reiabreu commented on code in PR #3692:
URL: https://github.com/apache/storm/pull/3692#discussion_r1749420224
##########
storm-client/test/jvm/org/apache/storm/utils/CuratorUtilsTest.java:
##########
@@ -86,4 +110,163 @@ private CuratorFrameworkFactory.Builder
setupBuilder(boolean withAuth) {
CuratorUtils.testSetupBuilder(builder, zkStr, conf, auth);
return builder;
}
+
+ /**
+ * A method to configure the test ZK server to accept secure client
connection.
+ * The self-signed certificates were generated for testing purposes as
described below.
+ * For the ZK client to connect with the ZK server, the ZK server's
keystore and truststore
+ * should be used.
+ * For testing purposes the keystore and truststore were generated using
default values.
+ * 1. to generate the keystore.jks file:
+ * # keytool -genkey -alias mockcert -keyalg RSA -keystore keystore.jks
-keysize 2048
+ * 2. generate the ca-cert and the ca-key:
+ * # openssl req -new -x509 -keyout ca-key -out ca-cert
+ * 3. to generate the certificate signing request (cert-file):
+ * # keytool -keystore keystore.jks -alias mockcert -certreq -file
certificate-request
+ * 4. to generate the ca-cert.srl file and make the cert valid for 10
years:
+ * # openssl x509 -req -CA ca-cert -CAkey ca-key -in certificate-request
-out cert-signed
+ * -days 3650 -CAcreateserial -passin pass:password
+ * 5. add the ca-cert to the keystore.jks:
+ * # keytool -keystore keystore.jks -alias mockca -import -file ca-cert
+ * 6. install the signed certificate to the keystore:
+ * # keytool -keystore keystore.jks -alias mockcert -import -file
cert-signed
+ * 7. add the certificate to the truststore:
+ * # keytool -keystore truststore.jks -alias mockcert -import -file ca-cert
+ * For our purpose, we only need the end result of this process: the
keystore.jks and the
+ * truststore.jks files.
+ *
+ * @return conf The method returns the updated Configuration.
+ */
+ public Map<String, Object> setUpSecureConfig(String testDataPath) throws
Exception {
+ System.setProperty("zookeeper.ssl.keyStore.location", testDataPath +
"testKeyStore.jks");
+ System.setProperty("zookeeper.ssl.keyStore.password", "testpass");
+ System.setProperty("zookeeper.ssl.trustStore.location", testDataPath +
"testTrustStore.jks");
+ System.setProperty("zookeeper.ssl.trustStore.password", "testpass");
+ System.setProperty("zookeeper.request.timeout", "12345");
+ System.setProperty("zookeeper.serverCnxnFactory",
"org.apache.zookeeper.server.NettyServerCnxnFactory");
+ System.setProperty("jute.maxbuffer", String.valueOf(JUTE_MAXBUFFER));
+
+ System.setProperty("javax.net.debug", "ssl");
+ System.setProperty("zookeeper.authProvider.x509",
+ "org.apache.zookeeper.server.auth" +
".X509AuthenticationProvider");
+
+ // inject values to the ZK configuration file for secure connection
+ Map<String, Object> customConfiguration = new HashMap<>();
+ customConfiguration.put("secureClientPort",
String.valueOf(SECURE_CLIENT_PORT));
+ customConfiguration.put("audit.enable", "true");
+ InstanceSpec spec =
+ new InstanceSpec(ZK_DATA_DIR, SECURE_CLIENT_PORT,
ELECTION_PORT, QUORUM_PORT,
+ DELETE_DATA_DIRECTORY_ON_CLOSE, SERVER_ID, TICK_TIME,
MAX_CLIENT_CNXNS,
+ customConfiguration);
+
+ this.server = new TestingServer(spec, false);
+ Map<String, Object> conf = new HashMap<>();
+ conf.put(Config.ZK_SSL_KEYSTORE_LOCATION,
+ testDataPath + "testKeyStore.jks");
+ conf.put(Config.ZK_SSL_KEYSTORE_PASSWORD, "testpass");
+ conf.put(Config.ZK_SSL_TRUSTSTORE_LOCATION,
+ testDataPath + "testTrustStore.jks");
+ conf.put(Config.ZK_SSL_TRUSTSTORE_PASSWORD, "testpass");
+ conf.put(Config.ZK_SSL_HOSTNAME_VERIFICATION, false);
+ return conf;
+ }
+
+ @Test
+ public void testSecureZKConfiguration() throws Exception {
+ LOG.info("Entered to the testSecureZKConfiguration test case.");
+ Map<String, Object> conf = setUpSecureConfig("test/resources/ssl/");
Review Comment:
sorry, I must be missing something. Can't see the files added to the PR
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@storm.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
