This is an automated email from the ASF dual-hosted git repository. jamesnetherton pushed a commit to branch 3.2.x in repository https://gitbox.apache.org/repos/asf/camel-quarkus.git
commit 067d3cc4961ee284810a787e9b542ee0dc4ab53e Author: James Netherton <[email protected]> AuthorDate: Thu Nov 23 07:46:14 2023 +0000 Enable Mail & Kafka test certificates to be regenerated for the docker host name or ip address --- .../test/support/kafka/KafkaTestSupport.java | 37 +++++++++++ integration-tests/kafka-sasl-ssl/README.adoc | 25 +++----- .../kafka/sasl/KafkaSaslSslTestResource.java | 24 +++++--- .../test/resources/config/generate-certificates.sh | 39 ++++++++++++ integration-tests/kafka-ssl/README.adoc | 25 +++----- .../quarkus/kafka/ssl/KafkaSslTestResource.java | 24 +++++--- .../test/resources/config/generate-certificates.sh | 39 ++++++++++++ integration-tests/mail/README.adoc | 17 ++++++ .../quarkus/component/mail/MailTestResource.java | 71 +++++++++++++++++++++- .../mail/src/test/resources/README.adoc | 12 ---- .../src/test/resources/generate-certificates.sh | 26 ++++++++ pom.xml | 1 + 12 files changed, 273 insertions(+), 67 deletions(-) diff --git a/integration-tests-support/kafka/src/main/java/org/apache/camel/quarkus/test/support/kafka/KafkaTestSupport.java b/integration-tests-support/kafka/src/main/java/org/apache/camel/quarkus/test/support/kafka/KafkaTestSupport.java index a62d6d475a..54170c5216 100644 --- a/integration-tests-support/kafka/src/main/java/org/apache/camel/quarkus/test/support/kafka/KafkaTestSupport.java +++ b/integration-tests-support/kafka/src/main/java/org/apache/camel/quarkus/test/support/kafka/KafkaTestSupport.java @@ -16,12 +16,16 @@ */ package org.apache.camel.quarkus.test.support.kafka; +import java.nio.file.Path; import java.util.Optional; import java.util.Properties; import org.apache.kafka.clients.CommonClientConfigs; import org.eclipse.microprofile.config.Config; import org.eclipse.microprofile.config.ConfigProvider; +import org.testcontainers.DockerClientFactory; +import org.testcontainers.containers.GenericContainer; +import org.testcontainers.utility.MountableFile; public final class KafkaTestSupport { @@ -55,4 +59,37 @@ public final class KafkaTestSupport { public static void setKafkaConfigFromProperty(Properties props, String key, String valueKey) { props.put(key, getKafkaConfigValue(valueKey)); } + + public static void regenerateCertificatesForDockerHost( + Path configDir, + String certificateScript, + String keyStoreFile, + String trustStoreFile) { + String dockerHost = DockerClientFactory.instance().dockerHostIpAddress(); + if (!dockerHost.equals("localhost") && !dockerHost.equals("127.0.0.1")) { + // Run certificate generation in a container in case the target platform does not have prerequisites like OpenSSL installed (E.g on Windows) + String imageName = ConfigProvider.getConfig().getValue("eclipse-temurin.container.image", String.class); + try (GenericContainer<?> container = new GenericContainer<>(imageName)) { + container.withCreateContainerCmdModifier(modifier -> { + modifier.withEntrypoint("/bin/bash"); + modifier.withStdinOpen(true); + }); + container.setWorkingDirectory("/"); + container.start(); + + String host = container.getHost(); + container.copyFileToContainer( + MountableFile.forClasspathResource("config/" + certificateScript), + "/" + certificateScript); + container.execInContainer("/bin/bash", "/" + certificateScript, host, + "DNS:%s,IP:%s".formatted(host, host)); + container.copyFileFromContainer("/" + keyStoreFile, + configDir.resolve(keyStoreFile).toString()); + container.copyFileFromContainer("/" + trustStoreFile, + configDir.resolve(trustStoreFile).toString()); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + } } diff --git a/integration-tests/kafka-sasl-ssl/README.adoc b/integration-tests/kafka-sasl-ssl/README.adoc index 66c14f2b98..be2379dd11 100644 --- a/integration-tests/kafka-sasl-ssl/README.adoc +++ b/integration-tests/kafka-sasl-ssl/README.adoc @@ -1,26 +1,17 @@ == Camel Quarkus Kafka SASL SSL integration tests -To regenerate the SSL key and trust stores, do the following: +To regenerate the SSL certificates and trust stores for use with local host testing run the following script: [source,shell] ---- cd src/test/resources/config -rm -f *.p12 - -export SECRET=kafkas3cret -export JKS_FILE=kafka-keystore.jks -export JKS_TRUST_FILE=kafka-truststore.jks -export CERT_FILE=localhost.crt -export PKCS_FILE=kafka-keystore.p12 -export PKCS_TRUST_FILE=kafka-truststore.p12 -export PEM_FILE_CERT=kafka-cert.pem -export PEM_FILE_KEY=kafka-key.pem +./regenerate-certificates.sh +---- -keytool -genkey -alias kafka-test-store -keyalg RSA -keystore ${JKS_FILE} -keysize 2048 -validity 3650 -dname CN=localhost -keypass ${SECRET} -storepass ${SECRET} -keytool -export -alias kafka-test-store -file ${CERT_FILE} -keystore ${JKS_FILE} -keypass ${SECRET} -storepass ${SECRET} -keytool -importkeystore -srckeystore ${JKS_FILE} -srcstorepass ${SECRET} -destkeystore ${PKCS_FILE} -deststoretype PKCS12 -deststorepass ${SECRET} -keytool -keystore ${JKS_TRUST_FILE} -import -file ${CERT_FILE} -keypass ${SECRET} -storepass ${SECRET} -noprompt -keytool -importkeystore -srckeystore ${JKS_TRUST_FILE} -srcstorepass ${SECRET} -destkeystore ${PKCS_TRUST_FILE} -deststoretype PKCS12 -deststorepass ${SECRET} +If required, you can override the default certificate CN and SAN configuration by passing them as script arguments: -rm -f *.crt *.jks +[source,shell] +---- +cd src/test/resources/config +./regenerate-certificates.sh "other-dns-or-ip" "DNS:another-dns,IP:192.168.1.150" ---- diff --git a/integration-tests/kafka-sasl-ssl/src/test/java/org/apache/camel/quarkus/kafka/sasl/KafkaSaslSslTestResource.java b/integration-tests/kafka-sasl-ssl/src/test/java/org/apache/camel/quarkus/kafka/sasl/KafkaSaslSslTestResource.java index ac807d3776..77e50d6b9c 100644 --- a/integration-tests/kafka-sasl-ssl/src/test/java/org/apache/camel/quarkus/kafka/sasl/KafkaSaslSslTestResource.java +++ b/integration-tests/kafka-sasl-ssl/src/test/java/org/apache/camel/quarkus/kafka/sasl/KafkaSaslSslTestResource.java @@ -26,6 +26,7 @@ import java.util.stream.Stream; import com.github.dockerjava.api.command.InspectContainerResponse; import org.apache.camel.quarkus.test.support.kafka.KafkaTestResource; +import org.apache.camel.quarkus.test.support.kafka.KafkaTestSupport; import org.apache.camel.util.CollectionHelper; import org.apache.commons.io.FileUtils; import org.testcontainers.containers.KafkaContainer; @@ -41,12 +42,12 @@ public class KafkaSaslSslTestResource extends KafkaTestResource { private static final String KAFKA_KEYSTORE_TYPE = "PKCS12"; private static final String KAFKA_SSL_CREDS_FILE = "broker-creds"; private static final String KAFKA_TRUSTSTORE_FILE = "kafka-truststore.p12"; - private Path configDir; + private static final String KAFKA_CERTIFICATE_SCRIPT = "generate-certificates.sh"; + private static Path configDir; private SaslSslKafkaContainer container; @Override public Map<String, String> start() { - // Set up the SSL key / trust store directory try { configDir = Files.createTempDirectory("KafkaSaslSslTestResource-"); ClassLoader classLoader = Thread.currentThread().getContextClassLoader(); @@ -62,6 +63,9 @@ public class KafkaSaslSslTestResource extends KafkaTestResource { throw new RuntimeException(e); } + KafkaTestSupport.regenerateCertificatesForDockerHost(configDir, KAFKA_CERTIFICATE_SCRIPT, KAFKA_KEYSTORE_FILE, + KAFKA_TRUSTSTORE_FILE); + container = new SaslSslKafkaContainer(KAFKA_IMAGE_NAME); container.start(); @@ -144,13 +148,15 @@ public class KafkaSaslSslTestResource extends KafkaTestResource { MountableFile.forClasspathResource("config/kafka_server_jaas.conf"), "/etc/kafka/kafka_server_jaas.conf"); - copyFileToContainer( - MountableFile.forClasspathResource("config/" + KAFKA_KEYSTORE_FILE), - "/etc/kafka/secrets/" + KAFKA_KEYSTORE_FILE); - - copyFileToContainer( - MountableFile.forClasspathResource("config/" + KAFKA_TRUSTSTORE_FILE), - "/etc/kafka/secrets/" + KAFKA_TRUSTSTORE_FILE); + Stream.of(KAFKA_KEYSTORE_FILE, KAFKA_TRUSTSTORE_FILE) + .forEach(keyStoreFile -> { + try { + copyFileToContainer(Transferable.of(Files.readAllBytes(configDir.resolve(keyStoreFile))), + "/etc/kafka/secrets/" + keyStoreFile); + } catch (IOException e) { + throw new RuntimeException(e); + } + }); copyFileToContainer( Transferable.of(KAFKA_KEYSTORE_PASSWORD.getBytes(StandardCharsets.UTF_8)), diff --git a/integration-tests/kafka-sasl-ssl/src/test/resources/config/generate-certificates.sh b/integration-tests/kafka-sasl-ssl/src/test/resources/config/generate-certificates.sh new file mode 100755 index 0000000000..baabd055ab --- /dev/null +++ b/integration-tests/kafka-sasl-ssl/src/test/resources/config/generate-certificates.sh @@ -0,0 +1,39 @@ +#!/bin/bash +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + + +rm -f *.p12 + +export CN=${1:-localhost} +export SUBJECT_ALT_NAMES=${2:-"DNS:localhost,IP:127.0.0.1"} +export SECRET=kafkas3cret +export JKS_FILE=kafka-keystore.jks +export JKS_TRUST_FILE=kafka-truststore.jks +export CERT_FILE=localhost.crt +export PKCS_FILE=kafka-keystore.p12 +export PKCS_TRUST_FILE=kafka-truststore.p12 +export PEM_FILE_CERT=kafka-cert.pem +export PEM_FILE_KEY=kafka-key.pem + +keytool -genkey -alias kafka-test-store -keyalg RSA -keystore ${JKS_FILE} -keysize 2048 -validity 3650 -ext "san=${SUBJECT_ALT_NAMES}" -dname CN=${CN} -keypass ${SECRET} -storepass ${SECRET} +keytool -export -alias kafka-test-store -file ${CERT_FILE} -keystore ${JKS_FILE} -keypass ${SECRET} -storepass ${SECRET} +keytool -importkeystore -srckeystore ${JKS_FILE} -srcstorepass ${SECRET} -destkeystore ${PKCS_FILE} -deststoretype PKCS12 -deststorepass ${SECRET} +keytool -keystore ${JKS_TRUST_FILE} -import -file ${CERT_FILE} -keypass ${SECRET} -storepass ${SECRET} -noprompt +keytool -importkeystore -srckeystore ${JKS_TRUST_FILE} -srcstorepass ${SECRET} -destkeystore ${PKCS_TRUST_FILE} -deststoretype PKCS12 -deststorepass ${SECRET} + +rm -f *.crt *.jks diff --git a/integration-tests/kafka-ssl/README.adoc b/integration-tests/kafka-ssl/README.adoc index ea7e106103..017165774b 100644 --- a/integration-tests/kafka-ssl/README.adoc +++ b/integration-tests/kafka-ssl/README.adoc @@ -1,26 +1,17 @@ == Camel Quarkus Kafka SSL integration tests -To regenerate the SSL key and trust stores, do the following: +To regenerate the SSL certificates and trust stores for use with local host testing run the following script: [source,shell] ---- cd src/test/resources/config -rm -f *.p12 - -export SECRET=kafkas3cret -export JKS_FILE=kafka-keystore.jks -export JKS_TRUST_FILE=kafka-truststore.jks -export CERT_FILE=localhost.crt -export PKCS_FILE=kafka-keystore.p12 -export PKCS_TRUST_FILE=kafka-truststore.p12 -export PEM_FILE_CERT=kafka-cert.pem -export PEM_FILE_KEY=kafka-key.pem +./regenerate-certificates.sh +---- -keytool -genkey -alias kafka-test-store -keyalg RSA -keystore ${JKS_FILE} -keysize 2048 -validity 3650 -dname CN=localhost -keypass ${SECRET} -storepass ${SECRET} -keytool -export -alias kafka-test-store -file ${CERT_FILE} -keystore ${JKS_FILE} -keypass ${SECRET} -storepass ${SECRET} -keytool -importkeystore -srckeystore ${JKS_FILE} -srcstorepass ${SECRET} -destkeystore ${PKCS_FILE} -deststoretype PKCS12 -deststorepass ${SECRET} -keytool -keystore ${JKS_TRUST_FILE} -import -file ${CERT_FILE} -keypass ${SECRET} -storepass ${SECRET} -noprompt -keytool -importkeystore -srckeystore ${JKS_TRUST_FILE} -srcstorepass ${SECRET} -destkeystore ${PKCS_TRUST_FILE} -deststoretype PKCS12 -deststorepass ${SECRET} +If required, you can override the default certificate CN and SAN configuration by passing them as script arguments: -rm -f *.crt *.jks +[source,shell] +---- +cd src/test/resources/config +./regenerate-certificates.sh "other-dns-or-ip" "DNS:another-dns,IP:192.168.1.150" ---- diff --git a/integration-tests/kafka-ssl/src/test/java/org/apache/camel/quarkus/kafka/ssl/KafkaSslTestResource.java b/integration-tests/kafka-ssl/src/test/java/org/apache/camel/quarkus/kafka/ssl/KafkaSslTestResource.java index ed0e0da401..83cc38bd30 100644 --- a/integration-tests/kafka-ssl/src/test/java/org/apache/camel/quarkus/kafka/ssl/KafkaSslTestResource.java +++ b/integration-tests/kafka-ssl/src/test/java/org/apache/camel/quarkus/kafka/ssl/KafkaSslTestResource.java @@ -26,6 +26,7 @@ import java.util.stream.Stream; import com.github.dockerjava.api.command.InspectContainerResponse; import org.apache.camel.quarkus.test.support.kafka.KafkaTestResource; +import org.apache.camel.quarkus.test.support.kafka.KafkaTestSupport; import org.apache.camel.util.CollectionHelper; import org.apache.commons.io.FileUtils; import org.apache.kafka.clients.CommonClientConfigs; @@ -33,7 +34,6 @@ import org.testcontainers.containers.KafkaContainer; import org.testcontainers.containers.wait.strategy.Wait; import org.testcontainers.images.builder.Transferable; import org.testcontainers.utility.DockerImageName; -import org.testcontainers.utility.MountableFile; public class KafkaSslTestResource extends KafkaTestResource { @@ -42,12 +42,12 @@ public class KafkaSslTestResource extends KafkaTestResource { private static final String KAFKA_KEYSTORE_TYPE = "PKCS12"; private static final String KAFKA_SSL_CREDS_FILE = "broker-creds"; private static final String KAFKA_TRUSTSTORE_FILE = "kafka-truststore.p12"; - private Path configDir; + private static final String KAFKA_CERTIFICATE_SCRIPT = "generate-certificates.sh"; + private static Path configDir; private SSLKafkaContainer container; @Override public Map<String, String> start() { - // Set up the SSL key / trust store directory try { configDir = Files.createTempDirectory("KafkaSaslSslTestResource-"); ClassLoader classLoader = Thread.currentThread().getContextClassLoader(); @@ -63,6 +63,9 @@ public class KafkaSslTestResource extends KafkaTestResource { throw new RuntimeException(e); } + KafkaTestSupport.regenerateCertificatesForDockerHost(configDir, KAFKA_CERTIFICATE_SCRIPT, KAFKA_KEYSTORE_FILE, + KAFKA_TRUSTSTORE_FILE); + container = new SSLKafkaContainer(KAFKA_IMAGE_NAME); container.start(); @@ -133,13 +136,16 @@ public class KafkaSslTestResource extends KafkaTestResource { @Override protected void containerIsStarting(InspectContainerResponse containerInfo, boolean reused) { super.containerIsStarting(containerInfo, reused); - copyFileToContainer( - MountableFile.forClasspathResource("config/" + KAFKA_KEYSTORE_FILE), - "/etc/kafka/secrets/" + KAFKA_KEYSTORE_FILE); - copyFileToContainer( - MountableFile.forClasspathResource("config/" + KAFKA_TRUSTSTORE_FILE), - "/etc/kafka/secrets/" + KAFKA_TRUSTSTORE_FILE); + Stream.of(KAFKA_KEYSTORE_FILE, KAFKA_TRUSTSTORE_FILE) + .forEach(keyStoreFile -> { + try { + copyFileToContainer(Transferable.of(Files.readAllBytes(configDir.resolve(keyStoreFile))), + "/etc/kafka/secrets/" + keyStoreFile); + } catch (IOException e) { + throw new RuntimeException(e); + } + }); copyFileToContainer( Transferable.of(KAFKA_KEYSTORE_PASSWORD.getBytes(StandardCharsets.UTF_8)), diff --git a/integration-tests/kafka-ssl/src/test/resources/config/generate-certificates.sh b/integration-tests/kafka-ssl/src/test/resources/config/generate-certificates.sh new file mode 100755 index 0000000000..baabd055ab --- /dev/null +++ b/integration-tests/kafka-ssl/src/test/resources/config/generate-certificates.sh @@ -0,0 +1,39 @@ +#!/bin/bash +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + + +rm -f *.p12 + +export CN=${1:-localhost} +export SUBJECT_ALT_NAMES=${2:-"DNS:localhost,IP:127.0.0.1"} +export SECRET=kafkas3cret +export JKS_FILE=kafka-keystore.jks +export JKS_TRUST_FILE=kafka-truststore.jks +export CERT_FILE=localhost.crt +export PKCS_FILE=kafka-keystore.p12 +export PKCS_TRUST_FILE=kafka-truststore.p12 +export PEM_FILE_CERT=kafka-cert.pem +export PEM_FILE_KEY=kafka-key.pem + +keytool -genkey -alias kafka-test-store -keyalg RSA -keystore ${JKS_FILE} -keysize 2048 -validity 3650 -ext "san=${SUBJECT_ALT_NAMES}" -dname CN=${CN} -keypass ${SECRET} -storepass ${SECRET} +keytool -export -alias kafka-test-store -file ${CERT_FILE} -keystore ${JKS_FILE} -keypass ${SECRET} -storepass ${SECRET} +keytool -importkeystore -srckeystore ${JKS_FILE} -srcstorepass ${SECRET} -destkeystore ${PKCS_FILE} -deststoretype PKCS12 -deststorepass ${SECRET} +keytool -keystore ${JKS_TRUST_FILE} -import -file ${CERT_FILE} -keypass ${SECRET} -storepass ${SECRET} -noprompt +keytool -importkeystore -srckeystore ${JKS_TRUST_FILE} -srcstorepass ${SECRET} -destkeystore ${PKCS_TRUST_FILE} -deststoretype PKCS12 -deststorepass ${SECRET} + +rm -f *.crt *.jks diff --git a/integration-tests/mail/README.adoc b/integration-tests/mail/README.adoc new file mode 100644 index 0000000000..e82fb8e99f --- /dev/null +++ b/integration-tests/mail/README.adoc @@ -0,0 +1,17 @@ +== Camel Quarkus Mail integration tests + +To regenerate the SSL certificates and trust stores for use with local host testing run the following script: + +[source,shell] +---- +cd src/test/resources +./regenerate-certificates.sh +---- + +If required, you can override the default certificate CN and SAN configuration by passing them as script arguments: + +[source,shell] +---- +cd src/test/resources +./regenerate-certificates.sh "other-dns-or-ip" "DNS:another-dns,IP:192.168.1.150" +---- diff --git a/integration-tests/mail/src/test/java/org/apache/camel/quarkus/component/mail/MailTestResource.java b/integration-tests/mail/src/test/java/org/apache/camel/quarkus/component/mail/MailTestResource.java index eae68a091f..b0139328e4 100644 --- a/integration-tests/mail/src/test/java/org/apache/camel/quarkus/component/mail/MailTestResource.java +++ b/integration-tests/mail/src/test/java/org/apache/camel/quarkus/component/mail/MailTestResource.java @@ -16,28 +16,53 @@ */ package org.apache.camel.quarkus.component.mail; +import java.io.IOException; +import java.io.InputStream; +import java.nio.file.Files; +import java.nio.file.Path; import java.util.HashMap; import java.util.Map; import io.quarkus.test.common.QuarkusTestResourceLifecycleManager; +import org.apache.commons.io.FileUtils; import org.eclipse.microprofile.config.ConfigProvider; +import org.testcontainers.DockerClientFactory; import org.testcontainers.containers.GenericContainer; import org.testcontainers.containers.wait.strategy.HttpWaitStrategy; import org.testcontainers.images.builder.ImageFromDockerfile; +import org.testcontainers.images.builder.Transferable; +import org.testcontainers.utility.MountableFile; public class MailTestResource implements QuarkusTestResourceLifecycleManager { - + private static final String GREENMAIL_CERTIFICATE_STORE_FILE = "greenmail.p12"; + private static final String GENERATE_CERTIFICATE_SCRIPT = "generate-certificates.sh"; private GenericContainer<?> container; + private Path certificateStoreLocation; @Override public Map<String, String> start() { + try { + certificateStoreLocation = Files.createTempDirectory("MailTestResource-"); + ClassLoader classLoader = Thread.currentThread().getContextClassLoader(); + try (InputStream in = classLoader.getResourceAsStream(GREENMAIL_CERTIFICATE_STORE_FILE)) { + Files.copy(in, certificateStoreLocation.resolve(GREENMAIL_CERTIFICATE_STORE_FILE)); + } + } catch (IOException e) { + throw new RuntimeException(e); + } + + String dockerHost = DockerClientFactory.instance().dockerHostIpAddress(); + if (!dockerHost.equals("localhost") && !dockerHost.equals("127.0.0.1")) { + regenerateCertificatesForDockerHost(); + } + //Dockerfile with ImageFromDockerfile is used, because ownership of the certificate has to be changed container = new GenericContainer<>(new ImageFromDockerfile() .withDockerfileFromBuilder(builder -> { builder.from(ConfigProvider.getConfig().getValue("greenmail.container.image", String.class)); - builder.copy("greenmail.p12", "/home/greenmail/greenmail.p12"); + builder.copy(GREENMAIL_CERTIFICATE_STORE_FILE, "/home/greenmail/greenmail.p12"); }) - .withFileFromClasspath("greenmail.p12", "greenmail.p12")) + .withFileFromTransferable(GREENMAIL_CERTIFICATE_STORE_FILE, Transferable.of(getCertificateStoreContent()))) .withExposedPorts(MailProtocol.allPorts()) .waitingFor(new HttpWaitStrategy() .forPort(MailProtocol.API.getPort()) @@ -63,6 +88,46 @@ public class MailTestResource implements QuarkusTestResourceLifecycleManager { if (container != null) { container.stop(); } + if (certificateStoreLocation != null) { + try { + FileUtils.deleteDirectory(certificateStoreLocation.toFile()); + } catch (IOException e) { + // Ignored + } + } + } + + private void regenerateCertificatesForDockerHost() { + // Run certificate generation in a container in case the target platform does not have prerequisites like OpenSSL installed (E.g on Windows) + String imageName = ConfigProvider.getConfig().getValue("eclipse-temurin.container.image", String.class); + try (GenericContainer<?> container = new GenericContainer<>(imageName)) { + container.withCreateContainerCmdModifier(modifier -> { + modifier.withEntrypoint("/bin/bash"); + modifier.withStdinOpen(true); + modifier.withAttachStdout(true); + }); + container.setWorkingDirectory("/"); + container.start(); + + String host = container.getHost(); + container.copyFileToContainer( + MountableFile.forClasspathResource(GENERATE_CERTIFICATE_SCRIPT), + "/" + GENERATE_CERTIFICATE_SCRIPT); + container.execInContainer("/bin/bash", "/" + GENERATE_CERTIFICATE_SCRIPT, host, + "DNS:%s,IP:%s".formatted(host, host)); + container.copyFileFromContainer("/" + GREENMAIL_CERTIFICATE_STORE_FILE, + certificateStoreLocation.resolve(GREENMAIL_CERTIFICATE_STORE_FILE).toString()); + } catch (Exception e) { + throw new RuntimeException(e); + } + } + + private byte[] getCertificateStoreContent() { + try { + return Files.readAllBytes(certificateStoreLocation.resolve(GREENMAIL_CERTIFICATE_STORE_FILE)); + } catch (IOException e) { + throw new RuntimeException(e); + } } enum MailProtocol { diff --git a/integration-tests/mail/src/test/resources/README.adoc b/integration-tests/mail/src/test/resources/README.adoc deleted file mode 100644 index 13229af1aa..0000000000 --- a/integration-tests/mail/src/test/resources/README.adoc +++ /dev/null @@ -1,12 +0,0 @@ -Out of the box docker greenmail does not work with SSL/TLS. -Certificate has to be created - the guide can be seen in the issue https://github.com/greenmail-mail-test/greenmail/issues/448[#448]. - -Following steps were used for certificate creation. - -``` -openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \ - -keyout greenmail.key -out greenmail.crt -subj "/CN=localhost" \ - -addext "subjectAltName=DNS:localhost,IP:127.0.0.1" - -openssl pkcs12 -export -out greenmail.p12 -inkey greenmail.key -in greenmail.crt -``` diff --git a/integration-tests/mail/src/test/resources/generate-certificates.sh b/integration-tests/mail/src/test/resources/generate-certificates.sh new file mode 100755 index 0000000000..1312616071 --- /dev/null +++ b/integration-tests/mail/src/test/resources/generate-certificates.sh @@ -0,0 +1,26 @@ +#!/bin/bash +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + + +export CN=${1:-localhost} +export SUBJECT_ALT_NAMES=${2:-"DNS:localhost,IP:127.0.0.1"} + +openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout greenmail.key -out greenmail.crt -subj "/CN=${CN}" -addext "subjectAltName=${SUBJECT_ALT_NAMES}" +openssl pkcs12 -export -out greenmail.p12 -inkey greenmail.key -in greenmail.crt -password pass:changeit + +rm -f *.crt *.key diff --git a/pom.xml b/pom.xml index 85bc9c2533..d6f57aa0be 100644 --- a/pom.xml +++ b/pom.xml @@ -212,6 +212,7 @@ <couchdb.container.image>docker.io/couchdb:2.3.1</couchdb.container.image> <derby.container.image>docker.io/az82/docker-derby:10.16</derby.container.image> <eclipse-mosquitto.container.image>docker.io/eclipse-mosquitto:1.6.15</eclipse-mosquitto.container.image> + <eclipse-temurin.container.image>eclipse-temurin:17-ubi9-minimal</eclipse-temurin.container.image> <elasticsearch.container.image>docker.io/elasticsearch:8.8.1</elasticsearch.container.image> <fhir.container.image.base>docker.io/hapiproject/hapi</fhir.container.image.base> <fhir.container.image>${fhir.container.image.base}:v6.6.0</fhir.container.image>
