diff options
author | Rajith Muditha Attapattu <rajith@apache.org> | 2010-03-19 22:53:19 +0000 |
---|---|---|
committer | Rajith Muditha Attapattu <rajith@apache.org> | 2010-03-19 22:53:19 +0000 |
commit | 6206e26f231780bf84de5c6d57325c28552c4fac (patch) | |
tree | a7e7b50347ed4c79da099e042bee6995d7ecbc0a | |
parent | ed9e0f6f6685439791d3af2985ff36a9707ce5e1 (diff) | |
download | qpid-python-6206e26f231780bf84de5c6d57325c28552c4fac.tar.gz |
Added test cases for QPID-2444 and QPID-2446
Modified SSLUtil to handle the case where distinguished name only contains the CN component.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@925469 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java | 6 | ||||
-rw-r--r-- | qpid/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java | 110 |
2 files changed, 114 insertions, 2 deletions
diff --git a/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java b/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java index f23d9ae359..130ce04adc 100644 --- a/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java +++ b/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java @@ -28,7 +28,8 @@ public class SSLUtil if (dn.contains("CN=")) { - hostname = dn.substring(3, dn.indexOf(",")); + hostname = dn.substring(3, + dn.indexOf(",") == -1? dn.length(): dn.indexOf(",")); } if (log.isDebugEnabled()) @@ -38,7 +39,8 @@ public class SSLUtil log.debug("Host Name obtained from DN : " + hostname); } - if (hostname != null && !hostname.equalsIgnoreCase(hostnameExpected)) + if (hostname != null && !(hostname.equalsIgnoreCase(hostnameExpected) || + hostname.equalsIgnoreCase(hostnameExpected + ".localdomain"))) { throw new TransportException("SSL hostname verification failed." + " Expected : " + hostnameExpected + diff --git a/qpid/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java b/qpid/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java new file mode 100644 index 0000000000..6d6b6db420 --- /dev/null +++ b/qpid/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java @@ -0,0 +1,110 @@ +package org.apache.qpid.client.ssl; + +import java.io.ByteArrayOutputStream; +import java.io.PrintStream; + +import javax.jms.Session; + +import org.apache.qpid.client.AMQConnection; +import org.apache.qpid.test.utils.QpidTestCase; + +public class SSLTest extends QpidTestCase +{ + public void testCreateSSLContextFromConnectionURLParams() + { + if (Boolean.getBoolean("profile.use_ssl")) + { + String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:%s" + + "?ssl='true'&ssl_verify_hostname='true'" + + "&key_store='%s'&keystore_password='%s'" + + "&trust_store='%s'&trust_store_password='%s'" + + "'"; + url = String.format(url,System.getProperty("test.port.ssl"), + System.getProperty("javax.net.ssl.keyStore"), + System.getProperty("javax.net.ssl.keyStorePassword"), + System.getProperty("javax.net.ssl.trustStore"), + System.getProperty("javax.net.ssl.trustStorePassword")); + + // temporarily set the trust store jvm arg to something else + // to ensure we only read from the connection URL param. + String tmp = System.getProperty("javax.net.ssl.trustStore"); + System.setProperty("javax.net.ssl.trustStore","fessgsdgd"); + try + { + AMQConnection con = new AMQConnection(url); + Session ssn = con.createSession(false,Session.AUTO_ACKNOWLEDGE); + } + catch (Exception e) + { + fail("SSL Connection should be successful"); + } + finally + { + System.setProperty("javax.net.ssl.trustStore",tmp); + } + } + } + + public void testVerifyHostName() + { + if (Boolean.getBoolean("profile.use_ssl")) + { + String url = "amqp://guest:guest@test/?brokerlist='tcp://127.0.0.1:" + + System.getProperty("test.port.ssl") + + "?ssl='true'&ssl_verify_hostname='true''"; + + try + { + AMQConnection con = new AMQConnection(url); + fail("Hostname verification failed. No exception was thrown"); + } + catch (Exception e) + { + ByteArrayOutputStream bout = new ByteArrayOutputStream(); + e.printStackTrace(new PrintStream(bout)); + String strace = bout.toString(); + assertTrue("Correct exception not thrown",strace.contains("SSL hostname verification failed")); + } + + } + } + + public void testVerifyLocalHost() + { + if (Boolean.getBoolean("profile.use_ssl")) + { + String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:" + + System.getProperty("test.port.ssl") + + "?ssl='true'&ssl_verify_hostname='true''"; + + try + { + AMQConnection con = new AMQConnection(url); + } + catch (Exception e) + { + fail("Hostname verification should succeed"); + } + } + } + + public void testVerifyLocalHostLocalDomain() + { + if (Boolean.getBoolean("profile.use_ssl")) + { + String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost.localdomain:" + + System.getProperty("test.port.ssl") + + "?ssl='true'&ssl_verify_hostname='true''"; + + try + { + AMQConnection con = new AMQConnection(url); + } + catch (Exception e) + { + fail("Hostname verification should succeed"); + } + + } + } +} |