use of org.apache.qpid.protonj2.test.driver.ProtonTestServerOptions in project qpid-protonj2 by apache.
the class SaslConnectionTest method testSaslExternalConnection.
@Test
public void testSaslExternalConnection() throws Exception {
ProtonTestServerOptions serverOptions = serverOptions();
serverOptions.setKeyStoreLocation(BROKER_JKS_KEYSTORE);
serverOptions.setKeyStorePassword(PASSWORD);
serverOptions.setVerifyHost(false);
serverOptions.setTrustStoreLocation(BROKER_JKS_TRUSTSTORE);
serverOptions.setTrustStorePassword(PASSWORD);
serverOptions.setNeedClientAuth(true);
serverOptions.setSecure(true);
try (ProtonTestServer peer = new ProtonTestServer(serverOptions)) {
peer.expectSaslExternalConnect();
peer.expectOpen().respond();
peer.expectClose().respond();
peer.start();
URI remoteURI = peer.getServerURI();
ConnectionOptions clientOptions = connectionOptions();
clientOptions.sslOptions().sslEnabled(true).keyStoreLocation(CLIENT_JKS_KEYSTORE).keyStorePassword(PASSWORD).trustStoreLocation(CLIENT_JKS_TRUSTSTORE).trustStorePassword(PASSWORD);
Client container = Client.create();
Connection connection = container.connect(remoteURI.getHost(), remoteURI.getPort(), clientOptions);
connection.openFuture().get(10, TimeUnit.SECONDS);
assertTrue(peer.hasSecureConnection());
assertTrue(peer.isConnectionVerified());
connection.closeAsync().get(10, TimeUnit.SECONDS);
peer.waitForScriptToComplete(5, TimeUnit.SECONDS);
}
}
use of org.apache.qpid.protonj2.test.driver.ProtonTestServerOptions in project qpid-protonj2 by apache.
the class SslConnectionTest method doConnectionWithAliasTestImpl.
private void doConnectionWithAliasTestImpl(String alias, String expectedDN, boolean requestOpenSSL) throws Exception, SSLPeerUnverifiedException, IOException {
ProtonTestServerOptions serverOptions = serverOptions();
serverOptions.setSecure(true);
serverOptions.setKeyStoreLocation(BROKER_JKS_KEYSTORE);
serverOptions.setTrustStoreLocation(BROKER_JKS_TRUSTSTORE);
serverOptions.setKeyStorePassword(PASSWORD);
serverOptions.setTrustStorePassword(PASSWORD);
serverOptions.setVerifyHost(false);
serverOptions.setNeedClientAuth(true);
try (ProtonTestServer peer = new ProtonTestServer(serverOptions)) {
peer.expectSASLAnonymousConnect();
peer.expectOpen().respond();
peer.expectClose().respond();
peer.start();
URI remoteURI = peer.getServerURI();
ConnectionOptions clientOptions = connectionOptions();
clientOptions.sslOptions().keyStoreLocation(CLIENT_MULTI_KEYSTORE).keyStorePassword(PASSWORD).trustStoreLocation(CLIENT_JKS_TRUSTSTORE).trustStorePassword(PASSWORD).keyAlias(alias).allowNativeSSL(requestOpenSSL);
Client container = Client.create();
Connection connection = container.connect(remoteURI.getHost(), remoteURI.getPort(), clientOptions);
connection.openFuture().get(10, TimeUnit.SECONDS);
assertTrue(peer.hasSecureConnection());
assertTrue(peer.isConnectionVerified());
SSLSession session = peer.getConnectionSSLEngine().getSession();
Certificate[] peerCertificates = session.getPeerCertificates();
assertNotNull(peerCertificates);
Certificate cert = peerCertificates[0];
assertTrue(cert instanceof X509Certificate);
String dn = ((X509Certificate) cert).getSubjectX500Principal().getName();
assertEquals(expectedDN, dn, "Unexpected certificate DN");
connection.closeAsync().get(10, TimeUnit.SECONDS);
peer.waitForScriptToComplete(5, TimeUnit.SECONDS);
}
}
use of org.apache.qpid.protonj2.test.driver.ProtonTestServerOptions in project qpid-protonj2 by apache.
the class SslConnectionTest method doCreateConnectionWithInvalidAliasTestImpl.
private void doCreateConnectionWithInvalidAliasTestImpl(String alias) throws Exception, IOException {
ProtonTestServerOptions serverOptions = serverOptions();
serverOptions.setSecure(true);
serverOptions.setKeyStoreLocation(BROKER_JKS_KEYSTORE);
serverOptions.setTrustStoreLocation(BROKER_JKS_TRUSTSTORE);
serverOptions.setKeyStorePassword(PASSWORD);
serverOptions.setTrustStorePassword(PASSWORD);
serverOptions.setVerifyHost(false);
serverOptions.setNeedClientAuth(true);
try (ProtonTestServer peer = new ProtonTestServer(serverOptions)) {
peer.start();
URI remoteURI = peer.getServerURI();
ConnectionOptions clientOptions = connectionOptions();
clientOptions.sslOptions().keyStoreLocation(CLIENT_MULTI_KEYSTORE).keyStorePassword(PASSWORD).trustStoreLocation(CLIENT_JKS_TRUSTSTORE).trustStorePassword(PASSWORD).keyAlias(alias);
Client container = Client.create();
try {
container.connect(remoteURI.getHost(), remoteURI.getPort(), clientOptions);
fail("Should have failed to connect using invalid alias");
} catch (Throwable clix) {
LOG.info("Client failed to open due to error: ", clix);
}
peer.waitForScriptToComplete(5, TimeUnit.SECONDS);
assertTrue(peer.isAcceptingConnections(), "Attempt should have failed locally, peer should not have accepted any TCP connection");
}
}
use of org.apache.qpid.protonj2.test.driver.ProtonTestServerOptions in project qpid-protonj2 by apache.
the class SslConnectionTest method doConnectionWithSslContextOverride.
private void doConnectionWithSslContextOverride(String clientKeyStorePath, String expectedDN) throws Exception {
ProtonTestServerOptions serverOptions = serverOptions();
serverOptions.setSecure(true);
serverOptions.setKeyStoreLocation(BROKER_JKS_KEYSTORE);
serverOptions.setTrustStoreLocation(BROKER_JKS_TRUSTSTORE);
serverOptions.setKeyStorePassword(PASSWORD);
serverOptions.setTrustStorePassword(PASSWORD);
serverOptions.setNeedClientAuth(true);
serverOptions.setVerifyHost(false);
SslOptions clientSslOptions = new SslOptions();
clientSslOptions.sslEnabled(true).keyStoreLocation(clientKeyStorePath).keyStorePassword(PASSWORD).trustStoreLocation(CLIENT_JKS_TRUSTSTORE).trustStorePassword(PASSWORD);
try (ProtonTestServer peer = new ProtonTestServer(serverOptions)) {
peer.expectSASLPlainConnect("guest", "guest");
peer.expectOpen().respond();
peer.expectClose().respond();
peer.start();
URI remoteURI = peer.getServerURI();
SSLContext sslContext = SslSupport.createJdkSslContext(clientSslOptions);
ConnectionOptions clientOptions = connectionOptions();
clientOptions.user("guest").password("guest").sslOptions().sslContextOverride(sslContext);
Client container = Client.create();
Connection connection = container.connect(remoteURI.getHost(), remoteURI.getPort(), clientOptions);
connection.openFuture().get(10, TimeUnit.SECONDS);
assertTrue(peer.hasSecureConnection());
assertTrue(peer.isConnectionVerified());
SSLSession session = peer.getConnectionSSLEngine().getSession();
Certificate[] peerCertificates = session.getPeerCertificates();
assertNotNull(peerCertificates);
Certificate cert = peerCertificates[0];
assertTrue(cert instanceof X509Certificate);
String dn = ((X509Certificate) cert).getSubjectX500Principal().getName();
assertEquals(expectedDN, dn, "Unexpected certificate DN");
connection.closeAsync().get(10, TimeUnit.SECONDS);
peer.waitForScriptToComplete(5, TimeUnit.SECONDS);
}
}
use of org.apache.qpid.protonj2.test.driver.ProtonTestServerOptions in project qpid-protonj2 by apache.
the class SslConnectionTest method doTestCreateSslConnectionWithServerSendingPreemptiveData.
private void doTestCreateSslConnectionWithServerSendingPreemptiveData(boolean openSSL) throws Exception {
ProtonTestServerOptions serverOptions = serverOptions();
serverOptions.setSecure(true);
serverOptions.setKeyStoreLocation(BROKER_JKS_KEYSTORE);
serverOptions.setKeyStorePassword(PASSWORD);
serverOptions.setVerifyHost(false);
try (ProtonTestServer peer = new ProtonTestServer(serverOptions)) {
peer.remoteHeader(AMQPHeader.getSASLHeader().toArray()).queue();
peer.expectSASLHeader();
peer.remoteSaslMechanisms().withMechanisms("ANONYMOUS").queue();
peer.expectSaslInit().withMechanism("ANONYMOUS");
peer.remoteSaslOutcome().withCode(SaslCode.OK.byteValue()).queue();
peer.expectAMQPHeader().respondWithAMQPHeader();
peer.expectOpen().respond();
peer.expectClose().respond();
peer.start();
URI remoteURI = peer.getServerURI();
ConnectionOptions clientOptions = connectionOptions();
clientOptions.sslOptions().trustStoreLocation(CLIENT_JKS_TRUSTSTORE).trustStorePassword(PASSWORD).allowNativeSSL(openSSL);
Client container = Client.create();
Connection connection = container.connect(remoteURI.getHost(), remoteURI.getPort(), clientOptions);
connection.openFuture().get(10, TimeUnit.SECONDS);
assertTrue(peer.hasSecureConnection());
connection.closeAsync().get(10, TimeUnit.SECONDS);
peer.waitForScriptToComplete(5, TimeUnit.SECONDS);
}
}
Aggregations