Search in sources :

Example 11 with Session

use of com.mysql.cj.xdevapi.Session in project aws-mysql-jdbc by awslabs.

the class SecureSessionTest method testSecureSessionDefaultAndRequiredWithSystemPropsPresent.

/**
 * Tests secure {@link Session}s created via URL and properties map, with the SSL system properties also defined.
 */
@Test
public void testSecureSessionDefaultAndRequiredWithSystemPropsPresent() {
    assumeTrue(supportsTestCertificates(this.session), "This test requires the server configured with SSL certificates from ConnectorJ/src/test/config/ssl-test-certs");
    System.setProperty("javax.net.ssl.trustStore", this.trustStorePath);
    System.setProperty("javax.net.ssl.trustStorePassword", this.trustStorePassword);
    Session testSession = this.fact.getSession(this.sslFreeBaseUrl);
    assertSecureSession(testSession);
    testSession.close();
    testSession = this.fact.getSession(this.sslFreeBaseUrl + makeParam(PropertyKey.xdevapiSslMode, XdevapiSslMode.VERIFY_CA));
    assertSecureSession(testSession);
    testSession.close();
    testSession = this.fact.getSession(this.sslFreeTestProperties);
    assertSecureSession(testSession);
    testSession.close();
    Properties props = new Properties(this.sslFreeTestProperties);
    props.setProperty(PropertyKey.xdevapiSslMode.getKeyName(), XdevapiSslMode.REQUIRED.toString());
    testSession = this.fact.getSession(props);
    assertSecureSession(testSession);
    testSession.close();
}
Also used : Properties(java.util.Properties) CoreSession(com.mysql.cj.CoreSession) Session(com.mysql.cj.xdevapi.Session) Test(org.junit.jupiter.api.Test)

Example 12 with Session

use of com.mysql.cj.xdevapi.Session in project aws-mysql-jdbc by awslabs.

the class SecureSessionTest method testTLSVersionRemoval.

/**
 * Tests fix for WL#14805, Remove support for TLS 1.0 and 1.1.
 *
 * @throws Exception
 */
@Test
public void testTLSVersionRemoval() throws Exception {
    assumeTrue(supportsTestCertificates(this.session), "This test requires the server configured with SSL certificates from ConnectorJ/src/test/config/ssl-test-certs");
    Session sess = null;
    Properties props = new Properties(this.sslFreeTestProperties);
    props.setProperty(PropertyKey.sslMode.getKeyName(), SslMode.REQUIRED.name());
    props.setProperty(PropertyKey.allowPublicKeyRetrieval.getKeyName(), "true");
    // TS.FR.1_1. Create a Connection with the connection property tlsVersions=TLSv1.2. Assess that the connection is created successfully and it is using TLSv1.2.
    props.setProperty(PropertyKey.tlsVersions.getKeyName(), "TLSv1.2");
    sess = this.fact.getSession(props);
    assertSecureSession(sess);
    assertTlsVersion(sess, "TLSv1.2");
    sess.close();
    props.remove(PropertyKey.tlsVersions.getKeyName());
    props.setProperty(PropertyKey.xdevapiTlsVersions.getKeyName(), "TLSv1.2");
    sess = this.fact.getSession(props);
    assertSecureSession(sess);
    assertTlsVersion(sess, "TLSv1.2");
    sess.close();
    // TS.FR.1_2. Create a Connection with the connection property enabledTLSProtocols=TLSv1.2. Assess that the connection is created successfully and it is using TLSv1.2.
    props.remove(PropertyKey.xdevapiTlsVersions.getKeyName());
    props.setProperty("enabledTLSProtocols", "TLSv1.2");
    sess = this.fact.getSession(props);
    assertSecureSession(sess);
    assertTlsVersion(sess, "TLSv1.2");
    sess.close();
    props.remove("enabledTLSProtocols");
    // TS.FR.2_1. Create a Connection with the connection property tlsCiphersuites=[valid-cipher-suite]. Assess that the connection is created successfully and it is using the cipher suite specified.
    props.setProperty(PropertyKey.tlsCiphersuites.getKeyName(), "TLS_DHE_RSA_WITH_AES_128_CBC_SHA");
    sess = this.fact.getSession(props);
    assertSecureSession(sess);
    assertSessionStatusEquals(sess, "mysqlx_ssl_cipher", "DHE-RSA-AES128-SHA");
    sess.close();
    props.remove(PropertyKey.tlsCiphersuites.getKeyName());
    props.setProperty(PropertyKey.xdevapiTlsCiphersuites.getKeyName(), "TLS_DHE_RSA_WITH_AES_128_CBC_SHA");
    sess = this.fact.getSession(props);
    assertSecureSession(sess);
    assertSessionStatusEquals(sess, "mysqlx_ssl_cipher", "DHE-RSA-AES128-SHA");
    sess.close();
    // TS.FR.2_2. Create a Connection with the connection property enabledSSLCipherSuites=[valid-cipher-suite] . Assess that the connection is created successfully and it is using the cipher suite specified.
    props.remove(PropertyKey.xdevapiTlsCiphersuites.getKeyName());
    props.setProperty("enabledSSLCipherSuites", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA");
    sess = this.fact.getSession(props);
    assertSecureSession(sess);
    assertSessionStatusEquals(sess, "mysqlx_ssl_cipher", "DHE-RSA-AES128-SHA");
    sess.close();
    props.remove("enabledSSLCipherSuites");
    // TS.FR.3_1. Create a Connection with the connection property tlsVersions=TLSv1. Assess that the connection fails.
    props.setProperty(PropertyKey.tlsVersions.getKeyName(), "TLSv1");
    assertThrows(CJCommunicationsException.class, ".+TLS protocols TLSv1 and TLSv1.1 are not supported. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
    props.remove(PropertyKey.tlsVersions.getKeyName());
    props.setProperty(PropertyKey.xdevapiTlsVersions.getKeyName(), "TLSv1");
    assertThrows(SSLParamsException.class, "TLS protocols TLSv1 and TLSv1.1 are not supported. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
    // TS.FR.3_2. Create a Connection with the connection property tlsVersions=TLSv1.1. Assess that the connection fails.
    props.remove(PropertyKey.xdevapiTlsVersions.getKeyName());
    props.setProperty(PropertyKey.tlsVersions.getKeyName(), "TLSv1.1");
    assertThrows(CJCommunicationsException.class, ".+TLS protocols TLSv1 and TLSv1.1 are not supported. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
    props.remove(PropertyKey.tlsVersions.getKeyName());
    props.setProperty(PropertyKey.xdevapiTlsVersions.getKeyName(), "TLSv1.1");
    assertThrows(SSLParamsException.class, "TLS protocols TLSv1 and TLSv1.1 are not supported. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
    props.remove(PropertyKey.xdevapiTlsVersions.getKeyName());
    // TS.FR.3_3. Create a Connection with the connection property enabledTLSProtocols=TLSv1. Assess that the connection fails.
    props.setProperty("enabledTLSProtocols", "TLSv1");
    assertThrows(CJCommunicationsException.class, ".+TLS protocols TLSv1 and TLSv1.1 are not supported. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
    props.remove("enabledTLSProtocols");
    // TS.FR.3_4. Create a Connection with the connection property enabledTLSProtocols=TLSv1.1. Assess that the connection fails.
    props.setProperty("enabledTLSProtocols", "TLSv1.1");
    assertThrows(CJCommunicationsException.class, ".+TLS protocols TLSv1 and TLSv1.1 are not supported. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
    props.remove("enabledTLSProtocols");
    // TS.FR.4. Create a Connection with the connection property tlsVersions=TLSv1 and sslMode=DISABLED. Assess that the connection is created successfully and it is not using encryption.
    props.setProperty(PropertyKey.tlsVersions.getKeyName(), "TLSv1");
    props.setProperty(PropertyKey.xdevapiSslMode.getKeyName(), SslMode.DISABLED.name());
    sess = this.fact.getSession(props);
    assertNonSecureSession(sess);
    sess.close();
    props.remove(PropertyKey.tlsVersions.getKeyName());
    props.setProperty(PropertyKey.xdevapiTlsVersions.getKeyName(), "TLSv1");
    assertThrows(WrongArgumentException.class, "Option '" + PropertyKey.xdevapiTlsVersions.getKeyName() + "' can not be specified when SSL connections are disabled.", () -> this.fact.getSession(props));
    props.remove(PropertyKey.xdevapiTlsVersions.getKeyName());
    props.remove(PropertyKey.xdevapiSslMode.getKeyName());
    // TS.FR.5_1. Create a Connection with the connection property tlsVersions=FOO,BAR.
    // Assess that the connection fails with the error message "Specified list of TLS versions only contains non valid TLS protocols. Accepted values are TLSv1.2 and TLSv1.3."
    props.setProperty(PropertyKey.tlsVersions.getKeyName(), "FOO,BAR");
    assertThrows(CJCommunicationsException.class, ".+Specified list of TLS versions only contains non valid TLS protocols. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
    props.setProperty(PropertyKey.tlsVersions.getKeyName(), "FOO,,,BAR");
    assertThrows(CJCommunicationsException.class, ".+Specified list of TLS versions only contains non valid TLS protocols. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
    props.remove(PropertyKey.tlsVersions.getKeyName());
    props.setProperty(PropertyKey.xdevapiTlsVersions.getKeyName(), "FOO,BAR");
    assertThrows(SSLParamsException.class, "Specified list of TLS versions only contains non valid TLS protocols. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
    props.setProperty(PropertyKey.xdevapiTlsVersions.getKeyName(), "FOO,,,BAR");
    assertThrows(SSLParamsException.class, "Specified list of TLS versions only contains non valid TLS protocols. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
    props.remove(PropertyKey.xdevapiTlsVersions.getKeyName());
    // TS.FR.5_2. Create a Connection with the connection property tlsVersions=FOO,TLSv1.1.
    // Assess that the connection fails with the error message "TLS protocols TLSv1 and TLSv1.1 are not supported. Accepted values are TLSv1.2 and TLSv1.3."
    props.setProperty(PropertyKey.tlsVersions.getKeyName(), "FOO,TLSv1.1");
    assertThrows(CJCommunicationsException.class, ".+TLS protocols TLSv1 and TLSv1.1 are not supported. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
    props.setProperty(PropertyKey.xdevapiTlsVersions.getKeyName(), "FOO,TLSv1.1");
    assertThrows(SSLParamsException.class, "TLS protocols TLSv1 and TLSv1.1 are not supported. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
    props.remove(PropertyKey.xdevapiTlsVersions.getKeyName());
    // TS.FR.5_3. Create a Connection with the connection property tlsVersions=TLSv1,TLSv1.1.
    // Assess that the connection fails with the error message "TLS protocols TLSv1 and TLSv1.1 are not supported. Accepted values are TLSv1.2 and TLSv1.3."
    props.setProperty(PropertyKey.xdevapiTlsVersions.getKeyName(), "TLSv1,TLSv1.1");
    assertThrows(SSLParamsException.class, "TLS protocols TLSv1 and TLSv1.1 are not supported. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
    props.remove(PropertyKey.xdevapiTlsVersions.getKeyName());
    // TS.FR.6. Create a Connection with the connection property tlsVersions= (empty value).
    // Assess that the connection fails with the error message "Specified list of TLS versions is empty. Accepted values are TLSv1.2 and TLSv13."
    props.setProperty(PropertyKey.xdevapiTlsVersions.getKeyName(), "");
    assertThrows(SSLParamsException.class, "Specified list of TLS versions is empty. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
    props.setProperty(PropertyKey.xdevapiTlsVersions.getKeyName(), "   ");
    assertThrows(SSLParamsException.class, "Specified list of TLS versions is empty. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
    props.setProperty(PropertyKey.xdevapiTlsVersions.getKeyName(), ",,,");
    assertThrows(SSLParamsException.class, "Specified list of TLS versions is empty. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
    props.setProperty(PropertyKey.xdevapiTlsVersions.getKeyName(), ",  ,,");
    assertThrows(SSLParamsException.class, "Specified list of TLS versions is empty. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
    props.remove(PropertyKey.xdevapiTlsVersions.getKeyName());
    // TS.FR.7. Create a Connection with the connection property tlsVersions=FOO,TLSv1,TLSv1.1,TLSv1.2.
    // Assess that the connection is created successfully and it is using TLSv1.2.
    props.setProperty(PropertyKey.tlsVersions.getKeyName(), "FOO,TLSv1,TLSv1.1,TLSv1.2");
    sess = this.fact.getSession(props);
    assertSecureSession(sess);
    assertTlsVersion(sess, "TLSv1.2");
    sess.close();
    props.remove(PropertyKey.tlsVersions.getKeyName());
    props.setProperty(PropertyKey.xdevapiTlsVersions.getKeyName(), "FOO,TLSv1,TLSv1.1,TLSv1.2");
    sess = this.fact.getSession(props);
    assertSecureSession(sess);
    assertTlsVersion(sess, "TLSv1.2");
    sess.close();
    props.remove(PropertyKey.xdevapiTlsVersions.getKeyName());
    // TS.FR.9_1. Create an X DevAPI session with the property tlsVersions=TLSv1,TLSv1.1.
    // Assess that the operation fails with the error message TLS protocols TLSv1 and TLSv1.1 are not supported. Accepted values are TLSv1.2 and TLSv1.3.
    props.setProperty(PropertyKey.tlsVersions.getKeyName(), "TLSv1,TLSv1.1");
    assertThrows(CJCommunicationsException.class, ".+TLS protocols TLSv1 and TLSv1.1 are not supported. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
    // TS.FR.9_2. Create an Connection X DevAPI session with the property tlsVersions= (empty value).
    // Assess that the operation fails with the error message Specified list of TLS versions is empty. Accepted values are TLSv1.2 and TLSv13.
    props.setProperty(PropertyKey.tlsVersions.getKeyName(), "");
    assertThrows(CJCommunicationsException.class, ".+Specified list of TLS versions is empty. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
    props.setProperty(PropertyKey.tlsVersions.getKeyName(), "   ");
    assertThrows(CJCommunicationsException.class, ".+Specified list of TLS versions is empty. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
    props.setProperty(PropertyKey.tlsVersions.getKeyName(), ",,,");
    assertThrows(CJCommunicationsException.class, ".+Specified list of TLS versions is empty. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
    props.setProperty(PropertyKey.tlsVersions.getKeyName(), ",  ,,");
    assertThrows(CJCommunicationsException.class, ".+Specified list of TLS versions is empty. Accepted values are TLSv1.2 and TLSv1.3.+", () -> this.fact.getSession(props));
    props.remove(PropertyKey.tlsVersions.getKeyName());
    // TS.FR.10. Create an X DevAPI session with the property tlsVersions=TLSv1.2 and xdevapi.ssl-mode=DISABLED.
    // Assess that the session is created successfully and it is not using encryption.
    props.setProperty(PropertyKey.tlsVersions.getKeyName(), "TLSv1.2");
    props.setProperty(PropertyKey.sslMode.getKeyName(), SslMode.DISABLED.name());
    sess = this.fact.getSession(props);
    assertNonSecureSession(sess);
    sess.close();
}
Also used : Properties(java.util.Properties) CoreSession(com.mysql.cj.CoreSession) Session(com.mysql.cj.xdevapi.Session) Test(org.junit.jupiter.api.Test)

Example 13 with Session

use of com.mysql.cj.xdevapi.Session in project aws-mysql-jdbc by awslabs.

the class SecureSessionTest method testXdevapiSslConnectionOptions.

/**
 * Tests that given SSL/TLS related session properties values are processed as expected.
 *
 * @throws Exception
 */
@Test
public void testXdevapiSslConnectionOptions() throws Exception {
    assumeTrue(supportsTestCertificates(this.session), "This test requires the server configured with SSL certificates from ConnectorJ/src/test/config/ssl-test-certs");
    Session testSess;
    PropertySet propSet;
    /*
         * Check defaults.
         */
    testSess = this.fact.getSession(this.sslFreeBaseUrl);
    propSet = ((SessionImpl) testSess).getSession().getPropertySet();
    // X DevAPI options.
    assertEquals(XdevapiSslMode.REQUIRED, propSet.getProperty(PropertyKey.xdevapiSslMode).getValue());
    assertNull(propSet.getProperty(PropertyKey.xdevapiSslTrustStoreUrl).getValue());
    assertEquals("JKS", propSet.getProperty(PropertyKey.xdevapiSslTrustStoreType).getValue());
    assertNull(propSet.getProperty(PropertyKey.xdevapiSslTrustStorePassword).getValue());
    assertTrue(propSet.getBooleanProperty(PropertyKey.xdevapiFallbackToSystemTrustStore).getValue());
    assertNull(propSet.getProperty(PropertyKey.xdevapiSslKeyStoreUrl).getValue());
    assertEquals("JKS", propSet.getProperty(PropertyKey.xdevapiSslKeyStoreType).getValue());
    assertNull(propSet.getProperty(PropertyKey.xdevapiSslKeyStorePassword).getValue());
    assertTrue(propSet.getBooleanProperty(PropertyKey.xdevapiFallbackToSystemKeyStore).getValue());
    // Global (JDBC) options.
    assertEquals(SslMode.REQUIRED, propSet.getProperty(PropertyKey.sslMode).getValue());
    assertNull(propSet.getProperty(PropertyKey.trustCertificateKeyStoreUrl).getValue());
    assertEquals("JKS", propSet.getProperty(PropertyKey.trustCertificateKeyStoreType).getValue());
    assertNull(propSet.getProperty(PropertyKey.trustCertificateKeyStorePassword).getValue());
    assertTrue(propSet.getBooleanProperty(PropertyKey.fallbackToSystemTrustStore).getValue());
    assertNull(propSet.getProperty(PropertyKey.clientCertificateKeyStoreUrl).getValue());
    assertEquals("JKS", propSet.getProperty(PropertyKey.clientCertificateKeyStoreType).getValue());
    assertNull(propSet.getProperty(PropertyKey.clientCertificateKeyStorePassword).getValue());
    assertTrue(propSet.getBooleanProperty(PropertyKey.fallbackToSystemKeyStore).getValue());
    testSess.close();
    /*
         * Check SSL properties set globally (JDBC)
         */
    Properties props = new Properties(this.sslFreeTestProperties);
    // Set global SSL connection properties.
    props.setProperty(PropertyKey.sslMode.getKeyName(), SslMode.VERIFY_CA.toString());
    props.setProperty(PropertyKey.trustCertificateKeyStoreUrl.getKeyName(), "file:src/test/config/ssl-test-certs/ca-truststore");
    props.setProperty(PropertyKey.trustCertificateKeyStoreType.getKeyName(), "JKS");
    props.setProperty(PropertyKey.trustCertificateKeyStorePassword.getKeyName(), "password");
    props.setProperty(PropertyKey.fallbackToSystemTrustStore.getKeyName(), "false");
    props.setProperty(PropertyKey.clientCertificateKeyStoreUrl.getKeyName(), "file:src/test/config/ssl-test-certs/client-keystore");
    props.setProperty(PropertyKey.clientCertificateKeyStoreType.getKeyName(), "JKS");
    props.setProperty(PropertyKey.clientCertificateKeyStorePassword.getKeyName(), "password");
    props.setProperty(PropertyKey.fallbackToSystemKeyStore.getKeyName(), "false");
    testSess = this.fact.getSession(props);
    propSet = ((SessionImpl) testSess).getSession().getPropertySet();
    // X DevAPI options keep defaults.
    assertEquals(XdevapiSslMode.REQUIRED, propSet.getProperty(PropertyKey.xdevapiSslMode).getValue());
    assertNull(propSet.getProperty(PropertyKey.xdevapiSslTrustStoreUrl).getValue());
    assertEquals("JKS", propSet.getProperty(PropertyKey.xdevapiSslTrustStoreType).getValue());
    assertNull(propSet.getProperty(PropertyKey.xdevapiSslTrustStorePassword).getValue());
    assertTrue(propSet.getBooleanProperty(PropertyKey.xdevapiFallbackToSystemTrustStore).getValue());
    assertNull(propSet.getProperty(PropertyKey.xdevapiSslKeyStoreUrl).getValue());
    assertEquals("JKS", propSet.getProperty(PropertyKey.xdevapiSslKeyStoreType).getValue());
    assertNull(propSet.getProperty(PropertyKey.xdevapiSslKeyStorePassword).getValue());
    assertTrue(propSet.getBooleanProperty(PropertyKey.xdevapiFallbackToSystemKeyStore).getValue());
    // Global (JDBC) were set.
    assertEquals(SslMode.VERIFY_CA, propSet.getProperty(PropertyKey.sslMode).getValue());
    assertEquals("file:src/test/config/ssl-test-certs/ca-truststore", propSet.getProperty(PropertyKey.trustCertificateKeyStoreUrl).getValue());
    assertEquals("JKS", propSet.getProperty(PropertyKey.trustCertificateKeyStoreType).getValue());
    assertEquals("password", propSet.getProperty(PropertyKey.trustCertificateKeyStorePassword).getValue());
    assertFalse(propSet.getBooleanProperty(PropertyKey.fallbackToSystemTrustStore).getValue());
    assertEquals("file:src/test/config/ssl-test-certs/client-keystore", propSet.getProperty(PropertyKey.clientCertificateKeyStoreUrl).getValue());
    assertEquals("JKS", propSet.getProperty(PropertyKey.clientCertificateKeyStoreType).getValue());
    assertEquals("password", propSet.getProperty(PropertyKey.clientCertificateKeyStorePassword).getValue());
    assertFalse(propSet.getBooleanProperty(PropertyKey.fallbackToSystemKeyStore).getValue());
    testSess.close();
    props.setProperty(PropertyKey.fallbackToSystemTrustStore.getKeyName(), "true");
    props.setProperty(PropertyKey.fallbackToSystemKeyStore.getKeyName(), "true");
    testSess = this.fact.getSession(props);
    propSet = ((SessionImpl) testSess).getSession().getPropertySet();
    // X DevAPI options keep defaults.
    assertEquals(XdevapiSslMode.REQUIRED, propSet.getProperty(PropertyKey.xdevapiSslMode).getValue());
    assertNull(propSet.getProperty(PropertyKey.xdevapiSslTrustStoreUrl).getValue());
    assertEquals("JKS", propSet.getProperty(PropertyKey.xdevapiSslTrustStoreType).getValue());
    assertNull(propSet.getProperty(PropertyKey.xdevapiSslTrustStorePassword).getValue());
    assertTrue(propSet.getBooleanProperty(PropertyKey.xdevapiFallbackToSystemTrustStore).getValue());
    assertNull(propSet.getProperty(PropertyKey.xdevapiSslKeyStoreUrl).getValue());
    assertEquals("JKS", propSet.getProperty(PropertyKey.xdevapiSslKeyStoreType).getValue());
    assertNull(propSet.getProperty(PropertyKey.xdevapiSslKeyStorePassword).getValue());
    assertTrue(propSet.getBooleanProperty(PropertyKey.xdevapiFallbackToSystemKeyStore).getValue());
    // Global (JDBC) options were set.
    assertEquals(SslMode.VERIFY_CA, propSet.getProperty(PropertyKey.sslMode).getValue());
    assertEquals("file:src/test/config/ssl-test-certs/ca-truststore", propSet.getProperty(PropertyKey.trustCertificateKeyStoreUrl).getValue());
    assertEquals("JKS", propSet.getProperty(PropertyKey.trustCertificateKeyStoreType).getValue());
    assertEquals("password", propSet.getProperty(PropertyKey.trustCertificateKeyStorePassword).getValue());
    assertTrue(propSet.getBooleanProperty(PropertyKey.fallbackToSystemTrustStore).getValue());
    assertEquals("file:src/test/config/ssl-test-certs/client-keystore", propSet.getProperty(PropertyKey.clientCertificateKeyStoreUrl).getValue());
    assertEquals("JKS", propSet.getProperty(PropertyKey.clientCertificateKeyStoreType).getValue());
    assertEquals("password", propSet.getProperty(PropertyKey.clientCertificateKeyStorePassword).getValue());
    assertTrue(propSet.getBooleanProperty(PropertyKey.fallbackToSystemKeyStore).getValue());
    testSess.close();
    /*
         * Check SSL properties set locally on the X DevAPI.
         */
    props = new Properties(this.sslFreeTestProperties);
    // Set global SSL connection properties.
    props.setProperty(PropertyKey.sslMode.getKeyName(), SslMode.DISABLED.toString());
    props.setProperty(PropertyKey.trustCertificateKeyStoreUrl.getKeyName(), "trust-cert-keystore-url");
    props.setProperty(PropertyKey.trustCertificateKeyStoreType.getKeyName(), "trust-cert-keystore-type");
    props.setProperty(PropertyKey.trustCertificateKeyStorePassword.getKeyName(), "trust-cert-keystore-pwd");
    props.setProperty(PropertyKey.fallbackToSystemTrustStore.getKeyName(), "false");
    props.setProperty(PropertyKey.clientCertificateKeyStoreUrl.getKeyName(), "client-cert-keystore-url");
    props.setProperty(PropertyKey.clientCertificateKeyStoreType.getKeyName(), "client-cert-keystore-type");
    props.setProperty(PropertyKey.clientCertificateKeyStorePassword.getKeyName(), "client-cert-keystore-pwd");
    props.setProperty(PropertyKey.fallbackToSystemKeyStore.getKeyName(), "false");
    // Set X DevAPI local connection properties.
    props.setProperty(PropertyKey.xdevapiSslMode.getKeyName(), XdevapiSslMode.VERIFY_CA.toString());
    props.setProperty(PropertyKey.xdevapiSslTrustStoreUrl.getKeyName(), "file:src/test/config/ssl-test-certs/ca-truststore");
    props.setProperty(PropertyKey.xdevapiSslTrustStoreType.getKeyName(), "JKS");
    props.setProperty(PropertyKey.xdevapiSslTrustStorePassword.getKeyName(), "password");
    props.setProperty(PropertyKey.xdevapiFallbackToSystemTrustStore.getKeyName(), "false");
    props.setProperty(PropertyKey.xdevapiSslKeyStoreUrl.getKeyName(), "file:src/test/config/ssl-test-certs/client-keystore");
    props.setProperty(PropertyKey.xdevapiSslKeyStoreType.getKeyName(), "JKS");
    props.setProperty(PropertyKey.xdevapiSslKeyStorePassword.getKeyName(), "password");
    props.setProperty(PropertyKey.xdevapiFallbackToSystemKeyStore.getKeyName(), "false");
    testSess = this.fact.getSession(props);
    propSet = ((SessionImpl) testSess).getSession().getPropertySet();
    // X DevAPI options were set.
    assertEquals(XdevapiSslMode.VERIFY_CA, propSet.getProperty(PropertyKey.xdevapiSslMode).getValue());
    assertEquals("file:src/test/config/ssl-test-certs/ca-truststore", propSet.getProperty(PropertyKey.xdevapiSslTrustStoreUrl).getValue());
    assertEquals("JKS", propSet.getProperty(PropertyKey.xdevapiSslTrustStoreType).getValue());
    assertEquals("password", propSet.getProperty(PropertyKey.xdevapiSslTrustStorePassword).getValue());
    assertFalse(propSet.getBooleanProperty(PropertyKey.xdevapiFallbackToSystemTrustStore).getValue());
    assertEquals("file:src/test/config/ssl-test-certs/client-keystore", propSet.getProperty(PropertyKey.xdevapiSslKeyStoreUrl).getValue());
    assertEquals("JKS", propSet.getProperty(PropertyKey.xdevapiSslKeyStoreType).getValue());
    assertEquals("password", propSet.getProperty(PropertyKey.xdevapiSslKeyStorePassword).getValue());
    assertFalse(propSet.getBooleanProperty(PropertyKey.xdevapiFallbackToSystemKeyStore).getValue());
    // Global (JDBC) options were overridden.
    assertEquals(SslMode.VERIFY_CA, propSet.getProperty(PropertyKey.sslMode).getValue());
    assertEquals("file:src/test/config/ssl-test-certs/ca-truststore", propSet.getProperty(PropertyKey.trustCertificateKeyStoreUrl).getValue());
    assertEquals("JKS", propSet.getProperty(PropertyKey.trustCertificateKeyStoreType).getValue());
    assertEquals("password", propSet.getProperty(PropertyKey.trustCertificateKeyStorePassword).getValue());
    assertFalse(propSet.getBooleanProperty(PropertyKey.fallbackToSystemTrustStore).getValue());
    assertEquals("file:src/test/config/ssl-test-certs/client-keystore", propSet.getProperty(PropertyKey.clientCertificateKeyStoreUrl).getValue());
    assertEquals("JKS", propSet.getProperty(PropertyKey.clientCertificateKeyStoreType).getValue());
    assertEquals("password", propSet.getProperty(PropertyKey.clientCertificateKeyStorePassword).getValue());
    assertFalse(propSet.getBooleanProperty(PropertyKey.fallbackToSystemKeyStore).getValue());
    testSess.close();
    props.setProperty(PropertyKey.xdevapiFallbackToSystemTrustStore.getKeyName(), "true");
    props.setProperty(PropertyKey.xdevapiFallbackToSystemKeyStore.getKeyName(), "true");
    testSess = this.fact.getSession(props);
    propSet = ((SessionImpl) testSess).getSession().getPropertySet();
    // X DevAPI options were set.
    assertEquals(XdevapiSslMode.VERIFY_CA, propSet.getProperty(PropertyKey.xdevapiSslMode).getValue());
    assertEquals("file:src/test/config/ssl-test-certs/ca-truststore", propSet.getProperty(PropertyKey.xdevapiSslTrustStoreUrl).getValue());
    assertEquals("JKS", propSet.getProperty(PropertyKey.xdevapiSslTrustStoreType).getValue());
    assertEquals("password", propSet.getProperty(PropertyKey.xdevapiSslTrustStorePassword).getValue());
    assertTrue(propSet.getBooleanProperty(PropertyKey.xdevapiFallbackToSystemTrustStore).getValue());
    assertEquals("file:src/test/config/ssl-test-certs/client-keystore", propSet.getProperty(PropertyKey.xdevapiSslKeyStoreUrl).getValue());
    assertEquals("JKS", propSet.getProperty(PropertyKey.xdevapiSslKeyStoreType).getValue());
    assertEquals("password", propSet.getProperty(PropertyKey.xdevapiSslKeyStorePassword).getValue());
    assertTrue(propSet.getBooleanProperty(PropertyKey.xdevapiFallbackToSystemKeyStore).getValue());
    // Global (JDBC) options were overridden.
    assertEquals(SslMode.VERIFY_CA, propSet.getProperty(PropertyKey.sslMode).getValue());
    assertEquals("file:src/test/config/ssl-test-certs/ca-truststore", propSet.getProperty(PropertyKey.trustCertificateKeyStoreUrl).getValue());
    assertEquals("JKS", propSet.getProperty(PropertyKey.trustCertificateKeyStoreType).getValue());
    assertEquals("password", propSet.getProperty(PropertyKey.trustCertificateKeyStorePassword).getValue());
    assertTrue(propSet.getBooleanProperty(PropertyKey.fallbackToSystemTrustStore).getValue());
    assertEquals("file:src/test/config/ssl-test-certs/client-keystore", propSet.getProperty(PropertyKey.clientCertificateKeyStoreUrl).getValue());
    assertEquals("JKS", propSet.getProperty(PropertyKey.clientCertificateKeyStoreType).getValue());
    assertEquals("password", propSet.getProperty(PropertyKey.clientCertificateKeyStorePassword).getValue());
    assertTrue(propSet.getBooleanProperty(PropertyKey.fallbackToSystemKeyStore).getValue());
    testSess.close();
}
Also used : PropertySet(com.mysql.cj.conf.PropertySet) SessionImpl(com.mysql.cj.xdevapi.SessionImpl) Properties(java.util.Properties) CoreSession(com.mysql.cj.CoreSession) Session(com.mysql.cj.xdevapi.Session) Test(org.junit.jupiter.api.Test)

Example 14 with Session

use of com.mysql.cj.xdevapi.Session in project aws-mysql-jdbc by awslabs.

the class SessionFailoverTest method testConnectionTimeout.

/**
 * Tests xdevapi.connect-timeout and connectTimeout functionality.
 *
 * The real socket connect timeout can be revealed only when trying to connect to the unavailable remote host
 * pointed by IP address. Neither localhost IP nor domain names are working, they fail much faster then the timeout
 * is reached.
 * If default 10.77.77.77:37070 doesn't work in a particular testing setup (if the ip address is available)
 * please add this variable to ant call:
 * -Dcom.mysql.cj.testsuite.unavailable.host=unavailable_ip:port
 *
 * @throws Exception
 */
@Test
@Disabled("This test doesn't execute deterministically on some systems. It can be run manually in local systems when needed.")
public void testConnectionTimeout() throws Exception {
    String customFakeHost = System.getProperty(PropertyDefinitions.SYSP_testsuite_unavailable_host);
    String fakeHost = (customFakeHost != null && customFakeHost.trim().length() != 0) ? customFakeHost : "10.77.77.77:37070";
    // TS1_1 Create a session to a Server using explicit "xdevapi.connect-timeout" overriding implicit "connectTimeout".
    testConnectionTimeout_assertFailureTimeout(buildConnectionString(fakeHost) + "?" + makeParam(PropertyKey.xdevapiConnectTimeout, "500", true), 500, 1500);
    // TS1_2 Create a session to a Server using explicit "xdevapi.connect-timeout" overriding explicit "connectTimeout".
    testConnectionTimeout_assertFailureTimeout(buildConnectionString(fakeHost) + "?" + makeParam(PropertyKey.xdevapiConnectTimeout, "500", true) + makeParam(PropertyKey.connectTimeout, "8000"), 500, 1500);
    // TS1_3 Create a session to a Server using explicit "connectTimeout" overriding implicit "xdevapi.connect-timeout".
    testConnectionTimeout_assertFailureTimeout(buildConnectionString(fakeHost) + "?" + makeParam(PropertyKey.connectTimeout, "800", true), 800, 1800);
    // TS3_1 Create a session to a remote offline host not setting the "connect-timeout" parameter. The connection must timeout in ~10 seconds.
    // Default "connect-timeout" (10000 ms) overrides implicit "connectTimeout".
    testConnectionTimeout_assertFailureTimeout(buildConnectionString(fakeHost), 10000, 11000);
    // TS4_1 Create a session to a remote offline host setting "connect-timeout" to zero (0). The connection must not timeout until cancelled.
    testConnectionTimeout_assertFailureTimeout(buildConnectionString(fakeHost) + "?" + makeParam(PropertyKey.xdevapiConnectTimeout, "0", true), 12000, 600000);
    // TS6_1 Create a session using the fail over functionality passing two different Server addresses.
    // The Server with the higher priority must be offline. The connection must succeed after connect-timeout milliseconds.
    testConnectionTimeout_assertSuccessTimeout(buildConnectionString(fakeHost, this.testsHost) + "?" + makeParam(PropertyKey.xdevapiConnectTimeout, "1000", true), 1000, 2000);
    // TS6_2 Create a session using the fail over functionality passing two different Server addresses.
    // Both Servers must be offline. The connection must time out after connect-timeout * 2 milliseconds.
    testConnectionTimeout_assertFailureTimeout(buildConnectionString(fakeHost, fakeHost) + "?" + makeParam(PropertyKey.xdevapiConnectTimeout, "500", true), 1000, 2000);
    // TS8_1 Create a session to a Server using valid credentials passing the "connect-timeout" and set it to a valid value.
    // Call the function SLEEP() and set it to 10 seconds once the connections is established. No timeout exception/error must be displayed.
    long begin = System.currentTimeMillis();
    Session sess = this.fact.getSession(buildConnectionString(this.testsHost) + "?" + makeParam(PropertyKey.xdevapiConnectTimeout, "3000", true));
    sess.sql("SELECT SLEEP(11)").execute();
    long end = System.currentTimeMillis() - begin;
    assertTrue(end >= 11000 && end < 12000, "Expected: " + 11000 + ".." + 12000 + ". Got " + end);
    sess.close();
    // TS11_1 Set connection property xdevapi.connect-timeout=null, try to create Session, check that WrongArgumentException is thrown
    // with message "The connection property 'xdevapi.connect-timeout' only accepts integer values. The value 'null' can not be converted to an integer."
    assertThrows(WrongArgumentException.class, "The connection property 'xdevapi.connect-timeout' only accepts integer values. The value 'null' can not be converted to an integer.", () -> this.fact.getSession(buildConnectionString(fakeHost, this.testsHost) + "?" + makeParam(PropertyKey.xdevapiConnectTimeout, "null", true)));
    // TS11_2 Set connection property xdevapi.connect-timeout=-1, try to create Session, check that WrongArgumentException is thrown with
    // message "The connection property 'xdevapi.connect-timeout' only accepts integer values in the range of 0 - 2147483647, the value '-1' exceeds this range."
    assertThrows(WrongArgumentException.class, "The connection property 'xdevapi.connect-timeout' only accepts integer values in the range of 0 - 2147483647, the value '-1' exceeds this range.", () -> this.fact.getSession(buildConnectionString(fakeHost, this.testsHost) + "?" + makeParam(PropertyKey.xdevapiConnectTimeout, "-1", true)));
    // TS11_3 Set connection property xdevapi.connect-timeout=abc, try to create Session, check that WrongArgumentException is thrown with
    // message "The connection property 'xdevapi.connect-timeout' only accepts integer values. The value 'abc' can not be converted to an integer."
    assertThrows(WrongArgumentException.class, "The connection property 'xdevapi.connect-timeout' only accepts integer values. The value 'abc' can not be converted to an integer.", () -> this.fact.getSession(buildConnectionString(fakeHost, this.testsHost) + "?" + makeParam(PropertyKey.xdevapiConnectTimeout, "abc", true)));
    // TS11_4 Set connection property xdevapi.connect-timeout=, try to create Session, check that WrongArgumentException is thrown with
    // message "The connection property 'xdevapi.connect-timeout' only accepts integer values. The value '' can not be converted to an integer."
    assertThrows(WrongArgumentException.class, "The connection property 'xdevapi.connect-timeout' only accepts integer values. The value '' can not be converted to an integer.", () -> this.fact.getSession(buildConnectionString(fakeHost, this.testsHost) + "?" + makeParam(PropertyKey.xdevapiConnectTimeout, "", true)));
    // TS11_5 Set connection property xdevapi.connect-timeout=12.8. Please note that c/J truncates decimals w/o exception for integer parameters thus
    // the error message is not thrown against the property value. Try to connect with this connection string and ensure that CJCommunicationsException
    // is thrown not earlier than 12 ms and not later than 1000 ms.
    testConnectionTimeout_assertFailureTimeout(buildConnectionString(fakeHost) + "?" + makeParam(PropertyKey.xdevapiConnectTimeout, "12.8", true), 12, 1000);
    // TS12_1 Create a session to a Server giving a valid value for the "connect-timeout", and use invalid credentials.
    testConnectionTimeout_assertFailureTimeout(buildConnectionStringNoUser(this.testsHost) + "?" + makeParam(PropertyKey.xdevapiConnectTimeout, "1000", true) + makeParam(PropertyKey.USER, "nosuchuser"), 0, 1000, XProtocolError.class);
}
Also used : Session(com.mysql.cj.xdevapi.Session) Test(org.junit.jupiter.api.Test) Disabled(org.junit.jupiter.api.Disabled)

Example 15 with Session

use of com.mysql.cj.xdevapi.Session in project aws-mysql-jdbc by awslabs.

the class SessionTest method urlWithoutDefaultSchema.

@Test
public void urlWithoutDefaultSchema() {
    try {
        // Create user with mysql_native_password authentication plugin as it can be used with any of the authentication mechanisms.
        this.session.sql("CREATE USER IF NOT EXISTS 'testUserN'@'%' IDENTIFIED WITH mysql_native_password BY 'testUserN'").execute();
        this.session.sql("GRANT SELECT ON *.* TO 'testUserN'@'%'").execute();
        final SessionFactory testSessionFactory = new SessionFactory();
        final String testUriPattern1 = "mysqlx://testUserN:testUserN@%s:%s/?xdevapi.auth=%s";
        final String testUriPattern2 = "mysqlx://testUserN:testUserN@%s:%s?xdevapi.auth=%s";
        final String testUriPattern3 = "mysqlx://testUserN:testUserN@address=(host=%s)(port=%s)(xdevapi.auth=%s)";
        // Check if not setting a default schema works correctly when using different authentication mechanisms.
        String[] authMechs = mysqlVersionMeetsMinimum(ServerVersion.parseVersion("8.0.4")) ? new String[] { "PLAIN", "MYSQL41", "SHA256_MEMORY" } : new String[] { "PLAIN", "MYSQL41" };
        for (String authMech : authMechs) {
            for (String testUriPattern : new String[] { testUriPattern1, testUriPattern2, testUriPattern3 }) {
                // Test using a connection String.
                final String testUri = String.format(testUriPattern, getTestHost(), getTestPort(), authMech);
                final String testCase = "Testing no default schema with authentication mecanism '" + authMech + "' and URI '" + testUri + "'.";
                Session testSession = testSessionFactory.getSession(testUri);
                assertTrue(testSession.getUri().contains("/?"), testCase);
                assertEquals("", testSession.getDefaultSchemaName(), testCase);
                assertNull(testSession.getDefaultSchema(), testCase);
                assertNull(testSession.sql("SELECT database()").execute().fetchOne().getString(0), testCase);
                testSession.close();
            }
            // Test using a properties map.
            final String testCase = "Testing no default schema with authentication mecanism '" + authMech + "'.";
            final Properties testProps = new Properties();
            testProps.setProperty(PropertyKey.USER.getKeyName(), "testUserN");
            testProps.setProperty(PropertyKey.PASSWORD.getKeyName(), "testUserN");
            testProps.setProperty(PropertyKey.HOST.getKeyName(), getTestHost());
            testProps.setProperty(PropertyKey.PORT.getKeyName(), String.valueOf(getTestPort()));
            testProps.setProperty(PropertyKey.xdevapiAuth.getKeyName(), authMech);
            Session testSession = testSessionFactory.getSession(testProps);
            assertTrue(testSession.getUri().contains("/?"), testCase);
            assertEquals("", testSession.getDefaultSchemaName(), testCase);
            assertNull(testSession.getDefaultSchema(), testCase);
            assertNull(testSession.sql("SELECT database()").execute().fetchOne().getString(0), testCase);
            testSession.close();
        }
    } finally {
        this.session.sql("DROP USER IF EXISTS testUserN").execute();
    }
}
Also used : SessionFactory(com.mysql.cj.xdevapi.SessionFactory) JsonString(com.mysql.cj.xdevapi.JsonString) Properties(java.util.Properties) CoreSession(com.mysql.cj.CoreSession) Session(com.mysql.cj.xdevapi.Session) Test(org.junit.jupiter.api.Test)

Aggregations

Session (com.mysql.cj.xdevapi.Session)85 Test (org.junit.jupiter.api.Test)79 JsonString (com.mysql.cj.xdevapi.JsonString)40 SessionFactory (com.mysql.cj.xdevapi.SessionFactory)39 CoreSession (com.mysql.cj.CoreSession)38 Collection (com.mysql.cj.xdevapi.Collection)33 Properties (java.util.Properties)29 ExecutionException (java.util.concurrent.ExecutionException)26 WrongArgumentException (com.mysql.cj.exceptions.WrongArgumentException)23 Schema (com.mysql.cj.xdevapi.Schema)22 DocResult (com.mysql.cj.xdevapi.DocResult)16 DbDoc (com.mysql.cj.xdevapi.DbDoc)15 SessionImpl (com.mysql.cj.xdevapi.SessionImpl)15 SqlResult (com.mysql.cj.xdevapi.SqlResult)15 Row (com.mysql.cj.xdevapi.Row)14 Client (com.mysql.cj.xdevapi.Client)11 ClientFactory (com.mysql.cj.xdevapi.ClientFactory)11 RowResult (com.mysql.cj.xdevapi.RowResult)10 Field (java.lang.reflect.Field)9 CJCommunicationsException (com.mysql.cj.exceptions.CJCommunicationsException)8