You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by rg...@apache.org on 2016/12/01 14:16:01 UTC
svn commit: r1772213 - in /qpid/java/trunk:
systests/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java
test-profiles/Java10UninvestigatedTestsExcludes
Author: rgodfrey
Date: Thu Dec 1 14:16:01 2016
New Revision: 1772213
URL: http://svn.apache.org/viewvc?rev=1772213&view=rev
Log:
QPID-7546 : ExternalAuthenticationTest
Modified:
qpid/java/trunk/systests/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java
qpid/java/trunk/test-profiles/Java10UninvestigatedTestsExcludes
Modified: qpid/java/trunk/systests/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/systests/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java?rev=1772213&r1=1772212&r2=1772213&view=diff
==============================================================================
--- qpid/java/trunk/systests/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java (original)
+++ qpid/java/trunk/systests/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java Thu Dec 1 14:16:01 2016
@@ -32,11 +32,15 @@ import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
+import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import javax.jms.Connection;
+import javax.jms.ConnectionFactory;
import javax.jms.JMSException;
+import javax.jms.Session;
+import javax.naming.InitialContext;
import org.apache.qpid.client.AMQConnectionURL;
import org.apache.qpid.server.model.AuthenticationProvider;
@@ -59,6 +63,11 @@ public class ExternalAuthenticationTest
{
super.setUp();
setSystemProperty("javax.net.debug", "ssl");
+ setSystemProperty("javax.net.ssl.keyStore", null);
+ setSystemProperty("javax.net.ssl.keyStorePassword", null);
+ setSystemProperty("javax.net.ssl.trustStore", null);
+ setSystemProperty("javax.net.ssl.trustStorePassword", null);
+
}
@Override
@@ -76,12 +85,11 @@ public class ExternalAuthenticationTest
setCommonBrokerSSLProperties(true);
super.startDefaultBroker();
- setClientKeystoreProperties();
- setClientTrustoreProperties();
-
try
{
- getExternalSSLConnection(false);
+ final Connection connection =
+ getExternalSSLConnection(false, TRUSTSTORE, TRUSTSTORE_PASSWORD, KEYSTORE, KEYSTORE_PASSWORD, null);
+ connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
}
catch (JMSException e)
{
@@ -109,9 +117,6 @@ public class ExternalAuthenticationTest
getDefaultBrokerConfiguration().setObjectAttribute(Port.class, TestBrokerConfiguration.ENTRY_NAME_AMQP_PORT, Port.AUTHENTICATION_PROVIDER, TestBrokerConfiguration.ENTRY_NAME_EXTERNAL_PROVIDER);
super.startDefaultBroker();
- setClientKeystoreProperties();
- setClientTrustoreProperties();
-
try
{
getConnection();
@@ -132,11 +137,11 @@ public class ExternalAuthenticationTest
setCommonBrokerSSLProperties(false);
super.startDefaultBroker();
- setClientTrustoreProperties();
-
try
{
- getExternalSSLConnection(true);
+ final Connection connection =
+ getExternalSSLConnection(true, TRUSTSTORE, TRUSTSTORE_PASSWORD, null, null, null);
+ connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
fail("Connection should not succeed");
}
catch (JMSException e)
@@ -154,12 +159,15 @@ public class ExternalAuthenticationTest
setCommonBrokerSSLProperties(true);
super.startDefaultBroker();
- setUntrustedClientKeystoreProperties();
- setClientTrustoreProperties();
-
try
{
- getExternalSSLConnection(false, "&ssl_cert_alias='" + TestSSLConstants.CERT_ALIAS_UNTRUSTED_CLIENT + "'");
+ getExternalSSLConnection(false,
+ TRUSTSTORE,
+ TRUSTSTORE_PASSWORD,
+ UNTRUSTED_KEYSTORE,
+ KEYSTORE_PASSWORD,
+ TestSSLConstants.CERT_ALIAS_UNTRUSTED_CLIENT
+ );
fail("Connection should not succeed");
}
catch (JMSException e)
@@ -216,13 +224,16 @@ public class ExternalAuthenticationTest
super.startDefaultBroker();
- setClientKeystoreProperties();
- setClientTrustoreProperties();
-
try
{
//use the app1 cert, which IS in the peerstore (and has CA in the trustStore)
- getExternalSSLConnection(false, "&ssl_cert_alias='app1'");
+ final Connection connection = getExternalSSLConnection(false,
+ TRUSTSTORE,
+ TRUSTSTORE_PASSWORD,
+ KEYSTORE,
+ KEYSTORE_PASSWORD,
+ "app1");
+ connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
}
catch (JMSException e)
{
@@ -232,7 +243,7 @@ public class ExternalAuthenticationTest
try
{
//use the app2 cert, which is NOT in the peerstore (but is signed by the same CA as app1)
- getExternalSSLConnection(false, "&ssl_cert_alias='app2'");
+ getExternalSSLConnection(false, TRUSTSTORE, TRUSTSTORE_PASSWORD, KEYSTORE, KEYSTORE_PASSWORD, "app2");
if(!useTrustAndPeerStore)
{
fail("Client's validation against the broker's multi store manager unexpectedly passed, when configured store was expected to deny.");
@@ -262,12 +273,17 @@ public class ExternalAuthenticationTest
super.startDefaultBroker();
- setClientKeystoreProperties();
- setClientTrustoreProperties();
-
try
{
- getExternalSSLConnection(false, "&ssl_cert_alias='app2'");
+ final Connection connection = getExternalSSLConnection(false,
+ TRUSTSTORE,
+ TRUSTSTORE_PASSWORD,
+ KEYSTORE,
+ KEYSTORE_PASSWORD,
+ "app2");
+
+ connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+
}
catch (JMSException e)
{
@@ -303,12 +319,15 @@ public class ExternalAuthenticationTest
super.startDefaultBroker();
- setClientKeystoreProperties();
- setClientTrustoreProperties();
-
try
{
- getExternalSSLConnection(false, "&ssl_cert_alias='app2'");
+ final Connection connection = getExternalSSLConnection(false,
+ TRUSTSTORE,
+ TRUSTSTORE_PASSWORD,
+ KEYSTORE,
+ KEYSTORE_PASSWORD,
+ "app2");
+ connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
}
catch (JMSException e)
{
@@ -329,24 +348,68 @@ public class ExternalAuthenticationTest
}
}
- private Connection getExternalSSLConnection(boolean includeUserNameAndPassword) throws Exception
- {
- return getExternalSSLConnection(includeUserNameAndPassword, "");
- }
-
- private Connection getExternalSSLConnection(boolean includeUserNameAndPassword, String optionString) throws Exception
- {
- int amqpTlsPort = getDefaultBroker().getAmqpTlsPort();
- String url = "amqp://%s@test/?brokerlist='tcp://localhost:%s?ssl='true'&sasl_mechs='EXTERNAL'%s'";
- if (includeUserNameAndPassword)
- {
- url = String.format(url, "guest:guest", String.valueOf(amqpTlsPort), optionString);
+ private Connection getExternalSSLConnection(boolean includeUserNameAndPassword,
+ final String trustStoreLocation,
+ final String trustStorePassword,
+ final String keyStoreLocation,
+ final String keyStorePassword,
+ final String certAlias) throws Exception
+ {
+ if(isBroker10())
+ {
+ final Hashtable<String, String> env = new Hashtable<>();
+ final StringBuilder uri = new StringBuilder("amqps://localhost:").append(String.valueOf(getDefaultBroker().getAmqpTlsPort())).append("?amqp.vhost=test&amqp.saslMechanisms=EXTERNAL");
+ if(trustStoreLocation != null)
+ {
+ uri.append("&transport.trustStoreLocation=").append(trustStoreLocation);
+ }
+ if(trustStorePassword != null)
+ {
+ uri.append("&transport.trustStorePassword=").append(trustStorePassword);
+ }
+ if(keyStoreLocation != null)
+ {
+ uri.append("&transport.keyStoreLocation=").append(keyStoreLocation);
+ }
+ if(keyStorePassword != null)
+ {
+ uri.append("&transport.keyStorePassword=").append(keyStorePassword);
+ }
+ if(certAlias != null)
+ {
+ uri.append("&transport.keyAlias=").append(certAlias);
+ }
+ env.put("connectionfactory.externalauth", uri.toString());
+ InitialContext initialContext = new InitialContext(env);
+ final ConnectionFactory connectionFactory = (ConnectionFactory) initialContext.lookup("externalauth");
+ if(includeUserNameAndPassword)
+ {
+ return connectionFactory.createConnection("guest","guest");
+ }
+ else
+ {
+ return connectionFactory.createConnection();
+ }
}
else
{
- url = String.format(url, ":", String.valueOf(amqpTlsPort), optionString);
+ setSystemProperty("javax.net.ssl.keyStore", keyStoreLocation);
+ setSystemProperty("javax.net.ssl.keyStorePassword", keyStorePassword);
+ setSystemProperty("javax.net.ssl.trustStore", trustStoreLocation);
+ setSystemProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
+ String certAliasOption = certAlias == null ? "" : "&ssl_cert_alias='"+certAlias+"'";
+ int amqpTlsPort = getDefaultBroker().getAmqpTlsPort();
+ String url = "amqp://%s@test/?brokerlist='tcp://localhost:%s?ssl='true'&sasl_mechs='EXTERNAL'%s'";
+ if (includeUserNameAndPassword)
+ {
+ url = String.format(url, "guest:guest", String.valueOf(amqpTlsPort), certAliasOption);
+ }
+ else
+ {
+ url = String.format(url, ":", String.valueOf(amqpTlsPort), certAliasOption);
+ }
+ return getConnection(new AMQConnectionURL(url));
}
- return getConnection(new AMQConnectionURL(url));
}
private void setCommonBrokerSSLProperties(boolean needClientAuth)
@@ -388,21 +451,4 @@ public class ExternalAuthenticationTest
config.setObjectAttribute(Port.class, TestBrokerConfiguration.ENTRY_NAME_SSL_PORT, Port.AUTHENTICATION_PROVIDER, TestBrokerConfiguration.ENTRY_NAME_EXTERNAL_PROVIDER);
}
- private void setUntrustedClientKeystoreProperties()
- {
- setSystemProperty("javax.net.ssl.keyStore", UNTRUSTED_KEYSTORE);
- setSystemProperty("javax.net.ssl.keyStorePassword", KEYSTORE_PASSWORD);
- }
-
- private void setClientKeystoreProperties()
- {
- setSystemProperty("javax.net.ssl.keyStore", KEYSTORE);
- setSystemProperty("javax.net.ssl.keyStorePassword", KEYSTORE_PASSWORD);
- }
-
- private void setClientTrustoreProperties()
- {
- setSystemProperty("javax.net.ssl.trustStore", TRUSTSTORE);
- setSystemProperty("javax.net.ssl.trustStorePassword", TRUSTSTORE_PASSWORD);
- }
}
Modified: qpid/java/trunk/test-profiles/Java10UninvestigatedTestsExcludes
URL: http://svn.apache.org/viewvc/qpid/java/trunk/test-profiles/Java10UninvestigatedTestsExcludes?rev=1772213&r1=1772212&r2=1772213&view=diff
==============================================================================
--- qpid/java/trunk/test-profiles/Java10UninvestigatedTestsExcludes (original)
+++ qpid/java/trunk/test-profiles/Java10UninvestigatedTestsExcludes Thu Dec 1 14:16:01 2016
@@ -25,7 +25,6 @@ org.apache.qpid.server.logging.ConsumerL
org.apache.qpid.server.logging.DurableQueueLoggingTest#*
org.apache.qpid.server.logging.QueueLoggingTest#*
org.apache.qpid.server.logging.TransientQueueLoggingTest#*
-org.apache.qpid.server.security.auth.manager.ExternalAuthenticationTest#*
org.apache.qpid.client.prefetch.PrefetchBehaviourTest#*
org.apache.qpid.client.redelivered.RedeliveredMessageTest#*
org.apache.qpid.client.SynchReceiveTest#*
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org