tinkerpop-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From spmalle...@apache.org
Subject [47/50] tinkerpop git commit: merge tp32
Date Tue, 04 Sep 2018 17:47:35 GMT
merge tp32


Project: http://git-wip-us.apache.org/repos/asf/tinkerpop/repo
Commit: http://git-wip-us.apache.org/repos/asf/tinkerpop/commit/e1c46b26
Tree: http://git-wip-us.apache.org/repos/asf/tinkerpop/tree/e1c46b26
Diff: http://git-wip-us.apache.org/repos/asf/tinkerpop/diff/e1c46b26

Branch: refs/heads/TINKERPOP-2021
Commit: e1c46b2656ecbb4b5bbf059105bffe0dcd278e4a
Parents: 98ab1b0 e937a3a
Author: Robert Dale <robdale@gmail.com>
Authored: Tue Sep 4 07:42:32 2018 -0400
Committer: Robert Dale <robdale@gmail.com>
Committed: Tue Sep 4 11:41:17 2018 -0400

----------------------------------------------------------------------
 CHANGELOG.asciidoc                              |   1 +
 .../src/reference/gremlin-applications.asciidoc |  82 +++++--
 .../upgrade/release-3.2.x-incubating.asciidoc   |  26 +++
 gremlin-console/conf/remote-secure.yaml         |   3 +-
 .../tinkerpop/gremlin/driver/Cluster.java       | 180 ++++++++++++++-
 .../tinkerpop/gremlin/driver/Settings.java      |  83 +++++++
 .../tinkerpop/gremlin/driver/SettingsTest.java  |  17 ++
 .../conf/gremlin-server-rest-secure.yaml        |   7 +-
 gremlin-server/conf/gremlin-server-secure.yaml  |   7 +-
 .../gremlin/server/AbstractChannelizer.java     |  91 ++++++--
 .../tinkerpop/gremlin/server/Settings.java      |  66 +++++-
 .../AbstractGremlinServerIntegrationTest.java   |  13 ++
 .../server/GremlinServerAuthIntegrateTest.java  |   4 +-
 .../GremlinServerAuthKrb5IntegrateTest.java     |   5 +-
 .../server/GremlinServerIntegrateTest.java      | 224 ++++++++++++++++---
 ...ctGremlinServerChannelizerIntegrateTest.java |  12 +-
 .../src/test/resources/client-key.jks           | Bin 0 -> 2241 bytes
 .../src/test/resources/client-key.p12           | Bin 0 -> 2583 bytes
 .../src/test/resources/client-trust.jks         | Bin 0 -> 969 bytes
 .../src/test/resources/client-trust.p12         | Bin 0 -> 1202 bytes
 .../src/test/resources/server-key.jks           | Bin 0 -> 2258 bytes
 .../src/test/resources/server-key.p12           | Bin 0 -> 2613 bytes
 .../src/test/resources/server-trust.jks         | Bin 0 -> 952 bytes
 .../src/test/resources/server-trust.p12         | Bin 0 -> 1186 bytes
 24 files changed, 725 insertions(+), 96 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/e1c46b26/CHANGELOG.asciidoc
----------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/e1c46b26/docs/src/reference/gremlin-applications.asciidoc
----------------------------------------------------------------------
diff --cc docs/src/reference/gremlin-applications.asciidoc
index e175d4b,1cd9964..83b52b6
--- a/docs/src/reference/gremlin-applications.asciidoc
+++ b/docs/src/reference/gremlin-applications.asciidoc
@@@ -766,9 -742,14 +766,13 @@@ The following table describes the vario
  |connectionPool.minInProcessPerConnection |The minimum number of in-flight requests that
can occur on a connection. |1
  |connectionPool.minSimultaneousUsagePerConnection |The maximum number of times that a connection
can be borrowed from the pool simultaneously. |8
  |connectionPool.minSize |The minimum size of a connection pool for a host. |2
 -|connectionPool.reconnectInitialDelay |The amount of time in milliseconds to wait before
trying to reconnect to a dead host for the first time. |1000
 -|connectionPool.reconnectInterval |The amount of time in milliseconds to wait before trying
to reconnect to a dead host. This interval occurs after the time specified by the `reconnectInitialDelay`.
|1000
 +|connectionPool.reconnectInterval |The amount of time in milliseconds to wait before trying
to reconnect to a dead host. |1000
  |connectionPool.resultIterationBatchSize |The override value for the size of the result
batches to be returned from the server. |64
- |connectionPool.trustCertChainFile |File location for a SSL Certificate Chain to use when
SSL is enabled. If this value is not provided and SSL is enabled, the `TrustManager` will
be established with a self-signed certificate which is NOT suitable for production purposes.
|_none_
+ |connectionPool.sslCipherSuites |The list of JSSE ciphers to support for SSL connections.
If specified, only the ciphers that are listed and supported will be enabled. If not specified,
the JVM default is used.  |_none_
+ |connectionPool.sslEnabledProtocols |The list of SSL protocols to support for SSL connections.
If specified, only the protocols that are listed and supported will be enabled. If not specified,
the JVM default is used.  |_none_
+ |connectionPool.sslSkipCertValidation |Configures the `TrustManager` to trust all certs
without any validation. Should not be used in production.|false
+ |connectionPool.trustStore |File location for a SSL Certificate Chain to use when SSL is
enabled. If this value is not provided and SSL is enabled, the default `TrustManager` will
be used. |_none_
+ |connectionPool.trustStorePassword |The password of the `trustStore` if it is password-protected
|_none_
  |hosts |The list of hosts that the driver will connect to. |localhost
  |jaasEntry |Sets the `AuthProperties.Property.JAAS_ENTRY` properties for authentication
to Gremlin Server. |_none_
  |nioPoolSize |Size of the pool for handling request/response operations. |available processors
@@@ -1313,8 -1246,50 +1320,48 @@@ authentication: 
    config: {
      credentialsDb: conf/tinkergraph-credentials.properties}}
  
 -===== Quick Start
 -
  A quick way to get started with the `SimpleAuthenticator` is to use TinkerGraph for the
"credentials graph" and the
- "sample" credential graph that is packaged with the server.
+ "sample" credential graph that is packaged with the server.  To secure the transport for
the credentials,
+ SSL should be enabled. For this Quick Start, a self-signed certificate will be created but
this should not
+ be used in a production environment.
+ 
+ Generate the self-signed SSL certificate:
+ 
+ [source,text]
+ ----
+ $ keytool -genkey -alias localhost -keyalg RSA -keystore server.jks
+ Enter keystore password:
+ Re-enter new password:
+ What is your first and last name?
+   [Unknown]:  localhost
+ What is the name of your organizational unit?
+   [Unknown]:
+ What is the name of your organization?
+   [Unknown]:
+ What is the name of your City or Locality?
+   [Unknown]:
+ What is the name of your State or Province?
+   [Unknown]:
+ What is the two-letter country code for this unit?
+   [Unknown]:
+ Is CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
+   [no]:  yes
+ 
+ Enter key password for <localhost>
+ 	(RETURN if same as keystore password):
+ ----
+ 
+ Next, uncomment the `keyStore` and `keyStorePassword` lines in `conf/gremlin-server-secure.yaml`.
+ 
+ [source,yaml]
+ ----
+ ssl: {
+   enabled: true,
+   sslEnabledProtocols: [TLSv1.2],
+   keyStore: server.jks,
+   keyStorePassword: changeit
+ }
+ ----
  
  [source,text]
  ----

http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/e1c46b26/docs/src/upgrade/release-3.2.x-incubating.asciidoc
----------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/e1c46b26/gremlin-console/conf/remote-secure.yaml
----------------------------------------------------------------------
diff --cc gremlin-console/conf/remote-secure.yaml
index 592adcc,b0a7309..97b756b
--- a/gremlin-console/conf/remote-secure.yaml
+++ b/gremlin-console/conf/remote-secure.yaml
@@@ -29,5 -29,6 +29,6 @@@ port: 818
  username: stephen
  password: password
  connectionPool: {
-   enableSsl: true}
+   enableSsl: true,
+   sslEnabledProtocols: [TLSv1.2] }
 -serializer: { className: org.apache.tinkerpop.gremlin.driver.ser.GryoMessageSerializerV1d0,
config: { serializeResultToString: true }}
 +serializer: { className: org.apache.tinkerpop.gremlin.driver.ser.GryoMessageSerializerV3d0,
config: { serializeResultToString: true }}

http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/e1c46b26/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Cluster.java
----------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/e1c46b26/gremlin-driver/src/main/java/org/apache/tinkerpop/gremlin/driver/Settings.java
----------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/e1c46b26/gremlin-driver/src/test/java/org/apache/tinkerpop/gremlin/driver/SettingsTest.java
----------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/e1c46b26/gremlin-server/conf/gremlin-server-rest-secure.yaml
----------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/e1c46b26/gremlin-server/conf/gremlin-server-secure.yaml
----------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/e1c46b26/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/AbstractChannelizer.java
----------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/e1c46b26/gremlin-server/src/main/java/org/apache/tinkerpop/gremlin/server/Settings.java
----------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/e1c46b26/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerAuthIntegrateTest.java
----------------------------------------------------------------------

http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/e1c46b26/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerAuthKrb5IntegrateTest.java
----------------------------------------------------------------------
diff --cc gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerAuthKrb5IntegrateTest.java
index c102446,0000000..a6f8f91
mode 100644,000000..100644
--- a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerAuthKrb5IntegrateTest.java
+++ b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerAuthKrb5IntegrateTest.java
@@@ -1,276 -1,0 +1,279 @@@
 +/*
 + * Licensed to the Apache Software Foundation (ASF) under one
 + * or more contributor license agreements.  See the NOTICE file
 + * distributed with this work for additional information
 + * regarding copyright ownership.  The ASF licenses this file
 + * to you under the Apache License, Version 2.0 (the
 + * "License"); you may not use this file except in compliance
 + * with the License.  You may obtain a copy of the License at
 + *
 + * http://www.apache.org/licenses/LICENSE-2.0
 + *
 + * Unless required by applicable law or agreed to in writing,
 + * software distributed under the License is distributed on an
 + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 + * KIND, either express or implied.  See the License for the
 + * specific language governing permissions and limitations
 + * under the License.
 + */
 +package org.apache.tinkerpop.gremlin.server;
 +
 +import org.apache.commons.lang.exception.ExceptionUtils;
 +import org.apache.log4j.Logger;
 +import org.apache.tinkerpop.gremlin.driver.Client;
 +import org.apache.tinkerpop.gremlin.driver.Cluster;
 +import org.apache.tinkerpop.gremlin.driver.MessageSerializer;
 +import org.apache.tinkerpop.gremlin.driver.exception.ResponseException;
 +import org.apache.tinkerpop.gremlin.driver.ser.GryoMessageSerializerV1d0;
 +import org.apache.tinkerpop.gremlin.driver.ser.GryoMessageSerializerV3d0;
 +import org.apache.tinkerpop.gremlin.server.auth.Krb5Authenticator;
 +import org.apache.tinkerpop.gremlin.util.Log4jRecordingAppender;
 +import org.ietf.jgss.GSSException;
 +import org.junit.After;
 +import org.junit.Before;
 +import org.junit.Test;
 +import org.slf4j.LoggerFactory;
 +
 +import java.io.File;
 +import java.util.HashMap;
 +import java.util.Map;
 +import javax.security.auth.login.LoginException;
 +
 +import static org.hamcrest.MatcherAssert.assertThat;
 +import static org.hamcrest.core.Is.is;
 +import static org.junit.Assert.assertEquals;
 +import static org.junit.Assert.assertTrue;
 +import static org.junit.Assert.fail;
 +
 +/**
 + * @author Marc de Lignie
 + */
 +public class GremlinServerAuthKrb5IntegrateTest extends AbstractGremlinServerIntegrationTest
{
 +    private static final org.slf4j.Logger logger = LoggerFactory.getLogger(GremlinServerAuthKrb5IntegrateTest.class);
 +    private Log4jRecordingAppender recordingAppender = null;
 +
 +    static final String TESTCONSOLE = "GremlinConsole";
 +    static final String TESTCONSOLE_NOT_LOGGED_IN = "UserNotLoggedIn";
 +
 +    private KdcFixture kdcServer;
 +
 +    @Before
 +    @Override
 +    public void setUp() throws Exception {
 +        setupForEachTest();
 +        try {
 +            final String buildDir = System.getProperty("build.dir");
 +            kdcServer = new KdcFixture(buildDir +
 +                    "/test-classes/org/apache/tinkerpop/gremlin/server/gremlin-console-jaas.conf");
 +            kdcServer.setUp();
 +        } catch(Exception e)  {
 +            logger.warn(e.getMessage());
 +        }
 +        super.setUp();
 +    }
 +
 +    public void setupForEachTest() {
 +        recordingAppender = new Log4jRecordingAppender();
 +        final Logger rootLogger = Logger.getRootLogger();
 +        rootLogger.addAppender(recordingAppender);
 +    }
 +
 +    @After
 +    public void teardownForEachTest() throws Exception {
 +        final Logger rootLogger = Logger.getRootLogger();
 +        rootLogger.removeAppender(recordingAppender);
 +        kdcServer.close();
 +    }
 +
 +    /**
 +     * Configure specific Gremlin Server settings for specific tests.
 +     */
 +    @Override
 +    public Settings overrideSettings(final Settings settings) {
 +        settings.host = kdcServer.hostname;
 +        final Settings.SslSettings sslConfig = new Settings.SslSettings();
 +        sslConfig.enabled = false;
 +        settings.ssl = sslConfig;
 +        final Settings.AuthenticationSettings authSettings = new Settings.AuthenticationSettings();
 +        settings.authentication = authSettings;
 +        authSettings.className = Krb5Authenticator.class.getName();
 +        final Map<String,Object> authConfig = new HashMap<>();
 +        authConfig.put("principal", kdcServer.serverPrincipal);
 +        authConfig.put("keytab", kdcServer.serviceKeytabFile.getAbsolutePath());
 +        authSettings.config = authConfig;
 +
 +        final String nameOfTest = name.getMethodName();
 +        switch (nameOfTest) {
 +            case "shouldAuthenticateWithDefaults":
 +            case "shouldFailWithoutClientJaasEntry":
 +            case "shouldFailWithoutClientTicketCache":
 +                break;
 +            case "shouldFailWithNonexistentServerPrincipal":
 +                authConfig.put("principal", "no-service");
 +                break;
 +            case "shouldFailWithEmptyServerKeytab":
 +                final File keytabFile = new File(".", "no-file");
 +                authConfig.put("keytab", keytabFile);
 +                break;
 +            case "shouldFailWithWrongServerKeytab":
 +                final String principal = "no-principal/somehost@TEST.COM";
 +                try { kdcServer.createPrincipal(principal); } catch(Exception e) {
 +                    logger.error("Cannot create principal in overrideSettings(): " + e.getMessage());
 +                };
 +                authConfig.put("principal", principal);
 +                break;
 +            case "shouldAuthenticateWithSsl":
 +                sslConfig.enabled = true;
++                sslConfig.keyStore = JKS_SERVER_KEY;
++                sslConfig.keyStorePassword = KEY_PASS;
++                sslConfig.keyStoreType = KEYSTORE_TYPE_JKS;
 +                break;
 +            case "shouldAuthenticateWithQop":
 +                break;
 +        }
 +        return settings;
 +    }
 +
 +    @Test
 +    public void shouldAuthenticateWithDefaults() throws Exception {
 +        final Cluster cluster = TestClientFactory.build().jaasEntry(TESTCONSOLE)
 +                .protocol(kdcServer.serverPrincipalName).addContactPoint(kdcServer.hostname).create();
 +        final Client client = cluster.connect();
 +        try {
 +            assertEquals(2, client.submit("1+1").all().get().get(0).getInt());
 +            assertEquals(3, client.submit("1+2").all().get().get(0).getInt());
 +            assertEquals(4, client.submit("1+3").all().get().get(0).getInt());
 +        } finally {
 +            cluster.close();
 +        }
 +    }
 +
 +    @Test
 +    public void shouldFailWithoutClientJaasEntry() throws Exception {
 +        final Cluster cluster = TestClientFactory.build().protocol(kdcServer.serverPrincipalName)
 +                .addContactPoint(kdcServer.hostname).create();
 +        final Client client = cluster.connect();
 +        try {
 +            client.submit("1+1").all().get();
 +            fail("This should not succeed as the client config does not contain a JaasEntry");
 +        } catch(Exception ex) {
 +            final Throwable root = ExceptionUtils.getRootCause(ex);
 +            assertTrue(root instanceof ResponseException || root instanceof GSSException);
 +        } finally {
 +            cluster.close();
 +        }
 +    }
 +
 +    @Test
 +    public void shouldFailWithoutClientTicketCache() throws Exception {
 +        final Cluster cluster = TestClientFactory.build().jaasEntry(TESTCONSOLE_NOT_LOGGED_IN)
 +                .protocol(kdcServer.serverPrincipalName).addContactPoint(kdcServer.hostname).create();
 +        final Client client = cluster.connect();
 +        try {
 +            client.submit("1+1").all().get();
 +            fail("This should not succeed as the client config does not contain a valid
ticket cache");
 +        } catch(Exception ex) {
 +            final Throwable root = ExceptionUtils.getRootCause(ex);
 +            assertEquals(LoginException.class, root.getClass());
 +        } finally {
 +            cluster.close();
 +        }
 +    }
 +
 +    @Test
 +    public void shouldFailWithNonexistentServerPrincipal() throws Exception {
 +        assertFailedLogin();
 +    }
 +
 +    @Test
 +    public void shouldFailWithEmptyServerKeytab() throws Exception {
 +        assertFailedLogin();
 +    }
 +
 +    @Test
 +    public void shouldFailWithWrongServerKeytab() throws Exception {
 +        assertFailedLogin();
 +    }
 +
 +    @Test
 +    public void shouldAuthenticateWithQop() throws Exception {
 +        final String oldQop = System.getProperty("javax.security.sasl.qop", "");
 +        System.setProperty("javax.security.sasl.qop", "auth-conf");
 +        final Cluster cluster = TestClientFactory.build().jaasEntry(TESTCONSOLE)
 +                .protocol(kdcServer.serverPrincipalName).addContactPoint(kdcServer.hostname).create();
 +        final Client client = cluster.connect();
 +        try {
 +            assertEquals(2, client.submit("1+1").all().get().get(0).getInt());
 +            assertEquals(3, client.submit("1+2").all().get().get(0).getInt());
 +            assertEquals(4, client.submit("1+3").all().get().get(0).getInt());
 +        } finally {
 +            cluster.close();
 +            System.setProperty("javax.security.sasl.qop", oldQop);
 +        }
 +    }
 +
 +    @Test
 +    public void shouldAuthenticateWithSsl() throws Exception {
-         final Cluster cluster = TestClientFactory.build().jaasEntry(TESTCONSOLE).enableSsl(true)
++        final Cluster cluster = TestClientFactory.build().jaasEntry(TESTCONSOLE).enableSsl(true).sslSkipCertValidation(true)
 +                .protocol(kdcServer.serverPrincipalName).addContactPoint(kdcServer.hostname).create();
 +        final Client client = cluster.connect();
 +        try {
 +            assertEquals(2, client.submit("1+1").all().get().get(0).getInt());
 +            assertEquals(3, client.submit("1+2").all().get().get(0).getInt());
 +            assertEquals(4, client.submit("1+3").all().get().get(0).getInt());
 +        } finally {
 +            cluster.close();
 +        }
 +    }
 +
 +    @Test
 +    public void shouldAuthenticateWithSerializeResultToStringV1() throws Exception {
 +        final MessageSerializer serializer = new GryoMessageSerializerV1d0();
 +        final Map<String,Object> config = new HashMap<>();
 +        config.put("serializeResultToString", true);
 +        serializer.configure(config, null);
 +        final Cluster cluster = TestClientFactory.build().jaasEntry(TESTCONSOLE)
 +                .protocol(kdcServer.serverPrincipalName).addContactPoint(kdcServer.hostname).serializer(serializer).create();
 +        final Client client = cluster.connect();
 +        try {
 +            assertEquals(2, client.submit("1+1").all().get().get(0).getInt());
 +            assertEquals(3, client.submit("1+2").all().get().get(0).getInt());
 +            assertEquals(4, client.submit("1+3").all().get().get(0).getInt());
 +        } finally {
 +            cluster.close();
 +        }
 +    }
 +
 +    @Test
 +    public void shouldAuthenticateWithSerializeResultToStringV3() throws Exception {
 +        final MessageSerializer serializer = new GryoMessageSerializerV3d0();
 +        final Map<String, Object> config = new HashMap<>();
 +        config.put("serializeResultToString", true);
 +        serializer.configure(config, null);
 +        final Cluster cluster = TestClientFactory.build().jaasEntry(TESTCONSOLE)
 +                .protocol(kdcServer.serverPrincipalName).addContactPoint(kdcServer.hostname).serializer(serializer).create();
 +        final Client client = cluster.connect();
 +        try {
 +            assertEquals(2, client.submit("1+1").all().get().get(0).getInt());
 +            assertEquals(3, client.submit("1+2").all().get().get(0).getInt());
 +            assertEquals(4, client.submit("1+3").all().get().get(0).getInt());
 +        } finally {
 +            cluster.close();
 +        }
 +    }
 +
 +    /**
 +     * Tries to force the logger to flush fully or at least wait until it does.
 +     */
 +    private void assertFailedLogin() throws Exception {
 +        stopServer();
 +
 +        boolean logMessageIdentified = false;
 +        for (int ix = 0; ix < 10 && !logMessageIdentified; ix++) {
 +            logMessageIdentified = recordingAppender.logContainsAny("WARN - Failed to login
to kdc");
 +            if (!logMessageIdentified) Thread.sleep(1000);
 +        }
 +
 +        assertThat(logMessageIdentified, is(true));
 +    }
 +}

http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/e1c46b26/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerIntegrateTest.java
----------------------------------------------------------------------
diff --cc gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerIntegrateTest.java
index 0de3718,2198682..db2727a
--- a/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerIntegrateTest.java
+++ b/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/GremlinServerIntegrateTest.java
@@@ -222,25 -227,76 +226,79 @@@ public class GremlinServerIntegrateTes
                  settings.ssl = new Settings.SslSettings();
                  settings.ssl.enabled = true;
                  settings.ssl.needClientAuth = ClientAuth.REQUIRE;
-                 settings.ssl.keyCertChainFile = SERVER_CRT;
-                 settings.ssl.keyFile = SERVER_KEY;
-                 settings.ssl.keyPassword =KEY_PASS;
+                 settings.ssl.keyCertChainFile = PEM_SERVER_CRT;
+                 settings.ssl.keyFile = PEM_SERVER_KEY;
+                 settings.ssl.keyPassword = KEY_PASS;
                  // Trust ONLY the server cert
-                 settings.ssl.trustCertChainFile = SERVER_CRT;
-             	break;
+                 settings.ssl.trustCertChainFile = PEM_SERVER_CRT;
+                 break;
+             case "shouldEnableSslAndClientCertificateAuthWithPkcs12":
+                 settings.ssl = new Settings.SslSettings();
+                 settings.ssl.enabled = true;
+                 settings.ssl.needClientAuth = ClientAuth.REQUIRE;
+                 settings.ssl.keyStore = P12_SERVER_KEY;
+                 settings.ssl.keyStorePassword = KEY_PASS;
+                 settings.ssl.keyStoreType = KEYSTORE_TYPE_PKCS12;
+                 settings.ssl.trustStore = P12_SERVER_TRUST;
+                 settings.ssl.trustStorePassword = KEY_PASS;
+                 break;
+             case "shouldEnableSslAndClientCertificateAuth":
+                 settings.ssl = new Settings.SslSettings();
+                 settings.ssl.enabled = true;
+                 settings.ssl.needClientAuth = ClientAuth.REQUIRE;
+                 settings.ssl.keyStore = JKS_SERVER_KEY;
+                 settings.ssl.keyStorePassword = KEY_PASS;
+                 settings.ssl.keyStoreType = KEYSTORE_TYPE_JKS;
+                 settings.ssl.trustStore = JKS_SERVER_TRUST;
+                 settings.ssl.trustStorePassword = KEY_PASS;
+                 break;
+             case "shouldEnableSslAndClientCertificateAuthAndFailWithoutCert":
+                 settings.ssl = new Settings.SslSettings();
+                 settings.ssl.enabled = true;
+                 settings.ssl.needClientAuth = ClientAuth.REQUIRE;
+                 settings.ssl.keyStore = JKS_SERVER_KEY;
+                 settings.ssl.keyStorePassword = KEY_PASS;
+                 settings.ssl.keyStoreType = KEYSTORE_TYPE_JKS;
+                 settings.ssl.trustStore = JKS_SERVER_TRUST;
+                 settings.ssl.trustStorePassword = KEY_PASS;
+                 break;
+             case "shouldEnableSslAndClientCertificateAuthAndFailWithoutTrustedClientCert":
+                 settings.ssl = new Settings.SslSettings();
+                 settings.ssl.enabled = true;
+                 settings.ssl.needClientAuth = ClientAuth.REQUIRE;
+                 settings.ssl.keyStore = JKS_SERVER_KEY;
+                 settings.ssl.keyStorePassword = KEY_PASS;
+                 settings.ssl.keyStoreType = KEYSTORE_TYPE_JKS;
+                 break;
+             case "shouldEnableSslAndFailIfProtocolsDontMatch":
+                 settings.ssl = new Settings.SslSettings();
+                 settings.ssl.enabled = true;
+                 settings.ssl.keyStore = JKS_SERVER_KEY;
+                 settings.ssl.keyStorePassword = KEY_PASS;
+                 settings.ssl.keyStoreType = KEYSTORE_TYPE_JKS;
+                 settings.ssl.sslEnabledProtocols = Arrays.asList("TLSv1.1");
+                 break;
+             case "shouldEnableSslAndFailIfCiphersDontMatch":
+                 settings.ssl = new Settings.SslSettings();
+                 settings.ssl.enabled = true;
+                 settings.ssl.keyStore = JKS_SERVER_KEY;
+                 settings.ssl.keyStorePassword = KEY_PASS;
+                 settings.ssl.keyStoreType = KEYSTORE_TYPE_JKS;
+                 settings.ssl.sslCipherSuites = Arrays.asList("TLS_DHE_RSA_WITH_AES_128_CBC_SHA");
+                 break;
              case "shouldUseSimpleSandbox":
 -                settings.scriptEngines.get("gremlin-groovy").config = getScriptEngineConfForSimpleSandbox();
 +                settings.scriptEngines.get("gremlin-groovy").plugins.put(GroovyCompilerGremlinPlugin.class.getName(),
getScriptEngineConfForSimpleSandbox());
 +                // remove the script because it isn't used in the test but also because
it's not CompileStatic ready
 +                settings.scriptEngines.get("gremlin-groovy").plugins.remove(ScriptFileGremlinPlugin.class.getName());
                  break;
              case "shouldUseInterpreterMode":
 -                settings.scriptEngines.get("gremlin-groovy").config = getScriptEngineConfForInterpreterMode();
 +                settings.scriptEngines.get("gremlin-groovy").plugins.put(GroovyCompilerGremlinPlugin.class.getName(),
getScriptEngineConfForInterpreterMode());
                  break;
              case "shouldReceiveFailureTimeOutOnScriptEvalOfOutOfControlLoop":
 -                settings.scriptEngines.get("gremlin-groovy").config = getScriptEngineConfForTimedInterrupt();
 +                settings.scriptEngines.get("gremlin-groovy").plugins.put(GroovyCompilerGremlinPlugin.class.getName(),
getScriptEngineConfForTimedInterrupt());
                  break;
              case "shouldUseBaseScript":
 +                settings.scriptEngines.get("gremlin-groovy").plugins.put(GroovyCompilerGremlinPlugin.class.getName(),
getScriptEngineConfForBaseScript());
                  settings.scriptEngines.get("gremlin-groovy").config = getScriptEngineConfForBaseScript();
                  break;
              case "shouldReturnInvalidRequestArgsWhenBindingCountExceedsAllowable":

http://git-wip-us.apache.org/repos/asf/tinkerpop/blob/e1c46b26/gremlin-server/src/test/java/org/apache/tinkerpop/gremlin/server/channel/AbstractGremlinServerChannelizerIntegrateTest.java
----------------------------------------------------------------------


Mime
View raw message