You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tika.apache.org by ta...@apache.org on 2022/04/21 19:12:16 UTC
[tika] branch TIKA-3719 updated: TIKA-3719 -- add unit test and fix setResource to setFile
This is an automated email from the ASF dual-hosted git repository.
tallison pushed a commit to branch TIKA-3719
in repository https://gitbox.apache.org/repos/asf/tika.git
The following commit(s) were added to refs/heads/TIKA-3719 by this push:
new c70394c2b TIKA-3719 -- add unit test and fix setResource to setFile
c70394c2b is described below
commit c70394c2b36c2574c315a222b1ad8350c50e3ce9
Author: tallison <ta...@apache.org>
AuthorDate: Thu Apr 21 15:12:01 2022 -0400
TIKA-3719 -- add unit test and fix setResource to setFile
---
.../apache/tika/server/core/TikaServerProcess.java | 6 +-
.../tika/server/core/IntegrationTestBase.java | 7 +-
.../server/core/TikaServerIntegrationTest.java | 108 +++++++++++++++++++++
.../configs/tika-config-server-tls-template.xml | 44 +++++++++
.../src/test/resources/ssl-keys/README.txt | 28 ++++++
.../resources/ssl-keys/tika-client-keystore.p12 | Bin 0 -> 2505 bytes
.../resources/ssl-keys/tika-client-truststore.p12 | Bin 0 -> 3429 bytes
.../src/test/resources/ssl-keys/tika-client.crt | Bin 0 -> 789 bytes
.../resources/ssl-keys/tika-server-keystore.p12 | Bin 0 -> 2505 bytes
.../resources/ssl-keys/tika-server-truststore.p12 | Bin 0 -> 3429 bytes
.../src/test/resources/ssl-keys/tika-server.crt | Bin 0 -> 789 bytes
11 files changed, 188 insertions(+), 5 deletions(-)
diff --git a/tika-server/tika-server-core/src/main/java/org/apache/tika/server/core/TikaServerProcess.java b/tika-server/tika-server-core/src/main/java/org/apache/tika/server/core/TikaServerProcess.java
index 1b34916c7..d75da900b 100644
--- a/tika-server/tika-server-core/src/main/java/org/apache/tika/server/core/TikaServerProcess.java
+++ b/tika-server/tika-server-core/src/main/java/org/apache/tika/server/core/TikaServerProcess.java
@@ -285,8 +285,7 @@ public class TikaServerProcess {
KeyStoreType keyStore = new KeyStoreType();
keyStore.setType(tlsConfig.getKeyStoreType());
keyStore.setPassword(tlsConfig.getKeyStorePassword());
- keyStore.setResource(tlsConfig.getKeyStoreFile());
-
+ keyStore.setFile(tlsConfig.getKeyStoreFile());
KeyManagersType kmt = new KeyManagersType();
kmt.setKeyStore(keyStore);
kmt.setKeyPassword(tlsConfig.getKeyStorePassword());
@@ -297,8 +296,7 @@ public class TikaServerProcess {
KeyStoreType trustKeyStore = new KeyStoreType();
trustKeyStore.setType(tlsConfig.getTrustStoreType());
trustKeyStore.setPassword(tlsConfig.getTrustStorePassword());
- trustKeyStore.setResource(tlsConfig.getTrustStoreFile());
-
+ trustKeyStore.setFile(tlsConfig.getTrustStoreFile());
TrustManagersType tmt = new TrustManagersType();
tmt.setKeyStore(trustKeyStore);
parameters.setTrustManagers(TLSParameterJaxBUtils.getTrustManagers(tmt, true));
diff --git a/tika-server/tika-server-core/src/test/java/org/apache/tika/server/core/IntegrationTestBase.java b/tika-server/tika-server-core/src/test/java/org/apache/tika/server/core/IntegrationTestBase.java
index 8c3112112..90adf0acc 100644
--- a/tika-server/tika-server-core/src/test/java/org/apache/tika/server/core/IntegrationTestBase.java
+++ b/tika-server/tika-server-core/src/test/java/org/apache/tika/server/core/IntegrationTestBase.java
@@ -126,9 +126,14 @@ public class IntegrationTestBase extends TikaTest {
}
void awaitServerStartup() throws Exception {
+ WebClient client = WebClient.create(endPoint + "/").accept("text/html");
+ awaitServerStartup(client);
+
+ }
+
+ void awaitServerStartup(WebClient client) throws Exception {
Instant started = Instant.now();
long elapsed = Duration.between(started, Instant.now()).toMillis();
- WebClient client = WebClient.create(endPoint + "/").accept("text/html");
while (elapsed < MAX_WAIT_MS) {
try {
Response response = client.get();
diff --git a/tika-server/tika-server-core/src/test/java/org/apache/tika/server/core/TikaServerIntegrationTest.java b/tika-server/tika-server-core/src/test/java/org/apache/tika/server/core/TikaServerIntegrationTest.java
index 83fffdd49..bf6b5a2e1 100644
--- a/tika-server/tika-server-core/src/test/java/org/apache/tika/server/core/TikaServerIntegrationTest.java
+++ b/tika-server/tika-server-core/src/test/java/org/apache/tika/server/core/TikaServerIntegrationTest.java
@@ -21,11 +21,15 @@ import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.fail;
+import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.Reader;
import java.net.URISyntaxException;
+import java.nio.file.Files;
+import java.nio.file.Path;
import java.nio.file.Paths;
+import java.security.GeneralSecurityException;
import java.util.List;
import java.util.Random;
import java.util.concurrent.TimeUnit;
@@ -35,7 +39,16 @@ import javax.ws.rs.core.Response;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
+import org.apache.commons.io.IOUtils;
+import org.apache.cxf.configuration.jsse.TLSClientParameters;
+import org.apache.cxf.configuration.jsse.TLSParameterJaxBUtils;
+import org.apache.cxf.configuration.security.KeyManagersType;
+import org.apache.cxf.configuration.security.KeyStoreType;
+import org.apache.cxf.configuration.security.TrustManagersType;
import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.cxf.transport.http.HTTPConduit;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.Timeout;
@@ -50,6 +63,28 @@ import org.apache.tika.utils.ProcessUtils;
public class TikaServerIntegrationTest extends IntegrationTestBase {
private static final Logger LOG = LoggerFactory.getLogger(TikaServerIntegrationTest.class);
+ private static Path SSL;
+ private static Path TIKA_SSL_CONFIG;
+ @BeforeAll
+ public static void setUpSSL() throws Exception {
+ SSL =
+ Paths.get(TikaServerIntegrationTest.class.getResource("/ssl-keys").toURI());
+ String xml = IOUtils.resourceToString("/configs/tika-config-server-tls-template.xml",
+ UTF_8);
+ xml = xml.replaceAll("\\$\\{SSL_KEYS\\}", SSL.toAbsolutePath().toString());
+
+ TIKA_SSL_CONFIG = Files.createTempFile("tika-config-tls-", ".xml");
+ try {
+ Files.write(TIKA_SSL_CONFIG, xml.getBytes(UTF_8));
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ @AfterAll
+ public static void cleanUpSSL() throws IOException {
+ Files.delete(TIKA_SSL_CONFIG);
+ }
@Test
public void testBasic() throws Exception {
@@ -260,6 +295,16 @@ public class TikaServerIntegrationTest extends IntegrationTestBase {
}
}
+ private String getSSL(String file) {
+ try {
+ return ProcessUtils.escapeCommandLine(Paths.get(TikaServerIntegrationTest.class.
+ getResource("/ssl-keys/" + file).toURI()).toAbsolutePath().toString());
+ } catch (URISyntaxException e) {
+ throw new RuntimeException(e);
+ }
+
+ }
+
@Test
public void testStdErrOutBasic() throws Exception {
startProcess(
@@ -276,6 +321,69 @@ public class TikaServerIntegrationTest extends IntegrationTestBase {
}
+ @Test
+ public void testTLS() throws Exception {
+ startProcess(
+ new String[]{"-config",
+ ProcessUtils.escapeCommandLine(TIKA_SSL_CONFIG.toAbsolutePath().toString())});
+
+ String httpsEndpoint = "https://localhost:" + INTEGRATION_TEST_PORT;
+ WebClient webClient = WebClient.create(httpsEndpoint);
+ configureTLS(webClient);
+
+ awaitServerStartup(webClient);
+
+ webClient.close();
+ webClient = WebClient.create(httpsEndpoint + RMETA_PATH);
+ configureTLS(webClient);
+
+ Response response = webClient.accept("application/json")
+ .put(ClassLoader.getSystemResourceAsStream(TEST_HELLO_WORLD));
+ Reader reader = new InputStreamReader((InputStream) response.getEntity(), UTF_8);
+
+ List<Metadata> metadataList = JsonMetadataList.fromJson(reader);
+ assertEquals(1, metadataList.size());
+ assertEquals("Nikolai Lobachevsky", metadataList.get(0).get("author"));
+ assertContains("hello world", metadataList.get(0).get("X-TIKA:content"));
+
+ //now test no tls config
+ webClient = WebClient.create(httpsEndpoint + RMETA_PATH);
+
+ try {
+ response = webClient.accept("application/json").put(
+ ClassLoader.getSystemResourceAsStream(TEST_HELLO_WORLD));
+ fail("bad, bad, bad. this should have failed!");
+ } catch (Exception e) {
+ assertContains("javax.net.ssl.SSLHandshakeException", e.getMessage());
+ }
+ }
+
+ private void configureTLS(WebClient webClient) throws GeneralSecurityException, IOException {
+ HTTPConduit conduit = WebClient.getConfig(webClient)
+ .getHttpConduit();
+ KeyStoreType keystore = new KeyStoreType();
+ keystore.setType("PKCS12");
+ keystore.setPassword("tika-secret");
+ keystore.setFile(getSSL("tika-client-keystore.p12"));
+ KeyManagersType kmt = new KeyManagersType();
+ kmt.setKeyStore(keystore);
+ kmt.setKeyPassword("tika-secret");
+ TLSClientParameters parameters = new TLSClientParameters();
+ parameters.setKeyManagers(TLSParameterJaxBUtils.getKeyManagers(kmt));
+
+ KeyStoreType trustKeyStore = new KeyStoreType();
+ trustKeyStore.setType("PKCS12");
+ trustKeyStore.setPassword("tika-secret");
+ trustKeyStore.setFile(getSSL("tika-client-truststore.p12"));
+
+ TrustManagersType tmt = new TrustManagersType();
+ tmt.setKeyStore(trustKeyStore);
+ parameters.setTrustManagers(TLSParameterJaxBUtils.getTrustManagers(tmt, true));
+
+ conduit.setTlsClientParameters(parameters);
+
+ }
+
@Test
@Disabled("This works, but prints too much junk to the console. " +
"Figure out how to gobble/redirect.")
diff --git a/tika-server/tika-server-core/src/test/resources/configs/tika-config-server-tls-template.xml b/tika-server/tika-server-core/src/test/resources/configs/tika-config-server-tls-template.xml
new file mode 100644
index 000000000..861a0c616
--- /dev/null
+++ b/tika-server/tika-server-core/src/test/resources/configs/tika-config-server-tls-template.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<properties>
+ <server>
+ <params>
+ <port>9999</port>
+ <taskTimeoutMillis>1000000</taskTimeoutMillis>
+ <minimumTimeoutMillis>10000</minimumTimeoutMillis>
+ <maxFiles>10000</maxFiles>
+ <forkedJvmArgs>
+ <arg>-Xmx1g</arg>
+ </forkedJvmArgs>
+ <endpoints>
+ <endpoint>rmeta</endpoint>
+ </endpoints>
+ </params>
+ <tlsConfig>
+ <params>
+ <active>true</active>
+ <keyStoreType>PKCS12</keyStoreType>
+ <keyStorePassword>tika-secret</keyStorePassword>
+ <keyStoreFile>${SSL_KEYS}/tika-server-keystore.p12</keyStoreFile>
+ <trustStoreType>PKCS12</trustStoreType>
+ <trustStorePassword>tika-secret</trustStorePassword>
+ <trustStoreFile>${SSL_KEYS}/tika-server-truststore.p12</trustStoreFile>
+ </params>
+ </tlsConfig>
+ </server>
+</properties>
diff --git a/tika-server/tika-server-core/src/test/resources/ssl-keys/README.txt b/tika-server/tika-server-core/src/test/resources/ssl-keys/README.txt
new file mode 100644
index 000000000..2267cabda
--- /dev/null
+++ b/tika-server/tika-server-core/src/test/resources/ssl-keys/README.txt
@@ -0,0 +1,28 @@
+To generate these, I followed
+https://bhashineen.medium.com/steps-to-create-keystores-and-truststores-to-be-used-in-mutual-ssl-of-a-server-and-a-client-e0b75ca3ea42
+
+1. Create a keystore for the client
+keytool -genkey -alias tika-client -keyalg RSA -keystore tika-client-keystore.p12 -keysize 2048 -storeType PKCS12 -validity 9999 -ext SAN=DNS:localhost,IP:127.0.0.1 -dname "CN=localhost, OU=Tika Testing"
+
+2. Export the public cert of the client
+keytool -export -keystore tika-client-keystore.p12 -alias tika-client -file tika-client.crt
+
+3. Create a keystore for the server
+keytool -genkey -alias tika-server -keyalg RSA -keystore tika-server-keystore.p12 -keysize 2048 -storeType PKCS12 -validity 9999 -ext SAN=DNS:localhost,IP:127.0.0.1 -dname "CN=localhost, OU=Tika Testing"
+
+4. Export the public cert of the server
+keytool -export -keystore tika-server-keystore.p12 -alias tika-server -file tika-server.crt
+
+5. Create a truststore for the client
+keytool -genkey -alias tika-client-trust -keyalg RSA -keystore tika-client-truststore.p12 -keysize 2048 -storeType PKCS12 -validity 9999 -ext SAN=DNS:localhost,IP:127.0.0.1 -dname "CN=localhost, OU=Tika Testing"
+
+6. Create a truststore for the server
+keytool -genkey -alias tika-server-trust -keyalg RSA -keystore tika-server-truststore.p12 -keysize 2048 -storeType PKCS12 -validity 9999 -ext SAN=DNS:localhost,IP:127.0.0.1 -dname "CN=localhost, OU=Tika Testing"
+
+7. Import the client public cert into the server truststore
+keytool -import -keystore tika-server-truststore.p12 -alias tika-client -file tika-client.crt
+
+8. Import the server public cert into the client truststore
+keytool -import -keystore tika-client-truststore.p12 -alias tika-server -file tika-server.crt
+
+NOTE: I did not then delete the private keys because I wanted to leave them in in case we needed to do something else.
\ No newline at end of file
diff --git a/tika-server/tika-server-core/src/test/resources/ssl-keys/tika-client-keystore.p12 b/tika-server/tika-server-core/src/test/resources/ssl-keys/tika-client-keystore.p12
new file mode 100644
index 000000000..44b37fb39
Binary files /dev/null and b/tika-server/tika-server-core/src/test/resources/ssl-keys/tika-client-keystore.p12 differ
diff --git a/tika-server/tika-server-core/src/test/resources/ssl-keys/tika-client-truststore.p12 b/tika-server/tika-server-core/src/test/resources/ssl-keys/tika-client-truststore.p12
new file mode 100644
index 000000000..f020e9205
Binary files /dev/null and b/tika-server/tika-server-core/src/test/resources/ssl-keys/tika-client-truststore.p12 differ
diff --git a/tika-server/tika-server-core/src/test/resources/ssl-keys/tika-client.crt b/tika-server/tika-server-core/src/test/resources/ssl-keys/tika-client.crt
new file mode 100644
index 000000000..fa03cfa39
Binary files /dev/null and b/tika-server/tika-server-core/src/test/resources/ssl-keys/tika-client.crt differ
diff --git a/tika-server/tika-server-core/src/test/resources/ssl-keys/tika-server-keystore.p12 b/tika-server/tika-server-core/src/test/resources/ssl-keys/tika-server-keystore.p12
new file mode 100644
index 000000000..b2d63ae71
Binary files /dev/null and b/tika-server/tika-server-core/src/test/resources/ssl-keys/tika-server-keystore.p12 differ
diff --git a/tika-server/tika-server-core/src/test/resources/ssl-keys/tika-server-truststore.p12 b/tika-server/tika-server-core/src/test/resources/ssl-keys/tika-server-truststore.p12
new file mode 100644
index 000000000..a3ec498ba
Binary files /dev/null and b/tika-server/tika-server-core/src/test/resources/ssl-keys/tika-server-truststore.p12 differ
diff --git a/tika-server/tika-server-core/src/test/resources/ssl-keys/tika-server.crt b/tika-server/tika-server-core/src/test/resources/ssl-keys/tika-server.crt
new file mode 100644
index 000000000..41095ef19
Binary files /dev/null and b/tika-server/tika-server-core/src/test/resources/ssl-keys/tika-server.crt differ