geode-assembly/src/distributedTest/java/org/apache/geode/management/internal/rest/ClusterManagementServiceOnServerTest.java - geode - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
  * agreements. See the NOTICE file distributed with this work for additional information regarding
  * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance with the License. You may obtain a
  * copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License
  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
  * or implied. See the License for the specific language governing permissions and limitations under
  * the License.
  */

 package org.apache.geode.management.internal.rest;

 import static org.apache.geode.distributed.ConfigurationProperties.SSL_ENABLED_COMPONENTS;
 import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE;
 import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE_PASSWORD;
 import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE;
 import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE_PASSWORD;
 import static org.apache.geode.distributed.ConfigurationProperties.SSL_USE_DEFAULT_CONTEXT;
 import static org.apache.geode.management.builder.ClusterManagementServiceBuilder.buildWithCache;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;

 import java.io.File;
 import java.io.Serializable;
 import java.util.Properties;

 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.springframework.web.client.ResourceAccessException;

 import org.apache.geode.cache.configuration.RegionConfig;
 import org.apache.geode.cache.configuration.RegionType;
 import org.apache.geode.internal.security.SecurableCommunicationChannel;
 import org.apache.geode.management.api.ClusterManagementResult;
 import org.apache.geode.management.api.ClusterManagementService;
 import org.apache.geode.test.dunit.rules.ClusterStartupRule;
 import org.apache.geode.test.dunit.rules.MemberVM;

 public class ClusterManagementServiceOnServerTest implements Serializable {

   @Rule
   public ClusterStartupRule cluster = new ClusterStartupRule();

   private File keyFile = new File(ClusterManagementServiceOnServerTest.class.getClassLoader()
       .getResource("ssl/trusted.keystore").getFile());

   private MemberVM locator, server;
   private Properties sslProps;
   private RegionConfig regionConfig;

   @Before
   public void before() throws Exception {
     sslProps = new Properties();
     sslProps.setProperty(SSL_KEYSTORE, keyFile.getCanonicalPath());
     sslProps.setProperty(SSL_TRUSTSTORE, keyFile.getCanonicalPath());
     sslProps.setProperty(SSL_KEYSTORE_PASSWORD, "password");
     sslProps.setProperty(SSL_TRUSTSTORE_PASSWORD, "password");
     sslProps.setProperty(SSL_ENABLED_COMPONENTS, SecurableCommunicationChannel.WEB.getConstant());

     regionConfig = new RegionConfig();
     regionConfig.setName("test");
     regionConfig.setType(RegionType.PARTITION);
   }

   @Test
   public void serverHasNoSslPropertyAndDoNotUseDefaultSSL() {
     locator = cluster.startLocatorVM(0, l -> l.withHttpService().withProperties(sslProps));
     int locatorPort = locator.getPort();
     server = cluster.startServerVM(1, s -> s.withConnectionToLocator(locatorPort));

     server.invoke(() -> {
       assertThatThrownBy(
           () -> buildWithCache()
               .setCache(ClusterStartupRule.getCache()).build())
                   .isInstanceOf(IllegalStateException.class);
     });
   }

   @Test
   public void serverHasNoSslPropertyAndDoUseIncorrectDefaultSSL() {
     locator = cluster.startLocatorVM(0, l -> l.withHttpService().withProperties(sslProps));
     int locatorPort = locator.getPort();
     Properties serverProps = new Properties();
     serverProps.setProperty(SSL_USE_DEFAULT_CONTEXT, "true");
     server = cluster.startServerVM(1,
         s -> s.withConnectionToLocator(locatorPort).withProperties(serverProps));

     server.invoke(() -> {
       ClusterManagementService service =
           buildWithCache().setCache(ClusterStartupRule.getCache())
               .build();
       assertThat(service).isNotNull();
       assertThatThrownBy(() -> service.create(regionConfig))
           .isInstanceOf(ResourceAccessException.class);
     });

     // the default ssl context is static and will probably pollute future tests
     server.getVM().bounce();
   }

   @Test
   public void serverHasNoSslPropertyAndDoUseCorrectDefaultSSL() {
     locator = cluster.startLocatorVM(0, l -> l.withHttpService().withProperties(sslProps));
     int locatorPort = locator.getPort();
     Properties serverProps = new Properties();
     serverProps.setProperty(SSL_USE_DEFAULT_CONTEXT, "true");
     server = cluster.startServerVM(1,
         s -> s.withConnectionToLocator(locatorPort).withProperties(serverProps));

     server.invoke(() -> {
       System.setProperty("javax.net.ssl.keyStore", keyFile.getCanonicalPath());
       System.setProperty("javax.net.ssl.keyStorePassword", "password");
       System.setProperty("javax.net.ssl.keyStoreType", "JKS");
       System.setProperty("javax.net.ssl.trustStore", keyFile.getCanonicalPath());
       System.setProperty("javax.net.ssl.trustStorePassword", "password");
       System.setProperty("javax.net.ssl.trustStoreType", "JKS");

       ClusterManagementService service =
           buildWithCache().setCache(ClusterStartupRule.getCache())
               .build();
       assertThat(service).isNotNull();
       ClusterManagementResult clusterManagementResult =
           service.create(regionConfig);
       assertThat(clusterManagementResult.isSuccessful()).isTrue();
     });

     // the default ssl context is static and will probably pollute future tests
     server.getVM().bounce();
   }

   @Test
   public void useDefaultSSLPropertyTakesPrecedence() {
     locator = cluster.startLocatorVM(0, l -> l.withHttpService().withProperties(sslProps));
     int locatorPort = locator.getPort();
     Properties serverProps = new Properties(sslProps);
     serverProps.setProperty(SSL_USE_DEFAULT_CONTEXT, "true");
     server = cluster.startServerVM(1,
         s -> s.withConnectionToLocator(locatorPort).withProperties(serverProps));

     server.invoke(() -> {
       // default SSL context not set here, and ssl config inside sslProps is ignored because
       // use_default_ssl_context is true
       ClusterManagementService service =
           buildWithCache().setCache(ClusterStartupRule.getCache())
               .build();
       assertThat(service).isNotNull();
       assertThatThrownBy(() -> service.create(regionConfig))
           .isInstanceOf(ResourceAccessException.class);
     });

     // the default ssl context is static and will probably pollute future tests
     server.getVM().bounce();
   }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more contributor license
	* agreements. See the NOTICE file distributed with this work for additional information regarding
	* copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance with the License. You may obtain a
	* copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software distributed under the License
	* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
	* or implied. See the License for the specific language governing permissions and limitations under
	* the License.
	*/

	package org.apache.geode.management.internal.rest;

	import static org.apache.geode.distributed.ConfigurationProperties.SSL_ENABLED_COMPONENTS;
	import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE;
	import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE_PASSWORD;
	import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE;
	import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE_PASSWORD;
	import static org.apache.geode.distributed.ConfigurationProperties.SSL_USE_DEFAULT_CONTEXT;
	import static org.apache.geode.management.builder.ClusterManagementServiceBuilder.buildWithCache;
	import static org.assertj.core.api.Assertions.assertThat;
	import static org.assertj.core.api.Assertions.assertThatThrownBy;

	import java.io.File;
	import java.io.Serializable;
	import java.util.Properties;

	import org.junit.Before;
	import org.junit.Rule;
	import org.junit.Test;
	import org.springframework.web.client.ResourceAccessException;

	import org.apache.geode.cache.configuration.RegionConfig;
	import org.apache.geode.cache.configuration.RegionType;
	import org.apache.geode.internal.security.SecurableCommunicationChannel;
	import org.apache.geode.management.api.ClusterManagementResult;
	import org.apache.geode.management.api.ClusterManagementService;
	import org.apache.geode.test.dunit.rules.ClusterStartupRule;
	import org.apache.geode.test.dunit.rules.MemberVM;

	public class ClusterManagementServiceOnServerTest implements Serializable {

	@Rule
	public ClusterStartupRule cluster = new ClusterStartupRule();

	private File keyFile = new File(ClusterManagementServiceOnServerTest.class.getClassLoader()
	.getResource("ssl/trusted.keystore").getFile());

	private MemberVM locator, server;
	private Properties sslProps;
	private RegionConfig regionConfig;

	@Before
	public void before() throws Exception {
	sslProps = new Properties();
	sslProps.setProperty(SSL_KEYSTORE, keyFile.getCanonicalPath());
	sslProps.setProperty(SSL_TRUSTSTORE, keyFile.getCanonicalPath());
	sslProps.setProperty(SSL_KEYSTORE_PASSWORD, "password");
	sslProps.setProperty(SSL_TRUSTSTORE_PASSWORD, "password");
	sslProps.setProperty(SSL_ENABLED_COMPONENTS, SecurableCommunicationChannel.WEB.getConstant());

	regionConfig = new RegionConfig();
	regionConfig.setName("test");
	regionConfig.setType(RegionType.PARTITION);
	}

	@Test
	public void serverHasNoSslPropertyAndDoNotUseDefaultSSL() {
	locator = cluster.startLocatorVM(0, l -> l.withHttpService().withProperties(sslProps));
	int locatorPort = locator.getPort();
	server = cluster.startServerVM(1, s -> s.withConnectionToLocator(locatorPort));

	server.invoke(() -> {
	assertThatThrownBy(
	() -> buildWithCache()
	.setCache(ClusterStartupRule.getCache()).build())
	.isInstanceOf(IllegalStateException.class);
	});
	}

	@Test
	public void serverHasNoSslPropertyAndDoUseIncorrectDefaultSSL() {
	locator = cluster.startLocatorVM(0, l -> l.withHttpService().withProperties(sslProps));
	int locatorPort = locator.getPort();
	Properties serverProps = new Properties();
	serverProps.setProperty(SSL_USE_DEFAULT_CONTEXT, "true");
	server = cluster.startServerVM(1,
	s -> s.withConnectionToLocator(locatorPort).withProperties(serverProps));

	server.invoke(() -> {
	ClusterManagementService service =
	buildWithCache().setCache(ClusterStartupRule.getCache())
	.build();
	assertThat(service).isNotNull();
	assertThatThrownBy(() -> service.create(regionConfig))
	.isInstanceOf(ResourceAccessException.class);
	});

	// the default ssl context is static and will probably pollute future tests
	server.getVM().bounce();
	}

	@Test
	public void serverHasNoSslPropertyAndDoUseCorrectDefaultSSL() {
	locator = cluster.startLocatorVM(0, l -> l.withHttpService().withProperties(sslProps));
	int locatorPort = locator.getPort();
	Properties serverProps = new Properties();
	serverProps.setProperty(SSL_USE_DEFAULT_CONTEXT, "true");
	server = cluster.startServerVM(1,
	s -> s.withConnectionToLocator(locatorPort).withProperties(serverProps));

	server.invoke(() -> {
	System.setProperty("javax.net.ssl.keyStore", keyFile.getCanonicalPath());
	System.setProperty("javax.net.ssl.keyStorePassword", "password");
	System.setProperty("javax.net.ssl.keyStoreType", "JKS");
	System.setProperty("javax.net.ssl.trustStore", keyFile.getCanonicalPath());
	System.setProperty("javax.net.ssl.trustStorePassword", "password");
	System.setProperty("javax.net.ssl.trustStoreType", "JKS");

	ClusterManagementService service =
	buildWithCache().setCache(ClusterStartupRule.getCache())
	.build();
	assertThat(service).isNotNull();
	ClusterManagementResult clusterManagementResult =
	service.create(regionConfig);
	assertThat(clusterManagementResult.isSuccessful()).isTrue();
	});

	// the default ssl context is static and will probably pollute future tests
	server.getVM().bounce();
	}

	@Test
	public void useDefaultSSLPropertyTakesPrecedence() {
	locator = cluster.startLocatorVM(0, l -> l.withHttpService().withProperties(sslProps));
	int locatorPort = locator.getPort();
	Properties serverProps = new Properties(sslProps);
	serverProps.setProperty(SSL_USE_DEFAULT_CONTEXT, "true");
	server = cluster.startServerVM(1,
	s -> s.withConnectionToLocator(locatorPort).withProperties(serverProps));

	server.invoke(() -> {
	// default SSL context not set here, and ssl config inside sslProps is ignored because
	// use_default_ssl_context is true
	ClusterManagementService service =
	buildWithCache().setCache(ClusterStartupRule.getCache())
	.build();
	assertThat(service).isNotNull();
	assertThatThrownBy(() -> service.create(regionConfig))
	.isInstanceOf(ResourceAccessException.class);
	});

	// the default ssl context is static and will probably pollute future tests
	server.getVM().bounce();
	}
	}