drill-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From arina-ielchiieva <...@git.apache.org>
Subject [GitHub] drill pull request #950: DRILL-5431: SSL Support
Date Wed, 04 Oct 2017 14:48:15 GMT
Github user arina-ielchiieva commented on a diff in the pull request:

    https://github.com/apache/drill/pull/950#discussion_r142683194
  
    --- Diff: exec/java-exec/src/test/java/org/apache/drill/exec/rpc/user/security/TestUserBitSSL.java
---
    @@ -0,0 +1,338 @@
    +/*
    + * Licensed to the Apache Software Foundation (ASF) under one
    + * or more contributor license agreements.  See the NOTICE file
    + * distributed with this work for additional information
    + * regarding copyright ownership.  The ASF licenses this file
    + * to you under the Apache License, Version 2.0 (the
    + * "License"); you may not use this file except in compliance
    + * with the License.  You may obtain a copy of the License at
    + *
    + *    http://www.apache.org/licenses/LICENSE-2.0
    + *
    + * Unless required by applicable law or agreed to in writing, software
    + * distributed under the License is distributed on an "AS IS" BASIS,
    + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    + * See the License for the specific language governing permissions and
    + * limitations under the License.
    + */
    +package org.apache.drill.exec.rpc.user.security;
    +
    +import com.typesafe.config.ConfigValueFactory;
    +import io.netty.handler.ssl.util.SelfSignedCertificate;
    +import junit.framework.TestCase;
    +import org.apache.drill.BaseTestQuery;
    +import org.apache.drill.common.config.DrillConfig;
    +import org.apache.drill.common.config.DrillProperties;
    +import org.apache.drill.exec.ExecConstants;
    +import org.junit.AfterClass;
    +import org.junit.BeforeClass;
    +import org.junit.Test;
    +
    +import java.io.File;
    +import java.io.FileOutputStream;
    +import java.net.InetAddress;
    +import java.security.KeyStore;
    +import java.util.Properties;
    +
    +import static junit.framework.TestCase.fail;
    +import static org.junit.Assert.assertEquals;
    +
    +public class TestUserBitSSL extends BaseTestQuery {
    +  private static final org.slf4j.Logger logger =
    +      org.slf4j.LoggerFactory.getLogger(TestUserBitSSL.class);
    +
    +  private static DrillConfig newConfig;
    +  private static Properties initProps; // initial client properties
    +  private static ClassLoader classLoader;
    +  private static String ksPath;
    +  private static String tsPath;
    +  private static String emptyTSPath;
    +  private static String unknownKsPath;
    +
    +  @BeforeClass
    +  public static void setupTest() throws Exception {
    +
    +    // Create a new DrillConfig
    +    classLoader = TestUserBitSSL.class.getClassLoader();
    +    ksPath = new File(classLoader.getResource("ssl/keystore.ks").getFile()).getAbsolutePath();
    +    unknownKsPath = new File(classLoader.getResource("ssl/unknownkeystore.ks").getFile()).getAbsolutePath();
    +    tsPath = new File(classLoader.getResource("ssl/truststore.ks").getFile()).getAbsolutePath();
    +    emptyTSPath = new File(classLoader.getResource("ssl/emptytruststore.ks").getFile()).getAbsolutePath();
    +    newConfig = new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties())
    +        .withValue(ExecConstants.SSL_USE_HADOOP_CONF,
    +            ConfigValueFactory.fromAnyRef(false))
    +        .withValue(ExecConstants.USER_SSL_ENABLED,
    +            ConfigValueFactory.fromAnyRef(true))
    +        .withValue(ExecConstants.SSL_KEYSTORE_TYPE,
    +            ConfigValueFactory.fromAnyRef("JKS"))
    +        .withValue(ExecConstants.SSL_KEYSTORE_PATH,
    +            ConfigValueFactory.fromAnyRef(ksPath))
    +        .withValue(ExecConstants.SSL_KEYSTORE_PASSWORD,
    +            ConfigValueFactory.fromAnyRef("drill123"))
    +        .withValue(ExecConstants.SSL_KEY_PASSWORD,
    +            ConfigValueFactory.fromAnyRef("drill123"))
    +        .withValue(ExecConstants.SSL_TRUSTSTORE_TYPE,
    +            ConfigValueFactory.fromAnyRef("JKS"))
    +        .withValue(ExecConstants.SSL_TRUSTSTORE_PATH,
    +            ConfigValueFactory.fromAnyRef(tsPath))
    +        .withValue(ExecConstants.SSL_TRUSTSTORE_PASSWORD,
    +            ConfigValueFactory.fromAnyRef("drill123"))
    +        .withValue(ExecConstants.SSL_PROTOCOL,
    +            ConfigValueFactory.fromAnyRef("TLSv1.2")),
    +      false);
    +
    +    initProps = new Properties();
    +    initProps.setProperty(DrillProperties.ENABLE_TLS, "true");
    +    initProps.setProperty(DrillProperties.TRUSTSTORE_PATH, tsPath);
    +    initProps.setProperty(DrillProperties.TRUSTSTORE_PASSWORD, "drill123");
    +    initProps.setProperty(DrillProperties.DISABLE_HOST_VERIFICATION, "true");
    +
    +    // Start an SSL enabled cluster
    +    updateTestCluster(1, newConfig, initProps);
    +  }
    +
    +  @AfterClass
    +  public static void cleanTest() throws Exception {
    +    DrillConfig restoreConfig =
    +        new DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()), false);
    +    updateTestCluster(1, restoreConfig);
    +  }
    +
    +  @Test
    +  public void testSSLConnection() throws Exception {
    +    final Properties connectionProps = new Properties();
    +    connectionProps.setProperty(DrillProperties.ENABLE_TLS, "true");
    +    connectionProps.setProperty(DrillProperties.TRUSTSTORE_PATH, tsPath);
    +    connectionProps.setProperty(DrillProperties.TRUSTSTORE_PASSWORD, "drill123");
    +    connectionProps.setProperty(DrillProperties.DISABLE_HOST_VERIFICATION, "true");
    +    try {
    +      updateClient(connectionProps);
    +    } catch (Exception e) {
    +      TestCase.fail( new StringBuilder()
    +          .append("SSL Connection failed with exception [" )
    +          .append( e.getMessage() )
    +          .append("]")
    +          .toString());
    +    }
    +  }
    +
    +  @Test
    +  public void testSSLConnectionWithKeystore() throws Exception {
    +    final Properties connectionProps = new Properties();
    +    connectionProps.setProperty(DrillProperties.ENABLE_TLS, "true");
    +    connectionProps.setProperty(DrillProperties.TRUSTSTORE_PATH, ksPath);
    +    connectionProps.setProperty(DrillProperties.TRUSTSTORE_PASSWORD, "drill123");
    +    connectionProps.setProperty(DrillProperties.DISABLE_HOST_VERIFICATION, "true");
    +    try {
    +      updateClient(connectionProps);
    +    } catch (Exception e) {
    +      TestCase.fail( new StringBuilder()
    +          .append("SSL Connection failed with exception [" )
    +          .append( e.getMessage() )
    +          .append("]")
    +          .toString());
    +    }
    +  }
    +
    +  @Test
    +  public void testSSLConnectionFailBadTrustStore() throws Exception {
    +    final Properties connectionProps = new Properties();
    +    connectionProps.setProperty(DrillProperties.ENABLE_TLS, "true");
    +    connectionProps.setProperty(DrillProperties.TRUSTSTORE_PATH, ""); // NO truststore
    +    connectionProps.setProperty(DrillProperties.TRUSTSTORE_PASSWORD, "drill123");
    +    connectionProps.setProperty(DrillProperties.DISABLE_HOST_VERIFICATION, "true");
    +    boolean failureCaught = false;
    +    try {
    +      updateClient(connectionProps);
    +    } catch (Exception e) {
    +      failureCaught = true;
    +    }
    +    assertEquals(failureCaught, true);
    +  }
    +
    +  @Test
    +  public void testSSLConnectionFailBadPassword() throws Exception {
    +    final Properties connectionProps = new Properties();
    +    connectionProps.setProperty(DrillProperties.ENABLE_TLS, "true");
    +    connectionProps.setProperty(DrillProperties.TRUSTSTORE_PATH, tsPath);
    +    connectionProps.setProperty(DrillProperties.TRUSTSTORE_PASSWORD, "bad_password");
    +    connectionProps.setProperty(DrillProperties.DISABLE_HOST_VERIFICATION, "true");
    +    boolean failureCaught = false;
    +    try {
    +      updateClient(connectionProps);
    +    } catch (Exception e) {
    +      failureCaught = true;
    +    }
    +    assertEquals(failureCaught, true);
    +  }
    +
    +  @Test
    +  public void testSSLConnectionFailEmptyTrustStore() throws Exception {
    +    final Properties connectionProps = new Properties();
    +    connectionProps.setProperty(DrillProperties.ENABLE_TLS, "true");
    +    connectionProps.setProperty(DrillProperties.TRUSTSTORE_PATH, emptyTSPath);
    +    connectionProps.setProperty(DrillProperties.TRUSTSTORE_PASSWORD, "drill123");
    +    connectionProps.setProperty(DrillProperties.DISABLE_HOST_VERIFICATION, "true");
    +    boolean failureCaught = false;
    +    try {
    +      updateClient(connectionProps);
    +    } catch (Exception e) {
    +      failureCaught = true;
    +    }
    +    assertEquals(failureCaught, true);
    +  }
    +
    +  @Test
    +  public void testSSLQuery() throws Exception {
    +    final Properties connectionProps = new Properties();
    +    connectionProps.setProperty(DrillProperties.ENABLE_TLS, "true");
    +    connectionProps.setProperty(DrillProperties.TRUSTSTORE_PATH, tsPath);
    +    connectionProps.setProperty(DrillProperties.TRUSTSTORE_PASSWORD, "drill123");
    +    connectionProps.setProperty(DrillProperties.DISABLE_HOST_VERIFICATION, "true");
    +    try {
    +      updateClient(connectionProps);
    +    } catch (Exception e) {
    +      TestCase.fail( new StringBuilder()
    +          .append("SSL Connection failed with exception [" )
    +          .append( e.getMessage() )
    +          .append("]")
    +          .toString());
    +    }
    +    test("SELECT * FROM cp.`region.json`");
    +  }
    +
    +  @Test
    +  public void testClientConfigHostnameVerification() {
    +    String password = "test_password";
    +    String trustStoreFileName = "drillTestTrustStore";
    +    String keyStoreFileName = "drillTestKeyStore";
    +    KeyStore ts, ks;
    +    File tempFile1, tempFile2;
    +    String trustStorePath;
    +    String keyStorePath;
    +
    +    try {
    +      String fqdn = InetAddress.getLocalHost().getHostName();
    +      SelfSignedCertificate certificate = new SelfSignedCertificate(fqdn);
    +
    +      tempFile1 = File.createTempFile(trustStoreFileName, ".ks");
    +      tempFile1.deleteOnExit();
    +      trustStorePath = tempFile1.getAbsolutePath();
    +      //generate a truststore.
    +      ts = KeyStore.getInstance(KeyStore.getDefaultType());
    +      ts.load(null, password.toCharArray());
    +      ts.setCertificateEntry("drillTest", certificate.cert());
    +      // Store away the truststore.
    +      FileOutputStream fos1 = new FileOutputStream(tempFile1);
    +      ts.store(fos1, password.toCharArray());
    +      fos1.close();
    --- End diff --
    
    It's better to use try with resources thus stream will be definitely closed in case of
exception.


---

Mime
View raw message