geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jbarr...@apache.org
Subject [1/2] geode-native git commit: GEODE-2687: test for ssl auth failure:
Date Mon, 20 Mar 2017 14:45:13 GMT
Repository: geode-native
Updated Branches:
  refs/heads/develop 6eb93f686 -> d2ae527f2


GEODE-2687: test for ssl auth failure:

- Added testThinClientSSLAuthFail to QUICK list.
- removed un-needed test code.
- catching expected exception
- Add test for untrusted server cert


Project: http://git-wip-us.apache.org/repos/asf/geode-native/repo
Commit: http://git-wip-us.apache.org/repos/asf/geode-native/commit/4149cd6d
Tree: http://git-wip-us.apache.org/repos/asf/geode-native/tree/4149cd6d
Diff: http://git-wip-us.apache.org/repos/asf/geode-native/diff/4149cd6d

Branch: refs/heads/develop
Commit: 4149cd6dc7f7fa499e0192aee5cd6407b9f73a83
Parents: 6eb93f6
Author: Ernest Burghardt <eburghardt@pivotal.io>
Authored: Fri Mar 17 14:59:24 2017 -0700
Committer: Ernest Burghardt <eburghardt@pivotal.io>
Committed: Fri Mar 17 14:59:24 2017 -0700

----------------------------------------------------------------------
 src/cppcache/integration-test/CMakeLists.txt    |   1 +
 src/cppcache/integration-test/CacheHelper.cpp   |  47 +++--
 src/cppcache/integration-test/CacheHelper.hpp   |   7 +-
 .../integration-test/ThinClientSSLAuthFail.hpp  | 198 +++++++++++++++++++
 .../keystore/untrusted_server_keystore.jks      | Bin 0 -> 10764 bytes
 .../keystore/untrusted_server_truststore.jks    | Bin 0 -> 1448 bytes
 .../testThinClientSSLAuthFail.cpp               |  22 +++
 7 files changed, 256 insertions(+), 19 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/geode-native/blob/4149cd6d/src/cppcache/integration-test/CMakeLists.txt
----------------------------------------------------------------------
diff --git a/src/cppcache/integration-test/CMakeLists.txt b/src/cppcache/integration-test/CMakeLists.txt
index f8833fe..5e070d8 100644
--- a/src/cppcache/integration-test/CMakeLists.txt
+++ b/src/cppcache/integration-test/CMakeLists.txt
@@ -133,6 +133,7 @@ set_property(TEST testDunit PROPERTY LABELS STABLE QUICK)
 set_property(TEST testAttributesMutator PROPERTY LABELS STABLE QUICK)
 set_property(TEST testEntriesMapForVersioning PROPERTY LABELS STABLE QUICK)
 set_property(TEST testSpinLock PROPERTY LABELS STABLE QUICK)
+set_property(TEST testThinClientSSLAuthFail PROPERTY LABELS STABLE QUICK)
 
 set_property(TEST testOverflowPutGetSqLite PROPERTY LABELS FLAKY)
 set_property(TEST testThinClientAfterRegionLive PROPERTY LABELS FLAKY)

http://git-wip-us.apache.org/repos/asf/geode-native/blob/4149cd6d/src/cppcache/integration-test/CacheHelper.cpp
----------------------------------------------------------------------
diff --git a/src/cppcache/integration-test/CacheHelper.cpp b/src/cppcache/integration-test/CacheHelper.cpp
index ea3915f..ac146a8 100644
--- a/src/cppcache/integration-test/CacheHelper.cpp
+++ b/src/cppcache/integration-test/CacheHelper.cpp
@@ -1144,7 +1144,7 @@ void CacheHelper::cleanupServerInstances() {
 void CacheHelper::initServer(int instance, const char* xml,
                              const char* locHostport, const char* authParam,
                              bool ssl, bool enableDelta, bool multiDS,
-                             bool testServerGC) {
+                             bool testServerGC, bool untrustedCert) {
   if (!isServerCleanupCallbackRegistered &&
       gClientCleanup.registerCallback(&CacheHelper::cleanupServerInstances)) {
     isServerCleanupCallbackRegistered = true;
@@ -1309,7 +1309,7 @@ void CacheHelper::initServer(int instance, const char* xml,
   }
 
   if (locHostport != NULL) {  // check number of locator host port.
-    std::string geodeProperties = generateGeodeProperties(currDir, ssl);
+    std::string geodeProperties = generateGeodeProperties(currDir, ssl, -1, 0,untrustedCert);
 
     sprintf(
         cmd,
@@ -1614,7 +1614,7 @@ void CacheHelper::cleanupLocatorInstances() {
 
 // starting locator
 void CacheHelper::initLocator(int instance, bool ssl, bool multiDS, int dsId,
-                              int remoteLocator) {
+                              int remoteLocator, bool untrustedCert) {
   if (!isLocatorCleanupCallbackRegistered &&
       gClientCleanup.registerCallback(&CacheHelper::cleanupLocatorInstances)) {
     isLocatorCleanupCallbackRegistered = true;
@@ -1669,7 +1669,7 @@ void CacheHelper::initLocator(int instance, bool ssl, bool multiDS,
int dsId,
   ACE_OS::mkdir(locDirname.c_str());
 
   std::string geodeFile =
-      generateGeodeProperties(currDir, ssl, dsId, remoteLocator);
+      generateGeodeProperties(currDir, ssl, dsId, remoteLocator, untrustedCert);
 
   sprintf(cmd, "%s/bin/%s stop locator --dir=%s --properties-file=%s ",
           gfjavaenv, GFSH, currDir.c_str(), geodeFile.c_str());
@@ -1788,7 +1788,7 @@ int CacheHelper::getNumLocatorListUpdates(const char* s) {
 
 std::string CacheHelper::generateGeodeProperties(const std::string& path,
                                                  const bool ssl, const int dsId,
-                                                 const int remoteLocator) {
+                                                 const int remoteLocator, const bool untrustedCert)
{
   char cmd[2048];
   std::string keystore = std::string(ACE_OS::getenv("TESTSRC")) + "/keystore";
 
@@ -1812,17 +1812,32 @@ std::string CacheHelper::generateGeodeProperties(const std::string&
path,
   msg += "enable-network-partition-detection=false\n";
 
   if (ssl) {
-    msg += "jmx-manager-ssl-enabled=false\n";
-    msg += "cluster-ssl-enabled=true\n";
-    msg += "cluster-ssl-require-authentication=true\n";
-    msg += "cluster-ssl-ciphers=TLS_RSA_WITH_AES_128_CBC_SHA\n";
-    msg += "cluster-ssl-keystore-type=jks\n";
-    msg += "cluster-ssl-keystore=" + keystore + "/server_keystore.jks\n";
-    msg += "cluster-ssl-keystore-password=gemstone\n";
-    msg += "cluster-ssl-truststore=" + keystore + "/server_truststore.jks\n";
-    msg += "cluster-ssl-truststore-password=gemstone\n";
-    msg += "security-username=xxxx\n";
-    msg += "security-userPassword=yyyy \n";
+    if (untrustedCert){
+        msg += "jmx-manager-ssl-enabled=false\n";
+        msg += "cluster-ssl-enabled=true\n";
+        msg += "cluster-ssl-require-authentication=true\n";
+        msg += "cluster-ssl-ciphers=TLS_RSA_WITH_AES_128_CBC_SHA\n";
+        msg += "cluster-ssl-keystore-type=jks\n";
+        msg += "cluster-ssl-keystore=" + keystore + "/untrusted_server_keystore.jks\n";
+        msg += "cluster-ssl-keystore-password=secret\n";
+        msg += "cluster-ssl-truststore=" + keystore + "/untrusted_server_truststore.jks\n";
+        msg += "cluster-ssl-truststore-password=secret\n";
+        msg += "security-username=xxxx\n";
+        msg += "security-userPassword=yyyy \n";
+      }
+    else {
+        msg += "jmx-manager-ssl-enabled=false\n";
+        msg += "cluster-ssl-enabled=true\n";
+        msg += "cluster-ssl-require-authentication=true\n";
+        msg += "cluster-ssl-ciphers=TLS_RSA_WITH_AES_128_CBC_SHA\n";
+        msg += "cluster-ssl-keystore-type=jks\n";
+        msg += "cluster-ssl-keystore=" + keystore + "/server_keystore.jks\n";
+        msg += "cluster-ssl-keystore-password=gemstone\n";
+        msg += "cluster-ssl-truststore=" + keystore + "/server_truststore.jks\n";
+        msg += "cluster-ssl-truststore-password=gemstone\n";
+        msg += "security-username=xxxx\n";
+        msg += "security-userPassword=yyyy \n";
+    }
   }
   if (remoteLocator != 0) {
     sprintf(gemStr, "distributed-system-id=%d\n remote-locators=localhost[%d]",

http://git-wip-us.apache.org/repos/asf/geode-native/blob/4149cd6d/src/cppcache/integration-test/CacheHelper.hpp
----------------------------------------------------------------------
diff --git a/src/cppcache/integration-test/CacheHelper.hpp b/src/cppcache/integration-test/CacheHelper.hpp
index 1727a0a..a1df058 100644
--- a/src/cppcache/integration-test/CacheHelper.hpp
+++ b/src/cppcache/integration-test/CacheHelper.hpp
@@ -258,7 +258,7 @@ class CacheHelper {
                          const char* locHostport = NULL,
                          const char* authParam = NULL, bool ssl = false,
                          bool enableDelta = true, bool multiDS = false,
-                         bool testServerGC = false);
+                         bool testServerGC = false, bool untrustedCert = false);
 
   static void createDuplicateXMLFile(std::string& originalFile, int hostport1,
                                      int hostport2, int locport1, int locport2);
@@ -290,7 +290,7 @@ class CacheHelper {
 
   // starting locator
   static void initLocator(int instance, bool ssl = false, bool multiDS = false,
-                          int dsId = -1, int remoteLocator = 0);
+                          int dsId = -1, int remoteLocator = 0, bool untrustedCert = false);
 
   static void clearSecProp();
 
@@ -312,7 +312,8 @@ class CacheHelper {
   static std::string generateGeodeProperties(const std::string& path,
                                              const bool ssl = false,
                                              const int dsId = -1,
-                                             const int remoteLocator = 0);
+                                             const int remoteLocator = 0,
+                                             const bool untrustedCert = false);
 };
 
 #ifndef test_cppcache_utils_static

http://git-wip-us.apache.org/repos/asf/geode-native/blob/4149cd6d/src/cppcache/integration-test/ThinClientSSLAuthFail.hpp
----------------------------------------------------------------------
diff --git a/src/cppcache/integration-test/ThinClientSSLAuthFail.hpp b/src/cppcache/integration-test/ThinClientSSLAuthFail.hpp
new file mode 100644
index 0000000..de226c0
--- /dev/null
+++ b/src/cppcache/integration-test/ThinClientSSLAuthFail.hpp
@@ -0,0 +1,198 @@
+#pragma once
+
+#ifndef GEODE_INTEGRATION_TEST_THINCLIENTSSL_H_
+#define GEODE_INTEGRATION_TEST_THINCLIENTSSL_H_
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "fw_dunit.hpp"
+#include <geode/GeodeCppCache.hpp>
+#include <ace/OS.h>
+#include <ace/High_Res_Timer.h>
+#include <string>
+
+#define ROOT_NAME "ThinClientSSLAuthFail"
+#define ROOT_SCOPE DISTRIBUTED_ACK
+
+#include "CacheHelper.hpp"
+
+using namespace apache::geode::client;
+using namespace test;
+
+CacheHelper* cacheHelper = NULL;
+bool isLocalServer = false;
+
+static bool isLocator = false;
+const char* locatorsG =
+    CacheHelper::getLocatorHostPort(isLocator, isLocalServer, 1);
+
+#define CLIENT1 s1p1
+#define SERVER1 s2p1
+
+void initClient(const bool isthinClient) {
+  if (cacheHelper == NULL) {
+    PropertiesPtr props = Properties::create();
+    props->insert("ssl-enabled", "true");
+    std::string keystore = std::string(ACE_OS::getenv("TESTSRC")) + "/keystore";
+    std::string pubkey = keystore + "/client_truststore.pem";
+    std::string privkey = keystore + "/client_keystore.pem";
+    props->insert("ssl-keystore", privkey.c_str());
+    props->insert("ssl-truststore", pubkey.c_str());
+    cacheHelper = new CacheHelper(isthinClient, props);
+  }
+  ASSERT(cacheHelper, "Failed to create a CacheHelper client instance.");
+}
+void cleanProc() {
+  if (cacheHelper != NULL) {
+    delete cacheHelper;
+    cacheHelper = NULL;
+  }
+}
+
+CacheHelper* getHelper() {
+  ASSERT(cacheHelper != NULL, "No cacheHelper initialized.");
+  return cacheHelper;
+}
+
+
+void createPooledRegion(const char* name, bool ackMode, const char* locators,
+                        const char* poolname,
+                        bool clientNotificationEnabled = false,
+                        bool cachingEnable = true) {
+  LOG("createRegion_Pool() entered.");
+  fprintf(stdout, "Creating region --  %s  ackMode is %d\n", name, ackMode);
+  fflush(stdout);
+  RegionPtr regPtr =
+      getHelper()->createPooledRegion(name, ackMode, locators, poolname,
+                                      cachingEnable, clientNotificationEnabled);
+  ASSERT(regPtr != NULLPTR, "Failed to create region.");
+  LOG("Pooled Region created.");
+}
+
+void createEntry(const char* name, const char* key, const char* value) {
+  LOG("createEntry() entered.");
+  fprintf(stdout, "Creating entry -- key: %s  value: %s in region %s\n", key,
+          value, name);
+  fflush(stdout);
+  // Create entry, verify entry is correct
+  CacheableKeyPtr keyPtr = createKey(key);
+  CacheableStringPtr valPtr = CacheableString::create(value);
+
+  RegionPtr regPtr = getHelper()->getRegion(name);
+  ASSERT(regPtr != NULLPTR, "Region not found.");
+
+  ASSERT(!regPtr->containsKey(keyPtr),
+         "Key should not have been found in region.");
+  ASSERT(!regPtr->containsValueForKey(keyPtr),
+         "Value should not have been found in region.");
+
+  // regPtr->create( keyPtr, valPtr );
+  regPtr->put(keyPtr, valPtr);
+  LOG("Created entry.");
+
+  //verifyEntry(name, key, value);
+  LOG("Entry created.");
+}
+
+
+
+const char* keys[] = {"Key-1", "Key-2", "Key-3", "Key-4"};
+const char* vals[] = {"Value-1", "Value-2", "Value-3", "Value-4"};
+const char* nvals[] = {"New Value-1", "New Value-2", "New Value-3",
+                       "New Value-4"};
+
+const char* regionNames[] = {"DistRegionAck", "DistRegionNoAck"};
+
+const bool USE_ACK = true;
+const bool NO_ACK = false;
+
+DUNIT_TASK_DEFINITION(SERVER1, CreateLocator1_With_SSL_untrustedCert)
+  {
+    // starting locator
+    if (isLocator) CacheHelper::initLocator(1, true, false, -1, 0, true);
+    LOG("Locator1 started with SSL");
+  }
+END_TASK_DEFINITION
+
+
+
+DUNIT_TASK_DEFINITION(SERVER1, CreateServer1_With_Locator_And_SSL_untrustedCert)
+  {
+    // starting servers
+    if (isLocalServer) CacheHelper::initServer(1, NULL, locatorsG, NULL, true, true, false,
false, true);
+  }
+END_TASK_DEFINITION
+
+DUNIT_TASK_DEFINITION(CLIENT1, CreateClient1)
+  { initClient(true); }
+END_TASK_DEFINITION
+
+DUNIT_TASK_DEFINITION(CLIENT1, CreateRegions1_PoolLocators)
+  {
+    createPooledRegion(regionNames[0], USE_ACK, locatorsG, "__TESTPOOL1_",
+                       true);
+    createPooledRegion(regionNames[1], NO_ACK, locatorsG, "__TESTPOOL1_", true);
+    RegionPtr regPtr = getHelper()->getRegion(regionNames[0]);
+    try {
+      regPtr->registerAllKeys(false, NULLPTR, false, false);
+    }
+    catch (NotConnectedException exp) {
+      LOG("Connection Failed as expected via NotConnectedException");
+    }
+    LOG("CreateRegions1_PoolLocators complete.");
+  }
+END_TASK_DEFINITION
+
+DUNIT_TASK_DEFINITION(CLIENT1, CloseCache1)
+  { cleanProc(); }
+END_TASK_DEFINITION
+
+DUNIT_TASK_DEFINITION(SERVER1, CloseServer1)
+  {
+    if (isLocalServer) {
+      CacheHelper::closeServer(1);
+      LOG("SERVER1 stopped");
+    }
+  }
+END_TASK_DEFINITION
+
+DUNIT_TASK_DEFINITION(SERVER1, CloseLocator_With_SSL)
+  {
+    // stop locator
+    if (isLocator) {
+      CacheHelper::closeLocator(1, true);
+      LOG("Locator1 stopped");
+    }
+  }
+END_TASK_DEFINITION
+
+void doThinClientSSL(bool poolConfig = true, bool poolLocators = true) {
+  CALL_TASK(CreateLocator1_With_SSL_untrustedCert);
+  CALL_TASK(CreateServer1_With_Locator_And_SSL_untrustedCert)
+
+  CALL_TASK(CreateClient1);
+
+  CALL_TASK(CreateRegions1_PoolLocators);
+
+  CALL_TASK(CloseCache1);
+  CALL_TASK(CloseServer1);
+
+  CALL_TASK(CloseLocator_With_SSL);
+}
+
+#endif  // GEODE_INTEGRATION_TEST_THINCLIENTSSL_H_

http://git-wip-us.apache.org/repos/asf/geode-native/blob/4149cd6d/src/cppcache/integration-test/keystore/untrusted_server_keystore.jks
----------------------------------------------------------------------
diff --git a/src/cppcache/integration-test/keystore/untrusted_server_keystore.jks b/src/cppcache/integration-test/keystore/untrusted_server_keystore.jks
new file mode 100644
index 0000000..fb8f5ae
Binary files /dev/null and b/src/cppcache/integration-test/keystore/untrusted_server_keystore.jks
differ

http://git-wip-us.apache.org/repos/asf/geode-native/blob/4149cd6d/src/cppcache/integration-test/keystore/untrusted_server_truststore.jks
----------------------------------------------------------------------
diff --git a/src/cppcache/integration-test/keystore/untrusted_server_truststore.jks b/src/cppcache/integration-test/keystore/untrusted_server_truststore.jks
new file mode 100644
index 0000000..197b35f
Binary files /dev/null and b/src/cppcache/integration-test/keystore/untrusted_server_truststore.jks
differ

http://git-wip-us.apache.org/repos/asf/geode-native/blob/4149cd6d/src/cppcache/integration-test/testThinClientSSLAuthFail.cpp
----------------------------------------------------------------------
diff --git a/src/cppcache/integration-test/testThinClientSSLAuthFail.cpp b/src/cppcache/integration-test/testThinClientSSLAuthFail.cpp
new file mode 100644
index 0000000..660a8db
--- /dev/null
+++ b/src/cppcache/integration-test/testThinClientSSLAuthFail.cpp
@@ -0,0 +1,22 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "ThinClientSSLAuthFail.hpp"
+
+DUNIT_MAIN
+  { doThinClientSSL(true, true); }
+END_MAIN


Mime
View raw message