Repository: qpid-dispatch Updated Branches: refs/heads/master 90415a46e -> 9ec4c43bc
http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/9ec4c43b/tests/system_tests_qdmanage.py ---------------------------------------------------------------------- diff --git a/tests/system_tests_qdmanage.py b/tests/system_tests_qdmanage.py index adcbe66..319a9cb 100644 --- a/tests/system_tests_qdmanage.py +++ b/tests/system_tests_qdmanage.py @@ -18,6 +18,7 @@ # import re, json, unittest, os +from time import sleep from system_test import TestCase, Process, Qdrouterd, main_module, TIMEOUT, DIR, wait_port from subprocess import PIPE, STDOUT from qpid_dispatch_internal.compat import OrderedDict, dictify @@ -165,6 +166,17 @@ class QdmanageTest(TestCase): actual = self.run_qdmanage("get-schema") self.assertEquals(schema, dictify(json.loads(actual))) + def test_get_annotations(self): + """ + The qdmanage GET-ANNOTATIONS call must return an empty dict since we don't support annotations at the moment. + """ + out = json.loads(self.run_qdmanage("get-annotations")) + self.assertTrue(len(out) == 0) + + def test_get_types(self): + out = json.loads(self.run_qdmanage("get-types")) + self.assertEqual(len(out), 27) + def test_get_log(self): log = json.loads(self.run_qdmanage("get-log limit=1"))[0] self.assertEquals(['AGENT', 'trace'], log[0:2]) @@ -363,5 +375,63 @@ class QdmanageTestSsl(QdmanageTest): created = True self.assertTrue(created) + def test_create_delete_ssl_profile(self): + """ + + """ + long_type = 'org.apache.qpid.dispatch.sslProfile' + ssl_profile_name = 'ssl-profile-test' + ssl_create_command = 'CREATE --type=' + long_type + ' certFile=' + self.ssl_file('server-certificate.pem') + \ + ' keyFile=' + self.ssl_file('server-private-key.pem') + ' password=server-password' + \ + ' name=' + ssl_profile_name + ' certDb=' + self.ssl_file('ca-certificate.pem') + + output = json.loads(self.run_qdmanage(ssl_create_command)) + name = output['name'] + self.assertEqual(name, ssl_profile_name) + + long_type = 'org.apache.qpid.dispatch.listener' + listener_name = 'sslListener' + port = self.get_port() + listener_create_command = 'CREATE --type=' + long_type + ' --name=sslListener host=127.0.0.1 port=' + str(port) + \ + ' saslMechanisms=EXTERNAL sslProfile=' + ssl_profile_name + \ + ' requireSsl=yes authenticatePeer=yes' + output = json.loads(self.run_qdmanage(listener_create_command)) + name = output['name'] + self.assertEqual(name, listener_name) + + sleep(1) + query_command = 'QUERY --type=listener' + + # Query on the port that was created by the preceding listener create + output = json.loads(self.run_qdmanage(query_command, address="127.0.0.1:"+str(port))) + + ssl_listener_present = False + + for out in output: + if out['name'] == 'sslListener': + ssl_listener_present = True + self.assertEqual(out['sslProfile'], 'ssl-profile-test') + + self.assertEqual(len(output), 3) + self.assertTrue(ssl_listener_present) + + # Delete the SSL Profile. This will fail because there is a listener referencing the SSL profile. + delete_command = 'DELETE --type=sslProfile --name=' + ssl_profile_name + cannot_delete = False + try: + json.loads(self.run_qdmanage(delete_command)) + except Exception as e: + cannot_delete = True + self.assertTrue('ForbiddenStatus: SSL Profile is referenced by other listeners/connectors' in e.message) + + self.assertTrue(cannot_delete) + + # Deleting the listener first and then the SSL profile must work. + delete_command = 'DELETE --type=listener --name=' + listener_name + self.run_qdmanage(delete_command) + + delete_command = 'DELETE --type=sslProfile --name=' + ssl_profile_name + self.run_qdmanage(delete_command) + if __name__ == '__main__': unittest.main(main_module()) http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/9ec4c43b/tests/system_tests_sasl_plain.py ---------------------------------------------------------------------- diff --git a/tests/system_tests_sasl_plain.py b/tests/system_tests_sasl_plain.py index 7da5ca7..d009235 100644 --- a/tests/system_tests_sasl_plain.py +++ b/tests/system_tests_sasl_plain.py @@ -17,9 +17,10 @@ # under the License. # -import unittest, os, time -from subprocess import PIPE, Popen -from system_test import TestCase, Qdrouterd, main_module, DIR, TIMEOUT +import unittest, os, json +from time import sleep +from subprocess import PIPE, Popen, STDOUT +from system_test import TestCase, Qdrouterd, main_module, DIR, TIMEOUT, Process from qpid_dispatch.management.client import Node @@ -394,6 +395,8 @@ class RouterTestVerifyHostNameNo(RouterTestPlainSaslCommon): def ssl_file(name): return os.path.join(DIR, 'ssl_certs', name) + x_listener_port = None + @classmethod def setUpClass(cls): """ @@ -409,6 +412,7 @@ class RouterTestVerifyHostNameNo(RouterTestPlainSaslCommon): cls.routers = [] x_listener_port = cls.tester.get_port() + RouterTestVerifyHostNameNo.x_listener_port = x_listener_port y_listener_port = cls.tester.get_port() super(RouterTestVerifyHostNameNo, cls).router('X', [ @@ -433,7 +437,9 @@ class RouterTestVerifyHostNameNo(RouterTestPlainSaslCommon): super(RouterTestVerifyHostNameNo, cls).router('Y', [ # This router will act like a client. First an SSL connection will be established and then # we will have SASL plain authentication over SSL. - ('connector', {'addr': '127.0.0.1', 'role': 'inter-router', 'port': x_listener_port, + ('connector', {'name': 'connectorToX', + 'addr': '127.0.0.1', 'role': 'inter-router', + 'port': x_listener_port, 'sslProfile': 'client-ssl-profile', # Provide a sasl user name and password to connect to QDR.X 'saslMechanisms': 'PLAIN', @@ -442,7 +448,7 @@ class RouterTestVerifyHostNameNo(RouterTestPlainSaslCommon): ('router', {'workerThreads': 1, 'mode': 'interior', 'routerId': 'QDR.Y'}), - ('listener', {'addr': '0.0.0.0', 'role': 'normal', 'port': y_listener_port}), + ('listener', {'host': '0.0.0.0', 'role': 'normal', 'port': y_listener_port}), ('sslProfile', {'name': 'client-ssl-profile', 'certDb': cls.ssl_file('ca-certificate.pem'), 'certFile': cls.ssl_file('client-certificate.pem'), @@ -454,20 +460,26 @@ class RouterTestVerifyHostNameNo(RouterTestPlainSaslCommon): cls.routers[1].wait_ports() cls.routers[1].wait_router_connected('QDR.X') - def test_inter_router_plain_over_ssl_exists(self): - """ - Tests to make sure that an inter-router connection exists between the routers since verifyHostName is 'no'. - """ - local_node = Node.connect(self.routers[1].addresses[0], timeout=TIMEOUT) - - results = local_node.query(type='org.apache.qpid.dispatch.connection').results + @staticmethod + def ssl_file(name): + return os.path.join(DIR, 'ssl_certs', name) - self.assertEqual(4, len(results)) + def run_qdmanage(self, cmd, input=None, expect=Process.EXIT_OK, address=None): + p = self.popen( + ['qdmanage'] + cmd.split(' ') + ['--bus', address or self.address(), '--indent=-1', '--timeout', + str(TIMEOUT)], stdin=PIPE, stdout=PIPE, stderr=STDOUT, expect=expect) + out = p.communicate(input)[0] + try: + p.teardown() + except Exception, e: + raise Exception("%s\n%s" % (e, out)) + return out + def common_asserts(self, results): search = "QDR.X" found = False - for N in range(0,3): + for N in range(0, len(results)): if results[N][0] == search: found = True break @@ -486,6 +498,110 @@ class RouterTestVerifyHostNameNo(RouterTestPlainSaslCommon): # user must be [email protected] self.assertEqual(u'[email protected]', results[N][16]) + def test_inter_router_plain_over_ssl_exists(self): + """ + Tests to make sure that an inter-router connection exists between the routers since verifyHostName is 'no'. + """ + local_node = Node.connect(self.routers[1].addresses[0], timeout=TIMEOUT) + + results = local_node.query(type='org.apache.qpid.dispatch.connection').results + + self.common_asserts(results) + + def test_zzz_delete_create_connector(self): + """ + Delete an ssl profile before deleting the connector and make sure it fails. + Delete an ssl profile after deleting the connector and make sure it succeeds. + Re-add the deleted connector and associate it with an ssl profile and make sure + that the two routers are able to communicate over the connection. + """ + + ssl_profile_name = 'client-ssl-profile' + + delete_command = 'DELETE --type=sslProfile --name=' + ssl_profile_name + + cannot_delete = False + try: + json.loads(self.run_qdmanage(delete_command, address=self.routers[1].addresses[0])) + except Exception as e: + cannot_delete = True + self.assertTrue('ForbiddenStatus: SSL Profile is referenced by other listeners/connectors' in e.message) + + self.assertTrue(cannot_delete) + + # Deleting the connector + delete_command = 'DELETE --type=connector --name=connectorToX' + self.run_qdmanage(delete_command, address=self.routers[1].addresses[0]) + + #Assert here that the connection to QDR.X is gone + + # Re-add connector + connector_create_command = 'CREATE --type=connector name=connectorToX host=127.0.0.1 port=' + \ + str(RouterTestVerifyHostNameNo.x_listener_port) + \ + ' saslMechanisms=PLAIN sslProfile=' + ssl_profile_name + \ + ' role=inter-router verifyHostName=no [email protected]' \ + ' saslPassword=password' + + json.loads(self.run_qdmanage(connector_create_command, address=self.routers[1].addresses[0])) + sleep(1) + local_node = Node.connect(self.routers[1].addresses[0], timeout=TIMEOUT) + results = local_node.query(type='org.apache.qpid.dispatch.connection').results + self.common_asserts(results) + + def test_zzz_delete_create_ssl_profile(self): + """ + Deletes a connector and its corresponding ssl profile and recreates both + """ + + ssl_profile_name = 'client-ssl-profile' + + # Deleting the connector first and then its SSL profile must work. + delete_command = 'DELETE --type=connector --name=connectorToX' + self.run_qdmanage(delete_command, address=self.routers[1].addresses[0]) + + # Delete the connector's associated ssl profile + delete_command = 'DELETE --type=sslProfile --name=' + ssl_profile_name + self.run_qdmanage(delete_command, address=self.routers[1].addresses[0]) + + local_node = Node.connect(self.routers[1].addresses[0], timeout=TIMEOUT) + results = local_node.query(type='org.apache.qpid.dispatch.connection').results + search = "QDR.X" + found = False + + for N in range(0, 3): + if results[N][0] == search: + found = True + break + + self.assertFalse(found) + + # re-create the ssl profile + long_type = 'org.apache.qpid.dispatch.sslProfile' + ssl_create_command = 'CREATE --type=' + long_type + ' certFile=' + self.ssl_file('client-certificate.pem') + \ + ' keyFile=' + self.ssl_file('client-private-key.pem') + ' password=client-password' + \ + ' name=' + ssl_profile_name + ' certDb=' + self.ssl_file('ca-certificate.pem') + + output = json.loads(self.run_qdmanage(ssl_create_command, address=self.routers[1].addresses[0])) + name = output['name'] + self.assertEqual(name, ssl_profile_name) + + # Re-add connector + connector_create_command = 'CREATE --type=connector name=connectorToX host=127.0.0.1 port=' + \ + str(RouterTestVerifyHostNameNo.x_listener_port) + \ + ' saslMechanisms=PLAIN sslProfile=' + ssl_profile_name + \ + ' role=inter-router verifyHostName=no [email protected]' \ + ' saslPassword=password' + + json.loads(self.run_qdmanage(connector_create_command, address=self.routers[1].addresses[0])) + + sleep(1) + + local_node = Node.connect(self.routers[1].addresses[0], timeout=TIMEOUT) + results = local_node.query(type='org.apache.qpid.dispatch.connection').results + + self.common_asserts(results) + + if __name__ == '__main__': unittest.main(main_module()) http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/9ec4c43b/tests/system_tests_two_routers.py ---------------------------------------------------------------------- diff --git a/tests/system_tests_two_routers.py b/tests/system_tests_two_routers.py index 4e81500..fdc5534 100644 --- a/tests/system_tests_two_routers.py +++ b/tests/system_tests_two_routers.py @@ -17,9 +17,10 @@ # under the License. # -import unittest, os +import unittest, os, json +from subprocess import PIPE, STDOUT from proton import Message, PENDING, ACCEPTED, REJECTED, RELEASED, SSLDomain, SSLUnavailable, Timeout -from system_test import TestCase, Qdrouterd, main_module, DIR +from system_test import TestCase, Qdrouterd, main_module, DIR, TIMEOUT, Process from proton.handlers import MessagingHandler from proton.reactor import Container, AtMostOnce, AtLeastOnce @@ -32,6 +33,8 @@ except ImportError: class RouterTest(TestCase): + inter_router_port = None + @staticmethod def ssl_config(client_server, connection): return [] # Over-ridden by RouterTestSsl @@ -72,10 +75,8 @@ class RouterTest(TestCase): router('A', 'server', ('listener', {'role': 'inter-router', 'port': inter_router_port})) router('B', 'client', - ('connector', - {'role': 'inter-router', - 'port': inter_router_port, - 'verifyHostName': 'no'})) + ('connector', {'name': 'connectorToA', 'role': 'inter-router', 'port': inter_router_port, + 'verifyHostName': 'no'})) cls.routers[0].wait_router_connected('QDR.B') cls.routers[1].wait_router_connected('QDR.A') @@ -1099,28 +1100,58 @@ class AttachOnInterRouterTest(MessagingHandler): def run(self): Container(self).run() - - try: SSLDomain(SSLDomain.MODE_CLIENT) class RouterTestSsl(RouterTest): @staticmethod + def ssl_file(name): + return os.path.join(DIR, 'ssl_certs', name) + + def run_qdmanage(self, cmd, input=None, expect=Process.EXIT_OK, address=None): + p = self.popen( + ['qdmanage'] + cmd.split(' ') + ['--bus', address or self.address(), '--indent=-1', '--timeout', + str(TIMEOUT)], stdin=PIPE, stdout=PIPE, stderr=STDOUT, expect=expect) + out = p.communicate(input)[0] + try: + p.teardown() + except Exception, e: + raise Exception("%s\n%s" % (e, out)) + return out + + @staticmethod def ssl_config(client_server, connection): connection[1]['sslProfile'] = 'test-ssl' - def ssl_file(name): - return os.path.join(DIR, 'ssl_certs', name) return [ ('sslProfile', { 'name': 'test-ssl', - 'certDb': ssl_file('ca-certificate.pem'), - 'certFile': ssl_file(client_server+'-certificate.pem'), - 'keyFile': ssl_file(client_server+'-private-key.pem'), + 'certDb': RouterTestSsl.ssl_file('ca-certificate.pem'), + 'certFile': RouterTestSsl.ssl_file(client_server+'-certificate.pem'), + 'keyFile': RouterTestSsl.ssl_file(client_server+'-private-key.pem'), 'password': client_server+'-password'})] + def test_zzz_delete_ssl_profile(self): + """ + Delete an ssl profile before deleting the connector and make sure it fails. + """ + delete_command = 'DELETE --type=sslProfile --name=test-ssl' + cannot_delete = False + try: + json.loads(self.run_qdmanage(delete_command, address=self.routers[1].addresses[0])) + except Exception as e: + cannot_delete = True + self.assertTrue('ForbiddenStatus: SSL Profile is referenced by other listeners/connectors' in e.message) + + self.assertTrue(cannot_delete) + + # Deleting the listener first and then the SSL profile must work. + delete_command = 'DELETE --type=connector --name=connectorToA' + self.run_qdmanage(delete_command, address=self.routers[1].addresses[0]) + delete_command = 'DELETE --type=sslProfile --name=test-ssl' + self.run_qdmanage(delete_command, address=self.routers[1].addresses[0]) except SSLUnavailable: class RouterTestSsl(TestCase): --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
