You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by gm...@apache.org on 2016/04/20 16:58:38 UTC
qpid-dispatch git commit: NO-JIRA - Added additional unit test the
tests SASL PLAIN authentication over SSL
Repository: qpid-dispatch
Updated Branches:
refs/heads/master 94e3c10a7 -> b99acb85b
NO-JIRA - Added additional unit test the tests SASL PLAIN authentication over SSL
Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/b99acb85
Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/b99acb85
Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/b99acb85
Branch: refs/heads/master
Commit: b99acb85b6df812b2fff78b8a51a84e5b7e4e53f
Parents: 94e3c10
Author: Ganesh Murthy <gm...@redhat.com>
Authored: Wed Apr 20 10:58:20 2016 -0400
Committer: Ganesh Murthy <gm...@redhat.com>
Committed: Wed Apr 20 10:58:20 2016 -0400
----------------------------------------------------------------------
tests/system_tests_sasl_plain.py | 143 +++++++++++++++++++++++++++-------
1 file changed, 117 insertions(+), 26 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/b99acb85/tests/system_tests_sasl_plain.py
----------------------------------------------------------------------
diff --git a/tests/system_tests_sasl_plain.py b/tests/system_tests_sasl_plain.py
index d7dfddc..1854279 100644
--- a/tests/system_tests_sasl_plain.py
+++ b/tests/system_tests_sasl_plain.py
@@ -19,27 +19,29 @@
import unittest, os
from subprocess import PIPE, Popen
-import system_test
-from system_test import TestCase, Qdrouterd, main_module
+from system_test import TestCase, Qdrouterd, main_module, DIR, TIMEOUT
-class RouterTestPlainSasl(TestCase):
-
- @classmethod
- def createSasldb(cls):
- pass
+from qpid_dispatch.management.client import Node
+class RouterTestPlainSaslCommon(TestCase):
@classmethod
- def setUpClass(cls):
- """
- Tests the sasl_username, sasl_password property of the dispatch router.
+ def router(cls, name, connection):
- Creates two routers (QDR.X and QDR.Y) and sets up PLAIN authentication on QDR.X.
- QDR.Y connects to QDR.X by providing a sasl_username and a sasl_password.
+ config = [
+ ('router', {'mode': 'interior', 'routerId': 'QDR.%s'%name}),
+ ('fixedAddress', {'prefix': '/closest/', 'fanout': 'single', 'bias': 'closest'}),
+ ('fixedAddress', {'prefix': '/spread/', 'fanout': 'single', 'bias': 'spread'}),
+ ('fixedAddress', {'prefix': '/multicast/', 'fanout': 'multiple'}),
+ ('fixedAddress', {'prefix': '/', 'fanout': 'multiple'}),
- """
- super(RouterTestPlainSasl, cls).setUpClass()
+ ] + connection
+ config = Qdrouterd.Config(config)
+ cls.routers.append(cls.tester.qdrouterd(name, config, wait=False))
+
+ @classmethod
+ def createSaslFiles(cls):
# Create a sasl database.
p = Popen(['saslpasswd2', '-c', '-p', '-f', 'qdrouterd.sasldb', '-u', 'domain.com', 'test'],
stdin=PIPE, stdout=PIPE, stderr=PIPE)
@@ -58,26 +60,27 @@ mech_list: ANONYMOUS DIGEST-MD5 EXTERNAL PLAIN
sql_select: dummy select
""")
- def router(name, connection):
+class RouterTestPlainSasl(RouterTestPlainSaslCommon):
- config = [
- ('router', {'mode': 'interior', 'routerId': 'QDR.%s'%name}),
- ('fixedAddress', {'prefix': '/closest/', 'fanout': 'single', 'bias': 'closest'}),
- ('fixedAddress', {'prefix': '/spread/', 'fanout': 'single', 'bias': 'spread'}),
- ('fixedAddress', {'prefix': '/multicast/', 'fanout': 'multiple'}),
- ('fixedAddress', {'prefix': '/', 'fanout': 'multiple'}),
+ @classmethod
+ def setUpClass(cls):
+ """
+ Tests the sasl_username, sasl_password property of the dispatch router.
- ] + connection
+ Creates two routers (QDR.X and QDR.Y) and sets up PLAIN authentication on QDR.X.
+ QDR.Y connects to QDR.X by providing a sasl_username and a sasl_password.
- config = Qdrouterd.Config(config)
- cls.routers.append(cls.tester.qdrouterd(name, config, wait=False))
+ """
+ super(RouterTestPlainSasl, cls).setUpClass()
+
+ super(RouterTestPlainSasl, cls).createSaslFiles()
cls.routers = []
x_listener_port = cls.tester.get_port()
y_listener_port = cls.tester.get_port()
- router('X', [
+ super(RouterTestPlainSasl, cls).router('X', [
('listener', {'addr': '0.0.0.0', 'role': 'inter-router', 'port': x_listener_port,
'saslMechanisms':'PLAIN', 'authenticatePeer': 'yes'}),
# This unauthenticated listener is for qdstat to connect to it.
@@ -88,7 +91,7 @@ sql_select: dummy select
'saslConfigPath': os.getcwd()}),
])
- router('Y', [
+ super(RouterTestPlainSasl, cls).router('Y', [
('connector', {'addr': '0.0.0.0', 'role': 'inter-router', 'port': x_listener_port,
# Provide a sasl user name and password to connect to QDR.X
'saslMechanisms': 'PLAIN', 'saslUsername': 'test@domain.com', 'saslPassword': 'password'}),
@@ -117,6 +120,94 @@ sql_select: dummy select
self.assertIn("inter-router", out)
self.assertIn("test@domain.com(PLAIN)", out)
+
+class RouterTestPlainSaslOverSsl(RouterTestPlainSaslCommon):
+
+ @staticmethod
+ def ssl_file(name):
+ return os.path.join(DIR, 'ssl_certs', name)
+
+ @classmethod
+ def setUpClass(cls):
+ """
+ Tests the sasl_username, sasl_password property of the dispatch router.
+
+ Creates two routers (QDR.X and QDR.Y) and sets up PLAIN authentication on QDR.X.
+ QDR.Y connects to QDR.X by providing a sasl_username and a sasl_password.
+ This PLAIN authentication is done over an TLS/SSLv3 connection.
+
+ """
+ super(RouterTestPlainSaslOverSsl, cls).setUpClass()
+
+ super(RouterTestPlainSaslOverSsl, cls).createSaslFiles()
+
+ cls.routers = []
+
+ x_listener_port = cls.tester.get_port()
+ y_listener_port = cls.tester.get_port()
+
+ super(RouterTestPlainSaslOverSsl, cls).router('X', [
+ ('listener', {'addr': '0.0.0.0', 'role': 'inter-router', 'port': x_listener_port,
+ 'sslProfile':'server-ssl-profile',
+ 'saslMechanisms':'PLAIN', 'authenticatePeer': 'yes'}),
+ # This unauthenticated listener is for qdstat to connect to it.
+ ('listener', {'addr': '0.0.0.0', 'role': 'normal', 'port': cls.tester.get_port(),
+ 'authenticatePeer': 'no'}),
+ ('sslProfile', {'name': 'server-ssl-profile',
+ 'cert-db': cls.ssl_file('ca-certificate.pem'),
+ 'cert-file': cls.ssl_file('server-certificate.pem'),
+ 'key-file': cls.ssl_file('server-private-key.pem'),
+ 'password': 'server-password'}),
+ ('container', {'workerThreads': 4, 'containerName': 'Qpid.Dispatch.Router.X',
+ 'saslConfigName': 'tests-mech-PLAIN',
+ 'saslConfigPath': os.getcwd()}),
+ ])
+
+ super(RouterTestPlainSaslOverSsl, cls).router('Y', [
+ # This router will act like a client. First an SSL connection will be established and then
+ # we will have SASL plain authentication over SSL.
+ ('connector', {'addr': '0.0.0.0', 'role': 'inter-router', 'port': x_listener_port,
+ 'ssl-profile': 'client-ssl-profile',
+ # Provide a sasl user name and password to connect to QDR.X
+ 'saslMechanisms': 'PLAIN',
+ 'saslUsername': 'test@domain.com', 'saslPassword': 'password'}),
+ ('container', {'workerThreads': 4, 'containerName': 'Qpid.Dispatch.Router.Y'}),
+ ('listener', {'addr': '0.0.0.0', 'role': 'normal', 'port': y_listener_port}),
+ ('sslProfile', {'name': 'client-ssl-profile',
+ 'cert-db': cls.ssl_file('ca-certificate.pem'),
+ 'cert-file': cls.ssl_file('client-certificate.pem'),
+ 'key-file': cls.ssl_file('client-private-key.pem'),
+ 'password': 'client-password'}),
+ ])
+
+ cls.routers[1].wait_router_connected('QDR.X')
+
+ def test_inter_router_plain_over_ssl_exists(self):
+ """The setUpClass sets up two routers with SASL PLAIN enabled over TLS/SSLv3.
+
+ This test makes executes a query for type='org.apache.qpid.dispatch.connection' over
+ an unauthenticated listener to
+ QDR.X and makes sure that the output has an "inter-router" connection to
+ QDR.Y whose authentication is PLAIN. This ensures that QDR.Y did not
+ somehow use SASL ANONYMOUS to connect to QDR.X
+ Also makes sure that TLSv1/SSLv3 was used as sslProto
+
+ """
+ local_node = Node.connect(self.routers[0].addresses[1], timeout=TIMEOUT)
+
+ # sslProto should be TLSv1/SSLv3
+ self.assertEqual(u'TLSv1/SSLv3', local_node.query(type='org.apache.qpid.dispatch.connection').results[0][4])
+
+ # role should be inter-router
+ self.assertEqual(u'inter-router', local_node.query(type='org.apache.qpid.dispatch.connection').results[0][9])
+
+ # sasl must be plain
+ self.assertEqual(u'PLAIN', local_node.query(type='org.apache.qpid.dispatch.connection').results[0][12])
+
+ # user must be test@domain.com
+ self.assertEqual(u'test@domain.com', local_node.query(type='org.apache.qpid.dispatch.connection').results[0][16])
+
+
if __name__ == '__main__':
unittest.main(main_module())
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org