use of org.apache.druid.java.util.http.client.HttpClient in project druid by druid-io.
the class ITTLSTest method makeCertlessClient.
private HttpClient makeCertlessClient() {
SSLContext certlessClientSSLContext = new TLSUtils.ClientSSLContextBuilder().setProtocol(sslClientConfig.getProtocol()).setTrustStoreType(sslClientConfig.getTrustStoreType()).setTrustStorePath(sslClientConfig.getTrustStorePath()).setTrustStoreAlgorithm(sslClientConfig.getTrustStoreAlgorithm()).setTrustStorePasswordProvider(sslClientConfig.getTrustStorePasswordProvider()).setCertificateChecker(certificateChecker).build();
final HttpClientConfig.Builder builder = getHttpClientConfigBuilder(certlessClientSSLContext);
final Lifecycle lifecycle = new Lifecycle();
HttpClient client = HttpClientInit.createClient(builder.build(), lifecycle);
HttpClient adminClient = new CredentialedHttpClient(new BasicCredentials("admin", "priest"), client);
return adminClient;
}
use of org.apache.druid.java.util.http.client.HttpClient in project druid by druid-io.
the class ITTLSTest method checkAccessWithNoCert.
@Test
public void checkAccessWithNoCert() {
LOG.info("---------Testing TLS resource access without a certificate---------");
HttpClient certlessClient = makeCertlessClient();
checkFailedAccessNoCert(certlessClient, HttpMethod.GET, config.getCoordinatorTLSUrl());
checkFailedAccessNoCert(certlessClient, HttpMethod.GET, config.getOverlordTLSUrl());
checkFailedAccessNoCert(certlessClient, HttpMethod.GET, config.getBrokerTLSUrl());
checkFailedAccessNoCert(certlessClient, HttpMethod.GET, config.getHistoricalTLSUrl());
checkFailedAccessNoCert(certlessClient, HttpMethod.GET, config.getRouterTLSUrl());
checkFailedAccessNoCert(certlessClient, HttpMethod.GET, config.getPermissiveRouterTLSUrl());
makeRequest(certlessClient, HttpMethod.GET, config.getNoClientAuthRouterTLSUrl() + "/status", null);
}
use of org.apache.druid.java.util.http.client.HttpClient in project druid by druid-io.
the class ITTLSTest method checkAccessWithExpiredCert.
@Test
public void checkAccessWithExpiredCert() {
LOG.info("---------Testing TLS resource access when client certificate has expired---------");
HttpClient expiredClient = makeCustomHttpClient("client_tls/expired_client.jks", "expired_client");
checkFailedAccessExpired(expiredClient, HttpMethod.GET, config.getCoordinatorTLSUrl());
checkFailedAccessExpired(expiredClient, HttpMethod.GET, config.getOverlordTLSUrl());
checkFailedAccessExpired(expiredClient, HttpMethod.GET, config.getBrokerTLSUrl());
checkFailedAccessExpired(expiredClient, HttpMethod.GET, config.getHistoricalTLSUrl());
checkFailedAccessExpired(expiredClient, HttpMethod.GET, config.getRouterTLSUrl());
checkFailedAccessExpired(expiredClient, HttpMethod.GET, config.getPermissiveRouterTLSUrl());
makeRequest(expiredClient, HttpMethod.GET, config.getNoClientAuthRouterTLSUrl() + "/status", null);
}
use of org.apache.druid.java.util.http.client.HttpClient in project druid by druid-io.
the class ITTLSTest method testTLSNodeAccess.
@Test
public void testTLSNodeAccess() {
LOG.info("---------Testing resource access with TLS enabled---------");
HttpClient adminClient = new CredentialedHttpClient(new BasicCredentials("admin", "priest"), httpClient);
makeRequest(adminClient, HttpMethod.GET, config.getCoordinatorTLSUrl() + "/status", null);
makeRequest(adminClient, HttpMethod.GET, config.getOverlordTLSUrl() + "/status", null);
makeRequest(adminClient, HttpMethod.GET, config.getBrokerTLSUrl() + "/status", null);
makeRequest(adminClient, HttpMethod.GET, config.getHistoricalTLSUrl() + "/status", null);
makeRequest(adminClient, HttpMethod.GET, config.getRouterTLSUrl() + "/status", null);
makeRequest(adminClient, HttpMethod.GET, config.getPermissiveRouterTLSUrl() + "/status", null);
makeRequest(adminClient, HttpMethod.GET, config.getNoClientAuthRouterTLSUrl() + "/status", null);
}
use of org.apache.druid.java.util.http.client.HttpClient in project druid by druid-io.
the class ITTLSTest method checkAccessWithCustomCertificateChecks.
@Test
public void checkAccessWithCustomCertificateChecks() {
LOG.info("---------Testing TLS resource access with custom certificate checks---------");
HttpClient wrongHostnameClient = makeCustomHttpClient("client_tls/invalid_hostname_client.jks", "invalid_hostname_client", new ITTLSCertificateChecker());
checkFailedAccessWrongHostname(httpClient, HttpMethod.GET, config.getCustomCertCheckRouterTLSUrl());
makeRequest(wrongHostnameClient, HttpMethod.GET, config.getCustomCertCheckRouterTLSUrl() + "/status", null);
checkFailedAccess(wrongHostnameClient, HttpMethod.POST, config.getCustomCertCheckRouterTLSUrl() + "/druid/v2", "Custom cert check", ISE.class, "Error while making request to url[https://127.0.0.1:9091/druid/v2] status[400 Bad Request] content[{\"error\":\"Unknown exception\",\"errorMessage\":\"No content to map due to end-of-input", true);
makeRequest(wrongHostnameClient, HttpMethod.GET, config.getCustomCertCheckRouterTLSUrl() + "/druid/coordinator/v1/leader", null);
}
Aggregations