You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by kw...@apache.org on 2018/02/25 16:03:27 UTC
qpid-broker-j git commit: QPID-8083: [System Tests] [REST/HTTP]
Factor out AnonymousAccessRestTest, PreemtiveAuthRestTest,
BrokerRestHttpAndHttpsTest
Repository: qpid-broker-j
Updated Branches:
refs/heads/master 7dbb88471 -> 8c88850ee
QPID-8083: [System Tests] [REST/HTTP] Factor out AnonymousAccessRestTest, PreemtiveAuthRestTest, BrokerRestHttpAndHttpsTest
Project: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/commit/8c88850e
Tree: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/tree/8c88850e
Diff: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/diff/8c88850e
Branch: refs/heads/master
Commit: 8c88850ee77e49292d6dbd00dfa105ca348c7e60
Parents: 7dbb884
Author: Keith Wall <kw...@apache.org>
Authored: Sat Feb 24 16:32:56 2018 +0000
Committer: Keith Wall <kw...@apache.org>
Committed: Sun Feb 25 07:02:58 2018 +0000
----------------------------------------------------------------------
.../apache/qpid/tests/http/HttpTestHelper.java | 14 +-
.../PreemptiveAuthenticationTest.java | 328 +++++++++++++++++++
.../TlsClientAuthenticationTest.java | 210 ------------
.../tests/http/transport/UnifiedPortTest.java | 113 +++++++
.../systest/rest/AnonymousAccessRestTest.java | 116 -------
.../rest/BrokerRestHttpAndHttpsTest.java | 168 ----------
.../qpid/systest/rest/BrokerRestHttpsTest.java | 78 -----
.../systest/rest/PreemtiveAuthRestTest.java | 207 ------------
8 files changed, 453 insertions(+), 781 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/8c88850e/systests/qpid-systests-http-management/src/main/java/org/apache/qpid/tests/http/HttpTestHelper.java
----------------------------------------------------------------------
diff --git a/systests/qpid-systests-http-management/src/main/java/org/apache/qpid/tests/http/HttpTestHelper.java b/systests/qpid-systests-http-management/src/main/java/org/apache/qpid/tests/http/HttpTestHelper.java
index a2bb3b8..00eb60d 100644
--- a/systests/qpid-systests-http-management/src/main/java/org/apache/qpid/tests/http/HttpTestHelper.java
+++ b/systests/qpid-systests-http-management/src/main/java/org/apache/qpid/tests/http/HttpTestHelper.java
@@ -75,8 +75,8 @@ public class HttpTestHelper
private static final String API_BASE = "/api/latest/";
private final BrokerAdmin _admin;
private final int _httpPort;
- private final String _username;
- private final String _password;
+ private String _username;
+ private String _password;
private final String _requestHostName;
private final int _connectTimeout = Integer.getInteger("qpid.resttest_connection_timeout", 30000);
@@ -456,6 +456,16 @@ public class HttpTestHelper
}
}
+ public void setPassword(final String password)
+ {
+ _password = password;
+ }
+
+ public void setUserName(final String username)
+ {
+ _username = username;
+ }
+
private static class TrustAllTrustManager implements X509TrustManager
{
public X509Certificate[] getAcceptedIssuers()
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/8c88850e/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/authentication/PreemptiveAuthenticationTest.java
----------------------------------------------------------------------
diff --git a/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/authentication/PreemptiveAuthenticationTest.java b/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/authentication/PreemptiveAuthenticationTest.java
new file mode 100644
index 0000000..40c655c
--- /dev/null
+++ b/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/authentication/PreemptiveAuthenticationTest.java
@@ -0,0 +1,328 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.qpid.tests.http.authentication;
+
+import static javax.servlet.http.HttpServletResponse.SC_CREATED;
+import static javax.servlet.http.HttpServletResponse.SC_OK;
+import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED;
+import static org.apache.qpid.server.transport.network.security.ssl.SSLUtil.generateSelfSignedCertificate;
+import static org.hamcrest.Matchers.equalTo;
+import static org.hamcrest.Matchers.greaterThan;
+import static org.hamcrest.Matchers.hasKey;
+import static org.hamcrest.Matchers.is;
+import static org.hamcrest.Matchers.not;
+import static org.hamcrest.Matchers.startsWith;
+import static org.junit.Assert.assertThat;
+import static org.junit.Assert.fail;
+
+import java.io.ByteArrayOutputStream;
+import java.net.HttpURLConnection;
+import java.net.SocketException;
+import java.security.KeyStore;
+import java.security.cert.Certificate;
+import java.time.Duration;
+import java.time.Instant;
+import java.time.temporal.ChronoUnit;
+import java.util.ArrayDeque;
+import java.util.Base64;
+import java.util.Collections;
+import java.util.Deque;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.net.ssl.SSLHandshakeException;
+import javax.servlet.http.HttpServletResponse;
+
+import com.fasterxml.jackson.core.type.TypeReference;
+import org.junit.After;
+import org.junit.Test;
+
+import org.apache.qpid.server.management.plugin.HttpManagement;
+import org.apache.qpid.server.model.Port;
+import org.apache.qpid.server.model.Protocol;
+import org.apache.qpid.server.model.Transport;
+import org.apache.qpid.server.security.FileKeyStore;
+import org.apache.qpid.server.security.ManagedPeerCertificateTrustStore;
+import org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager;
+import org.apache.qpid.server.security.auth.manager.ExternalAuthenticationManager;
+import org.apache.qpid.server.transport.network.security.ssl.SSLUtil.KeyCertPair;
+import org.apache.qpid.server.util.BaseAction;
+import org.apache.qpid.server.util.DataUrlUtils;
+import org.apache.qpid.tests.http.HttpTestBase;
+import org.apache.qpid.tests.http.HttpTestHelper;
+
+public class PreemptiveAuthenticationTest extends HttpTestBase
+{
+ private static final TypeReference<String> STRING_TYPE_REF = new TypeReference<String>() {};
+ private static final String STORE_PASSWORD = "password";
+
+ private Deque<BaseAction<Void, Exception>> _tearDownActions;
+ private String _keyStore;
+
+ @After
+ public void tearDown() throws Exception
+ {
+ if (_tearDownActions != null)
+ {
+ Exception exception = null;
+ while(!_tearDownActions.isEmpty())
+ {
+ try
+ {
+ _tearDownActions.removeLast().performAction(null);
+ }
+ catch (Exception e)
+ {
+ exception = e;
+ }
+ }
+
+ if (exception != null)
+ {
+ throw exception;
+ }
+ }
+ }
+
+ @Test
+ public void clientAuthSuccess() throws Exception
+ {
+ HttpTestHelper helper = configForClientAuth("CN=foo");
+
+ String userId = helper.getJson("broker/getUser", STRING_TYPE_REF, SC_OK);
+ assertThat(userId, startsWith("foo@"));
+ }
+
+ @Test
+ public void clientAuthUnrecognisedCert() throws Exception
+ {
+ HttpTestHelper helper = configForClientAuth("CN=foo");
+
+ String keyStore = createKeyStoreDataUrl(getKeyCertPair("CN=bar"), STORE_PASSWORD);
+ helper.setKeyStore(keyStore, STORE_PASSWORD);
+
+ try
+ {
+ helper.getJson("broker/getUser", STRING_TYPE_REF, SC_OK);
+ fail("Exception not thrown");
+ }
+ catch (SSLHandshakeException e)
+ {
+ // PASS
+ }
+ catch (SocketException e)
+ {
+ // TODO - defect - we are not always seeing the SSL handshake exception
+ }
+ }
+
+ @Test
+ public void basicAuth() throws Exception
+ {
+ verifyGetBroker(SC_OK);
+ }
+
+ @Test
+ public void basicAuthWrongPassword() throws Exception
+ {
+ getHelper().setPassword("badpassword");
+
+ verifyGetBroker(HttpServletResponse.SC_UNAUTHORIZED);
+ }
+
+ @Test
+ public void httpBasicAuthDisabled() throws Exception
+ {
+ doBasicAuthDisabledTest(false);
+ }
+
+ @Test
+ public void httpsBasicAuthDisabled() throws Exception
+ {
+ doBasicAuthDisabledTest(true);
+ }
+
+ @Test
+ public void anonymousTest() throws Exception
+ {
+ HttpTestHelper helper = configForAnonymous();
+
+ String userId = helper.getJson("broker/getUser", STRING_TYPE_REF, SC_OK);
+ assertThat(userId, startsWith("ANONYMOUS@"));
+ }
+
+ @Test
+ public void noSessionCreated() throws Exception
+ {
+ final HttpURLConnection conn = getHelper().openManagementConnection("broker", "GET");
+ assertThat("Unexpected server response", conn.getResponseCode(), is(equalTo(SC_OK)));
+ assertThat("Unexpected cookie", conn.getHeaderFields(), not(hasKey("Set-Cookie")));
+ }
+
+ private void verifyGetBroker(int expectedResponseCode) throws Exception
+ {
+ assertThat(getHelper().submitRequest("broker", "GET"), is(equalTo(expectedResponseCode)));
+ }
+
+ private void doBasicAuthDisabledTest(final boolean tls) throws Exception
+ {
+ HttpTestHelper configHelper = new HttpTestHelper(getBrokerAdmin());
+ configHelper.setTls(!tls);
+ final String authEnabledAttrName = tls ? HttpManagement.HTTPS_BASIC_AUTHENTICATION_ENABLED : HttpManagement.HTTP_BASIC_AUTHENTICATION_ENABLED;
+ try
+ {
+ HttpTestHelper helper = new HttpTestHelper(getBrokerAdmin());
+ helper.setTls(tls);
+ assertThat(helper.submitRequest("broker", "GET"), is(equalTo(SC_OK)));
+
+ configHelper.submitRequest("plugin/httpManagement", "POST",
+ Collections.<String, Object>singletonMap(authEnabledAttrName, Boolean.FALSE), SC_OK);
+
+ assertThat(helper.submitRequest("broker", "GET"), is(equalTo(SC_UNAUTHORIZED)));
+ }
+ finally
+ {
+ configHelper.submitRequest("plugin/httpManagement", "POST",
+ Collections.<String, Object>singletonMap(authEnabledAttrName, Boolean.TRUE), SC_OK);
+
+ }
+ }
+
+ private HttpTestHelper configForClientAuth(final String x500Name) throws Exception
+ {
+ final KeyCertPair keyCertPair = getKeyCertPair(x500Name);
+ final byte[] cert = keyCertPair.getCertificate().getEncoded();
+
+ _keyStore = createKeyStoreDataUrl(keyCertPair, STORE_PASSWORD);
+
+ final Deque<BaseAction<Void,Exception>> deleteActions = new ArrayDeque<>();
+
+ final Map<String, Object> authAttr = new HashMap<>();
+ authAttr.put(ExternalAuthenticationManager.TYPE, "External");
+ authAttr.put(ExternalAuthenticationManager.ATTRIBUTE_USE_FULL_DN, false);
+
+ getHelper().submitRequest("authenticationprovider/myexternal","PUT", authAttr, SC_CREATED);
+
+ deleteActions.add(object -> getHelper().submitRequest("authenticationprovider/myexternal", "DELETE", SC_OK));
+
+ final Map<String, Object> keystoreAttr = new HashMap<>();
+ keystoreAttr.put(FileKeyStore.TYPE, "FileKeyStore");
+ keystoreAttr.put(FileKeyStore.STORE_URL, "classpath:java_broker_keystore.jks");
+ keystoreAttr.put(FileKeyStore.PASSWORD, STORE_PASSWORD);
+
+ getHelper().submitRequest("keystore/mykeystore","PUT", keystoreAttr, SC_CREATED);
+ deleteActions.add(object -> getHelper().submitRequest("keystore/mykeystore", "DELETE", SC_OK));
+
+ final Map<String, Object> truststoreAttr = new HashMap<>();
+ truststoreAttr.put(ManagedPeerCertificateTrustStore.TYPE, ManagedPeerCertificateTrustStore.TYPE_NAME);
+ truststoreAttr.put(ManagedPeerCertificateTrustStore.STORED_CERTIFICATES, Collections.singletonList(Base64.getEncoder().encodeToString(cert)));
+
+
+ getHelper().submitRequest("truststore/mytruststore","PUT", truststoreAttr, SC_CREATED);
+ deleteActions.add(object -> getHelper().submitRequest("truststore/mytruststore", "DELETE", SC_OK));
+
+ final Map<String, Object> portAttr = new HashMap<>();
+ portAttr.put(Port.TYPE, "HTTP");
+ portAttr.put(Port.PORT, 0);
+ portAttr.put(Port.AUTHENTICATION_PROVIDER, "myexternal");
+ portAttr.put(Port.PROTOCOLS, Collections.singleton(Protocol.HTTP));
+ portAttr.put(Port.TRANSPORTS, Collections.singleton(Transport.SSL));
+ portAttr.put(Port.NEED_CLIENT_AUTH, true);
+ portAttr.put(Port.KEY_STORE, "mykeystore");
+ portAttr.put(Port.TRUST_STORES, Collections.singletonList("mytruststore"));
+
+ getHelper().submitRequest("port/myport","PUT", portAttr, SC_CREATED);
+ deleteActions.add(object -> getHelper().submitRequest("port/myport", "DELETE", SC_OK));
+
+ Map<String, Object> clientAuthPort = getHelper().getJsonAsMap("port/myport");
+ int boundPort = Integer.parseInt(String.valueOf(clientAuthPort.get("boundPort")));
+
+ assertThat(boundPort, is(greaterThan(0)));
+
+ _tearDownActions = deleteActions;
+
+ HttpTestHelper helper = new HttpTestHelper(getBrokerAdmin(), null, boundPort);
+ helper.setTls(true);
+ helper.setKeyStore(_keyStore, STORE_PASSWORD);
+ return helper;
+ }
+
+ private HttpTestHelper configForAnonymous() throws Exception
+ {
+ final Deque<BaseAction<Void,Exception>> deleteActions = new ArrayDeque<>();
+
+ final Map<String, Object> authAttr = new HashMap<>();
+ authAttr.put(AnonymousAuthenticationManager.TYPE, AnonymousAuthenticationManager.PROVIDER_TYPE);
+
+ getHelper().submitRequest("authenticationprovider/myanon","PUT", authAttr, SC_CREATED);
+
+ deleteActions.add(object -> getHelper().submitRequest("authenticationprovider/myanon", "DELETE", SC_OK));
+
+ final Map<String, Object> portAttr = new HashMap<>();
+ portAttr.put(Port.TYPE, "HTTP");
+ portAttr.put(Port.PORT, 0);
+ portAttr.put(Port.AUTHENTICATION_PROVIDER, "myanon");
+ portAttr.put(Port.PROTOCOLS, Collections.singleton(Protocol.HTTP));
+ portAttr.put(Port.TRANSPORTS, Collections.singleton(Transport.TCP));
+
+ getHelper().submitRequest("port/myport","PUT", portAttr, SC_CREATED);
+ deleteActions.add(object -> getHelper().submitRequest("port/myport", "DELETE", SC_OK));
+
+ Map<String, Object> clientAuthPort = getHelper().getJsonAsMap("port/myport");
+ int boundPort = Integer.parseInt(String.valueOf(clientAuthPort.get("boundPort")));
+
+ assertThat(boundPort, is(greaterThan(0)));
+
+ _tearDownActions = deleteActions;
+
+ HttpTestHelper helper = new HttpTestHelper(getBrokerAdmin(), null, boundPort);
+ helper.setKeyStore(_keyStore, STORE_PASSWORD);
+ helper.setPassword(null);
+ helper.setUserName(null);
+ return helper;
+
+ }
+
+ private String createKeyStoreDataUrl(final KeyCertPair keyCertPair, final String password) throws Exception
+ {
+ final KeyStore keyStore = KeyStore.getInstance("JKS");
+ keyStore.load(null, null);
+ Certificate[] certChain = new Certificate[] {keyCertPair.getCertificate()};
+ keyStore.setKeyEntry("key1", keyCertPair.getPrivateKey(), password.toCharArray(), certChain);
+ try (ByteArrayOutputStream bos = new ByteArrayOutputStream())
+ {
+ keyStore.store(bos, password.toCharArray());
+ bos.toByteArray();
+ return DataUrlUtils.getDataUrlForBytes(bos.toByteArray());
+ }
+ }
+
+ private KeyCertPair getKeyCertPair(final String x500Name) throws Exception
+ {
+ return generateSelfSignedCertificate("RSA", "SHA256WithRSA",
+ 2048, Instant.now().toEpochMilli(),
+ Duration.of(365, ChronoUnit.DAYS).getSeconds(),
+ x500Name,
+ Collections.emptySet(),
+ Collections.emptySet());
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/8c88850e/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/authentication/TlsClientAuthenticationTest.java
----------------------------------------------------------------------
diff --git a/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/authentication/TlsClientAuthenticationTest.java b/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/authentication/TlsClientAuthenticationTest.java
deleted file mode 100644
index 7d14ff8..0000000
--- a/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/authentication/TlsClientAuthenticationTest.java
+++ /dev/null
@@ -1,210 +0,0 @@
-/*
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.qpid.tests.http.authentication;
-
-import static javax.servlet.http.HttpServletResponse.SC_CREATED;
-import static javax.servlet.http.HttpServletResponse.SC_OK;
-import static org.apache.qpid.server.transport.network.security.ssl.SSLUtil.generateSelfSignedCertificate;
-import static org.hamcrest.Matchers.greaterThan;
-import static org.hamcrest.Matchers.is;
-import static org.hamcrest.Matchers.startsWith;
-import static org.junit.Assert.assertThat;
-import static org.junit.Assert.fail;
-
-import java.io.ByteArrayOutputStream;
-import java.security.KeyStore;
-import java.security.cert.Certificate;
-import java.time.Duration;
-import java.time.Instant;
-import java.time.temporal.ChronoUnit;
-import java.util.ArrayDeque;
-import java.util.Base64;
-import java.util.Collections;
-import java.util.Deque;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.net.ssl.SSLHandshakeException;
-
-import com.fasterxml.jackson.core.type.TypeReference;
-import org.junit.After;
-import org.junit.Test;
-
-import org.apache.qpid.server.model.Port;
-import org.apache.qpid.server.model.Protocol;
-import org.apache.qpid.server.model.Transport;
-import org.apache.qpid.server.security.FileKeyStore;
-import org.apache.qpid.server.security.ManagedPeerCertificateTrustStore;
-import org.apache.qpid.server.security.auth.manager.ExternalAuthenticationManager;
-import org.apache.qpid.server.transport.network.security.ssl.SSLUtil.KeyCertPair;
-import org.apache.qpid.server.util.BaseAction;
-import org.apache.qpid.server.util.DataUrlUtils;
-import org.apache.qpid.tests.http.HttpTestBase;
-import org.apache.qpid.tests.http.HttpTestHelper;
-
-public class TlsClientAuthenticationTest extends HttpTestBase
-{
-
- private Deque<BaseAction<Void, Exception>> _tearDownActions;
- private int _clientAuthPort;
- private String _keyStore;
-
- @After
- public void tearDown() throws Exception
- {
- if (_tearDownActions != null)
- {
- Exception exception = null;
- while(!_tearDownActions.isEmpty())
- {
- try
- {
- _tearDownActions.removeLast().performAction(null);
- }
- catch (Exception e)
- {
- exception = e;
- }
- }
-
- if (exception != null)
- {
- throw exception;
- }
- }
- }
-
- @Test
- public void clientAuthenticationSuccess() throws Exception
- {
- configPortAndAuthProvider("CN=foo");
-
- HttpTestHelper helper = new HttpTestHelper(getBrokerAdmin(), null, _clientAuthPort);
- helper.setTls(true);
- helper.setKeyStore(_keyStore, "password");
-
- String userId = helper.getJson("broker/getUser", new TypeReference<String>() {}, SC_OK);
- assertThat(userId, startsWith("foo@"));
- }
-
- @Test
- public void unrecognisedCertification() throws Exception
- {
- configPortAndAuthProvider("CN=foo");
-
- String keyStore = createKeyStoreDataUrl(getKeyCertPair("CN=bar"), "password");
-
- HttpTestHelper helper = new HttpTestHelper(getBrokerAdmin(), null, _clientAuthPort);
- helper.setTls(true);
- helper.setKeyStore(keyStore, "password");
-
- try
- {
- helper.getJson("broker/getUser", new TypeReference<String>() {}, SC_OK);
- fail("Exception not thrown");
- }
- catch (SSLHandshakeException e)
- {
- // PASS
- }
- }
-
- private void configPortAndAuthProvider(final String x500Name) throws Exception
- {
-
- final KeyCertPair keyCertPair = getKeyCertPair(x500Name);
- final byte[] cert = keyCertPair.getCertificate().getEncoded();
-
- _keyStore = createKeyStoreDataUrl(keyCertPair, "password");
-
-
- final Deque<BaseAction<Void,Exception>> deleteActions = new ArrayDeque<>();
-
- final Map<String, Object> authAttr = new HashMap<>();
- authAttr.put(ExternalAuthenticationManager.TYPE, "External");
- authAttr.put(ExternalAuthenticationManager.ATTRIBUTE_USE_FULL_DN, false);
-
- getHelper().submitRequest("authenticationprovider/myexternal","PUT", authAttr, SC_CREATED);
-
- deleteActions.add(object -> getHelper().submitRequest("authenticationprovider/myexternal", "DELETE", SC_OK));
-
- final Map<String, Object> keystoreAttr = new HashMap<>();
- keystoreAttr.put(FileKeyStore.TYPE, "FileKeyStore");
- keystoreAttr.put(FileKeyStore.STORE_URL, "classpath:java_broker_keystore.jks");
- keystoreAttr.put(FileKeyStore.PASSWORD, "password");
-
- getHelper().submitRequest("keystore/mykeystore","PUT", keystoreAttr, SC_CREATED);
- deleteActions.add(object -> getHelper().submitRequest("keystore/mykeystore", "DELETE", SC_OK));
-
- final Map<String, Object> truststoreAttr = new HashMap<>();
- truststoreAttr.put(ManagedPeerCertificateTrustStore.TYPE, ManagedPeerCertificateTrustStore.TYPE_NAME);
- truststoreAttr.put(ManagedPeerCertificateTrustStore.STORED_CERTIFICATES, Collections.singletonList(Base64.getEncoder().encodeToString(cert)));
-
- getHelper().submitRequest("truststore/mytruststore","PUT", truststoreAttr, SC_CREATED);
- deleteActions.add(object -> getHelper().submitRequest("truststore/mytruststore", "DELETE", SC_OK));
-
- final Map<String, Object> portAttr = new HashMap<>();
- portAttr.put(Port.TYPE, "HTTP");
- portAttr.put(Port.PORT, 0);
- portAttr.put(Port.AUTHENTICATION_PROVIDER, "myexternal");
- portAttr.put(Port.PROTOCOLS, Collections.singleton(Protocol.HTTP));
- portAttr.put(Port.TRANSPORTS, Collections.singleton(Transport.SSL));
- portAttr.put(Port.NEED_CLIENT_AUTH, true);
- portAttr.put(Port.KEY_STORE, "mykeystore");
- portAttr.put(Port.TRUST_STORES, Collections.singletonList("mytruststore"));
-
- getHelper().submitRequest("port/myport","PUT", portAttr, SC_CREATED);
- deleteActions.add(object -> getHelper().submitRequest("port/myport", "DELETE", SC_OK));
-
- Map<String, Object> clientAuthPort = getHelper().getJsonAsMap("port/myport");
- int boundPort = Integer.parseInt(String.valueOf(clientAuthPort.get("boundPort")));
-
- assertThat(boundPort, is(greaterThan(0)));
-
- _tearDownActions = deleteActions;
- _clientAuthPort = boundPort;
- }
-
- private String createKeyStoreDataUrl(final KeyCertPair keyCertPair, final String password) throws Exception
- {
- final KeyStore keyStore = KeyStore.getInstance("JKS");
- keyStore.load(null, null);
- Certificate[] certChain = new Certificate[] {keyCertPair.getCertificate()};
- keyStore.setKeyEntry("key1", keyCertPair.getPrivateKey(), password.toCharArray(), certChain);
- try (ByteArrayOutputStream bos = new ByteArrayOutputStream())
- {
- keyStore.store(bos, password.toCharArray());
- bos.toByteArray();
- return DataUrlUtils.getDataUrlForBytes(bos.toByteArray());
- }
- }
-
- private KeyCertPair getKeyCertPair(final String x500Name) throws Exception
- {
- return generateSelfSignedCertificate("RSA", "SHA256WithRSA",
- 2048, Instant.now().toEpochMilli(),
- Duration.of(365, ChronoUnit.DAYS).getSeconds(),
- x500Name,
- Collections.emptySet(),
- Collections.emptySet());
- }
-
-}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/8c88850e/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/transport/UnifiedPortTest.java
----------------------------------------------------------------------
diff --git a/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/transport/UnifiedPortTest.java b/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/transport/UnifiedPortTest.java
new file mode 100644
index 0000000..349bb10
--- /dev/null
+++ b/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/transport/UnifiedPortTest.java
@@ -0,0 +1,113 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.qpid.tests.http.transport;
+
+import static org.hamcrest.CoreMatchers.equalTo;
+import static org.junit.Assert.assertThat;
+
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.util.Map;
+
+import org.hamcrest.CoreMatchers;
+import org.junit.Test;
+
+import org.apache.qpid.test.utils.TCPTunneler;
+import org.apache.qpid.tests.http.HttpTestBase;
+import org.apache.qpid.tests.http.HttpTestHelper;
+import org.apache.qpid.tests.utils.BrokerAdmin;
+
+public class UnifiedPortTest extends HttpTestBase
+{
+ @Test
+ public void slowConnectHttp() throws Exception
+ {
+ doTestSlowConnect(false);
+ }
+
+ @Test
+ public void slowConnectHttps() throws Exception
+ {
+ doTestSlowConnect(true);
+ }
+
+ private void doTestSlowConnect(final boolean useTls) throws Exception
+ {
+ final int port = getBrokerAdmin().getBrokerAddress(BrokerAdmin.PortType.HTTP).getPort();
+ try(TCPTunneler tunneler = new TCPTunneler(0, "localhost",
+ port, 1, 2))
+ {
+ // Hopes to exercise the code path where too few bytes arrive with Jetty for it to make an PLAIN/TLS
+ // determination and needs to await more bytes.
+ tunneler.addClientListener(new PreambleDelayingListener());
+ tunneler.start();
+
+ HttpTestHelper _restTestHelper = new HttpTestHelper(getBrokerAdmin(), null, tunneler.getLocalPort());
+ _restTestHelper.setTls(useTls);
+
+ Map<String, Object> metadata = _restTestHelper.getJsonAsMap("broker/getConnectionMetaData");
+ String transport = String.valueOf(metadata.get("transport"));
+ final String expected = useTls ? "SSL" : "TCP";
+ assertThat("Unexpected protocol", transport, CoreMatchers.is(equalTo(expected)));
+ }
+ }
+
+ private static class PreambleDelayingListener implements TCPTunneler.TunnelListener
+ {
+ private int _totalBytes;
+
+ @Override
+ public void clientConnected(final InetSocketAddress clientAddress)
+ {
+
+ }
+
+ @Override
+ public void clientDisconnected(final InetSocketAddress clientAddress)
+ {
+
+ }
+
+ @Override
+ public void notifyClientToServerBytesDelivered(final InetAddress inetAddress,
+ final int numberOfBytesForwarded)
+ {
+ _totalBytes += numberOfBytesForwarded;
+ if (_totalBytes < 10)
+ {
+ try
+ {
+ Thread.sleep(10);
+ }
+ catch (InterruptedException e)
+ {
+ Thread.currentThread().interrupt();
+ }
+ }
+ }
+
+ @Override
+ public void notifyServerToClientBytesDelivered(final InetAddress inetAddress,
+ final int numberOfBytesForwarded)
+ {
+
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/8c88850e/systests/src/test/java/org/apache/qpid/systest/rest/AnonymousAccessRestTest.java
----------------------------------------------------------------------
diff --git a/systests/src/test/java/org/apache/qpid/systest/rest/AnonymousAccessRestTest.java b/systests/src/test/java/org/apache/qpid/systest/rest/AnonymousAccessRestTest.java
deleted file mode 100644
index 2de5117..0000000
--- a/systests/src/test/java/org/apache/qpid/systest/rest/AnonymousAccessRestTest.java
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.qpid.systest.rest;
-
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.qpid.server.management.plugin.HttpManagement;
-import org.apache.qpid.server.model.AuthenticationProvider;
-import org.apache.qpid.server.model.Broker;
-import org.apache.qpid.server.model.Plugin;
-import org.apache.qpid.server.model.Port;
-import org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager;
-import org.apache.qpid.test.utils.TestBrokerConfiguration;
-
-public class AnonymousAccessRestTest extends QpidRestTestCase
-{
- @Override
- public void startDefaultBroker()
- {
- // prevent broker from starting in setUp
- }
-
- public void startBrokerNow() throws Exception
- {
- super.startDefaultBroker();
-
- // reset credentials
- getRestTestHelper().setUsernameAndPassword(null, null);
- }
-
- @Override
- protected void customizeConfiguration() throws Exception
- {
- super.customizeConfiguration();
- TestBrokerConfiguration config = getDefaultBrokerConfiguration();
-
- Map<String, Object> anonymousAuthProviderAttributes = new HashMap<String, Object>();
- anonymousAuthProviderAttributes.put(AuthenticationProvider.TYPE, AnonymousAuthenticationManager.PROVIDER_TYPE);
- anonymousAuthProviderAttributes.put(AuthenticationProvider.NAME, TestBrokerConfiguration.ENTRY_NAME_ANONYMOUS_PROVIDER);
- config.addObjectConfiguration(AuthenticationProvider.class, anonymousAuthProviderAttributes);
-
- // set anonymous authentication provider on http port for the tests
- config.setObjectAttribute(Port.class, TestBrokerConfiguration.ENTRY_NAME_HTTP_PORT, Port.AUTHENTICATION_PROVIDER,
- TestBrokerConfiguration.ENTRY_NAME_ANONYMOUS_PROVIDER);
- config.setObjectAttribute(Plugin.class, TestBrokerConfiguration.ENTRY_NAME_HTTP_MANAGEMENT, HttpManagement.HTTP_BASIC_AUTHENTICATION_ENABLED, false);
-
- }
-
- public void testGetWithAnonymousProvider() throws Exception
- {
- startBrokerNow();
-
- Map<String, Object> brokerDetails = getRestTestHelper().getJsonAsMap("broker");
- assertNotNull("Unexpected broker attributes", brokerDetails);
- assertNotNull("Unexpected value of attribute " + Broker.ID, brokerDetails.get(Broker.ID));
- }
-
- public void testPutAnonymousProvider() throws Exception
- {
- startBrokerNow();
-
- Map<String, Object> brokerAttributes = new HashMap<String, Object>();
- String newBrokerName = getName();
- brokerAttributes.put(Broker.NAME, newBrokerName);
-
- getRestTestHelper().submitRequest("broker", "PUT", brokerAttributes, HttpServletResponse.SC_OK);
-
- Map<String, Object> brokerDetails = getRestTestHelper().getJsonAsMap("broker");
- assertNotNull("Unexpected broker attributes", brokerDetails);
- assertNotNull("Unexpected value of attribute " + Broker.ID, brokerDetails.get(Broker.ID));
- assertEquals("Unexpected default virtual host", newBrokerName, brokerDetails.get(Broker.NAME));
- }
-
- public void testGetWithPasswordAuthProvider() throws Exception
- {
- getDefaultBrokerConfiguration().setObjectAttribute(Port.class, TestBrokerConfiguration.ENTRY_NAME_HTTP_PORT, Port.AUTHENTICATION_PROVIDER,
- TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER);
- startBrokerNow();
-
- getRestTestHelper().submitRequest("broker", "GET", HttpServletResponse.SC_UNAUTHORIZED);
- }
-
- public void testPutWithPasswordAuthProvider() throws Exception
- {
- String newBrokerName = getName();
- getDefaultBrokerConfiguration().setObjectAttribute(Port.class, TestBrokerConfiguration.ENTRY_NAME_HTTP_PORT, Port.AUTHENTICATION_PROVIDER,
- TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER);
- startBrokerNow();
-
- Map<String, Object> brokerAttributes = new HashMap<String, Object>();
- brokerAttributes.put(Broker.NAME, newBrokerName);
-
- getRestTestHelper().submitRequest("broker", "PUT", brokerAttributes, HttpServletResponse.SC_UNAUTHORIZED);
- }
-}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/8c88850e/systests/src/test/java/org/apache/qpid/systest/rest/BrokerRestHttpAndHttpsTest.java
----------------------------------------------------------------------
diff --git a/systests/src/test/java/org/apache/qpid/systest/rest/BrokerRestHttpAndHttpsTest.java b/systests/src/test/java/org/apache/qpid/systest/rest/BrokerRestHttpAndHttpsTest.java
deleted file mode 100644
index 7bad826..0000000
--- a/systests/src/test/java/org/apache/qpid/systest/rest/BrokerRestHttpAndHttpsTest.java
+++ /dev/null
@@ -1,168 +0,0 @@
-/*
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.qpid.systest.rest;
-
-import static org.apache.qpid.test.utils.TestSSLConstants.TRUSTSTORE;
-import static org.apache.qpid.test.utils.TestSSLConstants.TRUSTSTORE_PASSWORD;
-
-import java.io.IOException;
-import java.net.InetAddress;
-import java.net.InetSocketAddress;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-
-import org.apache.qpid.server.model.AuthenticationProvider;
-import org.apache.qpid.server.model.Port;
-import org.apache.qpid.server.model.Protocol;
-import org.apache.qpid.server.model.Transport;
-import org.apache.qpid.test.utils.TCPTunneler;
-import org.apache.qpid.test.utils.TestBrokerConfiguration;
-
-public class BrokerRestHttpAndHttpsTest extends QpidRestTestCase
-{
- @Override
- public void setUp() throws Exception
- {
- setSystemProperty("javax.net.debug", "ssl");
- super.setUp();
- setSystemProperty("javax.net.ssl.trustStore", TRUSTSTORE);
- setSystemProperty("javax.net.ssl.trustStorePassword", TRUSTSTORE_PASSWORD);
- }
-
- @Override
- protected void customizeConfiguration() throws Exception
- {
- super.customizeConfiguration();
- Map<String, Object> newAttributes = new HashMap<>();
- newAttributes.put(Port.PROTOCOLS, Collections.singleton(Protocol.HTTP));
- newAttributes.put(Port.TRANSPORTS, Arrays.asList(Transport.SSL, Transport.TCP));
- newAttributes.put(Port.KEY_STORE, TestBrokerConfiguration.ENTRY_NAME_SSL_KEYSTORE);
- getDefaultBrokerConfiguration().setObjectAttributes(Port.class, TestBrokerConfiguration.ENTRY_NAME_HTTP_PORT, newAttributes);
- getDefaultBrokerConfiguration().setObjectAttribute(AuthenticationProvider.class, TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER,
- "secureOnlyMechanisms",
- "[\"PLAIN\"]");
-
- }
-
- public void testGetWithHttps() throws Exception
- {
- Collection<String> results = getMechanisms(true);
- assertTrue("mechanisms did not contain PLAIN: " + results, results.contains("PLAIN"));
- }
-
-
- public void testGetWithHttp() throws Exception
- {
- Collection<String> results = getMechanisms(false);
- assertFalse("mechanisms incorrectly contains PLAIN: " + results, results.contains("PLAIN"));
- }
-
- public void testSlowConnectHttp() throws Exception
- {
- doTestSlowConnect(false);
- }
-
- public void testSlowConnectHttps() throws Exception
- {
- doTestSlowConnect(true);
- }
-
- private void doTestSlowConnect(final boolean useSsl) throws Exception
- {
- try(TCPTunneler tunneler = new TCPTunneler(0, "localhost", getDefaultBroker().getHttpPort(), 1, 2))
- {
- // Hopes to exercise the code path where too few bytes arrive with Jetty for it to make an PLAIN/TLS
- // determination and needs to await more bytes.
- tunneler.addClientListener(new PreambleDelayingListener());
- tunneler.start();
-
- _restTestHelper = configureRestHelper(useSsl, tunneler.getLocalPort());
- Map<String, Object> metadata = _restTestHelper.getJsonAsMap("/api/latest/broker/getConnectionMetaData");
- String transport = String.valueOf(metadata.get("transport"));
- assertEquals("Unexpected protocol", useSsl ? "SSL" : "TCP", transport);
- }
- }
-
- private Collection<String> getMechanisms(final boolean useSsl) throws IOException
- {
- int port = getDefaultBroker().getHttpPort();
- _restTestHelper = configureRestHelper(useSsl, port);
-
- Map<String, Object> mechanisms = _restTestHelper.getJsonAsMap("/service/sasl");
- return (Collection<String>) mechanisms.get("mechanisms");
- }
-
- private RestTestHelper configureRestHelper(final boolean useSsl, final int port)
- {
- RestTestHelper restTestHelper = new RestTestHelper(port);
- restTestHelper.setUseSsl(useSsl);
- if (useSsl)
- {
- restTestHelper.setTruststore(TRUSTSTORE, TRUSTSTORE_PASSWORD);
- }
- return restTestHelper;
- }
-
- private static class PreambleDelayingListener implements TCPTunneler.TunnelListener
- {
- private int _totalBytes;
-
- @Override
- public void clientConnected(final InetSocketAddress clientAddress)
- {
-
- }
-
- @Override
- public void clientDisconnected(final InetSocketAddress clientAddress)
- {
-
- }
-
- @Override
- public void notifyClientToServerBytesDelivered(final InetAddress inetAddress,
- final int numberOfBytesForwarded)
- {
- _totalBytes += numberOfBytesForwarded;
- if (_totalBytes < 10)
- {
- try
- {
- Thread.sleep(10);
- }
- catch (InterruptedException e)
- {
- Thread.currentThread().interrupt();
- }
- }
- }
-
- @Override
- public void notifyServerToClientBytesDelivered(final InetAddress inetAddress,
- final int numberOfBytesForwarded)
- {
-
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/8c88850e/systests/src/test/java/org/apache/qpid/systest/rest/BrokerRestHttpsTest.java
----------------------------------------------------------------------
diff --git a/systests/src/test/java/org/apache/qpid/systest/rest/BrokerRestHttpsTest.java b/systests/src/test/java/org/apache/qpid/systest/rest/BrokerRestHttpsTest.java
deleted file mode 100644
index 8a96747..0000000
--- a/systests/src/test/java/org/apache/qpid/systest/rest/BrokerRestHttpsTest.java
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.qpid.systest.rest;
-
-import static org.apache.qpid.test.utils.TestSSLConstants.TRUSTSTORE;
-import static org.apache.qpid.test.utils.TestSSLConstants.TRUSTSTORE_PASSWORD;
-
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-
-import org.apache.qpid.server.model.Broker;
-import org.apache.qpid.server.model.BrokerModel;
-import org.apache.qpid.server.model.ConfiguredObject;
-import org.apache.qpid.server.model.Port;
-import org.apache.qpid.server.model.Protocol;
-import org.apache.qpid.server.model.Transport;
-import org.apache.qpid.test.utils.TestBrokerConfiguration;
-
-public class BrokerRestHttpsTest extends QpidRestTestCase
-{
- @Override
- public void setUp() throws Exception
- {
- setSystemProperty("javax.net.debug", "ssl");
- super.setUp();
- _restTestHelper = new RestTestHelper(getDefaultBroker().getHttpsPort());
- _restTestHelper.setUseSsl(true);
- _restTestHelper.setTruststore(TRUSTSTORE, TRUSTSTORE_PASSWORD);
- }
-
- @Override
- protected void customizeConfiguration() throws Exception
- {
- super.customizeConfiguration();
- Map<String, Object> newAttributes = new HashMap<String, Object>();
- newAttributes.put(Port.PROTOCOLS, Collections.singleton(Protocol.HTTP));
- newAttributes.put(Port.TRANSPORTS, Collections.singleton(Transport.SSL));
- newAttributes.put(Port.KEY_STORE, TestBrokerConfiguration.ENTRY_NAME_SSL_KEYSTORE);
- getDefaultBrokerConfiguration().setObjectAttributes(Port.class, TestBrokerConfiguration.ENTRY_NAME_HTTP_PORT, newAttributes);
- }
-
- public void testGetWithHttps() throws Exception
- {
- Map<String, Object> brokerDetails = getRestTestHelper().getJsonAsMap("broker");
-
- Asserts.assertAttributesPresent(brokerDetails, BrokerModel.getInstance().getTypeRegistry().getAttributeNames(Broker.class),
- Broker.PROCESS_PID,
- Broker.CONFIDENTIAL_CONFIGURATION_ENCRYPTION_PROVIDER,
- ConfiguredObject.TYPE,
- ConfiguredObject.CREATED_BY,
- ConfiguredObject.CREATED_TIME,
- ConfiguredObject.LAST_UPDATED_BY,
- ConfiguredObject.LAST_UPDATED_TIME,
- ConfiguredObject.DESCRIPTION,
- ConfiguredObject.CONTEXT,
- ConfiguredObject.DESIRED_STATE,
- Broker.PREFERENCE_STORE_ATTRIBUTES);
- }
-}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/8c88850e/systests/src/test/java/org/apache/qpid/systest/rest/PreemtiveAuthRestTest.java
----------------------------------------------------------------------
diff --git a/systests/src/test/java/org/apache/qpid/systest/rest/PreemtiveAuthRestTest.java b/systests/src/test/java/org/apache/qpid/systest/rest/PreemtiveAuthRestTest.java
deleted file mode 100644
index 3864fab..0000000
--- a/systests/src/test/java/org/apache/qpid/systest/rest/PreemtiveAuthRestTest.java
+++ /dev/null
@@ -1,207 +0,0 @@
-/*
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.qpid.systest.rest;
-
-import static org.apache.qpid.test.utils.TestSSLConstants.TRUSTSTORE;
-import static org.apache.qpid.test.utils.TestSSLConstants.TRUSTSTORE_PASSWORD;
-import static org.apache.qpid.test.utils.TestSSLConstants.KEYSTORE;
-import static org.apache.qpid.test.utils.TestSSLConstants.KEYSTORE_PASSWORD;
-import static org.apache.qpid.test.utils.TestSSLConstants.UNTRUSTED_KEYSTORE;
-
-import java.io.IOException;
-import java.net.HttpURLConnection;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.qpid.server.management.plugin.HttpManagement;
-import org.apache.qpid.server.model.AuthenticationProvider;
-import org.apache.qpid.server.model.Plugin;
-import org.apache.qpid.server.model.Port;
-import org.apache.qpid.server.model.Protocol;
-import org.apache.qpid.server.model.Transport;
-import org.apache.qpid.server.security.auth.manager.ExternalAuthenticationManager;
-import org.apache.qpid.test.utils.TestBrokerConfiguration;
-import org.apache.qpid.test.utils.TestSSLConstants;
-
-public class PreemtiveAuthRestTest extends QpidRestTestCase
-{
- private static final String USERNAME = "admin";
- private static final String PASSWORD = "admin";
-
- @Override
- public void startDefaultBroker() throws Exception
- {
- //don't call super method, we will configure the broker in the test before doing so
- }
-
- @Override
- protected void customizeConfiguration() throws Exception
- {
- //do nothing, we will configure this locally
- }
-
- private void configure(boolean useSsl, final boolean useClientAuth) throws Exception
- {
- super.customizeConfiguration();
-
- setSystemProperty("javax.net.debug", "ssl");
- if (useSsl)
- {
- Map<String, Object> portAttributes = new HashMap<>();
- portAttributes.put(Port.PROTOCOLS, Collections.singleton(Protocol.HTTP));
- portAttributes.put(Port.TRANSPORTS, Collections.singleton(Transport.SSL));
- portAttributes.put(Port.KEY_STORE, TestBrokerConfiguration.ENTRY_NAME_SSL_KEYSTORE);
-
- if (useClientAuth)
- {
- portAttributes.put(Port.TRUST_STORES, Collections.singleton(TestBrokerConfiguration.ENTRY_NAME_SSL_TRUSTSTORE));
- portAttributes.put(Port.NEED_CLIENT_AUTH, "true");
- portAttributes.put(Port.AUTHENTICATION_PROVIDER, EXTERNAL_AUTHENTICATION_PROVIDER);
-
- Map<String, Object> externalProviderAttributes = new HashMap<>();
- externalProviderAttributes.put(AuthenticationProvider.TYPE, ExternalAuthenticationManager.PROVIDER_TYPE);
- externalProviderAttributes.put(AuthenticationProvider.NAME, EXTERNAL_AUTHENTICATION_PROVIDER);
- getDefaultBrokerConfiguration().addObjectConfiguration(AuthenticationProvider.class, externalProviderAttributes);
- }
-
- getDefaultBrokerConfiguration().setObjectAttributes(Port.class, TestBrokerConfiguration.ENTRY_NAME_HTTP_PORT, portAttributes);
- }
- }
-
- private void verifyGetBrokerAttempt(int responseCode) throws IOException
- {
- assertEquals(responseCode, getRestTestHelper().submitRequest("broker", "GET"));
- }
-
- public void testBasicAuth() throws Exception
- {
- configure(false, false);
- super.startDefaultBroker();
-
- _restTestHelper.setUsernameAndPassword(USERNAME, PASSWORD);
- verifyGetBrokerAttempt(HttpServletResponse.SC_OK);
- }
-
- public void testBasicAuth_WrongPassword() throws Exception
- {
- configure(false, false);
- super.startDefaultBroker();
-
- _restTestHelper.setUsernameAndPassword(USERNAME, "badpassword");
- verifyGetBrokerAttempt(HttpServletResponse.SC_UNAUTHORIZED);
- }
-
- public void testBasicAuthWhenDisabled() throws Exception
- {
- configure(false, false);
- getDefaultBrokerConfiguration().setObjectAttribute(Plugin.class, TestBrokerConfiguration.ENTRY_NAME_HTTP_MANAGEMENT, HttpManagement.HTTP_BASIC_AUTHENTICATION_ENABLED, false);
- super.startDefaultBroker();
- getRestTestHelper().setUseSsl(false);
- // Try the attempt with authentication, it should fail because
- // BASIC auth is disabled by default on non-secure connections.
- getRestTestHelper().setUsernameAndPassword(USERNAME, PASSWORD);
- verifyGetBrokerAttempt(HttpServletResponse.SC_UNAUTHORIZED);
- }
-
- public void testBasicAuth_Https() throws Exception
- {
- configure(true, false);
- super.startDefaultBroker();
- _restTestHelper = new RestTestHelper(getDefaultBroker().getHttpsPort());
- _restTestHelper.setUseSsl(true);
- _restTestHelper.setTruststore(TRUSTSTORE, TRUSTSTORE_PASSWORD);
-
- // Try the attempt with authentication, it should succeed because
- // BASIC auth is enabled by default on secure connections.
- _restTestHelper.setUsernameAndPassword(USERNAME, PASSWORD);
- verifyGetBrokerAttempt(HttpServletResponse.SC_OK);
- }
-
- public void testBasicAuthWhenDisabled_Https() throws Exception
- {
- configure(true, false);
- getDefaultBrokerConfiguration().setObjectAttribute(Plugin.class, TestBrokerConfiguration.ENTRY_NAME_HTTP_MANAGEMENT, HttpManagement.HTTPS_BASIC_AUTHENTICATION_ENABLED, false);
- super.startDefaultBroker();
- _restTestHelper = new RestTestHelper(getDefaultBroker().getHttpsPort());
- _restTestHelper.setUseSsl(true);
- _restTestHelper.setTruststore(TRUSTSTORE, TRUSTSTORE_PASSWORD);
-
- // Try the attempt with authentication, it should fail because
- // BASIC auth is now disabled on secure connections.
- _restTestHelper.setUsernameAndPassword(USERNAME, PASSWORD);
- verifyGetBrokerAttempt(HttpServletResponse.SC_UNAUTHORIZED);
- }
-
- public void testClientCertAuth() throws Exception
- {
- configure(true, true);
- super.startDefaultBroker();
- _restTestHelper = new RestTestHelper(getDefaultBroker().getHttpsPort());
- _restTestHelper.setUseSsl(true);
- _restTestHelper.setUseSslAuth(true);
- _restTestHelper.setTruststore(TRUSTSTORE, TRUSTSTORE_PASSWORD);
- _restTestHelper.setKeystore(KEYSTORE, KEYSTORE_PASSWORD);
-
- _restTestHelper.setUsernameAndPassword(null, null);
- verifyGetBrokerAttempt(HttpServletResponse.SC_OK);
- }
-
- public void testClientCertAuth_UntrustedClientCert() throws Exception
- {
- configure(true, true);
- super.startDefaultBroker();
- _restTestHelper = new RestTestHelper(getDefaultBroker().getHttpsPort());
- _restTestHelper.setUseSsl(true);
- _restTestHelper.setUseSslAuth(true);
- _restTestHelper.setTruststore(TRUSTSTORE, TRUSTSTORE_PASSWORD);
- _restTestHelper.setKeystore(UNTRUSTED_KEYSTORE, KEYSTORE_PASSWORD);
- _restTestHelper.setClientAuthAlias(TestSSLConstants.CERT_ALIAS_UNTRUSTED_CLIENT);
-
- _restTestHelper.setUsernameAndPassword(null, null);
-
- try
- {
- getRestTestHelper().submitRequest("broker", "GET");
- fail("Exception not thrown");
- }
- catch (IOException e)
- {
- e.printStackTrace();
- }
- }
-
- public void testPreemptiveDoesNotCreateSession() throws Exception
- {
- configure(false, false);
- super.startDefaultBroker();
- _restTestHelper = new RestTestHelper(getDefaultBroker().getHttpPort());
-
- _restTestHelper.setUsernameAndPassword(USERNAME, PASSWORD);
- final HttpURLConnection firstConnection = _restTestHelper.openManagementConnection("broker", "GET");
- assertEquals("Unexpected server response", HttpServletResponse.SC_OK, firstConnection.getResponseCode());
- List<String> cookies = firstConnection.getHeaderFields().get("Set-Cookie");
- assertNull("Should not create session cookies", cookies);
- }
-}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org