aYaGcAWtTwMFs4
-sps40mmab3X0LLvTblHtmRCHWswcACbH2DC6H+0awsaZNI80GxSSutKN+2vH3N0C
-6fLwP1VaYm0qPA3pI1vp9Xu5I//6Hzt3aT/R+6KhS+CH3qbJiHNzg1ywdNqgD3Pp
-bJNEiDKWdLd65bvclVVyWHovWIvvEly1TWUsp4YbdrT5asL/VV82fvo4wCttOq96
-msk9OL5vQADJ32D7vnnYadiT2tpJMjNSug7JKHutJ/cJmm8qkqNwFm/BH+w2t7kh
-elbG0f2P7FpPXVMCJPHhmI/+OBECqBHAAWgRRn91GqeGgY+Xy05orL2R/qeNdBbT
-qmrxqm7LesPgo0IqU82quTkiBERaXMu8qUYaYPGVJIskQuWqd/aArhaFmqZhK3bz
-lepJMDAaeaBT/3ULICHdhsSVAhl6iwid40ow8x1cRFoPEljZ9t6fERN1h2ptNyZT
-LRJ4DUXy4RWTHl3+AVyzwcgMpxkxRTzdjguzAjceOHEMm7UNCvSVhFHVBkG6kXXw
-940iYvhkRnn6HRcPbP5xeJp6GX8RoAl42giRO6OGnkhkepOuAcFKJCC2N5OgdKmq
-mlVGEKndriwyzyiPN8noEJksenL1iMSA7HSnM34uCJoEetTBRuv8+721bTdz8dy0
-s/GghsYztugLjho4yivn2fcxw4gMFiSiliyrfbocJnHAubDMZwEu0fpfY+0fBi9+
-e/Odgw8aTlMUKSo+UA==
------END ENCRYPTED PRIVATE KEY-----