testdevapidocs/src-html/org/apache/hadoop/hbase/security/AbstractTestMutualTls.html - hbase-site - Git at Google

 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <html lang="en">
 <head>
 <title>Source code</title>
 <link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="Style">
 </head>
 <body>
 <div class="sourceContainer">
 <pre><span class="sourceLineNo">001</span>/*<a name="line.1"></a>
 <span class="sourceLineNo">002</span> * Licensed to the Apache Software Foundation (ASF) under one<a name="line.2"></a>
 <span class="sourceLineNo">003</span> * or more contributor license agreements.  See the NOTICE file<a name="line.3"></a>
 <span class="sourceLineNo">004</span> * distributed with this work for additional information<a name="line.4"></a>
 <span class="sourceLineNo">005</span> * regarding copyright ownership.  The ASF licenses this file<a name="line.5"></a>
 <span class="sourceLineNo">006</span> * to you under the Apache License, Version 2.0 (the<a name="line.6"></a>
 <span class="sourceLineNo">007</span> * "License"); you may not use this file except in compliance<a name="line.7"></a>
 <span class="sourceLineNo">008</span> * with the License.  You may obtain a copy of the License at<a name="line.8"></a>
 <span class="sourceLineNo">009</span> *<a name="line.9"></a>
 <span class="sourceLineNo">010</span> *     http://www.apache.org/licenses/LICENSE-2.0<a name="line.10"></a>
 <span class="sourceLineNo">011</span> *<a name="line.11"></a>
 <span class="sourceLineNo">012</span> * Unless required by applicable law or agreed to in writing, software<a name="line.12"></a>
 <span class="sourceLineNo">013</span> * distributed under the License is distributed on an "AS IS" BASIS,<a name="line.13"></a>
 <span class="sourceLineNo">014</span> * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.<a name="line.14"></a>
 <span class="sourceLineNo">015</span> * See the License for the specific language governing permissions and<a name="line.15"></a>
 <span class="sourceLineNo">016</span> * limitations under the License.<a name="line.16"></a>
 <span class="sourceLineNo">017</span> */<a name="line.17"></a>
 <span class="sourceLineNo">018</span>package org.apache.hadoop.hbase.security;<a name="line.18"></a>
 <span class="sourceLineNo">019</span><a name="line.19"></a>
 <span class="sourceLineNo">020</span>import static org.apache.hadoop.hbase.ipc.TestProtobufRpcServiceImpl.SERVICE;<a name="line.20"></a>
 <span class="sourceLineNo">021</span>import static org.hamcrest.MatcherAssert.assertThat;<a name="line.21"></a>
 <span class="sourceLineNo">022</span>import static org.hamcrest.Matchers.instanceOf;<a name="line.22"></a>
 <span class="sourceLineNo">023</span>import static org.junit.Assert.assertThrows;<a name="line.23"></a>
 <span class="sourceLineNo">024</span><a name="line.24"></a>
 <span class="sourceLineNo">025</span>import java.io.File;<a name="line.25"></a>
 <span class="sourceLineNo">026</span>import java.io.IOException;<a name="line.26"></a>
 <span class="sourceLineNo">027</span>import java.lang.invoke.MethodHandles;<a name="line.27"></a>
 <span class="sourceLineNo">028</span>import java.net.InetSocketAddress;<a name="line.28"></a>
 <span class="sourceLineNo">029</span>import java.security.GeneralSecurityException;<a name="line.29"></a>
 <span class="sourceLineNo">030</span>import java.security.Security;<a name="line.30"></a>
 <span class="sourceLineNo">031</span>import java.security.cert.X509Certificate;<a name="line.31"></a>
 <span class="sourceLineNo">032</span>import javax.net.ssl.SSLHandshakeException;<a name="line.32"></a>
 <span class="sourceLineNo">033</span>import org.apache.commons.io.FileUtils;<a name="line.33"></a>
 <span class="sourceLineNo">034</span>import org.apache.hadoop.conf.Configuration;<a name="line.34"></a>
 <span class="sourceLineNo">035</span>import org.apache.hadoop.hbase.HBaseCommonTestingUtil;<a name="line.35"></a>
 <span class="sourceLineNo">036</span>import org.apache.hadoop.hbase.io.crypto.tls.KeyStoreFileType;<a name="line.36"></a>
 <span class="sourceLineNo">037</span>import org.apache.hadoop.hbase.io.crypto.tls.X509KeyType;<a name="line.37"></a>
 <span class="sourceLineNo">038</span>import org.apache.hadoop.hbase.io.crypto.tls.X509TestContext;<a name="line.38"></a>
 <span class="sourceLineNo">039</span>import org.apache.hadoop.hbase.io.crypto.tls.X509TestContextProvider;<a name="line.39"></a>
 <span class="sourceLineNo">040</span>import org.apache.hadoop.hbase.io.crypto.tls.X509Util;<a name="line.40"></a>
 <span class="sourceLineNo">041</span>import org.apache.hadoop.hbase.ipc.FifoRpcScheduler;<a name="line.41"></a>
 <span class="sourceLineNo">042</span>import org.apache.hadoop.hbase.ipc.NettyRpcClient;<a name="line.42"></a>
 <span class="sourceLineNo">043</span>import org.apache.hadoop.hbase.ipc.NettyRpcServer;<a name="line.43"></a>
 <span class="sourceLineNo">044</span>import org.apache.hadoop.hbase.ipc.RpcClient;<a name="line.44"></a>
 <span class="sourceLineNo">045</span>import org.apache.hadoop.hbase.ipc.RpcClientFactory;<a name="line.45"></a>
 <span class="sourceLineNo">046</span>import org.apache.hadoop.hbase.ipc.RpcServer;<a name="line.46"></a>
 <span class="sourceLineNo">047</span>import org.apache.hadoop.hbase.ipc.RpcServerFactory;<a name="line.47"></a>
 <span class="sourceLineNo">048</span>import org.apache.hadoop.hbase.ipc.TestProtobufRpcServiceImpl;<a name="line.48"></a>
 <span class="sourceLineNo">049</span>import org.bouncycastle.asn1.x500.X500NameBuilder;<a name="line.49"></a>
 <span class="sourceLineNo">050</span>import org.bouncycastle.asn1.x500.style.BCStyle;<a name="line.50"></a>
 <span class="sourceLineNo">051</span>import org.bouncycastle.jce.provider.BouncyCastleProvider;<a name="line.51"></a>
 <span class="sourceLineNo">052</span>import org.bouncycastle.operator.OperatorCreationException;<a name="line.52"></a>
 <span class="sourceLineNo">053</span>import org.junit.After;<a name="line.53"></a>
 <span class="sourceLineNo">054</span>import org.junit.AfterClass;<a name="line.54"></a>
 <span class="sourceLineNo">055</span>import org.junit.Before;<a name="line.55"></a>
 <span class="sourceLineNo">056</span>import org.junit.BeforeClass;<a name="line.56"></a>
 <span class="sourceLineNo">057</span>import org.junit.Test;<a name="line.57"></a>
 <span class="sourceLineNo">058</span>import org.junit.runners.Parameterized;<a name="line.58"></a>
 <span class="sourceLineNo">059</span><a name="line.59"></a>
 <span class="sourceLineNo">060</span>import org.apache.hbase.thirdparty.com.google.common.collect.Lists;<a name="line.60"></a>
 <span class="sourceLineNo">061</span>import org.apache.hbase.thirdparty.com.google.common.io.Closeables;<a name="line.61"></a>
 <span class="sourceLineNo">062</span>import org.apache.hbase.thirdparty.com.google.protobuf.ServiceException;<a name="line.62"></a>
 <span class="sourceLineNo">063</span><a name="line.63"></a>
 <span class="sourceLineNo">064</span>import org.apache.hadoop.hbase.shaded.ipc.protobuf.generated.TestProtos;<a name="line.64"></a>
 <span class="sourceLineNo">065</span>import org.apache.hadoop.hbase.shaded.ipc.protobuf.generated.TestRpcServiceProtos;<a name="line.65"></a>
 <span class="sourceLineNo">066</span><a name="line.66"></a>
 <span class="sourceLineNo">067</span>public abstract class AbstractTestMutualTls {<a name="line.67"></a>
 <span class="sourceLineNo">068</span>  protected static HBaseCommonTestingUtil UTIL;<a name="line.68"></a>
 <span class="sourceLineNo">069</span><a name="line.69"></a>
 <span class="sourceLineNo">070</span>  protected static File DIR;<a name="line.70"></a>
 <span class="sourceLineNo">071</span><a name="line.71"></a>
 <span class="sourceLineNo">072</span>  protected static X509TestContextProvider PROVIDER;<a name="line.72"></a>
 <span class="sourceLineNo">073</span><a name="line.73"></a>
 <span class="sourceLineNo">074</span>  private X509TestContext x509TestContext;<a name="line.74"></a>
 <span class="sourceLineNo">075</span><a name="line.75"></a>
 <span class="sourceLineNo">076</span>  protected RpcServer rpcServer;<a name="line.76"></a>
 <span class="sourceLineNo">077</span><a name="line.77"></a>
 <span class="sourceLineNo">078</span>  protected RpcClient rpcClient;<a name="line.78"></a>
 <span class="sourceLineNo">079</span>  private TestRpcServiceProtos.TestProtobufRpcProto.BlockingInterface stub;<a name="line.79"></a>
 <span class="sourceLineNo">080</span><a name="line.80"></a>
 <span class="sourceLineNo">081</span>  @Parameterized.Parameter(0)<a name="line.81"></a>
 <span class="sourceLineNo">082</span>  public X509KeyType caKeyType;<a name="line.82"></a>
 <span class="sourceLineNo">083</span><a name="line.83"></a>
 <span class="sourceLineNo">084</span>  @Parameterized.Parameter(1)<a name="line.84"></a>
 <span class="sourceLineNo">085</span>  public X509KeyType certKeyType;<a name="line.85"></a>
 <span class="sourceLineNo">086</span><a name="line.86"></a>
 <span class="sourceLineNo">087</span>  @Parameterized.Parameter(2)<a name="line.87"></a>
 <span class="sourceLineNo">088</span>  public String keyPassword;<a name="line.88"></a>
 <span class="sourceLineNo">089</span>  @Parameterized.Parameter(3)<a name="line.89"></a>
 <span class="sourceLineNo">090</span>  public boolean expectSuccess;<a name="line.90"></a>
 <span class="sourceLineNo">091</span><a name="line.91"></a>
 <span class="sourceLineNo">092</span>  @Parameterized.Parameter(4)<a name="line.92"></a>
 <span class="sourceLineNo">093</span>  public boolean validateHostnames;<a name="line.93"></a>
 <span class="sourceLineNo">094</span><a name="line.94"></a>
 <span class="sourceLineNo">095</span>  @Parameterized.Parameter(5)<a name="line.95"></a>
 <span class="sourceLineNo">096</span>  public CertConfig certConfig;<a name="line.96"></a>
 <span class="sourceLineNo">097</span><a name="line.97"></a>
 <span class="sourceLineNo">098</span>  public enum CertConfig {<a name="line.98"></a>
 <span class="sourceLineNo">099</span>    // For no cert, we literally pass no certificate to the server. It's possible (assuming server<a name="line.99"></a>
 <span class="sourceLineNo">100</span>    // allows it based on ClientAuth mode) to use SSL without a KeyStore which will still do all<a name="line.100"></a>
 <span class="sourceLineNo">101</span>    // the handshaking but without a client cert. This is what we do here.<a name="line.101"></a>
 <span class="sourceLineNo">102</span>    // This mode only makes sense for client side, as server side must return a cert.<a name="line.102"></a>
 <span class="sourceLineNo">103</span>    NO_CLIENT_CERT,<a name="line.103"></a>
 <span class="sourceLineNo">104</span>    // For non-verifiable cert, we create a new certificate which is signed by a different<a name="line.104"></a>
 <span class="sourceLineNo">105</span>    // CA. So we're passing a cert, but the client/server can't verify it.<a name="line.105"></a>
 <span class="sourceLineNo">106</span>    NON_VERIFIABLE_CERT,<a name="line.106"></a>
 <span class="sourceLineNo">107</span>    // Good cert is the default mode, which uses a cert signed by the same CA both sides<a name="line.107"></a>
 <span class="sourceLineNo">108</span>    // and the hostname should match (localhost)<a name="line.108"></a>
 <span class="sourceLineNo">109</span>    GOOD_CERT,<a name="line.109"></a>
 <span class="sourceLineNo">110</span>    // For good cert/bad host, we create a new certificate signed by the same CA. But<a name="line.110"></a>
 <span class="sourceLineNo">111</span>    // this cert has a SANS that will not match the localhost peer.<a name="line.111"></a>
 <span class="sourceLineNo">112</span>    VERIFIABLE_CERT_WITH_BAD_HOST<a name="line.112"></a>
 <span class="sourceLineNo">113</span>  }<a name="line.113"></a>
 <span class="sourceLineNo">114</span><a name="line.114"></a>
 <span class="sourceLineNo">115</span>  @BeforeClass<a name="line.115"></a>
 <span class="sourceLineNo">116</span>  public static void setUpBeforeClass() throws IOException {<a name="line.116"></a>
 <span class="sourceLineNo">117</span>    UTIL = new HBaseCommonTestingUtil();<a name="line.117"></a>
 <span class="sourceLineNo">118</span>    Security.addProvider(new BouncyCastleProvider());<a name="line.118"></a>
 <span class="sourceLineNo">119</span>    DIR =<a name="line.119"></a>
 <span class="sourceLineNo">120</span>      new File(UTIL.getDataTestDir(AbstractTestTlsRejectPlainText.class.getSimpleName()).toString())<a name="line.120"></a>
 <span class="sourceLineNo">121</span>        .getCanonicalFile();<a name="line.121"></a>
 <span class="sourceLineNo">122</span>    FileUtils.forceMkdir(DIR);<a name="line.122"></a>
 <span class="sourceLineNo">123</span>    Configuration conf = UTIL.getConfiguration();<a name="line.123"></a>
 <span class="sourceLineNo">124</span>    conf.setClass(RpcClientFactory.CUSTOM_RPC_CLIENT_IMPL_CONF_KEY, NettyRpcClient.class,<a name="line.124"></a>
 <span class="sourceLineNo">125</span>      RpcClient.class);<a name="line.125"></a>
 <span class="sourceLineNo">126</span>    conf.setClass(RpcServerFactory.CUSTOM_RPC_SERVER_IMPL_CONF_KEY, NettyRpcServer.class,<a name="line.126"></a>
 <span class="sourceLineNo">127</span>      RpcServer.class);<a name="line.127"></a>
 <span class="sourceLineNo">128</span>    conf.setBoolean(X509Util.HBASE_SERVER_NETTY_TLS_ENABLED, true);<a name="line.128"></a>
 <span class="sourceLineNo">129</span>    conf.setBoolean(X509Util.HBASE_SERVER_NETTY_TLS_SUPPORTPLAINTEXT, false);<a name="line.129"></a>
 <span class="sourceLineNo">130</span>    conf.setBoolean(X509Util.HBASE_CLIENT_NETTY_TLS_ENABLED, true);<a name="line.130"></a>
 <span class="sourceLineNo">131</span>    PROVIDER = new X509TestContextProvider(conf, DIR);<a name="line.131"></a>
 <span class="sourceLineNo">132</span>  }<a name="line.132"></a>
 <span class="sourceLineNo">133</span><a name="line.133"></a>
 <span class="sourceLineNo">134</span>  @AfterClass<a name="line.134"></a>
 <span class="sourceLineNo">135</span>  public static void cleanUp() {<a name="line.135"></a>
 <span class="sourceLineNo">136</span>    Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);<a name="line.136"></a>
 <span class="sourceLineNo">137</span>    UTIL.cleanupTestDir();<a name="line.137"></a>
 <span class="sourceLineNo">138</span>  }<a name="line.138"></a>
 <span class="sourceLineNo">139</span><a name="line.139"></a>
 <span class="sourceLineNo">140</span>  protected abstract void initialize(Configuration serverConf, Configuration clientConf)<a name="line.140"></a>
 <span class="sourceLineNo">141</span>    throws IOException, GeneralSecurityException, OperatorCreationException;<a name="line.141"></a>
 <span class="sourceLineNo">142</span><a name="line.142"></a>
 <span class="sourceLineNo">143</span>  @Before<a name="line.143"></a>
 <span class="sourceLineNo">144</span>  public void setUp() throws Exception {<a name="line.144"></a>
 <span class="sourceLineNo">145</span>    x509TestContext = PROVIDER.get(caKeyType, certKeyType, keyPassword.toCharArray());<a name="line.145"></a>
 <span class="sourceLineNo">146</span>    x509TestContext.setConfigurations(KeyStoreFileType.JKS, KeyStoreFileType.JKS);<a name="line.146"></a>
 <span class="sourceLineNo">147</span><a name="line.147"></a>
 <span class="sourceLineNo">148</span>    Configuration serverConf = new Configuration(UTIL.getConfiguration());<a name="line.148"></a>
 <span class="sourceLineNo">149</span>    Configuration clientConf = new Configuration(UTIL.getConfiguration());<a name="line.149"></a>
 <span class="sourceLineNo">150</span><a name="line.150"></a>
 <span class="sourceLineNo">151</span>    initialize(serverConf, clientConf);<a name="line.151"></a>
 <span class="sourceLineNo">152</span><a name="line.152"></a>
 <span class="sourceLineNo">153</span>    rpcServer = new NettyRpcServer(null, "testRpcServer",<a name="line.153"></a>
 <span class="sourceLineNo">154</span>      Lists.newArrayList(new RpcServer.BlockingServiceAndInterface(SERVICE, null)),<a name="line.154"></a>
 <span class="sourceLineNo">155</span>      new InetSocketAddress("localhost", 0), serverConf, new FifoRpcScheduler(serverConf, 1), true);<a name="line.155"></a>
 <span class="sourceLineNo">156</span>    rpcServer.start();<a name="line.156"></a>
 <span class="sourceLineNo">157</span><a name="line.157"></a>
 <span class="sourceLineNo">158</span>    rpcClient = new NettyRpcClient(clientConf);<a name="line.158"></a>
 <span class="sourceLineNo">159</span>    stub = TestProtobufRpcServiceImpl.newBlockingStub(rpcClient, rpcServer.getListenerAddress());<a name="line.159"></a>
 <span class="sourceLineNo">160</span>  }<a name="line.160"></a>
 <span class="sourceLineNo">161</span><a name="line.161"></a>
 <span class="sourceLineNo">162</span>  protected void handleCertConfig(Configuration confToSet)<a name="line.162"></a>
 <span class="sourceLineNo">163</span>    throws GeneralSecurityException, IOException, OperatorCreationException {<a name="line.163"></a>
 <span class="sourceLineNo">164</span>    switch (certConfig) {<a name="line.164"></a>
 <span class="sourceLineNo">165</span>      case NO_CLIENT_CERT:<a name="line.165"></a>
 <span class="sourceLineNo">166</span>        // clearing out the keystore location will cause no cert to be sent.<a name="line.166"></a>
 <span class="sourceLineNo">167</span>        confToSet.set(X509Util.TLS_CONFIG_KEYSTORE_LOCATION, "");<a name="line.167"></a>
 <span class="sourceLineNo">168</span>        break;<a name="line.168"></a>
 <span class="sourceLineNo">169</span>      case NON_VERIFIABLE_CERT:<a name="line.169"></a>
 <span class="sourceLineNo">170</span>        // to simulate a bad cert, we inject a new keystore into the client side.<a name="line.170"></a>
 <span class="sourceLineNo">171</span>        // the same truststore exists, so it will still successfully verify the server cert<a name="line.171"></a>
 <span class="sourceLineNo">172</span>        // but since the new client keystore cert is created from a new CA (which the server doesn't<a name="line.172"></a>
 <span class="sourceLineNo">173</span>        // have),<a name="line.173"></a>
 <span class="sourceLineNo">174</span>        // the server will not be able to verify it.<a name="line.174"></a>
 <span class="sourceLineNo">175</span>        X509TestContext context =<a name="line.175"></a>
 <span class="sourceLineNo">176</span>          PROVIDER.get(caKeyType, certKeyType, "random value".toCharArray());<a name="line.176"></a>
 <span class="sourceLineNo">177</span>        context.setKeystoreConfigurations(KeyStoreFileType.JKS, confToSet);<a name="line.177"></a>
 <span class="sourceLineNo">178</span>        break;<a name="line.178"></a>
 <span class="sourceLineNo">179</span>      case VERIFIABLE_CERT_WITH_BAD_HOST:<a name="line.179"></a>
 <span class="sourceLineNo">180</span>        // to simulate a good cert with a bad host, we need to create a new cert using the existing<a name="line.180"></a>
 <span class="sourceLineNo">181</span>        // context's CA/truststore. Here we can pass any random SANS, as long as it won't match<a name="line.181"></a>
 <span class="sourceLineNo">182</span>        // localhost or any reasonable name that this test might run on.<a name="line.182"></a>
 <span class="sourceLineNo">183</span>        X509Certificate cert = x509TestContext.newCert(new X500NameBuilder(BCStyle.INSTANCE)<a name="line.183"></a>
 <span class="sourceLineNo">184</span>          .addRDN(BCStyle.CN,<a name="line.184"></a>
 <span class="sourceLineNo">185</span>            MethodHandles.lookup().lookupClass().getCanonicalName() + " With Bad Host Test")<a name="line.185"></a>
 <span class="sourceLineNo">186</span>          .build(), "www.example.com");<a name="line.186"></a>
 <span class="sourceLineNo">187</span>        x509TestContext.cloneWithNewKeystoreCert(cert)<a name="line.187"></a>
 <span class="sourceLineNo">188</span>          .setKeystoreConfigurations(KeyStoreFileType.JKS, confToSet);<a name="line.188"></a>
 <span class="sourceLineNo">189</span>        break;<a name="line.189"></a>
 <span class="sourceLineNo">190</span>      default:<a name="line.190"></a>
 <span class="sourceLineNo">191</span>        break;<a name="line.191"></a>
 <span class="sourceLineNo">192</span>    }<a name="line.192"></a>
 <span class="sourceLineNo">193</span>  }<a name="line.193"></a>
 <span class="sourceLineNo">194</span><a name="line.194"></a>
 <span class="sourceLineNo">195</span>  @After<a name="line.195"></a>
 <span class="sourceLineNo">196</span>  public void tearDown() throws IOException {<a name="line.196"></a>
 <span class="sourceLineNo">197</span>    if (rpcServer != null) {<a name="line.197"></a>
 <span class="sourceLineNo">198</span>      rpcServer.stop();<a name="line.198"></a>
 <span class="sourceLineNo">199</span>    }<a name="line.199"></a>
 <span class="sourceLineNo">200</span>    Closeables.close(rpcClient, true);<a name="line.200"></a>
 <span class="sourceLineNo">201</span>    x509TestContext.clearConfigurations();<a name="line.201"></a>
 <span class="sourceLineNo">202</span>    x509TestContext.getConf().unset(X509Util.TLS_CONFIG_OCSP);<a name="line.202"></a>
 <span class="sourceLineNo">203</span>    x509TestContext.getConf().unset(X509Util.TLS_CONFIG_CLR);<a name="line.203"></a>
 <span class="sourceLineNo">204</span>    x509TestContext.getConf().unset(X509Util.TLS_CONFIG_PROTOCOL);<a name="line.204"></a>
 <span class="sourceLineNo">205</span>    System.clearProperty("com.sun.net.ssl.checkRevocation");<a name="line.205"></a>
 <span class="sourceLineNo">206</span>    System.clearProperty("com.sun.security.enableCRLDP");<a name="line.206"></a>
 <span class="sourceLineNo">207</span>    Security.setProperty("ocsp.enable", Boolean.FALSE.toString());<a name="line.207"></a>
 <span class="sourceLineNo">208</span>    Security.setProperty("com.sun.security.enableCRLDP", Boolean.FALSE.toString());<a name="line.208"></a>
 <span class="sourceLineNo">209</span>  }<a name="line.209"></a>
 <span class="sourceLineNo">210</span><a name="line.210"></a>
 <span class="sourceLineNo">211</span>  @Test<a name="line.211"></a>
 <span class="sourceLineNo">212</span>  public void testClientAuth() throws Exception {<a name="line.212"></a>
 <span class="sourceLineNo">213</span>    if (expectSuccess) {<a name="line.213"></a>
 <span class="sourceLineNo">214</span>      // we expect no exception, so if one is thrown the test will fail<a name="line.214"></a>
 <span class="sourceLineNo">215</span>      submitRequest();<a name="line.215"></a>
 <span class="sourceLineNo">216</span>    } else {<a name="line.216"></a>
 <span class="sourceLineNo">217</span>      ServiceException se = assertThrows(ServiceException.class, this::submitRequest);<a name="line.217"></a>
 <span class="sourceLineNo">218</span>      assertThat(se.getCause(), instanceOf(SSLHandshakeException.class));<a name="line.218"></a>
 <span class="sourceLineNo">219</span>    }<a name="line.219"></a>
 <span class="sourceLineNo">220</span>  }<a name="line.220"></a>
 <span class="sourceLineNo">221</span><a name="line.221"></a>
 <span class="sourceLineNo">222</span>  private void submitRequest() throws ServiceException {<a name="line.222"></a>
 <span class="sourceLineNo">223</span>    stub.echo(null, TestProtos.EchoRequestProto.newBuilder().setMessage("hello world").build());<a name="line.223"></a>
 <span class="sourceLineNo">224</span>  }<a name="line.224"></a>
 <span class="sourceLineNo">225</span>}<a name="line.225"></a>


 </pre>
 </div>
 </body>
 </html>