001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.io.crypto.tls;
019
020import java.io.File;
021import java.io.IOException;
022import java.security.Security;
023import java.util.ArrayList;
024import java.util.Collection;
025import java.util.List;
026import org.apache.commons.io.FileUtils;
027import org.apache.hadoop.conf.Configuration;
028import org.apache.hadoop.hbase.HBaseCommonTestingUtility;
029import org.bouncycastle.jce.provider.BouncyCastleProvider;
030import org.junit.After;
031import org.junit.AfterClass;
032import org.junit.Before;
033import org.junit.BeforeClass;
034import org.junit.runners.Parameterized;
035
036/**
037 * Base class for parameterized unit tests that use X509TestContext for testing different X509
038 * parameter combinations (CA key type, cert key type, with/without a password, with/without
039 * hostname verification, etc).
040 * <p/>
041 * This base class takes care of setting up / cleaning up the test environment, and caching the
042 * X509TestContext objects used by the tests.
043 * <p/>
044 * This file has been copied from the Apache ZooKeeper project.
045 * @see <a href=
046 *      "https://github.com/apache/zookeeper/blob/master/zookeeper-server/src/test/java/org/apache/zookeeper/common/BaseX509ParameterizedTestCase.java">Base
047 *      revision</a>
048 */
049public abstract class AbstractTestX509Parameterized {
050
051  private static final HBaseCommonTestingUtility UTIL = new HBaseCommonTestingUtility();
052  private static X509TestContextProvider PROVIDER;
053
054  @Parameterized.Parameter()
055  public X509KeyType caKeyType;
056
057  @Parameterized.Parameter(value = 1)
058  public X509KeyType certKeyType;
059
060  @Parameterized.Parameter(value = 2)
061  public char[] keyPassword;
062
063  @Parameterized.Parameter(value = 3)
064  public Integer paramIndex;
065
066  /**
067   * Default parameters suitable for most subclasses. See example usage in {@link TestX509Util}.
068   * @return an array of parameter combinations to test with.
069   */
070  @Parameterized.Parameters(
071      name = "{index}: caKeyType={0}, certKeyType={1}, keyPassword={2}, paramIndex={3}")
072  public static Collection<Object[]> defaultParams() {
073    List<Object[]> result = new ArrayList<>();
074    int paramIndex = 0;
075    for (X509KeyType caKeyType : X509KeyType.values()) {
076      for (X509KeyType certKeyType : X509KeyType.values()) {
077        for (char[] keyPassword : new char[][] { "".toCharArray(), "pa$$w0rd".toCharArray() }) {
078          result.add(new Object[] { caKeyType, certKeyType, keyPassword, paramIndex++ });
079        }
080      }
081    }
082    return result;
083  }
084
085  /**
086   * Because key generation and writing / deleting files is kind of expensive, we cache the certs
087   * and on-disk files between test cases. None of the test cases modify any of this data so it's
088   * safe to reuse between tests. This caching makes all test cases after the first one for a given
089   * parameter combination complete almost instantly.
090   */
091  protected static Configuration conf;
092
093  protected X509TestContext x509TestContext;
094
095  @BeforeClass
096  public static void setUpBaseClass() throws Exception {
097    Security.addProvider(new BouncyCastleProvider());
098    File dir = new File(UTIL.getDataTestDir(TestX509Util.class.getSimpleName()).toString())
099      .getCanonicalFile();
100    FileUtils.forceMkdir(dir);
101    PROVIDER = new X509TestContextProvider(UTIL.getConfiguration(), dir);
102  }
103
104  @AfterClass
105  public static void cleanUpBaseClass() {
106    Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
107    UTIL.cleanupTestDir();
108  }
109
110  @Before
111  public void setUp() throws IOException {
112    x509TestContext = PROVIDER.get(caKeyType, certKeyType, keyPassword);
113    x509TestContext.setConfigurations(KeyStoreFileType.JKS, KeyStoreFileType.JKS);
114    conf = new Configuration(UTIL.getConfiguration());
115  }
116
117  @After
118  public void cleanUp() {
119    x509TestContext.clearConfigurations();
120    x509TestContext.getConf().unset(X509Util.TLS_CONFIG_OCSP);
121    x509TestContext.getConf().unset(X509Util.TLS_CONFIG_CLR);
122    x509TestContext.getConf().unset(X509Util.TLS_CONFIG_PROTOCOL);
123    System.clearProperty("com.sun.net.ssl.checkRevocation");
124    System.clearProperty("com.sun.security.enableCRLDP");
125    Security.setProperty("ocsp.enable", Boolean.FALSE.toString());
126    Security.setProperty("com.sun.security.enableCRLDP", Boolean.FALSE.toString());
127  }
128}