reduce test failures to 3

Author: kiryazovi-redis

src/test/java/io/lettuce/core/SslIntegrationTests.java

@@ -69,7 +69,9 @@ class SslIntegrationTests extends TestSupport {
 
     private static final String KEYSTORE = "work/keystore.jks";
 
-    private static File truststoreFile;
+    private static File truststoreFile0;
+    private static File truststoreFile1;
+    private static File truststoreFile2;
 
     private static File cacertFile;
 
@@ -112,12 +114,25 @@ class SslIntegrationTests extends TestSupport {
 
     @BeforeAll
     static void beforeClass() {
-        Path path = createAndSaveTestTruststore("redis-standalone-1", Paths.get("work/tls"), "changeit");
-        truststoreFile = path.toFile();
+        Path path0 = createAndSaveTestTruststore("redis-standalone-0", Paths.get("redis-standalone-0/work/tls"), "changeit");
+        truststoreFile0 = path0.toFile();
+        cacertFile = envCa(Paths.get("redis-standalone-0/work/tls")).toFile();
+
+        Path path = createAndSaveTestTruststore("redis-standalone-1", Paths.get("redis-standalone-1/work/tls"), "changeit");
+        truststoreFile1 = path.toFile();
         cacertFile = envCa(Paths.get("redis-standalone-1/work/tls")).toFile();
-        // do for 6444 and 8444
+
+        Path path2 = createAndSaveTestTruststore("redis-standalone-sentinel-controlled", Paths.get("redis-standalone-sentinel-controlled/work/tls"), "changeit");
+        truststoreFile2 = path2.toFile();
+        cacertFile = envCa(Paths.get("redis-standalone-sentinel-controlled/work/tls")).toFile();
+
+
+
         assumeTrue(CanConnect.to(TestSettings.host(), sslPort()), "Assume that stunnel runs on port 6443");
-        assertThat(truststoreFile).exists();
+        // Maybe we should do a list.
+        assertThat(truststoreFile0).exists();
+        assertThat(truststoreFile1).exists();
+        assertThat(truststoreFile2).exists();
     }
 
     @Test
@@ -134,7 +149,7 @@ void standaloneWithJdkSsl() {
 
         SslOptions sslOptions = SslOptions.builder() //
                 .jdkSslProvider() //
-                .truststore(truststoreFile, "changeit") //
+                .truststore(truststoreFile1, "changeit") //
                 .build();
         setOptions(sslOptions);
 
@@ -146,7 +161,7 @@ void standaloneWithVerifyCaOnly() {
 
         SslOptions sslOptions = SslOptions.builder() //
                 .jdkSslProvider() //
-                .truststore(truststoreFile, "changeit") //
+                .truststore(truststoreFile0, "changeit") //
                 .build();
         setOptions(sslOptions);
 
@@ -157,7 +172,7 @@ void standaloneWithVerifyCaOnly() {
     void standaloneWithPemCert() {
 
         SslOptions sslOptions = SslOptions.builder() //
-                .trustManager(cacertFile) //
+                .trustManager(envCa(Paths.get("redis-standalone-1/work/tls")).toFile()) //
                 .build();
         setOptions(sslOptions);
         verifyConnection(URI_VERIFY);
@@ -168,7 +183,7 @@ void standaloneWithPemCertAndImpossibleTimeout() {
 
         Assertions.setMaxStackTraceElementsDisplayed(30);
         SslOptions sslOptions = SslOptions.builder() //
-                .trustManager(cacertFile) //
+                .trustManager(envCa(Paths.get("redis-standalone-1/work/tls")).toFile()) //
                 .build();
         setOptions(sslOptions);
         redisClient.setOptions(ClientOptions.builder().protocolVersion(ProtocolVersion.RESP3).sslOptions(sslOptions).build());
@@ -187,7 +202,7 @@ void standaloneWithJdkSslUsingTruststoreUrl() throws Exception {
 
         SslOptions sslOptions = SslOptions.builder() //
                 .jdkSslProvider() //
-                .truststore(truststoreURL()) //
+                .truststore(truststoreURL(truststoreFile1)) //
                 .build();
         setOptions(sslOptions);
 
@@ -196,11 +211,11 @@ void standaloneWithJdkSslUsingTruststoreUrl() throws Exception {
 
     @Test
     void standaloneWithClientCertificates() {
-
+        //6445
         SslOptions sslOptions = SslOptions.builder() //
                 .jdkSslProvider() //
                 .keystore(new File(KEYSTORE), "changeit".toCharArray()) //
-                .truststore(truststoreFile, "changeit") //
+                .truststore(truststoreFile1, "changeit") //
                 .build();
         setOptions(sslOptions);
 
@@ -212,7 +227,7 @@ void standaloneWithClientCertificatesWithoutKeystore() {
 
         SslOptions sslOptions = SslOptions.builder() //
                 .jdkSslProvider() //
-                .truststore(truststoreFile, "changeit") //
+                .truststore(truststoreFile0, "changeit") //
                 .build();
         setOptions(sslOptions);
 
@@ -224,7 +239,7 @@ void standaloneWithJdkSslUsingTruststoreUrlWithWrongPassword() throws Exception
 
         SslOptions sslOptions = SslOptions.builder() //
                 .jdkSslProvider() //
-                .truststore(truststoreURL(), "knödel") //
+                .truststore(truststoreURL(truststoreFile0), "knödel") //
                 .build();
         setOptions(sslOptions);
 
@@ -249,7 +264,7 @@ void standaloneWithOpenSsl() {
 
         SslOptions sslOptions = SslOptions.builder() //
                 .openSslProvider() //
-                .truststore(truststoreFile, "changeit") //
+                .truststore(truststoreFile0, "changeit") //
                 .build();
         setOptions(sslOptions);
 
@@ -302,7 +317,7 @@ void masterSlaveWithJdkSsl() {
 
         SslOptions sslOptions = SslOptions.builder() //
                 .jdkSslProvider() //
-                .truststore(truststoreFile, "changeit") //
+                .truststore(truststoreFile2, "changeit") //
                 .build();
         setOptions(sslOptions);
 
@@ -314,7 +329,7 @@ void masterSlaveWithJdkSslUsingTruststoreUrl() throws Exception {
 
         SslOptions sslOptions = SslOptions.builder() //
                 .jdkSslProvider() //
-                .truststore(truststoreURL()) //
+                .truststore(truststoreURL(truststoreFile2)) //
                 .build();
         setOptions(sslOptions);
 
@@ -326,7 +341,7 @@ void masterSlaveWithJdkSslUsingTruststoreUrlWithWrongPassword() throws Exception
 
         SslOptions sslOptions = SslOptions.builder() //
                 .jdkSslProvider() //
-                .truststore(truststoreURL(), "knödel") //
+                .truststore(truststoreURL(truststoreFile0), "knödel") //
                 .build();
         setOptions(sslOptions);
 
@@ -367,7 +382,7 @@ void masterSlaveSslWithOneInvalidHostWillSucceed() {
 
         SslOptions sslOptions = SslOptions.builder() //
                 .jdkSslProvider() //
-                .truststore(truststoreFile, "changeit") //
+                .truststore(truststoreFile2, "changeit") //
                 .build();
         setOptions(sslOptions);
 
@@ -379,7 +394,7 @@ void masterSlaveSslWithAllInvalidHostsWillFail() {
 
         SslOptions sslOptions = SslOptions.builder() //
                 .jdkSslProvider() //
-                .truststore(truststoreFile, "changeit") //
+                .truststore(truststoreFile0, "changeit") //
                 .build();
         setOptions(sslOptions);
 
@@ -419,7 +434,7 @@ private static List<RedisURI> sslUris(IntStream masterSlaveOffsets,
                 .map(builderCustomizer).map(RedisURI.Builder::build).collect(Collectors.toList());
     }
 
-    private URL truststoreURL() throws MalformedURLException {
+    private URL truststoreURL(File truststoreFile) throws MalformedURLException {
         return truststoreFile.toURI().toURL();
     }
 

src/test/java/io/lettuce/test/settings/TlsSettings.java

@@ -43,10 +43,10 @@ public static Path testTruststorePath(String name) {
      * Creates an empty truststore.
      *
      * @return An empty KeyStore object.
-     * @throws KeyStoreException If there's an error initializing the truststore.
-     * @throws IOException If there's an error loading the truststore.
+     * @throws KeyStoreException        If there's an error initializing the truststore.
+     * @throws IOException              If there's an error loading the truststore.
      * @throws NoSuchAlgorithmException If the algorithm used to check the integrity of the truststore cannot be found.
-     * @throws CertificateException If any of the certificates in the truststore could not be loaded.
+     * @throws CertificateException     If any of the certificates in the truststore could not be loaded.
      */
     private static KeyStore createTruststore()
             throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
@@ -73,8 +73,8 @@ private static X509Certificate loadCertificate(Path certPath) throws Exception {
      * Adds a trusted certificate to the given truststore.
      *
      * @param trustStore The KeyStore object.
-     * @param alias Alias for the certificate.
-     * @param certPath Path to the certificate file.
+     * @param alias      Alias for the certificate.
+     * @param certPath   Path to the certificate file.
      * @throws Exception If there's an error adding the certificate.
      */
     private static void addTrustedCertificate(KeyStore trustStore, String alias, Path certPath) throws Exception {
@@ -85,8 +85,8 @@ private static void addTrustedCertificate(KeyStore trustStore, String alias, Pat
     /**
      * Creates a truststore, adds multiple trusted certificates, and saves it to the specified path.
      *
-     * @param trustedCertPaths List of certificate file paths to add to the truststore.
-     * @param truststorePath Path to save the generated truststore.
+     * @param trustedCertPaths   List of certificate file paths to add to the truststore.
+     * @param truststorePath     Path to save the generated truststore.
      * @param truststorePassword Password for the truststore.
      * @return Path to the saved truststore file.
      */
@@ -111,7 +111,7 @@ public static Path createAndSaveTruststore(List<Path> trustedCertPaths, Path tru
     }
 
     public static Path createAndSaveTestTruststore(String trustStoreName, Path certificateLocations,
-            String truststorePassword) {
+                                                   String truststorePassword) {
         List<Path> trustedCertPaths = new ArrayList<>();
         trustedCertPaths.add(envCa(certificateLocations).toAbsolutePath());
         trustedCertPaths.add(envServerCert(certificateLocations).toAbsolutePath());
@@ -120,5 +120,4 @@ public static Path createAndSaveTestTruststore(String trustStoreName, Path certi
 
         return createAndSaveTruststore(trustedCertPaths, trustStorePath, truststorePassword);
     }
-
-}
+}

src/test/resources/docker-env/docker-compose.yml

@@ -1,5 +1,19 @@
 services:
   # Standalone Redis Servers
+  redis-standalone-0:
+    image: redislabs/client-libs-test:8.0-M02
+    container_name: redis-standalone-0
+    environment:
+      - TLS_ENABLED=yes
+    volumes:
+      - ./redis-standalone-0/config:/redis/config:r
+      - ${REDIS_ENV_WORK_DIR}/redis-standalone-0/work:/redis/work:rw
+    ports:
+      - "6478:6478"
+      - "6444:6444" # TLS Port
+    networks:
+      - redis-network
+
   redis-standalone-1:
     image: redislabs/client-libs-test:8.0-M02
     container_name: redis-standalone-1
@@ -56,12 +70,15 @@ services:
       - TLS_ENABLED=yes
     volumes:
       - ./redis-standalone-sentinel-controlled/config:/redis/config:r
+      - ${REDIS_ENV_WORK_DIR}/redis-standalone-sentinel-controlled/work:/redis/work:rw
     ports:
       - "26380:26380"
       - "26822:26822" # sentinel tls port
       - "26379:26379"
       - "6482:6482"
       - "6483:6483"
+      - "8443:8443" # TLS Port
+      - "8444:8444" # TLS Port
     networks:
       - redis-network
 

src/test/resources/docker-env/redis-standalone-0/config/node-6478/redis.conf

@@ -0,0 +1,10 @@
+port 6478
+tls-port 6444
+tls-auth-clients no
+save ""
+appendonly no
+client-output-buffer-limit pubsub 256k 128k 5
+enable-debug-command yes
+unixsocket /work/socket-6478
+unixsocketperm 777
+replica-announce-ip localhost

src/test/resources/docker-env/redis-standalone-sentinel-controlled/config/node-6482/redis.conf

@@ -1,4 +1,6 @@
 port 6482
+tls-port 8443
+tls-auth-clients no
 save ""
 appendonly no
 client-output-buffer-limit pubsub 256k 128k 5

src/test/resources/docker-env/redis-standalone-sentinel-controlled/config/node-6483/redis.conf

@@ -1,4 +1,6 @@
 port 6483
+tls-port 8444
+tls-auth-clients no
 save ""
 appendonly no
 client-output-buffer-limit pubsub 256k 128k 5