QPID-5475 : [Java Broker] add ability to use ssl client auth to REST api and HTTP management

git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1557770 13f79535-47bb-0310-9956-ffa450edef68
author: Robert Godfrey <rgodfrey@apache.org> 2014-01-13 16:57:08 +0000
committer: Robert Godfrey <rgodfrey@apache.org> 2014-01-13 16:57:08 +0000
commit: 82700edf3062785e05b3cb6eebe1b8137128c824 (patch)
tree: 0ed12885969b546f4e99b1a4ce1b5f79d2ffac9e /qpid/java/systests
parent: e24fe7cc76a6ac23417d7d8fb83829ca69e156dc (diff)
download: qpid-python-82700edf3062785e05b3cb6eebe1b8137128c824.tar.gz
4 files changed, 44 insertions, 4 deletions
diff --git a/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/Asserts.java b/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/Asserts.java
index b65ddbb2d0..56aec08d09 100644
--- a/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/Asserts.java
+++ b/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/Asserts.java
@@ -126,7 +126,7 @@ public class Asserts
                 Queue.DISCARDS_TTL_MESSAGES, Queue.STATE_CHANGED);
     }
 
-    public static void assertAttributesPresent(Map<String, Object> data, String[] attributes)
+    public static void assertAttributesPresent(Map<String, Object> data, String... attributes)
     {
         for (String name : attributes)
         {
diff --git a/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/QpidRestTestCase.java b/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/QpidRestTestCase.java
index 57398ea929..ce501adeb6 100644
--- a/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/QpidRestTestCase.java
+++ b/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/QpidRestTestCase.java
@@ -35,6 +35,8 @@ import org.apache.qpid.test.utils.QpidBrokerTestCase;
 public class QpidRestTestCase extends QpidBrokerTestCase
 {
     public static final String ANONYMOUS_AUTHENTICATION_PROVIDER = "testAnonymous";
+    public static final String EXTERNAL_AUTHENTICATION_PROVIDER = "testExternal";
+
     public static final String TEST1_VIRTUALHOST = "test";
     public static final String TEST2_VIRTUALHOST = "test2";
     public static final String TEST3_VIRTUALHOST = "test3";
diff --git a/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/RestTestHelper.java b/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/RestTestHelper.java
index 7d99b30049..810b70a2ba 100644
--- a/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/RestTestHelper.java
+++ b/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/RestTestHelper.java
@@ -18,6 +18,8 @@
  */
 package org.apache.qpid.systest.rest;
 
+import static org.apache.qpid.test.utils.TestSSLConstants.KEYSTORE;
+import static org.apache.qpid.test.utils.TestSSLConstants.KEYSTORE_PASSWORD;
 import static org.apache.qpid.test.utils.TestSSLConstants.TRUSTSTORE;
 import static org.apache.qpid.test.utils.TestSSLConstants.TRUSTSTORE_PASSWORD;
 
@@ -41,6 +43,7 @@ import java.util.List;
 import java.util.Map;
 
 import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.TrustManagerFactory;
@@ -65,16 +68,19 @@ import org.codehaus.jackson.type.TypeReference;
 public class RestTestHelper
 {
     private static final Logger LOGGER = Logger.getLogger(RestTestHelper.class);
+    private static final String CERT_ALIAS_APP1 = "app1";
 
     private int _httpPort;
 
     private boolean _useSsl;
 
+
     private String _username;
 
     private String _password;
 
     private File _passwdFile;
+    private boolean _useSslAuth;
 
     public RestTestHelper(int httpPort)
     {
@@ -110,7 +116,30 @@ public class RestTestHelper
     {
         URL url = getManagementURL(path);
         HttpURLConnection httpCon = (HttpURLConnection) url.openConnection();
-        if(_useSsl)
+
+        if(_useSslAuth)
+        {
+            try
+            {
+                // We have to use a SSLSocketFactory from a new SSLContext so that we don't re-use
+                // the JVM's defaults that may have been initialised in previous tests.
+
+                SSLContext sslContext = SSLContextFactory.buildClientContext(
+                        TRUSTSTORE, TRUSTSTORE_PASSWORD,
+                        KeyStore.getDefaultType(),
+                        TrustManagerFactory.getDefaultAlgorithm(),
+                        KEYSTORE, KEYSTORE_PASSWORD, KeyStore.getDefaultType(), KeyManagerFactory.getDefaultAlgorithm(), CERT_ALIAS_APP1);
+
+                SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
+
+                ((HttpsURLConnection) httpCon).setSSLSocketFactory(sslSocketFactory);
+            }
+            catch (GeneralSecurityException e)
+            {
+                throw new RuntimeException(e);
+            }
+        }
+        else if(_useSsl)
         {
             try
             {
@@ -475,4 +504,10 @@ public class RestTestHelper
         connection.connect();
         return readConnectionInputStream(connection);
     }
+
+    public void setUseSslAuth(final boolean useSslAuth)
+    {
+        _useSslAuth = useSslAuth;
+        _useSsl = true;
+    }
 }
diff --git a/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/SaslRestTest.java b/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/SaslRestTest.java
index 1c05f17e25..61f4a1a8e2 100644
--- a/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/SaslRestTest.java
+++ b/qpid/java/systests/src/main/java/org/apache/qpid/systest/rest/SaslRestTest.java
@@ -55,6 +55,8 @@ public class SaslRestTest extends QpidRestTestCase
     public void startBrokerNow() throws Exception
     {
         super.startBroker();
+
+        getRestTestHelper().setUsernameAndPassword(null,null);
     }
 
     public void testGetMechanismsWithBrokerPlainPasswordPrincipalDatabase() throws Exception
@@ -71,7 +73,7 @@ public class SaslRestTest extends QpidRestTestCase
         {
             assertTrue("Mechanism " + mechanism + " is not found", mechanisms.contains(mechanism));
         }
-        assertNull("Unexpected user was returned", saslData.get("user"));
+        assertNull("Unexpected user was returned: " + saslData.get("user"), saslData.get("user"));
     }
 
     public void testGetMechanismsWithBrokerBase64MD5FilePrincipalDatabase() throws Exception
@@ -89,7 +91,8 @@ public class SaslRestTest extends QpidRestTestCase
         {
             assertTrue("Mechanism " + mechanism + " is not found", mechanisms.contains(mechanism));
         }
-        assertNull("Unexpected user was returned", saslData.get("user"));
+
+        assertNull("Unexpected user was returned: " + saslData.get("user"), saslData.get("user"));
     }
 
     public void testPlainSaslAuthenticationForValidCredentials() throws Exception
author	Robert Godfrey <rgodfrey@apache.org>	2014-01-13 16:57:08 +0000
committer	Robert Godfrey <rgodfrey@apache.org>	2014-01-13 16:57:08 +0000
commit	82700edf3062785e05b3cb6eebe1b8137128c824 (patch)
tree	0ed12885969b546f4e99b1a4ce1b5f79d2ffac9e /qpid/java/systests
parent	e24fe7cc76a6ac23417d7d8fb83829ca69e156dc (diff)
download	qpid-python-82700edf3062785e05b3cb6eebe1b8137128c824.tar.gz