src/test/java/org/mariadb/jdbc/integration/Sha256AuthenticationTest.java - mariadb_connector_j - Git at Google

 // SPDX-License-Identifier: LGPL-2.1-or-later
 // Copyright (c) 2012-2014 Monty Program Ab
 // Copyright (c) 2015-2021 MariaDB Corporation Ab

 package org.mariadb.jdbc.integration;

 import java.io.File;
 import java.io.IOException;
 import java.sql.*;
 import org.junit.jupiter.api.*;

 public class Sha256AuthenticationTest extends Common {

   private static String rsaPublicKey;

   private static void dropUserWithoutError(org.mariadb.jdbc.Statement stmt, String user) {
     try {
       stmt.execute("DROP USER IF EXISTS " + user);
     } catch (SQLException e) {
       // eat
     }
   }

   @AfterAll
   public static void drop() throws SQLException {
     if (sharedConn != null) {
       org.mariadb.jdbc.Statement stmt = sharedConn.createStatement();
       dropUserWithoutError(stmt, "'cachingSha256User'@'%'");
       dropUserWithoutError(stmt, "'cachingSha256User2'@'%'");
       dropUserWithoutError(stmt, "'cachingSha256User3'@'%'");
       dropUserWithoutError(stmt, "'cachingSha256User4'@'%'");
     }
     // reason is that after nativePassword test, it sometime always return wrong authentication id
     // not cached
     // !? strange, but mysql server error.
     if (haveSsl() && !isMariaDBServer() && minVersion(8, 0, 0)) {
       try (Connection con = createCon("sslMode=trust")) {
         con.createStatement().execute("DO 1");
       }
     }
   }

   @BeforeAll
   public static void init() throws Exception {
     Assumptions.assumeTrue(!isMariaDBServer() && minVersion(8, 0, 0));
     drop();
     Statement stmt = sharedConn.createStatement();
     rsaPublicKey = checkFileExists(System.getProperty("rsaPublicKey"));
     if (rsaPublicKey == null) {
       ResultSet rs = stmt.executeQuery("SELECT @@caching_sha2_password_public_key_path, @@datadir");
       rs.next();
       rsaPublicKey = checkFileExists(rs.getString(1));

       if (rsaPublicKey == null) {
         rsaPublicKey = checkFileExists(rs.getString(2) + rs.getString(1));
         if (rsaPublicKey == null) {
           rsaPublicKey = checkFileExists(System.getenv("TEST_DB_RSA_PUBLIC_KEY"));
           if (rsaPublicKey == null && System.getenv("TEST_DB_RSA_PUBLIC_KEY") != null) {
             rsaPublicKey = checkFileExists(System.getenv("TEST_DB_RSA_PUBLIC_KEY"));
           }
         }
       }
     }
     if (rsaPublicKey == null) {
       rsaPublicKey = checkFileExists("../../ssl/public.key");
     }

     if (rsaPublicKey == null) {
       ResultSet rs = stmt.executeQuery("SHOW STATUS like 'Caching_sha2_password_rsa_public_key'");
       rs.next();
       rsaPublicKey = rs.getString(2);
       if ("".equals(rsaPublicKey)) rsaPublicKey = null;
       if (rsaPublicKey != null) {
         System.out.println(
             "rsaPublicKey set from @@Caching_sha2_password_rsa_public_key:" + rsaPublicKey);
       }
     }

     stmt.execute(
         "CREATE USER 'cachingSha256User'@'%' IDENTIFIED WITH caching_sha2_password BY"
             + " '!Passw0rd3Works'");
     stmt.execute(
         "CREATE USER 'cachingSha256User2'@'%' IDENTIFIED WITH caching_sha2_password BY ''");
     stmt.execute(
         "CREATE USER 'cachingSha256User3'@'%' IDENTIFIED WITH caching_sha2_password BY"
             + " '!Passw0rd3Works'");
     stmt.execute(
         "CREATE USER 'cachingSha256User4'@'%' IDENTIFIED WITH caching_sha2_password BY"
             + " '!Passw0rd3Works'");
     stmt.execute("GRANT ALL PRIVILEGES ON *.* TO 'cachingSha256User'@'%'");
     stmt.execute("GRANT ALL PRIVILEGES ON *.* TO 'cachingSha256User2'@'%'");
     stmt.execute("GRANT ALL PRIVILEGES ON *.* TO 'cachingSha256User3'@'%'");
     stmt.execute("GRANT ALL PRIVILEGES ON *.* TO 'cachingSha256User4'@'%'");
     // mysql 8.0.31 broken public key retrieval, so avoid FLUSHING for now
     Assumptions.assumeTrue(!isMariaDBServer() && !exactVersion(8, 0, 31));
     stmt.execute("FLUSH PRIVILEGES");
   }

   private static String checkFileExists(String path) throws IOException {
     if (path == null) return null;
     System.out.println("check path:" + path);
     File f = new File(path);
     if (f.exists()) {
       System.out.println("path exist :" + path);
       return f.getCanonicalPath().replace("\\", "/");
     }
     return null;
   }

   @Test
   public void nativePassword() throws Exception {
     Assumptions.assumeTrue(haveSsl());
     Assumptions.assumeTrue(
         !isWindows() && !isMariaDBServer() && rsaPublicKey != null && minVersion(8, 0, 0));
     Statement stmt = sharedConn.createStatement();
     try {
       stmt.execute("DROP USER tmpUser@'%'");
     } catch (SQLException e) {
       // eat
     }

     stmt.execute(
         "CREATE USER tmpUser@'%' IDENTIFIED WITH mysql_native_password BY '!Passw0rd3Works'");
     stmt.execute("grant all on `" + sharedConn.getCatalog() + "`.* TO tmpUser@'%'");
     // mysql 8.0.31 broken public key retrieval, so avoid FLUSHING for now
     Assumptions.assumeTrue(!isMariaDBServer() && !exactVersion(8, 0, 31));
     stmt.execute("FLUSH PRIVILEGES"); // reset cache
     try (Connection con = createCon("user=tmpUser&password=!Passw0rd3Works")) {
       con.isValid(1);
     }
     try {
       stmt.execute("DROP USER tmpUser@'%' ");
     } catch (SQLException e) {
       // eat
     }
   }

   @Test
   public void cachingSha256Empty() throws Exception {
     Assumptions.assumeTrue(
         !isWindows() && !isMariaDBServer() && rsaPublicKey != null && minVersion(8, 0, 0));
     // mysql 8.0.31 broken public key retrieval, so avoid FLUSHING for now
     Assumptions.assumeTrue(!isMariaDBServer() && !minVersion(8, 0, 31));
     sharedConn.createStatement().execute("FLUSH PRIVILEGES"); // reset cache
     try (Connection con = createCon("user=cachingSha256User2&allowPublicKeyRetrieval&password=")) {
       con.isValid(1);
     }
   }

   @Test
   public void wrongRsaPath() throws Exception {
     Assumptions.assumeTrue(
         !isWindows() && !isMariaDBServer() && rsaPublicKey != null && minVersion(8, 0, 0));
     // mysql 8.0.31 broken public key retrieval, so avoid FLUSHING for now
     Assumptions.assumeTrue(!isMariaDBServer() && !exactVersion(8, 0, 31));
     sharedConn.createStatement().execute("FLUSH PRIVILEGES"); // reset cache
     File tempFile = File.createTempFile("log", ".tmp");
     Common.assertThrowsContains(
         SQLException.class,
         () ->
             createCon(
                 "user=cachingSha256User4&serverRsaPublicKeyFile="
                     + tempFile.getPath()
                     + "2&password=!Passw0rd3Works"),
         "Could not read server RSA public key from file");
   }

   @Test
   public void cachingSha256Allow() throws Exception {
     Assumptions.assumeTrue(!isMariaDBServer() && rsaPublicKey != null && minVersion(8, 0, 0));
     // mysql 8.0.31 broken public key retrieval, so avoid FLUSHING for now
     Assumptions.assumeTrue(!isMariaDBServer() && !minVersion(8, 0, 31));
     sharedConn.createStatement().execute("FLUSH PRIVILEGES"); // reset cache
     try (Connection con =
         createCon("user=cachingSha256User3&allowPublicKeyRetrieval&password=!Passw0rd3Works")) {
       con.isValid(1);
     }
   }

   @Test
   public void cachingSha256PluginTest() throws Exception {
     Assumptions.assumeTrue(!isMariaDBServer() && rsaPublicKey != null && minVersion(8, 0, 0));
     // mysql 8.0.31 broken public key retrieval, so avoid FLUSHING for now
     Assumptions.assumeTrue(!isMariaDBServer() && !exactVersion(8, 0, 31));
     sharedConn.createStatement().execute("FLUSH PRIVILEGES"); // reset cache

     try (Connection con =
         createCon(
             "user=cachingSha256User&password=!Passw0rd3Works&serverRsaPublicKeyFile="
                 + rsaPublicKey)) {
       con.isValid(1);
     }

     try (Connection con =
         createCon("user=cachingSha256User&password=!Passw0rd3Works&allowPublicKeyRetrieval")) {
       con.isValid(1);
     }

     Assumptions.assumeTrue(haveSsl());
     try (Connection con =
         createCon("user=cachingSha256User&password=!Passw0rd3Works&sslMode=trust")) {
       con.isValid(1);
     }

     try (Connection con =
         createCon("user=cachingSha256User&password=!Passw0rd3Works&allowPublicKeyRetrieval")) {
       con.isValid(1);
     }

     try (Connection con =
         createCon(
             "user=cachingSha256User&password=!Passw0rd3Works&serverRsaPublicKeyFile="
                 + rsaPublicKey)) {
       con.isValid(1);
     }
   }

   @Test
   public void cachingSha256PluginTestWithoutServerRsaKey() throws Exception {
     Assumptions.assumeTrue(!isWindows() && minVersion(8, 0, 0));
     // mysql 8.0.31 broken public key retrieval, so avoid FLUSHING for now
     Assumptions.assumeTrue(!isMariaDBServer() && !minVersion(8, 0, 31));
     sharedConn.createStatement().execute("FLUSH PRIVILEGES"); // reset cache
     try (Connection con =
         createCon("user=cachingSha256User&password=!Passw0rd3Works&allowPublicKeyRetrieval")) {
       con.isValid(1);
     }
   }

   @Test
   public void cachingSha256PluginTestException() throws Exception {
     Assumptions.assumeTrue(!isMariaDBServer() && minVersion(8, 0, 0));
     // mysql 8.0.31 broken public key retrieval, so avoid FLUSHING for now
     Assumptions.assumeTrue(!isMariaDBServer() && !exactVersion(8, 0, 31));
     sharedConn.createStatement().execute("FLUSH PRIVILEGES"); // reset cache

     Common.assertThrowsContains(
         SQLException.class,
         () -> createCon("user=cachingSha256User&password=!Passw0rd3Works"),
         "RSA public key is not available client side");
   }
 }
	// SPDX-License-Identifier: LGPL-2.1-or-later
	// Copyright (c) 2012-2014 Monty Program Ab
	// Copyright (c) 2015-2021 MariaDB Corporation Ab

	package org.mariadb.jdbc.integration;

	import java.io.File;
	import java.io.IOException;
	import java.sql.*;
	import org.junit.jupiter.api.*;

	public class Sha256AuthenticationTest extends Common {

	private static String rsaPublicKey;

	private static void dropUserWithoutError(org.mariadb.jdbc.Statement stmt, String user) {
	try {
	stmt.execute("DROP USER IF EXISTS " + user);
	} catch (SQLException e) {
	// eat
	}
	}

	@AfterAll
	public static void drop() throws SQLException {
	if (sharedConn != null) {
	org.mariadb.jdbc.Statement stmt = sharedConn.createStatement();
	dropUserWithoutError(stmt, "'cachingSha256User'@'%'");
	dropUserWithoutError(stmt, "'cachingSha256User2'@'%'");
	dropUserWithoutError(stmt, "'cachingSha256User3'@'%'");
	dropUserWithoutError(stmt, "'cachingSha256User4'@'%'");
	}
	// reason is that after nativePassword test, it sometime always return wrong authentication id
	// not cached
	// !? strange, but mysql server error.
	if (haveSsl() && !isMariaDBServer() && minVersion(8, 0, 0)) {
	try (Connection con = createCon("sslMode=trust")) {
	con.createStatement().execute("DO 1");
	}
	}
	}

	@BeforeAll
	public static void init() throws Exception {
	Assumptions.assumeTrue(!isMariaDBServer() && minVersion(8, 0, 0));
	drop();
	Statement stmt = sharedConn.createStatement();
	rsaPublicKey = checkFileExists(System.getProperty("rsaPublicKey"));
	if (rsaPublicKey == null) {
	ResultSet rs = stmt.executeQuery("SELECT @@caching_sha2_password_public_key_path, @@datadir");
	rs.next();
	rsaPublicKey = checkFileExists(rs.getString(1));

	if (rsaPublicKey == null) {
	rsaPublicKey = checkFileExists(rs.getString(2) + rs.getString(1));
	if (rsaPublicKey == null) {
	rsaPublicKey = checkFileExists(System.getenv("TEST_DB_RSA_PUBLIC_KEY"));
	if (rsaPublicKey == null && System.getenv("TEST_DB_RSA_PUBLIC_KEY") != null) {
	rsaPublicKey = checkFileExists(System.getenv("TEST_DB_RSA_PUBLIC_KEY"));
	}
	}
	}
	}
	if (rsaPublicKey == null) {
	rsaPublicKey = checkFileExists("../../ssl/public.key");
	}

	if (rsaPublicKey == null) {
	ResultSet rs = stmt.executeQuery("SHOW STATUS like 'Caching_sha2_password_rsa_public_key'");
	rs.next();
	rsaPublicKey = rs.getString(2);
	if ("".equals(rsaPublicKey)) rsaPublicKey = null;
	if (rsaPublicKey != null) {
	System.out.println(
	"rsaPublicKey set from @@Caching_sha2_password_rsa_public_key:" + rsaPublicKey);
	}
	}

	stmt.execute(
	"CREATE USER 'cachingSha256User'@'%' IDENTIFIED WITH caching_sha2_password BY"
	+ " '!Passw0rd3Works'");
	stmt.execute(
	"CREATE USER 'cachingSha256User2'@'%' IDENTIFIED WITH caching_sha2_password BY ''");
	stmt.execute(
	"CREATE USER 'cachingSha256User3'@'%' IDENTIFIED WITH caching_sha2_password BY"
	+ " '!Passw0rd3Works'");
	stmt.execute(
	"CREATE USER 'cachingSha256User4'@'%' IDENTIFIED WITH caching_sha2_password BY"
	+ " '!Passw0rd3Works'");
	stmt.execute("GRANT ALL PRIVILEGES ON . TO 'cachingSha256User'@'%'");
	stmt.execute("GRANT ALL PRIVILEGES ON . TO 'cachingSha256User2'@'%'");
	stmt.execute("GRANT ALL PRIVILEGES ON . TO 'cachingSha256User3'@'%'");
	stmt.execute("GRANT ALL PRIVILEGES ON . TO 'cachingSha256User4'@'%'");
	// mysql 8.0.31 broken public key retrieval, so avoid FLUSHING for now
	Assumptions.assumeTrue(!isMariaDBServer() && !exactVersion(8, 0, 31));
	stmt.execute("FLUSH PRIVILEGES");
	}

	private static String checkFileExists(String path) throws IOException {
	if (path == null) return null;
	System.out.println("check path:" + path);
	File f = new File(path);
	if (f.exists()) {
	System.out.println("path exist :" + path);
	return f.getCanonicalPath().replace("\\", "/");
	}
	return null;
	}

	@Test
	public void nativePassword() throws Exception {
	Assumptions.assumeTrue(haveSsl());
	Assumptions.assumeTrue(
	!isWindows() && !isMariaDBServer() && rsaPublicKey != null && minVersion(8, 0, 0));
	Statement stmt = sharedConn.createStatement();
	try {
	stmt.execute("DROP USER tmpUser@'%'");
	} catch (SQLException e) {
	// eat
	}

	stmt.execute(
	"CREATE USER tmpUser@'%' IDENTIFIED WITH mysql_native_password BY '!Passw0rd3Works'");
	stmt.execute("grant all on `" + sharedConn.getCatalog() + "`.* TO tmpUser@'%'");
	// mysql 8.0.31 broken public key retrieval, so avoid FLUSHING for now
	Assumptions.assumeTrue(!isMariaDBServer() && !exactVersion(8, 0, 31));
	stmt.execute("FLUSH PRIVILEGES"); // reset cache
	try (Connection con = createCon("user=tmpUser&password=!Passw0rd3Works")) {
	con.isValid(1);
	}
	try {
	stmt.execute("DROP USER tmpUser@'%' ");
	} catch (SQLException e) {
	// eat
	}
	}

	@Test
	public void cachingSha256Empty() throws Exception {
	Assumptions.assumeTrue(
	!isWindows() && !isMariaDBServer() && rsaPublicKey != null && minVersion(8, 0, 0));
	// mysql 8.0.31 broken public key retrieval, so avoid FLUSHING for now
	Assumptions.assumeTrue(!isMariaDBServer() && !minVersion(8, 0, 31));
	sharedConn.createStatement().execute("FLUSH PRIVILEGES"); // reset cache
	try (Connection con = createCon("user=cachingSha256User2&allowPublicKeyRetrieval&password=")) {
	con.isValid(1);
	}
	}

	@Test
	public void wrongRsaPath() throws Exception {
	Assumptions.assumeTrue(
	!isWindows() && !isMariaDBServer() && rsaPublicKey != null && minVersion(8, 0, 0));
	// mysql 8.0.31 broken public key retrieval, so avoid FLUSHING for now
	Assumptions.assumeTrue(!isMariaDBServer() && !exactVersion(8, 0, 31));
	sharedConn.createStatement().execute("FLUSH PRIVILEGES"); // reset cache
	File tempFile = File.createTempFile("log", ".tmp");
	Common.assertThrowsContains(
	SQLException.class,
	() ->
	createCon(
	"user=cachingSha256User4&serverRsaPublicKeyFile="
	+ tempFile.getPath()
	+ "2&password=!Passw0rd3Works"),
	"Could not read server RSA public key from file");
	}

	@Test
	public void cachingSha256Allow() throws Exception {
	Assumptions.assumeTrue(!isMariaDBServer() && rsaPublicKey != null && minVersion(8, 0, 0));
	// mysql 8.0.31 broken public key retrieval, so avoid FLUSHING for now
	Assumptions.assumeTrue(!isMariaDBServer() && !minVersion(8, 0, 31));
	sharedConn.createStatement().execute("FLUSH PRIVILEGES"); // reset cache
	try (Connection con =
	createCon("user=cachingSha256User3&allowPublicKeyRetrieval&password=!Passw0rd3Works")) {
	con.isValid(1);
	}
	}

	@Test
	public void cachingSha256PluginTest() throws Exception {
	Assumptions.assumeTrue(!isMariaDBServer() && rsaPublicKey != null && minVersion(8, 0, 0));
	// mysql 8.0.31 broken public key retrieval, so avoid FLUSHING for now
	Assumptions.assumeTrue(!isMariaDBServer() && !exactVersion(8, 0, 31));
	sharedConn.createStatement().execute("FLUSH PRIVILEGES"); // reset cache

	try (Connection con =
	createCon(
	"user=cachingSha256User&password=!Passw0rd3Works&serverRsaPublicKeyFile="
	+ rsaPublicKey)) {
	con.isValid(1);
	}

	try (Connection con =
	createCon("user=cachingSha256User&password=!Passw0rd3Works&allowPublicKeyRetrieval")) {
	con.isValid(1);
	}

	Assumptions.assumeTrue(haveSsl());
	try (Connection con =
	createCon("user=cachingSha256User&password=!Passw0rd3Works&sslMode=trust")) {
	con.isValid(1);
	}

	try (Connection con =
	createCon("user=cachingSha256User&password=!Passw0rd3Works&allowPublicKeyRetrieval")) {
	con.isValid(1);
	}

	try (Connection con =
	createCon(
	"user=cachingSha256User&password=!Passw0rd3Works&serverRsaPublicKeyFile="
	+ rsaPublicKey)) {
	con.isValid(1);
	}
	}

	@Test
	public void cachingSha256PluginTestWithoutServerRsaKey() throws Exception {
	Assumptions.assumeTrue(!isWindows() && minVersion(8, 0, 0));
	// mysql 8.0.31 broken public key retrieval, so avoid FLUSHING for now
	Assumptions.assumeTrue(!isMariaDBServer() && !minVersion(8, 0, 31));
	sharedConn.createStatement().execute("FLUSH PRIVILEGES"); // reset cache
	try (Connection con =
	createCon("user=cachingSha256User&password=!Passw0rd3Works&allowPublicKeyRetrieval")) {
	con.isValid(1);
	}
	}

	@Test
	public void cachingSha256PluginTestException() throws Exception {
	Assumptions.assumeTrue(!isMariaDBServer() && minVersion(8, 0, 0));
	// mysql 8.0.31 broken public key retrieval, so avoid FLUSHING for now
	Assumptions.assumeTrue(!isMariaDBServer() && !exactVersion(8, 0, 31));
	sharedConn.createStatement().execute("FLUSH PRIVILEGES"); // reset cache

	Common.assertThrowsContains(
	SQLException.class,
	() -> createCon("user=cachingSha256User&password=!Passw0rd3Works"),
	"RSA public key is not available client side");
	}
	}