Repository: geode Updated Branches: refs/heads/develop fcce2b0be -> 6267efea7
GEODE-3097: GFSH works over HTTP with SSL Project: http://git-wip-us.apache.org/repos/asf/geode/repo Commit: http://git-wip-us.apache.org/repos/asf/geode/commit/6267efea Tree: http://git-wip-us.apache.org/repos/asf/geode/tree/6267efea Diff: http://git-wip-us.apache.org/repos/asf/geode/diff/6267efea Branch: refs/heads/develop Commit: 6267efea719a62a51ce7d6c8fd3b43c5e10841f9 Parents: fcce2b0 Author: Jared Stewart <[email protected]> Authored: Tue Jun 20 10:32:46 2017 -0700 Committer: Jinmei Liao <[email protected]> Committed: Tue Jul 25 11:39:34 2017 -0700 ---------------------------------------------------------------------- .../internal/cli/commands/ShellCommands.java | 40 ++++--- .../ConnectToLocatorSSLDUnitTest.java | 115 ++++++------------ .../ConnectToLocatorWithLegacySSLDUnitTest.java | 118 +++++++++++++++++++ .../dunit/rules/GfshShellConnectionRule.java | 4 +- .../ConnectToLocatorSSLOverHttpTest.java | 43 +++++++ 5 files changed, 221 insertions(+), 99 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/geode/blob/6267efea/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ShellCommands.java ---------------------------------------------------------------------- diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ShellCommands.java b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ShellCommands.java index 2da95a7..d5e1b27 100644 --- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ShellCommands.java +++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ShellCommands.java @@ -19,6 +19,14 @@ import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_C import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_PROTOCOLS; import static org.apache.geode.distributed.ConfigurationProperties.LOCATORS; import static org.apache.geode.distributed.ConfigurationProperties.MCAST_PORT; +import static org.apache.geode.distributed.ConfigurationProperties.SSL_CIPHERS; +import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE; +import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE_PASSWORD; +import static org.apache.geode.distributed.ConfigurationProperties.SSL_PROTOCOLS; +import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE; +import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE_PASSWORD; +import static org.apache.geode.management.internal.cli.shell.Gfsh.SSL_ENABLED_CIPHERS; +import static org.apache.geode.management.internal.cli.shell.Gfsh.SSL_ENABLED_PROTOCOLS; import java.io.BufferedReader; import java.io.BufferedWriter; @@ -538,14 +546,14 @@ public class ShellCommands implements GfshCommand { } private void configureHttpsURLConnection(Map<String, String> sslConfigProps) throws Exception { - String keystoreToUse = sslConfigProps.get(Gfsh.SSL_KEYSTORE); - String keystorePasswordToUse = sslConfigProps.get(Gfsh.SSL_KEYSTORE_PASSWORD); - String truststoreToUse = sslConfigProps.get(Gfsh.SSL_TRUSTSTORE); - String truststorePasswordToUse = sslConfigProps.get(Gfsh.SSL_TRUSTSTORE_PASSWORD); + String keystoreToUse = sslConfigProps.get(SSL_KEYSTORE); + String keystorePasswordToUse = sslConfigProps.get(SSL_KEYSTORE_PASSWORD); + String truststoreToUse = sslConfigProps.get(SSL_TRUSTSTORE); + String truststorePasswordToUse = sslConfigProps.get(SSL_TRUSTSTORE_PASSWORD); // Ciphers are not passed to HttpsURLConnection. Could not find a clean way // to pass this attribute to socket layer (see #51645) - String sslCiphersToUse = sslConfigProps.get(CLUSTER_SSL_CIPHERS); - String sslProtocolsToUse = sslConfigProps.get(CLUSTER_SSL_PROTOCOLS); + String sslCiphersToUse = sslConfigProps.get(SSL_CIPHERS); + String sslProtocolsToUse = sslConfigProps.get(SSL_PROTOCOLS); // Commenting the code to set cipher suites in GFSH rest connect (see #51645) /* @@ -665,17 +673,17 @@ public class ShellCommands implements GfshCommand { if (keystoreToUse != null && keystoreToUse.length() > 0) { if (keystorePasswordToUse == null || keystorePasswordToUse.length() == 0) { // Check whether specified in gfsecurity props earlier - keystorePasswordToUse = sslConfigProps.get(Gfsh.SSL_KEYSTORE_PASSWORD); + keystorePasswordToUse = sslConfigProps.get(SSL_KEYSTORE_PASSWORD); if (keystorePasswordToUse == null || keystorePasswordToUse.length() == 0) { // not even in properties file, prompt user for it keystorePasswordToUse = gfshInstance.readPassword(CliStrings.CONNECT__KEY_STORE_PASSWORD + ": "); - sslConfigProps.put(Gfsh.SSL_KEYSTORE_PASSWORD, keystorePasswordToUse); + sslConfigProps.put(SSL_KEYSTORE_PASSWORD, keystorePasswordToUse); } } else {// For cases where password is already part of command option - sslConfigProps.put(Gfsh.SSL_KEYSTORE_PASSWORD, keystorePasswordToUse); + sslConfigProps.put(SSL_KEYSTORE_PASSWORD, keystorePasswordToUse); } - sslConfigProps.put(Gfsh.SSL_KEYSTORE, keystoreToUse); + sslConfigProps.put(SSL_KEYSTORE, keystoreToUse); } if (numTimesPrompted > 0) { @@ -684,17 +692,17 @@ public class ShellCommands implements GfshCommand { if (truststoreToUse != null && truststoreToUse.length() > 0) { if (truststorePasswordToUse == null || truststorePasswordToUse.length() == 0) { // Check whether specified in gfsecurity props earlier? - truststorePasswordToUse = sslConfigProps.get(Gfsh.SSL_TRUSTSTORE_PASSWORD); + truststorePasswordToUse = sslConfigProps.get(SSL_TRUSTSTORE_PASSWORD); if (truststorePasswordToUse == null || truststorePasswordToUse.length() == 0) { // not even in properties file, prompt user for it truststorePasswordToUse = gfshInstance.readPassword(CliStrings.CONNECT__TRUST_STORE_PASSWORD + ": "); - sslConfigProps.put(Gfsh.SSL_TRUSTSTORE_PASSWORD, truststorePasswordToUse); + sslConfigProps.put(SSL_TRUSTSTORE_PASSWORD, truststorePasswordToUse); } } else {// For cases where password is already part of command option - sslConfigProps.put(Gfsh.SSL_TRUSTSTORE_PASSWORD, truststorePasswordToUse); + sslConfigProps.put(SSL_TRUSTSTORE_PASSWORD, truststorePasswordToUse); } - sslConfigProps.put(Gfsh.SSL_TRUSTSTORE, truststoreToUse); + sslConfigProps.put(SSL_TRUSTSTORE, truststoreToUse); } if (numTimesPrompted > 0) { @@ -702,7 +710,7 @@ public class ShellCommands implements GfshCommand { } if (sslCiphersToUse != null && sslCiphersToUse.length() > 0) { // sslConfigProps.put(DistributionConfig.CLUSTER_SSL_CIPHERS_NAME, sslCiphersToUse); - sslConfigProps.put(Gfsh.SSL_ENABLED_CIPHERS, sslCiphersToUse); + sslConfigProps.put(SSL_ENABLED_CIPHERS, sslCiphersToUse); } if (numTimesPrompted > 0) { @@ -710,7 +718,7 @@ public class ShellCommands implements GfshCommand { } if (sslProtocolsToUse != null && sslProtocolsToUse.length() > 0) { // sslConfigProps.put(DistributionConfig.CLUSTER_SSL_PROTOCOLS_NAME, sslProtocolsToUse); - sslConfigProps.put(Gfsh.SSL_ENABLED_PROTOCOLS, sslProtocolsToUse); + sslConfigProps.put(SSL_ENABLED_PROTOCOLS, sslProtocolsToUse); } // SSL is required to be used but no SSL config found http://git-wip-us.apache.org/repos/asf/geode/blob/6267efea/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorSSLDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorSSLDUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorSSLDUnitTest.java index 844e032..866f4ef 100644 --- a/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorSSLDUnitTest.java +++ b/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorSSLDUnitTest.java @@ -14,18 +14,6 @@ */ package org.apache.geode.management; -import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_ENABLED; -import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_KEYSTORE; -import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_KEYSTORE_PASSWORD; -import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_KEYSTORE_TYPE; -import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_TRUSTSTORE; -import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_TRUSTSTORE_PASSWORD; -import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_ENABLED; -import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_KEYSTORE; -import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_KEYSTORE_PASSWORD; -import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_KEYSTORE_TYPE; -import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_TRUSTSTORE; -import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_TRUSTSTORE_PASSWORD; import static org.apache.geode.distributed.ConfigurationProperties.SSL_CIPHERS; import static org.apache.geode.distributed.ConfigurationProperties.SSL_ENABLED_COMPONENTS; import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE; @@ -33,9 +21,20 @@ import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE_ import static org.apache.geode.distributed.ConfigurationProperties.SSL_PROTOCOLS; import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE; import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE_PASSWORD; -import static org.apache.geode.internal.Assert.assertTrue; import static org.apache.geode.util.test.TestUtil.getResourcePath; +import java.io.File; +import java.io.FileOutputStream; +import java.io.OutputStream; +import java.util.Properties; + +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; +import org.junit.rules.RuleChain; +import org.junit.rules.TemporaryFolder; + import org.apache.geode.management.internal.cli.i18n.CliStrings; import org.apache.geode.security.SecurableCommunicationChannels; import org.apache.geode.test.dunit.Host; @@ -45,18 +44,6 @@ import org.apache.geode.test.dunit.rules.LocatorServerStartupRule; import org.apache.geode.test.dunit.rules.MemberVM; import org.apache.geode.test.junit.categories.DistributedTest; import org.apache.geode.test.junit.rules.serializable.SerializableTemporaryFolder; -import org.junit.After; -import org.junit.Before; -import org.junit.Rule; -import org.junit.Test; -import org.junit.experimental.categories.Category; -import org.junit.rules.RuleChain; -import org.junit.rules.TemporaryFolder; - -import java.io.File; -import java.io.FileOutputStream; -import java.io.OutputStream; -import java.util.Properties; @Category(DistributedTest.class) public class ConnectToLocatorSSLDUnitTest { @@ -66,88 +53,52 @@ public class ConnectToLocatorSSLDUnitTest { @Rule public RuleChain ruleChain = - RuleChain.outerRule(cleanupDUnitVMsRule).around(folder).around(lsRule); + RuleChain.outerRule(folder).around(cleanupDUnitVMsRule).around(lsRule); private File jks = null; - private File securityPropsFile = null; + protected File securityPropsFile = null; private Properties securityProps; + protected MemberVM locator; @Before public void before() throws Exception { - this.jks = new File(getResourcePath(getClass(), "/ssl/trusted.keystore")); + jks = new File(getResourcePath(getClass(), "/ssl/trusted.keystore")); securityPropsFile = folder.newFile("security.properties"); securityProps = new Properties(); } - @After - public void after() throws Exception { - securityPropsFile.delete(); - } - - private void setUpLocatorAndConnect(Properties securityProps) throws Exception { - MemberVM locator = lsRule.startLocatorVM(0, securityProps); - - // saving the securityProps to a file - OutputStream out = new FileOutputStream(securityPropsFile); - securityProps.store(out, null); - - - /* - * When using SSL, the GfshShellConnectionRule seems to leave behind state in the JVM that - * causes test flakinesss. (Each test method will pass if run in isolation, but when all run - * together, the second and third tests will fail.) To avoid this issue, we connect to our - * locator from a remote VM which is cleaned up by the CleanupDUnitVMsRule in between tests. - */ - + protected void connect() throws Exception { final int locatorPort = locator.getPort(); final String securityPropsFilePath = securityPropsFile.getCanonicalPath(); + + // when gfsh uses SSL, it leaves SSL state behind to contaminate other tests. So we pushed + // gfsh into a VM and uses a CleanupDUnitVM rule to clean it up after each test. Host.getHost(0).getVM(1).invoke(() -> { GfshShellConnectionRule gfshConnector = new GfshShellConnectionRule(); - try { - gfshConnector.connectAndVerify(locatorPort, GfshShellConnectionRule.PortType.locator, - CliStrings.CONNECT__SECURITY_PROPERTIES, securityPropsFilePath); - } finally { - gfshConnector.close(); - } + gfshConnector.connectAndVerify(locatorPort, GfshShellConnectionRule.PortType.locator, + CliStrings.CONNECT__SECURITY_PROPERTIES, securityPropsFilePath); + gfshConnector.executeAndVerifyCommand("list members"); + gfshConnector.close(); }); + } @Test - public void testConnectToLocatorWithSSLJMX() throws Exception { - securityProps.setProperty(SSL_ENABLED_COMPONENTS, SecurableCommunicationChannels.JMX); + public void testConnectToLocator_withSSL() throws Exception { + securityProps.setProperty(SSL_ENABLED_COMPONENTS, SecurableCommunicationChannels.ALL); securityProps.setProperty(SSL_KEYSTORE, jks.getCanonicalPath()); securityProps.setProperty(SSL_KEYSTORE_PASSWORD, "password"); - // securityProps.setProperty(SSL_KEYSTORE_TYPE, "JKS"); securityProps.setProperty(SSL_TRUSTSTORE, jks.getCanonicalPath()); securityProps.setProperty(SSL_TRUSTSTORE_PASSWORD, "password"); securityProps.setProperty(SSL_PROTOCOLS, "TLSv1.2"); securityProps.setProperty(SSL_CIPHERS, "any"); - setUpLocatorAndConnect(securityProps); - } - - @Test - public void testConnectToLocatorWithLegacyClusterSSL() throws Exception { - securityProps.setProperty(CLUSTER_SSL_ENABLED, "true"); - securityProps.setProperty(CLUSTER_SSL_KEYSTORE, jks.getCanonicalPath()); - securityProps.setProperty(CLUSTER_SSL_KEYSTORE_PASSWORD, "password"); - securityProps.setProperty(CLUSTER_SSL_KEYSTORE_TYPE, "JKS"); - securityProps.setProperty(CLUSTER_SSL_TRUSTSTORE, jks.getCanonicalPath()); - securityProps.setProperty(CLUSTER_SSL_TRUSTSTORE_PASSWORD, "password"); - - setUpLocatorAndConnect(securityProps); - } - - @Test - public void testConnectToLocatorWithLegacyJMXSSL() throws Exception { - securityProps.setProperty(JMX_MANAGER_SSL_ENABLED, "true"); - securityProps.setProperty(JMX_MANAGER_SSL_KEYSTORE, jks.getCanonicalPath()); - securityProps.setProperty(JMX_MANAGER_SSL_KEYSTORE_PASSWORD, "password"); - securityProps.setProperty(JMX_MANAGER_SSL_KEYSTORE_TYPE, "JKS"); - securityProps.setProperty(JMX_MANAGER_SSL_TRUSTSTORE, jks.getCanonicalPath()); - securityProps.setProperty(JMX_MANAGER_SSL_TRUSTSTORE_PASSWORD, "password"); + // start up the locator + locator = lsRule.startLocatorVM(0, securityProps); + // saving the securityProps to a file + OutputStream out = new FileOutputStream(securityPropsFile); + securityProps.store(out, null); - setUpLocatorAndConnect(securityProps); + connect(); } - } http://git-wip-us.apache.org/repos/asf/geode/blob/6267efea/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorWithLegacySSLDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorWithLegacySSLDUnitTest.java b/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorWithLegacySSLDUnitTest.java new file mode 100644 index 0000000..d7db489 --- /dev/null +++ b/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorWithLegacySSLDUnitTest.java @@ -0,0 +1,118 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.management; + +import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_ENABLED; +import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_KEYSTORE; +import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_KEYSTORE_PASSWORD; +import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_KEYSTORE_TYPE; +import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_TRUSTSTORE; +import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_TRUSTSTORE_PASSWORD; +import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_ENABLED; +import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_KEYSTORE; +import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_KEYSTORE_PASSWORD; +import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_KEYSTORE_TYPE; +import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_TRUSTSTORE; +import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_TRUSTSTORE_PASSWORD; +import static org.apache.geode.util.test.TestUtil.getResourcePath; + +import java.io.File; +import java.io.FileOutputStream; +import java.io.OutputStream; +import java.util.Properties; + +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.experimental.categories.Category; +import org.junit.rules.RuleChain; +import org.junit.rules.TemporaryFolder; + +import org.apache.geode.management.internal.cli.i18n.CliStrings; +import org.apache.geode.test.dunit.Host; +import org.apache.geode.test.dunit.rules.CleanupDUnitVMsRule; +import org.apache.geode.test.dunit.rules.GfshShellConnectionRule; +import org.apache.geode.test.dunit.rules.LocatorServerStartupRule; +import org.apache.geode.test.dunit.rules.MemberVM; +import org.apache.geode.test.junit.categories.DistributedTest; +import org.apache.geode.test.junit.rules.serializable.SerializableTemporaryFolder; + +@Category(DistributedTest.class) +public class ConnectToLocatorWithLegacySSLDUnitTest { + private TemporaryFolder folder = new SerializableTemporaryFolder(); + private LocatorServerStartupRule lsRule = new LocatorServerStartupRule(); + private CleanupDUnitVMsRule cleanupDUnitVMsRule = new CleanupDUnitVMsRule(); + + @Rule + public RuleChain ruleChain = + RuleChain.outerRule(folder).around(cleanupDUnitVMsRule).around(lsRule); + + private File jks = null; + protected File securityPropsFile = null; + private Properties securityProps; + protected MemberVM locator; + + @Before + public void before() throws Exception { + jks = new File(getResourcePath(getClass(), "/ssl/trusted.keystore")); + securityPropsFile = folder.newFile("security.properties"); + securityProps = new Properties(); + } + + protected void startUpLocatorAndConnect(Properties properties) throws Exception { + locator = lsRule.startLocatorVM(0, securityProps); + // saving the securityProps to a file + OutputStream out = new FileOutputStream(securityPropsFile); + securityProps.store(out, null); + + final int locatorPort = locator.getPort(); + final String securityPropsFilePath = securityPropsFile.getCanonicalPath(); + + // when gfsh uses SSL, it leaves SSL state behind to contaminate other tests. So we pushed + // gfsh into a VM and uses a CleanupDUnitVM rule to clean it up after each test. + Host.getHost(0).getVM(1).invoke(() -> { + GfshShellConnectionRule gfshConnector = new GfshShellConnectionRule(); + gfshConnector.connectAndVerify(locatorPort, GfshShellConnectionRule.PortType.locator, + CliStrings.CONNECT__SECURITY_PROPERTIES, securityPropsFilePath); + gfshConnector.executeAndVerifyCommand("list members"); + gfshConnector.close(); + }); + } + + @Test + public void testConnectToLocator_withLegacyClusterSSL() throws Exception { + securityProps.setProperty(CLUSTER_SSL_ENABLED, "true"); + securityProps.setProperty(CLUSTER_SSL_KEYSTORE, jks.getCanonicalPath()); + securityProps.setProperty(CLUSTER_SSL_KEYSTORE_PASSWORD, "password"); + securityProps.setProperty(CLUSTER_SSL_KEYSTORE_TYPE, "JKS"); + securityProps.setProperty(CLUSTER_SSL_TRUSTSTORE, jks.getCanonicalPath()); + securityProps.setProperty(CLUSTER_SSL_TRUSTSTORE_PASSWORD, "password"); + + startUpLocatorAndConnect(securityProps); + } + + @Test + public void testConnectToLocator_withLegacyJMXManagerSSL() throws Exception { + securityProps.setProperty(JMX_MANAGER_SSL_ENABLED, "true"); + securityProps.setProperty(JMX_MANAGER_SSL_KEYSTORE, jks.getCanonicalPath()); + securityProps.setProperty(JMX_MANAGER_SSL_KEYSTORE_PASSWORD, "password"); + securityProps.setProperty(JMX_MANAGER_SSL_KEYSTORE_TYPE, "JKS"); + securityProps.setProperty(JMX_MANAGER_SSL_TRUSTSTORE, jks.getCanonicalPath()); + securityProps.setProperty(JMX_MANAGER_SSL_TRUSTSTORE_PASSWORD, "password"); + + startUpLocatorAndConnect(securityProps); + } + +} http://git-wip-us.apache.org/repos/asf/geode/blob/6267efea/geode-core/src/test/java/org/apache/geode/test/dunit/rules/GfshShellConnectionRule.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/org/apache/geode/test/dunit/rules/GfshShellConnectionRule.java b/geode-core/src/test/java/org/apache/geode/test/dunit/rules/GfshShellConnectionRule.java index df371d2..e7f17ef 100644 --- a/geode-core/src/test/java/org/apache/geode/test/dunit/rules/GfshShellConnectionRule.java +++ b/geode-core/src/test/java/org/apache/geode/test/dunit/rules/GfshShellConnectionRule.java @@ -225,7 +225,9 @@ public class GfshShellConnectionRule extends DescribedExternalResource { public CommandResult executeAndVerifyCommand(String command) throws Exception { CommandResult result = executeCommand(command); - assertThat(result.getStatus()).isEqualTo(Result.Status.OK); + assertThat(result.getStatus()) + .describedAs("Failure in command: " + command + "\n Result " + result) + .isEqualTo(Result.Status.OK); return result; } http://git-wip-us.apache.org/repos/asf/geode/blob/6267efea/geode-web/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectToLocatorSSLOverHttpTest.java ---------------------------------------------------------------------- diff --git a/geode-web/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectToLocatorSSLOverHttpTest.java b/geode-web/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectToLocatorSSLOverHttpTest.java new file mode 100644 index 0000000..e5b8d25 --- /dev/null +++ b/geode-web/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectToLocatorSSLOverHttpTest.java @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ + +package org.apache.geode.management.internal.cli.commands; + +import javax.net.ssl.HttpsURLConnection; + +import org.apache.geode.management.ConnectToLocatorSSLDUnitTest; +import org.apache.geode.management.internal.cli.i18n.CliStrings; +import org.apache.geode.test.dunit.Host; +import org.apache.geode.test.dunit.rules.GfshShellConnectionRule; + +public class ConnectToLocatorSSLOverHttpTest extends ConnectToLocatorSSLDUnitTest { + + protected void connect() throws Exception { + final int httpPort = locator.getHttpPort(); + final String securityPropsFilePath = securityPropsFile.getCanonicalPath(); + Host.getHost(0).getVM(1).invoke(() -> { + // Our SSL certificate used for tests does not match the hostname "localhost" + HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> true); + + GfshShellConnectionRule gfshConnector = new GfshShellConnectionRule(); + gfshConnector.connectAndVerify(httpPort, GfshShellConnectionRule.PortType.http, + CliStrings.CONNECT__SECURITY_PROPERTIES, securityPropsFilePath, + CliStrings.CONNECT__USE_SSL, "true"); + gfshConnector.executeAndVerifyCommand("list members"); + gfshConnector.close(); + }); + } +} +
