def __init__(self): self.server = BaseHTTPServer.HTTPServer((HOST, 0), CloudHTTPHandler) self.server.socket = ssl.wrap_socket( self.server.socket, get_abs_path(self.cur_dir, "key.pem"), get_abs_path(self.cur_dir, "cert.pem"), server_side=True) self.port = self.server.socket.getsockname()[1]
def test_ma_optional_client_and_server_not_authenticated(self): cluster = self.create_cluster(self.rc, self.configure_cluster(False)) cluster.start_member() with self.assertRaises(HazelcastError): HazelcastClient(**get_ssl_config( cluster.id, True, get_abs_path(self.current_directory, "server2-cert.pem"), get_abs_path(self.current_directory, "client2-cert.pem"), get_abs_path(self.current_directory, "client2-key.pem")))
def test_ma_optional_client_and_server_authenticated(self): cluster = self.create_cluster(self.rc, self.configure_cluster(False)) cluster.start_member() client = HazelcastClient(**get_ssl_config( cluster.id, True, get_abs_path(self.current_directory, "server1-cert.pem"), get_abs_path(self.current_directory, "client1-cert.pem"), get_abs_path(self.current_directory, "client1-key.pem"))) self.assertTrue(client.lifecycle_service.is_running()) client.shutdown()
def test_ma_required_client_and_server_not_authenticated(self): cluster = self.create_cluster(self.rc, self.configure_cluster(True)) member = cluster.start_member() with self.assertRaises(HazelcastError): client = HazelcastClient( get_ssl_config(True, get_abs_path(self.current_directory, "server2-cert.pem"), get_abs_path(self.current_directory, "client2-cert.pem"), get_abs_path(self.current_directory, "client2-key.pem"), protocol=PROTOCOL.TLSv1))
def test_ma_optional_client_and_server_authenticated(self): cluster = self.create_cluster(self.rc, self.configure_cluster(False)) member = cluster.start_member() client = HazelcastClient( get_ssl_config(True, get_abs_path(self.current_directory, "server1-cert.pem"), get_abs_path(self.current_directory, "client1-cert.pem"), get_abs_path(self.current_directory, "client1-key.pem"), protocol=PROTOCOL.TLSv1)) self.assertTrue(client.lifecycle.is_live) client.shutdown()
def test_ma_required_client_and_server_authenticated(self): cluster = self.create_cluster(self.rc, self.configure_cluster(True)) cluster.start_member() client = HazelcastClient( get_ssl_config(cluster.id, True, get_abs_path(self.current_directory, "server1-cert.pem"), get_abs_path(self.current_directory, "client1-cert.pem"), get_abs_path(self.current_directory, "client1-key.pem"), protocol=PROTOCOL.TLSv1)) self.assertTrue(client.lifecycle_service.is_running()) client.shutdown()
class AuthenticationTest(HazelcastTestCase): current_directory = os.path.dirname(__file__) rc = None hazelcast_token_xml = get_abs_path(current_directory, "hazelcast-token.xml") hazelcast_userpass_xml = get_abs_path(current_directory, "hazelcast-user-pass.xml") def setUp(self): self.rc = self.create_rc() def tearDown(self): self.rc.exit() def test_no_auth(self): cluster = self.create_cluster( self.rc, self.configure_cluster(self.hazelcast_userpass_xml)) cluster.start_member() with self.assertRaises(HazelcastError): HazelcastClient(cluster_name=cluster.id, cluster_connect_timeout=2) def test_token_auth(self): cluster = self.create_cluster( self.rc, self.configure_cluster(self.hazelcast_token_xml)) cluster.start_member() token_provider = BasicTokenProvider("Hazelcast") client = HazelcastClient(cluster_name=cluster.id, token_provider=token_provider) self.assertTrue(client.lifecycle_service.is_running()) client.shutdown() def test_username_password_auth(self): cluster = self.create_cluster( self.rc, self.configure_cluster(self.hazelcast_userpass_xml)) cluster.start_member() client = HazelcastClient(cluster_name=cluster.id, creds_username="******", creds_password="******") self.assertTrue(client.lifecycle_service.is_running()) client.shutdown() @classmethod def configure_cluster(cls, filename): with open(filename, "r") as f: return f.read()
def _configure_cluster(self): current_directory = os.path.dirname(__file__) with open( get_abs_path(current_directory, "hazelcast_crdtreplication_delayed.xml"), "r") as f: return f.read()
def test_ma_required_with_no_cert_file(self): cluster = self.create_cluster(self.rc, self.configure_cluster(True)) cluster.start_member() with self.assertRaises(HazelcastError): HazelcastClient(**get_ssl_config( cluster.id, True, get_abs_path(self.current_directory, "server1-cert.pem")))
def test_ssl_enabled_with_protocol_mismatch(self): # member configured with TLSv1 with self.assertRaises(HazelcastError): client = HazelcastClient( get_ssl_config(True, get_abs_path(self.current_directory, "server1-cert.pem"), protocol=PROTOCOL.SSLv3))
def test_ssl_enabled_with_invalid_ciphers(self): with self.assertRaises(HazelcastError): client = HazelcastClient( get_ssl_config(True, get_abs_path(self.current_directory, "server1-cert.pem"), protocol=PROTOCOL.TLSv1, ciphers="INVALID-CIPHER1:INVALID_CIPHER2"))
def test_ssl_enabled_is_client_live(self): client = HazelcastClient( get_ssl_config(True, get_abs_path(self.current_directory, "server1-cert.pem"), protocol=PROTOCOL.TLSv1)) self.assertTrue(client.lifecycle.is_live) client.shutdown()
def test_ssl_enabled_map_size(self): client = HazelcastClient( get_ssl_config(True, get_abs_path(self.current_directory, "server1-cert.pem"), protocol=PROTOCOL.TLSv1)) test_map = client.get_map("test_map") fill_map(test_map, 10) self.assertEqual(test_map.size().result(), 10) client.shutdown()
def test_ssl_enabled_is_client_live(self): cluster = self.create_cluster( self.rc, self.configure_cluster(self.hazelcast_ssl_xml)) cluster.start_member() client = HazelcastClient(**get_ssl_config( cluster.id, True, get_abs_path(self.current_directory, "server1-cert.pem"))) self.assertTrue(client.lifecycle_service.is_running()) client.shutdown()
def test_ma_optional_with_no_cert_file(self): cluster = self.create_cluster(self.rc, self.configure_cluster(False)) cluster.start_member() client = HazelcastClient( get_ssl_config(cluster.id, True, get_abs_path(self.current_directory, "server1-cert.pem"), protocol=PROTOCOL.TLSv1)) self.assertTrue(client.lifecycle_service.is_running()) client.shutdown()
def test_ssl_enabled_trust_default_certificates(self): cluster_config = self.configure_cluster(self.default_ca_xml) keystore_path = get_abs_path(self.current_directory, "keystore.jks") cluster_config = cluster_config % (keystore_path, keystore_path) cluster = self.create_cluster(self.rc, cluster_config) cluster.start_member() client = HazelcastClient(**get_ssl_config(cluster.id, True)) self.assertTrue(client.lifecycle_service.is_running()) client.shutdown()
def test_ssl_enabled_with_invalid_ciphers(self): cluster = self.create_cluster( self.rc, self.configure_cluster(self.hazelcast_ssl_xml)) cluster.start_member() with self.assertRaises(HazelcastError): HazelcastClient(**get_ssl_config( cluster.id, True, get_abs_path(self.current_directory, "server1-cert.pem"), ciphers="INVALID-CIPHER1:INVALID_CIPHER2"))
def test_ssl_enabled_with_custom_ciphers(self): client = HazelcastClient( get_ssl_config( True, get_abs_path(self.current_directory, "server1-cert.pem"), protocol=PROTOCOL.TLSv1, ciphers= "DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-DES-CBC3-SHA:DHE-RSA-DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA" )) self.assertTrue(client.lifecycle.is_live) client.shutdown()
def test_custom_configuration_output(self): config = ClientConfig() config.cluster_name = self.cluster.id config_file = get_abs_path(self.CUR_DIR, "detailed_config.json") config.logger.config_file = config_file client = HazelcastClient(config) std_out = StringIO() std_err = StringIO() for handler in client.logger.handlers: if handler.get_name() == "StdoutHandler": handler.stream = std_out else: handler.stream = std_err frame_info = getframeinfo(currentframe()) client.logger.info("TEST_MSG") # These two statements above should # follow each other without a white space. # Otherwise, arrange the line number in # the assert statements accordingly. std_out.flush() std_err.flush() std_out_str = std_out.getvalue() std_err_str = std_err.getvalue() self.assertTrue("TEST_MSG" in std_out_str) self.assertTrue("TEST_MSG" in std_err_str) for line in std_out_str.split("\n"): if "TEST_MSG" in line: print(line) asc_time, name, level_name, message = line.split("*") self.assertTrue(self._is_valid_date_string(asc_time)) self.assertEqual("HazelcastClient", name) self.assertEqual("INFO", level_name) self.assertEqual("TEST_MSG", message) for line in std_err_str.split("\n"): if "TEST_MSG" in line: asc_time, name, func, line_no, level_name, message = line.split( "*") self.assertTrue(self._is_valid_date_string(asc_time)) self.assertEqual("HazelcastClient", name) self.assertEqual(frame_info.function, func) self.assertEqual(str(frame_info.lineno + 1), line_no) self.assertEqual("INFO", level_name) self.assertEqual("TEST_MSG", message) client.shutdown()
def test_ssl_enabled_is_client_live(self): cluster = self.create_cluster( self.rc, self.configure_cluster(self.hazelcast_ssl_xml)) cluster.start_member() client = HazelcastClient( get_ssl_config(True, get_abs_path(self.current_directory, "server1-cert.pem"), protocol=PROTOCOL.TLSv1)) self.assertTrue(client.lifecycle.is_live) client.shutdown()
def test_ssl_enabled_with_protocol_mismatch(self): cluster = self.create_cluster( self.rc, self.configure_cluster(self.hazelcast_ssl_xml)) cluster.start_member() # Member configured with TLSv1 with self.assertRaises(HazelcastError): HazelcastClient(**get_ssl_config( cluster.id, True, get_abs_path(self.current_directory, "server1-cert.pem"), protocol=SSLProtocol.SSLv3))
def test_ssl_enabled_map_size(self): cluster = self.create_cluster( self.rc, self.configure_cluster(self.hazelcast_ssl_xml)) cluster.start_member() client = HazelcastClient(**get_ssl_config( cluster.id, True, get_abs_path(self.current_directory, "server1-cert.pem"))) test_map = client.get_map("test_map") fill_map(test_map, 10) self.assertEqual(test_map.size().result(), 10) client.shutdown()
def test_ssl_enabled_with_custom_ciphers(self): cluster = self.create_cluster( self.rc, self.configure_cluster(self.hazelcast_ssl_xml)) cluster.start_member() client = HazelcastClient(**get_ssl_config( cluster.id, True, get_abs_path(self.current_directory, "server1-cert.pem"), ciphers="ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384")) self.assertTrue(client.lifecycle_service.is_running()) client.shutdown()
def test_ssl_enabled_with_custom_ciphers(self): cluster = self.create_cluster( self.rc, self.configure_cluster(self.hazelcast_ssl_xml)) cluster.start_member() client = HazelcastClient( get_ssl_config( cluster.id, True, get_abs_path(self.current_directory, "server1-cert.pem"), protocol=PROTOCOL.TLSv1, ciphers="DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-DES-" "CBC3-SHA:DHE-RSA-DES-CBC3-SHA:DHE-DSS-DES-CBC3-SHA")) self.assertTrue(client.lifecycle_service.is_running()) client.shutdown()
def start_client_with( self, truststore_name: str, member_address: str, *, check_hostname=True, ) -> HazelcastClient: return self.create_client({ "cluster_name": self.cluster.id, "cluster_members": [member_address], "ssl_enabled": True, "ssl_protocol": SSLProtocol.TLSv1_2, "ssl_cafile": get_abs_path(current_directory, truststore_name), "ssl_check_hostname": check_hostname, "cluster_connect_timeout": 0, })
def test_simple_custom_logging_configuration(self): logger_config = LoggerConfig() # Outputs to stdout with the level of error config_path = get_abs_path(self.CUR_DIR, "simple_config.json") logger_config.config_file = config_path self.assertEqual(config_path, logger_config.config_file) config = ClientConfig() config.cluster_name = self.cluster.id config.logger = logger_config client = HazelcastClient(config) self.assertEqual(logging.ERROR, client.logger.getEffectiveLevel()) self.assertFalse(client.logger.isEnabledFor(logging.INFO)) self.assertFalse(client.logger.isEnabledFor(logging.WARNING)) self.assertTrue(client.logger.isEnabledFor(logging.ERROR)) self.assertTrue(client.logger.isEnabledFor(logging.CRITICAL)) out = StringIO() handler = logging.getLogger("HazelcastClient").handlers[0] handler.stream = out client.logger.debug("DEBUG_TEST") client.logger.info("INFO_TEST") client.logger.error("ERROR_TEST") client.logger.critical("CRITICAL_TEST") out.flush() out_str = out.getvalue() self.assertEqual(0, out_str.count("DEBUG_TEST")) self.assertEqual(0, out_str.count("INFO_TEST")) self.assertEqual(1, out_str.count("ERROR_TEST")) self.assertEqual(1, out_str.count("CRITICAL_TEST")) client.shutdown()
def test_same_custom_configuration_file_with_multiple_clients(self): config = ClientConfig() config_file = get_abs_path(self.CUR_DIR, "simple_config.json") config.logger_config.configuration_file = config_file client1 = HazelcastClient(config) client2 = HazelcastClient(config) out = StringIO() logging.getLogger("HazelcastClient").handlers[0].stream = out client1.logger.critical("TEST_MSG") client2.logger.critical("TEST_MSG") out.flush() out_str = out.getvalue() self.assertEqual(2, out_str.count("TEST_MSG")) client1.shutdown() client2.shutdown()
class SSLTest(HazelcastTestCase): current_directory = os.path.dirname(__file__) rc = None hazelcast_ssl_xml = get_abs_path(current_directory, "hazelcast-ssl.xml") default_ca_xml = get_abs_path(current_directory, "hazelcast-default-ca.xml") def setUp(self): self.rc = self.create_rc() def tearDown(self): self.rc.exit() def test_ssl_disabled(self): cluster = self.create_cluster( self.rc, self.configure_cluster(self.hazelcast_ssl_xml)) cluster.start_member() with self.assertRaises(HazelcastError): HazelcastClient(**get_ssl_config(cluster.id, False)) def test_ssl_enabled_is_client_live(self): cluster = self.create_cluster( self.rc, self.configure_cluster(self.hazelcast_ssl_xml)) cluster.start_member() client = HazelcastClient(**get_ssl_config( cluster.id, True, get_abs_path(self.current_directory, "server1-cert.pem"))) self.assertTrue(client.lifecycle_service.is_running()) client.shutdown() def test_ssl_enabled_trust_default_certificates(self): # Member started with Let's Encrypt certificate cluster = self.create_cluster( self.rc, self.configure_cluster(self.default_ca_xml)) cluster.start_member() client = HazelcastClient(**get_ssl_config(cluster.id, True)) self.assertTrue(client.lifecycle_service.is_running()) client.shutdown() def test_ssl_enabled_dont_trust_self_signed_certificates(self): # Member started with self-signed certificate cluster = self.create_cluster( self.rc, self.configure_cluster(self.hazelcast_ssl_xml)) cluster.start_member() with self.assertRaises(HazelcastError): HazelcastClient(**get_ssl_config(cluster.id, True)) def test_ssl_enabled_map_size(self): cluster = self.create_cluster( self.rc, self.configure_cluster(self.hazelcast_ssl_xml)) cluster.start_member() client = HazelcastClient(**get_ssl_config( cluster.id, True, get_abs_path(self.current_directory, "server1-cert.pem"))) test_map = client.get_map("test_map") fill_map(test_map, 10) self.assertEqual(test_map.size().result(), 10) client.shutdown() def test_ssl_enabled_with_custom_ciphers(self): cluster = self.create_cluster( self.rc, self.configure_cluster(self.hazelcast_ssl_xml)) cluster.start_member() client = HazelcastClient(**get_ssl_config( cluster.id, True, get_abs_path(self.current_directory, "server1-cert.pem"), ciphers="ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384")) self.assertTrue(client.lifecycle_service.is_running()) client.shutdown() def test_ssl_enabled_with_invalid_ciphers(self): cluster = self.create_cluster( self.rc, self.configure_cluster(self.hazelcast_ssl_xml)) cluster.start_member() with self.assertRaises(HazelcastError): HazelcastClient(**get_ssl_config( cluster.id, True, get_abs_path(self.current_directory, "server1-cert.pem"), ciphers="INVALID-CIPHER1:INVALID_CIPHER2")) def test_ssl_enabled_with_protocol_mismatch(self): cluster = self.create_cluster( self.rc, self.configure_cluster(self.hazelcast_ssl_xml)) cluster.start_member() # Member configured with TLSv1 with self.assertRaises(HazelcastError): HazelcastClient(**get_ssl_config( cluster.id, True, get_abs_path(self.current_directory, "server1-cert.pem"), protocol=SSLProtocol.SSLv3)) def configure_cluster(self, filename): with open(filename, "r") as f: return f.read()
def configure_cluster(): current_directory = os.path.dirname(__file__) with open( get_abs_path(os.path.join(current_directory, "proxy"), "hazelcast.xml"), "r") as f: return f.read()
class MutualAuthenticationTest(HazelcastTestCase): current_directory = os.path.dirname(__file__) rc = None mutual_auth = True ma_req_xml = get_abs_path(current_directory, "hazelcast-ma-required.xml") ma_opt_xml = get_abs_path(current_directory, "hazelcast-ma-optional.xml") @classmethod def setUpClass(cls): configure_logging() def setUp(self): self.rc = self.create_rc() def tearDown(self): self.rc.exit() def test_ma_required_client_and_server_authenticated(self): cluster = self.create_cluster(self.rc, self.configure_cluster(True)) member = cluster.start_member() client = HazelcastClient( get_ssl_config(True, get_abs_path(self.current_directory, "server1-cert.pem"), get_abs_path(self.current_directory, "client1-cert.pem"), get_abs_path(self.current_directory, "client1-key.pem"), protocol=PROTOCOL.TLSv1)) self.assertTrue(client.lifecycle.is_live) client.shutdown() def test_ma_required_server_not_authenticated(self): cluster = self.create_cluster(self.rc, self.configure_cluster(True)) member = cluster.start_member() with self.assertRaises(HazelcastError): client = HazelcastClient( get_ssl_config(True, get_abs_path(self.current_directory, "server2-cert.pem"), get_abs_path(self.current_directory, "client1-cert.pem"), get_abs_path(self.current_directory, "client1-key.pem"), protocol=PROTOCOL.TLSv1)) def test_ma_required_client_not_authenticated(self): cluster = self.create_cluster(self.rc, self.configure_cluster(True)) member = cluster.start_member() with self.assertRaises(HazelcastError): client = HazelcastClient( get_ssl_config(True, get_abs_path(self.current_directory, "server1-cert.pem"), get_abs_path(self.current_directory, "client2-cert.pem"), get_abs_path(self.current_directory, "client2-key.pem"), protocol=PROTOCOL.TLSv1)) def test_ma_required_client_and_server_not_authenticated(self): cluster = self.create_cluster(self.rc, self.configure_cluster(True)) member = cluster.start_member() with self.assertRaises(HazelcastError): client = HazelcastClient( get_ssl_config(True, get_abs_path(self.current_directory, "server2-cert.pem"), get_abs_path(self.current_directory, "client2-cert.pem"), get_abs_path(self.current_directory, "client2-key.pem"), protocol=PROTOCOL.TLSv1)) def test_ma_optional_client_and_server_authenticated(self): cluster = self.create_cluster(self.rc, self.configure_cluster(False)) member = cluster.start_member() client = HazelcastClient( get_ssl_config(True, get_abs_path(self.current_directory, "server1-cert.pem"), get_abs_path(self.current_directory, "client1-cert.pem"), get_abs_path(self.current_directory, "client1-key.pem"), protocol=PROTOCOL.TLSv1)) self.assertTrue(client.lifecycle.is_live) client.shutdown() def test_ma_optional_server_not_authenticated(self): cluster = self.create_cluster(self.rc, self.configure_cluster(False)) member = cluster.start_member() with self.assertRaises(HazelcastError): client = HazelcastClient( get_ssl_config(True, get_abs_path(self.current_directory, "server2-cert.pem"), get_abs_path(self.current_directory, "client1-cert.pem"), get_abs_path(self.current_directory, "client1-key.pem"), protocol=PROTOCOL.TLSv1)) def test_ma_optional_client_not_authenticated(self): cluster = self.create_cluster(self.rc, self.configure_cluster(False)) member = cluster.start_member() with self.assertRaises(HazelcastError): client = HazelcastClient( get_ssl_config(True, get_abs_path(self.current_directory, "server1-cert.pem"), get_abs_path(self.current_directory, "client2-cert.pem"), get_abs_path(self.current_directory, "client2-key.pem"), protocol=PROTOCOL.TLSv1)) def test_ma_optional_client_and_server_not_authenticated(self): cluster = self.create_cluster(self.rc, self.configure_cluster(False)) member = cluster.start_member() with self.assertRaises(HazelcastError): client = HazelcastClient( get_ssl_config(True, get_abs_path(self.current_directory, "server2-cert.pem"), get_abs_path(self.current_directory, "client2-cert.pem"), get_abs_path(self.current_directory, "client2-key.pem"), protocol=PROTOCOL.TLSv1)) def test_ma_required_with_no_cert_file(self): cluster = self.create_cluster(self.rc, self.configure_cluster(True)) member = cluster.start_member() with self.assertRaises(HazelcastError): client = HazelcastClient( get_ssl_config(True, get_abs_path(self.current_directory, "server1-cert.pem"), protocol=PROTOCOL.TLSv1)) def test_ma_optional_with_no_cert_file(self): cluster = self.create_cluster(self.rc, self.configure_cluster(False)) member = cluster.start_member() client = HazelcastClient( get_ssl_config(True, get_abs_path(self.current_directory, "server1-cert.pem"), protocol=PROTOCOL.TLSv1)) self.assertTrue(client.lifecycle.is_live) client.shutdown() def configure_cluster(self, is_ma_required): file_path = self.ma_req_xml if is_ma_required else self.ma_opt_xml with open(file_path, "r") as f: return f.read()