Repository: qpid-broker-j Updated Branches: refs/heads/master 6cdcc25b9 -> 9f82a4d33
QPID-8064: [Broker-J] Fix tests failing with IBM JDK Project: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/repo Commit: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/commit/9f82a4d3 Tree: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/tree/9f82a4d3 Diff: http://git-wip-us.apache.org/repos/asf/qpid-broker-j/diff/9f82a4d3 Branch: refs/heads/master Commit: 9f82a4d338c5103cce9f64dbe07f9886334e7112 Parents: 6cdcc25 Author: Alex Rudyy <oru...@apache.org> Authored: Thu Mar 29 11:42:42 2018 +0100 Committer: Alex Rudyy <oru...@apache.org> Committed: Thu Mar 29 11:42:42 2018 +0100 ---------------------------------------------------------------------- broker-core/pom.xml | 11 ++++++ .../qpid/server/security/FileKeyStoreTest.java | 23 ++++++++++++ .../server/security/FileTrustStoreTest.java | 35 +++++++++++++------ .../ssl/test_cert_only_keystore.pkcs12 | Bin 0 -> 826 bytes .../test/resources/ssl/test_nokey_keystore.jks | Bin 32 -> 0 bytes .../resources/ssl/test_pk_only_keystore.pkcs12 | Bin 0 -> 3129 bytes 6 files changed, 58 insertions(+), 11 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/9f82a4d3/broker-core/pom.xml ---------------------------------------------------------------------- diff --git a/broker-core/pom.xml b/broker-core/pom.xml index f737909..b3ce59c 100644 --- a/broker-core/pom.xml +++ b/broker-core/pom.xml @@ -179,6 +179,17 @@ <workingDirectory>${basedir}/..</workingDirectory> </configuration> </plugin> + + <plugin> + <groupId>org.apache.rat</groupId> + <artifactId>apache-rat-plugin</artifactId> + <configuration> + <excludes> + <exclude>src/test/resources/ssl/**</exclude> + </excludes> + </configuration> + </plugin> + </plugins> </build> http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/9f82a4d3/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java ---------------------------------------------------------------------- diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java index 2e01172..535badb 100644 --- a/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java +++ b/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java @@ -47,6 +47,7 @@ import org.apache.qpid.test.utils.TestSSLConstants; public class FileKeyStoreTest extends QpidTestCase { static final String EMPTY_KEYSTORE_RESOURCE = "/ssl/test_empty_keystore.jks"; + static final String KEYSTORE_CERTIFICATE_ONLY_RESOURCE = "/ssl/test_cert_only_keystore.pkcs12"; private final Broker _broker = mock(Broker.class); private final TaskExecutor _taskExecutor = CurrentThreadTaskExecutor.newStartedInstance(); @@ -274,6 +275,28 @@ public class FileKeyStoreTest extends QpidTestCase } catch (IllegalConfigurationException ice) { + // pass + } + } + + public void testKeystoreWithNoPrivateKeyRejected() + { + final URL keystoreUrl = getClass().getResource(KEYSTORE_CERTIFICATE_ONLY_RESOURCE); + assertNotNull("Keystore not found", keystoreUrl); + + Map<String,Object> attributes = new HashMap<>(); + attributes.put(FileKeyStore.NAME, getTestName()); + attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD); + attributes.put(FileKeyStore.STORE_URL, keystoreUrl); + attributes.put(FileKeyStore.KEY_STORE_TYPE, "PKCS12"); + + try + { + _factory.create(KeyStore.class, attributes, _broker); + fail("Exception not thrown"); + } + catch (IllegalConfigurationException ice) + { String message = ice.getMessage(); assertTrue("Exception text not as unexpected:" + message, message.contains("Keystore must contain at least one private key.")); } http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/9f82a4d3/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java ---------------------------------------------------------------------- diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java index 4270cdb..bab4f26 100644 --- a/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java +++ b/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java @@ -21,31 +21,21 @@ package org.apache.qpid.server.security; import static org.apache.qpid.server.security.FileKeyStoreTest.EMPTY_KEYSTORE_RESOURCE; -import static org.apache.qpid.server.transport.network.security.ssl.SSLUtil.KeyCertPair; -import static org.apache.qpid.server.transport.network.security.ssl.SSLUtil.generateSelfSignedCertificate; import static org.apache.qpid.server.transport.network.security.ssl.SSLUtil.getInitializedKeyStore; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; -import java.io.File; -import java.io.FileOutputStream; import java.io.InputStream; -import java.net.InetAddress; import java.net.URL; import java.security.KeyStore; -import java.security.KeyStoreException; import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.CertificateExpiredException; import java.security.cert.X509Certificate; -import java.time.Duration; -import java.util.Collections; import java.util.Enumeration; import java.util.HashMap; -import java.util.List; import java.util.Map; -import javax.crypto.KeyGenerator; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; @@ -66,6 +56,7 @@ import org.apache.qpid.test.utils.TestSSLConstants; public class FileTrustStoreTest extends QpidTestCase { + static final String KEYSTORE_PK_ONLY_RESOURCE = "/ssl/test_pk_only_keystore.pkcs12"; static final String SYMMETRIC_KEY_KEYSTORE_RESOURCE = "/ssl/test_symmetric_key_keystore.pkcs12"; static final String KEYSTORE_RESOURCE = "/ssl/test_keystore.jks"; @@ -320,6 +311,28 @@ public class FileTrustStoreTest extends QpidTestCase } catch (IllegalConfigurationException ice) { + // pass + } + } + + public void testTrustStoreWithNoCertificateRejected() + { + final URL keystoreUrl = getClass().getResource(KEYSTORE_PK_ONLY_RESOURCE); + assertNotNull("Keystore not found", keystoreUrl); + + Map<String,Object> attributes = new HashMap<>(); + attributes.put(FileTrustStore.NAME, getTestName()); + attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD); + attributes.put(FileTrustStore.STORE_URL, keystoreUrl); + attributes.put(FileTrustStore.TRUST_STORE_TYPE, "PKCS12"); + + try + { + _factory.create(TrustStore.class, attributes, _broker); + fail("Exception not thrown"); + } + catch (IllegalConfigurationException ice) + { String message = ice.getMessage(); assertTrue("Exception text not as unexpected:" + message, message.contains("Trust store must contain at least one certificate.")); } @@ -332,7 +345,7 @@ public class FileTrustStoreTest extends QpidTestCase Map<String, Object> attributes = new HashMap<>(); attributes.put(FileTrustStore.NAME, getTestName()); - attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD); + attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD); attributes.put(FileTrustStore.STORE_URL, keystoreUrl); attributes.put(FileTrustStore.TRUST_STORE_TYPE, "PKCS12"); http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/9f82a4d3/broker-core/src/test/resources/ssl/test_cert_only_keystore.pkcs12 ---------------------------------------------------------------------- diff --git a/broker-core/src/test/resources/ssl/test_cert_only_keystore.pkcs12 b/broker-core/src/test/resources/ssl/test_cert_only_keystore.pkcs12 new file mode 100644 index 0000000..848eaf7 Binary files /dev/null and b/broker-core/src/test/resources/ssl/test_cert_only_keystore.pkcs12 differ http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/9f82a4d3/broker-core/src/test/resources/ssl/test_nokey_keystore.jks ---------------------------------------------------------------------- diff --git a/broker-core/src/test/resources/ssl/test_nokey_keystore.jks b/broker-core/src/test/resources/ssl/test_nokey_keystore.jks deleted file mode 100644 index 65d4b65..0000000 Binary files a/broker-core/src/test/resources/ssl/test_nokey_keystore.jks and /dev/null differ http://git-wip-us.apache.org/repos/asf/qpid-broker-j/blob/9f82a4d3/broker-core/src/test/resources/ssl/test_pk_only_keystore.pkcs12 ---------------------------------------------------------------------- diff --git a/broker-core/src/test/resources/ssl/test_pk_only_keystore.pkcs12 b/broker-core/src/test/resources/ssl/test_pk_only_keystore.pkcs12 new file mode 100644 index 0000000..0985e75 Binary files /dev/null and b/broker-core/src/test/resources/ssl/test_pk_only_keystore.pkcs12 differ --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org For additional commands, e-mail: commits-h...@qpid.apache.org
