You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by ja...@apache.org on 2022/10/07 06:22:45 UTC
[camel-quarkus] branch main updated: Fix Netty integration tests on FIPS system
This is an automated email from the ASF dual-hosted git repository.
jamesnetherton pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-quarkus.git
The following commit(s) were added to refs/heads/main by this push:
new 28474794d4 Fix Netty integration tests on FIPS system
28474794d4 is described below
commit 28474794d4fd983adea70820a6464392aea96138
Author: Tomas Turek <tt...@redhat.com>
AuthorDate: Thu Sep 22 17:55:41 2022 +0200
Fix Netty integration tests on FIPS system
---
integration-tests/netty/README.adoc | 12 +++++++
integration-tests/netty/pom.xml | 39 +++++++++++++++++++++
.../quarkus/component/netty/NettyProducers.java | 18 ++++++++--
.../src/main/resources/application.properties | 11 +++++-
.../src/main/resources/ssl/fips-keystore.bcfks | Bin 0 -> 2579 bytes
.../src/main/resources/ssl/fips-truststore.bcfks | Bin 0 -> 1188 bytes
pom.xml | 1 +
7 files changed, 77 insertions(+), 4 deletions(-)
diff --git a/integration-tests/netty/README.adoc b/integration-tests/netty/README.adoc
index ddad5f8b63..6f9d3fca63 100644
--- a/integration-tests/netty/README.adoc
+++ b/integration-tests/netty/README.adoc
@@ -2,3 +2,15 @@
cd src/main/resources/ssl
keytool -genkeypair -keystore keystore.p12 -storetype PKCS12 -storepass changeit -alias localhost -keyalg RSA -keysize 2048 -validity 99999 -dname "CN=localhost"
+
+== Run tests on FIPS enabled system
+
+To execute the tests on FIPS enabled system add `-Dfips` property so that tests will use BCFKS keystore. Example of usage:
+
+`mvn clean test -f integration-tests/netty/ -Dfips`
+
+
+=== Generate Bouncy Castle FIPS Keystore (BCFKS)
+
+ cd src/main/resources/ssl
+ keytool -genkey -alias localhost -keyalg RSA -keystore fips-keystore.bcfks -keysize 2048 -validity 99999 -dname "CN=localhost" -keypass changeit -provider org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath bc-fips.jar -storetype BCFKS
diff --git a/integration-tests/netty/pom.xml b/integration-tests/netty/pom.xml
index e89f745fb9..37aeb3253f 100644
--- a/integration-tests/netty/pom.xml
+++ b/integration-tests/netty/pom.xml
@@ -147,6 +147,45 @@
</dependency>
</dependencies>
</profile>
+ <profile>
+ <id>fips</id>
+ <activation>
+ <property>
+ <name>fips</name>
+ </property>
+ </activation>
+ <properties>
+ <quarkus.profile>fips</quarkus.profile>
+ <quarkus.test.profile>fips</quarkus.test.profile>
+ </properties>
+ <dependencies>
+ <dependency>
+ <groupId>io.quarkus</groupId>
+ <artifactId>quarkus-security</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bctls-fips</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bc-fips</artifactId>
+ </dependency>
+ </dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <systemPropertyVariables>
+ <quarkus.test.profile>fips</quarkus.test.profile>
+ </systemPropertyVariables>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
</profiles>
</project>
diff --git a/integration-tests/netty/src/main/java/org/apache/camel/quarkus/component/netty/NettyProducers.java b/integration-tests/netty/src/main/java/org/apache/camel/quarkus/component/netty/NettyProducers.java
index fb951dc280..5a0466fe55 100644
--- a/integration-tests/netty/src/main/java/org/apache/camel/quarkus/component/netty/NettyProducers.java
+++ b/integration-tests/netty/src/main/java/org/apache/camel/quarkus/component/netty/NettyProducers.java
@@ -19,6 +19,7 @@ package org.apache.camel.quarkus.component.netty;
import java.net.InetSocketAddress;
import java.nio.charset.StandardCharsets;
import java.util.List;
+import java.util.Optional;
import javax.inject.Named;
import javax.inject.Singleton;
@@ -65,6 +66,7 @@ import org.apache.camel.support.jsse.KeyManagersParameters;
import org.apache.camel.support.jsse.KeyStoreParameters;
import org.apache.camel.support.jsse.SSLContextParameters;
import org.apache.camel.support.jsse.TrustManagersParameters;
+import org.eclipse.microprofile.config.inject.ConfigProperty;
public class NettyProducers {
@@ -121,13 +123,23 @@ public class NettyProducers {
@Singleton
@Named
- public SSLContextParameters sslContextParameters() {
+ public SSLContextParameters sslContextParameters(
+ @ConfigProperty(name = "truststore.file") String truststore,
+ @ConfigProperty(name = "truststore.type") Optional<String> truststoreType,
+ @ConfigProperty(name = "truststore.provider") Optional<String> truststoreProvider,
+ @ConfigProperty(name = "keystore.file") String keystore,
+ @ConfigProperty(name = "keystore.type") Optional<String> keystoreType,
+ @ConfigProperty(name = "keystore.provider") Optional<String> keystoreProvider) {
KeyStoreParameters keystoreParameters = new KeyStoreParameters();
- keystoreParameters.setResource("/ssl/keystore.p12");
+ keystoreParameters.setResource(keystore);
+ keystoreType.ifPresent((it) -> keystoreParameters.setType(it));
+ keystoreProvider.ifPresent((it) -> keystoreParameters.setProvider(it));
keystoreParameters.setPassword("changeit");
KeyStoreParameters truststoreParameters = new KeyStoreParameters();
- truststoreParameters.setResource("/ssl/truststore.jks");
+ truststoreType.ifPresent((it) -> truststoreParameters.setType(it));
+ truststoreProvider.ifPresent((it) -> truststoreParameters.setProvider(it));
+ truststoreParameters.setResource(truststore);
truststoreParameters.setPassword("changeit");
TrustManagersParameters trustManagersParameters = new TrustManagersParameters();
diff --git a/integration-tests/netty/src/main/resources/application.properties b/integration-tests/netty/src/main/resources/application.properties
index 2aad765c44..c7a6807b1f 100644
--- a/integration-tests/netty/src/main/resources/application.properties
+++ b/integration-tests/netty/src/main/resources/application.properties
@@ -14,5 +14,14 @@
## See the License for the specific language governing permissions and
## limitations under the License.
## ---------------------------------------------------------------------------
-
quarkus.native.resources.includes = ssl/*
+truststore.file=/ssl/truststore.jks
+keystore.file=/ssl/keystore.p12
+
+%fips.quarkus.security.security-providers=BCFIPSJSSE
+%fips.truststore.file=/ssl/fips-truststore.bcfks
+%fips.truststore.provider=BCFIPS
+%fips.truststore.type=BCFKS
+%fips.keystore.file=/ssl/fips-keystore.bcfks
+%fips.keystore.provider=BCFIPS
+%fips.keystore.type=BCFKS
diff --git a/integration-tests/netty/src/main/resources/ssl/fips-keystore.bcfks b/integration-tests/netty/src/main/resources/ssl/fips-keystore.bcfks
new file mode 100644
index 0000000000..9b85476596
Binary files /dev/null and b/integration-tests/netty/src/main/resources/ssl/fips-keystore.bcfks differ
diff --git a/integration-tests/netty/src/main/resources/ssl/fips-truststore.bcfks b/integration-tests/netty/src/main/resources/ssl/fips-truststore.bcfks
new file mode 100644
index 0000000000..e74b445b29
Binary files /dev/null and b/integration-tests/netty/src/main/resources/ssl/fips-truststore.bcfks differ
diff --git a/pom.xml b/pom.xml
index 1f0247e54a..0a3c5e78ae 100644
--- a/pom.xml
+++ b/pom.xml
@@ -477,6 +477,7 @@
<exclude>**/*.adm</exclude>
<exclude>**/*.avsc</exclude>
<exclude>**/*.avpr</exclude>
+ <exclude>**/*.bcfks</exclude>
<exclude>**/*.bin</exclude>
<exclude>**/*.cnf</exclude>
<exclude>**/*.conf</exclude>