Google Git
Sign in
apache / geode / b60806c49bdbd1b32dc77ab5ffbb4d2d64cee54a / . / geode-core / src / test / java / org / apache / geode / internal / net / SocketCreatorFactoryJUnitTest.java
blob: 07ff006f8fd9f6eb4f32daeb3d90d8221765374f [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one or more contributor license
* agreements. See the NOTICE file distributed with this work for additional information regarding
* copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance with the License. You may obtain a
* copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License
* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
package org.apache.geode.internal.net;
import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_CIPHERS;
import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_ENABLED;
import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_KEYSTORE;
import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_KEYSTORE_PASSWORD;
import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_KEYSTORE_TYPE;
import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_PROTOCOLS;
import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_REQUIRE_AUTHENTICATION;
import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_TRUSTSTORE;
import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_TRUSTSTORE_PASSWORD;
import static org.apache.geode.distributed.ConfigurationProperties.GATEWAY_SSL_CIPHERS;
import static org.apache.geode.distributed.ConfigurationProperties.GATEWAY_SSL_ENABLED;
import static org.apache.geode.distributed.ConfigurationProperties.GATEWAY_SSL_KEYSTORE;
import static org.apache.geode.distributed.ConfigurationProperties.GATEWAY_SSL_KEYSTORE_PASSWORD;
import static org.apache.geode.distributed.ConfigurationProperties.GATEWAY_SSL_KEYSTORE_TYPE;
import static org.apache.geode.distributed.ConfigurationProperties.GATEWAY_SSL_PROTOCOLS;
import static org.apache.geode.distributed.ConfigurationProperties.GATEWAY_SSL_REQUIRE_AUTHENTICATION;
import static org.apache.geode.distributed.ConfigurationProperties.GATEWAY_SSL_TRUSTSTORE;
import static org.apache.geode.distributed.ConfigurationProperties.GATEWAY_SSL_TRUSTSTORE_PASSWORD;
import static org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_SSL_CIPHERS;
import static org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_SSL_ENABLED;
import static org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_SSL_KEYSTORE;
import static org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_SSL_KEYSTORE_PASSWORD;
import static org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_SSL_KEYSTORE_TYPE;
import static org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_SSL_PROTOCOLS;
import static org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_SSL_REQUIRE_AUTHENTICATION;
import static org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_SSL_TRUSTSTORE;
import static org.apache.geode.distributed.ConfigurationProperties.HTTP_SERVICE_SSL_TRUSTSTORE_PASSWORD;
import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_CIPHERS;
import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_ENABLED;
import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_KEYSTORE;
import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_KEYSTORE_PASSWORD;
import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_KEYSTORE_TYPE;
import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_PROTOCOLS;
import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_REQUIRE_AUTHENTICATION;
import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_TRUSTSTORE;
import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_TRUSTSTORE_PASSWORD;
import static org.apache.geode.distributed.ConfigurationProperties.MCAST_PORT;
import static org.apache.geode.distributed.ConfigurationProperties.SERVER_SSL_CIPHERS;
import static org.apache.geode.distributed.ConfigurationProperties.SERVER_SSL_ENABLED;
import static org.apache.geode.distributed.ConfigurationProperties.SERVER_SSL_KEYSTORE;
import static org.apache.geode.distributed.ConfigurationProperties.SERVER_SSL_KEYSTORE_PASSWORD;
import static org.apache.geode.distributed.ConfigurationProperties.SERVER_SSL_KEYSTORE_TYPE;
import static org.apache.geode.distributed.ConfigurationProperties.SERVER_SSL_PROTOCOLS;
import static org.apache.geode.distributed.ConfigurationProperties.SERVER_SSL_REQUIRE_AUTHENTICATION;
import static org.apache.geode.distributed.ConfigurationProperties.SERVER_SSL_TRUSTSTORE;
import static org.apache.geode.distributed.ConfigurationProperties.SERVER_SSL_TRUSTSTORE_PASSWORD;
import static org.apache.geode.distributed.ConfigurationProperties.SSL_CIPHERS;
import static org.apache.geode.distributed.ConfigurationProperties.SSL_CLUSTER_ALIAS;
import static org.apache.geode.distributed.ConfigurationProperties.SSL_DEFAULT_ALIAS;
import static org.apache.geode.distributed.ConfigurationProperties.SSL_ENABLED_COMPONENTS;
import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE;
import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE_PASSWORD;
import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE_TYPE;
import static org.apache.geode.distributed.ConfigurationProperties.SSL_PROTOCOLS;
import static org.apache.geode.distributed.ConfigurationProperties.SSL_REQUIRE_AUTHENTICATION;
import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE;
import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE_PASSWORD;
import static org.apache.geode.test.util.ResourceUtils.createTempFileFromResource;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import java.io.File;
import java.io.IOException;
import java.util.Properties;
import org.junit.After;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.apache.geode.distributed.internal.DistributionConfigImpl;
import org.apache.geode.internal.security.SecurableCommunicationChannel;
import org.apache.geode.test.junit.categories.MembershipTest;
@Category({MembershipTest.class})
public class SocketCreatorFactoryJUnitTest {
@After
public void tearDown() throws Exception {
SocketCreatorFactory.close();
}
@Test
public void testNewSSLConfigSSLComponentLocator() throws Exception {
Properties properties =
configureSSLProperties(SecurableCommunicationChannel.LOCATOR.getConstant());
DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
SocketCreatorFactory.setDistributionConfig(distributionConfig);
assertTrue(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.LOCATOR).useSSL());
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.CLUSTER).useSSL());
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.GATEWAY).useSSL());
assertFalse(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.JMX)
.useSSL());
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.SERVER).useSSL());
assertFalse(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.WEB)
.useSSL());
}
@Test
public void testNewSSLConfigSSLComponentALL() throws Exception {
Properties properties = configureSSLProperties(SecurableCommunicationChannel.ALL.getConstant());
DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
SocketCreatorFactory.setDistributionConfig(distributionConfig);
assertTrue(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.CLUSTER).useSSL());
assertTrue(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.LOCATOR).useSSL());
assertTrue(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.GATEWAY).useSSL());
assertTrue(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.JMX)
.useSSL());
assertTrue(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.SERVER).useSSL());
assertTrue(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.WEB)
.useSSL());
}
@Test
public void testNewSSLConfigSSLComponentCLUSTER() throws Exception {
Properties properties =
configureSSLProperties(SecurableCommunicationChannel.CLUSTER.getConstant());
DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
SocketCreatorFactory.setDistributionConfig(distributionConfig);
assertTrue(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.CLUSTER).useSSL());
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.GATEWAY).useSSL());
assertFalse(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.JMX)
.useSSL());
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.SERVER).useSSL());
assertFalse(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.WEB)
.useSSL());
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.LOCATOR).useSSL());
}
@Test
public void testNewSSLConfigSSLComponentGATEWAY() throws Exception {
Properties properties =
configureSSLProperties(SecurableCommunicationChannel.GATEWAY.getConstant());
DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
SocketCreatorFactory.setDistributionConfig(distributionConfig);
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.CLUSTER).useSSL());
assertTrue(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.GATEWAY).useSSL());
assertFalse(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.JMX)
.useSSL());
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.SERVER).useSSL());
assertFalse(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.WEB)
.useSSL());
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.LOCATOR).useSSL());
}
@Test
public void testNewSSLConfigSSLComponentHTTP_SERVICE() throws Exception {
Properties properties = configureSSLProperties(SecurableCommunicationChannel.WEB.getConstant());
DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
SocketCreatorFactory.setDistributionConfig(distributionConfig);
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.CLUSTER).useSSL());
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.GATEWAY).useSSL());
assertFalse(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.JMX)
.useSSL());
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.SERVER).useSSL());
assertTrue(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.WEB)
.useSSL());
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.LOCATOR).useSSL());
}
@Test
public void testNewSSLConfigSSLComponentJMX() throws Exception {
Properties properties = configureSSLProperties(SecurableCommunicationChannel.JMX.getConstant());
DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
SocketCreatorFactory.setDistributionConfig(distributionConfig);
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.CLUSTER).useSSL());
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.GATEWAY).useSSL());
assertTrue(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.JMX)
.useSSL());
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.SERVER).useSSL());
assertFalse(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.WEB)
.useSSL());
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.LOCATOR).useSSL());
}
@Test
public void testNewSSLConfigSSLComponentSERVER() throws Exception {
Properties properties =
configureSSLProperties(SecurableCommunicationChannel.SERVER.getConstant());
DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
SocketCreatorFactory.setDistributionConfig(distributionConfig);
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.CLUSTER).useSSL());
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.GATEWAY).useSSL());
assertFalse(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.JMX)
.useSSL());
assertTrue(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.SERVER).useSSL());
assertFalse(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.WEB)
.useSSL());
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.LOCATOR).useSSL());
}
@Test
public void testNewSSLConfigSSLComponentCombinations1() throws Exception {
Properties properties = configureSSLProperties(
commaDelimitedString(SecurableCommunicationChannel.CLUSTER.getConstant(),
SecurableCommunicationChannel.SERVER.getConstant()));
DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
SocketCreatorFactory.setDistributionConfig(distributionConfig);
assertTrue(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.CLUSTER).useSSL());
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.GATEWAY).useSSL());
assertFalse(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.JMX)
.useSSL());
assertTrue(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.SERVER).useSSL());
assertFalse(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.WEB)
.useSSL());
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.LOCATOR).useSSL());
}
@Test
public void testNewSSLConfigSSLComponentCombinations2() throws Exception {
Properties properties = configureSSLProperties(
commaDelimitedString(SecurableCommunicationChannel.CLUSTER.getConstant(),
SecurableCommunicationChannel.SERVER.getConstant(),
SecurableCommunicationChannel.WEB.getConstant(),
SecurableCommunicationChannel.JMX.getConstant()));
DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
SocketCreatorFactory.setDistributionConfig(distributionConfig);
assertTrue(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.CLUSTER).useSSL());
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.GATEWAY).useSSL());
assertTrue(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.JMX)
.useSSL());
assertTrue(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.SERVER).useSSL());
assertTrue(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.WEB)
.useSSL());
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.LOCATOR).useSSL());
}
@Test
public void testNewSSLConfigSSLComponentAliasWithMultiKeyStore() throws Exception {
Properties properties = configureSSLProperties(SecurableCommunicationChannel.ALL.getConstant());
properties.setProperty(SSL_KEYSTORE,
createTempFileFromResource(getClass(), "/org/apache/geode/internal/net/multiKey.jks")
.getAbsolutePath());
properties.setProperty(SSL_TRUSTSTORE,
createTempFileFromResource(getClass(),
"/org/apache/geode/internal/net/multiKeyTrust.jks").getAbsolutePath());
properties.setProperty(SSL_CLUSTER_ALIAS, "clusterKey");
properties.setProperty(SSL_DEFAULT_ALIAS, "serverKey");
DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
SocketCreatorFactory.setDistributionConfig(distributionConfig);
assertTrue(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.CLUSTER).useSSL());
assertTrue(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.GATEWAY).useSSL());
assertTrue(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.JMX)
.useSSL());
assertTrue(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.SERVER).useSSL());
assertTrue(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.WEB)
.useSSL());
assertTrue(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.LOCATOR).useSSL());
}
@Test
public void testNewSSLConfigSSLComponentWithoutAliasWithMultiKeyStore() throws Exception {
Properties properties = configureSSLProperties(SecurableCommunicationChannel.ALL.getConstant());
properties.setProperty(SSL_KEYSTORE,
createTempFileFromResource(getClass(), "/org/apache/geode/internal/net/multiKey.jks")
.getAbsolutePath());
properties.setProperty(SSL_TRUSTSTORE,
createTempFileFromResource(getClass(),
"/org/apache/geode/internal/net/multiKeyTrust.jks").getAbsolutePath());
DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
SocketCreatorFactory.setDistributionConfig(distributionConfig);
assertTrue(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.CLUSTER).useSSL());
assertTrue(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.GATEWAY).useSSL());
assertTrue(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.JMX)
.useSSL());
assertTrue(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.SERVER).useSSL());
assertTrue(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.WEB)
.useSSL());
assertTrue(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.LOCATOR).useSSL());
}
private Properties configureSSLProperties(String sslComponents) throws IOException {
File jks = findTestJKS();
Properties properties = new Properties();
properties.setProperty(MCAST_PORT, "0");
properties.setProperty(SSL_REQUIRE_AUTHENTICATION, "true");
properties.setProperty(SSL_CIPHERS,
"TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
properties.setProperty(SSL_PROTOCOLS, "TLSv1,TLSv1.1,TLSv1.2");
properties.setProperty(SSL_KEYSTORE, jks.getCanonicalPath());
properties.setProperty(SSL_KEYSTORE_PASSWORD, "password");
properties.setProperty(SSL_KEYSTORE_TYPE, "JKS");
properties.setProperty(SSL_TRUSTSTORE, jks.getCanonicalPath());
properties.setProperty(SSL_TRUSTSTORE_PASSWORD, "password");
properties.setProperty(SSL_ENABLED_COMPONENTS, sslComponents);
return properties;
}
private String commaDelimitedString(final String... sslComponents) {
StringBuilder stringBuilder = new StringBuilder();
for (String sslComponent : sslComponents) {
stringBuilder.append(sslComponent);
stringBuilder.append(",");
}
return stringBuilder.substring(0, stringBuilder.length() - 1);
}
@Test
public void testLegacyServerSSLConfig() throws IOException {
File jks = findTestJKS();
Properties properties = new Properties();
properties.setProperty(MCAST_PORT, "0");
properties.setProperty(SERVER_SSL_REQUIRE_AUTHENTICATION, "true");
properties.setProperty(SERVER_SSL_ENABLED, "true");
properties.setProperty(SERVER_SSL_CIPHERS,
"TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
properties.setProperty(SERVER_SSL_PROTOCOLS, "TLSv1,TLSv1.1,TLSv1.2");
properties.setProperty(SERVER_SSL_KEYSTORE, jks.getCanonicalPath());
properties.setProperty(SERVER_SSL_KEYSTORE_PASSWORD, "password");
properties.setProperty(SERVER_SSL_KEYSTORE_TYPE, "JKS");
properties.setProperty(SERVER_SSL_TRUSTSTORE, jks.getCanonicalPath());
properties.setProperty(SERVER_SSL_TRUSTSTORE_PASSWORD, "password");
DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
SocketCreatorFactory.setDistributionConfig(distributionConfig);
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.CLUSTER).useSSL());
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.GATEWAY).useSSL());
assertFalse(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.JMX)
.useSSL());
assertTrue(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.SERVER).useSSL());
assertFalse(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.WEB)
.useSSL());
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.LOCATOR).useSSL());
}
@Test
public void testLegacyClusterSSLConfig() throws IOException {
File jks = findTestJKS();
Properties properties = new Properties();
properties.setProperty(MCAST_PORT, "0");
properties.setProperty(CLUSTER_SSL_REQUIRE_AUTHENTICATION, "true");
properties.setProperty(CLUSTER_SSL_ENABLED, "true");
properties.setProperty(CLUSTER_SSL_CIPHERS,
"TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
properties.setProperty(CLUSTER_SSL_PROTOCOLS, "TLSv1,TLSv1.1,TLSv1.2");
properties.setProperty(CLUSTER_SSL_KEYSTORE, jks.getCanonicalPath());
properties.setProperty(CLUSTER_SSL_KEYSTORE_PASSWORD, "password");
properties.setProperty(CLUSTER_SSL_KEYSTORE_TYPE, "JKS");
properties.setProperty(CLUSTER_SSL_TRUSTSTORE, jks.getCanonicalPath());
properties.setProperty(CLUSTER_SSL_TRUSTSTORE_PASSWORD, "password");
DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
SocketCreatorFactory.setDistributionConfig(distributionConfig);
assertTrue(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.CLUSTER).useSSL());
assertTrue(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.GATEWAY).useSSL());
assertTrue(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.JMX)
.useSSL());
assertTrue(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.SERVER).useSSL());
assertTrue(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.WEB)
.useSSL());
assertTrue(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.LOCATOR).useSSL());
}
@Test
public void testLegacyJMXSSLConfig() throws IOException {
File jks = findTestJKS();
Properties properties = new Properties();
properties.setProperty(MCAST_PORT, "0");
properties.setProperty(JMX_MANAGER_SSL_REQUIRE_AUTHENTICATION, "true");
properties.setProperty(JMX_MANAGER_SSL_ENABLED, "true");
properties.setProperty(JMX_MANAGER_SSL_CIPHERS,
"TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
properties.setProperty(JMX_MANAGER_SSL_PROTOCOLS, "TLSv1,TLSv1.1,TLSv1.2");
properties.setProperty(JMX_MANAGER_SSL_KEYSTORE, jks.getCanonicalPath());
properties.setProperty(JMX_MANAGER_SSL_KEYSTORE_PASSWORD, "password");
properties.setProperty(JMX_MANAGER_SSL_KEYSTORE_TYPE, "JKS");
properties.setProperty(JMX_MANAGER_SSL_TRUSTSTORE, jks.getCanonicalPath());
properties.setProperty(JMX_MANAGER_SSL_TRUSTSTORE_PASSWORD, "password");
DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
SocketCreatorFactory.setDistributionConfig(distributionConfig);
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.CLUSTER).useSSL());
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.GATEWAY).useSSL());
assertTrue(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.JMX)
.useSSL());
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.SERVER).useSSL());
assertFalse(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.WEB)
.useSSL());
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.LOCATOR).useSSL());
}
@Test
public void testLegacyGatewaySSLConfig() throws IOException {
File jks = findTestJKS();
Properties properties = new Properties();
properties.setProperty(MCAST_PORT, "0");
properties.setProperty(GATEWAY_SSL_REQUIRE_AUTHENTICATION, "true");
properties.setProperty(GATEWAY_SSL_ENABLED, "true");
properties.setProperty(GATEWAY_SSL_CIPHERS,
"TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
properties.setProperty(GATEWAY_SSL_PROTOCOLS, "TLSv1,TLSv1.1,TLSv1.2");
properties.setProperty(GATEWAY_SSL_KEYSTORE, jks.getCanonicalPath());
properties.setProperty(GATEWAY_SSL_KEYSTORE_PASSWORD, "password");
properties.setProperty(GATEWAY_SSL_KEYSTORE_TYPE, "JKS");
properties.setProperty(GATEWAY_SSL_TRUSTSTORE, jks.getCanonicalPath());
properties.setProperty(GATEWAY_SSL_TRUSTSTORE_PASSWORD, "password");
DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
SocketCreatorFactory.setDistributionConfig(distributionConfig);
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.CLUSTER).useSSL());
assertTrue(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.GATEWAY).useSSL());
assertFalse(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.JMX)
.useSSL());
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.SERVER).useSSL());
assertFalse(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.WEB)
.useSSL());
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.LOCATOR).useSSL());
}
@Test
public void testLegacyHttpServiceSSLConfig() throws IOException {
File jks = findTestJKS();
Properties properties = new Properties();
properties.setProperty(MCAST_PORT, "0");
properties.setProperty(HTTP_SERVICE_SSL_REQUIRE_AUTHENTICATION, "true");
properties.setProperty(HTTP_SERVICE_SSL_ENABLED, "true");
properties.setProperty(HTTP_SERVICE_SSL_CIPHERS,
"TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
properties.setProperty(HTTP_SERVICE_SSL_PROTOCOLS, "TLSv1,TLSv1.1,TLSv1.2");
properties.setProperty(HTTP_SERVICE_SSL_KEYSTORE, jks.getCanonicalPath());
properties.setProperty(HTTP_SERVICE_SSL_KEYSTORE_PASSWORD, "password");
properties.setProperty(HTTP_SERVICE_SSL_KEYSTORE_TYPE, "JKS");
properties.setProperty(HTTP_SERVICE_SSL_TRUSTSTORE, jks.getCanonicalPath());
properties.setProperty(HTTP_SERVICE_SSL_TRUSTSTORE_PASSWORD, "password");
DistributionConfigImpl distributionConfig = new DistributionConfigImpl(properties);
SocketCreatorFactory.setDistributionConfig(distributionConfig);
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.CLUSTER).useSSL());
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.GATEWAY).useSSL());
assertFalse(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.JMX)
.useSSL());
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.SERVER).useSSL());
assertTrue(SocketCreatorFactory.getSocketCreatorForComponent(SecurableCommunicationChannel.WEB)
.useSSL());
assertFalse(SocketCreatorFactory
.getSocketCreatorForComponent(SecurableCommunicationChannel.LOCATOR).useSSL());
}
private File findTestJKS() {
return new File(
createTempFileFromResource(getClass(), "/ssl/trusted.keystore")
.getAbsolutePath());
}
}