Google Git
Sign in
apache / qpid-jms / 4143e5ea268728af25ed535212df8576ffabc6c7 / . / qpid-jms-client / src / test / java / org / apache / qpid / jms / integration / SslIntegrationTest.java
blob: e1668a7d64bc427e189ec69cf8ff9d8e046d74b1 [file] [log] [blame]
/*
*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.apache.qpid.jms.integration;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import static org.junit.Assume.assumeTrue;
import java.io.IOException;
import java.net.Socket;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.jms.Connection;
import javax.jms.JMSException;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import org.apache.qpid.jms.JmsConnectionExtensions;
import org.apache.qpid.jms.JmsConnectionFactory;
import org.apache.qpid.jms.test.QpidJmsTestCase;
import org.apache.qpid.jms.test.testpeer.TestAmqpPeer;
import org.apache.qpid.jms.transports.TransportOptions;
import org.apache.qpid.jms.transports.TransportSupport;
import org.apache.qpid.jms.transports.netty.NettySimpleAmqpServer;
import org.junit.Test;
import io.netty.handler.ssl.OpenSsl;
public class SslIntegrationTest extends QpidJmsTestCase {
private static final String BROKER_JKS_KEYSTORE = "src/test/resources/broker-jks.keystore";
private static final String BROKER_PKCS12_KEYSTORE = "src/test/resources/broker-pkcs12.keystore";
private static final String BROKER_JKS_TRUSTSTORE = "src/test/resources/broker-jks.truststore";
private static final String BROKER_PKCS12_TRUSTSTORE = "src/test/resources/broker-pkcs12.truststore";
private static final String CLIENT_MULTI_KEYSTORE = "src/test/resources/client-multiple-keys-jks.keystore";
private static final String CLIENT_JKS_TRUSTSTORE = "src/test/resources/client-jks.truststore";
private static final String CLIENT_PKCS12_TRUSTSTORE = "src/test/resources/client-pkcs12.truststore";
private static final String OTHER_CA_TRUSTSTORE = "src/test/resources/other-ca-jks.truststore";
private static final String CLIENT_JKS_KEYSTORE = "src/test/resources/client-jks.keystore";
private static final String CLIENT_PKCS12_KEYSTORE = "src/test/resources/client-pkcs12.keystore";
private static final String CLIENT2_JKS_KEYSTORE = "src/test/resources/client2-jks.keystore";
private static final String CUSTOM_STORE_TYPE_PKCS12 = "pkcs12";
private static final String PASSWORD = "password";
private static final String WRONG_PASSWORD = "wrong-password";
private static final String CLIENT_KEY_ALIAS = "client";
private static final String CLIENT_DN = "O=Client,CN=client";
private static final String CLIENT2_KEY_ALIAS = "client2";
private static final String CLIENT2_DN = "O=Client2,CN=client2";
private static final String ALIAS_DOES_NOT_EXIST = "alias.does.not.exist";
private static final String ALIAS_CA_CERT = "ca";
private static final String JAVAX_NET_SSL_KEY_STORE = "javax.net.ssl.keyStore";
private static final String JAVAX_NET_SSL_KEY_STORE_TYPE = "javax.net.ssl.keyStoreType";
private static final String JAVAX_NET_SSL_KEY_STORE_PASSWORD = "javax.net.ssl.keyStorePassword";
private static final String JAVAX_NET_SSL_TRUST_STORE = "javax.net.ssl.trustStore";
private static final String JAVAX_NET_SSL_TRUST_STORE_TYPE = "javax.net.ssl.trustStoreType";
private static final String JAVAX_NET_SSL_TRUST_STORE_PASSWORD = "javax.net.ssl.trustStorePassword";
private final IntegrationTestFixture testFixture = new IntegrationTestFixture();
@Test(timeout = 20000)
public void testCreateAndCloseSslConnectionJDK() throws Exception {
testCreateAndCloseSslConnection(false);
}
@Test(timeout = 20000)
public void testCreateAndCloseSslConnectionOpenSSL() throws Exception {
assumeTrue(OpenSsl.isAvailable());
assumeTrue(OpenSsl.supportsKeyManagerFactory());
testCreateAndCloseSslConnection(true);
}
private void testCreateAndCloseSslConnection(boolean openSSL) throws Exception {
TransportOptions sslOptions = new TransportOptions();
sslOptions.setKeyStoreLocation(BROKER_JKS_KEYSTORE);
sslOptions.setKeyStorePassword(PASSWORD);
sslOptions.setVerifyHost(false);
SSLContext context = TransportSupport.createJdkSslContext(sslOptions);
try (TestAmqpPeer testPeer = new TestAmqpPeer(context, false);) {
String connOptions = "?transport.trustStoreLocation=" + CLIENT_JKS_TRUSTSTORE + "&" +
"transport.trustStorePassword=" + PASSWORD + "&" +
"transport.useOpenSSL=" + openSSL;
Connection connection = testFixture.establishConnecton(testPeer, true, connOptions, null, null, true);
Socket socket = testPeer.getClientSocket();
assertTrue(socket instanceof SSLSocket);
testPeer.expectClose();
connection.close();
}
}
@Test(timeout = 20000)
public void testCreateSslConnectionWithServerSendingPreemptiveDataJDK() throws Exception {
doTestCreateSslConnectionWithServerSendingPreemptiveData(false);
}
@Test(timeout = 20000)
public void testCreateSslConnectionWithServerSendingPreemptiveDataOpenSSL() throws Exception {
assumeTrue(OpenSsl.isAvailable());
assumeTrue(OpenSsl.supportsKeyManagerFactory());
doTestCreateSslConnectionWithServerSendingPreemptiveData(true);
}
private void doTestCreateSslConnectionWithServerSendingPreemptiveData(boolean openSSL) throws Exception {
TransportOptions serverSslOptions = new TransportOptions();
serverSslOptions.setKeyStoreLocation(BROKER_JKS_KEYSTORE);
serverSslOptions.setKeyStorePassword(PASSWORD);
serverSslOptions.setVerifyHost(false);
SSLContext serverSslContext = TransportSupport.createJdkSslContext(serverSslOptions);
boolean sendServerSaslHeaderPreEmptively = true;
try (TestAmqpPeer testPeer = new TestAmqpPeer(serverSslContext, false, sendServerSaslHeaderPreEmptively);) {
// Don't use test fixture, handle the connection directly to control sasl behaviour
testPeer.expectSaslAnonymousWithPreEmptiveServerHeader();
testPeer.expectOpen();
testPeer.expectBegin();
String connOptions = "?transport.trustStoreLocation=" + CLIENT_JKS_TRUSTSTORE + "&" +
"transport.trustStorePassword=" + PASSWORD + "&" +
"transport.useOpenSSL=" + openSSL;
JmsConnectionFactory factory = new JmsConnectionFactory("amqps://localhost:" + testPeer.getServerPort() + connOptions);
Connection connection = factory.createConnection();
connection.start();
Socket socket = testPeer.getClientSocket();
assertTrue(socket instanceof SSLSocket);
testPeer.expectClose();
connection.close();
}
}
@Test(timeout = 20000)
public void testCreateAndCloseSslConnectionWithClientAuthJDK() throws Exception {
doTestCreateAndCloseSslConnectionWithClientAuth(false);
}
@Test(timeout = 20000)
public void testCreateAndCloseSslConnectionWithClientAuthOpenSSL() throws Exception {
assumeTrue(OpenSsl.isAvailable());
assumeTrue(OpenSsl.supportsKeyManagerFactory());
doTestCreateAndCloseSslConnectionWithClientAuth(true);
}
private void doTestCreateAndCloseSslConnectionWithClientAuth(boolean openSSL) throws Exception {
TransportOptions sslOptions = new TransportOptions();
sslOptions.setKeyStoreLocation(BROKER_JKS_KEYSTORE);
sslOptions.setTrustStoreLocation(BROKER_JKS_TRUSTSTORE);
sslOptions.setKeyStorePassword(PASSWORD);
sslOptions.setTrustStorePassword(PASSWORD);
sslOptions.setVerifyHost(false);
SSLContext context = TransportSupport.createJdkSslContext(sslOptions);
try (TestAmqpPeer testPeer = new TestAmqpPeer(context, true);) {
String connOptions = "?transport.keyStoreLocation=" + CLIENT_MULTI_KEYSTORE + "&" +
"transport.keyStorePassword=" + PASSWORD + "&" +
"transport.trustStoreLocation=" + CLIENT_JKS_TRUSTSTORE + "&" +
"transport.trustStorePassword=" + PASSWORD + "&" +
"transport.useOpenSSL=" + openSSL;
Connection connection = testFixture.establishConnecton(testPeer, true, connOptions, null, null, true);
Socket socket = testPeer.getClientSocket();
assertTrue(socket instanceof SSLSocket);
assertNotNull(((SSLSocket) socket).getSession().getPeerPrincipal());
testPeer.expectClose();
connection.close();
}
}
@Test(timeout = 20000)
public void testCreateAndCloseSslConnectionWithAliasJDK() throws Exception {
doConnectionWithAliasTestImpl(CLIENT_KEY_ALIAS, CLIENT_DN, false);
doConnectionWithAliasTestImpl(CLIENT2_KEY_ALIAS, CLIENT2_DN, false);
}
@Test(timeout = 20000)
public void testCreateAndCloseSslConnectionWithAliasOpenSSL() throws Exception {
assumeTrue(OpenSsl.isAvailable());
assumeTrue(OpenSsl.supportsKeyManagerFactory());
doConnectionWithAliasTestImpl(CLIENT_KEY_ALIAS, CLIENT_DN, true);
doConnectionWithAliasTestImpl(CLIENT2_KEY_ALIAS, CLIENT2_DN, true);
}
private void doConnectionWithAliasTestImpl(String alias, String expectedDN, boolean requestOpenSSL) throws Exception, JMSException, SSLPeerUnverifiedException, IOException {
TransportOptions sslOptions = new TransportOptions();
sslOptions.setKeyStoreLocation(BROKER_JKS_KEYSTORE);
sslOptions.setTrustStoreLocation(BROKER_JKS_TRUSTSTORE);
sslOptions.setKeyStorePassword(PASSWORD);
sslOptions.setTrustStorePassword(PASSWORD);
sslOptions.setVerifyHost(false);
SSLContext context = TransportSupport.createJdkSslContext(sslOptions);
try (TestAmqpPeer testPeer = new TestAmqpPeer(context, true);) {
String connOptions = "?transport.keyStoreLocation=" + CLIENT_MULTI_KEYSTORE + "&" +
"transport.keyStorePassword=" + PASSWORD + "&" +
"transport.trustStoreLocation=" + CLIENT_JKS_TRUSTSTORE + "&" +
"transport.trustStorePassword=" + PASSWORD + "&" +
"transport.keyAlias=" + alias + "&" +
"transport.useOpenSSL=" + requestOpenSSL;
Connection connection = testFixture.establishConnecton(testPeer, true, connOptions, null, null, true);
Socket socket = testPeer.getClientSocket();
assertTrue(socket instanceof SSLSocket);
SSLSession session = ((SSLSocket) socket).getSession();
Certificate[] peerCertificates = session.getPeerCertificates();
assertNotNull(peerCertificates);
Certificate cert = peerCertificates[0];
assertTrue(cert instanceof X509Certificate);
String dn = ((X509Certificate)cert).getSubjectX500Principal().getName();
assertEquals("Unexpected certificate DN", expectedDN, dn);
testPeer.expectClose();
connection.close();
}
}
@Test(timeout = 20000)
public void testCreateConnectionWithAliasThatDoesNotExist() throws Exception {
doCreateConnectionWithInvalidAliasTestImpl(ALIAS_DOES_NOT_EXIST);
}
@Test(timeout = 20000)
public void testCreateConnectionWithAliasThatDoesNotRepresentKeyEntry() throws Exception {
doCreateConnectionWithInvalidAliasTestImpl(ALIAS_CA_CERT);
}
private void doCreateConnectionWithInvalidAliasTestImpl(String alias) throws Exception, IOException {
TransportOptions sslOptions = new TransportOptions();
sslOptions.setKeyStoreLocation(BROKER_JKS_KEYSTORE);
sslOptions.setTrustStoreLocation(BROKER_JKS_TRUSTSTORE);
sslOptions.setKeyStorePassword(PASSWORD);
sslOptions.setTrustStorePassword(PASSWORD);
sslOptions.setVerifyHost(false);
SSLContext context = TransportSupport.createJdkSslContext(sslOptions);
try (TestAmqpPeer testPeer = new TestAmqpPeer(context, true);) {
String connOptions = "?transport.keyStoreLocation=" + CLIENT_MULTI_KEYSTORE + "&" +
"transport.keyStorePassword=" + PASSWORD + "&" +
"transport.trustStoreLocation=" + CLIENT_JKS_TRUSTSTORE + "&" +
"transport.trustStorePassword=" + PASSWORD + "&" +
"transport.keyAlias=" + alias;
// DONT use a test fixture, we will drive it directly (because creating the connection will fail).
JmsConnectionFactory factory = new JmsConnectionFactory("amqps://127.0.0.1:" + testPeer.getServerPort() + connOptions);
try {
factory.createConnection();
fail("Expected exception to be thrown");
} catch (JMSException jmse) {
// Expected
}
assertNull("Attempt should have failed locally, peer should not have accepted any TCP connection", testPeer.getClientSocket());
}
}
/**
* Checks that configuring different SSLContext instances using different client key
* stores via {@link JmsConnectionFactory#setSslContext(SSLContext)} results
* in different certificates being observed server side following handshake.
*
* @throws Exception if an unexpected error is encountered
*/
@Test(timeout = 20000)
public void testCreateConnectionWithSslContextOverride() throws Exception {
assertNotEquals(CLIENT_JKS_KEYSTORE, CLIENT2_JKS_KEYSTORE);
assertNotEquals(CLIENT_DN, CLIENT2_DN);
// Connect providing the Client 1 details via context override, expect Client1 DN.
doConnectionWithSslContextOverride(CLIENT_JKS_KEYSTORE, CLIENT_DN, false);
// Connect providing the Client 2 details via context override, expect Client2 DN instead.
doConnectionWithSslContextOverride(CLIENT2_JKS_KEYSTORE, CLIENT2_DN, false);
}
@Test(timeout = 20000)
public void testCreateConnectionWithSslContextOverrideByExtension() throws Exception {
assertNotEquals(CLIENT_JKS_KEYSTORE, CLIENT2_JKS_KEYSTORE);
assertNotEquals(CLIENT_DN, CLIENT2_DN);
// Connect providing the Client 1 details via context override, expect Client1 DN.
doConnectionWithSslContextOverride(CLIENT_JKS_KEYSTORE, CLIENT_DN, true);
// Connect providing the Client 2 details via context override, expect Client2 DN instead.
doConnectionWithSslContextOverride(CLIENT2_JKS_KEYSTORE, CLIENT2_DN, true);
}
private void doConnectionWithSslContextOverride(String clientKeyStorePath, String expectedDN, boolean useExtension) throws Exception {
TransportOptions serverSslOptions = new TransportOptions();
serverSslOptions.setKeyStoreLocation(BROKER_JKS_KEYSTORE);
serverSslOptions.setTrustStoreLocation(BROKER_JKS_TRUSTSTORE);
serverSslOptions.setKeyStorePassword(PASSWORD);
serverSslOptions.setTrustStorePassword(PASSWORD);
serverSslOptions.setVerifyHost(false);
SSLContext serverContext = TransportSupport.createJdkSslContext(serverSslOptions);
TransportOptions clientSslOptions = new TransportOptions();
clientSslOptions.setKeyStoreLocation(clientKeyStorePath);
clientSslOptions.setTrustStoreLocation(CLIENT_JKS_TRUSTSTORE);
clientSslOptions.setKeyStorePassword(PASSWORD);
clientSslOptions.setTrustStorePassword(PASSWORD);
try (TestAmqpPeer testPeer = new TestAmqpPeer(serverContext, true);) {
JmsConnectionFactory factory = new JmsConnectionFactory("amqps://localhost:" + testPeer.getServerPort());
if (useExtension) {
factory.setExtension(JmsConnectionExtensions.SSL_CONTEXT.toString(), (options, uri) -> {
try {
return TransportSupport.createJdkSslContext(clientSslOptions);
} catch (Exception e) {
throw new RuntimeException(e.getMessage(), e);
}
});
} else {
factory.setSslContext(TransportSupport.createJdkSslContext(clientSslOptions));
}
testPeer.expectSaslPlain("guest", "guest");
testPeer.expectOpen();
testPeer.expectBegin();
Connection connection = factory.createConnection("guest", "guest");
connection.start();
Socket socket = testPeer.getClientSocket();
assertTrue(socket instanceof SSLSocket);
SSLSession session = ((SSLSocket) socket).getSession();
Certificate[] peerCertificates = session.getPeerCertificates();
assertNotNull(peerCertificates);
Certificate cert = peerCertificates[0];
assertTrue(cert instanceof X509Certificate);
String dn = ((X509Certificate)cert).getSubjectX500Principal().getName();
assertEquals("Unexpected certificate DN", expectedDN, dn);
testPeer.expectClose();
connection.close();
}
}
/**
* Checks that configuring an SSLContext instance via
* {@link JmsConnectionFactory#setSslContext(SSLContext)} overrides URI config
* for store location etc, resulting in a different certificate being observed
* server side following handshake.
*
* @throws Exception if an unexpected error is encountered
*/
@Test(timeout = 20000)
public void testCreateConnectionWithSslContextOverrideAndURIConfig() throws Exception {
assertNotEquals(CLIENT_JKS_KEYSTORE, CLIENT2_JKS_KEYSTORE);
assertNotEquals(CLIENT_DN, CLIENT2_DN);
// Connect without providing a context, expect Client1 DN.
doConnectionWithSslContextOverrideAndURIConfig(null, CLIENT_DN);
TransportOptions clientSslOptions = new TransportOptions();
clientSslOptions.setKeyStoreLocation(CLIENT2_JKS_KEYSTORE);
clientSslOptions.setTrustStoreLocation(CLIENT_JKS_TRUSTSTORE);
clientSslOptions.setKeyStorePassword(PASSWORD);
clientSslOptions.setTrustStorePassword(PASSWORD);
SSLContext clientContext = TransportSupport.createJdkSslContext(clientSslOptions);
// Connect providing the Client 2 details via context override, expect Client2 DN instead.
doConnectionWithSslContextOverrideAndURIConfig(clientContext, CLIENT2_DN);
}
private void doConnectionWithSslContextOverrideAndURIConfig(SSLContext clientContext, String expectedDN) throws Exception {
TransportOptions serverSslOptions = new TransportOptions();
serverSslOptions.setKeyStoreLocation(BROKER_JKS_KEYSTORE);
serverSslOptions.setTrustStoreLocation(BROKER_JKS_TRUSTSTORE);
serverSslOptions.setKeyStorePassword(PASSWORD);
serverSslOptions.setTrustStorePassword(PASSWORD);
serverSslOptions.setVerifyHost(false);
SSLContext serverContext = TransportSupport.createJdkSslContext(serverSslOptions);
try (TestAmqpPeer testPeer = new TestAmqpPeer(serverContext, true);) {
String connOptions = "?transport.keyStoreLocation=" + CLIENT_JKS_KEYSTORE + "&" +
"transport.keyStorePassword=" + PASSWORD + "&" +
"transport.trustStoreLocation=" + CLIENT_JKS_TRUSTSTORE + "&" +
"transport.trustStorePassword=" + PASSWORD;
JmsConnectionFactory factory = new JmsConnectionFactory("amqps://localhost:" + testPeer.getServerPort() + connOptions);
factory.setSslContext(clientContext);
testPeer.expectSaslPlain("guest", "guest");
testPeer.expectOpen();
testPeer.expectBegin();
Connection connection = factory.createConnection("guest", "guest");
connection.start();
Socket socket = testPeer.getClientSocket();
assertTrue(socket instanceof SSLSocket);
SSLSession session = ((SSLSocket) socket).getSession();
Certificate[] peerCertificates = session.getPeerCertificates();
assertNotNull(peerCertificates);
Certificate cert = peerCertificates[0];
assertTrue(cert instanceof X509Certificate);
String dn = ((X509Certificate)cert).getSubjectX500Principal().getName();
assertEquals("Unexpected certificate DN", expectedDN, dn);
testPeer.expectClose();
connection.close();
}
}
@Test(timeout = 20000)
public void testConfigureStoresWithSslSystemProperties() throws Exception {
// Set properties and expect connection as Client1
setSslSystemPropertiesForCurrentTest(CLIENT_JKS_KEYSTORE, PASSWORD, CLIENT_JKS_TRUSTSTORE, PASSWORD);
doConfigureStoresWithSslSystemPropertiesTestImpl(CLIENT_DN);
// Set properties with 'wrong ca' trust store and expect connection to fail
setSslSystemPropertiesForCurrentTest(CLIENT_JKS_KEYSTORE, PASSWORD, OTHER_CA_TRUSTSTORE, PASSWORD);
try {
doConfigureStoresWithSslSystemPropertiesTestImpl(null);
fail("Connection should have failed due to wrong CA");
} catch (JMSException jmse) {
// Expected
}
// Set properties with wrong key store password and expect connection to fail
setSslSystemPropertiesForCurrentTest(CLIENT_JKS_KEYSTORE, WRONG_PASSWORD, CLIENT_JKS_TRUSTSTORE, PASSWORD);
try {
doConfigureStoresWithSslSystemPropertiesTestImpl(null);
fail("Connection should have failed due to wrong keystore password");
} catch (JMSException jmse) {
// Expected
}
// Set properties with wrong trust store password and expect connection to fail
setSslSystemPropertiesForCurrentTest(CLIENT_JKS_KEYSTORE, PASSWORD, CLIENT_JKS_TRUSTSTORE, WRONG_PASSWORD);
try {
doConfigureStoresWithSslSystemPropertiesTestImpl(null);
fail("Connection should have failed due to wrong truststore password");
} catch (JMSException jmse) {
// Expected
}
// Set properties and expect connection as Client2
setSslSystemPropertiesForCurrentTest(CLIENT2_JKS_KEYSTORE, PASSWORD, CLIENT_JKS_TRUSTSTORE, PASSWORD);
doConfigureStoresWithSslSystemPropertiesTestImpl(CLIENT2_DN);
}
@Test(timeout = 20000)
public void testConfigurePkcs12StoresWithSslSystemProperties() throws Exception {
// Set properties and expect connection as Client1
setSslSystemPropertiesForCurrentTest(CLIENT_PKCS12_KEYSTORE, CUSTOM_STORE_TYPE_PKCS12, PASSWORD, CLIENT_PKCS12_TRUSTSTORE, CUSTOM_STORE_TYPE_PKCS12, PASSWORD);
doConfigureStoresWithSslSystemPropertiesTestImpl(CLIENT_DN, true);
}
@Test(timeout = 30000)
public void testNonSslConnectionFailsToSslServer() throws Exception {
TransportOptions serverOptions = new TransportOptions();
serverOptions.setKeyStoreLocation(BROKER_JKS_KEYSTORE);
serverOptions.setKeyStorePassword(PASSWORD);
serverOptions.setVerifyHost(false);
try (NettySimpleAmqpServer server = new NettySimpleAmqpServer(serverOptions, true)) {
server.start();
JmsConnectionFactory factory = new JmsConnectionFactory("amqp://localhost:" + server.getServerPort() + "?jms.connectTimeout=25");
try {
factory.createConnection();
fail("should not have connected");
}
catch (JMSException jmse) {
String message = jmse.getMessage();
assertNotNull(message);
assertTrue("Unexpected message: " + message, message.contains("Timed out while waiting to connect"));
}
}
}
private void setSslSystemPropertiesForCurrentTest(String keystore, String keystorePassword, String truststore, String truststorePassword) {
setTestSystemProperty(JAVAX_NET_SSL_KEY_STORE, keystore);
setTestSystemProperty(JAVAX_NET_SSL_KEY_STORE_PASSWORD, keystorePassword);
setTestSystemProperty(JAVAX_NET_SSL_TRUST_STORE, truststore);
setTestSystemProperty(JAVAX_NET_SSL_TRUST_STORE_PASSWORD, truststorePassword);
}
private void setSslSystemPropertiesForCurrentTest(String keystore, String keystoreType, String keystorePassword, String truststore, String truststoreType, String truststorePassword) {
setTestSystemProperty(JAVAX_NET_SSL_KEY_STORE, keystore);
setTestSystemProperty(JAVAX_NET_SSL_KEY_STORE_TYPE, keystoreType);
setTestSystemProperty(JAVAX_NET_SSL_KEY_STORE_PASSWORD, keystorePassword);
setTestSystemProperty(JAVAX_NET_SSL_TRUST_STORE, truststore);
setTestSystemProperty(JAVAX_NET_SSL_TRUST_STORE_TYPE, truststoreType);
setTestSystemProperty(JAVAX_NET_SSL_TRUST_STORE_PASSWORD, truststorePassword);
}
private void doConfigureStoresWithSslSystemPropertiesTestImpl(String expectedDN) throws Exception {
doConfigureStoresWithSslSystemPropertiesTestImpl(expectedDN, false);
}
private void doConfigureStoresWithSslSystemPropertiesTestImpl(String expectedDN, boolean usePkcs12Store) throws Exception {
TransportOptions serverSslOptions = new TransportOptions();
if (!usePkcs12Store) {
serverSslOptions.setKeyStoreLocation(BROKER_JKS_KEYSTORE);
serverSslOptions.setTrustStoreLocation(BROKER_JKS_TRUSTSTORE);
serverSslOptions.setKeyStorePassword(PASSWORD);
serverSslOptions.setTrustStorePassword(PASSWORD);
serverSslOptions.setVerifyHost(false);
} else {
serverSslOptions.setKeyStoreLocation(BROKER_PKCS12_KEYSTORE);
serverSslOptions.setTrustStoreLocation(BROKER_PKCS12_TRUSTSTORE);
serverSslOptions.setKeyStoreType(CUSTOM_STORE_TYPE_PKCS12);
serverSslOptions.setTrustStoreType(CUSTOM_STORE_TYPE_PKCS12);
serverSslOptions.setKeyStorePassword(PASSWORD);
serverSslOptions.setTrustStorePassword(PASSWORD);
serverSslOptions.setVerifyHost(false);
}
SSLContext serverSslContext = TransportSupport.createJdkSslContext(serverSslOptions);
try (TestAmqpPeer testPeer = new TestAmqpPeer(serverSslContext, true);) {
Connection connection = testFixture.establishConnecton(testPeer, true, null, null, null, true);
Socket socket = testPeer.getClientSocket();
assertTrue(socket instanceof SSLSocket);
SSLSession session = ((SSLSocket) socket).getSession();
Certificate[] peerCertificates = session.getPeerCertificates();
assertNotNull(peerCertificates);
Certificate cert = peerCertificates[0];
assertTrue(cert instanceof X509Certificate);
String dn = ((X509Certificate)cert).getSubjectX500Principal().getName();
assertEquals("Unexpected certificate DN", expectedDN, dn);
testPeer.expectClose();
connection.close();
}
}
}