geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From zho...@apache.org
Subject [16/50] [abbrv] geode git commit: GEODE-3097: GFSH works over HTTP with SSL
Date Sat, 29 Jul 2017 00:52:27 GMT
GEODE-3097: GFSH works over HTTP with SSL


Project: http://git-wip-us.apache.org/repos/asf/geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/geode/commit/6267efea
Tree: http://git-wip-us.apache.org/repos/asf/geode/tree/6267efea
Diff: http://git-wip-us.apache.org/repos/asf/geode/diff/6267efea

Branch: refs/heads/feature/GEM-1483
Commit: 6267efea719a62a51ce7d6c8fd3b43c5e10841f9
Parents: fcce2b0
Author: Jared Stewart <jstewart@pivotal.io>
Authored: Tue Jun 20 10:32:46 2017 -0700
Committer: Jinmei Liao <jiliao@pivotal.io>
Committed: Tue Jul 25 11:39:34 2017 -0700

----------------------------------------------------------------------
 .../internal/cli/commands/ShellCommands.java    |  40 ++++---
 .../ConnectToLocatorSSLDUnitTest.java           | 115 ++++++------------
 .../ConnectToLocatorWithLegacySSLDUnitTest.java | 118 +++++++++++++++++++
 .../dunit/rules/GfshShellConnectionRule.java    |   4 +-
 .../ConnectToLocatorSSLOverHttpTest.java        |  43 +++++++
 5 files changed, 221 insertions(+), 99 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/geode/blob/6267efea/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ShellCommands.java
----------------------------------------------------------------------
diff --git a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ShellCommands.java
b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ShellCommands.java
index 2da95a7..d5e1b27 100644
--- a/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ShellCommands.java
+++ b/geode-core/src/main/java/org/apache/geode/management/internal/cli/commands/ShellCommands.java
@@ -19,6 +19,14 @@ import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_C
 import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_PROTOCOLS;
 import static org.apache.geode.distributed.ConfigurationProperties.LOCATORS;
 import static org.apache.geode.distributed.ConfigurationProperties.MCAST_PORT;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_CIPHERS;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE_PASSWORD;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_PROTOCOLS;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE;
+import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE_PASSWORD;
+import static org.apache.geode.management.internal.cli.shell.Gfsh.SSL_ENABLED_CIPHERS;
+import static org.apache.geode.management.internal.cli.shell.Gfsh.SSL_ENABLED_PROTOCOLS;
 
 import java.io.BufferedReader;
 import java.io.BufferedWriter;
@@ -538,14 +546,14 @@ public class ShellCommands implements GfshCommand {
   }
 
   private void configureHttpsURLConnection(Map<String, String> sslConfigProps) throws
Exception {
-    String keystoreToUse = sslConfigProps.get(Gfsh.SSL_KEYSTORE);
-    String keystorePasswordToUse = sslConfigProps.get(Gfsh.SSL_KEYSTORE_PASSWORD);
-    String truststoreToUse = sslConfigProps.get(Gfsh.SSL_TRUSTSTORE);
-    String truststorePasswordToUse = sslConfigProps.get(Gfsh.SSL_TRUSTSTORE_PASSWORD);
+    String keystoreToUse = sslConfigProps.get(SSL_KEYSTORE);
+    String keystorePasswordToUse = sslConfigProps.get(SSL_KEYSTORE_PASSWORD);
+    String truststoreToUse = sslConfigProps.get(SSL_TRUSTSTORE);
+    String truststorePasswordToUse = sslConfigProps.get(SSL_TRUSTSTORE_PASSWORD);
     // Ciphers are not passed to HttpsURLConnection. Could not find a clean way
     // to pass this attribute to socket layer (see #51645)
-    String sslCiphersToUse = sslConfigProps.get(CLUSTER_SSL_CIPHERS);
-    String sslProtocolsToUse = sslConfigProps.get(CLUSTER_SSL_PROTOCOLS);
+    String sslCiphersToUse = sslConfigProps.get(SSL_CIPHERS);
+    String sslProtocolsToUse = sslConfigProps.get(SSL_PROTOCOLS);
 
     // Commenting the code to set cipher suites in GFSH rest connect (see #51645)
     /*
@@ -665,17 +673,17 @@ public class ShellCommands implements GfshCommand {
       if (keystoreToUse != null && keystoreToUse.length() > 0) {
         if (keystorePasswordToUse == null || keystorePasswordToUse.length() == 0) {
           // Check whether specified in gfsecurity props earlier
-          keystorePasswordToUse = sslConfigProps.get(Gfsh.SSL_KEYSTORE_PASSWORD);
+          keystorePasswordToUse = sslConfigProps.get(SSL_KEYSTORE_PASSWORD);
           if (keystorePasswordToUse == null || keystorePasswordToUse.length() == 0) {
             // not even in properties file, prompt user for it
             keystorePasswordToUse =
                 gfshInstance.readPassword(CliStrings.CONNECT__KEY_STORE_PASSWORD + ": ");
-            sslConfigProps.put(Gfsh.SSL_KEYSTORE_PASSWORD, keystorePasswordToUse);
+            sslConfigProps.put(SSL_KEYSTORE_PASSWORD, keystorePasswordToUse);
           }
         } else {// For cases where password is already part of command option
-          sslConfigProps.put(Gfsh.SSL_KEYSTORE_PASSWORD, keystorePasswordToUse);
+          sslConfigProps.put(SSL_KEYSTORE_PASSWORD, keystorePasswordToUse);
         }
-        sslConfigProps.put(Gfsh.SSL_KEYSTORE, keystoreToUse);
+        sslConfigProps.put(SSL_KEYSTORE, keystoreToUse);
       }
 
       if (numTimesPrompted > 0) {
@@ -684,17 +692,17 @@ public class ShellCommands implements GfshCommand {
       if (truststoreToUse != null && truststoreToUse.length() > 0) {
         if (truststorePasswordToUse == null || truststorePasswordToUse.length() == 0) {
           // Check whether specified in gfsecurity props earlier?
-          truststorePasswordToUse = sslConfigProps.get(Gfsh.SSL_TRUSTSTORE_PASSWORD);
+          truststorePasswordToUse = sslConfigProps.get(SSL_TRUSTSTORE_PASSWORD);
           if (truststorePasswordToUse == null || truststorePasswordToUse.length() == 0) {
             // not even in properties file, prompt user for it
             truststorePasswordToUse =
                 gfshInstance.readPassword(CliStrings.CONNECT__TRUST_STORE_PASSWORD + ": ");
-            sslConfigProps.put(Gfsh.SSL_TRUSTSTORE_PASSWORD, truststorePasswordToUse);
+            sslConfigProps.put(SSL_TRUSTSTORE_PASSWORD, truststorePasswordToUse);
           }
         } else {// For cases where password is already part of command option
-          sslConfigProps.put(Gfsh.SSL_TRUSTSTORE_PASSWORD, truststorePasswordToUse);
+          sslConfigProps.put(SSL_TRUSTSTORE_PASSWORD, truststorePasswordToUse);
         }
-        sslConfigProps.put(Gfsh.SSL_TRUSTSTORE, truststoreToUse);
+        sslConfigProps.put(SSL_TRUSTSTORE, truststoreToUse);
       }
 
       if (numTimesPrompted > 0) {
@@ -702,7 +710,7 @@ public class ShellCommands implements GfshCommand {
       }
       if (sslCiphersToUse != null && sslCiphersToUse.length() > 0) {
         // sslConfigProps.put(DistributionConfig.CLUSTER_SSL_CIPHERS_NAME, sslCiphersToUse);
-        sslConfigProps.put(Gfsh.SSL_ENABLED_CIPHERS, sslCiphersToUse);
+        sslConfigProps.put(SSL_ENABLED_CIPHERS, sslCiphersToUse);
       }
 
       if (numTimesPrompted > 0) {
@@ -710,7 +718,7 @@ public class ShellCommands implements GfshCommand {
       }
       if (sslProtocolsToUse != null && sslProtocolsToUse.length() > 0) {
         // sslConfigProps.put(DistributionConfig.CLUSTER_SSL_PROTOCOLS_NAME, sslProtocolsToUse);
-        sslConfigProps.put(Gfsh.SSL_ENABLED_PROTOCOLS, sslProtocolsToUse);
+        sslConfigProps.put(SSL_ENABLED_PROTOCOLS, sslProtocolsToUse);
       }
 
       // SSL is required to be used but no SSL config found

http://git-wip-us.apache.org/repos/asf/geode/blob/6267efea/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorSSLDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorSSLDUnitTest.java
b/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorSSLDUnitTest.java
index 844e032..866f4ef 100644
--- a/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorSSLDUnitTest.java
+++ b/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorSSLDUnitTest.java
@@ -14,18 +14,6 @@
  */
 package org.apache.geode.management;
 
-import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_ENABLED;
-import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_KEYSTORE;
-import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_KEYSTORE_PASSWORD;
-import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_KEYSTORE_TYPE;
-import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_TRUSTSTORE;
-import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_TRUSTSTORE_PASSWORD;
-import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_ENABLED;
-import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_KEYSTORE;
-import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_KEYSTORE_PASSWORD;
-import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_KEYSTORE_TYPE;
-import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_TRUSTSTORE;
-import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_TRUSTSTORE_PASSWORD;
 import static org.apache.geode.distributed.ConfigurationProperties.SSL_CIPHERS;
 import static org.apache.geode.distributed.ConfigurationProperties.SSL_ENABLED_COMPONENTS;
 import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE;
@@ -33,9 +21,20 @@ import static org.apache.geode.distributed.ConfigurationProperties.SSL_KEYSTORE_
 import static org.apache.geode.distributed.ConfigurationProperties.SSL_PROTOCOLS;
 import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE;
 import static org.apache.geode.distributed.ConfigurationProperties.SSL_TRUSTSTORE_PASSWORD;
-import static org.apache.geode.internal.Assert.assertTrue;
 import static org.apache.geode.util.test.TestUtil.getResourcePath;
 
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.OutputStream;
+import java.util.Properties;
+
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.rules.RuleChain;
+import org.junit.rules.TemporaryFolder;
+
 import org.apache.geode.management.internal.cli.i18n.CliStrings;
 import org.apache.geode.security.SecurableCommunicationChannels;
 import org.apache.geode.test.dunit.Host;
@@ -45,18 +44,6 @@ import org.apache.geode.test.dunit.rules.LocatorServerStartupRule;
 import org.apache.geode.test.dunit.rules.MemberVM;
 import org.apache.geode.test.junit.categories.DistributedTest;
 import org.apache.geode.test.junit.rules.serializable.SerializableTemporaryFolder;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.experimental.categories.Category;
-import org.junit.rules.RuleChain;
-import org.junit.rules.TemporaryFolder;
-
-import java.io.File;
-import java.io.FileOutputStream;
-import java.io.OutputStream;
-import java.util.Properties;
 
 @Category(DistributedTest.class)
 public class ConnectToLocatorSSLDUnitTest {
@@ -66,88 +53,52 @@ public class ConnectToLocatorSSLDUnitTest {
 
   @Rule
   public RuleChain ruleChain =
-      RuleChain.outerRule(cleanupDUnitVMsRule).around(folder).around(lsRule);
+      RuleChain.outerRule(folder).around(cleanupDUnitVMsRule).around(lsRule);
 
   private File jks = null;
-  private File securityPropsFile = null;
+  protected File securityPropsFile = null;
   private Properties securityProps;
+  protected MemberVM locator;
 
   @Before
   public void before() throws Exception {
-    this.jks = new File(getResourcePath(getClass(), "/ssl/trusted.keystore"));
+    jks = new File(getResourcePath(getClass(), "/ssl/trusted.keystore"));
     securityPropsFile = folder.newFile("security.properties");
     securityProps = new Properties();
   }
 
-  @After
-  public void after() throws Exception {
-    securityPropsFile.delete();
-  }
-
-  private void setUpLocatorAndConnect(Properties securityProps) throws Exception {
-    MemberVM locator = lsRule.startLocatorVM(0, securityProps);
-
-    // saving the securityProps to a file
-    OutputStream out = new FileOutputStream(securityPropsFile);
-    securityProps.store(out, null);
-
-
-    /*
-     * When using SSL, the GfshShellConnectionRule seems to leave behind state in the JVM
that
-     * causes test flakinesss. (Each test method will pass if run in isolation, but when
all run
-     * together, the second and third tests will fail.) To avoid this issue, we connect to
our
-     * locator from a remote VM which is cleaned up by the CleanupDUnitVMsRule in between
tests.
-     */
-
+  protected void connect() throws Exception {
     final int locatorPort = locator.getPort();
     final String securityPropsFilePath = securityPropsFile.getCanonicalPath();
+
+    // when gfsh uses SSL, it leaves SSL state behind to contaminate other tests. So we pushed
+    // gfsh into a VM and uses a CleanupDUnitVM rule to clean it up after each test.
     Host.getHost(0).getVM(1).invoke(() -> {
       GfshShellConnectionRule gfshConnector = new GfshShellConnectionRule();
-      try {
-        gfshConnector.connectAndVerify(locatorPort, GfshShellConnectionRule.PortType.locator,
-            CliStrings.CONNECT__SECURITY_PROPERTIES, securityPropsFilePath);
-      } finally {
-        gfshConnector.close();
-      }
+      gfshConnector.connectAndVerify(locatorPort, GfshShellConnectionRule.PortType.locator,
+          CliStrings.CONNECT__SECURITY_PROPERTIES, securityPropsFilePath);
+      gfshConnector.executeAndVerifyCommand("list members");
+      gfshConnector.close();
     });
+
   }
 
   @Test
-  public void testConnectToLocatorWithSSLJMX() throws Exception {
-    securityProps.setProperty(SSL_ENABLED_COMPONENTS, SecurableCommunicationChannels.JMX);
+  public void testConnectToLocator_withSSL() throws Exception {
+    securityProps.setProperty(SSL_ENABLED_COMPONENTS, SecurableCommunicationChannels.ALL);
     securityProps.setProperty(SSL_KEYSTORE, jks.getCanonicalPath());
     securityProps.setProperty(SSL_KEYSTORE_PASSWORD, "password");
-    // securityProps.setProperty(SSL_KEYSTORE_TYPE, "JKS");
     securityProps.setProperty(SSL_TRUSTSTORE, jks.getCanonicalPath());
     securityProps.setProperty(SSL_TRUSTSTORE_PASSWORD, "password");
     securityProps.setProperty(SSL_PROTOCOLS, "TLSv1.2");
     securityProps.setProperty(SSL_CIPHERS, "any");
 
-    setUpLocatorAndConnect(securityProps);
-  }
-
-  @Test
-  public void testConnectToLocatorWithLegacyClusterSSL() throws Exception {
-    securityProps.setProperty(CLUSTER_SSL_ENABLED, "true");
-    securityProps.setProperty(CLUSTER_SSL_KEYSTORE, jks.getCanonicalPath());
-    securityProps.setProperty(CLUSTER_SSL_KEYSTORE_PASSWORD, "password");
-    securityProps.setProperty(CLUSTER_SSL_KEYSTORE_TYPE, "JKS");
-    securityProps.setProperty(CLUSTER_SSL_TRUSTSTORE, jks.getCanonicalPath());
-    securityProps.setProperty(CLUSTER_SSL_TRUSTSTORE_PASSWORD, "password");
-
-    setUpLocatorAndConnect(securityProps);
-  }
-
-  @Test
-  public void testConnectToLocatorWithLegacyJMXSSL() throws Exception {
-    securityProps.setProperty(JMX_MANAGER_SSL_ENABLED, "true");
-    securityProps.setProperty(JMX_MANAGER_SSL_KEYSTORE, jks.getCanonicalPath());
-    securityProps.setProperty(JMX_MANAGER_SSL_KEYSTORE_PASSWORD, "password");
-    securityProps.setProperty(JMX_MANAGER_SSL_KEYSTORE_TYPE, "JKS");
-    securityProps.setProperty(JMX_MANAGER_SSL_TRUSTSTORE, jks.getCanonicalPath());
-    securityProps.setProperty(JMX_MANAGER_SSL_TRUSTSTORE_PASSWORD, "password");
+    // start up the locator
+    locator = lsRule.startLocatorVM(0, securityProps);
+    // saving the securityProps to a file
+    OutputStream out = new FileOutputStream(securityPropsFile);
+    securityProps.store(out, null);
 
-    setUpLocatorAndConnect(securityProps);
+    connect();
   }
-
 }

http://git-wip-us.apache.org/repos/asf/geode/blob/6267efea/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorWithLegacySSLDUnitTest.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorWithLegacySSLDUnitTest.java
b/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorWithLegacySSLDUnitTest.java
new file mode 100644
index 0000000..d7db489
--- /dev/null
+++ b/geode-core/src/test/java/org/apache/geode/management/ConnectToLocatorWithLegacySSLDUnitTest.java
@@ -0,0 +1,118 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information
regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version
2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain
a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under
the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
express
+ * or implied. See the License for the specific language governing permissions and limitations
under
+ * the License.
+ */
+package org.apache.geode.management;
+
+import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_ENABLED;
+import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_KEYSTORE;
+import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_KEYSTORE_PASSWORD;
+import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_KEYSTORE_TYPE;
+import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_TRUSTSTORE;
+import static org.apache.geode.distributed.ConfigurationProperties.CLUSTER_SSL_TRUSTSTORE_PASSWORD;
+import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_ENABLED;
+import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_KEYSTORE;
+import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_KEYSTORE_PASSWORD;
+import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_KEYSTORE_TYPE;
+import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_TRUSTSTORE;
+import static org.apache.geode.distributed.ConfigurationProperties.JMX_MANAGER_SSL_TRUSTSTORE_PASSWORD;
+import static org.apache.geode.util.test.TestUtil.getResourcePath;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.OutputStream;
+import java.util.Properties;
+
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.rules.RuleChain;
+import org.junit.rules.TemporaryFolder;
+
+import org.apache.geode.management.internal.cli.i18n.CliStrings;
+import org.apache.geode.test.dunit.Host;
+import org.apache.geode.test.dunit.rules.CleanupDUnitVMsRule;
+import org.apache.geode.test.dunit.rules.GfshShellConnectionRule;
+import org.apache.geode.test.dunit.rules.LocatorServerStartupRule;
+import org.apache.geode.test.dunit.rules.MemberVM;
+import org.apache.geode.test.junit.categories.DistributedTest;
+import org.apache.geode.test.junit.rules.serializable.SerializableTemporaryFolder;
+
+@Category(DistributedTest.class)
+public class ConnectToLocatorWithLegacySSLDUnitTest {
+  private TemporaryFolder folder = new SerializableTemporaryFolder();
+  private LocatorServerStartupRule lsRule = new LocatorServerStartupRule();
+  private CleanupDUnitVMsRule cleanupDUnitVMsRule = new CleanupDUnitVMsRule();
+
+  @Rule
+  public RuleChain ruleChain =
+      RuleChain.outerRule(folder).around(cleanupDUnitVMsRule).around(lsRule);
+
+  private File jks = null;
+  protected File securityPropsFile = null;
+  private Properties securityProps;
+  protected MemberVM locator;
+
+  @Before
+  public void before() throws Exception {
+    jks = new File(getResourcePath(getClass(), "/ssl/trusted.keystore"));
+    securityPropsFile = folder.newFile("security.properties");
+    securityProps = new Properties();
+  }
+
+  protected void startUpLocatorAndConnect(Properties properties) throws Exception {
+    locator = lsRule.startLocatorVM(0, securityProps);
+    // saving the securityProps to a file
+    OutputStream out = new FileOutputStream(securityPropsFile);
+    securityProps.store(out, null);
+
+    final int locatorPort = locator.getPort();
+    final String securityPropsFilePath = securityPropsFile.getCanonicalPath();
+
+    // when gfsh uses SSL, it leaves SSL state behind to contaminate other tests. So we pushed
+    // gfsh into a VM and uses a CleanupDUnitVM rule to clean it up after each test.
+    Host.getHost(0).getVM(1).invoke(() -> {
+      GfshShellConnectionRule gfshConnector = new GfshShellConnectionRule();
+      gfshConnector.connectAndVerify(locatorPort, GfshShellConnectionRule.PortType.locator,
+          CliStrings.CONNECT__SECURITY_PROPERTIES, securityPropsFilePath);
+      gfshConnector.executeAndVerifyCommand("list members");
+      gfshConnector.close();
+    });
+  }
+
+  @Test
+  public void testConnectToLocator_withLegacyClusterSSL() throws Exception {
+    securityProps.setProperty(CLUSTER_SSL_ENABLED, "true");
+    securityProps.setProperty(CLUSTER_SSL_KEYSTORE, jks.getCanonicalPath());
+    securityProps.setProperty(CLUSTER_SSL_KEYSTORE_PASSWORD, "password");
+    securityProps.setProperty(CLUSTER_SSL_KEYSTORE_TYPE, "JKS");
+    securityProps.setProperty(CLUSTER_SSL_TRUSTSTORE, jks.getCanonicalPath());
+    securityProps.setProperty(CLUSTER_SSL_TRUSTSTORE_PASSWORD, "password");
+
+    startUpLocatorAndConnect(securityProps);
+  }
+
+  @Test
+  public void testConnectToLocator_withLegacyJMXManagerSSL() throws Exception {
+    securityProps.setProperty(JMX_MANAGER_SSL_ENABLED, "true");
+    securityProps.setProperty(JMX_MANAGER_SSL_KEYSTORE, jks.getCanonicalPath());
+    securityProps.setProperty(JMX_MANAGER_SSL_KEYSTORE_PASSWORD, "password");
+    securityProps.setProperty(JMX_MANAGER_SSL_KEYSTORE_TYPE, "JKS");
+    securityProps.setProperty(JMX_MANAGER_SSL_TRUSTSTORE, jks.getCanonicalPath());
+    securityProps.setProperty(JMX_MANAGER_SSL_TRUSTSTORE_PASSWORD, "password");
+
+    startUpLocatorAndConnect(securityProps);
+  }
+
+}

http://git-wip-us.apache.org/repos/asf/geode/blob/6267efea/geode-core/src/test/java/org/apache/geode/test/dunit/rules/GfshShellConnectionRule.java
----------------------------------------------------------------------
diff --git a/geode-core/src/test/java/org/apache/geode/test/dunit/rules/GfshShellConnectionRule.java
b/geode-core/src/test/java/org/apache/geode/test/dunit/rules/GfshShellConnectionRule.java
index df371d2..e7f17ef 100644
--- a/geode-core/src/test/java/org/apache/geode/test/dunit/rules/GfshShellConnectionRule.java
+++ b/geode-core/src/test/java/org/apache/geode/test/dunit/rules/GfshShellConnectionRule.java
@@ -225,7 +225,9 @@ public class GfshShellConnectionRule extends DescribedExternalResource
{
 
   public CommandResult executeAndVerifyCommand(String command) throws Exception {
     CommandResult result = executeCommand(command);
-    assertThat(result.getStatus()).isEqualTo(Result.Status.OK);
+    assertThat(result.getStatus())
+        .describedAs("Failure in command: " + command + "\n Result " + result)
+        .isEqualTo(Result.Status.OK);
     return result;
   }
 

http://git-wip-us.apache.org/repos/asf/geode/blob/6267efea/geode-web/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectToLocatorSSLOverHttpTest.java
----------------------------------------------------------------------
diff --git a/geode-web/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectToLocatorSSLOverHttpTest.java
b/geode-web/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectToLocatorSSLOverHttpTest.java
new file mode 100644
index 0000000..e5b8d25
--- /dev/null
+++ b/geode-web/src/test/java/org/apache/geode/management/internal/cli/commands/ConnectToLocatorSSLOverHttpTest.java
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
+ * agreements. See the NOTICE file distributed with this work for additional information
regarding
+ * copyright ownership. The ASF licenses this file to You under the Apache License, Version
2.0 (the
+ * "License"); you may not use this file except in compliance with the License. You may obtain
a
+ * copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under
the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
express
+ * or implied. See the License for the specific language governing permissions and limitations
under
+ * the License.
+ */
+
+package org.apache.geode.management.internal.cli.commands;
+
+import javax.net.ssl.HttpsURLConnection;
+
+import org.apache.geode.management.ConnectToLocatorSSLDUnitTest;
+import org.apache.geode.management.internal.cli.i18n.CliStrings;
+import org.apache.geode.test.dunit.Host;
+import org.apache.geode.test.dunit.rules.GfshShellConnectionRule;
+
+public class ConnectToLocatorSSLOverHttpTest extends ConnectToLocatorSSLDUnitTest {
+
+  protected void connect() throws Exception {
+    final int httpPort = locator.getHttpPort();
+    final String securityPropsFilePath = securityPropsFile.getCanonicalPath();
+    Host.getHost(0).getVM(1).invoke(() -> {
+      // Our SSL certificate used for tests does not match the hostname "localhost"
+      HttpsURLConnection.setDefaultHostnameVerifier((hostname, session) -> true);
+
+      GfshShellConnectionRule gfshConnector = new GfshShellConnectionRule();
+      gfshConnector.connectAndVerify(httpPort, GfshShellConnectionRule.PortType.http,
+          CliStrings.CONNECT__SECURITY_PROPERTIES, securityPropsFilePath,
+          CliStrings.CONNECT__USE_SSL, "true");
+      gfshConnector.executeAndVerifyCommand("list members");
+      gfshConnector.close();
+    });
+  }
+}
+


Mime
View raw message