Add support for SSL

Author: mattusifer

src/main/scala/com/redis/IO.scala

@@ -2,6 +2,7 @@ package com.redis
 
 import java.io._
 import java.net.{InetSocketAddress, Socket, SocketTimeoutException}
+import javax.net.ssl.SSLContext
 
 import com.redis.serialization.Parse.parseStringSafe
 
@@ -10,6 +11,8 @@ trait IO extends Log {
   val port: Int
   val timeout: Int
 
+  val sslContext: Option[SSLContext] = None
+
   var socket: Socket = _
   var out: OutputStream = _
   var in: InputStream = _
@@ -31,6 +34,10 @@ trait IO extends Log {
       socket.setKeepAlive(true)
       socket.setTcpNoDelay(true)
 
+      sslContext.foreach { sc =>
+        socket = sc.getSocketFactory().createSocket(socket, host, port, true)
+      }
+
       out = socket.getOutputStream
       in = new BufferedInputStream(socket.getInputStream)
       onConnect()

src/main/scala/com/redis/Pool.scala

@@ -1,16 +1,17 @@
 package com.redis
 
 import java.util.concurrent.TimeUnit
+import javax.net.ssl.SSLContext
 
 import org.apache.commons.pool2._
 import org.apache.commons.pool2.impl._
 
-private [redis] class RedisClientFactory(val host: String, val port: Int, val database: Int = 0, val secret: Option[Any] = None, val timeout : Int = 0)
+private [redis] class RedisClientFactory(val host: String, val port: Int, val database: Int = 0, val secret: Option[Any] = None, val timeout : Int = 0, val sslContext: Option[SSLContext] = None)
   extends PooledObjectFactory[RedisClient] {
 
   // when we make an object it's already connected
   override def makeObject: PooledObject[RedisClient] = {
-    new DefaultPooledObject[RedisClient](new RedisClient(host, port, database, secret, timeout))
+    new DefaultPooledObject[RedisClient](new RedisClient(host, port, database, secret, timeout, sslContext))
   }
 
   // quit & disconnect
@@ -40,7 +41,8 @@ class RedisClientPool(
                        val secret: Option[Any] = None,
                        val timeout: Int = 0,
                        val maxConnections: Int = RedisClientPool.UNLIMITED_CONNECTIONS,
-                       val poolWaitTimeout: Long = 3000
+                       val poolWaitTimeout: Long = 3000,
+                       val sslContext: Option[SSLContext] = None
                      ) {
 
   val objectPoolConfig = new GenericObjectPoolConfig[RedisClient]
@@ -52,7 +54,7 @@ class RedisClientPool(
 
   val abandonedConfig = new AbandonedConfig
   abandonedConfig.setRemoveAbandonedTimeout(TimeUnit.MILLISECONDS.toSeconds(poolWaitTimeout).toInt)
-  val pool = new GenericObjectPool(new RedisClientFactory(host, port, database, secret, timeout), objectPoolConfig,abandonedConfig)
+  val pool = new GenericObjectPool(new RedisClientFactory(host, port, database, secret, timeout, sslContext), objectPoolConfig,abandonedConfig)
   override def toString: String = host + ":" + String.valueOf(port)
 
   def withClient[T](body: RedisClient => T): T = {
@@ -67,4 +69,3 @@ class RedisClientPool(
   // close pool & free resources
   def close(): Unit = pool.close()
 }
-

src/main/scala/com/redis/RedisClient.scala

@@ -1,6 +1,7 @@
 package com.redis
 
 import java.net.SocketException
+import javax.net.ssl.SSLContext
 
 import com.redis.serialization.Format
 
@@ -93,7 +94,7 @@ trait RedisCommand extends Redis
 
 
 class RedisClient(override val host: String, override val port: Int,
-    override val database: Int = 0, override val secret: Option[Any] = None, override val timeout : Int = 0)
+    override val database: Int = 0, override val secret: Option[Any] = None, override val timeout : Int = 0, override val sslContext: Option[SSLContext] = None)
   extends RedisCommand with PubSub {
 
   def this() = this("localhost", 6379)

src/test/resources/certs/cert.pem

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE8jCCAtoCCQC2vIrA8jYWszANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJV
+UzEVMBMGA1UECAwMUGVubnN5bHZhbmlhMRUwEwYDVQQHDAxQaGlsYWRlbHBoaWEw
+HhcNMjAwNDI5MTgxMDQzWhcNMjUwNDI5MTgxMDQzWjA7MQswCQYDVQQGEwJVUzEV
+MBMGA1UECAwMUGVubnN5bHZhbmlhMRUwEwYDVQQHDAxQaGlsYWRlbHBoaWEwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC1/41qBr3ZP3zyk462HLkcMwTx
+9M/p9dvCQiV9ug5MGdY1oRxmzn25X40neXZAE1y45iIab7PAp4yPlOsZq6Sdvt3i
+VhR+VdROpbM16r5pyvNFnBmg/ZpCmrYDiqPyqMIV72qh15Yjs3bwUrfCDE2CG33g
+6cxLxZSUE/CHetrDGSAsE8+uPtj/FFoshD+yNZVy13Jmbz5Qy5Dlgj66q/ZPqZIJ
+Xrd1S9/epgdoYyGT/TI1fFCT352ieLWTuCI81Xci6K4BkfjarxjKwjM7Pp6WdrU7
+skzqO/Vu/mIrCI6eL8fmJjkILRJl5G09XofioliUhsPWegERcxj5FKT1V0qzZGH7
+Ny9awtygdDy4bcoM8v55/co5ep7PEv7zcMcL0ScvoVtxqVL0gR6QcO2by35O/olp
+/8LqtLROEOoRSwbHQ///8yTL+S5Sap+hGM4VypNJRtT6yB5Uv/mjLXmHNnnvkoLS
+Ppv51cPWOsx8BS608KokKChBTpfpGCSQcPttFc08KHRmJMwZFG62Q8SspRPImNiG
+Gd5RynWjLJt9u7RihVxiVZ1T9cIbT6Vvq+f/EZQPVGk+QsZoiN4GZPX0wO/udAS/
+W4cxceAT9kZPMMFEbElZ5/oH5YIN9v42U5+5DNFpDNAmCV1UxUnvMMlWtoV6Jm7e
+rC0vW2zx0OgeEAroLQIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQArE6FBCz1baxc4
+GfC0XGumcqqkbu3bjKoquWlOI0FteODwxxaLls4aCe2cL30jBdSeMmvi0z00Ek+7
+GIqfzosDVTNGL9oqBOUFEQY5x9Upkb6/DWBNjN24j1bVSGE1PczSoSvo594yXByZ
+r8jmlcdPJtY0vCvz+DqZxnqpP1vKI3pXX3LhNr/52m1BH8QMb0ZE29EeIShbHlCp
+/5GY9NL8qejsj/ShJFZs3PMcNjhdEJUTO6RNcEqzhZaSrPZVbEOYvLnxB8Zg5QIL
+gu/kGdXpGGfZIRMZIrDZwBoLbxZf39H68BhlTyi01MJ7KOGpxWDeKNNQO8kUeuaA
+o6QYjaCgLrKyuVVmw1GSsX4VGnsRhPpXi/CcJ9P7C2kFTptsa//rdZAvyKSni75V
+iiCAFJzPqSwfHAcGQodejC8kdJ6C2PRvOaU/kwa9Myf97peKkTEjY1MU2au1KFeS
+M5ZeAb8kuJA8WpJSiGA4gBRGGV2ByEZxUZ6coSu9+y0X2cJphBopilEh/B+jr0Ry
+Yc5GjG9hzWy/fHkEzQWJmneVTQfDHCKst5wtWpLdjhwE1+OA1uoZfOcoDwjQUqRc
+/qvWlE5Le8lu2VG4teR6jYUj9DPh49MOxS+fBeRlhzOvUnqh2hOI/EqwR/RJmHzB
+2BoTT2fcYroT9oMO7uPhMdTlp5z5BA==
+-----END CERTIFICATE-----

src/test/resources/certs/key.pem

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC1/41qBr3ZP3zy
+k462HLkcMwTx9M/p9dvCQiV9ug5MGdY1oRxmzn25X40neXZAE1y45iIab7PAp4yP
+lOsZq6Sdvt3iVhR+VdROpbM16r5pyvNFnBmg/ZpCmrYDiqPyqMIV72qh15Yjs3bw
+UrfCDE2CG33g6cxLxZSUE/CHetrDGSAsE8+uPtj/FFoshD+yNZVy13Jmbz5Qy5Dl
+gj66q/ZPqZIJXrd1S9/epgdoYyGT/TI1fFCT352ieLWTuCI81Xci6K4BkfjarxjK
+wjM7Pp6WdrU7skzqO/Vu/mIrCI6eL8fmJjkILRJl5G09XofioliUhsPWegERcxj5
+FKT1V0qzZGH7Ny9awtygdDy4bcoM8v55/co5ep7PEv7zcMcL0ScvoVtxqVL0gR6Q
+cO2by35O/olp/8LqtLROEOoRSwbHQ///8yTL+S5Sap+hGM4VypNJRtT6yB5Uv/mj
+LXmHNnnvkoLSPpv51cPWOsx8BS608KokKChBTpfpGCSQcPttFc08KHRmJMwZFG62
+Q8SspRPImNiGGd5RynWjLJt9u7RihVxiVZ1T9cIbT6Vvq+f/EZQPVGk+QsZoiN4G
+ZPX0wO/udAS/W4cxceAT9kZPMMFEbElZ5/oH5YIN9v42U5+5DNFpDNAmCV1UxUnv
+MMlWtoV6Jm7erC0vW2zx0OgeEAroLQIDAQABAoICACpEMx9QeX6ek/Hx+s6oVQUL
+hDZ82FxJUMQIgJR2RSO/TFQgGmx1wBTw7+Me/itbU8lNCNaC4of3YVlnCEJp7k0E
+KpuJyjCc1jV9neUDoz0GeQDNg9Yzj0Owkly4MeME9i4J8AWt/5xC7XhafXp/SPDS
+WaWGJn/iXuMUzmNoUK3GhAY4g56/0b1LiLWV8QT+FLsa9eJ8K0iwPfJPESphDU7q
+3pN2f7yp5k/a1xWTEBVCVAq/2Ca/Y+h7iA/KT4k5OfXNe7u5nsWKrINKHoO/wyzG
+XMiEXAB59EHWqg28awKprg7xCYWwkfk/127NKVmkwlWcBpcktmLLDB2sgbLIlvw2
+BUPp8Gt/6dV6Xscs6/MsdM012NK8uCGghQX87GBxwF332taPg1oe6PRkZX7VRytp
+a72Xs6//EhyyQIq3fqYbjstGWCa10yQlRsf1kQkqPQvVmQr7Ac5dFH5twIDp5v0C
+NifneCGCiaWwbl6uoon1zCJzCVeXnh0UoTqRUXeYLgbcA1Po4xGSbJbUIZhx7lrw
+8No/FU1L6X7WDswQAK6FUc6lTZpg0DFPPqowsPFFzIRYpawuH282mD0NPuoeULaY
+HkiteJ+Scwf4DlBbS177oijzT8ywFuPyH1Y5oJReQM4Uv1xVWVELuB158nVI3LWF
+36oL2+1bC2HUFsBbgxKBAoIBAQDkVfZ12JMfVhAGS6Q9efMGdrkYwgKx1SxtohgK
+Wwp8VOV54IrrnnBa2MgEXKkAEjo7ECH+LW/zQ45mIBKA+IgqrbxooL4P71gyzuQt
+nRiHjbpTnK+emkRyMhc9R++4ATOq29sVXgWbPM5FHUCSPxtpJOk04ySmRgHXm3Jv
+HSZW73y2D2jP0EWN/HTGw2HyGdBV8OjhTdgw9XC6gsukXIkV2XRpnX5uWnhvmQkq
+SxD+qYT07XG7SJNNPy0684Tl0Ko4x0bpFZuLxy6UO11vOTJtuGac8d54NCV9OxML
+IsHlpN9igiX0/Fk6A3FCpSIHCDjw05lti2Jto2ZwxZaSklLJAoIBAQDMDGPEkBP+
+78Q7RpDLz7rIiTSjiNfky4wHaYfffGYDd2Y0ybZ2OMLQ+iwK+oYGDnuxHt+qGTf3
+syhqctn8j1Rjt73WNyK8Ee8cHTbkLXHevMtBc5/vGou2wV16M+bYBdaYRqcA35xz
+ZKWyM6dqkpvg5nIRAt1DgYaXjpSUM5JoYl9ndVcDMENi9BW+h028FFQtcig46Im5
+8zMPCHIPl+y2FSERznS9Yyj5Nig3SIcoJYJHoe7HNkq8mvO29iKqS+zSIlfjQAzM
+SQcbBikZrDqDffe1dMBnqO/tOgP7VpUUHTE7vVSSO1U18eamfUwcP1Ettv278Pfw
+ITIJZr5aOdhFAoIBAQCkQbandeH4M+gZL0b6NoT+DGABEGfx18E7KNUUdgOoB0aB
+E2e8MeDvaW0RvjqQ44viOyvI9pTHMbz5eG73OlJyKUMVHTU8r1gKTMzWh2FC+lCk
+n12ywZUldSVEn0AyZSLu8XO7/kQYNXjJPU7bJeypCbV9pz0RI+FlYdzDU/vlpChZ
+q+IhRNkUWB0Fcz49dBZsDH7qvR4dsiKi+T5XgX3YKvNUmsh9yDVFSpjOROv31qjf
+rQQYzw+wDReTheT/kckySSCYwkOAHQxD9CS1wzakuXePxWrdm92wJdQAOcO0WJOe
+ALQfdX0Wf611XOeKmX6kuANyS0fGSTqDO5Ci5gIJAoIBAQDLB8D1ws7Cqlw9Btfo
+lEesZimEVxNKyuYIMg9KZoMzC8kc2WC+fXgLbAIK4oAc4qhc8vVmUTWJODEMyj7w
+uMUle5xe2/mp3MZo2QDXRgi5sm0kMSKATY+bRwf2IlKdvCFs31Ao5FbN0uW0TQVW
+W47S1znEh28WTnlXsD1SwYX6a3e2f+EWgR1sBqbkL8k/TZL8rUwsY+U2qzCw0px7
+u5WDD78Z8q3iDBqm7iZR687gOYJKOGxYuELhK+U4teyEOovoAtgkfIS/eCKj1xtq
+Oh72245wdT1FZ6lkCIgRvHMV0n48jQTrhDIjPRFds+rZaH8j16LdMMXjn4QkKqFZ
+MZlpAoIBAHrad0JhF3PmnnhwARhFNokHHCeAGAfK2vPULqhA7cI2jLle1NgG2IBl
+MlgVNu38mDPBAWrCvTEvMJ/t5gU5Bcfa85e/5zqbRCczS6vlKVAcfqvCw4rp/FEl
+K7TGXaFcNT2Y85RVQOKBXuxWu3GUPjdUw7xo/XVJxy/Cds0Cnz2v64rdSNz9dF7z
+bWlB3LXLUjYCnMuIG6xthmddBHMVVBI14nUzc9B7KS0zgU4cOayANWkSdHu2WW3g
+7uCsL+Mlto2usOgmdqSel6Smoi+ljgp1CJrqBvH0NBfTJSbxJSCzi6vxfstc3S86
+QKFtlTfZEWPcfRJwaMUGTqdInKAwk+g=
+-----END PRIVATE KEY-----

src/test/scala/com/redis/SSLSpec.scala

@@ -0,0 +1,59 @@
+package com.redis
+
+import java.security.cert.X509Certificate
+import org.apache.http.ssl.{SSLContexts, TrustStrategy}
+
+import com.redis.common.RedisDockerSSL
+import org.scalatest.{FunSpec, Matchers}
+
+class SSLSpec extends FunSpec with Matchers with RedisDockerSSL {
+
+  // Our certificate on the test server is self-signed, which will be
+  // rejected by the default SSLContext. This SSLContext is therefore
+  // specifically configured to trust all certificates.
+  private val sslContext = SSLContexts
+    .custom()
+    .loadTrustMaterial(null, new TrustStrategy() {
+      def isTrusted(arg0: Array[X509Certificate], arg1: String) = true
+    })
+    .build()
+
+  describe("ssl connections") {
+    it("should be established for a RedisClient with a valid SSLContext") {
+      val secureClient: RedisClient = new RedisClient(
+        redisContainerHost,
+        redisContainerPort,
+        sslContext = Some(sslContext)
+      )
+      secureClient.ping shouldEqual Some("PONG")
+      secureClient.close()
+    }
+
+    it("should be established for a RedisClientPool with a valid SSLContext") {
+      val clients = new RedisClientPool(
+        redisContainerHost,
+        redisContainerPort,
+        sslContext = Some(sslContext)
+      )
+      clients.withClient(_.ping) shouldEqual Some("PONG")
+      clients.withClient { client =>
+        client.disconnect
+      }
+      clients.close()
+    }
+
+    it("should be rejected for a RedisClient with no SSLContext") {
+      val insecureClient =
+        new RedisClient(redisContainerHost, redisContainerPort) {
+          // this disables retries
+          override def disconnect = false
+        }
+
+      assertThrows[RedisConnectionException] {
+        insecureClient.ping
+      }
+
+      insecureClient.close()
+    }
+  }
+}

src/test/scala/com/redis/common/RedisDocker.scala

@@ -1,8 +1,10 @@
 package com.redis.common
 
+import java.io.File
+
 import com.whisk.docker.impl.dockerjava.DockerKitDockerJava
 import com.whisk.docker.scalatest.DockerTestKit
-import com.whisk.docker.{DockerContainer, DockerKit, DockerReadyChecker}
+import com.whisk.docker.{DockerContainer, DockerKit, DockerReadyChecker, VolumeMapping}
 import org.apache.commons.lang.RandomStringUtils
 import org.scalatest.Suite
 import org.scalatest.concurrent.ScalaFutures
@@ -15,7 +17,7 @@ trait RedisDockerCluster extends RedisContainer {
   protected def redisContainerPort(container: DockerContainer): Int = container.getPorts().futureValue.apply(redisPort)
 
   protected lazy val runningContainers: List[DockerContainer] = (0 until 4)
-    .map(i => createContainer())
+    .map(_ => createContainer())
     .toList
 
   abstract override def dockerContainers: List[DockerContainer] =
@@ -35,6 +37,16 @@ trait RedisDocker extends RedisContainer {
 
 }
 
+trait RedisDockerSSL extends RedisDocker {
+  that: Suite =>
+
+  private val certsPath = new File("src/test/resources/certs").getAbsolutePath
+
+  override protected def baseContainer(name: Option[String]) =
+    DockerContainer("madflojo/redis-tls:latest", name = name)
+      .withVolumes(Seq(VolumeMapping(certsPath, "/certs")))
+}
+
 trait RedisContainer extends DockerKit with DockerTestKit with DockerKitDockerJava with ScalaFutures {
   that: Suite =>
 
@@ -43,6 +55,8 @@ trait RedisContainer extends DockerKit with DockerTestKit with DockerKitDockerJa
   protected val redisContainerHost: String = "localhost"
   protected val redisPort: Int = 6379
 
+  protected def baseContainer(name: Option[String]) = DockerContainer("redis:latest", name=name)
+
   protected def createContainer(name: Option[String] = Some(RandomStringUtils.randomAlphabetic(10)),
                                 ports: Map[Int, Int] = Map.empty): DockerContainer = {
     val containerPorts: Seq[(Int, Option[Int])] = if (ports.isEmpty) {
@@ -51,8 +65,7 @@ trait RedisContainer extends DockerKit with DockerTestKit with DockerKitDockerJa
       ports.mapValues(i => Some(i)).toSeq
     }
 
-    DockerContainer("redis:latest", name = name)
-      .withPorts(containerPorts: _*)
+    baseContainer(name).withPorts(containerPorts: _*)
       .withReadyChecker(DockerReadyChecker.LogLineContains("Ready to accept connections"))
   }
 }