use of com.mysql.cj.xdevapi.Session in project aws-mysql-jdbc by awslabs.
the class SecureSessionTest method testSecureSessionDefaultAndRequiredWithSystemPropsPresent.
/**
* Tests secure {@link Session}s created via URL and properties map, with the SSL system properties also defined.
*/
@Test
public void testSecureSessionDefaultAndRequiredWithSystemPropsPresent() {
assumeTrue(supportsTestCertificates(this.session), "This test requires the server configured with SSL certificates from ConnectorJ/src/test/config/ssl-test-certs");
System.setProperty("javax.net.ssl.trustStore", this.trustStorePath);
System.setProperty("javax.net.ssl.trustStorePassword", this.trustStorePassword);
Session testSession = this.fact.getSession(this.sslFreeBaseUrl);
assertSecureSession(testSession);
testSession.close();
testSession = this.fact.getSession(this.sslFreeBaseUrl + makeParam(PropertyKey.xdevapiSslMode, XdevapiSslMode.VERIFY_CA));
assertSecureSession(testSession);
testSession.close();
testSession = this.fact.getSession(this.sslFreeTestProperties);
assertSecureSession(testSession);
testSession.close();
Properties props = new Properties(this.sslFreeTestProperties);
props.setProperty(PropertyKey.xdevapiSslMode.getKeyName(), XdevapiSslMode.REQUIRED.toString());
testSession = this.fact.getSession(props);
assertSecureSession(testSession);
testSession.close();
}
use of com.mysql.cj.xdevapi.Session in project aws-mysql-jdbc by awslabs.
the class SecureSessionTest method testTLSVersionRemoval.
/**
* Tests fix for WL#14805, Remove support for TLS 1.0 and 1.1.
*
* @throws Exception
*/
@Test
public void testTLSVersionRemoval() throws Exception {
assumeTrue(supportsTestCertificates(this.session), "This test requires the server configured with SSL certificates from ConnectorJ/src/test/config/ssl-test-certs");
Session sess = null;
Properties props = new Properties(this.sslFreeTestProperties);
props.setProperty(PropertyKey.sslMode.getKeyName(), SslMode.REQUIRED.name());
props.setProperty(PropertyKey.allowPublicKeyRetrieval.getKeyName(), "true");
// TS.FR.1_1. Create a Connection with the connection property tlsVersions=TLSv1.2. Assess that the connection is created successfully and it is using TLSv1.2.
props.setProperty(PropertyKey.tlsVersions.getKeyName(), "TLSv1.2");
sess = this.fact.getSession(props);
assertSecureSession(sess);
assertTlsVersion(sess, "TLSv1.2");
sess.close();
props.remove(PropertyKey.tlsVersions.getKeyName());
props.setProperty(PropertyKey.xdevapiTlsVersions.getKeyName(), "TLSv1.2");
sess = this.fact.getSession(props);
assertSecureSession(sess);
assertTlsVersion(sess, "TLSv1.2");
sess.close();
// TS.FR.1_2. Create a Connection with the connection property enabledTLSProtocols=TLSv1.2. Assess that the connection is created successfully and it is using TLSv1.2.
props.remove(PropertyKey.xdevapiTlsVersions.getKeyName());
props.setProperty("enabledTLSProtocols", "TLSv1.2");
sess = this.fact.getSession(props);
assertSecureSession(sess);
assertTlsVersion(sess, "TLSv1.2");
sess.close();
props.remove("enabledTLSProtocols");
// TS.FR.2_1. Create a Connection with the connection property tlsCiphersuites=[valid-cipher-suite]. Assess that the connection is created successfully and it is using the cipher suite specified.
props.setProperty(PropertyKey.tlsCiphersuites.getKeyName(), "TLS_DHE_RSA_WITH_AES_128_CBC_SHA");
sess = this.fact.getSession(props);
assertSecureSession(sess);
assertSessionStatusEquals(sess, "mysqlx_ssl_cipher", "DHE-RSA-AES128-SHA");
sess.close();
props.remove(PropertyKey.tlsCiphersuites.getKeyName());
props.setProperty(PropertyKey.xdevapiTlsCiphersuites.getKeyName(), "TLS_DHE_RSA_WITH_AES_128_CBC_SHA");
sess = this.fact.getSession(props);
assertSecureSession(sess);
assertSessionStatusEquals(sess, "mysqlx_ssl_cipher", "DHE-RSA-AES128-SHA");
sess.close();
// TS.FR.2_2. Create a Connection with the connection property enabledSSLCipherSuites=[valid-cipher-suite] . Assess that the connection is created successfully and it is using the cipher suite specified.
props.remove(PropertyKey.xdevapiTlsCiphersuites.getKeyName());
props.setProperty("enabledSSLCipherSuites", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA");
sess = this.fact.getSession(props);
assertSecureSession(sess);
assertSessionStatusEquals(sess, "mysqlx_ssl_cipher", "DHE-RSA-AES128-SHA");
sess.close();
props.remove("enabledSSLCipherSuites");
// TS.FR.3_1. Create a Connection with the connection property tlsVersions=TLSv1. Assess that the connection fails.
props.setProperty(PropertyKey.tlsVersions.getKeyName(), "TLSv1");
assertThrows(CJCommunicationsException.class, ".+TLS protocols TLSv1 and TLSv1.1 are not supported. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
props.remove(PropertyKey.tlsVersions.getKeyName());
props.setProperty(PropertyKey.xdevapiTlsVersions.getKeyName(), "TLSv1");
assertThrows(SSLParamsException.class, "TLS protocols TLSv1 and TLSv1.1 are not supported. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
// TS.FR.3_2. Create a Connection with the connection property tlsVersions=TLSv1.1. Assess that the connection fails.
props.remove(PropertyKey.xdevapiTlsVersions.getKeyName());
props.setProperty(PropertyKey.tlsVersions.getKeyName(), "TLSv1.1");
assertThrows(CJCommunicationsException.class, ".+TLS protocols TLSv1 and TLSv1.1 are not supported. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
props.remove(PropertyKey.tlsVersions.getKeyName());
props.setProperty(PropertyKey.xdevapiTlsVersions.getKeyName(), "TLSv1.1");
assertThrows(SSLParamsException.class, "TLS protocols TLSv1 and TLSv1.1 are not supported. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
props.remove(PropertyKey.xdevapiTlsVersions.getKeyName());
// TS.FR.3_3. Create a Connection with the connection property enabledTLSProtocols=TLSv1. Assess that the connection fails.
props.setProperty("enabledTLSProtocols", "TLSv1");
assertThrows(CJCommunicationsException.class, ".+TLS protocols TLSv1 and TLSv1.1 are not supported. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
props.remove("enabledTLSProtocols");
// TS.FR.3_4. Create a Connection with the connection property enabledTLSProtocols=TLSv1.1. Assess that the connection fails.
props.setProperty("enabledTLSProtocols", "TLSv1.1");
assertThrows(CJCommunicationsException.class, ".+TLS protocols TLSv1 and TLSv1.1 are not supported. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
props.remove("enabledTLSProtocols");
// TS.FR.4. Create a Connection with the connection property tlsVersions=TLSv1 and sslMode=DISABLED. Assess that the connection is created successfully and it is not using encryption.
props.setProperty(PropertyKey.tlsVersions.getKeyName(), "TLSv1");
props.setProperty(PropertyKey.xdevapiSslMode.getKeyName(), SslMode.DISABLED.name());
sess = this.fact.getSession(props);
assertNonSecureSession(sess);
sess.close();
props.remove(PropertyKey.tlsVersions.getKeyName());
props.setProperty(PropertyKey.xdevapiTlsVersions.getKeyName(), "TLSv1");
assertThrows(WrongArgumentException.class, "Option '" + PropertyKey.xdevapiTlsVersions.getKeyName() + "' can not be specified when SSL connections are disabled.", () -> this.fact.getSession(props));
props.remove(PropertyKey.xdevapiTlsVersions.getKeyName());
props.remove(PropertyKey.xdevapiSslMode.getKeyName());
// TS.FR.5_1. Create a Connection with the connection property tlsVersions=FOO,BAR.
// Assess that the connection fails with the error message "Specified list of TLS versions only contains non valid TLS protocols. Accepted values are TLSv1.2 and TLSv1.3."
props.setProperty(PropertyKey.tlsVersions.getKeyName(), "FOO,BAR");
assertThrows(CJCommunicationsException.class, ".+Specified list of TLS versions only contains non valid TLS protocols. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
props.setProperty(PropertyKey.tlsVersions.getKeyName(), "FOO,,,BAR");
assertThrows(CJCommunicationsException.class, ".+Specified list of TLS versions only contains non valid TLS protocols. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
props.remove(PropertyKey.tlsVersions.getKeyName());
props.setProperty(PropertyKey.xdevapiTlsVersions.getKeyName(), "FOO,BAR");
assertThrows(SSLParamsException.class, "Specified list of TLS versions only contains non valid TLS protocols. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
props.setProperty(PropertyKey.xdevapiTlsVersions.getKeyName(), "FOO,,,BAR");
assertThrows(SSLParamsException.class, "Specified list of TLS versions only contains non valid TLS protocols. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
props.remove(PropertyKey.xdevapiTlsVersions.getKeyName());
// TS.FR.5_2. Create a Connection with the connection property tlsVersions=FOO,TLSv1.1.
// Assess that the connection fails with the error message "TLS protocols TLSv1 and TLSv1.1 are not supported. Accepted values are TLSv1.2 and TLSv1.3."
props.setProperty(PropertyKey.tlsVersions.getKeyName(), "FOO,TLSv1.1");
assertThrows(CJCommunicationsException.class, ".+TLS protocols TLSv1 and TLSv1.1 are not supported. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
props.setProperty(PropertyKey.xdevapiTlsVersions.getKeyName(), "FOO,TLSv1.1");
assertThrows(SSLParamsException.class, "TLS protocols TLSv1 and TLSv1.1 are not supported. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
props.remove(PropertyKey.xdevapiTlsVersions.getKeyName());
// TS.FR.5_3. Create a Connection with the connection property tlsVersions=TLSv1,TLSv1.1.
// Assess that the connection fails with the error message "TLS protocols TLSv1 and TLSv1.1 are not supported. Accepted values are TLSv1.2 and TLSv1.3."
props.setProperty(PropertyKey.xdevapiTlsVersions.getKeyName(), "TLSv1,TLSv1.1");
assertThrows(SSLParamsException.class, "TLS protocols TLSv1 and TLSv1.1 are not supported. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
props.remove(PropertyKey.xdevapiTlsVersions.getKeyName());
// TS.FR.6. Create a Connection with the connection property tlsVersions= (empty value).
// Assess that the connection fails with the error message "Specified list of TLS versions is empty. Accepted values are TLSv1.2 and TLSv13."
props.setProperty(PropertyKey.xdevapiTlsVersions.getKeyName(), "");
assertThrows(SSLParamsException.class, "Specified list of TLS versions is empty. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
props.setProperty(PropertyKey.xdevapiTlsVersions.getKeyName(), " ");
assertThrows(SSLParamsException.class, "Specified list of TLS versions is empty. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
props.setProperty(PropertyKey.xdevapiTlsVersions.getKeyName(), ",,,");
assertThrows(SSLParamsException.class, "Specified list of TLS versions is empty. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
props.setProperty(PropertyKey.xdevapiTlsVersions.getKeyName(), ", ,,");
assertThrows(SSLParamsException.class, "Specified list of TLS versions is empty. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
props.remove(PropertyKey.xdevapiTlsVersions.getKeyName());
// TS.FR.7. Create a Connection with the connection property tlsVersions=FOO,TLSv1,TLSv1.1,TLSv1.2.
// Assess that the connection is created successfully and it is using TLSv1.2.
props.setProperty(PropertyKey.tlsVersions.getKeyName(), "FOO,TLSv1,TLSv1.1,TLSv1.2");
sess = this.fact.getSession(props);
assertSecureSession(sess);
assertTlsVersion(sess, "TLSv1.2");
sess.close();
props.remove(PropertyKey.tlsVersions.getKeyName());
props.setProperty(PropertyKey.xdevapiTlsVersions.getKeyName(), "FOO,TLSv1,TLSv1.1,TLSv1.2");
sess = this.fact.getSession(props);
assertSecureSession(sess);
assertTlsVersion(sess, "TLSv1.2");
sess.close();
props.remove(PropertyKey.xdevapiTlsVersions.getKeyName());
// TS.FR.9_1. Create an X DevAPI session with the property tlsVersions=TLSv1,TLSv1.1.
// Assess that the operation fails with the error message TLS protocols TLSv1 and TLSv1.1 are not supported. Accepted values are TLSv1.2 and TLSv1.3.
props.setProperty(PropertyKey.tlsVersions.getKeyName(), "TLSv1,TLSv1.1");
assertThrows(CJCommunicationsException.class, ".+TLS protocols TLSv1 and TLSv1.1 are not supported. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
// TS.FR.9_2. Create an Connection X DevAPI session with the property tlsVersions= (empty value).
// Assess that the operation fails with the error message Specified list of TLS versions is empty. Accepted values are TLSv1.2 and TLSv13.
props.setProperty(PropertyKey.tlsVersions.getKeyName(), "");
assertThrows(CJCommunicationsException.class, ".+Specified list of TLS versions is empty. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
props.setProperty(PropertyKey.tlsVersions.getKeyName(), " ");
assertThrows(CJCommunicationsException.class, ".+Specified list of TLS versions is empty. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
props.setProperty(PropertyKey.tlsVersions.getKeyName(), ",,,");
assertThrows(CJCommunicationsException.class, ".+Specified list of TLS versions is empty. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
props.setProperty(PropertyKey.tlsVersions.getKeyName(), ", ,,");
assertThrows(CJCommunicationsException.class, ".+Specified list of TLS versions is empty. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
props.remove(PropertyKey.tlsVersions.getKeyName());
// TS.FR.10. Create an X DevAPI session with the property tlsVersions=TLSv1.2 and xdevapi.ssl-mode=DISABLED.
// Assess that the session is created successfully and it is not using encryption.
props.setProperty(PropertyKey.tlsVersions.getKeyName(), "TLSv1.2");
props.setProperty(PropertyKey.sslMode.getKeyName(), SslMode.DISABLED.name());
sess = this.fact.getSession(props);
assertNonSecureSession(sess);
sess.close();
}
use of com.mysql.cj.xdevapi.Session in project aws-mysql-jdbc by awslabs.
the class SecureSessionTest method testXdevapiSslConnectionOptions.
/**
* Tests that given SSL/TLS related session properties values are processed as expected.
*
* @throws Exception
*/
@Test
public void testXdevapiSslConnectionOptions() throws Exception {
assumeTrue(supportsTestCertificates(this.session), "This test requires the server configured with SSL certificates from ConnectorJ/src/test/config/ssl-test-certs");
Session testSess;
PropertySet propSet;
/*
* Check defaults.
*/
testSess = this.fact.getSession(this.sslFreeBaseUrl);
propSet = ((SessionImpl) testSess).getSession().getPropertySet();
// X DevAPI options.
assertEquals(XdevapiSslMode.REQUIRED, propSet.getProperty(PropertyKey.xdevapiSslMode).getValue());
assertNull(propSet.getProperty(PropertyKey.xdevapiSslTrustStoreUrl).getValue());
assertEquals("JKS", propSet.getProperty(PropertyKey.xdevapiSslTrustStoreType).getValue());
assertNull(propSet.getProperty(PropertyKey.xdevapiSslTrustStorePassword).getValue());
assertTrue(propSet.getBooleanProperty(PropertyKey.xdevapiFallbackToSystemTrustStore).getValue());
assertNull(propSet.getProperty(PropertyKey.xdevapiSslKeyStoreUrl).getValue());
assertEquals("JKS", propSet.getProperty(PropertyKey.xdevapiSslKeyStoreType).getValue());
assertNull(propSet.getProperty(PropertyKey.xdevapiSslKeyStorePassword).getValue());
assertTrue(propSet.getBooleanProperty(PropertyKey.xdevapiFallbackToSystemKeyStore).getValue());
// Global (JDBC) options.
assertEquals(SslMode.REQUIRED, propSet.getProperty(PropertyKey.sslMode).getValue());
assertNull(propSet.getProperty(PropertyKey.trustCertificateKeyStoreUrl).getValue());
assertEquals("JKS", propSet.getProperty(PropertyKey.trustCertificateKeyStoreType).getValue());
assertNull(propSet.getProperty(PropertyKey.trustCertificateKeyStorePassword).getValue());
assertTrue(propSet.getBooleanProperty(PropertyKey.fallbackToSystemTrustStore).getValue());
assertNull(propSet.getProperty(PropertyKey.clientCertificateKeyStoreUrl).getValue());
assertEquals("JKS", propSet.getProperty(PropertyKey.clientCertificateKeyStoreType).getValue());
assertNull(propSet.getProperty(PropertyKey.clientCertificateKeyStorePassword).getValue());
assertTrue(propSet.getBooleanProperty(PropertyKey.fallbackToSystemKeyStore).getValue());
testSess.close();
/*
* Check SSL properties set globally (JDBC)
*/
Properties props = new Properties(this.sslFreeTestProperties);
// Set global SSL connection properties.
props.setProperty(PropertyKey.sslMode.getKeyName(), SslMode.VERIFY_CA.toString());
props.setProperty(PropertyKey.trustCertificateKeyStoreUrl.getKeyName(), "file:src/test/config/ssl-test-certs/ca-truststore");
props.setProperty(PropertyKey.trustCertificateKeyStoreType.getKeyName(), "JKS");
props.setProperty(PropertyKey.trustCertificateKeyStorePassword.getKeyName(), "password");
props.setProperty(PropertyKey.fallbackToSystemTrustStore.getKeyName(), "false");
props.setProperty(PropertyKey.clientCertificateKeyStoreUrl.getKeyName(), "file:src/test/config/ssl-test-certs/client-keystore");
props.setProperty(PropertyKey.clientCertificateKeyStoreType.getKeyName(), "JKS");
props.setProperty(PropertyKey.clientCertificateKeyStorePassword.getKeyName(), "password");
props.setProperty(PropertyKey.fallbackToSystemKeyStore.getKeyName(), "false");
testSess = this.fact.getSession(props);
propSet = ((SessionImpl) testSess).getSession().getPropertySet();
// X DevAPI options keep defaults.
assertEquals(XdevapiSslMode.REQUIRED, propSet.getProperty(PropertyKey.xdevapiSslMode).getValue());
assertNull(propSet.getProperty(PropertyKey.xdevapiSslTrustStoreUrl).getValue());
assertEquals("JKS", propSet.getProperty(PropertyKey.xdevapiSslTrustStoreType).getValue());
assertNull(propSet.getProperty(PropertyKey.xdevapiSslTrustStorePassword).getValue());
assertTrue(propSet.getBooleanProperty(PropertyKey.xdevapiFallbackToSystemTrustStore).getValue());
assertNull(propSet.getProperty(PropertyKey.xdevapiSslKeyStoreUrl).getValue());
assertEquals("JKS", propSet.getProperty(PropertyKey.xdevapiSslKeyStoreType).getValue());
assertNull(propSet.getProperty(PropertyKey.xdevapiSslKeyStorePassword).getValue());
assertTrue(propSet.getBooleanProperty(PropertyKey.xdevapiFallbackToSystemKeyStore).getValue());
// Global (JDBC) were set.
assertEquals(SslMode.VERIFY_CA, propSet.getProperty(PropertyKey.sslMode).getValue());
assertEquals("file:src/test/config/ssl-test-certs/ca-truststore", propSet.getProperty(PropertyKey.trustCertificateKeyStoreUrl).getValue());
assertEquals("JKS", propSet.getProperty(PropertyKey.trustCertificateKeyStoreType).getValue());
assertEquals("password", propSet.getProperty(PropertyKey.trustCertificateKeyStorePassword).getValue());
assertFalse(propSet.getBooleanProperty(PropertyKey.fallbackToSystemTrustStore).getValue());
assertEquals("file:src/test/config/ssl-test-certs/client-keystore", propSet.getProperty(PropertyKey.clientCertificateKeyStoreUrl).getValue());
assertEquals("JKS", propSet.getProperty(PropertyKey.clientCertificateKeyStoreType).getValue());
assertEquals("password", propSet.getProperty(PropertyKey.clientCertificateKeyStorePassword).getValue());
assertFalse(propSet.getBooleanProperty(PropertyKey.fallbackToSystemKeyStore).getValue());
testSess.close();
props.setProperty(PropertyKey.fallbackToSystemTrustStore.getKeyName(), "true");
props.setProperty(PropertyKey.fallbackToSystemKeyStore.getKeyName(), "true");
testSess = this.fact.getSession(props);
propSet = ((SessionImpl) testSess).getSession().getPropertySet();
// X DevAPI options keep defaults.
assertEquals(XdevapiSslMode.REQUIRED, propSet.getProperty(PropertyKey.xdevapiSslMode).getValue());
assertNull(propSet.getProperty(PropertyKey.xdevapiSslTrustStoreUrl).getValue());
assertEquals("JKS", propSet.getProperty(PropertyKey.xdevapiSslTrustStoreType).getValue());
assertNull(propSet.getProperty(PropertyKey.xdevapiSslTrustStorePassword).getValue());
assertTrue(propSet.getBooleanProperty(PropertyKey.xdevapiFallbackToSystemTrustStore).getValue());
assertNull(propSet.getProperty(PropertyKey.xdevapiSslKeyStoreUrl).getValue());
assertEquals("JKS", propSet.getProperty(PropertyKey.xdevapiSslKeyStoreType).getValue());
assertNull(propSet.getProperty(PropertyKey.xdevapiSslKeyStorePassword).getValue());
assertTrue(propSet.getBooleanProperty(PropertyKey.xdevapiFallbackToSystemKeyStore).getValue());
// Global (JDBC) options were set.
assertEquals(SslMode.VERIFY_CA, propSet.getProperty(PropertyKey.sslMode).getValue());
assertEquals("file:src/test/config/ssl-test-certs/ca-truststore", propSet.getProperty(PropertyKey.trustCertificateKeyStoreUrl).getValue());
assertEquals("JKS", propSet.getProperty(PropertyKey.trustCertificateKeyStoreType).getValue());
assertEquals("password", propSet.getProperty(PropertyKey.trustCertificateKeyStorePassword).getValue());
assertTrue(propSet.getBooleanProperty(PropertyKey.fallbackToSystemTrustStore).getValue());
assertEquals("file:src/test/config/ssl-test-certs/client-keystore", propSet.getProperty(PropertyKey.clientCertificateKeyStoreUrl).getValue());
assertEquals("JKS", propSet.getProperty(PropertyKey.clientCertificateKeyStoreType).getValue());
assertEquals("password", propSet.getProperty(PropertyKey.clientCertificateKeyStorePassword).getValue());
assertTrue(propSet.getBooleanProperty(PropertyKey.fallbackToSystemKeyStore).getValue());
testSess.close();
/*
* Check SSL properties set locally on the X DevAPI.
*/
props = new Properties(this.sslFreeTestProperties);
// Set global SSL connection properties.
props.setProperty(PropertyKey.sslMode.getKeyName(), SslMode.DISABLED.toString());
props.setProperty(PropertyKey.trustCertificateKeyStoreUrl.getKeyName(), "trust-cert-keystore-url");
props.setProperty(PropertyKey.trustCertificateKeyStoreType.getKeyName(), "trust-cert-keystore-type");
props.setProperty(PropertyKey.trustCertificateKeyStorePassword.getKeyName(), "trust-cert-keystore-pwd");
props.setProperty(PropertyKey.fallbackToSystemTrustStore.getKeyName(), "false");
props.setProperty(PropertyKey.clientCertificateKeyStoreUrl.getKeyName(), "client-cert-keystore-url");
props.setProperty(PropertyKey.clientCertificateKeyStoreType.getKeyName(), "client-cert-keystore-type");
props.setProperty(PropertyKey.clientCertificateKeyStorePassword.getKeyName(), "client-cert-keystore-pwd");
props.setProperty(PropertyKey.fallbackToSystemKeyStore.getKeyName(), "false");
// Set X DevAPI local connection properties.
props.setProperty(PropertyKey.xdevapiSslMode.getKeyName(), XdevapiSslMode.VERIFY_CA.toString());
props.setProperty(PropertyKey.xdevapiSslTrustStoreUrl.getKeyName(), "file:src/test/config/ssl-test-certs/ca-truststore");
props.setProperty(PropertyKey.xdevapiSslTrustStoreType.getKeyName(), "JKS");
props.setProperty(PropertyKey.xdevapiSslTrustStorePassword.getKeyName(), "password");
props.setProperty(PropertyKey.xdevapiFallbackToSystemTrustStore.getKeyName(), "false");
props.setProperty(PropertyKey.xdevapiSslKeyStoreUrl.getKeyName(), "file:src/test/config/ssl-test-certs/client-keystore");
props.setProperty(PropertyKey.xdevapiSslKeyStoreType.getKeyName(), "JKS");
props.setProperty(PropertyKey.xdevapiSslKeyStorePassword.getKeyName(), "password");
props.setProperty(PropertyKey.xdevapiFallbackToSystemKeyStore.getKeyName(), "false");
testSess = this.fact.getSession(props);
propSet = ((SessionImpl) testSess).getSession().getPropertySet();
// X DevAPI options were set.
assertEquals(XdevapiSslMode.VERIFY_CA, propSet.getProperty(PropertyKey.xdevapiSslMode).getValue());
assertEquals("file:src/test/config/ssl-test-certs/ca-truststore", propSet.getProperty(PropertyKey.xdevapiSslTrustStoreUrl).getValue());
assertEquals("JKS", propSet.getProperty(PropertyKey.xdevapiSslTrustStoreType).getValue());
assertEquals("password", propSet.getProperty(PropertyKey.xdevapiSslTrustStorePassword).getValue());
assertFalse(propSet.getBooleanProperty(PropertyKey.xdevapiFallbackToSystemTrustStore).getValue());
assertEquals("file:src/test/config/ssl-test-certs/client-keystore", propSet.getProperty(PropertyKey.xdevapiSslKeyStoreUrl).getValue());
assertEquals("JKS", propSet.getProperty(PropertyKey.xdevapiSslKeyStoreType).getValue());
assertEquals("password", propSet.getProperty(PropertyKey.xdevapiSslKeyStorePassword).getValue());
assertFalse(propSet.getBooleanProperty(PropertyKey.xdevapiFallbackToSystemKeyStore).getValue());
// Global (JDBC) options were overridden.
assertEquals(SslMode.VERIFY_CA, propSet.getProperty(PropertyKey.sslMode).getValue());
assertEquals("file:src/test/config/ssl-test-certs/ca-truststore", propSet.getProperty(PropertyKey.trustCertificateKeyStoreUrl).getValue());
assertEquals("JKS", propSet.getProperty(PropertyKey.trustCertificateKeyStoreType).getValue());
assertEquals("password", propSet.getProperty(PropertyKey.trustCertificateKeyStorePassword).getValue());
assertFalse(propSet.getBooleanProperty(PropertyKey.fallbackToSystemTrustStore).getValue());
assertEquals("file:src/test/config/ssl-test-certs/client-keystore", propSet.getProperty(PropertyKey.clientCertificateKeyStoreUrl).getValue());
assertEquals("JKS", propSet.getProperty(PropertyKey.clientCertificateKeyStoreType).getValue());
assertEquals("password", propSet.getProperty(PropertyKey.clientCertificateKeyStorePassword).getValue());
assertFalse(propSet.getBooleanProperty(PropertyKey.fallbackToSystemKeyStore).getValue());
testSess.close();
props.setProperty(PropertyKey.xdevapiFallbackToSystemTrustStore.getKeyName(), "true");
props.setProperty(PropertyKey.xdevapiFallbackToSystemKeyStore.getKeyName(), "true");
testSess = this.fact.getSession(props);
propSet = ((SessionImpl) testSess).getSession().getPropertySet();
// X DevAPI options were set.
assertEquals(XdevapiSslMode.VERIFY_CA, propSet.getProperty(PropertyKey.xdevapiSslMode).getValue());
assertEquals("file:src/test/config/ssl-test-certs/ca-truststore", propSet.getProperty(PropertyKey.xdevapiSslTrustStoreUrl).getValue());
assertEquals("JKS", propSet.getProperty(PropertyKey.xdevapiSslTrustStoreType).getValue());
assertEquals("password", propSet.getProperty(PropertyKey.xdevapiSslTrustStorePassword).getValue());
assertTrue(propSet.getBooleanProperty(PropertyKey.xdevapiFallbackToSystemTrustStore).getValue());
assertEquals("file:src/test/config/ssl-test-certs/client-keystore", propSet.getProperty(PropertyKey.xdevapiSslKeyStoreUrl).getValue());
assertEquals("JKS", propSet.getProperty(PropertyKey.xdevapiSslKeyStoreType).getValue());
assertEquals("password", propSet.getProperty(PropertyKey.xdevapiSslKeyStorePassword).getValue());
assertTrue(propSet.getBooleanProperty(PropertyKey.xdevapiFallbackToSystemKeyStore).getValue());
// Global (JDBC) options were overridden.
assertEquals(SslMode.VERIFY_CA, propSet.getProperty(PropertyKey.sslMode).getValue());
assertEquals("file:src/test/config/ssl-test-certs/ca-truststore", propSet.getProperty(PropertyKey.trustCertificateKeyStoreUrl).getValue());
assertEquals("JKS", propSet.getProperty(PropertyKey.trustCertificateKeyStoreType).getValue());
assertEquals("password", propSet.getProperty(PropertyKey.trustCertificateKeyStorePassword).getValue());
assertTrue(propSet.getBooleanProperty(PropertyKey.fallbackToSystemTrustStore).getValue());
assertEquals("file:src/test/config/ssl-test-certs/client-keystore", propSet.getProperty(PropertyKey.clientCertificateKeyStoreUrl).getValue());
assertEquals("JKS", propSet.getProperty(PropertyKey.clientCertificateKeyStoreType).getValue());
assertEquals("password", propSet.getProperty(PropertyKey.clientCertificateKeyStorePassword).getValue());
assertTrue(propSet.getBooleanProperty(PropertyKey.fallbackToSystemKeyStore).getValue());
testSess.close();
}
use of com.mysql.cj.xdevapi.Session in project aws-mysql-jdbc by awslabs.
the class SessionFailoverTest method testConnectionTimeout.
/**
* Tests xdevapi.connect-timeout and connectTimeout functionality.
*
* The real socket connect timeout can be revealed only when trying to connect to the unavailable remote host
* pointed by IP address. Neither localhost IP nor domain names are working, they fail much faster then the timeout
* is reached.
* If default 10.77.77.77:37070 doesn't work in a particular testing setup (if the ip address is available)
* please add this variable to ant call:
* -Dcom.mysql.cj.testsuite.unavailable.host=unavailable_ip:port
*
* @throws Exception
*/
@Test
@Disabled("This test doesn't execute deterministically on some systems. It can be run manually in local systems when needed.")
public void testConnectionTimeout() throws Exception {
String customFakeHost = System.getProperty(PropertyDefinitions.SYSP_testsuite_unavailable_host);
String fakeHost = (customFakeHost != null && customFakeHost.trim().length() != 0) ? customFakeHost : "10.77.77.77:37070";
// TS1_1 Create a session to a Server using explicit "xdevapi.connect-timeout" overriding implicit "connectTimeout".
testConnectionTimeout_assertFailureTimeout(buildConnectionString(fakeHost) + "?" + makeParam(PropertyKey.xdevapiConnectTimeout, "500", true), 500, 1500);
// TS1_2 Create a session to a Server using explicit "xdevapi.connect-timeout" overriding explicit "connectTimeout".
testConnectionTimeout_assertFailureTimeout(buildConnectionString(fakeHost) + "?" + makeParam(PropertyKey.xdevapiConnectTimeout, "500", true) + makeParam(PropertyKey.connectTimeout, "8000"), 500, 1500);
// TS1_3 Create a session to a Server using explicit "connectTimeout" overriding implicit "xdevapi.connect-timeout".
testConnectionTimeout_assertFailureTimeout(buildConnectionString(fakeHost) + "?" + makeParam(PropertyKey.connectTimeout, "800", true), 800, 1800);
// TS3_1 Create a session to a remote offline host not setting the "connect-timeout" parameter. The connection must timeout in ~10 seconds.
// Default "connect-timeout" (10000 ms) overrides implicit "connectTimeout".
testConnectionTimeout_assertFailureTimeout(buildConnectionString(fakeHost), 10000, 11000);
// TS4_1 Create a session to a remote offline host setting "connect-timeout" to zero (0). The connection must not timeout until cancelled.
testConnectionTimeout_assertFailureTimeout(buildConnectionString(fakeHost) + "?" + makeParam(PropertyKey.xdevapiConnectTimeout, "0", true), 12000, 600000);
// TS6_1 Create a session using the fail over functionality passing two different Server addresses.
// The Server with the higher priority must be offline. The connection must succeed after connect-timeout milliseconds.
testConnectionTimeout_assertSuccessTimeout(buildConnectionString(fakeHost, this.testsHost) + "?" + makeParam(PropertyKey.xdevapiConnectTimeout, "1000", true), 1000, 2000);
// TS6_2 Create a session using the fail over functionality passing two different Server addresses.
// Both Servers must be offline. The connection must time out after connect-timeout * 2 milliseconds.
testConnectionTimeout_assertFailureTimeout(buildConnectionString(fakeHost, fakeHost) + "?" + makeParam(PropertyKey.xdevapiConnectTimeout, "500", true), 1000, 2000);
// TS8_1 Create a session to a Server using valid credentials passing the "connect-timeout" and set it to a valid value.
// Call the function SLEEP() and set it to 10 seconds once the connections is established. No timeout exception/error must be displayed.
long begin = System.currentTimeMillis();
Session sess = this.fact.getSession(buildConnectionString(this.testsHost) + "?" + makeParam(PropertyKey.xdevapiConnectTimeout, "3000", true));
sess.sql("SELECT SLEEP(11)").execute();
long end = System.currentTimeMillis() - begin;
assertTrue(end >= 11000 && end < 12000, "Expected: " + 11000 + ".." + 12000 + ". Got " + end);
sess.close();
// TS11_1 Set connection property xdevapi.connect-timeout=null, try to create Session, check that WrongArgumentException is thrown
// with message "The connection property 'xdevapi.connect-timeout' only accepts integer values. The value 'null' can not be converted to an integer."
assertThrows(WrongArgumentException.class, "The connection property 'xdevapi.connect-timeout' only accepts integer values. The value 'null' can not be converted to an integer.", () -> this.fact.getSession(buildConnectionString(fakeHost, this.testsHost) + "?" + makeParam(PropertyKey.xdevapiConnectTimeout, "null", true)));
// TS11_2 Set connection property xdevapi.connect-timeout=-1, try to create Session, check that WrongArgumentException is thrown with
// message "The connection property 'xdevapi.connect-timeout' only accepts integer values in the range of 0 - 2147483647, the value '-1' exceeds this range."
assertThrows(WrongArgumentException.class, "The connection property 'xdevapi.connect-timeout' only accepts integer values in the range of 0 - 2147483647, the value '-1' exceeds this range.", () -> this.fact.getSession(buildConnectionString(fakeHost, this.testsHost) + "?" + makeParam(PropertyKey.xdevapiConnectTimeout, "-1", true)));
// TS11_3 Set connection property xdevapi.connect-timeout=abc, try to create Session, check that WrongArgumentException is thrown with
// message "The connection property 'xdevapi.connect-timeout' only accepts integer values. The value 'abc' can not be converted to an integer."
assertThrows(WrongArgumentException.class, "The connection property 'xdevapi.connect-timeout' only accepts integer values. The value 'abc' can not be converted to an integer.", () -> this.fact.getSession(buildConnectionString(fakeHost, this.testsHost) + "?" + makeParam(PropertyKey.xdevapiConnectTimeout, "abc", true)));
// TS11_4 Set connection property xdevapi.connect-timeout=, try to create Session, check that WrongArgumentException is thrown with
// message "The connection property 'xdevapi.connect-timeout' only accepts integer values. The value '' can not be converted to an integer."
assertThrows(WrongArgumentException.class, "The connection property 'xdevapi.connect-timeout' only accepts integer values. The value '' can not be converted to an integer.", () -> this.fact.getSession(buildConnectionString(fakeHost, this.testsHost) + "?" + makeParam(PropertyKey.xdevapiConnectTimeout, "", true)));
// TS11_5 Set connection property xdevapi.connect-timeout=12.8. Please note that c/J truncates decimals w/o exception for integer parameters thus
// the error message is not thrown against the property value. Try to connect with this connection string and ensure that CJCommunicationsException
// is thrown not earlier than 12 ms and not later than 1000 ms.
testConnectionTimeout_assertFailureTimeout(buildConnectionString(fakeHost) + "?" + makeParam(PropertyKey.xdevapiConnectTimeout, "12.8", true), 12, 1000);
// TS12_1 Create a session to a Server giving a valid value for the "connect-timeout", and use invalid credentials.
testConnectionTimeout_assertFailureTimeout(buildConnectionStringNoUser(this.testsHost) + "?" + makeParam(PropertyKey.xdevapiConnectTimeout, "1000", true) + makeParam(PropertyKey.USER, "nosuchuser"), 0, 1000, XProtocolError.class);
}
use of com.mysql.cj.xdevapi.Session in project aws-mysql-jdbc by awslabs.
the class SessionTest method urlWithoutDefaultSchema.
@Test
public void urlWithoutDefaultSchema() {
try {
// Create user with mysql_native_password authentication plugin as it can be used with any of the authentication mechanisms.
this.session.sql("CREATE USER IF NOT EXISTS 'testUserN'@'%' IDENTIFIED WITH mysql_native_password BY 'testUserN'").execute();
this.session.sql("GRANT SELECT ON *.* TO 'testUserN'@'%'").execute();
final SessionFactory testSessionFactory = new SessionFactory();
final String testUriPattern1 = "mysqlx://testUserN:testUserN@%s:%s/?xdevapi.auth=%s";
final String testUriPattern2 = "mysqlx://testUserN:testUserN@%s:%s?xdevapi.auth=%s";
final String testUriPattern3 = "mysqlx://testUserN:testUserN@address=(host=%s)(port=%s)(xdevapi.auth=%s)";
// Check if not setting a default schema works correctly when using different authentication mechanisms.
String[] authMechs = mysqlVersionMeetsMinimum(ServerVersion.parseVersion("8.0.4")) ? new String[] { "PLAIN", "MYSQL41", "SHA256_MEMORY" } : new String[] { "PLAIN", "MYSQL41" };
for (String authMech : authMechs) {
for (String testUriPattern : new String[] { testUriPattern1, testUriPattern2, testUriPattern3 }) {
// Test using a connection String.
final String testUri = String.format(testUriPattern, getTestHost(), getTestPort(), authMech);
final String testCase = "Testing no default schema with authentication mecanism '" + authMech + "' and URI '" + testUri + "'.";
Session testSession = testSessionFactory.getSession(testUri);
assertTrue(testSession.getUri().contains("/?"), testCase);
assertEquals("", testSession.getDefaultSchemaName(), testCase);
assertNull(testSession.getDefaultSchema(), testCase);
assertNull(testSession.sql("SELECT database()").execute().fetchOne().getString(0), testCase);
testSession.close();
}
// Test using a properties map.
final String testCase = "Testing no default schema with authentication mecanism '" + authMech + "'.";
final Properties testProps = new Properties();
testProps.setProperty(PropertyKey.USER.getKeyName(), "testUserN");
testProps.setProperty(PropertyKey.PASSWORD.getKeyName(), "testUserN");
testProps.setProperty(PropertyKey.HOST.getKeyName(), getTestHost());
testProps.setProperty(PropertyKey.PORT.getKeyName(), String.valueOf(getTestPort()));
testProps.setProperty(PropertyKey.xdevapiAuth.getKeyName(), authMech);
Session testSession = testSessionFactory.getSession(testProps);
assertTrue(testSession.getUri().contains("/?"), testCase);
assertEquals("", testSession.getDefaultSchemaName(), testCase);
assertNull(testSession.getDefaultSchema(), testCase);
assertNull(testSession.sql("SELECT database()").execute().fetchOne().getString(0), testCase);
testSession.close();
}
} finally {
this.session.sql("DROP USER IF EXISTS testUserN").execute();
}
}
Aggregations