rdhabalia commented on a change in pull request #1225: Enable specification of TLS Protocol Versions and Cipher Suites URL: https://github.com/apache/incubator-pulsar/pull/1225#discussion_r167744955
########## File path: pulsar-proxy/src/test/java/org/apache/pulsar/proxy/server/ProxyWithProxyAuthorizationTest.java ########## @@ -306,6 +360,79 @@ public void textTlsHostVerificationProxyToBroker(boolean hostnameVerificationEna log.info("-- Exiting {} test --", methodName); } + /* + * This test verifies whether the Client and Proxy honor the protocols and ciphers specified. + * Details description of test cases can be found in protocolsCiphersProviderCodecProvider + */ + @Test(dataProvider = "protocolsCiphersProvider") + public void tlsCiphersAndProtocols(Set<String> tlsCiphers, Set<String> tlsProtocols, boolean expectFailure) throws Exception { + log.info("-- Starting {} test --", methodName); + String namespaceName = "my-property/proxy-authorization/my-ns"; + createAdminClient(); + + admin.properties().createProperty("my-property", + new PropertyAdmin(Lists.newArrayList("appid1", "appid2"), Sets.newHashSet("proxy-authorization"))); + admin.namespaces().createNamespace(namespaceName); + + admin.namespaces().grantPermissionOnNamespace(namespaceName, "Proxy", + Sets.newHashSet(AuthAction.consume, AuthAction.produce)); + admin.namespaces().grantPermissionOnNamespace(namespaceName, "Client", + Sets.newHashSet(AuthAction.consume, AuthAction.produce)); + + ProxyConfiguration proxyConfig = new ProxyConfiguration(); + proxyConfig.setAuthenticationEnabled(true); + proxyConfig.setAuthorizationEnabled(false); + proxyConfig.setBrokerServiceURL("pulsar://localhost:" + BROKER_PORT); + proxyConfig.setBrokerServiceURLTLS("pulsar://localhost:" + BROKER_PORT_TLS); + + proxyConfig.setServicePort(PortManager.nextFreePort()); + proxyConfig.setServicePortTls(PortManager.nextFreePort()); + proxyConfig.setWebServicePort(PortManager.nextFreePort()); + proxyConfig.setWebServicePortTls(PortManager.nextFreePort()); + proxyConfig.setTlsEnabledInProxy(true); + proxyConfig.setTlsEnabledWithBroker(true); + + // enable tls and auth&auth at proxy + proxyConfig.setTlsCertificateFilePath(TLS_PROXY_CERT_FILE_PATH); + proxyConfig.setTlsKeyFilePath(TLS_PROXY_KEY_FILE_PATH); + proxyConfig.setTlsTrustCertsFilePath(TLS_PROXY_TRUST_CERT_FILE_PATH); + + proxyConfig.setBrokerClientAuthenticationPlugin(AuthenticationTls.class.getName()); + proxyConfig.setBrokerClientAuthenticationParameters( + "tlsCertFile:" + TLS_PROXY_CERT_FILE_PATH + "," + "tlsKeyFile:" + TLS_PROXY_KEY_FILE_PATH); + + Set<String> providers = new HashSet<>(); + providers.add(AuthenticationProviderTls.class.getName()); + conf.setAuthenticationProviders(providers); + proxyConfig.setAuthenticationProviders(providers); + proxyConfig.setTlsProtocols(tlsProtocols); + proxyConfig.setTlsCiphers(tlsCiphers); + ProxyService proxyService = Mockito.spy(new ProxyService(proxyConfig)); + proxyService.start(); + Thread.sleep(1000); Review comment: umm..instead sleep can we check some condition until which we want to wait using `org.apache.pulsar.broker.auth.MockedPulsarServiceBaseTest.retryStrategically(..)`, it will help to avoid one more intermittent test failure. and we can also add test timeout=5Sec. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services