Repository: qpid-broker-j Updated Branches: refs/heads/master 7dbb88471 -> 8c88850ee
QPID-8083: [System Tests] [REST/HTTP] Factor out AnonymousAccessRestTest, PreemtiveAuthRestTest, BrokerRestHttpAndHttpsTest Project: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/repo Commit: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/commit/8c88850e Tree: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/tree/8c88850e Diff: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/diff/8c88850e Branch: refs/heads/master Commit: 8c88850ee77e49292d6dbd00dfa105ca348c7e60 Parents: 7dbb884 Author: Keith Wall <[email protected]> Authored: Sat Feb 24 16:32:56 2018 +0000 Committer: Keith Wall <[email protected]> Committed: Sun Feb 25 07:02:58 2018 +0000 ---------------------------------------------------------------------- .../apache/qpid/tests/http/HttpTestHelper.java | 14 +- .../PreemptiveAuthenticationTest.java | 328 +++++++++++++++++++ .../TlsClientAuthenticationTest.java | 210 ------------ .../tests/http/transport/UnifiedPortTest.java | 113 +++++++ .../systest/rest/AnonymousAccessRestTest.java | 116 ------- .../rest/BrokerRestHttpAndHttpsTest.java | 168 ---------- .../qpid/systest/rest/BrokerRestHttpsTest.java | 78 ----- .../systest/rest/PreemtiveAuthRestTest.java | 207 ------------ 8 files changed, 453 insertions(+), 781 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/8c88850e/systests/qpid-systests-http-management/src/main/java/org/apache/qpid/tests/http/HttpTestHelper.java ---------------------------------------------------------------------- diff --git a/systests/qpid-systests-http-management/src/main/java/org/apache/qpid/tests/http/HttpTestHelper.java b/systests/qpid-systests-http-management/src/main/java/org/apache/qpid/tests/http/HttpTestHelper.java index a2bb3b8..00eb60d 100644 --- a/systests/qpid-systests-http-management/src/main/java/org/apache/qpid/tests/http/HttpTestHelper.java +++ b/systests/qpid-systests-http-management/src/main/java/org/apache/qpid/tests/http/HttpTestHelper.java @@ -75,8 +75,8 @@ public class HttpTestHelper private static final String API_BASE = "/api/latest/"; private final BrokerAdmin _admin; private final int _httpPort; - private final String _username; - private final String _password; + private String _username; + private String _password; private final String _requestHostName; private final int _connectTimeout = Integer.getInteger("qpid.resttest_connection_timeout", 30000); @@ -456,6 +456,16 @@ public class HttpTestHelper } } + public void setPassword(final String password) + { + _password = password; + } + + public void setUserName(final String username) + { + _username = username; + } + private static class TrustAllTrustManager implements X509TrustManager { public X509Certificate[] getAcceptedIssuers() http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/8c88850e/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/authentication/PreemptiveAuthenticationTest.java ---------------------------------------------------------------------- diff --git a/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/authentication/PreemptiveAuthenticationTest.java b/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/authentication/PreemptiveAuthenticationTest.java new file mode 100644 index 0000000..40c655c --- /dev/null +++ b/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/authentication/PreemptiveAuthenticationTest.java @@ -0,0 +1,328 @@ +/* + * + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.qpid.tests.http.authentication; + +import static javax.servlet.http.HttpServletResponse.SC_CREATED; +import static javax.servlet.http.HttpServletResponse.SC_OK; +import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED; +import static org.apache.qpid.server.transport.network.security.ssl.SSLUtil.generateSelfSignedCertificate; +import static org.hamcrest.Matchers.equalTo; +import static org.hamcrest.Matchers.greaterThan; +import static org.hamcrest.Matchers.hasKey; +import static org.hamcrest.Matchers.is; +import static org.hamcrest.Matchers.not; +import static org.hamcrest.Matchers.startsWith; +import static org.junit.Assert.assertThat; +import static org.junit.Assert.fail; + +import java.io.ByteArrayOutputStream; +import java.net.HttpURLConnection; +import java.net.SocketException; +import java.security.KeyStore; +import java.security.cert.Certificate; +import java.time.Duration; +import java.time.Instant; +import java.time.temporal.ChronoUnit; +import java.util.ArrayDeque; +import java.util.Base64; +import java.util.Collections; +import java.util.Deque; +import java.util.HashMap; +import java.util.Map; + +import javax.net.ssl.SSLHandshakeException; +import javax.servlet.http.HttpServletResponse; + +import com.fasterxml.jackson.core.type.TypeReference; +import org.junit.After; +import org.junit.Test; + +import org.apache.qpid.server.management.plugin.HttpManagement; +import org.apache.qpid.server.model.Port; +import org.apache.qpid.server.model.Protocol; +import org.apache.qpid.server.model.Transport; +import org.apache.qpid.server.security.FileKeyStore; +import org.apache.qpid.server.security.ManagedPeerCertificateTrustStore; +import org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager; +import org.apache.qpid.server.security.auth.manager.ExternalAuthenticationManager; +import org.apache.qpid.server.transport.network.security.ssl.SSLUtil.KeyCertPair; +import org.apache.qpid.server.util.BaseAction; +import org.apache.qpid.server.util.DataUrlUtils; +import org.apache.qpid.tests.http.HttpTestBase; +import org.apache.qpid.tests.http.HttpTestHelper; + +public class PreemptiveAuthenticationTest extends HttpTestBase +{ + private static final TypeReference<String> STRING_TYPE_REF = new TypeReference<String>() {}; + private static final String STORE_PASSWORD = "password"; + + private Deque<BaseAction<Void, Exception>> _tearDownActions; + private String _keyStore; + + @After + public void tearDown() throws Exception + { + if (_tearDownActions != null) + { + Exception exception = null; + while(!_tearDownActions.isEmpty()) + { + try + { + _tearDownActions.removeLast().performAction(null); + } + catch (Exception e) + { + exception = e; + } + } + + if (exception != null) + { + throw exception; + } + } + } + + @Test + public void clientAuthSuccess() throws Exception + { + HttpTestHelper helper = configForClientAuth("CN=foo"); + + String userId = helper.getJson("broker/getUser", STRING_TYPE_REF, SC_OK); + assertThat(userId, startsWith("foo@")); + } + + @Test + public void clientAuthUnrecognisedCert() throws Exception + { + HttpTestHelper helper = configForClientAuth("CN=foo"); + + String keyStore = createKeyStoreDataUrl(getKeyCertPair("CN=bar"), STORE_PASSWORD); + helper.setKeyStore(keyStore, STORE_PASSWORD); + + try + { + helper.getJson("broker/getUser", STRING_TYPE_REF, SC_OK); + fail("Exception not thrown"); + } + catch (SSLHandshakeException e) + { + // PASS + } + catch (SocketException e) + { + // TODO - defect - we are not always seeing the SSL handshake exception + } + } + + @Test + public void basicAuth() throws Exception + { + verifyGetBroker(SC_OK); + } + + @Test + public void basicAuthWrongPassword() throws Exception + { + getHelper().setPassword("badpassword"); + + verifyGetBroker(HttpServletResponse.SC_UNAUTHORIZED); + } + + @Test + public void httpBasicAuthDisabled() throws Exception + { + doBasicAuthDisabledTest(false); + } + + @Test + public void httpsBasicAuthDisabled() throws Exception + { + doBasicAuthDisabledTest(true); + } + + @Test + public void anonymousTest() throws Exception + { + HttpTestHelper helper = configForAnonymous(); + + String userId = helper.getJson("broker/getUser", STRING_TYPE_REF, SC_OK); + assertThat(userId, startsWith("ANONYMOUS@")); + } + + @Test + public void noSessionCreated() throws Exception + { + final HttpURLConnection conn = getHelper().openManagementConnection("broker", "GET"); + assertThat("Unexpected server response", conn.getResponseCode(), is(equalTo(SC_OK))); + assertThat("Unexpected cookie", conn.getHeaderFields(), not(hasKey("Set-Cookie"))); + } + + private void verifyGetBroker(int expectedResponseCode) throws Exception + { + assertThat(getHelper().submitRequest("broker", "GET"), is(equalTo(expectedResponseCode))); + } + + private void doBasicAuthDisabledTest(final boolean tls) throws Exception + { + HttpTestHelper configHelper = new HttpTestHelper(getBrokerAdmin()); + configHelper.setTls(!tls); + final String authEnabledAttrName = tls ? HttpManagement.HTTPS_BASIC_AUTHENTICATION_ENABLED : HttpManagement.HTTP_BASIC_AUTHENTICATION_ENABLED; + try + { + HttpTestHelper helper = new HttpTestHelper(getBrokerAdmin()); + helper.setTls(tls); + assertThat(helper.submitRequest("broker", "GET"), is(equalTo(SC_OK))); + + configHelper.submitRequest("plugin/httpManagement", "POST", + Collections.<String, Object>singletonMap(authEnabledAttrName, Boolean.FALSE), SC_OK); + + assertThat(helper.submitRequest("broker", "GET"), is(equalTo(SC_UNAUTHORIZED))); + } + finally + { + configHelper.submitRequest("plugin/httpManagement", "POST", + Collections.<String, Object>singletonMap(authEnabledAttrName, Boolean.TRUE), SC_OK); + + } + } + + private HttpTestHelper configForClientAuth(final String x500Name) throws Exception + { + final KeyCertPair keyCertPair = getKeyCertPair(x500Name); + final byte[] cert = keyCertPair.getCertificate().getEncoded(); + + _keyStore = createKeyStoreDataUrl(keyCertPair, STORE_PASSWORD); + + final Deque<BaseAction<Void,Exception>> deleteActions = new ArrayDeque<>(); + + final Map<String, Object> authAttr = new HashMap<>(); + authAttr.put(ExternalAuthenticationManager.TYPE, "External"); + authAttr.put(ExternalAuthenticationManager.ATTRIBUTE_USE_FULL_DN, false); + + getHelper().submitRequest("authenticationprovider/myexternal","PUT", authAttr, SC_CREATED); + + deleteActions.add(object -> getHelper().submitRequest("authenticationprovider/myexternal", "DELETE", SC_OK)); + + final Map<String, Object> keystoreAttr = new HashMap<>(); + keystoreAttr.put(FileKeyStore.TYPE, "FileKeyStore"); + keystoreAttr.put(FileKeyStore.STORE_URL, "classpath:java_broker_keystore.jks"); + keystoreAttr.put(FileKeyStore.PASSWORD, STORE_PASSWORD); + + getHelper().submitRequest("keystore/mykeystore","PUT", keystoreAttr, SC_CREATED); + deleteActions.add(object -> getHelper().submitRequest("keystore/mykeystore", "DELETE", SC_OK)); + + final Map<String, Object> truststoreAttr = new HashMap<>(); + truststoreAttr.put(ManagedPeerCertificateTrustStore.TYPE, ManagedPeerCertificateTrustStore.TYPE_NAME); + truststoreAttr.put(ManagedPeerCertificateTrustStore.STORED_CERTIFICATES, Collections.singletonList(Base64.getEncoder().encodeToString(cert))); + + + getHelper().submitRequest("truststore/mytruststore","PUT", truststoreAttr, SC_CREATED); + deleteActions.add(object -> getHelper().submitRequest("truststore/mytruststore", "DELETE", SC_OK)); + + final Map<String, Object> portAttr = new HashMap<>(); + portAttr.put(Port.TYPE, "HTTP"); + portAttr.put(Port.PORT, 0); + portAttr.put(Port.AUTHENTICATION_PROVIDER, "myexternal"); + portAttr.put(Port.PROTOCOLS, Collections.singleton(Protocol.HTTP)); + portAttr.put(Port.TRANSPORTS, Collections.singleton(Transport.SSL)); + portAttr.put(Port.NEED_CLIENT_AUTH, true); + portAttr.put(Port.KEY_STORE, "mykeystore"); + portAttr.put(Port.TRUST_STORES, Collections.singletonList("mytruststore")); + + getHelper().submitRequest("port/myport","PUT", portAttr, SC_CREATED); + deleteActions.add(object -> getHelper().submitRequest("port/myport", "DELETE", SC_OK)); + + Map<String, Object> clientAuthPort = getHelper().getJsonAsMap("port/myport"); + int boundPort = Integer.parseInt(String.valueOf(clientAuthPort.get("boundPort"))); + + assertThat(boundPort, is(greaterThan(0))); + + _tearDownActions = deleteActions; + + HttpTestHelper helper = new HttpTestHelper(getBrokerAdmin(), null, boundPort); + helper.setTls(true); + helper.setKeyStore(_keyStore, STORE_PASSWORD); + return helper; + } + + private HttpTestHelper configForAnonymous() throws Exception + { + final Deque<BaseAction<Void,Exception>> deleteActions = new ArrayDeque<>(); + + final Map<String, Object> authAttr = new HashMap<>(); + authAttr.put(AnonymousAuthenticationManager.TYPE, AnonymousAuthenticationManager.PROVIDER_TYPE); + + getHelper().submitRequest("authenticationprovider/myanon","PUT", authAttr, SC_CREATED); + + deleteActions.add(object -> getHelper().submitRequest("authenticationprovider/myanon", "DELETE", SC_OK)); + + final Map<String, Object> portAttr = new HashMap<>(); + portAttr.put(Port.TYPE, "HTTP"); + portAttr.put(Port.PORT, 0); + portAttr.put(Port.AUTHENTICATION_PROVIDER, "myanon"); + portAttr.put(Port.PROTOCOLS, Collections.singleton(Protocol.HTTP)); + portAttr.put(Port.TRANSPORTS, Collections.singleton(Transport.TCP)); + + getHelper().submitRequest("port/myport","PUT", portAttr, SC_CREATED); + deleteActions.add(object -> getHelper().submitRequest("port/myport", "DELETE", SC_OK)); + + Map<String, Object> clientAuthPort = getHelper().getJsonAsMap("port/myport"); + int boundPort = Integer.parseInt(String.valueOf(clientAuthPort.get("boundPort"))); + + assertThat(boundPort, is(greaterThan(0))); + + _tearDownActions = deleteActions; + + HttpTestHelper helper = new HttpTestHelper(getBrokerAdmin(), null, boundPort); + helper.setKeyStore(_keyStore, STORE_PASSWORD); + helper.setPassword(null); + helper.setUserName(null); + return helper; + + } + + private String createKeyStoreDataUrl(final KeyCertPair keyCertPair, final String password) throws Exception + { + final KeyStore keyStore = KeyStore.getInstance("JKS"); + keyStore.load(null, null); + Certificate[] certChain = new Certificate[] {keyCertPair.getCertificate()}; + keyStore.setKeyEntry("key1", keyCertPair.getPrivateKey(), password.toCharArray(), certChain); + try (ByteArrayOutputStream bos = new ByteArrayOutputStream()) + { + keyStore.store(bos, password.toCharArray()); + bos.toByteArray(); + return DataUrlUtils.getDataUrlForBytes(bos.toByteArray()); + } + } + + private KeyCertPair getKeyCertPair(final String x500Name) throws Exception + { + return generateSelfSignedCertificate("RSA", "SHA256WithRSA", + 2048, Instant.now().toEpochMilli(), + Duration.of(365, ChronoUnit.DAYS).getSeconds(), + x500Name, + Collections.emptySet(), + Collections.emptySet()); + } + +} http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/8c88850e/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/authentication/TlsClientAuthenticationTest.java ---------------------------------------------------------------------- diff --git a/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/authentication/TlsClientAuthenticationTest.java b/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/authentication/TlsClientAuthenticationTest.java deleted file mode 100644 index 7d14ff8..0000000 --- a/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/authentication/TlsClientAuthenticationTest.java +++ /dev/null @@ -1,210 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.qpid.tests.http.authentication; - -import static javax.servlet.http.HttpServletResponse.SC_CREATED; -import static javax.servlet.http.HttpServletResponse.SC_OK; -import static org.apache.qpid.server.transport.network.security.ssl.SSLUtil.generateSelfSignedCertificate; -import static org.hamcrest.Matchers.greaterThan; -import static org.hamcrest.Matchers.is; -import static org.hamcrest.Matchers.startsWith; -import static org.junit.Assert.assertThat; -import static org.junit.Assert.fail; - -import java.io.ByteArrayOutputStream; -import java.security.KeyStore; -import java.security.cert.Certificate; -import java.time.Duration; -import java.time.Instant; -import java.time.temporal.ChronoUnit; -import java.util.ArrayDeque; -import java.util.Base64; -import java.util.Collections; -import java.util.Deque; -import java.util.HashMap; -import java.util.Map; - -import javax.net.ssl.SSLHandshakeException; - -import com.fasterxml.jackson.core.type.TypeReference; -import org.junit.After; -import org.junit.Test; - -import org.apache.qpid.server.model.Port; -import org.apache.qpid.server.model.Protocol; -import org.apache.qpid.server.model.Transport; -import org.apache.qpid.server.security.FileKeyStore; -import org.apache.qpid.server.security.ManagedPeerCertificateTrustStore; -import org.apache.qpid.server.security.auth.manager.ExternalAuthenticationManager; -import org.apache.qpid.server.transport.network.security.ssl.SSLUtil.KeyCertPair; -import org.apache.qpid.server.util.BaseAction; -import org.apache.qpid.server.util.DataUrlUtils; -import org.apache.qpid.tests.http.HttpTestBase; -import org.apache.qpid.tests.http.HttpTestHelper; - -public class TlsClientAuthenticationTest extends HttpTestBase -{ - - private Deque<BaseAction<Void, Exception>> _tearDownActions; - private int _clientAuthPort; - private String _keyStore; - - @After - public void tearDown() throws Exception - { - if (_tearDownActions != null) - { - Exception exception = null; - while(!_tearDownActions.isEmpty()) - { - try - { - _tearDownActions.removeLast().performAction(null); - } - catch (Exception e) - { - exception = e; - } - } - - if (exception != null) - { - throw exception; - } - } - } - - @Test - public void clientAuthenticationSuccess() throws Exception - { - configPortAndAuthProvider("CN=foo"); - - HttpTestHelper helper = new HttpTestHelper(getBrokerAdmin(), null, _clientAuthPort); - helper.setTls(true); - helper.setKeyStore(_keyStore, "password"); - - String userId = helper.getJson("broker/getUser", new TypeReference<String>() {}, SC_OK); - assertThat(userId, startsWith("foo@")); - } - - @Test - public void unrecognisedCertification() throws Exception - { - configPortAndAuthProvider("CN=foo"); - - String keyStore = createKeyStoreDataUrl(getKeyCertPair("CN=bar"), "password"); - - HttpTestHelper helper = new HttpTestHelper(getBrokerAdmin(), null, _clientAuthPort); - helper.setTls(true); - helper.setKeyStore(keyStore, "password"); - - try - { - helper.getJson("broker/getUser", new TypeReference<String>() {}, SC_OK); - fail("Exception not thrown"); - } - catch (SSLHandshakeException e) - { - // PASS - } - } - - private void configPortAndAuthProvider(final String x500Name) throws Exception - { - - final KeyCertPair keyCertPair = getKeyCertPair(x500Name); - final byte[] cert = keyCertPair.getCertificate().getEncoded(); - - _keyStore = createKeyStoreDataUrl(keyCertPair, "password"); - - - final Deque<BaseAction<Void,Exception>> deleteActions = new ArrayDeque<>(); - - final Map<String, Object> authAttr = new HashMap<>(); - authAttr.put(ExternalAuthenticationManager.TYPE, "External"); - authAttr.put(ExternalAuthenticationManager.ATTRIBUTE_USE_FULL_DN, false); - - getHelper().submitRequest("authenticationprovider/myexternal","PUT", authAttr, SC_CREATED); - - deleteActions.add(object -> getHelper().submitRequest("authenticationprovider/myexternal", "DELETE", SC_OK)); - - final Map<String, Object> keystoreAttr = new HashMap<>(); - keystoreAttr.put(FileKeyStore.TYPE, "FileKeyStore"); - keystoreAttr.put(FileKeyStore.STORE_URL, "classpath:java_broker_keystore.jks"); - keystoreAttr.put(FileKeyStore.PASSWORD, "password"); - - getHelper().submitRequest("keystore/mykeystore","PUT", keystoreAttr, SC_CREATED); - deleteActions.add(object -> getHelper().submitRequest("keystore/mykeystore", "DELETE", SC_OK)); - - final Map<String, Object> truststoreAttr = new HashMap<>(); - truststoreAttr.put(ManagedPeerCertificateTrustStore.TYPE, ManagedPeerCertificateTrustStore.TYPE_NAME); - truststoreAttr.put(ManagedPeerCertificateTrustStore.STORED_CERTIFICATES, Collections.singletonList(Base64.getEncoder().encodeToString(cert))); - - getHelper().submitRequest("truststore/mytruststore","PUT", truststoreAttr, SC_CREATED); - deleteActions.add(object -> getHelper().submitRequest("truststore/mytruststore", "DELETE", SC_OK)); - - final Map<String, Object> portAttr = new HashMap<>(); - portAttr.put(Port.TYPE, "HTTP"); - portAttr.put(Port.PORT, 0); - portAttr.put(Port.AUTHENTICATION_PROVIDER, "myexternal"); - portAttr.put(Port.PROTOCOLS, Collections.singleton(Protocol.HTTP)); - portAttr.put(Port.TRANSPORTS, Collections.singleton(Transport.SSL)); - portAttr.put(Port.NEED_CLIENT_AUTH, true); - portAttr.put(Port.KEY_STORE, "mykeystore"); - portAttr.put(Port.TRUST_STORES, Collections.singletonList("mytruststore")); - - getHelper().submitRequest("port/myport","PUT", portAttr, SC_CREATED); - deleteActions.add(object -> getHelper().submitRequest("port/myport", "DELETE", SC_OK)); - - Map<String, Object> clientAuthPort = getHelper().getJsonAsMap("port/myport"); - int boundPort = Integer.parseInt(String.valueOf(clientAuthPort.get("boundPort"))); - - assertThat(boundPort, is(greaterThan(0))); - - _tearDownActions = deleteActions; - _clientAuthPort = boundPort; - } - - private String createKeyStoreDataUrl(final KeyCertPair keyCertPair, final String password) throws Exception - { - final KeyStore keyStore = KeyStore.getInstance("JKS"); - keyStore.load(null, null); - Certificate[] certChain = new Certificate[] {keyCertPair.getCertificate()}; - keyStore.setKeyEntry("key1", keyCertPair.getPrivateKey(), password.toCharArray(), certChain); - try (ByteArrayOutputStream bos = new ByteArrayOutputStream()) - { - keyStore.store(bos, password.toCharArray()); - bos.toByteArray(); - return DataUrlUtils.getDataUrlForBytes(bos.toByteArray()); - } - } - - private KeyCertPair getKeyCertPair(final String x500Name) throws Exception - { - return generateSelfSignedCertificate("RSA", "SHA256WithRSA", - 2048, Instant.now().toEpochMilli(), - Duration.of(365, ChronoUnit.DAYS).getSeconds(), - x500Name, - Collections.emptySet(), - Collections.emptySet()); - } - -} http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/8c88850e/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/transport/UnifiedPortTest.java ---------------------------------------------------------------------- diff --git a/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/transport/UnifiedPortTest.java b/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/transport/UnifiedPortTest.java new file mode 100644 index 0000000..349bb10 --- /dev/null +++ b/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/transport/UnifiedPortTest.java @@ -0,0 +1,113 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + * + */ +package org.apache.qpid.tests.http.transport; + +import static org.hamcrest.CoreMatchers.equalTo; +import static org.junit.Assert.assertThat; + +import java.net.InetAddress; +import java.net.InetSocketAddress; +import java.util.Map; + +import org.hamcrest.CoreMatchers; +import org.junit.Test; + +import org.apache.qpid.test.utils.TCPTunneler; +import org.apache.qpid.tests.http.HttpTestBase; +import org.apache.qpid.tests.http.HttpTestHelper; +import org.apache.qpid.tests.utils.BrokerAdmin; + +public class UnifiedPortTest extends HttpTestBase +{ + @Test + public void slowConnectHttp() throws Exception + { + doTestSlowConnect(false); + } + + @Test + public void slowConnectHttps() throws Exception + { + doTestSlowConnect(true); + } + + private void doTestSlowConnect(final boolean useTls) throws Exception + { + final int port = getBrokerAdmin().getBrokerAddress(BrokerAdmin.PortType.HTTP).getPort(); + try(TCPTunneler tunneler = new TCPTunneler(0, "localhost", + port, 1, 2)) + { + // Hopes to exercise the code path where too few bytes arrive with Jetty for it to make an PLAIN/TLS + // determination and needs to await more bytes. + tunneler.addClientListener(new PreambleDelayingListener()); + tunneler.start(); + + HttpTestHelper _restTestHelper = new HttpTestHelper(getBrokerAdmin(), null, tunneler.getLocalPort()); + _restTestHelper.setTls(useTls); + + Map<String, Object> metadata = _restTestHelper.getJsonAsMap("broker/getConnectionMetaData"); + String transport = String.valueOf(metadata.get("transport")); + final String expected = useTls ? "SSL" : "TCP"; + assertThat("Unexpected protocol", transport, CoreMatchers.is(equalTo(expected))); + } + } + + private static class PreambleDelayingListener implements TCPTunneler.TunnelListener + { + private int _totalBytes; + + @Override + public void clientConnected(final InetSocketAddress clientAddress) + { + + } + + @Override + public void clientDisconnected(final InetSocketAddress clientAddress) + { + + } + + @Override + public void notifyClientToServerBytesDelivered(final InetAddress inetAddress, + final int numberOfBytesForwarded) + { + _totalBytes += numberOfBytesForwarded; + if (_totalBytes < 10) + { + try + { + Thread.sleep(10); + } + catch (InterruptedException e) + { + Thread.currentThread().interrupt(); + } + } + } + + @Override + public void notifyServerToClientBytesDelivered(final InetAddress inetAddress, + final int numberOfBytesForwarded) + { + + } + } +} http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/8c88850e/systests/src/test/java/org/apache/qpid/systest/rest/AnonymousAccessRestTest.java ---------------------------------------------------------------------- diff --git a/systests/src/test/java/org/apache/qpid/systest/rest/AnonymousAccessRestTest.java b/systests/src/test/java/org/apache/qpid/systest/rest/AnonymousAccessRestTest.java deleted file mode 100644 index 2de5117..0000000 --- a/systests/src/test/java/org/apache/qpid/systest/rest/AnonymousAccessRestTest.java +++ /dev/null @@ -1,116 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.qpid.systest.rest; - -import java.util.HashMap; -import java.util.Map; - -import javax.servlet.http.HttpServletResponse; - -import org.apache.qpid.server.management.plugin.HttpManagement; -import org.apache.qpid.server.model.AuthenticationProvider; -import org.apache.qpid.server.model.Broker; -import org.apache.qpid.server.model.Plugin; -import org.apache.qpid.server.model.Port; -import org.apache.qpid.server.security.auth.manager.AnonymousAuthenticationManager; -import org.apache.qpid.test.utils.TestBrokerConfiguration; - -public class AnonymousAccessRestTest extends QpidRestTestCase -{ - @Override - public void startDefaultBroker() - { - // prevent broker from starting in setUp - } - - public void startBrokerNow() throws Exception - { - super.startDefaultBroker(); - - // reset credentials - getRestTestHelper().setUsernameAndPassword(null, null); - } - - @Override - protected void customizeConfiguration() throws Exception - { - super.customizeConfiguration(); - TestBrokerConfiguration config = getDefaultBrokerConfiguration(); - - Map<String, Object> anonymousAuthProviderAttributes = new HashMap<String, Object>(); - anonymousAuthProviderAttributes.put(AuthenticationProvider.TYPE, AnonymousAuthenticationManager.PROVIDER_TYPE); - anonymousAuthProviderAttributes.put(AuthenticationProvider.NAME, TestBrokerConfiguration.ENTRY_NAME_ANONYMOUS_PROVIDER); - config.addObjectConfiguration(AuthenticationProvider.class, anonymousAuthProviderAttributes); - - // set anonymous authentication provider on http port for the tests - config.setObjectAttribute(Port.class, TestBrokerConfiguration.ENTRY_NAME_HTTP_PORT, Port.AUTHENTICATION_PROVIDER, - TestBrokerConfiguration.ENTRY_NAME_ANONYMOUS_PROVIDER); - config.setObjectAttribute(Plugin.class, TestBrokerConfiguration.ENTRY_NAME_HTTP_MANAGEMENT, HttpManagement.HTTP_BASIC_AUTHENTICATION_ENABLED, false); - - } - - public void testGetWithAnonymousProvider() throws Exception - { - startBrokerNow(); - - Map<String, Object> brokerDetails = getRestTestHelper().getJsonAsMap("broker"); - assertNotNull("Unexpected broker attributes", brokerDetails); - assertNotNull("Unexpected value of attribute " + Broker.ID, brokerDetails.get(Broker.ID)); - } - - public void testPutAnonymousProvider() throws Exception - { - startBrokerNow(); - - Map<String, Object> brokerAttributes = new HashMap<String, Object>(); - String newBrokerName = getName(); - brokerAttributes.put(Broker.NAME, newBrokerName); - - getRestTestHelper().submitRequest("broker", "PUT", brokerAttributes, HttpServletResponse.SC_OK); - - Map<String, Object> brokerDetails = getRestTestHelper().getJsonAsMap("broker"); - assertNotNull("Unexpected broker attributes", brokerDetails); - assertNotNull("Unexpected value of attribute " + Broker.ID, brokerDetails.get(Broker.ID)); - assertEquals("Unexpected default virtual host", newBrokerName, brokerDetails.get(Broker.NAME)); - } - - public void testGetWithPasswordAuthProvider() throws Exception - { - getDefaultBrokerConfiguration().setObjectAttribute(Port.class, TestBrokerConfiguration.ENTRY_NAME_HTTP_PORT, Port.AUTHENTICATION_PROVIDER, - TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER); - startBrokerNow(); - - getRestTestHelper().submitRequest("broker", "GET", HttpServletResponse.SC_UNAUTHORIZED); - } - - public void testPutWithPasswordAuthProvider() throws Exception - { - String newBrokerName = getName(); - getDefaultBrokerConfiguration().setObjectAttribute(Port.class, TestBrokerConfiguration.ENTRY_NAME_HTTP_PORT, Port.AUTHENTICATION_PROVIDER, - TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER); - startBrokerNow(); - - Map<String, Object> brokerAttributes = new HashMap<String, Object>(); - brokerAttributes.put(Broker.NAME, newBrokerName); - - getRestTestHelper().submitRequest("broker", "PUT", brokerAttributes, HttpServletResponse.SC_UNAUTHORIZED); - } -} http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/8c88850e/systests/src/test/java/org/apache/qpid/systest/rest/BrokerRestHttpAndHttpsTest.java ---------------------------------------------------------------------- diff --git a/systests/src/test/java/org/apache/qpid/systest/rest/BrokerRestHttpAndHttpsTest.java b/systests/src/test/java/org/apache/qpid/systest/rest/BrokerRestHttpAndHttpsTest.java deleted file mode 100644 index 7bad826..0000000 --- a/systests/src/test/java/org/apache/qpid/systest/rest/BrokerRestHttpAndHttpsTest.java +++ /dev/null @@ -1,168 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.qpid.systest.rest; - -import static org.apache.qpid.test.utils.TestSSLConstants.TRUSTSTORE; -import static org.apache.qpid.test.utils.TestSSLConstants.TRUSTSTORE_PASSWORD; - -import java.io.IOException; -import java.net.InetAddress; -import java.net.InetSocketAddress; -import java.util.Arrays; -import java.util.Collection; -import java.util.Collections; -import java.util.HashMap; -import java.util.Map; - -import org.apache.qpid.server.model.AuthenticationProvider; -import org.apache.qpid.server.model.Port; -import org.apache.qpid.server.model.Protocol; -import org.apache.qpid.server.model.Transport; -import org.apache.qpid.test.utils.TCPTunneler; -import org.apache.qpid.test.utils.TestBrokerConfiguration; - -public class BrokerRestHttpAndHttpsTest extends QpidRestTestCase -{ - @Override - public void setUp() throws Exception - { - setSystemProperty("javax.net.debug", "ssl"); - super.setUp(); - setSystemProperty("javax.net.ssl.trustStore", TRUSTSTORE); - setSystemProperty("javax.net.ssl.trustStorePassword", TRUSTSTORE_PASSWORD); - } - - @Override - protected void customizeConfiguration() throws Exception - { - super.customizeConfiguration(); - Map<String, Object> newAttributes = new HashMap<>(); - newAttributes.put(Port.PROTOCOLS, Collections.singleton(Protocol.HTTP)); - newAttributes.put(Port.TRANSPORTS, Arrays.asList(Transport.SSL, Transport.TCP)); - newAttributes.put(Port.KEY_STORE, TestBrokerConfiguration.ENTRY_NAME_SSL_KEYSTORE); - getDefaultBrokerConfiguration().setObjectAttributes(Port.class, TestBrokerConfiguration.ENTRY_NAME_HTTP_PORT, newAttributes); - getDefaultBrokerConfiguration().setObjectAttribute(AuthenticationProvider.class, TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER, - "secureOnlyMechanisms", - "[\"PLAIN\"]"); - - } - - public void testGetWithHttps() throws Exception - { - Collection<String> results = getMechanisms(true); - assertTrue("mechanisms did not contain PLAIN: " + results, results.contains("PLAIN")); - } - - - public void testGetWithHttp() throws Exception - { - Collection<String> results = getMechanisms(false); - assertFalse("mechanisms incorrectly contains PLAIN: " + results, results.contains("PLAIN")); - } - - public void testSlowConnectHttp() throws Exception - { - doTestSlowConnect(false); - } - - public void testSlowConnectHttps() throws Exception - { - doTestSlowConnect(true); - } - - private void doTestSlowConnect(final boolean useSsl) throws Exception - { - try(TCPTunneler tunneler = new TCPTunneler(0, "localhost", getDefaultBroker().getHttpPort(), 1, 2)) - { - // Hopes to exercise the code path where too few bytes arrive with Jetty for it to make an PLAIN/TLS - // determination and needs to await more bytes. - tunneler.addClientListener(new PreambleDelayingListener()); - tunneler.start(); - - _restTestHelper = configureRestHelper(useSsl, tunneler.getLocalPort()); - Map<String, Object> metadata = _restTestHelper.getJsonAsMap("/api/latest/broker/getConnectionMetaData"); - String transport = String.valueOf(metadata.get("transport")); - assertEquals("Unexpected protocol", useSsl ? "SSL" : "TCP", transport); - } - } - - private Collection<String> getMechanisms(final boolean useSsl) throws IOException - { - int port = getDefaultBroker().getHttpPort(); - _restTestHelper = configureRestHelper(useSsl, port); - - Map<String, Object> mechanisms = _restTestHelper.getJsonAsMap("/service/sasl"); - return (Collection<String>) mechanisms.get("mechanisms"); - } - - private RestTestHelper configureRestHelper(final boolean useSsl, final int port) - { - RestTestHelper restTestHelper = new RestTestHelper(port); - restTestHelper.setUseSsl(useSsl); - if (useSsl) - { - restTestHelper.setTruststore(TRUSTSTORE, TRUSTSTORE_PASSWORD); - } - return restTestHelper; - } - - private static class PreambleDelayingListener implements TCPTunneler.TunnelListener - { - private int _totalBytes; - - @Override - public void clientConnected(final InetSocketAddress clientAddress) - { - - } - - @Override - public void clientDisconnected(final InetSocketAddress clientAddress) - { - - } - - @Override - public void notifyClientToServerBytesDelivered(final InetAddress inetAddress, - final int numberOfBytesForwarded) - { - _totalBytes += numberOfBytesForwarded; - if (_totalBytes < 10) - { - try - { - Thread.sleep(10); - } - catch (InterruptedException e) - { - Thread.currentThread().interrupt(); - } - } - } - - @Override - public void notifyServerToClientBytesDelivered(final InetAddress inetAddress, - final int numberOfBytesForwarded) - { - - } - } -} http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/8c88850e/systests/src/test/java/org/apache/qpid/systest/rest/BrokerRestHttpsTest.java ---------------------------------------------------------------------- diff --git a/systests/src/test/java/org/apache/qpid/systest/rest/BrokerRestHttpsTest.java b/systests/src/test/java/org/apache/qpid/systest/rest/BrokerRestHttpsTest.java deleted file mode 100644 index 8a96747..0000000 --- a/systests/src/test/java/org/apache/qpid/systest/rest/BrokerRestHttpsTest.java +++ /dev/null @@ -1,78 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.qpid.systest.rest; - -import static org.apache.qpid.test.utils.TestSSLConstants.TRUSTSTORE; -import static org.apache.qpid.test.utils.TestSSLConstants.TRUSTSTORE_PASSWORD; - -import java.util.Collections; -import java.util.HashMap; -import java.util.Map; - -import org.apache.qpid.server.model.Broker; -import org.apache.qpid.server.model.BrokerModel; -import org.apache.qpid.server.model.ConfiguredObject; -import org.apache.qpid.server.model.Port; -import org.apache.qpid.server.model.Protocol; -import org.apache.qpid.server.model.Transport; -import org.apache.qpid.test.utils.TestBrokerConfiguration; - -public class BrokerRestHttpsTest extends QpidRestTestCase -{ - @Override - public void setUp() throws Exception - { - setSystemProperty("javax.net.debug", "ssl"); - super.setUp(); - _restTestHelper = new RestTestHelper(getDefaultBroker().getHttpsPort()); - _restTestHelper.setUseSsl(true); - _restTestHelper.setTruststore(TRUSTSTORE, TRUSTSTORE_PASSWORD); - } - - @Override - protected void customizeConfiguration() throws Exception - { - super.customizeConfiguration(); - Map<String, Object> newAttributes = new HashMap<String, Object>(); - newAttributes.put(Port.PROTOCOLS, Collections.singleton(Protocol.HTTP)); - newAttributes.put(Port.TRANSPORTS, Collections.singleton(Transport.SSL)); - newAttributes.put(Port.KEY_STORE, TestBrokerConfiguration.ENTRY_NAME_SSL_KEYSTORE); - getDefaultBrokerConfiguration().setObjectAttributes(Port.class, TestBrokerConfiguration.ENTRY_NAME_HTTP_PORT, newAttributes); - } - - public void testGetWithHttps() throws Exception - { - Map<String, Object> brokerDetails = getRestTestHelper().getJsonAsMap("broker"); - - Asserts.assertAttributesPresent(brokerDetails, BrokerModel.getInstance().getTypeRegistry().getAttributeNames(Broker.class), - Broker.PROCESS_PID, - Broker.CONFIDENTIAL_CONFIGURATION_ENCRYPTION_PROVIDER, - ConfiguredObject.TYPE, - ConfiguredObject.CREATED_BY, - ConfiguredObject.CREATED_TIME, - ConfiguredObject.LAST_UPDATED_BY, - ConfiguredObject.LAST_UPDATED_TIME, - ConfiguredObject.DESCRIPTION, - ConfiguredObject.CONTEXT, - ConfiguredObject.DESIRED_STATE, - Broker.PREFERENCE_STORE_ATTRIBUTES); - } -} http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/8c88850e/systests/src/test/java/org/apache/qpid/systest/rest/PreemtiveAuthRestTest.java ---------------------------------------------------------------------- diff --git a/systests/src/test/java/org/apache/qpid/systest/rest/PreemtiveAuthRestTest.java b/systests/src/test/java/org/apache/qpid/systest/rest/PreemtiveAuthRestTest.java deleted file mode 100644 index 3864fab..0000000 --- a/systests/src/test/java/org/apache/qpid/systest/rest/PreemtiveAuthRestTest.java +++ /dev/null @@ -1,207 +0,0 @@ -/* - * - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - * - */ -package org.apache.qpid.systest.rest; - -import static org.apache.qpid.test.utils.TestSSLConstants.TRUSTSTORE; -import static org.apache.qpid.test.utils.TestSSLConstants.TRUSTSTORE_PASSWORD; -import static org.apache.qpid.test.utils.TestSSLConstants.KEYSTORE; -import static org.apache.qpid.test.utils.TestSSLConstants.KEYSTORE_PASSWORD; -import static org.apache.qpid.test.utils.TestSSLConstants.UNTRUSTED_KEYSTORE; - -import java.io.IOException; -import java.net.HttpURLConnection; -import java.util.Collections; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import javax.servlet.http.HttpServletResponse; - -import org.apache.qpid.server.management.plugin.HttpManagement; -import org.apache.qpid.server.model.AuthenticationProvider; -import org.apache.qpid.server.model.Plugin; -import org.apache.qpid.server.model.Port; -import org.apache.qpid.server.model.Protocol; -import org.apache.qpid.server.model.Transport; -import org.apache.qpid.server.security.auth.manager.ExternalAuthenticationManager; -import org.apache.qpid.test.utils.TestBrokerConfiguration; -import org.apache.qpid.test.utils.TestSSLConstants; - -public class PreemtiveAuthRestTest extends QpidRestTestCase -{ - private static final String USERNAME = "admin"; - private static final String PASSWORD = "admin"; - - @Override - public void startDefaultBroker() throws Exception - { - //don't call super method, we will configure the broker in the test before doing so - } - - @Override - protected void customizeConfiguration() throws Exception - { - //do nothing, we will configure this locally - } - - private void configure(boolean useSsl, final boolean useClientAuth) throws Exception - { - super.customizeConfiguration(); - - setSystemProperty("javax.net.debug", "ssl"); - if (useSsl) - { - Map<String, Object> portAttributes = new HashMap<>(); - portAttributes.put(Port.PROTOCOLS, Collections.singleton(Protocol.HTTP)); - portAttributes.put(Port.TRANSPORTS, Collections.singleton(Transport.SSL)); - portAttributes.put(Port.KEY_STORE, TestBrokerConfiguration.ENTRY_NAME_SSL_KEYSTORE); - - if (useClientAuth) - { - portAttributes.put(Port.TRUST_STORES, Collections.singleton(TestBrokerConfiguration.ENTRY_NAME_SSL_TRUSTSTORE)); - portAttributes.put(Port.NEED_CLIENT_AUTH, "true"); - portAttributes.put(Port.AUTHENTICATION_PROVIDER, EXTERNAL_AUTHENTICATION_PROVIDER); - - Map<String, Object> externalProviderAttributes = new HashMap<>(); - externalProviderAttributes.put(AuthenticationProvider.TYPE, ExternalAuthenticationManager.PROVIDER_TYPE); - externalProviderAttributes.put(AuthenticationProvider.NAME, EXTERNAL_AUTHENTICATION_PROVIDER); - getDefaultBrokerConfiguration().addObjectConfiguration(AuthenticationProvider.class, externalProviderAttributes); - } - - getDefaultBrokerConfiguration().setObjectAttributes(Port.class, TestBrokerConfiguration.ENTRY_NAME_HTTP_PORT, portAttributes); - } - } - - private void verifyGetBrokerAttempt(int responseCode) throws IOException - { - assertEquals(responseCode, getRestTestHelper().submitRequest("broker", "GET")); - } - - public void testBasicAuth() throws Exception - { - configure(false, false); - super.startDefaultBroker(); - - _restTestHelper.setUsernameAndPassword(USERNAME, PASSWORD); - verifyGetBrokerAttempt(HttpServletResponse.SC_OK); - } - - public void testBasicAuth_WrongPassword() throws Exception - { - configure(false, false); - super.startDefaultBroker(); - - _restTestHelper.setUsernameAndPassword(USERNAME, "badpassword"); - verifyGetBrokerAttempt(HttpServletResponse.SC_UNAUTHORIZED); - } - - public void testBasicAuthWhenDisabled() throws Exception - { - configure(false, false); - getDefaultBrokerConfiguration().setObjectAttribute(Plugin.class, TestBrokerConfiguration.ENTRY_NAME_HTTP_MANAGEMENT, HttpManagement.HTTP_BASIC_AUTHENTICATION_ENABLED, false); - super.startDefaultBroker(); - getRestTestHelper().setUseSsl(false); - // Try the attempt with authentication, it should fail because - // BASIC auth is disabled by default on non-secure connections. - getRestTestHelper().setUsernameAndPassword(USERNAME, PASSWORD); - verifyGetBrokerAttempt(HttpServletResponse.SC_UNAUTHORIZED); - } - - public void testBasicAuth_Https() throws Exception - { - configure(true, false); - super.startDefaultBroker(); - _restTestHelper = new RestTestHelper(getDefaultBroker().getHttpsPort()); - _restTestHelper.setUseSsl(true); - _restTestHelper.setTruststore(TRUSTSTORE, TRUSTSTORE_PASSWORD); - - // Try the attempt with authentication, it should succeed because - // BASIC auth is enabled by default on secure connections. - _restTestHelper.setUsernameAndPassword(USERNAME, PASSWORD); - verifyGetBrokerAttempt(HttpServletResponse.SC_OK); - } - - public void testBasicAuthWhenDisabled_Https() throws Exception - { - configure(true, false); - getDefaultBrokerConfiguration().setObjectAttribute(Plugin.class, TestBrokerConfiguration.ENTRY_NAME_HTTP_MANAGEMENT, HttpManagement.HTTPS_BASIC_AUTHENTICATION_ENABLED, false); - super.startDefaultBroker(); - _restTestHelper = new RestTestHelper(getDefaultBroker().getHttpsPort()); - _restTestHelper.setUseSsl(true); - _restTestHelper.setTruststore(TRUSTSTORE, TRUSTSTORE_PASSWORD); - - // Try the attempt with authentication, it should fail because - // BASIC auth is now disabled on secure connections. - _restTestHelper.setUsernameAndPassword(USERNAME, PASSWORD); - verifyGetBrokerAttempt(HttpServletResponse.SC_UNAUTHORIZED); - } - - public void testClientCertAuth() throws Exception - { - configure(true, true); - super.startDefaultBroker(); - _restTestHelper = new RestTestHelper(getDefaultBroker().getHttpsPort()); - _restTestHelper.setUseSsl(true); - _restTestHelper.setUseSslAuth(true); - _restTestHelper.setTruststore(TRUSTSTORE, TRUSTSTORE_PASSWORD); - _restTestHelper.setKeystore(KEYSTORE, KEYSTORE_PASSWORD); - - _restTestHelper.setUsernameAndPassword(null, null); - verifyGetBrokerAttempt(HttpServletResponse.SC_OK); - } - - public void testClientCertAuth_UntrustedClientCert() throws Exception - { - configure(true, true); - super.startDefaultBroker(); - _restTestHelper = new RestTestHelper(getDefaultBroker().getHttpsPort()); - _restTestHelper.setUseSsl(true); - _restTestHelper.setUseSslAuth(true); - _restTestHelper.setTruststore(TRUSTSTORE, TRUSTSTORE_PASSWORD); - _restTestHelper.setKeystore(UNTRUSTED_KEYSTORE, KEYSTORE_PASSWORD); - _restTestHelper.setClientAuthAlias(TestSSLConstants.CERT_ALIAS_UNTRUSTED_CLIENT); - - _restTestHelper.setUsernameAndPassword(null, null); - - try - { - getRestTestHelper().submitRequest("broker", "GET"); - fail("Exception not thrown"); - } - catch (IOException e) - { - e.printStackTrace(); - } - } - - public void testPreemptiveDoesNotCreateSession() throws Exception - { - configure(false, false); - super.startDefaultBroker(); - _restTestHelper = new RestTestHelper(getDefaultBroker().getHttpPort()); - - _restTestHelper.setUsernameAndPassword(USERNAME, PASSWORD); - final HttpURLConnection firstConnection = _restTestHelper.openManagementConnection("broker", "GET"); - assertEquals("Unexpected server response", HttpServletResponse.SC_OK, firstConnection.getResponseCode()); - List<String> cookies = firstConnection.getHeaderFields().get("Set-Cookie"); - assertNull("Should not create session cookies", cookies); - } -} --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
