Issue rh-messaging#490: Unknown options --conn-ssl-verify-host, `--…

…conn-ssl-trust-all`
jiridanek · Apr 17, 2023 · 55f8bfb · 55f8bfb
1 parent eec4067
commit 55f8bfb
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 11 deletions.
diff --git a/cli-protonj2/src/main/java/com/redhat/mqe/Main.java b/cli-protonj2/src/main/java/com/redhat/mqe/Main.java
@@ -55,10 +55,18 @@ class CliProtonJ2SenderReceiverConnector {
     private String reconnectString = "false";
     @CommandLine.Option(names = {"--conn-heartbeat"})
     private Long connHeartbeat;
-    @CommandLine.Option(names = {"--conn-ssl-verify-host"}, arity = "0..1")
-    private Boolean connSslVerifyHost;
-    @CommandLine.Option(names = {"--conn-ssl-trust-all"}, arity = "0..1")
-    private Boolean connSslTrustAll;
+    @CommandLine.Option(names = {"--conn-ssl"}, arity = "0..1")
+    private Boolean connSsl = false;
+    @CommandLine.Option(names = {"--conn-ssl-certificate"}, arity = "0..1")
+    private String connSslCertificate;
+    @CommandLine.Option(names = {"--conn-ssl-password"}, arity = "0..1")
+    private String connSslPassword;
+    @CommandLine.Option(names = {"--conn-ssl-verify-peer"}, arity = "0..1")
+    private Boolean connSslVerifyPeer;
+    @CommandLine.Option(names = {"--conn-ssl-verify-peer-skip-trust-check"}, arity = "0..1")
+    private Boolean connSslTrustCheck;
+    @CommandLine.Option(names = {"--conn-ssl-verify-peer-name"}, arity = "0..1")
+    private Boolean connSslCheckName;
 
     protected boolean stringToBool(String string) {
         boolean bool = string.equalsIgnoreCase("true") || string.equalsIgnoreCase("yes");
@@ -82,16 +90,28 @@ protected ConnectionOptions getConnectionOptions() {
         for (AuthMechanism mech : connAuthMechanisms) {
             options.saslOptions().addAllowedMechanism(mech.name());
         }
-        if (connSslVerifyHost != null || connSslTrustAll != null) {
+
+        // TODO: why is there both `options.sslEnabled and options.sslOptions().sslEnabled()`?
+        if (connSsl) {
             options.sslEnabled(true);
         }
 
-        // TODO: why is there both `options.sslEnabled and options.sslOptions().sslEnabled()`?
-        if (connSslVerifyHost != null) {
-            options.sslOptions().verifyHost(connSslVerifyHost);
+        if (connSslCertificate != null) {
+            options.sslOptions().keyStoreLocation(connSslCertificate);
+        }
+        if (connSslPassword != null) {
+            options.sslOptions().keyStorePassword(connSslPassword);
+        }
+
+        if (connSslTrustCheck != null) {
+            options.sslOptions().verifyHost(connSslTrustCheck);
+            options.sslOptions().trustAll(!connSslTrustCheck);
+        }
+        if (connSslVerifyPeer != null) {
+            options.sslOptions().verifyHost(connSslVerifyPeer);
         }
-        if (connSslTrustAll != null) {
-            options.sslOptions().trustAll(connSslTrustAll);
+        if (connSslCheckName != null) {
+            options.sslOptions().trustAll(!connSslCheckName);
         }
 
         // TODO: what do I actually need/want here?

diff --git a/cli-protonj2/src/test/kotlin/MainTest.kt b/cli-protonj2/src/test/kotlin/MainTest.kt
@@ -20,6 +20,7 @@
 package com.redhat.mqe
 
 import AbstractMainTest
+import assertNoSystemExit
 import com.google.common.truth.Truth.assertThat
 import org.junit.jupiter.api.Disabled
 import org.junit.jupiter.api.Tag
@@ -193,6 +194,16 @@ class ProtonJ2MainTest : AbstractMainTest() {
         super.sendAndReceiveWithAllSenderCLISwitches(senderDynamicOptions)
     }
 
+    override fun sendSingleMessageAllTrustingTls() {
+        assertNoSystemExit {
+            val senderParameters =
+                "sender --log-msgs dict --broker $sslBrokerUrl --address $address --conn-ssl-verify-peer false --conn-ssl-verify-peer-name false --count 1".split(" "
+                ).toTypedArray()
+            print("Sending: ")
+            main(senderParameters)
+        }
+    }
+
     /**
      * Large message streaming from/to java.io.{Input,Output}Stream is artemis-jms-client only
      */

diff --git a/tests.sh b/tests.sh
@@ -42,4 +42,4 @@ java -jar "${cli_qpid_jms_jar}" sender --conn-username test --conn-ssl-verify-ho
 cli_protonj2=$(find cli-protonj2/target -name 'cli-protonj2-1.2.2-SNAPSHOT-*.jar')
 java -jar "${cli_protonj2}" sender --broker amqp://127.0.0.1 --address cli-qpid-jms --log-msgs dict --count 1
 java -jar "${cli_protonj2}" receiver --broker amqp://127.0.0.1 --address cli-qpid-jms --log-msgs dict --count 1
-#java -jar "${cli_protonj2}" sender --conn-username test --conn-ssl-verify-host false --conn-password test --msg-content msg no. %d --broker amqps://127.0.0.1:5673 --conn-auth-mechanisms PLAIN --timeout 30 --log-msgs json --log-lib trace --address message-basiccli_jms --count 10 --conn-ssl-trust-all true
+java -jar "${cli_protonj2}" sender --conn-username test --conn-ssl-verify-peer false --conn-password test --msg-content msg no. %d --broker amqps://127.0.0.1:5673 --conn-auth-mechanisms PLAIN --timeout 30 --log-msgs json --log-lib trace --address message-basiccli_jms --count 10