From b7202b3eb44c682d5dfa51303f5f840f38000e0e Mon Sep 17 00:00:00 2001 From: mcherkasov Date: Mon, 23 Jul 2018 17:47:42 +0300 Subject: [PATCH 01/11] Added ssl parameters for ssl context configuration. --- .../ignite/ssl/DelegatingSSLContextSpi.java | 80 +++++++++++++ .../apache/ignite/ssl/SSLContextWrapper.java | 12 ++ .../ssl/SSLServerSocketFactoryWrapper.java | 83 +++++++++++++ .../ignite/ssl/SSLSocketFactoryWrapper.java | 111 ++++++++++++++++++ .../apache/ignite/ssl/SslContextFactory.java | 18 ++- 5 files changed, 302 insertions(+), 2 deletions(-) create mode 100644 modules/core/src/main/java/org/apache/ignite/ssl/DelegatingSSLContextSpi.java create mode 100644 modules/core/src/main/java/org/apache/ignite/ssl/SSLContextWrapper.java create mode 100644 modules/core/src/main/java/org/apache/ignite/ssl/SSLServerSocketFactoryWrapper.java create mode 100644 modules/core/src/main/java/org/apache/ignite/ssl/SSLSocketFactoryWrapper.java diff --git a/modules/core/src/main/java/org/apache/ignite/ssl/DelegatingSSLContextSpi.java b/modules/core/src/main/java/org/apache/ignite/ssl/DelegatingSSLContextSpi.java new file mode 100644 index 0000000000000..d92e463dee56a --- /dev/null +++ b/modules/core/src/main/java/org/apache/ignite/ssl/DelegatingSSLContextSpi.java @@ -0,0 +1,80 @@ +package org.apache.ignite.ssl; + +import java.security.KeyManagementException; +import java.security.SecureRandom; +import javax.net.ssl.KeyManager; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLContextSpi; +import javax.net.ssl.SSLEngine; +import javax.net.ssl.SSLParameters; +import javax.net.ssl.SSLServerSocketFactory; +import javax.net.ssl.SSLSessionContext; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; + +class DelegatingSSLContextSpi extends SSLContextSpi { + + private final SSLContext delegate; + + private final SSLParameters parameters; + + DelegatingSSLContextSpi(SSLContext delegate, + SSLParameters parameters) { + this.delegate = delegate; + this.parameters = parameters; + } + + @Override + protected void engineInit(KeyManager[] keyManagers, + TrustManager[] trustManagers, SecureRandom secureRandom) + throws KeyManagementException { + delegate.init(keyManagers, trustManagers, secureRandom); + } + + @Override + protected SSLSocketFactory engineGetSocketFactory() { + return new SSLSocketFactoryWrapper(delegate.getSocketFactory(), parameters); + } + + @Override + protected SSLServerSocketFactory engineGetServerSocketFactory() { + return new SSLServerSocketFactoryWrapper(delegate.getServerSocketFactory(), + parameters); + } + + @Override + protected SSLEngine engineCreateSSLEngine() { + final SSLEngine engine = delegate.createSSLEngine(); + if (parameters != null) + engine.setSSLParameters(parameters); + return engine; + } + + @Override + protected SSLEngine engineCreateSSLEngine(String s, int i) { + final SSLEngine engine = delegate.createSSLEngine(); + if (parameters != null) + engine.setSSLParameters(parameters); + return engine; + } + + @Override + protected SSLSessionContext engineGetServerSessionContext() { + return delegate.getServerSessionContext(); + } + + @Override + protected SSLSessionContext engineGetClientSessionContext() { + return delegate.getClientSessionContext(); + } + + @Override + protected SSLParameters engineGetDefaultSSLParameters() { + return delegate.getDefaultSSLParameters(); + } + + @Override + protected SSLParameters engineGetSupportedSSLParameters() { + return delegate.getSupportedSSLParameters(); + } +} diff --git a/modules/core/src/main/java/org/apache/ignite/ssl/SSLContextWrapper.java b/modules/core/src/main/java/org/apache/ignite/ssl/SSLContextWrapper.java new file mode 100644 index 0000000000000..2bb9e24d1f055 --- /dev/null +++ b/modules/core/src/main/java/org/apache/ignite/ssl/SSLContextWrapper.java @@ -0,0 +1,12 @@ +package org.apache.ignite.ssl; + +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLParameters; + +class SSLContextWrapper extends SSLContext { + SSLContextWrapper(SSLContext delegate, SSLParameters sslParameters) { + super(new DelegatingSSLContextSpi(delegate, sslParameters), + delegate.getProvider(), + delegate.getProtocol()); + } +} diff --git a/modules/core/src/main/java/org/apache/ignite/ssl/SSLServerSocketFactoryWrapper.java b/modules/core/src/main/java/org/apache/ignite/ssl/SSLServerSocketFactoryWrapper.java new file mode 100644 index 0000000000000..a39335894b854 --- /dev/null +++ b/modules/core/src/main/java/org/apache/ignite/ssl/SSLServerSocketFactoryWrapper.java @@ -0,0 +1,83 @@ +/* + * File created on Feb 14, 2016 + * + * Copyright (c) 2016 Carl Harris, Jr + * and others as noted + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.ignite.ssl; + +import java.io.IOException; +import java.net.InetAddress; +import java.net.ServerSocket; +import javax.net.ssl.SSLParameters; +import javax.net.ssl.SSLServerSocket; +import javax.net.ssl.SSLServerSocketFactory; + +/** + * A wrapper for an {@link SSLServerSocketFactory} that sets configured SSL + * parameters on each socket produced by the factory delegate. + * + * @author Carl Harris + */ +class SSLServerSocketFactoryWrapper extends SSLServerSocketFactory { + + private final SSLServerSocketFactory delegate; + private final SSLParameters parameters; + + public SSLServerSocketFactoryWrapper(SSLServerSocketFactory delegate, + SSLParameters parameters) { + this.delegate = delegate; + this.parameters = parameters; + } + + @Override + public String[] getDefaultCipherSuites() { + return delegate.getDefaultCipherSuites(); + } + + @Override + public String[] getSupportedCipherSuites() { + return delegate.getSupportedCipherSuites(); + } + + @Override + public ServerSocket createServerSocket(int port) throws IOException { + SSLServerSocket serverSocket = + (SSLServerSocket)delegate.createServerSocket(port); + if (parameters != null) + serverSocket.setSSLParameters(parameters); + return serverSocket; + } + + @Override + public ServerSocket createServerSocket(int port, int backlog) + throws IOException { + SSLServerSocket serverSocket = + (SSLServerSocket)delegate.createServerSocket(port, backlog); + serverSocket.setSSLParameters(parameters); + return serverSocket; + } + + @Override + public ServerSocket createServerSocket(int port, int backlog, + InetAddress localAddress) throws IOException { + SSLServerSocket serverSocket = + (SSLServerSocket)delegate.createServerSocket(port, backlog, localAddress); + if (parameters != null) + serverSocket.setSSLParameters(parameters); + return serverSocket; + } + +} diff --git a/modules/core/src/main/java/org/apache/ignite/ssl/SSLSocketFactoryWrapper.java b/modules/core/src/main/java/org/apache/ignite/ssl/SSLSocketFactoryWrapper.java new file mode 100644 index 0000000000000..7e3efcaa9b816 --- /dev/null +++ b/modules/core/src/main/java/org/apache/ignite/ssl/SSLSocketFactoryWrapper.java @@ -0,0 +1,111 @@ +/* + * File created on Feb 14, 2016 + * + * Copyright (c) 2016 Carl Harris, Jr + * and others as noted + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.ignite.ssl; + +import java.io.IOException; +import java.net.InetAddress; +import java.net.Socket; +import java.net.UnknownHostException; +import javax.net.ssl.SSLParameters; +import javax.net.ssl.SSLSocket; +import javax.net.ssl.SSLSocketFactory; + +/** + * A wrapper for an {@link SSLSocketFactory} that sets configured SSL + * parameters on each socket produced by the factory delegate. + * + * @author Carl Harris + */ +class SSLSocketFactoryWrapper extends SSLSocketFactory { + + private final SSLSocketFactory delegate; + private final SSLParameters parameters; + + public SSLSocketFactoryWrapper(SSLSocketFactory delegate, + SSLParameters parameters) { + this.delegate = delegate; + this.parameters = parameters; + } + + @Override + public String[] getDefaultCipherSuites() { + return delegate.getDefaultCipherSuites(); + } + + @Override + public String[] getSupportedCipherSuites() { + return delegate.getSupportedCipherSuites(); + } + + @Override + public Socket createSocket() throws IOException { + SSLSocket sslSocket = (SSLSocket)delegate.createSocket(); + if (parameters != null) + sslSocket.setSSLParameters(parameters); + return sslSocket; + } + + @Override + public Socket createSocket(Socket socket, String host, int port, + boolean autoClose) throws IOException { + SSLSocket sslSocket = (SSLSocket)delegate.createSocket(socket, host, port, + autoClose); + if (parameters != null) + sslSocket.setSSLParameters(parameters); + return sslSocket; + } + + @Override + public Socket createSocket(String host, int port) throws IOException, + UnknownHostException { + SSLSocket socket = (SSLSocket)delegate.createSocket(host, port); + if (parameters != null) + socket.setSSLParameters(parameters); + return socket; + } + + @Override + public Socket createSocket(String host, int port, InetAddress localAddress, + int localPort) throws IOException, UnknownHostException { + SSLSocket socket = (SSLSocket)delegate.createSocket(host, port, + localAddress, localPort); + if (parameters != null) + socket.setSSLParameters(parameters); + return socket; + } + + @Override + public Socket createSocket(InetAddress address, int port) throws IOException { + SSLSocket socket = (SSLSocket)delegate.createSocket(address, port); + if (parameters != null) + socket.setSSLParameters(parameters); + return socket; + } + + @Override + public Socket createSocket(InetAddress address, int port, + InetAddress localAddress, int localPort) throws IOException { + SSLSocket socket = (SSLSocket)delegate.createSocket(address, port, + localAddress, localPort); + if (parameters != null) + socket.setSSLParameters(parameters); + return socket; + } + +} diff --git a/modules/core/src/main/java/org/apache/ignite/ssl/SslContextFactory.java b/modules/core/src/main/java/org/apache/ignite/ssl/SslContextFactory.java index 06edd7014bb50..c6d4b64696c13 100644 --- a/modules/core/src/main/java/org/apache/ignite/ssl/SslContextFactory.java +++ b/modules/core/src/main/java/org/apache/ignite/ssl/SslContextFactory.java @@ -30,6 +30,7 @@ import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLException; +import javax.net.ssl.SSLParameters; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509TrustManager; @@ -89,6 +90,9 @@ public class SslContextFactory implements Factory { /** Trust managers. */ private TrustManager[] trustMgrs; + /** */ + private SSLParameters sslParameters; + /** * Gets key store type used for context creation. * @@ -280,6 +284,14 @@ public static TrustManager getDisabledTrustManager() { return new DisabledX509TrustManager(); } + public void setSSLParameters(SSLParameters sslParameters) { + this.sslParameters = sslParameters; + } + + public SSLParameters getSSLParameters() { + return sslParameters; + } + /** * Creates SSL context based on factory settings. * @@ -310,9 +322,11 @@ private SSLContext createSslContext() throws SSLException { SSLContext ctx = SSLContext.getInstance(proto); - ctx.init(keyMgrFactory.getKeyManagers(), mgrs, null); + SSLContextWrapper wrapper = new SSLContextWrapper(ctx, sslParameters); + + wrapper.init(keyMgrFactory.getKeyManagers(), mgrs, null); - return ctx; + return wrapper; } catch (GeneralSecurityException e) { throw new SSLException("Failed to initialize SSL context " + parameters(), e); From a7143c3f98a2f3614dd101a8a555547f18fe6c84 Mon Sep 17 00:00:00 2001 From: mcherkasov Date: Thu, 26 Jul 2018 18:28:43 +0300 Subject: [PATCH 02/11] Added java doc. Added test. Fixed code style. --- .../apache/ignite/ssl/SSLContextWrapper.java | 19 +++ .../ssl/SSLServerSocketFactoryWrapper.java | 79 +++++----- .../ignite/ssl/SSLSocketFactoryWrapper.java | 118 +++++++------- .../apache/ignite/ssl/SslContextFactory.java | 12 +- .../tcp/TcpDiscoverySslCipherSuitesTest.java | 145 ++++++++++++++++++ 5 files changed, 273 insertions(+), 100 deletions(-) create mode 100644 modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySslCipherSuitesTest.java diff --git a/modules/core/src/main/java/org/apache/ignite/ssl/SSLContextWrapper.java b/modules/core/src/main/java/org/apache/ignite/ssl/SSLContextWrapper.java index 2bb9e24d1f055..901d42b1f4ba9 100644 --- a/modules/core/src/main/java/org/apache/ignite/ssl/SSLContextWrapper.java +++ b/modules/core/src/main/java/org/apache/ignite/ssl/SSLContextWrapper.java @@ -1,9 +1,28 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package org.apache.ignite.ssl; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLParameters; +/** */ class SSLContextWrapper extends SSLContext { + /** */ SSLContextWrapper(SSLContext delegate, SSLParameters sslParameters) { super(new DelegatingSSLContextSpi(delegate, sslParameters), delegate.getProvider(), diff --git a/modules/core/src/main/java/org/apache/ignite/ssl/SSLServerSocketFactoryWrapper.java b/modules/core/src/main/java/org/apache/ignite/ssl/SSLServerSocketFactoryWrapper.java index a39335894b854..ad80f3c3dd993 100644 --- a/modules/core/src/main/java/org/apache/ignite/ssl/SSLServerSocketFactoryWrapper.java +++ b/modules/core/src/main/java/org/apache/ignite/ssl/SSLServerSocketFactoryWrapper.java @@ -1,14 +1,12 @@ /* - * File created on Feb 14, 2016 + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at * - * Copyright (c) 2016 Carl Harris, Jr - * and others as noted - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -16,6 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ + package org.apache.ignite.ssl; import java.io.IOException; @@ -25,59 +24,57 @@ import javax.net.ssl.SSLServerSocket; import javax.net.ssl.SSLServerSocketFactory; -/** - * A wrapper for an {@link SSLServerSocketFactory} that sets configured SSL - * parameters on each socket produced by the factory delegate. - * - * @author Carl Harris - */ +/** */ class SSLServerSocketFactoryWrapper extends SSLServerSocketFactory { + /** */ private final SSLServerSocketFactory delegate; + /** */ private final SSLParameters parameters; - public SSLServerSocketFactoryWrapper(SSLServerSocketFactory delegate, - SSLParameters parameters) { + /** */ + SSLServerSocketFactoryWrapper(SSLServerSocketFactory delegate, SSLParameters parameters) { this.delegate = delegate; this.parameters = parameters; } - @Override - public String[] getDefaultCipherSuites() { + /** {@inheritDoc} */ + @Override public String[] getDefaultCipherSuites() { return delegate.getDefaultCipherSuites(); } - @Override - public String[] getSupportedCipherSuites() { + /** {@inheritDoc} */ + @Override public String[] getSupportedCipherSuites() { return delegate.getSupportedCipherSuites(); } - @Override - public ServerSocket createServerSocket(int port) throws IOException { - SSLServerSocket serverSocket = - (SSLServerSocket)delegate.createServerSocket(port); + /** {@inheritDoc} */ + @Override public ServerSocket createServerSocket(int port) throws IOException { + SSLServerSocket srvSock = (SSLServerSocket)delegate.createServerSocket(port); + if (parameters != null) - serverSocket.setSSLParameters(parameters); - return serverSocket; + srvSock.setSSLParameters(parameters); + + return srvSock; } - @Override - public ServerSocket createServerSocket(int port, int backlog) - throws IOException { - SSLServerSocket serverSocket = - (SSLServerSocket)delegate.createServerSocket(port, backlog); - serverSocket.setSSLParameters(parameters); - return serverSocket; + /** {@inheritDoc} */ + @Override public ServerSocket createServerSocket(int port, int backlog) throws IOException { + SSLServerSocket srvSock = (SSLServerSocket)delegate.createServerSocket(port, backlog); + + srvSock.setSSLParameters(parameters); + + return srvSock; } - @Override - public ServerSocket createServerSocket(int port, int backlog, - InetAddress localAddress) throws IOException { - SSLServerSocket serverSocket = - (SSLServerSocket)delegate.createServerSocket(port, backlog, localAddress); + /** {@inheritDoc} */ + @Override public ServerSocket createServerSocket(int port, int backlog, InetAddress locAddr) throws IOException { + SSLServerSocket srvSock = (SSLServerSocket)delegate.createServerSocket(port, backlog, locAddr); + if (parameters != null) - serverSocket.setSSLParameters(parameters); - return serverSocket; + srvSock.setSSLParameters(parameters); + + return srvSock; } } diff --git a/modules/core/src/main/java/org/apache/ignite/ssl/SSLSocketFactoryWrapper.java b/modules/core/src/main/java/org/apache/ignite/ssl/SSLSocketFactoryWrapper.java index 7e3efcaa9b816..be3218e54a949 100644 --- a/modules/core/src/main/java/org/apache/ignite/ssl/SSLSocketFactoryWrapper.java +++ b/modules/core/src/main/java/org/apache/ignite/ssl/SSLSocketFactoryWrapper.java @@ -1,14 +1,12 @@ /* - * File created on Feb 14, 2016 + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at * - * Copyright (c) 2016 Carl Harris, Jr - * and others as noted - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -16,96 +14,102 @@ * See the License for the specific language governing permissions and * limitations under the License. */ + package org.apache.ignite.ssl; import java.io.IOException; import java.net.InetAddress; import java.net.Socket; -import java.net.UnknownHostException; import javax.net.ssl.SSLParameters; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; -/** - * A wrapper for an {@link SSLSocketFactory} that sets configured SSL - * parameters on each socket produced by the factory delegate. - * - * @author Carl Harris - */ +/** */ class SSLSocketFactoryWrapper extends SSLSocketFactory { + /** */ private final SSLSocketFactory delegate; + + /** */ private final SSLParameters parameters; - public SSLSocketFactoryWrapper(SSLSocketFactory delegate, + /** */ + SSLSocketFactoryWrapper(SSLSocketFactory delegate, SSLParameters parameters) { this.delegate = delegate; this.parameters = parameters; } - @Override - public String[] getDefaultCipherSuites() { + /** {@inheritDoc} */ + @Override public String[] getDefaultCipherSuites() { return delegate.getDefaultCipherSuites(); } - @Override - public String[] getSupportedCipherSuites() { + /** {@inheritDoc} */ + @Override public String[] getSupportedCipherSuites() { return delegate.getSupportedCipherSuites(); } - @Override - public Socket createSocket() throws IOException { - SSLSocket sslSocket = (SSLSocket)delegate.createSocket(); + /** {@inheritDoc} */ + @Override public Socket createSocket() throws IOException { + SSLSocket sock = (SSLSocket)delegate.createSocket(); + if (parameters != null) - sslSocket.setSSLParameters(parameters); - return sslSocket; + sock.setSSLParameters(parameters); + + return sock; } - @Override - public Socket createSocket(Socket socket, String host, int port, + /** {@inheritDoc} */ + @Override public Socket createSocket(Socket sock, String host, int port, boolean autoClose) throws IOException { - SSLSocket sslSocket = (SSLSocket)delegate.createSocket(socket, host, port, - autoClose); + SSLSocket sslSock = (SSLSocket)delegate.createSocket(sock, host, port, autoClose); + if (parameters != null) - sslSocket.setSSLParameters(parameters); - return sslSocket; + sslSock.setSSLParameters(parameters); + + return sock; } - @Override - public Socket createSocket(String host, int port) throws IOException, - UnknownHostException { - SSLSocket socket = (SSLSocket)delegate.createSocket(host, port); + /** {@inheritDoc} */ + @Override public Socket createSocket(String host, int port) throws IOException { + SSLSocket sock = (SSLSocket)delegate.createSocket(host, port); + if (parameters != null) - socket.setSSLParameters(parameters); - return socket; + sock.setSSLParameters(parameters); + + return sock; } - @Override - public Socket createSocket(String host, int port, InetAddress localAddress, - int localPort) throws IOException, UnknownHostException { - SSLSocket socket = (SSLSocket)delegate.createSocket(host, port, - localAddress, localPort); + /** {@inheritDoc} */ + @Override public Socket createSocket(String host, int port, InetAddress locAddr, int locPort) throws IOException { + SSLSocket sock = (SSLSocket)delegate.createSocket(host, port, locAddr, locPort); + if (parameters != null) - socket.setSSLParameters(parameters); - return socket; + sock.setSSLParameters(parameters); + + return sock; } - @Override - public Socket createSocket(InetAddress address, int port) throws IOException { - SSLSocket socket = (SSLSocket)delegate.createSocket(address, port); + /** {@inheritDoc} */ + @Override public Socket createSocket(InetAddress addr, int port) throws IOException { + SSLSocket sock = (SSLSocket)delegate.createSocket(addr, port); + if (parameters != null) - socket.setSSLParameters(parameters); - return socket; + sock.setSSLParameters(parameters); + + return sock; } - @Override - public Socket createSocket(InetAddress address, int port, - InetAddress localAddress, int localPort) throws IOException { - SSLSocket socket = (SSLSocket)delegate.createSocket(address, port, - localAddress, localPort); + /** {@inheritDoc} */ + @Override public Socket createSocket(InetAddress addr, int port, InetAddress locAddr, + int locPort) throws IOException { + SSLSocket sock = (SSLSocket)delegate.createSocket(addr, port, locAddr, locPort); + if (parameters != null) - socket.setSSLParameters(parameters); - return socket; + sock.setSSLParameters(parameters); + + return sock; } } diff --git a/modules/core/src/main/java/org/apache/ignite/ssl/SslContextFactory.java b/modules/core/src/main/java/org/apache/ignite/ssl/SslContextFactory.java index c6d4b64696c13..05640d6c2ac43 100644 --- a/modules/core/src/main/java/org/apache/ignite/ssl/SslContextFactory.java +++ b/modules/core/src/main/java/org/apache/ignite/ssl/SslContextFactory.java @@ -284,11 +284,19 @@ public static TrustManager getDisabledTrustManager() { return new DisabledX509TrustManager(); } - public void setSSLParameters(SSLParameters sslParameters) { + /** + * Sets {@link SSLParameters}. + * @param sslParameters SSLParameters instance + */ + public void setSslParameters(SSLParameters sslParameters) { this.sslParameters = sslParameters; } - public SSLParameters getSSLParameters() { + /** + * Gets SSLParameters instance. + * @return {@link SSLParameters} + */ + public SSLParameters getSslParameters() { return sslParameters; } diff --git a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySslCipherSuitesTest.java b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySslCipherSuitesTest.java new file mode 100644 index 0000000000000..59c1045fb9bfb --- /dev/null +++ b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySslCipherSuitesTest.java @@ -0,0 +1,145 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.spi.discovery.tcp; + +import java.util.concurrent.Callable; +import javax.net.ssl.SSLParameters; +import org.apache.ignite.IgniteCheckedException; +import org.apache.ignite.configuration.IgniteConfiguration; +import org.apache.ignite.ssl.SslContextFactory; +import org.apache.ignite.testframework.GridTestUtils; +import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; + +/** + * Tests cases when node connects to cluster with different set of cipher suites. + */ +public class TcpDiscoverySslCipherSuitesTest extends GridCommonAbstractTest { + + /** */ + private volatile String[] cipherSuites; + + /** {@inheritDoc} */ + @Override protected IgniteConfiguration getConfiguration(String gridName) throws Exception { + IgniteConfiguration cfg = super.getConfiguration(gridName); + + SslContextFactory factory = (SslContextFactory)GridTestUtils.sslTrustedFactory("node01", "trustone"); + + factory.setSslParameters(new SSLParameters(cipherSuites)); + + cfg.setSslContextFactory(factory); + + return cfg; + } + + /** {@inheritDoc} */ + @Override protected void afterTest() throws Exception { + stopAllGrids(); + } + + /** + * @throws Exception If failed. + */ + public void testSameCipherSuites() throws Exception { + checkDiscoverySuccess( + new String[][] { + new String[] { + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "TLS_RSA_WITH_AES_128_GCM_SHA256", + "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" + }, + new String[] { + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "TLS_RSA_WITH_AES_128_GCM_SHA256", + "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" + } + } + ); + } + + /** + * @throws Exception If failed. + */ + public void testOneEqualCipherSuite() throws Exception { + checkDiscoverySuccess( + new String[][] { + new String[] { + "TLS_RSA_WITH_AES_128_GCM_SHA256", + "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" + }, + new String[] { + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" + } + } + ); + } + + /** + * @throws Exception If failed. + */ + public void testNoCommonCipherSuite() throws Exception { + checkDiscoveryFailure( + new String[][] { + new String[] { + "TLS_RSA_WITH_AES_128_GCM_SHA256", + }, + new String[] { + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" + } + } + ); + } + + /** + * @param cipherSuites list of cipher suites + * @throws Exception If failed. + */ + private void checkDiscoverySuccess(String[][] cipherSuites) throws Exception { + for (int i = 0; i < cipherSuites.length; i++) { + this.cipherSuites = cipherSuites[i]; + + startGrid(i); + } + } + + /** + * @param cipherSuites list of cipher suites + * @throws Exception If failed. + */ + private void checkDiscoveryFailure(String[][] cipherSuites) throws Exception { + this.cipherSuites = cipherSuites[0]; + + startGrid(0); + + for (int i = 1; i < cipherSuites.length; i++) { + this.cipherSuites = cipherSuites[i]; + + int finalI = i; + + GridTestUtils.assertThrows(null, new Callable() { + @Override public Object call() throws Exception { + startGrid(finalI); + + return null; + } + }, IgniteCheckedException.class, "Unable to establish secure connection."); + } + } + +} From 5c0c10d57f3e10b5ad734d172c90070cc73152ff Mon Sep 17 00:00:00 2001 From: mcherkasov Date: Thu, 26 Jul 2018 20:03:49 +0300 Subject: [PATCH 03/11] Fixed code style. --- .../ignite/ssl/DelegatingSSLContextSpi.java | 67 +++++++++++++------ 1 file changed, 45 insertions(+), 22 deletions(-) diff --git a/modules/core/src/main/java/org/apache/ignite/ssl/DelegatingSSLContextSpi.java b/modules/core/src/main/java/org/apache/ignite/ssl/DelegatingSSLContextSpi.java index d92e463dee56a..d8621f2cefd9a 100644 --- a/modules/core/src/main/java/org/apache/ignite/ssl/DelegatingSSLContextSpi.java +++ b/modules/core/src/main/java/org/apache/ignite/ssl/DelegatingSSLContextSpi.java @@ -1,3 +1,20 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package org.apache.ignite.ssl; import java.security.KeyManagementException; @@ -12,69 +29,75 @@ import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; +/** */ class DelegatingSSLContextSpi extends SSLContextSpi { + /** */ private final SSLContext delegate; + /** */ private final SSLParameters parameters; - DelegatingSSLContextSpi(SSLContext delegate, - SSLParameters parameters) { + /** */ + DelegatingSSLContextSpi(SSLContext delegate, SSLParameters parameters) { this.delegate = delegate; this.parameters = parameters; } - @Override - protected void engineInit(KeyManager[] keyManagers, - TrustManager[] trustManagers, SecureRandom secureRandom) - throws KeyManagementException { + /** {@inheritDoc} */ + @Override protected void engineInit(KeyManager[] keyManagers, TrustManager[] trustManagers, + SecureRandom secureRandom) throws KeyManagementException { delegate.init(keyManagers, trustManagers, secureRandom); } - @Override - protected SSLSocketFactory engineGetSocketFactory() { + /** {@inheritDoc} */ + @Override protected SSLSocketFactory engineGetSocketFactory() { return new SSLSocketFactoryWrapper(delegate.getSocketFactory(), parameters); } - @Override - protected SSLServerSocketFactory engineGetServerSocketFactory() { + /** {@inheritDoc} */ + @Override protected SSLServerSocketFactory engineGetServerSocketFactory() { return new SSLServerSocketFactoryWrapper(delegate.getServerSocketFactory(), parameters); } - @Override - protected SSLEngine engineCreateSSLEngine() { + /** {@inheritDoc} */ + @Override protected SSLEngine engineCreateSSLEngine() { final SSLEngine engine = delegate.createSSLEngine(); + if (parameters != null) engine.setSSLParameters(parameters); + return engine; } - @Override - protected SSLEngine engineCreateSSLEngine(String s, int i) { + /** {@inheritDoc} */ + @Override protected SSLEngine engineCreateSSLEngine(String s, int i) { final SSLEngine engine = delegate.createSSLEngine(); + if (parameters != null) engine.setSSLParameters(parameters); + return engine; } - @Override - protected SSLSessionContext engineGetServerSessionContext() { + /** {@inheritDoc} */ + @Override protected SSLSessionContext engineGetServerSessionContext() { return delegate.getServerSessionContext(); } - @Override - protected SSLSessionContext engineGetClientSessionContext() { + /** {@inheritDoc} */ + @Override protected SSLSessionContext engineGetClientSessionContext() { return delegate.getClientSessionContext(); } - @Override - protected SSLParameters engineGetDefaultSSLParameters() { + /** {@inheritDoc} */ + @Override protected SSLParameters engineGetDefaultSSLParameters() { return delegate.getDefaultSSLParameters(); } - @Override - protected SSLParameters engineGetSupportedSSLParameters() { + /** {@inheritDoc} */ + @Override protected SSLParameters engineGetSupportedSSLParameters() { return delegate.getSupportedSSLParameters(); } } From d7887548db95f5c87231d35fb0f9be3a61a89f9a Mon Sep 17 00:00:00 2001 From: mcherkasov Date: Mon, 30 Jul 2018 15:51:13 +0300 Subject: [PATCH 04/11] SSLParameters are replaced with String[] which allows only to set enabled cipher suites. --- .../apache/ignite/ssl/SslContextFactory.java | 32 +++++++++++-------- .../tcp/TcpDiscoverySslCipherSuitesTest.java | 2 +- 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/modules/core/src/main/java/org/apache/ignite/ssl/SslContextFactory.java b/modules/core/src/main/java/org/apache/ignite/ssl/SslContextFactory.java index 05640d6c2ac43..b4ae8ca409c8d 100644 --- a/modules/core/src/main/java/org/apache/ignite/ssl/SslContextFactory.java +++ b/modules/core/src/main/java/org/apache/ignite/ssl/SslContextFactory.java @@ -90,8 +90,8 @@ public class SslContextFactory implements Factory { /** Trust managers. */ private TrustManager[] trustMgrs; - /** */ - private SSLParameters sslParameters; + /** Enabled cipher suites. */ + private String[] cipherSuites; /** * Gets key store type used for context creation. @@ -285,19 +285,19 @@ public static TrustManager getDisabledTrustManager() { } /** - * Sets {@link SSLParameters}. - * @param sslParameters SSLParameters instance + * Sets enabled cipher suites. + * @param cipherSuites enabled cipher suites. */ - public void setSslParameters(SSLParameters sslParameters) { - this.sslParameters = sslParameters; + public void setCipherSuites(String[] cipherSuites) { + this.cipherSuites = cipherSuites; } /** - * Gets SSLParameters instance. - * @return {@link SSLParameters} + * Gets enabled cipher suites + * @return enabled cipher suites */ - public SSLParameters getSslParameters() { - return sslParameters; + public String[] getCipherSuites() { + return cipherSuites; } /** @@ -330,11 +330,17 @@ private SSLContext createSslContext() throws SSLException { SSLContext ctx = SSLContext.getInstance(proto); - SSLContextWrapper wrapper = new SSLContextWrapper(ctx, sslParameters); + if(cipherSuites != null) { + SSLParameters sslParameters = new SSLParameters(cipherSuites); + + SSLContextWrapper wrapper = new SSLContextWrapper(ctx, sslParameters); - wrapper.init(keyMgrFactory.getKeyManagers(), mgrs, null); + wrapper.init(keyMgrFactory.getKeyManagers(), mgrs, null); + + ctx = wrapper; + } - return wrapper; + return ctx; } catch (GeneralSecurityException e) { throw new SSLException("Failed to initialize SSL context " + parameters(), e); diff --git a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySslCipherSuitesTest.java b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySslCipherSuitesTest.java index 59c1045fb9bfb..091680bb454dd 100644 --- a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySslCipherSuitesTest.java +++ b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySslCipherSuitesTest.java @@ -39,7 +39,7 @@ public class TcpDiscoverySslCipherSuitesTest extends GridCommonAbstractTest { SslContextFactory factory = (SslContextFactory)GridTestUtils.sslTrustedFactory("node01", "trustone"); - factory.setSslParameters(new SSLParameters(cipherSuites)); + factory.setCipherSuites(cipherSuites); cfg.setSslContextFactory(factory); From 11b4840b793d52a7ab7e4a9e9530bfa1bc731fae Mon Sep 17 00:00:00 2001 From: mcherkasov Date: Mon, 30 Jul 2018 18:03:05 +0300 Subject: [PATCH 05/11] SSLParameters are replaced with String[] which allows only to set enabled cipher suites. --- .../apache/ignite/ssl/SslContextFactory.java | 33 +++++- ...ava => TcpDiscoverySslParametersTest.java} | 102 +++++++++++++++--- 2 files changed, 117 insertions(+), 18 deletions(-) rename modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/{TcpDiscoverySslCipherSuitesTest.java => TcpDiscoverySslParametersTest.java} (58%) diff --git a/modules/core/src/main/java/org/apache/ignite/ssl/SslContextFactory.java b/modules/core/src/main/java/org/apache/ignite/ssl/SslContextFactory.java index b4ae8ca409c8d..ba4921f8e99d2 100644 --- a/modules/core/src/main/java/org/apache/ignite/ssl/SslContextFactory.java +++ b/modules/core/src/main/java/org/apache/ignite/ssl/SslContextFactory.java @@ -93,6 +93,9 @@ public class SslContextFactory implements Factory { /** Enabled cipher suites. */ private String[] cipherSuites; + /** Enabled cipher suites. */ + private String[] protocols; + /** * Gets key store type used for context creation. * @@ -300,6 +303,22 @@ public String[] getCipherSuites() { return cipherSuites; } + /** + * Gets enabled cipher suites + * @return enabled cipher suites + */ + public String[] getProtocols() { + return protocols; + } + + /** + * Sets enabled protocols. + * @param protocols enabled protocols. + */ + public void setProtocols(String[] protocols) { + this.protocols = protocols; + } + /** * Creates SSL context based on factory settings. * @@ -330,16 +349,20 @@ private SSLContext createSslContext() throws SSLException { SSLContext ctx = SSLContext.getInstance(proto); - if(cipherSuites != null) { - SSLParameters sslParameters = new SSLParameters(cipherSuites); + if(cipherSuites != null || protocols != null) { + SSLParameters sslParameters = new SSLParameters(); - SSLContextWrapper wrapper = new SSLContextWrapper(ctx, sslParameters); + if(cipherSuites != null) + sslParameters.setCipherSuites(cipherSuites); - wrapper.init(keyMgrFactory.getKeyManagers(), mgrs, null); + if(protocols != null) + sslParameters.setProtocols(protocols); - ctx = wrapper; + ctx = new SSLContextWrapper(ctx, sslParameters); } + ctx.init(keyMgrFactory.getKeyManagers(), mgrs, null); + return ctx; } catch (GeneralSecurityException e) { diff --git a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySslCipherSuitesTest.java b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySslParametersTest.java similarity index 58% rename from modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySslCipherSuitesTest.java rename to modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySslParametersTest.java index 091680bb454dd..896708d8e0248 100644 --- a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySslCipherSuitesTest.java +++ b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySslParametersTest.java @@ -18,7 +18,6 @@ package org.apache.ignite.spi.discovery.tcp; import java.util.concurrent.Callable; -import javax.net.ssl.SSLParameters; import org.apache.ignite.IgniteCheckedException; import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.ssl.SslContextFactory; @@ -28,11 +27,14 @@ /** * Tests cases when node connects to cluster with different set of cipher suites. */ -public class TcpDiscoverySslCipherSuitesTest extends GridCommonAbstractTest { +public class TcpDiscoverySslParametersTest extends GridCommonAbstractTest { /** */ private volatile String[] cipherSuites; + /** */ + private volatile String[] protocols; + /** {@inheritDoc} */ @Override protected IgniteConfiguration getConfiguration(String gridName) throws Exception { IgniteConfiguration cfg = super.getConfiguration(gridName); @@ -41,6 +43,8 @@ public class TcpDiscoverySslCipherSuitesTest extends GridCommonAbstractTest { factory.setCipherSuites(cipherSuites); + factory.setProtocols(protocols); + cfg.setSslContextFactory(factory); return cfg; @@ -54,7 +58,7 @@ public class TcpDiscoverySslCipherSuitesTest extends GridCommonAbstractTest { /** * @throws Exception If failed. */ - public void testSameCipherSuites() throws Exception { + public void testSameCipherSuite() throws Exception { checkDiscoverySuccess( new String[][] { new String[] { @@ -67,14 +71,15 @@ public void testSameCipherSuites() throws Exception { "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" } - } + }, + null ); } /** * @throws Exception If failed. */ - public void testOneEqualCipherSuite() throws Exception { + public void testOneCommonCipherSuite() throws Exception { checkDiscoverySuccess( new String[][] { new String[] { @@ -85,7 +90,8 @@ public void testOneEqualCipherSuite() throws Exception { "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" } - } + }, + null ); } @@ -102,17 +108,80 @@ public void testNoCommonCipherSuite() throws Exception { "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" } + }, + null + ); + } + + /** + * @throws Exception If failed. + */ + public void testNoCommonProtocols() throws Exception { + checkDiscoveryFailure( + null, + new String[][] { + new String[] { + "TLSv1.1", + "SSLv3" + }, + new String[] { + "TLSv1", + "TLSv1.2", + } + } + ); + } + + /** + * @throws Exception If failed. + */ + public void testSameProtocols() throws Exception { + checkDiscoverySuccess(null, + new String[][] { + new String[] { + "TLSv1.1", + "TLSv1.2", + }, + new String[] { + "TLSv1.1", + "TLSv1.2", + } + } + ); + } + + /** + * @throws Exception If failed. + */ + public void testOneCommonProtocol() throws Exception { + checkDiscoverySuccess(null, + new String[][] { + new String[] { + "TLSv1", + "TLSv1.1", + "TLSv1.2", + }, + new String[] { + "TLSv1.1", + "SSLv3" + } } ); } /** * @param cipherSuites list of cipher suites + * @param protocols list of protocols * @throws Exception If failed. */ - private void checkDiscoverySuccess(String[][] cipherSuites) throws Exception { - for (int i = 0; i < cipherSuites.length; i++) { - this.cipherSuites = cipherSuites[i]; + private void checkDiscoverySuccess(String[][] cipherSuites, String[][] protocols) throws Exception { + int n = Math.max( + cipherSuites != null ? cipherSuites.length : 0, + protocols != null ? protocols.length : 0); + + for (int i = 0; i < n; i++) { + this.cipherSuites = cipherSuites != null && i < cipherSuites.length ? cipherSuites[i] : null; + this.protocols = protocols != null && i < protocols.length ? protocols[i] : null; startGrid(i); } @@ -120,15 +189,22 @@ private void checkDiscoverySuccess(String[][] cipherSuites) throws Exception { /** * @param cipherSuites list of cipher suites + * @param protocols list of protocols * @throws Exception If failed. */ - private void checkDiscoveryFailure(String[][] cipherSuites) throws Exception { - this.cipherSuites = cipherSuites[0]; + private void checkDiscoveryFailure(String[][] cipherSuites, String[][] protocols) throws Exception { + this.cipherSuites = cipherSuites != null ? cipherSuites[0] : null; + this.protocols = protocols != null ? protocols[0] : null; startGrid(0); - for (int i = 1; i < cipherSuites.length; i++) { - this.cipherSuites = cipherSuites[i]; + int n = Math.max( + cipherSuites != null ? cipherSuites.length : 0, + protocols != null ? protocols.length : 0); + + for (int i = 1; i < n; i++) { + this.cipherSuites = cipherSuites != null && i < cipherSuites.length ? cipherSuites[i] : null; + this.protocols = protocols != null && i < protocols.length ? protocols[i] : null; int finalI = i; From 1816523f3cffc567f5bd38b2c6cf6d7b66bd55ba Mon Sep 17 00:00:00 2001 From: mcherkasov Date: Tue, 31 Jul 2018 16:04:43 +0300 Subject: [PATCH 06/11] Arrays are replaced with varargs. --- .../main/java/org/apache/ignite/ssl/SslContextFactory.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/core/src/main/java/org/apache/ignite/ssl/SslContextFactory.java b/modules/core/src/main/java/org/apache/ignite/ssl/SslContextFactory.java index ba4921f8e99d2..1f30e45c60f5a 100644 --- a/modules/core/src/main/java/org/apache/ignite/ssl/SslContextFactory.java +++ b/modules/core/src/main/java/org/apache/ignite/ssl/SslContextFactory.java @@ -291,7 +291,7 @@ public static TrustManager getDisabledTrustManager() { * Sets enabled cipher suites. * @param cipherSuites enabled cipher suites. */ - public void setCipherSuites(String[] cipherSuites) { + public void setCipherSuites(String... cipherSuites) { this.cipherSuites = cipherSuites; } @@ -315,7 +315,7 @@ public String[] getProtocols() { * Sets enabled protocols. * @param protocols enabled protocols. */ - public void setProtocols(String[] protocols) { + public void setProtocols(String... protocols) { this.protocols = protocols; } From abe6592ddba81fd41d1810bf6c18132de2ba9a96 Mon Sep 17 00:00:00 2001 From: mcherkasov Date: Wed, 15 Aug 2018 16:40:46 +0300 Subject: [PATCH 07/11] Fixed code style. --- .../java/org/apache/ignite/ssl/SSLSocketFactoryWrapper.java | 6 ++---- .../main/java/org/apache/ignite/ssl/SslContextFactory.java | 6 +++--- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/modules/core/src/main/java/org/apache/ignite/ssl/SSLSocketFactoryWrapper.java b/modules/core/src/main/java/org/apache/ignite/ssl/SSLSocketFactoryWrapper.java index be3218e54a949..bfe6d0d6f4bca 100644 --- a/modules/core/src/main/java/org/apache/ignite/ssl/SSLSocketFactoryWrapper.java +++ b/modules/core/src/main/java/org/apache/ignite/ssl/SSLSocketFactoryWrapper.java @@ -34,8 +34,7 @@ class SSLSocketFactoryWrapper extends SSLSocketFactory { private final SSLParameters parameters; /** */ - SSLSocketFactoryWrapper(SSLSocketFactory delegate, - SSLParameters parameters) { + SSLSocketFactoryWrapper(SSLSocketFactory delegate, SSLParameters parameters) { this.delegate = delegate; this.parameters = parameters; } @@ -61,8 +60,7 @@ class SSLSocketFactoryWrapper extends SSLSocketFactory { } /** {@inheritDoc} */ - @Override public Socket createSocket(Socket sock, String host, int port, - boolean autoClose) throws IOException { + @Override public Socket createSocket(Socket sock, String host, int port, boolean autoClose) throws IOException { SSLSocket sslSock = (SSLSocket)delegate.createSocket(sock, host, port, autoClose); if (parameters != null) diff --git a/modules/core/src/main/java/org/apache/ignite/ssl/SslContextFactory.java b/modules/core/src/main/java/org/apache/ignite/ssl/SslContextFactory.java index 1f30e45c60f5a..c514b0fe2d2c4 100644 --- a/modules/core/src/main/java/org/apache/ignite/ssl/SslContextFactory.java +++ b/modules/core/src/main/java/org/apache/ignite/ssl/SslContextFactory.java @@ -349,13 +349,13 @@ private SSLContext createSslContext() throws SSLException { SSLContext ctx = SSLContext.getInstance(proto); - if(cipherSuites != null || protocols != null) { + if (cipherSuites != null || protocols != null) { SSLParameters sslParameters = new SSLParameters(); - if(cipherSuites != null) + if (cipherSuites != null) sslParameters.setCipherSuites(cipherSuites); - if(protocols != null) + if (protocols != null) sslParameters.setProtocols(protocols); ctx = new SSLContextWrapper(ctx, sslParameters); From b6022eb8d48fa38d79864d3f411157508f31db84 Mon Sep 17 00:00:00 2001 From: mcherkasov Date: Wed, 15 Aug 2018 16:41:26 +0300 Subject: [PATCH 08/11] Added negative tests for non existent protocol and cipher suites --- .../tcp/TcpDiscoverySslParametersTest.java | 57 ++++++++++++++++++- 1 file changed, 55 insertions(+), 2 deletions(-) diff --git a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySslParametersTest.java b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySslParametersTest.java index 896708d8e0248..f2fc2780de9ef 100644 --- a/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySslParametersTest.java +++ b/modules/core/src/test/java/org/apache/ignite/spi/discovery/tcp/TcpDiscoverySslParametersTest.java @@ -39,7 +39,8 @@ public class TcpDiscoverySslParametersTest extends GridCommonAbstractTest { @Override protected IgniteConfiguration getConfiguration(String gridName) throws Exception { IgniteConfiguration cfg = super.getConfiguration(gridName); - SslContextFactory factory = (SslContextFactory)GridTestUtils.sslTrustedFactory("node01", "trustone"); + SslContextFactory factory = (SslContextFactory)GridTestUtils.sslTrustedFactory( + "node01", "trustone"); factory.setCipherSuites(cipherSuites); @@ -113,6 +114,27 @@ public void testNoCommonCipherSuite() throws Exception { ); } + /** + * @throws Exception If failed. + */ + public void testNonExistentCipherSuite() throws Exception { + checkDiscoveryFailure( + new String[][] { + new String[] { + "TLS_RSA_WITH_AES_128_GCM_SHA256", + "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" + }, + new String[] { + "TLC_FAKE_CIPHER", + "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" + } + }, + null, + IgniteCheckedException.class, + "Unsupported ciphersuite" + ); + } + /** * @throws Exception If failed. */ @@ -132,6 +154,26 @@ public void testNoCommonProtocols() throws Exception { ); } + /** + * @throws Exception If failed. + */ + public void testNonExistentProtocol() throws Exception { + checkDiscoveryFailure( + null, + new String[][] { + new String[] { + "SSLv3" + }, + new String[] { + "SSLv3", + "SSLvDoesNotExist" + } + }, + IgniteCheckedException.class, + "SSLvDoesNotExist" + ); + } + /** * @throws Exception If failed. */ @@ -193,6 +235,17 @@ private void checkDiscoverySuccess(String[][] cipherSuites, String[][] protocols * @throws Exception If failed. */ private void checkDiscoveryFailure(String[][] cipherSuites, String[][] protocols) throws Exception { + checkDiscoveryFailure(cipherSuites, protocols, IgniteCheckedException.class, "Unable to establish secure connection."); + } + + /** + * @param cipherSuites list of cipher suites + * @param protocols list of protocols + * @param ex expected exception class + * @param msg exception message + * @throws Exception If failed. + */ + private void checkDiscoveryFailure(String[][] cipherSuites, String[][] protocols, Class ex, String msg) throws Exception { this.cipherSuites = cipherSuites != null ? cipherSuites[0] : null; this.protocols = protocols != null ? protocols[0] : null; @@ -214,7 +267,7 @@ private void checkDiscoveryFailure(String[][] cipherSuites, String[][] protocols return null; } - }, IgniteCheckedException.class, "Unable to establish secure connection."); + }, ex, msg); } } From 9f384baac3adc9f05eb12bf72210d0ef28da0ed2 Mon Sep 17 00:00:00 2001 From: mcherkasov Date: Fri, 17 Aug 2018 20:36:14 +0300 Subject: [PATCH 09/11] The test added to suite. --- .../ignite/testsuites/IgniteSpiDiscoverySelfTestSuite.java | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/modules/core/src/test/java/org/apache/ignite/testsuites/IgniteSpiDiscoverySelfTestSuite.java b/modules/core/src/test/java/org/apache/ignite/testsuites/IgniteSpiDiscoverySelfTestSuite.java index cb284cf8d714c..39d5421ad37ab 100644 --- a/modules/core/src/test/java/org/apache/ignite/testsuites/IgniteSpiDiscoverySelfTestSuite.java +++ b/modules/core/src/test/java/org/apache/ignite/testsuites/IgniteSpiDiscoverySelfTestSuite.java @@ -31,7 +31,6 @@ import org.apache.ignite.spi.discovery.tcp.TcpClientDiscoverySpiMulticastTest; import org.apache.ignite.spi.discovery.tcp.TcpClientDiscoverySpiSelfTest; import org.apache.ignite.spi.discovery.tcp.TcpDiscoveryClientSuspensionSelfTest; -import org.apache.ignite.spi.discovery.tcp.TcpDiscoveryConcurrentStartTest; import org.apache.ignite.spi.discovery.tcp.TcpDiscoveryMarshallerCheckSelfTest; import org.apache.ignite.spi.discovery.tcp.TcpDiscoveryMultiThreadedTest; import org.apache.ignite.spi.discovery.tcp.TcpDiscoveryNodeAttributesUpdateOnReconnectTest; @@ -45,12 +44,10 @@ import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpiConfigSelfTest; import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpiFailureTimeoutSelfTest; import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpiMBeanTest; -import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpiRandomStartStopTest; import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpiReconnectDelayTest; import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpiSelfTest; -import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpiSslSelfTest; import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpiStartStopSelfTest; -import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySpiWildcardSelfTest; +import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySslParametersTest; import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySslSecuredUnsecuredTest; import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySslSelfTest; import org.apache.ignite.spi.discovery.tcp.TcpDiscoverySslTrustedSelfTest; @@ -131,6 +128,7 @@ public static TestSuite suite() throws Exception { suite.addTest(new TestSuite(TcpDiscoverySslTrustedSelfTest.class)); suite.addTest(new TestSuite(TcpDiscoverySslSecuredUnsecuredTest.class)); suite.addTest(new TestSuite(TcpDiscoverySslTrustedUntrustedTest.class)); + suite.addTest(new TestSuite(TcpDiscoverySslParametersTest.class)); // Disco cache reuse. suite.addTest(new TestSuite(IgniteDiscoveryCacheReuseSelfTest.class)); From 33d8400c0b6f7da15659031069c6de7985957dd3 Mon Sep 17 00:00:00 2001 From: mcherkasov Date: Mon, 20 Aug 2018 17:27:40 +0300 Subject: [PATCH 10/11] Added test for thin client. --- .../client/suite/IgniteClientTestSuite.java | 1 + .../ignite/client/SslParametersTest.java | 329 ++++++++++++++++++ .../ignite/testframework/GridTestUtils.java | 25 +- .../apache/ignite/client/ClientTestSuite.java | 3 +- 4 files changed, 348 insertions(+), 10 deletions(-) create mode 100644 modules/core/src/test/java/org/apache/ignite/client/SslParametersTest.java diff --git a/modules/clients/src/test/java/org/apache/ignite/internal/client/suite/IgniteClientTestSuite.java b/modules/clients/src/test/java/org/apache/ignite/internal/client/suite/IgniteClientTestSuite.java index c7017d66bda26..ae20046893ae0 100644 --- a/modules/clients/src/test/java/org/apache/ignite/internal/client/suite/IgniteClientTestSuite.java +++ b/modules/clients/src/test/java/org/apache/ignite/internal/client/suite/IgniteClientTestSuite.java @@ -122,6 +122,7 @@ public static TestSuite suite() { suite.addTestSuite(ClientTcpDirectSelfTest.class); suite.addTestSuite(ClientTcpSslSelfTest.class); suite.addTestSuite(ClientTcpSslDirectSelfTest.class); + suite.addTestSuite(ClientFailedInitSelfTest.class); // Test client with many nodes. suite.addTestSuite(ClientTcpMultiNodeSelfTest.class); diff --git a/modules/core/src/test/java/org/apache/ignite/client/SslParametersTest.java b/modules/core/src/test/java/org/apache/ignite/client/SslParametersTest.java new file mode 100644 index 0000000000000..7ac6108197a24 --- /dev/null +++ b/modules/core/src/test/java/org/apache/ignite/client/SslParametersTest.java @@ -0,0 +1,329 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ignite.client; + +import java.util.concurrent.Callable; +import org.apache.ignite.IgniteCheckedException; +import org.apache.ignite.Ignition; +import org.apache.ignite.configuration.CacheConfiguration; +import org.apache.ignite.configuration.ClientConfiguration; +import org.apache.ignite.configuration.ClientConnectorConfiguration; +import org.apache.ignite.configuration.IgniteConfiguration; +import org.apache.ignite.ssl.SslContextFactory; +import org.apache.ignite.testframework.GridTestUtils; +import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; +import org.jetbrains.annotations.NotNull; + +/** + * Tests cases when node connects to cluster with different set of cipher suites. + */ +public class SslParametersTest extends GridCommonAbstractTest { + + public static final String TEST_CACHE_NAME = "TEST"; + /** */ + private volatile String[] cipherSuites; + + /** */ + private volatile String[] protocols; + + /** {@inheritDoc} */ + @Override protected IgniteConfiguration getConfiguration(String gridName) throws Exception { + IgniteConfiguration cfg = super.getConfiguration(gridName); + + cfg.setClientConnectorConfiguration(new ClientConnectorConfiguration() + .setSslEnabled(true) + .setUseIgniteSslContextFactory(true)); + + cfg.setSslContextFactory(createSslFactory()); + + CacheConfiguration ccfg = new CacheConfiguration(TEST_CACHE_NAME); + + cfg.setCacheConfiguration(ccfg); + + return cfg; + } + + /** {@inheritDoc} */ + protected ClientConfiguration getClientConfiguration() throws Exception { + ClientConfiguration cfg = new ClientConfiguration(); + + cfg.setAddresses("127.0.0.1:10800"); + + cfg.setSslMode(SslMode.REQUIRED); + + cfg.setSslContextFactory(createSslFactory()); + + return cfg; + } + + @NotNull private SslContextFactory createSslFactory() { + SslContextFactory factory = (SslContextFactory)GridTestUtils.sslTrustedFactory( + "node01", "trustone"); + + factory.setCipherSuites(cipherSuites); + factory.setProtocols(protocols); + + return factory; + } + + /** {@inheritDoc} */ + @Override protected void afterTest() throws Exception { + stopAllGrids(); + + protocols = null; + cipherSuites = null; + } + + /** + * @throws Exception If failed. + */ + public void testSameCipherSuite() throws Exception { + cipherSuites = new String[] { + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "TLS_RSA_WITH_AES_128_GCM_SHA256", + "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" + }; + + startGrid(); + + checkSuccessfulClientStart( + new String[][] { + new String[] { + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "TLS_RSA_WITH_AES_128_GCM_SHA256", + "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" + } + }, + null + ); + } + + /** + * @throws Exception If failed. + */ + public void testOneCommonCipherSuite() throws Exception { + cipherSuites = new String[] { + "TLS_RSA_WITH_AES_128_GCM_SHA256", + "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" + }; + + startGrid(); + + checkSuccessfulClientStart( + new String[][] { + new String[] { + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" + } + }, + null + ); + } + + /** + * @throws Exception If failed. + */ + public void testNoCommonCipherSuite() throws Exception { + cipherSuites = new String[] { + "TLS_RSA_WITH_AES_128_GCM_SHA256" + }; + + startGrid(); + + checkClientStartFailure( + new String[][] { + new String[] { + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" + } + }, + null + ); + } + + /** + * @throws Exception If failed. + */ + public void testNonExistentCipherSuite() throws Exception { + cipherSuites = new String[] { + "TLS_RSA_WITH_AES_128_GCM_SHA256" + }; + + startGrid(); + + checkClientStartFailure( + new String[][] { + new String[] { + "TLC_FAKE_CIPHER", + "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" + } + }, + null, + IllegalArgumentException.class, + "Unsupported ciphersuite" + ); + } + + /** + * @throws Exception If failed. + */ + public void testNoCommonProtocols() throws Exception { + protocols = new String[] { + "TLSv1.1", + "SSLv3" + }; + + startGrid(); + + checkClientStartFailure( + null, + new String[][] { + new String[] { + "TLSv1", + "TLSv1.2", + } + } + ); + } + + /** + * @throws Exception If failed. + */ + public void testNonExistentProtocol() throws Exception { + protocols = new String[] { + "SSLv3" + }; + + startGrid(); + + checkClientStartFailure( + null, + new String[][] { + new String[] { + "SSLv3", + "SSLvDoesNotExist" + } + }, + IllegalArgumentException.class, + "SSLvDoesNotExist" + ); + } + + /** + * @throws Exception If failed. + */ + public void testSameProtocols() throws Exception { + protocols = new String[] { + "TLSv1.1", + "TLSv1.2", + }; + + startGrid(); + + checkSuccessfulClientStart(null, + new String[][] { + new String[] { + "TLSv1.1", + "TLSv1.2", + } + } + ); + } + + /** + * @throws Exception If failed. + */ + public void testOneCommonProtocol() throws Exception { + protocols = new String[] { + "TLSv1", + "TLSv1.1", + "TLSv1.2" + }; + + startGrid(); + + checkSuccessfulClientStart(null, + new String[][] { + new String[] { + "TLSv1.1", + "SSLv3" + } + } + ); + } + + /** + * @param cipherSuites list of cipher suites + * @param protocols list of protocols + * @throws Exception If failed. + */ + private void checkSuccessfulClientStart(String[][] cipherSuites, String[][] protocols) throws Exception { + int n = Math.max( + cipherSuites != null ? cipherSuites.length : 0, + protocols != null ? protocols.length : 0); + + for (int i = 0; i < n; i++) { + this.cipherSuites = cipherSuites != null && i < cipherSuites.length ? cipherSuites[i] : null; + this.protocols = protocols != null && i < protocols.length ? protocols[i] : null; + + IgniteClient client = Ignition.startClient(getClientConfiguration()); + + client.getOrCreateCache(TEST_CACHE_NAME); + + client.close(); + } + } + + /** + * @param cipherSuites list of cipher suites + * @param protocols list of protocols + * @throws Exception If failed. + */ + private void checkClientStartFailure(String[][] cipherSuites, String[][] protocols) throws Exception { + checkClientStartFailure(cipherSuites, protocols, ClientConnectionException.class, "Ignite cluster is unavailable"); + } + + /** + * @param cipherSuites list of cipher suites + * @param protocols list of protocols + * @param ex expected exception class + * @param msg exception message + * @throws Exception If failed. + */ + private void checkClientStartFailure(String[][] cipherSuites, String[][] protocols, Class ex, String msg) throws Exception { + int n = Math.max( + cipherSuites != null ? cipherSuites.length : 0, + protocols != null ? protocols.length : 0); + + for (int i = 0; i < n; i++) { + this.cipherSuites = cipherSuites != null && i < cipherSuites.length ? cipherSuites[i] : null; + this.protocols = protocols != null && i < protocols.length ? protocols[i] : null; + + int finalI = i; + + GridTestUtils.assertThrows(null, new Callable() { + @Override public Object call() throws Exception { + Ignition.startClient(getClientConfiguration()); + + return null; + } + }, ex, msg); + } + } + +} diff --git a/modules/core/src/test/java/org/apache/ignite/testframework/GridTestUtils.java b/modules/core/src/test/java/org/apache/ignite/testframework/GridTestUtils.java index 9390d6b36fe69..786d0e09de315 100644 --- a/modules/core/src/test/java/org/apache/ignite/testframework/GridTestUtils.java +++ b/modules/core/src/test/java/org/apache/ignite/testframework/GridTestUtils.java @@ -1665,7 +1665,7 @@ public static boolean waitForCondition(GridAbsPredicate cond, long timeout) thro public static SSLContext sslContext() throws GeneralSecurityException, IOException { SSLContext ctx = SSLContext.getInstance("TLS"); - char[] storePass = GridTestProperties.getProperty("ssl.keystore.password").toCharArray(); + char[] storePass = keyStorePassword().toCharArray(); KeyManagerFactory keyMgrFactory = KeyManagerFactory.getInstance("SunX509"); @@ -1692,7 +1692,7 @@ public static GridSslContextFactory sslContextFactory() { factory.setKeyStoreFilePath( U.resolveIgnitePath(GridTestProperties.getProperty("ssl.keystore.path")).getAbsolutePath()); - factory.setKeyStorePassword(GridTestProperties.getProperty("ssl.keystore.password").toCharArray()); + factory.setKeyStorePassword(keyStorePassword().toCharArray()); factory.setTrustManagers(GridSslBasicContextFactory.getDisabledTrustManager()); @@ -1710,7 +1710,7 @@ public static Factory sslFactory() { factory.setKeyStoreFilePath( U.resolveIgnitePath(GridTestProperties.getProperty("ssl.keystore.path")).getAbsolutePath()); - factory.setKeyStorePassword(GridTestProperties.getProperty("ssl.keystore.password").toCharArray()); + factory.setKeyStorePassword(keyStorePassword().toCharArray()); factory.setTrustManagers(SslContextFactory.getDisabledTrustManager()); @@ -1727,16 +1727,23 @@ public static Factory sslFactory() { public static Factory sslTrustedFactory(String keyStore, String trustStore) { SslContextFactory factory = new SslContextFactory(); - factory.setKeyStoreFilePath(U.resolveIgnitePath(GridTestProperties.getProperty( - "ssl.keystore." + keyStore + ".path")).getAbsolutePath()); - factory.setKeyStorePassword(GridTestProperties.getProperty("ssl.keystore.password").toCharArray()); - factory.setTrustStoreFilePath(U.resolveIgnitePath(GridTestProperties.getProperty( - "ssl.keystore." + trustStore + ".path")).getAbsolutePath()); - factory.setTrustStorePassword(GridTestProperties.getProperty("ssl.keystore.password").toCharArray()); + factory.setKeyStoreFilePath(keyStorePath(keyStore)); + factory.setKeyStorePassword(keyStorePassword().toCharArray()); + factory.setTrustStoreFilePath(keyStorePath(trustStore)); + factory.setTrustStorePassword(keyStorePassword().toCharArray()); return factory; } + public static String keyStorePassword() { + return GridTestProperties.getProperty("ssl.keystore.password"); + } + + @NotNull public static String keyStorePath(String keyStore) { + return U.resolveIgnitePath(GridTestProperties.getProperty( + "ssl.keystore." + keyStore + ".path")).getAbsolutePath(); + } + /** * @param o1 Object 1. * @param o2 Object 2. diff --git a/modules/indexing/src/test/java/org/apache/ignite/client/ClientTestSuite.java b/modules/indexing/src/test/java/org/apache/ignite/client/ClientTestSuite.java index 3fb243cfe07c4..623a19ebe66a5 100644 --- a/modules/indexing/src/test/java/org/apache/ignite/client/ClientTestSuite.java +++ b/modules/indexing/src/test/java/org/apache/ignite/client/ClientTestSuite.java @@ -33,7 +33,8 @@ ReliabilityTest.class, SecurityTest.class, FunctionalQueryTest.class, - IgniteBinaryQueryTest.class + IgniteBinaryQueryTest.class, + SslParametersTest.class }) public class ClientTestSuite { // No-op. From 5e8cb6dade1d0385b837874a64c6a8f137d28580 Mon Sep 17 00:00:00 2001 From: Ilya Kasnacheev Date: Mon, 20 Aug 2018 17:32:38 +0300 Subject: [PATCH 11/11] Update IgniteClientTestSuite.java Remove unneeded change --- .../ignite/internal/client/suite/IgniteClientTestSuite.java | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/clients/src/test/java/org/apache/ignite/internal/client/suite/IgniteClientTestSuite.java b/modules/clients/src/test/java/org/apache/ignite/internal/client/suite/IgniteClientTestSuite.java index ae20046893ae0..c7017d66bda26 100644 --- a/modules/clients/src/test/java/org/apache/ignite/internal/client/suite/IgniteClientTestSuite.java +++ b/modules/clients/src/test/java/org/apache/ignite/internal/client/suite/IgniteClientTestSuite.java @@ -122,7 +122,6 @@ public static TestSuite suite() { suite.addTestSuite(ClientTcpDirectSelfTest.class); suite.addTestSuite(ClientTcpSslSelfTest.class); suite.addTestSuite(ClientTcpSslDirectSelfTest.class); - suite.addTestSuite(ClientFailedInitSelfTest.class); // Test client with many nodes. suite.addTestSuite(ClientTcpMultiNodeSelfTest.class);