Added test cases for QPID-2444 and QPID-2446

Modified SSLUtil to handle the case where distinguished name only contains the CN component.


git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk/qpid@925469 13f79535-47bb-0310-9956-ffa450edef68

2 files changed, 114 insertions, 2 deletions

diff --git a/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java b/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
index f23d9ae359..130ce04adc 100644
--- a/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
+++ b/java/common/src/main/java/org/apache/qpid/transport/network/security/ssl/SSLUtil.java
@@ -28,7 +28,8 @@ public class SSLUtil
           
           if (dn.contains("CN="))
           {
-              hostname = dn.substring(3, dn.indexOf(","));
+              hostname = dn.substring(3,
+                      dn.indexOf(",") == -1? dn.length(): dn.indexOf(","));
           }   
           
           if (log.isDebugEnabled())
@@ -38,7 +39,8 @@ public class SSLUtil
               log.debug("Host Name obtained from DN : " + hostname);
           }
           
-          if (hostname != null && !hostname.equalsIgnoreCase(hostnameExpected))
+          if (hostname != null && !(hostname.equalsIgnoreCase(hostnameExpected) ||
+                  hostname.equalsIgnoreCase(hostnameExpected + ".localdomain")))
           {
               throw new TransportException("SSL hostname verification failed." +
                                            " Expected : " + hostnameExpected +
diff --git a/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java b/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java
new file mode 100644
index 0000000000..6d6b6db420
--- /dev/null
+++ b/java/systests/src/main/java/org/apache/qpid/client/ssl/SSLTest.java
@@ -0,0 +1,110 @@
+package org.apache.qpid.client.ssl;
+
+import java.io.ByteArrayOutputStream;
+import java.io.PrintStream;
+
+import javax.jms.Session;
+
+import org.apache.qpid.client.AMQConnection;
+import org.apache.qpid.test.utils.QpidTestCase;
+
+public class SSLTest extends QpidTestCase
+{      
+    public void testCreateSSLContextFromConnectionURLParams()
+    {
+        if (Boolean.getBoolean("profile.use_ssl"))
+        {   
+            String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:%s" +
+            "?ssl='true'&ssl_verify_hostname='true'" + 
+            "&key_store='%s'&keystore_password='%s'" +
+            "&trust_store='%s'&trust_store_password='%s'" +
+            "'";
+            url = String.format(url,System.getProperty("test.port.ssl"),
+                    System.getProperty("javax.net.ssl.keyStore"),
+                    System.getProperty("javax.net.ssl.keyStorePassword"),
+                    System.getProperty("javax.net.ssl.trustStore"),
+                    System.getProperty("javax.net.ssl.trustStorePassword"));
+            
+            // temporarily set the trust store jvm arg to something else
+            // to ensure we only read from the connection URL param.
+            String tmp = System.getProperty("javax.net.ssl.trustStore");
+            System.setProperty("javax.net.ssl.trustStore","fessgsdgd");
+            try
+            {
+                AMQConnection con = new AMQConnection(url);
+                Session ssn = con.createSession(false,Session.AUTO_ACKNOWLEDGE); 
+            }
+            catch (Exception e)
+            {
+                fail("SSL Connection should be successful");
+            }
+            finally
+            {
+                System.setProperty("javax.net.ssl.trustStore",tmp);
+            }
+        }        
+    }
+    
+    public void testVerifyHostName()
+    {
+        if (Boolean.getBoolean("profile.use_ssl"))
+        {
+            String url = "amqp://guest:guest@test/?brokerlist='tcp://127.0.0.1:" + 
+            System.getProperty("test.port.ssl") + 
+            "?ssl='true'&ssl_verify_hostname='true''";
+            
+            try
+            {
+                AMQConnection con = new AMQConnection(url);
+                fail("Hostname verification failed. No exception was thrown");
+            }
+            catch (Exception e)
+            {
+                ByteArrayOutputStream bout = new ByteArrayOutputStream();
+                e.printStackTrace(new PrintStream(bout));
+                String strace = bout.toString();
+                assertTrue("Correct exception not thrown",strace.contains("SSL hostname verification failed"));
+            }
+            
+        }        
+    }
+    
+    public void testVerifyLocalHost()
+    {
+        if (Boolean.getBoolean("profile.use_ssl"))
+        {
+            String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost:" + 
+            System.getProperty("test.port.ssl") + 
+            "?ssl='true'&ssl_verify_hostname='true''";
+            
+            try
+            {
+                AMQConnection con = new AMQConnection(url);
+            }
+            catch (Exception e)
+            {
+                fail("Hostname verification should succeed");
+            }            
+        }        
+    }
+    
+    public void testVerifyLocalHostLocalDomain()
+    {
+        if (Boolean.getBoolean("profile.use_ssl"))
+        {
+            String url = "amqp://guest:guest@test/?brokerlist='tcp://localhost.localdomain:" + 
+            System.getProperty("test.port.ssl") + 
+            "?ssl='true'&ssl_verify_hostname='true''";
+            
+            try
+            {
+                AMQConnection con = new AMQConnection(url);
+            }
+            catch (Exception e)
+            {
+                fail("Hostname verification should succeed");
+            }
+            
+        }        
+    }
+}