From 7d9f90fef030b3cc1a2c0a4811f3b1e301020828 Mon Sep 17 00:00:00 2001 From: John Blum Date: Thu, 30 May 2019 02:08:44 -0700 Subject: [PATCH] DATAGEODE-190 - Polish. --- .../gemfire/config/annotation/EnableSsl.java | 49 ++-- .../config/annotation/SslConfiguration.java | 59 ++--- ...urationDefaultContextIntegrationTests.java | 211 ++++++++---------- .../EnableSslConfigurationUnitTests.java | 19 +- 4 files changed, 168 insertions(+), 170 deletions(-) diff --git a/src/main/java/org/springframework/data/gemfire/config/annotation/EnableSsl.java b/src/main/java/org/springframework/data/gemfire/config/annotation/EnableSsl.java index d9724ff5..5440312f 100644 --- a/src/main/java/org/springframework/data/gemfire/config/annotation/EnableSsl.java +++ b/src/main/java/org/springframework/data/gemfire/config/annotation/EnableSsl.java @@ -14,7 +14,6 @@ * limitations under the License. * */ - package org.springframework.data.gemfire.config.annotation; import static org.springframework.data.gemfire.util.RuntimeExceptionFactory.newIllegalArgumentException; @@ -28,6 +27,7 @@ import java.lang.annotation.Target; import java.util.Arrays; import org.apache.geode.security.SecurableCommunicationChannels; + import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Import; import org.springframework.util.Assert; @@ -37,6 +37,7 @@ import org.springframework.util.Assert; * to configure and enable Pivotal GemFire/Apache Geode's TCP/IP Socket SSL. * * @author John Blum + * @author Srikanth Manvi * @see java.lang.annotation.Annotation * @see org.apache.geode.security.SecurableCommunicationChannels * @see org.springframework.context.annotation.Import @@ -102,6 +103,18 @@ public @interface EnableSsl { */ String defaultCertificateAlias() default ""; + /** + * If {@literal true} then causes clients (or Apache Geode servers in cause of P2P) to validate the server's + * hostname using the server`s certificate. Set to {@literal true} if {@literal useSSLDefaultDefaultContext} + * is {@literal true}. + * + * Defaults to {@literal false}. + * + * Use the {@literal spring.data.gemfire.security.ssl.enable-endpoint-identification} + * in {@literal application.properties}. + */ + boolean enableEndpointIdentification() default false; + /** * Pathname to the {@literal Keystore} used for SSL communications. * @@ -190,6 +203,17 @@ public @interface EnableSsl { */ String truststoreType() default "JKS"; + /** + * If {@literal true} then this will enable the use of default SSL context + * and sets {@literal ssl-endpoint-identification-enabled} to {@literal true}. + * + * Defaults to {@literal false}. + * + * Use the {@literal spring.data.gemfire.security.ssl.use-default-context} + * in {@literal application.properties}. + */ + boolean useDefaultContext() default false; + /** * If {@literal true} then requires two-way authentication for web component. * @@ -200,29 +224,6 @@ public @interface EnableSsl { */ boolean webRequireAuthentication() default false; - /** - * If {@literal true} then allows the use of default SSL context and sets - * ssl-endpoint-identification-enabled to true. - * - * Defaults to {@literal false}. - * - * Use the {@literal spring.data.gemfire.security.ssl.use-default-context} - * in {@literal application.properties}. - */ - boolean sslUseDefaultContext() default false; - - /** - * If {@literal true} clients (GemFire servers in cause of p2p) to validate server's - * hostname using server`s certificate. - * - * Defaults to {@literal false}. Set to {@literal true} if - * {@literal useSSLDefaultDefaultContext} is true. - * - * Use the {@literal spring.data.gemfire.security.ssl.endpoint-identification-enabled} - * in {@literal application.properties}. - */ - boolean sslEndpointIdentificationEnabled() default false; - enum Component { ALL(SecurableCommunicationChannels.ALL), diff --git a/src/main/java/org/springframework/data/gemfire/config/annotation/SslConfiguration.java b/src/main/java/org/springframework/data/gemfire/config/annotation/SslConfiguration.java index 13fa5e74..969ddcd1 100644 --- a/src/main/java/org/springframework/data/gemfire/config/annotation/SslConfiguration.java +++ b/src/main/java/org/springframework/data/gemfire/config/annotation/SslConfiguration.java @@ -14,7 +14,6 @@ * limitations under the License. * */ - package org.springframework.data.gemfire.config.annotation; import java.lang.annotation.Annotation; @@ -38,6 +37,7 @@ import org.springframework.util.StringUtils; * additional configuration using Pivotal GemFire/Apache Geode {@link Properties} to configure SSL. * * @author John Blum + * @author Srikanth Manvi * @see org.springframework.data.gemfire.config.annotation.EnableSsl * @see org.springframework.data.gemfire.config.annotation.support.EmbeddedServiceConfigurationSupport * @since 1.9.0 @@ -69,48 +69,57 @@ public class SslConfiguration extends EmbeddedServiceConfigurationSupport { .map(EnableSsl.Component::toString) .collect(Collectors.toSet()))) - .setProperty("ssl-ciphers", resolveProperty(sslProperty("ciphers"), - StringUtils.arrayToCommaDelimitedString(annotationAttributes.getStringArray("ciphers")))) + .setProperty("ssl-ciphers", + resolveProperty(sslProperty("ciphers"), + StringUtils.arrayToCommaDelimitedString(annotationAttributes.getStringArray("ciphers")))) .setPropertyIfNotDefault("ssl-default-alias", resolveProperty(sslProperty("certificate.alias.default"), annotationAttributes.getString("defaultCertificateAlias")), "") - .setProperty("ssl-keystore", resolveProperty(sslProperty("keystore"), - annotationAttributes.getString("keystore"))) + .setProperty("ssl-endpoint-identification-enabled", + resolveProperty(sslProperty("enable-endpoint-identification"), + annotationAttributes.getBoolean("enableEndpointIdentification"))) - .setProperty("ssl-keystore-password", resolveProperty(sslProperty("keystore.password"), - annotationAttributes.getString("keystorePassword"))) + .setProperty("ssl-keystore", + resolveProperty(sslProperty("keystore"), + annotationAttributes.getString("keystore"))) - .setProperty("ssl-keystore-type", resolveProperty(sslProperty("keystore.type"), - annotationAttributes.getString("keystoreType"))) + .setProperty("ssl-keystore-password", + resolveProperty(sslProperty("keystore.password"), + annotationAttributes.getString("keystorePassword"))) - .setProperty("ssl-protocols", resolveProperty(sslProperty("protocols"), - StringUtils.arrayToCommaDelimitedString(annotationAttributes.getStringArray("protocols")))) + .setProperty("ssl-keystore-type", + resolveProperty(sslProperty("keystore.type"), + annotationAttributes.getString("keystoreType"))) + + .setProperty("ssl-protocols", + resolveProperty(sslProperty("protocols"), + StringUtils.arrayToCommaDelimitedString(annotationAttributes.getStringArray("protocols")))) .setProperty("ssl-require-authentication", resolveProperty(sslProperty("require-authentication"), annotationAttributes.getBoolean("requireAuthentication"))) - .setProperty("ssl-truststore", resolveProperty(sslProperty("truststore"), - annotationAttributes.getString("truststore"))) + .setProperty("ssl-truststore", + resolveProperty(sslProperty("truststore"), + annotationAttributes.getString("truststore"))) - .setProperty("ssl-truststore-password", resolveProperty(sslProperty("truststore.password"), - annotationAttributes.getString("truststorePassword"))) + .setProperty("ssl-truststore-password", + resolveProperty(sslProperty("truststore.password"), + annotationAttributes.getString("truststorePassword"))) - .setProperty("ssl-truststore-type", resolveProperty(sslProperty("truststore.type"), - annotationAttributes.getString("truststoreType"))) + .setProperty("ssl-truststore-type", + resolveProperty(sslProperty("truststore.type"), + annotationAttributes.getString("truststoreType"))) + + .setProperty("ssl-use-default-context", + resolveProperty(sslProperty("use-default-context"), + annotationAttributes.getBoolean("useDefaultContext"))) .setProperty("ssl-web-require-authentication", resolveProperty(sslProperty("web-require-authentication"), - annotationAttributes.getBoolean("webRequireAuthentication"))) - - .setProperty("ssl-use-default-context", resolveProperty(sslProperty("use-default-context"), - annotationAttributes.getBoolean("sslUseDefaultContext"))) - - .setProperty("ssl-endpoint-identification-enabled", resolveProperty(sslProperty("endpoint-identification-enabled"), - annotationAttributes.getBoolean("sslEndpointIdentificationEnabled"))); - + annotationAttributes.getBoolean("webRequireAuthentication"))); configureComponentCertificateAliases(annotationAttributes, gemfireProperties); diff --git a/src/test/java/org/springframework/data/gemfire/config/annotation/EnableSslConfigurationDefaultContextIntegrationTests.java b/src/test/java/org/springframework/data/gemfire/config/annotation/EnableSslConfigurationDefaultContextIntegrationTests.java index cf92249d..2c93432a 100644 --- a/src/test/java/org/springframework/data/gemfire/config/annotation/EnableSslConfigurationDefaultContextIntegrationTests.java +++ b/src/test/java/org/springframework/data/gemfire/config/annotation/EnableSslConfigurationDefaultContextIntegrationTests.java @@ -13,7 +13,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package org.springframework.data.gemfire.config.annotation; import static org.assertj.core.api.Assertions.assertThat; @@ -23,6 +22,11 @@ import java.util.Properties; import org.junit.After; import org.junit.Test; + +import org.apache.geode.cache.Cache; +import org.apache.geode.cache.GemFireCache; +import org.apache.geode.cache.client.ClientCache; + import org.springframework.context.ConfigurableApplicationContext; import org.springframework.context.annotation.AnnotationConfigApplicationContext; import org.springframework.core.env.MutablePropertySources; @@ -31,27 +35,56 @@ import org.springframework.data.gemfire.util.ArrayUtils; import org.springframework.mock.env.MockPropertySource; import org.springframework.util.StringUtils; -import org.apache.geode.cache.GemFireCache; - /** * Integration tests for {@link EnableSsl} and {@link SslConfiguration}. * - * Integration tests in this class create a ClientCache or PeerCache and query Gemfire - * to see if the GemFire properties set via spring-data-geode are correctly set in GemFire. + * Integration tests in this class create a {@link ClientCache} or peer {@link Cache} and query Apache Geode + * to see if the GemFire properties set with spring-data-geode are correctly set in Apache Geode. * - * @see Test + * @author Srikanth Manvi + * @author John Blum + * @see java.util.Properties + * @see org.junit.Test + * @see org.apache.geode.cache.Cache * @see org.apache.geode.cache.GemFireCache - * @see EnableSsl - * @see SslConfiguration - * @since 2.1.0 + * @see org.apache.geode.cache.client.ClientCache + * @see org.springframework.context.ConfigurableApplicationContext + * @see org.springframework.core.env.PropertySource + * @see org.springframework.data.gemfire.config.annotation.EnableSsl + * @see org.springframework.data.gemfire.config.annotation.SslConfiguration + * @since 2.2.0 */ public class EnableSslConfigurationDefaultContextIntegrationTests { + private static final String GEMFIRE_LOG_LEVEL = "error"; + private ConfigurableApplicationContext applicationContext; @After public void tearDown() { - Optional.ofNullable(this.applicationContext).ifPresent(ConfigurableApplicationContext::close); + + Optional.ofNullable(this.applicationContext) + .ifPresent(ConfigurableApplicationContext::close); + } + + private void assertGemFirePropertiesCorrectlySet(Properties gemfireProperties) { + + assertThat(gemfireProperties).isNotNull(); + assertThat(gemfireProperties.getProperty("ssl-ciphers")).isEqualTo("FISH Scream SEAL SNOW"); + assertThat(gemfireProperties.getProperty("ssl-enabled-components")).isEqualTo("server,gateway"); + assertThat(gemfireProperties.getProperty("ssl-default-alias")).isEqualTo("TestCert"); + assertThat(gemfireProperties.getProperty("ssl-gateway-alias")).isEqualTo("WanCert"); + assertThat(gemfireProperties.getProperty("ssl-keystore")).isEqualTo("/path/to/keystore.jks"); + assertThat(gemfireProperties.getProperty("ssl-keystore-password")).isEqualTo("s3cr3t!"); + assertThat(gemfireProperties.getProperty("ssl-keystore-type")).isEqualTo("JKS"); + assertThat(gemfireProperties.getProperty("ssl-protocols")).isEqualTo("TCP/IP HTTP"); + assertThat(gemfireProperties.getProperty("ssl-require-authentication")).isEqualTo("true"); + assertThat(gemfireProperties.getProperty("ssl-truststore")).isEqualTo("/path/to/truststore.jks"); + assertThat(gemfireProperties.getProperty("ssl-truststore-password")).isEqualTo("p@55w0rd!"); + assertThat(gemfireProperties.getProperty("ssl-truststore-type")).isEqualTo("PKCS11"); + assertThat(gemfireProperties.getProperty("ssl-web-require-authentication")).isEqualTo("true"); + assertThat(gemfireProperties.getProperty("ssl-use-default-context")).isEqualTo("true"); + assertThat(gemfireProperties.getProperty("ssl-endpoint-identification-enabled")).isEqualTo("true"); } private ConfigurableApplicationContext newApplicationContext(PropertySource testPropertySource, @@ -70,6 +103,27 @@ public class EnableSslConfigurationDefaultContextIntegrationTests { return applicationContext; } + private PropertySource setSpringDataGemFireProperties() { + + return new MockPropertySource("TestPropertySource") + .withProperty("spring.data.gemfire.security.ssl.ciphers", "Scream,SEAL,SNOW") + .withProperty("spring.data.gemfire.security.ssl.components", "locator, server, gateway") + .withProperty("spring.data.gemfire.security.ssl.certificate.alias.default", "MockCert") + .withProperty("spring.data.gemfire.security.ssl.certificate.alias.gateway", "WanCert") + .withProperty("spring.data.gemfire.security.ssl.certificate.alias.server", "ServerCert") + .withProperty("spring.data.gemfire.security.ssl.enable-endpoint-identification", "true") + .withProperty("spring.data.gemfire.security.ssl.keystore", "~/test/app/keystore.jks") + .withProperty("spring.data.gemfire.security.ssl.keystore.password", "0p3nS@y5M3") + .withProperty("spring.data.gemfire.security.ssl.keystore.type", "R2D2") + .withProperty("spring.data.gemfire.security.ssl.protocols", "IP,TCP/IP,UDP") + .withProperty("spring.data.gemfire.security.ssl.require-authentication", "false") + .withProperty("spring.data.gemfire.security.ssl.truststore", "relative/path/to/trusted.keystore") + .withProperty("spring.data.gemfire.security.ssl.truststore.password", "kn0ckKn0ck") + .withProperty("spring.data.gemfire.security.ssl.truststore.type", "C3PO") + .withProperty("spring.data.gemfire.security.ssl.web-require-authentication", "true") + .withProperty("spring.data.gemfire.security.ssl.use-default-context", "true"); + } + @Test public void sslAnnotationBasedClientConfigurationIsCorrect() { @@ -94,7 +148,7 @@ public class EnableSslConfigurationDefaultContextIntegrationTests { @Test public void sslPropertyBasedClientConfigurationIsCorrect() { - PropertySource testPropertySource = setSdgProperties(); + PropertySource testPropertySource = setSpringDataGemFireProperties(); this.applicationContext = newApplicationContext(testPropertySource, SslPropertyBasedClientConfiguration.class); @@ -107,13 +161,12 @@ public class EnableSslConfigurationDefaultContextIntegrationTests { assertThat(clientCache).isNotNull(); - //Get Properties from GemFire Properties gemfireProperties = clientCache.getDistributedSystem().getProperties(); String sslEnabledComponents = Optional.ofNullable(gemfireProperties.getProperty("ssl-enabled-components")) .filter(StringUtils::hasText) .map(it -> StringUtils.arrayToCommaDelimitedString( - ArrayUtils.sort(StringUtils.commaDelimitedListToStringArray(it)))) + ArrayUtils.sort(StringUtils.commaDelimitedListToStringArray(it)))) .orElse(null); assertThat(gemfireProperties).isNotNull(); @@ -122,6 +175,7 @@ public class EnableSslConfigurationDefaultContextIntegrationTests { assertThat(gemfireProperties.getProperty("ssl-default-alias")).isEqualTo("MockCert"); assertThat(gemfireProperties.getProperty("ssl-gateway-alias")).isEqualTo("WanCert"); assertThat(gemfireProperties.getProperty("ssl-server-alias")).isEqualTo("ServerCert"); + assertThat(gemfireProperties.getProperty("ssl-endpoint-identification-enabled")).isEqualTo("true"); assertThat(gemfireProperties.getProperty("ssl-keystore")).isEqualTo("~/test/app/keystore.jks"); assertThat(gemfireProperties.getProperty("ssl-keystore-password")).isEqualTo("0p3nS@y5M3"); assertThat(gemfireProperties.getProperty("ssl-keystore-type")).isEqualTo("R2D2"); @@ -132,13 +186,13 @@ public class EnableSslConfigurationDefaultContextIntegrationTests { assertThat(gemfireProperties.getProperty("ssl-truststore-type")).isEqualTo("C3PO"); assertThat(gemfireProperties.getProperty("ssl-web-require-authentication")).isEqualTo("true"); assertThat(gemfireProperties.getProperty("ssl-use-default-context")).isEqualTo("true"); - assertThat(gemfireProperties.getProperty("ssl-endpoint-identification-enabled")).isEqualTo("true"); } @Test - public void sslAnnotationBasedPeerConfigurationIsCorrect(){ + public void sslAnnotationBasedPeerConfigurationIsCorrect(){ - this.applicationContext = newApplicationContext(new MockPropertySource("TestPropertySource"), + this.applicationContext = + newApplicationContext(new MockPropertySource("TestPropertySource"), SslAnnotationBasedPeerConfiguration.class); assertThat(this.applicationContext).isNotNull(); @@ -149,15 +203,15 @@ public class EnableSslConfigurationDefaultContextIntegrationTests { this.applicationContext.getBean("gemfireCache", GemFireCache.class); assertThat(peerCache).isNotNull(); - //Get Properties from GemFire Properties gemfireProperties = peerCache.getDistributedSystem().getProperties(); + assertGemFirePropertiesCorrectlySet(gemfireProperties); } @Test public void sslPropertyBasedPeerConfigurationIsCorrect() { - PropertySource testPropertySource = setSdgProperties(); + PropertySource testPropertySource = setSpringDataGemFireProperties(); this.applicationContext = newApplicationContext(testPropertySource, SslPropertyBasedPeerConfiguration.class); @@ -170,13 +224,12 @@ public class EnableSslConfigurationDefaultContextIntegrationTests { assertThat(peerCache).isNotNull(); - //Get Properties from GemFire Properties gemfireProperties = peerCache.getDistributedSystem().getProperties(); String sslEnabledComponents = Optional.ofNullable(gemfireProperties.getProperty("ssl-enabled-components")) .filter(StringUtils::hasText) .map(it -> StringUtils.arrayToCommaDelimitedString( - ArrayUtils.sort(StringUtils.commaDelimitedListToStringArray(it)))) + ArrayUtils.sort(StringUtils.commaDelimitedListToStringArray(it)))) .orElse(null); assertThat(gemfireProperties).isNotNull(); @@ -198,8 +251,7 @@ public class EnableSslConfigurationDefaultContextIntegrationTests { assertThat(gemfireProperties.getProperty("ssl-endpoint-identification-enabled")).isEqualTo("true"); } - - @ClientCacheApplication(logLevel = "error") + @ClientCacheApplication(logLevel = GEMFIRE_LOG_LEVEL) @EnableSsl( ciphers = { "FISH", "Scream", "SEAL", "SNOW" }, components = { EnableSsl.Component.SERVER, EnableSsl.Component.GATEWAY }, @@ -207,109 +259,44 @@ public class EnableSslConfigurationDefaultContextIntegrationTests { @EnableSsl.ComponentAlias(component = EnableSsl.Component.GATEWAY, alias = "WanCert") }, defaultCertificateAlias = "TestCert", + enableEndpointIdentification = true, keystore = "/path/to/keystore.jks", keystorePassword = "s3cr3t!", protocols = { "TCP/IP", "HTTP" }, truststore = "/path/to/truststore.jks", truststorePassword = "p@55w0rd!", truststoreType = "PKCS11", - webRequireAuthentication = true, - sslUseDefaultContext = true, - sslEndpointIdentificationEnabled = true) + useDefaultContext = true, + webRequireAuthentication = true + ) static class SslAnnotationBasedClientConfiguration { } - @ClientCacheApplication(logLevel = "error") + @ClientCacheApplication(logLevel = GEMFIRE_LOG_LEVEL) @EnableSsl static class SslPropertyBasedClientConfiguration { } - @PeerCacheApplication(logLevel = "error") - @EnableSsl( - ciphers = { "FISH", "Scream", "SEAL", "SNOW" }, - components = { EnableSsl.Component.SERVER, EnableSsl.Component.GATEWAY }, - componentCertificateAliases = { - @EnableSsl.ComponentAlias(component = EnableSsl.Component.GATEWAY, alias = "WanCert") - }, - defaultCertificateAlias = "TestCert", - keystore = "/path/to/keystore.jks", - keystorePassword = "s3cr3t!", - protocols = { "TCP/IP", "HTTP" }, - truststore = "/path/to/truststore.jks", - truststorePassword = "p@55w0rd!", - truststoreType = "PKCS11", - webRequireAuthentication = true, - sslUseDefaultContext = true, - sslEndpointIdentificationEnabled = true) - static class SslAnnotationBasedPeerConfiguration{ } + @PeerCacheApplication(logLevel = GEMFIRE_LOG_LEVEL) + @EnableSsl( + ciphers = { "FISH", "Scream", "SEAL", "SNOW" }, + components = { EnableSsl.Component.SERVER, EnableSsl.Component.GATEWAY }, + componentCertificateAliases = { + @EnableSsl.ComponentAlias(component = EnableSsl.Component.GATEWAY, alias = "WanCert") + }, + defaultCertificateAlias = "TestCert", + enableEndpointIdentification = true, + keystore = "/path/to/keystore.jks", + keystorePassword = "s3cr3t!", + protocols = { "TCP/IP", "HTTP" }, + truststore = "/path/to/truststore.jks", + truststorePassword = "p@55w0rd!", + truststoreType = "PKCS11", + useDefaultContext = true, + webRequireAuthentication = true + ) + static class SslAnnotationBasedPeerConfiguration { } - @PeerCacheApplication(logLevel = "error") + @PeerCacheApplication(logLevel = GEMFIRE_LOG_LEVEL) @EnableSsl static class SslPropertyBasedPeerConfiguration { } - private void assertGemFirePropertiesCorrectlySet(Properties gemfireProperties) { - assertThat(gemfireProperties).isNotNull(); - assertThat(gemfireProperties.getProperty("ssl-ciphers")) - .isEqualTo("FISH Scream SEAL SNOW"); - assertThat(gemfireProperties.getProperty("ssl-enabled-components")) - .isEqualTo("server,gateway"); - assertThat(gemfireProperties.getProperty("ssl-default-alias")) - .isEqualTo("TestCert"); - assertThat(gemfireProperties.getProperty("ssl-gateway-alias")).isEqualTo("WanCert"); - assertThat(gemfireProperties.getProperty("ssl-keystore")) - .isEqualTo("/path/to/keystore.jks"); - assertThat(gemfireProperties.getProperty("ssl-keystore-password")) - .isEqualTo("s3cr3t!"); - assertThat(gemfireProperties.getProperty("ssl-keystore-type")).isEqualTo("JKS"); - assertThat(gemfireProperties.getProperty("ssl-protocols")).isEqualTo("TCP/IP HTTP"); - assertThat(gemfireProperties.getProperty("ssl-require-authentication")) - .isEqualTo("true"); - assertThat(gemfireProperties.getProperty("ssl-truststore")) - .isEqualTo("/path/to/truststore.jks"); - assertThat(gemfireProperties.getProperty("ssl-truststore-password")) - .isEqualTo("p@55w0rd!"); - assertThat(gemfireProperties.getProperty("ssl-truststore-type")) - .isEqualTo("PKCS11"); - assertThat(gemfireProperties.getProperty("ssl-web-require-authentication")) - .isEqualTo("true"); - assertThat(gemfireProperties.getProperty("ssl-use-default-context")) - .isEqualTo("true"); - assertThat(gemfireProperties.getProperty("ssl-endpoint-identification-enabled")) - .isEqualTo("true"); - } - - private PropertySource setSdgProperties() { - return new MockPropertySource("TestPropertySource") - .withProperty("spring.data.gemfire.security.ssl.ciphers", - "Scream,SEAL,SNOW") - .withProperty("spring.data.gemfire.security.ssl.components", - "locator, server, gateway") - .withProperty("spring.data.gemfire.security.ssl.certificate.alias.default", - "MockCert") - .withProperty("spring.data.gemfire.security.ssl.certificate.alias.gateway", - "WanCert") - .withProperty("spring.data.gemfire.security.ssl.certificate.alias.server", - "ServerCert") - .withProperty("spring.data.gemfire.security.ssl.keystore", - "~/test/app/keystore.jks") - .withProperty("spring.data.gemfire.security.ssl.keystore.password", - "0p3nS@y5M3") - .withProperty("spring.data.gemfire.security.ssl.keystore.type", - "R2D2") - .withProperty("spring.data.gemfire.security.ssl.protocols", - "IP,TCP/IP,UDP") - .withProperty("spring.data.gemfire.security.ssl.require-authentication", - "false") - .withProperty("spring.data.gemfire.security.ssl.truststore", - "relative/path/to/trusted.keystore") - .withProperty("spring.data.gemfire.security.ssl.truststore.password", - "kn0ckKn0ck") - .withProperty("spring.data.gemfire.security.ssl.truststore.type", - "C3PO") - .withProperty("spring.data.gemfire.security.ssl.web-require-authentication", - "true") - .withProperty("spring.data.gemfire.security.ssl.use-default-context", - "true") - .withProperty("spring.data.gemfire.security.ssl.endpoint-identification-enabled", - "true"); - } - } diff --git a/src/test/java/org/springframework/data/gemfire/config/annotation/EnableSslConfigurationUnitTests.java b/src/test/java/org/springframework/data/gemfire/config/annotation/EnableSslConfigurationUnitTests.java index e06f21ac..544fad9f 100644 --- a/src/test/java/org/springframework/data/gemfire/config/annotation/EnableSslConfigurationUnitTests.java +++ b/src/test/java/org/springframework/data/gemfire/config/annotation/EnableSslConfigurationUnitTests.java @@ -37,6 +37,7 @@ import org.springframework.util.StringUtils; * Unit tests for {@link EnableSsl} and {@link SslConfiguration}. * * @author John Blum + * @author Srikanth Manvi * @see org.junit.Test * @see org.apache.geode.cache.GemFireCache * @see org.springframework.data.gemfire.config.annotation.EnableSsl @@ -90,6 +91,7 @@ public class EnableSslConfigurationUnitTests { assertThat(gemfireProperties.getProperty("ssl-enabled-components")).isEqualTo("server,gateway"); assertThat(gemfireProperties.getProperty("ssl-default-alias")).isEqualTo("TestCert"); assertThat(gemfireProperties.getProperty("ssl-gateway-alias")).isEqualTo("WanCert"); + assertThat(gemfireProperties.getProperty("ssl-endpoint-identification-enabled")).isEqualTo("true"); assertThat(gemfireProperties.getProperty("ssl-keystore")).isEqualTo("/path/to/keystore.jks"); assertThat(gemfireProperties.getProperty("ssl-keystore-password")).isEqualTo("s3cr3t!"); assertThat(gemfireProperties.getProperty("ssl-keystore-type")).isEqualTo("JKS"); @@ -98,9 +100,8 @@ public class EnableSslConfigurationUnitTests { assertThat(gemfireProperties.getProperty("ssl-truststore")).isEqualTo("/path/to/truststore.jks"); assertThat(gemfireProperties.getProperty("ssl-truststore-password")).isEqualTo("p@55w0rd!"); assertThat(gemfireProperties.getProperty("ssl-truststore-type")).isEqualTo("PKCS11"); - assertThat(gemfireProperties.getProperty("ssl-web-require-authentication")).isEqualTo("true"); assertThat(gemfireProperties.getProperty("ssl-use-default-context")).isEqualTo("true"); - assertThat(gemfireProperties.getProperty("ssl-endpoint-identification-enabled")).isEqualTo("true"); + assertThat(gemfireProperties.getProperty("ssl-web-require-authentication")).isEqualTo("true"); } @Test @@ -112,6 +113,7 @@ public class EnableSslConfigurationUnitTests { .withProperty("spring.data.gemfire.security.ssl.certificate.alias.default", "MockCert") .withProperty("spring.data.gemfire.security.ssl.certificate.alias.gateway", "WanCert") .withProperty("spring.data.gemfire.security.ssl.certificate.alias.server", "ServerCert") + .withProperty("spring.data.gemfire.security.ssl.enable-endpoint-identification", "true") .withProperty("spring.data.gemfire.security.ssl.keystore", "~/test/app/keystore.jks") .withProperty("spring.data.gemfire.security.ssl.keystore.password", "0p3nS@y5M3") .withProperty("spring.data.gemfire.security.ssl.keystore.type", "R2D2") @@ -120,9 +122,8 @@ public class EnableSslConfigurationUnitTests { .withProperty("spring.data.gemfire.security.ssl.truststore", "relative/path/to/trusted.keystore") .withProperty("spring.data.gemfire.security.ssl.truststore.password", "kn0ckKn0ck") .withProperty("spring.data.gemfire.security.ssl.truststore.type", "C3PO") - .withProperty("spring.data.gemfire.security.ssl.web-require-authentication", "true") .withProperty("spring.data.gemfire.security.ssl.use-default-context", "true") - .withProperty("spring.data.gemfire.security.ssl.endpoint-identification-enabled", "true"); + .withProperty("spring.data.gemfire.security.ssl.web-require-authentication", "true"); this.applicationContext = newApplicationContext(testPropertySource, SslPropertyBasedConfiguration.class); @@ -150,6 +151,7 @@ public class EnableSslConfigurationUnitTests { assertThat(gemfireProperties.getProperty("ssl-default-alias")).isEqualTo("MockCert"); assertThat(gemfireProperties.getProperty("ssl-gateway-alias")).isEqualTo("WanCert"); assertThat(gemfireProperties.getProperty("ssl-server-alias")).isEqualTo("ServerCert"); + assertThat(gemfireProperties.getProperty("ssl-endpoint-identification-enabled")).isEqualTo("true"); assertThat(gemfireProperties.getProperty("ssl-keystore")).isEqualTo("~/test/app/keystore.jks"); assertThat(gemfireProperties.getProperty("ssl-keystore-password")).isEqualTo("0p3nS@y5M3"); assertThat(gemfireProperties.getProperty("ssl-keystore-type")).isEqualTo("R2D2"); @@ -158,9 +160,8 @@ public class EnableSslConfigurationUnitTests { assertThat(gemfireProperties.getProperty("ssl-truststore")).isEqualTo("relative/path/to/trusted.keystore"); assertThat(gemfireProperties.getProperty("ssl-truststore-password")).isEqualTo("kn0ckKn0ck"); assertThat(gemfireProperties.getProperty("ssl-truststore-type")).isEqualTo("C3PO"); - assertThat(gemfireProperties.getProperty("ssl-web-require-authentication")).isEqualTo("true"); assertThat(gemfireProperties.getProperty("ssl-use-default-context")).isEqualTo("true"); - assertThat(gemfireProperties.getProperty("ssl-endpoint-identification-enabled")).isEqualTo("true"); + assertThat(gemfireProperties.getProperty("ssl-web-require-authentication")).isEqualTo("true"); } @EnableGemFireMockObjects @@ -172,15 +173,15 @@ public class EnableSslConfigurationUnitTests { @EnableSsl.ComponentAlias(component = EnableSsl.Component.GATEWAY, alias = "WanCert") }, defaultCertificateAlias = "TestCert", + enableEndpointIdentification = true, keystore = "/path/to/keystore.jks", keystorePassword = "s3cr3t!", protocols = { "TCP/IP", "HTTP" }, truststore = "/path/to/truststore.jks", truststorePassword = "p@55w0rd!", truststoreType = "PKCS11", - webRequireAuthentication = true, - sslUseDefaultContext = true, - sslEndpointIdentificationEnabled = true + useDefaultContext = true, + webRequireAuthentication = true ) static class SslAnnotationBasedConfiguration { }