def __init__(self):
self.server = BaseHTTPServer.HTTPServer((HOST, 0), CloudHTTPHandler)
self.server.socket = ssl.wrap_socket(
self.server.socket,
get_abs_path(self.cur_dir, "key.pem"),
get_abs_path(self.cur_dir, "cert.pem"),
server_side=True)
self.port = self.server.socket.getsockname()[1]
def test_ma_optional_client_and_server_not_authenticated(self):
cluster = self.create_cluster(self.rc, self.configure_cluster(False))
cluster.start_member()
with self.assertRaises(HazelcastError):
HazelcastClient(**get_ssl_config(
cluster.id, True,
get_abs_path(self.current_directory, "server2-cert.pem"),
get_abs_path(self.current_directory, "client2-cert.pem"),
get_abs_path(self.current_directory, "client2-key.pem")))
def test_ma_optional_client_and_server_authenticated(self):
cluster = self.create_cluster(self.rc, self.configure_cluster(False))
cluster.start_member()
client = HazelcastClient(**get_ssl_config(
cluster.id, True,
get_abs_path(self.current_directory, "server1-cert.pem"),
get_abs_path(self.current_directory, "client1-cert.pem"),
get_abs_path(self.current_directory, "client1-key.pem")))
self.assertTrue(client.lifecycle_service.is_running())
client.shutdown()
def test_ma_required_client_and_server_not_authenticated(self):
cluster = self.create_cluster(self.rc, self.configure_cluster(True))
member = cluster.start_member()
with self.assertRaises(HazelcastError):
client = HazelcastClient(
get_ssl_config(True,
get_abs_path(self.current_directory,
"server2-cert.pem"),
get_abs_path(self.current_directory,
"client2-cert.pem"),
get_abs_path(self.current_directory,
"client2-key.pem"),
protocol=PROTOCOL.TLSv1))
def test_ma_optional_client_and_server_authenticated(self):
cluster = self.create_cluster(self.rc, self.configure_cluster(False))
member = cluster.start_member()
client = HazelcastClient(
get_ssl_config(True,
get_abs_path(self.current_directory,
"server1-cert.pem"),
get_abs_path(self.current_directory,
"client1-cert.pem"),
get_abs_path(self.current_directory,
"client1-key.pem"),
protocol=PROTOCOL.TLSv1))
self.assertTrue(client.lifecycle.is_live)
client.shutdown()
def test_ma_required_client_and_server_authenticated(self):
cluster = self.create_cluster(self.rc, self.configure_cluster(True))
cluster.start_member()
client = HazelcastClient(
get_ssl_config(cluster.id,
True,
get_abs_path(self.current_directory,
"server1-cert.pem"),
get_abs_path(self.current_directory,
"client1-cert.pem"),
get_abs_path(self.current_directory,
"client1-key.pem"),
protocol=PROTOCOL.TLSv1))
self.assertTrue(client.lifecycle_service.is_running())
client.shutdown()
class AuthenticationTest(HazelcastTestCase):
current_directory = os.path.dirname(__file__)
rc = None
hazelcast_token_xml = get_abs_path(current_directory,
"hazelcast-token.xml")
hazelcast_userpass_xml = get_abs_path(current_directory,
"hazelcast-user-pass.xml")
def setUp(self):
self.rc = self.create_rc()
def tearDown(self):
self.rc.exit()
def test_no_auth(self):
cluster = self.create_cluster(
self.rc, self.configure_cluster(self.hazelcast_userpass_xml))
cluster.start_member()
with self.assertRaises(HazelcastError):
HazelcastClient(cluster_name=cluster.id, cluster_connect_timeout=2)
def test_token_auth(self):
cluster = self.create_cluster(
self.rc, self.configure_cluster(self.hazelcast_token_xml))
cluster.start_member()
token_provider = BasicTokenProvider("Hazelcast")
client = HazelcastClient(cluster_name=cluster.id,
token_provider=token_provider)
self.assertTrue(client.lifecycle_service.is_running())
client.shutdown()
def test_username_password_auth(self):
cluster = self.create_cluster(
self.rc, self.configure_cluster(self.hazelcast_userpass_xml))
cluster.start_member()
client = HazelcastClient(cluster_name=cluster.id,
creds_username="******",
creds_password="******")
self.assertTrue(client.lifecycle_service.is_running())
client.shutdown()
@classmethod
def configure_cluster(cls, filename):
with open(filename, "r") as f:
return f.read()
def _configure_cluster(self):
current_directory = os.path.dirname(__file__)
with open(
get_abs_path(current_directory,
"hazelcast_crdtreplication_delayed.xml"),
"r") as f:
return f.read()
def test_ma_required_with_no_cert_file(self):
cluster = self.create_cluster(self.rc, self.configure_cluster(True))
cluster.start_member()
with self.assertRaises(HazelcastError):
HazelcastClient(**get_ssl_config(
cluster.id, True,
get_abs_path(self.current_directory, "server1-cert.pem")))
def test_ssl_enabled_with_protocol_mismatch(self):
# member configured with TLSv1
with self.assertRaises(HazelcastError):
client = HazelcastClient(
get_ssl_config(True,
get_abs_path(self.current_directory,
"server1-cert.pem"),
protocol=PROTOCOL.SSLv3))
def test_ssl_enabled_with_invalid_ciphers(self):
with self.assertRaises(HazelcastError):
client = HazelcastClient(
get_ssl_config(True,
get_abs_path(self.current_directory,
"server1-cert.pem"),
protocol=PROTOCOL.TLSv1,
ciphers="INVALID-CIPHER1:INVALID_CIPHER2"))
def test_ssl_enabled_is_client_live(self):
client = HazelcastClient(
get_ssl_config(True,
get_abs_path(self.current_directory,
"server1-cert.pem"),
protocol=PROTOCOL.TLSv1))
self.assertTrue(client.lifecycle.is_live)
client.shutdown()
def test_ssl_enabled_map_size(self):
client = HazelcastClient(
get_ssl_config(True,
get_abs_path(self.current_directory,
"server1-cert.pem"),
protocol=PROTOCOL.TLSv1))
test_map = client.get_map("test_map")
fill_map(test_map, 10)
self.assertEqual(test_map.size().result(), 10)
client.shutdown()
def test_ssl_enabled_is_client_live(self):
cluster = self.create_cluster(
self.rc, self.configure_cluster(self.hazelcast_ssl_xml))
cluster.start_member()
client = HazelcastClient(**get_ssl_config(
cluster.id, True,
get_abs_path(self.current_directory, "server1-cert.pem")))
self.assertTrue(client.lifecycle_service.is_running())
client.shutdown()
def test_ma_optional_with_no_cert_file(self):
cluster = self.create_cluster(self.rc, self.configure_cluster(False))
cluster.start_member()
client = HazelcastClient(
get_ssl_config(cluster.id,
True,
get_abs_path(self.current_directory,
"server1-cert.pem"),
protocol=PROTOCOL.TLSv1))
self.assertTrue(client.lifecycle_service.is_running())
client.shutdown()
def test_ssl_enabled_trust_default_certificates(self):
cluster_config = self.configure_cluster(self.default_ca_xml)
keystore_path = get_abs_path(self.current_directory, "keystore.jks")
cluster_config = cluster_config % (keystore_path, keystore_path)
cluster = self.create_cluster(self.rc, cluster_config)
cluster.start_member()
client = HazelcastClient(**get_ssl_config(cluster.id, True))
self.assertTrue(client.lifecycle_service.is_running())
client.shutdown()
def test_ssl_enabled_with_invalid_ciphers(self):
cluster = self.create_cluster(
self.rc, self.configure_cluster(self.hazelcast_ssl_xml))
cluster.start_member()
with self.assertRaises(HazelcastError):
HazelcastClient(**get_ssl_config(
cluster.id,
True,
get_abs_path(self.current_directory, "server1-cert.pem"),
ciphers="INVALID-CIPHER1:INVALID_CIPHER2"))
def test_ssl_enabled_with_custom_ciphers(self):
client = HazelcastClient(
get_ssl_config(
True,
get_abs_path(self.current_directory, "server1-cert.pem"),
protocol=PROTOCOL.TLSv1,
ciphers=
"DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-DES-CBC3-SHA:DHE-RSA-DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA"
))
self.assertTrue(client.lifecycle.is_live)
client.shutdown()
def test_custom_configuration_output(self):
config = ClientConfig()
config.cluster_name = self.cluster.id
config_file = get_abs_path(self.CUR_DIR, "detailed_config.json")
config.logger.config_file = config_file
client = HazelcastClient(config)
std_out = StringIO()
std_err = StringIO()
for handler in client.logger.handlers:
if handler.get_name() == "StdoutHandler":
handler.stream = std_out
else:
handler.stream = std_err
frame_info = getframeinfo(currentframe())
client.logger.info("TEST_MSG")
# These two statements above should
# follow each other without a white space.
# Otherwise, arrange the line number in
# the assert statements accordingly.
std_out.flush()
std_err.flush()
std_out_str = std_out.getvalue()
std_err_str = std_err.getvalue()
self.assertTrue("TEST_MSG" in std_out_str)
self.assertTrue("TEST_MSG" in std_err_str)
for line in std_out_str.split("\n"):
if "TEST_MSG" in line:
print(line)
asc_time, name, level_name, message = line.split("*")
self.assertTrue(self._is_valid_date_string(asc_time))
self.assertEqual("HazelcastClient", name)
self.assertEqual("INFO", level_name)
self.assertEqual("TEST_MSG", message)
for line in std_err_str.split("\n"):
if "TEST_MSG" in line:
asc_time, name, func, line_no, level_name, message = line.split(
"*")
self.assertTrue(self._is_valid_date_string(asc_time))
self.assertEqual("HazelcastClient", name)
self.assertEqual(frame_info.function, func)
self.assertEqual(str(frame_info.lineno + 1), line_no)
self.assertEqual("INFO", level_name)
self.assertEqual("TEST_MSG", message)
client.shutdown()
def test_ssl_enabled_is_client_live(self):
cluster = self.create_cluster(
self.rc, self.configure_cluster(self.hazelcast_ssl_xml))
cluster.start_member()
client = HazelcastClient(
get_ssl_config(True,
get_abs_path(self.current_directory,
"server1-cert.pem"),
protocol=PROTOCOL.TLSv1))
self.assertTrue(client.lifecycle.is_live)
client.shutdown()
def test_ssl_enabled_with_protocol_mismatch(self):
cluster = self.create_cluster(
self.rc, self.configure_cluster(self.hazelcast_ssl_xml))
cluster.start_member()
# Member configured with TLSv1
with self.assertRaises(HazelcastError):
HazelcastClient(**get_ssl_config(
cluster.id,
True,
get_abs_path(self.current_directory, "server1-cert.pem"),
protocol=SSLProtocol.SSLv3))
def test_ssl_enabled_map_size(self):
cluster = self.create_cluster(
self.rc, self.configure_cluster(self.hazelcast_ssl_xml))
cluster.start_member()
client = HazelcastClient(**get_ssl_config(
cluster.id, True,
get_abs_path(self.current_directory, "server1-cert.pem")))
test_map = client.get_map("test_map")
fill_map(test_map, 10)
self.assertEqual(test_map.size().result(), 10)
client.shutdown()
def test_ssl_enabled_with_custom_ciphers(self):
cluster = self.create_cluster(
self.rc, self.configure_cluster(self.hazelcast_ssl_xml))
cluster.start_member()
client = HazelcastClient(**get_ssl_config(
cluster.id,
True,
get_abs_path(self.current_directory, "server1-cert.pem"),
ciphers="ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384"))
self.assertTrue(client.lifecycle_service.is_running())
client.shutdown()
def test_ssl_enabled_with_custom_ciphers(self):
cluster = self.create_cluster(
self.rc, self.configure_cluster(self.hazelcast_ssl_xml))
cluster.start_member()
client = HazelcastClient(
get_ssl_config(
cluster.id,
True,
get_abs_path(self.current_directory, "server1-cert.pem"),
protocol=PROTOCOL.TLSv1,
ciphers="DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-DES-"
"CBC3-SHA:DHE-RSA-DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA"))
self.assertTrue(client.lifecycle_service.is_running())
client.shutdown()
def start_client_with(
self,
truststore_name: str,
member_address: str,
*,
check_hostname=True,
) -> HazelcastClient:
return self.create_client({
"cluster_name":
self.cluster.id,
"cluster_members": [member_address],
"ssl_enabled":
True,
"ssl_protocol":
SSLProtocol.TLSv1_2,
"ssl_cafile":
get_abs_path(current_directory, truststore_name),
"ssl_check_hostname":
check_hostname,
"cluster_connect_timeout":
0,
})
def test_simple_custom_logging_configuration(self):
logger_config = LoggerConfig()
# Outputs to stdout with the level of error
config_path = get_abs_path(self.CUR_DIR, "simple_config.json")
logger_config.config_file = config_path
self.assertEqual(config_path, logger_config.config_file)
config = ClientConfig()
config.cluster_name = self.cluster.id
config.logger = logger_config
client = HazelcastClient(config)
self.assertEqual(logging.ERROR, client.logger.getEffectiveLevel())
self.assertFalse(client.logger.isEnabledFor(logging.INFO))
self.assertFalse(client.logger.isEnabledFor(logging.WARNING))
self.assertTrue(client.logger.isEnabledFor(logging.ERROR))
self.assertTrue(client.logger.isEnabledFor(logging.CRITICAL))
out = StringIO()
handler = logging.getLogger("HazelcastClient").handlers[0]
handler.stream = out
client.logger.debug("DEBUG_TEST")
client.logger.info("INFO_TEST")
client.logger.error("ERROR_TEST")
client.logger.critical("CRITICAL_TEST")
out.flush()
out_str = out.getvalue()
self.assertEqual(0, out_str.count("DEBUG_TEST"))
self.assertEqual(0, out_str.count("INFO_TEST"))
self.assertEqual(1, out_str.count("ERROR_TEST"))
self.assertEqual(1, out_str.count("CRITICAL_TEST"))
client.shutdown()
def test_same_custom_configuration_file_with_multiple_clients(self):
config = ClientConfig()
config_file = get_abs_path(self.CUR_DIR, "simple_config.json")
config.logger_config.configuration_file = config_file
client1 = HazelcastClient(config)
client2 = HazelcastClient(config)
out = StringIO()
logging.getLogger("HazelcastClient").handlers[0].stream = out
client1.logger.critical("TEST_MSG")
client2.logger.critical("TEST_MSG")
out.flush()
out_str = out.getvalue()
self.assertEqual(2, out_str.count("TEST_MSG"))
client1.shutdown()
client2.shutdown()
class SSLTest(HazelcastTestCase):
current_directory = os.path.dirname(__file__)
rc = None
hazelcast_ssl_xml = get_abs_path(current_directory, "hazelcast-ssl.xml")
default_ca_xml = get_abs_path(current_directory,
"hazelcast-default-ca.xml")
def setUp(self):
self.rc = self.create_rc()
def tearDown(self):
self.rc.exit()
def test_ssl_disabled(self):
cluster = self.create_cluster(
self.rc, self.configure_cluster(self.hazelcast_ssl_xml))
cluster.start_member()
with self.assertRaises(HazelcastError):
HazelcastClient(**get_ssl_config(cluster.id, False))
def test_ssl_enabled_is_client_live(self):
cluster = self.create_cluster(
self.rc, self.configure_cluster(self.hazelcast_ssl_xml))
cluster.start_member()
client = HazelcastClient(**get_ssl_config(
cluster.id, True,
get_abs_path(self.current_directory, "server1-cert.pem")))
self.assertTrue(client.lifecycle_service.is_running())
client.shutdown()
def test_ssl_enabled_trust_default_certificates(self):
# Member started with Let's Encrypt certificate
cluster = self.create_cluster(
self.rc, self.configure_cluster(self.default_ca_xml))
cluster.start_member()
client = HazelcastClient(**get_ssl_config(cluster.id, True))
self.assertTrue(client.lifecycle_service.is_running())
client.shutdown()
def test_ssl_enabled_dont_trust_self_signed_certificates(self):
# Member started with self-signed certificate
cluster = self.create_cluster(
self.rc, self.configure_cluster(self.hazelcast_ssl_xml))
cluster.start_member()
with self.assertRaises(HazelcastError):
HazelcastClient(**get_ssl_config(cluster.id, True))
def test_ssl_enabled_map_size(self):
cluster = self.create_cluster(
self.rc, self.configure_cluster(self.hazelcast_ssl_xml))
cluster.start_member()
client = HazelcastClient(**get_ssl_config(
cluster.id, True,
get_abs_path(self.current_directory, "server1-cert.pem")))
test_map = client.get_map("test_map")
fill_map(test_map, 10)
self.assertEqual(test_map.size().result(), 10)
client.shutdown()
def test_ssl_enabled_with_custom_ciphers(self):
cluster = self.create_cluster(
self.rc, self.configure_cluster(self.hazelcast_ssl_xml))
cluster.start_member()
client = HazelcastClient(**get_ssl_config(
cluster.id,
True,
get_abs_path(self.current_directory, "server1-cert.pem"),
ciphers="ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384"))
self.assertTrue(client.lifecycle_service.is_running())
client.shutdown()
def test_ssl_enabled_with_invalid_ciphers(self):
cluster = self.create_cluster(
self.rc, self.configure_cluster(self.hazelcast_ssl_xml))
cluster.start_member()
with self.assertRaises(HazelcastError):
HazelcastClient(**get_ssl_config(
cluster.id,
True,
get_abs_path(self.current_directory, "server1-cert.pem"),
ciphers="INVALID-CIPHER1:INVALID_CIPHER2"))
def test_ssl_enabled_with_protocol_mismatch(self):
cluster = self.create_cluster(
self.rc, self.configure_cluster(self.hazelcast_ssl_xml))
cluster.start_member()
# Member configured with TLSv1
with self.assertRaises(HazelcastError):
HazelcastClient(**get_ssl_config(
cluster.id,
True,
get_abs_path(self.current_directory, "server1-cert.pem"),
protocol=SSLProtocol.SSLv3))
def configure_cluster(self, filename):
with open(filename, "r") as f:
return f.read()
def configure_cluster():
current_directory = os.path.dirname(__file__)
with open(
get_abs_path(os.path.join(current_directory, "proxy"),
"hazelcast.xml"), "r") as f:
return f.read()
class MutualAuthenticationTest(HazelcastTestCase):
current_directory = os.path.dirname(__file__)
rc = None
mutual_auth = True
ma_req_xml = get_abs_path(current_directory, "hazelcast-ma-required.xml")
ma_opt_xml = get_abs_path(current_directory, "hazelcast-ma-optional.xml")
@classmethod
def setUpClass(cls):
configure_logging()
def setUp(self):
self.rc = self.create_rc()
def tearDown(self):
self.rc.exit()
def test_ma_required_client_and_server_authenticated(self):
cluster = self.create_cluster(self.rc, self.configure_cluster(True))
member = cluster.start_member()
client = HazelcastClient(
get_ssl_config(True,
get_abs_path(self.current_directory,
"server1-cert.pem"),
get_abs_path(self.current_directory,
"client1-cert.pem"),
get_abs_path(self.current_directory,
"client1-key.pem"),
protocol=PROTOCOL.TLSv1))
self.assertTrue(client.lifecycle.is_live)
client.shutdown()
def test_ma_required_server_not_authenticated(self):
cluster = self.create_cluster(self.rc, self.configure_cluster(True))
member = cluster.start_member()
with self.assertRaises(HazelcastError):
client = HazelcastClient(
get_ssl_config(True,
get_abs_path(self.current_directory,
"server2-cert.pem"),
get_abs_path(self.current_directory,
"client1-cert.pem"),
get_abs_path(self.current_directory,
"client1-key.pem"),
protocol=PROTOCOL.TLSv1))
def test_ma_required_client_not_authenticated(self):
cluster = self.create_cluster(self.rc, self.configure_cluster(True))
member = cluster.start_member()
with self.assertRaises(HazelcastError):
client = HazelcastClient(
get_ssl_config(True,
get_abs_path(self.current_directory,
"server1-cert.pem"),
get_abs_path(self.current_directory,
"client2-cert.pem"),
get_abs_path(self.current_directory,
"client2-key.pem"),
protocol=PROTOCOL.TLSv1))
def test_ma_required_client_and_server_not_authenticated(self):
cluster = self.create_cluster(self.rc, self.configure_cluster(True))
member = cluster.start_member()
with self.assertRaises(HazelcastError):
client = HazelcastClient(
get_ssl_config(True,
get_abs_path(self.current_directory,
"server2-cert.pem"),
get_abs_path(self.current_directory,
"client2-cert.pem"),
get_abs_path(self.current_directory,
"client2-key.pem"),
protocol=PROTOCOL.TLSv1))
def test_ma_optional_client_and_server_authenticated(self):
cluster = self.create_cluster(self.rc, self.configure_cluster(False))
member = cluster.start_member()
client = HazelcastClient(
get_ssl_config(True,
get_abs_path(self.current_directory,
"server1-cert.pem"),
get_abs_path(self.current_directory,
"client1-cert.pem"),
get_abs_path(self.current_directory,
"client1-key.pem"),
protocol=PROTOCOL.TLSv1))
self.assertTrue(client.lifecycle.is_live)
client.shutdown()
def test_ma_optional_server_not_authenticated(self):
cluster = self.create_cluster(self.rc, self.configure_cluster(False))
member = cluster.start_member()
with self.assertRaises(HazelcastError):
client = HazelcastClient(
get_ssl_config(True,
get_abs_path(self.current_directory,
"server2-cert.pem"),
get_abs_path(self.current_directory,
"client1-cert.pem"),
get_abs_path(self.current_directory,
"client1-key.pem"),
protocol=PROTOCOL.TLSv1))
def test_ma_optional_client_not_authenticated(self):
cluster = self.create_cluster(self.rc, self.configure_cluster(False))
member = cluster.start_member()
with self.assertRaises(HazelcastError):
client = HazelcastClient(
get_ssl_config(True,
get_abs_path(self.current_directory,
"server1-cert.pem"),
get_abs_path(self.current_directory,
"client2-cert.pem"),
get_abs_path(self.current_directory,
"client2-key.pem"),
protocol=PROTOCOL.TLSv1))
def test_ma_optional_client_and_server_not_authenticated(self):
cluster = self.create_cluster(self.rc, self.configure_cluster(False))
member = cluster.start_member()
with self.assertRaises(HazelcastError):
client = HazelcastClient(
get_ssl_config(True,
get_abs_path(self.current_directory,
"server2-cert.pem"),
get_abs_path(self.current_directory,
"client2-cert.pem"),
get_abs_path(self.current_directory,
"client2-key.pem"),
protocol=PROTOCOL.TLSv1))
def test_ma_required_with_no_cert_file(self):
cluster = self.create_cluster(self.rc, self.configure_cluster(True))
member = cluster.start_member()
with self.assertRaises(HazelcastError):
client = HazelcastClient(
get_ssl_config(True,
get_abs_path(self.current_directory,
"server1-cert.pem"),
protocol=PROTOCOL.TLSv1))
def test_ma_optional_with_no_cert_file(self):
cluster = self.create_cluster(self.rc, self.configure_cluster(False))
member = cluster.start_member()
client = HazelcastClient(
get_ssl_config(True,
get_abs_path(self.current_directory,
"server1-cert.pem"),
protocol=PROTOCOL.TLSv1))
self.assertTrue(client.lifecycle.is_live)
client.shutdown()
def configure_cluster(self, is_ma_required):
file_path = self.ma_req_xml if is_ma_required else self.ma_opt_xml
with open(file_path, "r") as f:
return f.read()
