[GitHub] drill pull request #950: DRILL-5431: SSL Support

[parthchandra]

Github user parthchandra commented on a diff in the pull request:

    https://github.com/apache/drill/pull/950#discussion_r141472481
  
    --- Diff: 
exec/java-exec/src/test/java/org/apache/drill/exec/rpc/user/security/TestUserBitSSL.java
 ---
    @@ -0,0 +1,338 @@
    +/*
    + * Licensed to the Apache Software Foundation (ASF) under one
    + * or more contributor license agreements.  See the NOTICE file
    + * distributed with this work for additional information
    + * regarding copyright ownership.  The ASF licenses this file
    + * to you under the Apache License, Version 2.0 (the
    + * "License"); you may not use this file except in compliance
    + * with the License.  You may obtain a copy of the License at
    + *
    + *    http://www.apache.org/licenses/LICENSE-2.0
    + *
    + * Unless required by applicable law or agreed to in writing, software
    + * distributed under the License is distributed on an "AS IS" BASIS,
    + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    + * See the License for the specific language governing permissions and
    + * limitations under the License.
    + */
    +package org.apache.drill.exec.rpc.user.security;
    +
    +import com.typesafe.config.ConfigValueFactory;
    +import io.netty.handler.ssl.util.SelfSignedCertificate;
    +import junit.framework.TestCase;
    +import org.apache.drill.BaseTestQuery;
    +import org.apache.drill.common.config.DrillConfig;
    +import org.apache.drill.common.config.DrillProperties;
    +import org.apache.drill.exec.ExecConstants;
    +import org.junit.AfterClass;
    +import org.junit.BeforeClass;
    +import org.junit.Test;
    +
    +import java.io.File;
    +import java.io.FileOutputStream;
    +import java.net.InetAddress;
    +import java.security.KeyStore;
    +import java.util.Properties;
    +
    +import static junit.framework.TestCase.fail;
    +import static org.junit.Assert.assertEquals;
    +
    +public class TestUserBitSSL extends BaseTestQuery {
    +  private static final org.slf4j.Logger logger =
    +      org.slf4j.LoggerFactory.getLogger(TestUserBitSSL.class);
    +
    +  private static DrillConfig newConfig;
    +  private static Properties initProps; // initial client properties
    +  private static ClassLoader classLoader;
    +  private static String ksPath;
    +  private static String tsPath;
    +  private static String emptyTSPath;
    +  private static String unknownKsPath;
    +
    +  @BeforeClass
    +  public static void setupTest() throws Exception {
    +
    +    // Create a new DrillConfig
    +    classLoader = TestUserBitSSL.class.getClassLoader();
    +    ksPath = new 
File(classLoader.getResource("ssl/keystore.ks").getFile()).getAbsolutePath();
    +    unknownKsPath = new 
File(classLoader.getResource("ssl/unknownkeystore.ks").getFile()).getAbsolutePath();
    +    tsPath = new 
File(classLoader.getResource("ssl/truststore.ks").getFile()).getAbsolutePath();
    +    emptyTSPath = new 
File(classLoader.getResource("ssl/emptytruststore.ks").getFile()).getAbsolutePath();
    +    newConfig = new 
DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties())
    +        .withValue(ExecConstants.SSL_USE_HADOOP_CONF,
    +            ConfigValueFactory.fromAnyRef(false))
    +        .withValue(ExecConstants.USER_SSL_ENABLED,
    +            ConfigValueFactory.fromAnyRef(true))
    +        .withValue(ExecConstants.SSL_KEYSTORE_TYPE,
    +            ConfigValueFactory.fromAnyRef("JKS"))
    +        .withValue(ExecConstants.SSL_KEYSTORE_PATH,
    +            ConfigValueFactory.fromAnyRef(ksPath))
    +        .withValue(ExecConstants.SSL_KEYSTORE_PASSWORD,
    +            ConfigValueFactory.fromAnyRef("drill123"))
    +        .withValue(ExecConstants.SSL_KEY_PASSWORD,
    +            ConfigValueFactory.fromAnyRef("drill123"))
    +        .withValue(ExecConstants.SSL_TRUSTSTORE_TYPE,
    +            ConfigValueFactory.fromAnyRef("JKS"))
    +        .withValue(ExecConstants.SSL_TRUSTSTORE_PATH,
    +            ConfigValueFactory.fromAnyRef(tsPath))
    +        .withValue(ExecConstants.SSL_TRUSTSTORE_PASSWORD,
    +            ConfigValueFactory.fromAnyRef("drill123"))
    +        .withValue(ExecConstants.SSL_PROTOCOL,
    +            ConfigValueFactory.fromAnyRef("TLSv1.2")),
    +      false);
    +
    +    initProps = new Properties();
    +    initProps.setProperty(DrillProperties.ENABLE_TLS, "true");
    +    initProps.setProperty(DrillProperties.TRUSTSTORE_PATH, tsPath);
    +    initProps.setProperty(DrillProperties.TRUSTSTORE_PASSWORD, "drill123");
    +    initProps.setProperty(DrillProperties.DISABLE_HOST_VERIFICATION, 
"true");
    +
    +    // Start an SSL enabled cluster
    +    updateTestCluster(1, newConfig, initProps);
    +  }
    +
    +  @AfterClass
    +  public static void cleanTest() throws Exception {
    +    DrillConfig restoreConfig =
    +        new 
DrillConfig(DrillConfig.create(cloneDefaultTestConfigProperties()), false);
    +    updateTestCluster(1, restoreConfig);
    +  }
    +
    +  @Test
    +  public void testSSLConnection() throws Exception {
    +    final Properties connectionProps = new Properties();
    +    connectionProps.setProperty(DrillProperties.ENABLE_TLS, "true");
    +    connectionProps.setProperty(DrillProperties.TRUSTSTORE_PATH, tsPath);
    +    connectionProps.setProperty(DrillProperties.TRUSTSTORE_PASSWORD, 
"drill123");
    +    connectionProps.setProperty(DrillProperties.DISABLE_HOST_VERIFICATION, 
"true");
    +    try {
    +      updateClient(connectionProps);
    +    } catch (Exception e) {
    +      TestCase.fail( new StringBuilder()
    +          .append("SSL Connection failed with exception [" )
    +          .append( e.getMessage() )
    +          .append("]")
    +          .toString());
    +    }
    +  }
    +
    +  @Test
    +  public void testSSLConnectionWithKeystore() throws Exception {
    +    final Properties connectionProps = new Properties();
    +    connectionProps.setProperty(DrillProperties.ENABLE_TLS, "true");
    +    connectionProps.setProperty(DrillProperties.TRUSTSTORE_PATH, ksPath);
    +    connectionProps.setProperty(DrillProperties.TRUSTSTORE_PASSWORD, 
"drill123");
    +    connectionProps.setProperty(DrillProperties.DISABLE_HOST_VERIFICATION, 
"true");
    +    try {
    +      updateClient(connectionProps);
    +    } catch (Exception e) {
    +      TestCase.fail( new StringBuilder()
    +          .append("SSL Connection failed with exception [" )
    +          .append( e.getMessage() )
    +          .append("]")
    +          .toString());
    +    }
    +  }
    +
    +  @Test
    +  public void testSSLConnectionFailBadTrustStore() throws Exception {
    +    final Properties connectionProps = new Properties();
    +    connectionProps.setProperty(DrillProperties.ENABLE_TLS, "true");
    +    connectionProps.setProperty(DrillProperties.TRUSTSTORE_PATH, ""); // 
NO truststore
    +    connectionProps.setProperty(DrillProperties.TRUSTSTORE_PASSWORD, 
"drill123");
    +    connectionProps.setProperty(DrillProperties.DISABLE_HOST_VERIFICATION, 
"true");
    +    boolean failureCaught = false;
    +    try {
    +      updateClient(connectionProps);
    +    } catch (Exception e) {
    +      failureCaught = true;
    +    }
    --- End diff --
    
    Yes. Initially this test was to check if the path to the truststore is bad. 
But this case fails because the default truststore does not have the server's 
certificate.


---