You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by gm...@apache.org on 2018/05/24 23:58:19 UTC

qpid-dispatch git commit: DISPATCH-1005 - Fixed system_tests_ssl.py to work on rhel6 and other distros.This closes #308

Repository: qpid-dispatch
Updated Branches:
  refs/heads/master 427c383e7 -> 840a2b4ad


DISPATCH-1005 - Fixed system_tests_ssl.py to work on rhel6 and other distros.This closes #308


Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/840a2b4a
Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/840a2b4a
Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/840a2b4a

Branch: refs/heads/master
Commit: 840a2b4ad57e6c5baabf9d1ef54fea2b13781c51
Parents: 427c383
Author: Fernando Giorgetti <fg...@redhat.com>
Authored: Tue May 22 17:44:14 2018 -0300
Committer: Ganesh Murthy <gm...@redhat.com>
Committed: Thu May 24 19:57:50 2018 -0400

----------------------------------------------------------------------
 tests/system_tests_ssl.py | 54 +++++++++++++++++++++++++-----------------
 1 file changed, 32 insertions(+), 22 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/840a2b4a/tests/system_tests_ssl.py
----------------------------------------------------------------------
diff --git a/tests/system_tests_ssl.py b/tests/system_tests_ssl.py
index 214c08d..f46c32e 100644
--- a/tests/system_tests_ssl.py
+++ b/tests/system_tests_ssl.py
@@ -20,8 +20,6 @@
 """
 Provides tests related with allowed TLS protocol version restrictions.
 """
-import socket
-import ssl
 import os
 from subprocess import Popen, PIPE
 from qpid_dispatch.management.client import Node
@@ -235,7 +233,7 @@ class RouterTestSslClient(RouterTestSslBase):
         cls.routers.append(cls.tester.qdrouterd("A", config, wait=False))
         cls.routers[0].wait_ports()
 
-    def is_all_proto_allowed(self, listener_port):
+    def get_allowed_protocols(self, listener_port):
         """
         Loops through TLSv1, TLSv1.1 and TLSv1.2 and attempts to connect
         to the listener_port using each version. The result is a boolean list
@@ -244,32 +242,37 @@ class RouterTestSslClient(RouterTestSslBase):
         :return:
         """
         results = []
-        for proto in [ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1_1, ssl.PROTOCOL_TLSv1_2]:
+
+        for proto in ['TLSv1', 'TLSv1.1', 'TLSv1.2']:
             results.append(self.is_proto_allowed(listener_port, proto))
         return results
 
     def is_proto_allowed(self, listener_port, tls_protocol):
         """
-        Opens a simple SSL Connection to the provided TCP port using
+        Opens a simple proton client connection to the provided TCP port using
         a specific TLS protocol version and returns True in case connection
         was established and accepted or False otherwise.
         :param listener_port: TCP port number
-        :param tls_protocol: ssl.PROTOCOL_TLSv1, ssl.PROTOCOL_TLSv1_1 or ssl.PROTOCOL_TLSv1_2
+        :param tls_protocol: TLSv1, TLSv1.1 or TLSv1.2 (string)
         :return:
         """
-        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-        sock.settimeout(self.TIMEOUT)
-        ssl_sock = ssl.wrap_socket(sock, ssl_version=tls_protocol)
+        # Management address to connect using the given TLS protocol
+        url = Url("amqps://0.0.0.0:%d/$management" % listener_port)
+        # Preparing SSLDomain (client cert) and SASL authentication info
+        domain = SSLDomain(SSLDomain.MODE_CLIENT)
+        # Enforcing given TLS protocol
+        cproton.pn_ssl_domain_set_protocols(domain._domain, tls_protocol)
 
+        # Try opening the secure and authenticated connection
         try:
-            ssl_sock.connect(("0.0.0.0", listener_port))
-        except ssl.SSLError:
+            connection = BlockingConnection(url, sasl_enabled=False, ssl_domain=domain, timeout=self.TIMEOUT)
+        except proton.Timeout:
             return False
-        except socket.error:
+        except proton.ConnectionException:
             return False
-        finally:
-            ssl_sock.close()
 
+        # TLS version provided was accepted
+        connection.close()
         return True
 
     def is_ssl_sasl_client_accepted(self, listener_port, tls_protocol):
@@ -310,49 +313,56 @@ class RouterTestSslClient(RouterTestSslBase):
         """
         Expects TLSv1 only is allowed
         """
-        self.assertEquals([True, False, False], self.is_all_proto_allowed(self.PORT_TLS1))
+        self.assertEquals([True, False, False],
+                          self.get_allowed_protocols(self.PORT_TLS1))
 
     def test_tls11_only(self):
         """
         Expects TLSv1.1 only is allowed
         """
-        self.assertEquals([False, True, False], self.is_all_proto_allowed(self.PORT_TLS11))
+        self.assertEquals([False, True, False],
+                          self.get_allowed_protocols(self.PORT_TLS11))
 
     def test_tls12_only(self):
         """
         Expects TLSv1.2 only is allowed
         """
-        self.assertEquals([False, False, True], self.is_all_proto_allowed(self.PORT_TLS12))
+        self.assertEquals([False, False, True],
+                          self.get_allowed_protocols(self.PORT_TLS12))
 
     def test_tls1_tls11_only(self):
         """
         Expects TLSv1 and TLSv1.1 only are allowed
         """
-        self.assertEquals([True, True, False], self.is_all_proto_allowed(self.PORT_TLS1_TLS11))
+        self.assertEquals([True, True, False],
+                          self.get_allowed_protocols(self.PORT_TLS1_TLS11))
 
     def test_tls1_tls12_only(self):
         """
         Expects TLSv1 and TLSv1.2 only are allowed
         """
-        self.assertEquals([True, False, True], self.is_all_proto_allowed(self.PORT_TLS1_TLS12))
+        self.assertEquals([True, False, True],
+                          self.get_allowed_protocols(self.PORT_TLS1_TLS12))
 
     def test_tls11_tls12_only(self):
         """
         Expects TLSv1.1 and TLSv1.2 only are allowed
         """
-        self.assertEquals([False, True, True], self.is_all_proto_allowed(self.PORT_TLS11_TLS12))
+        self.assertEquals([False, True, True],
+                          self.get_allowed_protocols(self.PORT_TLS11_TLS12))
 
     def test_tls_all(self):
         """
         Expects all supported versions: TLSv1, TLSv1.1 and TLSv1.2 to be allowed
         """
-        self.assertEquals([True, True, True], self.is_all_proto_allowed(self.PORT_TLS_ALL))
+        self.assertEquals([True, True, True],
+                          self.get_allowed_protocols(self.PORT_TLS_ALL))
 
     def test_ssl_invalid(self):
         """
         Expects connection is rejected as SSL is no longer supported
         """
-        self.assertEqual(False, self.is_proto_allowed(self.PORT_SSL3, ssl.PROTOCOL_SSLv23))
+        self.assertEqual(False, self.is_proto_allowed(self.PORT_SSL3, 'SSLv3'))
 
     def test_ssl_sasl_client_valid(self):
         """


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org