This is an automated email from the ASF dual-hosted git repository. orudyy pushed a commit to branch 7.1.x in repository https://gitbox.apache.org/repos/asf/qpid-broker-j.git
The following commit(s) were added to refs/heads/7.1.x by this push: new ad5728a QPID-8281: [Broker-J][Tests] Explicitly specify type of keystores and truststores in tests ad5728a is described below commit ad5728a2ed724c3523f7b77b68bc544f931b2145 Author: Alex Rudyy <oru...@apache.org> AuthorDate: Fri Mar 1 11:45:12 2019 +0000 QPID-8281: [Broker-J][Tests] Explicitly specify type of keystores and truststores in tests (cherry picked from commit c5f129e31ec80fcdaf57dfd2eb3ddcdf13f5263c) --- .../qpid/server/security/FileKeyStoreTest.java | 15 ++++++++++++-- .../qpid/server/security/FileTrustStoreTest.java | 24 ++++++++++++++++------ .../qpid/server/security/NonJavaKeyStoreTest.java | 5 +++-- .../server/security/NonJavaTrustStoreTest.java | 3 ++- .../security/SiteSpecificTrustStoreTest.java | 3 ++- .../manager/oauth2/OAuth2MockEndpointHolder.java | 17 ++++++++++++++- .../apache/qpid/server/ssl/TrustManagerTest.java | 2 +- .../apache/qpid/test/utils/TestSSLConstants.java | 2 ++ .../org/apache/qpid/tests/http/HttpTestHelper.java | 5 +++-- .../resources/config-http-management-tests.json | 3 ++- .../PreemptiveAuthenticationTest.java | 4 +++- .../systests/QpidJmsClientConnectionBuilder.java | 10 +++++++++ .../extensions/management/AmqpManagementTest.java | 24 ++++++++++++++++++++++ .../extensions/sasl/AuthenticationTest.java | 21 +++++++++++++++++-- .../systests/jms_1_1/extensions/tls/TlsTest.java | 20 ++++++++++++++++-- 15 files changed, 136 insertions(+), 22 deletions(-) diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java index 6eaf8f4..3d75ac0 100644 --- a/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java +++ b/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java @@ -22,6 +22,7 @@ package org.apache.qpid.server.security; import static org.apache.qpid.server.security.FileTrustStoreTest.SYMMETRIC_KEY_KEYSTORE_RESOURCE; import static org.apache.qpid.server.security.FileTrustStoreTest.createDataUrlForFile; +import static org.apache.qpid.test.utils.TestSSLConstants.JAVA_KEYSTORE_TYPE; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; @@ -88,6 +89,7 @@ public class FileKeyStoreTest extends UnitTestBase attributes.put(FileKeyStore.NAME, "myFileKeyStore"); attributes.put(FileKeyStore.STORE_URL, BROKER_KEYSTORE_PATH); attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD); + attributes.put(FileKeyStore.KEY_STORE_TYPE, JAVA_KEYSTORE_TYPE); FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker); @@ -105,6 +107,7 @@ public class FileKeyStoreTest extends UnitTestBase attributes.put(FileKeyStore.STORE_URL, BROKER_KEYSTORE_PATH); attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD); attributes.put(FileKeyStore.CERTIFICATE_ALIAS, BROKER_KEYSTORE_ALIAS); + attributes.put(FileKeyStore.KEY_STORE_TYPE, JAVA_KEYSTORE_TYPE); FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker); @@ -121,6 +124,7 @@ public class FileKeyStoreTest extends UnitTestBase attributes.put(FileKeyStore.NAME, "myFileKeyStore"); attributes.put(FileKeyStore.STORE_URL, BROKER_KEYSTORE_PATH); attributes.put(FileKeyStore.PASSWORD, "wrong"); + attributes.put(FileKeyStore.KEY_STORE_TYPE, JAVA_KEYSTORE_TYPE); try { @@ -144,6 +148,7 @@ public class FileKeyStoreTest extends UnitTestBase attributes.put(FileKeyStore.STORE_URL, CLIENT_KEYSTORE_PATH); attributes.put(FileKeyStore.PASSWORD, CLIENT_KEYSTORE_PASSWORD); attributes.put(FileKeyStore.CERTIFICATE_ALIAS, "notknown"); + attributes.put(FileKeyStore.KEY_STORE_TYPE, JAVA_KEYSTORE_TYPE); try { @@ -166,6 +171,7 @@ public class FileKeyStoreTest extends UnitTestBase attributes.put(FileKeyStore.STORE_URL, CLIENT_KEYSTORE_PATH); attributes.put(FileKeyStore.PASSWORD, CLIENT_KEYSTORE_PASSWORD); attributes.put(FileKeyStore.CERTIFICATE_ALIAS, "rootca"); + attributes.put(FileKeyStore.KEY_STORE_TYPE, JAVA_KEYSTORE_TYPE); try { @@ -189,6 +195,7 @@ public class FileKeyStoreTest extends UnitTestBase attributes.put(FileKeyStore.NAME, "myFileKeyStore"); attributes.put(FileKeyStore.STORE_URL, trustStoreAsDataUrl); attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD); + attributes.put(FileKeyStore.KEY_STORE_TYPE, JAVA_KEYSTORE_TYPE); FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker); @@ -208,6 +215,7 @@ public class FileKeyStoreTest extends UnitTestBase attributes.put(FileKeyStore.STORE_URL, trustStoreAsDataUrl); attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD); attributes.put(FileKeyStore.CERTIFICATE_ALIAS, BROKER_KEYSTORE_ALIAS); + attributes.put(FileKeyStore.KEY_STORE_TYPE, JAVA_KEYSTORE_TYPE); FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker); @@ -226,6 +234,7 @@ public class FileKeyStoreTest extends UnitTestBase attributes.put(FileKeyStore.NAME, "myFileKeyStore"); attributes.put(FileKeyStore.PASSWORD, "wrong"); attributes.put(FileKeyStore.STORE_URL, keyStoreAsDataUrl); + attributes.put(FileKeyStore.KEY_STORE_TYPE, JAVA_KEYSTORE_TYPE); try { @@ -273,6 +282,7 @@ public class FileKeyStoreTest extends UnitTestBase attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD); attributes.put(FileKeyStore.STORE_URL, keyStoreAsDataUrl); attributes.put(FileKeyStore.CERTIFICATE_ALIAS, "notknown"); + attributes.put(FileKeyStore.KEY_STORE_TYPE, JAVA_KEYSTORE_TYPE); try { @@ -319,7 +329,7 @@ public class FileKeyStoreTest extends UnitTestBase attributes.put(FileKeyStore.NAME, getTestName()); attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD); attributes.put(FileKeyStore.STORE_URL, keystoreUrl); - attributes.put(FileKeyStore.KEY_STORE_TYPE, "PKCS12"); + attributes.put(FileKeyStore.KEY_STORE_TYPE, JAVA_KEYSTORE_TYPE); try { @@ -344,7 +354,7 @@ public class FileKeyStoreTest extends UnitTestBase attributes.put(FileKeyStore.NAME, "myFileKeyStore"); attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD); attributes.put(FileKeyStore.STORE_URL, keystoreUrl); - attributes.put(FileKeyStore.KEY_STORE_TYPE, "PKCS12"); + attributes.put(FileKeyStore.KEY_STORE_TYPE, JAVA_KEYSTORE_TYPE); KeyStore keyStore = _factory.create(KeyStore.class, attributes, _broker); assertNotNull(keyStore); @@ -357,6 +367,7 @@ public class FileKeyStoreTest extends UnitTestBase attributes.put(FileKeyStore.NAME, "myFileKeyStore"); attributes.put(FileKeyStore.STORE_URL, BROKER_KEYSTORE_PATH); attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD); + attributes.put(FileKeyStore.KEY_STORE_TYPE, JAVA_KEYSTORE_TYPE); FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes, _broker); diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java index c904f4c..4e99790 100644 --- a/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java +++ b/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java @@ -23,6 +23,7 @@ package org.apache.qpid.server.security; import static org.apache.qpid.server.security.FileKeyStoreTest.EMPTY_KEYSTORE_RESOURCE; import static org.apache.qpid.server.transport.network.security.ssl.SSLUtil.getInitializedKeyStore; import static org.apache.qpid.test.utils.JvmVendor.IBM; +import static org.apache.qpid.test.utils.TestSSLConstants.JAVA_KEYSTORE_TYPE; import static org.hamcrest.CoreMatchers.equalTo; import static org.hamcrest.CoreMatchers.is; import static org.hamcrest.CoreMatchers.not; @@ -112,6 +113,7 @@ public class FileTrustStoreTest extends UnitTestBase attributes.put(FileTrustStore.NAME, "myFileTrustStore"); attributes.put(FileTrustStore.STORE_URL, TRUST_STORE_PATH); attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD); + attributes.put(FileTrustStore.TRUST_STORE_TYPE, JAVA_KEYSTORE_TYPE); TrustStore<?> fileTrustStore = _factory.create(TrustStore.class, attributes, _broker); @@ -128,6 +130,7 @@ public class FileTrustStoreTest extends UnitTestBase attributes.put(FileTrustStore.NAME, "myFileTrustStore"); attributes.put(FileTrustStore.STORE_URL, TRUST_STORE_PATH); attributes.put(FileTrustStore.PASSWORD, "wrong"); + attributes.put(FileTrustStore.TRUST_STORE_TYPE, JAVA_KEYSTORE_TYPE); try { @@ -151,6 +154,7 @@ public class FileTrustStoreTest extends UnitTestBase attributes.put(FileTrustStore.STORE_URL, PEER_STORE_PATH); attributes.put(FileTrustStore.PASSWORD, PEER_STORE_PASSWORD); attributes.put(FileTrustStore.PEERS_ONLY, true); + attributes.put(FileTrustStore.TRUST_STORE_TYPE, JAVA_KEYSTORE_TYPE); TrustStore<?> fileTrustStore = _factory.create(TrustStore.class, attributes, _broker); @@ -174,6 +178,7 @@ public class FileTrustStoreTest extends UnitTestBase attributes.put(FileTrustStore.NAME, "myFileTrustStore"); attributes.put(FileTrustStore.STORE_URL, EXPIRED_TRUST_STORE_PATH); attributes.put(FileTrustStore.PASSWORD, BROKER_TRUST_STORE_PASSWORD); + attributes.put(FileTrustStore.TRUST_STORE_TYPE, JAVA_KEYSTORE_TYPE); TrustStore trustStore = _factory.create(TrustStore.class, attributes, _broker); @@ -186,7 +191,7 @@ public class FileTrustStoreTest extends UnitTestBase KeyStore clientStore = getInitializedKeyStore(EXPIRED_KEYSTORE_PATH, KEYSTORE_PASSWORD, - "pkcs12"); + JAVA_KEYSTORE_TYPE); String alias = clientStore.aliases().nextElement(); X509Certificate certificate = (X509Certificate) clientStore.getCertificate(alias); @@ -201,6 +206,7 @@ public class FileTrustStoreTest extends UnitTestBase attributes.put(FileTrustStore.STORE_URL, EXPIRED_TRUST_STORE_PATH); attributes.put(FileTrustStore.PASSWORD, BROKER_TRUST_STORE_PASSWORD); attributes.put(FileTrustStore.TRUST_ANCHOR_VALIDITY_ENFORCED, true); + attributes.put(FileTrustStore.TRUST_STORE_TYPE, JAVA_KEYSTORE_TYPE); TrustStore trustStore = _factory.create(TrustStore.class, attributes, _broker); @@ -213,7 +219,7 @@ public class FileTrustStoreTest extends UnitTestBase KeyStore clientStore = getInitializedKeyStore(EXPIRED_KEYSTORE_PATH, KEYSTORE_PASSWORD, - KeyStore.getDefaultType()); + JAVA_KEYSTORE_TYPE); String alias = clientStore.aliases().nextElement(); X509Certificate certificate = (X509Certificate) clientStore.getCertificate(alias); @@ -246,6 +252,7 @@ public class FileTrustStoreTest extends UnitTestBase attributes.put(FileTrustStore.NAME, "myFileTrustStore"); attributes.put(FileTrustStore.STORE_URL, trustStoreAsDataUrl); attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD); + attributes.put(FileTrustStore.TRUST_STORE_TYPE, JAVA_KEYSTORE_TYPE); TrustStore<?> fileTrustStore = _factory.create(TrustStore.class, attributes, _broker); @@ -264,6 +271,7 @@ public class FileTrustStoreTest extends UnitTestBase attributes.put(FileTrustStore.NAME, "myFileTrustStore"); attributes.put(FileTrustStore.PASSWORD, "wrong"); attributes.put(FileTrustStore.STORE_URL, trustStoreAsDataUrl); + attributes.put(FileTrustStore.TRUST_STORE_TYPE, JAVA_KEYSTORE_TYPE); try { @@ -287,6 +295,7 @@ public class FileTrustStoreTest extends UnitTestBase attributes.put(FileTrustStore.NAME, "myFileTrustStore"); attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD); attributes.put(FileTrustStore.STORE_URL, trustStoreAsDataUrl); + attributes.put(FileTrustStore.TRUST_STORE_TYPE, JAVA_KEYSTORE_TYPE); try { @@ -308,6 +317,7 @@ public class FileTrustStoreTest extends UnitTestBase attributes.put(FileTrustStore.NAME, "myFileTrustStore"); attributes.put(FileTrustStore.STORE_URL, TRUST_STORE_PATH); attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD); + attributes.put(FileTrustStore.TRUST_STORE_TYPE, JAVA_KEYSTORE_TYPE); FileTrustStore<?> fileTrustStore = (FileTrustStore<?>) _factory.create(TrustStore.class, attributes, _broker); @@ -356,6 +366,7 @@ public class FileTrustStoreTest extends UnitTestBase attributes.put(FileKeyStore.NAME, "myFileTrustStore"); attributes.put(FileKeyStore.PASSWORD, KEYSTORE_PASSWORD); attributes.put(FileKeyStore.STORE_URL, emptyKeystore); + attributes.put(FileTrustStore.TRUST_STORE_TYPE, "jks"); try { @@ -378,7 +389,7 @@ public class FileTrustStoreTest extends UnitTestBase attributes.put(FileTrustStore.NAME, getTestName()); attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD); attributes.put(FileTrustStore.STORE_URL, keystoreUrl); - attributes.put(FileTrustStore.TRUST_STORE_TYPE, "PKCS12"); + attributes.put(FileTrustStore.TRUST_STORE_TYPE, JAVA_KEYSTORE_TYPE); try { @@ -403,13 +414,13 @@ public class FileTrustStoreTest extends UnitTestBase attributes.put(FileTrustStore.NAME, getTestName()); attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD); attributes.put(FileTrustStore.STORE_URL, keystoreUrl); - attributes.put(FileTrustStore.TRUST_STORE_TYPE, "PKCS12"); + attributes.put(FileTrustStore.TRUST_STORE_TYPE, JAVA_KEYSTORE_TYPE); TrustStore trustStore = _factory.create(TrustStore.class, attributes, _broker); Certificate[] certificates = trustStore.getCertificates(); assertEquals("Unexpected number of certificates", - (long) getNumberOfCertificates(keystoreUrl, "PKCS12"), + (long) getNumberOfCertificates(keystoreUrl, JAVA_KEYSTORE_TYPE), (long) certificates.length); } @@ -423,12 +434,13 @@ public class FileTrustStoreTest extends UnitTestBase attributes.put(FileTrustStore.NAME, getTestName()); attributes.put(FileTrustStore.PASSWORD, BROKER_KEYSTORE_PASSWORD); attributes.put(FileTrustStore.STORE_URL, keystoreUrl); + attributes.put(FileTrustStore.TRUST_STORE_TYPE, JAVA_KEYSTORE_TYPE); TrustStore trustStore = _factory.create(TrustStore.class, attributes, _broker); Certificate[] certificates = trustStore.getCertificates(); assertEquals("Unexpected number of certificates", - (long) getNumberOfCertificates(keystoreUrl, "jks"), + (long) getNumberOfCertificates(keystoreUrl, JAVA_KEYSTORE_TYPE), (long) certificates.length); } diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaKeyStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaKeyStoreTest.java index 16cc2b0..2352591 100644 --- a/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaKeyStoreTest.java +++ b/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaKeyStoreTest.java @@ -20,6 +20,7 @@ package org.apache.qpid.server.security; +import static org.apache.qpid.test.utils.TestSSLConstants.JAVA_KEYSTORE_TYPE; import static org.apache.qpid.test.utils.TestSSLConstants.KEYSTORE_PASSWORD; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; @@ -104,7 +105,7 @@ public class NonJavaKeyStoreTest extends UnitTestBase private File[] extractResourcesFromTestKeyStore(boolean pem, final String storeResource) throws Exception { - java.security.KeyStore ks = java.security.KeyStore.getInstance(java.security.KeyStore.getDefaultType()); + java.security.KeyStore ks = java.security.KeyStore.getInstance(JAVA_KEYSTORE_TYPE); try(InputStream is = getClass().getResourceAsStream(storeResource)) { ks.load(is, KEYSTORE_PASSWORD.toCharArray() ); @@ -271,7 +272,7 @@ public class NonJavaKeyStoreTest extends UnitTestBase { when(_broker.scheduleHouseKeepingTask(anyLong(), any(TimeUnit.class), any(Runnable.class))).thenReturn(mock(ScheduledFuture.class)); - java.security.KeyStore ks = java.security.KeyStore.getInstance("pkcs12"); + java.security.KeyStore ks = java.security.KeyStore.getInstance(JAVA_KEYSTORE_TYPE); final String storeLocation = KEYSTORE; try(InputStream is = getClass().getResourceAsStream(storeLocation)) { diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaTrustStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaTrustStoreTest.java index 1466e57..69262dc 100644 --- a/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaTrustStoreTest.java +++ b/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaTrustStoreTest.java @@ -19,6 +19,7 @@ package org.apache.qpid.server.security; +import static org.apache.qpid.test.utils.TestSSLConstants.JAVA_KEYSTORE_TYPE; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; @@ -108,7 +109,7 @@ public class NonJavaTrustStoreTest extends UnitTestBase KeyStore clientStore = SSLUtil.getInitializedKeyStore(EXPIRED_KEYSTORE, KEYSTORE_PASSWORD, - "PKCS12"); + JAVA_KEYSTORE_TYPE); String alias = clientStore.aliases().nextElement(); X509Certificate certificate = (X509Certificate) clientStore.getCertificate(alias); diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/SiteSpecificTrustStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/SiteSpecificTrustStoreTest.java index b2f95e6..bca9b79 100644 --- a/broker-core/src/test/java/org/apache/qpid/server/security/SiteSpecificTrustStoreTest.java +++ b/broker-core/src/test/java/org/apache/qpid/server/security/SiteSpecificTrustStoreTest.java @@ -21,6 +21,7 @@ package org.apache.qpid.server.security; +import static org.apache.qpid.test.utils.TestSSLConstants.JAVA_KEYSTORE_TYPE; import static org.junit.Assert.assertEquals; import static org.junit.Assert.fail; import static org.mockito.Mockito.mock; @@ -262,7 +263,7 @@ public class SiteSpecificTrustStoreTest extends UnitTestBase char[] keyPassword = KEYSTORE_PASSWORD.toCharArray(); try(InputStream inputStream = getClass().getResourceAsStream(KEYSTORE)) { - KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); + KeyStore keyStore = KeyStore.getInstance(JAVA_KEYSTORE_TYPE); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyStore.load(inputStream, keyPassword); keyManagerFactory.init(keyStore, keyPassword); diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2MockEndpointHolder.java b/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2MockEndpointHolder.java index 4c4aa0a..afd4c4d 100644 --- a/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2MockEndpointHolder.java +++ b/broker-core/src/test/java/org/apache/qpid/server/security/auth/manager/oauth2/OAuth2MockEndpointHolder.java @@ -20,6 +20,9 @@ */ package org.apache.qpid.server.security.auth.manager.oauth2; +import static java.nio.charset.StandardCharsets.UTF_8; +import static org.apache.qpid.test.utils.TestSSLConstants.JAVA_KEYSTORE_TYPE; + import java.io.IOException; import java.util.Arrays; import java.util.Collections; @@ -31,6 +34,8 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import com.fasterxml.jackson.core.type.TypeReference; +import com.fasterxml.jackson.databind.ObjectMapper; import junit.framework.TestCase; import org.eclipse.jetty.server.Request; import org.eclipse.jetty.server.Server; @@ -84,6 +89,7 @@ class OAuth2MockEndpointHolder }; sslContextFactory.setKeyStorePassword(KEYSTORE_PASSWORD); sslContextFactory.setKeyStoreResource(Resource.newClassPathResource(KEYSTORE_RESOURCE)); + sslContextFactory.setKeyStoreType(JAVA_KEYSTORE_TYPE); // override default jetty excludes as valid IBM JDK are excluded // causing SSL handshake failure (due to default exclude '^SSL_.*$') @@ -153,7 +159,16 @@ class OAuth2MockEndpointHolder List<String> listOfStrings = Collections.emptyList(); if(listAsString != null && !"".equals(listAsString)) { - listOfStrings = Arrays.asList(listAsString.split("\\s*,\\s*")); + try + { + listOfStrings = new ObjectMapper().readValue(listAsString.getBytes(UTF_8), new TypeReference<List<String>>() + { + }); + } + catch (IOException e) + { + listOfStrings = Arrays.asList(listAsString.split("\\s*,\\s*")); + } } return listOfStrings; } diff --git a/broker-core/src/test/java/org/apache/qpid/server/ssl/TrustManagerTest.java b/broker-core/src/test/java/org/apache/qpid/server/ssl/TrustManagerTest.java index 12dfb54..df2611d 100644 --- a/broker-core/src/test/java/org/apache/qpid/server/ssl/TrustManagerTest.java +++ b/broker-core/src/test/java/org/apache/qpid/server/ssl/TrustManagerTest.java @@ -43,7 +43,7 @@ import org.apache.qpid.test.utils.UnitTestBase; public class TrustManagerTest extends UnitTestBase { - private static final String STORE_TYPE = "pkcs12"; + private static final String STORE_TYPE = TestSSLConstants.JAVA_KEYSTORE_TYPE; private static final String DEFAULT_TRUST_MANAGER_ALGORITHM = TrustManagerFactory.getDefaultAlgorithm(); private static final String KEYSTORE_PASSWORD = TestSSLConstants.KEYSTORE_PASSWORD; private static final String PEER_STORE = "ssl/java_broker_peerstore.pkcs12"; diff --git a/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/TestSSLConstants.java b/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/TestSSLConstants.java index 949b450..9bdb282 100644 --- a/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/TestSSLConstants.java +++ b/qpid-test-utils/src/main/java/org/apache/qpid/test/utils/TestSSLConstants.java @@ -39,4 +39,6 @@ public interface TestSSLConstants String BROKER_TRUSTSTORE = "test-profiles/test_resources/ssl/java_broker_truststore.jks"; String BROKER_TRUSTSTORE_PASSWORD = "password"; + + String JAVA_KEYSTORE_TYPE = "pkcs12"; } diff --git a/systests/qpid-systests-http-management/src/main/java/org/apache/qpid/tests/http/HttpTestHelper.java b/systests/qpid-systests-http-management/src/main/java/org/apache/qpid/tests/http/HttpTestHelper.java index ef6d9b1..5efc3aa 100644 --- a/systests/qpid-systests-http-management/src/main/java/org/apache/qpid/tests/http/HttpTestHelper.java +++ b/systests/qpid-systests-http-management/src/main/java/org/apache/qpid/tests/http/HttpTestHelper.java @@ -21,6 +21,7 @@ package org.apache.qpid.tests.http; import static java.nio.charset.StandardCharsets.UTF_8; +import static org.apache.qpid.test.utils.TestSSLConstants.JAVA_KEYSTORE_TYPE; import java.io.ByteArrayInputStream; import java.io.IOException; @@ -349,11 +350,11 @@ public class HttpTestHelper try { URL ks = new URL(keystore); - _keyStore = SSLUtil.getInitializedKeyStore(ks, password, KeyStore.getDefaultType()); + _keyStore = SSLUtil.getInitializedKeyStore(ks, password, JAVA_KEYSTORE_TYPE); } catch (MalformedURLException e) { - _keyStore = SSLUtil.getInitializedKeyStore(keystore, password, KeyStore.getDefaultType()); + _keyStore = SSLUtil.getInitializedKeyStore(keystore, password, JAVA_KEYSTORE_TYPE); } } else diff --git a/systests/qpid-systests-http-management/src/main/resources/config-http-management-tests.json b/systests/qpid-systests-http-management/src/main/resources/config-http-management-tests.json index f8405de..946e545 100644 --- a/systests/qpid-systests-http-management/src/main/resources/config-http-management-tests.json +++ b/systests/qpid-systests-http-management/src/main/resources/config-http-management-tests.json @@ -25,7 +25,8 @@ { "name": "systestsKeyStore", "storeUrl": "classpath:java_broker_keystore.jks", - "password": "password" + "password": "password", + "keyStoreType": "pkcs12" } ], "authenticationproviders": [ diff --git a/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/authentication/PreemptiveAuthenticationTest.java b/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/authentication/PreemptiveAuthenticationTest.java index c7d0146..940d51c 100644 --- a/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/authentication/PreemptiveAuthenticationTest.java +++ b/systests/qpid-systests-http-management/src/test/java/org/apache/qpid/tests/http/authentication/PreemptiveAuthenticationTest.java @@ -25,6 +25,7 @@ import static javax.servlet.http.HttpServletResponse.SC_OK; import static javax.servlet.http.HttpServletResponse.SC_UNAUTHORIZED; import static org.apache.qpid.server.transport.network.security.ssl.SSLUtil.canGenerateCerts; import static org.apache.qpid.server.transport.network.security.ssl.SSLUtil.generateSelfSignedCertificate; +import static org.apache.qpid.test.utils.TestSSLConstants.JAVA_KEYSTORE_TYPE; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.greaterThan; import static org.hamcrest.Matchers.hasKey; @@ -231,6 +232,7 @@ public class PreemptiveAuthenticationTest extends HttpTestBase keystoreAttr.put(FileKeyStore.TYPE, "FileKeyStore"); keystoreAttr.put(FileKeyStore.STORE_URL, "classpath:java_broker_keystore.jks"); keystoreAttr.put(FileKeyStore.PASSWORD, STORE_PASSWORD); + keystoreAttr.put(FileKeyStore.KEY_STORE_TYPE, JAVA_KEYSTORE_TYPE); getHelper().submitRequest("keystore/mykeystore","PUT", keystoreAttr, SC_CREATED); deleteActions.add(object -> getHelper().submitRequest("keystore/mykeystore", "DELETE", SC_OK)); @@ -307,7 +309,7 @@ public class PreemptiveAuthenticationTest extends HttpTestBase private String createKeyStoreDataUrl(final KeyCertPair keyCertPair, final String password) throws Exception { - final KeyStore keyStore = KeyStore.getInstance("JKS"); + final KeyStore keyStore = KeyStore.getInstance(JAVA_KEYSTORE_TYPE); keyStore.load(null, null); Certificate[] certChain = new Certificate[] {keyCertPair.getCertificate()}; keyStore.setKeyEntry("key1", keyCertPair.getPrivateKey(), password.toCharArray(), certChain); diff --git a/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/QpidJmsClientConnectionBuilder.java b/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/QpidJmsClientConnectionBuilder.java index 551ba20..6da37ca 100644 --- a/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/QpidJmsClientConnectionBuilder.java +++ b/systests/qpid-systests-jms-core/src/main/java/org/apache/qpid/systests/QpidJmsClientConnectionBuilder.java @@ -39,6 +39,8 @@ import javax.naming.Context; import javax.naming.InitialContext; import javax.naming.NamingException; +import org.apache.qpid.test.utils.TestSSLConstants; + public class QpidJmsClientConnectionBuilder implements ConnectionBuilder { private static final AtomicInteger CLIENTID_COUNTER = new AtomicInteger(); @@ -168,6 +170,14 @@ public class QpidJmsClientConnectionBuilder implements ConnectionBuilder public ConnectionBuilder setTls(final boolean enableTls) { _enableTls = enableTls; + if (enableTls) + { + _options.put("transport.storeType", TestSSLConstants.JAVA_KEYSTORE_TYPE); + } + else + { + _options.remove("transport.storeType"); + } return this; } diff --git a/systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/management/AmqpManagementTest.java b/systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/management/AmqpManagementTest.java index 2fbf21f..4704829 100644 --- a/systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/management/AmqpManagementTest.java +++ b/systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/management/AmqpManagementTest.java @@ -23,6 +23,7 @@ package org.apache.qpid.systests.jms_1_1.extensions.management; import static java.nio.charset.StandardCharsets.UTF_8; import static org.apache.qpid.server.model.Queue.ALERT_THRESHOLD_QUEUE_DEPTH_MESSAGES; import static org.apache.qpid.systests.jms_1_1.extensions.tls.TlsTest.TRUSTSTORE; +import static org.apache.qpid.test.utils.TestSSLConstants.JAVA_KEYSTORE_TYPE; import static org.apache.qpid.test.utils.TestSSLConstants.TRUSTSTORE_PASSWORD; import static org.hamcrest.CoreMatchers.is; import static org.junit.Assert.assertEquals; @@ -54,6 +55,8 @@ import javax.jms.Session; import javax.naming.NamingException; import com.fasterxml.jackson.databind.ObjectMapper; +import org.junit.AfterClass; +import org.junit.BeforeClass; import org.junit.Test; import org.apache.qpid.server.exchange.ExchangeDefaults; @@ -72,6 +75,27 @@ public class AmqpManagementTest extends JmsTestBase private MessageConsumer _consumer; private MessageProducer _producer; + @BeforeClass + public static void setUp() throws Exception + { + // legacy client keystore/truststore types can only be configured with JVM settings + if (getProtocol() != Protocol.AMQP_1_0) + { + System.setProperty("javax.net.ssl.trustStoreType", JAVA_KEYSTORE_TYPE); + System.setProperty("javax.net.ssl.keyStoreType", JAVA_KEYSTORE_TYPE); + } + } + + @AfterClass + public static void tearDown() throws Exception + { + if (getProtocol() != Protocol.AMQP_1_0) + { + System.clearProperty("javax.net.ssl.trustStoreType"); + System.clearProperty("javax.net.ssl.keyStoreType"); + } + } + private void setUp(final Connection connection) throws Exception { connection.start(); diff --git a/systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/sasl/AuthenticationTest.java b/systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/sasl/AuthenticationTest.java index 910f461..9661a6d 100644 --- a/systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/sasl/AuthenticationTest.java +++ b/systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/sasl/AuthenticationTest.java @@ -34,6 +34,7 @@ import static org.apache.qpid.test.utils.TestSSLConstants.CERT_ALIAS_APP2; import static org.apache.qpid.test.utils.TestSSLConstants.EXPIRED_KEYSTORE; import static org.apache.qpid.test.utils.TestSSLConstants.KEYSTORE_PASSWORD; import static org.apache.qpid.test.utils.TestSSLConstants.TRUSTSTORE_PASSWORD; +import static org.apache.qpid.test.utils.TestSSLConstants.JAVA_KEYSTORE_TYPE; import static org.hamcrest.CoreMatchers.anyOf; import static org.hamcrest.CoreMatchers.equalTo; import static org.hamcrest.CoreMatchers.is; @@ -91,6 +92,13 @@ public class AuthenticationTest extends JmsTestBase { System.setProperty("amqj.MaximumStateWait", "4000"); } + + // legacy client keystore/truststore types can only be configured with JVM settings + if (getProtocol() != Protocol.AMQP_1_0) + { + System.setProperty("javax.net.ssl.trustStoreType", JAVA_KEYSTORE_TYPE); + System.setProperty("javax.net.ssl.keyStoreType", JAVA_KEYSTORE_TYPE); + } } @AfterClass @@ -101,6 +109,12 @@ public class AuthenticationTest extends JmsTestBase { System.clearProperty("amqj.MaximumStateWait"); } + + if (getProtocol() != Protocol.AMQP_1_0) + { + System.clearProperty("javax.net.ssl.trustStoreType"); + System.clearProperty("javax.net.ssl.keyStoreType"); + } } @@ -278,6 +292,7 @@ public class AuthenticationTest extends JmsTestBase Map<String, Object> trustStoreAttributes = new HashMap<>(); trustStoreAttributes.put(FileTrustStore.STORE_URL, BROKER_TRUSTSTORE); trustStoreAttributes.put(FileTrustStore.PASSWORD, BROKER_TRUSTSTORE_PASSWORD); + trustStoreAttributes.put(FileTrustStore.TRUST_STORE_TYPE, TestSSLConstants.JAVA_KEYSTORE_TYPE); createEntity(trustStoreName, FileTrustStore.class.getName(), @@ -479,6 +494,7 @@ public class AuthenticationTest extends JmsTestBase final Map<String, Object> keyStoreAttributes = new HashMap<>(); keyStoreAttributes.put("storeUrl", BROKER_KEYSTORE); keyStoreAttributes.put("password", BROKER_KEYSTORE_PASSWORD); + keyStoreAttributes.put("keyStoreType", TestSSLConstants.JAVA_KEYSTORE_TYPE); final String keyStoreName = providerName + "KeyStore"; createEntity(keyStoreName, @@ -486,11 +502,12 @@ public class AuthenticationTest extends JmsTestBase keyStoreAttributes, connection); - + Map<String, Object> trustStoreSettings = new HashMap<>(trustStoreAttributes); + trustStoreSettings.put("trustStoreType", TestSSLConstants.JAVA_KEYSTORE_TYPE); final String trustStoreName = providerName + "TrustStore"; createEntity(trustStoreName, FileTrustStore.class.getName(), - trustStoreAttributes, + trustStoreSettings, connection); String portName = getPortName(); diff --git a/systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/tls/TlsTest.java b/systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/tls/TlsTest.java index 8ece2c2..bb81620 100644 --- a/systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/tls/TlsTest.java +++ b/systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/tls/TlsTest.java @@ -20,6 +20,7 @@ */ package org.apache.qpid.systests.jms_1_1.extensions.tls; +import static org.apache.qpid.test.utils.TestSSLConstants.JAVA_KEYSTORE_TYPE; import static org.apache.qpid.test.utils.TestSSLConstants.BROKER_KEYSTORE_PASSWORD; import static org.apache.qpid.test.utils.TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD; import static org.apache.qpid.test.utils.TestSSLConstants.KEYSTORE_PASSWORD; @@ -89,6 +90,13 @@ public class TlsTest extends JmsTestBase { System.setProperty("amqj.MaximumStateWait", "4000"); } + + // legacy client keystore/truststore types can only be configured with JVM settings + if (getProtocol() != Protocol.AMQP_1_0) + { + System.setProperty("javax.net.ssl.trustStoreType", JAVA_KEYSTORE_TYPE); + System.setProperty("javax.net.ssl.keyStoreType", JAVA_KEYSTORE_TYPE); + } } @AfterClass @@ -99,6 +107,12 @@ public class TlsTest extends JmsTestBase { System.clearProperty("amqj.MaximumStateWait"); } + + if (getProtocol() != Protocol.AMQP_1_0) + { + System.clearProperty("javax.net.ssl.trustStoreType"); + System.clearProperty("javax.net.ssl.keyStoreType"); + } } @Test @@ -586,6 +600,7 @@ public class TlsTest extends JmsTestBase final Map<String, Object> keyStoreAttributes = new HashMap<>(); keyStoreAttributes.put("storeUrl", BROKER_KEYSTORE); keyStoreAttributes.put("password", BROKER_KEYSTORE_PASSWORD); + keyStoreAttributes.put("keyStoreType", JAVA_KEYSTORE_TYPE); managementFacade.createEntityAndAssertResponse(keyStoreName, FileKeyStore.class.getName(), keyStoreAttributes, @@ -602,6 +617,7 @@ public class TlsTest extends JmsTestBase final Map<String, Object> trustStoreAttributes = new HashMap<>(); trustStoreAttributes.put("storeUrl", BROKER_TRUSTSTORE); trustStoreAttributes.put("password", BROKER_TRUSTSTORE_PASSWORD); + trustStoreAttributes.put("trustStoreType", JAVA_KEYSTORE_TYPE); managementFacade.createEntityAndAssertResponse(trustStoreName, FileTrustStore.class.getName(), trustStoreAttributes, @@ -678,7 +694,7 @@ public class TlsTest extends JmsTestBase private File[] extractResourcesFromTestKeyStore() throws Exception { - java.security.KeyStore ks = java.security.KeyStore.getInstance(java.security.KeyStore.getDefaultType()); + java.security.KeyStore ks = java.security.KeyStore.getInstance(JAVA_KEYSTORE_TYPE); try (InputStream is = new FileInputStream(KEYSTORE)) { ks.load(is, KEYSTORE_PASSWORD.toCharArray()); @@ -728,7 +744,7 @@ public class TlsTest extends JmsTestBase private File extractCertFileFromTestTrustStore() throws Exception { - java.security.KeyStore ks = java.security.KeyStore.getInstance(java.security.KeyStore.getDefaultType()); + java.security.KeyStore ks = java.security.KeyStore.getInstance(JAVA_KEYSTORE_TYPE); try (InputStream is = new FileInputStream(TRUSTSTORE)) { ks.load(is, TRUSTSTORE_PASSWORD.toCharArray()); --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org For additional commands, e-mail: commits-h...@qpid.apache.org