Merge pull request #1681 from srinathgit/develop

Making ssl/cert-auth test work

Author: srinathgit

marklogic-data-hub/build.gradle

@@ -327,7 +327,7 @@ task setupSSL{
             javaexec {
                 classpath = sourceSets.test.runtimeClasspath
                 main = 'com.marklogic.bootstrap.SSLsetup'
-                args = [mlHost, mlSecurityUsername, mlSecurityPassword, certAuth]
+                args = [mlHost, mlSecurityUsername, mlSecurityPassword, certAuth, sslRun]
                 }
             }
             if(sslRun) {
@@ -338,6 +338,8 @@ task setupSSL{
                             "mlFinalSimpleSsl=true\n" +
                             "mlAdminScheme=https\n" +
                             "mlManageScheme=https\n" +
+                            "mlAppServicesSimpleSsl=true\n" +
+                            "mlManageSimpleSsl=true\n" +
                             "mlStagingSimpleSsl=true")
                 }
             }
@@ -350,6 +352,7 @@ task setupSSL{
                             "mlAdminScheme=https\n" +
                             "mlFinalScheme=https\n" +
                             "mlStagingScheme=https\n" +
+                            "mlManageScheme=https\n" +
                             "mlJobScheme=https\n" +
                             "mlJobAuth=certificate")
             }

marklogic-data-hub/src/test/java/com/marklogic/bootstrap/Installer.java

@@ -17,7 +17,7 @@ public class Installer extends HubTestBase {
 
     private static Logger logger = LoggerFactory.getLogger(Installer.class);
 
-    public void setupProject() {
+    public void setupProject() {       
         createProjectDir();
     }
 

marklogic-data-hub/src/test/java/com/marklogic/bootstrap/SSLsetup.java

@@ -20,8 +20,6 @@
 import com.marklogic.mgmt.resource.security.CertificateAuthorityManager;
 import com.marklogic.mgmt.util.ObjectMapperFactory;
 import com.marklogic.rest.util.JsonNodeUtil;
-import org.apache.hadoop.conf.Configuration;
-import org.springframework.boot.test.context.SpringBootTest;
 
 public class SSLsetup {
 
@@ -35,7 +33,8 @@ private void convertToSSL(String[] args) {
         String mlSecurityUsername = args[1];
         String mlSecurityPassword = args[2];
         boolean certAuth = Boolean.parseBoolean(args[3]);
-        if (!certAuth)
+        boolean sslRun = Boolean.parseBoolean(args[4]);
+        if (!(certAuth || sslRun))
             return;
 
         /*
@@ -74,17 +73,14 @@ private void convertToSSL(String[] args) {
 
         ObjectNode node = ObjectMapperFactory.getObjectMapper().createObjectNode();
         if (certAuth) {
-            node.put("authentication", "certificate");
-            ArrayNode certnode = node.putArray("ssl-client-certificate-pem");
+            node.put("authentication", "certificate");            
+            ArrayNode certnode = node.arrayNode();
             certnode.add(cacert);
-            node.put("ssl-certificate-template", "dhf-cert");
-            node.put("ssl-allow-sslv3", "true");
-            node.put("ssl-allow-tls", "true");
-            node.put("ssl-disable-sslv3", "false");
-            node.put("ssl-disable-tlsv1", "false");
-            node.put("ssl-disable-tlsv1-1", "false");
-            node.put("ssl-disable-tlsv1-2", "false");
+            node.put("ssl-client-certificate-pem", certnode );
+
         }
+        node.put("ssl-certificate-template", "dhf-cert");
+        
         try {
             FileUtils.writeStringToFile(new File(System.getProperty("java.io.tmpdir") + "/ssl-server.json"),
                     node.toString());

marklogic-data-hub/src/test/java/com/marklogic/hub/HubTestBase.java

@@ -279,10 +279,7 @@ protected void init() {
         && stagingAuthMethod.equals(Authentication.CERTIFICATE)) {
             setCertAuth(true);
         }
-        
-        if(isSslRun() || isCertAuth()) {
-            certInit();
-        }
+               
         try {
             stagingClient = getClient(host, stagingPort, HubConfig.DEFAULT_STAGING_NAME, user, password, stagingAuthMethod);
             flowRunnerClient = getClient(host, stagingPort, HubConfig.DEFAULT_STAGING_NAME, flowRunnerUser, flowRunnerPassword, stagingAuthMethod);
@@ -304,6 +301,9 @@ protected void init() {
         modMgr = stagingModulesClient.newDocumentManager();
 
         adminHubConfig.refreshProject();
+        if(isSslRun() || isCertAuth()) {
+            certInit();
+        }
     }
 
     protected DatabaseClient getClient(String host, int port, String dbName, String user,String password, Authentication authMethod) throws Exception {
@@ -420,7 +420,27 @@ protected HubConfigImpl getHubFlowRunnerConfig() {
             adminHubConfig.setCertFile(DatabaseKind.FINAL, "src/test/resources/ssl/client-data-hub-user.p12");
             adminHubConfig.setSslContext(DatabaseKind.JOB,flowRunnercertContext);
             manageConfig.setSslContext(flowRunnercertContext);
-            adminConfig.setSslContext(flowRunnercertContext);                          
+            adminConfig.setSslContext(flowRunnercertContext);   
+                     
+            appConfig.setAppServicesCertPassword("abcd");
+            appConfig.setAppServicesTrustManager((X509TrustManager) tmf.getTrustManagers()[0]);
+            appConfig.setAppServicesSslHostnameVerifier(SSLHostnameVerifier.ANY);
+            appConfig.setAppServicesSecurityContextType(SecurityContextType.CERTIFICATE);
+            appConfig.setAppServicesPassword(null);
+
+            adminHubConfig.setTrustManager(DatabaseKind.STAGING, (X509TrustManager) tmf.getTrustManagers()[0]);
+            adminHubConfig.setCertPass(DatabaseKind.STAGING, "abcd");
+
+            adminHubConfig.setTrustManager(DatabaseKind.FINAL, (X509TrustManager) tmf.getTrustManagers()[0]);
+            adminHubConfig.setCertPass(DatabaseKind.FINAL, "abcd");
+            
+            //manageConfig.setConfigureSimpleSsl(false);
+            manageConfig.setSecuritySslContext(certContext);
+            manageConfig.setPassword(null);
+            manageConfig.setSecurityPassword(null);
+
+            //adminConfig.setConfigureSimpleSsl(false);
+            adminConfig.setPassword(null);
         }
         adminHubConfig.setAppConfig(appConfig);
         ((HubConfigImpl)adminHubConfig).setManageConfig(manageConfig);
@@ -477,38 +497,12 @@ private void certInit() {
         manageClient = ((HubConfigImpl)adminHubConfig).getManageClient();
         adminConfig = ((HubConfigImpl)adminHubConfig).getAdminConfig();
 
-        adminHubConfig.setScheme(DatabaseKind.STAGING,"https");
-        adminHubConfig.setScheme(DatabaseKind.FINAL,"https");
-        adminHubConfig.setScheme(DatabaseKind.JOB,"https");
-
-        adminHubConfig.setSslHostnameVerifier(DatabaseKind.STAGING,SSLHostnameVerifier.ANY);
-        adminHubConfig.setSslHostnameVerifier(DatabaseKind.FINAL,SSLHostnameVerifier.ANY);
-        adminHubConfig.setSslHostnameVerifier(DatabaseKind.JOB,SSLHostnameVerifier.ANY);
-        manageConfig.setScheme("https");
-        adminConfig.setScheme("https");
-        manageConfig.setHost(host);
-        manageConfig.setUsername(user);
-        manageConfig.setSecurityUsername(secUser);
-        
-        if(isSslRun()) {
-            appConfig.setAppServicesSslContext(SimpleX509TrustManager.newSSLContext());
-            appConfig.setAppServicesSslHostnameVerifier(SSLHostnameVerifier.ANY);
+        if(isCertAuth()) {
 
-            adminHubConfig.setSimpleSsl(DatabaseKind.STAGING,true);
-            adminHubConfig.setSimpleSsl(DatabaseKind.JOB,true);
-            adminHubConfig.setSimpleSsl(DatabaseKind.FINAL,true);
+            adminHubConfig.setSslHostnameVerifier(DatabaseKind.STAGING,SSLHostnameVerifier.ANY);
+            adminHubConfig.setSslHostnameVerifier(DatabaseKind.FINAL,SSLHostnameVerifier.ANY);
+            adminHubConfig.setSslHostnameVerifier(DatabaseKind.JOB,SSLHostnameVerifier.ANY);
 
-            adminHubConfig.setSslContext(DatabaseKind.STAGING,SimpleX509TrustManager.newSSLContext());
-            adminHubConfig.setSslContext(DatabaseKind.FINAL,SimpleX509TrustManager.newSSLContext());
-            adminHubConfig.setSslContext(DatabaseKind.JOB,SimpleX509TrustManager.newSSLContext());
-        
-            manageConfig.setConfigureSimpleSsl(true);
-            manageConfig.setSslContext(SimpleX509TrustManager.newSSLContext());
-
-            adminConfig.setConfigureSimpleSsl(true);
-            adminConfig.setSslContext(SimpleX509TrustManager.newSSLContext());
-        }
-        if(isCertAuth()) {
             appConfig.setAppServicesCertFile("src/test/resources/ssl/client-hub-admin-user.p12");
             adminHubConfig.setCertFile(DatabaseKind.STAGING, "src/test/resources/ssl/client-hub-admin-user.p12");
             adminHubConfig.setCertFile(DatabaseKind.FINAL, "src/test/resources/ssl/client-hub-admin-user.p12");
@@ -522,22 +516,18 @@ private void certInit() {
             appConfig.setAppServicesSecurityContextType(SecurityContextType.CERTIFICATE);
             appConfig.setAppServicesPassword(null);
 
-            adminHubConfig.setAuthMethod(DatabaseKind.STAGING,"certificate");
-            adminHubConfig.setAuthMethod(DatabaseKind.JOB,"certificate");
-            adminHubConfig.setAuthMethod(DatabaseKind.FINAL,"certificate");
-
             adminHubConfig.setTrustManager(DatabaseKind.STAGING, (X509TrustManager) tmf.getTrustManagers()[0]);
             adminHubConfig.setCertPass(DatabaseKind.STAGING, "abcd");
 
             adminHubConfig.setTrustManager(DatabaseKind.FINAL, (X509TrustManager) tmf.getTrustManagers()[0]);
             adminHubConfig.setCertPass(DatabaseKind.FINAL, "abcd");
 
-            manageConfig.setConfigureSimpleSsl(false);
+            //manageConfig.setConfigureSimpleSsl(false);
             manageConfig.setSecuritySslContext(certContext);
             manageConfig.setPassword(null);
             manageConfig.setSecurityPassword(null);
 
-            adminConfig.setConfigureSimpleSsl(false);
+            //adminConfig.setConfigureSimpleSsl(false);
             adminConfig.setPassword(null);
 
         }
@@ -549,6 +539,7 @@ private void certInit() {
         ((HubConfigImpl)adminHubConfig).setAdminConfig(adminConfig);
         wireClients();
     }
+    
     public void deleteProjectDir() {
         if (new File(PROJECT_PATH).exists()) {
             try {

marklogic-data-hub/src/test/java/com/marklogic/hub/core/HubConfigTest.java

@@ -44,14 +44,17 @@ public void cleanup() {
 
     @Test
     public void applyFinalConnectionPropsToDefaultRestConnection() {
+        
         AppConfig config = adminHubConfig.getAppConfig();
 
         assertEquals(new Integer(8011), config.getRestPort(),
             "The final port should be used as restPort so that any ml-gradle feature that depends on mlRestPost " +
                 "ends up talking to the final app server");
-        assertNull(config.getRestSslContext(), "Should be null because neither mlSimpleSsl nor mlFinalSimpleSsl were set to true");
-        assertNull(config.getRestSslHostnameVerifier(), "Should be null because neither mlSimpleSsl nor mlFinalSimpleSsl were set to true");
-        assertNull(config.getRestTrustManager(), "Should be null because neither mlSimpleSsl nor mlFinalSimpleSsl were set to true");
+        if (!(isCertAuth() || isSslRun())) {
+            assertNull(config.getRestSslContext(), "Should be null because neither mlSimpleSsl nor mlFinalSimpleSsl were set to true");
+            assertNull(config.getRestSslHostnameVerifier(), "Should be null because neither mlSimpleSsl nor mlFinalSimpleSsl were set to true");
+            assertNull(config.getRestTrustManager(), "Should be null because neither mlSimpleSsl nor mlFinalSimpleSsl were set to true");
+        }
         //get the old values
         String port = adminHubConfig.getPort(DatabaseKind.FINAL).toString();
         String authMethod = adminHubConfig.getAuthMethod(DatabaseKind.FINAL);
@@ -102,6 +105,7 @@ public void applyFinalConnectionPropsToDefaultRestConnection() {
             adminHubConfig.setTrustManager(DatabaseKind.FINAL, null);
         }
 
+        
     }
 
     @Test

marklogic-data-hub/src/test/java/com/marklogic/hub/core/HubProjectTest.java

@@ -3,13 +3,13 @@
 import com.marklogic.hub.DatabaseKind;
 import com.marklogic.hub.HubConfig;
 import com.marklogic.hub.HubTestBase;
-import com.marklogic.hub.impl.HubConfigImpl;
 import com.marklogic.hub.ApplicationConfig;
 
 import org.apache.commons.io.FileUtils;
 import org.apache.commons.io.IOUtils;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Assumptions;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
@@ -155,6 +155,7 @@ public void testInit() throws IOException {
 
     @Test
     public void upgrade300To403ToCurrentVersion() throws Exception {
+        Assumptions.assumeFalse((isCertAuth() || isSslRun())); 
         final String projectPath = "build/tmp/upgrade-projects/dhf403from300";
         final File projectDir = Paths.get(projectPath).toFile();
 

marklogic-data-hub/src/test/java/com/marklogic/hub/deploy/commands/LoadHubModulesCommandTest.java

@@ -46,8 +46,8 @@ public void setup() {
         createProjectDir();
         loadHubModulesCommand = new LoadHubModulesCommand();
         loadHubModulesCommand.setHubConfig(adminHubConfig);
-        ManageClient manageClient = new ManageClient(new com.marklogic.mgmt.ManageConfig(host, 8002, secUser, secPassword));
-        commandContext = new CommandContext(adminHubConfig.getAppConfig(), manageClient, null);
+        //ManageClient manageClient = new ManageClient(new com.marklogic.mgmt.ManageConfig(host, 8002, secUser, secPassword));
+        commandContext = new CommandContext(adminHubConfig.getAppConfig(), adminHubConfig.getManageClient(), null);
     }
 
     @Test