You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by gm...@apache.org on 2018/04/04 00:17:58 UTC
qpid-dispatch git commit: DISPATCH-918 - Deprecated some attributes
of the sslProfile entity and introduced replacement with clearer names
Repository: qpid-dispatch
Updated Branches:
refs/heads/master 81fdd61fd -> f36c90335
DISPATCH-918 - Deprecated some attributes of the sslProfile entity and introduced replacement with clearer names
Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/f36c9033
Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/f36c9033
Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/f36c9033
Branch: refs/heads/master
Commit: f36c90335c3fdaff49472ade1a7acd3077aaa56b
Parents: 81fdd61
Author: Ganesh Murthy <gm...@redhat.com>
Authored: Tue Apr 3 20:17:43 2018 -0400
Committer: Ganesh Murthy <gm...@redhat.com>
Committed: Tue Apr 3 20:17:43 2018 -0400
----------------------------------------------------------------------
doc/man/qdrouterd.conf.5.py | 4 +-
doc/new-book/configuration-reference.adoc | 10 +--
doc/new-book/configuration-security.adoc | 12 ++--
doc/new-book/managing-using-qdmanage.adoc | 2 +-
include/qpid/dispatch/server.h | 2 +-
python/qpid_dispatch/management/qdrouter.json | 9 ++-
.../qpid_dispatch_internal/management/config.py | 2 +-
src/connection_manager.c | 18 +++---
src/server.c | 2 +-
tests/config-2/A-ssl.conf.in | 4 +-
tests/config-2/B-ssl.conf.in | 4 +-
tests/system_tests_http.py | 4 +-
tests/system_tests_qdmanage.py | 8 +--
tests/system_tests_qdstat.py | 8 +--
tests/system_tests_sasl_plain.py | 26 ++++----
tests/system_tests_user_id.py | 64 ++++++++++----------
tests/system_tests_user_id_proxy.py | 63 +++++++++----------
17 files changed, 124 insertions(+), 118 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f36c9033/doc/man/qdrouterd.conf.5.py
----------------------------------------------------------------------
diff --git a/doc/man/qdrouterd.conf.5.py b/doc/man/qdrouterd.conf.5.py
index e71f7a1..9c467b3 100644
--- a/doc/man/qdrouterd.conf.5.py
+++ b/doc/man/qdrouterd.conf.5.py
@@ -115,9 +115,9 @@ attribute of 'sslProfile' sections.
----
sslProfile {
name: my-ssl
- certDb: ca-certificate-1.pem
+ caCertFile: ca-certificate-1.pem
certFile: server-certificate-1.pem
- keyFile: server-private-key.pem
+ privateKeyFile: server-private-key.pem
}
listener {
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f36c9033/doc/new-book/configuration-reference.adoc
----------------------------------------------------------------------
diff --git a/doc/new-book/configuration-reference.adoc b/doc/new-book/configuration-reference.adoc
index b8d0a99..9ea6a12 100644
--- a/doc/new-book/configuration-reference.adoc
+++ b/doc/new-book/configuration-reference.adoc
@@ -51,9 +51,9 @@ A section could be referenced by another section using its `name` attribute. An
----
sslProfile {
name: ssl-profile-one
- certDb: ca-certificate-1.pem
+ caCertFile: ca-certificate-1.pem
certFile: server-certificate-1.pem
- keyFile: server-private-key.pem
+ privateKeyFile: server-private-key.pem
}
listener {
@@ -73,13 +73,13 @@ In the above example, the _sslProfile_ section named _ssl-profile-one_ is used t
Attributes for setting SSL/TLS configuration for connections.
-* *_certDb_* (path) : The absolute path to the database that contains the public certificates of trusted certificate authorities (CA).
+* *_caCertFile_* (path) : The absolute path to the database that contains the public certificates of trusted certificate authorities (CA).
* *_certFile_* (path) : The absolute path to the file containing the PEM-formatted public certificate to be used on the local end of any connections using this profile.
-* *_keyFile_* (path) : The absolute path to the file containing the PEM-formatted private key for the above certificate.
+* *_privateKeyFile_* (path) : The absolute path to the file containing the PEM-formatted private key for the above certificate.
* *_passwordFile_* (path) : If the above private key is password protected, this is the absolute path to a file containing the password that unlocks the certificate key.
* *_password_* (string) : An alternative to storing the password in a file referenced by passwordFile is to supply the password right here in the configuration file. This option can be used by supplying the password in the ‘password’ option. Don’t use both password and passwordFile in the same profile.
* *_uidFormat_* (string) : A list of x509 client certificate fields that will be used to build a string that will uniquely identify the client certificate owner. For example, a value of ‘cou’ indicates that the uid will consist of c - common name concatenated with o - organization-company name concatenated with u - organization unit; or a value of ‘oF’ indicates that the uid will consist of o (organization name) concatenated with F (the sha256 fingerprint of the entire certificate) . Allowed values can be any combination of comma separated ‘c’( ISO3166 two character country code), ‘s’(state or province), ‘l’(Locality; generally - city), ‘o’(Organization - Company Name), ‘u’(Organization Unit - typically certificate type or brand), ‘n’(CommonName - typically a username for client certificates) and ‘1’(sha1 certificate fingerprint, as displayed in the fingerprints section when looking at a certificate with say a web browser is the hash of the entire
certificate) and 2 (sha256 certificate fingerprint) and 5 (sha512 certificate fingerprint).
-* *_displayNameFile_* (string) : The absolute path to the file containing the unique id to display name mapping.
+* *_uidNameMappingFile_* (string) : The absolute path to the file containing the unique id to display name mapping.
* *_name_* (string) : The name of the profile used for referencing it from _listener_ and _connector_ sections.
*Used by* : _listener_, _connector_.
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f36c9033/doc/new-book/configuration-security.adoc
----------------------------------------------------------------------
diff --git a/doc/new-book/configuration-security.adoc b/doc/new-book/configuration-security.adoc
index be0c261..778d1fc 100644
--- a/doc/new-book/configuration-security.adoc
+++ b/doc/new-book/configuration-security.adoc
@@ -52,9 +52,9 @@ You must have the following files in PEM format:
sslProfile {
name: _NAME_
ciphers: _CIPHERS_
- certDb: _PATH_.pem
+ caCertFile: _PATH_.pem
certFile: _PATH_.pem
- keyFile: _PATH_.pem
+ privateKeyFile: _PATH_.pem
password: _PASSWORD/PATH_TO_PASSWORD_FILE_
...
}
@@ -80,13 +80,13 @@ ciphers: ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
+
To see the full list of available ciphers, use the `openssl ciphers` command. For more information about each cipher, see the link:https://www.openssl.org/docs/manmaster/man1/ciphers.html[ciphers man page^].
-`certDb`:: The absolute path to the database that contains the public certificates of trusted certificate authorities (CA).
+`caCertFile`:: The absolute path to the file that contains the public certificates of trusted certificate authorities (CA).
+
For example:
+
[options="nowrap"]
----
-certDb: /qdrouterd/ssl_certs/ca-cert.pem
+caCertFile: /qdrouterd/ssl_certs/ca-cert.pem
----
`certFile`:: The absolute path to the file containing the PEM-formatted public certificate to be used on the local end of any connections using this profile.
@@ -98,13 +98,13 @@ For example:
certFile: /qdrouterd/ssl_certs/router-cert-pwd.pem
----
-`keyFile`:: The absolute path to the file containing the PEM-formatted private key for the above certificate.
+`privateKeyFile`:: The absolute path to the file containing the PEM-formatted private key for the above certificate.
+
For example:
+
[options="nowrap"]
----
-keyFile: /qdrouterd/ssl_certs/router-key-pwd.pem
+privateKeyFile: /qdrouterd/ssl_certs/router-key-pwd.pem
----
`passwordFile` or `password`:: If the private key is password-protected, you must provide the password by either specifying the absolute path to a file containing the password that unlocks the certificate key, or entering the password directly in the configuration file.
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f36c9033/doc/new-book/managing-using-qdmanage.adoc
----------------------------------------------------------------------
diff --git a/doc/new-book/managing-using-qdmanage.adoc b/doc/new-book/managing-using-qdmanage.adoc
index fae8653..f61b224 100644
--- a/doc/new-book/managing-using-qdmanage.adoc
+++ b/doc/new-book/managing-using-qdmanage.adoc
@@ -317,7 +317,7 @@ qdmanage query --type=sslProfile
a|
[options="nowrap",subs="+quotes"]
----
-qdmanage create --type=sslProfile --name=_NAME_ --certDB=_PATH_ --certFile=_PATH_ --keyFile=_PATH_ --_ATTRIBUTE_=_VALUE_ ...
+qdmanage create --type=sslProfile --name=_NAME_ --certDB=_PATH_ --certFile=_PATH_ --privateKeyFile=_PATH_ --_ATTRIBUTE_=_VALUE_ ...
----
|Add SSL/TLS encryption to an incoming connection
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f36c9033/include/qpid/dispatch/server.h
----------------------------------------------------------------------
diff --git a/include/qpid/dispatch/server.h b/include/qpid/dispatch/server.h
index 4ae9188..9fe9c2c 100644
--- a/include/qpid/dispatch/server.h
+++ b/include/qpid/dispatch/server.h
@@ -274,7 +274,7 @@ typedef struct qd_server_config_t {
/**
* Full path to the file that contains the uid to display name mapping.
*/
- char *ssl_display_name_file;
+ char *ssl_uid_name_mapping_file;
/**
* The password used to sign the private key, or NULL if the key is not protected.
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f36c9033/python/qpid_dispatch/management/qdrouter.json
----------------------------------------------------------------------
diff --git a/python/qpid_dispatch/management/qdrouter.json b/python/qpid_dispatch/management/qdrouter.json
index b32ed0f..9b801c7 100644
--- a/python/qpid_dispatch/management/qdrouter.json
+++ b/python/qpid_dispatch/management/qdrouter.json
@@ -610,9 +610,10 @@
"description": "The TLS protocols that this sslProfile can use. You can specify a list of one or more of TLSv1, TLSv1.1, or TLSv1.2. To specify multiple protocols, separate the protocols with a space. For example, to permit the sslProfile to use TLS v1.1 and TLS v1.2 only, you would set the value to TLSv1.1 TLSv1.2. If you do not specify a value, the sslProfile uses the TLS protocol specified by the system-wide configuration.",
"create": true
},
- "certDb": {
+ "caCertFile": {
"type": "path",
"description": "The absolute path to the database that contains the public certificates of trusted certificate authorities (CA).",
+ "deprecationName": "certDb",
"create": true
},
"certFile": {
@@ -621,9 +622,10 @@
"create": true
},
- "keyFile": {
+ "privateKeyFile": {
"type": "path",
"description": "The absolute path to the file containing the PEM-formatted private key for the above certificate.",
+ "deprecationName": "keyFile",
"create": true
},
@@ -644,9 +646,10 @@
"description": "A list of x509 client certificate fields that will be used to build a string that will uniquely identify the client certificate owner. For e.g. a value of 'cou' indicates that the uid will consist of c - common name concatenated with o - organization-company name concatenated with u - organization unit; or a value of 'o2' indicates that the uid will consist of o (organization name) concatenated with 2 (the sha256 fingerprint of the entire certificate) . Allowed values can be any combination of 'c'( ISO3166 two character country code), 's'(state or province), 'l'(Locality; generally - city), 'o'(Organization - Company Name), 'u'(Organization Unit - typically certificate type or brand), 'n'(CommonName - typically a user name for client certificates) and '1'(sha1 certificate fingerprint, as displayed in the fingerprints section when looking at a certificate with say a web browser is the hash of the entire certificate) and 2 (sha256 certificate finger
print) and 5 (sha512 certificate fingerprint). The user identifier (uid) that is generated based on the uidFormat is a string which has a semi-colon as a separator between the components",
"create": true
},
- "displayNameFile": {
+ "uidNameMappingFile": {
"type": "string",
"description": "The absolute path to the file containing the unique id to display name mapping",
+ "deprecationName": "displayNameFile",
"create": true
}
}
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f36c9033/python/qpid_dispatch_internal/management/config.py
----------------------------------------------------------------------
diff --git a/python/qpid_dispatch_internal/management/config.py b/python/qpid_dispatch_internal/management/config.py
index ecda9c6..cd60b2f 100644
--- a/python/qpid_dispatch_internal/management/config.py
+++ b/python/qpid_dispatch_internal/management/config.py
@@ -184,7 +184,7 @@ def configure_dispatch(dispatch, lib_handle, filename):
for a in config.by_type(t):
configure(a)
if t == "sslProfile":
- display_file_name = a.get('displayNameFile')
+ display_file_name = a.get('uidNameMappingFile')
if display_file_name:
ssl_profile_name = a.get('name')
displayname_service.add(ssl_profile_name, display_file_name)
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f36c9033/src/connection_manager.c
----------------------------------------------------------------------
diff --git a/src/connection_manager.c b/src/connection_manager.c
index 2d14de1..3aa1913 100644
--- a/src/connection_manager.c
+++ b/src/connection_manager.c
@@ -41,7 +41,7 @@ struct qd_config_ssl_profile_t {
char *ssl_trusted_certificate_db;
char *ssl_trusted_certificates;
char *ssl_uid_format;
- char *ssl_display_name_file;
+ char *uid_name_mapping_file;
char *ssl_certificate_file;
char *ssl_private_key_file;
char *ssl_ciphers;
@@ -148,7 +148,7 @@ void qd_server_config_free(qd_server_config_t *cf)
if (cf->ssl_trusted_certificate_db) free(cf->ssl_trusted_certificate_db);
if (cf->ssl_trusted_certificates) free(cf->ssl_trusted_certificates);
if (cf->ssl_uid_format) free(cf->ssl_uid_format);
- if (cf->ssl_display_name_file) free(cf->ssl_display_name_file);
+ if (cf->ssl_uid_name_mapping_file) free(cf->ssl_uid_name_mapping_file);
memset(cf, 0, sizeof(*cf));
}
@@ -394,7 +394,7 @@ static qd_error_t load_server_config(qd_dispatch_t *qd, qd_server_config_t *conf
config->ssl_trusted_certificate_db = SSTRDUP(ssl_profile->ssl_trusted_certificate_db);
config->ssl_trusted_certificates = SSTRDUP(ssl_profile->ssl_trusted_certificates);
config->ssl_uid_format = SSTRDUP(ssl_profile->ssl_uid_format);
- config->ssl_display_name_file = SSTRDUP(ssl_profile->ssl_display_name_file);
+ config->ssl_uid_name_mapping_file = SSTRDUP(ssl_profile->uid_name_mapping_file);
}
}
@@ -476,7 +476,7 @@ static bool config_ssl_profile_free(qd_connection_manager_t *cm, qd_config_ssl_p
free(ssl_profile->ssl_trusted_certificate_db);
free(ssl_profile->ssl_trusted_certificates);
free(ssl_profile->ssl_uid_format);
- free(ssl_profile->ssl_display_name_file);
+ free(ssl_profile->uid_name_mapping_file);
free(ssl_profile->ssl_certificate_file);
free(ssl_profile->ssl_private_key_file);
free(ssl_profile->ssl_ciphers);
@@ -510,7 +510,7 @@ qd_config_ssl_profile_t *qd_dispatch_configure_ssl_profile(qd_dispatch_t *qd, qd
DEQ_INSERT_TAIL(cm->config_ssl_profiles, ssl_profile);
ssl_profile->name = qd_entity_opt_string(entity, "name", 0); CHECK();
ssl_profile->ssl_certificate_file = qd_entity_opt_string(entity, "certFile", 0); CHECK();
- ssl_profile->ssl_private_key_file = qd_entity_opt_string(entity, "keyFile", 0); CHECK();
+ ssl_profile->ssl_private_key_file = qd_entity_opt_string(entity, "privateKeyFile", 0); CHECK();
ssl_profile->ssl_password = qd_entity_opt_string(entity, "password", 0); CHECK();
if (!ssl_profile->ssl_password) {
@@ -545,10 +545,10 @@ qd_config_ssl_profile_t *qd_dispatch_configure_ssl_profile(qd_dispatch_t *qd, qd
}
ssl_profile->ssl_ciphers = qd_entity_opt_string(entity, "ciphers", 0); CHECK();
ssl_profile->ssl_protocols = qd_entity_opt_string(entity, "protocols", 0); CHECK();
- ssl_profile->ssl_trusted_certificate_db = qd_entity_opt_string(entity, "certDb", 0); CHECK();
- ssl_profile->ssl_trusted_certificates = qd_entity_opt_string(entity, "trustedCertsFile", 0); CHECK();
- ssl_profile->ssl_uid_format = qd_entity_opt_string(entity, "uidFormat", 0); CHECK();
- ssl_profile->ssl_display_name_file = qd_entity_opt_string(entity, "displayNameFile", 0); CHECK();
+ ssl_profile->ssl_trusted_certificate_db = qd_entity_opt_string(entity, "caCertFile", 0); CHECK();
+ ssl_profile->ssl_trusted_certificates = qd_entity_opt_string(entity, "trustedCertsFile", 0); CHECK();
+ ssl_profile->ssl_uid_format = qd_entity_opt_string(entity, "uidFormat", 0); CHECK();
+ ssl_profile->uid_name_mapping_file = qd_entity_opt_string(entity, "uidNameMappingFile", 0); CHECK();
//
// Process the password to handle any modifications or lookups needed
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f36c9033/src/server.c
----------------------------------------------------------------------
diff --git a/src/server.c b/src/server.c
index a8dc423..8a18630 100644
--- a/src/server.c
+++ b/src/server.c
@@ -297,7 +297,7 @@ static const char *transport_get_user(qd_connection_t *conn, pn_transport_t *tpo
}
}
}
- if (config->ssl_display_name_file) {
+ if (config->ssl_uid_name_mapping_file) {
// Translate extracted id into display name
qd_python_lock_state_t lock_state = qd_python_lock();
PyObject *result = PyObject_CallMethod((PyObject *)conn->server->py_displayname_obj, "query", "(ss)", config->ssl_profile, user_id );
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f36c9033/tests/config-2/A-ssl.conf.in
----------------------------------------------------------------------
diff --git a/tests/config-2/A-ssl.conf.in b/tests/config-2/A-ssl.conf.in
index 74b5677..4b975b5 100644
--- a/tests/config-2/A-ssl.conf.in
+++ b/tests/config-2/A-ssl.conf.in
@@ -30,9 +30,9 @@ router {
sslProfile {
name: test-ssl
- certDb: ${QPID_DISPATCH_HOME_INSTALLED}/tests/config-2/ca-certificate.pem
+ caCertFile: ${QPID_DISPATCH_HOME_INSTALLED}/tests/config-2/ca-certificate.pem
certFile: ${QPID_DISPATCH_HOME_INSTALLED}/tests/config-2/server-certificate.pem
- keyFile: ${QPID_DISPATCH_HOME_INSTALLED}/tests/config-2/server-private-key.pem
+ privateKeyFile: ${QPID_DISPATCH_HOME_INSTALLED}/tests/config-2/server-private-key.pem
password: server-password
}
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f36c9033/tests/config-2/B-ssl.conf.in
----------------------------------------------------------------------
diff --git a/tests/config-2/B-ssl.conf.in b/tests/config-2/B-ssl.conf.in
index eabf133..e6312dc 100644
--- a/tests/config-2/B-ssl.conf.in
+++ b/tests/config-2/B-ssl.conf.in
@@ -25,9 +25,9 @@ router {
ssl-profile {
name: test-ssl
- certDb: ${QPID_DISPATCH_HOME_INSTALLED}/tests/config-2/ca-certificate.pem
+ caCertFile: ${QPID_DISPATCH_HOME_INSTALLED}/tests/config-2/ca-certificate.pem
certFile: ${QPID_DISPATCH_HOME_INSTALLED}/tests/config-2/client-certificate.pem
- keyFile: ${QPID_DISPATCH_HOME_INSTALLED}/tests/config-2/client-private-key.pem
+ privateKeyFile: ${QPID_DISPATCH_HOME_INSTALLED}/tests/config-2/client-private-key.pem
password: client-password
}
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f36c9033/tests/system_tests_http.py
----------------------------------------------------------------------
diff --git a/tests/system_tests_http.py b/tests/system_tests_http.py
index 4c79e33..d162cd4 100644
--- a/tests/system_tests_http.py
+++ b/tests/system_tests_http.py
@@ -108,9 +108,9 @@ class RouterTestHttp(TestCase):
config = Qdrouterd.Config([
('router', {'id': 'QDR.HTTPS'}),
('sslProfile', {'name': 'simple-ssl',
- 'certDb': self.ssl_file('ca-certificate.pem'),
+ 'caCertFile': self.ssl_file('ca-certificate.pem'),
'certFile': self.ssl_file('server-certificate.pem'),
- 'keyFile': self.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': self.ssl_file('server-private-key.pem'),
'ciphers': 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS',
'password': 'server-password'
}),
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f36c9033/tests/system_tests_qdmanage.py
----------------------------------------------------------------------
diff --git a/tests/system_tests_qdmanage.py b/tests/system_tests_qdmanage.py
index c3c704e..b54b487 100644
--- a/tests/system_tests_qdmanage.py
+++ b/tests/system_tests_qdmanage.py
@@ -40,9 +40,9 @@ class QdmanageTest(TestCase):
config_1 = Qdrouterd.Config([
('router', {'mode': 'interior', 'id': 'R1'}),
('sslProfile', {'name': 'server-ssl',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'password': 'server-password'}),
('listener', {'port': cls.tester.get_port()}),
('connector', {'role': 'inter-router', 'port': cls.inter_router_port}),
@@ -414,8 +414,8 @@ class QdmanageTest(TestCase):
def test_create_delete_ssl_profile(self):
ssl_profile_name = 'ssl-profile-test'
ssl_create_command = 'CREATE --type=sslProfile certFile=' + self.ssl_file('server-certificate.pem') + \
- ' keyFile=' + self.ssl_file('server-private-key.pem') + ' password=server-password' + \
- ' name=' + ssl_profile_name + ' certDb=' + self.ssl_file('ca-certificate.pem')
+ ' privateKeyFile=' + self.ssl_file('server-private-key.pem') + ' password=server-password' + \
+ ' name=' + ssl_profile_name + ' caCertFile=' + self.ssl_file('ca-certificate.pem')
output = json.loads(self.run_qdmanage(ssl_create_command))
self.assertEqual(output['name'], ssl_profile_name)
self.run_qdmanage('DELETE --type=sslProfile --name=' +
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f36c9033/tests/system_tests_qdstat.py
----------------------------------------------------------------------
diff --git a/tests/system_tests_qdstat.py b/tests/system_tests_qdstat.py
index bf85220..5868cca 100644
--- a/tests/system_tests_qdstat.py
+++ b/tests/system_tests_qdstat.py
@@ -124,9 +124,9 @@ try:
'workerThreads': 1,
'saslConfigName': 'tests-mech-EXTERNAL'}),
('sslProfile', {'name': 'server-ssl',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'password': 'server-password'}),
('listener', {'port': cls.tester.get_port()}),
('listener', {'port': cls.tester.get_port(), 'sslProfile': 'server-ssl', 'authenticatePeer': 'no', 'requireSsl': 'yes'}),
@@ -298,9 +298,9 @@ try:
'workerThreads': 1,
'saslConfigName': 'tests-mech-NOEXTERNAL'}),
('sslProfile', {'name': 'server-ssl',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'password': 'server-password'}),
('listener', {'port': cls.tester.get_port()}),
('listener', {'port': cls.tester.get_port(), 'sslProfile': 'server-ssl', 'authenticatePeer': 'no', 'requireSsl': 'yes'}),
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f36c9033/tests/system_tests_sasl_plain.py
----------------------------------------------------------------------
diff --git a/tests/system_tests_sasl_plain.py b/tests/system_tests_sasl_plain.py
index dc68c7a..dfb1df5 100644
--- a/tests/system_tests_sasl_plain.py
+++ b/tests/system_tests_sasl_plain.py
@@ -224,9 +224,9 @@ class RouterTestPlainSaslOverSsl(RouterTestPlainSaslCommon):
'sslProfile':'server-ssl-profile',
'saslMechanisms':'PLAIN', 'authenticatePeer': 'yes'}),
('sslProfile', {'name': 'server-ssl-profile',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'ciphers': 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS',
'protocols': 'TLSv1.1 TLSv1.2',
'password': 'server-password'}),
@@ -252,9 +252,9 @@ class RouterTestPlainSaslOverSsl(RouterTestPlainSaslCommon):
'id': 'QDR.Y'}),
('listener', {'host': '0.0.0.0', 'role': 'normal', 'port': y_listener_port}),
('sslProfile', {'name': 'client-ssl-profile',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('client-certificate.pem'),
- 'keyFile': cls.ssl_file('client-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('client-private-key.pem'),
'password': 'client-password'}),
])
@@ -356,9 +356,9 @@ class RouterTestVerifyHostNameYes(RouterTestPlainSaslCommon):
('listener', {'host': '0.0.0.0', 'role': 'normal', 'port': cls.tester.get_port(),
'authenticatePeer': 'no'}),
('sslProfile', {'name': 'server-ssl-profile',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'password': 'server-password'}),
('router', {'workerThreads': 1,
'id': 'QDR.X',
@@ -381,9 +381,9 @@ class RouterTestVerifyHostNameYes(RouterTestPlainSaslCommon):
'id': 'QDR.Y'}),
('listener', {'host': '0.0.0.0', 'role': 'normal', 'port': y_listener_port}),
('sslProfile', {'name': 'client-ssl-profile',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('client-certificate.pem'),
- 'keyFile': cls.ssl_file('client-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('client-private-key.pem'),
'password': 'client-password'}),
])
@@ -452,8 +452,10 @@ class RouterTestVerifyHostNameNo(RouterTestPlainSaslCommon):
('listener', {'host': '0.0.0.0', 'role': 'normal', 'port': cls.tester.get_port(),
'authenticatePeer': 'no'}),
('sslProfile', {'name': 'server-ssl-profile',
+ # certDb has been deprecated. We are using it here to test backward compatibility.
'certDb': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
+ # keyFile has been deprecated. We are using it here to test backward compatibility.
'keyFile': cls.ssl_file('server-private-key.pem'),
'password': 'server-password'}),
('router', {'workerThreads': 1,
@@ -479,9 +481,9 @@ class RouterTestVerifyHostNameNo(RouterTestPlainSaslCommon):
'id': 'QDR.Y'}),
('listener', {'host': '0.0.0.0', 'role': 'normal', 'port': y_listener_port}),
('sslProfile', {'name': 'client-ssl-profile',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('client-certificate.pem'),
- 'keyFile': cls.ssl_file('client-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('client-private-key.pem'),
'password': 'client-password'}),
])
@@ -551,9 +553,9 @@ class RouterTestVerifyHostNameNo(RouterTestPlainSaslCommon):
local_node.create({'type': 'sslProfile',
'name': 'client-ssl-profile',
'certFile': self.ssl_file('client-certificate.pem'),
- 'keyFile': self.ssl_file('client-private-key.pem'),
+ 'privateKeyFile': self.ssl_file('client-private-key.pem'),
'password': 'client-password',
- 'certDb': self.ssl_file('ca-certificate.pem')})
+ 'caCertFile': self.ssl_file('ca-certificate.pem')})
# re-create connector
local_node.create({'type': 'connector',
'name': 'connectorToX',
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f36c9033/tests/system_tests_user_id.py
----------------------------------------------------------------------
diff --git a/tests/system_tests_user_id.py b/tests/system_tests_user_id.py
index f9058c6..52093a7 100644
--- a/tests/system_tests_user_id.py
+++ b/tests/system_tests_user_id.py
@@ -42,118 +42,118 @@ class QdSSLUseridTest(TestCase):
# sha1
('sslProfile', {'name': 'server-ssl1',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'uidFormat': '1',
'password': 'server-password'}),
# sha256
('sslProfile', {'name': 'server-ssl2',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'uidFormat': '2',
'password': 'server-password'}),
# sha512
('sslProfile', {'name': 'server-ssl3',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'uidFormat': '5',
'password': 'server-password'}),
# sha256 combination
('sslProfile', {'name': 'server-ssl4',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'uidFormat': '2noucs',
'password': 'server-password'}),
# sha1 combination
('sslProfile', {'name': 'server-ssl5',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'uidFormat': '1cs',
'password': 'server-password'}),
# sha512 combination
('sslProfile', {'name': 'server-ssl6',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'uidFormat': 'cs5',
'password': 'server-password'}),
# no fingerprint field
('sslProfile', {'name': 'server-ssl7',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'uidFormat': 'nsuco',
'password': 'server-password'}),
# no fingerprint field variation
('sslProfile', {'name': 'server-ssl8',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'uidFormat': 'scounl',
'password': 'server-password'}),
#no uidFormat
('sslProfile', {'name': 'server-ssl9',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'password': 'server-password'}),
# one component of uidFormat is invalid (x), this will result in an error in the fingerprint calculation.
# The user_id will fall back to proton's pn_transport_get_user
('sslProfile', {'name': 'server-ssl10',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'uidFormat': '1x',
- 'displayNameFile': ssl_profile2_json,
+ 'uidNameMappingFile': ssl_profile2_json,
'password': 'server-password'}),
# All components in the uidFormat are unrecognized, pn_get_transport_user will be returned
('sslProfile', {'name': 'server-ssl11',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'uidFormat': 'abxd',
'password': 'server-password'}),
('sslProfile', {'name': 'server-ssl12',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'uidFormat': '1',
- 'displayNameFile': ssl_profile1_json,
+ 'uidNameMappingFile': ssl_profile1_json,
'password': 'server-password'}),
# should translate a display name
# specifying both passwordFile and password, password takes precedence.
('sslProfile', {'name': 'server-ssl13',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'uidFormat': '2',
- 'displayNameFile': ssl_profile2_json,
+ 'uidNameMappingFile': ssl_profile2_json,
'password': 'server-password',
'passwordFile': cls.ssl_file('server-password-file-bad.txt')}),
('sslProfile', {'name': 'server-ssl14',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'uidFormat': '1',
- 'displayNameFile': ssl_profile1_json,
+ 'uidNameMappingFile': ssl_profile1_json,
'passwordFile': cls.ssl_file('server-password-file.txt')}),
('listener', {'port': cls.tester.get_port(), 'sslProfile': 'server-ssl1', 'authenticatePeer': 'yes',
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/f36c9033/tests/system_tests_user_id_proxy.py
----------------------------------------------------------------------
diff --git a/tests/system_tests_user_id_proxy.py b/tests/system_tests_user_id_proxy.py
index 09d2d40..f9271d1 100644
--- a/tests/system_tests_user_id_proxy.py
+++ b/tests/system_tests_user_id_proxy.py
@@ -47,116 +47,117 @@ class QdSSLUseridTest(TestCase):
# sha1
('sslProfile', {'name': 'server-ssl1',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'uidFormat': '1',
'password': 'server-password'}),
# sha256
('sslProfile', {'name': 'server-ssl2',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'uidFormat': '2',
'password': 'server-password'}),
# sha512
('sslProfile', {'name': 'server-ssl3',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'uidFormat': '5',
'password': 'server-password'}),
# sha256 combination
('sslProfile', {'name': 'server-ssl4',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'uidFormat': '2noucs',
'password': 'server-password'}),
# sha1 combination
('sslProfile', {'name': 'server-ssl5',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'uidFormat': '1cs',
'password': 'server-password'}),
# sha512 combination
('sslProfile', {'name': 'server-ssl6',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'uidFormat': 'cs5',
'password': 'server-password'}),
# no fingerprint field
('sslProfile', {'name': 'server-ssl7',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'uidFormat': 'nsuco',
'password': 'server-password'}),
# no fingerprint field variation
('sslProfile', {'name': 'server-ssl8',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'uidFormat': 'scounl',
'password': 'server-password'}),
#no uidFormat
('sslProfile', {'name': 'server-ssl9',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'password': 'server-password'}),
# one component of uidFormat is invalid (x), the unrecognized component will be ignored,
# this will be treated like 'uidFormat': '1'
('sslProfile', {'name': 'server-ssl10',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'uidFormat': '1x',
- 'displayNameFile': ssl_profile2_json,
+ 'uidNameMappingFile': ssl_profile2_json,
'password': 'server-password'}),
# All components in the uidFormat are unrecognized, pn_get_transport_user will be returned
('sslProfile', {'name': 'server-ssl11',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'uidFormat': 'abxd',
'password': 'server-password'}),
('sslProfile', {'name': 'server-ssl12',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'uidFormat': '1',
- 'displayNameFile': ssl_profile1_json,
+ 'uidNameMappingFile': ssl_profile1_json,
'password': 'server-password'}),
# should translate a display name
('sslProfile', {'name': 'server-ssl13',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'uidFormat': '2',
+ # displayNameFile has been deprecated. We are using it here to test backward compatibility.
'displayNameFile': ssl_profile2_json,
'password': 'server-password'}),
('sslProfile', {'name': 'server-ssl14',
- 'certDb': cls.ssl_file('ca-certificate.pem'),
+ 'caCertFile': cls.ssl_file('ca-certificate.pem'),
'certFile': cls.ssl_file('server-certificate.pem'),
- 'keyFile': cls.ssl_file('server-private-key.pem'),
+ 'privateKeyFile': cls.ssl_file('server-private-key.pem'),
'uidFormat': '1',
- 'displayNameFile': ssl_profile1_json,
+ 'uidNameMappingFile': ssl_profile1_json,
'password': 'server-password'}),
('listener', {'port': cls.tester.get_port(), 'sslProfile': 'server-ssl1', 'authenticatePeer': 'yes',
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org