http://git-wip-us.apache.org/repos/asf/ignite/blob/9f9bb752/modules/web-console/web-agent/src/test/java/org/apache/ignite/console/agent/rest/RestExecutorSelfTest.java ---------------------------------------------------------------------- diff --git a/modules/web-console/web-agent/src/test/java/org/apache/ignite/console/agent/rest/RestExecutorSelfTest.java b/modules/web-console/web-agent/src/test/java/org/apache/ignite/console/agent/rest/RestExecutorSelfTest.java new file mode 100644 index 0000000..6a4fe6c --- /dev/null +++ b/modules/web-console/web-agent/src/test/java/org/apache/ignite/console/agent/rest/RestExecutorSelfTest.java @@ -0,0 +1,329 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.console.agent.rest; + +import java.io.IOException; +import java.net.InetSocketAddress; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.UUID; +import javax.net.ssl.SSLHandshakeException; +import org.apache.ignite.Ignite; +import org.apache.ignite.Ignition; +import org.apache.ignite.configuration.CacheConfiguration; +import org.apache.ignite.configuration.ConnectorConfiguration; +import org.apache.ignite.configuration.IgniteConfiguration; +import org.apache.ignite.internal.processors.rest.protocols.http.jetty.GridJettyObjectMapper; +import org.apache.ignite.internal.util.IgniteUtils; +import org.apache.ignite.internal.util.typedef.F; +import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpi; +import org.apache.ignite.spi.discovery.tcp.ipfinder.TcpDiscoveryIpFinder; +import org.apache.ignite.spi.discovery.tcp.ipfinder.vm.TcpDiscoveryVmIpFinder; + +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; + +import org.junit.Assert; +import org.junit.Rule; +import org.junit.Test; +import org.junit.rules.ExpectedException; + +/** + * Test for RestExecutor. + */ +public class RestExecutorSelfTest { + /** Name of the cache created by default in the cluster. */ + private static final String DEFAULT_CACHE_NAME = "default"; + + /** Path to certificates and configs. */ + private static final String PATH_TO_RESOURCES = "modules/web-console/web-agent/src/test/resources/"; + + /** JSON object mapper. */ + private static final ObjectMapper MAPPER = new GridJettyObjectMapper(); + + /** */ + private static final String HTTP_URI = "http://localhost:8080";; + + /** */ + private static final String HTTPS_URI = "https://localhost:8080";; + + /** */ + private static final String JETTY_WITH_SSL = "jetty-with-ssl.xml"; + + /** */ + private static final String JETTY_WITH_CIPHERS_0 = "jetty-with-ciphers-0.xml"; + + /** */ + private static final String JETTY_WITH_CIPHERS_1 = "jetty-with-ciphers-1.xml"; + + /** */ + private static final String JETTY_WITH_CIPHERS_2 = "jetty-with-ciphers-2.xml"; + + /** This cipher is disabled by default in JDK 8. */ + private static final List<String> CIPHER_0 = Collections.singletonList("TLS_DH_anon_WITH_AES_256_GCM_SHA384"); + + /** */ + private static final List<String> CIPHER_1 = Collections.singletonList("TLS_RSA_WITH_NULL_SHA256"); + + /** */ + private static final List<String> CIPHER_2 = Collections.singletonList("TLS_ECDHE_ECDSA_WITH_NULL_SHA"); + + /** */ + private static final List<String> COMMON_CIPHERS = Arrays.asList( + "TLS_RSA_WITH_NULL_SHA256", + "TLS_ECDHE_ECDSA_WITH_NULL_SHA" + ); + + /** */ + @Rule + public final ExpectedException ruleForExpectedException = ExpectedException.none(); + + /** + * @param jettyCfg Optional path to file with Jetty XML config. + * @return Prepare configuration for cluster node. + */ + private IgniteConfiguration nodeConfiguration(String jettyCfg) { + TcpDiscoveryIpFinder ipFinder = new TcpDiscoveryVmIpFinder(); + + ipFinder.registerAddresses(Collections.singletonList(new InetSocketAddress("127.0.0.1", 47500))); + + TcpDiscoverySpi discoverySpi = new TcpDiscoverySpi(); + + discoverySpi.setIpFinder(ipFinder); + + IgniteConfiguration cfg = new IgniteConfiguration(); + + cfg.setDiscoverySpi(discoverySpi); + + CacheConfiguration<Integer, String> dfltCacheCfg = new CacheConfiguration<>(DEFAULT_CACHE_NAME); + + cfg.setCacheConfiguration(dfltCacheCfg); + + cfg.setIgniteInstanceName(UUID.randomUUID().toString()); + + if (!F.isEmpty(jettyCfg)) { + ConnectorConfiguration conCfg = new ConnectorConfiguration(); + conCfg.setJettyPath(resolvePath(jettyCfg)); + + cfg.setConnectorConfiguration(conCfg); + } + + return cfg; + } + + /** + * Convert response to JSON. + * + * @param res REST result. + * @return JSON object. + * @throws IOException If failed to parse. + */ + private JsonNode toJson(RestResult res) throws IOException { + Assert.assertNotNull(res); + + String data = res.getData(); + + Assert.assertNotNull(data); + Assert.assertFalse(data.isEmpty()); + + return MAPPER.readTree(data); + } + + /** + * @param file File name. + * @return Path to file. + */ + private String resolvePath(String file) { + return IgniteUtils.resolveIgnitePath(PATH_TO_RESOURCES + file).getAbsolutePath(); + } + + /** + * Try to execute REST command and check response. + * + * @param nodeCfg Node configuration. + * @param uri Node URI. + * @param keyStore Key store. + * @param keyStorePwd Key store password. + * @param trustStore Trust store. + * @param trustStorePwd Trust store password. + * @param cipherSuites Cipher suites. + * @throws Exception If failed. + */ + private void checkRest( + IgniteConfiguration nodeCfg, + String uri, + String keyStore, + String keyStorePwd, + String trustStore, + String trustStorePwd, + List<String> cipherSuites + ) throws Exception { + try( + Ignite ignite = Ignition.getOrStart(nodeCfg); + RestExecutor exec = new RestExecutor(keyStore, keyStorePwd, trustStore, trustStorePwd, cipherSuites) + ) { + Map<String, Object> params = new HashMap<>(); + params.put("cmd", "top"); + params.put("attr", false); + params.put("mtr", false); + params.put("caches", false); + + RestResult res = exec.sendRequest(Collections.singletonList(uri), params, null); + + JsonNode json = toJson(res); + + Assert.assertTrue(json.isArray()); + + for (JsonNode item : json) { + Assert.assertTrue(item.get("attributes").isNull()); + Assert.assertTrue(item.get("metrics").isNull()); + Assert.assertTrue(item.get("caches").isNull()); + } + } + } + + /** */ + @Test + public void nodeNoSslAgentNoSsl() throws Exception { + checkRest( + nodeConfiguration(""), + HTTP_URI, + null, null, + null, null, + null + ); + } + + /** */ + @Test + public void nodeNoSslAgentWithSsl() throws Exception { + // Check Web Agent with SSL. + ruleForExpectedException.expect(SSLHandshakeException.class); + checkRest( + nodeConfiguration(""), + HTTPS_URI, + resolvePath("client.jks"), "123456", + resolvePath("ca.jks"), "123456", + null + ); + } + + /** */ + @Test + public void nodeWithSslAgentNoSsl() throws Exception { + ruleForExpectedException.expect(IOException.class); + checkRest( + nodeConfiguration(JETTY_WITH_SSL), + HTTP_URI, + null, null, + null, null, + null + ); + } + + /** */ + @Test + public void nodeWithSslAgentWithSsl() throws Exception { + checkRest( + nodeConfiguration(JETTY_WITH_SSL), + HTTPS_URI, + resolvePath("client.jks"), "123456", + resolvePath("ca.jks"), "123456", + null + ); + } + + /** */ + @Test + public void nodeNoCiphersAgentWithCiphers() throws Exception { + ruleForExpectedException.expect(SSLHandshakeException.class); + checkRest( + nodeConfiguration(JETTY_WITH_SSL), + HTTPS_URI, + resolvePath("client.jks"), "123456", + resolvePath("ca.jks"), "123456", + CIPHER_0 + ); + } + + /** */ + @Test + public void nodeWithCiphersAgentNoCiphers() throws Exception { + ruleForExpectedException.expect(SSLHandshakeException.class); + checkRest( + nodeConfiguration(JETTY_WITH_CIPHERS_0), + HTTPS_URI, + resolvePath("client.jks"), "123456", + resolvePath("ca.jks"), "123456", + null + ); + } + + /** */ + @Test + public void nodeWithCiphersAgentWithCiphers() throws Exception { + checkRest( + nodeConfiguration(JETTY_WITH_CIPHERS_1), + HTTPS_URI, + resolvePath("client.jks"), "123456", + resolvePath("ca.jks"), "123456", + CIPHER_1 + ); + } + + /** */ + @Test + public void differentCiphers1() throws Exception { + ruleForExpectedException.expect(SSLHandshakeException.class); + checkRest( + nodeConfiguration(JETTY_WITH_CIPHERS_1), + HTTPS_URI, + resolvePath("client.jks"), "123456", + resolvePath("ca.jks"), "123456", + CIPHER_2 + ); + } + + /** */ + @Test + public void differentCiphers2() throws Exception { + ruleForExpectedException.expect(SSLHandshakeException.class); + checkRest( + nodeConfiguration(JETTY_WITH_CIPHERS_2), + HTTPS_URI, + resolvePath("client.jks"), "123456", + resolvePath("ca.jks"), "123456", + CIPHER_1 + ); + } + + /** */ + @Test + public void commonCiphers() throws Exception { + checkRest( + nodeConfiguration(JETTY_WITH_CIPHERS_1), + HTTPS_URI, + resolvePath("client.jks"), "123456", + resolvePath("ca.jks"), "123456", + COMMON_CIPHERS + ); + } +}
http://git-wip-us.apache.org/repos/asf/ignite/blob/9f9bb752/modules/web-console/web-agent/src/test/java/org/apache/ignite/testsuites/IgniteWebAgentTestSuite.java ---------------------------------------------------------------------- diff --git a/modules/web-console/web-agent/src/test/java/org/apache/ignite/testsuites/IgniteWebAgentTestSuite.java b/modules/web-console/web-agent/src/test/java/org/apache/ignite/testsuites/IgniteWebAgentTestSuite.java new file mode 100644 index 0000000..d0bc238 --- /dev/null +++ b/modules/web-console/web-agent/src/test/java/org/apache/ignite/testsuites/IgniteWebAgentTestSuite.java @@ -0,0 +1,33 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.testsuites; + +import org.apache.ignite.console.agent.rest.RestExecutorSelfTest; +import org.junit.runner.RunWith; +import org.junit.runners.Suite; + +/** + * Web Agent tests. + */ +@RunWith(Suite.class) +@Suite.SuiteClasses({ + RestExecutorSelfTest.class +}) +public class IgniteWebAgentTestSuite { + // No-op. +} http://git-wip-us.apache.org/repos/asf/ignite/blob/9f9bb752/modules/web-console/web-agent/src/test/resources/ca.jks ---------------------------------------------------------------------- diff --git a/modules/web-console/web-agent/src/test/resources/ca.jks b/modules/web-console/web-agent/src/test/resources/ca.jks new file mode 100644 index 0000000..9d50bcb Binary files /dev/null and b/modules/web-console/web-agent/src/test/resources/ca.jks differ http://git-wip-us.apache.org/repos/asf/ignite/blob/9f9bb752/modules/web-console/web-agent/src/test/resources/client.jks ---------------------------------------------------------------------- diff --git a/modules/web-console/web-agent/src/test/resources/client.jks b/modules/web-console/web-agent/src/test/resources/client.jks new file mode 100644 index 0000000..197c75b Binary files /dev/null and b/modules/web-console/web-agent/src/test/resources/client.jks differ http://git-wip-us.apache.org/repos/asf/ignite/blob/9f9bb752/modules/web-console/web-agent/src/test/resources/generate.bat ---------------------------------------------------------------------- diff --git a/modules/web-console/web-agent/src/test/resources/generate.bat b/modules/web-console/web-agent/src/test/resources/generate.bat new file mode 100644 index 0000000..7bc87f1 --- /dev/null +++ b/modules/web-console/web-agent/src/test/resources/generate.bat @@ -0,0 +1,122 @@ +:: +:: Licensed to the Apache Software Foundation (ASF) under one or more +:: contributor license agreements. See the NOTICE file distributed with +:: this work for additional information regarding copyright ownership. +:: The ASF licenses this file to You under the Apache License, Version 2.0 +:: (the "License"); you may not use this file except in compliance with +:: the License. You may obtain a copy of the License at +:: +:: http://www.apache.org/licenses/LICENSE-2.0 +:: +:: Unless required by applicable law or agreed to in writing, software +:: distributed under the License is distributed on an "AS IS" BASIS, +:: WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +:: See the License for the specific language governing permissions and +:: limitations under the License. +:: + +:: +:: SSL certificates generation. +:: + +:: +:: Preconditions: +:: 1. If needed, download Open SSL for Windows from "https://wiki.openssl.org/index.php/Binaries";. +:: and unpack it to some folder. +:: 2. If needed, install JDK 8 or newer. We need "keytool" from "JDK/bin." +:: 3. Create "openssl.cnf" in some folder. +:: You may use "https://github.com/openssl/openssl/blob/master/apps/openssl.cnf"; as template. +:: 4. If needed, add "opensll" & "keytool" to PATH variable. +:: +:: NOTE: In case of custom SERVER_DOMAIN_NAME you may need to tweak your "etc/hosts" file. +:: + +:: Set Open SSL variables. +set RANDFILE=_path_where_open_ssl_was_unpacked\.rnd +set OPENSSL_CONF=_path_where_open_ssl_was_unpacked\openssl.cnf + +:: Certificates password. +set PWD=p123456 + +:: Server. +set SERVER_DOMAIN_NAME=localhost +set SERVER_EMAIL=supp...@test.com + +:: Client. +set CLIENT_DOMAIN_NAME=localhost +set CLIENT_EMAIL=cli...@test.com + +:: Cleanup. +del server.* +del client.* +del ca.* + +:: Generate server config. +( +echo [req] +echo prompt = no +echo distinguished_name = dn +echo req_extensions = req_ext + +echo [ dn ] +echo countryName = RU +echo stateOrProvinceName = Test +echo localityName = Test +echo organizationName = Apache +echo commonName = %SERVER_DOMAIN_NAME% +echo organizationalUnitName = IT +echo emailAddress = %SERVER_EMAIL% + +echo [ req_ext ] +echo subjectAltName = @alt_names + +echo [ alt_names ] +echo DNS.1 = %SERVER_DOMAIN_NAME% +) > "server.cnf" + +:: Generate client config. +( +echo [req] +echo prompt = no +echo distinguished_name = dn +echo req_extensions = req_ext + +echo [ dn ] +echo countryName = RU +echo stateOrProvinceName = Test +echo localityName = Test +echo organizationName = Apache +echo commonName = %CLIENT_DOMAIN_NAME% +echo organizationalUnitName = IT +echo emailAddress = %CLIENT_EMAIL% + +echo [ req_ext ] +echo subjectAltName = @alt_names + +echo [ alt_names ] +echo DNS.1 = %CLIENT_DOMAIN_NAME% +) > "client.cnf" + +:: Generate certificates. +openssl genrsa -des3 -passout pass:%PWD% -out server.key 1024 +openssl req -new -passin pass:%PWD% -key server.key -config server.cnf -out server.csr + +openssl req -new -newkey rsa:1024 -nodes -keyout ca.key -x509 -days 365 -config server.cnf -out ca.crt + +openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -extensions req_ext -extfile server.cnf -out server.crt +openssl rsa -passin pass:%PWD% -in server.key -out server.nopass.key + +openssl req -new -utf8 -nameopt multiline,utf8 -newkey rsa:1024 -nodes -keyout client.key -config client.cnf -out client.csr +openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 02 -out client.crt + +openssl pkcs12 -export -in server.crt -inkey server.key -certfile server.crt -out server.p12 -passin pass:%PWD% -passout pass:%PWD% +openssl pkcs12 -export -in client.crt -inkey client.key -certfile ca.crt -out client.p12 -passout pass:%PWD% +openssl pkcs12 -export -in ca.crt -inkey ca.key -certfile ca.crt -out ca.p12 -passout pass:%PWD% + +keytool -importkeystore -srckeystore server.p12 -srcstoretype PKCS12 -destkeystore server.jks -deststoretype JKS -noprompt -srcstorepass %PWD% -deststorepass %PWD% +keytool -importkeystore -srckeystore client.p12 -srcstoretype PKCS12 -destkeystore client.jks -deststoretype JKS -noprompt -srcstorepass %PWD% -deststorepass %PWD% +keytool -importkeystore -srckeystore ca.p12 -srcstoretype PKCS12 -destkeystore ca.jks -deststoretype JKS -noprompt -srcstorepass %PWD% -deststorepass %PWD% + +openssl x509 -text -noout -in server.crt +openssl x509 -text -noout -in client.crt +openssl x509 -text -noout -in ca.crt http://git-wip-us.apache.org/repos/asf/ignite/blob/9f9bb752/modules/web-console/web-agent/src/test/resources/generate.sh ---------------------------------------------------------------------- diff --git a/modules/web-console/web-agent/src/test/resources/generate.sh b/modules/web-console/web-agent/src/test/resources/generate.sh new file mode 100644 index 0000000..95e62c3 --- /dev/null +++ b/modules/web-console/web-agent/src/test/resources/generate.sh @@ -0,0 +1,111 @@ +#!/usr/bin/env bash +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# +# SSL certificates generation. +# + +# +# Preconditions: +# 1. If needed, install Open SSL (for example: "sudo apt-get install openssl") +# 2. If needed, install JDK 8 or newer. We need "keytool" from "JDK/bin". +# 3. Create "openssl.cnf" in some folder (for example: "/opt/openssl"). +# You may use "https://github.com/openssl/openssl/blob/master/apps/openssl.cnf"; as template. +# 4. If needed, add "opensll" & "keytool" to PATH variable. +# +# NOTE: In case of custom SERVER_DOMAIN_NAME you may need to tweak your "etc/hosts" file. +# + +set -x + +# Set Open SSL variables. +OPENSSL_CONF=/opt/openssl/openssl.cnf + +# Certificates password. +PWD=p123456 + +# Server. +SERVER_DOMAIN_NAME=localhost +SERVER_EMAIL=support@test.local + +# Client. +CLIENT_DOMAIN_NAME=localhost +CLIENT_EMAIL=client@test.local + +# Cleanup. +rm -vf server.* +rm -vf client.* +rm -vf ca.* + +# Generate server config. +cat << EOF > server.cnf +[req] +prompt = no +distinguished_name = dn +req_extensions = req_ext +[ dn ] +countryName = RU +stateOrProvinceName = Moscow +localityName = Moscow +organizationName = test +commonName = ${SERVER_DOMAIN_NAME} +organizationalUnitName = IT +emailAddress = ${SERVER_EMAIL} +[ req_ext ] +subjectAltName = @alt_names +[ alt_names ] +DNS.1 = ${SERVER_DOMAIN_NAME} +EOF + +# Generate client config. +cat << EOF > client.cnf +[req] +prompt = no +distinguished_name = dn +req_extensions = req_ext +[ dn ] +countryName = RU +stateOrProvinceName = Moscow +localityName = Moscow +organizationName = test +commonName = ${CLIENT_DOMAIN_NAME} +organizationalUnitName = IT +emailAddress = ${CLIENT_EMAIL} +[ req_ext ] +subjectAltName = @alt_names +[ alt_names ] +DNS.1 = ${CLIENT_DOMAIN_NAME} +EOF + +# Generate certificates. +openssl genrsa -des3 -passout pass:${PWD} -out server.key 1024 +openssl req -new -passin pass:${PWD} -key server.key -config server.cnf -out server.csr +openssl req -new -newkey rsa:1024 -nodes -keyout ca.key -x509 -days 365 -config server.cnf -out ca.crt +openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -extensions req_ext -extfile server.cnf -out server.crt +openssl rsa -passin pass:${PWD} -in server.key -out server.nopass.key +openssl req -new -utf8 -nameopt multiline,utf8 -newkey rsa:1024 -nodes -keyout client.key -config client.cnf -out client.csr +openssl x509 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 02 -out client.crt +openssl pkcs12 -export -in server.crt -inkey server.key -certfile server.crt -out server.p12 -passin pass:${PWD} -passout pass:${PWD} +openssl pkcs12 -export -in client.crt -inkey client.key -certfile ca.crt -out client.p12 -passout pass:${PWD} +openssl pkcs12 -export -in ca.crt -inkey ca.key -certfile ca.crt -out ca.p12 -passout pass:${PWD} +keytool -importkeystore -srckeystore server.p12 -srcstoretype PKCS12 -destkeystore server.jks -deststoretype JKS -noprompt -srcstorepass ${PWD} -deststorepass ${PWD} +keytool -importkeystore -srckeystore client.p12 -srcstoretype PKCS12 -destkeystore client.jks -deststoretype JKS -noprompt -srcstorepass ${PWD} -deststorepass ${PWD} +keytool -importkeystore -srckeystore ca.p12 -srcstoretype PKCS12 -destkeystore ca.jks -deststoretype JKS -noprompt -srcstorepass ${PWD} -deststorepass ${PWD} +openssl x509 -text -noout -in server.crt +openssl x509 -text -noout -in client.crt +openssl x509 -text -noout -in ca.crt http://git-wip-us.apache.org/repos/asf/ignite/blob/9f9bb752/modules/web-console/web-agent/src/test/resources/jetty-with-ciphers-0.xml ---------------------------------------------------------------------- diff --git a/modules/web-console/web-agent/src/test/resources/jetty-with-ciphers-0.xml b/modules/web-console/web-agent/src/test/resources/jetty-with-ciphers-0.xml new file mode 100644 index 0000000..40f08b5 --- /dev/null +++ b/modules/web-console/web-agent/src/test/resources/jetty-with-ciphers-0.xml @@ -0,0 +1,94 @@ +<?xml version="1.0"?> + +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd";> +<Configure id="Server" class="org.eclipse.jetty.server.Server"> + <Arg name="threadPool"> + <New class="org.eclipse.jetty.util.thread.QueuedThreadPool"> + <Set name="minThreads">5</Set> + <Set name="maxThreads">10</Set> + </New> + </Arg> + + <New id="httpsCfg" class="org.eclipse.jetty.server.HttpConfiguration"> + <Set name="secureScheme">https</Set> + <Set name="securePort"><SystemProperty name="IGNITE_JETTY_PORT" default="8080"/></Set> + <Set name="sendServerVersion">true</Set> + <Set name="sendDateHeader">true</Set> + <Call name="addCustomizer"> + <Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg> + </Call> + </New> + + <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory"> + <Set name="keyStorePath">modules/web-console/web-agent/src/test/resources/server.jks</Set> + <Set name="keyStorePassword">123456</Set> + <Set name="trustStorePath">modules/web-console/web-agent/src/test/resources/ca.jks</Set> + <Set name="trustStorePassword">123456</Set> + <Set name="needClientAuth">true</Set> + <Set name="includeCipherSuites"> + <Array type="java.lang.String"> + <Item>TLS_DH_anon_WITH_AES_256_GCM_SHA384</Item> + </Array> + </Set> + </New> + + <Call name="addConnector"> + <Arg> + <New class="org.eclipse.jetty.server.ServerConnector"> + <Arg name="server"> + <Ref refid="Server"/> + </Arg> + <Arg name="factories"> + <Array type="org.eclipse.jetty.server.ConnectionFactory"> + <Item> + <New class="org.eclipse.jetty.server.SslConnectionFactory"> + <Arg><Ref refid="sslContextFactory"/></Arg> + <Arg>http/1.1</Arg> + </New> + </Item> + <Item> + <New class="org.eclipse.jetty.server.HttpConnectionFactory"> + <Ref refid="httpsCfg"/> + </New> + </Item> + </Array> + </Arg> + <Set name="host"><SystemProperty name="IGNITE_JETTY_HOST" default="localhost"/></Set> + <Set name="port"><SystemProperty name="IGNITE_JETTY_PORT" default="8080"/></Set> + <Set name="idleTimeout">30000</Set> + <Set name="reuseAddress">true</Set> + </New> + </Arg> + </Call> + + <Set name="handler"> + <New id="Handlers" class="org.eclipse.jetty.server.handler.HandlerCollection"> + <Set name="handlers"> + <Array type="org.eclipse.jetty.server.Handler"> + <Item> + <New id="Contexts" class="org.eclipse.jetty.server.handler.ContextHandlerCollection"/> + </Item> + </Array> + </Set> + </New> + </Set> + + <Set name="stopAtShutdown">false</Set> +</Configure> http://git-wip-us.apache.org/repos/asf/ignite/blob/9f9bb752/modules/web-console/web-agent/src/test/resources/jetty-with-ciphers-1.xml ---------------------------------------------------------------------- diff --git a/modules/web-console/web-agent/src/test/resources/jetty-with-ciphers-1.xml b/modules/web-console/web-agent/src/test/resources/jetty-with-ciphers-1.xml new file mode 100644 index 0000000..cb3a293 --- /dev/null +++ b/modules/web-console/web-agent/src/test/resources/jetty-with-ciphers-1.xml @@ -0,0 +1,94 @@ +<?xml version="1.0"?> + +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd";> +<Configure id="Server" class="org.eclipse.jetty.server.Server"> + <Arg name="threadPool"> + <New class="org.eclipse.jetty.util.thread.QueuedThreadPool"> + <Set name="minThreads">5</Set> + <Set name="maxThreads">10</Set> + </New> + </Arg> + + <New id="httpsCfg" class="org.eclipse.jetty.server.HttpConfiguration"> + <Set name="secureScheme">https</Set> + <Set name="securePort"><SystemProperty name="IGNITE_JETTY_PORT" default="8080"/></Set> + <Set name="sendServerVersion">true</Set> + <Set name="sendDateHeader">true</Set> + <Call name="addCustomizer"> + <Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg> + </Call> + </New> + + <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory"> + <Set name="keyStorePath">modules/web-console/web-agent/src/test/resources/server.jks</Set> + <Set name="keyStorePassword">123456</Set> + <Set name="trustStorePath">modules/web-console/web-agent/src/test/resources/ca.jks</Set> + <Set name="trustStorePassword">123456</Set> + <Set name="needClientAuth">true</Set> + <Set name="includeCipherSuites"> + <Array type="java.lang.String"> + <Item>TLS_RSA_WITH_NULL_SHA256</Item> + </Array> + </Set> + </New> + + <Call name="addConnector"> + <Arg> + <New class="org.eclipse.jetty.server.ServerConnector"> + <Arg name="server"> + <Ref refid="Server"/> + </Arg> + <Arg name="factories"> + <Array type="org.eclipse.jetty.server.ConnectionFactory"> + <Item> + <New class="org.eclipse.jetty.server.SslConnectionFactory"> + <Arg><Ref refid="sslContextFactory"/></Arg> + <Arg>http/1.1</Arg> + </New> + </Item> + <Item> + <New class="org.eclipse.jetty.server.HttpConnectionFactory"> + <Ref refid="httpsCfg"/> + </New> + </Item> + </Array> + </Arg> + <Set name="host"><SystemProperty name="IGNITE_JETTY_HOST" default="localhost"/></Set> + <Set name="port"><SystemProperty name="IGNITE_JETTY_PORT" default="8080"/></Set> + <Set name="idleTimeout">30000</Set> + <Set name="reuseAddress">true</Set> + </New> + </Arg> + </Call> + + <Set name="handler"> + <New id="Handlers" class="org.eclipse.jetty.server.handler.HandlerCollection"> + <Set name="handlers"> + <Array type="org.eclipse.jetty.server.Handler"> + <Item> + <New id="Contexts" class="org.eclipse.jetty.server.handler.ContextHandlerCollection"/> + </Item> + </Array> + </Set> + </New> + </Set> + + <Set name="stopAtShutdown">false</Set> +</Configure> http://git-wip-us.apache.org/repos/asf/ignite/blob/9f9bb752/modules/web-console/web-agent/src/test/resources/jetty-with-ciphers-2.xml ---------------------------------------------------------------------- diff --git a/modules/web-console/web-agent/src/test/resources/jetty-with-ciphers-2.xml b/modules/web-console/web-agent/src/test/resources/jetty-with-ciphers-2.xml new file mode 100644 index 0000000..2251de2 --- /dev/null +++ b/modules/web-console/web-agent/src/test/resources/jetty-with-ciphers-2.xml @@ -0,0 +1,94 @@ +<?xml version="1.0"?> + +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd";> +<Configure id="Server" class="org.eclipse.jetty.server.Server"> + <Arg name="threadPool"> + <New class="org.eclipse.jetty.util.thread.QueuedThreadPool"> + <Set name="minThreads">5</Set> + <Set name="maxThreads">10</Set> + </New> + </Arg> + + <New id="httpsCfg" class="org.eclipse.jetty.server.HttpConfiguration"> + <Set name="secureScheme">https</Set> + <Set name="securePort"><SystemProperty name="IGNITE_JETTY_PORT" default="8080"/></Set> + <Set name="sendServerVersion">true</Set> + <Set name="sendDateHeader">true</Set> + <Call name="addCustomizer"> + <Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg> + </Call> + </New> + + <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory"> + <Set name="keyStorePath">modules/web-console/web-agent/src/test/resources/server.jks</Set> + <Set name="keyStorePassword">123456</Set> + <Set name="trustStorePath">modules/web-console/web-agent/src/test/resources/ca.jks</Set> + <Set name="trustStorePassword">123456</Set> + <Set name="needClientAuth">true</Set> + <Set name="includeCipherSuites"> + <Array type="java.lang.String"> + <Item>TLS_ECDHE_ECDSA_WITH_NULL_SHA</Item> + </Array> + </Set> + </New> + + <Call name="addConnector"> + <Arg> + <New class="org.eclipse.jetty.server.ServerConnector"> + <Arg name="server"> + <Ref refid="Server"/> + </Arg> + <Arg name="factories"> + <Array type="org.eclipse.jetty.server.ConnectionFactory"> + <Item> + <New class="org.eclipse.jetty.server.SslConnectionFactory"> + <Arg><Ref refid="sslContextFactory"/></Arg> + <Arg>http/1.1</Arg> + </New> + </Item> + <Item> + <New class="org.eclipse.jetty.server.HttpConnectionFactory"> + <Ref refid="httpsCfg"/> + </New> + </Item> + </Array> + </Arg> + <Set name="host"><SystemProperty name="IGNITE_JETTY_HOST" default="localhost"/></Set> + <Set name="port"><SystemProperty name="IGNITE_JETTY_PORT" default="8080"/></Set> + <Set name="idleTimeout">30000</Set> + <Set name="reuseAddress">true</Set> + </New> + </Arg> + </Call> + + <Set name="handler"> + <New id="Handlers" class="org.eclipse.jetty.server.handler.HandlerCollection"> + <Set name="handlers"> + <Array type="org.eclipse.jetty.server.Handler"> + <Item> + <New id="Contexts" class="org.eclipse.jetty.server.handler.ContextHandlerCollection"/> + </Item> + </Array> + </Set> + </New> + </Set> + + <Set name="stopAtShutdown">false</Set> +</Configure> http://git-wip-us.apache.org/repos/asf/ignite/blob/9f9bb752/modules/web-console/web-agent/src/test/resources/jetty-with-ssl.xml ---------------------------------------------------------------------- diff --git a/modules/web-console/web-agent/src/test/resources/jetty-with-ssl.xml b/modules/web-console/web-agent/src/test/resources/jetty-with-ssl.xml new file mode 100644 index 0000000..7e06829 --- /dev/null +++ b/modules/web-console/web-agent/src/test/resources/jetty-with-ssl.xml @@ -0,0 +1,89 @@ +<?xml version="1.0"?> + +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd";> +<Configure id="Server" class="org.eclipse.jetty.server.Server"> + <Arg name="threadPool"> + <New class="org.eclipse.jetty.util.thread.QueuedThreadPool"> + <Set name="minThreads">5</Set> + <Set name="maxThreads">10</Set> + </New> + </Arg> + + <New id="httpsCfg" class="org.eclipse.jetty.server.HttpConfiguration"> + <Set name="secureScheme">https</Set> + <Set name="securePort"><SystemProperty name="IGNITE_JETTY_PORT" default="8080"/></Set> + <Set name="sendServerVersion">true</Set> + <Set name="sendDateHeader">true</Set> + <Call name="addCustomizer"> + <Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg> + </Call> + </New> + + <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory"> + <Set name="keyStorePath">modules/web-console/web-agent/src/test/resources/server.jks</Set> + <Set name="keyStorePassword">123456</Set> + <Set name="trustStorePath">modules/web-console/web-agent/src/test/resources/ca.jks</Set> + <Set name="trustStorePassword">123456</Set> + <Set name="needClientAuth">true</Set> + </New> + + <Call name="addConnector"> + <Arg> + <New class="org.eclipse.jetty.server.ServerConnector"> + <Arg name="server"> + <Ref refid="Server"/> + </Arg> + <Arg name="factories"> + <Array type="org.eclipse.jetty.server.ConnectionFactory"> + <Item> + <New class="org.eclipse.jetty.server.SslConnectionFactory"> + <Arg><Ref refid="sslContextFactory"/></Arg> + <Arg>http/1.1</Arg> + </New> + </Item> + <Item> + <New class="org.eclipse.jetty.server.HttpConnectionFactory"> + <Ref refid="httpsCfg"/> + </New> + </Item> + </Array> + </Arg> + <Set name="host"><SystemProperty name="IGNITE_JETTY_HOST" default="localhost"/></Set> + <Set name="port"><SystemProperty name="IGNITE_JETTY_PORT" default="8080"/></Set> + <Set name="idleTimeout">30000</Set> + <Set name="reuseAddress">true</Set> + </New> + </Arg> + </Call> + + <Set name="handler"> + <New id="Handlers" class="org.eclipse.jetty.server.handler.HandlerCollection"> + <Set name="handlers"> + <Array type="org.eclipse.jetty.server.Handler"> + <Item> + <New id="Contexts" class="org.eclipse.jetty.server.handler.ContextHandlerCollection"/> + </Item> + </Array> + </Set> + </New> + </Set> + + <Set name="stopAtShutdown">false</Set> +</Configure> http://git-wip-us.apache.org/repos/asf/ignite/blob/9f9bb752/modules/web-console/web-agent/src/test/resources/server.jks ---------------------------------------------------------------------- diff --git a/modules/web-console/web-agent/src/test/resources/server.jks b/modules/web-console/web-agent/src/test/resources/server.jks new file mode 100644 index 0000000..c673bb0 Binary files /dev/null and b/modules/web-console/web-agent/src/test/resources/server.jks differ
