Java tutorial
/* * Licensed to the Apache Software Foundation (ASF) under one or more contributor license * agreements. See the NOTICE file distributed with this work for additional information regarding * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance with the License. You may obtain a * copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software distributed under the License * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express * or implied. See the License for the specific language governing permissions and limitations under * the License. */ package org.apache.geode.rest.internal.web.controllers; import static org.apache.geode.distributed.ConfigurationProperties.*; import static org.junit.Assert.*; import java.io.BufferedReader; import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; import java.net.BindException; import java.security.KeyStore; import java.util.Arrays; import java.util.Collection; import java.util.Date; import java.util.HashMap; import java.util.Map; import java.util.Properties; import javax.net.ssl.SSLContext; import org.apache.commons.lang.StringUtils; import org.apache.http.HttpEntity; import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpGet; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.conn.ssl.TrustSelfSignedStrategy; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClients; import org.apache.http.ssl.SSLContextBuilder; import org.apache.http.ssl.SSLContexts; import org.json.JSONObject; import org.junit.Test; import org.junit.experimental.categories.Category; import org.junit.runner.RunWith; import org.junit.runners.Parameterized; import org.apache.geode.cache.AttributesFactory; import org.apache.geode.cache.Cache; import org.apache.geode.cache.CacheFactory; import org.apache.geode.cache.DataPolicy; import org.apache.geode.cache.Region; import org.apache.geode.cache.RegionAttributes; import org.apache.geode.cache.RegionFactory; import org.apache.geode.cache.RegionShortcut; import org.apache.geode.cache.client.ClientCache; import org.apache.geode.cache.client.ClientCacheFactory; import org.apache.geode.cache.client.ClientRegionShortcut; import org.apache.geode.cache.client.internal.LocatorTestBase; import org.apache.geode.cache.server.CacheServer; import org.apache.geode.distributed.DistributedSystem; import org.apache.geode.distributed.internal.InternalDistributedSystem; import org.apache.geode.internal.AvailablePort; import org.apache.geode.internal.AvailablePortHelper; import org.apache.geode.internal.cache.GemFireCacheImpl; import org.apache.geode.internal.security.SecurableCommunicationChannel; import org.apache.geode.management.ManagementException; import org.apache.geode.test.dunit.Host; import org.apache.geode.test.dunit.IgnoredException; import org.apache.geode.test.dunit.NetworkUtils; import org.apache.geode.test.dunit.VM; import org.apache.geode.test.junit.categories.DistributedTest; import org.apache.geode.test.junit.runners.CategoryWithParameterizedRunnerFactory; import org.apache.geode.util.test.TestUtil; /** * @since GemFire 8.0 */ @Category(DistributedTest.class) @RunWith(Parameterized.class) @Parameterized.UseParametersRunnerFactory(CategoryWithParameterizedRunnerFactory.class) public class RestAPIsWithSSLDUnitTest extends LocatorTestBase { private static final long serialVersionUID = -254776154266339226L; private final String PEOPLE_REGION_NAME = "People"; private final String INVALID_CLIENT_ALIAS = "INVALID_CLIENT_ALIAS"; @Parameterized.Parameter public String urlContext; @Parameterized.Parameters public static Collection<String> data() { return Arrays.asList("/geode", "/gemfire-api"); } public RestAPIsWithSSLDUnitTest() { super(); } @Override public final void preSetUp() { disconnectAllFromDS(); } @Override protected final void postTearDownLocatorTestBase() throws Exception { closeInfra(); disconnectAllFromDS(); } private File findTrustedJKSWithSingleEntry() { return new File(TestUtil.getResourcePath(RestAPIsWithSSLDUnitTest.class, "/ssl/trusted.keystore")); } private File findTrustStoreJKSForPath(Properties props) { String propertyValue = props.getProperty(SSL_TRUSTSTORE); if (StringUtils.isEmpty(propertyValue)) { propertyValue = props.getProperty(HTTP_SERVICE_SSL_TRUSTSTORE); } if (StringUtils.isEmpty(propertyValue)) { propertyValue = props.getProperty(HTTP_SERVICE_SSL_KEYSTORE); } return new File(propertyValue); } private File findKeyStoreJKS(Properties props) { String propertyValue = props.getProperty(SSL_KEYSTORE); if (StringUtils.isEmpty(propertyValue)) { propertyValue = props.getProperty(HTTP_SERVICE_SSL_KEYSTORE); } return new File(propertyValue); } @SuppressWarnings("deprecation") protected int startBridgeServer(String hostName, int restServicePort, final String locators, final String[] regions, final Properties sslProperties, boolean clusterLevel) { Properties props = new Properties(); props.setProperty(MCAST_PORT, "0"); props.setProperty(LOCATORS, locators); props.setProperty(START_DEV_REST_API, "true"); props.setProperty(HTTP_SERVICE_BIND_ADDRESS, hostName); props.setProperty(HTTP_SERVICE_PORT, String.valueOf(restServicePort)); System.setProperty("javax.net.debug", "ssl,handshake"); props = configureSSL(props, sslProperties, clusterLevel); DistributedSystem ds = getSystem(props); Cache cache = CacheFactory.create(ds); ((GemFireCacheImpl) cache).setReadSerialized(true); AttributesFactory factory = new AttributesFactory(); factory.setEnableBridgeConflation(true); factory.setDataPolicy(DataPolicy.REPLICATE); RegionAttributes attrs = factory.create(); for (int i = 0; i < regions.length; i++) { cache.createRegion(regions[i], attrs); } CacheServer server = cache.addCacheServer(); server.setPort(0); try { server.start(); } catch (IOException e) { e.printStackTrace(); } remoteObjects.put(CACHE_KEY, cache); return server.getPort(); } public void doPutsInClientCache() { ClientCache clientCache = ClientCacheFactory.getAnyInstance(); assertNotNull(clientCache); Region<String, Object> region = clientCache.getRegion(PEOPLE_REGION_NAME); // put person object region.put("1", new Person(101L, "Mithali", "Dorai", "Raj", new Date(), Gender.FEMALE)); region.put("2", new Person(102L, "Sachin", "Ramesh", "Tendulkar", new Date(), Gender.MALE)); region.put("3", new Person(103L, "Saurabh", "Baburav", "Ganguly", new Date(), Gender.MALE)); region.put("4", new Person(104L, "Rahul", "subrymanyam", "Dravid", new Date(), Gender.MALE)); region.put("5", new Person(105L, "Jhulan", "Chidambaram", "Goswami", new Date(), Gender.FEMALE)); Map<String, Object> userMap = new HashMap<String, Object>(); userMap.put("6", new Person(101L, "Rahul", "Rajiv", "Gndhi", new Date(), Gender.MALE)); userMap.put("7", new Person(102L, "Narendra", "Damodar", "Modi", new Date(), Gender.MALE)); userMap.put("8", new Person(103L, "Atal", "Bihari", "Vajpayee", new Date(), Gender.MALE)); userMap.put("9", new Person(104L, "Soniya", "Rajiv", "Gandhi", new Date(), Gender.FEMALE)); userMap.put("10", new Person(104L, "Priyanka", "Robert", "Gandhi", new Date(), Gender.FEMALE)); userMap.put("11", new Person(104L, "Murali", "Manohar", "Joshi", new Date(), Gender.MALE)); userMap.put("12", new Person(104L, "Lalkrishna", "Parmhansh", "Advani", new Date(), Gender.MALE)); userMap.put("13", new Person(104L, "Shushma", "kumari", "Swaraj", new Date(), Gender.FEMALE)); userMap.put("14", new Person(104L, "Arun", "raman", "jetly", new Date(), Gender.MALE)); userMap.put("15", new Person(104L, "Amit", "kumar", "shah", new Date(), Gender.MALE)); userMap.put("16", new Person(104L, "Shila", "kumari", "Dixit", new Date(), Gender.FEMALE)); region.putAll(userMap); clientCache.getLogger().info("Gemfire Cache Client: Puts successfully done"); } private String startInfraWithSSL(final Properties sslProperties, boolean clusterLevel) throws Exception { final Host host = Host.getHost(0); VM locator = host.getVM(0); VM manager = host.getVM(1); VM server = host.getVM(2); VM client = host.getVM(3); // start locator final int locatorPort = AvailablePort.getRandomAvailablePort(AvailablePort.SOCKET); final String locatorHostName = NetworkUtils.getServerHostName(locator.getHost()); locator.invoke("Start Locator", () -> { startLocator(locatorHostName, locatorPort, ""); }); // find locators String locators = locatorHostName + "[" + locatorPort + "]"; // start manager (peer cache) manager.invoke("StartManager", () -> startManager(locators, new String[] { REGION_NAME }, sslProperties)); // start startBridgeServer With RestService enabled String restEndpoint = server.invoke("startBridgeServerWithRestServiceOnInVM", () -> { final String hostName = server.getHost().getHostName(); final int restServicePort = AvailablePortHelper.getRandomAvailableTCPPort(); startBridgeServer(hostName, restServicePort, locators, new String[] { REGION_NAME }, sslProperties, clusterLevel); return "https://" + hostName + ":" + restServicePort + urlContext + "/v1"; }); // create a client cache client.invoke("Create ClientCache", () -> { new ClientCacheFactory().setPdxReadSerialized(true).addPoolLocator(locatorHostName, locatorPort) .create(); return null; }); // create region in Manager, peer cache and Client cache nodes manager.invoke("createRegionInManager", () -> createRegionInCache()); server.invoke("createRegionInPeerServer", () -> createRegionInCache()); client.invoke("createRegionInClientCache", () -> createRegionInClientCache()); // do some person puts from clientcache client.invoke("doPutsInClientCache", () -> doPutsInClientCache()); return restEndpoint; } private void closeInfra() throws Exception { final Host host = Host.getHost(0); VM locator = host.getVM(0); VM manager = host.getVM(1); VM server = host.getVM(2); VM client = host.getVM(3); // stop the client and make sure the bridge server notifies // stopBridgeMemberVM(client); locator.invoke(() -> closeCache()); manager.invoke(() -> closeCache()); server.invoke(() -> closeCache()); client.invoke(() -> closeCache()); } private void closeCache() { GemFireCacheImpl cache = GemFireCacheImpl.getInstance(); if (cache != null && !cache.isClosed()) { cache.close(); cache.getDistributedSystem().disconnect(); } } private void sslPropertyConverter(Properties properties, Properties newProperties, String propertyName, String newPropertyName) { String property = properties.getProperty(propertyName); if (property != null) { newProperties.setProperty((newPropertyName != null ? newPropertyName : propertyName), property); } } /** * @Deprecated once the legacy SSL properties have been removed we need to remove this logic. */ @Deprecated() private Properties configureSSL(Properties props, Properties sslProperties, boolean clusterLevel) { if (clusterLevel) { sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_ENABLED, CLUSTER_SSL_ENABLED); sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_KEYSTORE, CLUSTER_SSL_KEYSTORE); sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_KEYSTORE_PASSWORD, CLUSTER_SSL_KEYSTORE_PASSWORD); sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_KEYSTORE_TYPE, CLUSTER_SSL_KEYSTORE_TYPE); sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_PROTOCOLS, CLUSTER_SSL_PROTOCOLS); sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_REQUIRE_AUTHENTICATION, CLUSTER_SSL_REQUIRE_AUTHENTICATION); sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_TRUSTSTORE, CLUSTER_SSL_TRUSTSTORE); sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_TRUSTSTORE_PASSWORD, CLUSTER_SSL_TRUSTSTORE_PASSWORD); } else { sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_ENABLED, null); sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_KEYSTORE, null); sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_KEYSTORE_PASSWORD, null); sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_KEYSTORE_TYPE, null); sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_PROTOCOLS, null); sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_REQUIRE_AUTHENTICATION, null); sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_TRUSTSTORE, null); sslPropertyConverter(sslProperties, props, HTTP_SERVICE_SSL_TRUSTSTORE_PASSWORD, null); } String SecurableComponentProperty = sslProperties.getProperty(SSL_ENABLED_COMPONENTS); if (SecurableComponentProperty != null && SecurableComponentProperty.length() > 0) { sslPropertyConverter(sslProperties, props, SSL_KEYSTORE, null); sslPropertyConverter(sslProperties, props, SSL_KEYSTORE_PASSWORD, null); sslPropertyConverter(sslProperties, props, SSL_KEYSTORE_TYPE, null); sslPropertyConverter(sslProperties, props, SSL_PROTOCOLS, null); sslPropertyConverter(sslProperties, props, SSL_REQUIRE_AUTHENTICATION, null); sslPropertyConverter(sslProperties, props, SSL_TRUSTSTORE, null); sslPropertyConverter(sslProperties, props, SSL_TRUSTSTORE_PASSWORD, null); sslPropertyConverter(sslProperties, props, SSL_WEB_ALIAS, null); sslPropertyConverter(sslProperties, props, SSL_ENABLED_COMPONENTS, null); sslPropertyConverter(sslProperties, props, SSL_WEB_SERVICE_REQUIRE_AUTHENTICATION, null); sslPropertyConverter(sslProperties, props, SSL_DEFAULT_ALIAS, null); } return props; } private int startManager(final String locators, final String[] regions, final Properties sslProperties) throws IOException { IgnoredException.addIgnoredException("java.net.BindException"); IgnoredException.addIgnoredException("java.rmi.server.ExportException"); IgnoredException.addIgnoredException("org.apache.geode.management.ManagementException"); Properties props = new Properties(); props.setProperty(MCAST_PORT, "0"); props.setProperty(LOCATORS, locators); props.setProperty(JMX_MANAGER, "true"); props.setProperty(JMX_MANAGER_START, "true"); Cache cache = null; configureSSL(props, sslProperties, false); while (true) { try { DistributedSystem ds = getSystem(props); System.out.println( "Creating cache with http-service-port " + props.getProperty(HTTP_SERVICE_PORT, "7070") + " and jmx-manager-port " + props.getProperty(JMX_MANAGER_PORT, "1099")); cache = CacheFactory.create(ds); System.out.println("Successfully created cache."); break; } catch (ManagementException ex) { if ((ex.getCause() instanceof BindException) || (ex.getCause() != null && ex.getCause().getCause() instanceof BindException)) { // close cache and disconnect GemFireCacheImpl existingInstance = GemFireCacheImpl.getInstance(); if (existingInstance != null) { existingInstance.close(); } InternalDistributedSystem ids = InternalDistributedSystem.getConnectedInstance(); if (ids != null) { ids.disconnect(); } // try a different port int httpServicePort = AvailablePortHelper.getRandomAvailableTCPPort(); int jmxManagerPort = AvailablePortHelper.getRandomAvailableTCPPort(); props.setProperty(HTTP_SERVICE_PORT, Integer.toString(httpServicePort)); props.setProperty(JMX_MANAGER_PORT, Integer.toString(jmxManagerPort)); System.out.println("Try a different http-service-port " + httpServicePort); System.out.println("Try a different jmx-manager-port " + jmxManagerPort); } else { throw ex; } } } AttributesFactory factory = new AttributesFactory(); factory.setEnableBridgeConflation(true); factory.setDataPolicy(DataPolicy.REPLICATE); RegionAttributes attrs = factory.create(); for (int i = 0; i < regions.length; i++) { cache.createRegion(regions[i], attrs); } CacheServer server = cache.addCacheServer(); server.setPort(0); server.start(); return server.getPort(); } private void createRegionInClientCache() { ClientCache clientCache = ClientCacheFactory.getAnyInstance(); assertNotNull(clientCache); clientCache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(PEOPLE_REGION_NAME); clientCache.createClientRegionFactory(ClientRegionShortcut.PROXY).create(REGION_NAME); } private void createRegionInCache() { Cache cache = GemFireCacheImpl.getInstance(); assertNotNull(cache); RegionFactory<String, Object> regionFactory = cache.createRegionFactory(RegionShortcut.REPLICATE); regionFactory.create(PEOPLE_REGION_NAME); } private CloseableHttpClient getSSLBasedHTTPClient(Properties properties) throws Exception { KeyStore clientKeys = KeyStore.getInstance("JKS"); File keystoreJKSForPath = findKeyStoreJKS(properties); clientKeys.load(new FileInputStream(keystoreJKSForPath), "password".toCharArray()); KeyStore clientTrust = KeyStore.getInstance("JKS"); File trustStoreJKSForPath = findTrustStoreJKSForPath(properties); clientTrust.load(new FileInputStream(trustStoreJKSForPath), "password".toCharArray()); // this is needed SSLContextBuilder custom = SSLContexts.custom(); SSLContextBuilder sslContextBuilder = custom.loadTrustMaterial(clientTrust, new TrustSelfSignedStrategy()); SSLContext sslcontext = sslContextBuilder .loadKeyMaterial(clientKeys, "password".toCharArray(), (aliases, socket) -> { if (aliases.size() == 1) { return aliases.keySet().stream().findFirst().get(); } if (!StringUtils.isEmpty(properties.getProperty(INVALID_CLIENT_ALIAS))) { return properties.getProperty(INVALID_CLIENT_ALIAS); } else { return properties.getProperty(SSL_WEB_ALIAS); } }).build(); // Host checking is disabled here , as tests might run on multiple hosts and // host entries can not be assumed SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslcontext, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); return HttpClients.custom().setSSLSocketFactory(sslConnectionSocketFactory).build(); } private void validateConnection(String restEndpoint, String algo, Properties properties) { try { // 1. Get on key="1" and validate result. { HttpGet get = new HttpGet(restEndpoint + "/People/1"); get.addHeader("Content-Type", "application/json"); get.addHeader("Accept", "application/json"); CloseableHttpClient httpclient = getSSLBasedHTTPClient(properties); CloseableHttpResponse response = httpclient.execute(get); HttpEntity entity = response.getEntity(); InputStream content = entity.getContent(); BufferedReader reader = new BufferedReader(new InputStreamReader(content)); String line; StringBuilder str = new StringBuilder(); while ((line = reader.readLine()) != null) { str.append(line); } JSONObject jObject = new JSONObject(str.toString()); assertEquals(jObject.get("id"), 101); assertEquals(jObject.get("firstName"), "Mithali"); assertEquals(jObject.get("middleName"), "Dorai"); assertEquals(jObject.get("lastName"), "Raj"); assertEquals(jObject.get("gender"), Gender.FEMALE.name()); } } catch (Exception e) { throw new RuntimeException("unexpected exception", e); } } // Actual Tests starts here. @Test public void testSimpleSSL() throws Exception { Properties props = new Properties(); props.setProperty(SSL_KEYSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); props.setProperty(SSL_TRUSTSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); props.setProperty(SSL_KEYSTORE_PASSWORD, "password"); props.setProperty(SSL_TRUSTSTORE_PASSWORD, "password"); props.setProperty(SSL_KEYSTORE_TYPE, "JKS"); props.setProperty(SSL_ENABLED_COMPONENTS, SecurableCommunicationChannel.WEB.getConstant()); String restEndpoint = startInfraWithSSL(props, false); validateConnection(restEndpoint, "SSL", props); } @Test public void testSimpleSSLWithMultiKey_KeyStore() throws Exception { Properties props = new Properties(); props.setProperty(SSL_KEYSTORE, TestUtil.getResourcePath(getClass(), "/org/apache/geode/internal/net/multiKey.jks")); props.setProperty(SSL_TRUSTSTORE, TestUtil.getResourcePath(getClass(), "/org/apache/geode/internal/net/multiKeyTrust.jks")); props.setProperty(SSL_KEYSTORE_PASSWORD, "password"); props.setProperty(SSL_TRUSTSTORE_PASSWORD, "password"); props.setProperty(SSL_KEYSTORE_TYPE, "JKS"); props.setProperty(SSL_ENABLED_COMPONENTS, SecurableCommunicationChannel.WEB.getConstant()); props.setProperty(SSL_WEB_ALIAS, "httpservicekey"); props.setProperty(SSL_WEB_SERVICE_REQUIRE_AUTHENTICATION, "true"); String restEndpoint = startInfraWithSSL(props, false); validateConnection(restEndpoint, "SSL", props); } @Test(expected = RuntimeException.class) public void testSimpleSSLWithMultiKey_KeyStore_WithInvalidClientKey() throws Exception { Properties props = new Properties(); props.setProperty(SSL_KEYSTORE, TestUtil.getResourcePath(getClass(), "/org/apache/geode/internal/net/multiKey.jks")); props.setProperty(SSL_TRUSTSTORE, TestUtil.getResourcePath(getClass(), "/org/apache/geode/internal/net/multiKeyTrust.jks")); props.setProperty(SSL_KEYSTORE_PASSWORD, "password"); props.setProperty(SSL_TRUSTSTORE_PASSWORD, "password"); props.setProperty(SSL_KEYSTORE_TYPE, "JKS"); props.setProperty(SSL_ENABLED_COMPONENTS, SecurableCommunicationChannel.WEB.getConstant()); props.setProperty(SSL_WEB_SERVICE_REQUIRE_AUTHENTICATION, "true"); props.setProperty(SSL_WEB_ALIAS, "httpservicekey"); props.setProperty(INVALID_CLIENT_ALIAS, "someAlias"); String restEndpoint = startInfraWithSSL(props, false); validateConnection(restEndpoint, "SSL", props); } @Test public void testSSLWithoutKeyStoreType() throws Exception { Properties props = new Properties(); props.setProperty(SSL_KEYSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); props.setProperty(SSL_TRUSTSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); props.setProperty(SSL_KEYSTORE_PASSWORD, "password"); props.setProperty(SSL_TRUSTSTORE_PASSWORD, "password"); props.setProperty(SSL_ENABLED_COMPONENTS, SecurableCommunicationChannel.WEB.getConstant()); String restEndpoint = startInfraWithSSL(props, false); validateConnection(restEndpoint, "SSL", props); } @Test public void testSSLWithSSLProtocol() throws Exception { Properties props = new Properties(); props.setProperty(SSL_KEYSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); props.setProperty(SSL_TRUSTSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); props.setProperty(SSL_KEYSTORE_PASSWORD, "password"); props.setProperty(SSL_TRUSTSTORE_PASSWORD, "password"); props.setProperty(SSL_KEYSTORE_TYPE, "JKS"); props.setProperty(SSL_PROTOCOLS, "SSL"); props.setProperty(SSL_ENABLED_COMPONENTS, SecurableCommunicationChannel.WEB.getConstant()); String restEndpoint = startInfraWithSSL(props, false); validateConnection(restEndpoint, "SSL", props); } @Test public void testSSLWithTLSProtocol() throws Exception { Properties props = new Properties(); props.setProperty(SSL_KEYSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); props.setProperty(SSL_TRUSTSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); props.setProperty(SSL_KEYSTORE_PASSWORD, "password"); props.setProperty(SSL_TRUSTSTORE_PASSWORD, "password"); props.setProperty(SSL_KEYSTORE_TYPE, "JKS"); props.setProperty(SSL_PROTOCOLS, "TLS"); props.setProperty(SSL_ENABLED_COMPONENTS, SecurableCommunicationChannel.WEB.getConstant()); String restEndpoint = startInfraWithSSL(props, false); validateConnection(restEndpoint, "TLS", props); } @Test public void testSSLWithTLSv11Protocol() throws Exception { Properties props = new Properties(); props.setProperty(SSL_KEYSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); props.setProperty(SSL_TRUSTSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); props.setProperty(SSL_KEYSTORE_PASSWORD, "password"); props.setProperty(SSL_TRUSTSTORE_PASSWORD, "password"); props.setProperty(SSL_KEYSTORE_TYPE, "JKS"); props.setProperty(SSL_PROTOCOLS, "TLSv1.1"); props.setProperty(SSL_ENABLED_COMPONENTS, SecurableCommunicationChannel.WEB.getConstant()); String restEndpoint = startInfraWithSSL(props, false); validateConnection(restEndpoint, "TLSv1.1", props); } @Test public void testSSLWithTLSv12Protocol() throws Exception { Properties props = new Properties(); props.setProperty(SSL_KEYSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); props.setProperty(SSL_TRUSTSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); props.setProperty(SSL_KEYSTORE_PASSWORD, "password"); props.setProperty(SSL_TRUSTSTORE_PASSWORD, "password"); props.setProperty(SSL_KEYSTORE_TYPE, "JKS"); props.setProperty(SSL_PROTOCOLS, "TLSv1.2"); props.setProperty(SSL_ENABLED_COMPONENTS, SecurableCommunicationChannel.WEB.getConstant()); String restEndpoint = startInfraWithSSL(props, false); validateConnection(restEndpoint, "TLSv1.2", props); } @Test public void testWithMultipleProtocol() throws Exception { Properties props = new Properties(); props.setProperty(SSL_KEYSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); props.setProperty(SSL_TRUSTSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); props.setProperty(SSL_KEYSTORE_PASSWORD, "password"); props.setProperty(SSL_TRUSTSTORE_PASSWORD, "password"); props.setProperty(SSL_KEYSTORE_TYPE, "JKS"); props.setProperty(SSL_PROTOCOLS, "SSL,TLSv1.2"); props.setProperty(SSL_ENABLED_COMPONENTS, SecurableCommunicationChannel.WEB.getConstant()); String restEndpoint = startInfraWithSSL(props, false); validateConnection(restEndpoint, "TLSv1.2", props); } @Test public void testSSLWithCipherSuite() throws Exception { System.setProperty("javax.net.debug", "ssl"); Properties props = new Properties(); props.setProperty(SSL_KEYSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); props.setProperty(SSL_TRUSTSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); props.setProperty(SSL_KEYSTORE_PASSWORD, "password"); props.setProperty(SSL_TRUSTSTORE_PASSWORD, "password"); props.setProperty(SSL_KEYSTORE_TYPE, "JKS"); props.setProperty(SSL_PROTOCOLS, "TLSv1.2"); props.setProperty(SSL_ENABLED_COMPONENTS, SecurableCommunicationChannel.WEB.getConstant()); SSLContext ssl = SSLContext.getInstance("TLSv1.2"); ssl.init(null, null, new java.security.SecureRandom()); String[] cipherSuites = ssl.getSocketFactory().getSupportedCipherSuites(); props.setProperty(SSL_CIPHERS, cipherSuites[0]); String restEndpoint = startInfraWithSSL(props, false); validateConnection(restEndpoint, "TLSv1.2", props); } @Test public void testSSLWithMultipleCipherSuite() throws Exception { Properties props = new Properties(); props.setProperty(SSL_KEYSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); props.setProperty(SSL_TRUSTSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); props.setProperty(SSL_KEYSTORE_PASSWORD, "password"); props.setProperty(SSL_TRUSTSTORE_PASSWORD, "password"); props.setProperty(SSL_KEYSTORE_TYPE, "JKS"); props.setProperty(SSL_PROTOCOLS, "TLSv1.2"); props.setProperty(SSL_ENABLED_COMPONENTS, SecurableCommunicationChannel.WEB.getConstant()); SSLContext ssl = SSLContext.getInstance("TLSv1.2"); ssl.init(null, null, new java.security.SecureRandom()); String[] cipherSuites = ssl.getSocketFactory().getSupportedCipherSuites(); props.setProperty(SSL_CIPHERS, cipherSuites[0] + "," + cipherSuites[1]); String restEndpoint = startInfraWithSSL(props, false); validateConnection(restEndpoint, "TLSv1.2", props); } @Test public void testMutualAuthentication() throws Exception { Properties props = new Properties(); props.setProperty(SSL_KEYSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); props.setProperty(SSL_KEYSTORE_PASSWORD, "password"); props.setProperty(SSL_TRUSTSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); props.setProperty(SSL_TRUSTSTORE_PASSWORD, "password"); props.setProperty(SSL_KEYSTORE_TYPE, "JKS"); props.setProperty(SSL_PROTOCOLS, "SSL"); props.setProperty(SSL_REQUIRE_AUTHENTICATION, "true"); props.setProperty(SSL_WEB_SERVICE_REQUIRE_AUTHENTICATION, "true"); props.setProperty(SSL_ENABLED_COMPONENTS, SecurableCommunicationChannel.WEB.getConstant()); String restEndpoint = startInfraWithSSL(props, false); validateConnection(restEndpoint, "SSL", props); } @Test public void testSimpleSSLLegacy() throws Exception { Properties props = new Properties(); props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true"); props.setProperty(HTTP_SERVICE_SSL_KEYSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); props.setProperty(HTTP_SERVICE_SSL_KEYSTORE_PASSWORD, "password"); props.setProperty(HTTP_SERVICE_SSL_KEYSTORE_TYPE, "JKS"); String restEndpoint = startInfraWithSSL(props, false); validateConnection(restEndpoint, "SSL", props); } @Test public void testSSLWithoutKeyStoreTypeLegacy() throws Exception { Properties props = new Properties(); props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true"); props.setProperty(HTTP_SERVICE_SSL_KEYSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); props.setProperty(HTTP_SERVICE_SSL_KEYSTORE_PASSWORD, "password"); String restEndpoint = startInfraWithSSL(props, false); validateConnection(restEndpoint, "SSL", props); } @Test public void testSSLWithSSLProtocolLegacy() throws Exception { Properties props = new Properties(); props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true"); props.setProperty(HTTP_SERVICE_SSL_KEYSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); props.setProperty(HTTP_SERVICE_SSL_KEYSTORE_PASSWORD, "password"); props.setProperty(HTTP_SERVICE_SSL_PROTOCOLS, "SSL"); String restEndpoint = startInfraWithSSL(props, false); validateConnection(restEndpoint, "SSL", props); } @Test public void testSSLWithTLSProtocolLegacy() throws Exception { Properties props = new Properties(); props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true"); props.setProperty(HTTP_SERVICE_SSL_KEYSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); props.setProperty(HTTP_SERVICE_SSL_KEYSTORE_PASSWORD, "password"); props.setProperty(HTTP_SERVICE_SSL_PROTOCOLS, "TLS"); String restEndpoint = startInfraWithSSL(props, false); validateConnection(restEndpoint, "TLS", props); } @Test public void testSSLWithTLSv11ProtocolLegacy() throws Exception { Properties props = new Properties(); props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true"); props.setProperty(HTTP_SERVICE_SSL_KEYSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); props.setProperty(HTTP_SERVICE_SSL_KEYSTORE_PASSWORD, "password"); props.setProperty(HTTP_SERVICE_SSL_PROTOCOLS, "TLSv1.1"); String restEndpoint = startInfraWithSSL(props, false); validateConnection(restEndpoint, "TLSv1.1", props); } @Test public void testSSLWithTLSv12ProtocolLegacy() throws Exception { Properties props = new Properties(); props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true"); props.setProperty(HTTP_SERVICE_SSL_KEYSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); props.setProperty(HTTP_SERVICE_SSL_KEYSTORE_PASSWORD, "password"); props.setProperty(HTTP_SERVICE_SSL_PROTOCOLS, "TLSv1.2"); String restEndpoint = startInfraWithSSL(props, false); validateConnection(restEndpoint, "TLSv1.2", props); } @Test public void testWithMultipleProtocolLegacy() throws Exception { Properties props = new Properties(); props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true"); props.setProperty(HTTP_SERVICE_SSL_KEYSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); props.setProperty(HTTP_SERVICE_SSL_KEYSTORE_PASSWORD, "password"); props.setProperty(HTTP_SERVICE_SSL_PROTOCOLS, "SSL,TLSv1.2"); String restEndpoint = startInfraWithSSL(props, false); validateConnection(restEndpoint, "TLSv1.2", props); } @Test public void testSSLWithCipherSuiteLegacy() throws Exception { System.setProperty("javax.net.debug", "ssl"); Properties props = new Properties(); props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true"); props.setProperty(HTTP_SERVICE_SSL_KEYSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); props.setProperty(HTTP_SERVICE_SSL_KEYSTORE_PASSWORD, "password"); props.setProperty(HTTP_SERVICE_SSL_PROTOCOLS, "TLSv1.2"); SSLContext ssl = SSLContext.getInstance("TLSv1.2"); ssl.init(null, null, new java.security.SecureRandom()); String[] cipherSuites = ssl.getSocketFactory().getSupportedCipherSuites(); props.setProperty(HTTP_SERVICE_SSL_CIPHERS, cipherSuites[0]); String restEndpoint = startInfraWithSSL(props, false); validateConnection(restEndpoint, "TLSv1.2", props); } @Test public void testSSLWithMultipleCipherSuiteLegacy() throws Exception { Properties props = new Properties(); props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true"); props.setProperty(HTTP_SERVICE_SSL_KEYSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); props.setProperty(HTTP_SERVICE_SSL_KEYSTORE_PASSWORD, "password"); props.setProperty(HTTP_SERVICE_SSL_PROTOCOLS, "TLSv1.2"); SSLContext ssl = SSLContext.getInstance("TLSv1.2"); ssl.init(null, null, new java.security.SecureRandom()); String[] cipherSuites = ssl.getSocketFactory().getSupportedCipherSuites(); props.setProperty(HTTP_SERVICE_SSL_CIPHERS, cipherSuites[0] + "," + cipherSuites[1]); String restEndpoint = startInfraWithSSL(props, false); validateConnection(restEndpoint, "TLSv1.2", props); } @Test public void testMutualAuthenticationLegacy() throws Exception { Properties props = new Properties(); props.setProperty(HTTP_SERVICE_SSL_ENABLED, "true"); props.setProperty(HTTP_SERVICE_SSL_KEYSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); props.setProperty(HTTP_SERVICE_SSL_KEYSTORE_PASSWORD, "password"); props.setProperty(HTTP_SERVICE_SSL_PROTOCOLS, "SSL"); props.setProperty(HTTP_SERVICE_SSL_REQUIRE_AUTHENTICATION, "true"); props.setProperty(HTTP_SERVICE_SSL_TRUSTSTORE, findTrustedJKSWithSingleEntry().getCanonicalPath()); props.setProperty(HTTP_SERVICE_SSL_TRUSTSTORE_PASSWORD, "password"); String restEndpoint = startInfraWithSSL(props, false); validateConnection(restEndpoint, "SSL", props); } }