Issue rh-messaging#490: Unknown options --conn-ssl-verify-host, `--…

…conn-ssl-trust-all`
jiridanek · Apr 17, 2023 · ad10c00 · ad10c00
1 parent eec4067
commit ad10c00
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 14 deletions.
diff --git a/cli-protonj2/src/main/java/com/redhat/mqe/Main.java b/cli-protonj2/src/main/java/com/redhat/mqe/Main.java
@@ -11,8 +11,10 @@
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 import java.util.concurrent.Callable;
 import java.util.concurrent.TimeUnit;
+import java.util.stream.Stream;
 
 @Command(
     name = "cli-protonj2",
@@ -55,10 +57,18 @@ class CliProtonJ2SenderReceiverConnector {
     private String reconnectString = "false";
     @CommandLine.Option(names = {"--conn-heartbeat"})
     private Long connHeartbeat;
-    @CommandLine.Option(names = {"--conn-ssl-verify-host"}, arity = "0..1")
-    private Boolean connSslVerifyHost;
-    @CommandLine.Option(names = {"--conn-ssl-trust-all"}, arity = "0..1")
-    private Boolean connSslTrustAll;
+    @CommandLine.Option(names = {"--conn-ssl"}, arity = "0..1")
+    private Boolean connSsl = false;
+    @CommandLine.Option(names = {"--conn-ssl-certificate"}, arity = "0..1")
+    private String connSslCertificate;
+    @CommandLine.Option(names = {"--conn-ssl-password"}, arity = "0..1")
+    private String connSslPassword;
+    @CommandLine.Option(names = {"--conn-ssl-verify-peer"}, arity = "0..1")
+    private Boolean connSslVerifyPeer;
+    @CommandLine.Option(names = {"--conn-ssl-verify-peer-skip-trust-check"}, arity = "0..1")
+    private Boolean connSslTrustCheck;
+    @CommandLine.Option(names = {"--conn-ssl-verify-peer-name"}, arity = "0..1")
+    private Boolean connSslCheckName;
 
     protected boolean stringToBool(String string) {
         boolean bool = string.equalsIgnoreCase("true") || string.equalsIgnoreCase("yes");
@@ -82,16 +92,35 @@ protected ConnectionOptions getConnectionOptions() {
         for (AuthMechanism mech : connAuthMechanisms) {
             options.saslOptions().addAllowedMechanism(mech.name());
         }
-        if (connSslVerifyHost != null || connSslTrustAll != null) {
+
+        // TODO: why is there both `options.sslEnabled and options.sslOptions().sslEnabled()`?
+        boolean anyTlsOptionSet = Stream.of(
+            connSslCertificate,
+            connSslTrustCheck,
+            connSslCheckName,
+            connSslPassword,
+            connSslVerifyPeer
+        ).anyMatch(Objects::nonNull);
+        if (connSsl || anyTlsOptionSet) {
             options.sslEnabled(true);
         }
 
-        // TODO: why is there both `options.sslEnabled and options.sslOptions().sslEnabled()`?
-        if (connSslVerifyHost != null) {
-            options.sslOptions().verifyHost(connSslVerifyHost);
+        if (connSslCertificate != null) {
+            options.sslOptions().keyStoreLocation(connSslCertificate);
+        }
+        if (connSslPassword != null) {
+            options.sslOptions().keyStorePassword(connSslPassword);
+        }
+
+        if (connSslTrustCheck != null) {
+            options.sslOptions().verifyHost(connSslTrustCheck);
+            options.sslOptions().trustAll(!connSslTrustCheck);
+        }
+        if (connSslVerifyPeer != null) {
+            options.sslOptions().verifyHost(connSslVerifyPeer);
         }
-        if (connSslTrustAll != null) {
-            options.sslOptions().trustAll(connSslTrustAll);
+        if (connSslCheckName != null) {
+            options.sslOptions().trustAll(!connSslCheckName);
         }
 
         // TODO: what do I actually need/want here?

diff --git a/cli-protonj2/src/test/kotlin/MainTest.kt b/cli-protonj2/src/test/kotlin/MainTest.kt
@@ -20,6 +20,7 @@
 package com.redhat.mqe
 
 import AbstractMainTest
+import assertNoSystemExit
 import com.google.common.truth.Truth.assertThat
 import org.junit.jupiter.api.Disabled
 import org.junit.jupiter.api.Tag
@@ -193,6 +194,16 @@ class ProtonJ2MainTest : AbstractMainTest() {
         super.sendAndReceiveWithAllSenderCLISwitches(senderDynamicOptions)
     }
 
+    override fun sendSingleMessageAllTrustingTls() {
+        assertNoSystemExit {
+            val senderParameters =
+                "sender --log-msgs dict --broker $sslBrokerUrl --address $address --conn-ssl-verify-peer false --conn-ssl-verify-peer-name false --count 1".split(" "
+                ).toTypedArray()
+            print("Sending: ")
+            main(senderParameters)
+        }
+    }
+
     /**
      * Large message streaming from/to java.io.{Input,Output}Stream is artemis-jms-client only
      */

diff --git a/tests.sh b/tests.sh
@@ -26,20 +26,20 @@ java -jar cli-activemq-jmx/target/amqx-*.jar --help
 
 java -jar cli-activemq/target/cli-activemq-1.2.2-SNAPSHOT-*.jar sender --address cli-activemq --log-msgs json --count 1
 java -jar cli-activemq/target/cli-activemq-1.2.2-SNAPSHOT-*.jar receiver --address cli-activemq --log-msgs json --count 1
-java -jar cli-activemq/target/cli-activemq-1.2.2-SNAPSHOT-*.jar sender --conn-username test --conn-ssl-verify-host false --conn-password test --msg-content msg no. %d --broker ssl://127.0.0.1:61617 --conn-auth-mechanisms PLAIN --timeout 30 --log-msgs json --log-lib trace --address message-basiccli_jms --count 10 --conn-ssl-trust-all true
+java -jar cli-activemq/target/cli-activemq-1.2.2-SNAPSHOT-*.jar sender --conn-username test --conn-ssl-verify-host false --conn-password test --msg-content 'msg no. %d' --broker ssl://127.0.0.1:61617 --conn-auth-mechanisms PLAIN --timeout 30 --log-msgs json --log-lib trace --address message-basiccli_jms --count 10 --conn-ssl-trust-all true
 
 java -jar cli-artemis-jms/target/cli-artemis-jms-1.2.2-SNAPSHOT-*.jar sender --address cli-artemis-jms --log-msgs json --count 1
 java -jar cli-artemis-jms/target/cli-artemis-jms-1.2.2-SNAPSHOT-*.jar receiver --address cli-artemis-jms --log-msgs json --count 1
-java -jar cli-artemis-jms/target/cli-artemis-jms-1.2.2-SNAPSHOT-*.jar sender --conn-username test --conn-ssl-verify-host false --conn-password test --msg-content msg no. %d --broker tcp://127.0.0.1:61617 --conn-auth-mechanisms PLAIN --timeout 30 --log-msgs json --log-lib trace --address message-basiccli_jms --count 10 --conn-ssl-trust-all true
+java -jar cli-artemis-jms/target/cli-artemis-jms-1.2.2-SNAPSHOT-*.jar sender --conn-username test --conn-ssl-verify-host false --conn-password test --msg-content 'msg no. %d' --broker tcp://127.0.0.1:61617 --conn-auth-mechanisms PLAIN --timeout 30 --log-msgs json --log-lib trace --address message-basiccli_jms --count 10 --conn-ssl-trust-all true
 
 java -jar cli-paho-java/target/cli-paho-java-1.2.2-SNAPSHOT-*.jar sender --address cli-paho-java --log-msgs json --count 1
 
 cli_qpid_jms_jar=$(find cli-qpid-jms/target -name 'cli-qpid-jms-1.2.2-SNAPSHOT-*.jar' -not -name '*-tests.jar')
 java -jar "${cli_qpid_jms_jar}" sender --address cli-qpid-jms --log-msgs json --count 1
 java -jar "${cli_qpid_jms_jar}" receiver --address cli-qpid-jms --log-msgs json --count 1
-java -jar "${cli_qpid_jms_jar}" sender --conn-username test --conn-ssl-verify-host false --conn-password test --msg-content msg no. %d --broker amqps://127.0.0.1:5673 --conn-auth-mechanisms PLAIN --timeout 30 --log-msgs json --log-lib trace --address message-basiccli_jms --count 10 --conn-ssl-trust-all true
+java -jar "${cli_qpid_jms_jar}" sender --conn-username test --conn-ssl-verify-host false --conn-password test --msg-content 'msg no. %d' --broker amqps://127.0.0.1:5673 --conn-auth-mechanisms PLAIN --timeout 30 --log-msgs json --log-lib trace --address message-basiccli_jms --count 10 --conn-ssl-trust-all true
 
 cli_protonj2=$(find cli-protonj2/target -name 'cli-protonj2-1.2.2-SNAPSHOT-*.jar')
 java -jar "${cli_protonj2}" sender --broker amqp://127.0.0.1 --address cli-qpid-jms --log-msgs dict --count 1
 java -jar "${cli_protonj2}" receiver --broker amqp://127.0.0.1 --address cli-qpid-jms --log-msgs dict --count 1
-#java -jar "${cli_protonj2}" sender --conn-username test --conn-ssl-verify-host false --conn-password test --msg-content msg no. %d --broker amqps://127.0.0.1:5673 --conn-auth-mechanisms PLAIN --timeout 30 --log-msgs json --log-lib trace --address message-basiccli_jms --count 10 --conn-ssl-trust-all true
+java -jar "${cli_protonj2}" sender --conn-username test --conn-ssl-verify-peer false --conn-ssl-verify-peer-name false --conn-password test --msg-content 'msg no. %d' --broker amqps://127.0.0.1:5673 --conn-auth-mechanisms PLAIN --timeout 30 --log-msgs json --log-lib trace --address message-basiccli_jms --count 10