Skip to content

Commit

Permalink
Simplify splunk-hec test SSL setup
Browse files Browse the repository at this point in the history 
Fixes #6709
  • Loading branch information
@jamesnetherton
jamesnetherton committed Oct 29, 2024
1 parent cd28856 commit a0be729
Show file tree
Hide file tree
Showing 4 changed files with 34 additions and 157 deletions.
53 changes: 18 additions & 35 deletions ...splunk/src/test/java/org/apache/camel/quarkus/test/support/splunk/SplunkTestResource.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,20 +16,11 @@
*/
package org.apache.camel.quarkus.test.support.splunk;

import java.io.FileInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.time.Duration;
import java.util.Base64;
import java.util.Map;
import java.util.TimeZone;
import java.util.stream.Collectors;
Expand Down Expand Up @@ -60,17 +51,21 @@ public class SplunkTestResource implements QuarkusTestResourceLifecycleManager {

private GenericContainer<?> container;

private String localhostCertPath;
private String localhostKeystorePath;
private String certName;
private String caCertPath;
private String certPath;
private String certPrivateKey;
private String keystorePassword;

@Override
public void init(Map<String, String> initArgs) {
localhostCertPath = initArgs.get("localhost_cert");
caCertPath = initArgs.get("ca_cert");
localhostKeystorePath = initArgs.get("localhost_keystore");
keystorePassword = initArgs.get("keystore_password");
certName = initArgs.get("certName");
if (StringUtils.isNotBlank(certName)) {
caCertPath = initArgs.getOrDefault("caCertPath", "target/certs/%s-ca.crt".formatted(certName));
certPath = initArgs.getOrDefault("caCertPath", "target/certs/%s.crt".formatted(certName));
certPrivateKey = initArgs.getOrDefault("certPrivateKey", "target/certs/%s.key".formatted(certName));
keystorePassword = initArgs.getOrDefault("keystorePassword", "password");
}
}

@Override
Expand All @@ -90,7 +85,7 @@ public Map<String, String> start() {
Wait.forLogMessage(".*Ansible playbook complete.*\\n", 1)
.withStartupTimeout(Duration.ofMinutes(5)));

if (localhostCertPath != null && localhostKeystorePath != null && caCertPath != null && keystorePassword != null) {
if (certPath != null && caCertPath != null && keystorePassword != null) {
//combine key + certificates into 1 pem - required for splunk
//extraction of private key can not be done by keytool (only openssl), but it can be done programmatically
byte[] concatenate = concatenateKeyAndCertificates(banner);
Expand Down Expand Up @@ -182,32 +177,20 @@ public Map<String, String> start() {
}
}

private byte @NotNull [] concatenateKeyAndCertificates(String banner)
throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
// Load the KeyStore
KeyStore keystore = KeyStore.getInstance("JKS");
try (FileInputStream fis = new FileInputStream(
Paths.get(localhostKeystorePath).toFile())) {
keystore.load(fis, keystorePassword.toCharArray());
}
// Get the private key
Key key = keystore.getKey(keystore.aliases().asIterator().next(), keystorePassword.toCharArray());

private byte @NotNull [] concatenateKeyAndCertificates(String banner) throws IOException {
// Encode the private key to PEM format
String encodedKey = Base64.getEncoder().encodeToString(key.getEncoded());
String pemKey = "-----BEGIN PRIVATE KEY-----\n" + encodedKey + "\n-----END PRIVATE KEY-----";
String pemKey = Files.readString(Paths.get(certPrivateKey));

//localhost.pem and cacert.pem has to be concatenated
String localhost = Files.readString(
Paths.get(localhostCertPath),
// The server cert and the CA cert has to be concatenated
String severCert = Files.readString(
Paths.get(certPath),
StandardCharsets.UTF_8);
String ca = Files.readString(Path.of(caCertPath),
String ca = Files.readString(Paths.get(caCertPath),
StandardCharsets.UTF_8);
Log.debug("cacert content:");
Log.debug(ca);
Log.debug(banner);
byte[] concatenate = (localhost + ca + pemKey).getBytes(StandardCharsets.UTF_8);
return concatenate;
return (severCert + ca + pemKey).getBytes(StandardCharsets.UTF_8);
}

private static void assertExecResult(Container.ExecResult res, String cmd) {
Expand Down
119 changes: 5 additions & 114 deletions integration-tests/splunk-hec/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,11 @@
<artifactId>awaitility</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.camel.quarkus</groupId>
<artifactId>camel-quarkus-integration-tests-support-certificate-generator</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.camel.quarkus</groupId>
<artifactId>camel-quarkus-integration-tests-support-splunk</artifactId>
Expand Down Expand Up @@ -98,120 +103,6 @@
</plugins>
</build>
</profile>
<profile>
<id>full</id>
<activation>
<property>
<name>!quickly</name>
</property>
</activation>
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>keytool-maven-plugin</artifactId>
<configuration>
<keypass>password</keypass>
<validity>18250</validity>
<keyalg>RSA</keyalg>
<storepass>password</storepass>
</configuration>
<executions>
<execution>
<id>generate-splunkca-keypair</id>
<phase>generate-sources</phase>
<goals>
<goal>clean</goal>
<goal>generateKeyPair</goal>
</goals>
<configuration>
<alias>cxfca</alias>
<dname>CN=splunkca, OU=eng, O=apache.org</dname>
<exts>
<ext>bc:c=ca:true,pathlen:2147483647</ext>
<ext>IssuerAlternativeName=DNS:NOT-FOR-PRODUCTION-USE</ext>
</exts>
<keystore>${project.basedir}/target/certs/splunkca.jks</keystore>
</configuration>
</execution>
<execution>
<id>export-splunkca-certificate</id>
<phase>generate-sources</phase>
<goals>
<goal>exportCertificate</goal>
</goals>
<configuration>
<alias>cxfca</alias>
<keystore>${project.basedir}/target/certs//splunkca.jks</keystore>
<rfc>true</rfc>
<file>${project.basedir}/target/certs/splunkca.pem</file>
</configuration>
</execution>
<execution>
<id>generate-localhost-keypair</id>
<phase>generate-sources</phase>
<goals>
<goal>clean</goal>
<goal>generateKeyPair</goal>
</goals>
<configuration>
<alias>localhost</alias>
<dname>CN=localhost, OU=eng, O=apache.org</dname>
<exts>
<ext>IssuerAlternativeName=DNS:NOT-FOR-PRODUCTION-USE</ext>
<ext>SubjectAlternativeName=DNS:localhost,IP:127.0.0.1</ext>
</exts>
<keystore>${project.basedir}/target/certs/localhost.jks</keystore>
</configuration>
</execution>
<execution>
<id>generate-localhost-certificate-request</id>
<phase>generate-sources</phase>
<goals>
<goal>generateCertificateRequest</goal>
</goals>
<configuration>
<alias>localhost</alias>
<keystore>${project.basedir}/target/certs/localhost.jks</keystore>
<file>${project.basedir}/target/certs/localhost.csr</file>
</configuration>
</execution>
<execution>
<id>generate-localhost-certificate</id>
<phase>generate-sources</phase>
<goals>
<goal>generateCertificate</goal>
</goals>
<configuration>
<alias>cxfca</alias>
<keystore>${project.basedir}/target/certs/splunkca.jks</keystore>
<rfc>true</rfc>
<infile>${project.basedir}/target/certs/localhost.csr</infile>
<outfile>${project.basedir}/target/certs/localhost.pem</outfile>
</configuration>
</execution>
<execution>
<id>generate-wrong-splunkca-keypair</id>
<phase>generate-sources</phase>
<goals>
<goal>clean</goal>
<goal>generateKeyPair</goal>
</goals>
<configuration>
<alias>cxfca</alias>
<dname>CN=splunkca, OU=eng, O=apache.org</dname>
<exts>
<ext>bc:c=ca:true,pathlen:2147483647</ext>
<ext>IssuerAlternativeName=DNS:NOT-FOR-PRODUCTION-USE</ext>
</exts>
<keystore>${project.basedir}/target/certs/wrong-splunkca.jks</keystore>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
<profile>
<id>ssl debug</id>
<activation>
Expand Down
6 changes: 2 additions & 4 deletions ...hec/src/main/java/org/apache/camel/quarkus/component/splunk/hec/it/SplunkHecResource.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,17 +87,15 @@ public Response send(String data,

@Named("sslContextParameters")
public SSLContextParameters createServerSSLContextParameters() {
return createServerSSLContextParameters("target/certs/splunkca.jks");
return createServerSSLContextParameters("target/certs/splunk-hec-keystore.p12");
}

/**
* Creates SSL Context Parameters for the server
*
* @return
*/
@Named("wrongSslContextParameters")
public SSLContextParameters createWrongServerSSLContextParameters() {
return createServerSSLContextParameters("target/certs/wrong-splunkca.jks");
return createServerSSLContextParameters("target/certs/splunk-hec-invalid-keystore.p12");
}

private SSLContextParameters createServerSSLContextParameters(String keystore) {
Expand Down
13 changes: 9 additions & 4 deletions ...unk-hec/src/test/java/org/apache/camel/quarkus/component/splunk/hec/it/SplunkHecTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,10 @@
import io.quarkus.test.junit.QuarkusTest;
import io.restassured.RestAssured;
import io.restassured.http.ContentType;
import io.smallrye.certs.Format;
import io.smallrye.certs.junit5.Certificate;
import org.apache.camel.quarkus.test.DisabledOnArm;
import org.apache.camel.quarkus.test.support.certificate.TestCertificates;
import org.apache.camel.quarkus.test.support.splunk.SplunkConstants;
import org.apache.camel.quarkus.test.support.splunk.SplunkTestResource;
import org.eclipse.microprofile.config.ConfigProvider;
Expand All @@ -34,12 +37,14 @@
import org.testcontainers.shaded.org.awaitility.Awaitility;
import org.testcontainers.shaded.org.hamcrest.core.StringContains;

@TestCertificates(docker = true, certificates = {
@Certificate(name = "splunk-hec", formats = { Format.PEM, Format.PKCS12 }, password = "password"),
@Certificate(name = "splunk-hec-invalid", formats = { Format.PKCS12 }, password = "password")
})
@QuarkusTest
@QuarkusTestResource(value = SplunkTestResource.class, initArgs = {
@ResourceArg(name = "localhost_cert", value = "target/certs/localhost.pem"),
@ResourceArg(name = "ca_cert", value = "target/certs/splunkca.pem"),
@ResourceArg(name = "localhost_keystore", value = "target/certs/localhost.jks"),
@ResourceArg(name = "keystore_password", value = "password") })
@ResourceArg(name = "certName", value = "splunk-hec") })

@DisabledOnArm
public class SplunkHecTest {

Expand Down

0 comments on commit a0be729

Please sign in to comment.