Tests are passing
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/4f6a5311 Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/4f6a5311 Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/4f6a5311 Branch: refs/heads/feature/GEODE-693 Commit: 4f6a5311f17b6014532fd9743d59e45ce0c0c7af Parents: 5a321ff Author: Kirk Lund <[email protected]> Authored: Mon Mar 28 15:48:20 2016 -0700 Committer: Kirk Lund <[email protected]> Committed: Mon Mar 28 15:48:20 2016 -0700 ---------------------------------------------------------------------- .../controllers/RestAPIsWithSSLDUnitTest.java | 1 + .../security/ClientAuthenticationDUnitTest.java | 888 +------- .../ClientAuthenticationPart2DUnitTest.java | 96 +- .../security/ClientAuthenticationTestCase.java | 574 +++++ .../security/ClientAuthenticationUtils.java | 94 + .../security/ClientAuthorizationDUnitTest.java | 34 +- .../security/ClientAuthorizationTestBase.java | 759 +++---- .../security/ClientMultiUserAuthzDUnitTest.java | 180 +- .../DeltaClientAuthorizationDUnitTest.java | 295 +-- .../DeltaClientPostAuthorizationDUnitTest.java | 625 ++---- .../security/P2PAuthenticationDUnitTest.java | 657 +++--- .../gemfire/security/SecurityTestUtil.java | 2011 +++++++++--------- .../ClientAuthorizationTwoDUnitTest.java | 25 +- .../security/ClientAuthzObjectModDUnitTest.java | 38 +- .../ClientCQPostAuthorizationDUnitTest.java | 183 +- .../ClientPostAuthorizationDUnitTest.java | 218 +- .../gemfire/security/MultiuserAPIDUnitTest.java | 38 +- .../MultiuserDurableCQAuthzDUnitTest.java | 77 +- 18 files changed, 2875 insertions(+), 3918 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/4f6a5311/geode-assembly/src/test/java/com/gemstone/gemfire/rest/internal/web/controllers/RestAPIsWithSSLDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-assembly/src/test/java/com/gemstone/gemfire/rest/internal/web/controllers/RestAPIsWithSSLDUnitTest.java b/geode-assembly/src/test/java/com/gemstone/gemfire/rest/internal/web/controllers/RestAPIsWithSSLDUnitTest.java index 852591f..2217ecc 100644 --- a/geode-assembly/src/test/java/com/gemstone/gemfire/rest/internal/web/controllers/RestAPIsWithSSLDUnitTest.java +++ b/geode-assembly/src/test/java/com/gemstone/gemfire/rest/internal/web/controllers/RestAPIsWithSSLDUnitTest.java @@ -92,6 +92,7 @@ public class RestAPIsWithSSLDUnitTest extends LocatorTestBase { @Override public final void preSetUp() throws Exception { disconnectAllFromDS(); + // add ignoredexception } @Override http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/4f6a5311/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationDUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationDUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationDUnitTest.java index 456a6ed..1744c15 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationDUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationDUnitTest.java @@ -18,885 +18,77 @@ */ package com.gemstone.gemfire.security; -import java.io.IOException; -import java.util.Properties; - -import javax.net.ssl.SSLException; -import javax.net.ssl.SSLHandshakeException; +import static com.gemstone.gemfire.security.SecurityTestUtil.*; +import static com.gemstone.gemfire.test.dunit.Assert.*; -import com.gemstone.gemfire.security.generator.CredentialGenerator; -import com.gemstone.gemfire.security.generator.CredentialGenerator.ClassCode; +import java.util.Properties; import com.gemstone.gemfire.cache.Region; import com.gemstone.gemfire.distributed.internal.DistributionConfig; -import com.gemstone.gemfire.internal.AvailablePort; -import com.gemstone.gemfire.security.generator.DummyCredentialGenerator; -import com.gemstone.gemfire.test.dunit.DistributedTestCase; -import com.gemstone.gemfire.test.dunit.Host; -import com.gemstone.gemfire.test.dunit.IgnoredException; -import com.gemstone.gemfire.test.dunit.LogWriterUtils; -import com.gemstone.gemfire.test.dunit.VM; -import com.gemstone.gemfire.test.dunit.Wait; +import com.gemstone.gemfire.test.junit.categories.DistributedTest; +import org.junit.Ignore; +import org.junit.Test; +import org.junit.experimental.categories.Category; /** * Test for authentication from client to server. This tests for both valid and * invalid credentials/modules. It also checks for authentication * success/failure in case of failover and for the notification channel. * - * @author sumedh * @since 5.5 */ -public class ClientAuthenticationDUnitTest extends DistributedTestCase { - - /** constructor */ - public ClientAuthenticationDUnitTest(String name) { - super(name); - } - - private VM server1 = null; - - private VM server2 = null; - - private VM client1 = null; - - private VM client2 = null; - - private static final String[] serverExpectedExceptions = { - AuthenticationRequiredException.class.getName(), - AuthenticationFailedException.class.getName(), - GemFireSecurityException.class.getName(), - ClassNotFoundException.class.getName(), IOException.class.getName(), - SSLException.class.getName(), SSLHandshakeException.class.getName() }; - - private static final String[] clientExpectedExceptions = { - AuthenticationRequiredException.class.getName(), - AuthenticationFailedException.class.getName(), - SSLHandshakeException.class.getName() }; - - @Override - public final void postSetUp() throws Exception { - final Host host = Host.getHost(0); - server1 = host.getVM(0); - server2 = host.getVM(1); - client1 = host.getVM(2); - client2 = host.getVM(3); - - IgnoredException.addIgnoredException("Connection refused: connect"); - - server1.invoke(() -> SecurityTestUtil.registerExpectedExceptions( serverExpectedExceptions )); - server2.invoke(() -> SecurityTestUtil.registerExpectedExceptions( serverExpectedExceptions )); - client1.invoke(() -> SecurityTestUtil.registerExpectedExceptions( clientExpectedExceptions )); - client2.invoke(() -> SecurityTestUtil.registerExpectedExceptions( clientExpectedExceptions )); - } - - // Region: Utility and static functions invoked by the tests - - public static Integer createCacheServer(Object dsPort, Object locatorString, - Object authenticator, Object extraProps, Object javaProps) { - - Properties authProps; - if (extraProps == null) { - authProps = new Properties(); - } - else { - authProps = (Properties)extraProps; - } - if (authenticator != null) { - authProps.setProperty( - DistributionConfig.SECURITY_CLIENT_AUTHENTICATOR_NAME, authenticator - .toString()); - } - return SecurityTestUtil.createCacheServer(authProps, javaProps, - (Integer)dsPort, (String)locatorString, null, new Integer( - SecurityTestUtil.NO_EXCEPTION)); - } - - public static void createCacheServer(Object dsPort, Object locatorString, - Integer serverPort, Object authenticator, Object extraProps, - Object javaProps) { - - Properties authProps; - if (extraProps == null) { - authProps = new Properties(); - } - else { - authProps = (Properties)extraProps; - } - if (authenticator != null) { - authProps.setProperty( - DistributionConfig.SECURITY_CLIENT_AUTHENTICATOR_NAME, authenticator - .toString()); - } - SecurityTestUtil.createCacheServer(authProps, javaProps, (Integer)dsPort, - (String)locatorString, serverPort, new Integer( - SecurityTestUtil.NO_EXCEPTION)); - } - - private static void createCacheClient(Object authInit, Properties authProps, - Properties javaProps, Integer[] ports, Object numConnections, - Boolean multiUserMode, Boolean subscriptionEnabled, Integer expectedResult) { - - String authInitStr = (authInit == null ? null : authInit.toString()); - SecurityTestUtil.createCacheClient(authInitStr, authProps, javaProps, - ports, (Integer)numConnections, Boolean.FALSE, - multiUserMode.toString(), subscriptionEnabled, expectedResult); - } - - public static void createCacheClient(Object authInit, Object authProps, - Object javaProps, Integer[] ports, Object numConnections, - Boolean multiUserMode, Integer expectedResult) { - - createCacheClient(authInit, (Properties)authProps, (Properties)javaProps, - ports, numConnections, multiUserMode, Boolean.TRUE, expectedResult); - } - - public static void createCacheClient(Object authInit, Object authProps, - Object javaProps, Integer port1, Object numConnections, - Integer expectedResult) { - - createCacheClient(authInit, (Properties)authProps, (Properties)javaProps, - new Integer[] { port1 }, numConnections, Boolean.FALSE, Boolean.TRUE, - expectedResult); - } - - public static void createCacheClient(Object authInit, Object authProps, - Object javaProps, Integer port1, Integer port2, Object numConnections, - Integer expectedResult) { - createCacheClient(authInit, authProps, javaProps, port1, port2, - numConnections, Boolean.FALSE, expectedResult); - } - - public static void createCacheClient(Object authInit, Object authProps, - Object javaProps, Integer port1, Integer port2, Object numConnections, - Boolean multiUserMode, Integer expectedResult) { - - createCacheClient(authInit, authProps, javaProps, - port1, port2, numConnections, multiUserMode, Boolean.TRUE, - expectedResult); - } - - public static void createCacheClient(Object authInit, Object authProps, - Object javaProps, Integer port1, Integer port2, Object numConnections, - Boolean multiUserMode, Boolean subscriptionEnabled, - Integer expectedResult) { - - createCacheClient(authInit, (Properties)authProps, (Properties)javaProps, - new Integer[] { port1, port2 }, numConnections, multiUserMode, - subscriptionEnabled, expectedResult); - } - - public static void registerAllInterest() { - - Region region = SecurityTestUtil.getCache().getRegion( - SecurityTestUtil.regionName); - assertNotNull(region); - region.registerInterestRegex(".*"); - } - - // End Region: Utility and static functions invoked by the tests - - // Region: Tests - - public void testValidCredentials() { - itestValidCredentials(Boolean.FALSE); - } - - public void itestValidCredentials(Boolean multiUser) { - CredentialGenerator gen = new DummyCredentialGenerator(); - Properties extraProps = gen.getSystemProperties(); - Properties javaProps = gen.getJavaProperties(); - String authenticator = gen.getAuthenticator(); - String authInit = gen.getAuthInit(); - - LogWriterUtils.getLogWriter().info( - "testValidCredentials: Using scheme: " + gen.classCode()); - LogWriterUtils.getLogWriter().info( - "testValidCredentials: Using authenticator: " + authenticator); - LogWriterUtils.getLogWriter().info("testValidCredentials: Using authinit: " + authInit); - - // Start the servers - Integer locPort1 = SecurityTestUtil.getLocatorPort(); - Integer locPort2 = SecurityTestUtil.getLocatorPort(); - String locString = SecurityTestUtil.getLocatorString(); - Integer port1 = (Integer)server1.invoke(() -> ClientAuthenticationDUnitTest.createCacheServer( locPort1, locString, authenticator, extraProps, - javaProps )); - Integer port2 = (Integer)server2.invoke(() -> ClientAuthenticationDUnitTest.createCacheServer( locPort2, locString, authenticator, extraProps, - javaProps )); - - // Start the clients with valid credentials - Properties credentials1 = gen.getValidCredentials(1); - Properties javaProps1 = gen.getJavaProperties(); - LogWriterUtils.getLogWriter().info( - "testValidCredentials: For first client credentials: " + credentials1 - + " : " + javaProps1); - Properties credentials2 = gen.getValidCredentials(2); - Properties javaProps2 = gen.getJavaProperties(); - LogWriterUtils.getLogWriter().info( - "testValidCredentials: For second client credentials: " - + credentials2 + " : " + javaProps2); - createClientsNoException(multiUser, authInit, port1, port2, credentials1, - javaProps1, credentials2, javaProps2); - - // Perform some put operations from client1 - client1.invoke(() -> SecurityTestUtil.doPuts( new Integer(2) )); - - // Verify that the puts succeeded - client2.invoke(() -> SecurityTestUtil.doGets( new Integer(2) )); - - if (multiUser) { - client1.invoke(() -> SecurityTestUtil.doProxyCacheClose()); - client2.invoke(() -> SecurityTestUtil.doProxyCacheClose()); - client1.invoke(() -> SecurityTestUtil.doSimplePut("CacheClosedException")); - client2.invoke(() -> SecurityTestUtil.doSimpleGet("CacheClosedException")); - } - } - - public void testNoCredentials() { - itestNoCredentials(Boolean.FALSE); - } - - public void itestNoCredentials(Boolean multiUser) { - CredentialGenerator gen = new DummyCredentialGenerator(); - Properties extraProps = gen.getSystemProperties(); - Properties javaProps = gen.getJavaProperties(); - String authenticator = gen.getAuthenticator(); - String authInit = gen.getAuthInit(); - - LogWriterUtils.getLogWriter() - .info("testNoCredentials: Using scheme: " + gen.classCode()); - LogWriterUtils.getLogWriter().info( - "testNoCredentials: Using authenticator: " + authenticator); - LogWriterUtils.getLogWriter().info("testNoCredentials: Using authinit: " + authInit); - - // Start the servers - Integer locPort1 = SecurityTestUtil.getLocatorPort(); - Integer locPort2 = SecurityTestUtil.getLocatorPort(); - String locString = SecurityTestUtil.getLocatorString(); - Integer port1 = createServer1(extraProps, javaProps, authenticator, - locPort1, locString); - Integer port2 = ((Integer)server2.invoke(() -> ClientAuthenticationDUnitTest.createCacheServer( locPort2, locString, authenticator, extraProps, - javaProps ))); - - // Start first client with valid credentials - Properties credentials1 = gen.getValidCredentials(1); - Properties javaProps1 = gen.getJavaProperties(); - LogWriterUtils.getLogWriter().info( - "testNoCredentials: For first client credentials: " + credentials1 - + " : " + javaProps1); - createClient1NoException(multiUser, authInit, port1, port2, credentials1, - javaProps1); - - // Perform some put operations from client1 - client1.invoke(() -> SecurityTestUtil.doPuts( new Integer(2) )); - - // Trying to create the region on client2 - if (gen.classCode().equals(ClassCode.SSL)) { - // For SSL the exception may not come since the server can close socket - // before handshake message is sent from client. However exception - // should come in any region operations. - client2 - .invoke(() -> ClientAuthenticationDUnitTest.createCacheClient( null, null, null, port1, port2, null, multiUser, - new Integer(SecurityTestUtil.NO_EXCEPTION) )); - client2.invoke(() -> SecurityTestUtil.doPuts( - new Integer(2), new Integer(SecurityTestUtil.OTHER_EXCEPTION) )); - } - else { - client2.invoke(() -> ClientAuthenticationDUnitTest.createCacheClient( null, null, null, port1, port2, - null, multiUser, new Integer(SecurityTestUtil.AUTHREQ_EXCEPTION) )); - } - } - - public void testInvalidCredentials() { - itestInvalidCredentials(Boolean.FALSE); - } - - public void itestInvalidCredentials(Boolean multiUser) { - - - CredentialGenerator gen = new DummyCredentialGenerator(); - Properties extraProps = gen.getSystemProperties(); - Properties javaProps = gen.getJavaProperties(); - String authenticator = gen.getAuthenticator(); - String authInit = gen.getAuthInit(); - - LogWriterUtils.getLogWriter().info( - "testInvalidCredentials: Using scheme: " + gen.classCode()); - LogWriterUtils.getLogWriter().info( - "testInvalidCredentials: Using authenticator: " + authenticator); - LogWriterUtils.getLogWriter() - .info("testInvalidCredentials: Using authinit: " + authInit); - - // Start the servers - Integer locPort1 = SecurityTestUtil.getLocatorPort(); - Integer locPort2 = SecurityTestUtil.getLocatorPort(); - String locString = SecurityTestUtil.getLocatorString(); - Integer port1 = createServer1(extraProps, javaProps, authenticator, - locPort1, locString); - Integer port2 = ((Integer)server2.invoke(() -> ClientAuthenticationDUnitTest.createCacheServer( locPort2, locString, authenticator, extraProps, - javaProps ))); - - // Start first client with valid credentials - Properties credentials1 = gen.getValidCredentials(1); - Properties javaProps1 = gen.getJavaProperties(); - LogWriterUtils.getLogWriter().info( - "testInvalidCredentials: For first client credentials: " - + credentials1 + " : " + javaProps1); - createClient1NoException(multiUser, authInit, port1, port2, credentials1, - javaProps1); - - // Perform some put operations from client1 - client1.invoke(() -> SecurityTestUtil.doPuts( new Integer(2) )); - - // Start second client with invalid credentials - // Trying to create the region on client2 should throw a security - // exception - Properties credentials2 = gen.getInvalidCredentials(1); - Properties javaProps2 = gen.getJavaProperties(); - LogWriterUtils.getLogWriter().info( - "testInvalidCredentials: For second client credentials: " - + credentials2 + " : " + javaProps2); - client2.invoke(() -> ClientAuthenticationDUnitTest.createCacheClient( authInit, credentials2, javaProps2, port1, port2, - null, multiUser, new Integer(SecurityTestUtil.AUTHFAIL_EXCEPTION) )); - } - - public void testInvalidAuthInit() { - itestInvalidAuthInit(Boolean.FALSE); - } +@Category(DistributedTest.class) +public class ClientAuthenticationDUnitTest extends ClientAuthenticationTestCase { - public void itestInvalidAuthInit(Boolean multiUser) { - - CredentialGenerator gen = new DummyCredentialGenerator(); - Properties extraProps = gen.getSystemProperties(); - Properties javaProps = gen.getJavaProperties(); - String authenticator = gen.getAuthenticator(); - - LogWriterUtils.getLogWriter().info( - "testInvalidAuthInit: Using scheme: " + gen.classCode()); - LogWriterUtils.getLogWriter().info( - "testInvalidAuthInit: Using authenticator: " + authenticator); - - // Start the server - Integer locPort1 = SecurityTestUtil.getLocatorPort(); - String locString = SecurityTestUtil.getLocatorString(); - Integer port1 = createServer1(extraProps, javaProps, authenticator, - locPort1, locString); - - Properties credentials = gen.getValidCredentials(1); - javaProps = gen.getJavaProperties(); - LogWriterUtils.getLogWriter().info( - "testInvalidAuthInit: For first client credentials: " + credentials - + " : " + javaProps); - client1.invoke(ClientAuthenticationDUnitTest.class, "createCacheClient", - new Object[] { "com.gemstone.none", credentials, javaProps, - new Integer[] { port1 }, null, multiUser, - Integer.valueOf(SecurityTestUtil.AUTHREQ_EXCEPTION) }); - } - - protected Integer createServer1(Properties extraProps, Properties javaProps, - String authenticator, Integer locPort1, String locString) { - Integer port1 = ((Integer)server1.invoke(() -> ClientAuthenticationDUnitTest.createCacheServer( locPort1, locString, authenticator, extraProps, - javaProps ))); - return port1; - } - - public void testNoAuthInitWithCredentials() { - itestNoAuthInitWithCredentials(Boolean.FALSE); - } - - public void itestNoAuthInitWithCredentials(Boolean multiUser) { - - CredentialGenerator gen = new DummyCredentialGenerator(); - Properties extraProps = gen.getSystemProperties(); - Properties javaProps = gen.getJavaProperties(); - String authenticator = gen.getAuthenticator(); - - - LogWriterUtils.getLogWriter().info( - "testNoAuthInitWithCredentials: Using scheme: " + gen.classCode()); - LogWriterUtils.getLogWriter().info( - "testNoAuthInitWithCredentials: Using authenticator: " - + authenticator); - - // Start the servers - Integer locPort1 = SecurityTestUtil.getLocatorPort(); - Integer locPort2 = SecurityTestUtil.getLocatorPort(); - String locString = SecurityTestUtil.getLocatorString(); - Integer port1 = createServer1(extraProps, javaProps, authenticator, - locPort1, locString); - Integer port2 = ((Integer)server2.invoke(() -> ClientAuthenticationDUnitTest.createCacheServer( locPort2, locString, authenticator, extraProps, - javaProps ))); - - // Start the clients with valid credentials - Properties credentials1 = gen.getValidCredentials(1); - Properties javaProps1 = gen.getJavaProperties(); - LogWriterUtils.getLogWriter().info( - "testNoAuthInitWithCredentials: For first client credentials: " - + credentials1 + " : " + javaProps1); - Properties credentials2 = gen.getValidCredentials(2); - Properties javaProps2 = gen.getJavaProperties(); - LogWriterUtils.getLogWriter().info( - "testNoAuthInitWithCredentials: For second client credentials: " - + credentials2 + " : " + javaProps2); - client1.invoke(() -> ClientAuthenticationDUnitTest.createCacheClient( null, credentials1, javaProps1, port1, port2, null, - multiUser, new Integer(SecurityTestUtil.AUTHREQ_EXCEPTION) )); - client2.invoke(() -> ClientAuthenticationDUnitTest.createCacheClient( null, credentials2, javaProps2, port1, port2, null, - multiUser, new Integer(SecurityTestUtil.AUTHREQ_EXCEPTION) )); - client2.invoke(() -> SecurityTestUtil.closeCache()); - - - // Now also try with invalid credentials - Properties credentials3 = gen.getInvalidCredentials(5); - Properties javaProps3 = gen.getJavaProperties(); - client2.invoke(() -> ClientAuthenticationDUnitTest.createCacheClient( null, credentials3, javaProps3, port1, port2, null, - multiUser, new Integer(SecurityTestUtil.AUTHREQ_EXCEPTION) )); - } - - public void testInvalidAuthenticator() { - itestInvalidAuthenticator(Boolean.FALSE); - } - - public void itestInvalidAuthenticator(Boolean multiUser) { - - CredentialGenerator gen = new DummyCredentialGenerator(); - Properties extraProps = gen.getSystemProperties(); - Properties javaProps = gen.getJavaProperties(); - String authInit = gen.getAuthInit(); - - LogWriterUtils.getLogWriter().info( - "testInvalidAuthenticator: Using scheme: " + gen.classCode()); - LogWriterUtils.getLogWriter().info( - "testInvalidAuthenticator: Using authinit: " + authInit); - - // Start the server with invalid authenticator - Integer locPort1 = SecurityTestUtil.getLocatorPort(); - String locString = SecurityTestUtil.getLocatorString(); - Integer port1 = (Integer)server1.invoke(() -> ClientAuthenticationDUnitTest.createCacheServer( locPort1, locString, "com.gemstone.gemfire.none", - extraProps, javaProps )); - - // Trying to create the region on client should throw a security exception - Properties credentials2 = gen.getValidCredentials(1); - Properties javaProps2 = gen.getJavaProperties(); - LogWriterUtils.getLogWriter().info( - "testInvalidAuthenticator: For first client credentials: " - + credentials2 + " : " + javaProps2); - client1.invoke(() -> ClientAuthenticationDUnitTest.createCacheClient( authInit, credentials2, javaProps2, port1, null, - new Integer(SecurityTestUtil.AUTHFAIL_EXCEPTION) )); - client1.invoke(() -> SecurityTestUtil.closeCache()); - - - // Also test with invalid credentials - Properties credentials3 = gen.getInvalidCredentials(1); - Properties javaProps3 = gen.getJavaProperties(); - LogWriterUtils.getLogWriter().info( - "testInvalidAuthenticator: For first client credentials: " - + credentials3 + " : " + javaProps3); - client1.invoke(() -> ClientAuthenticationDUnitTest.createCacheClient( authInit, credentials3, javaProps3, port1, null, - new Integer(SecurityTestUtil.AUTHFAIL_EXCEPTION) )); - } - - public void testNoAuthenticatorWithCredentials() { - itestNoAuthenticatorWithCredentials(Boolean.FALSE); - } - - public void itestNoAuthenticatorWithCredentials(Boolean multiUser) { - - CredentialGenerator gen = new DummyCredentialGenerator(); - Properties extraProps = gen.getSystemProperties(); - Properties javaProps = gen.getJavaProperties(); - String authenticator = gen.getAuthenticator(); - String authInit = gen.getAuthInit(); - - LogWriterUtils.getLogWriter().info( - "testNoAuthenticatorWithCredentials: Using scheme: " - + gen.classCode()); - LogWriterUtils.getLogWriter().info( - "testNoAuthenticatorWithCredentials: Using authinit: " + authInit); - - // Start the servers with no authenticator - Integer locPort1 = SecurityTestUtil.getLocatorPort(); - Integer locPort2 = SecurityTestUtil.getLocatorPort(); - String locString = SecurityTestUtil.getLocatorString(); - Integer port1 = (Integer)server1.invoke(() -> ClientAuthenticationDUnitTest.createCacheServer( locPort1, locString, null, extraProps, javaProps )); - Integer port2 = (Integer)server2.invoke(() -> ClientAuthenticationDUnitTest.createCacheServer( locPort2, locString, null, extraProps, javaProps )); - - // Clients should connect successfully and work properly with - // valid/invalid credentials when none are required on the server side - Properties credentials1 = gen.getValidCredentials(3); - Properties javaProps1 = gen.getJavaProperties(); - LogWriterUtils.getLogWriter().info( - "testNoAuthenticatorWithCredentials: For first client credentials: " - + credentials1 + " : " + javaProps1); - Properties credentials2 = gen.getInvalidCredentials(5); - Properties javaProps2 = gen.getJavaProperties(); - LogWriterUtils.getLogWriter().info( - "testNoAuthenticatorWithCredentials: For second client credentials: " - + credentials2 + " : " + javaProps2); - createClientsNoException(multiUser, authInit, port1, port2, credentials1, - javaProps1, credentials2, javaProps2); - - // Perform some put operations from client1 - client1.invoke(() -> SecurityTestUtil.doPuts( new Integer(2) )); - - // Verify that the puts succeeded - client2.invoke(() -> SecurityTestUtil.doGets( new Integer(2) )); - } - - public void testCredentialsWithFailover() { - itestCredentialsWithFailover(Boolean.FALSE); + @Test + public void testValidCredentials() throws Exception { + doTestValidCredentials(Boolean.FALSE); } - public void itestCredentialsWithFailover(Boolean multiUser) { - CredentialGenerator gen = new DummyCredentialGenerator(); - Properties extraProps = gen.getSystemProperties(); - Properties javaProps = gen.getJavaProperties(); - String authenticator = gen.getAuthenticator(); - String authInit = gen.getAuthInit(); - - LogWriterUtils.getLogWriter().info( - "testCredentialsWithFailover: Using scheme: " + gen.classCode()); - LogWriterUtils.getLogWriter().info( - "testCredentialsWithFailover: Using authenticator: " + authenticator); - LogWriterUtils.getLogWriter().info( - "testCredentialsWithFailover: Using authinit: " + authInit); - - // Start the first server - Integer locPort1 = SecurityTestUtil.getLocatorPort(); - Integer locPort2 = SecurityTestUtil.getLocatorPort(); - String locString = SecurityTestUtil.getLocatorString(); - Integer port1 = (Integer)server1.invoke(() -> ClientAuthenticationDUnitTest.createCacheServer( locPort1, locString, authenticator, extraProps, - javaProps )); - // Get a port for second server but do not start it - // This forces the clients to connect to the first server - Integer port2 = new Integer(AvailablePort - .getRandomAvailablePort(AvailablePort.SOCKET)); - - // Start the clients with valid credentials - Properties credentials1 = gen.getValidCredentials(5); - Properties javaProps1 = gen.getJavaProperties(); - LogWriterUtils.getLogWriter().info( - "testCredentialsWithFailover: For first client credentials: " - + credentials1 + " : " + javaProps1); - Properties credentials2 = gen.getValidCredentials(6); - Properties javaProps2 = gen.getJavaProperties(); - LogWriterUtils.getLogWriter().info( - "testCredentialsWithFailover: For second client credentials: " - + credentials2 + " : " + javaProps2); - createClientsNoException(multiUser, authInit, port1, port2, credentials1, - javaProps1, credentials2, javaProps2); - - // Perform some put operations from client1 - client1.invoke(() -> SecurityTestUtil.doPuts( new Integer(2) )); - // Verify that the puts succeeded - client2.invoke(() -> SecurityTestUtil.doGets( new Integer(2) )); - - // start the second one and stop the first server to force a failover - server2.invoke(() -> ClientAuthenticationDUnitTest.createCacheServer( locPort2, locString, port2, authenticator, extraProps, - javaProps )); - server1.invoke(() -> SecurityTestUtil.closeCache()); - - // Perform some create/update operations from client1 - client1.invoke(() -> SecurityTestUtil.doNPuts( new Integer(4) )); - // Verify that the creates/updates succeeded - client2.invoke(() -> SecurityTestUtil.doNGets( new Integer(4) )); - - // Try to connect client2 with no credentials - // Verify that the creation of region throws security exception - if (gen.classCode().equals(ClassCode.SSL)) { - // For SSL the exception may not come since the server can close socket - // before handshake message is sent from client. However exception - // should come in any region operations. - client2 - .invoke(() -> ClientAuthenticationDUnitTest.createCacheClient( null, null, null, port1, port2, null, multiUser, - new Integer(SecurityTestUtil.NOFORCE_AUTHREQ_EXCEPTION) )); - client2.invoke(() -> SecurityTestUtil.doPuts( - new Integer(2), new Integer(SecurityTestUtil.OTHER_EXCEPTION) )); - } - else { - client2.invoke(() -> ClientAuthenticationDUnitTest.createCacheClient( null, null, null, port1, port2, - null, multiUser, new Integer(SecurityTestUtil.AUTHREQ_EXCEPTION) )); - } - - // Now try to connect client1 with invalid credentials - // Verify that the creation of region throws security exception - Properties credentials3 = gen.getInvalidCredentials(7); - Properties javaProps3 = gen.getJavaProperties(); - LogWriterUtils.getLogWriter().info( - "testCredentialsWithFailover: For first client invalid credentials: " - + credentials3 + " : " + javaProps3); - client1.invoke(() -> ClientAuthenticationDUnitTest.createCacheClient( authInit, credentials3, javaProps3, port1, port2, - null, multiUser, new Integer(SecurityTestUtil.AUTHFAIL_EXCEPTION) )); - - if (multiUser) { - client1.invoke(() -> SecurityTestUtil.doProxyCacheClose()); - client2.invoke(() -> SecurityTestUtil.doProxyCacheClose()); - client1.invoke(() -> SecurityTestUtil.doSimplePut("CacheClosedException")); - client2.invoke(() -> SecurityTestUtil.doSimpleGet("CacheClosedException")); - } + @Test + public void testNoCredentials() throws Exception { + doTestNoCredentials(Boolean.FALSE); } - protected void createClientsNoException(Boolean multiUser, String authInit, - Integer port1, Integer port2, Properties credentials1, - Properties javaProps1, Properties credentials2, Properties javaProps2) { - createClient1NoException(multiUser, authInit, port1, port2, credentials1, - javaProps1); - client2.invoke(() -> ClientAuthenticationDUnitTest.createCacheClient( authInit, credentials2, javaProps2, port1, port2, - null, multiUser, new Integer(SecurityTestUtil.NO_EXCEPTION) )); + @Test + public void testInvalidCredentials() throws Exception { + doTestInvalidCredentials(Boolean.FALSE); } - public void testCredentialsForNotifications() { - itestCredentialsForNotifications(Boolean.FALSE); + @Test + public void testInvalidAuthInit() throws Exception { + doTestInvalidAuthInit(Boolean.FALSE); } - public void itestCredentialsForNotifications(Boolean multiUser) { - CredentialGenerator gen = new DummyCredentialGenerator(); - Properties extraProps = gen.getSystemProperties(); - Properties javaProps = gen.getJavaProperties(); - String authenticator = gen.getAuthenticator(); - String authInit = gen.getAuthInit(); - - LogWriterUtils.getLogWriter().info( - "testCredentialsForNotifications: Using scheme: " + gen.classCode()); - LogWriterUtils.getLogWriter().info( - "testCredentialsForNotifications: Using authenticator: " - + authenticator); - LogWriterUtils.getLogWriter().info( - "testCredentialsForNotifications: Using authinit: " + authInit); - - // Start the first server - Integer locPort1 = SecurityTestUtil.getLocatorPort(); - Integer locPort2 = SecurityTestUtil.getLocatorPort(); - String locString = SecurityTestUtil.getLocatorString(); - Integer port1 = (Integer)server1.invoke(() -> ClientAuthenticationDUnitTest.createCacheServer( locPort1, locString, authenticator, extraProps, - javaProps )); - // Get a port for second server but do not start it - // This forces the clients to connect to the first server - Integer port2 = new Integer(AvailablePort - .getRandomAvailablePort(AvailablePort.SOCKET)); - - // Start the clients with valid credentials - Properties credentials1 = gen.getValidCredentials(3); - Properties javaProps1 = gen.getJavaProperties(); - LogWriterUtils.getLogWriter().info( - "testCredentialsForNotifications: For first client credentials: " - + credentials1 + " : " + javaProps1); - Properties credentials2 = gen.getValidCredentials(4); - Properties javaProps2 = gen.getJavaProperties(); - LogWriterUtils.getLogWriter().info( - "testCredentialsForNotifications: For second client credentials: " - + credentials2 + " : " + javaProps2); - createClient1NoException(multiUser, authInit, port1, port2, credentials1, - javaProps1); - // Set up zero forward connections to check notification handshake only - Object zeroConns = new Integer(0); - createClient2NoException(multiUser, authInit, port1, port2, credentials2, - javaProps2, zeroConns); - - // Register interest on all keys on second client - client2 - .invoke(() -> ClientAuthenticationDUnitTest.registerAllInterest()); - - // Perform some put operations from client1 - client1.invoke(() -> SecurityTestUtil.doPuts( new Integer(2) )); - - // Verify that the puts succeeded - client2.invoke(() -> SecurityTestUtil.doLocalGets( new Integer(2) )); - - // start the second one and stop the first server to force a failover - server2.invoke(() -> ClientAuthenticationDUnitTest.createCacheServer( locPort2, locString, port2, authenticator, extraProps, - javaProps )); - server1.invoke(() -> SecurityTestUtil.closeCache()); - - // Wait for failover to complete - Wait.pause(500); - - // Perform some create/update operations from client1 - client1.invoke(() -> SecurityTestUtil.doNPuts( new Integer(4) )); - // Verify that the creates/updates succeeded - client2.invoke(() -> SecurityTestUtil.doNLocalGets( new Integer(4) )); - - // Try to connect client1 with no credentials - // Verify that the creation of region throws security exception - server1.invoke(() -> ClientAuthenticationDUnitTest.createCacheServer( locPort1, locString, port1, authenticator, extraProps, - javaProps )); - if (gen.classCode().equals(ClassCode.SSL)) { - // For SSL the exception may not come since the server can close socket - // before handshake message is sent from client. However exception - // should come in any region operations. - client1.invoke(() -> ClientAuthenticationDUnitTest.createCacheClient( null, null, null, port1, port2, - zeroConns, multiUser, - new Integer(SecurityTestUtil.NOFORCE_AUTHREQ_EXCEPTION) )); - client1.invoke(() -> SecurityTestUtil.doPuts( - new Integer(2), new Integer(SecurityTestUtil.OTHER_EXCEPTION) )); - } - else { - client1.invoke(() -> ClientAuthenticationDUnitTest.createCacheClient( null, null, null, port1, port2, - zeroConns, multiUser, new Integer(SecurityTestUtil.AUTHREQ_EXCEPTION) )); - } - - // Now try to connect client2 with invalid credentials - // Verify that the creation of region throws security exception - credentials2 = gen.getInvalidCredentials(3); - javaProps2 = gen.getJavaProperties(); - LogWriterUtils.getLogWriter().info( - "testCredentialsForNotifications: For second client invalid credentials: " - + credentials2 + " : " + javaProps2); - createClient2WithException(multiUser, authInit, port1, port2, - credentials2, javaProps2, zeroConns); - - // Now try to connect client2 with invalid auth-init method - // Trying to create the region on client with valid credentials should - // throw a security exception - client2 - .invoke(() -> ClientAuthenticationDUnitTest.createCacheClient( "com.gemstone.none", credentials1, javaProps1, - port1, port2, zeroConns, multiUser, - new Integer(SecurityTestUtil.AUTHREQ_EXCEPTION) )); - - // Now start the servers with invalid authenticator method. - // Skip this test for a scheme which does not have an authInit in the - // first place (e.g. SSL) since that will fail with AuthReqEx before - // authenticator is even invoked. - if (authInit != null && authInit.length() > 0) { - server1.invoke(() -> ClientAuthenticationDUnitTest.createCacheServer( locPort1, locString, port1, - "com.gemstone.gemfire.none", extraProps, javaProps )); - server2.invoke(() -> ClientAuthenticationDUnitTest.createCacheServer( locPort2, locString, port2, - "com.gemstone.gemfire.none", extraProps, javaProps )); - - createClient2WithException(multiUser, authInit, port1, port2, - credentials1, javaProps1, zeroConns); - createClient1WithException(multiUser, authInit, port1, port2, - credentials2, javaProps2, zeroConns); - } - else { - LogWriterUtils.getLogWriter().info( - "testCredentialsForNotifications: Skipping invalid authenticator for scheme [" - + gen.classCode() + "] which has no authInit"); - } - - // Try connection with null auth-init on clients. - // Skip this test for a scheme which does not have an authInit in the - // first place (e.g. SSL). - if (authInit != null && authInit.length() > 0) { - server1.invoke(() -> ClientAuthenticationDUnitTest.createCacheServer( locPort1, locString, port1, - authenticator, extraProps, javaProps )); - server2.invoke(() -> ClientAuthenticationDUnitTest.createCacheServer( locPort2, locString, port2, - authenticator, extraProps, javaProps )); - client1.invoke(() -> ClientAuthenticationDUnitTest.createCacheClient( null, credentials1, javaProps1, - port1, port2, null, multiUser, - new Integer(SecurityTestUtil.AUTHREQ_EXCEPTION) )); - createClient2AuthReqException(multiUser, port1, port2, credentials2, - javaProps2, zeroConns); - - createClient2AuthReqException(multiUser, port1, port2, credentials2, - javaProps2, zeroConns); - } - else { - LogWriterUtils.getLogWriter().info( - "testCredentialsForNotifications: Skipping null authInit for scheme [" - + gen.classCode() + "] which has no authInit"); - } - - // Try connection with null authenticator on server and sending - // valid/invalid credentials. - // If the scheme does not have an authenticator in the first place (e.g. - // SSL) then skip it since this test is useless. - if (authenticator != null && authenticator.length() > 0) { - server1.invoke(() -> ClientAuthenticationDUnitTest.createCacheServer( locPort1, locString, port1, - null, extraProps, javaProps )); - server2.invoke(() -> ClientAuthenticationDUnitTest.createCacheServer( locPort2, locString, port2, - null, extraProps, javaProps )); - createClient1NoException(multiUser, authInit, port1, port2, - credentials1, javaProps1); - createClient2NoException(multiUser, authInit, port1, port2, - credentials2, javaProps2, zeroConns); - - // Register interest on all keys on second client - client2.invoke(() -> ClientAuthenticationDUnitTest.registerAllInterest()); - - // Perform some put operations from client1 - client1.invoke(() -> SecurityTestUtil.doPuts( new Integer(4) )); - - // Verify that the puts succeeded - client2.invoke(() -> SecurityTestUtil.doLocalGets( new Integer(4) )); - - // Now also try with valid credentials on client2 - createClient1NoException(multiUser, authInit, port1, port2, - credentials2, javaProps2); - createClient2NoException(multiUser, authInit, port1, port2, - credentials1, javaProps1, zeroConns); - - // Register interest on all keys on second client - client2.invoke(() -> ClientAuthenticationDUnitTest.registerAllInterest()); - - // Perform some put operations from client1 - client1.invoke(() -> SecurityTestUtil.doNPuts( new Integer(4) )); - - // Verify that the puts succeeded - client2.invoke(() -> SecurityTestUtil.doNLocalGets( new Integer(4) )); - } - else { - LogWriterUtils.getLogWriter().info( - "testCredentialsForNotifications: Skipping scheme [" - + gen.classCode() + "] which has no authenticator"); - } + @Test + public void testNoAuthInitWithCredentials() throws Exception { + doTestNoAuthInitWithCredentials(Boolean.FALSE); } - protected void createClient1NoException(Boolean multiUser, String authInit, - Integer port1, Integer port2, Properties credentials2, - Properties javaProps2) { - client1.invoke(() -> ClientAuthenticationDUnitTest.createCacheClient( authInit, credentials2, - javaProps2, port1, port2, null, multiUser, - new Integer(SecurityTestUtil.NO_EXCEPTION) )); + @Test + public void testInvalidAuthenticator() throws Exception { + doTestInvalidAuthenticator(Boolean.FALSE); } - protected void createClient2AuthReqException(Boolean multiUser, Integer port1, - Integer port2, Properties credentials2, Properties javaProps2, - Object zeroConns) { - client2.invoke(() -> ClientAuthenticationDUnitTest.createCacheClient( null, credentials2, javaProps2, - port1, port2, zeroConns, multiUser, - new Integer(SecurityTestUtil.AUTHREQ_EXCEPTION) )); + @Test + public void testNoAuthenticatorWithCredentials() throws Exception { + doTestNoAuthenticatorWithCredentials(Boolean.FALSE); } - protected void createClient1WithException(Boolean multiUser, String authInit, - Integer port1, Integer port2, Properties credentials2, - Properties javaProps2, Object zeroConns) { - client1.invoke(() -> ClientAuthenticationDUnitTest.createCacheClient( authInit, credentials2, - javaProps2, port1, port2, zeroConns, multiUser, - new Integer(SecurityTestUtil.AUTHFAIL_EXCEPTION) )); + @Test + public void testCredentialsWithFailover() throws Exception { + doTestCredentialsWithFailover(Boolean.FALSE); } - protected void createClient2WithException(Boolean multiUser, String authInit, - Integer port1, Integer port2, Properties credentials2, - Properties javaProps2, Object zeroConns) { - client2.invoke(() -> ClientAuthenticationDUnitTest.createCacheClient( authInit, credentials2, javaProps2, port1, port2, - zeroConns, multiUser, new Integer(SecurityTestUtil.AUTHFAIL_EXCEPTION) )); + @Test + public void testCredentialsForNotifications() throws Exception { + doTestCredentialsForNotifications(Boolean.FALSE); } - protected void createClient2NoException(Boolean multiUser, String authInit, - Integer port1, Integer port2, Properties credentials2, - Properties javaProps2, Object zeroConns) { - client2.invoke(() -> ClientAuthenticationDUnitTest.createCacheClient( authInit, credentials2, javaProps2, port1, port2, - zeroConns, multiUser, new Integer(SecurityTestUtil.NO_EXCEPTION) )); + @Ignore("Disabled for unknown reason") + @Test + public void testValidCredentialsForMultipleUsers() throws Exception { + doTestValidCredentials(Boolean.TRUE); } - ////////////////////////////////////////////////////////////////////////////// - // Tests for MULTI_USER_MODE start here - ////////////////////////////////////////////////////////////////////////////// - - public void xtestValidCredentialsForMultipleUsers() { - itestValidCredentials(Boolean.TRUE); - } - - ////////////////////////////////////////////////////////////////////////////// - // Tests for MULTI_USER_MODE end here - ////////////////////////////////////////////////////////////////////////////// - - @Override - public final void preTearDown() throws Exception { - // close the clients first - client1.invoke(() -> SecurityTestUtil.closeCache()); - client2.invoke(() -> SecurityTestUtil.closeCache()); - // then close the servers - server1.invoke(() -> SecurityTestUtil.closeCache()); - server2.invoke(() -> SecurityTestUtil.closeCache()); - } } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/4f6a5311/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationPart2DUnitTest.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationPart2DUnitTest.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationPart2DUnitTest.java index 138114a..540632a 100644 --- a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationPart2DUnitTest.java +++ b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationPart2DUnitTest.java @@ -1,6 +1,3 @@ - -package com.gemstone.gemfire.security; - /* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file @@ -9,9 +6,9 @@ package com.gemstone.gemfire.security; * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ -19,70 +16,59 @@ package com.gemstone.gemfire.security; * specific language governing permissions and limitations * under the License. */ +package com.gemstone.gemfire.security; +import com.gemstone.gemfire.test.junit.categories.DistributedTest; +import org.junit.Ignore; +import org.junit.Test; +import org.junit.experimental.categories.Category; /** * this class contains test methods that used to be in its superclass but * that test started taking too long and caused dunit runs to hang */ -public class ClientAuthenticationPart2DUnitTest extends - ClientAuthenticationDUnitTest { +@Category(DistributedTest.class) +public class ClientAuthenticationPart2DUnitTest extends ClientAuthenticationTestCase { - /** constructor */ - public ClientAuthenticationPart2DUnitTest(String name) { - super(name); + @Test + public void testNoCredentialsForMultipleUsers() throws Exception { + doTestNoCredentials(Boolean.TRUE); } - // override inherited tests so they aren't executed again - - @Override - public void testValidCredentials() { } - @Override - public void testNoCredentials() { } - @Override - public void testInvalidCredentials() { } - @Override - public void testInvalidAuthInit() { } - @Override - public void testNoAuthInitWithCredentials() { } - @Override - public void testInvalidAuthenticator() { } - @Override - public void testNoAuthenticatorWithCredentials() { } - @Override - public void testCredentialsWithFailover() { } - @Override - public void testCredentialsForNotifications() { } - //@Override - public void testValidCredentialsForMultipleUsers() { } - - - - - - public void testNoCredentialsForMultipleUsers() { - itestNoCredentials(Boolean.TRUE); - } - public void testInvalidCredentialsForMultipleUsers() { - itestInvalidCredentials(Boolean.TRUE); + @Test + public void testInvalidCredentialsForMultipleUsers() throws Exception { + doTestInvalidCredentials(Boolean.TRUE); } - public void testInvalidAuthInitForMultipleUsers() { - itestInvalidAuthInit(Boolean.TRUE); - } - public void testNoAuthInitWithCredentialsForMultipleUsers() { - itestNoAuthInitWithCredentials(Boolean.TRUE); + + @Test + public void testInvalidAuthInitForMultipleUsers() throws Exception { + doTestInvalidAuthInit(Boolean.TRUE); } - public void testInvalidAuthenitcatorForMultipleUsers() { - itestInvalidAuthenticator(Boolean.TRUE); + + @Test + public void testNoAuthInitWithCredentialsForMultipleUsers() throws Exception { + doTestNoAuthInitWithCredentials(Boolean.TRUE); } - public void testNoAuthenticatorWithCredentialsForMultipleUsers() { - itestNoAuthenticatorWithCredentials(Boolean.TRUE); + + @Test + public void testInvalidAuthenitcatorForMultipleUsers() throws Exception { + doTestInvalidAuthenticator(Boolean.TRUE); } - public void disabled_testCredentialsWithFailoverForMultipleUsers() { - itestCredentialsWithFailover(Boolean.TRUE); + + @Test + public void testNoAuthenticatorWithCredentialsForMultipleUsers() throws Exception { + doTestNoAuthenticatorWithCredentials(Boolean.TRUE); } - public void __testCredentialsForNotificationsForMultipleUsers() { - itestCredentialsForNotifications(Boolean.TRUE); + + @Ignore("Disabled for unknown reason") + @Test + public void testCredentialsWithFailoverForMultipleUsers() throws Exception { + doTestCredentialsWithFailover(Boolean.TRUE); } + @Ignore("Disabled for unknown reason") + @Test + public void testCredentialsForNotificationsForMultipleUsers() throws Exception { + doTestCredentialsForNotifications(Boolean.TRUE); + } } http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/4f6a5311/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestCase.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestCase.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestCase.java new file mode 100644 index 0000000..d308769 --- /dev/null +++ b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationTestCase.java @@ -0,0 +1,574 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.gemstone.gemfire.security; + +import static com.gemstone.gemfire.security.SecurityTestUtil.*; +import static com.gemstone.gemfire.test.dunit.IgnoredException.*; +import static com.gemstone.gemfire.test.dunit.LogWriterUtils.*; +import static com.gemstone.gemfire.test.dunit.Wait.*; + +import java.io.IOException; +import java.util.Properties; +import javax.net.ssl.SSLException; +import javax.net.ssl.SSLHandshakeException; + +import com.gemstone.gemfire.internal.AvailablePort; +import com.gemstone.gemfire.security.generator.CredentialGenerator; +import com.gemstone.gemfire.security.generator.DummyCredentialGenerator; +import com.gemstone.gemfire.test.dunit.Host; +import com.gemstone.gemfire.test.dunit.VM; +import com.gemstone.gemfire.test.dunit.internal.JUnit4DistributedTestCase; + +public abstract class ClientAuthenticationTestCase extends JUnit4DistributedTestCase { + + private VM server1 = null; + private VM server2 = null; + private VM client1 = null; + private VM client2 = null; + + private static final String[] serverIgnoredExceptions = { + AuthenticationRequiredException.class.getName(), + AuthenticationFailedException.class.getName(), + GemFireSecurityException.class.getName(), + ClassNotFoundException.class.getName(), + IOException.class.getName(), + SSLException.class.getName(), + SSLHandshakeException.class.getName() + }; + + private static final String[] clientIgnoredExceptions = { + AuthenticationRequiredException.class.getName(), + AuthenticationFailedException.class.getName(), + SSLHandshakeException.class.getName() + }; + + @Override + public final void postSetUp() throws Exception { + final Host host = Host.getHost(0); + server1 = host.getVM(0); + server2 = host.getVM(1); + client1 = host.getVM(2); + client2 = host.getVM(3); + + addIgnoredException("Connection refused: connect"); + + server1.invoke(() -> registerExpectedExceptions(serverIgnoredExceptions)); + server2.invoke(() -> registerExpectedExceptions(serverIgnoredExceptions)); + client1.invoke(() -> registerExpectedExceptions(clientIgnoredExceptions)); + client2.invoke(() -> registerExpectedExceptions(clientIgnoredExceptions)); + } + + protected void doTestValidCredentials(boolean multiUser) throws Exception { + CredentialGenerator gen = new DummyCredentialGenerator(); + Properties extraProps = gen.getSystemProperties(); + Properties javaProps = gen.getJavaProperties(); + String authenticator = gen.getAuthenticator(); + String authInit = gen.getAuthInit(); + + getLogWriter().info("testValidCredentials: Using scheme: " + gen.classCode()); + getLogWriter().info("testValidCredentials: Using authenticator: " + authenticator); + getLogWriter().info("testValidCredentials: Using authinit: " + authInit); + + // Start the servers + Integer locPort1 = getLocatorPort(); + Integer locPort2 = getLocatorPort(); + String locString = getLocatorString(); + Integer port1 = server1.invoke(() -> ClientAuthenticationUtils.createCacheServer(locPort1, locString, authenticator, extraProps, javaProps)); + Integer port2 = server2.invoke(() -> ClientAuthenticationUtils.createCacheServer(locPort2, locString, authenticator, extraProps, javaProps)); + + // Start the clients with valid credentials + Properties credentials1 = gen.getValidCredentials(1); + Properties javaProps1 = gen.getJavaProperties(); + + getLogWriter().info("testValidCredentials: For first client credentials: " + credentials1 + " : " + javaProps1); + + Properties credentials2 = gen.getValidCredentials(2); + Properties javaProps2 = gen.getJavaProperties(); + + getLogWriter().info("testValidCredentials: For second client credentials: " + credentials2 + " : " + javaProps2); + + createClientsNoException(multiUser, authInit, port1, port2, credentials1, javaProps1, credentials2, javaProps2); + + // Perform some put operations from client1 + client1.invoke(() -> doPuts(2)); + + // Verify that the puts succeeded + client2.invoke(() -> doGets(2)); + + if (multiUser) { + client1.invoke(() -> doProxyCacheClose()); + client2.invoke(() -> doProxyCacheClose()); + client1.invoke(() -> doSimplePut("CacheClosedException")); + client2.invoke(() -> doSimpleGet("CacheClosedException")); + } + } + + protected void doTestNoCredentials(boolean multiUser) throws Exception { + CredentialGenerator gen = new DummyCredentialGenerator(); + Properties extraProps = gen.getSystemProperties(); + Properties javaProps = gen.getJavaProperties(); + String authenticator = gen.getAuthenticator(); + String authInit = gen.getAuthInit(); + + getLogWriter().info("testNoCredentials: Using scheme: " + gen.classCode()); + getLogWriter().info("testNoCredentials: Using authenticator: " + authenticator); + getLogWriter().info("testNoCredentials: Using authinit: " + authInit); + + // Start the servers + Integer locPort1 = getLocatorPort(); + Integer locPort2 = getLocatorPort(); + String locString = getLocatorString(); + Integer port1 = createServer1(extraProps, javaProps, authenticator, locPort1, locString); + Integer port2 = server2.invoke(() -> ClientAuthenticationUtils.createCacheServer(locPort2, locString, authenticator, extraProps, javaProps)); + + // Start first client with valid credentials + Properties credentials1 = gen.getValidCredentials(1); + Properties javaProps1 = gen.getJavaProperties(); + + getLogWriter().info("testNoCredentials: For first client credentials: " + credentials1 + " : " + javaProps1); + + createClient1NoException(multiUser, authInit, port1, port2, credentials1, javaProps1); + + // Perform some put operations from client1 + client1.invoke(() -> doPuts(2)); + + // Trying to create the region on client2 + if (gen.classCode().equals(CredentialGenerator.ClassCode.SSL)) { + // For SSL the exception may not come since the server can close socket + // before handshake message is sent from client. However exception + // should come in any region operations. + client2.invoke(() -> ClientAuthenticationUtils.createCacheClient(null, null, null, port1, port2, 0, multiUser, NO_EXCEPTION)); + client2.invoke(() -> doPuts(2, OTHER_EXCEPTION)); + + } else { + client2.invoke(() -> ClientAuthenticationUtils.createCacheClient(null, null, null, port1, port2, 0, multiUser, AUTHREQ_EXCEPTION)); + } + } + + protected void doTestInvalidCredentials(boolean multiUser) throws Exception { + CredentialGenerator gen = new DummyCredentialGenerator(); + Properties extraProps = gen.getSystemProperties(); + Properties javaProps = gen.getJavaProperties(); + String authenticator = gen.getAuthenticator(); + String authInit = gen.getAuthInit(); + + getLogWriter().info("testInvalidCredentials: Using scheme: " + gen.classCode()); + getLogWriter().info("testInvalidCredentials: Using authenticator: " + authenticator); + getLogWriter().info("testInvalidCredentials: Using authinit: " + authInit); + + // Start the servers + Integer locPort1 = getLocatorPort(); + Integer locPort2 = getLocatorPort(); + String locString = getLocatorString(); + Integer port1 = createServer1(extraProps, javaProps, authenticator, locPort1, locString); + Integer port2 = server2.invoke(() -> ClientAuthenticationUtils.createCacheServer(locPort2, locString, authenticator, extraProps, javaProps)); + + // Start first client with valid credentials + Properties credentials1 = gen.getValidCredentials(1); + Properties javaProps1 = gen.getJavaProperties(); + getLogWriter().info("testInvalidCredentials: For first client credentials: " + credentials1 + " : " + javaProps1); + + createClient1NoException(multiUser, authInit, port1, port2, credentials1, javaProps1); + + // Perform some put operations from client1 + client1.invoke(() -> doPuts(2)); + + // Start second client with invalid credentials + // Trying to create the region on client2 should throw a security + // exception + Properties credentials2 = gen.getInvalidCredentials(1); + Properties javaProps2 = gen.getJavaProperties(); + getLogWriter().info("testInvalidCredentials: For second client credentials: " + credentials2 + " : " + javaProps2); + + client2.invoke(() -> ClientAuthenticationUtils.createCacheClient(authInit, credentials2, javaProps2, port1, port2, 0, multiUser, AUTHFAIL_EXCEPTION)); + } + + protected void doTestInvalidAuthInit(boolean multiUser) throws Exception { + CredentialGenerator gen = new DummyCredentialGenerator(); + Properties extraProps = gen.getSystemProperties(); + final Properties javaProps = gen.getJavaProperties(); + String authenticator = gen.getAuthenticator(); + + getLogWriter().info("testInvalidAuthInit: Using scheme: " + gen.classCode()); + getLogWriter().info("testInvalidAuthInit: Using authenticator: " + authenticator); + + // Start the server + Integer locPort1 = getLocatorPort(); + String locString = getLocatorString(); + Integer port1 = createServer1(extraProps, javaProps, authenticator, locPort1, locString); + + Properties credentials = gen.getValidCredentials(1); + + getLogWriter().info("testInvalidAuthInit: For first client credentials: " + credentials + " : " + javaProps); + client1.invoke(() -> ClientAuthenticationUtils.createCacheClient("com.gemstone.none", credentials, javaProps, new int[] { port1 }, 0, multiUser, AUTHREQ_EXCEPTION)); + } + + protected void doTestNoAuthInitWithCredentials(boolean multiUser) throws Exception { + CredentialGenerator gen = new DummyCredentialGenerator(); + Properties extraProps = gen.getSystemProperties(); + Properties javaProps = gen.getJavaProperties(); + String authenticator = gen.getAuthenticator(); + + getLogWriter().info("testNoAuthInitWithCredentials: Using scheme: " + gen.classCode()); + getLogWriter().info("testNoAuthInitWithCredentials: Using authenticator: " + authenticator); + + // Start the servers + Integer locPort1 = getLocatorPort(); + Integer locPort2 = getLocatorPort(); + String locString = getLocatorString(); + Integer port1 = createServer1(extraProps, javaProps, authenticator, locPort1, locString); + Integer port2 = server2.invoke(() -> ClientAuthenticationUtils.createCacheServer(locPort2, locString, authenticator, extraProps, javaProps)); + + // Start the clients with valid credentials + Properties credentials1 = gen.getValidCredentials(1); + Properties javaProps1 = gen.getJavaProperties(); + getLogWriter().info("testNoAuthInitWithCredentials: For first client credentials: " + credentials1 + " : " + javaProps1); + + Properties credentials2 = gen.getValidCredentials(2); + Properties javaProps2 = gen.getJavaProperties(); + getLogWriter().info("testNoAuthInitWithCredentials: For second client credentials: " + credentials2 + " : " + javaProps2); + + client1.invoke(() -> ClientAuthenticationUtils.createCacheClient(null, credentials1, javaProps1, port1, port2, 0, multiUser, AUTHREQ_EXCEPTION)); + client2.invoke(() -> ClientAuthenticationUtils.createCacheClient(null, credentials2, javaProps2, port1, port2, 0, multiUser, AUTHREQ_EXCEPTION)); + client2.invoke(() -> closeCache()); + + // Now also try with invalid credentials + Properties credentials3 = gen.getInvalidCredentials(5); + Properties javaProps3 = gen.getJavaProperties(); + client2.invoke(() -> ClientAuthenticationUtils.createCacheClient(null, credentials3, javaProps3, port1, port2, 0, multiUser, AUTHREQ_EXCEPTION)); + } + + protected void doTestInvalidAuthenticator(boolean multiUser) throws Exception { + CredentialGenerator gen = new DummyCredentialGenerator(); + Properties extraProps = gen.getSystemProperties(); + Properties javaProps = gen.getJavaProperties(); + String authInit = gen.getAuthInit(); + + getLogWriter().info("testInvalidAuthenticator: Using scheme: " + gen.classCode()); + getLogWriter().info("testInvalidAuthenticator: Using authinit: " + authInit); + + // Start the server with invalid authenticator + Integer locPort1 = getLocatorPort(); + String locString = getLocatorString(); + Integer port1 = server1.invoke(() -> ClientAuthenticationUtils.createCacheServer(locPort1, locString, "com.gemstone.gemfire.none", extraProps, javaProps)); + + // Trying to create the region on client should throw a security exception + Properties credentials2 = gen.getValidCredentials(1); + Properties javaProps2 = gen.getJavaProperties(); + getLogWriter().info("testInvalidAuthenticator: For first client credentials: " + credentials2 + " : " + javaProps2); + + client1.invoke(() -> ClientAuthenticationUtils.createCacheClient(authInit, credentials2, javaProps2, port1, 0, AUTHFAIL_EXCEPTION)); + client1.invoke(() -> closeCache()); + + // Also test with invalid credentials + Properties credentials3 = gen.getInvalidCredentials(1); + Properties javaProps3 = gen.getJavaProperties(); + getLogWriter().info("testInvalidAuthenticator: For first client credentials: " + credentials3 + " : " + javaProps3); + client1.invoke(() -> ClientAuthenticationUtils.createCacheClient(authInit, credentials3, javaProps3, port1, 0, AUTHFAIL_EXCEPTION)); + } + + protected void doTestNoAuthenticatorWithCredentials(boolean multiUser) throws Exception { + CredentialGenerator gen = new DummyCredentialGenerator(); + Properties extraProps = gen.getSystemProperties(); + Properties javaProps = gen.getJavaProperties(); + String authenticator = gen.getAuthenticator(); + String authInit = gen.getAuthInit(); + + getLogWriter().info("testNoAuthenticatorWithCredentials: Using scheme: " + gen.classCode()); + getLogWriter().info("testNoAuthenticatorWithCredentials: Using authinit: " + authInit); + + // Start the servers with no authenticator + Integer locPort1 = getLocatorPort(); + Integer locPort2 = getLocatorPort(); + String locString = getLocatorString(); + Integer port1 = server1.invoke(() -> ClientAuthenticationUtils.createCacheServer(locPort1, locString, null, extraProps, javaProps)); + Integer port2 = server2.invoke(() -> ClientAuthenticationUtils.createCacheServer(locPort2, locString, null, extraProps, javaProps)); + + // Clients should connect successfully and work properly with + // valid/invalid credentials when none are required on the server side + Properties credentials1 = gen.getValidCredentials(3); + Properties javaProps1 = gen.getJavaProperties(); + getLogWriter().info("testNoAuthenticatorWithCredentials: For first client credentials: " + credentials1 + " : " + javaProps1); + + Properties credentials2 = gen.getInvalidCredentials(5); + Properties javaProps2 = gen.getJavaProperties(); + getLogWriter().info("testNoAuthenticatorWithCredentials: For second client credentials: " + credentials2 + " : " + javaProps2); + + createClientsNoException(multiUser, authInit, port1, port2, credentials1, javaProps1, credentials2, javaProps2); + + // Perform some put operations from client1 + client1.invoke(() -> doPuts(2)); + + // Verify that the puts succeeded + client2.invoke(() -> doGets(2)); + } + + protected void doTestCredentialsWithFailover(boolean multiUser) throws Exception { + CredentialGenerator gen = new DummyCredentialGenerator(); + Properties extraProps = gen.getSystemProperties(); + Properties javaProps = gen.getJavaProperties(); + String authenticator = gen.getAuthenticator(); + String authInit = gen.getAuthInit(); + + getLogWriter().info("testCredentialsWithFailover: Using scheme: " + gen.classCode()); + getLogWriter().info("testCredentialsWithFailover: Using authenticator: " + authenticator); + getLogWriter().info("testCredentialsWithFailover: Using authinit: " + authInit); + + // Start the first server + Integer locPort1 = getLocatorPort(); + Integer locPort2 = getLocatorPort(); + String locString = getLocatorString(); + Integer port1 = server1.invoke(() -> ClientAuthenticationUtils.createCacheServer(locPort1, locString, authenticator, extraProps, javaProps)); + // Get a port for second server but do not start it + // This forces the clients to connect to the first server + Integer port2 = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET); + + // Start the clients with valid credentials + Properties credentials1 = gen.getValidCredentials(5); + Properties javaProps1 = gen.getJavaProperties(); + getLogWriter().info("testCredentialsWithFailover: For first client credentials: " + credentials1 + " : " + javaProps1); + + Properties credentials2 = gen.getValidCredentials(6); + Properties javaProps2 = gen.getJavaProperties(); + getLogWriter().info("testCredentialsWithFailover: For second client credentials: " + credentials2 + " : " + javaProps2); + + createClientsNoException(multiUser, authInit, port1, port2, credentials1, javaProps1, credentials2, javaProps2); + + // Perform some put operations from client1 + client1.invoke(() -> doPuts(2)); + // Verify that the puts succeeded + client2.invoke(() -> doGets(2)); + + // start the second one and stop the first server to force a failover + server2.invoke(() -> ClientAuthenticationUtils.createCacheServer(locPort2, locString, port2, authenticator, extraProps, javaProps)); + server1.invoke(() -> closeCache()); + + // Perform some create/update operations from client1 + client1.invoke(() -> doNPuts(4)); + // Verify that the creates/updates succeeded + client2.invoke(() -> doNGets(4)); + + // Try to connect client2 with no credentials + // Verify that the creation of region throws security exception + if (gen.classCode().equals(CredentialGenerator.ClassCode.SSL)) { + // For SSL the exception may not come since the server can close socket + // before handshake message is sent from client. However exception + // should come in any region operations. + client2.invoke(() -> ClientAuthenticationUtils.createCacheClient(null, null, null, port1, port2, 0, multiUser, NOFORCE_AUTHREQ_EXCEPTION)); + client2.invoke(() -> doPuts(2, OTHER_EXCEPTION)); + + } else { + client2.invoke(() -> ClientAuthenticationUtils.createCacheClient(null, null, null, port1, port2, 0, multiUser, AUTHREQ_EXCEPTION)); + } + + // Now try to connect client1 with invalid credentials + // Verify that the creation of region throws security exception + Properties credentials3 = gen.getInvalidCredentials(7); + Properties javaProps3 = gen.getJavaProperties(); + getLogWriter().info("testCredentialsWithFailover: For first client invalid credentials: " + credentials3 + " : " + javaProps3); + + client1.invoke(() -> ClientAuthenticationUtils.createCacheClient(authInit, credentials3, javaProps3, port1, port2, 0, multiUser, AUTHFAIL_EXCEPTION)); + + if (multiUser) { + client1.invoke(() -> doProxyCacheClose()); + client2.invoke(() -> doProxyCacheClose()); + client1.invoke(() -> doSimplePut("CacheClosedException")); + client2.invoke(() -> doSimpleGet("CacheClosedException")); + } + } + + protected void doTestCredentialsForNotifications(boolean multiUser) throws Exception { + CredentialGenerator gen = new DummyCredentialGenerator(); + Properties extraProps = gen.getSystemProperties(); + Properties javaProps = gen.getJavaProperties(); + String authenticator = gen.getAuthenticator(); + String authInit = gen.getAuthInit(); + + getLogWriter().info("testCredentialsForNotifications: Using scheme: " + gen.classCode()); + getLogWriter().info("testCredentialsForNotifications: Using authenticator: " + authenticator); + getLogWriter().info("testCredentialsForNotifications: Using authinit: " + authInit); + + // Start the first server + Integer locPort1 = getLocatorPort(); + Integer locPort2 = getLocatorPort(); + String locString = getLocatorString(); + Integer port1 = server1.invoke(() -> ClientAuthenticationUtils.createCacheServer(locPort1, locString, authenticator, extraProps, javaProps)); + // Get a port for second server but do not start it + // This forces the clients to connect to the first server + Integer port2 = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET); + + // Start the clients with valid credentials + Properties credentials1 = gen.getValidCredentials(3); + Properties javaProps1 = gen.getJavaProperties(); + getLogWriter().info("testCredentialsForNotifications: For first client credentials: " + credentials1 + " : " + javaProps1); + + Properties credentials2 = gen.getValidCredentials(4); + Properties javaProps2 = gen.getJavaProperties(); + getLogWriter().info("testCredentialsForNotifications: For second client credentials: " + credentials2 + " : " + javaProps2); + + createClient1NoException(multiUser, authInit, port1, port2, credentials1, javaProps1); + + // Set up zero forward connections to check notification handshake only + int zeroConns = 0; + createClient2NoException(multiUser, authInit, port1, port2, credentials2, javaProps2, zeroConns); + + // Register interest on all keys on second client + client2.invoke(() -> ClientAuthenticationUtils.registerAllInterest()); + + // Perform some put operations from client1 + client1.invoke(() -> doPuts(2)); + + // Verify that the puts succeeded + client2.invoke(() -> doLocalGets(2)); + + // start the second one and stop the first server to force a failover + server2.invoke(() -> ClientAuthenticationUtils.createCacheServer(locPort2, locString, port2, authenticator, extraProps, javaProps)); + server1.invoke(() -> closeCache()); + + // Wait for failover to complete + pause(500); + + // Perform some create/update operations from client1 + client1.invoke(() -> doNPuts(4)); + // Verify that the creates/updates succeeded + client2.invoke(() -> doNLocalGets(4)); + + // Try to connect client1 with no credentials + // Verify that the creation of region throws security exception + server1.invoke(() -> ClientAuthenticationUtils.createCacheServer(locPort1, locString, port1, authenticator, extraProps, javaProps)); + + if (gen.classCode().equals(CredentialGenerator.ClassCode.SSL)) { + // For SSL the exception may not come since the server can close socket + // before handshake message is sent from client. However exception + // should come in any region operations. + client1.invoke(() -> ClientAuthenticationUtils.createCacheClient(null, null, null, port1, port2, zeroConns, multiUser, NOFORCE_AUTHREQ_EXCEPTION)); + client1.invoke(() -> doPuts(2, OTHER_EXCEPTION)); + + } else { + client1.invoke(() -> ClientAuthenticationUtils.createCacheClient(null, null, null, port1, port2, zeroConns, multiUser, AUTHREQ_EXCEPTION)); + } + + // Now try to connect client2 with invalid credentials + // Verify that the creation of region throws security exception + credentials2 = gen.getInvalidCredentials(3); + javaProps2 = gen.getJavaProperties(); + getLogWriter().info("testCredentialsForNotifications: For second client invalid credentials: " + credentials2 + " : " + javaProps2); + + createClient2WithException(multiUser, authInit, port1, port2, credentials2, javaProps2, zeroConns); + + // Now try to connect client2 with invalid auth-init method + // Trying to create the region on client with valid credentials should + // throw a security exception + client2.invoke(() -> ClientAuthenticationUtils.createCacheClient("com.gemstone.none", credentials1, javaProps1, port1, port2, zeroConns, multiUser, AUTHREQ_EXCEPTION)); + + // Now start the servers with invalid authenticator method. + // Skip this test for a scheme which does not have an authInit in the + // first place (e.g. SSL) since that will fail with AuthReqEx before + // authenticator is even invoked. + if (authInit != null && authInit.length() > 0) { + server1.invoke(() -> ClientAuthenticationUtils.createCacheServer(locPort1, locString, port1, "com.gemstone.gemfire.none", extraProps, javaProps)); + server2.invoke(() -> ClientAuthenticationUtils.createCacheServer(locPort2, locString, port2, "com.gemstone.gemfire.none", extraProps, javaProps)); + + createClient2WithException(multiUser, authInit, port1, port2, credentials1, javaProps1, zeroConns); + createClient1WithException(multiUser, authInit, port1, port2, credentials2, javaProps2, zeroConns); + + } else { + getLogWriter().info("testCredentialsForNotifications: Skipping invalid authenticator for scheme [" + gen.classCode() + "] which has no authInit"); + } + + // Try connection with null auth-init on clients. + // Skip this test for a scheme which does not have an authInit in the + // first place (e.g. SSL). + if (authInit != null && authInit.length() > 0) { + server1.invoke(() -> ClientAuthenticationUtils.createCacheServer(locPort1, locString, port1, authenticator, extraProps, javaProps)); + server2.invoke(() -> ClientAuthenticationUtils.createCacheServer(locPort2, locString, port2, authenticator, extraProps, javaProps)); + client1.invoke(() -> ClientAuthenticationUtils.createCacheClient(null, credentials1, javaProps1, port1, port2, 0, multiUser, AUTHREQ_EXCEPTION)); + + createClient2AuthReqException(multiUser, port1, port2, credentials2, javaProps2, zeroConns); + createClient2AuthReqException(multiUser, port1, port2, credentials2, javaProps2, zeroConns); + + } else { + getLogWriter().info("testCredentialsForNotifications: Skipping null authInit for scheme [" + gen.classCode() + "] which has no authInit"); + } + + // Try connection with null authenticator on server and sending + // valid/invalid credentials. + // If the scheme does not have an authenticator in the first place (e.g. + // SSL) then skip it since this test is useless. + if (authenticator != null && authenticator.length() > 0) { + server1.invoke(() -> ClientAuthenticationUtils.createCacheServer(locPort1, locString, port1, null, extraProps, javaProps)); + server2.invoke(() -> ClientAuthenticationUtils.createCacheServer(locPort2, locString, port2, null, extraProps, javaProps)); + + createClient1NoException(multiUser, authInit, port1, port2, credentials1, javaProps1); + createClient2NoException(multiUser, authInit, port1, port2, credentials2, javaProps2, zeroConns); + + // Register interest on all keys on second client + client2.invoke(() -> ClientAuthenticationUtils.registerAllInterest()); + + // Perform some put operations from client1 + client1.invoke(() -> doPuts(4)); + + // Verify that the puts succeeded + client2.invoke(() -> doLocalGets(4)); + + // Now also try with valid credentials on client2 + createClient1NoException(multiUser, authInit, port1, port2, credentials2, javaProps2); + createClient2NoException(multiUser, authInit, port1, port2, credentials1, javaProps1, zeroConns); + + // Register interest on all keys on second client + client2.invoke(() -> ClientAuthenticationUtils.registerAllInterest()); + + // Perform some put operations from client1 + client1.invoke(() -> doNPuts(4)); + + // Verify that the puts succeeded + client2.invoke(() -> doNLocalGets(4)); + + } else { + getLogWriter().info("testCredentialsForNotifications: Skipping scheme [" + gen.classCode() + "] which has no authenticator"); + } + } + + private Integer createServer1(Properties extraProps, Properties javaProps, String authenticator, int locPort1, String locString) { + return server1.invoke(() -> ClientAuthenticationUtils.createCacheServer(locPort1, locString, authenticator, extraProps, javaProps)); + } + + private void createClient1NoException(boolean multiUser, String authInit, int port1, int port2, Properties credentials2, Properties javaProps2) { + client1.invoke(() -> ClientAuthenticationUtils.createCacheClient(authInit, credentials2, javaProps2, port1, port2, 0, multiUser, NO_EXCEPTION)); + } + + private void createClient2AuthReqException(boolean multiUser, int port1, int port2, Properties credentials2, Properties javaProps2, int zeroConns) { + client2.invoke(() -> ClientAuthenticationUtils.createCacheClient(null, credentials2, javaProps2, port1, port2, zeroConns, multiUser, AUTHREQ_EXCEPTION)); + } + + private void createClient1WithException(boolean multiUser, String authInit, int port1, int port2, Properties credentials2, Properties javaProps2, int zeroConns) { + client1.invoke(() -> ClientAuthenticationUtils.createCacheClient(authInit, credentials2, javaProps2, port1, port2, zeroConns, multiUser, AUTHFAIL_EXCEPTION)); + } + + private void createClient2WithException(boolean multiUser, String authInit, int port1, int port2, Properties credentials2, Properties javaProps2, int zeroConns) { + client2.invoke(() -> ClientAuthenticationUtils.createCacheClient(authInit, credentials2, javaProps2, port1, port2, zeroConns, multiUser, AUTHFAIL_EXCEPTION)); + } + + private void createClient2NoException(boolean multiUser, String authInit, int port1, int port2, Properties credentials2, Properties javaProps2, int zeroConns) { + client2.invoke(() -> ClientAuthenticationUtils.createCacheClient(authInit, credentials2, javaProps2, port1, port2, zeroConns, multiUser, NO_EXCEPTION)); + } + + private void createClientsNoException(boolean multiUser, String authInit, int port1, int port2, Properties credentials1, Properties javaProps1, Properties credentials2, Properties javaProps2) { + createClient1NoException(multiUser, authInit, port1, port2, credentials1, javaProps1); + client2.invoke(() -> ClientAuthenticationUtils.createCacheClient(authInit, credentials2, javaProps2, port1, port2, 0, multiUser, NO_EXCEPTION)); + } +} http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/4f6a5311/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationUtils.java ---------------------------------------------------------------------- diff --git a/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationUtils.java b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationUtils.java new file mode 100644 index 0000000..09cc2d5 --- /dev/null +++ b/geode-core/src/test/java/com/gemstone/gemfire/security/ClientAuthenticationUtils.java @@ -0,0 +1,94 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.gemstone.gemfire.security; + +import static com.gemstone.gemfire.security.SecurityTestUtil.*; +import static org.junit.Assert.*; + +import java.util.Properties; + +import com.gemstone.gemfire.cache.Region; +import com.gemstone.gemfire.distributed.internal.DistributionConfig; + +/** + * Extracted from ClientAuthenticationDUnitTest + */ +public class ClientAuthenticationUtils { + + protected ClientAuthenticationUtils() { + } + + public static Integer createCacheServer(int dsPort, String locatorString, String authenticator, Properties extraProps, Properties javaProps) { + Properties authProps; + if (extraProps == null) { + authProps = new Properties(); + } else { + authProps = (Properties)extraProps; + } + + if (authenticator != null) { + authProps.setProperty(DistributionConfig.SECURITY_CLIENT_AUTHENTICATOR_NAME, authenticator.toString()); + } + + return SecurityTestUtil.createCacheServer(authProps, javaProps, dsPort, (String)locatorString, 0, NO_EXCEPTION); + } + + public static void createCacheServer(int dsPort, String locatorString, int serverPort, String authenticator, Properties extraProps, Properties javaProps) { + Properties authProps; + if (extraProps == null) { + authProps = new Properties(); + } else { + authProps = (Properties)extraProps; + } + + if (authenticator != null) { + authProps.setProperty(DistributionConfig.SECURITY_CLIENT_AUTHENTICATOR_NAME, authenticator.toString()); + } + SecurityTestUtil.createCacheServer(authProps, javaProps, dsPort, locatorString, serverPort, NO_EXCEPTION); + } + + public static void createCacheClient(String authInit, Properties authProps, Properties javaProps, int[] ports, int numConnections, boolean multiUserMode, boolean subscriptionEnabled, int expectedResult) { + + SecurityTestUtil.createCacheClient(authInit, authProps, javaProps, ports, numConnections, false, multiUserMode, subscriptionEnabled, expectedResult); + } + + public static void createCacheClient(String authInit, Properties authProps, Properties javaProps, int[] ports, int numConnections, boolean multiUserMode, int expectedResult) { + createCacheClient(authInit, (Properties)authProps, (Properties)javaProps, ports, numConnections, multiUserMode, true, expectedResult); + } + + public static void createCacheClient(String authInit, Properties authProps, Properties javaProps, int port1, int numConnections, int expectedResult) { + createCacheClient(authInit, authProps, javaProps, new int[] { port1 }, numConnections, Boolean.FALSE, Boolean.TRUE, expectedResult); + } + + public static void createCacheClient(String authInit, Properties authProps, Properties javaProps, int port1, int port2, int numConnections, int expectedResult) { + createCacheClient(authInit, authProps, javaProps, port1, port2, numConnections, Boolean.FALSE, expectedResult); + } + + public static void createCacheClient(String authInit, Properties authProps, Properties javaProps, Integer port1, Integer port2, int numConnections, boolean multiUserMode, int expectedResult) { + createCacheClient(authInit, authProps, javaProps, port1, port2, numConnections, multiUserMode, Boolean.TRUE, expectedResult); + } + + public static void createCacheClient(String authInit, Properties authProps, Properties javaProps, int port1, int port2, int numConnections, boolean multiUserMode, boolean subscriptionEnabled, int expectedResult) { + createCacheClient(authInit, authProps, javaProps, new int[] { port1, port2 }, numConnections, multiUserMode, subscriptionEnabled, expectedResult); + } + + public static void registerAllInterest() { + Region region = SecurityTestUtil.getCache().getRegion(SecurityTestUtil.REGION_NAME); + assertNotNull(region); + region.registerInterestRegex(".*"); + } +}
