From 9d6297e578bae0638e13083541672503275ddd90 Mon Sep 17 00:00:00 2001
From: Lukas Brand <lukas.brand@hivemq.com>
Date: Thu, 12 Oct 2023 01:33:13 +0200
Subject: [PATCH] Add system tests for --capath option.

---
 .../cli/publish/PublishConnectTlsST.java      |  78 ++++++++++++++++
 .../cli/subscribe/SubscribeConnectTlsST.java  |  84 ++++++++++++++++++
 .../test_broker/TestBrokerConnectTlsST.java   |  56 ++++++++++++
 .../shell/connect/ShellConnectTlsST.java      |  58 ++++++++++++
 .../tls/certificate-generator-tool.sh         |   3 +-
 .../certificateAuthority/capath/der/ca.cer    | Bin 0 -> 743 bytes
 .../certificateAuthority/capath/pem/ca.pem    |  18 ++++
 7 files changed, 296 insertions(+), 1 deletion(-)
 create mode 100644 src/systemTest/resources/tls/certificateAuthority/capath/der/ca.cer
 create mode 100644 src/systemTest/resources/tls/certificateAuthority/capath/pem/ca.pem

diff --git a/src/systemTest/java/com/hivemq/cli/commands/cli/publish/PublishConnectTlsST.java b/src/systemTest/java/com/hivemq/cli/commands/cli/publish/PublishConnectTlsST.java
index 6a20a4831..2a4615441 100644
--- a/src/systemTest/java/com/hivemq/cli/commands/cli/publish/PublishConnectTlsST.java
+++ b/src/systemTest/java/com/hivemq/cli/commands/cli/publish/PublishConnectTlsST.java
@@ -242,6 +242,45 @@ void test_tls_pem_format(
         });
     }
 
+    @CartesianTest
+    @Timeout(value = 3, unit = TimeUnit.MINUTES)
+    void test_tls_pem_format_via_folder(
+            @CartesianTest.Values(chars = {'3', '5'}) final char mqttVersion,
+            @CartesianTest.Enum final @NotNull TlsVersion tlsVersion) throws Exception {
+        final String certificateAuthorityPublicKey = Resources.getResource("tls/certificateAuthority/capath/pem").getPath();
+
+        final List<String> publishCommand = List.of("pub",
+                "-h",
+                hivemq.getHost(),
+                "-p",
+                String.valueOf(hivemq.getMqttTlsPort()),
+                "-V",
+                String.valueOf(mqttVersion),
+                "-i",
+                "cliTest",
+                "-t",
+                "test",
+                "-m",
+                "message",
+                "-s",
+                "--tls-version",
+                tlsVersion.toString(),
+                "--capath",
+                certificateAuthorityPublicKey,
+                "-d");
+
+        final ExecutionResultAsync executionResult = mqttCli.executeAsync(publishCommand);
+        executionResult.awaitStdOut("finish PUBLISH");
+        assertConnectPacket(hivemq.getConnectPackets().get(0),
+                connectAssertion -> connectAssertion.setMqttVersion(MqttVersionConverter.toExtensionSdkVersion(
+                        mqttVersion)));
+
+        assertPublishPacket(hivemq.getPublishPackets().get(0), publishAssertion -> {
+            publishAssertion.setTopic("test");
+            publishAssertion.setPayload(ByteBuffer.wrap("message".getBytes(StandardCharsets.UTF_8)));
+        });
+    }
+
     @CartesianTest
     @Timeout(value = 3, unit = TimeUnit.MINUTES)
     void test_properties_tls_pem_format(
@@ -323,6 +362,45 @@ void test_tls_der_format(
         });
     }
 
+    @CartesianTest
+    @Timeout(value = 3, unit = TimeUnit.MINUTES)
+    void test_tls_der_format_via_folder(
+            @CartesianTest.Values(chars = {'3', '5'}) final char mqttVersion,
+            @CartesianTest.Enum final @NotNull TlsVersion tlsVersion) throws Exception {
+        final String certificateAuthorityPublicKey = Resources.getResource("tls/certificateAuthority/capath/der").getPath();
+
+        final List<String> publishCommand = List.of("pub",
+                "-h",
+                hivemq.getHost(),
+                "-p",
+                String.valueOf(hivemq.getMqttTlsPort()),
+                "-V",
+                String.valueOf(mqttVersion),
+                "-i",
+                "cliTest",
+                "-t",
+                "test",
+                "-m",
+                "message",
+                "-s",
+                "--tls-version",
+                tlsVersion.toString(),
+                "--capath",
+                certificateAuthorityPublicKey,
+                "-d");
+
+        final ExecutionResultAsync executionResult = mqttCli.executeAsync(publishCommand);
+        executionResult.awaitStdOut("finish PUBLISH");
+        assertConnectPacket(hivemq.getConnectPackets().get(0),
+                connectAssertion -> connectAssertion.setMqttVersion(MqttVersionConverter.toExtensionSdkVersion(
+                        mqttVersion)));
+
+        assertPublishPacket(hivemq.getPublishPackets().get(0), publishAssertion -> {
+            publishAssertion.setTopic("test");
+            publishAssertion.setPayload(ByteBuffer.wrap("message".getBytes(StandardCharsets.UTF_8)));
+        });
+    }
+
     @CartesianTest
     @Timeout(value = 3, unit = TimeUnit.MINUTES)
     void test_properties_tls_der_format(
diff --git a/src/systemTest/java/com/hivemq/cli/commands/cli/subscribe/SubscribeConnectTlsST.java b/src/systemTest/java/com/hivemq/cli/commands/cli/subscribe/SubscribeConnectTlsST.java
index b69349aac..e06849330 100644
--- a/src/systemTest/java/com/hivemq/cli/commands/cli/subscribe/SubscribeConnectTlsST.java
+++ b/src/systemTest/java/com/hivemq/cli/commands/cli/subscribe/SubscribeConnectTlsST.java
@@ -245,6 +245,48 @@ void test_tls_pem_format(
         });
     }
 
+    @CartesianTest
+    @Timeout(value = 3, unit = TimeUnit.MINUTES)
+    void test_tls_pem_format_via_folder(
+            @CartesianTest.Values(chars = {'3', '5'}) final char mqttVersion,
+            @CartesianTest.Enum final @NotNull TlsVersion tlsVersion) throws Exception {
+        final String certificateAuthorityPublicKey = Resources.getResource("tls/certificateAuthority/capath/pem").getPath();
+
+        final List<String> subscribeCommand = List.of("sub",
+                "-h",
+                hivemq.getHost(),
+                "-p",
+                String.valueOf(hivemq.getMqttTlsPort()),
+                "-V",
+                String.valueOf(mqttVersion),
+                "-i",
+                "cliTest",
+                "-t",
+                "topic",
+                "-s",
+                "--tls-version",
+                tlsVersion.toString(),
+                "--capath",
+                certificateAuthorityPublicKey,
+                "-d");
+
+        final ExecutionResultAsync executionResultAsync = mqttCli.executeAsync(subscribeCommand);
+        executionResultAsync.awaitStdOut("sending CONNECT");
+        executionResultAsync.awaitStdOut("received CONNACK");
+        executionResultAsync.awaitStdOut("sending SUBSCRIBE");
+        executionResultAsync.awaitStdOut("received SUBACK");
+
+        assertConnectPacket(hivemq.getConnectPackets().get(0),
+                connectAssertion -> connectAssertion.setMqttVersion(MqttVersionConverter.toExtensionSdkVersion(
+                        mqttVersion)));
+
+        assertSubscribePacket(hivemq.getSubscribePackets().get(0), subscribeAssertion -> {
+            final List<Subscription> expectedSubscriptions =
+                    List.of(new SubscriptionImpl("topic", Qos.EXACTLY_ONCE, RetainHandling.SEND, false, false));
+            subscribeAssertion.setSubscriptions(expectedSubscriptions);
+        });
+    }
+
     @CartesianTest
     @Timeout(value = 3, unit = TimeUnit.MINUTES)
     void test_properties_tls_pem_format(
@@ -332,6 +374,48 @@ void test_tls_der_format(
         });
     }
 
+    @CartesianTest
+    @Timeout(value = 3, unit = TimeUnit.MINUTES)
+    void test_tls_der_format_via_folder(
+            @CartesianTest.Values(chars = {'3', '5'}) final char mqttVersion,
+            @CartesianTest.Enum final @NotNull TlsVersion tlsVersion) throws Exception {
+        final String certificateAuthorityPublicKey = Resources.getResource("tls/certificateAuthority/capath/der").getPath();
+
+        final List<String> subscribeCommand = List.of("sub",
+                "-h",
+                hivemq.getHost(),
+                "-p",
+                String.valueOf(hivemq.getMqttTlsPort()),
+                "-V",
+                String.valueOf(mqttVersion),
+                "-i",
+                "cliTest",
+                "-t",
+                "topic",
+                "-s",
+                "--tls-version",
+                tlsVersion.toString(),
+                "--capath",
+                certificateAuthorityPublicKey,
+                "-d");
+
+        final ExecutionResultAsync executionResultAsync = mqttCli.executeAsync(subscribeCommand);
+        executionResultAsync.awaitStdOut("sending CONNECT");
+        executionResultAsync.awaitStdOut("received CONNACK");
+        executionResultAsync.awaitStdOut("sending SUBSCRIBE");
+        executionResultAsync.awaitStdOut("received SUBACK");
+
+        assertConnectPacket(hivemq.getConnectPackets().get(0),
+                connectAssertion -> connectAssertion.setMqttVersion(MqttVersionConverter.toExtensionSdkVersion(
+                        mqttVersion)));
+
+        assertSubscribePacket(hivemq.getSubscribePackets().get(0), subscribeAssertion -> {
+            final List<Subscription> expectedSubscriptions =
+                    List.of(new SubscriptionImpl("topic", Qos.EXACTLY_ONCE, RetainHandling.SEND, false, false));
+            subscribeAssertion.setSubscriptions(expectedSubscriptions);
+        });
+    }
+
     @CartesianTest
     @Timeout(value = 3, unit = TimeUnit.MINUTES)
     void test_properties_tls_der_format(
diff --git a/src/systemTest/java/com/hivemq/cli/commands/cli/test_broker/TestBrokerConnectTlsST.java b/src/systemTest/java/com/hivemq/cli/commands/cli/test_broker/TestBrokerConnectTlsST.java
index afac68d71..acb50e586 100644
--- a/src/systemTest/java/com/hivemq/cli/commands/cli/test_broker/TestBrokerConnectTlsST.java
+++ b/src/systemTest/java/com/hivemq/cli/commands/cli/test_broker/TestBrokerConnectTlsST.java
@@ -193,6 +193,34 @@ void test_tls_pem_format(
                         mqttVersion)));
     }
 
+    @CartesianTest
+    @Timeout(value = 3, unit = TimeUnit.MINUTES)
+    void test_tls_pem_format_via_folder(
+            @CartesianTest.Values(chars = {'3', '5'}) final char mqttVersion,
+            @CartesianTest.Enum final @NotNull TlsVersion tlsVersion) throws Exception {
+        final String certificateAuthorityPublicKey = Resources.getResource("tls/certificateAuthority/capath/pem").getPath();
+
+        final List<String> testCommand = List.of("test",
+                "-h",
+                hivemq.getHost(),
+                "-p",
+                String.valueOf(hivemq.getMqttTlsPort()),
+                "-V",
+                String.valueOf(mqttVersion),
+                "-s",
+                "--tls-version",
+                tlsVersion.toString(),
+                "--capath",
+                certificateAuthorityPublicKey);
+
+        final ExecutionResultAsync executionResult = mqttCli.executeAsync(testCommand);
+        executionResult.awaitStdOut("MQTT " + mqttVersion + ": OK");
+
+        assertTestConnectPacket(hivemq.getConnectPackets().get(0),
+                connectAssertion -> connectAssertion.setMqttVersion(MqttVersionConverter.toExtensionSdkVersion(
+                        mqttVersion)));
+    }
+
     @CartesianTest
     @Timeout(value = 3, unit = TimeUnit.MINUTES)
     void test_properties_tls_pem_format(
@@ -252,6 +280,34 @@ void test_tls_der_format(
                         mqttVersion)));
     }
 
+    @CartesianTest
+    @Timeout(value = 3, unit = TimeUnit.MINUTES)
+    void test_tls_der_format_via_folder(
+            @CartesianTest.Values(chars = {'3', '5'}) final char mqttVersion,
+            @CartesianTest.Enum final @NotNull TlsVersion tlsVersion) throws Exception {
+        final String certificateAuthorityPublicKey = Resources.getResource("tls/certificateAuthority/capath/der").getPath();
+
+        final List<String> testCommand = List.of("test",
+                "-h",
+                hivemq.getHost(),
+                "-p",
+                String.valueOf(hivemq.getMqttTlsPort()),
+                "-V",
+                String.valueOf(mqttVersion),
+                "-s",
+                "--tls-version",
+                tlsVersion.toString(),
+                "--capath",
+                certificateAuthorityPublicKey);
+
+        final ExecutionResultAsync executionResult = mqttCli.executeAsync(testCommand);
+        executionResult.awaitStdOut("MQTT " + mqttVersion + ": OK");
+
+        assertTestConnectPacket(hivemq.getConnectPackets().get(0),
+                connectAssertion -> connectAssertion.setMqttVersion(MqttVersionConverter.toExtensionSdkVersion(
+                        mqttVersion)));
+    }
+
     @CartesianTest
     @Timeout(value = 3, unit = TimeUnit.MINUTES)
     void test_properties_tls_der_format(
diff --git a/src/systemTest/java/com/hivemq/cli/commands/shell/connect/ShellConnectTlsST.java b/src/systemTest/java/com/hivemq/cli/commands/shell/connect/ShellConnectTlsST.java
index 52b371b7a..49fb1145e 100644
--- a/src/systemTest/java/com/hivemq/cli/commands/shell/connect/ShellConnectTlsST.java
+++ b/src/systemTest/java/com/hivemq/cli/commands/shell/connect/ShellConnectTlsST.java
@@ -159,6 +159,35 @@ void test_tls_pem_format(
                         mqttVersion)));
     }
 
+    @CartesianTest
+    @Timeout(value = 3, unit = TimeUnit.MINUTES)
+    void test_tls_pem_format_via_folder(
+            @CartesianTest.Values(chars = {'3', '5'}) final char mqttVersion,
+            @CartesianTest.Enum final @NotNull TlsVersion tlsVersion) throws Exception {
+        final String certificateAuthorityPublicKey = Resources.getResource("tls/certificateAuthority/capath/pem").getPath();
+
+        final List<String> connectCommand = List.of("con",
+                "-h",
+                hivemq.getHost(),
+                "-p",
+                String.valueOf(hivemq.getMqttTlsPort()),
+                "-V",
+                String.valueOf(mqttVersion),
+                "-i",
+                "cliTest",
+                "-s",
+                "--tls-version",
+                tlsVersion.toString(),
+                "--capath",
+                certificateAuthorityPublicKey);
+
+        mqttCliShell.executeAsync(connectCommand).awaitLog("sending CONNECT").awaitLog("received CONNACK");
+
+        assertConnectPacket(hivemq.getConnectPackets().get(0),
+                connectAssertion -> connectAssertion.setMqttVersion(MqttVersionConverter.toExtensionSdkVersion(
+                        mqttVersion)));
+    }
+
 
     //DER
 
@@ -191,6 +220,35 @@ void test_tls_der_format(
                         mqttVersion)));
     }
 
+    @CartesianTest
+    @Timeout(value = 3, unit = TimeUnit.MINUTES)
+    void test_tls_der_format_via_folder(
+            @CartesianTest.Values(chars = {'3', '5'}) final char mqttVersion,
+            @CartesianTest.Enum final @NotNull TlsVersion tlsVersion) throws Exception {
+        final String certificateAuthorityPublicKey = Resources.getResource("tls/certificateAuthority/capath/der").getPath();
+
+        final List<String> connectCommand = List.of("con",
+                "-h",
+                hivemq.getHost(),
+                "-p",
+                String.valueOf(hivemq.getMqttTlsPort()),
+                "-V",
+                String.valueOf(mqttVersion),
+                "-i",
+                "cliTest",
+                "-s",
+                "--tls-version",
+                tlsVersion.toString(),
+                "--capath",
+                certificateAuthorityPublicKey);
+
+        mqttCliShell.executeAsync(connectCommand).awaitLog("sending CONNECT").awaitLog("received CONNACK");
+
+        assertConnectPacket(hivemq.getConnectPackets().get(0),
+                connectAssertion -> connectAssertion.setMqttVersion(MqttVersionConverter.toExtensionSdkVersion(
+                        mqttVersion)));
+    }
+
 
     //NO CERT
 
diff --git a/src/systemTest/resources/tls/certificate-generator-tool.sh b/src/systemTest/resources/tls/certificate-generator-tool.sh
index f40473a88..96fa71402 100755
--- a/src/systemTest/resources/tls/certificate-generator-tool.sh
+++ b/src/systemTest/resources/tls/certificate-generator-tool.sh
@@ -44,7 +44,8 @@ keytool -exportcert -alias ca -file $caFolder/$caCertName.cer -keystore $caFolde
 keytool -exportcert -alias ca -file $caFolder/$caCertName.pem -keystore $caFolder/$caKeystoreName.p12 -storepass $caKeystorePass -rfc
 ##JKS
 keytool -importkeystore -srckeystore $caFolder/$caKeystoreName.p12 -destkeystore $caFolder/$caKeystoreName.jks -srcstoretype PKCS12 -deststoretype JKS -srcstorepass $caKeystorePass -deststorepass $caKeystorePass -srcalias ca -destalias ca -srckeypass $caKeyPass -destkeypass $caKeyPass -noprompt
-
+mkdir -p $caFolder/capath/der && cp $caFolder/$caCertName.cer $caFolder/capath/der
+mkdir -p $caFolder/capath/pem && cp $caFolder/$caCertName.pem $caFolder/capath/pem
 
 
 #*****************************************#
diff --git a/src/systemTest/resources/tls/certificateAuthority/capath/der/ca.cer b/src/systemTest/resources/tls/certificateAuthority/capath/der/ca.cer
new file mode 100644
index 0000000000000000000000000000000000000000..06ed1ebd41ce78ed2a5bfdb9bab969b9fd28f2cf
GIT binary patch
literal 743
zcmXqLVtQ=Q#CUoEGZP~d6HC!T19t;nHcqWJkGAi;jEvl@3<g4m0tS3+%%LpI!t6o$
z`6ar}js^<iyhg?bMuz5w21drF=1~&-K%S9-nUMih0IRMhMkQp!8Ce;an;7{SfcA4S
zH8C<Ww5{Zv#o$y_ZhrLdsyVX{-@B9jfu&(4v+niAVuhO%7d*)O64UQ|Tjq+V{COQ=
z*@Pl*Gp<cbwk`Z=_i)ko{^IRr0+D7FBC2|O&&2-L-rMr!M!=@?E?w>1XDXcQZ1aB$
zDDsNmTeF?3Ax&syt<XlX*&6mDk`c|t1?+jzmkM77J$MoG<?=sgCeI_gCcK*$V^&dW
zko6;ZvDw6C)^v8Qqf9c#*B$ugma6O5;(piGj^AEsevicOZ%5cNpW8j3roVdjqE7*)
z3S0hOjpY;FJ9~!zTZ_^&diI<Bf86y*F|NvFu>4te`TF9p^iQi}f*$?6db0HK?4X28
zP0nx3b>DtT)0ofnc{&p_BLm}NdjneoSzvg}^0A1qi1;sf^4V43mf5D*-EP*4o=jdL
zc&W{R8zjxo!otkN)MCI7;s~>F7_c!i{%2xjMh;?N`~icQk)beWwcb0mNp2Gzx_kGQ
zzN}`LG130IIe*sfg)CS8ui3DwgKvFetCFdB$x6e|?w_r<s_(qTto!0{6u<F-KL=dy
zyT6dxm;6)X@V)usDsg*U9~3#LzU=ROe2{Oskekp{t5lB5$<8a*SN{9s-*Wq@kg!#K
zkXw4)rBu-~(J@t5qJF1K)of5;c0IMc<^3NQ`?voC3zB#;|6iFkd)cLJ8-M>&oA0yv
zM!sC2aN_l{1pEHGn|WJeU76~>*gQ1%K4Cp`zR<<ahi@5p6@M@@J-X{DZ#SWC!=0SJ
zxy$ZM&t1M(*P5v(&G)BLpmUk^*GtY)Z#t%in{QF#DJlFrX|Y4~`YP=_vxHdyq;e{?

literal 0
HcmV?d00001

diff --git a/src/systemTest/resources/tls/certificateAuthority/capath/pem/ca.pem b/src/systemTest/resources/tls/certificateAuthority/capath/pem/ca.pem
new file mode 100644
index 000000000..0962db6b8
--- /dev/null
+++ b/src/systemTest/resources/tls/certificateAuthority/capath/pem/ca.pem
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC4zCCAcugAwIBAgIEcqEwRzANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDEwdS
+b290LUNBMCAXDTIzMDIxNzEwMjM1N1oYDzMwMjIwNjIwMTAyMzU3WjASMRAwDgYD
+VQQDEwdSb290LUNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqkJ
+mgBCcnc3xf2qnJvD3txr8ASAmQMt14FzINmRoOBu9FyPQ9sc1EkfzywTHWBySzYK
+sqS2ofk+4aL3j3O3dhBZNngUJS69zF37K72E9NhQss9EiocLzHhDfj1v+xAhDRfe
+rLcKgGYSqX0SsRabKD8UGViDc3AHblvScelS4Ohc9NP+QwJJxLqQ7p5cNnh1MGr4
+Y6M2kYMFZwcqxQIcx67A9kZlLU6ER909Pg8/Ip+MGPv2xAZp5z7nli+rm6LyUDUg
+tP3VXQ4VvZuYT+04dcwuP7NP+N1IZDN6aQA5+XbT16NWZ/KrXFLi+dXJdeObUmDS
+gkPsNy3t9GYonwLzlwIDAQABoz8wPTAdBgNVHQ4EFgQUT6Dk80UQ2jayXbtGO6Lk
+k6gR0oYwCwYDVR0PBAQDAgKEMA8GA1UdEwQIMAYBAf8CAQMwDQYJKoZIhvcNAQEL
+BQADggEBAHFsqy7uJpJGkUCLjb116XsAmJE/1zcParuhBNT/rLCqiA6vYYUiNRd0
+qTHzR/M7tSe52gMt6MNaDzPA/MBE30foHL5j+SjD3p8XJF68ReByQCXpj4njwQ6n
+EkYSlTplCNNjQ6ivef78T4Tb5RITOn9SRmd+0mUVzFtcetRa+2cafLAgA0XKp4Tv
+/EQ/7f9RcGIMaf/Umpum0rax+/omn0yz2G8eURNh13ZgP4/dsw2EXUUCfvQ84TdL
+yDuZnxLRieHtAA0h+AMC4t1JHz6QfrDcbP1tptyXbae9LTsCjGZN+SJRQ3Y79dJD
+GuyIlVc3tCIMdHH9kqNAe696K242YJo=
+-----END CERTIFICATE-----