Added cucumber files for tls tck

Author: Zhen

driver/src/test/java/org/neo4j/driver/v1/integration/TLSSocketChannelIT.java

@@ -43,8 +43,10 @@
 import org.neo4j.driver.v1.util.CertificateToolTest;
 import org.neo4j.driver.v1.util.Neo4jInstaller;
 import org.neo4j.driver.v1.util.Neo4jRunner;
+import org.neo4j.driver.v1.util.Neo4jSettings;
 import org.neo4j.driver.v1.util.TestNeo4j;
 
+import static java.io.File.createTempFile;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
@@ -92,6 +94,65 @@ private void performTLSHandshakeUsingKnownCerts( File knownCerts ) throws Throwa
         verify( logger, atLeastOnce() ).debug( "TLS connection closed" );
     }
 
+    private File tempFile(String prefix, String suffix) throws Throwable
+    {
+        File file = createTempFile( prefix, suffix );
+        file.deleteOnExit();
+        return file;
+    }
+
+    @Test
+    public void shouldPerformTLSHandshakeWithTrustedCert() throws Throwable
+    {
+        try
+        {
+            // Given
+            // Create root certificate
+            File rootCert = tempFile( "temp_root_cert", ".cert" );
+            File rootKey = tempFile( "temp_root_key", ".key" );
+
+            CertificateToolTest.SelfSignedCertificateGenerator
+                    certGenerator = new CertificateToolTest.SelfSignedCertificateGenerator();
+            certGenerator.saveSelfSignedCertificate( rootCert );
+            certGenerator.savePrivateKey( rootKey );
+
+            // Generate certificate signing request and get a certificate signed by the root private key
+            File cert = tempFile( "temp_cert", ".cert" );
+            File key = tempFile( "temp_key", ".key" );
+            CertificateToolTest.CertificateSigningRequestGenerator
+                    csrGenerator = new CertificateToolTest.CertificateSigningRequestGenerator();
+            X509Certificate signedCert = certGenerator.sign(
+                    csrGenerator.certificateSigningRequest(), csrGenerator.publicKey() );
+            csrGenerator.savePrivateKey( key );
+            CertificateTool.saveX509Cert( signedCert, cert );
+
+            // Give the server certs to database
+            neo4j.restartServerOnEmptyDatabase(
+                    Neo4jSettings.DEFAULT
+                            .usingEncryptionKeyAndCert( key, cert ) );
+
+            Logger logger = mock( Logger.class );
+            SocketChannel channel = SocketChannel.open();
+            channel.connect( new InetSocketAddress( "localhost", 7687 ) );
+
+            // When
+            TLSSocketChannel sslChannel =
+                    new TLSSocketChannel( "localhost", 7687, channel, logger,
+                            Config.TrustStrategy.trustSignedBy( rootCert ) );
+            sslChannel.close();
+
+            // Then
+            verify( logger, atLeastOnce() ).debug( "TLS connection enabled" );
+            verify( logger, atLeastOnce() ).debug( "TLS connection established" );
+            verify( logger, atLeastOnce() ).debug( "TLS connection closed" );
+        }
+        finally
+        {
+            // always restore the db default settings
+            neo4j.restartServerOnEmptyDatabase( Neo4jSettings.DEFAULT );
+        }
+    }
+
     @Test
     public void shouldFailTLSHandshakeDueToWrongCertInKnownCertsFile() throws Throwable
     {
@@ -178,7 +239,7 @@ public void shouldFailTLSHandshakeDueToServerCertNotSignedByKnownCA() throws Thr
     }
 
     @Test
-    public void shouldPerformTLSHandshakeWithTrustedServerCert() throws Throwable
+    public void shouldPerformTLSHandshakeWithTheSameTrustedServerCert() throws Throwable
     {
 
         Logger logger = mock( Logger.class );

driver/src/test/java/org/neo4j/driver/v1/tck/DriverSecurityComplianceIT.java

@@ -0,0 +1,56 @@
+/**
+ * Copyright (c) 2002-2016 "Neo Technology,"
+ * Network Engine for Objects in Lund AB [http://neotechnology.com]
+ *
+ * This file is part of Neo4j.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.neo4j.driver.v1.tck;
+
+import cucumber.api.CucumberOptions;
+import org.junit.ClassRule;
+import org.junit.runner.RunWith;
+
+import java.io.File;
+import java.io.IOException;
+
+import org.neo4j.driver.v1.util.Neo4jSettings;
+import org.neo4j.driver.v1.util.TestNeo4j;
+
+/**
+ * The tls tck needs to access the server rather than a session, therefore we pull tls tck outside specially
+ */
+@RunWith( DriverCucumberAdapter.class )
+@CucumberOptions(
+        features = {"target/resources/features/TransportLayerSecurity.feature"},
+        tags={"@tls"},
+        format = {"pretty"})
+public class DriverSecurityComplianceIT
+{
+    @ClassRule
+    public static TestNeo4j neo4j = new TestNeo4j();
+
+    public DriverSecurityComplianceIT() throws IOException {}
+
+    public static void updateEncryptionKeyAndCert( File key, File cert ) throws Exception
+    {
+        neo4j.restartServerOnEmptyDatabase(
+                Neo4jSettings.DEFAULT.usingEncryptionKeyAndCert( key, cert ) );
+    }
+
+    public static void useDefaultEncryptionKeyAndCert() throws Exception
+    {
+        neo4j.restartServerOnEmptyDatabase( Neo4jSettings.DEFAULT );
+    }
+}