qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From gmur...@apache.org
Subject qpid-dispatch git commit: NO-JIRA - Added additional unit test the tests SASL PLAIN authentication over SSL
Date Wed, 20 Apr 2016 14:58:38 GMT
Repository: qpid-dispatch
Updated Branches:
  refs/heads/master 94e3c10a7 -> b99acb85b


NO-JIRA - Added additional unit test the tests SASL PLAIN authentication over SSL


Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/b99acb85
Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/b99acb85
Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/b99acb85

Branch: refs/heads/master
Commit: b99acb85b6df812b2fff78b8a51a84e5b7e4e53f
Parents: 94e3c10
Author: Ganesh Murthy <gmurthy@redhat.com>
Authored: Wed Apr 20 10:58:20 2016 -0400
Committer: Ganesh Murthy <gmurthy@redhat.com>
Committed: Wed Apr 20 10:58:20 2016 -0400

----------------------------------------------------------------------
 tests/system_tests_sasl_plain.py | 143 +++++++++++++++++++++++++++-------
 1 file changed, 117 insertions(+), 26 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/b99acb85/tests/system_tests_sasl_plain.py
----------------------------------------------------------------------
diff --git a/tests/system_tests_sasl_plain.py b/tests/system_tests_sasl_plain.py
index d7dfddc..1854279 100644
--- a/tests/system_tests_sasl_plain.py
+++ b/tests/system_tests_sasl_plain.py
@@ -19,27 +19,29 @@
 
 import unittest, os
 from subprocess import PIPE, Popen
-import system_test
-from system_test import TestCase, Qdrouterd, main_module
+from system_test import TestCase, Qdrouterd, main_module, DIR, TIMEOUT
 
-class RouterTestPlainSasl(TestCase):
-
-    @classmethod
-    def createSasldb(cls):
-        pass
+from qpid_dispatch.management.client import Node
 
+class RouterTestPlainSaslCommon(TestCase):
 
     @classmethod
-    def setUpClass(cls):
-        """
-        Tests the sasl_username, sasl_password property of the dispatch router.
+    def router(cls, name, connection):
 
-        Creates two routers (QDR.X and QDR.Y) and sets up PLAIN authentication on QDR.X.
-        QDR.Y connects to QDR.X by providing a sasl_username and a sasl_password.
+        config = [
+            ('router', {'mode': 'interior', 'routerId': 'QDR.%s'%name}),
+            ('fixedAddress', {'prefix': '/closest/', 'fanout': 'single', 'bias': 'closest'}),
+            ('fixedAddress', {'prefix': '/spread/', 'fanout': 'single', 'bias': 'spread'}),
+            ('fixedAddress', {'prefix': '/multicast/', 'fanout': 'multiple'}),
+            ('fixedAddress', {'prefix': '/', 'fanout': 'multiple'}),
 
-        """
-        super(RouterTestPlainSasl, cls).setUpClass()
+        ] + connection
 
+        config = Qdrouterd.Config(config)
+        cls.routers.append(cls.tester.qdrouterd(name, config, wait=False))
+
+    @classmethod
+    def createSaslFiles(cls):
         # Create a sasl database.
         p = Popen(['saslpasswd2', '-c', '-p', '-f', 'qdrouterd.sasldb', '-u', 'domain.com',
'test'],
                   stdin=PIPE, stdout=PIPE, stderr=PIPE)
@@ -58,26 +60,27 @@ mech_list: ANONYMOUS DIGEST-MD5 EXTERNAL PLAIN
 sql_select: dummy select
 """)
 
-        def router(name, connection):
+class RouterTestPlainSasl(RouterTestPlainSaslCommon):
 
-            config = [
-                ('router', {'mode': 'interior', 'routerId': 'QDR.%s'%name}),
-                ('fixedAddress', {'prefix': '/closest/', 'fanout': 'single', 'bias': 'closest'}),
-                ('fixedAddress', {'prefix': '/spread/', 'fanout': 'single', 'bias': 'spread'}),
-                ('fixedAddress', {'prefix': '/multicast/', 'fanout': 'multiple'}),
-                ('fixedAddress', {'prefix': '/', 'fanout': 'multiple'}),
+    @classmethod
+    def setUpClass(cls):
+        """
+        Tests the sasl_username, sasl_password property of the dispatch router.
 
-            ] + connection
+        Creates two routers (QDR.X and QDR.Y) and sets up PLAIN authentication on QDR.X.
+        QDR.Y connects to QDR.X by providing a sasl_username and a sasl_password.
 
-            config = Qdrouterd.Config(config)
-            cls.routers.append(cls.tester.qdrouterd(name, config, wait=False))
+        """
+        super(RouterTestPlainSasl, cls).setUpClass()
+
+        super(RouterTestPlainSasl, cls).createSaslFiles()
 
         cls.routers = []
 
         x_listener_port = cls.tester.get_port()
         y_listener_port = cls.tester.get_port()
 
-        router('X', [
+        super(RouterTestPlainSasl, cls).router('X', [
                      ('listener', {'addr': '0.0.0.0', 'role': 'inter-router', 'port': x_listener_port,
                                    'saslMechanisms':'PLAIN', 'authenticatePeer': 'yes'}),
                      # This unauthenticated listener is for qdstat to connect to it.
@@ -88,7 +91,7 @@ sql_select: dummy select
                                     'saslConfigPath': os.getcwd()}),
         ])
 
-        router('Y', [
+        super(RouterTestPlainSasl, cls).router('Y', [
                      ('connector', {'addr': '0.0.0.0', 'role': 'inter-router', 'port': x_listener_port,
                                     # Provide a sasl user name and password to connect to
QDR.X
                                    'saslMechanisms': 'PLAIN', 'saslUsername': 'test@domain.com',
'saslPassword': 'password'}),
@@ -117,6 +120,94 @@ sql_select: dummy select
         self.assertIn("inter-router", out)
         self.assertIn("test@domain.com(PLAIN)", out)
 
+
+class RouterTestPlainSaslOverSsl(RouterTestPlainSaslCommon):
+
+    @staticmethod
+    def ssl_file(name):
+        return os.path.join(DIR, 'ssl_certs', name)
+
+    @classmethod
+    def setUpClass(cls):
+        """
+        Tests the sasl_username, sasl_password property of the dispatch router.
+
+        Creates two routers (QDR.X and QDR.Y) and sets up PLAIN authentication on QDR.X.
+        QDR.Y connects to QDR.X by providing a sasl_username and a sasl_password.
+        This PLAIN authentication is done over an TLS/SSLv3 connection.
+
+        """
+        super(RouterTestPlainSaslOverSsl, cls).setUpClass()
+
+        super(RouterTestPlainSaslOverSsl, cls).createSaslFiles()
+
+        cls.routers = []
+
+        x_listener_port = cls.tester.get_port()
+        y_listener_port = cls.tester.get_port()
+
+        super(RouterTestPlainSaslOverSsl, cls).router('X', [
+                     ('listener', {'addr': '0.0.0.0', 'role': 'inter-router', 'port': x_listener_port,
+                                   'sslProfile':'server-ssl-profile',
+                                   'saslMechanisms':'PLAIN', 'authenticatePeer': 'yes'}),
+                     # This unauthenticated listener is for qdstat to connect to it.
+                     ('listener', {'addr': '0.0.0.0', 'role': 'normal', 'port': cls.tester.get_port(),
+                                   'authenticatePeer': 'no'}),
+                     ('sslProfile', {'name': 'server-ssl-profile',
+                                     'cert-db': cls.ssl_file('ca-certificate.pem'),
+                                     'cert-file': cls.ssl_file('server-certificate.pem'),
+                                     'key-file': cls.ssl_file('server-private-key.pem'),
+                                     'password': 'server-password'}),
+                     ('container', {'workerThreads': 4, 'containerName': 'Qpid.Dispatch.Router.X',
+                                    'saslConfigName': 'tests-mech-PLAIN',
+                                    'saslConfigPath': os.getcwd()}),
+        ])
+
+        super(RouterTestPlainSaslOverSsl, cls).router('Y', [
+                     # This router will act like a client. First an SSL connection will be
established and then
+                     # we will have SASL plain authentication over SSL.
+                     ('connector', {'addr': '0.0.0.0', 'role': 'inter-router', 'port': x_listener_port,
+                                    'ssl-profile': 'client-ssl-profile',
+                                    # Provide a sasl user name and password to connect to
QDR.X
+                                    'saslMechanisms': 'PLAIN',
+                                    'saslUsername': 'test@domain.com', 'saslPassword': 'password'}),
+                     ('container', {'workerThreads': 4, 'containerName': 'Qpid.Dispatch.Router.Y'}),
+                     ('listener', {'addr': '0.0.0.0', 'role': 'normal', 'port': y_listener_port}),
+                     ('sslProfile', {'name': 'client-ssl-profile',
+                                     'cert-db': cls.ssl_file('ca-certificate.pem'),
+                                     'cert-file': cls.ssl_file('client-certificate.pem'),
+                                     'key-file': cls.ssl_file('client-private-key.pem'),
+                                     'password': 'client-password'}),
+        ])
+
+        cls.routers[1].wait_router_connected('QDR.X')
+
+    def test_inter_router_plain_over_ssl_exists(self):
+        """The setUpClass sets up two routers with SASL PLAIN enabled over TLS/SSLv3.
+
+        This test makes executes a query for type='org.apache.qpid.dispatch.connection' over
+        an unauthenticated listener to
+        QDR.X and makes sure that the output has an "inter-router" connection to
+        QDR.Y whose authentication is PLAIN. This ensures that QDR.Y did not
+        somehow use SASL ANONYMOUS to connect to QDR.X
+        Also makes sure that TLSv1/SSLv3 was used as sslProto
+
+        """
+        local_node = Node.connect(self.routers[0].addresses[1], timeout=TIMEOUT)
+
+        # sslProto should be TLSv1/SSLv3
+        self.assertEqual(u'TLSv1/SSLv3', local_node.query(type='org.apache.qpid.dispatch.connection').results[0][4])
+
+        # role should be inter-router
+        self.assertEqual(u'inter-router', local_node.query(type='org.apache.qpid.dispatch.connection').results[0][9])
+
+        # sasl must be plain
+        self.assertEqual(u'PLAIN', local_node.query(type='org.apache.qpid.dispatch.connection').results[0][12])
+
+        # user must be test@domain.com
+        self.assertEqual(u'test@domain.com', local_node.query(type='org.apache.qpid.dispatch.connection').results[0][16])
+
+
 if __name__ == '__main__':
     unittest.main(main_module())
 


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org


Mime
View raw message