Google Git
Sign in
apache / geode-native / 50a441c4c0f78679558d520eaf20022ae51de3ff / . / cppcache / integration / test / SslTwoWayTest.cpp
blob: 877d3ae9c52c46e051bfdb766e0c0e45fbd7b47c [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <iostream>
#include <thread>
#include <gtest/gtest.h>
#include <geode/Cache.hpp>
#include <geode/CacheFactory.hpp>
#include <geode/RegionFactory.hpp>
#include <geode/RegionShortcut.hpp>
#include "framework/Cluster.h"
namespace ssltest {
using apache::geode::client::AuthenticationRequiredException;
using apache::geode::client::CacheableString;
using apache::geode::client::CacheFactory;
using apache::geode::client::Exception;
using apache::geode::client::RegionShortcut;
class SslTwoWayTest : public ::testing::Test {
protected:
SslTwoWayTest() {
certificatePassword = std::string("apachegeode");
serverSslKeysDir = boost::filesystem::path(
getFrameworkString(FrameworkVariable::TestServerSslKeysDir));
clientSslKeysDir = boost::filesystem::path(
getFrameworkString(FrameworkVariable::TestClientSslKeysDir));
}
~SslTwoWayTest() override = default;
void SetUp() override {
const auto clusterKeystore =
(serverSslKeysDir /
boost::filesystem::path("server_keystore_chained.p12"));
const auto clusterTruststore =
(serverSslKeysDir /
boost::filesystem::path("server_truststore_chained_root.jks"));
cluster.useSsl(true, clusterKeystore.string(), clusterTruststore.string(),
certificatePassword, certificatePassword);
cluster.start();
cluster.getGfsh()
.create()
.region()
.withName("region")
.withType("PARTITION")
.execute();
}
void TearDown() override {}
Cluster cluster = Cluster{LocatorCount{1}, ServerCount{1}};
std::string certificatePassword;
boost::filesystem::path serverSslKeysDir;
boost::filesystem::path clientSslKeysDir;
};
TEST_F(SslTwoWayTest, PutGetWithValidSslConfiguration) {
const auto clientKeystore =
(clientSslKeysDir /
boost::filesystem::path("client_keystore_chained.pem"));
const auto clientTruststore =
(clientSslKeysDir /
boost::filesystem::path("client_truststore_chained_root.pem"));
auto cache = CacheFactory()
.set("log-level", "debug")
.set("log-file", "./gemfire.log")
.set("ssl-enabled", "true")
.set("ssl-keystore", clientKeystore.string())
.set("ssl-keystore-password", certificatePassword)
.set("ssl-truststore", clientTruststore.string())
.create();
cache.getPoolManager()
.createFactory()
.addLocator("localhost", cluster.getLocatorPort())
.create("pool");
auto region = cache.createRegionFactory(RegionShortcut::PROXY)
.setPoolName("pool")
.create("region");
try {
region->put("1", "one");
} catch (Exception& ex) {
std::cout << ex.getStackTrace();
}
std::shared_ptr<apache::geode::client::Cacheable> value;
try {
value = region->get("1");
} catch (Exception& ex) {
std::cout << ex.getStackTrace();
}
EXPECT_TRUE(value);
auto string_value =
std::dynamic_pointer_cast<apache::geode::client::CacheableString>(value);
EXPECT_TRUE(string_value);
EXPECT_EQ(string_value->value(), "one");
std::cout << "Read " << string_value->value() << " from the server.";
cache.close();
}
TEST_F(SslTwoWayTest, PutWithInvalidKeystorePassword) {
const auto clientKeystore =
(clientSslKeysDir /
boost::filesystem::path("client_keystore_chained.pem"));
const auto clientTruststore =
(clientSslKeysDir /
boost::filesystem::path("client_truststore_chained_root.pem"));
auto cache = CacheFactory()
.set("log-level", "none")
.set("ssl-enabled", "true")
.set("ssl-keystore", clientKeystore.string())
.set("ssl-keystore-password", "bad_password")
.set("ssl-truststore", clientTruststore.string())
.create();
cache.getPoolManager()
.createFactory()
.addLocator("localhost", cluster.getLocatorPort())
.create("pool");
auto region = cache.createRegionFactory(RegionShortcut::PROXY)
.setPoolName("pool")
.create("region");
try {
region->put("1", "one");
FAIL() << "Expected apache::geode::client::NotConnectedException";
} catch (const Exception& exception) {
EXPECT_EQ(exception.getName(),
"apache::geode::client::NotConnectedException");
}
cache.close();
}
TEST_F(SslTwoWayTest, PutWithUntrustedKeystore) {
const auto clientUntrustedKeystore =
(clientSslKeysDir /
boost::filesystem::path("client_keystore_untrusted.pem"));
const auto clientTruststore =
(clientSslKeysDir /
boost::filesystem::path("client_truststore_chained_root.pem"));
auto cache = CacheFactory()
.set("log-level", "none")
.set("ssl-enabled", "true")
.set("ssl-keystore", clientUntrustedKeystore.string())
.set("ssl-keystore-password", "secret")
.set("ssl-truststore", clientTruststore.string())
.create();
cache.getPoolManager()
.createFactory()
.addLocator("localhost", cluster.getLocatorPort())
.create("pool");
auto region = cache.createRegionFactory(RegionShortcut::PROXY)
.setPoolName("pool")
.create("region");
try {
region->put("1", "one");
FAIL() << "Expected apache::geode::client::NotConnectedException";
} catch (const Exception& exception) {
EXPECT_EQ(exception.getName(),
"apache::geode::client::NotConnectedException");
}
cache.close();
}
TEST_F(SslTwoWayTest, PutWithCorruptKeystore) {
const auto clientCorruptKeystore =
(clientSslKeysDir /
boost::filesystem::path("client_keystore_corrupt.pem"));
const auto clientTruststore =
(clientSslKeysDir /
boost::filesystem::path("client_truststore_chained_root.pem"));
auto cache = CacheFactory()
.set("log-level", "none")
.set("ssl-enabled", "true")
.set("ssl-keystore", clientCorruptKeystore.string())
.set("ssl-keystore-password", certificatePassword)
.set("ssl-truststore", clientTruststore.string())
.create();
cache.getPoolManager()
.createFactory()
.addLocator("localhost", cluster.getLocatorPort())
.create("pool");
auto region = cache.createRegionFactory(RegionShortcut::PROXY)
.setPoolName("pool")
.create("region");
try {
region->put("1", "one");
FAIL() << "Expected apache::geode::client::NotConnectedException";
} catch (const Exception& exception) {
EXPECT_EQ(exception.getName(),
"apache::geode::client::NotConnectedException");
}
cache.close();
}
TEST_F(SslTwoWayTest, PutWithUntrustedTruststore) {
const auto clientKeystore =
(clientSslKeysDir /
boost::filesystem::path("client_keystore_chained.pem"));
const auto clientUntrustedTruststore =
(clientSslKeysDir /
boost::filesystem::path("client_truststore_untrusting.pem"));
auto cache = CacheFactory()
.set("log-level", "none")
.set("ssl-enabled", "true")
.set("ssl-keystore", clientKeystore.string())
.set("ssl-keystore-password", certificatePassword)
.set("ssl-truststore", clientUntrustedTruststore.string())
.create();
cache.getPoolManager()
.createFactory()
.addLocator("localhost", cluster.getLocatorPort())
.create("pool");
auto region = cache.createRegionFactory(RegionShortcut::PROXY)
.setPoolName("pool")
.create("region");
try {
region->put("1", "one");
FAIL() << "Expected apache::geode::client::NotConnectedException";
} catch (const Exception& exception) {
EXPECT_EQ(exception.getName(),
"apache::geode::client::NotConnectedException");
}
cache.close();
}
TEST_F(SslTwoWayTest, PutWithCorruptTruststore) {
const auto clientKeystore =
(clientSslKeysDir /
boost::filesystem::path("client_keystore_chained.pem"));
const auto clientUntrustedTruststore =
(clientSslKeysDir /
boost::filesystem::path("client_truststore_corrupt.pem"));
auto cache = CacheFactory()
.set("log-level", "none")
.set("ssl-enabled", "true")
.set("ssl-keystore", clientKeystore.string())
.set("ssl-keystore-password", certificatePassword)
.set("ssl-truststore", clientUntrustedTruststore.string())
.create();
cache.getPoolManager()
.createFactory()
.addLocator("localhost", cluster.getLocatorPort())
.create("pool");
auto region = cache.createRegionFactory(RegionShortcut::PROXY)
.setPoolName("pool")
.create("region");
try {
region->put("1", "one");
FAIL() << "Expected apache::geode::client::NotConnectedException";
} catch (const Exception& exception) {
EXPECT_EQ(exception.getName(),
"apache::geode::client::NotConnectedException");
}
cache.close();
}
TEST_F(SslTwoWayTest, PutWithMissingTruststore) {
const auto clientKeystore =
(clientSslKeysDir /
boost::filesystem::path("client_keystore_chained.pem"));
const auto clientMissingTruststore =
(clientSslKeysDir /
boost::filesystem::path("client_truststore_missing.pem"));
auto cache = CacheFactory()
.set("log-level", "none")
.set("ssl-enabled", "true")
.set("ssl-keystore", clientKeystore.string())
.set("ssl-keystore-password", certificatePassword)
.set("ssl-truststore", clientMissingTruststore.string())
.create();
cache.getPoolManager()
.createFactory()
.addLocator("localhost", cluster.getLocatorPort())
.create("pool");
auto region = cache.createRegionFactory(RegionShortcut::PROXY)
.setPoolName("pool")
.create("region");
try {
region->put("1", "one");
FAIL() << "Expected apache::geode::client::NotConnectedException";
} catch (const Exception& exception) {
EXPECT_EQ(exception.getName(),
"apache::geode::client::NotConnectedException");
}
cache.close();
}
} // namespace ssltest