This is an automated email from the ASF dual-hosted git repository.
sijie pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/bookkeeper.git
The following commit(s) were added to refs/heads/master by this push:
new dc30763 BookieNettyServer: add contextHandler to the local transport
pipeline
dc30763 is described below
commit dc30763f21a3b06d6cb429998c3d3cb2a7aac8f2
Author: Samuel Just <[email protected]>
AuthorDate: Fri Jan 5 11:23:24 2018 -0800
BookieNettyServer: add contextHandler to the local transport pipeline
Left off of 8e0bd2c3d81b522e97434d8646915f36422a104b. In fact,
authentication is already enabled on LocalTransport. This extra line is
needed for the machinery which allows auth plugins to access ssl state.
Currently, the only plugin which uses that machinery is in TestTLS.
Adds test cases to validate that functionality with Local Transport
enabled.
Signed-off-by: Samuel Just <sjustsalesforce.com>
Author: Samuel Just <[email protected]>
Reviewers: Enrico Olivelli <[email protected]>
This closes #941 from athanatos/forupstream/requestprocessorfixes/4
---
.../apache/bookkeeper/proto/BookieNettyServer.java | 1 +
.../java/org/apache/bookkeeper/tls/TestTLS.java | 67 ++++++++++++++++++++++
2 files changed, 68 insertions(+)
diff --git
a/bookkeeper-server/src/main/java/org/apache/bookkeeper/proto/BookieNettyServer.java
b/bookkeeper-server/src/main/java/org/apache/bookkeeper/proto/BookieNettyServer.java
index a2d7fc9..dc2cbce 100644
---
a/bookkeeper-server/src/main/java/org/apache/bookkeeper/proto/BookieNettyServer.java
+++
b/bookkeeper-server/src/main/java/org/apache/bookkeeper/proto/BookieNettyServer.java
@@ -372,6 +372,7 @@ class BookieNettyServer {
: new RejectRequestHandler();
pipeline.addLast("bookieRequestHandler", requestHandler);
+ pipeline.addLast("contextHandler", contextHandler);
}
});
diff --git
a/bookkeeper-server/src/test/java/org/apache/bookkeeper/tls/TestTLS.java
b/bookkeeper-server/src/test/java/org/apache/bookkeeper/tls/TestTLS.java
index 65cb7d1..1ba7f94 100644
--- a/bookkeeper-server/src/test/java/org/apache/bookkeeper/tls/TestTLS.java
+++ b/bookkeeper-server/src/test/java/org/apache/bookkeeper/tls/TestTLS.java
@@ -178,6 +178,21 @@ public class TestTLS extends BookKeeperClusterTestCase {
testClient(clientConf, numBookies);
}
+ /**
+ * Verify the basic use of TLS. TLS client, TLS servers with
LocalTransport.
+ */
+ @Test
+ public void testConnectToLocalTLSClusterTLSClient() throws Exception {
+ ServerConfiguration serverConf = new ServerConfiguration();
+ for (ServerConfiguration conf : bsConfs) {
+ conf.setDisableServerSocketBind(true);
+ conf.setEnableLocalTransport(true);
+ }
+ restartBookies(serverConf);
+
+ ClientConfiguration clientConf = new
ClientConfiguration(baseClientConf);
+ testClient(clientConf, numBookies);
+ }
/**
* Multiple clients, some with TLS, and some without TLS.
@@ -327,6 +342,30 @@ public class TestTLS extends BookKeeperClusterTestCase {
}
/**
+ * Verify that a bookie-side Auth plugin can access server certificates
over LocalTransport.
+ */
+ @Test
+ public void testBookieAuthPluginRequireClientTLSAuthenticationLocal()
throws Exception {
+ ServerConfiguration serverConf = new ServerConfiguration(baseConf);
+
serverConf.setBookieAuthProviderFactoryClass(AllowOnlyClientsWithX509Certificates.class.getName());
+ serverConf.setDisableServerSocketBind(true);
+ serverConf.setEnableLocalTransport(true);
+ restartBookies(serverConf);
+
+ secureBookieSideChannel = false;
+ secureBookieSideChannelPrincipals = null;
+ ClientConfiguration clientConf = new
ClientConfiguration(baseClientConf);
+
+ testClient(clientConf, numBookies);
+ assertTrue(secureBookieSideChannel);
+ assertNotNull(secureBookieSideChannelPrincipals);
+ assertTrue(!secureBookieSideChannelPrincipals.isEmpty());
+ assertTrue(secureBookieSideChannelPrincipals.iterator().next()
instanceof Certificate);
+ Certificate cert = (Certificate)
secureBookieSideChannelPrincipals.iterator().next();
+ assertTrue(cert instanceof X509Certificate);
+ }
+
+ /**
* Verify that a bookie-side Auth plugin can access server certificates.
*/
@Test
@@ -353,6 +392,34 @@ public class TestTLS extends BookKeeperClusterTestCase {
}
/**
+ * Verify that a bookie-side Auth plugin can access server certificates
over LocalTransport.
+ */
+ @Test
+ public void
testBookieAuthPluginDenyAccessToClientWithoutTLSAuthenticationLocal() throws
Exception {
+ ServerConfiguration serverConf = new ServerConfiguration(baseConf);
+ serverConf.setTLSClientAuthentication(false);
+
serverConf.setBookieAuthProviderFactoryClass(AllowOnlyClientsWithX509Certificates.class.getName());
+ serverConf.setDisableServerSocketBind(true);
+ serverConf.setEnableLocalTransport(true);
+ restartBookies(serverConf);
+
+ secureBookieSideChannel = false;
+ secureBookieSideChannelPrincipals = null;
+ ClientConfiguration clientConf = new
ClientConfiguration(baseClientConf);
+ clientConf.setTLSClientAuthentication(false);
+
+ try {
+ testClient(clientConf, numBookies);
+ fail("Shouldn't be able to connect");
+ } catch (BKException.BKUnauthorizedAccessException authFailed) {
+ }
+
+ assertTrue(secureBookieSideChannel);
+ assertNotNull(secureBookieSideChannelPrincipals);
+ assertTrue(secureBookieSideChannelPrincipals.isEmpty());
+ }
+
+ /**
* Verify that a bookie-side Auth plugin can access server certificates.
*/
@Test
--
To stop receiving notification emails like this one, please contact
['"[email protected]" <[email protected]>'].
