Author: kwall
Date: Tue Feb 2 15:27:49 2016
New Revision: 1728150
URL: http://svn.apache.org/viewvc?rev=1728150&view=rev
Log:
QPID-7041: [Java System Tests] Add system test for preemptive SSL client auth
authentication against HTTP management
* Refactored RestTestHelper to be capable of using any keystore/truststore and
specifying an cert alias
Added:
qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/PreemtiveAuthRestTest.java
Removed:
qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/BasicAuthRestTest.java
Modified:
qpid/java/trunk/client/src/test/java/org/apache/qpid/client/message/Encrypted010MessageFactoryTest.java
qpid/java/trunk/client/src/test/java/org/apache/qpid/client/message/Encrypted091MessageFactoryTest.java
qpid/java/trunk/common/pom.xml
qpid/java/trunk/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java
qpid/java/trunk/common/src/test/java/org/apache/qpid/ssl/TrustManagerTest.java
qpid/java/trunk/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/TestSSLConstants.java
qpid/java/trunk/systests/src/main/java/org/apache/qpid/systest/rest/RestTestHelper.java
qpid/java/trunk/systests/src/test/java/org/apache/qpid/client/ssl/SSLTest.java
qpid/java/trunk/systests/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java
qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/BrokerRestHttpAndHttpsTest.java
qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/BrokerRestHttpsClientCertAuthTest.java
qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/BrokerRestHttpsTest.java
qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java
Modified:
qpid/java/trunk/client/src/test/java/org/apache/qpid/client/message/Encrypted010MessageFactoryTest.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/client/src/test/java/org/apache/qpid/client/message/Encrypted010MessageFactoryTest.java?rev=1728150&r1=1728149&r2=1728150&view=diff
==============================================================================
---
qpid/java/trunk/client/src/test/java/org/apache/qpid/client/message/Encrypted010MessageFactoryTest.java
(original)
+++
qpid/java/trunk/client/src/test/java/org/apache/qpid/client/message/Encrypted010MessageFactoryTest.java
Tue Feb 2 15:27:49 2016
@@ -125,7 +125,7 @@ public class Encrypted010MessageFactoryT
final List<MessageEncryptionHelper.KeyTransportRecipientInfo>
recipientInfo =
_encryptionHelper.getKeyTransportRecipientInfo(Collections.singletonList(((X509Certificate)
_keyStore
.getCertificate(
- "app1")).getSubjectX500Principal().getName(
+
TestSSLConstants.CERT_ALIAS_APP1)).getSubjectX500Principal().getName(
X500Principal.CANONICAL)), _secretKeySpec);
List<List<Object>> recipientHeader = new ArrayList<>();
Modified:
qpid/java/trunk/client/src/test/java/org/apache/qpid/client/message/Encrypted091MessageFactoryTest.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/client/src/test/java/org/apache/qpid/client/message/Encrypted091MessageFactoryTest.java?rev=1728150&r1=1728149&r2=1728150&view=diff
==============================================================================
---
qpid/java/trunk/client/src/test/java/org/apache/qpid/client/message/Encrypted091MessageFactoryTest.java
(original)
+++
qpid/java/trunk/client/src/test/java/org/apache/qpid/client/message/Encrypted091MessageFactoryTest.java
Tue Feb 2 15:27:49 2016
@@ -114,7 +114,7 @@ public class Encrypted091MessageFactoryT
final List<MessageEncryptionHelper.KeyTransportRecipientInfo>
recipientInfo =
_encryptionHelper.getKeyTransportRecipientInfo(Collections.singletonList(((X509Certificate)
_keyStore
.getCertificate(
- "app1")).getSubjectX500Principal().getName(
+
TestSSLConstants.CERT_ALIAS_APP1)).getSubjectX500Principal().getName(
X500Principal.CANONICAL)), _secretKeySpec);
List<List<Object>> recipientHeader = new ArrayList<>();
Modified: qpid/java/trunk/common/pom.xml
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/common/pom.xml?rev=1728150&r1=1728149&r2=1728150&view=diff
==============================================================================
--- qpid/java/trunk/common/pom.xml (original)
+++ qpid/java/trunk/common/pom.xml Tue Feb 2 15:27:49 2016
@@ -75,6 +75,12 @@
<testResource>
<directory>${basedir}/src/test/resources</directory>
</testResource>
+ <testResource>
+ <directory>${basedir}/../</directory>
+ <includes>
+ <include>test-profiles/**/*.jks</include>
+ </includes>
+ </testResource>
</testResources>
<plugins>
Modified:
qpid/java/trunk/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java?rev=1728150&r1=1728149&r2=1728150&view=diff
==============================================================================
---
qpid/java/trunk/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java
(original)
+++
qpid/java/trunk/common/src/test/java/org/apache/qpid/ssl/SSLContextFactoryTest.java
Tue Feb 2 15:27:49 2016
@@ -18,6 +18,7 @@
package org.apache.qpid.ssl;
import org.apache.qpid.test.utils.QpidTestCase;
+import org.apache.qpid.test.utils.TestSSLConstants;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
@@ -29,15 +30,9 @@ import java.io.IOException;
public class SSLContextFactoryTest extends QpidTestCase
{
- private static final String BROKER_KEYSTORE_PATH = TEST_RESOURCES_DIR +
"/ssl/java_broker_keystore.jks";
- private static final String CLIENT_KEYSTORE_PATH = TEST_RESOURCES_DIR +
"/ssl/java_client_keystore.jks";
- private static final String CLIENT_TRUSTSTORE_PATH = TEST_RESOURCES_DIR +
"/ssl/java_client_truststore.jks";
- private static final String STORE_PASSWORD = "password";
private static final String STORE_TYPE = "JKS";
private static final String DEFAULT_KEY_MANAGER_ALGORITHM =
KeyManagerFactory.getDefaultAlgorithm();
private static final String DEFAULT_TRUST_MANAGER_ALGORITHM =
TrustManagerFactory.getDefaultAlgorithm();
- private static final String CERT_ALIAS_APP1 = "app1";
-
public void testTrustStoreDoesNotExist() throws Exception
{
@@ -49,13 +44,13 @@ public class SSLContextFactoryTest exten
trustManagers =
SSLContextFactory.getTrustManagers("/path/to/nothing",
- STORE_PASSWORD,
+
TestSSLConstants.TRUSTSTORE_PASSWORD,
STORE_TYPE,
DEFAULT_TRUST_MANAGER_ALGORITHM);
keyManagers =
- SSLContextFactory.getKeyManagers(CLIENT_KEYSTORE_PATH,
- STORE_PASSWORD,
+ SSLContextFactory.getKeyManagers(TestSSLConstants.KEYSTORE,
+
TestSSLConstants.KEYSTORE_PASSWORD,
STORE_TYPE,
DEFAULT_KEY_MANAGER_ALGORITHM,
null);
@@ -78,8 +73,8 @@ public class SSLContextFactoryTest exten
final KeyManager[] keyManagers;
trustManagers =
- SSLContextFactory.getTrustManagers(CLIENT_TRUSTSTORE_PATH,
- STORE_PASSWORD,
+ SSLContextFactory.getTrustManagers(TestSSLConstants.TRUSTSTORE,
+
TestSSLConstants.TRUSTSTORE_PASSWORD,
STORE_TYPE,
DEFAULT_TRUST_MANAGER_ALGORITHM);
@@ -98,14 +93,14 @@ public class SSLContextFactoryTest exten
final KeyManager[] keyManagers;
trustManagers =
- SSLContextFactory.getTrustManagers(CLIENT_TRUSTSTORE_PATH,
- STORE_PASSWORD,
+ SSLContextFactory.getTrustManagers(TestSSLConstants.TRUSTSTORE,
+
TestSSLConstants.TRUSTSTORE_PASSWORD,
STORE_TYPE,
DEFAULT_TRUST_MANAGER_ALGORITHM);
keyManagers =
- SSLContextFactory.getKeyManagers(CLIENT_KEYSTORE_PATH,
- STORE_PASSWORD,
+ SSLContextFactory.getKeyManagers(TestSSLConstants.KEYSTORE,
+
TestSSLConstants.KEYSTORE_PASSWORD,
STORE_TYPE,
DEFAULT_KEY_MANAGER_ALGORITHM,
null);
@@ -122,17 +117,17 @@ public class SSLContextFactoryTest exten
final KeyManager[] keyManagers;
trustManagers =
- SSLContextFactory.getTrustManagers(CLIENT_TRUSTSTORE_PATH,
- STORE_PASSWORD,
+ SSLContextFactory.getTrustManagers(TestSSLConstants.TRUSTSTORE,
+
TestSSLConstants.TRUSTSTORE_PASSWORD,
STORE_TYPE,
DEFAULT_TRUST_MANAGER_ALGORITHM);
keyManagers =
- SSLContextFactory.getKeyManagers(CLIENT_KEYSTORE_PATH,
- STORE_PASSWORD,
+ SSLContextFactory.getKeyManagers(TestSSLConstants.KEYSTORE,
+
TestSSLConstants.KEYSTORE_PASSWORD,
STORE_TYPE,
DEFAULT_KEY_MANAGER_ALGORITHM,
- CERT_ALIAS_APP1);
+
TestSSLConstants.CERT_ALIAS_APP1);
SSLContext context =
SSLContextFactory.buildClientContext(trustManagers, keyManagers);
Modified:
qpid/java/trunk/common/src/test/java/org/apache/qpid/ssl/TrustManagerTest.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/common/src/test/java/org/apache/qpid/ssl/TrustManagerTest.java?rev=1728150&r1=1728149&r2=1728150&view=diff
==============================================================================
---
qpid/java/trunk/common/src/test/java/org/apache/qpid/ssl/TrustManagerTest.java
(original)
+++
qpid/java/trunk/common/src/test/java/org/apache/qpid/ssl/TrustManagerTest.java
Tue Feb 2 15:27:49 2016
@@ -31,27 +31,20 @@ import javax.net.ssl.TrustManagerFactory
import javax.net.ssl.X509TrustManager;
import org.apache.qpid.test.utils.QpidTestCase;
+import org.apache.qpid.test.utils.TestSSLConstants;
import org.apache.qpid.transport.network.security.ssl.QpidMultipleTrustManager;
import
org.apache.qpid.transport.network.security.ssl.QpidPeersOnlyTrustManager;
import org.apache.qpid.transport.network.security.ssl.SSLUtil;
public class TrustManagerTest extends QpidTestCase
{
- private static final String BROKER_TRUSTSTORE_PATH = TEST_RESOURCES_DIR +
"/ssl/java_broker_truststore.jks";
- private static final String BROKER_PEERSTORE_PATH = TEST_RESOURCES_DIR +
"/ssl/java_broker_peerstore.jks";
- private static final String CLIENT_KEYSTORE_PATH = TEST_RESOURCES_DIR +
"/ssl/java_client_keystore.jks";
- private static final String CLIENT_UNTRUSTED_KEYSTORE_PATH =
TEST_RESOURCES_DIR + "/ssl/java_client_untrusted_keystore.jks";
- private static final String STORE_PASSWORD = "password";
private static final String STORE_TYPE = "JKS";
private static final String DEFAULT_TRUST_MANAGER_ALGORITHM =
TrustManagerFactory.getDefaultAlgorithm();
- private static final String CERT_ALIAS_APP1 = "app1";
- private static final String CERT_ALIAS_APP2 = "app2";
- private static final String CERT_ALIAS_UNTRUSTED_CLIENT =
"untrusted_client";
// retrieves the client certificate's chain from store and returns it as
an array
private X509Certificate[] getClientChain(final String storePath, final
String alias) throws Exception
{
- final KeyStore ks = SSLUtil.getInitializedKeyStore(storePath,
STORE_PASSWORD, STORE_TYPE);
+ final KeyStore ks = SSLUtil.getInitializedKeyStore(storePath,
TestSSLConstants.KEYSTORE_PASSWORD, STORE_TYPE);
final Certificate[] chain = ks.getCertificateChain(alias);
return Arrays.copyOf(chain, chain.length, X509Certificate[].class);
}
@@ -63,7 +56,7 @@ public class TrustManagerTest extends Qp
while (aliases.hasMoreElements())
{
final String alias = aliases.nextElement();
- if (!alias.equalsIgnoreCase(CERT_ALIAS_APP1))
+ if (!alias.equalsIgnoreCase(TestSSLConstants.CERT_ALIAS_APP1))
{
fail("Broker's peer store contains other certificate than
client's app1 public key");
}
@@ -77,7 +70,7 @@ public class TrustManagerTest extends Qp
public void testQpidPeersOnlyTrustManager() throws Exception
{
// first let's check that peer manager loaded with the PEERstore
succeeds
- final KeyStore ps =
SSLUtil.getInitializedKeyStore(BROKER_PEERSTORE_PATH, STORE_PASSWORD,
STORE_TYPE);
+ final KeyStore ps =
SSLUtil.getInitializedKeyStore(TestSSLConstants.BROKER_PEERSTORE,
TestSSLConstants.BROKER_PEERSTORE_PASSWORD, STORE_TYPE);
this.noCAinPeerStore(ps);
final TrustManagerFactory pmf =
TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM);
pmf.init(ps);
@@ -97,7 +90,7 @@ public class TrustManagerTest extends Qp
try
{
// since broker's peerstore contains the client's app1
certificate, the check should succeed
-
peerManager.checkClientTrusted(this.getClientChain(CLIENT_KEYSTORE_PATH,
CERT_ALIAS_APP1), "RSA");
+
peerManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE,
TestSSLConstants.CERT_ALIAS_APP1), "RSA");
}
catch (CertificateException e)
{
@@ -107,7 +100,7 @@ public class TrustManagerTest extends Qp
try
{
// since broker's peerstore does not contain the client's app2
certificate, the check should fail
-
peerManager.checkClientTrusted(this.getClientChain(CLIENT_KEYSTORE_PATH,
CERT_ALIAS_APP2), "RSA");
+
peerManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE,
TestSSLConstants.CERT_ALIAS_APP2), "RSA");
fail("Untrusted client's validation against the broker's peer
store manager succeeded.");
}
catch (CertificateException e)
@@ -118,7 +111,7 @@ public class TrustManagerTest extends Qp
// now let's check that peer manager loaded with the brokers
TRUSTstore fails because
// it does not have the clients certificate in it (though it does have
a CA-cert that
// would otherwise trust the client cert when using the regular trust
manager).
- final KeyStore ts =
SSLUtil.getInitializedKeyStore(BROKER_TRUSTSTORE_PATH, STORE_PASSWORD,
STORE_TYPE);
+ final KeyStore ts =
SSLUtil.getInitializedKeyStore(TestSSLConstants.BROKER_TRUSTSTORE,
TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD, STORE_TYPE);
final TrustManagerFactory tmf =
TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM);
tmf.init(ts);
final TrustManager[] delegateTrustManagers = tmf.getTrustManagers();
@@ -138,7 +131,7 @@ public class TrustManagerTest extends Qp
{
// since broker's truststore doesn't contain the client's app1
certificate, the check should fail
// despite the fact that the truststore does have a CA that would
otherwise trust the cert
-
peerManager.checkClientTrusted(this.getClientChain(CLIENT_KEYSTORE_PATH,
CERT_ALIAS_APP1), "RSA");
+
peerManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE,
TestSSLConstants.CERT_ALIAS_APP1), "RSA");
fail("Client's validation against the broker's peer store manager
didn't fail.");
}
catch (CertificateException e)
@@ -150,7 +143,7 @@ public class TrustManagerTest extends Qp
{
// since broker's truststore doesn't contain the client's app2
certificate, the check should fail
// despite the fact that the truststore does have a CA that would
otherwise trust the cert
-
peerManager.checkClientTrusted(this.getClientChain(CLIENT_KEYSTORE_PATH,
CERT_ALIAS_APP2), "RSA");
+
peerManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE,
TestSSLConstants.CERT_ALIAS_APP2), "RSA");
fail("Client's validation against the broker's peer store manager
didn't fail.");
}
catch (CertificateException e)
@@ -166,7 +159,7 @@ public class TrustManagerTest extends Qp
public void testQpidMultipleTrustManagerWithRegularTrustStore() throws
Exception
{
final QpidMultipleTrustManager mulTrustManager = new
QpidMultipleTrustManager();
- final KeyStore ts =
SSLUtil.getInitializedKeyStore(BROKER_TRUSTSTORE_PATH, STORE_PASSWORD,
STORE_TYPE);
+ final KeyStore ts =
SSLUtil.getInitializedKeyStore(TestSSLConstants.BROKER_TRUSTSTORE,
TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD, STORE_TYPE);
final TrustManagerFactory tmf =
TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM);
tmf.init(ts);
final TrustManager[] delegateTrustManagers = tmf.getTrustManagers();
@@ -185,7 +178,8 @@ public class TrustManagerTest extends Qp
try
{
// verify the CA-trusted app1 cert (should succeed)
-
mulTrustManager.checkClientTrusted(this.getClientChain(CLIENT_KEYSTORE_PATH,
CERT_ALIAS_APP1), "RSA");
+
mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE,
+
TestSSLConstants.CERT_ALIAS_APP1), "RSA");
}
catch (CertificateException ex)
{
@@ -195,7 +189,8 @@ public class TrustManagerTest extends Qp
try
{
// verify the CA-trusted app2 cert (should succeed)
-
mulTrustManager.checkClientTrusted(this.getClientChain(CLIENT_KEYSTORE_PATH,
CERT_ALIAS_APP2), "RSA");
+
mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE,
+
TestSSLConstants.CERT_ALIAS_APP2), "RSA");
}
catch (CertificateException ex)
{
@@ -205,7 +200,8 @@ public class TrustManagerTest extends Qp
try
{
// verify the untrusted cert (should fail)
-
mulTrustManager.checkClientTrusted(this.getClientChain(CLIENT_UNTRUSTED_KEYSTORE_PATH,
CERT_ALIAS_UNTRUSTED_CLIENT), "RSA");
+
mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.UNTRUSTED_KEYSTORE,
+
TestSSLConstants.CERT_ALIAS_UNTRUSTED_CLIENT), "RSA");
fail("Untrusted client's validation against the broker's multi
store manager unexpectedly passed.");
}
catch (CertificateException ex)
@@ -221,7 +217,7 @@ public class TrustManagerTest extends Qp
public void testQpidMultipleTrustManagerWithPeerStore() throws Exception
{
final QpidMultipleTrustManager mulTrustManager = new
QpidMultipleTrustManager();
- final KeyStore ps =
SSLUtil.getInitializedKeyStore(BROKER_PEERSTORE_PATH, STORE_PASSWORD,
STORE_TYPE);
+ final KeyStore ps =
SSLUtil.getInitializedKeyStore(TestSSLConstants.BROKER_PEERSTORE,
TestSSLConstants.BROKER_PEERSTORE_PASSWORD, STORE_TYPE);
final TrustManagerFactory pmf =
TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM);
pmf.init(ps);
final TrustManager[] delegatePeerManagers = pmf.getTrustManagers();
@@ -240,7 +236,8 @@ public class TrustManagerTest extends Qp
try
{
// verify the trusted app1 cert (should succeed as the key is in
the peerstore)
-
mulTrustManager.checkClientTrusted(this.getClientChain(CLIENT_KEYSTORE_PATH,
CERT_ALIAS_APP1), "RSA");
+
mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE,
+
TestSSLConstants.CERT_ALIAS_APP1), "RSA");
}
catch (CertificateException ex)
{
@@ -250,7 +247,8 @@ public class TrustManagerTest extends Qp
try
{
// verify the untrusted app2 cert (should fail as the key is not
in the peerstore)
-
mulTrustManager.checkClientTrusted(this.getClientChain(CLIENT_KEYSTORE_PATH,
CERT_ALIAS_APP2), "RSA");
+
mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE,
+
TestSSLConstants.CERT_ALIAS_APP2), "RSA");
fail("Untrusted client's validation against the broker's multi
store manager unexpectedly passed.");
}
catch (CertificateException ex)
@@ -261,7 +259,8 @@ public class TrustManagerTest extends Qp
try
{
// verify the untrusted cert (should fail as the key is not in the
peerstore)
-
mulTrustManager.checkClientTrusted(this.getClientChain(CLIENT_UNTRUSTED_KEYSTORE_PATH,
CERT_ALIAS_UNTRUSTED_CLIENT), "RSA");
+
mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.UNTRUSTED_KEYSTORE,
+
TestSSLConstants.CERT_ALIAS_UNTRUSTED_CLIENT), "RSA");
fail("Untrusted client's validation against the broker's multi
store manager unexpectedly passed.");
}
catch (CertificateException ex)
@@ -278,7 +277,7 @@ public class TrustManagerTest extends Qp
public void testQpidMultipleTrustManagerWithTrustAndPeerStores() throws
Exception
{
final QpidMultipleTrustManager mulTrustManager = new
QpidMultipleTrustManager();
- final KeyStore ts =
SSLUtil.getInitializedKeyStore(BROKER_TRUSTSTORE_PATH, STORE_PASSWORD,
STORE_TYPE);
+ final KeyStore ts =
SSLUtil.getInitializedKeyStore(TestSSLConstants.BROKER_TRUSTSTORE,
TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD, STORE_TYPE);
final TrustManagerFactory tmf =
TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM);
tmf.init(ts);
final TrustManager[] delegateTrustManagers = tmf.getTrustManagers();
@@ -294,7 +293,7 @@ public class TrustManagerTest extends Qp
}
assertTrue("The regular trust manager for the trust store was not
added", trustManagerAdded);
- final KeyStore ps =
SSLUtil.getInitializedKeyStore(BROKER_PEERSTORE_PATH, STORE_PASSWORD,
STORE_TYPE);
+ final KeyStore ps =
SSLUtil.getInitializedKeyStore(TestSSLConstants.BROKER_PEERSTORE,
TestSSLConstants.BROKER_PEERSTORE_PASSWORD, STORE_TYPE);
final TrustManagerFactory pmf =
TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM);
pmf.init(ps);
final TrustManager[] delegatePeerManagers = pmf.getTrustManagers();
@@ -313,7 +312,8 @@ public class TrustManagerTest extends Qp
try
{
// verify the CA-trusted app1 cert (should succeed)
-
mulTrustManager.checkClientTrusted(this.getClientChain(CLIENT_KEYSTORE_PATH,
CERT_ALIAS_APP1), "RSA");
+
mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE,
+
TestSSLConstants.CERT_ALIAS_APP1), "RSA");
}
catch (CertificateException ex)
{
@@ -323,7 +323,8 @@ public class TrustManagerTest extends Qp
try
{
// verify the CA-trusted app2 cert (should succeed)
-
mulTrustManager.checkClientTrusted(this.getClientChain(CLIENT_KEYSTORE_PATH,
CERT_ALIAS_APP2), "RSA");
+
mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE,
+
TestSSLConstants.CERT_ALIAS_APP2), "RSA");
}
catch (CertificateException ex)
{
@@ -333,7 +334,8 @@ public class TrustManagerTest extends Qp
try
{
// verify the untrusted cert (should fail)
-
mulTrustManager.checkClientTrusted(this.getClientChain(CLIENT_UNTRUSTED_KEYSTORE_PATH,
CERT_ALIAS_UNTRUSTED_CLIENT), "RSA");
+
mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.UNTRUSTED_KEYSTORE,
+
TestSSLConstants.CERT_ALIAS_UNTRUSTED_CLIENT), "RSA");
fail("Untrusted client's validation against the broker's multi
store manager unexpectedly passed.");
}
catch (CertificateException ex)
Modified:
qpid/java/trunk/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/TestSSLConstants.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/TestSSLConstants.java?rev=1728150&r1=1728149&r2=1728150&view=diff
==============================================================================
---
qpid/java/trunk/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/TestSSLConstants.java
(original)
+++
qpid/java/trunk/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/TestSSLConstants.java
Tue Feb 2 15:27:49 2016
@@ -26,9 +26,13 @@ public interface TestSSLConstants
String TRUSTSTORE =
"test-profiles/test_resources/ssl/java_client_truststore.jks";
String TRUSTSTORE_PASSWORD = "password";
+ String CERT_ALIAS_APP1 = "app1";
+ String CERT_ALIAS_APP2 = "app2";
+ String CERT_ALIAS_UNTRUSTED_CLIENT = "untrusted_client";
+
String BROKER_KEYSTORE =
"test-profiles/test_resources/ssl/java_broker_keystore.jks";
String BROKER_KEYSTORE_PASSWORD = "password";
- Object BROKER_KEYSTORE_ALIAS = "rootca";
+ String BROKER_KEYSTORE_ALIAS = "rootca";
String BROKER_PEERSTORE =
"test-profiles/test_resources/ssl/java_broker_peerstore.jks";
String BROKER_PEERSTORE_PASSWORD = "password";
Modified:
qpid/java/trunk/systests/src/main/java/org/apache/qpid/systest/rest/RestTestHelper.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/systests/src/main/java/org/apache/qpid/systest/rest/RestTestHelper.java?rev=1728150&r1=1728149&r2=1728150&view=diff
==============================================================================
---
qpid/java/trunk/systests/src/main/java/org/apache/qpid/systest/rest/RestTestHelper.java
(original)
+++
qpid/java/trunk/systests/src/main/java/org/apache/qpid/systest/rest/RestTestHelper.java
Tue Feb 2 15:27:49 2016
@@ -18,11 +18,6 @@
*/
package org.apache.qpid.systest.rest;
-import static org.apache.qpid.test.utils.TestSSLConstants.KEYSTORE;
-import static org.apache.qpid.test.utils.TestSSLConstants.KEYSTORE_PASSWORD;
-import static org.apache.qpid.test.utils.TestSSLConstants.TRUSTSTORE;
-import static org.apache.qpid.test.utils.TestSSLConstants.TRUSTSTORE_PASSWORD;
-
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
@@ -35,14 +30,11 @@ import java.net.URL;
import java.net.URLEncoder;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
-import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
-import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
-import java.util.Set;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
@@ -77,7 +69,6 @@ public class RestTestHelper
public static final String API_BASE = "/api/latest/";
private static final Logger LOGGER =
LoggerFactory.getLogger(RestTestHelper.class);
- private static final String CERT_ALIAS_APP1 = "app1";
private int _httpPort;
@@ -92,6 +83,14 @@ public class RestTestHelper
static final String[] EXPECTED_QUEUES = { "queue", "ping" };
private final int _connectTimeout =
Integer.getInteger("qpid.resttest_connection_timeout", 30000);
+ private String _truststore;
+ private String _truststorePassword;
+
+ private String _keystore;
+ private String _keystorePassword;
+
+ private String _clientAuthAlias;
+
public RestTestHelper(int httpPort)
{
_httpPort = httpPort;
@@ -123,6 +122,23 @@ public class RestTestHelper
return new URL(getManagementURL() + path);
}
+ public void setKeystore(final String keystore, final String
keystorePassword)
+ {
+ _keystore = keystore;
+ _keystorePassword = keystorePassword;
+ }
+
+ public void setTruststore(final String truststore, final String
truststorePassword)
+ {
+ _truststore = truststore;
+ _truststorePassword = truststorePassword;
+ }
+
+ public void setClientAuthAlias(final String clientAuthAlias)
+ {
+ _clientAuthAlias = clientAuthAlias;
+ }
+
public HttpURLConnection openManagementConnection(String path, String
method) throws IOException
{
if (!path.startsWith("/"))
@@ -144,18 +160,22 @@ public class RestTestHelper
final KeyManager[] keyManagers;
trustManagers =
- SSLContextFactory.getTrustManagers(TRUSTSTORE,
- TRUSTSTORE_PASSWORD,
+ SSLContextFactory.getTrustManagers(_truststore,
+ _truststorePassword,
KeyStore.getDefaultType(),
TrustManagerFactory.getDefaultAlgorithm());
+ if (_keystore == null)
+ {
+ throw new IllegalStateException("Cannot use SSL client
auth without providing a keystore");
+ }
+
keyManagers =
- SSLContextFactory.getKeyManagers(KEYSTORE,
- KEYSTORE_PASSWORD,
+ SSLContextFactory.getKeyManagers(_keystore,
+ _keystorePassword,
KeyStore.getDefaultType(),
KeyManagerFactory.getDefaultAlgorithm(),
- CERT_ALIAS_APP1);
-
+ _clientAuthAlias);
final SSLContext sslContext =
SSLContext.getInstance(SSLUtil.getEnabledSSlProtocols()[SSLUtil.getEnabledSSlProtocols().length-1]);
@@ -170,7 +190,7 @@ public class RestTestHelper
throw new RuntimeException(e);
}
}
- else if(_useSsl)
+ else if (_useSsl)
{
try
{
@@ -181,8 +201,8 @@ public class RestTestHelper
final KeyManager[] keyManagers;
trustManagers =
- SSLContextFactory.getTrustManagers(TRUSTSTORE,
- TRUSTSTORE_PASSWORD,
+ SSLContextFactory.getTrustManagers(_truststore,
+ _truststorePassword,
KeyStore.getDefaultType(),
TrustManagerFactory.getDefaultAlgorithm());
Modified:
qpid/java/trunk/systests/src/test/java/org/apache/qpid/client/ssl/SSLTest.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/systests/src/test/java/org/apache/qpid/client/ssl/SSLTest.java?rev=1728150&r1=1728149&r2=1728150&view=diff
==============================================================================
---
qpid/java/trunk/systests/src/test/java/org/apache/qpid/client/ssl/SSLTest.java
(original)
+++
qpid/java/trunk/systests/src/test/java/org/apache/qpid/client/ssl/SSLTest.java
Tue Feb 2 15:27:49 2016
@@ -57,14 +57,12 @@ import org.apache.qpid.server.model.Virt
import org.apache.qpid.test.utils.QpidBrokerTestCase;
import org.apache.qpid.test.utils.TestBrokerConfiguration;
import org.apache.qpid.test.utils.TestFileUtils;
+import org.apache.qpid.test.utils.TestSSLConstants;
public class SSLTest extends QpidBrokerTestCase
{
private static final Logger LOGGER =
LoggerFactory.getLogger(SSLTest.class);
- private static final String CERT_ALIAS_APP1 = "app1";
- private static final String CERT_ALIAS_APP2 = "app2";
-
@Override
protected void setUp() throws Exception
{
@@ -279,7 +277,7 @@ public class SSLTest extends QpidBrokerT
String url =
"amqp://guest:guest@test/?brokerlist='tcp://localhost:" +
getDefaultBroker().getAmqpTlsPort() +
- "?ssl='true'&ssl_cert_alias='" + CERT_ALIAS_APP1 +
"''";
+ "?ssl='true'&ssl_cert_alias='" +
TestSSLConstants.CERT_ALIAS_APP1 + "''";
AMQTestConnection_0_10 con = new AMQTestConnection_0_10(url);
org.apache.qpid.transport.Connection transportCon =
con.getConnection();
@@ -289,7 +287,7 @@ public class SSLTest extends QpidBrokerT
url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:" +
getDefaultBroker().getAmqpTlsPort() +
- "?ssl='true'&ssl_cert_alias='" + CERT_ALIAS_APP2 + "''";
+ "?ssl='true'&ssl_cert_alias='" +
TestSSLConstants.CERT_ALIAS_APP2 + "''";
con = new AMQTestConnection_0_10(url);
transportCon = con.getConnection();
@@ -599,7 +597,7 @@ public class SSLTest extends QpidBrokerT
File privateKeyFile = TestFileUtils.createTempFile(this,
".private-key.der");
try(FileOutputStream kos = new FileOutputStream(privateKeyFile))
{
- Key pvt = ks.getKey(CERT_ALIAS_APP1,
KEYSTORE_PASSWORD.toCharArray());
+ Key pvt = ks.getKey(TestSSLConstants.CERT_ALIAS_APP1,
KEYSTORE_PASSWORD.toCharArray());
kos.write("-----BEGIN PRIVATE KEY-----\n".getBytes());
String base64encoded =
DatatypeConverter.printBase64Binary(pvt.getEncoded());
while(base64encoded.length() > 76)
@@ -618,7 +616,7 @@ public class SSLTest extends QpidBrokerT
try(FileOutputStream cos = new FileOutputStream(certificateFile))
{
- Certificate[] chain = ks.getCertificateChain(CERT_ALIAS_APP1);
+ Certificate[] chain =
ks.getCertificateChain(TestSSLConstants.CERT_ALIAS_APP1);
for(Certificate pub : chain)
{
cos.write("-----BEGIN CERTIFICATE-----\n".getBytes());
Modified:
qpid/java/trunk/systests/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/systests/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java?rev=1728150&r1=1728149&r2=1728150&view=diff
==============================================================================
---
qpid/java/trunk/systests/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java
(original)
+++
qpid/java/trunk/systests/src/test/java/org/apache/qpid/server/security/auth/manager/ExternalAuthenticationTest.java
Tue Feb 2 15:27:49 2016
@@ -50,6 +50,7 @@ import org.apache.qpid.server.security.F
import org.apache.qpid.systest.rest.RestTestHelper;
import org.apache.qpid.test.utils.QpidBrokerTestCase;
import org.apache.qpid.test.utils.TestBrokerConfiguration;
+import org.apache.qpid.test.utils.TestSSLConstants;
public class ExternalAuthenticationTest extends QpidBrokerTestCase
{
@@ -158,7 +159,7 @@ public class ExternalAuthenticationTest
try
{
- getExternalSSLConnection(false);
+ getExternalSSLConnection(false, "&ssl_cert_alias='" +
TestSSLConstants.CERT_ALIAS_UNTRUSTED_CLIENT + "'");
fail("Connection should not succeed");
}
catch (JMSException e)
Modified:
qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/BrokerRestHttpAndHttpsTest.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/BrokerRestHttpAndHttpsTest.java?rev=1728150&r1=1728149&r2=1728150&view=diff
==============================================================================
---
qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/BrokerRestHttpAndHttpsTest.java
(original)
+++
qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/BrokerRestHttpAndHttpsTest.java
Tue Feb 2 15:27:49 2016
@@ -78,8 +78,13 @@ public class BrokerRestHttpAndHttpsTest
private Collection<String> getMechanisms(final boolean useSsl) throws
IOException
{
- _restTestHelper = new RestTestHelper(useSsl?
getDefaultBroker().getHttpsPort() : getDefaultBroker().getHttpPort());
+ _restTestHelper = new RestTestHelper(useSsl ?
getDefaultBroker().getHttpsPort() : getDefaultBroker().getHttpPort());
_restTestHelper.setUseSsl(useSsl);
+ if (useSsl)
+ {
+ _restTestHelper.setTruststore(TRUSTSTORE, TRUSTSTORE_PASSWORD);
+ }
+
Map<String, Object> mechanisms =
_restTestHelper.getJsonAsMap("/service/sasl");
return (Collection<String>) mechanisms.get("mechanisms");
}
Modified:
qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/BrokerRestHttpsClientCertAuthTest.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/BrokerRestHttpsClientCertAuthTest.java?rev=1728150&r1=1728149&r2=1728150&view=diff
==============================================================================
---
qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/BrokerRestHttpsClientCertAuthTest.java
(original)
+++
qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/BrokerRestHttpsClientCertAuthTest.java
Tue Feb 2 15:27:49 2016
@@ -24,6 +24,7 @@ import static org.apache.qpid.test.utils
import static org.apache.qpid.test.utils.TestSSLConstants.KEYSTORE_PASSWORD;
import static org.apache.qpid.test.utils.TestSSLConstants.TRUSTSTORE;
import static org.apache.qpid.test.utils.TestSSLConstants.TRUSTSTORE_PASSWORD;
+import static org.apache.qpid.test.utils.TestSSLConstants.CERT_ALIAS_APP1;
import java.util.Collections;
import java.util.HashMap;
@@ -44,11 +45,6 @@ public class BrokerRestHttpsClientCertAu
{
setSystemProperty("javax.net.debug", "ssl");
super.setUp();
- setSystemProperty("javax.net.ssl.trustStore", TRUSTSTORE);
- setSystemProperty("javax.net.ssl.trustStorePassword",
TRUSTSTORE_PASSWORD);
- setSystemProperty("javax.net.ssl.keystore", KEYSTORE);
- setSystemProperty("javax.net.ssl.keyStorePassword", KEYSTORE_PASSWORD);
-
}
@Override
@@ -80,6 +76,10 @@ public class BrokerRestHttpsClientCertAu
{
_restTestHelper = new
RestTestHelper(getDefaultBroker().getHttpsPort());
_restTestHelper.setUseSslAuth(true);
+ _restTestHelper.setTruststore(TRUSTSTORE, TRUSTSTORE_PASSWORD);
+ _restTestHelper.setKeystore(KEYSTORE, KEYSTORE_PASSWORD);
+ _restTestHelper.setClientAuthAlias(CERT_ALIAS_APP1);
+
Map<String, Object> saslData =
getRestTestHelper().getJsonAsMap("/service/sasl");
Asserts.assertAttributesPresent(saslData, "user");
Modified:
qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/BrokerRestHttpsTest.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/BrokerRestHttpsTest.java?rev=1728150&r1=1728149&r2=1728150&view=diff
==============================================================================
---
qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/BrokerRestHttpsTest.java
(original)
+++
qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/BrokerRestHttpsTest.java
Tue Feb 2 15:27:49 2016
@@ -44,8 +44,7 @@ public class BrokerRestHttpsTest extends
super.setUp();
_restTestHelper = new
RestTestHelper(getDefaultBroker().getHttpsPort());
_restTestHelper.setUseSsl(true);
- setSystemProperty("javax.net.ssl.trustStore", TRUSTSTORE);
- setSystemProperty("javax.net.ssl.trustStorePassword",
TRUSTSTORE_PASSWORD);
+ _restTestHelper.setTruststore(TRUSTSTORE, TRUSTSTORE_PASSWORD);
}
@Override
Added:
qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/PreemtiveAuthRestTest.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/PreemtiveAuthRestTest.java?rev=1728150&view=auto
==============================================================================
---
qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/PreemtiveAuthRestTest.java
(added)
+++
qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/PreemtiveAuthRestTest.java
Tue Feb 2 15:27:49 2016
@@ -0,0 +1,192 @@
+/*
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.qpid.systest.rest;
+
+import static org.apache.qpid.test.utils.TestSSLConstants.TRUSTSTORE;
+import static org.apache.qpid.test.utils.TestSSLConstants.TRUSTSTORE_PASSWORD;
+import static org.apache.qpid.test.utils.TestSSLConstants.KEYSTORE;
+import static org.apache.qpid.test.utils.TestSSLConstants.KEYSTORE_PASSWORD;
+import static org.apache.qpid.test.utils.TestSSLConstants.UNTRUSTED_KEYSTORE;
+
+import java.io.IOException;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.qpid.server.management.plugin.HttpManagement;
+import org.apache.qpid.server.model.AuthenticationProvider;
+import org.apache.qpid.server.model.Plugin;
+import org.apache.qpid.server.model.Port;
+import org.apache.qpid.server.model.Protocol;
+import org.apache.qpid.server.model.Transport;
+import
org.apache.qpid.server.security.auth.manager.ExternalAuthenticationManager;
+import org.apache.qpid.test.utils.TestBrokerConfiguration;
+import org.apache.qpid.test.utils.TestSSLConstants;
+
+public class PreemtiveAuthRestTest extends QpidRestTestCase
+{
+ private static final String USERNAME = "admin";
+ private static final String PASSWORD = "admin";
+
+ @Override
+ public void startDefaultBroker() throws Exception
+ {
+ //don't call super method, we will configure the broker in the test
before doing so
+ }
+
+ @Override
+ protected void customizeConfiguration() throws Exception
+ {
+ //do nothing, we will configure this locally
+ }
+
+ private void configure(boolean useSsl, final boolean useClientAuth) throws
Exception
+ {
+ super.customizeConfiguration();
+
+ setSystemProperty("javax.net.debug", "ssl");
+ if (useSsl)
+ {
+ Map<String, Object> portAttributes = new HashMap<>();
+ portAttributes.put(Port.PROTOCOLS,
Collections.singleton(Protocol.HTTP));
+ portAttributes.put(Port.TRANSPORTS,
Collections.singleton(Transport.SSL));
+ portAttributes.put(Port.KEY_STORE,
TestBrokerConfiguration.ENTRY_NAME_SSL_KEYSTORE);
+
+ if (useClientAuth)
+ {
+ portAttributes.put(Port.TRUST_STORES,
Collections.singleton(TestBrokerConfiguration.ENTRY_NAME_SSL_TRUSTSTORE));
+ portAttributes.put(Port.NEED_CLIENT_AUTH, "true");
+ portAttributes.put(Port.AUTHENTICATION_PROVIDER,
EXTERNAL_AUTHENTICATION_PROVIDER);
+
+ Map<String, Object> externalProviderAttributes = new
HashMap<>();
+ externalProviderAttributes.put(AuthenticationProvider.TYPE,
ExternalAuthenticationManager.PROVIDER_TYPE);
+ externalProviderAttributes.put(AuthenticationProvider.NAME,
EXTERNAL_AUTHENTICATION_PROVIDER);
+
getDefaultBrokerConfiguration().addObjectConfiguration(AuthenticationProvider.class,
externalProviderAttributes);
+ }
+
+ getDefaultBrokerConfiguration().setObjectAttributes(Port.class,
TestBrokerConfiguration.ENTRY_NAME_HTTP_PORT, portAttributes);
+ }
+ }
+
+ private void verifyGetBrokerAttempt(int responseCode) throws IOException
+ {
+ assertEquals(responseCode, getRestTestHelper().submitRequest("broker",
"GET"));
+ }
+
+ public void testBasicAuth() throws Exception
+ {
+ configure(false, false);
+ super.startDefaultBroker();
+
+ _restTestHelper.setUsernameAndPassword(USERNAME, PASSWORD);
+ verifyGetBrokerAttempt(HttpServletResponse.SC_OK);
+ }
+
+ public void testBasicAuth_WrongPassword() throws Exception
+ {
+ configure(false, false);
+ super.startDefaultBroker();
+
+ _restTestHelper.setUsernameAndPassword(USERNAME, "badpassword");
+ verifyGetBrokerAttempt(HttpServletResponse.SC_UNAUTHORIZED);
+ }
+
+ public void testBasicAuthWhenDisabled() throws Exception
+ {
+ configure(false, false);
+ getDefaultBrokerConfiguration().setObjectAttribute(Plugin.class,
TestBrokerConfiguration.ENTRY_NAME_HTTP_MANAGEMENT,
HttpManagement.HTTP_BASIC_AUTHENTICATION_ENABLED, false);
+ super.startDefaultBroker();
+ getRestTestHelper().setUseSsl(false);
+ // Try the attempt with authentication, it should fail because
+ // BASIC auth is disabled by default on non-secure connections.
+ getRestTestHelper().setUsernameAndPassword(USERNAME, PASSWORD);
+ verifyGetBrokerAttempt(HttpServletResponse.SC_UNAUTHORIZED);
+ }
+
+ public void testBasicAuth_Https() throws Exception
+ {
+ configure(true, false);
+ super.startDefaultBroker();
+ _restTestHelper = new
RestTestHelper(getDefaultBroker().getHttpsPort());
+ _restTestHelper.setUseSsl(true);
+ _restTestHelper.setTruststore(TRUSTSTORE, TRUSTSTORE_PASSWORD);
+
+ // Try the attempt with authentication, it should succeed because
+ // BASIC auth is enabled by default on secure connections.
+ _restTestHelper.setUsernameAndPassword(USERNAME, PASSWORD);
+ verifyGetBrokerAttempt(HttpServletResponse.SC_OK);
+ }
+
+ public void testBasicAuthWhenDisabled_Https() throws Exception
+ {
+ configure(true, false);
+ getDefaultBrokerConfiguration().setObjectAttribute(Plugin.class,
TestBrokerConfiguration.ENTRY_NAME_HTTP_MANAGEMENT,
HttpManagement.HTTPS_BASIC_AUTHENTICATION_ENABLED, false);
+ super.startDefaultBroker();
+ _restTestHelper = new
RestTestHelper(getDefaultBroker().getHttpsPort());
+ _restTestHelper.setUseSsl(true);
+ _restTestHelper.setTruststore(TRUSTSTORE, TRUSTSTORE_PASSWORD);
+
+ // Try the attempt with authentication, it should fail because
+ // BASIC auth is now disabled on secure connections.
+ _restTestHelper.setUsernameAndPassword(USERNAME, PASSWORD);
+ verifyGetBrokerAttempt(HttpServletResponse.SC_UNAUTHORIZED);
+ }
+
+ public void testClientCertAuth() throws Exception
+ {
+ configure(true, true);
+ super.startDefaultBroker();
+ _restTestHelper = new
RestTestHelper(getDefaultBroker().getHttpsPort());
+ _restTestHelper.setUseSsl(true);
+ _restTestHelper.setUseSslAuth(true);
+ _restTestHelper.setTruststore(TRUSTSTORE, TRUSTSTORE_PASSWORD);
+ _restTestHelper.setKeystore(KEYSTORE, KEYSTORE_PASSWORD);
+
+ _restTestHelper.setUsernameAndPassword(null, null);
+ verifyGetBrokerAttempt(HttpServletResponse.SC_OK);
+ }
+
+ public void testClientCertAuth_UntrustedClientCert() throws Exception
+ {
+ configure(true, true);
+ super.startDefaultBroker();
+ _restTestHelper = new
RestTestHelper(getDefaultBroker().getHttpsPort());
+ _restTestHelper.setUseSsl(true);
+ _restTestHelper.setUseSslAuth(true);
+ _restTestHelper.setTruststore(TRUSTSTORE, TRUSTSTORE_PASSWORD);
+ _restTestHelper.setKeystore(UNTRUSTED_KEYSTORE, KEYSTORE_PASSWORD);
+
_restTestHelper.setClientAuthAlias(TestSSLConstants.CERT_ALIAS_UNTRUSTED_CLIENT);
+
+ _restTestHelper.setUsernameAndPassword(null, null);
+
+ try
+ {
+ getRestTestHelper().submitRequest("broker", "GET");
+ fail("Exception not thrown");
+ }
+ catch (IOException e)
+ {
+ e.printStackTrace();
+ }
+ }
+}
Modified:
qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java
URL:
http://svn.apache.org/viewvc/qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java?rev=1728150&r1=1728149&r2=1728150&view=diff
==============================================================================
---
qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java
(original)
+++
qpid/java/trunk/systests/src/test/java/org/apache/qpid/systest/rest/acl/BrokerACLTest.java
Tue Feb 2 15:27:49 2016
@@ -284,7 +284,7 @@ public class BrokerACLTest extends QpidR
assertKeyStoreExistence(keyStoreName, false);
- int responseCode = createKeyStore(keyStoreName, "app1");
+ int responseCode = createKeyStore(keyStoreName,
TestSSLConstants.CERT_ALIAS_APP1);
assertEquals("keyStore creation should be allowed", 201, responseCode);
assertKeyStoreExistence(keyStoreName, true);
@@ -298,7 +298,7 @@ public class BrokerACLTest extends QpidR
assertKeyStoreExistence(keyStoreName, false);
- int responseCode = createKeyStore(keyStoreName, "app1");
+ int responseCode = createKeyStore(keyStoreName,
TestSSLConstants.CERT_ALIAS_APP1);
assertEquals("keyStore creation should be allowed", 403, responseCode);
assertKeyStoreExistence(keyStoreName, false);
@@ -312,7 +312,7 @@ public class BrokerACLTest extends QpidR
assertKeyStoreExistence(keyStoreName, false);
- int responseCode = createKeyStore(keyStoreName, "app1");
+ int responseCode = createKeyStore(keyStoreName,
TestSSLConstants.CERT_ALIAS_APP1);
assertEquals("keyStore creation should be allowed", 201, responseCode);
assertKeyStoreExistence(keyStoreName, true);
@@ -333,7 +333,7 @@ public class BrokerACLTest extends QpidR
assertKeyStoreExistence(keyStoreName, false);
- int responseCode = createKeyStore(keyStoreName, "app1");
+ int responseCode = createKeyStore(keyStoreName,
TestSSLConstants.CERT_ALIAS_APP1);
assertEquals("keyStore creation should be allowed", 201, responseCode);
assertKeyStoreExistence(keyStoreName, true);
@@ -351,8 +351,8 @@ public class BrokerACLTest extends QpidR
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
String keyStoreName = getTestName();
- String initialCertAlias = "app1";
- String updatedCertAlias = "app2";
+ String initialCertAlias = TestSSLConstants.CERT_ALIAS_APP1;
+ String updatedCertAlias = TestSSLConstants.CERT_ALIAS_APP2;
assertKeyStoreExistence(keyStoreName, false);
@@ -378,8 +378,8 @@ public class BrokerACLTest extends QpidR
getRestTestHelper().setUsernameAndPassword(ALLOWED_USER, ALLOWED_USER);
String keyStoreName = getTestName();
- String initialCertAlias = "app1";
- String updatedCertAlias = "app2";
+ String initialCertAlias = TestSSLConstants.CERT_ALIAS_APP1;
+ String updatedCertAlias = TestSSLConstants.CERT_ALIAS_APP2;
assertKeyStoreExistence(keyStoreName, false);
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
