summaryrefslogtreecommitdiff
path: root/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java
diff options
context:
space:
mode:
Diffstat (limited to 'java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java')
-rw-r--r--java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java291
1 files changed, 238 insertions, 53 deletions
diff --git a/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java b/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java
index 39689f5096..884e89fb65 100644
--- a/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java
+++ b/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java
@@ -20,54 +20,55 @@
*/
package org.apache.qpid.client.ssl;
-import org.apache.qpid.client.AMQConnection;
+import static org.apache.qpid.test.utils.TestSSLConstants.KEYSTORE;
+import static org.apache.qpid.test.utils.TestSSLConstants.KEYSTORE_PASSWORD;
+import static org.apache.qpid.test.utils.TestSSLConstants.TRUSTSTORE;
+import static org.apache.qpid.test.utils.TestSSLConstants.TRUSTSTORE_PASSWORD;
+
+import org.apache.commons.configuration.ConfigurationException;
+import org.apache.qpid.client.AMQConnectionURL;
import org.apache.qpid.client.AMQTestConnection_0_10;
+import org.apache.qpid.jms.ConnectionURL;
+import org.apache.qpid.server.model.Port;
+import org.apache.qpid.server.model.Transport;
import org.apache.qpid.test.utils.QpidBrokerTestCase;
-import org.apache.qpid.transport.Connection;
+import org.apache.qpid.test.utils.TestBrokerConfiguration;
+import javax.jms.Connection;
+import javax.jms.JMSException;
import javax.jms.Session;
import java.io.ByteArrayOutputStream;
import java.io.PrintStream;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
public class SSLTest extends QpidBrokerTestCase
{
- private static final String KEYSTORE = "test-profiles/test_resources/ssl/java_client_keystore.jks";
- private static final String KEYSTORE_PASSWORD = "password";
- private static final String TRUSTSTORE = "test-profiles/test_resources/ssl/java_client_truststore.jks";
- private static final String TRUSTSTORE_PASSWORD = "password";
private static final String CERT_ALIAS_APP1 = "app1";
private static final String CERT_ALIAS_APP2 = "app2";
@Override
protected void setUp() throws Exception
{
- if(isJavaBroker())
- {
- setTestClientSystemProperty("profile.use_ssl", "true");
- setConfigurationProperty("connector.ssl.enabled", "true");
- setConfigurationProperty("connector.ssl.sslOnly", "true");
- setConfigurationProperty("connector.ssl.wantClientAuth", "true");
- }
-
- // set the ssl system properties
- setSystemProperty("javax.net.ssl.keyStore", KEYSTORE);
- setSystemProperty("javax.net.ssl.keyStorePassword", KEYSTORE_PASSWORD);
- setSystemProperty("javax.net.ssl.trustStore", TRUSTSTORE);
- setSystemProperty("javax.net.ssl.trustStorePassword", TRUSTSTORE_PASSWORD);
setSystemProperty("javax.net.debug", "ssl");
- super.setUp();
+
+ setSslStoreSystemProperties();
+
+ //We dont call super.setUp, the tests start the broker after deciding
+ //whether to run and then configuring it appropriately
}
public void testCreateSSLConnectionUsingConnectionURLParams() throws Exception
{
- if (Boolean.getBoolean("profile.use_ssl"))
+ if (shouldPerformTest())
{
- // Clear the ssl system properties
- setSystemProperty("javax.net.ssl.keyStore", null);
- setSystemProperty("javax.net.ssl.keyStorePassword", null);
- setSystemProperty("javax.net.ssl.trustStore", null);
- setSystemProperty("javax.net.ssl.trustStorePassword", null);
+ clearSslStoreSystemProperties();
+ //Start the broker (NEEDing client certificate authentication)
+ configureJavaBrokerIfNecessary(true, true, true, false);
+ super.setUp();
+
String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:%s" +
"?ssl='true'&ssl_verify_hostname='true'" +
"&key_store='%s'&key_store_password='%s'" +
@@ -76,24 +77,75 @@ public class SSLTest extends QpidBrokerTestCase
url = String.format(url,QpidBrokerTestCase.DEFAULT_SSL_PORT,
KEYSTORE,KEYSTORE_PASSWORD,TRUSTSTORE,TRUSTSTORE_PASSWORD);
-
- AMQConnection con = new AMQConnection(url);
+
+ Connection con = getConnection(new AMQConnectionURL(url));
assertNotNull("connection should be successful", con);
Session ssn = con.createSession(false,Session.AUTO_ACKNOWLEDGE);
assertNotNull("create session should be successful", ssn);
- }
+ }
+ }
+
+ /**
+ * Create an SSL connection using the SSL system properties for the trust and key store, but using
+ * the {@link ConnectionURL} ssl='true' option to indicate use of SSL at a Connection level,
+ * without specifying anything at the {@link ConnectionURL#OPTIONS_BROKERLIST} level.
+ */
+ public void testSslConnectionOption() throws Exception
+ {
+ if (shouldPerformTest())
+ {
+ //Start the broker (NEEDing client certificate authentication)
+ configureJavaBrokerIfNecessary(true, true, true, false);
+ super.setUp();
+
+ //Create URL enabling SSL at the connection rather than brokerlist level
+ String url = "amqp://guest:guest@test/?ssl='true'&brokerlist='tcp://localhost:%s'";
+ url = String.format(url,QpidBrokerTestCase.DEFAULT_SSL_PORT);
+
+ Connection con = getConnection(new AMQConnectionURL(url));
+ assertNotNull("connection should be successful", con);
+ Session ssn = con.createSession(false,Session.AUTO_ACKNOWLEDGE);
+ assertNotNull("create session should be successful", ssn);
+ }
+ }
+
+ /**
+ * Create an SSL connection using the SSL system properties for the trust and key store, but using
+ * the {@link ConnectionURL} ssl='true' option to indicate use of SSL at a Connection level,
+ * overriding the false setting at the {@link ConnectionURL#OPTIONS_BROKERLIST} level.
+ */
+ public void testSslConnectionOptionOverridesBrokerlistOption() throws Exception
+ {
+ if (shouldPerformTest())
+ {
+ //Start the broker (NEEDing client certificate authentication)
+ configureJavaBrokerIfNecessary(true, true, true, false);
+ super.setUp();
+
+ //Create URL enabling SSL at the connection, overriding the false at the brokerlist level
+ String url = "amqp://guest:guest@test/?ssl='true'&brokerlist='tcp://localhost:%s?ssl='false''";
+ url = String.format(url,QpidBrokerTestCase.DEFAULT_SSL_PORT);
+
+ Connection con = getConnection(new AMQConnectionURL(url));
+ assertNotNull("connection should be successful", con);
+ Session ssn = con.createSession(false,Session.AUTO_ACKNOWLEDGE);
+ assertNotNull("create session should be successful", ssn);
+ }
}
public void testCreateSSLConnectionUsingSystemProperties() throws Exception
{
- if (Boolean.getBoolean("profile.use_ssl"))
+ if (shouldPerformTest())
{
+ //Start the broker (NEEDing client certificate authentication)
+ configureJavaBrokerIfNecessary(true, true, true, false);
+ super.setUp();
String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:%s?ssl='true''";
url = String.format(url,QpidBrokerTestCase.DEFAULT_SSL_PORT);
- AMQConnection con = new AMQConnection(url);
+ Connection con = getConnection(new AMQConnectionURL(url));
assertNotNull("connection should be successful", con);
Session ssn = con.createSession(false,Session.AUTO_ACKNOWLEDGE);
assertNotNull("create session should be successful", ssn);
@@ -102,14 +154,18 @@ public class SSLTest extends QpidBrokerTestCase
public void testMultipleCertsInSingleStore() throws Exception
{
- if (Boolean.getBoolean("profile.use_ssl"))
+ if (shouldPerformTest())
{
+ //Start the broker (NEEDing client certificate authentication)
+ configureJavaBrokerIfNecessary(true, true, true, false);
+ super.setUp();
+
String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:" +
QpidBrokerTestCase.DEFAULT_SSL_PORT +
"?ssl='true'&ssl_cert_alias='" + CERT_ALIAS_APP1 + "''";
AMQTestConnection_0_10 con = new AMQTestConnection_0_10(url);
- Connection transportCon = con.getConnection();
+ org.apache.qpid.transport.Connection transportCon = con.getConnection();
String userID = transportCon.getSecurityLayer().getUserID();
assertEquals("The correct certificate was not choosen","app1@acme.org",userID);
con.close();
@@ -126,65 +182,82 @@ public class SSLTest extends QpidBrokerTestCase
}
}
- public void testVerifyHostNameWithIncorrectHostname()
+ public void testVerifyHostNameWithIncorrectHostname() throws Exception
{
- if (Boolean.getBoolean("profile.use_ssl"))
+ if (shouldPerformTest())
{
+ //Start the broker (WANTing client certificate authentication)
+ configureJavaBrokerIfNecessary(true, true, false, true);
+ super.setUp();
+
String url = "amqp://guest:guest@test/?brokerlist='tcp://127.0.0.1:" +
QpidBrokerTestCase.DEFAULT_SSL_PORT +
"?ssl='true'&ssl_verify_hostname='true''";
try
{
- AMQConnection con = new AMQConnection(url);
+ getConnection(new AMQConnectionURL(url));
fail("Hostname verification failed. No exception was thrown");
}
catch (Exception e)
{
- ByteArrayOutputStream bout = new ByteArrayOutputStream();
- e.printStackTrace(new PrintStream(bout));
- String strace = bout.toString();
- assertTrue("Correct exception not thrown",strace.contains("SSL hostname verification failed"));
+ verifyExceptionCausesContains(e, "SSL hostname verification failed");
}
-
}
}
+
+ private void verifyExceptionCausesContains(Exception e, String expectedString)
+ {
+ ByteArrayOutputStream bout = new ByteArrayOutputStream();
+ e.printStackTrace(new PrintStream(bout));
+ String strace = bout.toString();
+ assertTrue("Correct exception not thrown", strace.contains(expectedString));
+ }
public void testVerifyLocalHost() throws Exception
{
- if (Boolean.getBoolean("profile.use_ssl"))
+ if (shouldPerformTest())
{
+ //Start the broker (WANTing client certificate authentication)
+ configureJavaBrokerIfNecessary(true, true, false, true);
+ super.setUp();
+
String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:" +
QpidBrokerTestCase.DEFAULT_SSL_PORT +
"?ssl='true'&ssl_verify_hostname='true''";
- AMQConnection con = new AMQConnection(url);
- assertNotNull("connection should have been created", con);
+ Connection con = getConnection(new AMQConnectionURL(url));
+ assertNotNull("connection should have been created", con);
}
}
public void testVerifyLocalHostLocalDomain() throws Exception
{
- if (Boolean.getBoolean("profile.use_ssl"))
+ if (shouldPerformTest())
{
+ //Start the broker (WANTing client certificate authentication)
+ configureJavaBrokerIfNecessary(true, true, false, true);
+ super.setUp();
+
String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost.localdomain:" +
QpidBrokerTestCase.DEFAULT_SSL_PORT +
"?ssl='true'&ssl_verify_hostname='true''";
- AMQConnection con = new AMQConnection(url);
+ Connection con = getConnection(new AMQConnectionURL(url));
assertNotNull("connection should have been created", con);
}
}
public void testCreateSSLConnectionUsingConnectionURLParamsTrustStoreOnly() throws Exception
{
- if (Boolean.getBoolean("profile.use_ssl"))
+ if (shouldPerformTest())
{
- // Clear the ssl system properties
- setSystemProperty("javax.net.ssl.keyStore", null);
- setSystemProperty("javax.net.ssl.keyStorePassword", null);
- setSystemProperty("javax.net.ssl.trustStore", null);
- setSystemProperty("javax.net.ssl.trustStorePassword", null);
+ clearSslStoreSystemProperties();
+
+ //Start the broker (WANTing client certificate authentication)
+ configureJavaBrokerIfNecessary(true, true, false, true);
+ super.setUp();
+
String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:%s" +
"?ssl='true'&ssl_verify_hostname='true'" +
@@ -193,10 +266,122 @@ public class SSLTest extends QpidBrokerTestCase
url = String.format(url,QpidBrokerTestCase.DEFAULT_SSL_PORT, TRUSTSTORE,TRUSTSTORE_PASSWORD);
- AMQConnection con = new AMQConnection(url);
+ Connection con = getConnection(new AMQConnectionURL(url));
assertNotNull("connection should be successful", con);
Session ssn = con.createSession(false,Session.AUTO_ACKNOWLEDGE);
assertNotNull("create session should be successful", ssn);
}
}
+
+ /**
+ * Verifies that when the broker is configured to NEED client certificates,
+ * a client which doesn't supply one fails to connect.
+ */
+ public void testClientCertMissingWhilstNeeding() throws Exception
+ {
+ missingClientCertWhileNeedingOrWantingTestImpl(true, false, false);
+ }
+
+ /**
+ * Verifies that when the broker is configured to WANT client certificates,
+ * a client which doesn't supply one succeeds in connecting.
+ */
+ public void testClientCertMissingWhilstWanting() throws Exception
+ {
+ missingClientCertWhileNeedingOrWantingTestImpl(false, true, true);
+ }
+
+ /**
+ * Verifies that when the broker is configured to WANT and NEED client certificates
+ * that a client which doesn't supply one fails to connect.
+ */
+ public void testClientCertMissingWhilstWantingAndNeeding() throws Exception
+ {
+ missingClientCertWhileNeedingOrWantingTestImpl(true, true, false);
+ }
+
+ private void missingClientCertWhileNeedingOrWantingTestImpl(boolean needClientCerts,
+ boolean wantClientCerts, boolean shouldSucceed) throws Exception
+ {
+ if (shouldPerformTest())
+ {
+ clearSslStoreSystemProperties();
+
+ //Start the broker
+ configureJavaBrokerIfNecessary(true, true, needClientCerts, wantClientCerts);
+ super.setUp();
+
+ String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:%s" +
+ "?ssl='true'&trust_store='%s'&trust_store_password='%s''";
+
+ url = String.format(url,QpidBrokerTestCase.DEFAULT_SSL_PORT,TRUSTSTORE,TRUSTSTORE_PASSWORD);
+ try
+ {
+ Connection con = getConnection(new AMQConnectionURL(url));
+ if(!shouldSucceed)
+ {
+ fail("Connection succeeded, expected exception was not thrown");
+ }
+ else
+ {
+ //Use the connection to verify it works
+ con.createSession(true, Session.SESSION_TRANSACTED);
+ }
+ }
+ catch(JMSException e)
+ {
+ if(shouldSucceed)
+ {
+ _logger.error("Caught unexpected exception",e);
+ fail("Connection failed, unexpected exception thrown");
+ }
+ else
+ {
+ //expected
+ verifyExceptionCausesContains(e, "Caused by: javax.net.ssl.SSLException:");
+ }
+ }
+ }
+ }
+
+ private boolean shouldPerformTest()
+ {
+ // We run the SSL tests on all the Java broker profiles
+ if(isJavaBroker())
+ {
+ setTestClientSystemProperty(PROFILE_USE_SSL, "true");
+ }
+
+ return Boolean.getBoolean(PROFILE_USE_SSL);
+ }
+
+ private void configureJavaBrokerIfNecessary(boolean sslEnabled, boolean sslOnly, boolean needClientAuth, boolean wantClientAuth) throws ConfigurationException
+ {
+ if(isJavaBroker())
+ {
+ Map<String, Object> sslPortAttributes = new HashMap<String, Object>();
+ sslPortAttributes.put(Port.TRANSPORTS, Collections.singleton(Transport.SSL));
+ sslPortAttributes.put(Port.PORT, DEFAULT_SSL_PORT);
+ sslPortAttributes.put(Port.NEED_CLIENT_AUTH, needClientAuth);
+ sslPortAttributes.put(Port.WANT_CLIENT_AUTH, wantClientAuth);
+ sslPortAttributes.put(Port.NAME, TestBrokerConfiguration.ENTRY_NAME_SSL_PORT);
+ getBrokerConfiguration().addPortConfiguration(sslPortAttributes);
+ }
+ }
+
+ private void setSslStoreSystemProperties()
+ {
+ setSystemProperty("javax.net.ssl.keyStore", KEYSTORE);
+ setSystemProperty("javax.net.ssl.keyStorePassword", KEYSTORE_PASSWORD);
+ setSystemProperty("javax.net.ssl.trustStore", TRUSTSTORE);
+ setSystemProperty("javax.net.ssl.trustStorePassword", TRUSTSTORE_PASSWORD);
+ }
+
+ private void clearSslStoreSystemProperties()
+ {
+ setSystemProperty("javax.net.ssl.keyStore", null);
+ setSystemProperty("javax.net.ssl.keyStorePassword", null);
+ setSystemProperty("javax.net.ssl.trustStore", null);
+ setSystemProperty("javax.net.ssl.trustStorePassword", null);
+ }
}
View Lorry Controller Status