summaryrefslogtreecommitdiff
path: root/zookeeper-server/src/test/java/org/apache/zookeeper/server/quorum/QuorumSSLTest.java
diff options
context:
space:
mode:
Diffstat (limited to 'zookeeper-server/src/test/java/org/apache/zookeeper/server/quorum/QuorumSSLTest.java')
-rw-r--r--zookeeper-server/src/test/java/org/apache/zookeeper/server/quorum/QuorumSSLTest.java386
1 files changed, 222 insertions, 164 deletions
diff --git a/zookeeper-server/src/test/java/org/apache/zookeeper/server/quorum/QuorumSSLTest.java b/zookeeper-server/src/test/java/org/apache/zookeeper/server/quorum/QuorumSSLTest.java
index e47b7ef58..dcd9fcee6 100644
--- a/zookeeper-server/src/test/java/org/apache/zookeeper/server/quorum/QuorumSSLTest.java
+++ b/zookeeper-server/src/test/java/org/apache/zookeeper/server/quorum/QuorumSSLTest.java
@@ -1,4 +1,4 @@
-/**
+/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
@@ -18,9 +18,41 @@
package org.apache.zookeeper.server.quorum;
+import static org.apache.zookeeper.test.ClientBase.CONNECTION_TIMEOUT;
+import static org.apache.zookeeper.test.ClientBase.createTmpDir;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
import com.sun.net.httpserver.Headers;
import com.sun.net.httpserver.HttpHandler;
import com.sun.net.httpserver.HttpServer;
+import java.io.FileOutputStream;
+import java.io.FileWriter;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.math.BigInteger;
+import java.net.InetSocketAddress;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.Security;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Calendar;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Random;
+import java.util.concurrent.TimeUnit;
+import javax.net.ssl.SSLServerSocketFactory;
import org.apache.zookeeper.PortAssignment;
import org.apache.zookeeper.client.ZKClientConfig;
import org.apache.zookeeper.common.QuorumX509Util;
@@ -78,43 +110,11 @@ import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import org.bouncycastle.util.io.pem.PemWriter;
import org.junit.After;
-import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.Timeout;
-import javax.net.ssl.SSLServerSocketFactory;
-import java.io.FileOutputStream;
-import java.io.FileWriter;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.math.BigInteger;
-import java.net.InetSocketAddress;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.KeyStore;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PrivateKey;
-import java.security.Security;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Calendar;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Random;
-import java.util.concurrent.TimeUnit;
-
-import static org.apache.zookeeper.test.ClientBase.CONNECTION_TIMEOUT;
-import static org.apache.zookeeper.test.ClientBase.createTmpDir;
-import static org.junit.Assert.fail;
-
public class QuorumSSLTest extends QuorumPeerTestBase {
private static final String SSL_QUORUM_ENABLED = "sslQuorum=true\n";
@@ -151,8 +151,7 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
private Date certEndTime;
@Rule
- public Timeout timeout = Timeout.builder().withTimeout(5, TimeUnit.MINUTES)
- .withLookingForStuckThread(true).build();
+ public Timeout timeout = Timeout.builder().withTimeout(5, TimeUnit.MINUTES).withLookingForStuckThread(true).build();
@Before
public void setup() throws Exception {
@@ -192,8 +191,14 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
outputStream.close();
defaultKeyPair = createKeyPair();
- X509Certificate validCertificate = buildEndEntityCert(defaultKeyPair, rootCertificate, rootKeyPair.getPrivate(),
- HOSTNAME, "127.0.0.1", null, null);
+ X509Certificate validCertificate = buildEndEntityCert(
+ defaultKeyPair,
+ rootCertificate,
+ rootKeyPair.getPrivate(),
+ HOSTNAME,
+ "127.0.0.1",
+ null,
+ null);
writeKeystore(validCertificate, defaultKeyPair, validKeystorePath);
setSSLSystemProperties();
@@ -202,7 +207,7 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
private void writeKeystore(X509Certificate certificate, KeyPair entityKeyPair, String path) throws Exception {
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, PASSWORD);
- keyStore.setKeyEntry("alias", entityKeyPair.getPrivate(), PASSWORD, new Certificate[] { certificate });
+ keyStore.setKeyEntry("alias", entityKeyPair.getPrivate(), PASSWORD, new Certificate[]{certificate});
FileOutputStream outputStream = new FileOutputStream(path);
keyStore.store(outputStream, PASSWORD);
outputStream.flush();
@@ -230,15 +235,12 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
OCSPReq ocspRequest = new OCSPReq(requestBytes);
Req[] requestList = ocspRequest.getRequestList();
- DigestCalculator digestCalculator = new JcaDigestCalculatorProviderBuilder().build()
- .get(CertificateID.HASH_SHA1);
+ DigestCalculator digestCalculator = new JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1);
- BasicOCSPRespBuilder responseBuilder =
- new JcaBasicOCSPRespBuilder(rootKeyPair.getPublic(), digestCalculator);
- for ( Req req : requestList ) {
+ BasicOCSPRespBuilder responseBuilder = new JcaBasicOCSPRespBuilder(rootKeyPair.getPublic(), digestCalculator);
+ for (Req req : requestList) {
CertificateID certId = req.getCertID();
- CertificateID revokedCertId =
- new JcaCertificateID(digestCalculator, rootCertificate, revokedCert.getSerialNumber());
+ CertificateID revokedCertId = new JcaCertificateID(digestCalculator, rootCertificate, revokedCert.getSerialNumber());
CertificateStatus certificateStatus;
if (revokedCertId.equals(certId)) {
certificateStatus = new UnknownStatus();
@@ -246,20 +248,16 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
certificateStatus = CertificateStatus.GOOD;
}
- responseBuilder.addResponse(certId, certificateStatus,null);
+ responseBuilder.addResponse(certId, certificateStatus, null);
}
- X509CertificateHolder[] chain = new X509CertificateHolder[] {
- new JcaX509CertificateHolder(rootCertificate)
- };
- ContentSigner signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC")
- .build(rootKeyPair.getPrivate());
- BasicOCSPResp ocspResponse = responseBuilder.build(signer, chain, Calendar.getInstance().getTime() );
+ X509CertificateHolder[] chain = new X509CertificateHolder[]{new JcaX509CertificateHolder(rootCertificate)};
+ ContentSigner signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(rootKeyPair.getPrivate());
+ BasicOCSPResp ocspResponse = responseBuilder.build(signer, chain, Calendar.getInstance().getTime());
responseBytes = new OCSPRespBuilder().build(OCSPRespBuilder.SUCCESSFUL, ocspResponse).getEncoded();
} catch (OperatorException | CertificateEncodingException | OCSPException exception) {
- responseBytes = new OCSPResp(new OCSPResponse(
- new OCSPResponseStatus(OCSPRespBuilder.INTERNAL_ERROR), null)).getEncoded();
+ responseBytes = new OCSPResp(new OCSPResponse(new OCSPResponseStatus(OCSPRespBuilder.INTERNAL_ERROR), null)).getEncoded();
}
Headers rh = httpExchange.getResponseHeaders();
@@ -270,6 +268,7 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
os.write(responseBytes);
os.close();
}
+
}
private X509Certificate createSelfSignedCertifcate(KeyPair keyPair) throws Exception {
@@ -277,12 +276,16 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
nameBuilder.addRDN(BCStyle.CN, HOSTNAME);
BigInteger serialNumber = new BigInteger(128, new Random());
- X509v3CertificateBuilder certificateBuilder =
- new JcaX509v3CertificateBuilder(nameBuilder.build(), serialNumber, certStartTime, certEndTime,
- nameBuilder.build(), keyPair.getPublic())
- .addExtension(Extension.basicConstraints, true, new BasicConstraints(0))
- .addExtension(Extension.keyUsage, true,
- new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));
+ JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(
+ nameBuilder.build(),
+ serialNumber,
+ certStartTime,
+ certEndTime,
+ nameBuilder.build(),
+ keyPair.getPublic());
+ X509v3CertificateBuilder certificateBuilder = jcaX509v3CertificateBuilder
+ .addExtension(Extension.basicConstraints, true, new BasicConstraints(0))
+ .addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign | KeyUsage.cRLSign));
return new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(contentSigner));
}
@@ -291,8 +294,7 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
X509v2CRLBuilder builder = new JcaX509v2CRLBuilder(x509Certificate.getIssuerX500Principal(), certStartTime);
builder.addCRLEntry(x509Certificate.getSerialNumber(), certStartTime, CRLReason.cACompromise);
builder.setNextUpdate(certEndTime);
- builder.addExtension(Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils()
- .createAuthorityKeyIdentifier(rootCertificate));
+ builder.addExtension(Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(rootCertificate));
builder.addExtension(Extension.cRLNumber, false, new CRLNumber(new BigInteger("1000")));
X509CRLHolder cRLHolder = builder.build(contentSigner);
@@ -303,11 +305,16 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
pemWriter.close();
}
- public X509Certificate buildEndEntityCert(KeyPair keyPair, X509Certificate caCert, PrivateKey caPrivateKey,
- String hostname, String ipAddress, String crlPath, Integer ocspPort)
- throws Exception {
+ public X509Certificate buildEndEntityCert(
+ KeyPair keyPair,
+ X509Certificate caCert,
+ PrivateKey caPrivateKey,
+ String hostname,
+ String ipAddress,
+ String crlPath,
+ Integer ocspPort) throws Exception {
X509CertificateHolder holder = new JcaX509CertificateHolder(caCert);
- ContentSigner signer =new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(caPrivateKey);
+ ContentSigner signer = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(caPrivateKey);
List<GeneralName> generalNames = new ArrayList<>();
if (hostname != null) {
@@ -318,49 +325,53 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
generalNames.add(new GeneralName(GeneralName.iPAddress, ipAddress));
}
- SubjectPublicKeyInfo entityKeyInfo =
- SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(PublicKeyFactory.createKey(keyPair.getPublic()
- .getEncoded()));
+ SubjectPublicKeyInfo entityKeyInfo = SubjectPublicKeyInfoFactory.createSubjectPublicKeyInfo(
+ PublicKeyFactory.createKey(keyPair.getPublic().getEncoded()));
X509ExtensionUtils extensionUtils = new BcX509ExtensionUtils();
- X509v3CertificateBuilder certificateBuilder =
- new JcaX509v3CertificateBuilder(holder.getSubject(), new BigInteger(128, new Random()),
- certStartTime, certEndTime, new X500Name("CN=Test End Entity Certificate"), keyPair.getPublic())
- .addExtension(Extension.authorityKeyIdentifier, false,
- extensionUtils.createAuthorityKeyIdentifier(holder))
- .addExtension(Extension.subjectKeyIdentifier, false,
- extensionUtils.createSubjectKeyIdentifier(entityKeyInfo))
- .addExtension(Extension.basicConstraints, true, new BasicConstraints(false))
- .addExtension(Extension.keyUsage, true,
- new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
+ JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(
+ holder.getSubject(),
+ new BigInteger(128, new Random()),
+ certStartTime,
+ certEndTime,
+ new X500Name("CN=Test End Entity Certificate"),
+ keyPair.getPublic());
+ X509v3CertificateBuilder certificateBuilder = jcaX509v3CertificateBuilder
+ .addExtension(Extension.authorityKeyIdentifier, false, extensionUtils.createAuthorityKeyIdentifier(holder))
+ .addExtension(Extension.subjectKeyIdentifier, false, extensionUtils.createSubjectKeyIdentifier(entityKeyInfo))
+ .addExtension(Extension.basicConstraints, true, new BasicConstraints(false))
+ .addExtension(Extension.keyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment));
if (!generalNames.isEmpty()) {
- certificateBuilder.addExtension(Extension.subjectAlternativeName, true,
- new GeneralNames(generalNames.toArray(new GeneralName[] {})));
+ certificateBuilder.addExtension(
+ Extension.subjectAlternativeName,
+ true,
+ new GeneralNames(generalNames.toArray(new GeneralName[]{})));
}
if (crlPath != null) {
- DistributionPointName distPointOne = new DistributionPointName(new GeneralNames(
- new GeneralName(GeneralName.uniformResourceIdentifier,"file://" + crlPath)));
+ DistributionPointName distPointOne = new DistributionPointName(
+ new GeneralNames(new GeneralName(GeneralName.uniformResourceIdentifier, "file://" + crlPath)));
- certificateBuilder.addExtension(Extension.cRLDistributionPoints, false,
- new CRLDistPoint(new DistributionPoint[] {
- new DistributionPoint(distPointOne, null, null)
- }));
+ certificateBuilder.addExtension(
+ Extension.cRLDistributionPoints,
+ false,
+ new CRLDistPoint(new DistributionPoint[]{new DistributionPoint(distPointOne, null, null)}));
}
if (ocspPort != null) {
- certificateBuilder.addExtension(Extension.authorityInfoAccess, false,
- new AuthorityInformationAccess(X509ObjectIdentifiers.ocspAccessMethod,
+ certificateBuilder.addExtension(
+ Extension.authorityInfoAccess,
+ false,
+ new AuthorityInformationAccess(
+ X509ObjectIdentifiers.ocspAccessMethod,
new GeneralName(GeneralName.uniformResourceIdentifier, "http://" + hostname + ":" + ocspPort)));
}
return new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(signer));
}
-
private KeyPair createKeyPair() throws NoSuchProviderException, NoSuchAlgorithmException {
- KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA",
- BouncyCastleProvider.PROVIDER_NAME);
+ KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", BouncyCastleProvider.PROVIDER_NAME);
keyPairGenerator.initialize(4096);
KeyPair keyPair = keyPairGenerator.genKeyPair();
return keyPair;
@@ -375,17 +386,13 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
int portLe2 = PortAssignment.unique();
int portLe3 = PortAssignment.unique();
-
-
- return "server.1=127.0.0.1:" + (portQp1) + ":" + (portLe1) + ";" + clientPortQp1 + "\n" +
- "server.2=127.0.0.1:" + (portQp2) + ":" + (portLe2) + ";" + clientPortQp2 + "\n" +
- "server.3=127.0.0.1:" + (portQp3) + ":" + (portLe3) + ";" + clientPortQp3;
+ return "server.1=127.0.0.1:" + (portQp1) + ":" + (portLe1) + ";" + clientPortQp1
+ + "\n" + "server.2=127.0.0.1:" + (portQp2) + ":" + (portLe2) + ";" + clientPortQp2
+ + "\n" + "server.3=127.0.0.1:" + (portQp3) + ":" + (portLe3) + ";" + clientPortQp3;
}
-
public void setSSLSystemProperties() {
- System.setProperty(ServerCnxnFactory.ZOOKEEPER_SERVER_CNXN_FACTORY,
- "org.apache.zookeeper.server.NettyServerCnxnFactory");
+ System.setProperty(ServerCnxnFactory.ZOOKEEPER_SERVER_CNXN_FACTORY, "org.apache.zookeeper.server.NettyServerCnxnFactory");
System.setProperty(ZKClientConfig.ZOOKEEPER_CLIENT_CNXN_SOCKET, "org.apache.zookeeper.ClientCnxnSocketNetty");
System.setProperty(quorumX509Util.getSslKeystoreLocationProperty(), validKeystorePath);
System.setProperty(quorumX509Util.getSslKeystorePasswdProperty(), "testpass");
@@ -427,12 +434,11 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
q1 = new MainThread(1, clientPortQp1, quorumConfiguration, SSL_QUORUM_ENABLED);
q2 = new MainThread(2, clientPortQp2, quorumConfiguration, SSL_QUORUM_ENABLED);
-
q1.start();
q2.start();
- Assert.assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp1, CONNECTION_TIMEOUT));
- Assert.assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp2, CONNECTION_TIMEOUT));
+ assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp1, CONNECTION_TIMEOUT));
+ assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp2, CONNECTION_TIMEOUT));
clearSSLSystemProperties();
@@ -440,7 +446,7 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
q3 = new MainThread(3, clientPortQp3, quorumConfiguration);
q3.start();
- Assert.assertFalse(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp3, CONNECTION_TIMEOUT));
+ assertFalse(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp3, CONNECTION_TIMEOUT));
}
@Test
@@ -450,7 +456,6 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
q2 = new MainThread(2, clientPortQp2, quorumConfiguration);
q3 = new MainThread(3, clientPortQp3, quorumConfiguration);
-
Map<Integer, MainThread> members = new HashMap<>();
members.put(clientPortQp1, q1);
members.put(clientPortQp2, q2);
@@ -461,7 +466,7 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
}
for (int clientPort : members.keySet()) {
- Assert.assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPort, CONNECTION_TIMEOUT));
+ assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPort, CONNECTION_TIMEOUT));
}
// Set SSL system properties and port unification, begin restarting servers
@@ -478,7 +483,7 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
MainThread member = entry.getValue();
member.shutdown();
- Assert.assertTrue(ClientBase.waitForServerDown("127.0.0.1:" + clientPort, CONNECTION_TIMEOUT));
+ assertTrue(ClientBase.waitForServerDown("127.0.0.1:" + clientPort, CONNECTION_TIMEOUT));
FileWriter fileWriter = new FileWriter(member.getConfFile(), true);
fileWriter.write(config);
@@ -487,15 +492,21 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
member.start();
- Assert.assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPort, CONNECTION_TIMEOUT));
+ assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPort, CONNECTION_TIMEOUT));
}
}
@Test
public void testHostnameVerificationWithInvalidHostname() throws Exception {
String badhostnameKeystorePath = tmpDir + "/badhost.jks";
- X509Certificate badHostCert = buildEndEntityCert(defaultKeyPair, rootCertificate, rootKeyPair.getPrivate(),
- "bleepbloop", null, null, null);
+ X509Certificate badHostCert = buildEndEntityCert(
+ defaultKeyPair,
+ rootCertificate,
+ rootKeyPair.getPrivate(),
+ "bleepbloop",
+ null,
+ null,
+ null);
writeKeystore(badHostCert, defaultKeyPair, badhostnameKeystorePath);
testHostnameVerification(badhostnameKeystorePath, false);
@@ -504,8 +515,14 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
@Test
public void testHostnameVerificationWithInvalidIPAddress() throws Exception {
String badhostnameKeystorePath = tmpDir + "/badhost.jks";
- X509Certificate badHostCert = buildEndEntityCert(defaultKeyPair, rootCertificate, rootKeyPair.getPrivate(),
- null, "140.211.11.105",null, null);
+ X509Certificate badHostCert = buildEndEntityCert(
+ defaultKeyPair,
+ rootCertificate,
+ rootKeyPair.getPrivate(),
+ null,
+ "140.211.11.105",
+ null,
+ null);
writeKeystore(badHostCert, defaultKeyPair, badhostnameKeystorePath);
testHostnameVerification(badhostnameKeystorePath, false);
@@ -514,8 +531,14 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
@Test
public void testHostnameVerificationWithInvalidIpAddressAndInvalidHostname() throws Exception {
String badhostnameKeystorePath = tmpDir + "/badhost.jks";
- X509Certificate badHostCert = buildEndEntityCert(defaultKeyPair, rootCertificate, rootKeyPair.getPrivate(),
- "bleepbloop", "140.211.11.105", null, null);
+ X509Certificate badHostCert = buildEndEntityCert(
+ defaultKeyPair,
+ rootCertificate,
+ rootKeyPair.getPrivate(),
+ "bleepbloop",
+ "140.211.11.105",
+ null,
+ null);
writeKeystore(badHostCert, defaultKeyPair, badhostnameKeystorePath);
testHostnameVerification(badhostnameKeystorePath, false);
@@ -524,8 +547,14 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
@Test
public void testHostnameVerificationWithInvalidIpAddressAndValidHostname() throws Exception {
String badhostnameKeystorePath = tmpDir + "/badhost.jks";
- X509Certificate badHostCert = buildEndEntityCert(defaultKeyPair, rootCertificate, rootKeyPair.getPrivate(),
- "localhost", "140.211.11.105", null, null);
+ X509Certificate badHostCert = buildEndEntityCert(
+ defaultKeyPair,
+ rootCertificate,
+ rootKeyPair.getPrivate(),
+ "localhost",
+ "140.211.11.105",
+ null,
+ null);
writeKeystore(badHostCert, defaultKeyPair, badhostnameKeystorePath);
testHostnameVerification(badhostnameKeystorePath, true);
@@ -534,8 +563,14 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
@Test
public void testHostnameVerificationWithValidIpAddressAndInvalidHostname() throws Exception {
String badhostnameKeystorePath = tmpDir + "/badhost.jks";
- X509Certificate badHostCert = buildEndEntityCert(defaultKeyPair, rootCertificate, rootKeyPair.getPrivate(),
- "bleepbloop", "127.0.0.1", null, null);
+ X509Certificate badHostCert = buildEndEntityCert(
+ defaultKeyPair,
+ rootCertificate,
+ rootKeyPair.getPrivate(),
+ "bleepbloop",
+ "127.0.0.1",
+ null,
+ null);
writeKeystore(badHostCert, defaultKeyPair, badhostnameKeystorePath);
testHostnameVerification(badhostnameKeystorePath, true);
@@ -555,8 +590,8 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
q1.start();
q2.start();
- Assert.assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp1, CONNECTION_TIMEOUT));
- Assert.assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp2, CONNECTION_TIMEOUT));
+ assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp1, CONNECTION_TIMEOUT));
+ assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp2, CONNECTION_TIMEOUT));
System.setProperty(quorumX509Util.getSslKeystoreLocationProperty(), keystorePath);
@@ -564,15 +599,15 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
q3 = new MainThread(3, clientPortQp3, quorumConfiguration, SSL_QUORUM_ENABLED);
q3.start();
- Assert.assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp3, CONNECTION_TIMEOUT));
+ assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp3, CONNECTION_TIMEOUT));
q1.shutdown();
q2.shutdown();
q3.shutdown();
- Assert.assertTrue(ClientBase.waitForServerDown("127.0.0.1:" + clientPortQp1, CONNECTION_TIMEOUT));
- Assert.assertTrue(ClientBase.waitForServerDown("127.0.0.1:" + clientPortQp2, CONNECTION_TIMEOUT));
- Assert.assertTrue(ClientBase.waitForServerDown("127.0.0.1:" + clientPortQp3, CONNECTION_TIMEOUT));
+ assertTrue(ClientBase.waitForServerDown("127.0.0.1:" + clientPortQp1, CONNECTION_TIMEOUT));
+ assertTrue(ClientBase.waitForServerDown("127.0.0.1:" + clientPortQp2, CONNECTION_TIMEOUT));
+ assertTrue(ClientBase.waitForServerDown("127.0.0.1:" + clientPortQp3, CONNECTION_TIMEOUT));
setSSLSystemProperties();
System.clearProperty(quorumX509Util.getSslHostnameVerificationEnabledProperty());
@@ -580,17 +615,17 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
q1.start();
q2.start();
- Assert.assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp1, CONNECTION_TIMEOUT));
- Assert.assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp2, CONNECTION_TIMEOUT));
+ assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp1, CONNECTION_TIMEOUT));
+ assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp2, CONNECTION_TIMEOUT));
System.setProperty(quorumX509Util.getSslKeystoreLocationProperty(), keystorePath);
q3.start();
- Assert.assertEquals(expectSuccess, ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp3,
- CONNECTION_TIMEOUT));
+ assertEquals(
+ expectSuccess,
+ ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp3, CONNECTION_TIMEOUT));
}
-
@Test
public void testCertificateRevocationList() throws Exception {
q1 = new MainThread(1, clientPortQp1, quorumConfiguration, SSL_QUORUM_ENABLED);
@@ -599,13 +634,19 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
q1.start();
q2.start();
- Assert.assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp1, CONNECTION_TIMEOUT));
- Assert.assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp2, CONNECTION_TIMEOUT));
+ assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp1, CONNECTION_TIMEOUT));
+ assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp2, CONNECTION_TIMEOUT));
String revokedInCRLKeystorePath = tmpDir + "/crl_revoked.jks";
String crlPath = tmpDir + "/crl.pem";
- X509Certificate revokedInCRLCert = buildEndEntityCert(defaultKeyPair, rootCertificate, rootKeyPair.getPrivate(),
- HOSTNAME, null, crlPath, null);
+ X509Certificate revokedInCRLCert = buildEndEntityCert(
+ defaultKeyPair,
+ rootCertificate,
+ rootKeyPair.getPrivate(),
+ HOSTNAME,
+ null,
+ crlPath,
+ null);
writeKeystore(revokedInCRLCert, defaultKeyPair, revokedInCRLKeystorePath);
buildCRL(revokedInCRLCert, crlPath);
@@ -615,34 +656,39 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
q3 = new MainThread(3, clientPortQp3, quorumConfiguration, SSL_QUORUM_ENABLED);
q3.start();
- Assert.assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp3, CONNECTION_TIMEOUT));
-
+ assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp3, CONNECTION_TIMEOUT));
q1.shutdown();
q2.shutdown();
q3.shutdown();
- Assert.assertTrue(ClientBase.waitForServerDown("127.0.0.1:" + clientPortQp1, CONNECTION_TIMEOUT));
- Assert.assertTrue(ClientBase.waitForServerDown("127.0.0.1:" + clientPortQp2, CONNECTION_TIMEOUT));
- Assert.assertTrue(ClientBase.waitForServerDown("127.0.0.1:" + clientPortQp3, CONNECTION_TIMEOUT));
+ assertTrue(ClientBase.waitForServerDown("127.0.0.1:" + clientPortQp1, CONNECTION_TIMEOUT));
+ assertTrue(ClientBase.waitForServerDown("127.0.0.1:" + clientPortQp2, CONNECTION_TIMEOUT));
+ assertTrue(ClientBase.waitForServerDown("127.0.0.1:" + clientPortQp3, CONNECTION_TIMEOUT));
setSSLSystemProperties();
System.setProperty(quorumX509Util.getSslCrlEnabledProperty(), "true");
- X509Certificate validCertificate = buildEndEntityCert(defaultKeyPair, rootCertificate, rootKeyPair.getPrivate(),
- HOSTNAME, null, crlPath, null);
+ X509Certificate validCertificate = buildEndEntityCert(
+ defaultKeyPair,
+ rootCertificate,
+ rootKeyPair.getPrivate(),
+ HOSTNAME,
+ null,
+ crlPath,
+ null);
writeKeystore(validCertificate, defaultKeyPair, validKeystorePath);
q1.start();
q2.start();
- Assert.assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp1, CONNECTION_TIMEOUT));
- Assert.assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp2, CONNECTION_TIMEOUT));
+ assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp1, CONNECTION_TIMEOUT));
+ assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp2, CONNECTION_TIMEOUT));
System.setProperty(quorumX509Util.getSslKeystoreLocationProperty(), revokedInCRLKeystorePath);
q3.start();
- Assert.assertFalse(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp3, CONNECTION_TIMEOUT));
+ assertFalse(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp3, CONNECTION_TIMEOUT));
}
@Test
@@ -655,12 +701,18 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
q1.start();
q2.start();
- Assert.assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp1, CONNECTION_TIMEOUT));
- Assert.assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp2, CONNECTION_TIMEOUT));
+ assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp1, CONNECTION_TIMEOUT));
+ assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp2, CONNECTION_TIMEOUT));
String revokedInOCSPKeystorePath = tmpDir + "/ocsp_revoked.jks";
- X509Certificate revokedInOCSPCert = buildEndEntityCert(defaultKeyPair, rootCertificate, rootKeyPair.getPrivate(),
- HOSTNAME, null,null, ocspPort);
+ X509Certificate revokedInOCSPCert = buildEndEntityCert(
+ defaultKeyPair,
+ rootCertificate,
+ rootKeyPair.getPrivate(),
+ HOSTNAME,
+ null,
+ null,
+ ocspPort);
writeKeystore(revokedInOCSPCert, defaultKeyPair, revokedInOCSPKeystorePath);
HttpServer ocspServer = HttpServer.create(new InetSocketAddress(ocspPort), 0);
@@ -674,34 +726,39 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
q3 = new MainThread(3, clientPortQp3, quorumConfiguration, SSL_QUORUM_ENABLED);
q3.start();
- Assert.assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp3, CONNECTION_TIMEOUT));
+ assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp3, CONNECTION_TIMEOUT));
q1.shutdown();
q2.shutdown();
q3.shutdown();
- Assert.assertTrue(ClientBase.waitForServerDown("127.0.0.1:" + clientPortQp1, CONNECTION_TIMEOUT));
- Assert.assertTrue(ClientBase.waitForServerDown("127.0.0.1:" + clientPortQp2, CONNECTION_TIMEOUT));
- Assert.assertTrue(ClientBase.waitForServerDown("127.0.0.1:" + clientPortQp3, CONNECTION_TIMEOUT));
+ assertTrue(ClientBase.waitForServerDown("127.0.0.1:" + clientPortQp1, CONNECTION_TIMEOUT));
+ assertTrue(ClientBase.waitForServerDown("127.0.0.1:" + clientPortQp2, CONNECTION_TIMEOUT));
+ assertTrue(ClientBase.waitForServerDown("127.0.0.1:" + clientPortQp3, CONNECTION_TIMEOUT));
setSSLSystemProperties();
System.setProperty(quorumX509Util.getSslOcspEnabledProperty(), "true");
- X509Certificate validCertificate = buildEndEntityCert(defaultKeyPair, rootCertificate,
- rootKeyPair.getPrivate(),
- HOSTNAME, null,null, ocspPort);
+ X509Certificate validCertificate = buildEndEntityCert(
+ defaultKeyPair,
+ rootCertificate,
+ rootKeyPair.getPrivate(),
+ HOSTNAME,
+ null,
+ null,
+ ocspPort);
writeKeystore(validCertificate, defaultKeyPair, validKeystorePath);
q1.start();
q2.start();
- Assert.assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp1, CONNECTION_TIMEOUT));
- Assert.assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp2, CONNECTION_TIMEOUT));
+ assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp1, CONNECTION_TIMEOUT));
+ assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp2, CONNECTION_TIMEOUT));
System.setProperty(quorumX509Util.getSslKeystoreLocationProperty(), revokedInOCSPKeystorePath);
q3.start();
- Assert.assertFalse(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp3, CONNECTION_TIMEOUT));
+ assertFalse(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp3, CONNECTION_TIMEOUT));
} finally {
ocspServer.stop(0);
}
@@ -710,7 +767,7 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
@Test
public void testCipherSuites() throws Exception {
// Get default cipher suites from JDK
- SSLServerSocketFactory ssf = (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
+ SSLServerSocketFactory ssf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
List<String> defaultCiphers = new ArrayList<String>();
for (String cipher : ssf.getDefaultCipherSuites()) {
if (!cipher.matches(".*EMPTY.*") && cipher.startsWith("TLS") && cipher.contains("RSA")) {
@@ -732,8 +789,8 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
q1.start();
q2.start();
- Assert.assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp1, CONNECTION_TIMEOUT));
- Assert.assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp2, CONNECTION_TIMEOUT));
+ assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp1, CONNECTION_TIMEOUT));
+ assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp2, CONNECTION_TIMEOUT));
// Use the odd one out for the client
String suiteOfClient = defaultCiphers.get(0);
@@ -744,7 +801,7 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
q3 = new MainThread(3, clientPortQp3, quorumConfiguration, SSL_QUORUM_ENABLED);
q3.start();
- Assert.assertFalse(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp3, CONNECTION_TIMEOUT));
+ assertFalse(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp3, CONNECTION_TIMEOUT));
}
@Test
@@ -757,8 +814,8 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
q1.start();
q2.start();
- Assert.assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp1, CONNECTION_TIMEOUT));
- Assert.assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp2, CONNECTION_TIMEOUT));
+ assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp1, CONNECTION_TIMEOUT));
+ assertTrue(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp2, CONNECTION_TIMEOUT));
System.setProperty(quorumX509Util.getSslProtocolProperty(), "TLSv1.1");
@@ -766,6 +823,7 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
q3 = new MainThread(3, clientPortQp3, quorumConfiguration, SSL_QUORUM_ENABLED);
q3.start();
- Assert.assertFalse(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp3, CONNECTION_TIMEOUT));
+ assertFalse(ClientBase.waitForServerUp("127.0.0.1:" + clientPortQp3, CONNECTION_TIMEOUT));
}
+
}
View Lorry Controller Status