qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rgodf...@apache.org
Subject svn commit: r1772213 - in /qpid/java/trunk: systests/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java test-profiles/Java10UninvestigatedTestsExcludes
Date Thu, 01 Dec 2016 14:16:01 GMT
Author: rgodfrey
Date: Thu Dec  1 14:16:01 2016
New Revision: 1772213

URL: http://svn.apache.org/viewvc?rev=1772213&view=rev
Log:
QPID-7546 : ExternalAuthenticationTest

Modified:
    qpid/java/trunk/systests/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java
    qpid/java/trunk/test-profiles/Java10UninvestigatedTestsExcludes

Modified: qpid/java/trunk/systests/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java
URL: http://svn.apache.org/viewvc/qpid/java/trunk/systests/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java?rev=1772213&r1=1772212&r2=1772213&view=diff
==============================================================================
--- qpid/java/trunk/systests/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java
(original)
+++ qpid/java/trunk/systests/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java
Thu Dec  1 14:16:01 2016
@@ -32,11 +32,15 @@ import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
+import java.util.Hashtable;
 import java.util.List;
 import java.util.Map;
 
 import javax.jms.Connection;
+import javax.jms.ConnectionFactory;
 import javax.jms.JMSException;
+import javax.jms.Session;
+import javax.naming.InitialContext;
 
 import org.apache.qpid.client.AMQConnectionURL;
 import org.apache.qpid.server.model.AuthenticationProvider;
@@ -59,6 +63,11 @@ public class ExternalAuthenticationTest
     {
         super.setUp();
         setSystemProperty("javax.net.debug", "ssl");
+        setSystemProperty("javax.net.ssl.keyStore", null);
+        setSystemProperty("javax.net.ssl.keyStorePassword", null);
+        setSystemProperty("javax.net.ssl.trustStore", null);
+        setSystemProperty("javax.net.ssl.trustStorePassword", null);
+
     }
 
     @Override
@@ -76,12 +85,11 @@ public class ExternalAuthenticationTest
         setCommonBrokerSSLProperties(true);
         super.startDefaultBroker();
 
-        setClientKeystoreProperties();
-        setClientTrustoreProperties();
-
         try
         {
-            getExternalSSLConnection(false);
+            final Connection connection =
+                    getExternalSSLConnection(false, TRUSTSTORE, TRUSTSTORE_PASSWORD, KEYSTORE,
KEYSTORE_PASSWORD, null);
+            connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
         }
         catch (JMSException e)
         {
@@ -109,9 +117,6 @@ public class ExternalAuthenticationTest
         getDefaultBrokerConfiguration().setObjectAttribute(Port.class, TestBrokerConfiguration.ENTRY_NAME_AMQP_PORT,
Port.AUTHENTICATION_PROVIDER, TestBrokerConfiguration.ENTRY_NAME_EXTERNAL_PROVIDER);
         super.startDefaultBroker();
 
-        setClientKeystoreProperties();
-        setClientTrustoreProperties();
-
         try
         {
             getConnection();
@@ -132,11 +137,11 @@ public class ExternalAuthenticationTest
         setCommonBrokerSSLProperties(false);
         super.startDefaultBroker();
 
-        setClientTrustoreProperties();
-
         try
         {
-            getExternalSSLConnection(true);
+            final Connection connection =
+                    getExternalSSLConnection(true, TRUSTSTORE, TRUSTSTORE_PASSWORD, null,
null, null);
+            connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
             fail("Connection should not succeed");
         }
         catch (JMSException e)
@@ -154,12 +159,15 @@ public class ExternalAuthenticationTest
         setCommonBrokerSSLProperties(true);
         super.startDefaultBroker();
 
-        setUntrustedClientKeystoreProperties();
-        setClientTrustoreProperties();
-
         try
         {
-            getExternalSSLConnection(false, "&ssl_cert_alias='" + TestSSLConstants.CERT_ALIAS_UNTRUSTED_CLIENT
+ "'");
+            getExternalSSLConnection(false,
+                                     TRUSTSTORE,
+                                     TRUSTSTORE_PASSWORD,
+                                     UNTRUSTED_KEYSTORE,
+                                     KEYSTORE_PASSWORD,
+                                     TestSSLConstants.CERT_ALIAS_UNTRUSTED_CLIENT
+                                    );
             fail("Connection should not succeed");
         }
         catch (JMSException e)
@@ -216,13 +224,16 @@ public class ExternalAuthenticationTest
 
         super.startDefaultBroker();
 
-        setClientKeystoreProperties();
-        setClientTrustoreProperties();
-
         try
         {
             //use the app1 cert, which IS in the peerstore (and has CA in the trustStore)
-            getExternalSSLConnection(false, "&ssl_cert_alias='app1'");
+            final Connection connection = getExternalSSLConnection(false,
+                                                                   TRUSTSTORE,
+                                                                   TRUSTSTORE_PASSWORD,
+                                                                   KEYSTORE,
+                                                                   KEYSTORE_PASSWORD,
+                                                                   "app1");
+            connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
         }
         catch (JMSException e)
         {
@@ -232,7 +243,7 @@ public class ExternalAuthenticationTest
         try
         {
             //use the app2 cert, which is NOT in the peerstore (but is signed by the same
CA as app1)
-            getExternalSSLConnection(false, "&ssl_cert_alias='app2'");
+            getExternalSSLConnection(false, TRUSTSTORE, TRUSTSTORE_PASSWORD, KEYSTORE, KEYSTORE_PASSWORD,
"app2");
             if(!useTrustAndPeerStore)
             {
                 fail("Client's validation against the broker's multi store manager unexpectedly
passed, when configured store was expected to deny.");
@@ -262,12 +273,17 @@ public class ExternalAuthenticationTest
 
         super.startDefaultBroker();
 
-        setClientKeystoreProperties();
-        setClientTrustoreProperties();
-
         try
         {
-            getExternalSSLConnection(false, "&ssl_cert_alias='app2'");
+            final Connection connection = getExternalSSLConnection(false,
+                                                                   TRUSTSTORE,
+                                                                   TRUSTSTORE_PASSWORD,
+                                                                   KEYSTORE,
+                                                                   KEYSTORE_PASSWORD,
+                                                                   "app2");
+
+            connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
+
         }
         catch (JMSException e)
         {
@@ -303,12 +319,15 @@ public class ExternalAuthenticationTest
 
         super.startDefaultBroker();
 
-        setClientKeystoreProperties();
-        setClientTrustoreProperties();
-
         try
         {
-            getExternalSSLConnection(false, "&ssl_cert_alias='app2'");
+            final Connection connection = getExternalSSLConnection(false,
+                                                                   TRUSTSTORE,
+                                                                   TRUSTSTORE_PASSWORD,
+                                                                   KEYSTORE,
+                                                                   KEYSTORE_PASSWORD,
+                                                                   "app2");
+            connection.createSession(false, Session.AUTO_ACKNOWLEDGE);
         }
         catch (JMSException e)
         {
@@ -329,24 +348,68 @@ public class ExternalAuthenticationTest
         }
     }
 
-    private Connection getExternalSSLConnection(boolean includeUserNameAndPassword) throws
Exception
-    {
-        return getExternalSSLConnection(includeUserNameAndPassword, "");
-    }
-
-    private Connection getExternalSSLConnection(boolean includeUserNameAndPassword, String
optionString) throws Exception
-    {
-        int amqpTlsPort = getDefaultBroker().getAmqpTlsPort();
-        String url = "amqp://%s@test/?brokerlist='tcp://localhost:%s?ssl='true'&sasl_mechs='EXTERNAL'%s'";
-        if (includeUserNameAndPassword)
-        {
-            url = String.format(url, "guest:guest", String.valueOf(amqpTlsPort), optionString);
+    private Connection getExternalSSLConnection(boolean includeUserNameAndPassword,
+                                                final String trustStoreLocation,
+                                                final String trustStorePassword,
+                                                final String keyStoreLocation,
+                                                final String keyStorePassword,
+                                                final String certAlias) throws Exception
+    {
+        if(isBroker10())
+        {
+            final Hashtable<String, String> env = new Hashtable<>();
+            final StringBuilder uri = new StringBuilder("amqps://localhost:").append(String.valueOf(getDefaultBroker().getAmqpTlsPort())).append("?amqp.vhost=test&amqp.saslMechanisms=EXTERNAL");
+            if(trustStoreLocation != null)
+            {
+                uri.append("&transport.trustStoreLocation=").append(trustStoreLocation);
+            }
+            if(trustStorePassword != null)
+            {
+                uri.append("&transport.trustStorePassword=").append(trustStorePassword);
+            }
+            if(keyStoreLocation != null)
+            {
+                uri.append("&transport.keyStoreLocation=").append(keyStoreLocation);
+            }
+            if(keyStorePassword != null)
+            {
+                uri.append("&transport.keyStorePassword=").append(keyStorePassword);
+            }
+            if(certAlias != null)
+            {
+                uri.append("&transport.keyAlias=").append(certAlias);
+            }
+            env.put("connectionfactory.externalauth", uri.toString());
+            InitialContext initialContext = new InitialContext(env);
+            final ConnectionFactory connectionFactory = (ConnectionFactory) initialContext.lookup("externalauth");
+            if(includeUserNameAndPassword)
+            {
+                return connectionFactory.createConnection("guest","guest");
+            }
+            else
+            {
+                return connectionFactory.createConnection();
+            }
         }
         else
         {
-            url = String.format(url, ":", String.valueOf(amqpTlsPort), optionString);
+            setSystemProperty("javax.net.ssl.keyStore", keyStoreLocation);
+            setSystemProperty("javax.net.ssl.keyStorePassword", keyStorePassword);
+            setSystemProperty("javax.net.ssl.trustStore", trustStoreLocation);
+            setSystemProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
+            String certAliasOption = certAlias == null ? "" : "&ssl_cert_alias='"+certAlias+"'";
+            int amqpTlsPort = getDefaultBroker().getAmqpTlsPort();
+            String url = "amqp://%s@test/?brokerlist='tcp://localhost:%s?ssl='true'&sasl_mechs='EXTERNAL'%s'";
+            if (includeUserNameAndPassword)
+            {
+                url = String.format(url, "guest:guest", String.valueOf(amqpTlsPort), certAliasOption);
+            }
+            else
+            {
+                url = String.format(url, ":", String.valueOf(amqpTlsPort), certAliasOption);
+            }
+            return getConnection(new AMQConnectionURL(url));
         }
-        return getConnection(new AMQConnectionURL(url));
     }
 
     private void setCommonBrokerSSLProperties(boolean needClientAuth)
@@ -388,21 +451,4 @@ public class ExternalAuthenticationTest
         config.setObjectAttribute(Port.class, TestBrokerConfiguration.ENTRY_NAME_SSL_PORT,
Port.AUTHENTICATION_PROVIDER, TestBrokerConfiguration.ENTRY_NAME_EXTERNAL_PROVIDER);
     }
 
-    private void setUntrustedClientKeystoreProperties()
-    {
-        setSystemProperty("javax.net.ssl.keyStore", UNTRUSTED_KEYSTORE);
-        setSystemProperty("javax.net.ssl.keyStorePassword", KEYSTORE_PASSWORD);
-    }
-
-    private void setClientKeystoreProperties()
-    {
-        setSystemProperty("javax.net.ssl.keyStore", KEYSTORE);
-        setSystemProperty("javax.net.ssl.keyStorePassword", KEYSTORE_PASSWORD);
-    }
-
-    private void setClientTrustoreProperties()
-    {
-        setSystemProperty("javax.net.ssl.trustStore", TRUSTSTORE);
-        setSystemProperty("javax.net.ssl.trustStorePassword", TRUSTSTORE_PASSWORD);
-    }
 }

Modified: qpid/java/trunk/test-profiles/Java10UninvestigatedTestsExcludes
URL: http://svn.apache.org/viewvc/qpid/java/trunk/test-profiles/Java10UninvestigatedTestsExcludes?rev=1772213&r1=1772212&r2=1772213&view=diff
==============================================================================
--- qpid/java/trunk/test-profiles/Java10UninvestigatedTestsExcludes (original)
+++ qpid/java/trunk/test-profiles/Java10UninvestigatedTestsExcludes Thu Dec  1 14:16:01 2016
@@ -25,7 +25,6 @@ org.apache.qpid.server.logging.ConsumerL
 org.apache.qpid.server.logging.DurableQueueLoggingTest#*
 org.apache.qpid.server.logging.QueueLoggingTest#*
 org.apache.qpid.server.logging.TransientQueueLoggingTest#*
-org.apache.qpid.server.security.auth.manager.ExternalAuthenticationTest#*
 org.apache.qpid.client.prefetch.PrefetchBehaviourTest#*
 org.apache.qpid.client.redelivered.RedeliveredMessageTest#*
 org.apache.qpid.client.SynchReceiveTest#*



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org


Mime
View raw message