Permalink
Browse files

Fix client CERT test for the first time in two years

  • Loading branch information...
1 parent bfe9cbf commit dac7e46678181ab90b789fb2640dc8f79079eb72 @ctomc ctomc committed with kabir Mar 27, 2013
View
4 controller/src/main/java/org/jboss/as/controller/PathAddress.java
@@ -137,6 +137,10 @@ public static PathAddress pathAddress(PathElement... elements) {
return pathAddress(Arrays.<PathElement>asList(elements));
}
+ public static PathAddress pathAddress(String key, String value) {
+ return pathAddress(PathElement.pathElement(key, value));
+ }
+
public static PathAddress pathAddress(PathAddress parent, PathElement... elements) {
List<PathElement> list = new ArrayList<PathElement>(parent.pathAddressList);
for (PathElement element : elements) {
View
2 .../org/jboss/as/test/integration/security/common/AbstractSecurityRealmsServerSetupTask.java
@@ -66,7 +66,7 @@
* @see org.jboss.as.arquillian.api.ServerSetupTask#setup(org.jboss.as.arquillian.container.ManagementClient,
* java.lang.String)
*/
- public final void setup(final ManagementClient managementClient, String containerId) throws Exception {
+ public void setup(final ManagementClient managementClient, String containerId) throws Exception {
this.managementClient = managementClient;
securityRealms = getSecurityRealms();
View
125 ...test/java/org/jboss/as/test/integration/web/security/WebCERTTestsSecurityDomainSetup.java
@@ -22,28 +22,13 @@
package org.jboss.as.test.integration.web.security;
-import java.net.URL;
-import java.util.ArrayList;
-import java.util.List;
-
-import org.jboss.as.arquillian.api.ServerSetupTask;
-import org.jboss.as.arquillian.container.ManagementClient;
-import org.jboss.as.controller.PathAddress;
-import org.jboss.as.controller.client.ModelControllerClient;
-import org.jboss.as.controller.client.OperationBuilder;
-import org.jboss.as.controller.operations.common.Util;
-import org.jboss.as.security.Constants;
-import org.jboss.dmr.ModelNode;
-import org.jboss.logging.Logger;
-
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADD;
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ALLOW_RESOURCE_SERVICE_RESTART;
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.COMPOSITE;
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP;
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OPERATION_HEADERS;
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP_ADDR;
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.REMOVE;
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ROLLBACK_ON_RUNTIME_FAILURE;
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.STEPS;
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUBSYSTEM;
import static org.jboss.as.security.Constants.CODE;
@@ -55,19 +40,36 @@
import static org.jboss.as.security.Constants.SECURITY_DOMAIN;
import static org.jboss.as.security.Constants.TRUSTSTORE;
import static org.jboss.as.security.Constants.URL;
-import static org.jboss.as.test.integration.management.util.ModelUtil.createOpNode;
+
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.jboss.as.arquillian.api.ServerSetupTask;
+import org.jboss.as.arquillian.container.ManagementClient;
+import org.jboss.as.controller.PathAddress;
+import org.jboss.as.controller.client.ModelControllerClient;
+import org.jboss.as.controller.client.OperationBuilder;
+import org.jboss.as.controller.descriptions.ModelDescriptionConstants;
+import org.jboss.as.controller.operations.common.Util;
+import org.jboss.as.security.Constants;
+import org.jboss.as.test.integration.security.common.AbstractSecurityRealmsServerSetupTask;
+import org.jboss.as.test.integration.security.common.config.realm.Authentication;
+import org.jboss.as.test.integration.security.common.config.realm.RealmKeystore;
+import org.jboss.as.test.integration.security.common.config.realm.SecurityRealm;
+import org.jboss.as.test.integration.security.common.config.realm.ServerIdentity;
+import org.jboss.dmr.ModelNode;
+import org.jboss.logging.Logger;
/**
* {@code ServerSetupTask} for the Web CERT tests.
*
* @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
*/
-public class WebCERTTestsSecurityDomainSetup implements ServerSetupTask {
+public class WebCERTTestsSecurityDomainSetup extends AbstractSecurityRealmsServerSetupTask implements ServerSetupTask {
private static final Logger log = Logger.getLogger(WebCERTTestsSecurityDomainSetup.class);
-
private static final String APP_SECURITY_DOMAIN = "cert-test";
-
private static final String JSSE_SECURITY_DOMAIN = "cert";
protected static void applyUpdates(final ModelControllerClient client, final List<ModelNode> updates) {
@@ -95,8 +97,13 @@ protected static void applyUpdate(final ModelControllerClient client, ModelNode
@Override
public void setup(ManagementClient managementClient, String containerId) throws Exception {
+ super.setup(managementClient, containerId);
log.debug("start of the domain creation");
+ ClassLoader tccl = Thread.currentThread().getContextClassLoader();
+ URL keystore = tccl.getResource("security/jsse.keystore");
+ URL roles = getClass().getResource("cert/roles.properties");
+
final List<ModelNode> updates = new ArrayList<ModelNode>();
PathAddress address = PathAddress.pathAddress()
.append(SUBSYSTEM, "security")
@@ -110,21 +117,21 @@ public void setup(ManagementClient managementClient, String containerId) throws
loginModule.get(CODE).set("CertificateRoles");
loginModule.get(FLAG).set("required");
ModelNode moduleOptions = loginModule.get(MODULE_OPTIONS);
- moduleOptions.add("securityDomain", JSSE_SECURITY_DOMAIN);
+ moduleOptions.add("securityDomain", APP_SECURITY_DOMAIN);
+ moduleOptions.add("rolesProperties", roles.getPath());
loginModule.get(OPERATION_HEADERS).get(ALLOW_RESOURCE_SERVICE_RESTART).set(true);
+
updates.add(loginModule);
// Add the JSSE security domain.
address = PathAddress.pathAddress()
- .append(SUBSYSTEM, "security")
- .append(SECURITY_DOMAIN, JSSE_SECURITY_DOMAIN);
- updates.add(Util.createAddOperation(address));
+ .append(SUBSYSTEM, "security")
+ .append(SECURITY_DOMAIN, APP_SECURITY_DOMAIN);
ModelNode op = Util.createAddOperation(address.append(JSSE, Constants.CLASSIC));
op.get(TRUSTSTORE, PASSWORD).set("changeit");
- ClassLoader tccl = Thread.currentThread().getContextClassLoader();
- URL keystore = tccl.getResource("security/jsse.keystore");
+
op.get(TRUSTSTORE, URL).set(keystore.getPath());
op.get(OPERATION_HEADERS).get(ALLOW_RESOURCE_SERVICE_RESTART).set(true);
updates.add(op);
@@ -143,23 +150,17 @@ public void setup(ManagementClient managementClient, String containerId) throws
final ModelNode steps = composite.get(STEPS);
op = new ModelNode();
op.get(OP).set(ADD);
- op.get(OP_ADDR).add(SUBSYSTEM, "web");
- op.get(OP_ADDR).add("connector", "testConnector");
+ op.get(OP_ADDR).add(SUBSYSTEM, "undertow");
+ op.get(OP_ADDR).add("server", "default-server");
+ op.get(OP_ADDR).add("https-listener", "testConnector");
op.get("socket-binding").set("https-test");
op.get("enabled").set(true);
- op.get("protocol").set("HTTP/1.1");
- op.get("scheme").set("https");
- op.get("secure").set(true);
+ /*op.get("protocol").set("HTTP/1.1");
+ op.get("scheme").set("https");*/
+ /*op.get("secure").set(true);*/
+ op.get("security-realm").set("ssl-realm");
steps.add(op);
- ModelNode ssl = createOpNode("subsystem=web/connector=testConnector/ssl=configuration", "add");
- ssl.get("name").set("https-test");
- ssl.get("key-alias").set("test");
- ssl.get("password").set("changeit");
- keystore = tccl.getResource("security/server.keystore");
- ssl.get("certificate-key-file").set(keystore.getPath());
- ssl.get("ca-certificate-file").set(keystore.getPath());
- ssl.get("verify-client").set("want");
- steps.add(ssl);
+
updates.add(composite);
applyUpdates(managementClient.getControllerClient(), updates);
@@ -168,7 +169,7 @@ public void setup(ManagementClient managementClient, String containerId) throws
}
@Override
- public void tearDown(ManagementClient managementClient, String containerId) {
+ public void tearDown(ManagementClient managementClient, String containerId) throws Exception {
final List<ModelNode> updates = new ArrayList<ModelNode>();
// remove the security domains.
@@ -177,24 +178,17 @@ public void tearDown(ManagementClient managementClient, String containerId) {
op.get(OP_ADDR).add(SUBSYSTEM, "security");
op.get(OP_ADDR).add(Constants.SECURITY_DOMAIN, APP_SECURITY_DOMAIN);
// Don't rollback when the AS detects the war needs the module
- op.get(OPERATION_HEADERS, ROLLBACK_ON_RUNTIME_FAILURE).set(false);
+ op.get(OPERATION_HEADERS, ModelDescriptionConstants.ROLLBACK_ON_RUNTIME_FAILURE).set(false);
op.get(OPERATION_HEADERS, ALLOW_RESOURCE_SERVICE_RESTART).set(true);
updates.add(op);
- op = new ModelNode();
- op.get(OP).set(REMOVE);
- op.get(OP_ADDR).add(SUBSYSTEM, "security");
- op.get(OP_ADDR).add(Constants.SECURITY_DOMAIN, JSSE_SECURITY_DOMAIN);
- // Don't rollback when the AS detects the war needs the module
- op.get(OPERATION_HEADERS, ROLLBACK_ON_RUNTIME_FAILURE).set(false);
- op.get(OPERATION_HEADERS, ALLOW_RESOURCE_SERVICE_RESTART).set(true);
- updates.add(op);
// remove the HTTPS connector and the socket binding.
op = new ModelNode();
op.get(OP).set(REMOVE);
- op.get(OP_ADDR).add(SUBSYSTEM, "web");
- op.get(OP_ADDR).add("connector", "testConnector");
+ op.get(OP_ADDR).add(SUBSYSTEM, "undertow");
+ op.get(OP_ADDR).add("server", "default-server");
+ op.get(OP_ADDR).add("https-listener", "testConnector");
op.get(OPERATION_HEADERS, ALLOW_RESOURCE_SERVICE_RESTART).set(true);
updates.add(op);
@@ -206,5 +200,34 @@ public void tearDown(ManagementClient managementClient, String containerId) {
updates.add(op);
applyUpdates(managementClient.getControllerClient(), updates);
+ super.tearDown(managementClient, containerId);
+ }
+
+ @Override
+ protected SecurityRealm[] getSecurityRealms() throws Exception {
+ URL keystoreResource = Thread.currentThread().getContextClassLoader().getResource("security/server.keystore");
+ URL truststoreResource = Thread.currentThread().getContextClassLoader().getResource("security/jsse.keystore");
+
+ RealmKeystore keystore = new RealmKeystore.Builder()
+ .keystorePassword("changeit")
+ .keystorePath(keystoreResource.getPath())
+ .build();
+
+ RealmKeystore truststore = new RealmKeystore.Builder()
+ .keystorePassword("changeit")
+ .keystorePath(truststoreResource.getPath())
+ .build();
+ return new SecurityRealm[]{new SecurityRealm.Builder()
+ .name("ssl-realm")
+ .serverIdentity(
+ new ServerIdentity.Builder()
+ .ssl(keystore)
+ .build())
+ .authentication(
+ new Authentication.Builder()
+ .truststore(truststore)
+ .build()
+ )
+ .build()};
}
}
View
63 ...rc/test/java/org/jboss/as/test/integration/web/security/cert/WebSecurityCERTTestCase.java
@@ -27,7 +27,6 @@
import java.io.IOException;
import java.net.URL;
import java.security.cert.X509Certificate;
-
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
@@ -58,21 +57,19 @@
import org.jboss.security.JBossJSSESecurityDomain;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.spec.WebArchive;
-import org.junit.Ignore;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;
/**
* Unit test for CLIENT-CERT authentication.
- *
+ *
* @author <a href="mailto:mmoyses@redhat.com">Marcus Moyses</a>
*/
@RunWith(Arquillian.class)
@RunAsClient
@ServerSetup(WebCERTTestsSecurityDomainSetup.class)
@Category(CommonCriteria.class)
-@Ignore("We don't have full blown SSL support yet")
public class WebSecurityCERTTestCase {
@ArquillianResource
@@ -94,36 +91,6 @@ public static WebArchive deployment() {
return war;
}
- @Test
- @Ignore
- public void testClientCertSuccessfulAuth() throws Exception {
- makeCall("test", 200);
- }
-
- @Test
- @Ignore
- public void testClientCertUnsuccessfulAuth() throws Exception {
- makeCall("test2", 403);
- }
-
- protected void makeCall(String alias, int expectedStatusCode) throws Exception {
- HttpClient httpclient = new DefaultHttpClient();
- httpclient = wrapClient(httpclient, alias);
- try {
- HttpGet httpget = new HttpGet("https://" + mgmtClient.getMgmtAddress() + ":8380/web-secure-client-cert/secured/");
- HttpResponse response = httpclient.execute(httpget);
-
- StatusLine statusLine = response.getStatusLine();
- System.out.println("Response: " + statusLine);
- assertEquals(expectedStatusCode, statusLine.getStatusCode());
- } finally {
- // When HttpClient instance is no longer needed,
- // shut down the connection manager to ensure
- // immediate deallocation of all system resources
- httpclient.getConnectionManager().shutdown();
- }
- }
-
public static HttpClient wrapClient(HttpClient base, String alias) {
try {
SSLContext ctx = SSLContext.getInstance("TLS");
@@ -166,4 +133,32 @@ public boolean verify(String string, SSLSession ssls) {
return null;
}
}
+
+ @Test
+ public void testClientCertSuccessfulAuth() throws Exception {
+ makeCall("test", 200);
+ }
+
+ @Test
+ public void testClientCertUnsuccessfulAuth() throws Exception {
+ makeCall("test2", 403);
+ }
+
+ protected void makeCall(String alias, int expectedStatusCode) throws Exception {
+ HttpClient httpclient = new DefaultHttpClient();
+ httpclient = wrapClient(httpclient, alias);
+ try {
+ HttpGet httpget = new HttpGet("https://" + mgmtClient.getMgmtAddress() + ":8380/web-secure-client-cert/secured/");
+ HttpResponse response = httpclient.execute(httpget);
+
+ StatusLine statusLine = response.getStatusLine();
+ System.out.println("Response: " + statusLine);
+ assertEquals(expectedStatusCode, statusLine.getStatusCode());
+ } finally {
+ // When HttpClient instance is no longer needed,
+ // shut down the connection manager to ensure
+ // immediate deallocation of all system resources
+ httpclient.getConnectionManager().shutdown();
+ }
+ }
}
View
153 ...t/java/org/jboss/as/test/integration/web/security/ssl/HttpsConnectorSettingsTestCase.java
@@ -1,153 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2012, Red Hat, Inc., and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-
-package org.jboss.as.test.integration.web.security.ssl;
-
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADD;
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ALLOW_RESOURCE_SERVICE_RESTART;
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP;
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OPERATION_HEADERS;
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP_ADDR;
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.READ_ATTRIBUTE_OPERATION;
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.REMOVE;
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.RESULT;
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUBSYSTEM;
-import static org.junit.Assert.assertEquals;
-
-import org.jboss.arquillian.container.test.api.Deployment;
-import org.jboss.arquillian.container.test.api.RunAsClient;
-import org.jboss.arquillian.junit.Arquillian;
-import org.jboss.as.arquillian.api.ServerSetup;
-import org.jboss.as.arquillian.api.ServerSetupTask;
-import org.jboss.as.arquillian.container.ManagementClient;
-import org.jboss.as.controller.client.OperationBuilder;
-import org.jboss.dmr.ModelNode;
-import org.jboss.shrinkwrap.api.ShrinkWrap;
-import org.jboss.shrinkwrap.api.spec.WebArchive;
-import org.junit.Ignore;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-
-/**
- * Check some possible settings of https connector
- *
- * Connected JIRAs: JBPAPP6-923, JBPAPP6-1456
- *
- * @author olukas,
- */
-@RunWith(Arquillian.class)
-@ServerSetup(HttpsConnectorSettingsTestCase.HttpsConnectorSettingsTestCaseSetup.class)
-@RunAsClient
-@Ignore("We don't have PROPER SSL support yet!")
-public class HttpsConnectorSettingsTestCase {
-
- static class HttpsConnectorSettingsTestCaseSetup implements ServerSetupTask {
-
- @Override
- public void setup(ManagementClient managementClient, String containerId) throws Exception {
-
- managementClientForTest = managementClient;
-
- ModelNode op;
-
- // create new https connector
- op = new ModelNode();
- op.get(OP).set(ADD);
- op.get(OP_ADDR).add(SUBSYSTEM, "web");
- op.get(OP_ADDR).add("connector", "https");
- op.get("protocol").set("HTTP/1.1");
- op.get("scheme").set("https");
- op.get("socket-binding").set("https");
- op.get("secure").set("true");
- op.get(OPERATION_HEADERS).get(ALLOW_RESOURCE_SERVICE_RESTART).set(true);
- managementClient.getControllerClient().execute(new OperationBuilder(op).build());
-
- // set up https connector
- op = new ModelNode();
- op.get(OP).set(ADD);
- op.get(OP_ADDR).add(SUBSYSTEM, "web");
- op.get(OP_ADDR).add("connector", "https");
- op.get(OP_ADDR).add("ssl", "configuration");
- op.get("name").set("https");
- op.get("password").set("pass");
- op.get("keystore-type").set("PKCS11");
- op.get(OPERATION_HEADERS).get(ALLOW_RESOURCE_SERVICE_RESTART).set(true);
- managementClient.getControllerClient().execute(new OperationBuilder(op).build());
- }
-
- @Override
- public void tearDown(ManagementClient managementClient, String containerId) throws Exception {
- ModelNode op;
-
- // remove created https connector
- op = new ModelNode();
- op.get(OP).set(REMOVE);
- op.get(OP_ADDR).add(SUBSYSTEM, "web");
- op.get(OP_ADDR).add("connector", "https");
- op.get(OPERATION_HEADERS).get(ALLOW_RESOURCE_SERVICE_RESTART).set(true);
- managementClient.getControllerClient().execute(new OperationBuilder(op).build());
- }
-
- }
-
- static ManagementClient managementClientForTest;
-
- /*
- * JBPAPP6-923 Check that key-alias is undefined
- */
- @Test
- public void testAbleToNotSetKeyAliasForSSL() throws Exception {
- ModelNode op;
- op = new ModelNode();
- op.get(OP).set(READ_ATTRIBUTE_OPERATION);
- op.get(OP_ADDR).add(SUBSYSTEM, "web");
- op.get(OP_ADDR).add("connector", "https");
- op.get(OP_ADDR).add("ssl", "configuration");
- op.get("name").set("key-alias");
- ModelNode result = (managementClientForTest.getControllerClient().execute(new OperationBuilder(op).build()))
- .get(RESULT);
- assertEquals(result.toString(), "undefined");
- }
-
- /*
- * JBPAPP6-1456 Check that keystore-type is set to PKCS11
- */
- @Test
- public void testAbleToSetPKCS11() throws Exception {
- ModelNode op;
- op = new ModelNode();
- op.get(OP).set(READ_ATTRIBUTE_OPERATION);
- op.get(OP_ADDR).add(SUBSYSTEM, "web");
- op.get(OP_ADDR).add("connector", "https");
- op.get(OP_ADDR).add("ssl", "configuration");
- op.get("name").set("keystore-type");
- ModelNode result = (managementClientForTest.getControllerClient().execute(new OperationBuilder(op).build()))
- .get(RESULT);
- assertEquals(result.asString(), "PKCS11");
- }
-
- @Deployment
- public static WebArchive deployment() {
- final WebArchive war = ShrinkWrap.create(WebArchive.class, "test.war");
- return war;
- }
-}
View
2 ...ration/basic/src/test/java/org/jboss/as/test/integration/web/valve/ValveUnitTestCase.java
@@ -56,7 +56,7 @@
@RunWith(Arquillian.class)
@RunAsClient
@ServerSetup(ValveUnitTestCase.ValveSetup.class)
-@Ignore("We don't support valves yet in undertow")
+@Ignore("AS7-6797 Undertow - valves")
public class ValveUnitTestCase {
private static Logger log = Logger.getLogger(ValveUnitTestCase.class);

0 comments on commit dac7e46

Please sign in to comment.