Merge pull request #273 from riptano/CPP-798

* CPP-798 Configure auth/SSL from secure connection bundle configuration

Also,
* CPP-797 Events need to map from affected node address to `host_id`
* CPP-800 Node discovery should use the `host_id` (and endpoint address) instead of the node's `rpc_address`

Author: mpenick

cpp-driver/gtests/src/integration/driver_utils.cpp

@@ -50,13 +50,13 @@ unsigned int test::driver::internals::Utils::connect_timeout(CassCluster* cluste
 
 std::string test::driver::internals::Utils::contact_points(CassCluster* cluster) {
   std::string contact_points;
-  const ContactPointList& contact_points_list = cluster->config().contact_points();
-  for (ContactPointList::const_iterator it = contact_points_list.begin();
-       it != contact_points_list.end(); ++it) {
+  const AddressVec& contact_points_list = cluster->config().contact_points();
+  for (AddressVec::const_iterator it = contact_points_list.begin(); it != contact_points_list.end();
+       ++it) {
     if (contact_points.size() > 0) {
       contact_points.push_back(',');
     }
-    contact_points.append((*it).c_str());
+    contact_points.append((*it).hostname_or_address().c_str());
   }
   return contact_points;
 }
@@ -73,7 +73,7 @@ std::string test::driver::internals::Utils::host(CassFuture* future) {
   if (future) {
     Future* cass_future = static_cast<Future*>(future);
     if (cass_future->type() == Future::FUTURE_TYPE_RESPONSE) {
-      return static_cast<ResponseFuture*>(cass_future)->address().to_string().c_str();
+      return static_cast<ResponseFuture*>(cass_future)->address().hostname_or_address().c_str();
     }
   }
   return "";

cpp-driver/gtests/src/unit/tests/test_address.cpp

@@ -97,6 +97,41 @@ TEST(AddressUnitTest, ToInetIPv6) {
   EXPECT_EQ(expected, actual);
 }
 
+TEST(AddressUnitTest, ToString) {
+  // Only hostname/address
+  EXPECT_EQ(Address("127.0.0.1", 9042).hostname_or_address(), "127.0.0.1");
+  EXPECT_EQ(Address("::1", 9042).hostname_or_address(), "::1");
+  EXPECT_EQ(Address("0:0:0:0:0:0:0:1", 9042).hostname_or_address(), "::1"); // IPv6 normalization
+  EXPECT_EQ(Address("0:0:0:0:0:0:0:0", 9042).hostname_or_address(), "::");  // IPv6 normalization
+  EXPECT_EQ(Address("datastax.com", 9042).hostname_or_address(), "datastax.com");
+
+  // w/o port
+  EXPECT_EQ(Address("127.0.0.1", 9042).to_string(), "127.0.0.1");
+  EXPECT_EQ(Address("::1", 9042).to_string(), "::1");
+  EXPECT_EQ(Address("datastax.com", 9042).to_string(), "datastax.com");
+
+  // w/ port
+  EXPECT_EQ(Address("127.0.0.1", 9042).to_string(true), "127.0.0.1:9042");
+  EXPECT_EQ(Address("::1", 9042).to_string(true), "[::1]:9042");
+  EXPECT_EQ(Address("datastax.com", 9042).to_string(true), "datastax.com:9042");
+
+  // w/ servername
+  EXPECT_EQ(Address("127.0.0.1", 9042, "d1f1884b-6e05-4b3f-9e88-8a93904bb0e5").to_string(),
+            "127.0.0.1 (d1f1884b-6e05-4b3f-9e88-8a93904bb0e5)");
+  EXPECT_EQ(Address("::1", 9042, "d1f1884b-6e05-4b3f-9e88-8a93904bb0e5").to_string(),
+            "::1 (d1f1884b-6e05-4b3f-9e88-8a93904bb0e5)");
+  EXPECT_EQ(Address("datastax.com", 9042, "d1f1884b-6e05-4b3f-9e88-8a93904bb0e5").to_string(),
+            "datastax.com (d1f1884b-6e05-4b3f-9e88-8a93904bb0e5)");
+
+  // w/ servername and port
+  EXPECT_EQ(Address("127.0.0.1", 9042, "d1f1884b-6e05-4b3f-9e88-8a93904bb0e5").to_string(true),
+            "127.0.0.1:9042 (d1f1884b-6e05-4b3f-9e88-8a93904bb0e5)");
+  EXPECT_EQ(Address("::1", 9042, "d1f1884b-6e05-4b3f-9e88-8a93904bb0e5").to_string(true),
+            "[::1]:9042 (d1f1884b-6e05-4b3f-9e88-8a93904bb0e5)");
+  EXPECT_EQ(Address("datastax.com", 9042, "d1f1884b-6e05-4b3f-9e88-8a93904bb0e5").to_string(true),
+            "datastax.com:9042 (d1f1884b-6e05-4b3f-9e88-8a93904bb0e5)");
+}
+
 TEST(AddressUnitTest, Hash) {
   AddressSet set;
 

cpp-driver/gtests/src/unit/tests/test_cloud_secure_connect_config.cpp

@@ -20,6 +20,7 @@
 #include "unit.hpp"
 
 #include "cloud_secure_connection_config.hpp"
+#include "config.hpp"
 #include "json.hpp"
 #include "string.hpp"
 
@@ -33,28 +34,8 @@
 #define CERTIFICATE_FILE "cert"
 #define KEY_FILE "key"
 
-#define CERTIFICATE_AUTHORITY "This would be a PEM file"
-#define CERTIFICATE "This would also be a PEM file"
-#define KEY "This would be yet another PEM file"
-
 #define CREDS_V1_ZIP_FILE "creds-v1.zip"
 
-#define FULL_CONFIG_CREDSV1               \
-  StringBuffer buffer;                    \
-  Writer<StringBuffer> writer(buffer);    \
-  writer.StartObject();                   \
-  writer.Key("username");                 \
-  writer.String("DataStax");              \
-  writer.Key("password");                 \
-  writer.String("Constellation");         \
-  writer.Key("host");                     \
-  writer.String("cloud.datastax.com");    \
-  writer.Key("port");                     \
-  writer.Int(1443);                       \
-  writer.Key("keyspace");                 \
-  writer.String("database_as_a_service"); \
-  writer.EndObject()
-
 #ifdef _WIN32
 #define PATH_SEPARATOR '\\'
 #else
@@ -63,18 +44,33 @@
 
 using datastax::String;
 using datastax::internal::core::CloudSecureConnectionConfig;
+using datastax::internal::core::Config;
+using datastax::internal::enterprise::DsePlainTextAuthProvider;
 using datastax::internal::json::StringBuffer;
 using datastax::internal::json::Writer;
 
+using mockssandra::Ssl;
+
 class CloudSecureConnectionConfigTest : public Unit {
 public:
+  const String& ca_cert() const { return ca_cert_; }
+  void set_invalid_ca_cert() { ca_cert_ = "!!!!!INVALID!!!!!"; }
+  const String& cert() const { return cert_; }
+  void set_invalid_cert() { cert_ = "!!!!!INVALID!!!!!"; }
+  const String& key() const { return key_; }
+  void set_invalid_key() { key_ = "!!!!!INVALID!!!!!"; }
+
   void SetUp() {
     Unit::SetUp();
     char tmp[260] = { 0 }; // Note: 260 is the maximum path on Windows
     size_t tmp_length = 260;
     uv_os_tmpdir(tmp, &tmp_length);
 
     tmp_zip_file_ = String(tmp, tmp_length) + PATH_SEPARATOR + CREDS_V1_ZIP_FILE;
+
+    ca_cert_ = Ssl::generate_cert(Ssl::generate_key());
+    key_ = Ssl::generate_key();
+    cert_ = Ssl::generate_cert(key_, "localhost");
   }
 
   const String& creds_zip_file() const { return tmp_zip_file_; }
@@ -88,21 +84,37 @@ class CloudSecureConnectionConfigTest : public Unit {
       zipCloseFileInZip(zip_file);
     }
     if (is_ca && add_zip_file_entry(zip_file, CERTIFICATE_AUTHORITY_FILE)) {
-      zipWriteInFileInZip(zip_file, CERTIFICATE_AUTHORITY, strlen(CERTIFICATE_AUTHORITY));
+      zipWriteInFileInZip(zip_file, ca_cert_.c_str(), ca_cert_.length());
       zipCloseFileInZip(zip_file);
     }
     if (is_cert && add_zip_file_entry(zip_file, CERTIFICATE_FILE)) {
-      zipWriteInFileInZip(zip_file, CERTIFICATE, strlen(CERTIFICATE));
+      zipWriteInFileInZip(zip_file, cert_.c_str(), cert_.length());
       zipCloseFileInZip(zip_file);
     }
     if (is_key && add_zip_file_entry(zip_file, KEY_FILE)) {
-      zipWriteInFileInZip(zip_file, KEY, strlen(KEY));
+      zipWriteInFileInZip(zip_file, key_.c_str(), key_.length());
       zipCloseFileInZip(zip_file);
     }
 
     zipClose(zip_file, NULL);
   }
 
+  static void full_config_credsv1(StringBuffer& buffer) {
+    Writer<StringBuffer> writer(buffer);
+    writer.StartObject();
+    writer.Key("username");
+    writer.String("DataStax");
+    writer.Key("password");
+    writer.String("Constellation");
+    writer.Key("host");
+    writer.String("cloud.datastax.com");
+    writer.Key("port");
+    writer.Int(1443);
+    writer.Key("keyspace");
+    writer.String("database_as_a_service");
+    writer.EndObject();
+  }
+
 private:
   bool add_zip_file_entry(zipFile zip_file, const String& zip_filename) {
     zip_fileinfo file_info;
@@ -124,27 +136,36 @@ class CloudSecureConnectionConfigTest : public Unit {
 
 private:
   String tmp_zip_file_;
+  String ca_cert_;
+  String cert_;
+  String key_;
 };
 
 TEST_F(CloudSecureConnectionConfigTest, CredsV1) {
-  CloudSecureConnectionConfig config;
+  Config config;
+  CloudSecureConnectionConfig cloud_config;
 
-  FULL_CONFIG_CREDSV1;
+  StringBuffer buffer;
+  full_config_credsv1(buffer);
   create_zip_file(buffer.GetString());
 
-  EXPECT_TRUE(config.load(creds_zip_file()));
-  EXPECT_EQ("DataStax", config.username());
-  EXPECT_EQ("Constellation", config.password());
-  EXPECT_EQ("cloud.datastax.com", config.host());
-  EXPECT_EQ(1443, config.port());
-  EXPECT_EQ("database_as_a_service", config.keyspace());
-  EXPECT_EQ(CERTIFICATE_AUTHORITY, config.ca_cert());
-  EXPECT_EQ(CERTIFICATE, config.cert());
-  EXPECT_EQ(KEY, config.key());
+  EXPECT_TRUE(cloud_config.load(creds_zip_file(), &config));
+  EXPECT_EQ("DataStax", cloud_config.username());
+  EXPECT_EQ("Constellation", cloud_config.password());
+  EXPECT_EQ("cloud.datastax.com", cloud_config.host());
+  EXPECT_EQ(1443, cloud_config.port());
+  EXPECT_EQ("database_as_a_service", cloud_config.keyspace());
+  EXPECT_EQ(ca_cert(), cloud_config.ca_cert());
+  EXPECT_EQ(cert(), cloud_config.cert());
+  EXPECT_EQ(key(), cloud_config.key());
+
+  EXPECT_TRUE(config.ssl_context());
+  EXPECT_TRUE(dynamic_cast<DsePlainTextAuthProvider*>(config.auth_provider().get()) != NULL);
 }
 
 TEST_F(CloudSecureConnectionConfigTest, CredsV1WithoutCreds) {
-  CloudSecureConnectionConfig config;
+  Config config;
+  CloudSecureConnectionConfig cloud_config;
 
   StringBuffer buffer;
   Writer<StringBuffer> writer(buffer);
@@ -158,15 +179,19 @@ TEST_F(CloudSecureConnectionConfigTest, CredsV1WithoutCreds) {
   writer.EndObject();
   create_zip_file(buffer.GetString());
 
-  EXPECT_TRUE(config.load(creds_zip_file()));
-  EXPECT_EQ("", config.username());
-  EXPECT_EQ("", config.password());
-  EXPECT_EQ("bigdata.datastax.com", config.host());
-  EXPECT_EQ(2443, config.port());
-  EXPECT_EQ("datastax", config.keyspace());
-  EXPECT_EQ(CERTIFICATE_AUTHORITY, config.ca_cert());
-  EXPECT_EQ(CERTIFICATE, config.cert());
-  EXPECT_EQ(KEY, config.key());
+  EXPECT_TRUE(cloud_config.load(creds_zip_file(), &config));
+  EXPECT_EQ("", cloud_config.username());
+  EXPECT_EQ("", cloud_config.password());
+  EXPECT_EQ("bigdata.datastax.com", cloud_config.host());
+  EXPECT_EQ(2443, cloud_config.port());
+  EXPECT_EQ("datastax", cloud_config.keyspace());
+  EXPECT_EQ(ca_cert(), cloud_config.ca_cert());
+  EXPECT_EQ(cert(), cloud_config.cert());
+  EXPECT_EQ(key(), cloud_config.key());
+
+  EXPECT_TRUE(config.ssl_context());
+  EXPECT_TRUE(dynamic_cast<DsePlainTextAuthProvider*>(config.auth_provider().get()) ==
+              NULL); // Not configured
 }
 
 TEST_F(CloudSecureConnectionConfigTest, InvalidCredsV1ConfigMissingHost) {
@@ -245,24 +270,67 @@ TEST_F(CloudSecureConnectionConfigTest, InvalidCredsV1MissingConfigJson) {
 TEST_F(CloudSecureConnectionConfigTest, InvalidCredsV1MissingCA) {
   CloudSecureConnectionConfig config;
 
-  FULL_CONFIG_CREDSV1;
+  StringBuffer buffer;
+  full_config_credsv1(buffer);
   create_zip_file(buffer.GetString(), true, false);
   EXPECT_FALSE(config.load(creds_zip_file()));
 }
 
 TEST_F(CloudSecureConnectionConfigTest, InvalidCredsV1MissingCert) {
   CloudSecureConnectionConfig config;
 
-  FULL_CONFIG_CREDSV1;
+  StringBuffer buffer;
+  full_config_credsv1(buffer);
   create_zip_file(buffer.GetString(), true, true, false);
   EXPECT_FALSE(config.load(creds_zip_file()));
 }
 
 TEST_F(CloudSecureConnectionConfigTest, InvalidCredsV1MissingKey) {
   CloudSecureConnectionConfig config;
 
-  FULL_CONFIG_CREDSV1;
+  StringBuffer buffer;
+  full_config_credsv1(buffer);
+  create_zip_file(buffer.GetString(), true, true, false);
   create_zip_file(buffer.GetString(), true, true, true, false);
   EXPECT_FALSE(config.load(creds_zip_file()));
 }
+
+TEST_F(CloudSecureConnectionConfigTest, InvalidCredsV1SslCaCert) {
+  Config config;
+  CloudSecureConnectionConfig cloud_config;
+
+  StringBuffer buffer;
+  full_config_credsv1(buffer);
+  set_invalid_ca_cert();
+  create_zip_file(buffer.GetString());
+
+  EXPECT_FALSE(cloud_config.load(creds_zip_file(), &config));
+  EXPECT_FALSE(config.ssl_context());
+}
+
+TEST_F(CloudSecureConnectionConfigTest, InvalidCredsV1SslCert) {
+  Config config;
+  CloudSecureConnectionConfig cloud_config;
+
+  StringBuffer buffer;
+  full_config_credsv1(buffer);
+  set_invalid_cert();
+  create_zip_file(buffer.GetString());
+
+  EXPECT_FALSE(cloud_config.load(creds_zip_file(), &config));
+  EXPECT_FALSE(config.ssl_context());
+}
+
+TEST_F(CloudSecureConnectionConfigTest, InvalidCredsV1SslKey) {
+  Config config;
+  CloudSecureConnectionConfig cloud_config;
+
+  StringBuffer buffer;
+  full_config_credsv1(buffer);
+  set_invalid_key();
+  create_zip_file(buffer.GetString());
+
+  EXPECT_FALSE(cloud_config.load(creds_zip_file(), &config));
+  EXPECT_FALSE(config.ssl_context());
+}
 #endif