Example 1 with SslContextProvider
use of io.crate.protocols.ssl.SslContextProvider in project crate by crate.
the class SSLTransportITest method test_nodes_connect_with_ssl.
@Test
public void test_nodes_connect_with_ssl() throws Exception {
execute("select count(*) from sys.nodes");
assertThat(response.rows()[0][0], is(2L));
SslContextProvider sslContextProvider = new SslContextProvider(sslSettings);
SSLContext sslContext = sslContextProvider.jdkSSLContext();
for (var transport : internalCluster().getInstances(Transport.class)) {
var publishAddress = transport.boundAddress().publishAddress();
var address = publishAddress.address();
ProbeResult probeResult = ConnectionTest.probeSSL(sslContext, address);
assertThat(probeResult, is(ProbeResult.SSL_AVAILABLE));
}
}
Also used :
SslContextProvider(io.crate.protocols.ssl.SslContextProvider)
SSLContext(javax.net.ssl.SSLContext)
ProbeResult(io.crate.test.utils.ConnectionTest.ProbeResult)
Test(org.junit.Test)
ConnectionTest(io.crate.test.utils.ConnectionTest)
Example 2 with SslContextProvider
use of io.crate.protocols.ssl.SslContextProvider in project crate by crate.
the class CrateHttpsTransportTest method testPipelineConfiguration.
@Test
public void testPipelineConfiguration() throws Exception {
Settings settings = Settings.builder().put(PATH_HOME_SETTING.getKey(), "/tmp").put(SslSettings.SSL_HTTP_ENABLED.getKey(), true).put(SslSettings.SSL_TRUSTSTORE_FILEPATH.getKey(), trustStoreFile.getAbsolutePath()).put(SslSettings.SSL_TRUSTSTORE_PASSWORD.getKey(), "keystorePassword").put(SslSettings.SSL_KEYSTORE_FILEPATH.getKey(), keyStoreFile.getAbsolutePath()).put(SslSettings.SSL_KEYSTORE_PASSWORD.getKey(), "keystorePassword").put(SslSettings.SSL_KEYSTORE_KEY_PASSWORD.getKey(), "keystorePassword").build();
NetworkService networkService = new NetworkService(Collections.singletonList(new NetworkService.CustomNameResolver() {
@Override
public InetAddress[] resolveDefault() {
return new InetAddress[] { InetAddresses.forString("127.0.0.1") };
}
@Override
public InetAddress[] resolveIfPossible(String value) throws IOException {
return new InetAddress[] { InetAddresses.forString("127.0.0.1") };
}
}));
PipelineRegistry pipelineRegistry = new PipelineRegistry(settings);
pipelineRegistry.setSslContextProvider(new SslContextProvider(settings));
Netty4HttpServerTransport transport = new Netty4HttpServerTransport(settings, networkService, BigArrays.NON_RECYCLING_INSTANCE, mock(ThreadPool.class), NamedXContentRegistry.EMPTY, pipelineRegistry, new NettyBootstrap(), mock(NodeClient.class));
EmbeddedChannel channel = new EmbeddedChannel();
try {
transport.start();
Netty4HttpServerTransport.HttpChannelHandler httpChannelHandler = (Netty4HttpServerTransport.HttpChannelHandler) transport.configureServerChannelHandler();
httpChannelHandler.initChannel(channel);
assertThat(channel.pipeline().first(), instanceOf(SslHandler.class));
} finally {
transport.stop();
transport.close();
channel.releaseInbound();
channel.close().awaitUninterruptibly();
}
}
Also used :
NodeClient(org.elasticsearch.client.node.NodeClient)
ThreadPool(org.elasticsearch.threadpool.ThreadPool)
Netty4HttpServerTransport(org.elasticsearch.http.netty4.Netty4HttpServerTransport)
EmbeddedChannel(io.netty.channel.embedded.EmbeddedChannel)
PipelineRegistry(io.crate.netty.channel.PipelineRegistry)
SslHandler(io.netty.handler.ssl.SslHandler)
NetworkService(org.elasticsearch.common.network.NetworkService)
SslContextProvider(io.crate.protocols.ssl.SslContextProvider)
InetAddress(java.net.InetAddress)
Settings(org.elasticsearch.common.settings.Settings)
SslSettings(io.crate.protocols.ssl.SslSettings)
NettyBootstrap(io.crate.netty.NettyBootstrap)
Test(org.junit.Test)
Example 3 with SslContextProvider
use of io.crate.protocols.ssl.SslContextProvider in project crate by crate.
the class DefaultTransportITest method test_nodes_connect_with_hba_enabled_and_default_transport_mode.
@Test
public void test_nodes_connect_with_hba_enabled_and_default_transport_mode() throws Exception {
execute("select count(*) from sys.nodes");
assertThat(response.rows()[0][0], is(2L));
SslContextProvider sslContextProvider = new SslContextProvider(sslSettings);
SSLContext sslContext = sslContextProvider.jdkSSLContext();
for (var transport : internalCluster().getInstances(Transport.class)) {
var publishAddress = transport.boundAddress().publishAddress();
var address = publishAddress.address();
ProbeResult probeResult = ConnectionTest.probeSSL(sslContext, address);
assertThat(probeResult, is(ProbeResult.SSL_MISSING));
}
}
Also used :
SslContextProvider(io.crate.protocols.ssl.SslContextProvider)
SSLContext(javax.net.ssl.SSLContext)
ProbeResult(io.crate.test.utils.ConnectionTest.ProbeResult)
Test(org.junit.Test)
ConnectionTest(io.crate.test.utils.ConnectionTest)
Example 4 with SslContextProvider
use of io.crate.protocols.ssl.SslContextProvider in project crate by crate.
the class MockTransportService method createNewService.
public static MockTransportService createNewService(Settings settings, Version version, ThreadPool threadPool, @Nullable ClusterSettings clusterSettings) {
var allSettings = Settings.builder().put(TransportSettings.PORT.getKey(), ESTestCase.getPortRange()).put(settings).build();
var namedWriteableRegistry = new NamedWriteableRegistry(ClusterModule.getNamedWriteables());
var transport = new Netty4Transport(allSettings, version, threadPool, new NetworkService(List.of()), new PageCacheRecycler(allSettings), namedWriteableRegistry, new NoneCircuitBreakerService(), new NettyBootstrap(), new AlwaysOKAuthentication(name -> User.CRATE_USER), new SslContextProvider(allSettings));
return new MockTransportService(allSettings, transport, threadPool, boundAddress -> new DiscoveryNode(Node.NODE_NAME_SETTING.get(settings), UUIDs.randomBase64UUID(), boundAddress.publishAddress(), Node.NODE_ATTRIBUTES.getAsMap(settings), DiscoveryNode.getRolesFromSettings(settings), version), clusterSettings);
}
Also used :
NamedWriteableRegistry(org.elasticsearch.common.io.stream.NamedWriteableRegistry)
Arrays(java.util.Arrays)
TransportRequest(org.elasticsearch.transport.TransportRequest)
ConnectTransportException(org.elasticsearch.transport.ConnectTransportException)
Settings(org.elasticsearch.common.settings.Settings)
Map(java.util.Map)
ThreadPool(org.elasticsearch.threadpool.ThreadPool)
Transport(org.elasticsearch.transport.Transport)
User(io.crate.user.User)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
UUIDs(org.elasticsearch.common.UUIDs)
Set(java.util.Set)
PageCacheRecycler(org.elasticsearch.common.util.PageCacheRecycler)
ConnectionManager(org.elasticsearch.transport.ConnectionManager)
ClusterModule(org.elasticsearch.cluster.ClusterModule)
CountDownLatch(java.util.concurrent.CountDownLatch)
List(java.util.List)
AbstractRunnable(org.elasticsearch.common.util.concurrent.AbstractRunnable)
Version(org.elasticsearch.Version)
TransportAddress(org.elasticsearch.common.transport.TransportAddress)
TransportSettings(org.elasticsearch.transport.TransportSettings)
TimeValue(io.crate.common.unit.TimeValue)
Queue(java.util.Queue)
TransportRequestOptions(org.elasticsearch.transport.TransportRequestOptions)
SslContextProvider(io.crate.protocols.ssl.SslContextProvider)
CopyOnWriteArrayList(java.util.concurrent.CopyOnWriteArrayList)
AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean)
HashMap(java.util.HashMap)
BytesStreamOutput(org.elasticsearch.common.io.stream.BytesStreamOutput)
RequestHandlerRegistry(org.elasticsearch.transport.RequestHandlerRegistry)
BoundTransportAddress(org.elasticsearch.common.transport.BoundTransportAddress)
Function(java.util.function.Function)
Supplier(java.util.function.Supplier)
HashSet(java.util.HashSet)
DiscoveryNode(org.elasticsearch.cluster.node.DiscoveryNode)
NetworkService(org.elasticsearch.common.network.NetworkService)
NoneCircuitBreakerService(org.elasticsearch.indices.breaker.NoneCircuitBreakerService)
NamedWriteableRegistry(org.elasticsearch.common.io.stream.NamedWriteableRegistry)
TcpTransport(org.elasticsearch.transport.TcpTransport)
NettyBootstrap(io.crate.netty.NettyBootstrap)
Node(org.elasticsearch.node.Node)
ESTestCase(org.elasticsearch.test.ESTestCase)
TransportService(org.elasticsearch.transport.TransportService)
Nullable(javax.annotation.Nullable)
ConnectionProfile(org.elasticsearch.transport.ConnectionProfile)
Netty4Transport(org.elasticsearch.transport.netty4.Netty4Transport)
IOUtils(io.crate.common.io.IOUtils)
Plugin(org.elasticsearch.plugins.Plugin)
IOException(java.io.IOException)
TimeUnit(java.util.concurrent.TimeUnit)
ClusterSettings(org.elasticsearch.common.settings.ClusterSettings)
LinkedBlockingDeque(java.util.concurrent.LinkedBlockingDeque)
AlwaysOKAuthentication(io.crate.auth.AlwaysOKAuthentication)
ActionListener(org.elasticsearch.action.ActionListener)
AlwaysOKAuthentication(io.crate.auth.AlwaysOKAuthentication)
DiscoveryNode(org.elasticsearch.cluster.node.DiscoveryNode)
PageCacheRecycler(org.elasticsearch.common.util.PageCacheRecycler)
Netty4Transport(org.elasticsearch.transport.netty4.Netty4Transport)
NetworkService(org.elasticsearch.common.network.NetworkService)
SslContextProvider(io.crate.protocols.ssl.SslContextProvider)
NoneCircuitBreakerService(org.elasticsearch.indices.breaker.NoneCircuitBreakerService)
NettyBootstrap(io.crate.netty.NettyBootstrap)
Example 5 with SslContextProvider
use of io.crate.protocols.ssl.SslContextProvider in project crate by crate.
the class TransportServiceHandshakeTests method startServices.
private NetworkHandle startServices(String nodeNameAndId, Settings settings, Version version) {
var allSettings = Settings.builder().put(TransportSettings.PORT.getKey(), ESTestCase.getPortRange()).put(settings).build();
var transport = new Netty4Transport(allSettings, // handle the real world scenario instead of a faked one.
Version.CURRENT, threadPool, new NetworkService(Collections.emptyList()), PageCacheRecycler.NON_RECYCLING_INSTANCE, new NamedWriteableRegistry(Collections.emptyList()), new NoneCircuitBreakerService(), new NettyBootstrap(), new AlwaysOKAuthentication(userName -> User.CRATE_USER), new SslContextProvider(settings));
TransportService transportService = new MockTransportService(allSettings, transport, threadPool, (boundAddress) -> new DiscoveryNode(nodeNameAndId, nodeNameAndId, boundAddress.publishAddress(), emptyMap(), emptySet(), version), null);
transportService.start();
transportService.acceptIncomingRequests();
transportServices.add(transportService);
return new NetworkHandle(transportService, transportService.getLocalNode());
}
Also used :
NamedWriteableRegistry(org.elasticsearch.common.io.stream.NamedWriteableRegistry)
BeforeClass(org.junit.BeforeClass)
ArrayList(java.util.ArrayList)
DiscoveryNode(org.elasticsearch.cluster.node.DiscoveryNode)
NetworkService(org.elasticsearch.common.network.NetworkService)
Settings(org.elasticsearch.common.settings.Settings)
NoneCircuitBreakerService(org.elasticsearch.indices.breaker.NoneCircuitBreakerService)
NamedWriteableRegistry(org.elasticsearch.common.io.stream.NamedWriteableRegistry)
After(org.junit.After)
NettyBootstrap(io.crate.netty.NettyBootstrap)
ThreadPool(org.elasticsearch.threadpool.ThreadPool)
ESTestCase(org.elasticsearch.test.ESTestCase)
MockTransportService(org.elasticsearch.test.transport.MockTransportService)
Collections.emptyMap(java.util.Collections.emptyMap)
TestThreadPool(org.elasticsearch.threadpool.TestThreadPool)
AfterClass(org.junit.AfterClass)
Collections.emptySet(java.util.Collections.emptySet)
Netty4Transport(org.elasticsearch.transport.netty4.Netty4Transport)
User(io.crate.user.User)
PlainActionFuture(org.elasticsearch.action.support.PlainActionFuture)
IOException(java.io.IOException)
PageCacheRecycler(org.elasticsearch.common.util.PageCacheRecycler)
Test(org.junit.Test)
VersionUtils(org.elasticsearch.test.VersionUtils)
TimeUnit(java.util.concurrent.TimeUnit)
List(java.util.List)
Version(org.elasticsearch.Version)
SslContextProvider(io.crate.protocols.ssl.SslContextProvider)
AlwaysOKAuthentication(io.crate.auth.AlwaysOKAuthentication)
Matchers.containsString(org.hamcrest.Matchers.containsString)
Collections(java.util.Collections)
ActionListener(org.elasticsearch.action.ActionListener)
AlwaysOKAuthentication(io.crate.auth.AlwaysOKAuthentication)
DiscoveryNode(org.elasticsearch.cluster.node.DiscoveryNode)
MockTransportService(org.elasticsearch.test.transport.MockTransportService)
Netty4Transport(org.elasticsearch.transport.netty4.Netty4Transport)
MockTransportService(org.elasticsearch.test.transport.MockTransportService)
NetworkService(org.elasticsearch.common.network.NetworkService)
SslContextProvider(io.crate.protocols.ssl.SslContextProvider)
NoneCircuitBreakerService(org.elasticsearch.indices.breaker.NoneCircuitBreakerService)
NettyBootstrap(io.crate.netty.NettyBootstrap)
Aggregations
SslContextProvider (io.crate.protocols.ssl.SslContextProvider)5
Test (org.junit.Test)4
NettyBootstrap (io.crate.netty.NettyBootstrap)3
NetworkService (org.elasticsearch.common.network.NetworkService)3
Settings (org.elasticsearch.common.settings.Settings)3
ThreadPool (org.elasticsearch.threadpool.ThreadPool)3
AlwaysOKAuthentication (io.crate.auth.AlwaysOKAuthentication)2
ConnectionTest (io.crate.test.utils.ConnectionTest)2
ProbeResult (io.crate.test.utils.ConnectionTest.ProbeResult)2
User (io.crate.user.User)2
IOException (java.io.IOException)2
List (java.util.List)2
TimeUnit (java.util.concurrent.TimeUnit)2
Version (org.elasticsearch.Version)2
ActionListener (org.elasticsearch.action.ActionListener)2
DiscoveryNode (org.elasticsearch.cluster.node.DiscoveryNode)2
NamedWriteableRegistry (org.elasticsearch.common.io.stream.NamedWriteableRegistry)2
PageCacheRecycler (org.elasticsearch.common.util.PageCacheRecycler)2
NoneCircuitBreakerService (org.elasticsearch.indices.breaker.NoneCircuitBreakerService)2
ESTestCase (org.elasticsearch.test.ESTestCase)2
