http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/0904d669/systests/src/test/java/org/apache/qpid/client/ssl/SSLTest.java ---------------------------------------------------------------------- diff --git a/systests/src/test/java/org/apache/qpid/client/ssl/SSLTest.java b/systests/src/test/java/org/apache/qpid/client/ssl/SSLTest.java deleted file mode 100644 index edd96b9..0000000 --- a/systests/src/test/java/org/apache/qpid/client/ssl/SSLTest.java +++ /dev/null @@ -1,769 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.qpid.client.ssl; - -import static org.apache.qpid.test.utils.TestSSLConstants.KEYSTORE; -import static org.apache.qpid.test.utils.TestSSLConstants.KEYSTORE_PASSWORD; -import static org.apache.qpid.test.utils.TestSSLConstants.TRUSTSTORE; -import static org.apache.qpid.test.utils.TestSSLConstants.TRUSTSTORE_PASSWORD; - -import java.io.ByteArrayOutputStream; -import java.io.File; -import java.io.FileInputStream; -import java.io.FileOutputStream; -import java.io.InputStream; -import java.io.PrintStream; -import java.io.UnsupportedEncodingException; -import java.net.URLEncoder; -import java.nio.charset.StandardCharsets; -import java.security.Key; -import java.security.cert.Certificate; -import java.util.Arrays; -import java.util.Collections; -import java.util.HashMap; -import java.util.Map; - -import javax.jms.Connection; -import javax.jms.JMSException; -import javax.jms.Session; -import javax.xml.bind.DatatypeConverter; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import org.apache.qpid.client.AMQTestConnection_0_10; -import org.apache.qpid.jms.ConnectionURL; -import org.apache.qpid.server.model.DefaultVirtualHostAlias; -import org.apache.qpid.server.model.Port; -import org.apache.qpid.server.model.Transport; -import org.apache.qpid.server.model.VirtualHostAlias; -import org.apache.qpid.server.model.VirtualHostNameAlias; -import org.apache.qpid.test.utils.QpidBrokerTestCase; -import org.apache.qpid.test.utils.TestBrokerConfiguration; -import org.apache.qpid.test.utils.TestFileUtils; -import org.apache.qpid.test.utils.TestSSLConstants; - -public class SSLTest extends QpidBrokerTestCase -{ - private static final Logger LOGGER = LoggerFactory.getLogger(SSLTest.class); - - @Override - protected void setUp() throws Exception - { - setSystemProperty("javax.net.debug", "ssl"); - - setSslStoreSystemProperties(); - - super.setUp(); - } - - @Override - public void startDefaultBroker() throws Exception - { - // noop; we do not need to start broker in setUp - } - - private void startBroker() throws Exception - { - super.startDefaultBroker(); - System.setProperty("test.port.ssl", ""+getDefaultBroker().getAmqpTlsPort()); - - } - - public void testCreateSSLConnectionUsingConnectionURLParams() throws Exception - { - if (shouldPerformTest()) - { - clearSslStoreSystemProperties(); - - //Start the broker (NEEDing client certificate authentication) - configureJavaBrokerIfNecessary(true, true, true, false, false); - startBroker(); - - final Connection con; - if (isBroker10()) - { - final Map<String, String> options = new HashMap<>(); - options.put("transport.keyStoreLocation", KEYSTORE); - options.put("transport.keyStorePassword", KEYSTORE_PASSWORD); - options.put("transport.trustStoreLocation", TRUSTSTORE); - options.put("transport.trustStorePassword", TRUSTSTORE_PASSWORD); - - con = getConnectionBuilder().setTls(true).setOptions(options).build(); - } - else - { - String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:%s" + - "?ssl='true'" + - "&key_store='%s'&key_store_password='%s'" + - "&trust_store='%s'&trust_store_password='%s'" + - "'"; - - url = String.format(url, getDefaultBroker().getAmqpTlsPort(), - KEYSTORE, KEYSTORE_PASSWORD, TRUSTSTORE, TRUSTSTORE_PASSWORD); - - con = getConnection(url); - } - assertNotNull("connection should be successful", con); - Session ssn = con.createSession(false,Session.AUTO_ACKNOWLEDGE); - assertNotNull("create session should be successful", ssn); - } - } - - public void testCreateSSLConnectionWithCertificateTrust() throws Exception - { - if (shouldPerformTest()) - { - clearSslStoreSystemProperties(); - - //Start the broker (NEEDing client certificate authentication) - configureJavaBrokerIfNecessary(true, true, false, false, false); - startBroker(); - - Connection con; - File trustCertFile = extractCertFileFromTestTrustStore(); - - if (isBroker10()) - { - fail("Qpid JMS Client does not support trusting of a certificate"); - } - - String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:%s" + - "?ssl='true'" + - "&trusted_certs_path='%s'" + - "'"; - - url = String.format(url, getDefaultBroker().getAmqpTlsPort(), encode(trustCertFile.getCanonicalPath())); - - con = getConnection(url); - assertNotNull("connection should be successful", con); - Session ssn = con.createSession(false,Session.AUTO_ACKNOWLEDGE); - assertNotNull("create session should be successful", ssn); - } - } - - public void testSSLConnectionToPlainPortRejected() throws Exception - { - if (shouldPerformTest()) - { - startBroker(); - - - try - { - if (isBroker10()) - { - System.setProperty("test.port.ssl", ""+getDefaultBroker().getAmqpPort()); - getConnection(); - } - else - { - - String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:%s" + - "?ssl='true''"; - - url = String.format(url, getDefaultBroker().getAmqpPort()); - getConnection(url); - } - fail("Exception not thrown"); - } - catch (JMSException e) - { - // PASS - if (!isBroker10()) - { - assertTrue("Unexpected exception message : " + e.getMessage(), - e.getMessage().contains("Unrecognized SSL message, plaintext connection?")); - } - } - } - } - - public void testHostVerificationIsOnByDefault() throws Exception - { - if (shouldPerformTest()) - { - clearSslStoreSystemProperties(); - - //Start the broker (NEEDing client certificate authentication) - configureJavaBrokerIfNecessary(true, true, true, false, false); - startBroker(); - - if (isBroker10()) - { - fail("Can't configured the host name"); - } - - String url = "amqp://guest:guest@test/?brokerlist='tcp://127.0.0.1:%s" + - "?ssl='true'" + - "&key_store='%s'&key_store_password='%s'" + - "&trust_store='%s'&trust_store_password='%s'" + - "'"; - - url = String.format(url, getDefaultBroker().getAmqpTlsPort(), - KEYSTORE,KEYSTORE_PASSWORD,TRUSTSTORE,TRUSTSTORE_PASSWORD); - try - { - getConnection(url); - fail("Exception not thrown"); - } - catch(JMSException e) - { - assertTrue("Unexpected exception message", e.getMessage().contains("SSL hostname verification failed")); - } - - url = "amqp://guest:guest@test/?brokerlist='tcp://127.0.0.1:%s" + - "?ssl='true'&ssl_verify_hostname='false'" + - "&key_store='%s'&key_store_password='%s'" + - "&trust_store='%s'&trust_store_password='%s'" + - "'"; - url = String.format(url, getDefaultBroker().getAmqpTlsPort(), - KEYSTORE,KEYSTORE_PASSWORD,TRUSTSTORE,TRUSTSTORE_PASSWORD); - - Connection con = getConnection(url); - assertNotNull("connection should be successful", con); - Session ssn = con.createSession(false,Session.AUTO_ACKNOWLEDGE); - assertNotNull("create session should be successful", ssn); - } - } - - /** - * Create an SSL connection using the SSL system properties for the trust and key store, but using - * the {@link ConnectionURL} ssl='true' option to indicate use of SSL at a Connection level, - * without specifying anything at the {@link ConnectionURL#OPTIONS_BROKERLIST} level. - */ - public void testSslConnectionOption() throws Exception - { - if (shouldPerformTest()) - { - //Start the broker (NEEDing client certificate authentication) - configureJavaBrokerIfNecessary(true, true, true, false, false); - startBroker(); - - //Create URL enabling SSL at the connection rather than brokerlist level - String url = "amqp://guest:guest@test/?ssl='true'&brokerlist='tcp://localhost:%s'"; - url = String.format(url, getDefaultBroker().getAmqpTlsPort()); - - Connection con = getConnection(url); - assertNotNull("connection should be successful", con); - Session ssn = con.createSession(false,Session.AUTO_ACKNOWLEDGE); - assertNotNull("create session should be successful", ssn); - } - } - - /** - * Create an SSL connection using the SSL system properties for the trust and key store, but using - * the {@link ConnectionURL} ssl='true' option to indicate use of SSL at a Connection level, - * overriding the false setting at the {@link ConnectionURL#OPTIONS_BROKERLIST} level. - */ - public void testSslConnectionOptionOverridesBrokerlistOption() throws Exception - { - if (shouldPerformTest()) - { - //Start the broker (NEEDing client certificate authentication) - configureJavaBrokerIfNecessary(true, true, true, false, false); - startBroker(); - - //Create URL enabling SSL at the connection, overriding the false at the brokerlist level - String url = "amqp://guest:guest@test/?ssl='true'&brokerlist='tcp://localhost:%s?ssl='false''"; - url = String.format(url, getDefaultBroker().getAmqpTlsPort()); - - Connection con = getConnection(url); - assertNotNull("connection should be successful", con); - Session ssn = con.createSession(false,Session.AUTO_ACKNOWLEDGE); - assertNotNull("create session should be successful", ssn); - } - } - - public void testCreateSSLConnectionUsingSystemProperties() throws Exception - { - if (shouldPerformTest()) - { - //Start the broker (NEEDing client certificate authentication) - configureJavaBrokerIfNecessary(true, true, true, false, false); - startBroker(); - - Connection con; - if (isBroker10()) - { - con = getConnection(); - } - else - { - - String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:%s?ssl='true''"; - - url = String.format(url, getDefaultBroker().getAmqpTlsPort()); - - con = getConnection(url); - } - assertNotNull("connection should be successful", con); - Session ssn = con.createSession(false,Session.AUTO_ACKNOWLEDGE); - assertNotNull("create session should be successful", ssn); - } - } - - public void testMultipleCertsInSingleStore() throws Exception - { - if (shouldPerformTest()) - { - //Start the broker (NEEDing client certificate authentication) - configureJavaBrokerIfNecessary(true, true, true, false, false); - startBroker(); - - String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:" + - getDefaultBroker().getAmqpTlsPort() + - "?ssl='true'&ssl_cert_alias='" + TestSSLConstants.CERT_ALIAS_APP1 + "''"; - - AMQTestConnection_0_10 con = new AMQTestConnection_0_10(url); - org.apache.qpid.transport.Connection transportCon = con.getConnection(); - String userID = transportCon.getSecurityLayer().getUserID(); - assertEquals("The correct certificate was not chosen","[email protected]",userID); - con.close(); - - url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:" + - getDefaultBroker().getAmqpTlsPort() + - "?ssl='true'&ssl_cert_alias='" + TestSSLConstants.CERT_ALIAS_APP2 + "''"; - - con = new AMQTestConnection_0_10(url); - transportCon = con.getConnection(); - userID = transportCon.getSecurityLayer().getUserID(); - assertEquals("The correct certificate was not chosen","[email protected]",userID); - con.close(); - } - } - - public void testVerifyHostNameWithIncorrectHostname() throws Exception - { - if (shouldPerformTest()) - { - //Start the broker (WANTing client certificate authentication) - configureJavaBrokerIfNecessary(true, true, false, true, false); - startBroker(); - - String url = "amqp://guest:guest@test/?brokerlist='tcp://127.0.0.1:" + - getDefaultBroker().getAmqpTlsPort() + "?ssl='true''"; - - try - { - getConnection(url); - fail("Hostname verification failed. No exception was thrown"); - } - catch (Exception e) - { - verifyExceptionCausesContains(e, "SSL hostname verification failed"); - } - } - } - - private void verifyExceptionCausesContains(Exception e, String expectedString) - { - LOGGER.debug("verifying that the following exception contains " + expectedString, e); - ByteArrayOutputStream bout = new ByteArrayOutputStream(); - e.printStackTrace(new PrintStream(bout)); - String strace = bout.toString(); - assertTrue("Correct exception not thrown, expecting : " + expectedString + " got : " +e, - strace.contains(expectedString)); - } - - public void testVerifyLocalHost() throws Exception - { - if (shouldPerformTest()) - { - //Start the broker (WANTing client certificate authentication) - configureJavaBrokerIfNecessary(true, true, false, true, false); - startBroker(); - - String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:" + - getDefaultBroker().getAmqpTlsPort() + "?ssl='true''"; - - Connection con = getConnection(url); - assertNotNull("connection should have been created", con); - } - } - - public void testVerifyLocalHostLocalDomain() throws Exception - { - if (shouldPerformTest()) - { - //Start the broker (WANTing client certificate authentication) - configureJavaBrokerIfNecessary(true, true, false, true, false); - startBroker(); - - String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost.localdomain:" + - getDefaultBroker().getAmqpTlsPort() + "?ssl='true''"; - - Connection con = getConnection(url); - assertNotNull("connection should have been created", con); - } - } - - public void testCreateSSLConnectionUsingConnectionURLParamsTrustStoreOnly() throws Exception - { - if (shouldPerformTest()) - { - clearSslStoreSystemProperties(); - - //Start the broker (WANTing client certificate authentication) - configureJavaBrokerIfNecessary(true, true, false, true, false); - startBroker(); - - Connection con; - if (isBroker10()) - { - final Map<String, String> options = new HashMap<>(); - options.put("transport.trustStoreLocation", TRUSTSTORE); - options.put("transport.trustStorePassword", TRUSTSTORE_PASSWORD); - con = getConnectionBuilder().setTls(true).setOptions(options).build(); - } - else - { - - String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:%s" + - "?ssl='true'" + - "&trust_store='%s'&trust_store_password='%s'" + - "'"; - - url = String.format(url, getDefaultBroker().getAmqpTlsPort(), TRUSTSTORE, TRUSTSTORE_PASSWORD); - - con = getConnection(url); - } - assertNotNull("connection should be successful", con); - Session ssn = con.createSession(false,Session.AUTO_ACKNOWLEDGE); - assertNotNull("create session should be successful", ssn); - } - } - - /** - * Verifies that when the broker is configured to NEED client certificates, - * a client which doesn't supply one fails to connect. - */ - public void testClientCertMissingWhilstNeeding() throws Exception - { - missingClientCertWhileNeedingOrWantingTestImpl(true, false, false); - } - - /** - * Verifies that when the broker is configured to WANT client certificates, - * a client which doesn't supply one succeeds in connecting. - */ - public void testClientCertMissingWhilstWanting() throws Exception - { - missingClientCertWhileNeedingOrWantingTestImpl(false, true, true); - } - - /** - * Verifies that when the broker is configured to WANT and NEED client certificates - * that a client which doesn't supply one fails to connect. - */ - public void testClientCertMissingWhilstWantingAndNeeding() throws Exception - { - missingClientCertWhileNeedingOrWantingTestImpl(true, true, false); - } - - private void missingClientCertWhileNeedingOrWantingTestImpl(boolean needClientCerts, - boolean wantClientCerts, boolean shouldSucceed) throws Exception - { - if (shouldPerformTest()) - { - clearSslStoreSystemProperties(); - - //Start the broker - configureJavaBrokerIfNecessary(true, true, needClientCerts, wantClientCerts, false); - startBroker(); - - try - { - Connection con = null; - if (isBroker10()) - { - final Map<String, String> options = new HashMap<>(); - options.put("transport.trustStoreLocation", TRUSTSTORE); - options.put("transport.trustStorePassword", TRUSTSTORE_PASSWORD); - - con = getConnectionBuilder().setTls(true).setOptions(options).build(); - - - } - else - { - String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:%s" + - "?ssl='true'&trust_store='%s'&trust_store_password='%s''"; - - url = String.format(url, getDefaultBroker().getAmqpTlsPort(), TRUSTSTORE, TRUSTSTORE_PASSWORD); - con = getConnection(url); - - } - - if(!shouldSucceed) - { - fail("Connection succeeded, expected exception was not thrown"); - } - else - { - //Use the connection to verify it works - con.createSession(true, Session.SESSION_TRANSACTED); - } - } - catch(JMSException e) - { - if(shouldSucceed) - { - LOGGER.error("Caught unexpected exception",e); - fail("Connection failed, unexpected exception thrown"); - } - else - { - //expected - verifyExceptionCausesContains(e, "Caused by: javax.net.ssl.SSLException:"); - } - } - } - } - - /** - * Test running TLS and unencrypted on the same port works and both TLS and non-TLS connections can be established - * - */ - public void testCreateSSLandTCPonSamePort() throws Exception - { - if (shouldPerformTest()) - { - clearSslStoreSystemProperties(); - - //Start the broker (NEEDing client certificate authentication) - configureJavaBrokerIfNecessary(true, false, false, false, true); - startBroker(); - - Connection con; - if (isBroker10()) - { - final Map<String, String> options = new HashMap<>(); - options.put("transport.keyStoreLocation", KEYSTORE); - options.put("transport.keyStorePassword", KEYSTORE_PASSWORD); - options.put("transport.trustStoreLocation", TRUSTSTORE); - options.put("transport.trustStorePassword", TRUSTSTORE_PASSWORD); - - con = getConnectionBuilder().setTls(true).setOptions(options).build(); - } - else - { - String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:%s" + - "?ssl='true'" + - "&key_store='%s'&key_store_password='%s'" + - "&trust_store='%s'&trust_store_password='%s'" + - "'"; - - url = String.format(url, getDefaultBroker().getAmqpTlsPort(), - KEYSTORE,KEYSTORE_PASSWORD,TRUSTSTORE,TRUSTSTORE_PASSWORD); - - con = getConnection(url); - } - assertNotNull("connection should be successful", con); - Session ssn = con.createSession(false,Session.AUTO_ACKNOWLEDGE); - assertNotNull("create session should be successful", ssn); - - } - } - - public void testCreateSSLWithCertFileAndPrivateKey() throws Exception - { - if (shouldPerformTest()) - { - clearSslStoreSystemProperties(); - File[] certAndKeyFiles = extractResourcesFromTestKeyStore(); - //Start the broker (WANTing client certificate authentication) - configureJavaBrokerIfNecessary(true, true, true, false, false); - startBroker(); - - String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:%s" + - "?ssl='true'" + - "&trust_store='%s'&ssl_verify_hostname='false'&trust_store_password='%s'" + - "&client_cert_path='%s'&client_cert_priv_key_path='%s''"; - - url = String.format(url, - getDefaultBroker().getAmqpTlsPort(), - TRUSTSTORE, - TRUSTSTORE_PASSWORD, - encode(certAndKeyFiles[1].getCanonicalPath()), - encode(certAndKeyFiles[0].getCanonicalPath())); - - Connection con = getConnection(url); - assertNotNull("connection should be successful", con); - Session ssn = con.createSession(false,Session.AUTO_ACKNOWLEDGE); - assertNotNull("create session should be successful", ssn); - } - } - private boolean shouldPerformTest() - { - // We run the SSL tests on all profiles for the Apache Qpid Broker-J - if(isJavaBroker()) - { - setTestClientSystemProperty(PROFILE_USE_SSL, "true"); - } - - return Boolean.getBoolean(PROFILE_USE_SSL); - } - - private void configureJavaBrokerIfNecessary(boolean sslEnabled, - boolean sslOnly, - boolean needClientAuth, - boolean wantClientAuth, - boolean samePort) throws Exception - { - if(isJavaBroker()) - { - Map<String, Object> sslPortAttributes = new HashMap<String, Object>(); - sslPortAttributes.put(Port.TRANSPORTS, samePort ? Arrays.asList(Transport.SSL, Transport.TCP) - : Collections.singleton(Transport.SSL)); - sslPortAttributes.put(Port.PORT, DEFAULT_SSL_PORT); - sslPortAttributes.put(Port.AUTHENTICATION_PROVIDER, TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER); - sslPortAttributes.put(Port.NEED_CLIENT_AUTH, needClientAuth); - sslPortAttributes.put(Port.WANT_CLIENT_AUTH, wantClientAuth); - sslPortAttributes.put(Port.NAME, TestBrokerConfiguration.ENTRY_NAME_SSL_PORT); - sslPortAttributes.put(Port.KEY_STORE, TestBrokerConfiguration.ENTRY_NAME_SSL_KEYSTORE); - sslPortAttributes.put(Port.TRUST_STORES, Collections.singleton(TestBrokerConfiguration.ENTRY_NAME_SSL_TRUSTSTORE)); - sslPortAttributes.put(Port.PROTOCOLS, System.getProperty(TEST_AMQP_PORT_PROTOCOLS_PROPERTY)); - getDefaultBrokerConfiguration().addObjectConfiguration(Port.class, sslPortAttributes); - - Map<String, Object> aliasAttributes = new HashMap<>(); - aliasAttributes.put(VirtualHostAlias.NAME, "defaultAlias"); - aliasAttributes.put(VirtualHostAlias.TYPE, DefaultVirtualHostAlias.TYPE_NAME); - getDefaultBrokerConfiguration().addObjectConfiguration(Port.class, TestBrokerConfiguration.ENTRY_NAME_SSL_PORT, VirtualHostAlias.class, aliasAttributes); - - aliasAttributes = new HashMap<>(); - aliasAttributes.put(VirtualHostAlias.NAME, "nameAlias"); - aliasAttributes.put(VirtualHostAlias.TYPE, VirtualHostNameAlias.TYPE_NAME); - getDefaultBrokerConfiguration().addObjectConfiguration(Port.class, TestBrokerConfiguration.ENTRY_NAME_SSL_PORT, VirtualHostAlias.class, aliasAttributes); - - } - } - - private void setSslStoreSystemProperties() - { - setSystemProperty("javax.net.ssl.keyStore", KEYSTORE); - setSystemProperty("javax.net.ssl.keyStorePassword", KEYSTORE_PASSWORD); - setSystemProperty("javax.net.ssl.trustStore", TRUSTSTORE); - setSystemProperty("javax.net.ssl.trustStorePassword", TRUSTSTORE_PASSWORD); - } - - private void clearSslStoreSystemProperties() - { - setSystemProperty("javax.net.ssl.keyStore", null); - setSystemProperty("javax.net.ssl.keyStorePassword", null); - setSystemProperty("javax.net.ssl.trustStore", null); - setSystemProperty("javax.net.ssl.trustStorePassword", null); - } - - private File[] extractResourcesFromTestKeyStore() throws Exception - { - java.security.KeyStore ks = java.security.KeyStore.getInstance(java.security.KeyStore.getDefaultType()); - try(InputStream is = new FileInputStream(KEYSTORE)) - { - ks.load(is, KEYSTORE_PASSWORD.toCharArray() ); - } - - - File privateKeyFile = TestFileUtils.createTempFile(this, ".private-key.der"); - try(FileOutputStream kos = new FileOutputStream(privateKeyFile)) - { - Key pvt = ks.getKey(TestSSLConstants.CERT_ALIAS_APP1, KEYSTORE_PASSWORD.toCharArray()); - kos.write("-----BEGIN PRIVATE KEY-----\n".getBytes()); - String base64encoded = DatatypeConverter.printBase64Binary(pvt.getEncoded()); - while(base64encoded.length() > 76) - { - kos.write(base64encoded.substring(0,76).getBytes()); - kos.write("\n".getBytes()); - base64encoded = base64encoded.substring(76); - } - - kos.write(base64encoded.getBytes()); - kos.write("\n-----END PRIVATE KEY-----".getBytes()); - kos.flush(); - } - - File certificateFile = TestFileUtils.createTempFile(this, ".certificate.der"); - - try(FileOutputStream cos = new FileOutputStream(certificateFile)) - { - Certificate[] chain = ks.getCertificateChain(TestSSLConstants.CERT_ALIAS_APP1); - for(Certificate pub : chain) - { - cos.write("-----BEGIN CERTIFICATE-----\n".getBytes()); - String base64encoded = DatatypeConverter.printBase64Binary(pub.getEncoded()); - while (base64encoded.length() > 76) - { - cos.write(base64encoded.substring(0, 76).getBytes()); - cos.write("\n".getBytes()); - base64encoded = base64encoded.substring(76); - } - cos.write(base64encoded.getBytes()); - - cos.write("\n-----END CERTIFICATE-----\n".getBytes()); - } - cos.flush(); - } - - return new File[]{privateKeyFile,certificateFile}; - } - - private File extractCertFileFromTestTrustStore() throws Exception - { - java.security.KeyStore ks = java.security.KeyStore.getInstance(java.security.KeyStore.getDefaultType()); - try(InputStream is = new FileInputStream(TRUSTSTORE)) - { - ks.load(is, TRUSTSTORE_PASSWORD.toCharArray() ); - } - - - - File certificateFile = TestFileUtils.createTempFile(this, ".crt"); - - try(FileOutputStream cos = new FileOutputStream(certificateFile)) - { - - for(String alias : Collections.list(ks.aliases())) - { - Certificate pub = ks.getCertificate(alias); - cos.write("-----BEGIN CERTIFICATE-----\n".getBytes()); - String base64encoded = DatatypeConverter.printBase64Binary(pub.getEncoded()); - while (base64encoded.length() > 76) - { - cos.write(base64encoded.substring(0, 76).getBytes()); - cos.write("\n".getBytes()); - base64encoded = base64encoded.substring(76); - } - cos.write(base64encoded.getBytes()); - - cos.write("\n-----END CERTIFICATE-----\n".getBytes()); - } - cos.flush(); - } - - return certificateFile; - } - - private String encode(final String canonicalPath) throws UnsupportedEncodingException - { - return URLEncoder.encode(URLEncoder.encode(canonicalPath, StandardCharsets.UTF_8.name()).replace("+", "%20"), - StandardCharsets.UTF_8.name()); - } -}
http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/0904d669/systests/src/test/java/org/apache/qpid/server/queue/NodeAutoCreationPolicyTest.java ---------------------------------------------------------------------- diff --git a/systests/src/test/java/org/apache/qpid/server/queue/NodeAutoCreationPolicyTest.java b/systests/src/test/java/org/apache/qpid/server/queue/NodeAutoCreationPolicyTest.java index 336ea74..608f54d 100644 --- a/systests/src/test/java/org/apache/qpid/server/queue/NodeAutoCreationPolicyTest.java +++ b/systests/src/test/java/org/apache/qpid/server/queue/NodeAutoCreationPolicyTest.java @@ -360,7 +360,7 @@ public class NodeAutoCreationPolicyTest extends QpidBrokerTestCase "org.apache.qpid.Queue", attributes); Map<String, Object> queueAttributes = - managementReadObject(session, "org.apache.qpid.Queue", queueName, true); + managementReadObject(connection.createSession(false, Session.AUTO_ACKNOWLEDGE), "org.apache.qpid.Queue", queueName, true); Object actualAlternateBinding = queueAttributes.get(org.apache.qpid.server.model.Queue.ALTERNATE_BINDING); Map<String, Object> actualAlternateBindingMap = convertIfNecessary(actualAlternateBinding); @@ -369,7 +369,7 @@ public class NodeAutoCreationPolicyTest extends QpidBrokerTestCase new HashMap<>(actualAlternateBindingMap)); assertNotNull("Cannot get dead letter queue", - managementReadObject(session, "org.apache.qpid.Queue", deadLetterQueueName, true)); + managementReadObject(connection.createSession(false, Session.AUTO_ACKNOWLEDGE), "org.apache.qpid.Queue", deadLetterQueueName, true)); } public void testExchangeAlternateBindingCreation() throws Exception @@ -391,7 +391,7 @@ public class NodeAutoCreationPolicyTest extends QpidBrokerTestCase "org.apache.qpid.DirectExchange", attributes); Map<String, Object> exchangeAttributes = - managementReadObject(session, "org.apache.qpid.Exchange", exchangeName, true); + managementReadObject(connection.createSession(false, Session.AUTO_ACKNOWLEDGE), "org.apache.qpid.Exchange", exchangeName, true); Object actualAlternateBinding = exchangeAttributes.get(Exchange.ALTERNATE_BINDING); Map<String, Object> actualAlternateBindingMap = convertIfNecessary(actualAlternateBinding); @@ -400,7 +400,7 @@ public class NodeAutoCreationPolicyTest extends QpidBrokerTestCase new HashMap<>(actualAlternateBindingMap)); assertNotNull("Cannot get dead letter exchange", - managementReadObject(session, "org.apache.qpid.FanoutExchange", deadLetterExchangeName, true)); + managementReadObject(connection.createSession(false, Session.AUTO_ACKNOWLEDGE), "org.apache.qpid.FanoutExchange", deadLetterExchangeName, true)); } public void testLegacyQueueDeclareArgumentAlternateBindingCreation() throws Exception @@ -415,14 +415,14 @@ public class NodeAutoCreationPolicyTest extends QpidBrokerTestCase Map<String, Object> queueAttributes = - managementReadObject(session, "org.apache.qpid.Queue", testQueueName, true); + managementReadObject(connection.createSession(false, Session.AUTO_ACKNOWLEDGE), "org.apache.qpid.Queue", testQueueName, true); Object actualAlternateBinding = queueAttributes.get(Exchange.ALTERNATE_BINDING); assertTrue("Unexpected alternate binding", actualAlternateBinding instanceof Map); Object deadLetterQueueName = ((Map<String, Object>) actualAlternateBinding).get(AlternateBinding.DESTINATION); assertNotNull("Cannot get dead letter queue", - managementReadObject(session, "org.apache.qpid.Queue", String.valueOf(deadLetterQueueName), true)); + managementReadObject(connection.createSession(false, Session.AUTO_ACKNOWLEDGE), "org.apache.qpid.Queue", String.valueOf(deadLetterQueueName), true)); } private Map<String, Object> convertIfNecessary(final Object actualAlternateBinding) throws IOException http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/0904d669/systests/src/test/java/org/apache/qpid/server/queue/QueueMessageDurabilityTest.java ---------------------------------------------------------------------- diff --git a/systests/src/test/java/org/apache/qpid/server/queue/QueueMessageDurabilityTest.java b/systests/src/test/java/org/apache/qpid/server/queue/QueueMessageDurabilityTest.java index 8ed84eb..7237561 100644 --- a/systests/src/test/java/org/apache/qpid/server/queue/QueueMessageDurabilityTest.java +++ b/systests/src/test/java/org/apache/qpid/server/queue/QueueMessageDurabilityTest.java @@ -77,10 +77,10 @@ public class QueueMessageDurabilityTest extends QpidBrokerTestCase arguments.put(org.apache.qpid.server.model.Queue.DURABLE, false); _nonDurableAlwaysPersist = createQueueWithArguments(session, NONDURABLE_ALWAYS_PERSIST_NAME, arguments); - bindQueue(session, "amq.topic", DURABLE_ALWAYS_PERSIST_NAME, "Y.*.*.*"); - bindQueue(session, "amq.topic", DURABLE_NEVER_PERSIST_NAME, "*.Y.*.*"); - bindQueue(session, "amq.topic", DURABLE_DEFAULT_PERSIST_NAME, "*.*.Y.*"); - bindQueue(session, "amq.topic", NONDURABLE_ALWAYS_PERSIST_NAME, "*.*.*.Y"); + bindQueue(conn.createSession(false, Session.AUTO_ACKNOWLEDGE), "amq.topic", DURABLE_ALWAYS_PERSIST_NAME, "Y.*.*.*"); + bindQueue(conn.createSession(false, Session.AUTO_ACKNOWLEDGE), "amq.topic", DURABLE_NEVER_PERSIST_NAME, "*.Y.*.*"); + bindQueue(conn.createSession(false, Session.AUTO_ACKNOWLEDGE), "amq.topic", DURABLE_DEFAULT_PERSIST_NAME, "*.*.Y.*"); + bindQueue(conn.createSession(false, Session.AUTO_ACKNOWLEDGE), "amq.topic", NONDURABLE_ALWAYS_PERSIST_NAME, "*.*.*.Y"); _topicNameFormat = isBroker10() ? "amq.topic/%s" : "%s"; http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/0904d669/systests/src/test/java/org/apache/qpid/server/routing/ExchangeRoutingTest.java ---------------------------------------------------------------------- diff --git a/systests/src/test/java/org/apache/qpid/server/routing/ExchangeRoutingTest.java b/systests/src/test/java/org/apache/qpid/server/routing/ExchangeRoutingTest.java index 7370328..55e1640 100644 --- a/systests/src/test/java/org/apache/qpid/server/routing/ExchangeRoutingTest.java +++ b/systests/src/test/java/org/apache/qpid/server/routing/ExchangeRoutingTest.java @@ -89,7 +89,7 @@ public class ExchangeRoutingTest extends QpidBrokerTestCase performOperationUsingAmqpManagement(_exchName1, "bind", - _session, + _connection.createSession(false, Session.AUTO_ACKNOWLEDGE), "org.apache.qpid.Exchange", bindingArguments); @@ -110,7 +110,7 @@ public class ExchangeRoutingTest extends QpidBrokerTestCase performOperationUsingAmqpManagement(_exchName1, "bind", - _session, + _connection.createSession(false, Session.AUTO_ACKNOWLEDGE), "org.apache.qpid.Exchange", binding1Arguments); @@ -120,7 +120,7 @@ public class ExchangeRoutingTest extends QpidBrokerTestCase performOperationUsingAmqpManagement(_exchName2, "bind", - _session, + _connection.createSession(false, Session.AUTO_ACKNOWLEDGE), "org.apache.qpid.Exchange", binding2Arguments); @@ -144,7 +144,7 @@ public class ExchangeRoutingTest extends QpidBrokerTestCase performOperationUsingAmqpManagement(_exchName1, "bind", - _session, + _connection.createSession(false, Session.AUTO_ACKNOWLEDGE), "org.apache.qpid.Exchange", binding1Arguments); @@ -155,7 +155,7 @@ public class ExchangeRoutingTest extends QpidBrokerTestCase performOperationUsingAmqpManagement(_exchName2, "bind", - _session, + _connection.createSession(false, Session.AUTO_ACKNOWLEDGE), "org.apache.qpid.Exchange", binding2Arguments); http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/0904d669/systests/src/test/java/org/apache/qpid/server/security/acl/AbstractACLTestCase.java ---------------------------------------------------------------------- diff --git a/systests/src/test/java/org/apache/qpid/server/security/acl/AbstractACLTestCase.java b/systests/src/test/java/org/apache/qpid/server/security/acl/AbstractACLTestCase.java index ca66488..3491215 100644 --- a/systests/src/test/java/org/apache/qpid/server/security/acl/AbstractACLTestCase.java +++ b/systests/src/test/java/org/apache/qpid/server/security/acl/AbstractACLTestCase.java @@ -141,7 +141,7 @@ public abstract class AbstractACLTestCase extends QpidBrokerTestCase performOperationUsingAmqpManagement(exchangeName, "bind", - getAdminSession(), + _adminConnection.createSession(false, Session.AUTO_ACKNOWLEDGE), "org.apache.qpid.Exchange", bindingArguments); } http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/0904d669/systests/src/test/java/org/apache/qpid/systest/MessageRoutingTest.java ---------------------------------------------------------------------- diff --git a/systests/src/test/java/org/apache/qpid/systest/MessageRoutingTest.java b/systests/src/test/java/org/apache/qpid/systest/MessageRoutingTest.java index d8de19b..f2f6b4a 100644 --- a/systests/src/test/java/org/apache/qpid/systest/MessageRoutingTest.java +++ b/systests/src/test/java/org/apache/qpid/systest/MessageRoutingTest.java @@ -58,7 +58,7 @@ public class MessageRoutingTest extends QpidBrokerTestCase final Map<String, Object> arguments = new HashMap<>(); arguments.put("destination", QUEUE_NAME); arguments.put("bindingKey", ROUTING_KEY); - performOperationUsingAmqpManagement(EXCHANGE_NAME, "bind", _session, "org.apache.qpid.Exchange", + performOperationUsingAmqpManagement(EXCHANGE_NAME, "bind", _connection.createSession(false, Session.AUTO_ACKNOWLEDGE), "org.apache.qpid.Exchange", arguments); } http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/0904d669/test-profiles/CPPExcludes ---------------------------------------------------------------------- diff --git a/test-profiles/CPPExcludes b/test-profiles/CPPExcludes index c1a59a9..8d0f750 100755 --- a/test-profiles/CPPExcludes +++ b/test-profiles/CPPExcludes @@ -132,11 +132,6 @@ org.apache.qpid.systest.rest.acl.* // Exclude failover tests requiring virtual host functionality org.apache.qpid.client.failover.MultipleBrokersFailoverTest#* -// Uses Qpid Broker-J specific configuration -org.apache.qpid.client.ssl.SSLTest#testClientCertMissingWhilstWanting -org.apache.qpid.client.ssl.SSLTest#testCreateSSLandTCPonSamePort - - // QPID-2796 : JMS client for AMQP 0-10 only sends heartbeats in response to heartbeats from the server, not timeout based org.apache.qpid.client.HeartbeatTest#testUnidirectionalHeartbeating org.apache.qpid.client.HeartbeatTest#testHeartbeatsEnabledBrokerSide http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/0904d669/test-profiles/Excludes ---------------------------------------------------------------------- diff --git a/test-profiles/Excludes b/test-profiles/Excludes index 7a60890..4a2bdfc 100644 --- a/test-profiles/Excludes +++ b/test-profiles/Excludes @@ -16,5 +16,3 @@ // specific language governing permissions and limitations // under the License. // - -org.apache.qpid.client.ssl.SSLTest#testVerifyLocalHostLocalDomain http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/0904d669/test-profiles/Java10Excludes ---------------------------------------------------------------------- diff --git a/test-profiles/Java10Excludes b/test-profiles/Java10Excludes index c7711a3..eb7f81f 100644 --- a/test-profiles/Java10Excludes +++ b/test-profiles/Java10Excludes @@ -107,22 +107,6 @@ org.apache.qpid.test.client.message.JMSDestinationTest#testQueueWithBindingUrlUs org.apache.qpid.server.logging.ConsumerLoggingTest#testSubscriptionCreateDurable org.apache.qpid.server.logging.ConsumerLoggingTest#testSubscriptionCreateDurableWithArguments -// Qpid JMS Client does not accept key material in forms apart from JKS and PKCS -org.apache.qpid.client.ssl.SSLTest#testCreateSSLConnectionWithCertificateTrust -org.apache.qpid.client.ssl.SSLTest#testCreateSSLWithCertFileAndPrivateKey -// Test requires modification of javax.net.ssl system properties but Qpid JMS Client reads them only once -org.apache.qpid.client.ssl.SSLTest#testCreateSSLConnectionUsingSystemProperties -org.apache.qpid.client.ssl.SSLTest#testSslConnectionOption -org.apache.qpid.client.ssl.SSLTest#testVerifyLocalHost -org.apache.qpid.server.security.auth.manager.MultipleAuthenticationManagersTest#testMultipleAuthenticationManagers -// Test framework does not allow us to override hostname -org.apache.qpid.client.ssl.SSLTest#testHostVerificationIsOnByDefault -org.apache.qpid.client.ssl.SSLTest#testVerifyHostNameWithIncorrectHostname -// 0-x client specific feature -org.apache.qpid.client.ssl.SSLTest#testSslConnectionOptionOverridesBrokerlistOption -/ Test is 0-10 specific -org.apache.qpid.client.ssl.SSLTest#testMultipleCertsInSingleStore - // Tests assume BURL and/or Connection URL formats org.apache.qpid.server.store.berkeleydb.replication.MultiNodeTest#* org.apache.qpid.server.store.berkeleydb.replication.TwoNodeTest#* http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/0904d669/test-profiles/JavaPre010Excludes ---------------------------------------------------------------------- diff --git a/test-profiles/JavaPre010Excludes b/test-profiles/JavaPre010Excludes index 7c78ca5..42f007d 100644 --- a/test-profiles/JavaPre010Excludes +++ b/test-profiles/JavaPre010Excludes @@ -44,9 +44,6 @@ org.apache.qpid.client.failover.AddressBasedFailoverBehaviourTest#* org.apache.qpid.client.SynchReceiveTest#testReceiveNoWait org.apache.qpid.server.logging.ChannelLoggingTest#testChannelClosedOnExclusiveQueueDeclaredOnDifferentSession -// Makes explicit use of 0-10 connection object -org.apache.qpid.client.ssl.SSLTest#testMultipleCertsInSingleStore - // Tests 0.10 client feature org.apache.qpid.test.unit.client.connection.ConnectionTest#testUnsupportedSASLMechanism http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/0904d669/test-profiles/cpp.ssl.excludes ---------------------------------------------------------------------- diff --git a/test-profiles/cpp.ssl.excludes b/test-profiles/cpp.ssl.excludes index c2e8cfe..bfb2d30 100644 --- a/test-profiles/cpp.ssl.excludes +++ b/test-profiles/cpp.ssl.excludes @@ -17,7 +17,4 @@ // under the License. // -//This test does not supply a client keystore, therefore it cant login to the C++ broker -//in this test profile as it demands client certificate authentication -org.apache.qpid.client.ssl.SSLTest#testCreateSSLConnectionUsingConnectionURLParamsTrustStoreOnly --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
