diff --git a/modules/clients/pom.xml b/modules/clients/pom.xml
index 851c763fd3228..bff5c9b8d86f9 100644
--- a/modules/clients/pom.xml
+++ b/modules/clients/pom.xml
@@ -50,7 +50,7 @@
redis.clients
jedis
- 2.9.0
+ 7.2.1
test
diff --git a/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/protocols/tcp/redis/RedisCommonAbstractTest.java b/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/protocols/tcp/redis/RedisCommonAbstractTest.java
index 6f0b0f615acf5..19993574a529c 100644
--- a/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/protocols/tcp/redis/RedisCommonAbstractTest.java
+++ b/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/protocols/tcp/redis/RedisCommonAbstractTest.java
@@ -22,8 +22,10 @@
import org.apache.ignite.configuration.ConnectorConfiguration;
import org.apache.ignite.configuration.IgniteConfiguration;
import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest;
-import redis.clients.jedis.JedisPool;
-import redis.clients.jedis.JedisPoolConfig;
+import redis.clients.jedis.ClientSetInfoConfig;
+import redis.clients.jedis.DefaultJedisClientConfig;
+import redis.clients.jedis.HostAndPort;
+import redis.clients.jedis.Jedis;
/**
* Common for all Redis tests.
@@ -38,8 +40,8 @@ public class RedisCommonAbstractTest extends GridCommonAbstractTest {
/** Port. */
protected static final int PORT = 6379;
- /** Pool. */
- protected static JedisPool pool;
+ /** Redis client factory. */
+ protected static RedisClientFactory redisClientFactory;
/** Default Redis cache name. */
private static final String DFLT_CACHE_NAME = "redis-ignite-internal-cache-0";
@@ -48,23 +50,19 @@ public class RedisCommonAbstractTest extends GridCommonAbstractTest {
@Override protected void beforeTestsStarted() throws Exception {
startGrids(gridCount());
- JedisPoolConfig jedisPoolCfg = new JedisPoolConfig();
-
- jedisPoolCfg.setMaxWaitMillis(20000);
- jedisPoolCfg.setMaxIdle(100);
- jedisPoolCfg.setMinIdle(1);
- jedisPoolCfg.setNumTestsPerEvictionRun(10);
- jedisPoolCfg.setTestOnBorrow(true);
- jedisPoolCfg.setTestOnReturn(true);
- jedisPoolCfg.setTestWhileIdle(true);
- jedisPoolCfg.setTimeBetweenEvictionRunsMillis(30000);
-
- pool = new JedisPool(jedisPoolCfg, HOST, PORT, 10000);
+ redisClientFactory = new RedisClientFactory(
+ new HostAndPort(HOST, PORT),
+ DefaultJedisClientConfig.builder()
+ .connectionTimeoutMillis(10000)
+ .socketTimeoutMillis(10000)
+ .clientSetInfoConfig(ClientSetInfoConfig.DISABLED)
+ .build()
+ );
}
/** {@inheritDoc} */
@Override protected void afterTestsStopped() throws Exception {
- pool.destroy();
+ redisClientFactory = null;
}
/** {@inheritDoc} */
@@ -82,7 +80,7 @@ public class RedisCommonAbstractTest extends GridCommonAbstractTest {
cfg.setConnectorConfiguration(redisCfg);
- CacheConfiguration ccfg = defaultCacheConfiguration();
+ CacheConfiguration ccfg = defaultCacheConfiguration();
ccfg.setStatisticsEnabled(true);
ccfg.setIndexedTypes(String.class, String.class);
@@ -116,4 +114,31 @@ protected int gridCount() {
assertTrue(jcache().localSize() == 0);
}
+
+ /**
+ * Lightweight Redis connection factory.
+ */
+ protected static class RedisClientFactory {
+ /** Redis address. */
+ private final HostAndPort addr;
+
+ /** Client config. */
+ private final DefaultJedisClientConfig cfg;
+
+ /**
+ * @param addr Redis address.
+ * @param cfg Client config.
+ */
+ RedisClientFactory(HostAndPort addr, DefaultJedisClientConfig cfg) {
+ this.addr = addr;
+ this.cfg = cfg;
+ }
+
+ /**
+ * @return Redis client.
+ */
+ Jedis getResource() {
+ return new Jedis(addr, cfg);
+ }
+ }
}
diff --git a/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/protocols/tcp/redis/RedisProtocolConnectSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/protocols/tcp/redis/RedisProtocolConnectSelfTest.java
index b22f823042fb6..a1d2393942fc4 100644
--- a/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/protocols/tcp/redis/RedisProtocolConnectSelfTest.java
+++ b/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/protocols/tcp/redis/RedisProtocolConnectSelfTest.java
@@ -33,7 +33,7 @@ public class RedisProtocolConnectSelfTest extends RedisCommonAbstractTest {
*/
@Test
public void testPing() throws Exception {
- try (Jedis jedis = pool.getResource()) {
+ try (Jedis jedis = redisClientFactory.getResource()) {
Assert.assertEquals("PONG", jedis.ping());
}
}
@@ -43,7 +43,7 @@ public void testPing() throws Exception {
*/
@Test
public void testEcho() throws Exception {
- try (Jedis jedis = pool.getResource()) {
+ try (Jedis jedis = redisClientFactory.getResource()) {
Assert.assertEquals("Hello, grid!", jedis.echo("Hello, grid!"));
}
}
@@ -53,7 +53,7 @@ public void testEcho() throws Exception {
*/
@Test
public void testSelect() throws Exception {
- try (Jedis jedis = pool.getResource()) {
+ try (Jedis jedis = redisClientFactory.getResource()) {
// connected to cache with index 0
jedis.set("k0", "v0");
Assert.assertEquals("v0", jedis.get("k0"));
@@ -64,7 +64,7 @@ public void testSelect() throws Exception {
Assert.assertEquals("v1", jedis.get("k1"));
Assert.assertNull(jedis.get("k0"));
- try (Jedis jedis2 = pool.getResource()) {
+ try (Jedis jedis2 = redisClientFactory.getResource()) {
// connected to cache with index 0
Assert.assertEquals("v0", jedis2.get("k0"));
Assert.assertNull(jedis2.get("k1"));
@@ -81,7 +81,7 @@ public void testSelect() throws Exception {
/** */
@Test
public void testSetGetLongString() {
- try (Jedis jedis = pool.getResource()) {
+ try (Jedis jedis = redisClientFactory.getResource()) {
for (int len : new int[] {8, 16, 32}) {
String key = "b" + len;
String val = RandomStringUtils.randomAscii((int)(len * KB));
diff --git a/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/protocols/tcp/redis/RedisProtocolServerSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/protocols/tcp/redis/RedisProtocolServerSelfTest.java
index 1e833c2fc52b9..714834f5aa7c0 100644
--- a/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/protocols/tcp/redis/RedisProtocolServerSelfTest.java
+++ b/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/protocols/tcp/redis/RedisProtocolServerSelfTest.java
@@ -31,7 +31,7 @@ public class RedisProtocolServerSelfTest extends RedisCommonAbstractTest {
*/
@Test
public void testDbSize() throws Exception {
- try (Jedis jedis = pool.getResource()) {
+ try (Jedis jedis = redisClientFactory.getResource()) {
Assert.assertEquals(0, (long)jedis.dbSize());
jcache().putAll(new HashMap() {
@@ -50,7 +50,7 @@ public void testDbSize() throws Exception {
*/
@Test
public void testFlushDb() throws Exception {
- try (Jedis jedis = pool.getResource()) {
+ try (Jedis jedis = redisClientFactory.getResource()) {
Assert.assertEquals(0, (long)jedis.dbSize());
jcache().putAll(new HashMap() {
@@ -87,7 +87,7 @@ public void testFlushDb() throws Exception {
*/
@Test
public void testFlushAll() throws Exception {
- try (Jedis jedis = pool.getResource()) {
+ try (Jedis jedis = redisClientFactory.getResource()) {
Assert.assertEquals(0, (long)jedis.dbSize());
for (int i = 0; i < 100; i++)
diff --git a/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/protocols/tcp/redis/RedisProtocolStringAtomicDatastructuresSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/protocols/tcp/redis/RedisProtocolStringAtomicDatastructuresSelfTest.java
index 64b17ece9fc68..f5e062025ab4c 100644
--- a/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/protocols/tcp/redis/RedisProtocolStringAtomicDatastructuresSelfTest.java
+++ b/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/protocols/tcp/redis/RedisProtocolStringAtomicDatastructuresSelfTest.java
@@ -31,7 +31,7 @@ public class RedisProtocolStringAtomicDatastructuresSelfTest extends RedisCommon
*/
@Test
public void testAtomicCommandsTopologyChange() throws Exception {
- try (Jedis jedis = pool.getResource()) {
+ try (Jedis jedis = redisClientFactory.getResource()) {
int size = grid(0).cachesx().size();
jedis.incr("key1");
diff --git a/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/protocols/tcp/redis/RedisProtocolStringSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/protocols/tcp/redis/RedisProtocolStringSelfTest.java
index c1d5e08416fa6..c55c3e712b157 100644
--- a/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/protocols/tcp/redis/RedisProtocolStringSelfTest.java
+++ b/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/protocols/tcp/redis/RedisProtocolStringSelfTest.java
@@ -26,6 +26,7 @@
import org.junit.Test;
import redis.clients.jedis.Jedis;
import redis.clients.jedis.exceptions.JedisDataException;
+import redis.clients.jedis.params.SetParams;
/**
* Tests for String commands of Redis protocol.
@@ -36,7 +37,7 @@ public class RedisProtocolStringSelfTest extends RedisCommonAbstractTest {
*/
@Test
public void testGet() throws Exception {
- try (Jedis jedis = pool.getResource()) {
+ try (Jedis jedis = redisClientFactory.getResource()) {
jcache().put("getKey1", "getVal1");
Assert.assertEquals("getVal1", jedis.get("getKey1"));
@@ -60,18 +61,18 @@ public void testGet() throws Exception {
*/
@Test
public void testGetSet() throws Exception {
- try (Jedis jedis = pool.getResource()) {
+ try (Jedis jedis = redisClientFactory.getResource()) {
jcache().put("getSetKey1", "1");
- Assert.assertEquals("1", jedis.getSet("getSetKey1", "0"));
+ Assert.assertEquals("1", jedis.setGet("getSetKey1", "0"));
Assert.assertNull(jedis.get("getSetNonExistingKey"));
- jcache().put("setDataTypeKey", new HashSet(Arrays.asList("1", "2")));
+ jcache().put("setDataTypeKey", new HashSet<>(Arrays.asList("1", "2")));
try {
- jedis.getSet("setDataTypeKey", "0");
+ jedis.setGet("setDataTypeKey", "0");
- assert false : "Exception has to be thrown!";
+ fail("Exception has to be thrown!");
}
catch (JedisDataException e) {
assertTrue(e.getMessage().startsWith("WRONGTYPE"));
@@ -84,7 +85,7 @@ public void testGetSet() throws Exception {
*/
@Test
public void testMGet() throws Exception {
- try (Jedis jedis = pool.getResource()) {
+ try (Jedis jedis = redisClientFactory.getResource()) {
jcache().put("getKey1", "getVal1");
jcache().put("getKey2", 0);
@@ -133,7 +134,7 @@ public void testMGetOrder(boolean directOrder) {
values.add("getValue" + i);
}
- try (Jedis jedis = pool.getResource()) {
+ try (Jedis jedis = redisClientFactory.getResource()) {
for (int i = 0; i < keysCnt; ++i)
jcache().put(keys.get(i), values.get(i));
@@ -158,7 +159,7 @@ public void testMGetOrder(boolean directOrder) {
*/
@Test
public void testMGetDuplicates() throws Exception {
- try (Jedis jedis = pool.getResource()) {
+ try (Jedis jedis = redisClientFactory.getResource()) {
jcache().put("key-A", "value-A");
jcache().put("key-B", "value-B");
@@ -180,7 +181,7 @@ public void testSet() throws Exception {
long EXPIRE_MS = 1000L;
int EXPIRE_SEC = 1;
- try (Jedis jedis = pool.getResource()) {
+ try (Jedis jedis = redisClientFactory.getResource()) {
jedis.set("setKey1", "1");
jedis.set("setKey2".getBytes(), "b0".getBytes());
@@ -188,14 +189,14 @@ public void testSet() throws Exception {
Assert.assertEquals("b0", jcache().get("setKey2"));
// test options.
- jedis.set("setKey1", "2", "nx");
- jedis.set("setKey3", "3", "nx", "px", EXPIRE_MS);
+ jedis.set("setKey1", "2", SetParams.setParams().nx());
+ jedis.set("setKey3", "3", SetParams.setParams().nx().px(EXPIRE_MS));
Assert.assertEquals("1", jcache().get("setKey1"));
Assert.assertEquals("3", jcache().get("setKey3"));
- jedis.set("setKey1", "2", "xx", "ex", EXPIRE_SEC);
- jedis.set("setKey4", "4", "xx");
+ jedis.set("setKey1", "2", SetParams.setParams().xx().ex(EXPIRE_SEC));
+ jedis.set("setKey4", "4", SetParams.setParams().xx());
Assert.assertEquals("2", jcache().get("setKey1"));
Assert.assertNull(jcache().get("setKey4"));
@@ -213,7 +214,7 @@ public void testSet() throws Exception {
*/
@Test
public void testMSet() throws Exception {
- try (Jedis jedis = pool.getResource()) {
+ try (Jedis jedis = redisClientFactory.getResource()) {
jedis.mset("setKey1", "1", "setKey2", "2");
Assert.assertEquals("1", jcache().get("setKey1"));
@@ -226,7 +227,7 @@ public void testMSet() throws Exception {
*/
@Test
public void testIncrDecr() throws Exception {
- try (Jedis jedis = pool.getResource()) {
+ try (Jedis jedis = redisClientFactory.getResource()) {
Assert.assertEquals(1, (long)jedis.incr("newKeyIncr"));
Assert.assertEquals(-1, (long)jedis.decr("newKeyDecr"));
@@ -310,7 +311,7 @@ public void testIncrDecr() throws Exception {
*/
@Test
public void testIncrDecrBy() throws Exception {
- try (Jedis jedis = pool.getResource()) {
+ try (Jedis jedis = redisClientFactory.getResource()) {
Assert.assertEquals(2, (long)jedis.incrBy("newKeyIncrBy", 2));
Assert.assertEquals(-2, (long)jedis.decrBy("newKeyDecrBy", 2));
@@ -367,7 +368,7 @@ public void testIncrDecrBy() throws Exception {
*/
@Test
public void testAppend() throws Exception {
- try (Jedis jedis = pool.getResource()) {
+ try (Jedis jedis = redisClientFactory.getResource()) {
Assert.assertEquals(5, (long)jedis.append("appendKey1", "Hello"));
Assert.assertEquals(12, (long)jedis.append("appendKey1", " World!"));
@@ -389,7 +390,7 @@ public void testAppend() throws Exception {
*/
@Test
public void testStrlen() throws Exception {
- try (Jedis jedis = pool.getResource()) {
+ try (Jedis jedis = redisClientFactory.getResource()) {
Assert.assertEquals(0, (long)jedis.strlen("strlenKeyNonExisting"));
jcache().put("strlenKey", "abc");
@@ -414,7 +415,7 @@ public void testStrlen() throws Exception {
*/
@Test
public void testSetRange() throws Exception {
- try (Jedis jedis = pool.getResource()) {
+ try (Jedis jedis = redisClientFactory.getResource()) {
Assert.assertEquals(0, (long)jedis.setrange("setRangeKey1", 0, ""));
jcache().put("setRangeKey2", "abc");
@@ -463,7 +464,7 @@ public void testSetRange() throws Exception {
*/
@Test
public void testGetRange() throws Exception {
- try (Jedis jedis = pool.getResource()) {
+ try (Jedis jedis = redisClientFactory.getResource()) {
Assert.assertEquals("", jedis.getrange("getRangeKeyNonExisting", 0, 0));
jcache().put("getRangeKey", "This is a string");
@@ -493,7 +494,7 @@ public void testGetRange() throws Exception {
public void testDel() throws Exception {
jcache().put("delKey1", "abc");
jcache().put("delKey2", "abcd");
- try (Jedis jedis = pool.getResource()) {
+ try (Jedis jedis = redisClientFactory.getResource()) {
// Should return the number of actually deleted entries.
// Assert.assertEquals(0, (long)jedis.del("nonExistingDelKey"));
Assert.assertEquals(2, (long)jedis.del("delKey1", "delKey2"));
@@ -507,7 +508,7 @@ public void testDel() throws Exception {
public void testExists() throws Exception {
jcache().put("existsKey1", "abc");
jcache().put("existsKey2", "abcd");
- try (Jedis jedis = pool.getResource()) {
+ try (Jedis jedis = redisClientFactory.getResource()) {
Assert.assertFalse(jedis.exists("nonExistingDelKey"));
Assert.assertEquals(2, (long)jedis.exists("existsKey1", "existsKey2"));
}
@@ -539,7 +540,7 @@ public void testExpireMs() throws Exception {
/** */
private void testExpire(Expiration exp) throws Exception {
- try (Jedis jedis = pool.getResource()) {
+ try (Jedis jedis = redisClientFactory.getResource()) {
jedis.set("k1", "v1");
Assert.assertTrue(jedis.exists("k1"));
diff --git a/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinConnectionSSLTest.java b/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinConnectionSSLTest.java
index 3e2bb1d41b22f..52c05628386c5 100644
--- a/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinConnectionSSLTest.java
+++ b/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinConnectionSSLTest.java
@@ -23,6 +23,9 @@
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
+import java.util.Arrays;
+import java.util.LinkedHashSet;
+import java.util.Set;
import java.util.concurrent.Callable;
import javax.cache.configuration.Factory;
import javax.net.ssl.SSLContext;
@@ -33,6 +36,7 @@
import org.apache.ignite.internal.util.typedef.internal.U;
import org.apache.ignite.ssl.SslContextFactory;
import org.apache.ignite.testframework.GridTestUtils;
+import org.junit.Assume;
import org.junit.Test;
/**
@@ -52,6 +56,9 @@ public class JdbcThinConnectionSSLTest extends JdbcThinAbstractSelfTest {
private static final String TRUST_KEY_STORE_PATH = U.getIgniteHome() +
"/modules/clients/src/test/keystore/trust-one.jks";
+ /** Unsupported cipher. */
+ private static final String UNSUPPORTED_CIPHER = "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA";
+
/** SSL context factory. */
private static Factory sslCtxFactory;
@@ -96,6 +103,66 @@ public class JdbcThinConnectionSSLTest extends JdbcThinAbstractSelfTest {
return cfg;
}
+ /**
+ * @return One of default cipher suites for the current JDK.
+ * @throws NoSuchAlgorithmException If failed.
+ */
+ private static String dfltCipher() throws NoSuchAlgorithmException {
+ String[] dflt = SSLContext.getDefault().getSocketFactory().getDefaultCipherSuites();
+
+ assertTrue("No default cipher suites available", dflt.length > 0);
+
+ return dflt[0];
+ }
+
+ /**
+ * @param exclude Cipher to exclude.
+ * @return Another default cipher suite for the current JDK.
+ * @throws NoSuchAlgorithmException If failed.
+ */
+ private static String anotherDfltCipher(String exclude) throws NoSuchAlgorithmException {
+ String[] dflt = SSLContext.getDefault().getSocketFactory().getDefaultCipherSuites();
+
+ for (String cipher : dflt) {
+ if (!cipher.equals(exclude))
+ return cipher;
+ }
+
+ fail("No alternative default cipher suite found");
+
+ return null;
+ }
+
+ /**
+ * @return Supported cipher suite that is not enabled by default, or null if none found.
+ * @throws NoSuchAlgorithmException If failed.
+ */
+ private static String supportedButNonDfltCipherOrNull() throws NoSuchAlgorithmException {
+ SSLSocketFactory factory = SSLContext.getDefault().getSocketFactory();
+
+ Set supported = new LinkedHashSet<>(Arrays.asList(factory.getSupportedCipherSuites()));
+ Set dflt = new LinkedHashSet<>(Arrays.asList(factory.getDefaultCipherSuites()));
+
+ for (String cipher : supported) {
+ if (dflt.contains(cipher))
+ continue;
+
+ if (!cipher.contains("_RSA_"))
+ continue;
+
+ if (cipher.contains("_anon_") || cipher.contains("_NULL_") || cipher.contains("_ECDSA_")
+ || cipher.contains("_DSS_"))
+ continue;
+
+ if ("TLS_EMPTY_RENEGOTIATION_INFO_SCSV".equals(cipher))
+ continue;
+
+ return cipher;
+ }
+
+ return null;
+ }
+
/**
* @throws Exception If failed.
*/
@@ -232,10 +299,13 @@ public void testCustomCiphersOnClient() throws Exception {
setSslCtxFactoryToCli = true;
sslCtxFactory = getTestSslContextFactory();
+ String cipher1 = dfltCipher();
+ String cipher2 = anotherDfltCipher(cipher1);
+
startGrids(1);
try {
- // Default ciphers
+ // Default ciphers.
try (Connection conn = DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require" +
"&sslClientCertificateKeyStoreUrl=" + CLI_KEY_STORE_PATH +
"&sslClientCertificateKeyStorePassword=123456" +
@@ -244,9 +314,9 @@ public void testCustomCiphersOnClient() throws Exception {
checkConnection(conn);
}
- // Explicit cipher (one of defaults).
+ // Explicit cipher.
try (Connection conn = DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require" +
- "&sslCipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256" +
+ "&sslCipherSuites=" + cipher1 +
"&sslClientCertificateKeyStoreUrl=" + CLI_KEY_STORE_PATH +
"&sslClientCertificateKeyStorePassword=123456" +
"&sslTrustCertificateKeyStoreUrl=" + TRUST_KEY_STORE_PATH +
@@ -256,7 +326,7 @@ public void testCustomCiphersOnClient() throws Exception {
// Explicit ciphers.
try (Connection conn = DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require" +
- "&sslCipherSuites=TLS_RSA_WITH_NULL_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256" +
+ "&sslCipherSuites=" + cipher2 + "," + cipher1 +
"&sslClientCertificateKeyStoreUrl=" + CLI_KEY_STORE_PATH +
"&sslClientCertificateKeyStorePassword=123456" +
"&sslTrustCertificateKeyStoreUrl=" + TRUST_KEY_STORE_PATH +
@@ -275,7 +345,11 @@ public void testCustomCiphersOnClient() throws Exception {
@Test
public void testCustomCiphersOnServer() throws Exception {
setSslCtxFactoryToCli = true;
- supportedCiphers = new String[] {"TLS_RSA_WITH_AES_256_CBC_SHA256" /* Enabled by default */};
+
+ String cipher1 = dfltCipher();
+ String cipher2 = anotherDfltCipher(cipher1);
+
+ supportedCiphers = new String[] {cipher1};
sslCtxFactory = getTestSslContextFactory();
startGrids(1);
@@ -292,7 +366,7 @@ public void testCustomCiphersOnServer() throws Exception {
// Explicit cipher.
try (Connection conn = DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require" +
- "&sslCipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256" +
+ "&sslCipherSuites=" + cipher1 +
"&sslClientCertificateKeyStoreUrl=" + CLI_KEY_STORE_PATH +
"&sslClientCertificateKeyStorePassword=123456" +
"&sslTrustCertificateKeyStoreUrl=" + TRUST_KEY_STORE_PATH +
@@ -300,19 +374,19 @@ public void testCustomCiphersOnServer() throws Exception {
checkConnection(conn);
}
- // Disabled by default cipher.
- GridTestUtils.assertThrows(log, () -> {
- return DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require" +
- "&sslCipherSuites=TLS_RSA_WITH_NULL_SHA256" +
+ // Explicit cipher not supported by server.
+ GridTestUtils.assertThrows(log, () -> DriverManager.getConnection(
+ "jdbc:ignite:thin://127.0.0.1/?sslMode=require" +
+ "&sslCipherSuites=" + cipher2 +
"&sslClientCertificateKeyStoreUrl=" + CLI_KEY_STORE_PATH +
"&sslClientCertificateKeyStorePassword=123456" +
"&sslTrustCertificateKeyStoreUrl=" + TRUST_KEY_STORE_PATH +
- "&sslTrustCertificateKeyStorePassword=123456");
- }, SQLException.class, "Failed to SSL connect to server");
+ "&sslTrustCertificateKeyStorePassword=123456"
+ ), SQLException.class, "Failed to SSL connect to server");
// Explicit ciphers.
try (Connection conn = DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require" +
- "&sslCipherSuites=TLS_RSA_WITH_NULL_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256" +
+ "&sslCipherSuites=" + cipher2 + "," + cipher1 +
"&sslClientCertificateKeyStoreUrl=" + CLI_KEY_STORE_PATH +
"&sslClientCertificateKeyStorePassword=123456" +
"&sslTrustCertificateKeyStoreUrl=" + TRUST_KEY_STORE_PATH +
@@ -327,21 +401,23 @@ public void testCustomCiphersOnServer() throws Exception {
/**
* @throws Exception If failed.
- *
- * Note: Disabled cipher suite can be enabled via Java Security property "jdk.tls.disabledAlgorithms" or in
- * <JAVA_HOME>/conf/security/java.security file.
*/
@Test
public void testDisabledCustomCipher() throws Exception {
+ String nonDfltCipher = supportedButNonDfltCipherOrNull();
+
+ Assume.assumeNotNull(nonDfltCipher);
+
setSslCtxFactoryToCli = true;
- supportedCiphers = new String[] {"TLS_RSA_WITH_NULL_SHA256" /* Disabled by default */};
+ supportedCiphers = new String[] {nonDfltCipher};
sslCtxFactory = getTestSslContextFactory();
startGrids(1);
+
try {
- // Explicit supported ciphers.
+ // Explicit supported cipher.
try (Connection conn = DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require" +
- "&sslCipherSuites=TLS_RSA_WITH_NULL_SHA256" +
+ "&sslCipherSuites=" + nonDfltCipher +
"&sslTrustAll=true" +
"&sslClientCertificateKeyStoreUrl=" + CLI_KEY_STORE_PATH +
"&sslClientCertificateKeyStorePassword=123456" +
@@ -351,13 +427,13 @@ public void testDisabledCustomCipher() throws Exception {
}
// Default ciphers.
- GridTestUtils.assertThrows(log, () -> {
- return DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require" +
+ GridTestUtils.assertThrows(log, () -> DriverManager.getConnection(
+ "jdbc:ignite:thin://127.0.0.1/?sslMode=require" +
"&sslClientCertificateKeyStoreUrl=" + CLI_KEY_STORE_PATH +
"&sslClientCertificateKeyStorePassword=123456" +
"&sslTrustCertificateKeyStoreUrl=" + TRUST_KEY_STORE_PATH +
- "&sslTrustCertificateKeyStorePassword=123456");
- }, SQLException.class, "Failed to SSL connect to server");
+ "&sslTrustCertificateKeyStorePassword=123456"
+ ), SQLException.class, "Failed to SSL connect to server");
}
finally {
stopAllGrids();
@@ -366,34 +442,34 @@ public void testDisabledCustomCipher() throws Exception {
/**
* @throws Exception If failed.
- *
- * Note: Disabled cipher suite can be enabled via Java Security property "jdk.tls.disabledAlgorithms" or in
- * <JAVA_HOME>/conf/security/java.security file.
*/
@Test
public void testUnsupportedCustomCipher() throws Exception {
+ String nonDfltCipher = supportedButNonDfltCipherOrNull();
+
+ Assume.assumeNotNull(nonDfltCipher);
+
setSslCtxFactoryToCli = true;
- supportedCiphers = new String[] {
- "TLS_RSA_WITH_NULL_SHA256" /* Disabled by default */,
- "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" /* With disabled protocol*/};
+ supportedCiphers = new String[] {nonDfltCipher, UNSUPPORTED_CIPHER};
sslCtxFactory = getTestSslContextFactory();
startGrids(1);
+
try {
- // Enabled ciphers with unsupported algorithm can't be negotiated.
- GridTestUtils.assertThrows(log, () -> {
- return DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require" +
- "&sslCipherSuites=TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" +
+ // Unsupported cipher can't be negotiated.
+ GridTestUtils.assertThrows(log, () -> DriverManager.getConnection(
+ "jdbc:ignite:thin://127.0.0.1/?sslMode=require" +
+ "&sslCipherSuites=" + UNSUPPORTED_CIPHER +
"&sslTrustAll=true" +
"&sslClientCertificateKeyStoreUrl=" + CLI_KEY_STORE_PATH +
"&sslClientCertificateKeyStorePassword=123456" +
"&sslTrustCertificateKeyStoreUrl=" + TRUST_KEY_STORE_PATH +
- "&sslTrustCertificateKeyStorePassword=123456");
- }, SQLException.class, "Failed to SSL connect to server");
+ "&sslTrustCertificateKeyStorePassword=123456"
+ ), SQLException.class, "Failed to SSL connect to server");
// Supported cipher.
try (Connection conn = DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require" +
- "&sslCipherSuites=TLS_RSA_WITH_NULL_SHA256" +
+ "&sslCipherSuites=" + nonDfltCipher +
"&sslTrustAll=true" +
"&sslClientCertificateKeyStoreUrl=" + CLI_KEY_STORE_PATH +
"&sslClientCertificateKeyStorePassword=123456" +
@@ -403,14 +479,13 @@ public void testUnsupportedCustomCipher() throws Exception {
}
// Default ciphers.
- GridTestUtils.assertThrows(log, () -> {
- return DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require" +
+ GridTestUtils.assertThrows(log, () -> DriverManager.getConnection(
+ "jdbc:ignite:thin://127.0.0.1/?sslMode=require" +
"&sslClientCertificateKeyStoreUrl=" + CLI_KEY_STORE_PATH +
"&sslClientCertificateKeyStorePassword=123456" +
"&sslTrustCertificateKeyStoreUrl=" + TRUST_KEY_STORE_PATH +
- "&sslTrustCertificateKeyStorePassword=123456");
- }, SQLException.class, "Failed to SSL connect to server");
-
+ "&sslTrustCertificateKeyStorePassword=123456"
+ ), SQLException.class, "Failed to SSL connect to server");
}
finally {
stopAllGrids();