[GitHub] sijie closed pull request #941: BookieNettyServer: add contextHandler to the local transport pipeline

Fri, 05 Jan 2018 11:23:47 -0800 

sijie closed pull request #941: BookieNettyServer: add contextHandler to the 
local transport pipeline
URL: https://github.com/apache/bookkeeper/pull/941
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git 
a/bookkeeper-server/src/main/java/org/apache/bookkeeper/proto/BookieNettyServer.java
 
b/bookkeeper-server/src/main/java/org/apache/bookkeeper/proto/BookieNettyServer.java
index a2d7fc9fd..dc2cbcefe 100644
--- 
a/bookkeeper-server/src/main/java/org/apache/bookkeeper/proto/BookieNettyServer.java
+++ 
b/bookkeeper-server/src/main/java/org/apache/bookkeeper/proto/BookieNettyServer.java
@@ -372,6 +372,7 @@ protected void initChannel(LocalChannel ch) throws 
Exception {
                             : new RejectRequestHandler();
                     pipeline.addLast("bookieRequestHandler", requestHandler);
 
+                    pipeline.addLast("contextHandler", contextHandler);
                 }
             });
 
diff --git 
a/bookkeeper-server/src/test/java/org/apache/bookkeeper/tls/TestTLS.java 
b/bookkeeper-server/src/test/java/org/apache/bookkeeper/tls/TestTLS.java
index 65cb7d1de..1ba7f9476 100644
--- a/bookkeeper-server/src/test/java/org/apache/bookkeeper/tls/TestTLS.java
+++ b/bookkeeper-server/src/test/java/org/apache/bookkeeper/tls/TestTLS.java
@@ -178,6 +178,21 @@ public void testConnectToTLSClusterTLSClient() throws 
Exception {
         testClient(clientConf, numBookies);
     }
 
+    /**
+     * Verify the basic use of TLS. TLS client, TLS servers with 
LocalTransport.
+     */
+    @Test
+    public void testConnectToLocalTLSClusterTLSClient() throws Exception {
+        ServerConfiguration serverConf = new ServerConfiguration();
+        for (ServerConfiguration conf : bsConfs) {
+            conf.setDisableServerSocketBind(true);
+            conf.setEnableLocalTransport(true);
+        }
+        restartBookies(serverConf);
+
+        ClientConfiguration clientConf = new 
ClientConfiguration(baseClientConf);
+        testClient(clientConf, numBookies);
+    }
 
     /**
      * Multiple clients, some with TLS, and some without TLS.
@@ -326,6 +341,30 @@ public void 
testBookieAuthPluginRequireClientTLSAuthentication() throws Exceptio
         assertTrue(cert instanceof X509Certificate);
     }
 
+    /**
+     * Verify that a bookie-side Auth plugin can access server certificates 
over LocalTransport.
+     */
+    @Test
+    public void testBookieAuthPluginRequireClientTLSAuthenticationLocal() 
throws Exception {
+        ServerConfiguration serverConf = new ServerConfiguration(baseConf);
+        
serverConf.setBookieAuthProviderFactoryClass(AllowOnlyClientsWithX509Certificates.class.getName());
+        serverConf.setDisableServerSocketBind(true);
+        serverConf.setEnableLocalTransport(true);
+        restartBookies(serverConf);
+
+        secureBookieSideChannel = false;
+        secureBookieSideChannelPrincipals = null;
+        ClientConfiguration clientConf = new 
ClientConfiguration(baseClientConf);
+
+        testClient(clientConf, numBookies);
+        assertTrue(secureBookieSideChannel);
+        assertNotNull(secureBookieSideChannelPrincipals);
+        assertTrue(!secureBookieSideChannelPrincipals.isEmpty());
+        assertTrue(secureBookieSideChannelPrincipals.iterator().next() 
instanceof Certificate);
+        Certificate cert = (Certificate) 
secureBookieSideChannelPrincipals.iterator().next();
+        assertTrue(cert instanceof X509Certificate);
+    }
+
     /**
      * Verify that a bookie-side Auth plugin can access server certificates.
      */
@@ -352,6 +391,34 @@ public void 
testBookieAuthPluginDenyAccesstoClientWithoutTLSAuthentication() thr
         assertTrue(secureBookieSideChannelPrincipals.isEmpty());
     }
 
+    /**
+     * Verify that a bookie-side Auth plugin can access server certificates 
over LocalTransport.
+     */
+    @Test
+    public void 
testBookieAuthPluginDenyAccessToClientWithoutTLSAuthenticationLocal() throws 
Exception {
+        ServerConfiguration serverConf = new ServerConfiguration(baseConf);
+        serverConf.setTLSClientAuthentication(false);
+        
serverConf.setBookieAuthProviderFactoryClass(AllowOnlyClientsWithX509Certificates.class.getName());
+        serverConf.setDisableServerSocketBind(true);
+        serverConf.setEnableLocalTransport(true);
+        restartBookies(serverConf);
+
+        secureBookieSideChannel = false;
+        secureBookieSideChannelPrincipals = null;
+        ClientConfiguration clientConf = new 
ClientConfiguration(baseClientConf);
+        clientConf.setTLSClientAuthentication(false);
+
+        try {
+            testClient(clientConf, numBookies);
+            fail("Shouldn't be able to connect");
+        } catch (BKException.BKUnauthorizedAccessException authFailed) {
+        }
+
+        assertTrue(secureBookieSideChannel);
+        assertNotNull(secureBookieSideChannelPrincipals);
+        assertTrue(secureBookieSideChannelPrincipals.isEmpty());
+    }
+
     /**
      * Verify that a bookie-side Auth plugin can access server certificates.
      */


 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to