-
Notifications
You must be signed in to change notification settings - Fork 49
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Don't override SSLContext when explicitly set up
Fixes #12
- Loading branch information
1 parent
1ea0f7a
commit dfaaf43
Showing
10 changed files
with
261 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
String[] command = [ | ||
properties['make.bin'], | ||
'-C', properties['rabbitmq.dir'], | ||
'--no-print-directory', | ||
'show-test-tls-certs-dir', | ||
"DEPS_DIR=${properties['deps.dir']}", | ||
] | ||
|
||
def pb = new ProcessBuilder(command) | ||
pb.redirectErrorStream(true) | ||
|
||
def process = pb.start() | ||
|
||
// We are only interested in the last line of output. Previous lines, if | ||
// any, are related to the generation of the test certificates. | ||
def whole_output = "" | ||
process.inputStream.eachLine { | ||
whole_output += it | ||
project.properties['test-tls-certs.dir'] = it.trim() | ||
} | ||
process.waitFor() | ||
if (process.exitValue() != 0) { | ||
println(whole_output.trim()) | ||
fail("Failed to query test TLS certs directory with command: ${command.join(' ')}") | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
def dir = new File(project.build.directory) | ||
|
||
// This pattern starts with `.*`. This is normally useless and even | ||
// inefficient but the matching doesn't work without it... | ||
def pattern = ~/.*\.keystore$/ | ||
dir.eachFileMatch(pattern) { file -> | ||
file.delete() | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
70 changes: 70 additions & 0 deletions
70
src/test/java/com/rabbitmq/integration/tests/SslContextIT.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
/* Copyright (c) 2016 Pivotal Software, Inc. All rights reserved. */ | ||
|
||
package com.rabbitmq.integration.tests; | ||
|
||
import com.rabbitmq.jms.admin.RMQConnectionFactory; | ||
import org.junit.Test; | ||
|
||
import javax.jms.Connection; | ||
import javax.net.ssl.SSLContext; | ||
import javax.net.ssl.TrustManager; | ||
import javax.net.ssl.X509TrustManager; | ||
import java.security.NoSuchAlgorithmException; | ||
import java.security.cert.CertificateException; | ||
import java.security.cert.X509Certificate; | ||
import java.util.concurrent.atomic.AtomicInteger; | ||
|
||
import static org.junit.Assert.assertEquals; | ||
|
||
|
||
public class SslContextIT { | ||
|
||
// https://github.com/rabbitmq/rabbitmq-jms-client/issues/12 | ||
// the set SSLContext isn't overridden | ||
@Test public void sslContextShouldBeUsedWhenExplicitlySet() throws Exception { | ||
Connection connection = null; | ||
try { | ||
RMQConnectionFactory connectionFactory = (RMQConnectionFactory) AbstractTestConnectionFactory.getTestConnectionFactory(true, 0) | ||
.getConnectionFactory(); | ||
connectionFactory.setUri("amqps://guest:guest@localhost:5671/%2f"); | ||
SSLContext sslContext = createSslContext(); | ||
AlwaysTrustTrustManager trustManager = new AlwaysTrustTrustManager(); | ||
sslContext.init(null, new TrustManager[] {trustManager}, null); | ||
connectionFactory.useSslProtocol(sslContext); | ||
connection = connectionFactory.createConnection(); | ||
assertEquals(1, trustManager.checkServerTrustedCallCount.get()); | ||
} finally { | ||
if(connection != null) { | ||
connection.close(); | ||
} | ||
} | ||
|
||
} | ||
|
||
private static SSLContext createSslContext() throws NoSuchAlgorithmException { | ||
String[] protocols = SSLContext.getDefault().getSupportedSSLParameters().getProtocols(); | ||
String protocol = com.rabbitmq.client.ConnectionFactory.computeDefaultTlsProcotol(protocols); | ||
return SSLContext.getInstance(protocol); | ||
} | ||
|
||
private static class AlwaysTrustTrustManager implements X509TrustManager { | ||
|
||
private final AtomicInteger checkServerTrustedCallCount = new AtomicInteger(); | ||
|
||
@Override | ||
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { | ||
|
||
} | ||
|
||
@Override | ||
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException { | ||
checkServerTrustedCallCount.incrementAndGet(); | ||
} | ||
|
||
@Override | ||
public X509Certificate[] getAcceptedIssuers() { | ||
return new X509Certificate[0]; | ||
} | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,7 +1,15 @@ | ||
% vim:ft=erlang: | ||
|
||
[ | ||
{rabbit, [ | ||
{auth_mechanisms, ['PLAIN', 'AMQPLAIN', 'EXTERNAL', 'RABBIT-CR-DEMO']} | ||
{rabbit, [ | ||
{ssl_listeners, [5671]}, | ||
{ssl_options, [ | ||
{cacertfile, "${test-tls-certs.dir}/testca/cacert.pem"}, | ||
{certfile, "${test-tls-certs.dir}/server/cert.pem"}, | ||
{keyfile, "${test-tls-certs.dir}/server/key.pem"}, | ||
{verify, verify_peer}, | ||
{fail_if_no_peer_cert, false}, | ||
{honor_cipher_order, true}]}, | ||
{auth_mechanisms, ['PLAIN', 'AMQPLAIN', 'EXTERNAL', 'RABBIT-CR-DEMO']} | ||
]} | ||
]. | ||
]. |