def test_ssl_disabled(self): cluster = self.create_cluster( self.rc, self.configure_cluster(self.hazelcast_ssl_xml)) cluster.start_member() with self.assertRaises(HazelcastError): HazelcastClient(**get_ssl_config(cluster.id, False))
def test_ssl_enabled_dont_trust_self_signed_certificates(self): # Member started with self-signed certificate cluster = self.create_cluster(self.rc, self.configure_cluster(self.hazelcast_ssl_xml)) cluster.start_member() with self.assertRaises(HazelcastError): HazelcastClient(**get_ssl_config(cluster.id, True))
def test_ssl_enabled_is_client_live(self): client = HazelcastClient( get_ssl_config(True, get_abs_path(self.current_directory, "server1-cert.pem"), protocol=PROTOCOL.TLSv1)) self.assertTrue(client.lifecycle.is_live) client.shutdown()
def test_ssl_enabled_trust_default_certificates(self): # Member started with Let's Encrypt certificate cluster = self.create_cluster(self.rc, self.configure_cluster(self.default_ca_xml)) cluster.start_member() client = HazelcastClient(**get_ssl_config(cluster.id, True)) self.assertTrue(client.lifecycle_service.is_running()) client.shutdown()
def test_ma_optional_with_no_cert_file(self): cluster = self.create_cluster(self.rc, self.configure_cluster(False)) cluster.start_member() client = HazelcastClient(**get_ssl_config( cluster.id, True, get_abs_path(self.current_directory, "server1-cert.pem"))) self.assertTrue(client.lifecycle_service.is_running()) client.shutdown()
def test_ma_required_with_no_cert_file(self): cluster = self.create_cluster(self.rc, self.configure_cluster(True)) cluster.start_member() with self.assertRaises(HazelcastError): HazelcastClient(**get_ssl_config( cluster.id, True, get_abs_path(self.current_directory, "server1-cert.pem")))
def test_ssl_enabled_with_protocol_mismatch(self): # member configured with TLSv1 with self.assertRaises(HazelcastError): client = HazelcastClient( get_ssl_config(True, get_abs_path(self.current_directory, "server1-cert.pem"), protocol=PROTOCOL.SSLv3))
def test_ssl_enabled_with_invalid_ciphers(self): with self.assertRaises(HazelcastError): client = HazelcastClient( get_ssl_config(True, get_abs_path(self.current_directory, "server1-cert.pem"), protocol=PROTOCOL.TLSv1, ciphers="INVALID-CIPHER1:INVALID_CIPHER2"))
def test_ssl_enabled_trust_default_certificates(self): # Member started with Let's Encrypt certificate cluster = self.create_cluster( self.rc, self.configure_cluster(self.default_ca_xml)) cluster.start_member() client = HazelcastClient(get_ssl_config(True, protocol=PROTOCOL.TLSv1)) self.assertTrue(client.lifecycle.is_live) client.shutdown()
def test_ssl_enabled_dont_trust_self_signed_certificates(self): # Member started with self-signed certificate cluster = self.create_cluster( self.rc, self.configure_cluster(self.hazelcast_ssl_xml)) cluster.start_member() with self.assertRaises(HazelcastError): client = HazelcastClient( get_ssl_config(True, protocol=PROTOCOL.TLSv1))
def test_ma_required_with_no_cert_file(self): cluster = self.create_cluster(self.rc, self.configure_cluster(True)) member = cluster.start_member() with self.assertRaises(HazelcastError): client = HazelcastClient( get_ssl_config(True, get_abs_path(self.current_directory, "server1-cert.pem"), protocol=PROTOCOL.TLSv1))
def test_ma_optional_client_and_server_not_authenticated(self): cluster = self.create_cluster(self.rc, self.configure_cluster(False)) cluster.start_member() with self.assertRaises(HazelcastError): HazelcastClient(**get_ssl_config( cluster.id, True, get_abs_path(self.current_directory, "server2-cert.pem"), get_abs_path(self.current_directory, "client2-cert.pem"), get_abs_path(self.current_directory, "client2-key.pem")))
def test_ma_required_client_and_server_authenticated(self): cluster = self.create_cluster(self.rc, self.configure_cluster(True)) cluster.start_member() client = HazelcastClient(**get_ssl_config( cluster.id, True, get_abs_path(self.current_directory, "server1-cert.pem"), get_abs_path(self.current_directory, "client1-cert.pem"), get_abs_path(self.current_directory, "client1-key.pem"))) self.assertTrue(client.lifecycle_service.is_running()) client.shutdown()
def test_ssl_enabled_map_size(self): client = HazelcastClient( get_ssl_config(True, get_abs_path(self.current_directory, "server1-cert.pem"), protocol=PROTOCOL.TLSv1)) test_map = client.get_map("test_map") fill_map(test_map, 10) self.assertEqual(test_map.size().result(), 10) client.shutdown()
def test_ssl_enabled_is_client_live(self): cluster = self.create_cluster( self.rc, self.configure_cluster(self.hazelcast_ssl_xml)) cluster.start_member() client = HazelcastClient(**get_ssl_config( cluster.id, True, get_abs_path(self.current_directory, "server1-cert.pem"))) self.assertTrue(client.lifecycle_service.is_running()) client.shutdown()
def test_ma_optional_with_no_cert_file(self): cluster = self.create_cluster(self.rc, self.configure_cluster(False)) member = cluster.start_member() client = HazelcastClient( get_ssl_config(True, get_abs_path(self.current_directory, "server1-cert.pem"), protocol=PROTOCOL.TLSv1)) self.assertTrue(client.lifecycle.is_live) client.shutdown()
def test_ssl_enabled_trust_default_certificates(self): cluster_config = self.configure_cluster(self.default_ca_xml) keystore_path = get_abs_path(self.current_directory, "keystore.jks") cluster_config = cluster_config % (keystore_path, keystore_path) cluster = self.create_cluster(self.rc, cluster_config) cluster.start_member() client = HazelcastClient(**get_ssl_config(cluster.id, True)) self.assertTrue(client.lifecycle_service.is_running()) client.shutdown()
def test_ssl_enabled_with_invalid_ciphers(self): cluster = self.create_cluster( self.rc, self.configure_cluster(self.hazelcast_ssl_xml)) cluster.start_member() with self.assertRaises(HazelcastError): HazelcastClient(**get_ssl_config( cluster.id, True, get_abs_path(self.current_directory, "server1-cert.pem"), ciphers="INVALID-CIPHER1:INVALID_CIPHER2"))
def test_ssl_enabled_with_custom_ciphers(self): client = HazelcastClient( get_ssl_config( True, get_abs_path(self.current_directory, "server1-cert.pem"), protocol=PROTOCOL.TLSv1, ciphers= "DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-DES-CBC3-SHA:DHE-RSA-DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA" )) self.assertTrue(client.lifecycle.is_live) client.shutdown()
def test_ssl_enabled_is_client_live(self): cluster = self.create_cluster( self.rc, self.configure_cluster(self.hazelcast_ssl_xml)) cluster.start_member() client = HazelcastClient( get_ssl_config(True, get_abs_path(self.current_directory, "server1-cert.pem"), protocol=PROTOCOL.TLSv1)) self.assertTrue(client.lifecycle.is_live) client.shutdown()
def test_ssl_enabled_with_custom_ciphers(self): cluster = self.create_cluster( self.rc, self.configure_cluster(self.hazelcast_ssl_xml)) cluster.start_member() client = HazelcastClient(**get_ssl_config( cluster.id, True, get_abs_path(self.current_directory, "server1-cert.pem"), ciphers="ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384")) self.assertTrue(client.lifecycle_service.is_running()) client.shutdown()
def test_ssl_enabled_with_protocol_mismatch(self): cluster = self.create_cluster( self.rc, self.configure_cluster(self.hazelcast_ssl_xml)) cluster.start_member() # Member configured with TLSv1 with self.assertRaises(HazelcastError): HazelcastClient(**get_ssl_config( cluster.id, True, get_abs_path(self.current_directory, "server1-cert.pem"), protocol=SSLProtocol.SSLv3))
def test_ssl_enabled_map_size(self): cluster = self.create_cluster( self.rc, self.configure_cluster(self.hazelcast_ssl_xml)) cluster.start_member() client = HazelcastClient(**get_ssl_config( cluster.id, True, get_abs_path(self.current_directory, "server1-cert.pem"))) test_map = client.get_map("test_map") fill_map(test_map, 10) self.assertEqual(test_map.size().result(), 10) client.shutdown()
def test_ma_required_client_and_server_authenticated(self): cluster = self.create_cluster(self.rc, self.configure_cluster(True)) member = cluster.start_member() client = HazelcastClient( get_ssl_config(True, get_abs_path(self.current_directory, "server1-cert.pem"), get_abs_path(self.current_directory, "client1-cert.pem"), get_abs_path(self.current_directory, "client1-key.pem"), protocol=PROTOCOL.TLSv1)) self.assertTrue(client.lifecycle.is_live) client.shutdown()
def test_ma_optional_client_not_authenticated(self): cluster = self.create_cluster(self.rc, self.configure_cluster(False)) member = cluster.start_member() with self.assertRaises(HazelcastError): client = HazelcastClient( get_ssl_config(True, get_abs_path(self.current_directory, "server1-cert.pem"), get_abs_path(self.current_directory, "client2-cert.pem"), get_abs_path(self.current_directory, "client2-key.pem"), protocol=PROTOCOL.TLSv1))
def test_ssl_enabled_with_custom_ciphers(self): cluster = self.create_cluster( self.rc, self.configure_cluster(self.hazelcast_ssl_xml)) cluster.start_member() client = HazelcastClient( get_ssl_config( cluster.id, True, get_abs_path(self.current_directory, "server1-cert.pem"), protocol=PROTOCOL.TLSv1, ciphers="DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-DES-" "CBC3-SHA:DHE-RSA-DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA")) self.assertTrue(client.lifecycle_service.is_running()) client.shutdown()
def test_ma_optional_client_and_server_authenticated(self): cluster = self.create_cluster(self.rc, self.configure_cluster(False)) cluster.start_member() client = HazelcastClient( get_ssl_config(cluster.id, True, get_abs_path(self.current_directory, "server1-cert.pem"), get_abs_path(self.current_directory, "client1-cert.pem"), get_abs_path(self.current_directory, "client1-key.pem"), protocol=PROTOCOL.TLSv1)) self.assertTrue(client.lifecycle_service.is_running()) client.shutdown()
def test_ma_required_client_and_server_not_authenticated(self): cluster = self.create_cluster(self.rc, self.configure_cluster(True)) cluster.start_member() with self.assertRaises(HazelcastError): HazelcastClient( get_ssl_config(cluster.id, True, get_abs_path(self.current_directory, "server2-cert.pem"), get_abs_path(self.current_directory, "client2-cert.pem"), get_abs_path(self.current_directory, "client2-key.pem"), protocol=PROTOCOL.TLSv1))
def test_ssl_disabled(self): with self.assertRaises(HazelcastError): client = HazelcastClient(get_ssl_config(False))