TINKERPOP-2023 added tests and some fixes
Project: http://git-wip-us.apache.org/repos/asf/tinkerpop/repo Commit: http://git-wip-us.apache.org/repos/asf/tinkerpop/commit/d05e3c56 Tree: http://git-wip-us.apache.org/repos/asf/tinkerpop/tree/d05e3c56 Diff: http://git-wip-us.apache.org/repos/asf/tinkerpop/diff/d05e3c56 Branch: refs/heads/tp32 Commit: d05e3c566b580f5aee020234e17b69df3f708b7a Parents: 5d893cf Author: Robert Dale <robd...@gmail.com> Authored: Mon Aug 13 15:28:40 2018 -0400 Committer: Robert Dale <robd...@gmail.com> Committed: Fri Aug 17 15:06:33 2018 -0400 ---------------------------------------------------------------------- .../src/reference/gremlin-applications.asciidoc | 2 +- .../tinkerpop/gremlin/driver/Settings.java | 28 ++- .../tinkerpop/gremlin/driver/SettingsTest.java | 17 ++ .../AbstractGremlinServerIntegrationTest.java | 14 +- .../server/GremlinServerIntegrateTest.java | 192 +++++++++++++++++-- ...ctGremlinServerChannelizerIntegrateTest.java | 2 + .../src/test/resources/client-key.jks | Bin 0 -> 2241 bytes .../src/test/resources/client-key.p12 | Bin 0 -> 2583 bytes .../src/test/resources/client-trust.jks | Bin 0 -> 969 bytes .../src/test/resources/client-trust.p12 | Bin 0 -> 1202 bytes .../src/test/resources/server-key.jks | Bin 0 -> 2258 bytes .../src/test/resources/server-key.p12 | Bin 0 -> 2613 bytes .../src/test/resources/server-trust.jks | Bin 0 -> 952 bytes .../src/test/resources/server-trust.p12 | Bin 0 -> 1186 bytes gremlin-server/src/test/resources/server.jks | Bin 2258 -> 0 bytes gremlin-server/src/test/resources/server.p12 | Bin 2613 -> 0 bytes 16 files changed, 228 insertions(+), 27 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/d05e3c56/docs/src/reference/gremlin-applications.asciidoc ---------------------------------------------------------------------- diff --git a/docs/src/reference/gremlin-applications.asciidoc b/docs/src/reference/gremlin-applications.asciidoc index 1f64f46..8ad8a0a 100644 --- a/docs/src/reference/gremlin-applications.asciidoc +++ b/docs/src/reference/gremlin-applications.asciidoc @@ -735,7 +735,7 @@ The following table describes the various configuration options for the Gremlin |connectionPool.keyPassword |The password of the `keyFile` if it is password-protected. |_none_ |connectionPool.keyStore |The private key in JKS or PKCS#12 format. |_none_ |connectionPool.keyStorePassword |The password of the `keyStore` if it is password-protected. |_none_ -|connectionPool.keyStoreType |JKS (Java 8 default) or PKCS#12 (Java 9+ default)|_none_ +|connectionPool.keyStoreType |`JKS` (Java 8 default) or `PKCS12` (Java 9+ default)|_none_ |connectionPool.maxContentLength |The maximum length in bytes that a message can be sent to the server. This number can be no greater than the setting of the same name in the server configuration. |65536 |connectionPool.maxInProcessPerConnection |The maximum number of in-flight requests that can occur on a connection. |4 |connectionPool.maxSimultaneousUsagePerConnection |The maximum number of times that a connection can be borrowed from the pool simultaneously. |16 http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/d05e3c56/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java ---------------------------------------------------------------------- diff --git a/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java b/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java index 009a0bf..4d54792 100644 --- a/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java +++ b/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java @@ -181,6 +181,32 @@ final class Settings { if (connectionPoolConf.containsKey("trustCertChainFile")) cpSettings.trustCertChainFile = connectionPoolConf.getString("trustCertChainFile"); + if (connectionPoolConf.containsKey("keyStore")) + cpSettings.keyStore = connectionPoolConf.getString("keyStore"); + + if (connectionPoolConf.containsKey("keyStorePassword")) + cpSettings.keyStorePassword = connectionPoolConf.getString("keyStorePassword"); + + if (connectionPoolConf.containsKey("keyStoreType")) + cpSettings.keyStoreType = connectionPoolConf.getString("keyStoreType"); + + if (connectionPoolConf.containsKey("trustStore")) + cpSettings.trustStore = connectionPoolConf.getString("trustStore"); + + if (connectionPoolConf.containsKey("trustStorePassword")) + cpSettings.trustStorePassword = connectionPoolConf.getString("trustStorePassword"); + + if (connectionPoolConf.containsKey("sslEnabledProtocols")) + cpSettings.sslEnabledProtocols = connectionPoolConf.getList("sslEnabledProtocols").stream().map(Object::toString) + .collect(Collectors.toList()); + + if (connectionPoolConf.containsKey("sslCipherSuites")) + cpSettings.sslCipherSuites = connectionPoolConf.getList("sslCipherSuites").stream().map(Object::toString) + .collect(Collectors.toList()); + + if (connectionPoolConf.containsKey("sslSkipCertValidation")) + cpSettings.sslSkipCertValidation = connectionPoolConf.getBoolean("sslSkipCertValidation"); + if (connectionPoolConf.containsKey("minSize")) cpSettings.minSize = connectionPoolConf.getInt("minSize"); @@ -283,7 +309,7 @@ final class Settings { public String trustStorePassword; /** - * JSSE keystore format. Similar to setting JSSE property + * JSSE keystore format. 'jks' or 'pkcs12'. Similar to setting JSSE property * {@code javax.net.ssl.keyStoreType}. */ public String keyStoreType; http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/d05e3c56/gremlin-driver/src/test/java/org/apache/tinkerpop/gremlin/driver/SettingsTest.java ---------------------------------------------------------------------- diff --git a/gremlin-driver/src/test/java/org/apache/tinkerpop/gremlin/driver/SettingsTest.java b/gremlin-driver/src/test/java/org/apache/tinkerpop/gremlin/driver/SettingsTest.java index c373879..56e0ec8 100644 --- a/gremlin-driver/src/test/java/org/apache/tinkerpop/gremlin/driver/SettingsTest.java +++ b/gremlin-driver/src/test/java/org/apache/tinkerpop/gremlin/driver/SettingsTest.java @@ -49,6 +49,14 @@ public class SettingsTest { conf.setProperty("connectionPool.keyFile", "PKCS#8"); conf.setProperty("connectionPool.keyPassword", "password1"); conf.setProperty("connectionPool.trustCertChainFile", "pem"); + conf.setProperty("connectionPool.keyStore", "server.jks"); + conf.setProperty("connectionPool.keyStorePassword", "password2"); + conf.setProperty("connectionPool.keyStoreType", "pkcs12"); + conf.setProperty("connectionPool.trustStore", "trust.jks"); + conf.setProperty("connectionPool.trustStorePassword", "password3"); + conf.setProperty("connectionPool.sslEnabledProtocols", Arrays.asList("TLSv1.1","TLSv1.2")); + conf.setProperty("connectionPool.sslCipherSuites", Arrays.asList("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384")); + conf.setProperty("connectionPool.sslSkipCertValidation", true); conf.setProperty("connectionPool.minSize", 100); conf.setProperty("connectionPool.maxSize", 200); conf.setProperty("connectionPool.minSimultaneousUsagePerConnection", 300); @@ -71,6 +79,7 @@ public class SettingsTest { assertEquals("password1", settings.password); assertEquals("JaasIt", settings.jaasEntry); assertEquals("protocol0", settings.protocol); + assertEquals(Arrays.asList("255.0.0.1", "255.0.0.2", "255.0.0.3"), settings.hosts); assertEquals("my.serializers.MySerializer", settings.serializer.className); assertEquals("thing", settings.serializer.config.get("any")); assertEquals(true, settings.connectionPool.enableSsl); @@ -78,6 +87,14 @@ public class SettingsTest { assertEquals("PKCS#8", settings.connectionPool.keyFile); assertEquals("password1", settings.connectionPool.keyPassword); assertEquals("pem", settings.connectionPool.trustCertChainFile); + assertEquals("server.jks", settings.connectionPool.keyStore); + assertEquals("password2", settings.connectionPool.keyStorePassword); + assertEquals("pkcs12", settings.connectionPool.keyStoreType); + assertEquals("trust.jks", settings.connectionPool.trustStore); + assertEquals("password3", settings.connectionPool.trustStorePassword); + assertEquals(Arrays.asList("TLSv1.1","TLSv1.2"), settings.connectionPool.sslEnabledProtocols); + assertEquals(Arrays.asList("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"), settings.connectionPool.sslCipherSuites); + assertEquals(true, settings.connectionPool.sslSkipCertValidation); assertEquals(100, settings.connectionPool.minSize); assertEquals(200, settings.connectionPool.maxSize); assertEquals(300, settings.connectionPool.minSimultaneousUsagePerConnection); http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/d05e3c56/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/AbstractGremlinServerIntegrationTest.java ---------------------------------------------------------------------- diff --git a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/AbstractGremlinServerIntegrationTest.java b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/AbstractGremlinServerIntegrationTest.java index 0543a59..c5e3966 100644 --- a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/AbstractGremlinServerIntegrationTest.java +++ b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/AbstractGremlinServerIntegrationTest.java @@ -40,10 +40,16 @@ import static org.junit.Assume.assumeThat; public abstract class AbstractGremlinServerIntegrationTest { public static final String KEY_PASS = "changeit"; - public static final String JKS_SERVER_KEY = "src/test/resources/server.jks"; - public static final String JKS_CLIENT_KEY = "src/test/resources/client.jks"; - public static final String P12_SERVER_KEY = "src/test/resources/server.p12"; - public static final String P12_CLIENT_KEY = "src/test/resources/client.p12"; + public static final String JKS_SERVER_KEY = "src/test/resources/server-key.jks"; + public static final String JKS_SERVER_TRUST = "src/test/resources/server-trust.jks"; + public static final String JKS_CLIENT_KEY = "src/test/resources/client-key.jks"; + public static final String JKS_CLIENT_TRUST = "src/test/resources/client-trust.jks"; + public static final String P12_SERVER_KEY = "src/test/resources/server-key.p12"; + public static final String P12_SERVER_TRUST = "src/test/resources/server-trust.p12"; + public static final String P12_CLIENT_KEY = "src/test/resources/client-key.p12"; + public static final String P12_CLIENT_TRUST = "src/test/resources/client-trust.p12"; + public static final String KEYSTORE_TYPE_JKS = "jks"; + public static final String KEYSTORE_TYPE_PKCS12 = "pkcs12"; protected GremlinServer server; private Settings overriddenSettings; http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/d05e3c56/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerIntegrateTest.java ---------------------------------------------------------------------- diff --git a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerIntegrateTest.java b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerIntegrateTest.java index 238d2b2..a4e9478 100644 --- a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerIntegrateTest.java +++ b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerIntegrateTest.java @@ -74,6 +74,7 @@ import org.junit.Test; import java.lang.reflect.Field; import java.nio.channels.ClosedChannelException; import java.util.ArrayList; +import java.util.Arrays; import java.util.Collections; import java.util.HashMap; import java.util.Iterator; @@ -195,42 +196,97 @@ public class GremlinServerIntegrateTest extends AbstractGremlinServerIntegration settings.ssl.enabled = true; settings.ssl.keyStore = JKS_SERVER_KEY; settings.ssl.keyStorePassword = KEY_PASS; + settings.ssl.keyStoreType = KEYSTORE_TYPE_JKS; break; case "shouldEnableSslWithSslContextProgrammaticallySpecified": settings.ssl = new Settings.SslSettings(); settings.ssl.enabled = true; settings.ssl.overrideSslContext(createServerSslContext()); break; - case "shouldEnableSslAndClientCertificateAuth": + case "shouldEnableSslAndClientCertificateAuthWithLegacyPem": settings.ssl = new Settings.SslSettings(); settings.ssl.enabled = true; settings.ssl.needClientAuth = ClientAuth.REQUIRE; settings.ssl.keyCertChainFile = PEM_SERVER_CRT; settings.ssl.keyFile = PEM_SERVER_KEY; - settings.ssl.keyPassword =KEY_PASS; + settings.ssl.keyPassword = KEY_PASS; // Trust the client settings.ssl.trustCertChainFile = PEM_CLIENT_CRT; - break; - case "shouldEnableSslAndClientCertificateAuthAndFailWithoutCert": + break; + case "shouldEnableSslAndClientCertificateAuthAndFailWithoutCertWithLegacyPem": settings.ssl = new Settings.SslSettings(); settings.ssl.enabled = true; settings.ssl.needClientAuth = ClientAuth.REQUIRE; settings.ssl.keyCertChainFile = PEM_SERVER_CRT; settings.ssl.keyFile = PEM_SERVER_KEY; - settings.ssl.keyPassword =KEY_PASS; + settings.ssl.keyPassword = KEY_PASS; // Trust the client settings.ssl.trustCertChainFile = PEM_CLIENT_CRT; - break; - case "shouldEnableSslAndClientCertificateAuthAndFailWithoutTrustedClientCert": + break; + case "shouldEnableSslAndClientCertificateAuthAndFailWithoutTrustedClientCertWithLegacyPem": settings.ssl = new Settings.SslSettings(); settings.ssl.enabled = true; settings.ssl.needClientAuth = ClientAuth.REQUIRE; settings.ssl.keyCertChainFile = PEM_SERVER_CRT; settings.ssl.keyFile = PEM_SERVER_KEY; - settings.ssl.keyPassword =KEY_PASS; + settings.ssl.keyPassword = KEY_PASS; // Trust ONLY the server cert settings.ssl.trustCertChainFile = PEM_SERVER_CRT; - break; + break; + case "shouldEnableSslAndClientCertificateAuthWithPkcs12": + settings.ssl = new Settings.SslSettings(); + settings.ssl.enabled = true; + settings.ssl.needClientAuth = ClientAuth.REQUIRE; + settings.ssl.keyStore = P12_SERVER_KEY; + settings.ssl.keyStorePassword = KEY_PASS; + settings.ssl.keyStoreType = KEYSTORE_TYPE_PKCS12; + settings.ssl.trustStore = P12_SERVER_TRUST; + settings.ssl.trustStorePassword = KEY_PASS; + break; + case "shouldEnableSslAndClientCertificateAuth": + settings.ssl = new Settings.SslSettings(); + settings.ssl.enabled = true; + settings.ssl.needClientAuth = ClientAuth.REQUIRE; + settings.ssl.keyStore = JKS_SERVER_KEY; + settings.ssl.keyStorePassword = KEY_PASS; + settings.ssl.keyStoreType = KEYSTORE_TYPE_JKS; + settings.ssl.trustStore = JKS_SERVER_TRUST; + settings.ssl.trustStorePassword = KEY_PASS; + break; + case "shouldEnableSslAndClientCertificateAuthAndFailWithoutCert": + settings.ssl = new Settings.SslSettings(); + settings.ssl.enabled = true; + settings.ssl.needClientAuth = ClientAuth.REQUIRE; + settings.ssl.keyStore = JKS_SERVER_KEY; + settings.ssl.keyStorePassword = KEY_PASS; + settings.ssl.keyStoreType = KEYSTORE_TYPE_JKS; + settings.ssl.trustStore = JKS_SERVER_TRUST; + settings.ssl.trustStorePassword = KEY_PASS; + break; + case "shouldEnableSslAndClientCertificateAuthAndFailWithoutTrustedClientCert": + settings.ssl = new Settings.SslSettings(); + settings.ssl.enabled = true; + settings.ssl.needClientAuth = ClientAuth.REQUIRE; + settings.ssl.keyStore = JKS_SERVER_KEY; + settings.ssl.keyStorePassword = KEY_PASS; + settings.ssl.keyStoreType = KEYSTORE_TYPE_JKS; + break; + case "shouldEnableSslAndFailIfProtocolsDontMatch": + settings.ssl = new Settings.SslSettings(); + settings.ssl.enabled = true; + settings.ssl.keyStore = JKS_SERVER_KEY; + settings.ssl.keyStorePassword = KEY_PASS; + settings.ssl.keyStoreType = KEYSTORE_TYPE_JKS; + settings.ssl.sslEnabledProtocols = Arrays.asList("TLSv1.1"); + break; + case "shouldEnableSslAndFailIfCiphersDontMatch": + settings.ssl = new Settings.SslSettings(); + settings.ssl.enabled = true; + settings.ssl.keyStore = JKS_SERVER_KEY; + settings.ssl.keyStorePassword = KEY_PASS; + settings.ssl.keyStoreType = KEYSTORE_TYPE_JKS; + settings.ssl.sslCipherSuites = Arrays.asList("TLS_DHE_RSA_WITH_AES_128_CBC_SHA"); + break; case "shouldUseSimpleSandbox": settings.scriptEngines.get("gremlin-groovy").config = getScriptEngineConfForSimpleSandbox(); break; @@ -532,21 +588,21 @@ public class GremlinServerIntegrateTest extends AbstractGremlinServerIntegration } @Test - public void shouldEnableSslAndClientCertificateAuth() { - final Cluster cluster = TestClientFactory.build().enableSsl(true) - .keyCertChainFile(PEM_CLIENT_CRT).keyFile(PEM_CLIENT_KEY) - .keyPassword(KEY_PASS).trustCertificateChainFile(PEM_SERVER_CRT).create(); - final Client client = cluster.connect(); + public void shouldEnableSslAndClientCertificateAuthWithLegacyPem() { + final Cluster cluster = TestClientFactory.build().enableSsl(true) + .keyCertChainFile(PEM_CLIENT_CRT).keyFile(PEM_CLIENT_KEY) + .keyPassword(KEY_PASS).trustCertificateChainFile(PEM_SERVER_CRT).create(); + final Client client = cluster.connect(); try { - assertEquals("test", client.submit("'test'").one().getString()); + assertEquals("test", client.submit("'test'").one().getString()); } finally { cluster.close(); } } @Test - public void shouldEnableSslAndClientCertificateAuthAndFailWithoutCert() { + public void shouldEnableSslAndClientCertificateAuthAndFailWithoutCertWithLegacyPem() { final Cluster cluster = TestClientFactory.build().enableSsl(true).keyStore(JKS_SERVER_KEY).keyStorePassword(KEY_PASS).sslSkipCertValidation(true).create(); final Client client = cluster.connect(); @@ -562,11 +618,11 @@ public class GremlinServerIntegrateTest extends AbstractGremlinServerIntegration } @Test - public void shouldEnableSslAndClientCertificateAuthAndFailWithoutTrustedClientCert() { - final Cluster cluster = TestClientFactory.build().enableSsl(true) - .keyCertChainFile(PEM_CLIENT_CRT).keyFile(PEM_CLIENT_KEY) - .keyPassword(KEY_PASS).trustCertificateChainFile(PEM_SERVER_CRT).create(); - final Client client = cluster.connect(); + public void shouldEnableSslAndClientCertificateAuthAndFailWithoutTrustedClientCertWithLegacyPem() { + final Cluster cluster = TestClientFactory.build().enableSsl(true) + .keyCertChainFile(PEM_CLIENT_CRT).keyFile(PEM_CLIENT_KEY) + .keyPassword(KEY_PASS).trustCertificateChainFile(PEM_SERVER_CRT).create(); + final Client client = cluster.connect(); try { client.submit("'test'").one(); @@ -578,6 +634,100 @@ public class GremlinServerIntegrateTest extends AbstractGremlinServerIntegration cluster.close(); } } + + @Test + public void shouldEnableSslAndClientCertificateAuthWithPkcs12() { + final Cluster cluster = TestClientFactory.build().enableSsl(true).keyStore(P12_CLIENT_KEY).keyStorePassword(KEY_PASS) + .keyStoreType(KEYSTORE_TYPE_PKCS12).trustStore(P12_CLIENT_TRUST).trustStorePassword(KEY_PASS).create(); + final Client client = cluster.connect(); + + try { + assertEquals("test", client.submit("'test'").one().getString()); + } finally { + cluster.close(); + } + } + + @Test + public void shouldEnableSslAndClientCertificateAuth() { + final Cluster cluster = TestClientFactory.build().enableSsl(true).keyStore(JKS_CLIENT_KEY).keyStorePassword(KEY_PASS) + .keyStoreType(KEYSTORE_TYPE_JKS).trustStore(JKS_CLIENT_TRUST).trustStorePassword(KEY_PASS).create(); + final Client client = cluster.connect(); + + try { + assertEquals("test", client.submit("'test'").one().getString()); + } finally { + cluster.close(); + } + } + + @Test + public void shouldEnableSslAndClientCertificateAuthAndFailWithoutCert() { + final Cluster cluster = TestClientFactory.build().enableSsl(true).keyStore(JKS_SERVER_KEY).keyStorePassword(KEY_PASS) + .keyStoreType(KEYSTORE_TYPE_JKS).sslSkipCertValidation(true).create(); + final Client client = cluster.connect(); + + try { + client.submit("'test'").one(); + fail("Should throw exception because ssl client auth is enabled on the server but client does not have a cert"); + } catch (Exception x) { + final Throwable root = ExceptionUtils.getRootCause(x); + assertThat(root, instanceOf(TimeoutException.class)); + } finally { + cluster.close(); + } + } + + @Test + public void shouldEnableSslAndClientCertificateAuthAndFailWithoutTrustedClientCert() { + final Cluster cluster = TestClientFactory.build().enableSsl(true).keyStore(JKS_CLIENT_KEY).keyStorePassword(KEY_PASS) + .keyStoreType(KEYSTORE_TYPE_JKS).trustStore(JKS_CLIENT_TRUST).trustStorePassword(KEY_PASS).create(); + final Client client = cluster.connect(); + + try { + client.submit("'test'").one(); + fail("Should throw exception because ssl client auth is enabled on the server but does not trust client's cert"); + } catch (Exception x) { + final Throwable root = ExceptionUtils.getRootCause(x); + assertThat(root, instanceOf(TimeoutException.class)); + } finally { + cluster.close(); + } + } + + @Test + public void shouldEnableSslAndFailIfProtocolsDontMatch() { + final Cluster cluster = TestClientFactory.build().enableSsl(true).keyStore(JKS_SERVER_KEY).keyStorePassword(KEY_PASS) + .sslSkipCertValidation(true).sslEnabledProtocols(Arrays.asList("TLSv1.2")).create(); + final Client client = cluster.connect(); + + try { + client.submit("'test'").one(); + fail("Should throw exception because ssl client requires TLSv1.2 whereas server supports only TLSv1.1"); + } catch (Exception x) { + final Throwable root = ExceptionUtils.getRootCause(x); + assertThat(root, instanceOf(TimeoutException.class)); + } finally { + cluster.close(); + } + } + + @Test + public void shouldEnableSslAndFailIfCiphersDontMatch() { + final Cluster cluster = TestClientFactory.build().enableSsl(true).keyStore(JKS_SERVER_KEY).keyStorePassword(KEY_PASS) + .sslSkipCertValidation(true).sslCipherSuites(Arrays.asList("SSL_RSA_WITH_RC4_128_SHA")).create(); + final Client client = cluster.connect(); + + try { + client.submit("'test'").one(); + fail("Should throw exception because ssl client requires TLSv1.2 whereas server supports only TLSv1.1"); + } catch (Exception x) { + final Throwable root = ExceptionUtils.getRootCause(x); + assertThat(root, instanceOf(TimeoutException.class)); + } finally { + cluster.close(); + } + } @Test public void shouldRespectHighWaterMarkSettingAndSucceed() throws Exception { http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/d05e3c56/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/channel/AbstractGremlinServerChannelizerIntegrateTest.java ---------------------------------------------------------------------- diff --git a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/channel/AbstractGremlinServerChannelizerIntegrateTest.java b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/channel/AbstractGremlinServerChannelizerIntegrateTest.java index 300a7f4..ced5247 100644 --- a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/channel/AbstractGremlinServerChannelizerIntegrateTest.java +++ b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/channel/AbstractGremlinServerChannelizerIntegrateTest.java @@ -102,6 +102,7 @@ abstract class AbstractGremlinServerChannelizerIntegrateTest extends AbstractGre settings.ssl.enabled = true; settings.ssl.keyStore = JKS_SERVER_KEY; settings.ssl.keyStorePassword = KEY_PASS; + settings.ssl.keyStoreType = KEYSTORE_TYPE_JKS; break; case "shouldWorkWithAuth": if (authSettings != null) { @@ -113,6 +114,7 @@ abstract class AbstractGremlinServerChannelizerIntegrateTest extends AbstractGre settings.ssl.enabled = true; settings.ssl.keyStore = JKS_SERVER_KEY; settings.ssl.keyStorePassword = KEY_PASS; + settings.ssl.keyStoreType = KEYSTORE_TYPE_JKS; if (authSettings != null) { settings.authentication = getAuthSettings(); } http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/d05e3c56/gremlin-server/src/test/resources/client-key.jks ---------------------------------------------------------------------- diff --git a/gremlin-server/src/test/resources/client-key.jks b/gremlin-server/src/test/resources/client-key.jks new file mode 100644 index 0000000..39df02b Binary files /dev/null and b/gremlin-server/src/test/resources/client-key.jks differ http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/d05e3c56/gremlin-server/src/test/resources/client-key.p12 ---------------------------------------------------------------------- diff --git a/gremlin-server/src/test/resources/client-key.p12 b/gremlin-server/src/test/resources/client-key.p12 new file mode 100644 index 0000000..74f182c Binary files /dev/null and b/gremlin-server/src/test/resources/client-key.p12 differ http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/d05e3c56/gremlin-server/src/test/resources/client-trust.jks ---------------------------------------------------------------------- diff --git a/gremlin-server/src/test/resources/client-trust.jks b/gremlin-server/src/test/resources/client-trust.jks new file mode 100644 index 0000000..d8b5479 Binary files /dev/null and b/gremlin-server/src/test/resources/client-trust.jks differ http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/d05e3c56/gremlin-server/src/test/resources/client-trust.p12 ---------------------------------------------------------------------- diff --git a/gremlin-server/src/test/resources/client-trust.p12 b/gremlin-server/src/test/resources/client-trust.p12 new file mode 100644 index 0000000..2100e94 Binary files /dev/null and b/gremlin-server/src/test/resources/client-trust.p12 differ http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/d05e3c56/gremlin-server/src/test/resources/server-key.jks ---------------------------------------------------------------------- diff --git a/gremlin-server/src/test/resources/server-key.jks b/gremlin-server/src/test/resources/server-key.jks new file mode 100644 index 0000000..85dbe67 Binary files /dev/null and b/gremlin-server/src/test/resources/server-key.jks differ http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/d05e3c56/gremlin-server/src/test/resources/server-key.p12 ---------------------------------------------------------------------- diff --git a/gremlin-server/src/test/resources/server-key.p12 b/gremlin-server/src/test/resources/server-key.p12 new file mode 100644 index 0000000..4d1aad7 Binary files /dev/null and b/gremlin-server/src/test/resources/server-key.p12 differ http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/d05e3c56/gremlin-server/src/test/resources/server-trust.jks ---------------------------------------------------------------------- diff --git a/gremlin-server/src/test/resources/server-trust.jks b/gremlin-server/src/test/resources/server-trust.jks new file mode 100644 index 0000000..a53cf47 Binary files /dev/null and b/gremlin-server/src/test/resources/server-trust.jks differ http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/d05e3c56/gremlin-server/src/test/resources/server-trust.p12 ---------------------------------------------------------------------- diff --git a/gremlin-server/src/test/resources/server-trust.p12 b/gremlin-server/src/test/resources/server-trust.p12 new file mode 100644 index 0000000..a055de0 Binary files /dev/null and b/gremlin-server/src/test/resources/server-trust.p12 differ http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/d05e3c56/gremlin-server/src/test/resources/server.jks ---------------------------------------------------------------------- diff --git a/gremlin-server/src/test/resources/server.jks b/gremlin-server/src/test/resources/server.jks deleted file mode 100644 index 85dbe67..0000000 Binary files a/gremlin-server/src/test/resources/server.jks and /dev/null differ http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/d05e3c56/gremlin-server/src/test/resources/server.p12 ---------------------------------------------------------------------- diff --git a/gremlin-server/src/test/resources/server.p12 b/gremlin-server/src/test/resources/server.p12 deleted file mode 100644 index 4d1aad7..0000000 Binary files a/gremlin-server/src/test/resources/server.p12 and /dev/null differ