This is an automated email from the ASF dual-hosted git repository.
jamesnetherton pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-quarkus.git
The following commit(s) were added to refs/heads/main by this push:
new a0be729fce Simplify splunk-hec test SSL setup
a0be729fce is described below
commit a0be729fce5f2d2bc63a2f648a02c9ebc9745050
Author: James Netherton <[email protected]>
AuthorDate: Mon Oct 28 15:43:14 2024 +0000
Simplify splunk-hec test SSL setup
Fixes #6709
---
.../test/support/splunk/SplunkTestResource.java | 53 ++++-----
integration-tests/splunk-hec/pom.xml | 119 +--------------------
.../component/splunk/hec/it/SplunkHecResource.java | 6 +-
.../component/splunk/hec/it/SplunkHecTest.java | 13 ++-
4 files changed, 34 insertions(+), 157 deletions(-)
diff --git
a/integration-tests-support/splunk/src/test/java/org/apache/camel/quarkus/test/support/splunk/SplunkTestResource.java
b/integration-tests-support/splunk/src/test/java/org/apache/camel/quarkus/test/support/splunk/SplunkTestResource.java
index 69a951a950..a40d45d7ee 100644
---
a/integration-tests-support/splunk/src/test/java/org/apache/camel/quarkus/test/support/splunk/SplunkTestResource.java
+++
b/integration-tests-support/splunk/src/test/java/org/apache/camel/quarkus/test/support/splunk/SplunkTestResource.java
@@ -16,20 +16,11 @@
*/
package org.apache.camel.quarkus.test.support.splunk;
-import java.io.FileInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
-import java.nio.file.Path;
import java.nio.file.Paths;
-import java.security.Key;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.UnrecoverableKeyException;
-import java.security.cert.CertificateException;
import java.time.Duration;
-import java.util.Base64;
import java.util.Map;
import java.util.TimeZone;
import java.util.stream.Collectors;
@@ -60,17 +51,21 @@ public class SplunkTestResource implements
QuarkusTestResourceLifecycleManager {
private GenericContainer<?> container;
- private String localhostCertPath;
- private String localhostKeystorePath;
+ private String certName;
private String caCertPath;
+ private String certPath;
+ private String certPrivateKey;
private String keystorePassword;
@Override
public void init(Map<String, String> initArgs) {
- localhostCertPath = initArgs.get("localhost_cert");
- caCertPath = initArgs.get("ca_cert");
- localhostKeystorePath = initArgs.get("localhost_keystore");
- keystorePassword = initArgs.get("keystore_password");
+ certName = initArgs.get("certName");
+ if (StringUtils.isNotBlank(certName)) {
+ caCertPath = initArgs.getOrDefault("caCertPath",
"target/certs/%s-ca.crt".formatted(certName));
+ certPath = initArgs.getOrDefault("caCertPath",
"target/certs/%s.crt".formatted(certName));
+ certPrivateKey = initArgs.getOrDefault("certPrivateKey",
"target/certs/%s.key".formatted(certName));
+ keystorePassword = initArgs.getOrDefault("keystorePassword",
"password");
+ }
}
@Override
@@ -90,7 +85,7 @@ public class SplunkTestResource implements
QuarkusTestResourceLifecycleManager {
Wait.forLogMessage(".*Ansible playbook
complete.*\\n", 1)
.withStartupTimeout(Duration.ofMinutes(5)));
- if (localhostCertPath != null && localhostKeystorePath != null &&
caCertPath != null && keystorePassword != null) {
+ if (certPath != null && caCertPath != null && keystorePassword !=
null) {
//combine key + certificates into 1 pem - required for splunk
//extraction of private key can not be done by keytool (only
openssl), but it can be done programmatically
byte[] concatenate = concatenateKeyAndCertificates(banner);
@@ -182,32 +177,20 @@ public class SplunkTestResource implements
QuarkusTestResourceLifecycleManager {
}
}
- private byte @NotNull [] concatenateKeyAndCertificates(String banner)
- throws KeyStoreException, IOException, NoSuchAlgorithmException,
CertificateException, UnrecoverableKeyException {
- // Load the KeyStore
- KeyStore keystore = KeyStore.getInstance("JKS");
- try (FileInputStream fis = new FileInputStream(
- Paths.get(localhostKeystorePath).toFile())) {
- keystore.load(fis, keystorePassword.toCharArray());
- }
- // Get the private key
- Key key = keystore.getKey(keystore.aliases().asIterator().next(),
keystorePassword.toCharArray());
-
+ private byte @NotNull [] concatenateKeyAndCertificates(String banner)
throws IOException {
// Encode the private key to PEM format
- String encodedKey =
Base64.getEncoder().encodeToString(key.getEncoded());
- String pemKey = "-----BEGIN PRIVATE KEY-----\n" + encodedKey +
"\n-----END PRIVATE KEY-----";
+ String pemKey = Files.readString(Paths.get(certPrivateKey));
- //localhost.pem and cacert.pem has to be concatenated
- String localhost = Files.readString(
- Paths.get(localhostCertPath),
+ // The server cert and the CA cert has to be concatenated
+ String severCert = Files.readString(
+ Paths.get(certPath),
StandardCharsets.UTF_8);
- String ca = Files.readString(Path.of(caCertPath),
+ String ca = Files.readString(Paths.get(caCertPath),
StandardCharsets.UTF_8);
Log.debug("cacert content:");
Log.debug(ca);
Log.debug(banner);
- byte[] concatenate = (localhost + ca +
pemKey).getBytes(StandardCharsets.UTF_8);
- return concatenate;
+ return (severCert + ca + pemKey).getBytes(StandardCharsets.UTF_8);
}
private static void assertExecResult(Container.ExecResult res, String cmd)
{
diff --git a/integration-tests/splunk-hec/pom.xml
b/integration-tests/splunk-hec/pom.xml
index 6b582d19bc..e73b048741 100644
--- a/integration-tests/splunk-hec/pom.xml
+++ b/integration-tests/splunk-hec/pom.xml
@@ -61,6 +61,11 @@
<artifactId>awaitility</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.apache.camel.quarkus</groupId>
+
<artifactId>camel-quarkus-integration-tests-support-certificate-generator</artifactId>
+ <scope>test</scope>
+ </dependency>
<dependency>
<groupId>org.apache.camel.quarkus</groupId>
<artifactId>camel-quarkus-integration-tests-support-splunk</artifactId>
@@ -98,120 +103,6 @@
</plugins>
</build>
</profile>
- <profile>
- <id>full</id>
- <activation>
- <property>
- <name>!quickly</name>
- </property>
- </activation>
- <build>
- <plugins>
- <plugin>
- <groupId>org.codehaus.mojo</groupId>
- <artifactId>keytool-maven-plugin</artifactId>
- <configuration>
- <keypass>password</keypass>
- <validity>18250</validity>
- <keyalg>RSA</keyalg>
- <storepass>password</storepass>
- </configuration>
- <executions>
- <execution>
- <id>generate-splunkca-keypair</id>
- <phase>generate-sources</phase>
- <goals>
- <goal>clean</goal>
- <goal>generateKeyPair</goal>
- </goals>
- <configuration>
- <alias>cxfca</alias>
- <dname>CN=splunkca, OU=eng,
O=apache.org</dname>
- <exts>
-
<ext>bc:c=ca:true,pathlen:2147483647</ext>
-
<ext>IssuerAlternativeName=DNS:NOT-FOR-PRODUCTION-USE</ext>
- </exts>
-
<keystore>${project.basedir}/target/certs/splunkca.jks</keystore>
- </configuration>
- </execution>
- <execution>
- <id>export-splunkca-certificate</id>
- <phase>generate-sources</phase>
- <goals>
- <goal>exportCertificate</goal>
- </goals>
- <configuration>
- <alias>cxfca</alias>
-
<keystore>${project.basedir}/target/certs//splunkca.jks</keystore>
- <rfc>true</rfc>
-
<file>${project.basedir}/target/certs/splunkca.pem</file>
- </configuration>
- </execution>
- <execution>
- <id>generate-localhost-keypair</id>
- <phase>generate-sources</phase>
- <goals>
- <goal>clean</goal>
- <goal>generateKeyPair</goal>
- </goals>
- <configuration>
- <alias>localhost</alias>
- <dname>CN=localhost, OU=eng,
O=apache.org</dname>
- <exts>
-
<ext>IssuerAlternativeName=DNS:NOT-FOR-PRODUCTION-USE</ext>
-
<ext>SubjectAlternativeName=DNS:localhost,IP:127.0.0.1</ext>
- </exts>
-
<keystore>${project.basedir}/target/certs/localhost.jks</keystore>
- </configuration>
- </execution>
- <execution>
- <id>generate-localhost-certificate-request</id>
- <phase>generate-sources</phase>
- <goals>
- <goal>generateCertificateRequest</goal>
- </goals>
- <configuration>
- <alias>localhost</alias>
-
<keystore>${project.basedir}/target/certs/localhost.jks</keystore>
-
<file>${project.basedir}/target/certs/localhost.csr</file>
- </configuration>
- </execution>
- <execution>
- <id>generate-localhost-certificate</id>
- <phase>generate-sources</phase>
- <goals>
- <goal>generateCertificate</goal>
- </goals>
- <configuration>
- <alias>cxfca</alias>
-
<keystore>${project.basedir}/target/certs/splunkca.jks</keystore>
- <rfc>true</rfc>
-
<infile>${project.basedir}/target/certs/localhost.csr</infile>
-
<outfile>${project.basedir}/target/certs/localhost.pem</outfile>
- </configuration>
- </execution>
- <execution>
- <id>generate-wrong-splunkca-keypair</id>
- <phase>generate-sources</phase>
- <goals>
- <goal>clean</goal>
- <goal>generateKeyPair</goal>
- </goals>
- <configuration>
- <alias>cxfca</alias>
- <dname>CN=splunkca, OU=eng,
O=apache.org</dname>
- <exts>
-
<ext>bc:c=ca:true,pathlen:2147483647</ext>
-
<ext>IssuerAlternativeName=DNS:NOT-FOR-PRODUCTION-USE</ext>
- </exts>
-
<keystore>${project.basedir}/target/certs/wrong-splunkca.jks</keystore>
- </configuration>
- </execution>
- </executions>
- </plugin>
- </plugins>
- </build>
- </profile>
<profile>
<id>ssl debug</id>
<activation>
diff --git
a/integration-tests/splunk-hec/src/main/java/org/apache/camel/quarkus/component/splunk/hec/it/SplunkHecResource.java
b/integration-tests/splunk-hec/src/main/java/org/apache/camel/quarkus/component/splunk/hec/it/SplunkHecResource.java
index 10c6f88627..e8702014a8 100644
---
a/integration-tests/splunk-hec/src/main/java/org/apache/camel/quarkus/component/splunk/hec/it/SplunkHecResource.java
+++
b/integration-tests/splunk-hec/src/main/java/org/apache/camel/quarkus/component/splunk/hec/it/SplunkHecResource.java
@@ -87,17 +87,15 @@ public class SplunkHecResource {
@Named("sslContextParameters")
public SSLContextParameters createServerSSLContextParameters() {
- return createServerSSLContextParameters("target/certs/splunkca.jks");
+ return
createServerSSLContextParameters("target/certs/splunk-hec-keystore.p12");
}
/**
* Creates SSL Context Parameters for the server
- *
- * @return
*/
@Named("wrongSslContextParameters")
public SSLContextParameters createWrongServerSSLContextParameters() {
- return
createServerSSLContextParameters("target/certs/wrong-splunkca.jks");
+ return
createServerSSLContextParameters("target/certs/splunk-hec-invalid-keystore.p12");
}
private SSLContextParameters createServerSSLContextParameters(String
keystore) {
diff --git
a/integration-tests/splunk-hec/src/test/java/org/apache/camel/quarkus/component/splunk/hec/it/SplunkHecTest.java
b/integration-tests/splunk-hec/src/test/java/org/apache/camel/quarkus/component/splunk/hec/it/SplunkHecTest.java
index 45fd3392b1..6ec2986185 100644
---
a/integration-tests/splunk-hec/src/test/java/org/apache/camel/quarkus/component/splunk/hec/it/SplunkHecTest.java
+++
b/integration-tests/splunk-hec/src/test/java/org/apache/camel/quarkus/component/splunk/hec/it/SplunkHecTest.java
@@ -25,7 +25,10 @@ import io.quarkus.test.common.ResourceArg;
import io.quarkus.test.junit.QuarkusTest;
import io.restassured.RestAssured;
import io.restassured.http.ContentType;
+import io.smallrye.certs.Format;
+import io.smallrye.certs.junit5.Certificate;
import org.apache.camel.quarkus.test.DisabledOnArm;
+import org.apache.camel.quarkus.test.support.certificate.TestCertificates;
import org.apache.camel.quarkus.test.support.splunk.SplunkConstants;
import org.apache.camel.quarkus.test.support.splunk.SplunkTestResource;
import org.eclipse.microprofile.config.ConfigProvider;
@@ -34,12 +37,14 @@ import org.junit.jupiter.api.Test;
import org.testcontainers.shaded.org.awaitility.Awaitility;
import org.testcontainers.shaded.org.hamcrest.core.StringContains;
+@TestCertificates(docker = true, certificates = {
+ @Certificate(name = "splunk-hec", formats = { Format.PEM,
Format.PKCS12 }, password = "password"),
+ @Certificate(name = "splunk-hec-invalid", formats = { Format.PKCS12 },
password = "password")
+})
@QuarkusTest
@QuarkusTestResource(value = SplunkTestResource.class, initArgs = {
- @ResourceArg(name = "localhost_cert", value =
"target/certs/localhost.pem"),
- @ResourceArg(name = "ca_cert", value = "target/certs/splunkca.pem"),
- @ResourceArg(name = "localhost_keystore", value =
"target/certs/localhost.jks"),
- @ResourceArg(name = "keystore_password", value = "password") })
+ @ResourceArg(name = "certName", value = "splunk-hec") })
+
@DisabledOnArm
public class SplunkHecTest {
