diff --git a/testsuite/integration/web/src/test/java/org/jboss/as/test/integration/web/security/tg/TransportGuaranteeAnnotatedServlet.java b/testsuite/integration/web/src/test/java/org/jboss/as/test/integration/web/security/tg/TransportGuaranteeAnnotatedServlet.java
index 53b9a69600ba..b815a097c266 100644
--- a/testsuite/integration/web/src/test/java/org/jboss/as/test/integration/web/security/tg/TransportGuaranteeAnnotatedServlet.java
+++ b/testsuite/integration/web/src/test/java/org/jboss/as/test/integration/web/security/tg/TransportGuaranteeAnnotatedServlet.java
@@ -22,26 +22,25 @@
package org.jboss.as.test.integration.web.security.tg;
+import java.io.IOException;
+
import javax.servlet.ServletException;
import javax.servlet.annotation.HttpConstraint;
import javax.servlet.annotation.ServletSecurity;
+import javax.servlet.annotation.ServletSecurity.TransportGuarantee;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
-import javax.servlet.annotation.ServletSecurity.TransportGuarantee;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
/**
* Testing servlet which enables transport guarantee security constraint.
*
* @author Peter Skopek
*/
-
-
-
-@WebServlet(name = "TGSecuredServlet", urlPatterns = { TransportGuaranteeAnnotatedServlet.servletContext }, loadOnStartup = 1)
-@ServletSecurity(@HttpConstraint(rolesAllowed = { "gooduser" }, transportGuarantee = TransportGuarantee.CONFIDENTIAL) )
+@WebServlet(name = "TGSecuredServlet", urlPatterns = {TransportGuaranteeAnnotatedServlet.servletContext},
+ loadOnStartup = 1)
+@ServletSecurity(@HttpConstraint(rolesAllowed = {"gooduser"}, transportGuarantee = TransportGuarantee.CONFIDENTIAL))
public class TransportGuaranteeAnnotatedServlet extends HttpServlet {
private static final long serialVersionUID = 2L;
@@ -53,9 +52,9 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws Se
resp.getWriter().write("TransportGuaranteedGet");
}
- protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
- resp.getWriter().write("TransportGuaranteedPost");
- }
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+ resp.getWriter().write("TransportGuaranteedPost");
+ }
}
diff --git a/testsuite/integration/web/src/test/java/org/jboss/as/test/integration/web/security/tg/TransportGuaranteeMixedServlet.java b/testsuite/integration/web/src/test/java/org/jboss/as/test/integration/web/security/tg/TransportGuaranteeMixedServlet.java
index 8d57c20f5a35..797dd6d10d7c 100644
--- a/testsuite/integration/web/src/test/java/org/jboss/as/test/integration/web/security/tg/TransportGuaranteeMixedServlet.java
+++ b/testsuite/integration/web/src/test/java/org/jboss/as/test/integration/web/security/tg/TransportGuaranteeMixedServlet.java
@@ -22,6 +22,8 @@
package org.jboss.as.test.integration.web.security.tg;
+import java.io.IOException;
+
import javax.servlet.ServletException;
import javax.servlet.annotation.HttpConstraint;
import javax.servlet.annotation.ServletSecurity;
@@ -30,18 +32,14 @@
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
/**
* Testing servlet which enables transport guarantee security constraint.
*
* @author Peter Skopek
*/
-
-
-
-@WebServlet(name = "TG_MIXED_servlet", urlPatterns = { TransportGuaranteeMixedServlet.servletContext }, loadOnStartup = 1)
-@ServletSecurity(@HttpConstraint(rolesAllowed = { "gooduser" }, transportGuarantee = TransportGuarantee.NONE) )
+@WebServlet(name = "TG_MIXED_servlet", urlPatterns = {TransportGuaranteeMixedServlet.servletContext}, loadOnStartup = 1)
+@ServletSecurity(@HttpConstraint(rolesAllowed = {"gooduser"}, transportGuarantee = TransportGuarantee.NONE))
public class TransportGuaranteeMixedServlet extends HttpServlet {
private static final long serialVersionUID = 3L;
@@ -53,9 +51,9 @@ protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws Se
resp.getWriter().write("TransportGuaranteedGet");
}
- protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
- resp.getWriter().write("TransportGuaranteedPost");
- }
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+ resp.getWriter().write("TransportGuaranteedPost");
+ }
}
diff --git a/testsuite/integration/web/src/test/java/org/jboss/as/test/integration/web/security/tg/TransportGuaranteeServlet.java b/testsuite/integration/web/src/test/java/org/jboss/as/test/integration/web/security/tg/TransportGuaranteeServlet.java
index e490440a28a8..464db142f2ca 100644
--- a/testsuite/integration/web/src/test/java/org/jboss/as/test/integration/web/security/tg/TransportGuaranteeServlet.java
+++ b/testsuite/integration/web/src/test/java/org/jboss/as/test/integration/web/security/tg/TransportGuaranteeServlet.java
@@ -23,6 +23,7 @@
package org.jboss.as.test.integration.web.security.tg;
import java.io.IOException;
+
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
@@ -33,7 +34,6 @@
*
* @author Peter Skopek
*/
-
public class TransportGuaranteeServlet extends HttpServlet {
private static final long serialVersionUID = 2L;
diff --git a/testsuite/integration/web/src/test/java/org/jboss/as/test/integration/web/security/tg/TransportGuaranteeTestCase.java b/testsuite/integration/web/src/test/java/org/jboss/as/test/integration/web/security/tg/TransportGuaranteeTestCase.java
index f01ae27df6ce..4e84ef2b9f23 100644
--- a/testsuite/integration/web/src/test/java/org/jboss/as/test/integration/web/security/tg/TransportGuaranteeTestCase.java
+++ b/testsuite/integration/web/src/test/java/org/jboss/as/test/integration/web/security/tg/TransportGuaranteeTestCase.java
@@ -22,11 +22,30 @@
package org.jboss.as.test.integration.web.security.tg;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ADD;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ALLOW_RESOURCE_SERVICE_RESTART;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.COMPOSITE;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OPERATION_HEADERS;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP_ADDR;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.REMOVE;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.ROLLBACK_ON_RUNTIME_FAILURE;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.STEPS;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUBSYSTEM;
+
import java.io.File;
import java.io.IOException;
-import java.net.URL;
+import java.security.InvalidKeyException;
+import java.security.KeyPair;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.SignatureException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
-import org.apache.commons.io.FileUtils;
import org.apache.http.HttpResponse;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
@@ -36,19 +55,30 @@
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;
+import org.bouncycastle.operator.OperatorCreationException;
+import org.codehaus.plexus.util.FileUtils;
import org.jboss.arquillian.container.test.api.Deployment;
-import org.jboss.arquillian.container.test.api.OperateOnDeployment;
import org.jboss.arquillian.container.test.api.RunAsClient;
import org.jboss.arquillian.junit.Arquillian;
-import org.jboss.arquillian.test.api.ArquillianResource;
import org.jboss.as.arquillian.api.ServerSetup;
import org.jboss.as.arquillian.api.ServerSetupTask;
import org.jboss.as.arquillian.container.ManagementClient;
+import org.jboss.as.controller.client.ModelControllerClient;
+import org.jboss.as.controller.client.OperationBuilder;
+import org.jboss.as.controller.operations.common.Util;
import org.jboss.as.test.categories.CommonCriteria;
import org.jboss.as.test.http.util.TestHttpClientUtils;
-import org.jboss.as.test.integration.management.Listener;
import org.jboss.as.test.integration.management.ServerManager;
+import org.jboss.as.test.integration.management.util.CLIWrapper;
+import org.jboss.as.test.integration.security.common.AbstractSecurityRealmsServerSetupTask;
+import org.jboss.as.test.integration.security.common.SecurityTestConstants;
+import org.jboss.as.test.integration.security.common.config.realm.RealmKeystore;
+import org.jboss.as.test.integration.security.common.config.realm.SecurityRealm;
+import org.jboss.as.test.integration.security.common.config.realm.ServerIdentity;
+import org.jboss.as.test.integration.web.security.WebSecurityCommon;
import org.jboss.as.test.integration.web.security.WebTestsSecurityDomainSetup;
+import org.jboss.as.test.shared.TestSuiteEnvironment;
+import org.jboss.dmr.ModelNode;
import org.jboss.logging.Logger;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.spec.WebArchive;
@@ -58,78 +88,66 @@
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;
-
+import org.wildfly.test.security.common.elytron.CredentialReference;
+import org.wildfly.test.security.common.elytron.Path;
+import org.wildfly.test.security.common.elytron.SimpleKeyManager;
+import org.wildfly.test.security.common.elytron.SimpleKeyStore;
+import org.wildfly.test.security.common.elytron.SimpleServerSslContext;
+import org.wildfly.test.security.common.other.KeyStoreUtils;
+import org.wildfly.test.security.common.other.KeyUtils;
+import org.wildfly.test.security.common.other.SimpleSocketBinding;
+import org.wildfly.test.undertow.common.elytron.SimpleHttpsListener;
/**
* This test case check if transport-guarantee security constraint works properly.
*
* @author Peter Skopek
*/
-
@RunWith(Arquillian.class)
@RunAsClient
@ServerSetup({WebTestsSecurityDomainSetup.class, TransportGuaranteeTestCase.ListenerSetup.class})
@Category(CommonCriteria.class)
public class TransportGuaranteeTestCase {
-
private static final Logger log = Logger.getLogger(TransportGuaranteeTestCase.class);
private static final String WAR = ".war";
private static final String TG_ANN = "tg-annotated";
private static final String TG_DD = "tg-dd";
private static final String TG_MIXED = "tg-mixed";
- private static final File keyStoreFile = new File(System.getProperty("java.io.tmpdir"), "tg-test.keystore");
- private static final int httpsPort = 8447;
private static String httpsTestURL = null;
private static String httpTestURL = null;
- @ArquillianResource
- @OperateOnDeployment(TG_ANN + WAR)
- URL deploymentUrl;
- /*@ArquillianResource
- @OperateOnDeployment(TG_ANN + WAR)
- ManagementClient managementClient;*/
- //private boolean beforeServerManagerInitialized = false;
@Deployment(name = TG_ANN + WAR, order = 1, testable = false)
public static WebArchive deployAnnWar() throws Exception {
-
- log.trace("starting deployAnnWar()");
-
- WebArchive war = ShrinkWrap.create(WebArchive.class, TG_ANN + WAR);
- war.addClass(TransportGuaranteeAnnotatedServlet.class);
-
- war.addAsResource(TransportGuaranteeTestCase.class.getPackage(), "users.properties", "users.properties");
- war.addAsResource(TransportGuaranteeTestCase.class.getPackage(), "roles.properties", "roles.properties");
- war.setWebXML(TransportGuaranteeTestCase.class.getPackage(), "annotated-web.xml");
- war.addAsWebInfResource(TransportGuaranteeTestCase.class.getPackage(), "jboss-web.xml", "jboss-web.xml");
-
- return war;
+ return getDeployment(TG_ANN);
}
@Deployment(name = TG_DD + WAR, order = 2, testable = false)
public static WebArchive deployDdWar() {
-
- WebArchive war = ShrinkWrap.create(WebArchive.class, TG_DD + WAR);
- war.addClass(TransportGuaranteeServlet.class);
-
- war.addAsResource(TransportGuaranteeTestCase.class.getPackage(), "users.properties", "users.properties");
- war.addAsResource(TransportGuaranteeTestCase.class.getPackage(), "roles.properties", "roles.properties");
- war.setWebXML(TransportGuaranteeTestCase.class.getPackage(), "dd-web.xml");
- war.addAsWebInfResource(TransportGuaranteeTestCase.class.getPackage(), "jboss-web.xml", "jboss-web.xml");
-
- return war;
+ return getDeployment(TG_DD);
}
@Deployment(name = TG_MIXED + WAR, order = 3, testable = false)
public static WebArchive deployMixedWar() {
+ return getDeployment(TG_MIXED);
+ }
- WebArchive war = ShrinkWrap.create(WebArchive.class, TG_MIXED + WAR);
- war.addClass(TransportGuaranteeMixedServlet.class);
+ private static WebArchive getDeployment(String warName) {
+ log.trace("starting to deploy " + warName + ".war");
- war.addAsResource(TransportGuaranteeTestCase.class.getPackage(), "users.properties", "users.properties");
- war.addAsResource(TransportGuaranteeTestCase.class.getPackage(), "roles.properties", "roles.properties");
+ WebArchive war = ShrinkWrap.create(WebArchive.class, warName + WAR);
+
+ if (TG_MIXED.equals(warName)) {
+ war.addClass(TransportGuaranteeMixedServlet.class);
+ war.setWebXML(TransportGuaranteeTestCase.class.getPackage(), "mixed-web.xml");
+ } else if (TG_DD.equals(warName)) {
+ war.addClass(TransportGuaranteeServlet.class);
+ war.setWebXML(TransportGuaranteeTestCase.class.getPackage(), "dd-web.xml");
+ } else if (TG_ANN.equals(warName)) {
+ war.addClass(TransportGuaranteeAnnotatedServlet.class);
+ war.setWebXML(TransportGuaranteeTestCase.class.getPackage(), "annotated-web.xml");
+ }
- war.setWebXML(TransportGuaranteeTestCase.class.getPackage(), "mixed-web.xml");
war.addAsWebInfResource(TransportGuaranteeTestCase.class.getPackage(), "jboss-web.xml", "jboss-web.xml");
return war;
@@ -138,15 +156,13 @@ public static WebArchive deployMixedWar() {
@Before
public void before() throws IOException {
// set test URL
- httpsTestURL = "https://" + deploymentUrl.getHost() + ":" + Integer.toString(httpsPort);
- httpTestURL = "http://" + deploymentUrl.getHost() + ":" + deploymentUrl.getPort();
+ httpsTestURL = "https://" + TestSuiteEnvironment.getHttpAddress() + ":" + Integer.toString
+ (TransportGuaranteeTestCase.ListenerSetup.HTTPS_PORT);
+ httpTestURL = "http://" + TestSuiteEnvironment.getHttpAddress() + ":" + TestSuiteEnvironment.getHttpPort();
}
@AfterClass
- public static void after()throws IOException{
- if (keyStoreFile.exists()){
- keyStoreFile.delete();
- }
+ public static void after() throws IOException {
}
/**
@@ -180,8 +196,12 @@ private boolean checkGetURL(String url, String responseSubstring, String user, S
try {
hr = httpClient.execute(get);
} catch (Exception e) {
- if (responseSubstring == null) { return false; } else // in case substring is defined, rethrow exception so, we can easier analyze the cause
- { throw new Exception(e); }
+ if (responseSubstring == null) {
+ return false;
+ } else {
+ // in case substring is defined, rethrow exception so, we can easier analyze the cause
+ throw new Exception(e);
+ }
}
int statusCode = hr.getStatusLine().getStatusCode();
@@ -212,31 +232,20 @@ private boolean checkGetURL(String url, String responseSubstring, String user, S
@Test
public void testTransportGuaranteedAnnotation() throws Exception {
-
- String testURLContext = "/" + TG_ANN + TransportGuaranteeAnnotatedServlet.servletContext;
-
- boolean result = checkGetURL(
- httpsTestURL + testURLContext,
- "TransportGuaranteedGet",
- "anil",
- "anil");
- Assert.assertTrue("Not expected response", result);
-
-
- result = checkGetURL(
- httpTestURL + testURLContext,
- null,
- "anil",
- "anil");
- Assert.assertFalse("Non secure transport on URL has to be prevented, but was not", result);
-
+ performRequestsAndCheck("/" + TG_ANN + TransportGuaranteeAnnotatedServlet.servletContext);
}
@Test
public void testTransportGuaranteedDD() throws Exception {
+ performRequestsAndCheck("/" + TG_DD + TransportGuaranteeServlet.servletContext);
+ }
- String testURLContext = "/" + TG_DD + TransportGuaranteeServlet.servletContext;
+ @Test
+ public void testTransportGuaranteedMixed() throws Exception {
+ performRequestsAndCheck("/" + TG_MIXED + "/tg_mixed_override/srv");
+ }
+ private void performRequestsAndCheck(String testURLContext) throws Exception {
boolean result = checkGetURL(
httpsTestURL + testURLContext,
"TransportGuaranteedGet",
@@ -244,68 +253,221 @@ public void testTransportGuaranteedDD() throws Exception {
"anil");
Assert.assertTrue("Not expected response", result);
-
result = checkGetURL(
httpTestURL + testURLContext,
null,
"anil",
"anil");
Assert.assertFalse("Non secure transport on URL has to be prevented, but was not", result);
+ }
+ static class ListenerSetup extends AbstractSecurityRealmsServerSetupTask implements ServerSetupTask {
+ private ServerManager serverManager;
- }
+ private static final Logger log = Logger.getLogger(ListenerSetup.class);
- @Test
- public void testTransportGuaranteedMixed() throws Exception {
+ private static final String NAME = TransportGuaranteeTestCase.class.getSimpleName();
+ private static final File WORK_DIR = new File("target" + File.separatorChar + NAME);
+ private static final File SERVER_KEYSTORE_FILE = new File(WORK_DIR, SecurityTestConstants.SERVER_KEYSTORE);
+ private static final String PASSWORD = SecurityTestConstants.KEYSTORE_PASSWORD;
- String testURLContext = "/" + TG_MIXED
- + "/tg_mixed_override/srv";
+ public static final int HTTPS_PORT = 8343;
- boolean result = checkGetURL(
- httpsTestURL + testURLContext,
- "TransportGuaranteedGet",
- "anil",
- "anil");
- Assert.assertTrue("Not expected response", result);
+ private CLIWrapper cli;
+ private SimpleKeyStore simpleKeystore;
+ private SimpleKeyManager simpleKeyManager;
+ private SimpleServerSslContext simpleServerSslContext;
+ private SimpleSocketBinding simpleSocketBinding;
+ private SimpleHttpsListener simpleHttpsListener;
+ @Override
+ public void setup(ManagementClient managementClient, String containerId) throws Exception {
+ keyMaterialSetup(WORK_DIR);
+ if (WebSecurityCommon.isElytron()) {
+ cli = new CLIWrapper(true);
+ setElytronBased(managementClient);
+ } else {
+ super.setup(managementClient, containerId);
+ setLegacySecurityRealmBased(managementClient);
+ }
+ }
- result = checkGetURL(
- httpTestURL + testURLContext,
- null,
- "anil",
- "anil");
- Assert.assertFalse("Non secure transport on URL has to be prevented, but was not", result);
+ @Override
+ public void tearDown(ManagementClient managementClient, String containerId) throws Exception {
+ FileUtils.deleteDirectory(WORK_DIR);
+
+ if (WebSecurityCommon.isElytron()) {
+ cli = new CLIWrapper(true);
+ simpleHttpsListener.remove(cli);
+ simpleSocketBinding.remove(cli);
+ simpleServerSslContext.remove(cli);
+ simpleKeyManager.remove(cli);
+ simpleKeystore.remove(cli);
+ } else {
+ final List updates = new ArrayList();
+
+ ModelNode op = new ModelNode();
+ op.get(OP).set(REMOVE);
+ op.get(OP_ADDR).add(SUBSYSTEM, "undertow");
+ op.get(OP_ADDR).add("server", "default-server");
+ op.get(OP_ADDR).add("https-listener", NAME);
+ // Don't rollback when the AS detects the war needs the module
+ op.get(OPERATION_HEADERS, ROLLBACK_ON_RUNTIME_FAILURE).set(false);
+ op.get(OPERATION_HEADERS, ALLOW_RESOURCE_SERVICE_RESTART).set(true);
+ updates.add(op);
+
+ op = new ModelNode();
+ op.get(OP).set(REMOVE);
+ op.get(OP_ADDR).add("socket-binding-group", "standard-sockets");
+ op.get(OP_ADDR).add("socket-binding", NAME);
+ op.get(OPERATION_HEADERS).get(ALLOW_RESOURCE_SERVICE_RESTART).set(true);
+ updates.add(op);
+ try {
+ applyUpdates(managementClient.getControllerClient(), updates);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ super.tearDown(managementClient, containerId);
+ }
+ }
+ protected void setElytronBased(ManagementClient managementClient) throws Exception {
+ setHttpsListenerSslContextBased(managementClient, cli, NAME, NAME, HTTPS_PORT, NAME, false);
+ }
- }
+ protected void setLegacySecurityRealmBased(final ManagementClient managementClient) throws Exception {
+ setHttpsListenerSecurityRealmBased(NAME, NAME, HTTPS_PORT, NAME, "NOT_REQUESTED", managementClient);
+ }
- static class ListenerSetup implements ServerSetupTask {
- private ServerManager serverManager;
+ private void setHttpsListenerSecurityRealmBased(String httpsListenerName, String sockBindName, int httpsPort,
+ String secRealmName, String verifyClient, ManagementClient
+ managementClient) {
+ log.debug("start of the creation of the https-listener with legacy security-realm");
+
+ final List updates = new ArrayList();
+
+ // Add the HTTPS socket binding.
+ ModelNode op = new ModelNode();
+ op.get(OP).set(ADD);
+ op.get(OP_ADDR).add("socket-binding-group", "standard-sockets");
+ op.get(OP_ADDR).add("socket-binding", sockBindName);
+ op.get("interface").set("public");
+ op.get("port").set(httpsPort);
+ op.get(OPERATION_HEADERS).get(ALLOW_RESOURCE_SERVICE_RESTART).set(true);
+ updates.add(op);
+
+ // Add the HTTPS connector.
+ final ModelNode composite = Util.getEmptyOperation(COMPOSITE, new ModelNode());
+ final ModelNode steps = composite.get(STEPS);
+ op = new ModelNode();
+ op.get(OP).set(ADD);
+ op.get(OP_ADDR).add(SUBSYSTEM, "undertow");
+ op.get(OP_ADDR).add("server", "default-server");
+ op.get(OP_ADDR).add("https-listener", httpsListenerName);
+ op.get("socket-binding").set(sockBindName);
+ op.get("enabled").set(true);
+ op.get("security-realm").set(secRealmName);
+ op.get("verify-client").set(verifyClient);
+ steps.add(op);
+
+ composite.get(OPERATION_HEADERS).get(ALLOW_RESOURCE_SERVICE_RESTART).set(true);
+ updates.add(composite);
+
+ applyUpdates(managementClient.getControllerClient(), updates);
+
+ log.debug("end of the security-realm https-listener creation");
+ }
@Override
- public void setup(ManagementClient managementClient, String containerId) throws Exception {
- /*if (beforeServerManagerInitialized)
- return;
- beforeServerManagerInitialized = true;*/
- serverManager = new ServerManager(managementClient);
+ protected SecurityRealm[] getSecurityRealms() throws Exception {
+ RealmKeystore keystore = new RealmKeystore.Builder()
+ .keystorePassword(PASSWORD)
+ .keystorePath(SERVER_KEYSTORE_FILE.getAbsolutePath())
+ .build();
+ return new SecurityRealm[]{new SecurityRealm.Builder().name(NAME).serverIdentity(new
+ ServerIdentity.Builder().ssl(keystore).build()).build()};
+ }
- ClassLoader tccl = Thread.currentThread().getContextClassLoader();
- FileUtils.copyURLToFile(TransportGuaranteeTestCase.class.getResource("localhost.keystore"), keyStoreFile);
- try {
- serverManager.addListener(Listener.HTTPSJIO, httpsPort, null, null, keyStoreFile.getAbsolutePath(), "password");
- } catch (Exception e) {
- log.error("Cannot create https connector - HTTPSJIO", e);
- Assert.fail("Cannot create https connector - HTTPSJIO, cause " + e.getMessage());
+ private void setHttpsListenerSslContextBased(ManagementClient managementClient, CLIWrapper cli, String
+ httpsListenerName, String sockBindName, int httpsPort, String sslContext, boolean verifyClient) throws
+ Exception {
+ log.debug("start of the creation of the https-listener with ssl-context");
+
+ simpleKeystore = SimpleKeyStore.builder().withName(NAME + SecurityTestConstants.SERVER_KEYSTORE)
+ .withPath(Path.builder().withPath(SERVER_KEYSTORE_FILE.getAbsolutePath()).build())
+ .withCredentialReference(CredentialReference.builder().withClearText(PASSWORD).build())
+ .build();
+ simpleKeystore.create(cli);
+ simpleKeyManager = SimpleKeyManager.builder().withName(NAME)
+ .withKeyStore(NAME + SecurityTestConstants.SERVER_KEYSTORE)
+ .withCredentialReference(CredentialReference.builder().withClearText(PASSWORD).build())
+ .build();
+ simpleKeyManager.create(cli);
+ simpleServerSslContext = SimpleServerSslContext.builder().withName(sslContext)
+ .withKeyManagers(NAME)
+ .withProtocols("TLSv1.2")
+ .withNeedClientAuth(verifyClient)
+ .withAuthenticationOptional(false)
+ .build();
+ simpleServerSslContext.create(cli);
+
+ simpleSocketBinding = SimpleSocketBinding.builder().withName(sockBindName).withPort(httpsPort)
+ .build();
+ simpleSocketBinding.create(managementClient.getControllerClient(), cli);
+ simpleHttpsListener = SimpleHttpsListener.builder().withName(httpsListenerName).withSocketBinding
+ (sockBindName).
+ withSslContext(NAME).build();
+ simpleHttpsListener.create(cli);
+
+ log.debug("end of the ssl-context https-listener creation");
+ }
+
+ protected static void applyUpdates(final ModelControllerClient client, final List updates) {
+ for (ModelNode update : updates) {
+ try {
+ applyUpdate(client, update, false);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
}
+ }
+ protected static void applyUpdate(final ModelControllerClient client, ModelNode update, boolean allowFailure)
+ throws IOException {
+ ModelNode result = client.execute(new OperationBuilder(update).build());
+ if (result.hasDefined("outcome") && (allowFailure || "success".equals(result.get("outcome").asString()))) {
+ if (result.hasDefined("result")) {
+ log.trace(result.get("result"));
+ }
+ } else if (result.hasDefined("failure-description")) {
+ throw new RuntimeException(result.get("failure-description").toString());
+ } else {
+ throw new RuntimeException("Operation not successful; outcome = " + result.get("outcome"));
+ }
+ }
+ protected static void keyMaterialSetup(File workDir) throws Exception {
+ FileUtils.deleteDirectory(workDir);
+ workDir.mkdirs();
+ Assert.assertTrue(workDir.exists());
+ Assert.assertTrue(workDir.isDirectory());
+ generateCertificatesAndKeystores(PASSWORD, SERVER_KEYSTORE_FILE);
}
- @Override
- public void tearDown(ManagementClient managementClient, String containerId) throws Exception {
- log.trace("begin tidy up");
- serverManager.removeListener(Listener.HTTPSJIO, httpsTestURL);
+ private static void generateCertificatesAndKeystores(String keystorePassword, File serverKeystoreFile) throws
+ NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException,
+ OperatorCreationException, SignatureException, InvalidKeyException {
+ KeyPair server = KeyUtils.generateKeyPair();
+
+ String serverName = "server";
+ X509Certificate serverCert = KeyUtils.generateX509Certificate(serverName, server);
+
+ KeyStoreUtils.KeyEntry[] keys = new KeyStoreUtils.KeyEntry[]{
+ new KeyStoreUtils.KeyEntry(serverName, server, serverCert),
+ };
+ KeyStore serverKeystore = KeyStoreUtils.generateKeystore(keys, null, keystorePassword);
+
+ KeyStoreUtils.saveKeystore(serverKeystore, keystorePassword, serverKeystoreFile);
}
}
-
}
diff --git a/testsuite/integration/web/src/test/java/org/jboss/as/test/integration/web/security/tg/localhost.keystore b/testsuite/integration/web/src/test/java/org/jboss/as/test/integration/web/security/tg/localhost.keystore
deleted file mode 100644
index 511cef0fa4b8..000000000000
Binary files a/testsuite/integration/web/src/test/java/org/jboss/as/test/integration/web/security/tg/localhost.keystore and /dev/null differ
diff --git a/testsuite/integration/web/src/test/java/org/jboss/as/test/integration/web/security/tg/roles.properties b/testsuite/integration/web/src/test/java/org/jboss/as/test/integration/web/security/tg/roles.properties
deleted file mode 100644
index c699c86856d3..000000000000
--- a/testsuite/integration/web/src/test/java/org/jboss/as/test/integration/web/security/tg/roles.properties
+++ /dev/null
@@ -1,2 +0,0 @@
-anil=gooduser
-marcus=superuser
\ No newline at end of file
diff --git a/testsuite/integration/web/src/test/java/org/jboss/as/test/integration/web/security/tg/users.properties b/testsuite/integration/web/src/test/java/org/jboss/as/test/integration/web/security/tg/users.properties
deleted file mode 100644
index eb55759303a9..000000000000
--- a/testsuite/integration/web/src/test/java/org/jboss/as/test/integration/web/security/tg/users.properties
+++ /dev/null
@@ -1,2 +0,0 @@
-anil=anil
-marcus=marcus
\ No newline at end of file