ARTEMIS-1853 Adding Netty OpenSSL provider test Added some netty openssl tests Fix a NPE issue
Project: http://git-wip-us.apache.org/repos/asf/activemq-artemis/repo Commit: http://git-wip-us.apache.org/repos/asf/activemq-artemis/commit/8b458b56 Tree: http://git-wip-us.apache.org/repos/asf/activemq-artemis/tree/8b458b56 Diff: http://git-wip-us.apache.org/repos/asf/activemq-artemis/diff/8b458b56 Branch: refs/heads/2.6.x Commit: 8b458b568268e4364bae94d25535d9373a8a49f8 Parents: ef03ce4 Author: Howard Gao <[email protected]> Authored: Fri May 18 06:50:37 2018 +0800 Committer: Clebert Suconic <[email protected]> Committed: Mon May 21 18:09:29 2018 -0400 ---------------------------------------------------------------------- .../core/remoting/impl/ssl/SSLSupport.java | 2 +- .../tests/integration/ssl/SSLProviderTest.java | 84 +++++++++++++++ .../integration/ssl/SSLProviderTwoWayTest.java | 101 +++++++++++++++++ .../tests/integration/ssl/SSLTestBase.java | 108 +++++++++++++++++++ 4 files changed, 294 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/8b458b56/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java ---------------------------------------------------------------------- diff --git a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java index 85c2c50..905e19e 100644 --- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java +++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/ssl/SSLSupport.java @@ -125,7 +125,7 @@ public class SSLSupport { final boolean trustAll ) throws Exception { KeyStore keyStore = SSLSupport.loadKeystore(keystoreProvider, keystorePath, keystorePassword); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); - keyManagerFactory.init(keyStore, keystorePassword.toCharArray()); + keyManagerFactory.init(keyStore, keystorePassword == null ? null : keystorePassword.toCharArray()); return SslContextBuilder.forClient().sslProvider(SslProvider.valueOf(sslProvider)).keyManager(keyManagerFactory).trustManager(SSLSupport.loadTrustManagerFactory(trustStoreProvider, trustStorePath, trustStorePassword, trustAll, null)).build(); } http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/8b458b56/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SSLProviderTest.java ---------------------------------------------------------------------- diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SSLProviderTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SSLProviderTest.java new file mode 100644 index 0000000..3fa976f --- /dev/null +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SSLProviderTest.java @@ -0,0 +1,84 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.artemis.tests.integration.ssl; + +import org.apache.activemq.artemis.api.core.RoutingType; +import org.apache.activemq.artemis.api.core.client.ActiveMQClient; +import org.apache.activemq.artemis.api.core.client.ClientConsumer; +import org.apache.activemq.artemis.api.core.client.ClientMessage; +import org.apache.activemq.artemis.api.core.client.ClientProducer; +import org.apache.activemq.artemis.api.core.client.ClientSession; +import org.apache.activemq.artemis.api.core.client.ClientSessionFactory; +import org.apache.activemq.artemis.api.core.client.ServerLocator; +import org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptor; +import org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants; +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.Parameterized; + +@RunWith(Parameterized.class) +public class SSLProviderTest extends SSLTestBase { + + public SSLProviderTest(String sslProvider, String clientSslProvider) { + super(sslProvider, clientSslProvider); + } + + @Test + public void testProviderConfig() { + NettyAcceptor acceptor = (NettyAcceptor) server.getRemotingService().getAcceptor(getNettyAcceptorName()); + assertNotNull(acceptor); + String sslProviderInUse = (String) acceptor.getConfiguration().get(TransportConstants.SSL_PROVIDER); + assertEquals(sslProvider, sslProviderInUse); + } + + @Test + public void testProviderLoading() throws Exception { + if (!isOpenSSLSupported()) { + System.out.println("*** Skip test on un-supported platform."); + return; + } + + final String text = "Hello SSL!"; + StringBuilder uri = new StringBuilder("tcp://" + tc.getParams().get(TransportConstants.HOST_PROP_NAME).toString() + + ":" + tc.getParams().get(TransportConstants.PORT_PROP_NAME).toString()); + + uri.append("?").append(TransportConstants.SSL_ENABLED_PROP_NAME).append("=true"); + uri.append("&").append(TransportConstants.SSL_PROVIDER).append("=").append(clientSslProvider); + uri.append("&").append(TransportConstants.TRUSTSTORE_PROVIDER_PROP_NAME).append("=JKS"); + uri.append("&").append(TransportConstants.TRUSTSTORE_PATH_PROP_NAME).append("=").append(CLIENT_SIDE_TRUSTSTORE); + uri.append("&").append(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME).append("=").append(PASSWORD); + + System.out.println("uri: " + uri.toString()); + ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocator(uri.toString())); + ClientSessionFactory sf = addSessionFactory(createSessionFactory(locator)); + ClientSession session = addClientSession(sf.createSession(false, true, true)); + session.createQueue(QUEUE, RoutingType.ANYCAST, QUEUE); + ClientProducer producer = addClientProducer(session.createProducer(QUEUE)); + + ClientMessage message = createTextMessage(session, text); + producer.send(message); + + ClientConsumer consumer = addClientConsumer(session.createConsumer(QUEUE)); + session.start(); + + ClientMessage m = consumer.receive(1000); + Assert.assertNotNull(m); + Assert.assertEquals(text, m.getBodyBuffer().readString()); + + } +} http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/8b458b56/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SSLProviderTwoWayTest.java ---------------------------------------------------------------------- diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SSLProviderTwoWayTest.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SSLProviderTwoWayTest.java new file mode 100644 index 0000000..cc93d47 --- /dev/null +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SSLProviderTwoWayTest.java @@ -0,0 +1,101 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.artemis.tests.integration.ssl; + +import org.apache.activemq.artemis.api.core.RoutingType; +import org.apache.activemq.artemis.api.core.client.ActiveMQClient; +import org.apache.activemq.artemis.api.core.client.ClientConsumer; +import org.apache.activemq.artemis.api.core.client.ClientMessage; +import org.apache.activemq.artemis.api.core.client.ClientProducer; +import org.apache.activemq.artemis.api.core.client.ClientSession; +import org.apache.activemq.artemis.api.core.client.ClientSessionFactory; +import org.apache.activemq.artemis.api.core.client.ServerLocator; +import org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptor; +import org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants; +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.Parameterized; + +import java.util.Map; + +@RunWith(Parameterized.class) +public class SSLProviderTwoWayTest extends SSLTestBase { + + public SSLProviderTwoWayTest(String sslProvider, String clientSslProvider) { + super(sslProvider, clientSslProvider); + } + + @Override + protected void configureSSLParameters(Map<String, Object> params) { + super.configureSSLParameters(params); + + params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME, SERVER_SIDE_TRUSTSTORE); + params.put(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, PASSWORD); + params.put(TransportConstants.TRUSTSTORE_PROVIDER_PROP_NAME, "JKS"); + params.put(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, true); + } + + @Test + public void testProviderConfig() { + NettyAcceptor acceptor = (NettyAcceptor) server.getRemotingService().getAcceptor(getNettyAcceptorName()); + assertNotNull(acceptor); + String sslProviderInUse = (String) acceptor.getConfiguration().get(TransportConstants.SSL_PROVIDER); + assertEquals(sslProvider, sslProviderInUse); + assertTrue((Boolean) acceptor.getConfiguration().get(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME)); + } + + @Test + public void testProviderLoading2Way() throws Exception { + if (!isOpenSSLSupported()) { + System.out.println("*** Skip test on un-supported platform."); + return; + } + + final String text = "Hello SSL!"; + StringBuilder uri = new StringBuilder("tcp://" + tc.getParams().get(TransportConstants.HOST_PROP_NAME).toString() + + ":" + tc.getParams().get(TransportConstants.PORT_PROP_NAME).toString()); + + uri.append("?").append(TransportConstants.SSL_ENABLED_PROP_NAME).append("=true"); + uri.append("&").append(TransportConstants.SSL_PROVIDER).append("=").append(clientSslProvider); + uri.append("&").append(TransportConstants.KEYSTORE_PROVIDER_PROP_NAME).append("=").append("JKS"); + uri.append("&").append(TransportConstants.KEYSTORE_PATH_PROP_NAME).append("=").append(CLIENT_SIDE_KEYSTORE); + uri.append("&").append(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME).append("=").append(PASSWORD); + uri.append("&").append(TransportConstants.TRUSTSTORE_PROVIDER_PROP_NAME).append("=JKS"); + uri.append("&").append(TransportConstants.TRUSTSTORE_PATH_PROP_NAME).append("=").append(CLIENT_SIDE_TRUSTSTORE); + uri.append("&").append(TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME).append("=").append(PASSWORD); + + System.out.println("uri: " + uri.toString()); + ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocator(uri.toString())); + ClientSessionFactory sf = addSessionFactory(createSessionFactory(locator)); + ClientSession session = addClientSession(sf.createSession(false, true, true)); + session.createQueue(QUEUE, RoutingType.ANYCAST, QUEUE); + ClientProducer producer = addClientProducer(session.createProducer(QUEUE)); + + ClientMessage message = createTextMessage(session, text); + producer.send(message); + + ClientConsumer consumer = addClientConsumer(session.createConsumer(QUEUE)); + session.start(); + + ClientMessage m = consumer.receive(1000); + Assert.assertNotNull(m); + Assert.assertEquals(text, m.getBodyBuffer().readString()); + + } + +} http://git-wip-us.apache.org/repos/asf/activemq-artemis/blob/8b458b56/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SSLTestBase.java ---------------------------------------------------------------------- diff --git a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SSLTestBase.java b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SSLTestBase.java new file mode 100644 index 0000000..92281e5 --- /dev/null +++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SSLTestBase.java @@ -0,0 +1,108 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.artemis.tests.integration.ssl; + +import io.netty.handler.ssl.OpenSsl; +import org.apache.activemq.artemis.api.core.TransportConfiguration; +import org.apache.activemq.artemis.core.config.impl.ConfigurationImpl; +import org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants; +import org.apache.activemq.artemis.core.server.ActiveMQServer; +import org.apache.activemq.artemis.core.server.ActiveMQServers; +import org.apache.activemq.artemis.tests.util.ActiveMQTestBase; +import org.junit.Before; +import org.junit.runners.Parameterized; + +import java.lang.management.ManagementFactory; +import java.util.Arrays; +import java.util.Collection; +import java.util.HashMap; +import java.util.Map; + +public abstract class SSLTestBase extends ActiveMQTestBase { + + @Parameterized.Parameters(name = "sslProvider={0},clientProvider={1}") + public static Collection getParameters() { + return Arrays.asList(new Object[][]{{TransportConstants.OPENSSL_PROVIDER, TransportConstants.DEFAULT_SSL_PROVIDER}, + {TransportConstants.OPENSSL_PROVIDER, TransportConstants.OPENSSL_PROVIDER}, + {TransportConstants.DEFAULT_SSL_PROVIDER, TransportConstants.DEFAULT_SSL_PROVIDER}, + {TransportConstants.DEFAULT_SSL_PROVIDER, TransportConstants.OPENSSL_PROVIDER}}); + } + + protected static final String QUEUE = "ssl.test.queue"; + + protected final String PASSWORD = "secureexample"; + protected String SERVER_SIDE_KEYSTORE = "openssl-server-side-keystore.jks"; + protected String SERVER_SIDE_TRUSTSTORE = "openssl-server-side-truststore.jks"; + protected String CLIENT_SIDE_TRUSTSTORE = "openssl-client-side-truststore.jks"; + protected String CLIENT_SIDE_KEYSTORE = "openssl-client-side-keystore.jks"; + + protected ActiveMQServer server; + + protected TransportConfiguration tc; + + protected String sslProvider; + protected String clientSslProvider; + + public SSLTestBase(String sslProvider, String clientSslProvider) { + this.sslProvider = sslProvider; + this.clientSslProvider = clientSslProvider; + } + + @Override + @Before + public void setUp() throws Exception { + super.setUp(); + Map<String, Object> params = new HashMap<>(); + configureSSLParameters(params); + ConfigurationImpl config = createBasicConfig(); + config.addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params, getNettyAcceptorName())); + config.addAcceptorConfiguration(new TransportConfiguration(NETTY_ACCEPTOR_FACTORY)); + + server = addServer(ActiveMQServers.newActiveMQServer(config, ManagementFactory.getPlatformMBeanServer(), null, false)); + + server.start(); + waitForServerToStart(server); + tc = new TransportConfiguration(NETTY_CONNECTOR_FACTORY); + tc.getParams().put(TransportConstants.HOST_PROP_NAME, params.get(TransportConstants.HOST_PROP_NAME)); + tc.getParams().put(TransportConstants.PORT_PROP_NAME, params.get(TransportConstants.PORT_PROP_NAME)); + tc.getParams().put(TransportConstants.SSL_PROVIDER, clientSslProvider); + } + + protected void configureSSLParameters(Map<String, Object> params) { + System.out.println("*** Configure server SSL using provider: " + sslProvider); + params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true); + params.put(TransportConstants.SSL_PROVIDER, sslProvider); + params.put(TransportConstants.KEYSTORE_PROVIDER_PROP_NAME, "JKS"); + params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME, SERVER_SIDE_KEYSTORE); + params.put(TransportConstants.KEYSTORE_PASSWORD_PROP_NAME, PASSWORD); + params.put(TransportConstants.HOST_PROP_NAME, "localhost"); + params.put(TransportConstants.PORT_PROP_NAME, "61617"); + } + + public String getNettyAcceptorName() { + return "SSLTestAcceptor"; + } + + + protected boolean isOpenSSLSupported() { + if (sslProvider.equals(TransportConstants.OPENSSL_PROVIDER) || clientSslProvider.equals(TransportConstants.OPENSSL_PROVIDER)) { + return OpenSsl.isAvailable(); + } + return true; + } + +}
