Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

TLS tests, minor TLS-related usability improvements to langohr.core/c…

…onnect
  • Loading branch information...
commit 440ead9f7dee0129858a2b584fa20accb1e53a62 1 parent 4c69fc4
Michael Klishin authored
9 src/clojure/langohr/core.clj
@@ -126,8 +126,11 @@
126 126 (let [{:keys [host port username password vhost
127 127 requested-heartbeat connection-timeout ssl ssl-context socket-factory sasl-config]
128 128 :or {requested-heartbeat ConnectionFactory/DEFAULT_HEARTBEAT
129   - connection-timeout ConnectionFactory/DEFAULT_CONNECTION_TIMEOUT} } (normalize-settings settings)
130   - cf (ConnectionFactory.)]
  129 + connection-timeout ConnectionFactory/DEFAULT_CONNECTION_TIMEOUT}} (normalize-settings settings)
  130 + cf (ConnectionFactory.)
  131 + port' (if (and ssl (= port ConnectionFactory/DEFAULT_AMQP_PORT))
  132 + ConnectionFactory/DEFAULT_AMQP_OVER_SSL_PORT
  133 + port)]
131 134 (when (or ssl
132 135 (= port ConnectionFactory/DEFAULT_AMQP_OVER_SSL_PORT))
133 136 (.useSslProtocol cf))
@@ -137,7 +140,7 @@
137 140 (.setPassword password)
138 141 (.setVirtualHost vhost)
139 142 (.setHost host)
140   - (.setPort port)
  143 + (.setPort port')
141 144 (.setRequestedHeartbeat requested-heartbeat)
142 145 (.setConnectionTimeout connection-timeout))
143 146 (when sasl-config
55 test/langohr/test/tls_test.clj
... ... @@ -0,0 +1,55 @@
  1 +(ns langohr.test.tls-test
  2 + (:require [langohr.core :as lc]
  3 + [langohr.queue :as lq]
  4 + [langohr.basic :as lb])
  5 + (:use clojure.test)
  6 + (:import [java.io File FileInputStream]
  7 + java.security.KeyStore
  8 + [javax.net.ssl TrustManagerFactory KeyManagerFactory SSLContext]))
  9 +
  10 +;;
  11 +;; Unverified
  12 +;;
  13 +
  14 +(deftest ^{:tls true} test-connection-without-peer-verification
  15 + (let [conn (lc/connect {:host "127.0.0.1" :ssl true})
  16 + ch (lc/create-channel conn)
  17 + q (format "langohr.test.tls-test.%s" (str (java.util.UUID/randomUUID)))]
  18 + (is (lc/open? conn))
  19 + (lq/declare ch q :exclusive true)
  20 + (lb/publish ch "" q "TLS")
  21 + (let [[_ payload] (lb/get ch q)]
  22 + (is (= (String. ^bytes payload) "TLS")))
  23 + (lc/close conn)))
  24 +
  25 +;;
  26 +;; Verified
  27 +;;
  28 +
  29 +(def ^String keystore-path "./tmp/langohr/keystore/keystore")
  30 +(def keystore-pwd (.toCharArray "bunnies"))
  31 +(def ^String pkcs12-cert-path "./test/resources/tls/client/keycert.p12")
  32 +(def pkcs12-cert-pwd (.toCharArray "bunnies"))
  33 +
  34 +(deftest test-connection-with-peer-verification
  35 + (let [f (File. keystore-path)]
  36 + (is (.exists f)))
  37 + (let [jks-keystore (doto (KeyStore/getInstance "JKS")
  38 + (.load (FileInputStream. keystore-path) keystore-pwd))
  39 + tmf (doto (TrustManagerFactory/getInstance "SunX509")
  40 + (.init jks-keystore))
  41 + pkcs12-keystore (doto (KeyStore/getInstance "PKCS12")
  42 + (.load (FileInputStream. pkcs12-cert-path) pkcs12-cert-pwd))
  43 + kmf (doto (KeyManagerFactory/getInstance "SunX509")
  44 + (.init pkcs12-keystore pkcs12-cert-pwd))
  45 + ctx (doto (SSLContext/getInstance "SSLv3")
  46 + (.init (.getKeyManagers kmf) (.getTrustManagers tmf) nil))
  47 + conn (lc/connect {:port 5671 :ssl true :ssl-context ctx})
  48 + ch (lc/create-channel conn)
  49 + q (format "langohr.test.tls-test.%s" (str (java.util.UUID/randomUUID)))]
  50 + (is (lc/open? ch))
  51 + (lq/declare ch q :exclusive true)
  52 + (lb/publish ch "" q "verified TLS")
  53 + (let [[_ payload] (lb/get ch q)]
  54 + (is (= (String. ^bytes payload) "verified TLS")))
  55 + (lc/close conn)))

0 comments on commit 440ead9

Please sign in to comment.
Something went wrong with that request. Please try again.