From 0c82d476ae18bfa0bf8a34314ec9c2b886d5e24b Mon Sep 17 00:00:00 2001 From: Guy Korland Date: Sun, 17 May 2020 18:59:59 +0300 Subject: [PATCH 1/6] add ssl connection test --- Makefile | 21 +++++++- src/test/resources/tls/ca.crt | 31 +++++++++++ src/test/resources/tls/ca.key | 51 +++++++++++++++++++ src/test/resources/tls/ca.txt | 1 + src/test/resources/tls/redis.crt | 23 +++++++++ src/test/resources/tls/redis.dh | 8 +++ src/test/resources/tls/redis.key | 27 ++++++++++ .../redis/env/RedisStandaloneSSLEnv.scala | 21 ++++++++ .../redis/util/ConnectionSSLUtilsTest.scala | 23 +++++++++ 9 files changed, 205 insertions(+), 1 deletion(-) create mode 100644 src/test/resources/tls/ca.crt create mode 100644 src/test/resources/tls/ca.key create mode 100644 src/test/resources/tls/ca.txt create mode 100644 src/test/resources/tls/redis.crt create mode 100644 src/test/resources/tls/redis.dh create mode 100644 src/test/resources/tls/redis.key create mode 100644 src/test/scala/com/redislabs/provider/redis/env/RedisStandaloneSSLEnv.scala create mode 100644 src/test/scala/com/redislabs/provider/redis/util/ConnectionSSLUtilsTest.scala diff --git a/Makefile b/Makefile index 63df8bf0..0c1bc99e 100644 --- a/Makefile +++ b/Makefile @@ -9,6 +9,22 @@ appendonly no requirepass passwd endef +# STANDALONE REDIS NODE WITH SSL +define REDIS_STANDALONE_NODE_CONF_SSL +daemonize yes +port 0 +pidfile /tmp/redis_standalone_node__ssl_for_spark-redis.pid +logfile /tmp/redis_standalone_node_ssl_for_spark-redis.log +save "" +appendonly no +requirepass passwd +tls-port 6380 +tls-cert-file ./src/test/resources/tls/redis.crt +tls-key-file ./src/test/resources/tls/redis.key +tls-ca-cert-file ./src/test/resources/tls/ca.crt +tls-dh-params-file ./src/test/resources/tls/redis.dh +endef + # CLUSTER REDIS NODES define REDIS_CLUSTER_NODE1_CONF daemonize yes @@ -44,12 +60,14 @@ cluster-config-file /tmp/redis_cluster_node3_for_spark-redis.conf endef export REDIS_STANDALONE_NODE_CONF +export REDIS_STANDALONE_NODE_CONF_SSL export REDIS_CLUSTER_NODE1_CONF export REDIS_CLUSTER_NODE2_CONF export REDIS_CLUSTER_NODE3_CONF start-standalone: echo "$$REDIS_STANDALONE_NODE_CONF" | redis-server - + echo "$$REDIS_STANDALONE_NODE_CONF_SSL" | redis-server - start-cluster: @@ -72,7 +90,8 @@ start: stop-standalone: kill `cat /tmp/redis_standalone_node_for_spark-redis.pid` - + kill `cat /tmp/redis_standalone_node__ssl_for_spark-redis.pid` + stop-cluster: kill `cat /tmp/redis_cluster_node1_for_spark-redis.pid` || true kill `cat /tmp/redis_cluster_node2_for_spark-redis.pid` || true diff --git a/src/test/resources/tls/ca.crt b/src/test/resources/tls/ca.crt new file mode 100644 index 00000000..97e982aa --- /dev/null +++ b/src/test/resources/tls/ca.crt @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFSzCCAzOgAwIBAgIUHs81ch3cj/DaaUu/xeRpJtCvq3MwDQYJKoZIhvcNAQEL +BQAwNTETMBEGA1UECgwKUmVkaXMgVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUg +QXV0aG9yaXR5MB4XDTIwMDUxNzE1MDUwMVoXDTMwMDUxNTE1MDUwMVowNTETMBEG +A1UECgwKUmVkaXMgVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5 +MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvBUjUWX3xDaFoRtmZUiH +hv3HBtzQAUbpOMGqBUdm6F0/X2wa+bnmSOeAZoYuI7L2N3eBNZ6Vcd/rc0nP+PoL +M3L0fDPpNtrAgxFiLzCTLdsC4AYfSt3DOIURoMCYBdKvy62IaCanrnQElIzk41hI +NhWV1L1MXU3uaTw3xNXMX0pKp/Td6PYTTM4pZSDnXIzltpgOx4YXg/0MrWOLR9nS +95rv2the61zbMzf1OScOzncQcXwNAEbCvUPH5OwStNznPAxhLqhLuIJ05kKaon5U +y9qQFQvbMNOuXy8Fi/yTL4ZV9EkUyWOM7iqmCHTU5VU92FkZB+glIfk5Y5DmDe5a +Wsk4/BeDZdZgZShX41Dl12G5cQCErvxKmb0g41GJDwEBj4MZ3U8pJKJWj3vQC76V +yTsHtrTJ5maM/ctGE7IrQfIJwrDIqU/tixkLuete8CWt8X96iwjBbpHQ0J1TCB11 +WDK0wTgvCOjwjvhDA7D3Bvj65BpS+BnhuC/v/julfrV5rFCiyDeWjY//od6bo1HU +gHbJncdys5AlZs/FZpBmKC0Isa6JhNGE6SAZlmjn1euH8besA/qzResK+XOtTNr5 +pNQIA9L+Jfu66puViK8fnZb53NgG3YqbEuivUHXALbMj60JPVkwS2ZdDxY9iNvig +W1RY6wv+cs5726AUKJqin18CAwEAAaNTMFEwHQYDVR0OBBYEFAFmv2JPj3Pkt7Gs +ofrJ3JqLcVe5MB8GA1UdIwQYMBaAFAFmv2JPj3Pkt7GsofrJ3JqLcVe5MA8GA1Ud +EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBALdXNzliM8y02M5kktG7a4U/ +3aAMGfa8+FimQPrBOSpRBoq39lf3sIcVMYe8HiSZoynVChR5pkPdR0a66X89UUNL +EljZ7LX1oMG4hYnKq0tzu797DIAIY0fLyLbI8LnOcGFijRwtGIH/5YMLrgOwPBbD +llWteVMywMhovon3nPM1S78T0cILZ6QeuoKrM8JpRhit4EWfAdcmRWqYfWtmY6eW +SH4D0PQaJpDs9fsOYp0CwAMmDPQeM0EbVSe2Dl0kJh4rS2kYlCxN/ZhIv6qdgXv/ +4SAnBX5Cay+IDEuaeVn7rRuCVpouzMjA27ucZ3V56JjcL8HzB9iqzB/tnLMnzZmq +/DlwrQTVDJEExXGtUDcI+cgNpH9jqD4akFTvVggRFjv70JWj3dXHgz4x2iAy7O/x +d2IHI6WFVq7760EoQBTVyyJ/S2w8UVzHKAk8DMU+Y89jsUA0EPp/j7DiEeXSBWz+ +ivk35QXE16kGOmDPgF2SzCHKoTEheQQyJRd2UFNNY37X6ROMlHaeoXVZ13cMENPr +DNbB9h6Wi3lqP3WGteAk5uKQSZq8Q+/NgElnWls71MFKxzsIysH0nxkjbTmmZxxP +C9UH611jVgWZKth4a846lDruS9lUecz8f2vfiNZbDzXVdXxfhVA5VlGyRDlZq0xM +zSJm5Tn0Q1Tz4b+PMEFz +-----END CERTIFICATE----- diff --git a/src/test/resources/tls/ca.key b/src/test/resources/tls/ca.key new file mode 100644 index 00000000..35156b1c --- /dev/null +++ b/src/test/resources/tls/ca.key @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEAvBUjUWX3xDaFoRtmZUiHhv3HBtzQAUbpOMGqBUdm6F0/X2wa ++bnmSOeAZoYuI7L2N3eBNZ6Vcd/rc0nP+PoLM3L0fDPpNtrAgxFiLzCTLdsC4AYf +St3DOIURoMCYBdKvy62IaCanrnQElIzk41hINhWV1L1MXU3uaTw3xNXMX0pKp/Td +6PYTTM4pZSDnXIzltpgOx4YXg/0MrWOLR9nS95rv2the61zbMzf1OScOzncQcXwN +AEbCvUPH5OwStNznPAxhLqhLuIJ05kKaon5Uy9qQFQvbMNOuXy8Fi/yTL4ZV9EkU +yWOM7iqmCHTU5VU92FkZB+glIfk5Y5DmDe5aWsk4/BeDZdZgZShX41Dl12G5cQCE +rvxKmb0g41GJDwEBj4MZ3U8pJKJWj3vQC76VyTsHtrTJ5maM/ctGE7IrQfIJwrDI +qU/tixkLuete8CWt8X96iwjBbpHQ0J1TCB11WDK0wTgvCOjwjvhDA7D3Bvj65BpS ++BnhuC/v/julfrV5rFCiyDeWjY//od6bo1HUgHbJncdys5AlZs/FZpBmKC0Isa6J +hNGE6SAZlmjn1euH8besA/qzResK+XOtTNr5pNQIA9L+Jfu66puViK8fnZb53NgG +3YqbEuivUHXALbMj60JPVkwS2ZdDxY9iNvigW1RY6wv+cs5726AUKJqin18CAwEA +AQKCAgBq3Auj7K43wc5seXfU5b9yl+8jXAOmJhbN02J4+1dhf9FIstAkwFUxaK5Q +Eb5XNA+l9fTodQBtoY5Rg0dxKweAJLj5dDj1nJWyIgdJzmxgqkVY6MGQtKx9CUW5 +spLtBAYzT5XnrsaoXGxZxi8pZ/gnGl51b1Pa0zM4gSkiYWJrZXdDM+F8wYq3oY5t +UaOBtt+wvXXwMKRdrkEsphj1KrItUc8i5LoROUGlOQ7PePx1m7ow8A0m8g0koUUK +MIJ0Vene+R2h96aF30DxrjfTSLl+1N/1xTW06R/yHnIlVcx+PPHLCFaSEUh57KtG +tLJc1fB8YirRjjjCs6nCgwniMmEMqFNpf00YQQ9hwLl9tsc8gQKxx6EWvJt5ymOL +jbOyHCOEu7pmEhwNo3+6UKUMpvMZGf9obsfA1aXrilobmuxGlM954C2LMlH+zuMJ +p5sCbUvOtECcP/vKUACXkvcvseB4kfyDBEdRNYUIK9uIsdWnjJWA10WMszU6T4fH +t8mePAatQsQhcHiT45vGBuVY9WixBECizK/eDuOtuxQGE4OycrYtSc77WOv2benx ++E6RVoQkPt9mDpk06O23vM+asu3rrGoXogZcJVQf/3mjNbyEf1s3o0nY7DTov8Is +Il7AkDJ7XcU61mzRSz4zEZm2LFc0ydsxB/gQnSmrfwEl9+egeQKCAQEA31mkcehv +v4tgzEuJR9s2tRD4kI4U9IV5K+mz+7E0nrgU17devVWHnnNmSiSZOCYliiAlZJJq +Le1pxzZyLv1SWvhBML7Jxqe63+uFbd3AaOUUK3/f1+KyrgZKoHfxadDdMhve0Zeo +xVW3pBjpNTG3Z71FGI+X8yHMlxugQrQDZDMB4sHqRBmfsQ9HiHxNjew86UbDAmbu +5LHyovmtcYpBL07lsEIIpgnHF4B2cmvpn9TBams2L25/9WPwzCLRCZmltwyhLiHK +Jrtjj7T3+VdxKCq/W94lCu+yVt4QiKd7R06u8VfbsLtOMdLjMsilTEI8HxnALHIC +pRvtDlS5hrFvIwKCAQEA15OwNYARf+/DVu5vORYLpRECliDzYho9dwE6c267VF4A +r+MasHnDLQiAbnjQ41KMxK5gVvJCz2Dxfy25Y9RAa/6Z4BN5r+rMQ4k2wvQwR0q1 +56oPT6S2L016rlQN35vNA5njXV6KloeniGQSYAGOVjWdi0P6NPDSBdC/vdIYlZ3c +0l8KSthHNqYWwwfbZrVyKtjH9rOKNg0OcYzMvSK+wt6LibNbTorqhg4fLycwIFkj +ZZZMUb1o6nZN571dKE7rz+Qx3P9MLeEqBuiuI/Wvpdx0BTM7RAAS4ayJXukA+KiO +bPjuq5jxn7uaMY4xKkA7+wGyVdDl24R2ZGTqHfZQlQKCAQBdMRkVUie2Y2B7PZVF +PylfeXpNTotdz4dUlEm93h2XkDVaIK/ODi7tJTdr/kNUE06ciHcxtInLKgF11rjj +9Fz1ihohTaoBUqD9p1bgFaOf4N1+nPd4K6XkSMnAlOtM/JIew1RAXahU1kQumxpL +ULg299kpu1hqYRLtheBjlJrJpyLFS6YEzjA8f6SYRU1Sx1xO9XCOwwYwtDMKX2VI +N6ilJaVe2t6i8Pd6TeaeLXqobuxZC+zq848+g3nIo0pXWB219/YUupKPgKa1IoxJ +JHwZh2Sa32DTZFokNrntWvxsL199YexPnIeu8FBOMzwNSqGtVGBD6zpBTBqoXR+g +HM7DAoIBAQCIihVQPXZYBt89XzV4/bqQaQ6vUd11ZFNL3a5M0HS8AfIDdR9BaU2y +ZzEZR1JeuLlKFXwVdcnVGXy75ZUHYrcO76o8X3lyb4/CstTJc+pkLTC7s12RPyzZ +FwS+B6Tl3QNj5YM5bxjuMKtu2ps8zZ9+gOTxATQndeRAJLBdJQXHNb5YTDPzpbqt +JVNDYeWXzxKpirZUTfEbPPfJ+bjvjmMuf8/3fm81dw0FrUoZDoQP6QVfYWujVglu +f1Hmlmy7jAkVml3usJBqerOovpUVV5ZRwiiF5qYB8t4Cq8oyH/gqhm/3G0/nxa48 +UpFeE8aWESssVy3B5ta/S83E1pnmMk1lAoIBACRQMEkyv3vIQZmMQzcsg0Y4FX+R +f7lZ80rKbwYpwAKM4xHHXkj46jGBj0ZGHRNIR0BQqOksF8Sg29fjlXFA5G8yMlU/ +hHFEfsY4dSS1VfmGoFr2kSYKJszlcybOeEM0ceuSNafZ+5X59g86g+iHZ9TsJ6ly +F+cNYLIyVVCcaNB8YYiU9J20aMlzI+7Pr1ohesyb/7DwYMC78HzJO/AgvJNI477E +lO/+5Ou1nJDDWRqncfOZGtnYaz6vGjVV3yWwSnVyksgyoGgExXb8+ItU5xwJValS +lnkqM7ADuldyO61e7ctxJzOI9YWceYrDN38XV889umYWHB812rdBXmgGPvg= +-----END RSA PRIVATE KEY----- diff --git a/src/test/resources/tls/ca.txt b/src/test/resources/tls/ca.txt new file mode 100644 index 00000000..72dad9c3 --- /dev/null +++ b/src/test/resources/tls/ca.txt @@ -0,0 +1 @@ +7161BDE3516329B98ECE89BD1B3A84A165B36131 diff --git a/src/test/resources/tls/redis.crt b/src/test/resources/tls/redis.crt new file mode 100644 index 00000000..f7d599df --- /dev/null +++ b/src/test/resources/tls/redis.crt @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID4jCCAcoCFHFhveNRYym5js6JvRs6hKFls2ExMA0GCSqGSIb3DQEBCwUAMDUx +EzARBgNVBAoMClJlZGlzIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhv +cml0eTAeFw0yMDA1MTcxNTA1MDFaFw0yMTA1MTcxNTA1MDFaMCYxEzARBgNVBAoM +ClJlZGlzIFRlc3QxDzANBgNVBAMMBlNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBANd6DHmb4xtWSej6EOHHNHP/zSVuQ3jYUqTzc5s1oWrmDyro +rk3rnRBo1l9X6n9EESaMZyZxJFkrgnMlYNbZjy7KgKpGPP1BLDwyeBo6pYg8MRZK +0Kd0GaFqHk1WpboC9qKyhyWiD/C18+6Aq6Vm5ZcfnScanJ1WbmGZt+6NtGTOBDWu +BGfCzCx/6oIkDvlebycFs7JuL1uxIaZYKfUG2bPWkVpbtbNcune6A2pTtsfMdx8U +qWOW087uco3Q8QEa+rwLCDzhT6NywllGHN5ua5CgGdrYWFeH5lAuiNxvWbCaN9v8 +ua6+/xalOGewPixQbSgF6K0grjjg/jSdyt53BH0CAwEAATANBgkqhkiG9w0BAQsF +AAOCAgEAmFgZAW4De4ushRBrzSIRa5n8Q8Nkn8DcS0ludeFLiV49gyXD9b0Nnw8w +Ct+qxMMiVoWXqUUJWkfhcGQ/FbBZnDLsh3ZSHlyaMB+dXbmC5SJB9IlJsvEwjmN9 +RBEJ5VUwEc+OMb6w0CnG9tr//b1N5+iwvmdfapJcTradMwOe02ZJhD06Tvapol6P +L4z/ErSTKJRHzBPgzeSQHoRwvYbs4GE5VGMlygEq/v8ieodH0eO0IH9Cb3wro+Yq +6+SkbtOaJKdr15DZ/zd8UgoaBGxJFJ03cBcZHgV9FYfvv9QrNxkp4mx/g4UIe9Zn +6LqJSqxoQmhLWOTitp2iW/yMmDtSo2jwi4KVx+ENO9O0NsPUP2nk6mkH1YMMVg32 +mmrcuqOMijQu8b1MI76mO0KY3fCmbS6d0gReEcVYBZ5aPPCFTOeZVFF3n2Iz44+h +PrE+21UgwWYxmHQoSJ+f5378EEJYr3bY/PHOp/HEzPshlU3u++3utcGQbQRowUeF +cNd/gdOwHQpw7Sx6YFUvdTs9PEexPzgwzca8mPVto9uO8T5LLyZUouG6/bPzIsj7 +bDeZ9o56JhpR6flgg5SvWanyUL5ihbqhIxJcQai/XbMS3h61GK9H9RCu9LoJiRMM ++P2bBcsd0bqzysjbifk68UjcOSpCosLBavF/JSyAO9k2ytBzah8= +-----END CERTIFICATE----- diff --git a/src/test/resources/tls/redis.dh b/src/test/resources/tls/redis.dh new file mode 100644 index 00000000..9a48c2a7 --- /dev/null +++ b/src/test/resources/tls/redis.dh @@ -0,0 +1,8 @@ +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEAsUMvwTsUNheculmKMUjtZZJYw8DPD1vlh3DlD1xjwShqh46ICyna +fER4nKo9Lt63zNcM68w1aNgiyajbJgzemuNbRh55vh88jV4rNitqWcb0MiiuOWUc +3MjNtp6U7ttoZrMhXtiPLwEfNtkUZJZAaAnvs6MEu7BgyoVXpvt8Azckh1dpYeOt +TFnmIqVMziH1R2MxIFCkxZNsL9vJtrf8K3bgBJaPFpJeTPRMS25Pg90iJ2ZJLDZU +OjRuQpt7yaEGNJP3ADjQAWrSRMe2NnfJ2b2yI2CzTBQ0DOeAw731TmRw7pxIOPEu +N1jPJMNsM9FLoeslpJ9neot7UrqZtCt5SwIBAg== +-----END DH PARAMETERS----- diff --git a/src/test/resources/tls/redis.key b/src/test/resources/tls/redis.key new file mode 100644 index 00000000..3d0cfc00 --- /dev/null +++ b/src/test/resources/tls/redis.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA13oMeZvjG1ZJ6PoQ4cc0c//NJW5DeNhSpPNzmzWhauYPKuiu +TeudEGjWX1fqf0QRJoxnJnEkWSuCcyVg1tmPLsqAqkY8/UEsPDJ4GjqliDwxFkrQ +p3QZoWoeTValugL2orKHJaIP8LXz7oCrpWbllx+dJxqcnVZuYZm37o20ZM4ENa4E +Z8LMLH/qgiQO+V5vJwWzsm4vW7Ehplgp9QbZs9aRWlu1s1y6d7oDalO2x8x3HxSp +Y5bTzu5yjdDxARr6vAsIPOFPo3LCWUYc3m5rkKAZ2thYV4fmUC6I3G9ZsJo32/y5 +rr7/FqU4Z7A+LFBtKAXorSCuOOD+NJ3K3ncEfQIDAQABAoIBAGQFJkdIwhnNaw93 +DGERS9rQkZRfY3hzyaEB1NbmBSCO29mKGmbXCJg2YdPuBk6+9MsU/0iL2lh95ta2 +MgZpBJquqxze766LExJ6Rt+9+1qKvipf3gzsynzvulMh9lmqyHtrLWqdmJKekzVR +ituDMO1+Yj9lje9G0IQDi6pzIpprYLdstQJsUoafwN8TbqPGem8Z8/ili3TIj9z/ +EZuSH/Crv80ls+ptz2GiPcAxUctqAfha+3lkX+qWklTd+0B5LgHrf2agxIAb7549 +ZQTo4kDPDem7Rvqj4IQMHQhRdgSNYOmjidIF+XnbsdVw2rSbqMx6z+eLepuGtUQj +fWDh5gECgYEA9GddWg36dF5kebvBfuFso4DSqKBip6P6cogzoI6fHP2b4Qe73hlq +YiLOA3dPN/a8D0Ox3HNK8jx23EzG/JiIlBYX3RcB9+iUtg2Iixz9FiHnQkKwJFBS +VnWOb4rNQqWm+5W/OxE3da5dvsQKKpcgAK9OYj84X0lH3196GsxRrIECgYEA4bNS +6J0tbWHZ6CnTSZJz3BRNFnn8WSLy6A8Yytku1DnJjODuJT0/JwxglM+sR022V7JY +YCBfuueIXhqYbqCqCzLxZg21+w/3jpIZp7eDd5nY+VDnUv0PyNwGgv5rS6nEgpeL +YdbDYbj0ZOLZjSDrz5OfqihNQZssfWeB+ecvCf0CgYA/s/l3EZGoZzoVKMUkhylD +7L37yeItA+axl6KtRL9gVRIeM1/aYhGChsPfz2dMlPkrmV9wsHRmczAf97sd97wR +rTiHHgobTfoFAb4HVIT7EdcvRCaZMH5lnrqDhFBAAOFnTf7MLI6iE9LHeF2WAFIN +G6R4ozXUUEt1g3NWLM9VAQKBgQC73b86PnKspJF0LTRg/hWQcBmGhv1k2LFmNgLF +/id7oapBqIyx1Jw3jZbq5z4Yj/giYSIsyWXFtqmM4whUtUk1Ty8eanU6yJygQL44 +G4nDyPyQ8iXKrzgvUe3dpZZ8AZC/vxLW2qQBOKm9PBIn5epC+zcgtLEx1c8fh0Pq +VuORpQKBgQDXfhxTrpYyoxJmAoLmj9IOdsE/vjlcpriaQu4hkzaN6wz79O637WBk +zoaT72zYbCpWhD42yZLqQIkrgYjsht30Wut1dp/0FQSoT872aB62Q90UVKmX4TvN +wODJz8mtdC5co5fjxbaUn9Zfc0LUO9KPhFd0fb6SwCthBSQ4RmBWgg== +-----END RSA PRIVATE KEY----- diff --git a/src/test/scala/com/redislabs/provider/redis/env/RedisStandaloneSSLEnv.scala b/src/test/scala/com/redislabs/provider/redis/env/RedisStandaloneSSLEnv.scala new file mode 100644 index 00000000..2945fffc --- /dev/null +++ b/src/test/scala/com/redislabs/provider/redis/env/RedisStandaloneSSLEnv.scala @@ -0,0 +1,21 @@ +package com.redislabs.provider.redis.env + +import com.redislabs.provider.redis.{RedisConfig, RedisEndpoint} +import org.apache.spark.SparkConf + +trait RedisStandaloneSSLEnv extends Env { + + override val redisPort = 6380 + + override val conf: SparkConf = new SparkConf() + .setMaster("local[*]").setAppName(getClass.getName) + .set("spark.redis.host", redisHost) + .set("spark.redis.port", s"$redisPort") + .set("spark.redis.auth", redisAuth) + .set("spark.redis.ssl", "true") + .set("spark.streaming.stopGracefullyOnShutdown", "true") + .set("spark.driver.bindAddress", "127.0.0.1") + + override val redisConfig: RedisConfig = + new RedisConfig(RedisEndpoint(redisHost, redisPort, redisAuth, ssl=true)) +} diff --git a/src/test/scala/com/redislabs/provider/redis/util/ConnectionSSLUtilsTest.scala b/src/test/scala/com/redislabs/provider/redis/util/ConnectionSSLUtilsTest.scala new file mode 100644 index 00000000..1285ec7a --- /dev/null +++ b/src/test/scala/com/redislabs/provider/redis/util/ConnectionSSLUtilsTest.scala @@ -0,0 +1,23 @@ +package com.redislabs.provider.redis.util + +import com.redislabs.provider.redis.env.RedisStandaloneSSLEnv +import com.redislabs.provider.redis.util.ConnectionUtils.{JedisExt, XINFO} +import org.scalatest.{FunSuite, Matchers} +import redis.clients.jedis.StreamEntryID + +import scala.collection.JavaConverters._ + +/** + * @author The Viet Nguyen + */ +class ConnectionSSLUtilsTest extends FunSuite with Matchers with RedisStandaloneSSLEnv { + + test("xinfo") { + val streamKey = TestUtils.generateRandomKey() + val conn = redisConfig.connectionForKey(streamKey) + val data = Map("key" -> "value").asJava + val entryId = conn.xadd(streamKey, new StreamEntryID(0, 1), data) + val info = conn.xinfo(XINFO.SubCommandStream, streamKey) + info.get(XINFO.LastGeneratedId) shouldBe Some(entryId.toString) + } +} From 89a41da19e65feafe16bbd56a87618416d41fdfa Mon Sep 17 00:00:00 2001 From: Guy Korland Date: Sun, 17 May 2020 20:46:58 +0300 Subject: [PATCH 2/6] add keystore --- Makefile | 3 ++- src/test/resources/tls/client.csr | 25 +++++++++++++++++++++++++ src/test/resources/tls/clientkeystore | Bin 0 -> 4400 bytes 3 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 src/test/resources/tls/client.csr create mode 100644 src/test/resources/tls/clientkeystore diff --git a/Makefile b/Makefile index 0c1bc99e..90327c14 100644 --- a/Makefile +++ b/Makefile @@ -18,6 +18,7 @@ logfile /tmp/redis_standalone_node_ssl_for_spark-redis.log save "" appendonly no requirepass passwd +tls-auth-clients no tls-port 6380 tls-cert-file ./src/test/resources/tls/redis.crt tls-key-file ./src/test/resources/tls/redis.key @@ -117,7 +118,7 @@ test: benchmark: make start - mvn clean test -B -Pbenchmark + mvn clean test -B -Pbenchmark -DargLine="-Djavax.net.ssl.trustStorePassword=password -Djavax.net.ssl.trustStore=/home/guy/redisclients/spark-redis/src/test/resources/tls/clientkeystore -Djavax.net.ssl.trustStoreType=jceks" make stop deploy: diff --git a/src/test/resources/tls/client.csr b/src/test/resources/tls/client.csr new file mode 100644 index 00000000..f827483e --- /dev/null +++ b/src/test/resources/tls/client.csr @@ -0,0 +1,25 @@ +-----BEGIN NEW CERTIFICATE REQUEST----- +MIIEPzCCA+kCAQAwbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93 +bjEQMA4GA1UEBxMHVW5rbm93bjEOMAwGA1UEChMFcmVkaXMxDjAMBgNVBAsTBXJl +ZGlzMRQwEgYDVQQDEwtyZWRpcyByZWRpczCCA0IwggI1BgcqhkjOOAQBMIICKAKC +AQEAj3k12bmq6b+r7Yh6z0lRtvMuxZ47rzcY6OrElh8+/TYG50NRqcQYMzm4CefC +rhxTm6dHW4XQEa24tHmHdUmEaVysDo8UszYIKKIv+icRCj1iqZNFNAmg/mlsRlj4 +S90ggZw3CaAQV7GVrc0AIz26VIS2KR+dZI74g0SGd5ec7AS0NKasLnXpmF3iPbAp +L8ERjJ/6nYGB5zONt5K3MNe540lZL2gJmHIVORXqPWuLRlPGM0WPgDsypMLg8nKQ +JW5OP4o7CDihxFDk4YwaKaN9316hQ95LZv8EkD7VzxYj4VjUh8YI6X8hHNgdyiPL +bjgHZfgi40K+SEwFdjk5YBzWZwIdALr2lqaFePff3uf6Z8l3x4XvMrIzuuWAwLzV +aV0CggEAFqZcWCBIUHBOdQKjl1cEDTTaOjR4wVTU5KXALSQu4E+W5h5L0JBKvayP +N+6x4J8xgtI8kEPLZC+IAEFg7fnKCbMgdqecMqYn8kc+kYebosTnRL0ggVRMtVuA +LDaNH6g+1InpTg+gaI4yQopceMR4xo0FJ7ccmjq7CwvhLERoljnn08502xAaZaor +h/ZMaCbbPscvS1WZg0u07bAvfJDppJbTpV1TW+v8RdT2GfY/Pe27hzklwvIk4Hcx +KW2oh+weR0j4fvtf3rdUhDFrIjLe5VPdrwIRKw0fAtowlzIk/ieu2oudSyki2bqL +457Z4QOmPFKBC8aIt+LtQxbh7xfb3gOCAQUAAoIBABhNEA7ZsggSRP9+M+YZPxsG +HqXC+JUDPxFdt8G6LwXiLMSrDK7PRwWGY+srFpk/9XbHloJFUNMy7mTs44FikjRk +Ckv9RdYxySWVe6DB8pZfRMBtwpL8EVB5H3zLzwl4bo7aSwqIGcW9vbLf9lDiAJr1 +tLPB7u00PYLmhLBpxsjt3IASQU7eQoHbKU1fqVFC0owPLV7eDMWXtDXW15CqcNVM +RYH89GF1FVft5cyc+ezRtBumVTWfkfiypXKNemMtz8nG4XPafM4t/cwL32jeqNfj +D+49rJCszRcbeWW38UUZUvrR0Pg4d/zMjweuFtxYvltOg5YQkCQ+GB4EAdpeEO2g +MDAuBgkqhkiG9w0BCQ4xITAfMB0GA1UdDgQWBBRRT1L9TaDwnVyuQBHSRIfqwU6h +TzANBglghkgBZQMEAwIFAANBADA+Ah0Ak8JdJGCo3g5GLlnJlf4b1wwYuLY5r26a +apTxzwIdAKF297kB9IeY0JVbHKQcwyWAJzOtQO82mKCHrIo= +-----END NEW CERTIFICATE REQUEST----- diff --git a/src/test/resources/tls/clientkeystore b/src/test/resources/tls/clientkeystore new file mode 100644 index 0000000000000000000000000000000000000000..49dec52a553cba3d78a5845ce3dfab207d1eaf2d GIT binary patch literal 4400 zcmchaXH*nh5`ZTXha4n1AUP<^kTa6QfPiEH5r&*ZG8lj%3kaejX(UOM41(}TgCIeo zKw?95a+;_@@YtMXbp^IE(b(d!WLv&bMDCC5m)LgyD(`(l5 z*Y$N6EjorYC~nE^!)IsA0>nEN9Va*TikjGT#|+q5T4W3jCaei=f?YDd_cv`mMe%Tx zx-fd}Pr~8v!UG>;@7|!KuoxwiEla>xP!#3L(pB1ZU+UkS#%E@b957~9!Be2sWWf*0 zG?&$bo6DeMqGmZoRgQ)u$7f7k;iMDkQ_w=Yy$d_1RCeliRP>%%LteM<8i^U=t`CZ8 zsI|Qa_Us)}6{dT6r^QWJpzr8l?&MxFel^p#H_rvl$0cc;qGWTRoyV9X+O08GT_MR* z4l4=KZmBL-Ssm%*R@onhs5@y1_;*BwyrV6<=OxT1c7r{+U^F|8HGd8kS7l)n=aIa{ zV96u9yV(;|f1|81f+b*N?J>wg=~g?^hb(ZLg1wb4jx|Ia>fgb>KXh-m<9rdJmn(Hd7^6|?CZyhFhf7JKcJ?1stdr4Q@9 zmpM#N!tHAXSdSgLLS)6=b(ZWr@)WI_ycuI{?fa(eCX^K9Cfj8rfiDiW!lcQ=e6|}P z#tNzDc?&fcmO#h=0FVg;1~NjBkZdpr2m(Q1uwXcXf{651lorqd3;~0n0E9b|nvl?7 z69^F@+KiS#v+B>cG|$9yzo3U;4(a)f0{k!DkyRXr=~ z2XHAg8b{O#uw(5X9fqq#1w7B(fYgc?lnVQ;rCNVcs1y*v(ZpvRW5dE$#1iV0>k$(T z3)&VU&ZMc{3^EK~72M)9jNXZqNNMy`75PoHTC8y?w5@5(#hS220LB6R3h`-K@j#sM z=wg1`6>j0r`YFqB)KHR6b7`W~R@LV$B<6#BlInYVkr;sTt<9re(i#r`!c5TuzVDif zkE1hkJ66=1Il_!}Ut5M=mP}wTQXGw4yGE7m{76*gp;cf<;JXAUUp-s8>>uRh^Ox0} zQ)E^~27G6zSsY4)qW5*3d1n;6L{KJa;i%fpN|Ad>YcEqq@~w?5*YWD3`^@`F3Y&jK z%kZ>+=l&dk6!0jD-hgXr9X>d*nX5OBK)P{?&Mg^ztN_snQLuxi5zj@rfAW=2$6-+d zoKuZ)3ooYT!3FZy!^q#o)PLDjWt{(ZVP+1DA)x=)LNMu3Q%+Tr(5jt15L;$eVkLs- zw;w(OE74fj;~GVvUoLmNf|Ua9f+=3Yg`H zN|$%to3o*`%Gc&p!e#{YY>Ew4KEzX9xj6^xd|oRtK9N-7HKwZ`hTpaIV=&uX>dQRZ z7_Mb4FpyWz?IWJ@=wllMH35DTMDH~rTrIJgBiOU&h&08$5g{M#_aVs*xA;9UI)SG#i5bTJHgj&By31NiL8|q&_)yv+- zT9sd=`Jfj46?ZL1|8L9zD*+JlAT~3~7xqmaQDSNmg7O3yR)tL?c0Cu&f$(`fZx=E>LV~v z6aoVl`;&U~@IeXhi?fN_(=Mpi&P5mAp^8^NzakB6Ix}a@+9XOQze4TH5yZ8qE1!ocn2?UaWGqGQEBOK@I z|LPV4;{0oXghT^lKvVz%p2$EL5D?JBz-8!g&>$B0(Dct?I zx=*J&AmG5UVimtsmrB_cbs_u|R)&t#oceH({%v~l=DO94nADyOALT#*^__bZ0FCx$ z)vm=2+S=I_d6=zm5$X-bcUdJp_kr>I=_Cg78N^7rjR-Uj|3oCpWLKNM2OYm9SU}=C zx@4j-X~9gq%5&*R2A#A_v327{k2L;5xWo7@2Y#~!gQW@EhC6_Wa=cDjGsl8qEEN!# z7|#4rUw}K;H1X~bdCRjNIpVt7o@K}Q)At&5)k4bON!u&Ci}g3-n8_Q~Z*KFH?Sur! zk>ETZ4-H|BNG|%Bi`L?#MMze+A04WKD-Vbcj~7|4A2QFs5&8C0F8{&npi+a}ZmE=n z#Iu~aj6B29Q2!ommv>DPkKmc>^<1?x(N6L( z+tS#4o&2Zwz}=Z_dj9m>EE^CQ2mt08Aq@XgcRK}b6wpx#VM#!jrSc5=WzdH4^vNTrY2 zFy{THL-T^G$2b{5L!yWE`(_7~(G1AwCOCImp1>FxeNchwM@@~!wGahERTQoH)W++* zY}}j3*xpwtpFdjf!a_;Vn(w>oy0;q!ylm|f*sd^zoh^lvmxC+i8Q-Rulm!`ywskwV z#2#e+kU+K44Y!j!y@WSnUWv84XfTz1R?h-X@T$9}-gk3E7p7=E01xf5@Fs2Solx3g zL2Y1O*e+a5nbm}^j?$W&7cPWyVS0L5?=)4bwFDb>_iUbn5BfmGO(X_}N)NI)DPzT$ zrVICVx6S;K>Esu*nmQ|j`$0Te(#O7;S;N<#R)UxDDuax{9z#0slo?2o9CcH?3_%wu zvLqRQGbN#6lsg%EmiKY2D_jvd%^|w+Z70Bvm@7ZhwESdUng1&N*n7?pl)Jp4RTn?0 zJgid@J&3NlDo%YIl34kLX6Xae{pZ6YsU>K~L@|-n7XP0;WD-@nU^e@hx0u7G_Vw+iIBXS&SY>|JMjpwiGgRoy zoZ|}DGtF-V?dMiU^W;)(zy7fm`YPXX={Y-=k0ldp>S>!+zm-sHKLC*^hd8zOT@Lw* z;if#gd7BSfQ|&2YS#_zvTwsrAs%HH04a?UxR*eCTU{|BMuD$?v`eJm-$iS9&!q5(o z<+zEQM1EdB&%511gKf^!Eh(FMdeYo1df7lYX7;v4WxCW1zM;J3j4@x@sZ#N>fd@Zy zwTz=&`twh5Z0}qEs%H_6h$}%|5!%{fkNP2(RX-jnB3+#%P{ipy1Cl&fsXx;e}d`5S82agz}aJ z*B4)Uj-+!Jx=kcaok`uhPR0Up*QUoxd0k+JL+>+0e`_5Tl42J4;vNznNpg4GX|*v{ zr_@=+8D+lsr4E~GiH}c}yPoH~9fx_=HBTWoQY-m(RLN!Ws|)d1ILwq{Kize}x|oJ#7)?E(*B><7qAnoe`*iyQLWk-95s#)bh|c47;OIf_+^GbS83M`Wrm zzgAY($^$&Lig|_qBz|Y0aHpg1 Date: Tue, 19 May 2020 22:12:47 +0300 Subject: [PATCH 3/6] Update Makefile --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 90327c14..d20ec305 100644 --- a/Makefile +++ b/Makefile @@ -118,7 +118,7 @@ test: benchmark: make start - mvn clean test -B -Pbenchmark -DargLine="-Djavax.net.ssl.trustStorePassword=password -Djavax.net.ssl.trustStore=/home/guy/redisclients/spark-redis/src/test/resources/tls/clientkeystore -Djavax.net.ssl.trustStoreType=jceks" + mvn clean test -B -Pbenchmark make stop deploy: From 6fe3e7730051f0dbb4c6c0ad0d8d416a8bc51148 Mon Sep 17 00:00:00 2001 From: Guy Korland Date: Tue, 19 May 2020 22:17:48 +0300 Subject: [PATCH 4/6] Update Makefile --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index d20ec305..9ae9e4d8 100644 --- a/Makefile +++ b/Makefile @@ -113,7 +113,7 @@ test: make start # with --batch-mode maven doesn't print 'Progress: 125/150kB', the progress lines take up 90% of the log and causes # Travis build to fail with 'The job exceeded the maximum log length, and has been terminated' - mvn clean test -B + mvn clean test -B -DargLine="-Djavax.net.ssl.trustStorePassword=password -Djavax.net.ssl.trustStore=./src/test/resources/tls/clientkeystore -Djavax.net.ssl.trustStoreType=jceks" make stop benchmark: From ee709d5f5e0b784f7320318357afb250514acca3 Mon Sep 17 00:00:00 2001 From: Guy Korland Date: Tue, 19 May 2020 22:45:06 +0300 Subject: [PATCH 5/6] set keystore --- Makefile | 2 +- pom.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 90327c14..d20ec305 100644 --- a/Makefile +++ b/Makefile @@ -118,7 +118,7 @@ test: benchmark: make start - mvn clean test -B -Pbenchmark -DargLine="-Djavax.net.ssl.trustStorePassword=password -Djavax.net.ssl.trustStore=/home/guy/redisclients/spark-redis/src/test/resources/tls/clientkeystore -Djavax.net.ssl.trustStoreType=jceks" + mvn clean test -B -Pbenchmark make stop deploy: diff --git a/pom.xml b/pom.xml index 311add45..429bb73d 100644 --- a/pom.xml +++ b/pom.xml @@ -226,7 +226,7 @@ ${project.build.directory}/surefire-reports . WDF TestSuite.txt - -XX:MaxPermSize=256m -Xmx2g + -XX:MaxPermSize=256m -Xmx2g -Djavax.net.ssl.trustStorePassword=password -Djavax.net.ssl.trustStore=./src/test/resources/tls/clientkeystore -Djavax.net.ssl.trustStoreType=jceks com.redislabs.provider.redis.util.BenchmarkTest From eb9bc7c555f76dfe9ea6c2fe67467fa59326d80a Mon Sep 17 00:00:00 2001 From: Guy Korland Date: Tue, 19 May 2020 23:18:35 +0300 Subject: [PATCH 6/6] add ssl to docs --- doc/getting-started.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/doc/getting-started.md b/doc/getting-started.md index acd14e93..a725d559 100644 --- a/doc/getting-started.md +++ b/doc/getting-started.md @@ -88,6 +88,26 @@ val spark = SparkSession val sc = spark.sparkContext ``` +The SparkSession can be configured with SSL enabled: + +```scala +val spark = SparkSession + .builder() + .appName("myApp") + .master("local[*]") + .config("spark.redis.host", "localhost") + .config("spark.redis.port", "6379") + .config("spark.redis.auth", "passwd") + .config("spark.redis.ssl", "true") + .getOrCreate() + +val sc = spark.sparkContext +``` + +```bash +java -Djavax.net.ssl.trustStorePassword=password -Djavax.net.ssl.trustStore=path/to/keystore -Djavax.net.ssl.trustStoreType=jceks ... +``` + ### Create RDD ```scala