def test_ssl_disabled(self):
cluster = self.create_cluster(
self.rc, self.configure_cluster(self.hazelcast_ssl_xml))
cluster.start_member()
with self.assertRaises(HazelcastError):
HazelcastClient(**get_ssl_config(cluster.id, False))
def test_ssl_enabled_dont_trust_self_signed_certificates(self):
# Member started with self-signed certificate
cluster = self.create_cluster(self.rc, self.configure_cluster(self.hazelcast_ssl_xml))
cluster.start_member()
with self.assertRaises(HazelcastError):
HazelcastClient(**get_ssl_config(cluster.id, True))
def test_ssl_enabled_is_client_live(self):
client = HazelcastClient(
get_ssl_config(True,
get_abs_path(self.current_directory,
"server1-cert.pem"),
protocol=PROTOCOL.TLSv1))
self.assertTrue(client.lifecycle.is_live)
client.shutdown()
def test_ssl_enabled_trust_default_certificates(self):
# Member started with Let's Encrypt certificate
cluster = self.create_cluster(self.rc, self.configure_cluster(self.default_ca_xml))
cluster.start_member()
client = HazelcastClient(**get_ssl_config(cluster.id, True))
self.assertTrue(client.lifecycle_service.is_running())
client.shutdown()
def test_ma_optional_with_no_cert_file(self):
cluster = self.create_cluster(self.rc, self.configure_cluster(False))
cluster.start_member()
client = HazelcastClient(**get_ssl_config(
cluster.id, True,
get_abs_path(self.current_directory, "server1-cert.pem")))
self.assertTrue(client.lifecycle_service.is_running())
client.shutdown()
def test_ma_required_with_no_cert_file(self):
cluster = self.create_cluster(self.rc, self.configure_cluster(True))
cluster.start_member()
with self.assertRaises(HazelcastError):
HazelcastClient(**get_ssl_config(
cluster.id, True,
get_abs_path(self.current_directory, "server1-cert.pem")))
def test_ssl_enabled_with_protocol_mismatch(self):
# member configured with TLSv1
with self.assertRaises(HazelcastError):
client = HazelcastClient(
get_ssl_config(True,
get_abs_path(self.current_directory,
"server1-cert.pem"),
protocol=PROTOCOL.SSLv3))
def test_ssl_enabled_with_invalid_ciphers(self):
with self.assertRaises(HazelcastError):
client = HazelcastClient(
get_ssl_config(True,
get_abs_path(self.current_directory,
"server1-cert.pem"),
protocol=PROTOCOL.TLSv1,
ciphers="INVALID-CIPHER1:INVALID_CIPHER2"))
def test_ssl_enabled_trust_default_certificates(self):
# Member started with Let's Encrypt certificate
cluster = self.create_cluster(
self.rc, self.configure_cluster(self.default_ca_xml))
cluster.start_member()
client = HazelcastClient(get_ssl_config(True, protocol=PROTOCOL.TLSv1))
self.assertTrue(client.lifecycle.is_live)
client.shutdown()
def test_ssl_enabled_dont_trust_self_signed_certificates(self):
# Member started with self-signed certificate
cluster = self.create_cluster(
self.rc, self.configure_cluster(self.hazelcast_ssl_xml))
cluster.start_member()
with self.assertRaises(HazelcastError):
client = HazelcastClient(
get_ssl_config(True, protocol=PROTOCOL.TLSv1))
def test_ma_required_with_no_cert_file(self):
cluster = self.create_cluster(self.rc, self.configure_cluster(True))
member = cluster.start_member()
with self.assertRaises(HazelcastError):
client = HazelcastClient(
get_ssl_config(True,
get_abs_path(self.current_directory,
"server1-cert.pem"),
protocol=PROTOCOL.TLSv1))
def test_ma_optional_client_and_server_not_authenticated(self):
cluster = self.create_cluster(self.rc, self.configure_cluster(False))
cluster.start_member()
with self.assertRaises(HazelcastError):
HazelcastClient(**get_ssl_config(
cluster.id, True,
get_abs_path(self.current_directory, "server2-cert.pem"),
get_abs_path(self.current_directory, "client2-cert.pem"),
get_abs_path(self.current_directory, "client2-key.pem")))
def test_ma_required_client_and_server_authenticated(self):
cluster = self.create_cluster(self.rc, self.configure_cluster(True))
cluster.start_member()
client = HazelcastClient(**get_ssl_config(
cluster.id, True,
get_abs_path(self.current_directory, "server1-cert.pem"),
get_abs_path(self.current_directory, "client1-cert.pem"),
get_abs_path(self.current_directory, "client1-key.pem")))
self.assertTrue(client.lifecycle_service.is_running())
client.shutdown()
def test_ssl_enabled_map_size(self):
client = HazelcastClient(
get_ssl_config(True,
get_abs_path(self.current_directory,
"server1-cert.pem"),
protocol=PROTOCOL.TLSv1))
test_map = client.get_map("test_map")
fill_map(test_map, 10)
self.assertEqual(test_map.size().result(), 10)
client.shutdown()
def test_ssl_enabled_is_client_live(self):
cluster = self.create_cluster(
self.rc, self.configure_cluster(self.hazelcast_ssl_xml))
cluster.start_member()
client = HazelcastClient(**get_ssl_config(
cluster.id, True,
get_abs_path(self.current_directory, "server1-cert.pem")))
self.assertTrue(client.lifecycle_service.is_running())
client.shutdown()
def test_ma_optional_with_no_cert_file(self):
cluster = self.create_cluster(self.rc, self.configure_cluster(False))
member = cluster.start_member()
client = HazelcastClient(
get_ssl_config(True,
get_abs_path(self.current_directory,
"server1-cert.pem"),
protocol=PROTOCOL.TLSv1))
self.assertTrue(client.lifecycle.is_live)
client.shutdown()
def test_ssl_enabled_trust_default_certificates(self):
cluster_config = self.configure_cluster(self.default_ca_xml)
keystore_path = get_abs_path(self.current_directory, "keystore.jks")
cluster_config = cluster_config % (keystore_path, keystore_path)
cluster = self.create_cluster(self.rc, cluster_config)
cluster.start_member()
client = HazelcastClient(**get_ssl_config(cluster.id, True))
self.assertTrue(client.lifecycle_service.is_running())
client.shutdown()
def test_ssl_enabled_with_invalid_ciphers(self):
cluster = self.create_cluster(
self.rc, self.configure_cluster(self.hazelcast_ssl_xml))
cluster.start_member()
with self.assertRaises(HazelcastError):
HazelcastClient(**get_ssl_config(
cluster.id,
True,
get_abs_path(self.current_directory, "server1-cert.pem"),
ciphers="INVALID-CIPHER1:INVALID_CIPHER2"))
def test_ssl_enabled_with_custom_ciphers(self):
client = HazelcastClient(
get_ssl_config(
True,
get_abs_path(self.current_directory, "server1-cert.pem"),
protocol=PROTOCOL.TLSv1,
ciphers=
"DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-DES-CBC3-SHA:DHE-RSA-DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA"
))
self.assertTrue(client.lifecycle.is_live)
client.shutdown()
def test_ssl_enabled_is_client_live(self):
cluster = self.create_cluster(
self.rc, self.configure_cluster(self.hazelcast_ssl_xml))
cluster.start_member()
client = HazelcastClient(
get_ssl_config(True,
get_abs_path(self.current_directory,
"server1-cert.pem"),
protocol=PROTOCOL.TLSv1))
self.assertTrue(client.lifecycle.is_live)
client.shutdown()
def test_ssl_enabled_with_custom_ciphers(self):
cluster = self.create_cluster(
self.rc, self.configure_cluster(self.hazelcast_ssl_xml))
cluster.start_member()
client = HazelcastClient(**get_ssl_config(
cluster.id,
True,
get_abs_path(self.current_directory, "server1-cert.pem"),
ciphers="ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384"))
self.assertTrue(client.lifecycle_service.is_running())
client.shutdown()
def test_ssl_enabled_with_protocol_mismatch(self):
cluster = self.create_cluster(
self.rc, self.configure_cluster(self.hazelcast_ssl_xml))
cluster.start_member()
# Member configured with TLSv1
with self.assertRaises(HazelcastError):
HazelcastClient(**get_ssl_config(
cluster.id,
True,
get_abs_path(self.current_directory, "server1-cert.pem"),
protocol=SSLProtocol.SSLv3))
def test_ssl_enabled_map_size(self):
cluster = self.create_cluster(
self.rc, self.configure_cluster(self.hazelcast_ssl_xml))
cluster.start_member()
client = HazelcastClient(**get_ssl_config(
cluster.id, True,
get_abs_path(self.current_directory, "server1-cert.pem")))
test_map = client.get_map("test_map")
fill_map(test_map, 10)
self.assertEqual(test_map.size().result(), 10)
client.shutdown()
def test_ma_required_client_and_server_authenticated(self):
cluster = self.create_cluster(self.rc, self.configure_cluster(True))
member = cluster.start_member()
client = HazelcastClient(
get_ssl_config(True,
get_abs_path(self.current_directory,
"server1-cert.pem"),
get_abs_path(self.current_directory,
"client1-cert.pem"),
get_abs_path(self.current_directory,
"client1-key.pem"),
protocol=PROTOCOL.TLSv1))
self.assertTrue(client.lifecycle.is_live)
client.shutdown()
def test_ma_optional_client_not_authenticated(self):
cluster = self.create_cluster(self.rc, self.configure_cluster(False))
member = cluster.start_member()
with self.assertRaises(HazelcastError):
client = HazelcastClient(
get_ssl_config(True,
get_abs_path(self.current_directory,
"server1-cert.pem"),
get_abs_path(self.current_directory,
"client2-cert.pem"),
get_abs_path(self.current_directory,
"client2-key.pem"),
protocol=PROTOCOL.TLSv1))
def test_ssl_enabled_with_custom_ciphers(self):
cluster = self.create_cluster(
self.rc, self.configure_cluster(self.hazelcast_ssl_xml))
cluster.start_member()
client = HazelcastClient(
get_ssl_config(
cluster.id,
True,
get_abs_path(self.current_directory, "server1-cert.pem"),
protocol=PROTOCOL.TLSv1,
ciphers="DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-DES-"
"CBC3-SHA:DHE-RSA-DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA"))
self.assertTrue(client.lifecycle_service.is_running())
client.shutdown()
def test_ma_optional_client_and_server_authenticated(self):
cluster = self.create_cluster(self.rc, self.configure_cluster(False))
cluster.start_member()
client = HazelcastClient(
get_ssl_config(cluster.id,
True,
get_abs_path(self.current_directory,
"server1-cert.pem"),
get_abs_path(self.current_directory,
"client1-cert.pem"),
get_abs_path(self.current_directory,
"client1-key.pem"),
protocol=PROTOCOL.TLSv1))
self.assertTrue(client.lifecycle_service.is_running())
client.shutdown()
def test_ma_required_client_and_server_not_authenticated(self):
cluster = self.create_cluster(self.rc, self.configure_cluster(True))
cluster.start_member()
with self.assertRaises(HazelcastError):
HazelcastClient(
get_ssl_config(cluster.id,
True,
get_abs_path(self.current_directory,
"server2-cert.pem"),
get_abs_path(self.current_directory,
"client2-cert.pem"),
get_abs_path(self.current_directory,
"client2-key.pem"),
protocol=PROTOCOL.TLSv1))
def test_ssl_disabled(self):
with self.assertRaises(HazelcastError):
client = HazelcastClient(get_ssl_config(False))
