diff --git a/cli-protonj2/src/main/java/com/redhat/mqe/Main.java b/cli-protonj2/src/main/java/com/redhat/mqe/Main.java index a4ad699c..e2cfe66e 100644 --- a/cli-protonj2/src/main/java/com/redhat/mqe/Main.java +++ b/cli-protonj2/src/main/java/com/redhat/mqe/Main.java @@ -11,8 +11,10 @@ import java.util.ArrayList; import java.util.List; import java.util.Map; +import java.util.Objects; import java.util.concurrent.Callable; import java.util.concurrent.TimeUnit; +import java.util.stream.Stream; @Command( name = "cli-protonj2", @@ -55,10 +57,18 @@ class CliProtonJ2SenderReceiverConnector { private String reconnectString = "false"; @CommandLine.Option(names = {"--conn-heartbeat"}) private Long connHeartbeat; - @CommandLine.Option(names = {"--conn-ssl-verify-host"}, arity = "0..1") - private Boolean connSslVerifyHost; - @CommandLine.Option(names = {"--conn-ssl-trust-all"}, arity = "0..1") - private Boolean connSslTrustAll; + @CommandLine.Option(names = {"--conn-ssl"}, arity = "0..1") + private Boolean connSsl = false; + @CommandLine.Option(names = {"--conn-ssl-certificate"}, arity = "0..1") + private String connSslCertificate; + @CommandLine.Option(names = {"--conn-ssl-password"}, arity = "0..1") + private String connSslPassword; + @CommandLine.Option(names = {"--conn-ssl-verify-peer"}, arity = "0..1") + private Boolean connSslVerifyPeer; + @CommandLine.Option(names = {"--conn-ssl-verify-peer-skip-trust-check"}, arity = "0..1") + private Boolean connSslTrustCheck; + @CommandLine.Option(names = {"--conn-ssl-verify-peer-name"}, arity = "0..1") + private Boolean connSslCheckName; protected boolean stringToBool(String string) { boolean bool = string.equalsIgnoreCase("true") || string.equalsIgnoreCase("yes"); @@ -82,16 +92,35 @@ protected ConnectionOptions getConnectionOptions() { for (AuthMechanism mech : connAuthMechanisms) { options.saslOptions().addAllowedMechanism(mech.name()); } - if (connSslVerifyHost != null || connSslTrustAll != null) { + + // TODO: why is there both `options.sslEnabled and options.sslOptions().sslEnabled()`? + boolean anyTlsOptionSet = Stream.of( + connSslCertificate, + connSslTrustCheck, + connSslCheckName, + connSslPassword, + connSslVerifyPeer + ).anyMatch(Objects::nonNull); + if (connSsl || anyTlsOptionSet) { options.sslEnabled(true); } - // TODO: why is there both `options.sslEnabled and options.sslOptions().sslEnabled()`? - if (connSslVerifyHost != null) { - options.sslOptions().verifyHost(connSslVerifyHost); + if (connSslCertificate != null) { + options.sslOptions().keyStoreLocation(connSslCertificate); + } + if (connSslPassword != null) { + options.sslOptions().keyStorePassword(connSslPassword); + } + + if (connSslTrustCheck != null) { + options.sslOptions().verifyHost(connSslTrustCheck); + options.sslOptions().trustAll(!connSslTrustCheck); + } + if (connSslVerifyPeer != null) { + options.sslOptions().verifyHost(connSslVerifyPeer); } - if (connSslTrustAll != null) { - options.sslOptions().trustAll(connSslTrustAll); + if (connSslCheckName != null) { + options.sslOptions().trustAll(!connSslCheckName); } // TODO: what do I actually need/want here? diff --git a/cli-protonj2/src/test/kotlin/MainTest.kt b/cli-protonj2/src/test/kotlin/MainTest.kt index faeda654..467df81b 100644 --- a/cli-protonj2/src/test/kotlin/MainTest.kt +++ b/cli-protonj2/src/test/kotlin/MainTest.kt @@ -20,6 +20,7 @@ package com.redhat.mqe import AbstractMainTest +import assertNoSystemExit import com.google.common.truth.Truth.assertThat import org.junit.jupiter.api.Disabled import org.junit.jupiter.api.Tag @@ -193,6 +194,16 @@ class ProtonJ2MainTest : AbstractMainTest() { super.sendAndReceiveWithAllSenderCLISwitches(senderDynamicOptions) } + override fun sendSingleMessageAllTrustingTls() { + assertNoSystemExit { + val senderParameters = + "sender --log-msgs dict --broker $sslBrokerUrl --address $address --conn-ssl-verify-peer false --conn-ssl-verify-peer-name false --count 1".split(" " + ).toTypedArray() + print("Sending: ") + main(senderParameters) + } + } + /** * Large message streaming from/to java.io.{Input,Output}Stream is artemis-jms-client only */ diff --git a/tests.sh b/tests.sh index 70c60fbe..f8452954 100644 --- a/tests.sh +++ b/tests.sh @@ -26,20 +26,20 @@ java -jar cli-activemq-jmx/target/amqx-*.jar --help java -jar cli-activemq/target/cli-activemq-1.2.2-SNAPSHOT-*.jar sender --address cli-activemq --log-msgs json --count 1 java -jar cli-activemq/target/cli-activemq-1.2.2-SNAPSHOT-*.jar receiver --address cli-activemq --log-msgs json --count 1 -java -jar cli-activemq/target/cli-activemq-1.2.2-SNAPSHOT-*.jar sender --conn-username test --conn-ssl-verify-host false --conn-password test --msg-content msg no. %d --broker ssl://127.0.0.1:61617 --conn-auth-mechanisms PLAIN --timeout 30 --log-msgs json --log-lib trace --address message-basiccli_jms --count 10 --conn-ssl-trust-all true +java -jar cli-activemq/target/cli-activemq-1.2.2-SNAPSHOT-*.jar sender --conn-username test --conn-ssl-verify-host false --conn-password test --msg-content 'msg no. %d' --broker ssl://127.0.0.1:61617 --conn-auth-mechanisms PLAIN --timeout 30 --log-msgs json --log-lib trace --address message-basiccli_jms --count 10 --conn-ssl-trust-all true java -jar cli-artemis-jms/target/cli-artemis-jms-1.2.2-SNAPSHOT-*.jar sender --address cli-artemis-jms --log-msgs json --count 1 java -jar cli-artemis-jms/target/cli-artemis-jms-1.2.2-SNAPSHOT-*.jar receiver --address cli-artemis-jms --log-msgs json --count 1 -java -jar cli-artemis-jms/target/cli-artemis-jms-1.2.2-SNAPSHOT-*.jar sender --conn-username test --conn-ssl-verify-host false --conn-password test --msg-content msg no. %d --broker tcp://127.0.0.1:61617 --conn-auth-mechanisms PLAIN --timeout 30 --log-msgs json --log-lib trace --address message-basiccli_jms --count 10 --conn-ssl-trust-all true +java -jar cli-artemis-jms/target/cli-artemis-jms-1.2.2-SNAPSHOT-*.jar sender --conn-username test --conn-ssl-verify-host false --conn-password test --msg-content 'msg no. %d' --broker tcp://127.0.0.1:61617 --conn-auth-mechanisms PLAIN --timeout 30 --log-msgs json --log-lib trace --address message-basiccli_jms --count 10 --conn-ssl-trust-all true java -jar cli-paho-java/target/cli-paho-java-1.2.2-SNAPSHOT-*.jar sender --address cli-paho-java --log-msgs json --count 1 cli_qpid_jms_jar=$(find cli-qpid-jms/target -name 'cli-qpid-jms-1.2.2-SNAPSHOT-*.jar' -not -name '*-tests.jar') java -jar "${cli_qpid_jms_jar}" sender --address cli-qpid-jms --log-msgs json --count 1 java -jar "${cli_qpid_jms_jar}" receiver --address cli-qpid-jms --log-msgs json --count 1 -java -jar "${cli_qpid_jms_jar}" sender --conn-username test --conn-ssl-verify-host false --conn-password test --msg-content msg no. %d --broker amqps://127.0.0.1:5673 --conn-auth-mechanisms PLAIN --timeout 30 --log-msgs json --log-lib trace --address message-basiccli_jms --count 10 --conn-ssl-trust-all true +java -jar "${cli_qpid_jms_jar}" sender --conn-username test --conn-ssl-verify-host false --conn-password test --msg-content 'msg no. %d' --broker amqps://127.0.0.1:5673 --conn-auth-mechanisms PLAIN --timeout 30 --log-msgs json --log-lib trace --address message-basiccli_jms --count 10 --conn-ssl-trust-all true cli_protonj2=$(find cli-protonj2/target -name 'cli-protonj2-1.2.2-SNAPSHOT-*.jar') java -jar "${cli_protonj2}" sender --broker amqp://127.0.0.1 --address cli-qpid-jms --log-msgs dict --count 1 java -jar "${cli_protonj2}" receiver --broker amqp://127.0.0.1 --address cli-qpid-jms --log-msgs dict --count 1 -#java -jar "${cli_protonj2}" sender --conn-username test --conn-ssl-verify-host false --conn-password test --msg-content msg no. %d --broker amqps://127.0.0.1:5673 --conn-auth-mechanisms PLAIN --timeout 30 --log-msgs json --log-lib trace --address message-basiccli_jms --count 10 --conn-ssl-trust-all true +java -jar "${cli_protonj2}" sender --conn-username test --conn-ssl-verify-peer false --conn-ssl-verify-peer-name false --conn-password test --msg-content 'msg no. %d' --broker amqps://127.0.0.1:5673 --conn-auth-mechanisms PLAIN --timeout 30 --log-msgs json --log-lib trace --address message-basiccli_jms --count 10