You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by or...@apache.org on 2018/01/21 21:24:12 UTC
qpid-broker-j git commit: QPID-6933: [System Tests] Refactor
MessageEncryptionTest as JMS 1.1 extension test
Repository: qpid-broker-j
Updated Branches:
refs/heads/master f1322a658 -> f86ff21d0
QPID-6933: [System Tests] Refactor MessageEncryptionTest as JMS 1.1 extension test
Project: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/commit/f86ff21d
Tree: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/tree/f86ff21d
Diff: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/diff/f86ff21d
Branch: refs/heads/master
Commit: f86ff21d0ed2735b1bbcba6bd71a2c018d14b482
Parents: f1322a6
Author: Alex Rudyy <or...@apache.org>
Authored: Sun Jan 21 21:23:39 2018 +0000
Committer: Alex Rudyy <or...@apache.org>
Committed: Sun Jan 21 21:23:57 2018 +0000
----------------------------------------------------------------------
.../apache/qpid/systests/ConnectionBuilder.java | 5 +
.../org/apache/qpid/systests/JmsTestBase.java | 7 +-
.../QpidJmsClient0xConnectionBuilder.java | 35 ++
.../QpidJmsClientConnectionBuilder.java | 30 ++
systests/qpid-systests-jms_1.1/pom.xml | 7 +
.../encryption/MessageEncryptionTest.java | 425 +++++++++++++++++++
.../MessageEncryptionTest.java | 398 -----------------
test-profiles/Java10Excludes | 3 -
8 files changed, 508 insertions(+), 402 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/f86ff21d/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/ConnectionBuilder.java
----------------------------------------------------------------------
diff --git a/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/ConnectionBuilder.java b/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/ConnectionBuilder.java
index 6e64fd2..031eb92 100644
--- a/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/ConnectionBuilder.java
+++ b/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/ConnectionBuilder.java
@@ -57,6 +57,11 @@ public interface ConnectionBuilder
ConnectionBuilder setKeyAlias(String alias);
ConnectionBuilder setSaslMechanisms(String... mechanism);
ConnectionBuilder setCompress(boolean compress);
+ ConnectionBuilder setEncryptionRemoteTrustStore(String encryptionTrustStore);
+ ConnectionBuilder setEncryptionTrustStore(String encryptionTrustStoreLocation);
+ ConnectionBuilder setEncryptionTrustStorePassword(String password);
+ ConnectionBuilder setEncryptionKeyStore(String encryptionKeyStoreLocation);
+ ConnectionBuilder setEncryptionKeyStorePassword(String password);
Connection build() throws NamingException, JMSException;
ConnectionFactory buildConnectionFactory() throws NamingException;
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/f86ff21d/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/JmsTestBase.java
----------------------------------------------------------------------
diff --git a/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/JmsTestBase.java b/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/JmsTestBase.java
index ae56d3f..d465cb4 100644
--- a/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/JmsTestBase.java
+++ b/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/JmsTestBase.java
@@ -160,7 +160,12 @@ public abstract class JmsTestBase extends BrokerAdminUsingTestBase
protected Queue createQueue(final String queueName) throws Exception
{
- Connection connection = getConnection();
+ return createQueue(getVirtualHostName(), queueName);
+ }
+
+ protected Queue createQueue(final String virtualHostName, final String queueName) throws Exception
+ {
+ Connection connection = getConnectionBuilder().setVirtualHost(virtualHostName).build();
try
{
connection.start();
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/f86ff21d/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/QpidJmsClient0xConnectionBuilder.java
----------------------------------------------------------------------
diff --git a/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/QpidJmsClient0xConnectionBuilder.java b/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/QpidJmsClient0xConnectionBuilder.java
index 2318634..2771f32 100644
--- a/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/QpidJmsClient0xConnectionBuilder.java
+++ b/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/QpidJmsClient0xConnectionBuilder.java
@@ -246,6 +246,41 @@ public class QpidJmsClient0xConnectionBuilder implements ConnectionBuilder
}
@Override
+ public ConnectionBuilder setEncryptionRemoteTrustStore(final String encryptionTrustStore)
+ {
+ _options.put("encryption_remote_trust_store", encryptionTrustStore);
+ return this;
+ }
+
+ @Override
+ public ConnectionBuilder setEncryptionTrustStore(final String encryptionTrustStoreLocation)
+ {
+ _options.put("encryption_trust_store", encryptionTrustStoreLocation);
+ return this;
+ }
+
+ @Override
+ public ConnectionBuilder setEncryptionTrustStorePassword(final String password)
+ {
+ _options.put("encryption_trust_store_password", password);
+ return this;
+ }
+
+ @Override
+ public ConnectionBuilder setEncryptionKeyStore(final String encryptionKeyStoreLocation)
+ {
+ _options.put("encryption_key_store", encryptionKeyStoreLocation);
+ return this;
+ }
+
+ @Override
+ public ConnectionBuilder setEncryptionKeyStorePassword(final String password)
+ {
+ _options.put("encryption_key_store_password", password);
+ return this;
+ }
+
+ @Override
public Connection build() throws JMSException, NamingException
{
return buildConnectionFactory().createConnection(_username, _password);
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/f86ff21d/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/QpidJmsClientConnectionBuilder.java
----------------------------------------------------------------------
diff --git a/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/QpidJmsClientConnectionBuilder.java b/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/QpidJmsClientConnectionBuilder.java
index 76e3a76..5ec1647 100644
--- a/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/QpidJmsClientConnectionBuilder.java
+++ b/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/QpidJmsClientConnectionBuilder.java
@@ -248,6 +248,36 @@ public class QpidJmsClientConnectionBuilder implements ConnectionBuilder
}
@Override
+ public ConnectionBuilder setEncryptionRemoteTrustStore(final String encryptionTrustStore)
+ {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public ConnectionBuilder setEncryptionTrustStore(final String encryptionTrustStoreLocation)
+ {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public ConnectionBuilder setEncryptionTrustStorePassword(final String password)
+ {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public ConnectionBuilder setEncryptionKeyStore(final String encryptionKeyStoreLocation)
+ {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
+ public ConnectionBuilder setEncryptionKeyStorePassword(final String password)
+ {
+ throw new UnsupportedOperationException();
+ }
+
+ @Override
public Connection build() throws NamingException, JMSException
{
return buildConnectionFactory().createConnection();
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/f86ff21d/systests/qpid-systests-jms_1.1/pom.xml
----------------------------------------------------------------------
diff --git a/systests/qpid-systests-jms_1.1/pom.xml b/systests/qpid-systests-jms_1.1/pom.xml
index cc07920..b5c908e 100644
--- a/systests/qpid-systests-jms_1.1/pom.xml
+++ b/systests/qpid-systests-jms_1.1/pom.xml
@@ -58,6 +58,13 @@
<artifactId>qpid-systests-utils</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.apache.qpid</groupId>
+ <artifactId>qpid-broker-core</artifactId>
+ <classifier>tests</classifier>
+ <scope>test</scope>
+ </dependency>
+
</dependencies>
<profiles>
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/f86ff21d/systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/encryption/MessageEncryptionTest.java
----------------------------------------------------------------------
diff --git a/systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/encryption/MessageEncryptionTest.java b/systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/encryption/MessageEncryptionTest.java
new file mode 100644
index 0000000..ca4a8dd
--- /dev/null
+++ b/systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/encryption/MessageEncryptionTest.java
@@ -0,0 +1,425 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.qpid.systests.jms_1_1.extensions.encryption;
+
+import static org.apache.qpid.systests.jms_1_1.extensions.tls.TlsTest.TEST_PROFILE_RESOURCE_BASE;
+import static org.apache.qpid.test.utils.TestSSLConstants.BROKER_PEERSTORE_PASSWORD;
+import static org.apache.qpid.test.utils.TestSSLConstants.KEYSTORE;
+import static org.apache.qpid.test.utils.TestSSLConstants.KEYSTORE_PASSWORD;
+import static org.hamcrest.CoreMatchers.equalTo;
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.CoreMatchers.not;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+import static org.junit.Assume.assumeThat;
+
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.crypto.Cipher;
+import javax.jms.Connection;
+import javax.jms.JMSException;
+import javax.jms.Message;
+import javax.jms.MessageConsumer;
+import javax.jms.MessageProducer;
+import javax.jms.Queue;
+import javax.jms.Session;
+import javax.jms.TextMessage;
+
+import org.junit.Before;
+import org.junit.Test;
+
+import org.apache.qpid.server.model.Protocol;
+import org.apache.qpid.server.security.FileTrustStore;
+import org.apache.qpid.server.virtualhost.TestMemoryVirtualHost;
+import org.apache.qpid.server.virtualhostnode.JsonVirtualHostNodeImpl;
+import org.apache.qpid.systests.JmsTestBase;
+import org.apache.qpid.test.utils.TestSSLConstants;
+
+public class MessageEncryptionTest extends JmsTestBase
+{
+ private static final String TEST_MESSAGE_TEXT = "test message";
+ private static final String ENCRYPTED_RECIPIENTS = "'CN=app1@acme.org, OU=art, O=acme, L=Toronto, ST=ON, C=CA'";
+ private static final String QUEUE_ADDRESS_WITH_SEND_ENCRYPTED =
+ "ADDR: %s ; {x-send-encrypted : true, x-encrypted-recipients : " + ENCRYPTED_RECIPIENTS + "}";
+ private static final String QUEUE_BURL_WITH_SEND_ENCRYPTED =
+ "BURL:direct:///%s/%s?sendencrypted='true'&encryptedrecipients=" + ENCRYPTED_RECIPIENTS;
+ private static final String BROKER_PEERSTORE = TEST_PROFILE_RESOURCE_BASE
+ + "${file.separator}test-profiles${file.separator}"
+ + "test_resources${file.separator}ssl${file.separator}"
+ + "java_broker_peerstore.jks";
+
+ @Before
+ public void setUp() throws Exception
+ {
+ assumeThat("AMQP 1.0 client does not support compression yet",
+ getProtocol(),
+ is(not(equalTo(Protocol.AMQP_1_0))));
+ assumeThat("Strong encryption is not enabled",
+ isStrongEncryptionEnabled(),
+ is(equalTo(Boolean.TRUE)));
+ }
+
+ @Test
+ public void testEncryptionUsingMessageHeader() throws Exception
+ {
+ Queue queue = createQueue(getTestName());
+ Connection producerConnection =
+ getConnectionBuilder().setEncryptionTrustStore(TestSSLConstants.BROKER_PEERSTORE)
+ .setEncryptionTrustStorePassword(BROKER_PEERSTORE_PASSWORD)
+ .build();
+ try
+ {
+ Connection recvConnection = getConnectionBuilder().setEncryptionKeyStore(KEYSTORE)
+ .setEncryptionKeyStorePassword(KEYSTORE_PASSWORD)
+ .build();
+ try
+ {
+ recvConnection.start();
+ final Session recvSession = recvConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ final MessageConsumer consumer = recvSession.createConsumer(queue);
+
+ final Session prodSession = producerConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ final MessageProducer producer = prodSession.createProducer(queue);
+
+ Message message = prodSession.createTextMessage(TEST_MESSAGE_TEXT);
+
+ message.setBooleanProperty("x-qpid-encrypt", true);
+ message.setStringProperty("x-qpid-encrypt-recipients",
+ "cn=app1@acme.org,ou=art,o=acme,l=toronto,st=on,c=ca");
+
+ producer.send(message);
+
+ Message receivedMessage = consumer.receive(getReceiveTimeout());
+ assertNotNull(receivedMessage);
+ assertTrue(receivedMessage instanceof TextMessage);
+ assertEquals(TEST_MESSAGE_TEXT, ((TextMessage) message).getText());
+ }
+ finally
+ {
+ recvConnection.close();
+ }
+ }
+ finally
+ {
+ producerConnection.close();
+ }
+ }
+
+ @Test
+ public void testEncryptionFromADDRAddress() throws Exception
+ {
+ assumeThat("Tests legacy client address syntax",
+ getProtocol(),
+ is(not(equalTo(Protocol.AMQP_1_0))));
+
+ String queueName = getTestName();
+ Queue queue = createQueue(queueName);
+ Connection producerConnection =
+ getConnectionBuilder().setEncryptionTrustStore(TestSSLConstants.BROKER_PEERSTORE)
+ .setEncryptionTrustStorePassword(BROKER_PEERSTORE_PASSWORD)
+ .build();
+ try
+ {
+ Connection recvConnection = getConnectionBuilder().setEncryptionKeyStore(KEYSTORE)
+ .setEncryptionKeyStorePassword(KEYSTORE_PASSWORD)
+ .build();
+ try
+ {
+ recvConnection.start();
+ final Session recvSession = recvConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+
+ final MessageConsumer consumer = recvSession.createConsumer(queue);
+
+ final Session prodSession = producerConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ Queue prodQueue = prodSession.createQueue(String.format(QUEUE_ADDRESS_WITH_SEND_ENCRYPTED, queueName));
+ final MessageProducer producer = prodSession.createProducer(prodQueue);
+
+ Message message = prodSession.createTextMessage(TEST_MESSAGE_TEXT);
+
+ producer.send(message);
+
+ Message receivedMessage = consumer.receive(getReceiveTimeout());
+ assertNotNull(receivedMessage);
+ assertTrue(receivedMessage instanceof TextMessage);
+ assertEquals(TEST_MESSAGE_TEXT, ((TextMessage) message).getText());
+ }
+ finally
+ {
+ recvConnection.close();
+ }
+ }
+ finally
+ {
+ producerConnection.close();
+ }
+ }
+
+ @Test
+ public void testEncryptionFromBURLAddress() throws Exception
+ {
+ assumeThat("Tests legacy client BURL syntax",
+ getProtocol(),
+ is(not(equalTo(Protocol.AMQP_1_0))));
+
+ String queueName = getTestName();
+ Queue queue = createQueue(queueName);
+ Connection producerConnection =
+ getConnectionBuilder().setEncryptionTrustStore(TestSSLConstants.BROKER_PEERSTORE)
+ .setEncryptionTrustStorePassword(BROKER_PEERSTORE_PASSWORD)
+ .build();
+ try
+ {
+ Connection recvConnection = getConnectionBuilder().setEncryptionKeyStore(KEYSTORE)
+ .setEncryptionKeyStorePassword(KEYSTORE_PASSWORD)
+ .build();
+ try
+ {
+ recvConnection.start();
+ final Session recvSession = recvConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+
+ final MessageConsumer consumer = recvSession.createConsumer(queue);
+
+ final Session prodSession = producerConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ Queue prodQueue =
+ prodSession.createQueue(String.format(QUEUE_BURL_WITH_SEND_ENCRYPTED, queueName, queueName));
+ final MessageProducer producer = prodSession.createProducer(prodQueue);
+
+ Message message = prodSession.createTextMessage(TEST_MESSAGE_TEXT);
+
+ producer.send(message);
+
+ Message receivedMessage = consumer.receive(getReceiveTimeout());
+ assertNotNull(receivedMessage);
+ assertTrue(receivedMessage instanceof TextMessage);
+ assertEquals(TEST_MESSAGE_TEXT, ((TextMessage) message).getText());
+ }
+ finally
+ {
+ recvConnection.close();
+ }
+ }
+ finally
+ {
+ producerConnection.close();
+ }
+ }
+
+ @Test
+ public void testBrokerAsTrustStoreProvider() throws Exception
+ {
+ String peerstore = "peerstore";
+ addPeerStoreToBroker(peerstore, Collections.emptyMap());
+ Queue queue = createQueue(getTestName());
+ Connection producerConnection =
+ getConnectionBuilder().setEncryptionRemoteTrustStore("$certificates%5c/" + peerstore).build();
+ try
+ {
+ Connection recvConnection = getConnectionBuilder().setEncryptionKeyStore(KEYSTORE)
+ .setEncryptionKeyStorePassword(KEYSTORE_PASSWORD)
+ .build();
+ try
+ {
+ recvConnection.start();
+ final Session recvSession = recvConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ final MessageConsumer consumer = recvSession.createConsumer(queue);
+
+ final Session prodSession = producerConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ final MessageProducer producer = prodSession.createProducer(queue);
+
+ Message message = prodSession.createTextMessage(TEST_MESSAGE_TEXT);
+
+ message.setBooleanProperty("x-qpid-encrypt", true);
+ message.setStringProperty("x-qpid-encrypt-recipients",
+ "cn=app1@acme.org,ou=art,o=acme,l=toronto,st=on,c=ca");
+
+ producer.send(message);
+
+ Message receivedMessage = consumer.receive(getReceiveTimeout());
+ assertNotNull(receivedMessage);
+ assertTrue(receivedMessage instanceof TextMessage);
+ assertEquals(TEST_MESSAGE_TEXT, ((TextMessage) message).getText());
+ }
+ finally
+ {
+ recvConnection.close();
+ }
+ }
+ finally
+ {
+ producerConnection.close();
+ }
+ }
+
+ @Test
+ public void testBrokerStoreProviderWithExcludedVirtualHostNode() throws Exception
+ {
+ String testName = getTestName();
+
+ String excludedVirtualHostNodeName = "vhn_" + testName;
+ createTestVirtualHostNode(excludedVirtualHostNodeName);
+ String peerstoreName = "peerstore_" + testName;
+ addPeerStoreToBroker(peerstoreName, Collections.singletonMap("excludedVirtualHostNodeMessageSources",
+ "[\"" + excludedVirtualHostNodeName + "\"]"));
+
+ Queue queue = createQueue(excludedVirtualHostNodeName, testName);
+ Connection producerConnection =
+ getConnectionBuilder().setEncryptionRemoteTrustStore("$certificates/" + peerstoreName)
+ .setVirtualHost(excludedVirtualHostNodeName)
+ .build();
+ try
+ {
+
+ final Session prodSession = producerConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ final MessageProducer producer = prodSession.createProducer(queue);
+
+ Message message = prodSession.createTextMessage(TEST_MESSAGE_TEXT);
+ message.setBooleanProperty("x-qpid-encrypt", true);
+ message.setStringProperty("x-qpid-encrypt-recipients",
+ "cn=app1@acme.org,ou=art,o=acme,l=toronto,st=on,c=ca");
+
+ try
+ {
+ producer.send(message);
+ fail("Should not be able to send message");
+ }
+ catch (JMSException e)
+ {
+ assertTrue("Wrong exception cause: " + e.getCause(), e.getCause() instanceof CertificateException);
+ }
+ }
+ finally
+ {
+ producerConnection.close();
+ }
+ }
+
+ @Test
+ public void testBrokerStoreProviderWithIncludedVirtualHostNode() throws Exception
+ {
+ String testName = getTestName();
+
+ String includeVirtualHostNodeName = "vhn_" + testName;
+ createTestVirtualHostNode(includeVirtualHostNodeName);
+
+ String peerStoreName = "peerstore_" + testName;
+ final Map<String, Object> additionalPeerStoreAttributes = new HashMap<>();
+ String messageSources = "[\"" + includeVirtualHostNodeName + "\"]";
+ additionalPeerStoreAttributes.put("includedVirtualHostNodeMessageSources", messageSources);
+ // this is deliberate to test that the include list takes precedence
+ additionalPeerStoreAttributes.put("excludedVirtualHostNodeMessageSources", messageSources);
+ addPeerStoreToBroker(peerStoreName, additionalPeerStoreAttributes);
+
+ Queue queue = createQueue(includeVirtualHostNodeName, testName);
+
+ Connection successfulProducerConnection =
+ getConnectionBuilder().setEncryptionRemoteTrustStore("$certificates/" + peerStoreName)
+ .setVirtualHost(includeVirtualHostNodeName)
+ .build();
+ try
+ {
+
+ Connection failingProducerConnection = getConnectionBuilder().setVirtualHost(includeVirtualHostNodeName)
+ .setEncryptionRemoteTrustStore("$certificates/"
+ + peerStoreName)
+ .build();
+
+ final Session successfulSession =
+ successfulProducerConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ final MessageProducer successfulProducer = successfulSession.createProducer(queue);
+ final Session failingSession = failingProducerConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+ final MessageProducer failingProducer = failingSession.createProducer(queue);
+
+ Message message = successfulSession.createTextMessage(TEST_MESSAGE_TEXT);
+ message.setBooleanProperty("x-qpid-encrypt", true);
+ message.setStringProperty("x-qpid-encrypt-recipients",
+ "cn=app1@acme.org,ou=art,o=acme,l=toronto,st=on,c=ca");
+
+ try
+ {
+ failingProducer.send(message);
+ fail("Should not be able to send message");
+ }
+ catch (JMSException e)
+ {
+ assertTrue("Wrong exception cause: " + e.getCause(), e.getCause() instanceof CertificateException);
+ }
+
+ successfulProducer.send(message);
+ }
+ finally
+ {
+ successfulProducerConnection.close();
+ }
+ }
+
+ private void addPeerStoreToBroker(final String peerStoreName,
+ final Map<String, Object> additionalAttributes) throws Exception
+ {
+ Map<String, Object> peerStoreAttributes = new HashMap<>();
+ peerStoreAttributes.put("name", peerStoreName);
+ peerStoreAttributes.put("storeUrl", BROKER_PEERSTORE);
+ peerStoreAttributes.put("password", BROKER_PEERSTORE_PASSWORD);
+ peerStoreAttributes.put("type", "FileTrustStore");
+ peerStoreAttributes.put("qpid-type", "FileTrustStore");
+ peerStoreAttributes.put("exposedAsMessageSource", true);
+ peerStoreAttributes.putAll(additionalAttributes);
+
+ createEntity(peerStoreName, FileTrustStore.class.getName(), peerStoreAttributes);
+ }
+
+ private void createTestVirtualHostNode(final String excludedVirtualHostNodeName) throws Exception
+ {
+ final Map<String, Object> attributes = new HashMap<>();
+ attributes.put("object-type", JsonVirtualHostNodeImpl.VIRTUAL_HOST_NODE_TYPE);
+ attributes.put("type", JsonVirtualHostNodeImpl.VIRTUAL_HOST_NODE_TYPE);
+ attributes.put("virtualHostInitialConfiguration",
+ String.format("{\"type\": \"%s\"}", TestMemoryVirtualHost.VIRTUAL_HOST_TYPE));
+
+ createEntity(excludedVirtualHostNodeName, "org.apache.qpid.JsonVirtualHostNode", attributes);
+ }
+
+ private void createEntity(final String entityName,
+ final String entityType,
+ final Map<String, Object> attributes) throws Exception
+ {
+ Connection connection = getConnectionBuilder().setVirtualHost("$management").build();
+ try
+ {
+ connection.start();
+ createEntity(entityName, entityType, attributes, connection);
+ }
+ finally
+ {
+ connection.close();
+ }
+ }
+
+ private boolean isStrongEncryptionEnabled() throws NoSuchAlgorithmException
+ {
+ return Cipher.getMaxAllowedKeyLength("AES") >= 256;
+ }
+}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/f86ff21d/systests/src/test/java/org/apache/qpid/systest/messageencryption/MessageEncryptionTest.java
----------------------------------------------------------------------
diff --git a/systests/src/test/java/org/apache/qpid/systest/messageencryption/MessageEncryptionTest.java b/systests/src/test/java/org/apache/qpid/systest/messageencryption/MessageEncryptionTest.java
deleted file mode 100644
index 1ba42ef..0000000
--- a/systests/src/test/java/org/apache/qpid/systest/messageencryption/MessageEncryptionTest.java
+++ /dev/null
@@ -1,398 +0,0 @@
-/*
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- *
- */
-package org.apache.qpid.systest.messageencryption;
-
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.crypto.Cipher;
-import javax.jms.Connection;
-import javax.jms.JMSException;
-import javax.jms.Message;
-import javax.jms.MessageConsumer;
-import javax.jms.MessageProducer;
-import javax.jms.Queue;
-import javax.jms.Session;
-
-import org.apache.qpid.client.message.JMSBytesMessage;
-import org.apache.qpid.client.message.JMSTextMessage;
-import org.apache.qpid.server.model.TrustStore;
-import org.apache.qpid.test.utils.QpidBrokerTestCase;
-import org.apache.qpid.test.utils.TestSSLConstants;
-
-public class MessageEncryptionTest extends QpidBrokerTestCase implements TestSSLConstants
-{
-
- public static final String TEST_MESSAGE_TEXT = "test message";
- public static final String EXCLUDED_VIRTUAL_HOST_NODE_NAME = "excludedVirtualHostNode";
- public static final String INCLUDED_VIRTUAL_HOST_NODE_NAME = "includedVirtualHostNode";
-
- @Override
- public void startDefaultBroker() throws Exception
- {
- // tests start broker
- }
-
- public void testEncryptionUsingMessageHeader() throws Exception
- {
- if(isStrongEncryptionEnabled() && !isCppBroker())
- {
- super.startDefaultBroker();
- Map<String, String> prodConnOptions = new HashMap<>();
- prodConnOptions.put("encryption_trust_store", BROKER_PEERSTORE);
- prodConnOptions.put("encryption_trust_store_password", BROKER_PEERSTORE_PASSWORD);
- Connection producerConnection = getConnectionWithOptions(prodConnOptions);
-
-
- Map<String, String> recvConnOptions = new HashMap<>();
- recvConnOptions.put("encryption_key_store", KEYSTORE);
- recvConnOptions.put("encryption_key_store_password", KEYSTORE_PASSWORD);
- Connection recvConnection = getConnectionWithOptions(recvConnOptions);
-
- recvConnection.start();
- final Session recvSession = recvConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
- Queue queue = getTestQueue();
- final MessageConsumer consumer = recvSession.createConsumer(queue);
-
-
- final Session prodSession = producerConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
- final MessageProducer producer = prodSession.createProducer(queue);
-
- Message message = prodSession.createTextMessage(TEST_MESSAGE_TEXT);
-
- message.setBooleanProperty("x-qpid-encrypt", true);
- message.setStringProperty("x-qpid-encrypt-recipients",
- "cn=app1@acme.org,ou=art,o=acme,l=toronto,st=on,c=ca");
-
- producer.send(message);
-
-
- Message receivedMessage = consumer.receive(1000l);
- assertNotNull(receivedMessage);
- assertTrue(receivedMessage instanceof JMSTextMessage);
- assertEquals(TEST_MESSAGE_TEXT, ((JMSTextMessage) message).getText());
- }
- }
-
- public void testEncryptionFromADDRAddress() throws Exception
- {
- if(isStrongEncryptionEnabled() && !isCppBroker())
- {
- super.startDefaultBroker();
- Map<String, String> prodConnOptions = new HashMap<>();
- prodConnOptions.put("encryption_trust_store", BROKER_PEERSTORE);
- prodConnOptions.put("encryption_trust_store_password", BROKER_PEERSTORE_PASSWORD);
- Connection producerConnection = getConnectionWithOptions(prodConnOptions);
-
-
- Map<String, String> recvConnOptions = new HashMap<>();
- recvConnOptions.put("encryption_key_store", KEYSTORE);
- recvConnOptions.put("encryption_key_store_password", KEYSTORE_PASSWORD);
- Connection recvConnection = getConnectionWithOptions(recvConnOptions);
-
- recvConnection.start();
- final Session recvSession = recvConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
- Queue queue = getTestQueue();
- final MessageConsumer consumer = recvSession.createConsumer(queue);
-
-
- final Session prodSession = producerConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
- Queue prodQueue = prodSession.createQueue("ADDR: " + getTestQueueName() + " ; {x-send-encrypted : true, x-encrypted-recipients : 'CN=app1@acme.org, OU=art, O=acme, L=Toronto, ST=ON, C=CA'} ");
- final MessageProducer producer = prodSession.createProducer(prodQueue);
-
- Message message = prodSession.createTextMessage(TEST_MESSAGE_TEXT);
-
- producer.send(message);
-
-
- Message receivedMessage = consumer.receive(1000l);
- assertNotNull(receivedMessage);
- assertTrue(receivedMessage instanceof JMSTextMessage);
- assertEquals(TEST_MESSAGE_TEXT, ((JMSTextMessage) message).getText());
- }
- }
-
- public void testEncryptionFromBURLAddress() throws Exception
- {
- if(isStrongEncryptionEnabled() && !isCppBroker())
- {
- super.startDefaultBroker();
- Map<String, String> prodConnOptions = new HashMap<>();
- prodConnOptions.put("encryption_trust_store", BROKER_PEERSTORE);
- prodConnOptions.put("encryption_trust_store_password", BROKER_PEERSTORE_PASSWORD);
- Connection producerConnection = getConnectionWithOptions(prodConnOptions);
-
-
- Map<String, String> recvConnOptions = new HashMap<>();
- recvConnOptions.put("encryption_key_store", KEYSTORE);
- recvConnOptions.put("encryption_key_store_password", KEYSTORE_PASSWORD);
- Connection recvConnection = getConnectionWithOptions(recvConnOptions);
-
- recvConnection.start();
- final Session recvSession = recvConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
- Queue queue = getTestQueue();
- final MessageConsumer consumer = recvSession.createConsumer(queue);
-
-
- final Session prodSession = producerConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
- Queue prodQueue = prodSession.createQueue("BURL:direct:///"
- + getTestQueueName()
- + "/"
- + getTestQueueName()
- + "?sendencrypted='true'&encryptedrecipients='CN=app1@acme.org, OU=art, O=acme, L=Toronto, ST=ON, C=CA'");
- final MessageProducer producer = prodSession.createProducer(prodQueue);
-
- Message message = prodSession.createTextMessage(TEST_MESSAGE_TEXT);
-
- producer.send(message);
-
-
- Message receivedMessage = consumer.receive(1000l);
- assertNotNull(receivedMessage);
- assertTrue(receivedMessage instanceof JMSTextMessage);
- assertEquals(TEST_MESSAGE_TEXT, ((JMSTextMessage) message).getText());
- }
- }
-
-
- public void testBrokerAsTrustStoreProvider() throws Exception
- {
- if(isStrongEncryptionEnabled() && !isCppBroker())
- {
- addPeerStoreToBroker();
- super.startDefaultBroker();
- Map<String, String> prodConnOptions = new HashMap<>();
- prodConnOptions.put("encryption_remote_trust_store","$certificates%5c/peerstore");
- Connection producerConnection = getConnectionWithOptions(prodConnOptions);
-
-
- Map<String, String> recvConnOptions = new HashMap<>();
- recvConnOptions.put("encryption_key_store", KEYSTORE);
- recvConnOptions.put("encryption_key_store_password", KEYSTORE_PASSWORD);
- Connection recvConnection = getConnectionWithOptions(recvConnOptions);
-
- recvConnection.start();
- final Session recvSession = recvConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
- Queue queue = getTestQueue();
- final MessageConsumer consumer = recvSession.createConsumer(queue);
-
-
- final Session prodSession = producerConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
- final MessageProducer producer = prodSession.createProducer(queue);
-
- Message message = prodSession.createTextMessage(TEST_MESSAGE_TEXT);
-
- message.setBooleanProperty("x-qpid-encrypt", true);
- message.setStringProperty("x-qpid-encrypt-recipients",
- "cn=app1@acme.org,ou=art,o=acme,l=toronto,st=on,c=ca");
-
- producer.send(message);
-
-
- Message receivedMessage = consumer.receive(1000l);
- assertNotNull(receivedMessage);
- assertTrue(receivedMessage instanceof JMSTextMessage);
- assertEquals(TEST_MESSAGE_TEXT, ((JMSTextMessage) message).getText());
- }
- }
-
- public void testBrokerStoreProviderWithExcludedVirtualHostNode() throws Exception
- {
- if(isStrongEncryptionEnabled() && !isCppBroker())
- {
- createTestVirtualHostNode(EXCLUDED_VIRTUAL_HOST_NODE_NAME);
- addPeerStoreToBroker(Collections.<String, Object>singletonMap("excludedVirtualHostNodeMessageSources",
- EXCLUDED_VIRTUAL_HOST_NODE_NAME));
- super.startDefaultBroker();
-
- Map<String, String> options = Collections.singletonMap("encryption_remote_trust_store", "$certificates/peerstore");
- Connection producerConnection = getConnectionWithOptions(EXCLUDED_VIRTUAL_HOST_NODE_NAME, options);
-
- Queue queue = getTestQueue();
- final Session prodSession = producerConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
- final MessageProducer producer = prodSession.createProducer(queue);
-
- Message message = prodSession.createTextMessage(TEST_MESSAGE_TEXT);
- message.setBooleanProperty("x-qpid-encrypt", true);
- message.setStringProperty("x-qpid-encrypt-recipients",
- "cn=app1@acme.org,ou=art,o=acme,l=toronto,st=on,c=ca");
-
- try
- {
- producer.send(message);
- fail("Should not be able to send message");
- }
- catch (JMSException e)
- {
- assertTrue("Wrong exception cause: " + e.getCause(), e.getCause() instanceof CertificateException);
- }
- }
- }
-
- public void testBrokerStoreProviderWithIncludedVirtualHostNode() throws Exception
- {
- if(isStrongEncryptionEnabled() && !isCppBroker())
- {
- createTestVirtualHostNode(INCLUDED_VIRTUAL_HOST_NODE_NAME);
- final Map<String, Object> additionalPeerStoreAttributes = new HashMap<>();
- additionalPeerStoreAttributes.put("includedVirtualHostNodeMessageSources", INCLUDED_VIRTUAL_HOST_NODE_NAME);
- // this is deliberate to test that the include list takes precedence
- additionalPeerStoreAttributes.put("excludedVirtualHostNodeMessageSources", INCLUDED_VIRTUAL_HOST_NODE_NAME);
- addPeerStoreToBroker(additionalPeerStoreAttributes);
- super.startDefaultBroker();
-
-
- Map<String, String> options = Collections.singletonMap("encryption_remote_trust_store", "$certificates/peerstore");
- Connection successfulProducerConnection = getConnectionWithOptions(INCLUDED_VIRTUAL_HOST_NODE_NAME, options);
- Connection failingProducerConnection = getConnectionWithOptions(options);
-
- Queue queue = getTestQueue();
- final Session successfulSession = successfulProducerConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
- final MessageProducer successfulProducer = successfulSession.createProducer(queue);
- final Session failingSession = failingProducerConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
- final MessageProducer failingProducer = failingSession.createProducer(queue);
-
- Message message = successfulSession.createTextMessage(TEST_MESSAGE_TEXT);
- message.setBooleanProperty("x-qpid-encrypt", true);
- message.setStringProperty("x-qpid-encrypt-recipients",
- "cn=app1@acme.org,ou=art,o=acme,l=toronto,st=on,c=ca");
-
- try
- {
- failingProducer.send(message);
- fail("Should not be able to send message");
- }
- catch (JMSException e)
- {
- assertTrue("Wrong exception cause: " + e.getCause(), e.getCause() instanceof CertificateException);
- }
-
- successfulProducer.send(message);
- }
- }
-
- public void testUnknownRecipient() throws Exception
- {
-
- if(isStrongEncryptionEnabled() && !isCppBroker())
- {
- addPeerStoreToBroker();
- super.startDefaultBroker();
- Map<String, String> prodConnOptions = new HashMap<>();
- prodConnOptions.put("encryption_remote_trust_store","$certificates%5c/peerstore");
- Connection producerConnection = getConnectionWithOptions(prodConnOptions);
-
-
- Map<String, String> recvConnOptions = new HashMap<>();
- recvConnOptions.put("encryption_key_store", KEYSTORE);
- recvConnOptions.put("encryption_key_store_password", KEYSTORE_PASSWORD);
- Connection recvConnection = getConnectionWithOptions(recvConnOptions);
-
- recvConnection.start();
- final Session recvSession = recvConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
- Queue queue = getTestQueue();
- final MessageConsumer consumer = recvSession.createConsumer(queue);
-
-
- final Session prodSession = producerConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
- final MessageProducer producer = prodSession.createProducer(queue);
-
- Message message = prodSession.createTextMessage(TEST_MESSAGE_TEXT);
-
- message.setBooleanProperty("x-qpid-encrypt", true);
- message.setStringProperty("x-qpid-encrypt-recipients",
- "cn=unknwon@acme.org,ou=art,o=acme,l=toronto,st=on,c=ca");
-
- try
- {
- producer.send(message);
- fail("Should not have been able to send a message to an unknown recipient");
- }
- catch(JMSException e)
- {
- // pass;
- }
-
- }
- }
-
- public void testRecipientHasNoValidCert() throws Exception
- {
- if(isStrongEncryptionEnabled() && !isCppBroker())
- {
- super.startDefaultBroker();
- Map<String, String> prodConnOptions = new HashMap<>();
- prodConnOptions.put("encryption_trust_store", BROKER_PEERSTORE);
- prodConnOptions.put("encryption_trust_store_password", BROKER_PEERSTORE_PASSWORD);
- Connection producerConnection = getConnectionWithOptions(prodConnOptions);
-
-
- Map<String, String> recvConnOptions = new HashMap<>();
- Connection recvConnection = getConnectionWithOptions(recvConnOptions);
-
- recvConnection.start();
- final Session recvSession = recvConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
- Queue queue = getTestQueue();
- final MessageConsumer consumer = recvSession.createConsumer(queue);
-
-
- final Session prodSession = producerConnection.createSession(false, Session.AUTO_ACKNOWLEDGE);
- Queue prodQueue = prodSession.createQueue("ADDR: " + getTestQueueName() + " ; {x-send-encrypted : true, x-encrypted-recipients : 'CN=app1@acme.org, OU=art, O=acme, L=Toronto, ST=ON, C=CA'} ");
- final MessageProducer producer = prodSession.createProducer(prodQueue);
-
- Message message = prodSession.createTextMessage(TEST_MESSAGE_TEXT);
-
- producer.send(message);
-
-
- Message receivedMessage = consumer.receive(1000l);
- assertNotNull(receivedMessage);
- assertFalse(receivedMessage instanceof JMSTextMessage);
- assertTrue(receivedMessage instanceof JMSBytesMessage);
- }
- }
-
- private void addPeerStoreToBroker()
- {
- addPeerStoreToBroker(Collections.<String, Object>emptyMap());
- }
-
- private void addPeerStoreToBroker(Map<String, Object> additionalAttributes)
- {
- Map<String, Object> peerStoreAttributes = new HashMap<>();
- peerStoreAttributes.put("name" , "peerstore");
- peerStoreAttributes.put("storeUrl" , "${QPID_HOME}${file.separator}..${file.separator}test-profiles${file.separator}test_resources${file.separator}ssl${file.separator}java_broker_peerstore.jks");
- peerStoreAttributes.put("password" , "password");
- peerStoreAttributes.put("type", "FileTrustStore");
- peerStoreAttributes.put("exposedAsMessageSource", true);
- peerStoreAttributes.putAll(additionalAttributes);
- getDefaultBrokerConfiguration().addObjectConfiguration(TrustStore.class, peerStoreAttributes);
- }
-
-
- private boolean isStrongEncryptionEnabled() throws NoSuchAlgorithmException
- {
- return Cipher.getMaxAllowedKeyLength("AES")>=256;
- }
-}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/f86ff21d/test-profiles/Java10Excludes
----------------------------------------------------------------------
diff --git a/test-profiles/Java10Excludes b/test-profiles/Java10Excludes
index aa97f78..27ef27c 100644
--- a/test-profiles/Java10Excludes
+++ b/test-profiles/Java10Excludes
@@ -39,9 +39,6 @@ org.apache.qpid.transport.ProtocolNegotiationTest#testProtocolNegotiationFromUns
// Tests are tests of the 0-x client behaviour
org.apache.qpid.test.client.ProducerFlowControlTest#*
-
-// Message encryption not currently supported by the 1.0 client
-org.apache.qpid.systest.messageencryption.MessageEncryptionTest#*
// Message compression not currently supported by the 1.0 client
org.apache.qpid.systest.rest.MessageContentCompressionRestTest#*
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org