org.apache.flink.runtime.net.SSLUtilsTest Java Examples

The following examples show how to use org.apache.flink.runtime.net.SSLUtilsTest. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: RestServerEndpointITCase.java    From flink with Apache License 2.0 6 votes vote down vote up
@Parameterized.Parameters
public static Collection<Object[]> data() throws Exception {
	final Configuration config = getBaseConfig();

	final String truststorePath = getTestResource("local127.truststore").getAbsolutePath();
	final String keystorePath = getTestResource("local127.keystore").getAbsolutePath();

	final Configuration sslConfig = new Configuration(config);
	sslConfig.setBoolean(SecurityOptions.SSL_REST_ENABLED, true);
	sslConfig.setString(SecurityOptions.SSL_REST_TRUSTSTORE, truststorePath);
	sslConfig.setString(SecurityOptions.SSL_REST_TRUSTSTORE_PASSWORD, "password");
	sslConfig.setString(SecurityOptions.SSL_REST_KEYSTORE, keystorePath);
	sslConfig.setString(SecurityOptions.SSL_REST_KEYSTORE_PASSWORD, "password");
	sslConfig.setString(SecurityOptions.SSL_REST_KEY_PASSWORD, "password");

	final Configuration sslRestAuthConfig = new Configuration(sslConfig);
	sslRestAuthConfig.setBoolean(SecurityOptions.SSL_REST_AUTHENTICATION_ENABLED, true);

	final Configuration sslPinningRestAuthConfig = new Configuration(sslRestAuthConfig);
	sslPinningRestAuthConfig.setString(SecurityOptions.SSL_REST_CERT_FINGERPRINT,
		SSLUtilsTest.getRestCertificateFingerprint(sslPinningRestAuthConfig, "flink.test"));

	return Arrays.asList(new Object[][]{
		{config}, {sslConfig}, {sslRestAuthConfig}, {sslPinningRestAuthConfig}
	});
}
 
Example #2
Source File: RestServerSSLAuthITCase.java    From flink with Apache License 2.0 6 votes vote down vote up
@Parameterized.Parameters
public static Collection<Object[]> data() throws Exception {
	//client and server trust store does not match
	Tuple2<Configuration, Configuration> untrusted = getClientServerConfiguration();

	Configuration serverConfig = new Configuration(untrusted.f1);
	serverConfig.setString(SecurityOptions.SSL_REST_TRUSTSTORE, TRUST_STORE_FILE);
	//expect fingerprint which client does not have
	serverConfig.setString(SecurityOptions.SSL_REST_CERT_FINGERPRINT,
		SSLUtilsTest.getRestCertificateFingerprint(serverConfig, "flink.test")
			.replaceAll("[0-9A-Z]", "0"));

	Configuration clientConfig = new Configuration(untrusted.f0);
	clientConfig.setString(SecurityOptions.SSL_REST_TRUSTSTORE, TRUST_STORE_FILE);

	//client and server uses same trust store, however server configured with mismatching fingerprint
	Tuple2<Configuration, Configuration> withFingerprint = Tuple2.of(clientConfig, serverConfig);

	return Arrays.asList(new Object[][]{
		{untrusted},
		{withFingerprint}
	});
}
 
Example #3
Source File: StreamNetworkThroughputBenchmarkExecutor.java    From flink-benchmarks with Apache License 2.0 6 votes vote down vote up
@Setup
public void setUp() throws Exception {
	int channels = parseChannels(channelsFlushTimeout);
	int flushTimeout = parseFlushTimeout(channelsFlushTimeout);
	String sslProvider = parseEnableSSL(channelsFlushTimeout);

	setUp(
			writers,
			channels,
			flushTimeout,
			false,
			false,
			-1,
			-1,
			sslProvider != null ? SSLUtilsTest.createInternalSslConfigWithKeyAndTrustStores(
					sslProvider) : new Configuration()
	);
}
 
Example #4
Source File: BlobClientSslTest.java    From Flink-CEPplus with Apache License 2.0 5 votes vote down vote up
/**
 * Starts the SSL enabled BLOB server.
 */
@BeforeClass
public static void startSSLServer() throws IOException {
	Configuration config = SSLUtilsTest.createInternalSslConfigWithKeyAndTrustStores();
	config.setString(BlobServerOptions.STORAGE_DIRECTORY, temporarySslFolder.newFolder().getAbsolutePath());

	blobSslServer = new TestBlobServer(config, new VoidBlobStore());
	blobSslServer.start();

	sslClientConfig = config;
}
 
Example #5
Source File: BlobClientSslTest.java    From flink with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void startNonSSLServer() throws IOException {
	Configuration config = SSLUtilsTest.createInternalSslConfigWithKeyAndTrustStores(
		SecurityOptions.SSL_PROVIDER.defaultValue());
	config.setString(BlobServerOptions.STORAGE_DIRECTORY, temporarySslFolder.newFolder().getAbsolutePath());
	config.setBoolean(BlobServerOptions.SSL_ENABLED, false);

	blobNonSslServer = new BlobServer(config, new VoidBlobStore());
	blobNonSslServer.start();

	nonSslClientConfig = config;
}
 
Example #6
Source File: BlobClientSslTest.java    From flink with Apache License 2.0 5 votes vote down vote up
/**
 * Starts the SSL enabled BLOB server.
 */
@BeforeClass
public static void startSSLServer() throws IOException {
	Configuration config = SSLUtilsTest.createInternalSslConfigWithKeyAndTrustStores(
		SecurityOptions.SSL_PROVIDER.defaultValue());
	config.setString(BlobServerOptions.STORAGE_DIRECTORY, temporarySslFolder.newFolder().getAbsolutePath());

	blobSslServer = new TestBlobServer(config, new VoidBlobStore());
	blobSslServer.start();

	sslClientConfig = config;
}
 
Example #7
Source File: JobSubmitHandlerTest.java    From flink with Apache License 2.0 5 votes vote down vote up
@Parameterized.Parameters(name = "SSL enabled: {0}")
public static Iterable<Tuple2<Boolean, String>> data() {
	ArrayList<Tuple2<Boolean, String>> parameters = new ArrayList<>(3);
	parameters.add(Tuple2.of(false, "no SSL"));
	for (String sslProvider : SSLUtilsTest.AVAILABLE_SSL_PROVIDERS) {
		parameters.add(Tuple2.of(true, sslProvider));
	}
	return parameters;
}
 
Example #8
Source File: BlobClientSslTest.java    From flink with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void startNonSSLServer() throws IOException {
	Configuration config = SSLUtilsTest.createInternalSslConfigWithKeyAndTrustStores(
		SecurityOptions.SSL_PROVIDER.defaultValue());
	config.setString(BlobServerOptions.STORAGE_DIRECTORY, temporarySslFolder.newFolder().getAbsolutePath());
	config.setBoolean(BlobServerOptions.SSL_ENABLED, false);

	blobNonSslServer = new BlobServer(config, new VoidBlobStore());
	blobNonSslServer.start();

	nonSslClientConfig = config;
}
 
Example #9
Source File: BlobClientSslTest.java    From flink with Apache License 2.0 5 votes vote down vote up
/**
 * Starts the SSL enabled BLOB server.
 */
@BeforeClass
public static void startSSLServer() throws IOException {
	Configuration config = SSLUtilsTest.createInternalSslConfigWithKeyAndTrustStores(
		SecurityOptions.SSL_PROVIDER.defaultValue());
	config.setString(BlobServerOptions.STORAGE_DIRECTORY, temporarySslFolder.newFolder().getAbsolutePath());

	blobSslServer = new TestBlobServer(config, new VoidBlobStore());
	blobSslServer.start();

	sslClientConfig = config;
}
 
Example #10
Source File: JobSubmitHandlerTest.java    From flink with Apache License 2.0 5 votes vote down vote up
@Parameterized.Parameters(name = "SSL enabled: {0}")
public static Iterable<Tuple2<Boolean, String>> data() {
	ArrayList<Tuple2<Boolean, String>> parameters = new ArrayList<>(3);
	parameters.add(Tuple2.of(false, "no SSL"));
	for (String sslProvider : SSLUtilsTest.AVAILABLE_SSL_PROVIDERS) {
		parameters.add(Tuple2.of(true, sslProvider));
	}
	return parameters;
}
 
Example #11
Source File: BlobClientSslTest.java    From Flink-CEPplus with Apache License 2.0 5 votes vote down vote up
@BeforeClass
public static void startNonSSLServer() throws IOException {
	Configuration config = SSLUtilsTest.createInternalSslConfigWithKeyAndTrustStores();
	config.setString(BlobServerOptions.STORAGE_DIRECTORY, temporarySslFolder.newFolder().getAbsolutePath());
	config.setBoolean(BlobServerOptions.SSL_ENABLED, false);

	blobNonSslServer = new BlobServer(config, new VoidBlobStore());
	blobNonSslServer.start();

	nonSslClientConfig = config;
}
 
Example #12
Source File: NettyClientServerSslTest.java    From flink with Apache License 2.0 4 votes vote down vote up
@Parameterized.Parameters(name = "SSL provider = {0}")
public static List<String> parameters() {
	return SSLUtilsTest.AVAILABLE_SSL_PROVIDERS;
}
 
Example #13
Source File: NettyClientServerSslTest.java    From flink with Apache License 2.0 4 votes vote down vote up
private Configuration createSslConfig() {
	return SSLUtilsTest.createInternalSslConfigWithKeyAndTrustStores(sslProvider);
}
 
Example #14
Source File: JobSubmitHandlerTest.java    From flink with Apache License 2.0 4 votes vote down vote up
public JobSubmitHandlerTest(Tuple2<Boolean, String> withSsl) {
	this.configuration = withSsl.f0
		? SSLUtilsTest.createInternalSslConfigWithKeyAndTrustStores(withSsl.f1)
		: new Configuration();
}
 
Example #15
Source File: JobSubmitHandlerTest.java    From flink with Apache License 2.0 4 votes vote down vote up
public JobSubmitHandlerTest(Tuple2<Boolean, String> withSsl) {
	this.configuration = withSsl.f0
		? SSLUtilsTest.createInternalSslConfigWithKeyAndTrustStores(withSsl.f1)
		: new Configuration();
}
 
Example #16
Source File: NettyClientServerSslTest.java    From Flink-CEPplus with Apache License 2.0 4 votes vote down vote up
private static Configuration createSslConfig() {
	return SSLUtilsTest.createInternalSslConfigWithKeyAndTrustStores();
}
 
Example #17
Source File: JobSubmitHandlerTest.java    From Flink-CEPplus with Apache License 2.0 4 votes vote down vote up
public JobSubmitHandlerTest(boolean withSsl) {
	this.configuration = withSsl
		? SSLUtilsTest.createInternalSslConfigWithKeyAndTrustStores()
		: new Configuration();
}
 
Example #18
Source File: NettyClientServerSslTest.java    From flink with Apache License 2.0 4 votes vote down vote up
@Parameterized.Parameters(name = "SSL provider = {0}")
public static List<String> parameters() {
	return SSLUtilsTest.AVAILABLE_SSL_PROVIDERS;
}
 
Example #19
Source File: NettyClientServerSslTest.java    From flink with Apache License 2.0 4 votes vote down vote up
@Test
public void testSslPinningForValidFingerprint() throws Exception {
	NettyProtocol protocol = new NoOpProtocol();

	Configuration config = createSslConfig();

	// pin the certificate based on internal cert
	config.setString(SecurityOptions.SSL_INTERNAL_CERT_FINGERPRINT, SSLUtilsTest.getCertificateFingerprint(config, "flink.test"));

	NettyConfig nettyConfig = createNettyConfig(config);

	NettyTestUtil.NettyServerAndClient serverAndClient = NettyTestUtil.initServerAndClient(protocol, nettyConfig);

	Channel ch = NettyTestUtil.connect(serverAndClient);
	ch.pipeline().addLast(new StringDecoder()).addLast(new StringEncoder());

	assertTrue(ch.writeAndFlush("test").await().isSuccess());

	NettyTestUtil.shutdown(serverAndClient);
}
 
Example #20
Source File: NettyClientServerSslTest.java    From flink with Apache License 2.0 4 votes vote down vote up
@Test
public void testSslPinningForInvalidFingerprint() throws Exception {
	NettyProtocol protocol = new NoOpProtocol();

	Configuration config = createSslConfig();

	// pin the certificate based on internal cert
	config.setString(SecurityOptions.SSL_INTERNAL_CERT_FINGERPRINT, SSLUtilsTest.getCertificateFingerprint(config, "flink.test").replaceAll("[0-9A-Z]", "0"));

	NettyConfig nettyConfig = createNettyConfig(config);

	NettyTestUtil.NettyServerAndClient serverAndClient = NettyTestUtil.initServerAndClient(protocol, nettyConfig);

	Channel ch = NettyTestUtil.connect(serverAndClient);
	ch.pipeline().addLast(new StringDecoder()).addLast(new StringEncoder());

	assertFalse(ch.writeAndFlush("test").await().isSuccess());

	NettyTestUtil.shutdown(serverAndClient);
}
 
Example #21
Source File: NettyClientServerSslTest.java    From flink with Apache License 2.0 4 votes vote down vote up
private Configuration createSslConfig() {
	return SSLUtilsTest.createInternalSslConfigWithKeyAndTrustStores(sslProvider);
}