From a0be729fce5f2d2bc63a2f648a02c9ebc9745050 Mon Sep 17 00:00:00 2001 From: James Netherton Date: Mon, 28 Oct 2024 15:43:14 +0000 Subject: [PATCH] Simplify splunk-hec test SSL setup Fixes #6709 --- .../support/splunk/SplunkTestResource.java | 53 +++----- integration-tests/splunk-hec/pom.xml | 119 +----------------- .../splunk/hec/it/SplunkHecResource.java | 6 +- .../splunk/hec/it/SplunkHecTest.java | 13 +- 4 files changed, 34 insertions(+), 157 deletions(-) diff --git a/integration-tests-support/splunk/src/test/java/org/apache/camel/quarkus/test/support/splunk/SplunkTestResource.java b/integration-tests-support/splunk/src/test/java/org/apache/camel/quarkus/test/support/splunk/SplunkTestResource.java index 69a951a95065..a40d45d7ee50 100644 --- a/integration-tests-support/splunk/src/test/java/org/apache/camel/quarkus/test/support/splunk/SplunkTestResource.java +++ b/integration-tests-support/splunk/src/test/java/org/apache/camel/quarkus/test/support/splunk/SplunkTestResource.java @@ -16,20 +16,11 @@ */ package org.apache.camel.quarkus.test.support.splunk; -import java.io.FileInputStream; import java.io.IOException; import java.nio.charset.StandardCharsets; import java.nio.file.Files; -import java.nio.file.Path; import java.nio.file.Paths; -import java.security.Key; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.UnrecoverableKeyException; -import java.security.cert.CertificateException; import java.time.Duration; -import java.util.Base64; import java.util.Map; import java.util.TimeZone; import java.util.stream.Collectors; @@ -60,17 +51,21 @@ public class SplunkTestResource implements QuarkusTestResourceLifecycleManager { private GenericContainer container; - private String localhostCertPath; - private String localhostKeystorePath; + private String certName; private String caCertPath; + private String certPath; + private String certPrivateKey; private String keystorePassword; @Override public void init(Map initArgs) { - localhostCertPath = initArgs.get("localhost_cert"); - caCertPath = initArgs.get("ca_cert"); - localhostKeystorePath = initArgs.get("localhost_keystore"); - keystorePassword = initArgs.get("keystore_password"); + certName = initArgs.get("certName"); + if (StringUtils.isNotBlank(certName)) { + caCertPath = initArgs.getOrDefault("caCertPath", "target/certs/%s-ca.crt".formatted(certName)); + certPath = initArgs.getOrDefault("caCertPath", "target/certs/%s.crt".formatted(certName)); + certPrivateKey = initArgs.getOrDefault("certPrivateKey", "target/certs/%s.key".formatted(certName)); + keystorePassword = initArgs.getOrDefault("keystorePassword", "password"); + } } @Override @@ -90,7 +85,7 @@ public Map start() { Wait.forLogMessage(".*Ansible playbook complete.*\\n", 1) .withStartupTimeout(Duration.ofMinutes(5))); - if (localhostCertPath != null && localhostKeystorePath != null && caCertPath != null && keystorePassword != null) { + if (certPath != null && caCertPath != null && keystorePassword != null) { //combine key + certificates into 1 pem - required for splunk //extraction of private key can not be done by keytool (only openssl), but it can be done programmatically byte[] concatenate = concatenateKeyAndCertificates(banner); @@ -182,32 +177,20 @@ public Map start() { } } - private byte @NotNull [] concatenateKeyAndCertificates(String banner) - throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException { - // Load the KeyStore - KeyStore keystore = KeyStore.getInstance("JKS"); - try (FileInputStream fis = new FileInputStream( - Paths.get(localhostKeystorePath).toFile())) { - keystore.load(fis, keystorePassword.toCharArray()); - } - // Get the private key - Key key = keystore.getKey(keystore.aliases().asIterator().next(), keystorePassword.toCharArray()); - + private byte @NotNull [] concatenateKeyAndCertificates(String banner) throws IOException { // Encode the private key to PEM format - String encodedKey = Base64.getEncoder().encodeToString(key.getEncoded()); - String pemKey = "-----BEGIN PRIVATE KEY-----\n" + encodedKey + "\n-----END PRIVATE KEY-----"; + String pemKey = Files.readString(Paths.get(certPrivateKey)); - //localhost.pem and cacert.pem has to be concatenated - String localhost = Files.readString( - Paths.get(localhostCertPath), + // The server cert and the CA cert has to be concatenated + String severCert = Files.readString( + Paths.get(certPath), StandardCharsets.UTF_8); - String ca = Files.readString(Path.of(caCertPath), + String ca = Files.readString(Paths.get(caCertPath), StandardCharsets.UTF_8); Log.debug("cacert content:"); Log.debug(ca); Log.debug(banner); - byte[] concatenate = (localhost + ca + pemKey).getBytes(StandardCharsets.UTF_8); - return concatenate; + return (severCert + ca + pemKey).getBytes(StandardCharsets.UTF_8); } private static void assertExecResult(Container.ExecResult res, String cmd) { diff --git a/integration-tests/splunk-hec/pom.xml b/integration-tests/splunk-hec/pom.xml index 6b582d19bc51..e73b048741b6 100644 --- a/integration-tests/splunk-hec/pom.xml +++ b/integration-tests/splunk-hec/pom.xml @@ -61,6 +61,11 @@ awaitility test + + org.apache.camel.quarkus + camel-quarkus-integration-tests-support-certificate-generator + test + org.apache.camel.quarkus camel-quarkus-integration-tests-support-splunk @@ -98,120 +103,6 @@ - - full - - - !quickly - - - - - - org.codehaus.mojo - keytool-maven-plugin - - password - 18250 - RSA - password - - - - generate-splunkca-keypair - generate-sources - - clean - generateKeyPair - - - cxfca - CN=splunkca, OU=eng, O=apache.org - - bc:c=ca:true,pathlen:2147483647 - IssuerAlternativeName=DNS:NOT-FOR-PRODUCTION-USE - - ${project.basedir}/target/certs/splunkca.jks - - - - export-splunkca-certificate - generate-sources - - exportCertificate - - - cxfca - ${project.basedir}/target/certs//splunkca.jks - true - ${project.basedir}/target/certs/splunkca.pem - - - - generate-localhost-keypair - generate-sources - - clean - generateKeyPair - - - localhost - CN=localhost, OU=eng, O=apache.org - - IssuerAlternativeName=DNS:NOT-FOR-PRODUCTION-USE - SubjectAlternativeName=DNS:localhost,IP:127.0.0.1 - - ${project.basedir}/target/certs/localhost.jks - - - - generate-localhost-certificate-request - generate-sources - - generateCertificateRequest - - - localhost - ${project.basedir}/target/certs/localhost.jks - ${project.basedir}/target/certs/localhost.csr - - - - generate-localhost-certificate - generate-sources - - generateCertificate - - - cxfca - ${project.basedir}/target/certs/splunkca.jks - true - ${project.basedir}/target/certs/localhost.csr - ${project.basedir}/target/certs/localhost.pem - - - - generate-wrong-splunkca-keypair - generate-sources - - clean - generateKeyPair - - - cxfca - CN=splunkca, OU=eng, O=apache.org - - bc:c=ca:true,pathlen:2147483647 - IssuerAlternativeName=DNS:NOT-FOR-PRODUCTION-USE - - ${project.basedir}/target/certs/wrong-splunkca.jks - - - - - - - ssl debug diff --git a/integration-tests/splunk-hec/src/main/java/org/apache/camel/quarkus/component/splunk/hec/it/SplunkHecResource.java b/integration-tests/splunk-hec/src/main/java/org/apache/camel/quarkus/component/splunk/hec/it/SplunkHecResource.java index 10c6f88627ea..e8702014a854 100644 --- a/integration-tests/splunk-hec/src/main/java/org/apache/camel/quarkus/component/splunk/hec/it/SplunkHecResource.java +++ b/integration-tests/splunk-hec/src/main/java/org/apache/camel/quarkus/component/splunk/hec/it/SplunkHecResource.java @@ -87,17 +87,15 @@ public Response send(String data, @Named("sslContextParameters") public SSLContextParameters createServerSSLContextParameters() { - return createServerSSLContextParameters("target/certs/splunkca.jks"); + return createServerSSLContextParameters("target/certs/splunk-hec-keystore.p12"); } /** * Creates SSL Context Parameters for the server - * - * @return */ @Named("wrongSslContextParameters") public SSLContextParameters createWrongServerSSLContextParameters() { - return createServerSSLContextParameters("target/certs/wrong-splunkca.jks"); + return createServerSSLContextParameters("target/certs/splunk-hec-invalid-keystore.p12"); } private SSLContextParameters createServerSSLContextParameters(String keystore) { diff --git a/integration-tests/splunk-hec/src/test/java/org/apache/camel/quarkus/component/splunk/hec/it/SplunkHecTest.java b/integration-tests/splunk-hec/src/test/java/org/apache/camel/quarkus/component/splunk/hec/it/SplunkHecTest.java index 45fd3392b16b..6ec298618564 100644 --- a/integration-tests/splunk-hec/src/test/java/org/apache/camel/quarkus/component/splunk/hec/it/SplunkHecTest.java +++ b/integration-tests/splunk-hec/src/test/java/org/apache/camel/quarkus/component/splunk/hec/it/SplunkHecTest.java @@ -25,7 +25,10 @@ import io.quarkus.test.junit.QuarkusTest; import io.restassured.RestAssured; import io.restassured.http.ContentType; +import io.smallrye.certs.Format; +import io.smallrye.certs.junit5.Certificate; import org.apache.camel.quarkus.test.DisabledOnArm; +import org.apache.camel.quarkus.test.support.certificate.TestCertificates; import org.apache.camel.quarkus.test.support.splunk.SplunkConstants; import org.apache.camel.quarkus.test.support.splunk.SplunkTestResource; import org.eclipse.microprofile.config.ConfigProvider; @@ -34,12 +37,14 @@ import org.testcontainers.shaded.org.awaitility.Awaitility; import org.testcontainers.shaded.org.hamcrest.core.StringContains; +@TestCertificates(docker = true, certificates = { + @Certificate(name = "splunk-hec", formats = { Format.PEM, Format.PKCS12 }, password = "password"), + @Certificate(name = "splunk-hec-invalid", formats = { Format.PKCS12 }, password = "password") +}) @QuarkusTest @QuarkusTestResource(value = SplunkTestResource.class, initArgs = { - @ResourceArg(name = "localhost_cert", value = "target/certs/localhost.pem"), - @ResourceArg(name = "ca_cert", value = "target/certs/splunkca.pem"), - @ResourceArg(name = "localhost_keystore", value = "target/certs/localhost.jks"), - @ResourceArg(name = "keystore_password", value = "password") }) + @ResourceArg(name = "certName", value = "splunk-hec") }) + @DisabledOnArm public class SplunkHecTest {