From ad9517c08344105dab57f2f73fa45da5cb385156 Mon Sep 17 00:00:00 2001 From: Kirill Anisimov Date: Fri, 3 Apr 2026 12:30:07 +0700 Subject: [PATCH 1/2] IGNITE-28444: Upgrade Jedis to 7.2.1 in clients tests --- modules/clients/pom.xml | 2 +- .../protocols/tcp/redis/RedisCommonAbstractTest.java | 11 ++++++++++- .../tcp/redis/RedisProtocolStringSelfTest.java | 9 +++++---- 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/modules/clients/pom.xml b/modules/clients/pom.xml index 851c763fd3228..bff5c9b8d86f9 100644 --- a/modules/clients/pom.xml +++ b/modules/clients/pom.xml @@ -50,7 +50,7 @@ redis.clients jedis - 2.9.0 + 7.2.1 test diff --git a/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/protocols/tcp/redis/RedisCommonAbstractTest.java b/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/protocols/tcp/redis/RedisCommonAbstractTest.java index 6f0b0f615acf5..54fb9e7fd76f4 100644 --- a/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/protocols/tcp/redis/RedisCommonAbstractTest.java +++ b/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/protocols/tcp/redis/RedisCommonAbstractTest.java @@ -22,6 +22,9 @@ import org.apache.ignite.configuration.ConnectorConfiguration; import org.apache.ignite.configuration.IgniteConfiguration; import org.apache.ignite.testframework.junits.common.GridCommonAbstractTest; +import redis.clients.jedis.ClientSetInfoConfig; +import redis.clients.jedis.DefaultJedisClientConfig; +import redis.clients.jedis.HostAndPort; import redis.clients.jedis.JedisPool; import redis.clients.jedis.JedisPoolConfig; @@ -59,7 +62,13 @@ public class RedisCommonAbstractTest extends GridCommonAbstractTest { jedisPoolCfg.setTestWhileIdle(true); jedisPoolCfg.setTimeBetweenEvictionRunsMillis(30000); - pool = new JedisPool(jedisPoolCfg, HOST, PORT, 10000); + DefaultJedisClientConfig clientCfg = DefaultJedisClientConfig.builder() + .connectionTimeoutMillis(10000) + .socketTimeoutMillis(10000) + .clientSetInfoConfig(ClientSetInfoConfig.DISABLED) + .build(); + + pool = new JedisPool(jedisPoolCfg, new HostAndPort(HOST, PORT), clientCfg); } /** {@inheritDoc} */ diff --git a/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/protocols/tcp/redis/RedisProtocolStringSelfTest.java b/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/protocols/tcp/redis/RedisProtocolStringSelfTest.java index c1d5e08416fa6..0ee98cdf419e5 100644 --- a/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/protocols/tcp/redis/RedisProtocolStringSelfTest.java +++ b/modules/clients/src/test/java/org/apache/ignite/internal/processors/rest/protocols/tcp/redis/RedisProtocolStringSelfTest.java @@ -26,6 +26,7 @@ import org.junit.Test; import redis.clients.jedis.Jedis; import redis.clients.jedis.exceptions.JedisDataException; +import redis.clients.jedis.params.SetParams; /** * Tests for String commands of Redis protocol. @@ -188,14 +189,14 @@ public void testSet() throws Exception { Assert.assertEquals("b0", jcache().get("setKey2")); // test options. - jedis.set("setKey1", "2", "nx"); - jedis.set("setKey3", "3", "nx", "px", EXPIRE_MS); + jedis.set("setKey1", "2", SetParams.setParams().nx()); + jedis.set("setKey3", "3", SetParams.setParams().nx().px(EXPIRE_MS)); Assert.assertEquals("1", jcache().get("setKey1")); Assert.assertEquals("3", jcache().get("setKey3")); - jedis.set("setKey1", "2", "xx", "ex", EXPIRE_SEC); - jedis.set("setKey4", "4", "xx"); + jedis.set("setKey1", "2", SetParams.setParams().xx().ex(EXPIRE_SEC)); + jedis.set("setKey4", "4", SetParams.setParams().xx()); Assert.assertEquals("2", jcache().get("setKey1")); Assert.assertNull(jcache().get("setKey4")); From 5a62956f3775a54724cbb8401fb6fd7b3908f149 Mon Sep 17 00:00:00 2001 From: Kirill Anisimov Date: Thu, 9 Apr 2026 12:03:33 +0700 Subject: [PATCH 2/2] IGNITE-28444: Fix SSL cipher tests for current JDK defaults --- .../jdbc/thin/JdbcThinConnectionSSLTest.java | 157 +++++++++++++----- 1 file changed, 116 insertions(+), 41 deletions(-) diff --git a/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinConnectionSSLTest.java b/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinConnectionSSLTest.java index 3e2bb1d41b22f..fd44a5fe097d1 100644 --- a/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinConnectionSSLTest.java +++ b/modules/clients/src/test/java/org/apache/ignite/jdbc/thin/JdbcThinConnectionSSLTest.java @@ -23,6 +23,9 @@ import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; +import java.util.Arrays; +import java.util.LinkedHashSet; +import java.util.Set; import java.util.concurrent.Callable; import javax.cache.configuration.Factory; import javax.net.ssl.SSLContext; @@ -33,6 +36,7 @@ import org.apache.ignite.internal.util.typedef.internal.U; import org.apache.ignite.ssl.SslContextFactory; import org.apache.ignite.testframework.GridTestUtils; +import org.junit.Assume; import org.junit.Test; /** @@ -52,6 +56,9 @@ public class JdbcThinConnectionSSLTest extends JdbcThinAbstractSelfTest { private static final String TRUST_KEY_STORE_PATH = U.getIgniteHome() + "/modules/clients/src/test/keystore/trust-one.jks"; + /** Unsupported cipher. */ + private static final String UNSUPPORTED_CIPHER = "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"; + /** SSL context factory. */ private static Factory sslCtxFactory; @@ -96,6 +103,66 @@ public class JdbcThinConnectionSSLTest extends JdbcThinAbstractSelfTest { return cfg; } + /** + * @return One of default cipher suites for the current JDK. + * @throws NoSuchAlgorithmException If failed. + */ + private static String dfltCipher() throws NoSuchAlgorithmException { + String[] dflt = SSLContext.getDefault().getSocketFactory().getDefaultCipherSuites(); + + assertTrue("No default cipher suites available", dflt.length > 0); + + return dflt[0]; + } + + /** + * @param exclude Cipher to exclude. + * @return Another default cipher suite for the current JDK. + * @throws NoSuchAlgorithmException If failed. + */ + private static String anotherDfltCipher(String exclude) throws NoSuchAlgorithmException { + String[] dflt = SSLContext.getDefault().getSocketFactory().getDefaultCipherSuites(); + + for (String cipher : dflt) { + if (!cipher.equals(exclude)) + return cipher; + } + + fail("No alternative default cipher suite found"); + + return null; + } + + /** + * @return Supported cipher suite that is not enabled by default, or null if none found. + * @throws NoSuchAlgorithmException If failed. + */ + private static String supportedButNonDfltCipherOrNull() throws NoSuchAlgorithmException { + SSLSocketFactory factory = SSLContext.getDefault().getSocketFactory(); + + Set supported = new LinkedHashSet<>(Arrays.asList(factory.getSupportedCipherSuites())); + Set dflt = new LinkedHashSet<>(Arrays.asList(factory.getDefaultCipherSuites())); + + for (String cipher : supported) { + if (dflt.contains(cipher)) + continue; + + if (!cipher.contains("_RSA_")) + continue; + + if (cipher.contains("_anon_") || cipher.contains("_NULL_") || cipher.contains("_ECDSA_") + || cipher.contains("_DSS_")) + continue; + + if ("TLS_EMPTY_RENEGOTIATION_INFO_SCSV".equals(cipher)) + continue; + + return cipher; + } + + return null; + } + /** * @throws Exception If failed. */ @@ -232,10 +299,13 @@ public void testCustomCiphersOnClient() throws Exception { setSslCtxFactoryToCli = true; sslCtxFactory = getTestSslContextFactory(); + String cipher1 = dfltCipher(); + String cipher2 = anotherDfltCipher(cipher1); + startGrids(1); try { - // Default ciphers + // Default ciphers. try (Connection conn = DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require" + "&sslClientCertificateKeyStoreUrl=" + CLI_KEY_STORE_PATH + "&sslClientCertificateKeyStorePassword=123456" + @@ -244,9 +314,9 @@ public void testCustomCiphersOnClient() throws Exception { checkConnection(conn); } - // Explicit cipher (one of defaults). + // Explicit cipher. try (Connection conn = DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require" + - "&sslCipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256" + + "&sslCipherSuites=" + cipher1 + "&sslClientCertificateKeyStoreUrl=" + CLI_KEY_STORE_PATH + "&sslClientCertificateKeyStorePassword=123456" + "&sslTrustCertificateKeyStoreUrl=" + TRUST_KEY_STORE_PATH + @@ -256,7 +326,7 @@ public void testCustomCiphersOnClient() throws Exception { // Explicit ciphers. try (Connection conn = DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require" + - "&sslCipherSuites=TLS_RSA_WITH_NULL_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256" + + "&sslCipherSuites=" + cipher2 + "," + cipher1 + "&sslClientCertificateKeyStoreUrl=" + CLI_KEY_STORE_PATH + "&sslClientCertificateKeyStorePassword=123456" + "&sslTrustCertificateKeyStoreUrl=" + TRUST_KEY_STORE_PATH + @@ -275,7 +345,11 @@ public void testCustomCiphersOnClient() throws Exception { @Test public void testCustomCiphersOnServer() throws Exception { setSslCtxFactoryToCli = true; - supportedCiphers = new String[] {"TLS_RSA_WITH_AES_256_CBC_SHA256" /* Enabled by default */}; + + String cipher1 = dfltCipher(); + String cipher2 = anotherDfltCipher(cipher1); + + supportedCiphers = new String[] {cipher1}; sslCtxFactory = getTestSslContextFactory(); startGrids(1); @@ -292,7 +366,7 @@ public void testCustomCiphersOnServer() throws Exception { // Explicit cipher. try (Connection conn = DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require" + - "&sslCipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA256" + + "&sslCipherSuites=" + cipher1 + "&sslClientCertificateKeyStoreUrl=" + CLI_KEY_STORE_PATH + "&sslClientCertificateKeyStorePassword=123456" + "&sslTrustCertificateKeyStoreUrl=" + TRUST_KEY_STORE_PATH + @@ -300,19 +374,19 @@ public void testCustomCiphersOnServer() throws Exception { checkConnection(conn); } - // Disabled by default cipher. - GridTestUtils.assertThrows(log, () -> { - return DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require" + - "&sslCipherSuites=TLS_RSA_WITH_NULL_SHA256" + + // Explicit cipher not supported by server. + GridTestUtils.assertThrows(log, () -> DriverManager.getConnection( + "jdbc:ignite:thin://127.0.0.1/?sslMode=require" + + "&sslCipherSuites=" + cipher2 + "&sslClientCertificateKeyStoreUrl=" + CLI_KEY_STORE_PATH + "&sslClientCertificateKeyStorePassword=123456" + "&sslTrustCertificateKeyStoreUrl=" + TRUST_KEY_STORE_PATH + - "&sslTrustCertificateKeyStorePassword=123456"); - }, SQLException.class, "Failed to SSL connect to server"); + "&sslTrustCertificateKeyStorePassword=123456" + ), SQLException.class, "Failed to SSL connect to server"); // Explicit ciphers. try (Connection conn = DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require" + - "&sslCipherSuites=TLS_RSA_WITH_NULL_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256" + + "&sslCipherSuites=" + cipher2 + "," + cipher1 + "&sslClientCertificateKeyStoreUrl=" + CLI_KEY_STORE_PATH + "&sslClientCertificateKeyStorePassword=123456" + "&sslTrustCertificateKeyStoreUrl=" + TRUST_KEY_STORE_PATH + @@ -327,21 +401,23 @@ public void testCustomCiphersOnServer() throws Exception { /** * @throws Exception If failed. - * - * Note: Disabled cipher suite can be enabled via Java Security property "jdk.tls.disabledAlgorithms" or in - * <JAVA_HOME>/conf/security/java.security file. */ @Test public void testDisabledCustomCipher() throws Exception { + String nonDfltCipher = supportedButNonDfltCipherOrNull(); + + Assume.assumeNotNull(nonDfltCipher); + setSslCtxFactoryToCli = true; - supportedCiphers = new String[] {"TLS_RSA_WITH_NULL_SHA256" /* Disabled by default */}; + supportedCiphers = new String[] {nonDfltCipher}; sslCtxFactory = getTestSslContextFactory(); startGrids(1); + try { - // Explicit supported ciphers. + // Explicit supported cipher. try (Connection conn = DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require" + - "&sslCipherSuites=TLS_RSA_WITH_NULL_SHA256" + + "&sslCipherSuites=" + nonDfltCipher + "&sslTrustAll=true" + "&sslClientCertificateKeyStoreUrl=" + CLI_KEY_STORE_PATH + "&sslClientCertificateKeyStorePassword=123456" + @@ -351,13 +427,13 @@ public void testDisabledCustomCipher() throws Exception { } // Default ciphers. - GridTestUtils.assertThrows(log, () -> { - return DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require" + + GridTestUtils.assertThrows(log, () -> DriverManager.getConnection( + "jdbc:ignite:thin://127.0.0.1/?sslMode=require" + "&sslClientCertificateKeyStoreUrl=" + CLI_KEY_STORE_PATH + "&sslClientCertificateKeyStorePassword=123456" + "&sslTrustCertificateKeyStoreUrl=" + TRUST_KEY_STORE_PATH + - "&sslTrustCertificateKeyStorePassword=123456"); - }, SQLException.class, "Failed to SSL connect to server"); + "&sslTrustCertificateKeyStorePassword=123456" + ), SQLException.class, "Failed to SSL connect to server"); } finally { stopAllGrids(); @@ -366,34 +442,34 @@ public void testDisabledCustomCipher() throws Exception { /** * @throws Exception If failed. - * - * Note: Disabled cipher suite can be enabled via Java Security property "jdk.tls.disabledAlgorithms" or in - * <JAVA_HOME>/conf/security/java.security file. */ @Test public void testUnsupportedCustomCipher() throws Exception { + String nonDfltCipher = supportedButNonDfltCipherOrNull(); + + Assume.assumeNotNull(nonDfltCipher); + setSslCtxFactoryToCli = true; - supportedCiphers = new String[] { - "TLS_RSA_WITH_NULL_SHA256" /* Disabled by default */, - "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" /* With disabled protocol*/}; + supportedCiphers = new String[] {nonDfltCipher, UNSUPPORTED_CIPHER}; sslCtxFactory = getTestSslContextFactory(); startGrids(1); + try { - // Enabled ciphers with unsupported algorithm can't be negotiated. - GridTestUtils.assertThrows(log, () -> { - return DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require" + - "&sslCipherSuites=TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA" + + // Unsupported cipher can't be negotiated. + GridTestUtils.assertThrows(log, () -> DriverManager.getConnection( + "jdbc:ignite:thin://127.0.0.1/?sslMode=require" + + "&sslCipherSuites=" + UNSUPPORTED_CIPHER + "&sslTrustAll=true" + "&sslClientCertificateKeyStoreUrl=" + CLI_KEY_STORE_PATH + "&sslClientCertificateKeyStorePassword=123456" + "&sslTrustCertificateKeyStoreUrl=" + TRUST_KEY_STORE_PATH + - "&sslTrustCertificateKeyStorePassword=123456"); - }, SQLException.class, "Failed to SSL connect to server"); + "&sslTrustCertificateKeyStorePassword=123456" + ), SQLException.class, "Failed to SSL connect to server"); // Supported cipher. try (Connection conn = DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require" + - "&sslCipherSuites=TLS_RSA_WITH_NULL_SHA256" + + "&sslCipherSuites=" + nonDfltCipher + "&sslTrustAll=true" + "&sslClientCertificateKeyStoreUrl=" + CLI_KEY_STORE_PATH + "&sslClientCertificateKeyStorePassword=123456" + @@ -403,14 +479,13 @@ public void testUnsupportedCustomCipher() throws Exception { } // Default ciphers. - GridTestUtils.assertThrows(log, () -> { - return DriverManager.getConnection("jdbc:ignite:thin://127.0.0.1/?sslMode=require" + + GridTestUtils.assertThrows(log, () -> DriverManager.getConnection( + "jdbc:ignite:thin://127.0.0.1/?sslMode=require" + "&sslClientCertificateKeyStoreUrl=" + CLI_KEY_STORE_PATH + "&sslClientCertificateKeyStorePassword=123456" + "&sslTrustCertificateKeyStoreUrl=" + TRUST_KEY_STORE_PATH + - "&sslTrustCertificateKeyStorePassword=123456"); - }, SQLException.class, "Failed to SSL connect to server"); - + "&sslTrustCertificateKeyStorePassword=123456" + ), SQLException.class, "Failed to SSL connect to server"); } finally { stopAllGrids();