This is an automated email from the ASF dual-hosted git repository. echobravo pushed a commit to branch feature/GEODE-6833 in repository https://gitbox.apache.org/repos/asf/geode.git
commit 85feb52d986745dd20b8b244b563ab6b4fc66a8a Author: Ernest Burghardt <[email protected]> AuthorDate: Tue Jun 11 08:42:57 2019 -0600 GEODE-6833: Adding new test and test cert files. --- .../SSLDualServerNoClientAuthDUnitTest.java | 210 +++++++++++++++++++++ .../cache/client/internal/geodeserver1.keystore | Bin 0 -> 2389 bytes .../cache/client/internal/geodeserver1.truststore | Bin 0 -> 1770 bytes .../cache/client/internal/geodeserver2.keystore | Bin 0 -> 2389 bytes .../cache/client/internal/geodeserver2.truststore | Bin 0 -> 1770 bytes .../org/apache/geode/internal/tcp/Connection.java | 4 + 6 files changed, 214 insertions(+) diff --git a/geode-core/src/distributedTest/java/org/apache/geode/cache/client/internal/SSLDualServerNoClientAuthDUnitTest.java b/geode-core/src/distributedTest/java/org/apache/geode/cache/client/internal/SSLDualServerNoClientAuthDUnitTest.java new file mode 100644 index 0000000..581bae6 --- /dev/null +++ b/geode-core/src/distributedTest/java/org/apache/geode/cache/client/internal/SSLDualServerNoClientAuthDUnitTest.java @@ -0,0 +1,210 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license + * agreements. See the NOTICE file distributed with this work for additional information regarding + * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. You may obtain a + * copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + */ +package org.apache.geode.cache.client.internal; + +import static org.apache.geode.distributed.ConfigurationProperties.LOCATORS; +import static org.apache.geode.distributed.ConfigurationProperties.SSL_ENABLED_COMPONENTS; +import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE; +import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE_PASSWORD; +import static org.apache.geode.distributed.ConfigurationProperties.SSL_REQUIRE_AUTHENTICATION; +import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE; +import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE_PASSWORD; +import static org.apache.geode.test.dunit.VM.getVM; +import static org.apache.geode.test.util.ResourceUtils.createTempFileFromResource; +import static org.junit.Assert.assertEquals; + +import java.io.File; +import java.io.PrintWriter; +import java.io.StringWriter; +import java.util.Properties; + +import org.junit.After; +import org.junit.Before; +import org.junit.Test; +import org.junit.experimental.categories.Category; + +import org.apache.geode.cache.Cache; +import org.apache.geode.cache.CacheFactory; +import org.apache.geode.cache.Region; +import org.apache.geode.cache.RegionFactory; +import org.apache.geode.cache.RegionShortcut; +import org.apache.geode.distributed.Locator; +import org.apache.geode.test.dunit.VM; +import org.apache.geode.test.dunit.internal.JUnit4DistributedTestCase; +import org.apache.geode.test.junit.categories.MembershipTest; + +@Category(MembershipTest.class) +public class SSLDualServerNoClientAuthDUnitTest extends JUnit4DistributedTestCase { + + private Cache cache; + private int cacheServerPort; + private String hostName; + + private static final String SERVER_1_KEYSTORE = "geodeserver1.keystore"; + private static final String SERVER_1_TRUSTSTORE = "geodeserver1.truststore"; + + private static final String SERVER_2_KEYSTORE = "geodeserver2.keystore"; + private static final String SERVER_2_TRUSTSTORE = "geodeserver2.truststore"; + + + private static SSLDualServerNoClientAuthDUnitTest + instance = new SSLDualServerNoClientAuthDUnitTest(); + + @Before + public void setUp() { + disconnectAllFromDS(); + } + + @After + public void tearDown() { + VM serverVM = getVM(1); + VM server2VM = getVM(2); + VM locator = getVM(3); + + locator.invoke(() -> closeLocatorTask()); + server2VM.invoke(() -> closeCacheTask()); + serverVM.invoke(() -> closeCacheTask()); + } + + @Test + public void testSSLServerWithNoAuth() { + VM serverVM = getVM(1); + VM server2VM = getVM(2); + + VM locator = getVM(3); + + Integer locatorPort = locator.invoke(() -> {return setUpLocatorTask();}); + boolean cacheServerSslenabled = true; + + serverVM.invoke(() -> setUpServerVMTask(locatorPort)); + server2VM.invoke(() -> setUpServerVMTask(locatorPort)); + + server2VM.invoke(() -> doServerRegionTestTask()); + serverVM.invoke(() -> doServerRegionTestTask()); + } + + private void createCache(Properties props) throws Exception { + cache = new CacheFactory(props).create(); + if (cache == null) { + throw new Exception("CacheFactory.create() returned null "); + } + } + + private Integer setUpLocator() throws Exception { + Properties gemFireProps = new Properties(); + + String cacheServerSslprotocols = "any"; + String cacheServerSslciphers = "any"; + boolean cacheServerSslRequireAuth = false; + + System.setProperty("javax.net.debug", "all"); + + String keyStore = + createTempFileFromResource(SSLDualServerNoClientAuthDUnitTest.class, SERVER_1_KEYSTORE) + .getAbsolutePath(); + String trustStore = + createTempFileFromResource(SSLDualServerNoClientAuthDUnitTest.class, SERVER_1_TRUSTSTORE) + .getAbsolutePath(); + gemFireProps.setProperty(SSL_ENABLED_COMPONENTS, "cluster"); + gemFireProps.setProperty(SSL_REQUIRE_AUTHENTICATION, "" + cacheServerSslRequireAuth); + gemFireProps.setProperty(SSL_KEYSTORE, "" + keyStore); + gemFireProps.setProperty(SSL_KEYSTORE_PASSWORD, "password"); + gemFireProps.setProperty(SSL_TRUSTSTORE, "" + trustStore); + gemFireProps.setProperty(SSL_TRUSTSTORE_PASSWORD, "password"); + + StringWriter sw = new StringWriter(); + PrintWriter writer = new PrintWriter(sw); + gemFireProps.list(writer); + + Locator.startLocatorAndDS(0, new File(""), gemFireProps); + + return Locator.getLocator().getPort(); + } + + private void setUpAndConnectToDistributedSystem(Integer locatorPort) throws Exception { + Properties gemFireProps = new Properties(); + + String cacheServerSslprotocols = "any"; + String cacheServerSslciphers = "any"; + boolean cacheServerSslRequireAuth = false; + + System.setProperty("javax.net.debug", "all"); + String keyStore; + String trustStore; + if ( VM.getCurrentVMNum() == 1 ) { + keyStore = + createTempFileFromResource(SSLDualServerNoClientAuthDUnitTest.class, SERVER_1_KEYSTORE) + .getAbsolutePath(); + trustStore = + createTempFileFromResource(SSLDualServerNoClientAuthDUnitTest.class, + SERVER_1_TRUSTSTORE) + .getAbsolutePath(); + } else { + keyStore = + createTempFileFromResource(SSLDualServerNoClientAuthDUnitTest.class, SERVER_2_KEYSTORE) + .getAbsolutePath(); + trustStore = + createTempFileFromResource(SSLDualServerNoClientAuthDUnitTest.class, + SERVER_2_TRUSTSTORE) + .getAbsolutePath(); + } + gemFireProps.setProperty(SSL_ENABLED_COMPONENTS, "cluster"); + gemFireProps.setProperty(SSL_REQUIRE_AUTHENTICATION, "" + cacheServerSslRequireAuth); + gemFireProps.setProperty(SSL_KEYSTORE, "" + keyStore); + gemFireProps.setProperty(SSL_KEYSTORE_PASSWORD, "password"); + gemFireProps.setProperty(SSL_TRUSTSTORE, "" + trustStore); + gemFireProps.setProperty(SSL_TRUSTSTORE_PASSWORD, "password"); + + gemFireProps.setProperty(LOCATORS, "localhost[" + locatorPort + "]"); + + + StringWriter sw = new StringWriter(); + PrintWriter writer = new PrintWriter(sw); + gemFireProps.list(writer); + createCache(gemFireProps); + + RegionFactory factory = cache.createRegionFactory(RegionShortcut.REPLICATE); + Region r = factory.create("serverRegion"); + r.put("serverkey", "servervalue"); + } + + private void doServerRegionTest() { + Region<String, String> region = cache.getRegion("serverRegion"); + assertEquals("servervalue", region.get("serverkey")); + } + + private static Integer setUpLocatorTask() throws Exception{ + return instance.setUpLocator(); + } + + private static void setUpServerVMTask(Integer locatorPort) throws Exception { + instance.setUpAndConnectToDistributedSystem(locatorPort); + } + + private static void doServerRegionTestTask() { + instance.doServerRegionTest(); + } + + private static void closeCacheTask() { + if (instance != null && instance.cache != null) { + instance.cache.close(); + } + } + private static void closeLocatorTask() { + if (instance != null && instance.cache != null) { + Locator.getLocator().stop(); + } + } +} diff --git a/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver1.keystore b/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver1.keystore new file mode 100644 index 0000000..a476390 Binary files /dev/null and b/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver1.keystore differ diff --git a/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver1.truststore b/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver1.truststore new file mode 100644 index 0000000..b869598 Binary files /dev/null and b/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver1.truststore differ diff --git a/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver2.keystore b/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver2.keystore new file mode 100644 index 0000000..1b74b0d Binary files /dev/null and b/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver2.keystore differ diff --git a/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver2.truststore b/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver2.truststore new file mode 100644 index 0000000..18c7194 Binary files /dev/null and b/geode-core/src/distributedTest/resources/org/apache/geode/cache/client/internal/geodeserver2.truststore differ diff --git a/geode-core/src/main/java/org/apache/geode/internal/tcp/Connection.java b/geode-core/src/main/java/org/apache/geode/internal/tcp/Connection.java index a9cb8d9..215b04b 100644 --- a/geode-core/src/main/java/org/apache/geode/internal/tcp/Connection.java +++ b/geode-core/src/main/java/org/apache/geode/internal/tcp/Connection.java @@ -79,7 +79,9 @@ import org.apache.geode.internal.logging.LoggingThread; import org.apache.geode.internal.net.BufferPool; import org.apache.geode.internal.net.NioFilter; import org.apache.geode.internal.net.NioPlainEngine; +import org.apache.geode.internal.net.SSLConfigurationFactory; import org.apache.geode.internal.net.SocketCreator; +import org.apache.geode.internal.security.SecurableCommunicationChannel; import org.apache.geode.internal.tcp.MsgReader.Header; import org.apache.geode.internal.util.concurrent.ReentrantSemaphore; @@ -1835,6 +1837,8 @@ public class Connection implements Runnable { if (!clientSocket) { engine.setWantClientAuth(true); engine.setNeedClientAuth(true); +// engine.setNeedClientAuth(SSLConfigurationFactory.getSSLConfigForComponent(getConduit().config, +// SecurableCommunicationChannel.CLUSTER).isRequireAuth()); } int packetBufferSize = engine.getSession().getPacketBufferSize();
