[
https://issues.apache.org/jira/browse/QPID-8402?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17027443#comment-17027443
]
Robbie Gemmell commented on QPID-8402:
--------------------------------------
I quite like the pre-generated from script approach for the most part. When
things fail e.g in CI, its easy to debug locally when you have the precise test
data, its easier to swap those out with known substitutes to be used instead,
etc. Its easy to track when and how the details have changed, possibly in
unexpected ways over time (e.g updated defaults affecting their generation).
The main reasons I've seen for refreshing the cert resources of late wont
necessarily be avoided because they are generated on the fly. An auto
generation process itself seems likely to need updating in similar ways at the
same point as the steps for the fixed resources would have been too. The other
general reason for refresh is validity, which is easily addressed by a longer
period, and even with fixed resources the window extend any point it is
necessary to refresh them for other reasons.
Generating them each run will also will take a short amount of time, which isnt
necessarily as much of a noticeable thing in a longer build like Broker-J's,
but would likely be annoying in smaller quicker builds.
(As an aside, I would say the generation script could perhaps be simpler at
least in some cases, for theĀ [admittedly, less complicated] JMS clients tests
we manage with using using only keytool for the generation currently)
> [Broker-J][Tests] Use Bouncy Castle API to generate certificate resources on
> the fly in unit and system tests
> -------------------------------------------------------------------------------------------------------------
>
> Key: QPID-8402
> URL: https://issues.apache.org/jira/browse/QPID-8402
> Project: Qpid
> Issue Type: Task
> Components: Broker-J
> Reporter: Alex Rudyy
> Priority: Major
> Fix For: qpid-java-broker-8.0.0
>
> Attachments:
> 0001-QPID-8402-Broker-J-Add-bouncycastle-test-dependecies.patch,
> 0002-QPID-8402-Broker-J-Add-generation-of-self-signed-cer.patch
>
>
> Qpid Broker-J unit tests rely on a number of pre-generated kesstores,
> truststores, certificates, etc located either in module test resources folder
> or/and project folder {{./test-profiles/test_resources/ssl}}. Those
> resources need to be regenerated periodically in order to keep them valid and
> up to date. As part of work at QPID-8367, the number of required test
> resources has increased.
> A bash script was created in order to automate the generation, though, it
> seems, that a better approach would be to generate the required resources on
> runtime using Bouncy Castle API.
> It is not exactly clear whether Bouncy Castle API would allow to generate
> all required test resources (including those added in QPID-8367). Though, we
> should switch to using Bouncy Castle API where it is possible, especially,
> for generation of self-signed certificates and test CA authority certificates
> and corresponding keystores/truststores.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
