Java tutorial
/** * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.hadoop.gateway; import java.io.File; import java.net.URL; import java.security.KeyManagementException; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.Arrays; import java.util.Enumeration; import java.util.HashMap; import java.util.Iterator; import java.util.Map; import java.util.Properties; import java.util.ServiceLoader; import java.util.UUID; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLHandshakeException; import javax.net.ssl.SSLSession; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; import javax.xml.transform.stream.StreamSource; import org.apache.commons.io.FileUtils; import org.apache.directory.server.protocol.shared.transport.TcpTransport; import org.apache.hadoop.gateway.security.ldap.SimpleLdapDirectoryServer; import org.apache.hadoop.gateway.services.DefaultGatewayServices; import org.apache.hadoop.gateway.services.GatewayServices; import org.apache.hadoop.gateway.services.ServiceLifecycleException; import org.apache.hadoop.gateway.services.topology.TopologyService; import org.apache.hadoop.test.TestUtils; import org.apache.hadoop.test.category.ReleaseTest; import org.apache.hadoop.test.mock.MockServer; import org.apache.http.HttpHost; import org.apache.http.auth.AuthScope; import org.apache.http.auth.UsernamePasswordCredentials; import org.apache.http.client.AuthCache; import org.apache.http.client.CredentialsProvider; import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpGet; import org.apache.http.client.protocol.HttpClientContext; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.impl.auth.BasicScheme; import org.apache.http.impl.client.BasicAuthCache; import org.apache.http.impl.client.BasicCredentialsProvider; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClients; import org.apache.log4j.Appender; import org.hamcrest.MatcherAssert; import org.junit.After; import org.junit.AfterClass; import org.junit.BeforeClass; import org.junit.Test; import org.junit.experimental.categories.Category; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import static org.apache.hadoop.test.TestUtils.LOG_ENTER; import static org.apache.hadoop.test.TestUtils.LOG_EXIT; import static org.hamcrest.CoreMatchers.notNullValue; import static org.junit.Assert.assertThat; import static org.junit.Assert.fail; import static org.xmlmatchers.transform.XmlConverters.the; import static org.xmlmatchers.xpath.HasXPath.hasXPath; @Category(ReleaseTest.class) public class GatewaySslFuncTest { private static Logger LOG = LoggerFactory.getLogger(GatewaySslFuncTest.class); private static Class DAT = GatewaySslFuncTest.class; private static Enumeration<Appender> appenders; private static GatewayTestConfig config; private static DefaultGatewayServices services; private static GatewayServer gateway; private static String gatewayScheme; private static int gatewayPort; private static String gatewayUrl; private static SimpleLdapDirectoryServer ldap; private static TcpTransport ldapTransport; private static int ldapPort; private static Properties params; private static TopologyService topos; private static MockServer mockWebHdfs; @BeforeClass public static void setupSuite() throws Exception { LOG_ENTER(); //appenders = NoOpAppender.setUp(); setupLdap(); setupGateway(); LOG_EXIT(); } @AfterClass public static void cleanupSuite() throws Exception { LOG_ENTER(); gateway.stop(); ldap.stop(true); FileUtils.deleteQuietly(new File(config.getGatewayHomeDir())); //NoOpAppender.tearDown( appenders ); LOG_EXIT(); } @After public void cleanupTest() throws Exception { FileUtils.cleanDirectory(new File(config.getGatewayTopologyDir())); FileUtils.cleanDirectory(new File(config.getGatewayDeploymentDir())); } public static void setupLdap() throws Exception { URL usersUrl = TestUtils.getResourceUrl(DAT, "users.ldif"); ldapTransport = new TcpTransport(0); ldap = new SimpleLdapDirectoryServer("dc=hadoop,dc=apache,dc=org", new File(usersUrl.toURI()), ldapTransport); ldap.start(); LOG.info("LDAP port = " + ldapTransport.getAcceptor().getLocalAddress().getPort()); } public static void setupGateway() throws Exception { File targetDir = new File(System.getProperty("user.dir"), "target"); File gatewayDir = new File(targetDir, "gateway-home-" + UUID.randomUUID()); gatewayDir.mkdirs(); config = new GatewayTestConfig(); config.setGatewayHomeDir(gatewayDir.getAbsolutePath()); File topoDir = new File(config.getGatewayTopologyDir()); topoDir.mkdirs(); File deployDir = new File(config.getGatewayDeploymentDir()); deployDir.mkdirs(); File securityDir = new File(config.getGatewaySecurityDir()); securityDir.mkdirs(); config.setSSLEnabled(true); setupMockServers(); startGatewayServer(); } public static void setupMockServers() throws Exception { mockWebHdfs = new MockServer("WEBHDFS", true); } private static GatewayServices instantiateGatewayServices() { ServiceLoader<GatewayServices> loader = ServiceLoader.load(GatewayServices.class); Iterator<GatewayServices> services = loader.iterator(); if (services.hasNext()) { return services.next(); } return null; } public static void startGatewayServer() throws Exception { instantiateGatewayServices(); services = new DefaultGatewayServices(); Map<String, String> options = new HashMap<>(); options.put("persist-master", "false"); options.put("master", "password"); try { services.init(config, options); } catch (ServiceLifecycleException e) { e.printStackTrace(); // I18N not required. } topos = services.getService(GatewayServices.TOPOLOGY_SERVICE); gateway = GatewayServer.startGateway(config, services); MatcherAssert.assertThat("Failed to start gateway.", gateway, notNullValue()); gatewayScheme = config.isSSLEnabled() ? "https" : "http"; gatewayPort = gateway.getAddresses()[0].getPort(); gatewayUrl = gatewayScheme + "://localhost:" + gatewayPort + "/" + config.getGatewayPath(); LOG.info("Gateway port = " + gateway.getAddresses()[0].getPort()); params = new Properties(); params.put("LDAP_URL", "ldap://localhost:" + ldapTransport.getAcceptor().getLocalAddress().getPort()); params.put("WEBHDFS_URL", "http://localhost:" + mockWebHdfs.getPort()); } @Test(timeout = TestUtils.MEDIUM_TIMEOUT) public void testKnox674SslCipherSuiteConfig() throws Exception { LOG_ENTER(); String topoStr = TestUtils.merge(DAT, "test-admin-topology.xml", params); File topoFile = new File(config.getGatewayTopologyDir(), "test-topology.xml"); FileUtils.writeStringToFile(topoFile, topoStr); topos.reloadTopologies(); String username = "guest"; String password = "guest-password"; String serviceUrl = gatewayUrl + "/test-topology/api/v1/version"; HttpHost targetHost = new HttpHost("localhost", gatewayPort, gatewayScheme); CredentialsProvider credsProvider = new BasicCredentialsProvider(); credsProvider.setCredentials(new AuthScope(targetHost.getHostName(), targetHost.getPort()), new UsernamePasswordCredentials(username, password)); AuthCache authCache = new BasicAuthCache(); BasicScheme basicAuth = new BasicScheme(); authCache.put(targetHost, basicAuth); HttpClientContext context = HttpClientContext.create(); context.setCredentialsProvider(credsProvider); context.setAuthCache(authCache); CloseableHttpClient client = HttpClients.custom() .setSSLSocketFactory( new SSLConnectionSocketFactory(createInsecureSslContext(), new String[] { "TLSv1.2" }, new String[] { "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" }, new TrustAllHosts())) .build(); HttpGet request = new HttpGet(serviceUrl); CloseableHttpResponse response = client.execute(request, context); assertThat(the(new StreamSource(response.getEntity().getContent())), hasXPath("/ServerVersion/version")); response.close(); client.close(); gateway.stop(); config.setExcludedSSLCiphers(Arrays.asList(new String[] { "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" })); config.setIncludedSSLCiphers(Arrays.asList(new String[] { "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" })); startGatewayServer(); serviceUrl = gatewayUrl + "/test-topology/api/v1/version"; try { client = HttpClients.custom() .setSSLSocketFactory( new SSLConnectionSocketFactory(createInsecureSslContext(), new String[] { "TLSv1.2" }, new String[] { "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" }, new TrustAllHosts())) .build(); request = new HttpGet(serviceUrl); client.execute(request, context); fail("Expected SSLHandshakeException"); } catch (SSLHandshakeException e) { // Expected. client.close(); } client = HttpClients.custom() .setSSLSocketFactory( new SSLConnectionSocketFactory(createInsecureSslContext(), new String[] { "TLSv1.2" }, new String[] { "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" }, new TrustAllHosts())) .build(); request = new HttpGet(serviceUrl); response = client.execute(request, context); assertThat(the(new StreamSource(response.getEntity().getContent())), hasXPath("/ServerVersion/version")); response.close(); client.close(); LOG_EXIT(); } public static class TrustAllHosts implements HostnameVerifier { @Override public boolean verify(String host, SSLSession sslSession) { // Trust all hostnames. return true; } } public static class TrustAllCerts implements X509TrustManager { public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { // Trust all certificates. } public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { // Trust all certificates. } public X509Certificate[] getAcceptedIssuers() { return null; } } public static SSLContext createInsecureSslContext() throws NoSuchAlgorithmException, KeyManagementException { SSLContext sslContext = SSLContext.getInstance("SSL"); sslContext.init(null, new TrustManager[] { new TrustAllCerts() }, new SecureRandom()); return sslContext; } }