You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by br...@apache.org on 2021/10/26 10:28:38 UTC
[activemq-artemis] branch main updated: NO-JIRA Add console mutual
ssl smoke test
This is an automated email from the ASF dual-hosted git repository.
brusdev pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git
The following commit(s) were added to refs/heads/main by this push:
new 14d2075 NO-JIRA Add console mutual ssl smoke test
14d2075 is described below
commit 14d20759e0a37c618967e637819cb50a24d0cdc1
Author: Domenico Francesco Bruscino <br...@apache.org>
AuthorDate: Wed Oct 20 17:40:09 2021 +0200
NO-JIRA Add console mutual ssl smoke test
---
tests/smoke-tests/pom.xml | 16 ++++
.../servers/console-mutual-ssl/bootstrap.xml | 43 +++++++++++
.../console-mutual-ssl/cert-roles.properties | 18 +++++
.../console-mutual-ssl/cert-users.properties | 18 +++++
.../servers/console-mutual-ssl/jolokia-access.xml | 36 +++++++++
.../servers/console-mutual-ssl/login.config | 29 +++++++
.../tests/smoke/console/ConsoleMutualSSLTest.java | 90 ++++++++++++++++++++++
7 files changed, 250 insertions(+)
diff --git a/tests/smoke-tests/pom.xml b/tests/smoke-tests/pom.xml
index 97a0acf..6759cbb 100644
--- a/tests/smoke-tests/pom.xml
+++ b/tests/smoke-tests/pom.xml
@@ -247,6 +247,22 @@
</execution>
<execution>
<phase>test-compile</phase>
+ <id>create-create-console-mutual-ssl</id>
+ <goals>
+ <goal>create</goal>
+ </goals>
+ <configuration>
+ <role>amq</role>
+ <user>admin</user>
+ <password>admin</password>
+ <allowAnonymous>false</allowAnonymous>
+ <noWeb>false</noWeb>
+ <instance>${basedir}/target/console-mutual-ssl</instance>
+ <configuration>${basedir}/target/classes/servers/console-mutual-ssl</configuration>
+ </configuration>
+ </execution>
+ <execution>
+ <phase>test-compile</phase>
<id>create0</id>
<goals>
<goal>create</goal>
diff --git a/tests/smoke-tests/src/main/resources/servers/console-mutual-ssl/bootstrap.xml b/tests/smoke-tests/src/main/resources/servers/console-mutual-ssl/bootstrap.xml
new file mode 100644
index 0000000..f597aa1
--- /dev/null
+++ b/tests/smoke-tests/src/main/resources/servers/console-mutual-ssl/bootstrap.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one or more
+ ~ contributor license agreements. See the NOTICE file distributed with
+ ~ this work for additional information regarding copyright ownership.
+ ~ The ASF licenses this file to You under the Apache License, Version 2.0
+ ~ (the "License"); you may not use this file except in compliance with
+ ~ the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+
+<broker xmlns="http://activemq.org/schema">
+
+ <jaas-security domain="activemq"/>
+
+
+ <!-- artemis.URI.instance is parsed from artemis.instance by the CLI startup.
+ This is to avoid situations where you could have spaces or special characters on this URI -->
+ <server configuration="file:/home/dbruscin/Workspace/temp/apache-artemis-2.19.0/broker-guest/etc//broker.xml"/>
+
+ <!-- The web server is only bound to localhost by default -->
+ <web bind="https://localhost:8443"
+ path="web"
+ keyStorePath="../../test-classes/server-keystore.p12"
+ keyStorePassword="securepass"
+ clientAuth="true"
+ trustStorePath="../../test-classes/client-ca-truststore.p12"
+ trustStorePassword="securepass">
+ <app url="activemq-branding" war="activemq-branding.war"/>
+ <app url="artemis-plugin" war="artemis-plugin.war"/>
+ <app url="console" war="console.war"/>
+ </web>
+
+
+</broker>
+
diff --git a/tests/smoke-tests/src/main/resources/servers/console-mutual-ssl/cert-roles.properties b/tests/smoke-tests/src/main/resources/servers/console-mutual-ssl/cert-roles.properties
new file mode 100644
index 0000000..f1d0106
--- /dev/null
+++ b/tests/smoke-tests/src/main/resources/servers/console-mutual-ssl/cert-roles.properties
@@ -0,0 +1,18 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+amq = admin
diff --git a/tests/smoke-tests/src/main/resources/servers/console-mutual-ssl/cert-users.properties b/tests/smoke-tests/src/main/resources/servers/console-mutual-ssl/cert-users.properties
new file mode 100644
index 0000000..1cbee5e
--- /dev/null
+++ b/tests/smoke-tests/src/main/resources/servers/console-mutual-ssl/cert-users.properties
@@ -0,0 +1,18 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+admin=CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, ST=AMQ, C=AMQ
diff --git a/tests/smoke-tests/src/main/resources/servers/console-mutual-ssl/jolokia-access.xml b/tests/smoke-tests/src/main/resources/servers/console-mutual-ssl/jolokia-access.xml
new file mode 100644
index 0000000..3b0124d
--- /dev/null
+++ b/tests/smoke-tests/src/main/resources/servers/console-mutual-ssl/jolokia-access.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+
+<!-- This policy file controls the Jolokia JMX-HTTP bridge security options for the web console.
+ see: https://jolokia.org/reference/html/security.html -->
+<restrict>
+
+ <cors>
+ <!-- Allow cross origin access from localhost ... -->
+ <allow-origin>*://localhost*</allow-origin>
+ <allow-origin>*://host.testcontainers.internal*</allow-origin>
+
+
+ <!-- Options from this point on are auto-generated by Create.java from the Artemis CLI -->
+ <!-- Check for the proper origin on the server side, too -->
+ <strict-checking/>
+ </cors>
+
+</restrict>
\ No newline at end of file
diff --git a/tests/smoke-tests/src/main/resources/servers/console-mutual-ssl/login.config b/tests/smoke-tests/src/main/resources/servers/console-mutual-ssl/login.config
new file mode 100644
index 0000000..253b7e7
--- /dev/null
+++ b/tests/smoke-tests/src/main/resources/servers/console-mutual-ssl/login.config
@@ -0,0 +1,29 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+activemq {
+ org.apache.activemq.artemis.spi.core.security.jaas.PropertiesLoginModule sufficient
+ debug=false
+ reload=true
+ org.apache.activemq.jaas.properties.user="artemis-users.properties"
+ org.apache.activemq.jaas.properties.role="artemis-roles.properties";
+
+ org.apache.activemq.artemis.spi.core.security.jaas.TextFileCertificateLoginModule sufficient
+ debug=true
+ org.apache.activemq.jaas.textfiledn.user="cert-users.properties"
+ org.apache.activemq.jaas.textfiledn.role="cert-roles.properties";
+};
\ No newline at end of file
diff --git a/tests/smoke-tests/src/test/java/org/apache/activemq/artemis/tests/smoke/console/ConsoleMutualSSLTest.java b/tests/smoke-tests/src/test/java/org/apache/activemq/artemis/tests/smoke/console/ConsoleMutualSSLTest.java
new file mode 100644
index 0000000..499d693
--- /dev/null
+++ b/tests/smoke-tests/src/test/java/org/apache/activemq/artemis/tests/smoke/console/ConsoleMutualSSLTest.java
@@ -0,0 +1,90 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.activemq.artemis.tests.smoke.console;
+
+import com.github.dockerjava.zerodep.shaded.org.apache.hc.core5.ssl.SSLContexts;
+import org.apache.activemq.artemis.tests.smoke.common.SmokeTestBase;
+import org.apache.activemq.artemis.util.ServerUtil;
+import org.apache.activemq.artemis.utils.Wait;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
+import org.junit.Before;
+import org.junit.Test;
+
+import javax.net.ssl.SSLContext;
+import java.io.File;
+
+public class ConsoleMutualSSLTest extends SmokeTestBase {
+
+ protected static final String SERVER_NAME = "console-mutual-ssl";
+ protected static final String SERVER_ADMIN_USERNAME = "admin";
+ protected static final String SERVER_ADMIN_PASSWORD = "admin";
+
+ @Before
+ public void before() throws Exception {
+ cleanupData(SERVER_NAME);
+ disableCheckThread();
+ startServer(SERVER_NAME, 0, 0);
+ ServerUtil.waitForServerToStart(0, SERVER_ADMIN_USERNAME, SERVER_ADMIN_PASSWORD, 30000);
+ }
+
+ @Test
+ public void testLoginWithValidCertificate() throws Exception {
+ File keyStoreFile = new File(this.getClass().getClassLoader().getResource("client-keystore.p12").getFile());
+ File trustStoreFile = new File(this.getClass().getClassLoader().getResource("server-ca-truststore.p12").getFile());
+ SSLContext sslContext = SSLContexts.custom()
+ .loadKeyMaterial(keyStoreFile, "securepass".toCharArray(), "securepass".toCharArray())
+ .loadTrustMaterial(trustStoreFile, "securepass".toCharArray())
+ .build();
+ try (CloseableHttpClient httpClient = HttpClients.custom().disableRedirectHandling().setSSLContext(sslContext).build()) {
+ Wait.assertTrue(() -> {
+ try {
+ try (CloseableHttpResponse response = httpClient.execute(new HttpGet("https://localhost:8443/console/"))) {
+ return response.getStatusLine().getStatusCode() == 200;
+ }
+ } catch (Exception ignore) {
+ return false;
+ }
+ }, 5000);
+ }
+ }
+
+ @Test
+ public void testLoginWithInvalidCertificate() throws Exception {
+ File keyStoreFile = new File(this.getClass().getClassLoader().getResource("other-client-keystore.p12").getFile());
+ File trustStoreFile = new File(this.getClass().getClassLoader().getResource("server-ca-truststore.p12").getFile());
+ SSLContext sslContext = SSLContexts.custom()
+ .loadKeyMaterial(keyStoreFile, "securepass".toCharArray(), "securepass".toCharArray())
+ .loadTrustMaterial(trustStoreFile, "securepass".toCharArray())
+ .build();
+ try (CloseableHttpClient httpClient = HttpClients.custom().disableRedirectHandling().setSSLContext(sslContext).build()) {
+ Wait.assertTrue(() -> {
+ try {
+ try (CloseableHttpResponse response = httpClient.execute(new HttpGet("https://localhost:8443/console/"))) {
+ return response.getStatusLine().getStatusCode() == 302 &&
+ response.getFirstHeader("Location").getValue().endsWith("auth/login");
+ }
+ } catch (Exception ignore) {
+ return false;
+ }
+ }, 5000);
+ }
+ }
+}