You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by rg...@apache.org on 2015/06/03 18:32:06 UTC
svn commit: r1683388 -
/qpid/java/trunk/systests/src/test/java/org/apache/qpid/client/ssl/SSLTest.java
Author: rgodfrey
Date: Wed Jun 3 16:32:06 2015
New Revision: 1683388
URL: http://svn.apache.org/r1683388
Log:
QPID-6552 : add test for trust store file
Modified:
qpid/java/trunk/systests/src/test/java/org/apache/qpid/client/ssl/SSLTest.java
Modified: qpid/java/trunk/systests/src/test/java/org/apache/qpid/client/ssl/SSLTest.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/systests/src/test/java/org/apache/qpid/client/ssl/SSLTest.java?rev=1683388&r1=1683387&r2=1683388&view=diff
==============================================================================
--- qpid/java/trunk/systests/src/test/java/org/apache/qpid/client/ssl/SSLTest.java (original)
+++ qpid/java/trunk/systests/src/test/java/org/apache/qpid/client/ssl/SSLTest.java Wed Jun 3 16:32:06 2015
@@ -102,6 +102,32 @@ public class SSLTest extends QpidBrokerT
}
}
+ public void testCreateSSLConnectionWithCertificateTrust() throws Exception
+ {
+ if (shouldPerformTest())
+ {
+ clearSslStoreSystemProperties();
+
+ //Start the broker (NEEDing client certificate authentication)
+ configureJavaBrokerIfNecessary(true, true, false, false, false);
+ super.setUp();
+
+ String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:%s" +
+ "?ssl='true'" +
+ "&trusted_certs_path='%s'" +
+ "'";
+ File trustCertFile = extractCertFileFromTestTrustStore();
+
+ url = String.format(url,QpidBrokerTestCase.DEFAULT_SSL_PORT,
+ trustCertFile.getCanonicalPath());
+
+ Connection con = getConnection(new AMQConnectionURL(url));
+ assertNotNull("connection should be successful", con);
+ Session ssn = con.createSession(false,Session.AUTO_ACKNOWLEDGE);
+ assertNotNull("create session should be successful", ssn);
+ }
+ }
+
public void testSSLConnectionToPlainPortRejected() throws Exception
{
if (shouldPerformTest())
@@ -477,7 +503,7 @@ public class SSLTest extends QpidBrokerT
if (shouldPerformTest())
{
clearSslStoreSystemProperties();
- File[] certAndKeyFiles = extractResourcesFromTestKeyStore(true);
+ File[] certAndKeyFiles = extractResourcesFromTestKeyStore();
//Start the broker (WANTing client certificate authentication)
configureJavaBrokerIfNecessary(true, true, true, false, false);
super.setUp();
@@ -557,7 +583,7 @@ public class SSLTest extends QpidBrokerT
setSystemProperty("javax.net.ssl.trustStorePassword", null);
}
- private File[] extractResourcesFromTestKeyStore(boolean pem) throws Exception
+ private File[] extractResourcesFromTestKeyStore() throws Exception
{
java.security.KeyStore ks = java.security.KeyStore.getInstance(java.security.KeyStore.getDefaultType());
try(InputStream is = new FileInputStream(KEYSTORE))
@@ -609,4 +635,41 @@ public class SSLTest extends QpidBrokerT
return new File[]{privateKeyFile,certificateFile};
}
+ private File extractCertFileFromTestTrustStore() throws Exception
+ {
+ java.security.KeyStore ks = java.security.KeyStore.getInstance(java.security.KeyStore.getDefaultType());
+ try(InputStream is = new FileInputStream(TRUSTSTORE))
+ {
+ ks.load(is, TRUSTSTORE_PASSWORD.toCharArray() );
+ }
+
+
+
+ File certificateFile = TestFileUtils.createTempFile(this, ".crt");
+
+ try(FileOutputStream cos = new FileOutputStream(certificateFile))
+ {
+
+ for(String alias : Collections.list(ks.aliases()))
+ {
+ Certificate pub = ks.getCertificate(alias);
+ cos.write("-----BEGIN CERTIFICATE-----\n".getBytes());
+ String base64encoded = DatatypeConverter.printBase64Binary(pub.getEncoded());
+ while (base64encoded.length() > 76)
+ {
+ cos.write(base64encoded.substring(0, 76).getBytes());
+ cos.write("\n".getBytes());
+ base64encoded = base64encoded.substring(76);
+ }
+ cos.write(base64encoded.getBytes());
+
+ cos.write("\n-----END CERTIFICATE-----\n".getBytes());
+ }
+ cos.flush();
+ }
+
+ return certificateFile;
+ }
+
+
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org