ARTEMIS-2813 Fix SaslKrb5LDAPSecurityTest failing on JDK 11

Fixes issues with SaslKrb5LDAPSecurityTest by updating to latest Apache Directory
release which required some updates to the test to fix deprecation warnings and an
updates to commons.lang to fix issues with new namespace for StringUtils that will
work on JDK 8+ only.
This commit is contained in:
Timothy Bish 2021-05-13 17:23:42 -04:00 committed by Robbie Gemmell
parent 9513405020
commit 9e70b26368
5 changed files with 42 additions and 42 deletions

View File

@ -82,7 +82,7 @@
<karaf.version>4.3.0</karaf.version> <karaf.version>4.3.0</karaf.version>
<pax.exam.version>4.9.1</pax.exam.version> <pax.exam.version>4.9.1</pax.exam.version>
<commons.config.version>2.7</commons.config.version> <commons.config.version>2.7</commons.config.version>
<commons.lang.version>3.0</commons.lang.version> <commons.lang.version>3.12.0</commons.lang.version>
<activemq5-version>5.16.0</activemq5-version> <activemq5-version>5.16.0</activemq5-version>
<apache.derby.version>10.11.1.1</apache.derby.version> <apache.derby.version>10.11.1.1</apache.derby.version>
<commons.beanutils.version>1.9.4</commons.beanutils.version> <commons.beanutils.version>1.9.4</commons.beanutils.version>
@ -199,7 +199,7 @@
<skipStyleCheck>true</skipStyleCheck> <skipStyleCheck>true</skipStyleCheck>
<skipOWASP>true</skipOWASP> <skipOWASP>true</skipOWASP>
<directory-version>2.0.0-M15</directory-version> <directory-version>2.0.0.AM26</directory-version>
<directory-jdbm2-version>2.0.0-M1</directory-jdbm2-version> <directory-jdbm2-version>2.0.0-M1</directory-jdbm2-version>
<netty-transport-native-epoll-classifier>linux-x86_64</netty-transport-native-epoll-classifier> <netty-transport-native-epoll-classifier>linux-x86_64</netty-transport-native-epoll-classifier>
@ -280,7 +280,7 @@
</dependency> </dependency>
<!-- ### For MQTT Tests && Examples --> <!-- ### For MQTT Tests && Examples -->
<dependency> <dependency>
<groupId>org.eclipse.paho</groupId> <groupId>org.eclipse.paho</groupId>
<artifactId>org.eclipse.paho.client.mqttv3</artifactId> <artifactId>org.eclipse.paho.client.mqttv3</artifactId>
<version>${paho.client.mqttv3.version}</version> <version>${paho.client.mqttv3.version}</version>

View File

@ -335,6 +335,11 @@
</exclusion> </exclusion>
</exclusions> </exclusions>
</dependency> </dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<scope>test</scope>
</dependency>
<!-- karaf test --> <!-- karaf test -->
@ -560,9 +565,6 @@
<artifactId>maven-surefire-plugin</artifactId> <artifactId>maven-surefire-plugin</artifactId>
<configuration> <configuration>
<excludes combine.children="append"> <excludes combine.children="append">
<!-- This fails, likely due to due to issues of compatibility with newer KDC updates -->
<exclude>**/SaslKrb5LDAPSecurityTest.java</exclude>
<!-- This is no longer possible on JDK11 because the old KRB5 cipher suites it requires were <!-- This is no longer possible on JDK11 because the old KRB5 cipher suites it requires were
removed from JDK11 while adding TLS 1.3 support http://openjdk.java.net/jeps/332 --> removed from JDK11 while adding TLS 1.3 support http://openjdk.java.net/jeps/332 -->
<exclude>**/CoreClientOverOneWaySSLKerb5Test.java</exclude> <exclude>**/CoreClientOverOneWaySSLKerb5Test.java</exclude>

View File

@ -30,6 +30,7 @@ import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginContext;
import java.io.BufferedReader; import java.io.BufferedReader;
import java.io.File; import java.io.File;
import java.io.FileReader;
import java.io.InputStream; import java.io.InputStream;
import java.io.InputStreamReader; import java.io.InputStreamReader;
import java.io.StringReader; import java.io.StringReader;
@ -58,10 +59,8 @@ import org.apache.activemq.artemis.core.server.ActiveMQServer;
import org.apache.activemq.artemis.core.server.ActiveMQServers; import org.apache.activemq.artemis.core.server.ActiveMQServers;
import org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager; import org.apache.activemq.artemis.spi.core.security.ActiveMQJAASSecurityManager;
import org.apache.activemq.artemis.tests.util.ActiveMQTestBase; import org.apache.activemq.artemis.tests.util.ActiveMQTestBase;
import org.apache.activemq.artemis.tests.util.JavaVersionUtil;
import org.apache.activemq.artemis.utils.RandomUtil; import org.apache.activemq.artemis.utils.RandomUtil;
import org.apache.commons.io.FileUtils; import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.apache.directory.api.ldap.model.constants.SupportedSaslMechanisms; import org.apache.directory.api.ldap.model.constants.SupportedSaslMechanisms;
import org.apache.directory.api.ldap.model.entry.DefaultEntry; import org.apache.directory.api.ldap.model.entry.DefaultEntry;
import org.apache.directory.api.ldap.model.entry.Entry; import org.apache.directory.api.ldap.model.entry.Entry;
@ -95,9 +94,7 @@ import org.apache.directory.shared.kerberos.components.EncryptionKey;
import org.apache.qpid.jms.JmsConnectionFactory; import org.apache.qpid.jms.JmsConnectionFactory;
import org.junit.After; import org.junit.After;
import org.junit.Assert; import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before; import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Rule; import org.junit.Rule;
import org.junit.Test; import org.junit.Test;
import org.junit.rules.TemporaryFolder; import org.junit.rules.TemporaryFolder;
@ -122,9 +119,8 @@ import static org.apache.activemq.artemis.tests.util.ActiveMQTestBase.NETTY_ACCE
@CreateKdcServer(transports = {@CreateTransport(protocol = "TCP", port = 0)}) @CreateKdcServer(transports = {@CreateTransport(protocol = "TCP", port = 0)})
@ApplyLdifFiles("SaslKrb5LDAPSecurityTest.ldif") @ApplyLdifFiles("SaslKrb5LDAPSecurityTest.ldif")
public class SaslKrb5LDAPSecurityTest extends AbstractLdapTestUnit { public class SaslKrb5LDAPSecurityTest extends AbstractLdapTestUnit {
private static final org.jboss.logging.Logger log = org.jboss.logging.Logger.getLogger(SaslKrb5LDAPSecurityTest.class);
protected static final Logger LOG = LoggerFactory.getLogger(SaslKrb5LDAPSecurityTest.class); protected static final Logger LOG = LoggerFactory.getLogger(SaslKrb5LDAPSecurityTest.class);
public static final String QUEUE_NAME = "some_queue"; public static final String QUEUE_NAME = "some_queue";
static { static {
@ -155,14 +151,8 @@ public class SaslKrb5LDAPSecurityTest extends AbstractLdapTestUnit {
public TemporaryFolder temporaryFolder; public TemporaryFolder temporaryFolder;
private String testDir; private String testDir;
@BeforeClass
public static void checkAssumptions() throws Exception {
Assume.assumeTrue("Test only runs on JDK 8", JavaVersionUtil.isJava8());
}
@Before @Before
public void setUp() throws Exception { public void setUp() throws Exception {
if (debug) { if (debug) {
initLogging(); initLogging();
} }
@ -196,27 +186,24 @@ public class SaslKrb5LDAPSecurityTest extends AbstractLdapTestUnit {
private void rewriteKerb5Conf() throws Exception { private void rewriteKerb5Conf() throws Exception {
StringBuilder sb = new StringBuilder(); StringBuilder sb = new StringBuilder();
InputStream is2 = this.getClass().getClassLoader().getResourceAsStream("minikdc-krb5.conf");
BufferedReader r = null; try (InputStream inputStream = this.getClass().getClassLoader().getResourceAsStream("minikdc-krb5.conf");
try { BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream, StandardCharsets.UTF_8))) {
r = new BufferedReader(new InputStreamReader(is2, StandardCharsets.UTF_8));
String line = r.readLine(); String line = reader.readLine();
while (line != null) { while (line != null) {
sb.append(line).append("{3}"); sb.append(line).append("{3}");
line = r.readLine(); line = reader.readLine();
} }
} finally {
IOUtils.closeQuietly(r);
IOUtils.closeQuietly(is2);
} }
InetSocketAddress addr = InetSocketAddress addr =
(InetSocketAddress)kdcServer.getTransports()[0].getAcceptor().getLocalAddress(); (InetSocketAddress)kdcServer.getTransports()[0].getAcceptor().getLocalAddress();
int port = addr.getPort(); int port = addr.getPort();
File krb5conf = new File(testDir, "krb5.conf").getAbsoluteFile(); File krb5conf = new File(testDir, "krb5.conf").getAbsoluteFile();
FileUtils.writeStringToFile(krb5conf, MessageFormat.format(sb.toString(), getRealm(), "localhost", Integer.toString(port), System.getProperty("line.separator"))); String krb5confBody = MessageFormat.format(sb.toString(), getRealm(), "localhost", Integer.toString(port), System.getProperty("line.separator"));
FileUtils.writeStringToFile(krb5conf, krb5confBody, StandardCharsets.UTF_8);
System.setProperty("java.security.krb5.conf", krb5conf.getAbsolutePath()); System.setProperty("java.security.krb5.conf", krb5conf.getAbsolutePath());
System.setProperty("sun.security.krb5.debug", "true"); System.setProperty("sun.security.krb5.debug", "true");
@ -232,10 +219,16 @@ public class SaslKrb5LDAPSecurityTest extends AbstractLdapTestUnit {
refreshMethod.invoke(classRef, new Object[0]); refreshMethod.invoke(classRef, new Object[0]);
LOG.debug("krb5.conf to: {}", krb5conf.getAbsolutePath()); LOG.debug("krb5.conf to: {}", krb5conf.getAbsolutePath());
if (debug) {
LOG.debug("java.security.krb5.conf='{}'", System.getProperty("java.security.krb5.conf"));
try (BufferedReader br = new BufferedReader(new FileReader(System.getProperty("java.security.krb5.conf")))) {
br.lines().forEach(line -> LOG.debug(line));
}
}
} }
private void dumpLdapContents() throws Exception { private void dumpLdapContents() throws Exception {
EntryFilteringCursor cursor = getService().getAdminSession().search(new Dn("ou=system"), SearchScope.SUBTREE, new PresenceNode("ObjectClass"), AliasDerefMode.DEREF_ALWAYS); EntryFilteringCursor cursor = (EntryFilteringCursor) getService().getAdminSession().search(new Dn("ou=system"), SearchScope.SUBTREE, new PresenceNode("ObjectClass"), AliasDerefMode.DEREF_ALWAYS);
String st = ""; String st = "";
while (cursor.next()) { while (cursor.next()) {
@ -243,9 +236,9 @@ public class SaslKrb5LDAPSecurityTest extends AbstractLdapTestUnit {
String ss = LdifUtils.convertToLdif(entry); String ss = LdifUtils.convertToLdif(entry);
st += ss + "\n"; st += ss + "\n";
} }
log.debug(st); LOG.debug(st);
cursor = getService().getAdminSession().search(new Dn("dc=example,dc=com"), SearchScope.SUBTREE, new PresenceNode("ObjectClass"), AliasDerefMode.DEREF_ALWAYS); cursor = (EntryFilteringCursor) getService().getAdminSession().search(new Dn("dc=example,dc=com"), SearchScope.SUBTREE, new PresenceNode("ObjectClass"), AliasDerefMode.DEREF_ALWAYS);
st = ""; st = "";
while (cursor.next()) { while (cursor.next()) {
@ -253,15 +246,18 @@ public class SaslKrb5LDAPSecurityTest extends AbstractLdapTestUnit {
String ss = LdifUtils.convertToLdif(entry); String ss = LdifUtils.convertToLdif(entry);
st += ss + "\n"; st += ss + "\n";
} }
log.debug(st); LOG.debug(st);
} }
private void initLogging() { private void initLogging() {
java.util.logging.Logger logger = java.util.logging.Logger.getLogger("javax.security.sasl"); for (java.util.logging.Logger logger : new java.util.logging.Logger[] {java.util.logging.Logger.getLogger("logincontext"),
logger.setLevel(java.util.logging.Level.FINEST); java.util.logging.Logger.getLogger("javax.security.sasl"),
logger.addHandler(new java.util.logging.ConsoleHandler()); java.util.logging.Logger.getLogger("org.apache.qpid.proton")}) {
for (java.util.logging.Handler handler: logger.getHandlers()) { logger.setLevel(java.util.logging.Level.FINEST);
handler.setLevel(java.util.logging.Level.FINEST); logger.addHandler(new java.util.logging.ConsoleHandler());
for (java.util.logging.Handler handler : logger.getHandlers()) {
handler.setLevel(java.util.logging.Level.FINEST);
}
} }
} }
@ -276,8 +272,10 @@ public class SaslKrb5LDAPSecurityTest extends AbstractLdapTestUnit {
+ "krb5PrincipalName: " + principal + "@" + getRealm() + "\n" + "krb5PrincipalName: " + principal + "@" + getRealm() + "\n"
+ "krb5KeyVersionNumber: 0"; + "krb5KeyVersionNumber: 0";
for (LdifEntry ldifEntry : new LdifReader(new StringReader(content))) { try (LdifReader ldifReader = new LdifReader(new StringReader(content))) {
service.getAdminSession().add(new DefaultEntry(service.getSchemaManager(), ldifEntry.getEntry())); for (LdifEntry ldifEntry : ldifReader) {
service.getAdminSession().add(new DefaultEntry(service.getSchemaManager(), ldifEntry.getEntry()));
}
} }
} }
@ -292,7 +290,7 @@ public class SaslKrb5LDAPSecurityTest extends AbstractLdapTestUnit {
for (Map.Entry<EncryptionType, EncryptionKey> entry : KerberosKeyFactory.getKerberosKeys(principal, generatedPassword).entrySet()) { for (Map.Entry<EncryptionType, EncryptionKey> entry : KerberosKeyFactory.getKerberosKeys(principal, generatedPassword).entrySet()) {
EncryptionKey ekey = entry.getValue(); EncryptionKey ekey = entry.getValue();
byte keyVersion = (byte) ekey.getKeyVersion(); byte keyVersion = (byte) ekey.getKeyVersion();
entries.add(new KeytabEntry(principal, 1L, timestamp, keyVersion, ekey)); entries.add(new KeytabEntry(principal, 1, timestamp, keyVersion, ekey));
} }
} }
keytab.setEntries(entries); keytab.setEntries(entries);

View File

@ -42,7 +42,7 @@ import org.apache.activemq.artemis.jms.client.ActiveMQConnectionFactory;
import org.apache.activemq.artemis.jms.client.ActiveMQTextMessage; import org.apache.activemq.artemis.jms.client.ActiveMQTextMessage;
import org.apache.activemq.artemis.utils.Wait; import org.apache.activemq.artemis.utils.Wait;
import org.apache.activemq.artemis.utils.Wait.Condition; import org.apache.activemq.artemis.utils.Wait.Condition;
import org.apache.commons.lang.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import org.slf4j.Logger; import org.slf4j.Logger;

View File

@ -24,7 +24,7 @@ import org.apache.activemq.artemis.tests.util.Wait;
import org.apache.activemq.artemis.tests.integration.stomp.util.ClientStompFrame; import org.apache.activemq.artemis.tests.integration.stomp.util.ClientStompFrame;
import org.apache.activemq.artemis.tests.integration.stomp.util.StompClientConnection; import org.apache.activemq.artemis.tests.integration.stomp.util.StompClientConnection;
import org.apache.activemq.artemis.tests.integration.stomp.util.StompClientConnectionFactory; import org.apache.activemq.artemis.tests.integration.stomp.util.StompClientConnectionFactory;
import org.apache.commons.lang.RandomStringUtils; import org.apache.commons.lang3.RandomStringUtils;
import org.junit.Test; import org.junit.Test;
import org.junit.runner.RunWith; import org.junit.runner.RunWith;
import org.junit.runners.Parameterized; import org.junit.runners.Parameterized;