/**
* * Test SSL client connection to SSL server
*
* @throws Exception
*/
@Test
public void testSSLConnectionWithProperty() throws Exception {
setSslConfOverlay(confOverlay);
// Test in binary mode
setBinaryConfOverlay(confOverlay);
// Start HS2 with SSL
miniHS2.start(confOverlay);
System.setProperty(JAVA_TRUST_STORE_PROP, dataFileDir + File.separator + TRUST_STORE_NAME);
System.setProperty(JAVA_TRUST_STORE_PASS_PROP, KEY_STORE_PASSWORD);
// make SSL connection
hs2Conn =
DriverManager.getConnection(
miniHS2.getJdbcURL() + ";ssl=true", System.getProperty("user.name"), "bar");
hs2Conn.close();
miniHS2.stop();
// Test in http mode
setHttpConfOverlay(confOverlay);
miniHS2.start(confOverlay);
// make SSL connection
hs2Conn =
DriverManager.getConnection(
miniHS2.getJdbcURL("default", SSL_CONN_PARAMS), System.getProperty("user.name"), "bar");
hs2Conn.close();
}
@After
public void tearDown() throws Exception {
if (hs2Conn != null) {
hs2Conn.close();
}
if (miniHS2 != null && miniHS2.isStarted()) {
miniHS2.stop();
}
System.clearProperty(JAVA_TRUST_STORE_PROP);
System.clearProperty(JAVA_TRUST_STORE_PASS_PROP);
}
/**
* * Test SSL client with non-SSL server fails
*
* @throws Exception
*/
@Test
public void testInvalidConfig() throws Exception {
clearSslConfOverlay(confOverlay);
// Test in binary mode
setBinaryConfOverlay(confOverlay);
miniHS2.start(confOverlay);
DriverManager.setLoginTimeout(4);
try {
hs2Conn =
DriverManager.getConnection(
miniHS2.getJdbcURL("default", SSL_CONN_PARAMS),
System.getProperty("user.name"),
"bar");
fail("SSL connection should fail with NON-SSL server");
} catch (SQLException e) {
// expected error
assertEquals("08S01", e.getSQLState().trim());
}
System.setProperty(JAVA_TRUST_STORE_PROP, dataFileDir + File.separator + TRUST_STORE_NAME);
System.setProperty(JAVA_TRUST_STORE_PASS_PROP, KEY_STORE_PASSWORD);
try {
hs2Conn =
DriverManager.getConnection(
miniHS2.getJdbcURL() + ";ssl=true", System.getProperty("user.name"), "bar");
fail("SSL connection should fail with NON-SSL server");
} catch (SQLException e) {
// expected error
assertEquals("08S01", e.getSQLState().trim());
}
miniHS2.stop();
// Test in http mode with ssl properties specified in url
System.clearProperty(JAVA_TRUST_STORE_PROP);
System.clearProperty(JAVA_TRUST_STORE_PASS_PROP);
setHttpConfOverlay(confOverlay);
miniHS2.start(confOverlay);
try {
hs2Conn =
DriverManager.getConnection(
miniHS2.getJdbcURL("default", SSL_CONN_PARAMS),
System.getProperty("user.name"),
"bar");
fail("SSL connection should fail with NON-SSL server");
} catch (SQLException e) {
// expected error
assertEquals("08S01", e.getSQLState().trim());
}
}
/**
* * Test non-SSL client with SSL server fails
*
* @throws Exception
*/
@Test
public void testConnectionMismatch() throws Exception {
setSslConfOverlay(confOverlay);
// Test in binary mode
setBinaryConfOverlay(confOverlay);
miniHS2.start(confOverlay);
// Start HS2 with SSL
try {
hs2Conn =
DriverManager.getConnection(miniHS2.getJdbcURL(), System.getProperty("user.name"), "bar");
fail("NON SSL connection should fail with SSL server");
} catch (SQLException e) {
// expected error
assertEquals("08S01", e.getSQLState().trim());
}
try {
hs2Conn =
DriverManager.getConnection(
miniHS2.getJdbcURL() + ";ssl=false", System.getProperty("user.name"), "bar");
fail("NON SSL connection should fail with SSL server");
} catch (SQLException e) {
// expected error
assertEquals("08S01", e.getSQLState().trim());
}
miniHS2.stop();
// Test in http mode
setHttpConfOverlay(confOverlay);
miniHS2.start(confOverlay);
try {
hs2Conn =
DriverManager.getConnection(
miniHS2.getJdbcURL("default", ";ssl=false"), System.getProperty("user.name"), "bar");
fail("NON SSL connection should fail with SSL server");
} catch (SQLException e) {
// expected error
assertEquals("08S01", e.getSQLState().trim());
}
}
/**
* * Test SSL client connection to SSL server
*
* @throws Exception
*/
@Test
public void testSSLConnectionWithURL() throws Exception {
setSslConfOverlay(confOverlay);
// Test in binary mode
setBinaryConfOverlay(confOverlay);
// Start HS2 with SSL
miniHS2.start(confOverlay);
// make SSL connection
hs2Conn =
DriverManager.getConnection(
miniHS2.getJdbcURL("default", SSL_CONN_PARAMS), System.getProperty("user.name"), "bar");
hs2Conn.close();
miniHS2.stop();
// Test in http mode
setHttpConfOverlay(confOverlay);
miniHS2.start(confOverlay);
// make SSL connection
hs2Conn =
DriverManager.getConnection(
miniHS2.getJdbcURL("default", SSL_CONN_PARAMS), System.getProperty("user.name"), "bar");
hs2Conn.close();
}
@AfterClass
public static void afterTest() throws Exception {
if (miniHS2.isStarted()) {
miniHS2.stop();
}
}
/** * Tests to ensure SSLv2 and SSLv3 are disabled */
@Test
public void testSSLVersion() throws Exception {
// we need openssl
Assume.assumeTrue(execCommand("which openssl") == 0);
// we depend on linux openssl exit codes
Assume.assumeTrue(System.getProperty("os.name").toLowerCase().contains("linux"));
setSslConfOverlay(confOverlay);
// Test in binary mode
setBinaryConfOverlay(confOverlay);
// Start HS2 with SSL
miniHS2.start(confOverlay);
// make SSL connection
hs2Conn =
DriverManager.getConnection(
miniHS2.getJdbcURL()
+ ";ssl=true;sslTrustStore="
+ dataFileDir
+ File.separator
+ TRUST_STORE_NAME
+ ";trustStorePassword="******"user.name"),
"bar");
hs2Conn.close();
Assert.assertEquals(
"Expected exit code of 1",
1,
execCommand(
"openssl s_client -connect "
+ miniHS2.getHost()
+ ":"
+ miniHS2.getBinaryPort()
+ " -ssl2 < /dev/null"));
Assert.assertEquals(
"Expected exit code of 1",
1,
execCommand(
"openssl s_client -connect "
+ miniHS2.getHost()
+ ":"
+ miniHS2.getBinaryPort()
+ " -ssl3 < /dev/null"));
miniHS2.stop();
// Test in http mode
setHttpConfOverlay(confOverlay);
miniHS2.start(confOverlay);
// make SSL connection
try {
hs2Conn =
DriverManager.getConnection(
miniHS2.getJdbcURL()
+ ";ssl=true;sslTrustStore="
+ dataFileDir
+ File.separator
+ TRUST_STORE_NAME
+ ";trustStorePassword="******"user.name"),
"bar");
Assert.fail("Expected SQLException during connect");
} catch (SQLException e) {
LOG.info("Expected exception: " + e, e);
Assert.assertEquals("08S01", e.getSQLState().trim());
Throwable cause = e.getCause();
Assert.assertNotNull(cause);
while (cause.getCause() != null) {
cause = cause.getCause();
}
Assert.assertEquals("org.apache.http.NoHttpResponseException", cause.getClass().getName());
Assert.assertTrue(cause.getMessage().contains("failed to respond"));
}
miniHS2.stop();
}
@AfterClass
public static void afterTest() throws Exception {
miniHS2.stop();
}
@AfterClass
public static void tearDownAfterClass() throws Exception {
miniHS2.stop();
}