Browse files

TLS tests, minor TLS-related usability improvements to langohr.core/c…

…onnect
  • Loading branch information...
1 parent 4c69fc4 commit 440ead9f7dee0129858a2b584fa20accb1e53a62 Michael Klishin committed Feb 26, 2013
Showing with 61 additions and 3 deletions.
  1. +6 −3 src/clojure/langohr/core.clj
  2. +55 −0 test/langohr/test/tls_test.clj
View
9 src/clojure/langohr/core.clj
@@ -126,8 +126,11 @@
(let [{:keys [host port username password vhost
requested-heartbeat connection-timeout ssl ssl-context socket-factory sasl-config]
:or {requested-heartbeat ConnectionFactory/DEFAULT_HEARTBEAT
- connection-timeout ConnectionFactory/DEFAULT_CONNECTION_TIMEOUT} } (normalize-settings settings)
- cf (ConnectionFactory.)]
+ connection-timeout ConnectionFactory/DEFAULT_CONNECTION_TIMEOUT}} (normalize-settings settings)
+ cf (ConnectionFactory.)
+ port' (if (and ssl (= port ConnectionFactory/DEFAULT_AMQP_PORT))
+ ConnectionFactory/DEFAULT_AMQP_OVER_SSL_PORT
+ port)]
(when (or ssl
(= port ConnectionFactory/DEFAULT_AMQP_OVER_SSL_PORT))
(.useSslProtocol cf))
@@ -137,7 +140,7 @@
(.setPassword password)
(.setVirtualHost vhost)
(.setHost host)
- (.setPort port)
+ (.setPort port')
(.setRequestedHeartbeat requested-heartbeat)
(.setConnectionTimeout connection-timeout))
(when sasl-config
View
55 test/langohr/test/tls_test.clj
@@ -0,0 +1,55 @@
+(ns langohr.test.tls-test
+ (:require [langohr.core :as lc]
+ [langohr.queue :as lq]
+ [langohr.basic :as lb])
+ (:use clojure.test)
+ (:import [java.io File FileInputStream]
+ java.security.KeyStore
+ [javax.net.ssl TrustManagerFactory KeyManagerFactory SSLContext]))
+
+;;
+;; Unverified
+;;
+
+(deftest ^{:tls true} test-connection-without-peer-verification
+ (let [conn (lc/connect {:host "127.0.0.1" :ssl true})
+ ch (lc/create-channel conn)
+ q (format "langohr.test.tls-test.%s" (str (java.util.UUID/randomUUID)))]
+ (is (lc/open? conn))
+ (lq/declare ch q :exclusive true)
+ (lb/publish ch "" q "TLS")
+ (let [[_ payload] (lb/get ch q)]
+ (is (= (String. ^bytes payload) "TLS")))
+ (lc/close conn)))
+
+;;
+;; Verified
+;;
+
+(def ^String keystore-path "./tmp/langohr/keystore/keystore")
+(def keystore-pwd (.toCharArray "bunnies"))
+(def ^String pkcs12-cert-path "./test/resources/tls/client/keycert.p12")
+(def pkcs12-cert-pwd (.toCharArray "bunnies"))
+
+(deftest test-connection-with-peer-verification
+ (let [f (File. keystore-path)]
+ (is (.exists f)))
+ (let [jks-keystore (doto (KeyStore/getInstance "JKS")
+ (.load (FileInputStream. keystore-path) keystore-pwd))
+ tmf (doto (TrustManagerFactory/getInstance "SunX509")
+ (.init jks-keystore))
+ pkcs12-keystore (doto (KeyStore/getInstance "PKCS12")
+ (.load (FileInputStream. pkcs12-cert-path) pkcs12-cert-pwd))
+ kmf (doto (KeyManagerFactory/getInstance "SunX509")
+ (.init pkcs12-keystore pkcs12-cert-pwd))
+ ctx (doto (SSLContext/getInstance "SSLv3")
+ (.init (.getKeyManagers kmf) (.getTrustManagers tmf) nil))
+ conn (lc/connect {:port 5671 :ssl true :ssl-context ctx})
+ ch (lc/create-channel conn)
+ q (format "langohr.test.tls-test.%s" (str (java.util.UUID/randomUUID)))]
+ (is (lc/open? ch))
+ (lq/declare ch q :exclusive true)
+ (lb/publish ch "" q "verified TLS")
+ (let [[_ payload] (lb/get ch q)]
+ (is (= (String. ^bytes payload) "verified TLS")))
+ (lc/close conn)))

0 comments on commit 440ead9

Please sign in to comment.