Author: macbean
Date: Wed Jan 14 10:38:04 2015
New Revision: 1651615
URL: http://svn.apache.org/r1651615
Log:
QPID-6304: [Java Broker] Allow truststore and keystore (JKS) files to be stored
as a data:// URL inside the config
* Added truststore/keystore unit tests too to cover both new and (most of) the
existing functionality,
retiring the equivilent slower REST system tests.
* Added single REST test exercising the creation of a keystore/teststore from
data:// URL.
Added:
qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java
qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/util/DataUrlUtils.java
Modified:
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java
qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/RestServlet.java
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/util/FileUtils.java
qpid/trunk/qpid/java/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/TestSSLConstants.java
qpid/trunk/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/KeyStoreRestTest.java
qpid/trunk/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/TrustStoreRestTest.java
Modified:
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java?rev=1651615&r1=1651614&r2=1651615&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java
(original)
+++
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileKeyStoreImpl.java
Wed Jan 14 10:38:04 2015
@@ -20,11 +20,15 @@
*/
package org.apache.qpid.server.security;
+import java.io.File;
import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
import java.security.AccessControlException;
import java.security.GeneralSecurityException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Collection;
@@ -48,6 +52,7 @@ import org.apache.qpid.server.model.Stat
import org.apache.qpid.server.model.StateTransition;
import org.apache.qpid.server.security.access.Operation;
import org.apache.qpid.server.util.ServerScopedRuntimeException;
+import org.apache.qpid.server.util.urlstreamhandler.data.Handler;
import org.apache.qpid.transport.network.security.ssl.QpidClientX509KeyManager;
import org.apache.qpid.transport.network.security.ssl.SSLUtil;
@@ -69,7 +74,12 @@ public class FileKeyStoreImpl extends Ab
private String _password;
- private Broker<?> _broker;
+ private final Broker<?> _broker;
+
+ static
+ {
+ Handler.register();
+ }
@ManagedObjectFactoryConstructor
public FileKeyStoreImpl(Map<String, Object> attributes, Broker<?> broker)
@@ -152,14 +162,25 @@ public class FileKeyStoreImpl extends Ab
java.security.KeyStore keyStore;
try
{
- String path = fileKeyStore.getPath();
+ URL url = getUrlFromString(fileKeyStore.getPath());
String password = fileKeyStore.getPassword();
String keyStoreType = fileKeyStore.getKeyStoreType();
- keyStore = SSLUtil.getInitializedKeyStore(path, password,
keyStoreType);
+ keyStore = SSLUtil.getInitializedKeyStore(url, password,
keyStoreType);
}
+
catch (Exception e)
{
- throw new IllegalConfigurationException("Cannot instantiate key
store at " + fileKeyStore.getPath(), e);
+ final String message;
+ if (e instanceof IOException && e.getCause() != null &&
e.getCause() instanceof UnrecoverableKeyException)
+ {
+ message = "Check key store password. Cannot instantiate key
store from '" + fileKeyStore.getPath() + "'.";
+ }
+ else
+ {
+ message = "Cannot instantiate key store from '" +
fileKeyStore.getPath() + "'.";
+ }
+
+ throw new IllegalConfigurationException(message, e);
}
if (fileKeyStore.getCertificateAlias() != null)
@@ -176,8 +197,8 @@ public class FileKeyStoreImpl extends Ab
}
if (cert == null)
{
- throw new IllegalConfigurationException("Cannot find a
certificate with alias " + fileKeyStore.getCertificateAlias()
- + "in key store : " + fileKeyStore.getPath());
+ throw new IllegalConfigurationException("Cannot find a
certificate with alias '" + fileKeyStore.getCertificateAlias()
+ + "' in key store : " + fileKeyStore.getPath());
}
}
@@ -237,17 +258,18 @@ public class FileKeyStoreImpl extends Ab
try
{
+ URL url = getUrlFromString(_path);
if (_certificateAlias != null)
{
return new KeyManager[] {
- new QpidClientX509KeyManager( _certificateAlias,
_path, _keyStoreType, getPassword(),
+ new QpidClientX509KeyManager( _certificateAlias, url,
_keyStoreType, getPassword(),
_keyManagerFactoryAlgorithm)
};
}
else
{
- final java.security.KeyStore ks =
SSLUtil.getInitializedKeyStore(_path, getPassword(), _keyStoreType);
+ final java.security.KeyStore ks =
SSLUtil.getInitializedKeyStore(url, getPassword(), _keyStoreType);
char[] keyStoreCharPassword = getPassword() == null ? null :
getPassword().toCharArray();
@@ -263,4 +285,20 @@ public class FileKeyStoreImpl extends Ab
throw new GeneralSecurityException(e);
}
}
+
+ private static URL getUrlFromString(String urlString) throws
MalformedURLException
+ {
+ URL url;
+ try
+ {
+ url = new URL(urlString);
+ }
+ catch (MalformedURLException e)
+ {
+ File file = new File(urlString);
+ url = file.toURI().toURL();
+
+ }
+ return url;
+ }
}
Modified:
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java?rev=1651615&r1=1651614&r2=1651615&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java
(original)
+++
qpid/trunk/qpid/java/broker-core/src/main/java/org/apache/qpid/server/security/FileTrustStoreImpl.java
Wed Jan 14 10:38:04 2015
@@ -20,11 +20,15 @@
*/
package org.apache.qpid.server.security;
+import java.io.File;
import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
import java.security.AccessControlException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Map;
@@ -48,6 +52,7 @@ import org.apache.qpid.server.model.Stat
import org.apache.qpid.server.model.TrustStore;
import org.apache.qpid.server.security.access.Operation;
import
org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManager;
+import org.apache.qpid.server.util.urlstreamhandler.data.Handler;
import org.apache.qpid.transport.network.security.ssl.QpidMultipleTrustManager;
import
org.apache.qpid.transport.network.security.ssl.QpidPeersOnlyTrustManager;
import org.apache.qpid.transport.network.security.ssl.SSLUtil;
@@ -66,7 +71,12 @@ public class FileTrustStoreImpl extends
@ManagedAttributeField
private String _password;
- private Broker<?> _broker;
+ private final Broker<?> _broker;
+
+ static
+ {
+ Handler.register();
+ }
@ManagedObjectFactoryConstructor
public FileTrustStoreImpl(Map<String, Object> attributes, Broker<?> broker)
@@ -114,12 +124,10 @@ public class FileTrustStoreImpl extends
Collection<AuthenticationProvider> authenticationProviders = new
ArrayList<AuthenticationProvider>(_broker.getAuthenticationProviders());
for (AuthenticationProvider authProvider : authenticationProviders)
{
-
if(authProvider.getAttributeNames().contains(SimpleLDAPAuthenticationManager.TRUST_STORE))
+ if (authProvider instanceof SimpleLDAPAuthenticationManager)
{
- Object attributeType =
authProvider.getAttribute(AuthenticationProvider.TYPE);
- Object attributeValue =
authProvider.getAttribute(SimpleLDAPAuthenticationManager.TRUST_STORE);
- if
(SimpleLDAPAuthenticationManager.PROVIDER_TYPE.equals(attributeType)
- && storeName.equals(attributeValue))
+ SimpleLDAPAuthenticationManager simpleLdap =
(SimpleLDAPAuthenticationManager) authProvider;
+ if (simpleLdap.getTrustStore() == this)
{
throw new IntegrityViolationException("Trust store '"
+ storeName
@@ -185,11 +193,22 @@ public class FileTrustStoreImpl extends
{
try
{
- SSLUtil.getInitializedKeyStore(trustStore.getPath(),
trustStore.getPassword(), trustStore.getTrustStoreType());
+ URL trustStoreUrl = getUrlFromString(trustStore.getPath());
+ SSLUtil.getInitializedKeyStore(trustStoreUrl,
trustStore.getPassword(), trustStore.getTrustStoreType());
}
catch (Exception e)
{
- throw new IllegalConfigurationException("Cannot instantiate trust
store at " + trustStore.getPath(), e);
+ final String message;
+ if (e instanceof IOException && e.getCause() != null &&
e.getCause() instanceof UnrecoverableKeyException)
+ {
+ message = "Check trust store password. Cannot instantiate
trust store from '" + trustStore.getPath() + "'.";
+ }
+ else
+ {
+ message = "Cannot instantiate trust store from '" +
trustStore.getPath() + "'.";
+ }
+
+ throw new IllegalConfigurationException(message, e);
}
try
@@ -238,14 +257,15 @@ public class FileTrustStoreImpl extends
}
public TrustManager[] getTrustManagers() throws GeneralSecurityException
{
- String trustStorePath = _path;
String trustStorePassword = getPassword();
String trustStoreType = _trustStoreType;
String trustManagerFactoryAlgorithm = _trustManagerFactoryAlgorithm;
try
{
- KeyStore ts = SSLUtil.getInitializedKeyStore(trustStorePath,
trustStorePassword, trustStoreType);
+ URL trustStoreUrl = getUrlFromString(_path);
+
+ KeyStore ts = SSLUtil.getInitializedKeyStore(trustStoreUrl,
trustStorePassword, trustStoreType);
final TrustManagerFactory tmf = TrustManagerFactory
.getInstance(trustManagerFactoryAlgorithm);
tmf.init(ts);
@@ -291,4 +311,21 @@ public class FileTrustStoreImpl extends
throw new GeneralSecurityException(e);
}
}
+
+ private static URL getUrlFromString(String urlString) throws
MalformedURLException
+ {
+ URL url;
+ try
+ {
+ url = new URL(urlString);
+ }
+ catch (MalformedURLException e)
+ {
+ File file = new File(urlString);
+ url = file.toURI().toURL();
+
+ }
+ return url;
+ }
+
}
Added:
qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java?rev=1651615&view=auto
==============================================================================
---
qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java
(added)
+++
qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java
Wed Jan 14 10:38:04 2015
@@ -0,0 +1,347 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.qpid.server.security;
+
+
+import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.net.ssl.KeyManager;
+
+import org.apache.qpid.server.configuration.IllegalConfigurationException;
+import org.apache.qpid.server.configuration.updater.CurrentThreadTaskExecutor;
+import org.apache.qpid.server.model.Broker;
+import org.apache.qpid.server.model.BrokerModel;
+import org.apache.qpid.server.model.ConfiguredObject;
+import org.apache.qpid.server.model.IntegrityViolationException;
+import org.apache.qpid.server.model.Port;
+import org.apache.qpid.server.security.access.Operation;
+import org.apache.qpid.test.utils.QpidTestCase;
+import org.apache.qpid.test.utils.TestSSLConstants;
+import org.apache.qpid.util.DataUrlUtils;
+import org.apache.qpid.util.FileUtils;
+
+public class FileKeyStoreTest extends QpidTestCase
+{
+ private final Broker<?> _broker = mock(Broker.class);
+ private final CurrentThreadTaskExecutor _taskExecutor = new
CurrentThreadTaskExecutor();
+ private final SecurityManager _securityManager =
mock(SecurityManager.class);
+
+ public void setUp() throws Exception
+ {
+ super.setUp();
+
+ _taskExecutor.start();
+ when(_broker.getTaskExecutor()).thenReturn(_taskExecutor);
+ when(_broker.getModel()).thenReturn(BrokerModel.getInstance());
+
+ when(_broker.getSecurityManager()).thenReturn(_securityManager);
+ }
+
+ public void testCreateKeyStoreFromFile_Success() throws Exception
+ {
+ Map<String,Object> attributes = new HashMap<>();
+ attributes.put(FileKeyStore.NAME, "myFileKeyStore");
+ attributes.put(FileKeyStore.PATH, TestSSLConstants.BROKER_KEYSTORE);
+ attributes.put(FileKeyStore.PASSWORD,
TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+
+ FileKeyStoreImpl fileKeyStore = new FileKeyStoreImpl(attributes,
_broker);
+
+ fileKeyStore.create();
+
+ KeyManager[] keyManager = fileKeyStore.getKeyManagers();
+ assertNotNull(keyManager);
+ assertEquals("Unexpected number of key managers", 1,
keyManager.length);
+ assertNotNull("Key manager unexpected null", keyManager[0]);
+ }
+
+ public void testCreateKeyStoreWithAliasFromFile_Success() throws Exception
+ {
+ Map<String,Object> attributes = new HashMap<>();
+ attributes.put(FileKeyStore.NAME, "myFileKeyStore");
+ attributes.put(FileKeyStore.PATH, TestSSLConstants.BROKER_KEYSTORE);
+ attributes.put(FileKeyStore.PASSWORD,
TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.CERTIFICATE_ALIAS,
TestSSLConstants.BROKER_KEYSTORE_ALIAS);
+
+ FileKeyStoreImpl fileKeyStore = new FileKeyStoreImpl(attributes,
_broker);
+
+ fileKeyStore.create();
+
+ KeyManager[] keyManager = fileKeyStore.getKeyManagers();
+ assertNotNull(keyManager);
+ assertEquals("Unexpected number of key managers", 1,
keyManager.length);
+ assertNotNull("Key manager unexpected null", keyManager[0]);
+ }
+
+ public void testCreateKeyStoreFromFile_WrongPassword() throws Exception
+ {
+ Map<String,Object> attributes = new HashMap<>();
+ attributes.put(FileKeyStore.NAME, "myFileKeyStore");
+ attributes.put(FileKeyStore.PATH, TestSSLConstants.BROKER_KEYSTORE);
+ attributes.put(FileKeyStore.PASSWORD, "wrong");
+
+ FileKeyStoreImpl fileKeyStore = new FileKeyStoreImpl(attributes,
_broker);
+
+ try
+ {
+ fileKeyStore.create();
+ fail("Exception not thrown");
+ }
+ catch (IllegalConfigurationException ice)
+ {
+ String message = ice.getMessage();
+ assertTrue("Exception text not as unexpected:" + message,
message.contains("Check key store password"));
+ }
+ }
+
+ public void testCreateKeyStoreFromFile_UnknownAlias() throws Exception
+ {
+ Map<String,Object> attributes = new HashMap<>();
+ attributes.put(FileKeyStore.NAME, "myFileKeyStore");
+ attributes.put(FileKeyStore.PATH, TestSSLConstants.KEYSTORE);
+ attributes.put(FileKeyStore.PASSWORD,
TestSSLConstants.KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.CERTIFICATE_ALIAS, "notknown");
+
+ FileKeyStoreImpl fileKeyStore = new FileKeyStoreImpl(attributes,
_broker);
+
+ try
+ {
+ fileKeyStore.create();
+ fail("Exception not thrown");
+ }
+ catch (IllegalConfigurationException ice)
+ {
+ String message = ice.getMessage();
+ assertTrue("Exception text not as unexpected:" + message,
message.contains("Cannot find a certificate with alias 'notknown' in key
store"));
+ }
+ }
+
+ public void testCreateKeyStoreFromDataUrl_Success() throws Exception
+ {
+ String trustStoreAsDataUrl =
createDataUrlForFile(TestSSLConstants.BROKER_KEYSTORE);
+
+ Map<String,Object> attributes = new HashMap<>();
+ attributes.put(FileKeyStore.NAME, "myFileKeyStore");
+ attributes.put(FileKeyStore.PATH, trustStoreAsDataUrl);
+ attributes.put(FileKeyStore.PASSWORD,
TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+
+ FileKeyStoreImpl fileKeyStore = new FileKeyStoreImpl(attributes,
_broker);
+
+ fileKeyStore.create();
+
+ KeyManager[] keyManagers = fileKeyStore.getKeyManagers();
+ assertNotNull(keyManagers);
+ assertEquals("Unexpected number of key managers", 1,
keyManagers.length);
+ assertNotNull("Key manager unexpected null", keyManagers[0]);
+ }
+
+ public void testCreateKeyStoreWithAliasFromDataUrl_Success() throws
Exception
+ {
+ String trustStoreAsDataUrl =
createDataUrlForFile(TestSSLConstants.BROKER_KEYSTORE);
+
+ Map<String,Object> attributes = new HashMap<>();
+ attributes.put(FileKeyStore.NAME, "myFileKeyStore");
+ attributes.put(FileKeyStore.PATH, trustStoreAsDataUrl);
+ attributes.put(FileKeyStore.PASSWORD,
TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.CERTIFICATE_ALIAS,
TestSSLConstants.BROKER_KEYSTORE_ALIAS);
+
+ FileKeyStoreImpl fileKeyStore = new FileKeyStoreImpl(attributes,
_broker);
+
+ fileKeyStore.create();
+
+ KeyManager[] keyManagers = fileKeyStore.getKeyManagers();
+ assertNotNull(keyManagers);
+ assertEquals("Unexpected number of key managers", 1,
keyManagers.length);
+ assertNotNull("Key manager unexpected null", keyManagers[0]);
+ }
+
+ public void testCreateKeyStoreFromDataUrl_WrongPassword() throws Exception
+ {
+ String keyStoreAsDataUrl =
createDataUrlForFile(TestSSLConstants.BROKER_KEYSTORE);
+
+ Map<String,Object> attributes = new HashMap<>();
+ attributes.put(FileKeyStore.NAME, "myFileKeyStore");
+ attributes.put(FileKeyStore.PASSWORD, "wrong");
+ attributes.put(FileKeyStore.PATH, keyStoreAsDataUrl);
+
+ FileKeyStoreImpl fileKeyStore = new FileKeyStoreImpl(attributes,
_broker);
+
+ try
+ {
+
+ fileKeyStore.create();
+ fail("Exception not thrown");
+ }
+ catch (IllegalConfigurationException ice)
+ {
+ String message = ice.getMessage();
+ assertTrue("Exception text not as unexpected:" + message,
message.contains("Check key store password"));
+ }
+ }
+
+ public void testCreateKeyStoreFromDataUrl_BadKeystoreBytes() throws
Exception
+ {
+ String keyStoreAsDataUrl =
DataUrlUtils.getDataUrlForBytes("notatruststore".getBytes());
+
+ Map<String,Object> attributes = new HashMap<>();
+ attributes.put(FileKeyStore.NAME, "myFileKeyStore");
+ attributes.put(FileKeyStore.PASSWORD,
TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.PATH, keyStoreAsDataUrl);
+
+ FileKeyStoreImpl fileKeyStore = new FileKeyStoreImpl(attributes,
_broker);
+
+ try
+ {
+ fileKeyStore.create();
+ fail("Exception not thrown");
+ }
+ catch (IllegalConfigurationException ice)
+ {
+ String message = ice.getMessage();
+ assertTrue("Exception text not as unexpected:" + message,
message.contains("Cannot instantiate key store"));
+
+ }
+ }
+
+ public void testCreateKeyStoreFromDataUrl_UnknownAlias() throws Exception
+ {
+ String keyStoreAsDataUrl =
createDataUrlForFile(TestSSLConstants.BROKER_KEYSTORE);
+
+ Map<String,Object> attributes = new HashMap<>();
+ attributes.put(FileKeyStore.NAME, "myFileKeyStore");
+ attributes.put(FileKeyStore.PASSWORD,
TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+ attributes.put(FileKeyStore.PATH, keyStoreAsDataUrl);
+ attributes.put(FileKeyStore.CERTIFICATE_ALIAS, "notknown");
+
+ FileKeyStoreImpl fileKeyStore = new FileKeyStoreImpl(attributes,
_broker);
+
+ try
+ {
+ fileKeyStore.create();
+ fail("Exception not thrown");
+ }
+ catch (IllegalConfigurationException ice)
+ {
+ String message = ice.getMessage();
+ assertTrue("Exception text not as unexpected:" + message,
message.contains("Cannot find a certificate with alias 'notknown' in key
store"));
+ }
+ }
+
+ public void testUpdateKeyStore_Success() throws Exception
+ {
+
+ when(_securityManager.authoriseConfiguringBroker(any(String.class),
(Class<? extends ConfiguredObject>)any(),
any(Operation.class))).thenReturn(true);
+
+ Map<String,Object> attributes = new HashMap<>();
+ attributes.put(FileKeyStore.NAME, "myFileKeyStore");
+ attributes.put(FileKeyStore.PATH, TestSSLConstants.BROKER_KEYSTORE);
+ attributes.put(FileKeyStore.PASSWORD,
TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+
+ FileKeyStoreImpl fileKeyStore = new FileKeyStoreImpl(attributes,
_broker);
+
+ fileKeyStore.create();
+
+ assertNull("Unexpected alias value before change",
fileKeyStore.getCertificateAlias());
+
+ try
+ {
+ Map<String,Object> unacceptableAttributes = new HashMap<>();
+ unacceptableAttributes.put(FileKeyStore.CERTIFICATE_ALIAS,
"notknown");
+
+ fileKeyStore.setAttributes(unacceptableAttributes);
+ fail("Exception not thrown");
+ }
+ catch (IllegalConfigurationException ice)
+ {
+ String message = ice.getMessage();
+ assertTrue("Exception text not as unexpected:" + message,
message.contains("Cannot find a certificate with alias 'notknown' in key
store"));
+ }
+
+ assertNull("Unexpected alias value after failed change",
fileKeyStore.getCertificateAlias());
+
+ Map<String,Object> changedAttributes = new HashMap<>();
+ changedAttributes.put(FileKeyStore.CERTIFICATE_ALIAS,
TestSSLConstants.BROKER_KEYSTORE_ALIAS);
+
+ fileKeyStore.setAttributes(changedAttributes);
+
+ assertEquals("Unexpected alias value after change that is expected to
be successful",
+ TestSSLConstants.BROKER_KEYSTORE_ALIAS,
+ fileKeyStore.getCertificateAlias());
+
+ }
+
+ public void testDeleteKeyStore_Success() throws Exception
+ {
+
+ when(_securityManager.authoriseConfiguringBroker(any(String.class),
(Class<? extends ConfiguredObject>)any(),
any(Operation.class))).thenReturn(true);
+
+ Map<String,Object> attributes = new HashMap<>();
+ attributes.put(FileKeyStore.NAME, "myFileKeyStore");
+ attributes.put(FileKeyStore.PATH, TestSSLConstants.BROKER_KEYSTORE);
+ attributes.put(FileKeyStore.PASSWORD,
TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+
+ FileKeyStoreImpl fileKeyStore = new FileKeyStoreImpl(attributes,
_broker);
+
+ fileKeyStore.create();
+ fileKeyStore.delete();
+ }
+
+ public void testDeleteKeyStore_KeyManagerInUseByPort() throws Exception
+ {
+ when(_securityManager.authoriseConfiguringBroker(any(String.class),
+ any(Class.class),
+
any(Operation.class))).thenReturn(true);
+
+ Map<String,Object> attributes = new HashMap<>();
+ attributes.put(FileKeyStore.NAME, "myFileKeyStore");
+ attributes.put(FileKeyStore.PATH, TestSSLConstants.BROKER_KEYSTORE);
+ attributes.put(FileKeyStore.PASSWORD,
TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+
+ FileKeyStoreImpl fileKeyStore = new FileKeyStoreImpl(attributes,
_broker);
+
+ fileKeyStore.create();
+
+ Port<?> port = mock(Port.class);
+ when(port.getKeyStore()).thenReturn(fileKeyStore);
+
+
when(_broker.getPorts()).thenReturn(Collections.<Port<?>>singletonList(port));
+
+ try
+ {
+ fileKeyStore.delete();
+ fail("Exception not thrown");
+ }
+ catch (IntegrityViolationException ive)
+ {
+ // PASS
+ }
+ }
+
+ private static String createDataUrlForFile(String filename)
+ {
+ byte[] fileAsBytes = FileUtils.readFileAsBytes(filename);
+ return DataUrlUtils.getDataUrlForBytes(fileAsBytes);
+ }
+}
\ No newline at end of file
Added:
qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java?rev=1651615&view=auto
==============================================================================
---
qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java
(added)
+++
qpid/trunk/qpid/java/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java
Wed Jan 14 10:38:04 2015
@@ -0,0 +1,320 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.qpid.server.security;
+
+
+import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.net.ssl.TrustManager;
+
+import org.apache.qpid.server.configuration.IllegalConfigurationException;
+import org.apache.qpid.server.configuration.updater.CurrentThreadTaskExecutor;
+import org.apache.qpid.server.model.AuthenticationProvider;
+import org.apache.qpid.server.model.Broker;
+import org.apache.qpid.server.model.BrokerModel;
+import org.apache.qpid.server.model.ConfiguredObject;
+import org.apache.qpid.server.model.IntegrityViolationException;
+import org.apache.qpid.server.model.Port;
+import org.apache.qpid.server.model.TrustStore;
+import org.apache.qpid.server.security.access.Operation;
+import
org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManager;
+import org.apache.qpid.test.utils.QpidTestCase;
+import org.apache.qpid.test.utils.TestSSLConstants;
+import org.apache.qpid.transport.network.security.ssl.QpidMultipleTrustManager;
+import org.apache.qpid.util.DataUrlUtils;
+import org.apache.qpid.util.FileUtils;
+
+public class FileTrustStoreTest extends QpidTestCase
+{
+ private final Broker<?> _broker = mock(Broker.class);
+ private final CurrentThreadTaskExecutor _taskExecutor = new
CurrentThreadTaskExecutor();
+ private final SecurityManager _securityManager =
mock(SecurityManager.class);
+
+ public void setUp() throws Exception
+ {
+ super.setUp();
+
+ _taskExecutor.start();
+ when(_broker.getTaskExecutor()).thenReturn(_taskExecutor);
+ when(_broker.getModel()).thenReturn(BrokerModel.getInstance());
+
+ when(_broker.getSecurityManager()).thenReturn(_securityManager);
+ }
+
+ public void testCreateTrustStoreFromFile_Success() throws Exception
+ {
+ Map<String,Object> attributes = new HashMap<>();
+ attributes.put(FileTrustStore.NAME, "myFileTrustStore");
+ attributes.put(FileTrustStore.PATH, TestSSLConstants.TRUSTSTORE);
+ attributes.put(FileTrustStore.PASSWORD,
TestSSLConstants.TRUSTSTORE_PASSWORD);
+
+ FileTrustStoreImpl fileTrustStore = new FileTrustStoreImpl(attributes,
_broker);
+
+ fileTrustStore.create();
+
+ TrustManager[] trustManagers = fileTrustStore.getTrustManagers();
+ assertNotNull(trustManagers);
+ assertEquals("Unexpected number of trust managers", 1,
trustManagers.length);
+ assertNotNull("Trust manager unexpected null", trustManagers[0]);
+ }
+
+ public void testCreateTrustStoreFromFile_WrongPassword() throws Exception
+ {
+ Map<String,Object> attributes = new HashMap<>();
+ attributes.put(FileTrustStore.NAME, "myFileTrustStore");
+ attributes.put(FileTrustStore.PATH, TestSSLConstants.TRUSTSTORE);
+ attributes.put(FileTrustStore.PASSWORD, "wrong");
+
+ FileTrustStoreImpl fileTrustStore = new FileTrustStoreImpl(attributes,
_broker);
+
+ try
+ {
+ fileTrustStore.create();
+ fail("Exception not thrown");
+ }
+ catch (IllegalConfigurationException ice)
+ {
+ String message = ice.getMessage();
+ assertTrue("Exception text not as unexpected:" + message,
message.contains("Check trust store password"));
+ }
+ }
+
+ public void testCreatePeersOnlyTrustStoreFromFile_Success() throws
Exception
+ {
+ Map<String,Object> attributes = new HashMap<>();
+ attributes.put(FileTrustStore.NAME, "myFileTrustStore");
+ attributes.put(FileTrustStore.PATH, TestSSLConstants.BROKER_PEERSTORE);
+ attributes.put(FileTrustStore.PASSWORD,
TestSSLConstants.BROKER_PEERSTORE_PASSWORD);
+ attributes.put(FileTrustStore.PEERS_ONLY, true);
+
+ FileTrustStoreImpl fileTrustStore = new FileTrustStoreImpl(attributes,
_broker);
+
+ fileTrustStore.create();
+
+ TrustManager[] trustManagers = fileTrustStore.getTrustManagers();
+ assertNotNull(trustManagers);
+ assertEquals("Unexpected number of trust managers", 1,
trustManagers.length);
+ assertNotNull("Trust manager unexpected null", trustManagers[0]);
+ assertTrue("Trust manager unexpected null", trustManagers[0]
instanceof QpidMultipleTrustManager);
+ }
+
+
+ public void testCreateTrustStoreFromDataUrl_Success() throws Exception
+ {
+ String trustStoreAsDataUrl =
createDataUrlForFile(TestSSLConstants.TRUSTSTORE);
+
+ Map<String,Object> attributes = new HashMap<>();
+ attributes.put(FileTrustStore.NAME, "myFileTrustStore");
+ attributes.put(FileTrustStore.PATH, trustStoreAsDataUrl);
+ attributes.put(FileTrustStore.PASSWORD,
TestSSLConstants.TRUSTSTORE_PASSWORD);
+
+ FileTrustStoreImpl fileTrustStore = new FileTrustStoreImpl(attributes,
_broker);
+
+ fileTrustStore.create();
+
+ TrustManager[] trustManagers = fileTrustStore.getTrustManagers();
+ assertNotNull(trustManagers);
+ assertEquals("Unexpected number of trust managers", 1,
trustManagers.length);
+ assertNotNull("Trust manager unexpected null", trustManagers[0]);
+ }
+
+ public void testCreateTrustStoreFromDataUrl_WrongPassword() throws
Exception
+ {
+ String trustStoreAsDataUrl =
createDataUrlForFile(TestSSLConstants.TRUSTSTORE);
+
+ Map<String,Object> attributes = new HashMap<>();
+ attributes.put(FileTrustStore.NAME, "myFileTrustStore");
+ attributes.put(FileTrustStore.PASSWORD, "wrong");
+ attributes.put(FileTrustStore.PATH, trustStoreAsDataUrl);
+
+ FileTrustStoreImpl fileTrustStore = new FileTrustStoreImpl(attributes,
_broker);
+
+ try
+ {
+
+ fileTrustStore.create();
+ fail("Exception not thrown");
+ }
+ catch (IllegalConfigurationException ice)
+ {
+ String message = ice.getMessage();
+ assertTrue("Exception text not as unexpected:" + message,
message.contains("Check trust store password"));
+ }
+ }
+
+ public void testCreateTrustStoreFromDataUrl_BadTruststoreBytes() throws
Exception
+ {
+ String trustStoreAsDataUrl =
DataUrlUtils.getDataUrlForBytes("notatruststore".getBytes());
+
+ Map<String,Object> attributes = new HashMap<>();
+ attributes.put(FileTrustStore.NAME, "myFileTrustStore");
+ attributes.put(FileTrustStore.PASSWORD,
TestSSLConstants.TRUSTSTORE_PASSWORD);
+ attributes.put(FileTrustStore.PATH, trustStoreAsDataUrl);
+
+ FileTrustStoreImpl fileTrustStore = new FileTrustStoreImpl(attributes,
_broker);
+
+ try
+ {
+ fileTrustStore.create();
+ fail("Exception not thrown");
+ }
+ catch (IllegalConfigurationException ice)
+ {
+ String message = ice.getMessage();
+ assertTrue("Exception text not as unexpected:" + message,
message.contains("Cannot instantiate trust store"));
+
+ }
+ }
+
+ public void testUpdateTrustStore_Success() throws Exception
+ {
+
+ when(_securityManager.authoriseConfiguringBroker(any(String.class),
(Class<? extends ConfiguredObject>)any(),
any(Operation.class))).thenReturn(true);
+
+ Map<String,Object> attributes = new HashMap<>();
+ attributes.put(FileTrustStore.NAME, "myFileTrustStore");
+ attributes.put(FileTrustStore.PATH, TestSSLConstants.TRUSTSTORE);
+ attributes.put(FileTrustStore.PASSWORD,
TestSSLConstants.TRUSTSTORE_PASSWORD);
+
+ FileTrustStoreImpl fileTrustStore = new FileTrustStoreImpl(attributes,
_broker);
+
+ fileTrustStore.create();
+
+ assertEquals("Unexpected path value before change",
TestSSLConstants.TRUSTSTORE, fileTrustStore.getPath());
+
+ try
+ {
+ Map<String,Object> unacceptableAttributes = new HashMap<>();
+ unacceptableAttributes.put(FileTrustStore.PATH,
"/not/a/truststore");
+
+ fileTrustStore.setAttributes(unacceptableAttributes);
+ fail("Exception not thrown");
+ }
+ catch (IllegalConfigurationException ice)
+ {
+ String message = ice.getMessage();
+ assertTrue("Exception text not as unexpected:" + message,
message.contains("Cannot instantiate trust store"));
+ }
+
+ assertEquals("Unexpected path value after failed change",
TestSSLConstants.TRUSTSTORE, fileTrustStore.getPath());
+
+ Map<String,Object> changedAttributes = new HashMap<>();
+ changedAttributes.put(FileTrustStore.PATH,
TestSSLConstants.BROKER_TRUSTSTORE);
+ changedAttributes.put(FileTrustStore.PASSWORD,
TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD);
+
+ fileTrustStore.setAttributes(changedAttributes);
+
+ assertEquals("Unexpected path value after change that is expected to
be successful",
+ TestSSLConstants.BROKER_TRUSTSTORE,
+ fileTrustStore.getPath());
+ }
+
+ public void testDeleteTrustStore_Success() throws Exception
+ {
+
+ when(_securityManager.authoriseConfiguringBroker(any(String.class),
(Class<? extends ConfiguredObject>)any(),
any(Operation.class))).thenReturn(true);
+
+ Map<String,Object> attributes = new HashMap<>();
+ attributes.put(FileTrustStore.NAME, "myFileTrustStore");
+ attributes.put(FileTrustStore.PATH, TestSSLConstants.TRUSTSTORE);
+ attributes.put(FileTrustStore.PASSWORD,
TestSSLConstants.TRUSTSTORE_PASSWORD);
+
+ FileTrustStoreImpl fileTrustStore = new FileTrustStoreImpl(attributes,
_broker);
+
+ fileTrustStore.create();
+ fileTrustStore.delete();
+ }
+
+ public void testDeleteTrustStore_TrustManagerInUseByAuthProvider() throws
Exception
+ {
+ when(_securityManager.authoriseConfiguringBroker(any(String.class),
+ any(Class.class),
+
any(Operation.class))).thenReturn(true);
+
+ Map<String,Object> attributes = new HashMap<>();
+ attributes.put(FileTrustStore.NAME, "myFileTrustStore");
+ attributes.put(FileTrustStore.PATH, TestSSLConstants.TRUSTSTORE);
+ attributes.put(FileTrustStore.PASSWORD,
TestSSLConstants.TRUSTSTORE_PASSWORD);
+
+ FileTrustStoreImpl fileTrustStore = new FileTrustStoreImpl(attributes,
_broker);
+
+ fileTrustStore.create();
+
+ SimpleLDAPAuthenticationManager ldap =
mock(SimpleLDAPAuthenticationManager.class);
+ when(ldap.getTrustStore()).thenReturn(fileTrustStore);
+
+ Collection<AuthenticationProvider<?>> authenticationProviders =
Collections.<AuthenticationProvider<?>>singletonList(ldap);
+
when(_broker.getAuthenticationProviders()).thenReturn(authenticationProviders);
+
+ try
+ {
+ fileTrustStore.delete();
+ fail("Exception not thrown");
+ }
+ catch (IntegrityViolationException ive)
+ {
+ // PASS
+ }
+ }
+
+ public void testDeleteTrustStore_TrustManagerInUseByPort() throws Exception
+ {
+ when(_securityManager.authoriseConfiguringBroker(any(String.class),
+ any(Class.class),
+
any(Operation.class))).thenReturn(true);
+
+ Map<String,Object> attributes = new HashMap<>();
+ attributes.put(FileTrustStore.NAME, "myFileTrustStore");
+ attributes.put(FileTrustStore.PATH, TestSSLConstants.TRUSTSTORE);
+ attributes.put(FileTrustStore.PASSWORD,
TestSSLConstants.TRUSTSTORE_PASSWORD);
+
+ FileTrustStoreImpl fileTrustStore = new FileTrustStoreImpl(attributes,
_broker);
+
+ fileTrustStore.create();
+
+ Port<?> port = mock(Port.class);
+
when(port.getTrustStores()).thenReturn(Collections.<TrustStore>singletonList(fileTrustStore));
+
+
when(_broker.getPorts()).thenReturn(Collections.<Port<?>>singletonList(port));
+
+ try
+ {
+ fileTrustStore.delete();
+ fail("Exception not thrown");
+ }
+ catch (IntegrityViolationException ive)
+ {
+ // PASS
+ }
+ }
+
+ private static String createDataUrlForFile(String filename)
+ {
+ byte[] fileAsBytes = FileUtils.readFileAsBytes(filename);
+ return DataUrlUtils.getDataUrlForBytes(fileAsBytes);
+ }
+}
\ No newline at end of file
Modified:
qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/RestServlet.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/RestServlet.java?rev=1651615&r1=1651614&r2=1651615&view=diff
==============================================================================
---
qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/RestServlet.java
(original)
+++
qpid/trunk/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/RestServlet.java
Wed Jan 14 10:38:04 2015
@@ -36,7 +36,6 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.Part;
-import javax.xml.bind.DatatypeConverter;
import org.apache.log4j.Logger;
import org.codehaus.jackson.map.ObjectMapper;
@@ -46,6 +45,7 @@ import org.apache.qpid.server.configurat
import org.apache.qpid.server.model.Broker;
import org.apache.qpid.server.model.ConfiguredObject;
import org.apache.qpid.server.util.urlstreamhandler.data.Handler;
+import org.apache.qpid.util.DataUrlUtils;
public class RestServlet extends AbstractServlet
{
@@ -439,8 +439,7 @@ public class RestServlet extends Abstrac
{
byte[] data = new byte[(int) part.getSize()];
part.getInputStream().read(data);
- StringBuilder inlineURL = new
StringBuilder("data:;base64,");
-
inlineURL.append(DatatypeConverter.printBase64Binary(data));
+ String inlineURL = DataUrlUtils.getDataUrlForBytes(data);
fileUploads.put(part.getName(),inlineURL.toString());
}
}
Modified:
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java?rev=1651615&r1=1651614&r2=1651615&view=diff
==============================================================================
---
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java
(original)
+++
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/QpidClientX509KeyManager.java
Wed Jan 14 10:38:04 2015
@@ -27,6 +27,7 @@ import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;
import java.io.IOException;
import java.net.Socket;
+import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Principal;
@@ -48,6 +49,16 @@ public class QpidClientX509KeyManager ex
KeyManagerFactory kmf =
KeyManagerFactory.getInstance(keyManagerFactoryAlgorithmName);
kmf.init(ks, keyStorePassword.toCharArray());
this.delegate = (X509ExtendedKeyManager)kmf.getKeyManagers()[0];
+ }
+
+ public QpidClientX509KeyManager(String alias, URL keyStoreUrl, String
keyStoreType,
+ String keyStorePassword, String
keyManagerFactoryAlgorithmName) throws GeneralSecurityException, IOException
+ {
+ this.alias = alias;
+ KeyStore ks =
SSLUtil.getInitializedKeyStore(keyStoreUrl,keyStorePassword,keyStoreType);
+ KeyManagerFactory kmf =
KeyManagerFactory.getInstance(keyManagerFactoryAlgorithmName);
+ kmf.init(ks, keyStorePassword.toCharArray());
+ this.delegate = (X509ExtendedKeyManager)kmf.getKeyManagers()[0];
}
public String chooseClientAlias(String[] keyType, Principal[] issuers,
Socket socket)
Modified:
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java?rev=1651615&r1=1651614&r2=1651615&view=diff
==============================================================================
---
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
(original)
+++
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
Wed Jan 14 10:38:04 2015
@@ -24,6 +24,7 @@ import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Principal;
@@ -247,6 +248,23 @@ public class SSLUtil
}
return ks;
}
+
+ public static KeyStore getInitializedKeyStore(URL storePath, String
storePassword, String keyStoreType) throws GeneralSecurityException, IOException
+ {
+ KeyStore ks = KeyStore.getInstance(keyStoreType);
+ try(InputStream in = storePath.openStream())
+ {
+ if (in == null && !"PKCS11".equalsIgnoreCase(keyStoreType)) //
PKCS11 will not require an explicit path
+ {
+ throw new IOException("Unable to load keystore resource: " +
storePath);
+ }
+
+ char[] storeCharPassword = storePassword == null ? null :
storePassword.toCharArray();
+
+ ks.load(in, storeCharPassword);
+ }
+ return ks;
+ }
public static void removeSSLv3Support(final SSLEngine engine)
{
Added:
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/util/DataUrlUtils.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/util/DataUrlUtils.java?rev=1651615&view=auto
==============================================================================
---
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/util/DataUrlUtils.java
(added)
+++
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/util/DataUrlUtils.java
Wed Jan 14 10:38:04 2015
@@ -0,0 +1,32 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.qpid.util;
+
+import javax.xml.bind.DatatypeConverter;
+
+public class DataUrlUtils
+{
+ public static String getDataUrlForBytes(final byte[] bytes)
+ {
+ StringBuilder inlineURL = new StringBuilder("data:;base64,");
+ inlineURL.append(DatatypeConverter.printBase64Binary(bytes));
+ return inlineURL.toString();
+ }
+}
Modified:
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/util/FileUtils.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/util/FileUtils.java?rev=1651615&r1=1651614&r2=1651615&view=diff
==============================================================================
---
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/util/FileUtils.java
(original)
+++
qpid/trunk/qpid/java/common/src/main/java/org/apache/qpid/util/FileUtils.java
Wed Jan 14 10:38:04 2015
@@ -22,6 +22,7 @@ package org.apache.qpid.util;
import java.io.BufferedInputStream;
import java.io.BufferedReader;
+import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
@@ -51,39 +52,32 @@ public class FileUtils
*
* @return The contents of the file.
*/
- public static String readFileAsString(String filename)
+ public static byte[] readFileAsBytes(String filename)
{
- BufferedInputStream is = null;
- try
+ try(BufferedInputStream is = new BufferedInputStream(new
FileInputStream(filename)))
{
- try
- {
- is = new BufferedInputStream(new FileInputStream(filename));
- }
- catch (FileNotFoundException e)
- {
- throw new RuntimeException(e);
- }
-
return readStreamAsString(is);
}
- finally
+ catch (IOException e)
{
- if (is != null)
- {
- try
- {
- is.close();
- }
- catch (IOException e)
- {
- throw new RuntimeException(e);
- }
- }
+ throw new RuntimeException(e);
}
}
+
+ /**
+ * Reads a text file as a string.
+ *
+ * @param filename The name of the file.
+ *
+ * @return The contents of the file.
+ */
+ public static String readFileAsString(String filename)
+ {
+ return new String(readFileAsBytes(filename));
+ }
+
/**
* Reads a text file as a string.
*
@@ -93,18 +87,15 @@ public class FileUtils
*/
public static String readFileAsString(File file)
{
- BufferedInputStream is = null;
-
- try
+ try(BufferedInputStream is = new BufferedInputStream(new
FileInputStream(file)))
{
- is = new BufferedInputStream(new FileInputStream(file));
+
+ return new String(readStreamAsString(is));
}
- catch (FileNotFoundException e)
+ catch (IOException e)
{
throw new RuntimeException(e);
}
-
- return readStreamAsString(is);
}
/**
@@ -115,23 +106,20 @@ public class FileUtils
*
* @return The contents of the reader.
*/
- private static String readStreamAsString(BufferedInputStream is)
+ private static byte[] readStreamAsString(BufferedInputStream is)
{
- try
+ try(ByteArrayOutputStream inBuffer = new ByteArrayOutputStream())
{
byte[] data = new byte[4096];
- StringBuffer inBuffer = new StringBuffer();
-
int read;
while ((read = is.read(data)) != -1)
{
- String s = new String(data, 0, read);
- inBuffer.append(s);
+ inBuffer.write(data, 0, read);
}
- return inBuffer.toString();
+ return inBuffer.toByteArray();
}
catch (IOException e)
{
Modified:
qpid/trunk/qpid/java/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/TestSSLConstants.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/TestSSLConstants.java?rev=1651615&r1=1651614&r2=1651615&view=diff
==============================================================================
---
qpid/trunk/qpid/java/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/TestSSLConstants.java
(original)
+++
qpid/trunk/qpid/java/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/TestSSLConstants.java
Wed Jan 14 10:38:04 2015
@@ -28,6 +28,7 @@ public interface TestSSLConstants
String BROKER_KEYSTORE =
"test-profiles/test_resources/ssl/java_broker_keystore.jks";
String BROKER_KEYSTORE_PASSWORD = "password";
+ Object BROKER_KEYSTORE_ALIAS = "rootca";
String BROKER_PEERSTORE =
"test-profiles/test_resources/ssl/java_broker_peerstore.jks";
String BROKER_PEERSTORE_PASSWORD = "password";
Modified:
qpid/trunk/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/KeyStoreRestTest.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/KeyStoreRestTest.java?rev=1651615&r1=1651614&r2=1651615&view=diff
==============================================================================
---
qpid/trunk/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/KeyStoreRestTest.java
(original)
+++
qpid/trunk/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/KeyStoreRestTest.java
Wed Jan 14 10:38:04 2015
@@ -20,23 +20,20 @@
*/
package org.apache.qpid.systest.rest;
-import java.io.IOException;
-import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
-import org.codehaus.jackson.JsonGenerationException;
-import org.codehaus.jackson.JsonParseException;
-import org.codehaus.jackson.map.JsonMappingException;
+import javax.servlet.http.HttpServletResponse;
+
import org.apache.qpid.server.model.AbstractConfiguredObject;
import org.apache.qpid.server.model.KeyStore;
-import org.apache.qpid.server.model.Port;
-import org.apache.qpid.server.model.Transport;
import org.apache.qpid.server.security.FileKeyStore;
import org.apache.qpid.test.utils.TestBrokerConfiguration;
import org.apache.qpid.test.utils.TestSSLConstants;
+import org.apache.qpid.util.DataUrlUtils;
+import org.apache.qpid.util.FileUtils;
public class KeyStoreRestTest extends QpidRestTestCase
{
@@ -67,7 +64,7 @@ public class KeyStoreRestTest extends Qp
String certAlias = "app2";
assertNumberOfKeyStores(1);
- createKeyStore(name, certAlias);
+ createKeyStore(name, certAlias, TestSSLConstants.KEYSTORE,
TestSSLConstants.KEYSTORE_PASSWORD);
assertNumberOfKeyStores(2);
List<Map<String, Object>> keyStores =
getRestTestHelper().getJsonAsList("keystore/" + name);
@@ -76,161 +73,72 @@ public class KeyStoreRestTest extends Qp
assertKeyStoreAttributes(keyStores.get(0), name,
TestSSLConstants.KEYSTORE, certAlias);
}
- public void testDelete() throws Exception
+ public void testCreateWithDataUrl() throws Exception
{
super.setUp();
String name = getTestName();
- String certAlias = "app2";
+ byte[] keystoreAsBytes =
FileUtils.readFileAsBytes(TestSSLConstants.KEYSTORE);
+ String dataUrlForKeyStore =
DataUrlUtils.getDataUrlForBytes(keystoreAsBytes);
assertNumberOfKeyStores(1);
- createKeyStore(name, certAlias);
+ createKeyStore(name, null, dataUrlForKeyStore,
TestSSLConstants.KEYSTORE_PASSWORD);
assertNumberOfKeyStores(2);
- int responseCode = getRestTestHelper().submitRequest("keystore/" +
name , "DELETE");
- assertEquals("Unexpected response code for provider deletion", 200,
responseCode);
-
- List<Map<String, Object>> keyStore =
getRestTestHelper().getJsonAsList("keystore/" + name);
- assertNotNull("details should not be null", keyStore);
- assertTrue("details should be empty as the keystore no longer exists",
keyStore.isEmpty());
-
- //check only the default systests key store remains
- List<Map<String, Object>> keyStores = assertNumberOfKeyStores(1);
- Map<String, Object> keystore = keyStores.get(0);
- assertKeyStoreAttributes(keystore,
TestBrokerConfiguration.ENTRY_NAME_SSL_KEYSTORE,
- QPID_HOME + "/../" + TestSSLConstants.BROKER_KEYSTORE, null);
- }
-
- public void testDeleteFailsWhenKeyStoreInUse() throws Exception
- {
- String name = "testDeleteFailsWhenKeyStoreInUse";
-
- //add a new key store config to use
- Map<String, Object> sslKeyStoreAttributes = new HashMap<String,
Object>();
- sslKeyStoreAttributes.put(KeyStore.NAME, name);
- sslKeyStoreAttributes.put(FileKeyStore.PATH,
TestSSLConstants.BROKER_KEYSTORE);
- sslKeyStoreAttributes.put(FileKeyStore.PASSWORD,
TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
-
getBrokerConfiguration().addObjectConfiguration(KeyStore.class,sslKeyStoreAttributes);
-
- //add the SSL port using it
- Map<String, Object> sslPortAttributes = new HashMap<String, Object>();
- sslPortAttributes.put(Port.TRANSPORTS,
Collections.singleton(Transport.SSL));
- sslPortAttributes.put(Port.PORT, DEFAULT_SSL_PORT);
- sslPortAttributes.put(Port.NAME,
TestBrokerConfiguration.ENTRY_NAME_SSL_PORT);
- sslPortAttributes.put(Port.AUTHENTICATION_PROVIDER,
TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER);
- sslPortAttributes.put(Port.KEY_STORE, name);
-
getBrokerConfiguration().addObjectConfiguration(Port.class,sslPortAttributes);
-
- super.setUp();
-
- //verify the keystore is there
- assertNumberOfKeyStores(2);
-
- List<Map<String, Object>> keyStore =
getRestTestHelper().getJsonAsList("keystore/" + name);
- assertNotNull("details should not be null", keyStore);
- assertKeyStoreAttributes(keyStore.get(0), name,
TestSSLConstants.BROKER_KEYSTORE, null);
-
- //try to delete it, which should fail as it is in use
- int responseCode = getRestTestHelper().submitRequest("keystore/" +
name , "DELETE");
- assertEquals("Unexpected response code for provider deletion", 409,
responseCode);
+ List<Map<String, Object>> keyStores =
getRestTestHelper().getJsonAsList("keystore/" + name);
+ assertNotNull("details cannot be null", keyStores);
- //check its still there
- assertNumberOfKeyStores(2);
- keyStore = getRestTestHelper().getJsonAsList("keystore/" + name);
- assertNotNull("details should not be null", keyStore);
- assertKeyStoreAttributes(keyStore.get(0), name,
TestSSLConstants.BROKER_KEYSTORE, null);
+ assertKeyStoreAttributes(keyStores.get(0), name, dataUrlForKeyStore,
null);
}
- public void testUpdateWithGoodPathSucceeds() throws Exception
+ public void testDelete() throws Exception
{
super.setUp();
String name = getTestName();
+ String certAlias = "app2";
assertNumberOfKeyStores(1);
- createKeyStore(name, null);
+ createKeyStore(name, certAlias, TestSSLConstants.KEYSTORE,
TestSSLConstants.KEYSTORE_PASSWORD);
assertNumberOfKeyStores(2);
- Map<String, Object> attributes = new HashMap<String, Object>();
- attributes.put(KeyStore.NAME, name);
- attributes.put(FileKeyStore.PATH, TestSSLConstants.UNTRUSTED_KEYSTORE);
-
- int responseCode = getRestTestHelper().submitRequest("keystore/" +
name , "PUT", attributes);
- assertEquals("Unexpected response code for keystore update", 200,
responseCode);
+ getRestTestHelper().submitRequest("keystore/" + name, "DELETE",
HttpServletResponse.SC_OK);
List<Map<String, Object>> keyStore =
getRestTestHelper().getJsonAsList("keystore/" + name);
assertNotNull("details should not be null", keyStore);
+ assertTrue("details should be empty as the keystore no longer exists",
keyStore.isEmpty());
- assertKeyStoreAttributes(keyStore.get(0), name,
TestSSLConstants.UNTRUSTED_KEYSTORE, null);
+ //check only the default systests key store remains
+ List<Map<String, Object>> keyStores = assertNumberOfKeyStores(1);
+ Map<String, Object> keystore = keyStores.get(0);
+ assertKeyStoreAttributes(keystore,
TestBrokerConfiguration.ENTRY_NAME_SSL_KEYSTORE,
+ QPID_HOME + "/../" + TestSSLConstants.BROKER_KEYSTORE, null);
}
- public void testUpdateWithNonExistentPathFails() throws Exception
+ public void testUpdate() throws Exception
{
super.setUp();
String name = getTestName();
assertNumberOfKeyStores(1);
- createKeyStore(name, null);
+ createKeyStore(name, null, TestSSLConstants.KEYSTORE,
TestSSLConstants.KEYSTORE_PASSWORD);
assertNumberOfKeyStores(2);
Map<String, Object> attributes = new HashMap<String, Object>();
attributes.put(KeyStore.NAME, name);
- attributes.put(FileKeyStore.PATH, "does.not.exist");
+ attributes.put(FileKeyStore.PATH, TestSSLConstants.UNTRUSTED_KEYSTORE);
- int responseCode = getRestTestHelper().submitRequest("keystore/" +
name , "PUT", attributes);
- assertEquals("Unexpected response code for keystore update", 409,
responseCode);
+ getRestTestHelper().submitRequest("keystore/" + name, "PUT",
attributes, HttpServletResponse.SC_OK);
List<Map<String, Object>> keyStore =
getRestTestHelper().getJsonAsList("keystore/" + name);
assertNotNull("details should not be null", keyStore);
- //verify the details remain unchanged
- assertKeyStoreAttributes(keyStore.get(0), name,
TestSSLConstants.KEYSTORE, null);
+ assertKeyStoreAttributes(keyStore.get(0), name,
TestSSLConstants.UNTRUSTED_KEYSTORE, null);
}
- public void testUpdateCertificateAlias() throws Exception
- {
- super.setUp();
-
- String name = getTestName();
-
- assertNumberOfKeyStores(1);
- createKeyStore(name, "app1");
- assertNumberOfKeyStores(2);
-
- List<Map<String, Object>> keyStore =
getRestTestHelper().getJsonAsList("keystore/" + name);
- assertNotNull("details should not be null", keyStore);
- assertKeyStoreAttributes(keyStore.get(0), name,
TestSSLConstants.KEYSTORE, "app1");
-
- //Update the certAlias from app1 to app2
- Map<String, Object> attributes = new HashMap<String, Object>();
- attributes.put(KeyStore.NAME, name);
- attributes.put(FileKeyStore.CERTIFICATE_ALIAS, "app2");
-
- int responseCode = getRestTestHelper().submitRequest("keystore/" +
name , "PUT", attributes);
- assertEquals("Unexpected response code for keystore update", 200,
responseCode);
-
- keyStore = getRestTestHelper().getJsonAsList("keystore/" + name);
- assertNotNull("details should not be null", keyStore);
-
- assertKeyStoreAttributes(keyStore.get(0), name,
TestSSLConstants.KEYSTORE, "app2");
-
- //Update the certAlias to clear it (i.e go from from app1 to null)
- attributes = new HashMap<String, Object>();
- attributes.put(KeyStore.NAME, name);
- attributes.put(FileKeyStore.CERTIFICATE_ALIAS, null);
-
- responseCode = getRestTestHelper().submitRequest("keystore/" + name ,
"PUT", attributes);
- assertEquals("Unexpected response code for keystore update", 200,
responseCode);
- keyStore = getRestTestHelper().getJsonAsList("keystore/" + name);
- assertNotNull("details should not be null", keyStore);
-
- assertKeyStoreAttributes(keyStore.get(0), name,
TestSSLConstants.KEYSTORE, null);
- }
-
- private List<Map<String, Object>> assertNumberOfKeyStores(int
numberOfKeystores) throws IOException,
- JsonParseException, JsonMappingException
+ private List<Map<String, Object>> assertNumberOfKeyStores(int
numberOfKeystores) throws Exception
{
List<Map<String, Object>> keyStores =
getRestTestHelper().getJsonAsList("keystore");
assertNotNull("keystores should not be null", keyStores);
@@ -239,16 +147,18 @@ public class KeyStoreRestTest extends Qp
return keyStores;
}
- private void createKeyStore(String name, String certAlias) throws
IOException, JsonGenerationException, JsonMappingException
+ private void createKeyStore(String name, String certAlias, final String
keyStorePath, final String keystorePassword) throws Exception
{
- Map<String, Object> keyStoreAttributes = new HashMap<String, Object>();
+ Map<String, Object> keyStoreAttributes = new HashMap<>();
keyStoreAttributes.put(KeyStore.NAME, name);
- keyStoreAttributes.put(FileKeyStore.PATH, TestSSLConstants.KEYSTORE);
- keyStoreAttributes.put(FileKeyStore.PASSWORD,
TestSSLConstants.KEYSTORE_PASSWORD);
- keyStoreAttributes.put(FileKeyStore.CERTIFICATE_ALIAS, certAlias);
+ keyStoreAttributes.put(FileKeyStore.PATH, keyStorePath);
+ keyStoreAttributes.put(FileKeyStore.PASSWORD, keystorePassword);
+ if (certAlias != null)
+ {
+ keyStoreAttributes.put(FileKeyStore.CERTIFICATE_ALIAS, certAlias);
+ }
- int responseCode = getRestTestHelper().submitRequest("keystore/" +
name, "PUT", keyStoreAttributes);
- assertEquals("Unexpected response code", 201, responseCode);
+ getRestTestHelper().submitRequest("keystore/" + name, "PUT",
keyStoreAttributes, HttpServletResponse.SC_CREATED);
}
private void assertKeyStoreAttributes(Map<String, Object> keystore, String
name, String path, String certAlias)
@@ -261,12 +171,16 @@ public class KeyStoreRestTest extends Qp
AbstractConfiguredObject.SECURED_STRING_VALUE,
keystore.get(FileKeyStore.PASSWORD));
assertEquals("unexpected type of default systests key store",
java.security.KeyStore.getDefaultType(),
keystore.get(FileKeyStore.KEY_STORE_TYPE));
- assertEquals("unexpected certificateAlias value",
- certAlias, keystore.get(FileKeyStore.CERTIFICATE_ALIAS));
if(certAlias == null)
{
assertFalse("should not be a certificateAlias attribute",
keystore.containsKey(FileKeyStore.CERTIFICATE_ALIAS));
}
+ else
+ {
+ assertEquals("unexpected certificateAlias value",
+ certAlias,
keystore.get(FileKeyStore.CERTIFICATE_ALIAS));
+
+ }
}
}
Modified:
qpid/trunk/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/TrustStoreRestTest.java
URL:
http://svn.apache.org/viewvc/qpid/trunk/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/TrustStoreRestTest.java?rev=1651615&r1=1651614&r2=1651615&view=diff
==============================================================================
---
qpid/trunk/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/TrustStoreRestTest.java
(original)
+++
qpid/trunk/qpid/java/systests/src/test/java/org/apache/qpid/systest/rest/TrustStoreRestTest.java
Wed Jan 14 10:38:04 2015
@@ -20,23 +20,19 @@
*/
package org.apache.qpid.systest.rest;
-import java.io.IOException;
-import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
-import org.codehaus.jackson.JsonGenerationException;
-import org.codehaus.jackson.JsonParseException;
-import org.codehaus.jackson.map.JsonMappingException;
+import javax.servlet.http.HttpServletResponse;
import org.apache.qpid.server.model.AbstractConfiguredObject;
-import org.apache.qpid.server.model.Port;
-import org.apache.qpid.server.model.Transport;
import org.apache.qpid.server.model.TrustStore;
import org.apache.qpid.server.security.FileTrustStore;
import org.apache.qpid.test.utils.TestBrokerConfiguration;
import org.apache.qpid.test.utils.TestSSLConstants;
+import org.apache.qpid.util.DataUrlUtils;
+import org.apache.qpid.util.FileUtils;
public class TrustStoreRestTest extends QpidRestTestCase
{
@@ -66,7 +62,7 @@ public class TrustStoreRestTest extends
String name = getTestName();
assertNumberOfTrustStores(1);
- createTrustStore(name, true);
+ createTrustStore(name, true, TestSSLConstants.TRUSTSTORE,
TestSSLConstants.TRUSTSTORE_PASSWORD);
assertNumberOfTrustStores(2);
List<Map<String, Object>> trustStores =
getRestTestHelper().getJsonAsList("truststore/" + name);
@@ -75,157 +71,73 @@ public class TrustStoreRestTest extends
assertTrustStoreAttributes(trustStores.get(0), name,
TestSSLConstants.TRUSTSTORE, true);
}
- public void testDelete() throws Exception
+ public void testCreateUsingDataUrl() throws Exception
{
super.setUp();
String name = getTestName();
+ byte[] trustStoreAsBytes =
FileUtils.readFileAsBytes(TestSSLConstants.TRUSTSTORE);
+ String dataUrlForTruststore =
DataUrlUtils.getDataUrlForBytes(trustStoreAsBytes);
assertNumberOfTrustStores(1);
- createTrustStore(name, false);
- assertNumberOfTrustStores(2);
-
- int responseCode = getRestTestHelper().submitRequest("truststore/" +
name , "DELETE");
- assertEquals("Unexpected response code for provider deletion", 200,
responseCode);
-
- List<Map<String, Object>> trustStore =
getRestTestHelper().getJsonAsList("truststore/" + name);
- assertNotNull("details should not be null", trustStore);
- assertTrue("details should be empty as the truststore no longer
exists", trustStore.isEmpty());
-
- //check only the default systests trust store remains
- List<Map<String, Object>> trustStores = assertNumberOfTrustStores(1);
- Map<String, Object> truststore = trustStores.get(0);
- assertTrustStoreAttributes(truststore,
TestBrokerConfiguration.ENTRY_NAME_SSL_TRUSTSTORE,
- QPID_HOME + "/../" + TestSSLConstants.BROKER_TRUSTSTORE,
false);
- }
-
- public void testDeleteFailsWhenTrustStoreInUse() throws Exception
- {
- String name = "testDeleteFailsWhenTrustStoreInUse";
- //add a new trust store config to use
- Map<String, Object> sslTrustStoreAttributes = new HashMap<String,
Object>();
- sslTrustStoreAttributes.put(TrustStore.NAME, name);
- sslTrustStoreAttributes.put(FileTrustStore.PATH,
TestSSLConstants.TRUSTSTORE);
- sslTrustStoreAttributes.put(FileTrustStore.PASSWORD,
TestSSLConstants.TRUSTSTORE_PASSWORD);
-
getBrokerConfiguration().addObjectConfiguration(TrustStore.class,sslTrustStoreAttributes);
-
- //add the SSL port using it
- Map<String, Object> sslPortAttributes = new HashMap<String, Object>();
- sslPortAttributes.put(Port.TRANSPORTS,
Collections.singleton(Transport.SSL));
- sslPortAttributes.put(Port.PORT, DEFAULT_SSL_PORT);
- sslPortAttributes.put(Port.NAME,
TestBrokerConfiguration.ENTRY_NAME_SSL_PORT);
- sslPortAttributes.put(Port.AUTHENTICATION_PROVIDER,
TestBrokerConfiguration.ENTRY_NAME_AUTHENTICATION_PROVIDER);
- sslPortAttributes.put(Port.KEY_STORE,
TestBrokerConfiguration.ENTRY_NAME_SSL_KEYSTORE);
- sslPortAttributes.put(Port.TRUST_STORES, Collections.singleton(name));
- getBrokerConfiguration().addObjectConfiguration(Port.class,
sslPortAttributes);
+ createTrustStore(name, false, dataUrlForTruststore,
TestSSLConstants.TRUSTSTORE_PASSWORD);
- super.setUp();
-
- //verify the truststore is there
assertNumberOfTrustStores(2);
- List<Map<String, Object>> trustStore =
getRestTestHelper().getJsonAsList("truststore/" + name);
- assertNotNull("details should not be null", trustStore);
- assertTrustStoreAttributes(trustStore.get(0), name,
TestSSLConstants.TRUSTSTORE, false);
-
- //try to delete it, which should fail as it is in use
- int responseCode = getRestTestHelper().submitRequest("truststore/" +
name , "DELETE");
- assertEquals("Unexpected response code for provider deletion", 409,
responseCode);
+ List<Map<String, Object>> trustStores =
getRestTestHelper().getJsonAsList("truststore/" + name);
+ assertNotNull("details cannot be null", trustStores);
- //check its still there
- assertNumberOfTrustStores(2);
- trustStore = getRestTestHelper().getJsonAsList("truststore/" + name);
- assertNotNull("details should not be null", trustStore);
- assertTrustStoreAttributes(trustStore.get(0), name,
TestSSLConstants.TRUSTSTORE, false);
+ assertTrustStoreAttributes(trustStores.get(0), name,
dataUrlForTruststore, false);
}
- public void testUpdateWithGoodPathSucceeds() throws Exception
+ public void testDelete() throws Exception
{
super.setUp();
String name = getTestName();
assertNumberOfTrustStores(1);
- createTrustStore(name, false);
+ createTrustStore(name, false, TestSSLConstants.TRUSTSTORE,
TestSSLConstants.TRUSTSTORE_PASSWORD);
assertNumberOfTrustStores(2);
- Map<String, Object> attributes = new HashMap<String, Object>();
- attributes.put(TrustStore.NAME, name);
- attributes.put(FileTrustStore.PATH, TestSSLConstants.TRUSTSTORE);
-
- int responseCode = getRestTestHelper().submitRequest("truststore/" +
name , "PUT", attributes);
- assertEquals("Unexpected response code for truststore update", 200,
responseCode);
+ getRestTestHelper().submitRequest("truststore/" + name , "DELETE",
HttpServletResponse.SC_OK);
List<Map<String, Object>> trustStore =
getRestTestHelper().getJsonAsList("truststore/" + name);
assertNotNull("details should not be null", trustStore);
+ assertTrue("details should be empty as the truststore no longer
exists", trustStore.isEmpty());
- assertTrustStoreAttributes(trustStore.get(0), name,
TestSSLConstants.TRUSTSTORE, false);
+ //check only the default systests trust store remains
+ List<Map<String, Object>> trustStores = assertNumberOfTrustStores(1);
+ Map<String, Object> truststore = trustStores.get(0);
+ assertTrustStoreAttributes(truststore,
TestBrokerConfiguration.ENTRY_NAME_SSL_TRUSTSTORE,
+ QPID_HOME + "/../" + TestSSLConstants.BROKER_TRUSTSTORE,
false);
}
- public void testUpdateWithNonExistentPathFails() throws Exception
- {
- super.setUp();
-
- String name = getTestName();
-
- assertNumberOfTrustStores(1);
- createTrustStore(name, false);
- assertNumberOfTrustStores(2);
- Map<String, Object> attributes = new HashMap<String, Object>();
- attributes.put(TrustStore.NAME, name);
- attributes.put(FileTrustStore.PATH, "does.not.exist");
-
- int responseCode = getRestTestHelper().submitRequest("truststore/" +
name , "PUT", attributes);
- assertEquals("Unexpected response code for trust store update", 409,
responseCode);
-
- List<Map<String, Object>> trustStore =
getRestTestHelper().getJsonAsList("truststore/" + name);
- assertNotNull("details should not be null", trustStore);
-
- //verify the details remain unchanged
- assertTrustStoreAttributes(trustStore.get(0), name,
TestSSLConstants.TRUSTSTORE, false);
- }
-
- public void testUpdatePeersOnly() throws Exception
+ public void testUpdate() throws Exception
{
super.setUp();
String name = getTestName();
assertNumberOfTrustStores(1);
- createTrustStore(name, false);
+ createTrustStore(name, false, TestSSLConstants.TRUSTSTORE,
TestSSLConstants.TRUSTSTORE_PASSWORD);
assertNumberOfTrustStores(2);
- //update the peersOnly attribute from false to true
Map<String, Object> attributes = new HashMap<String, Object>();
attributes.put(TrustStore.NAME, name);
- attributes.put(FileTrustStore.PEERS_ONLY, true);
+ attributes.put(FileTrustStore.PATH, TestSSLConstants.TRUSTSTORE);
- int responseCode = getRestTestHelper().submitRequest("truststore/" +
name , "PUT", attributes);
- assertEquals("Unexpected response code for trust store update", 200,
responseCode);
+ getRestTestHelper().submitRequest("truststore/" + name , "PUT",
attributes, HttpServletResponse.SC_OK);
List<Map<String, Object>> trustStore =
getRestTestHelper().getJsonAsList("truststore/" + name);
assertNotNull("details should not be null", trustStore);
- assertTrustStoreAttributes(trustStore.get(0), name,
TestSSLConstants.TRUSTSTORE, true);
-
- //Update peersOnly to clear it (i.e go from from true to null, which
will default to false)
- attributes = new HashMap<String, Object>();
- attributes.put(TrustStore.NAME, name);
- attributes.put(FileTrustStore.PEERS_ONLY, null);
-
- responseCode = getRestTestHelper().submitRequest("truststore/" + name
, "PUT", attributes);
- assertEquals("Unexpected response code for trust store update", 200,
responseCode);
-
- trustStore = getRestTestHelper().getJsonAsList("truststore/" + name);
- assertNotNull("details should not be null", trustStore);
-
assertTrustStoreAttributes(trustStore.get(0), name,
TestSSLConstants.TRUSTSTORE, false);
}
- private List<Map<String, Object>> assertNumberOfTrustStores(int
numberOfTrustStores) throws IOException,
- JsonParseException, JsonMappingException
+ private List<Map<String, Object>> assertNumberOfTrustStores(int
numberOfTrustStores) throws Exception
{
List<Map<String, Object>> trustStores =
getRestTestHelper().getJsonAsList("truststore");
assertNotNull("trust stores should not be null", trustStores);
@@ -234,17 +146,16 @@ public class TrustStoreRestTest extends
return trustStores;
}
- private void createTrustStore(String name, boolean peersOnly) throws
IOException, JsonGenerationException, JsonMappingException
+ private void createTrustStore(String name, boolean peersOnly, final String
truststorePath, final String truststorePassword) throws Exception
{
Map<String, Object> trustStoreAttributes = new HashMap<String,
Object>();
trustStoreAttributes.put(TrustStore.NAME, name);
//deliberately using the client trust store to differentiate from the
one we are already for broker
- trustStoreAttributes.put(FileTrustStore.PATH,
TestSSLConstants.TRUSTSTORE);
- trustStoreAttributes.put(FileTrustStore.PASSWORD,
TestSSLConstants.TRUSTSTORE_PASSWORD);
+ trustStoreAttributes.put(FileTrustStore.PATH, truststorePath);
+ trustStoreAttributes.put(FileTrustStore.PASSWORD, truststorePassword);
trustStoreAttributes.put(FileTrustStore.PEERS_ONLY, peersOnly);
- int responseCode = getRestTestHelper().submitRequest("truststore/" +
name, "PUT", trustStoreAttributes);
- assertEquals("Unexpected response code", 201, responseCode);
+ getRestTestHelper().submitRequest("truststore/" + name, "PUT",
trustStoreAttributes, HttpServletResponse.SC_CREATED);
}
private void assertTrustStoreAttributes(Map<String, Object> truststore,
String name, String path, boolean peersOnly)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org
For additional commands, e-mail: commits-h...@qpid.apache.org
