Return-Path: X-Original-To: apmail-qpid-commits-archive@www.apache.org Delivered-To: apmail-qpid-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A1ABE17CAD for ; Fri, 13 Mar 2015 18:51:14 +0000 (UTC) Received: (qmail 4102 invoked by uid 500); 13 Mar 2015 18:51:14 -0000 Delivered-To: apmail-qpid-commits-archive@qpid.apache.org Received: (qmail 4011 invoked by uid 500); 13 Mar 2015 18:51:14 -0000 Mailing-List: contact commits-help@qpid.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@qpid.apache.org Delivered-To: mailing list commits@qpid.apache.org Received: (qmail 3984 invoked by uid 99); 13 Mar 2015 18:51:14 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 13 Mar 2015 18:51:14 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 4FD4FE1814; Fri, 13 Mar 2015 18:51:14 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: robbie@apache.org To: commits@qpid.apache.org Date: Fri, 13 Mar 2015 18:51:15 -0000 Message-Id: In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [2/4] qpid-jms git commit: add test using a different trust store, verify connection to server using regular key fails add test using a different trust store, verify connection to server using regular key fails Project: http://git-wip-us.apache.org/repos/asf/qpid-jms/repo Commit: http://git-wip-us.apache.org/repos/asf/qpid-jms/commit/18d3ec6c Tree: http://git-wip-us.apache.org/repos/asf/qpid-jms/tree/18d3ec6c Diff: http://git-wip-us.apache.org/repos/asf/qpid-jms/diff/18d3ec6c Branch: refs/heads/master Commit: 18d3ec6cba580eeebf52fa4adb22221dca53cfae Parents: cd8ac4f Author: Robert Gemmell Authored: Fri Mar 13 18:27:30 2015 +0000 Committer: Robert Gemmell Committed: Fri Mar 13 18:47:51 2015 +0000 ---------------------------------------------------------------------- .../jms/transports/netty/NettyEchoServer.java | 2 +- .../transports/netty/NettySslTransportTest.java | 31 ++++++++++++++++++++ 2 files changed, 32 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/18d3ec6c/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettyEchoServer.java ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettyEchoServer.java b/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettyEchoServer.java index ae064a4..fff2323 100644 --- a/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettyEchoServer.java +++ b/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettyEchoServer.java @@ -153,7 +153,7 @@ public class NettyEchoServer implements AutoCloseable { handler.handshakeFuture().addListener(new GenericFutureListener>() { @Override public void operationComplete(Future future) throws Exception { - LOG.info("SSL handshake completed successfully"); + LOG.info("SSL handshake completed. Succeeded: " + future.isSuccess()); } }); } http://git-wip-us.apache.org/repos/asf/qpid-jms/blob/18d3ec6c/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettySslTransportTest.java ---------------------------------------------------------------------- diff --git a/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettySslTransportTest.java b/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettySslTransportTest.java index 8b25e5f..e43a499 100644 --- a/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettySslTransportTest.java +++ b/qpid-jms-client/src/test/java/org/apache/qpid/jms/transports/netty/NettySslTransportTest.java @@ -42,6 +42,8 @@ public class NettySslTransportTest extends NettyTcpTransportTest { public static final String SERVER_KEYSTORE = "src/test/resources/broker-jks.keystore"; public static final String SERVER_WRONG_HOST_KEYSTORE = "src/test/resources/broker-wrong-host-jks.keystore"; public static final String CLIENT_TRUSTSTORE = "src/test/resources/client-jks.truststore"; + public static final String OTHER_CA_TRUSTSTORE = "src/test/resources/other-ca-jks.truststore"; + public static final String KEYSTORE_TYPE = "jks"; @Override @@ -79,6 +81,35 @@ public class NettySslTransportTest extends NettyTcpTransportTest { } @Test(timeout = 60 * 1000) + public void testConnectToServerUsingUntrustedKeyFails() throws Exception { + try (NettyEchoServer server = new NettyEchoServer(createServerOptions())) { + server.start(); + + int port = server.getServerPort(); + URI serverLocation = new URI("tcp://localhost:" + port); + + TransportSslOptions options = TransportSslOptions.INSTANCE.clone(); + + options.setTrustStoreLocation(OTHER_CA_TRUSTSTORE); + options.setTrustStorePassword(PASSWORD); + options.setStoreType(KEYSTORE_TYPE); + options.setVerifyHost(false); + + Transport transport = createTransport(serverLocation, testListener, options); + try { + transport.connect(); + fail("Should not have connected to the server"); + } catch (Exception e) { + LOG.info("Connection failed to untrusted test server."); + } + + assertFalse(transport.isConnected()); + + transport.close(); + } + } + + @Test(timeout = 60 * 1000) public void testConnectToServerClientTrustsAll() throws Exception { try (NettyEchoServer server = new NettyEchoServer(createServerOptions())) { server.start(); --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org For additional commands, e-mail: commits-help@qpid.apache.org