[
https://issues.apache.org/jira/browse/GEODE-10562?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18064453#comment-18064453
]
ASF subversion and git services commented on GEODE-10562:
---------------------------------------------------------
Commit 0e5edc311e945d2b40d88658c25a57e4b417cc7a in geode's branch
refs/heads/develop from Jinwoo Hwang
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=0e5edc311e ]
GEODE-10562: Testcases for Hybrid CA TLS Configuration Test Suite (#7988)
* GEODE-10562 :
Testcases — Hybrid Model (Public CA servers, Private CA clients)
* GEODE-10562 :
Testcases — Hybrid Model (Public CA servers, Private CA clients)
* Add sun.security.util exports for CertificateBuilder
- Export sun.security.util package alongside sun.security.x509
- Required for ObjectIdentifier import in CertificateBuilder.java
- Added to both compileJava and javadoc tasks for Java 17 compatibility
* javadoc
> Testcases — Hybrid Model (Public CA servers, Private CA clients)
> ----------------------------------------------------------------
>
> Key: GEODE-10562
> URL: https://issues.apache.org/jira/browse/GEODE-10562
> Project: Geode
> Issue Type: Improvement
> Affects Versions: 2.0.0
> Reporter: Jinwoo Hwang
> Assignee: Jinwoo Hwang
> Priority: Major
> Fix For: 2.0.1
>
>
> h3. Summary
> Create testcases to validate the hybrid TLS model where servers
> (peer-to-peer) use certificates issued by a public CA while clients
> authenticate using certificates issued by an internal/private CA.
> h3. Test environment / prerequisites
> - Java runtime matching CI environment
> - Test CA artifacts: 1) Public CA chain (root/intermediate), 2) Private CA
> (root/intermediate)
> - Helper scripts to create keystores and truststores (existing test tooling)
> - Nodes available: at least 2 servers (peers), 1 locator, 1 client
> - Ensure `ssl-keystore-type=JKS`, `ssl-truststore-type=JKS` and
> `ssl-require-authentication=true` are configurable in test node properties
> h3. Automation notes
> - Each testcase should be automatable via existing Geode dunit or jUnit test
> harnesses. Use helper utilities to generate keystores/truststores
> programmatically.
> - Parameterize cert properties: EKU flags, SAN content, validity dates,
> chain order, keystore/truststore formats.
> - Validate both JSSE-level exceptions and Geode log entries for accurate
> root cause mapping.
> h3. Acceptance criteria
> - Test passes when it can be run reliably in CI and reproduces expected JSSE
> and Geode behavior.
> - Test must include assertions for: TLS handshake success/failure, EKU
> validation results, and clear log evidence.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
