Search in sources :

Example 6 with HttpClient

use of org.apache.druid.java.util.http.client.HttpClient in project druid by druid-io.

the class ITTLSTest method makeCertlessClient.

private HttpClient makeCertlessClient() {
    SSLContext certlessClientSSLContext = new TLSUtils.ClientSSLContextBuilder().setProtocol(sslClientConfig.getProtocol()).setTrustStoreType(sslClientConfig.getTrustStoreType()).setTrustStorePath(sslClientConfig.getTrustStorePath()).setTrustStoreAlgorithm(sslClientConfig.getTrustStoreAlgorithm()).setTrustStorePasswordProvider(sslClientConfig.getTrustStorePasswordProvider()).setCertificateChecker(certificateChecker).build();
    final HttpClientConfig.Builder builder = getHttpClientConfigBuilder(certlessClientSSLContext);
    final Lifecycle lifecycle = new Lifecycle();
    HttpClient client = HttpClientInit.createClient(builder.build(), lifecycle);
    HttpClient adminClient = new CredentialedHttpClient(new BasicCredentials("admin", "priest"), client);
    return adminClient;
}
Also used : CredentialedHttpClient(org.apache.druid.java.util.http.client.CredentialedHttpClient) HttpClientConfig(org.apache.druid.java.util.http.client.HttpClientConfig) DruidHttpClientConfig(org.apache.druid.guice.http.DruidHttpClientConfig) TLSUtils(org.apache.druid.server.security.TLSUtils) Lifecycle(org.apache.druid.java.util.common.lifecycle.Lifecycle) HttpClient(org.apache.druid.java.util.http.client.HttpClient) CredentialedHttpClient(org.apache.druid.java.util.http.client.CredentialedHttpClient) SSLContext(javax.net.ssl.SSLContext) BasicCredentials(org.apache.druid.java.util.http.client.auth.BasicCredentials)

Example 7 with HttpClient

use of org.apache.druid.java.util.http.client.HttpClient in project druid by druid-io.

the class ITTLSTest method checkAccessWithNoCert.

@Test
public void checkAccessWithNoCert() {
    LOG.info("---------Testing TLS resource access without a certificate---------");
    HttpClient certlessClient = makeCertlessClient();
    checkFailedAccessNoCert(certlessClient, HttpMethod.GET, config.getCoordinatorTLSUrl());
    checkFailedAccessNoCert(certlessClient, HttpMethod.GET, config.getOverlordTLSUrl());
    checkFailedAccessNoCert(certlessClient, HttpMethod.GET, config.getBrokerTLSUrl());
    checkFailedAccessNoCert(certlessClient, HttpMethod.GET, config.getHistoricalTLSUrl());
    checkFailedAccessNoCert(certlessClient, HttpMethod.GET, config.getRouterTLSUrl());
    checkFailedAccessNoCert(certlessClient, HttpMethod.GET, config.getPermissiveRouterTLSUrl());
    makeRequest(certlessClient, HttpMethod.GET, config.getNoClientAuthRouterTLSUrl() + "/status", null);
}
Also used : HttpClient(org.apache.druid.java.util.http.client.HttpClient) CredentialedHttpClient(org.apache.druid.java.util.http.client.CredentialedHttpClient) Test(org.testng.annotations.Test)

Example 8 with HttpClient

use of org.apache.druid.java.util.http.client.HttpClient in project druid by druid-io.

the class ITTLSTest method checkAccessWithExpiredCert.

@Test
public void checkAccessWithExpiredCert() {
    LOG.info("---------Testing TLS resource access when client certificate has expired---------");
    HttpClient expiredClient = makeCustomHttpClient("client_tls/expired_client.jks", "expired_client");
    checkFailedAccessExpired(expiredClient, HttpMethod.GET, config.getCoordinatorTLSUrl());
    checkFailedAccessExpired(expiredClient, HttpMethod.GET, config.getOverlordTLSUrl());
    checkFailedAccessExpired(expiredClient, HttpMethod.GET, config.getBrokerTLSUrl());
    checkFailedAccessExpired(expiredClient, HttpMethod.GET, config.getHistoricalTLSUrl());
    checkFailedAccessExpired(expiredClient, HttpMethod.GET, config.getRouterTLSUrl());
    checkFailedAccessExpired(expiredClient, HttpMethod.GET, config.getPermissiveRouterTLSUrl());
    makeRequest(expiredClient, HttpMethod.GET, config.getNoClientAuthRouterTLSUrl() + "/status", null);
}
Also used : HttpClient(org.apache.druid.java.util.http.client.HttpClient) CredentialedHttpClient(org.apache.druid.java.util.http.client.CredentialedHttpClient) Test(org.testng.annotations.Test)

Example 9 with HttpClient

use of org.apache.druid.java.util.http.client.HttpClient in project druid by druid-io.

the class ITTLSTest method testTLSNodeAccess.

@Test
public void testTLSNodeAccess() {
    LOG.info("---------Testing resource access with TLS enabled---------");
    HttpClient adminClient = new CredentialedHttpClient(new BasicCredentials("admin", "priest"), httpClient);
    makeRequest(adminClient, HttpMethod.GET, config.getCoordinatorTLSUrl() + "/status", null);
    makeRequest(adminClient, HttpMethod.GET, config.getOverlordTLSUrl() + "/status", null);
    makeRequest(adminClient, HttpMethod.GET, config.getBrokerTLSUrl() + "/status", null);
    makeRequest(adminClient, HttpMethod.GET, config.getHistoricalTLSUrl() + "/status", null);
    makeRequest(adminClient, HttpMethod.GET, config.getRouterTLSUrl() + "/status", null);
    makeRequest(adminClient, HttpMethod.GET, config.getPermissiveRouterTLSUrl() + "/status", null);
    makeRequest(adminClient, HttpMethod.GET, config.getNoClientAuthRouterTLSUrl() + "/status", null);
}
Also used : CredentialedHttpClient(org.apache.druid.java.util.http.client.CredentialedHttpClient) HttpClient(org.apache.druid.java.util.http.client.HttpClient) CredentialedHttpClient(org.apache.druid.java.util.http.client.CredentialedHttpClient) BasicCredentials(org.apache.druid.java.util.http.client.auth.BasicCredentials) Test(org.testng.annotations.Test)

Example 10 with HttpClient

use of org.apache.druid.java.util.http.client.HttpClient in project druid by druid-io.

the class ITTLSTest method checkAccessWithCustomCertificateChecks.

@Test
public void checkAccessWithCustomCertificateChecks() {
    LOG.info("---------Testing TLS resource access with custom certificate checks---------");
    HttpClient wrongHostnameClient = makeCustomHttpClient("client_tls/invalid_hostname_client.jks", "invalid_hostname_client", new ITTLSCertificateChecker());
    checkFailedAccessWrongHostname(httpClient, HttpMethod.GET, config.getCustomCertCheckRouterTLSUrl());
    makeRequest(wrongHostnameClient, HttpMethod.GET, config.getCustomCertCheckRouterTLSUrl() + "/status", null);
    checkFailedAccess(wrongHostnameClient, HttpMethod.POST, config.getCustomCertCheckRouterTLSUrl() + "/druid/v2", "Custom cert check", ISE.class, "Error while making request to url[https://127.0.0.1:9091/druid/v2] status[400 Bad Request] content[{\"error\":\"Unknown exception\",\"errorMessage\":\"No content to map due to end-of-input", true);
    makeRequest(wrongHostnameClient, HttpMethod.GET, config.getCustomCertCheckRouterTLSUrl() + "/druid/coordinator/v1/leader", null);
}
Also used : HttpClient(org.apache.druid.java.util.http.client.HttpClient) CredentialedHttpClient(org.apache.druid.java.util.http.client.CredentialedHttpClient) ITTLSCertificateChecker(org.apache.druid.testing.utils.ITTLSCertificateChecker) Test(org.testng.annotations.Test)

Aggregations

HttpClient (org.apache.druid.java.util.http.client.HttpClient)36 Test (org.junit.Test)16 CredentialedHttpClient (org.apache.druid.java.util.http.client.CredentialedHttpClient)15 ArrayList (java.util.ArrayList)10 Test (org.testng.annotations.Test)10 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)9 List (java.util.List)9 CuratorFramework (org.apache.curator.framework.CuratorFramework)9 ZkPathsConfig (org.apache.druid.server.initialization.ZkPathsConfig)9 ImmutableList (com.google.common.collect.ImmutableList)8 ScheduledExecutorService (java.util.concurrent.ScheduledExecutorService)8 AtomicReference (java.util.concurrent.atomic.AtomicReference)8 DruidNodeDiscoveryProvider (org.apache.druid.discovery.DruidNodeDiscoveryProvider)8 TaskRunnerListener (org.apache.druid.indexing.overlord.TaskRunnerListener)8 TaskStorage (org.apache.druid.indexing.overlord.TaskStorage)8 HttpRemoteTaskRunnerConfig (org.apache.druid.indexing.overlord.config.HttpRemoteTaskRunnerConfig)8 Worker (org.apache.druid.indexing.worker.Worker)8 IndexerZkConfig (org.apache.druid.server.initialization.IndexerZkConfig)8 DiscoveryDruidNode (org.apache.druid.discovery.DiscoveryDruidNode)7 WorkerNodeService (org.apache.druid.discovery.WorkerNodeService)7