Search in sources :

Example 1 with ProtonTestServerOptions

use of org.apache.qpid.protonj2.test.driver.ProtonTestServerOptions in project qpid-protonj2 by apache.

the class SaslConnectionTest method testSaslExternalConnection.

@Test
public void testSaslExternalConnection() throws Exception {
    ProtonTestServerOptions serverOptions = serverOptions();
    serverOptions.setKeyStoreLocation(BROKER_JKS_KEYSTORE);
    serverOptions.setKeyStorePassword(PASSWORD);
    serverOptions.setVerifyHost(false);
    serverOptions.setTrustStoreLocation(BROKER_JKS_TRUSTSTORE);
    serverOptions.setTrustStorePassword(PASSWORD);
    serverOptions.setNeedClientAuth(true);
    serverOptions.setSecure(true);
    try (ProtonTestServer peer = new ProtonTestServer(serverOptions)) {
        peer.expectSaslExternalConnect();
        peer.expectOpen().respond();
        peer.expectClose().respond();
        peer.start();
        URI remoteURI = peer.getServerURI();
        ConnectionOptions clientOptions = connectionOptions();
        clientOptions.sslOptions().sslEnabled(true).keyStoreLocation(CLIENT_JKS_KEYSTORE).keyStorePassword(PASSWORD).trustStoreLocation(CLIENT_JKS_TRUSTSTORE).trustStorePassword(PASSWORD);
        Client container = Client.create();
        Connection connection = container.connect(remoteURI.getHost(), remoteURI.getPort(), clientOptions);
        connection.openFuture().get(10, TimeUnit.SECONDS);
        assertTrue(peer.hasSecureConnection());
        assertTrue(peer.isConnectionVerified());
        connection.closeAsync().get(10, TimeUnit.SECONDS);
        peer.waitForScriptToComplete(5, TimeUnit.SECONDS);
    }
}
Also used : ProtonTestServer(org.apache.qpid.protonj2.test.driver.ProtonTestServer) ProtonTestServerOptions(org.apache.qpid.protonj2.test.driver.ProtonTestServerOptions) Connection(org.apache.qpid.protonj2.client.Connection) ConnectionOptions(org.apache.qpid.protonj2.client.ConnectionOptions) Client(org.apache.qpid.protonj2.client.Client) URI(java.net.URI) Test(org.junit.jupiter.api.Test)

Example 2 with ProtonTestServerOptions

use of org.apache.qpid.protonj2.test.driver.ProtonTestServerOptions in project qpid-protonj2 by apache.

the class SslConnectionTest method doConnectionWithAliasTestImpl.

private void doConnectionWithAliasTestImpl(String alias, String expectedDN, boolean requestOpenSSL) throws Exception, SSLPeerUnverifiedException, IOException {
    ProtonTestServerOptions serverOptions = serverOptions();
    serverOptions.setSecure(true);
    serverOptions.setKeyStoreLocation(BROKER_JKS_KEYSTORE);
    serverOptions.setTrustStoreLocation(BROKER_JKS_TRUSTSTORE);
    serverOptions.setKeyStorePassword(PASSWORD);
    serverOptions.setTrustStorePassword(PASSWORD);
    serverOptions.setVerifyHost(false);
    serverOptions.setNeedClientAuth(true);
    try (ProtonTestServer peer = new ProtonTestServer(serverOptions)) {
        peer.expectSASLAnonymousConnect();
        peer.expectOpen().respond();
        peer.expectClose().respond();
        peer.start();
        URI remoteURI = peer.getServerURI();
        ConnectionOptions clientOptions = connectionOptions();
        clientOptions.sslOptions().keyStoreLocation(CLIENT_MULTI_KEYSTORE).keyStorePassword(PASSWORD).trustStoreLocation(CLIENT_JKS_TRUSTSTORE).trustStorePassword(PASSWORD).keyAlias(alias).allowNativeSSL(requestOpenSSL);
        Client container = Client.create();
        Connection connection = container.connect(remoteURI.getHost(), remoteURI.getPort(), clientOptions);
        connection.openFuture().get(10, TimeUnit.SECONDS);
        assertTrue(peer.hasSecureConnection());
        assertTrue(peer.isConnectionVerified());
        SSLSession session = peer.getConnectionSSLEngine().getSession();
        Certificate[] peerCertificates = session.getPeerCertificates();
        assertNotNull(peerCertificates);
        Certificate cert = peerCertificates[0];
        assertTrue(cert instanceof X509Certificate);
        String dn = ((X509Certificate) cert).getSubjectX500Principal().getName();
        assertEquals(expectedDN, dn, "Unexpected certificate DN");
        connection.closeAsync().get(10, TimeUnit.SECONDS);
        peer.waitForScriptToComplete(5, TimeUnit.SECONDS);
    }
}
Also used : ProtonTestServer(org.apache.qpid.protonj2.test.driver.ProtonTestServer) ProtonTestServerOptions(org.apache.qpid.protonj2.test.driver.ProtonTestServerOptions) Connection(org.apache.qpid.protonj2.client.Connection) SSLSession(javax.net.ssl.SSLSession) ConnectionOptions(org.apache.qpid.protonj2.client.ConnectionOptions) Client(org.apache.qpid.protonj2.client.Client) URI(java.net.URI) X509Certificate(java.security.cert.X509Certificate) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 3 with ProtonTestServerOptions

use of org.apache.qpid.protonj2.test.driver.ProtonTestServerOptions in project qpid-protonj2 by apache.

the class SslConnectionTest method doCreateConnectionWithInvalidAliasTestImpl.

private void doCreateConnectionWithInvalidAliasTestImpl(String alias) throws Exception, IOException {
    ProtonTestServerOptions serverOptions = serverOptions();
    serverOptions.setSecure(true);
    serverOptions.setKeyStoreLocation(BROKER_JKS_KEYSTORE);
    serverOptions.setTrustStoreLocation(BROKER_JKS_TRUSTSTORE);
    serverOptions.setKeyStorePassword(PASSWORD);
    serverOptions.setTrustStorePassword(PASSWORD);
    serverOptions.setVerifyHost(false);
    serverOptions.setNeedClientAuth(true);
    try (ProtonTestServer peer = new ProtonTestServer(serverOptions)) {
        peer.start();
        URI remoteURI = peer.getServerURI();
        ConnectionOptions clientOptions = connectionOptions();
        clientOptions.sslOptions().keyStoreLocation(CLIENT_MULTI_KEYSTORE).keyStorePassword(PASSWORD).trustStoreLocation(CLIENT_JKS_TRUSTSTORE).trustStorePassword(PASSWORD).keyAlias(alias);
        Client container = Client.create();
        try {
            container.connect(remoteURI.getHost(), remoteURI.getPort(), clientOptions);
            fail("Should have failed to connect using invalid alias");
        } catch (Throwable clix) {
            LOG.info("Client failed to open due to error: ", clix);
        }
        peer.waitForScriptToComplete(5, TimeUnit.SECONDS);
        assertTrue(peer.isAcceptingConnections(), "Attempt should have failed locally, peer should not have accepted any TCP connection");
    }
}
Also used : ProtonTestServer(org.apache.qpid.protonj2.test.driver.ProtonTestServer) ProtonTestServerOptions(org.apache.qpid.protonj2.test.driver.ProtonTestServerOptions) ConnectionOptions(org.apache.qpid.protonj2.client.ConnectionOptions) Client(org.apache.qpid.protonj2.client.Client) URI(java.net.URI)

Example 4 with ProtonTestServerOptions

use of org.apache.qpid.protonj2.test.driver.ProtonTestServerOptions in project qpid-protonj2 by apache.

the class SslConnectionTest method doConnectionWithSslContextOverride.

private void doConnectionWithSslContextOverride(String clientKeyStorePath, String expectedDN) throws Exception {
    ProtonTestServerOptions serverOptions = serverOptions();
    serverOptions.setSecure(true);
    serverOptions.setKeyStoreLocation(BROKER_JKS_KEYSTORE);
    serverOptions.setTrustStoreLocation(BROKER_JKS_TRUSTSTORE);
    serverOptions.setKeyStorePassword(PASSWORD);
    serverOptions.setTrustStorePassword(PASSWORD);
    serverOptions.setNeedClientAuth(true);
    serverOptions.setVerifyHost(false);
    SslOptions clientSslOptions = new SslOptions();
    clientSslOptions.sslEnabled(true).keyStoreLocation(clientKeyStorePath).keyStorePassword(PASSWORD).trustStoreLocation(CLIENT_JKS_TRUSTSTORE).trustStorePassword(PASSWORD);
    try (ProtonTestServer peer = new ProtonTestServer(serverOptions)) {
        peer.expectSASLPlainConnect("guest", "guest");
        peer.expectOpen().respond();
        peer.expectClose().respond();
        peer.start();
        URI remoteURI = peer.getServerURI();
        SSLContext sslContext = SslSupport.createJdkSslContext(clientSslOptions);
        ConnectionOptions clientOptions = connectionOptions();
        clientOptions.user("guest").password("guest").sslOptions().sslContextOverride(sslContext);
        Client container = Client.create();
        Connection connection = container.connect(remoteURI.getHost(), remoteURI.getPort(), clientOptions);
        connection.openFuture().get(10, TimeUnit.SECONDS);
        assertTrue(peer.hasSecureConnection());
        assertTrue(peer.isConnectionVerified());
        SSLSession session = peer.getConnectionSSLEngine().getSession();
        Certificate[] peerCertificates = session.getPeerCertificates();
        assertNotNull(peerCertificates);
        Certificate cert = peerCertificates[0];
        assertTrue(cert instanceof X509Certificate);
        String dn = ((X509Certificate) cert).getSubjectX500Principal().getName();
        assertEquals(expectedDN, dn, "Unexpected certificate DN");
        connection.closeAsync().get(10, TimeUnit.SECONDS);
        peer.waitForScriptToComplete(5, TimeUnit.SECONDS);
    }
}
Also used : ProtonTestServer(org.apache.qpid.protonj2.test.driver.ProtonTestServer) ProtonTestServerOptions(org.apache.qpid.protonj2.test.driver.ProtonTestServerOptions) Connection(org.apache.qpid.protonj2.client.Connection) SSLSession(javax.net.ssl.SSLSession) SSLContext(javax.net.ssl.SSLContext) URI(java.net.URI) X509Certificate(java.security.cert.X509Certificate) SslOptions(org.apache.qpid.protonj2.client.SslOptions) ConnectionOptions(org.apache.qpid.protonj2.client.ConnectionOptions) Client(org.apache.qpid.protonj2.client.Client) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 5 with ProtonTestServerOptions

use of org.apache.qpid.protonj2.test.driver.ProtonTestServerOptions in project qpid-protonj2 by apache.

the class SslConnectionTest method doTestCreateSslConnectionWithServerSendingPreemptiveData.

private void doTestCreateSslConnectionWithServerSendingPreemptiveData(boolean openSSL) throws Exception {
    ProtonTestServerOptions serverOptions = serverOptions();
    serverOptions.setSecure(true);
    serverOptions.setKeyStoreLocation(BROKER_JKS_KEYSTORE);
    serverOptions.setKeyStorePassword(PASSWORD);
    serverOptions.setVerifyHost(false);
    try (ProtonTestServer peer = new ProtonTestServer(serverOptions)) {
        peer.remoteHeader(AMQPHeader.getSASLHeader().toArray()).queue();
        peer.expectSASLHeader();
        peer.remoteSaslMechanisms().withMechanisms("ANONYMOUS").queue();
        peer.expectSaslInit().withMechanism("ANONYMOUS");
        peer.remoteSaslOutcome().withCode(SaslCode.OK.byteValue()).queue();
        peer.expectAMQPHeader().respondWithAMQPHeader();
        peer.expectOpen().respond();
        peer.expectClose().respond();
        peer.start();
        URI remoteURI = peer.getServerURI();
        ConnectionOptions clientOptions = connectionOptions();
        clientOptions.sslOptions().trustStoreLocation(CLIENT_JKS_TRUSTSTORE).trustStorePassword(PASSWORD).allowNativeSSL(openSSL);
        Client container = Client.create();
        Connection connection = container.connect(remoteURI.getHost(), remoteURI.getPort(), clientOptions);
        connection.openFuture().get(10, TimeUnit.SECONDS);
        assertTrue(peer.hasSecureConnection());
        connection.closeAsync().get(10, TimeUnit.SECONDS);
        peer.waitForScriptToComplete(5, TimeUnit.SECONDS);
    }
}
Also used : ProtonTestServer(org.apache.qpid.protonj2.test.driver.ProtonTestServer) ProtonTestServerOptions(org.apache.qpid.protonj2.test.driver.ProtonTestServerOptions) Connection(org.apache.qpid.protonj2.client.Connection) ConnectionOptions(org.apache.qpid.protonj2.client.ConnectionOptions) Client(org.apache.qpid.protonj2.client.Client) URI(java.net.URI)

Aggregations

URI (java.net.URI)10 Client (org.apache.qpid.protonj2.client.Client)10 ConnectionOptions (org.apache.qpid.protonj2.client.ConnectionOptions)10 ProtonTestServer (org.apache.qpid.protonj2.test.driver.ProtonTestServer)10 ProtonTestServerOptions (org.apache.qpid.protonj2.test.driver.ProtonTestServerOptions)10 Connection (org.apache.qpid.protonj2.client.Connection)9 Certificate (java.security.cert.Certificate)3 X509Certificate (java.security.cert.X509Certificate)3 SSLSession (javax.net.ssl.SSLSession)3 ExecutionException (java.util.concurrent.ExecutionException)1 SSLContext (javax.net.ssl.SSLContext)1 SslOptions (org.apache.qpid.protonj2.client.SslOptions)1 ClientConnectionSecuritySaslException (org.apache.qpid.protonj2.client.exceptions.ClientConnectionSecuritySaslException)1 Test (org.junit.jupiter.api.Test)1