diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b4569ca..bbd6a93 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -120,6 +120,6 @@ jobs: ./unitcoverage.out ./test/reports/report.xml ./test/reports/coverage.out - ./test/diagnostics.tgz + ./test/diagnostics.tgz.p7m overwrite: true diff --git a/.gitignore b/.gitignore index 324c98d..babf5f5 100644 --- a/.gitignore +++ b/.gitignore @@ -9,6 +9,7 @@ test/reports test/diagnostics.tgz +test/diagnostics.tgz.p7m test/sempclient/action/* !test/sempclient/action/go.mod diff --git a/pkg/solace/config/messaging_service_properties.go b/pkg/solace/config/messaging_service_properties.go index 01cc34c..664befc 100644 --- a/pkg/solace/config/messaging_service_properties.go +++ b/pkg/solace/config/messaging_service_properties.go @@ -297,13 +297,9 @@ const ( // +-----------------+-------------------------------+--------------------+ // | 'AES256-SHA256' | 'ECDHE-RSA-AES256-GCM-SHA384' | 'AES128-SHA256' | // +-----------------+-------------------------------+--------------------+ - // | 'DES-CBC3-SHA' | 'ECDHE-RSA-DES-CBC3-SHA' | | - // +-----------------+-------------------------------+--------------------+ - // | 'RC4-SHA' | 'ECDHE-RSA-AES256-SHA384' | 'AES128 | - // +-----------------+-------------------------------+--------------------+ - // | 'ECDHE-RSA-AES128-SHA256' | 'AES128-GCM-SHA256'| - // +-----------------+-------------------------------+--------------------+ - // | 'RC4-MD5' | 'ECDHE-RSA-AES128-GCM-SHA256' | | + // | 'ECDHE-RSA-AES256-SHA384' | 'ECDHE-RSA-AES128-SHA256' | + // +----------------------------------------+-----------------------------+ + // | 'AES128-GCM-SHA256' |'ECDHE-RSA-AES128-GCM-SHA256'| | // +----------------------------------------+-----------------------------+ // | 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'| 'ECDHE-RSA-AES128-SHA' | // +----------------------------------------+-----------------------------+ @@ -318,16 +314,25 @@ const ( // | 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA' | | // +----------------------------------------+-----------------------------+ // | 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256'| | - // +-----------------------------------+----------------------------------+ + // +----------------------------------------+-----------------------------+ // | 'TLS_RSA_WITH_AES_128_GCM_SHA256' | | // +-----------------------------------+----------------------------------+ - // | 'TLS_RSA_WITH_AES_128_CBC_SHA256' |'TLS_RSA_WITH_AES_256_GCM_SHA384' | + // | 'TLS_RSA_WITH_AES_128_CBC_SHA256' |'TLS_RSA_WITH_AES_256_CBC_SHA256' | + // +-----------------------------------+----------------------------------+ + // | 'TLS_RSA_WITH_AES_256_CBC_SHA' | 'TLS_RSA_WITH_AES_128_CBC_SHA' | + // +-----------------------------------+----------------------------------+ + // + // Unsupported cipher suites (previously supported on older brokers): + // +-----------------------------------+----------------------------------+ + // | 'DES-CBC3-SHA' |'ECDHE-RSA-DES-CBC3-SHA' | + // +-----------------------------------+----------------------------------+ + // | 'RC4-SHA' | 'AES128' | // +-----------------------------------+----------------------------------+ - // | 'TLS_RSA_WITH_AES_256_CBC_SHA256' | 'TLS_RSA_WITH_AES_256_CBC_SHA' | + // | 'TLS_RSA_WITH_AES_256_GCM_SHA384' | 'RC4-MD5' | // +-----------------------------------+----------------------------------+ - // | 'SSL_RSA_WITH_3DES_EDE_CBC_SHA | 'TLS_RSA_WITH_AES_128_CBC_SHA' | + // | 'SSL_RSA_WITH_3DES_EDE_CBC_SHA' | 'SSL_RSA_WITH_RC4_128_SHA' | // +-----------------------------------+----------------------------------+ - // | 'SSL_RSA_WITH_RC4_128_SHA' | 'SSL_RSA_WITH_RC4_128_MD5' | + // | 'SSL_RSA_WITH_RC4_128_MD5' | | // +-----------------------------------+----------------------------------+ TransportLayerSecurityPropertyCipherSuites ServiceProperty = "solace.messaging.tls.cipher-suites" diff --git a/pkg/solace/config/messaging_service_strategies.go b/pkg/solace/config/messaging_service_strategies.go index 9bc9c84..d5402a6 100644 --- a/pkg/solace/config/messaging_service_strategies.go +++ b/pkg/solace/config/messaging_service_strategies.go @@ -259,13 +259,9 @@ func (tss TransportSecurityStrategy) WithCertificateValidation( // +-----------------+-------------------------------+--------------------+ // | 'AES256-SHA256' | 'ECDHE-RSA-AES256-GCM-SHA384' | 'AES128-SHA256' | // +-----------------+-------------------------------+--------------------+ -// | 'DES-CBC3-SHA' | 'ECDHE-RSA-DES-CBC3-SHA' | | -// +-----------------+-------------------------------+--------------------+ -// | 'RC4-SHA' | 'ECDHE-RSA-AES256-SHA384' | 'AES128 | -// +-----------------+-------------------------------+--------------------+ -// | 'ECDHE-RSA-AES128-SHA256' | 'AES128-GCM-SHA256'| -// +-----------------+-------------------------------+--------------------+ -// | 'RC4-MD5' | 'ECDHE-RSA-AES128-GCM-SHA256' | | +// | 'ECDHE-RSA-AES256-SHA384' | 'ECDHE-RSA-AES128-SHA256' | +// +----------------------------------------+-----------------------------+ +// | 'AES128-GCM-SHA256' |'ECDHE-RSA-AES128-GCM-SHA256'| | // +----------------------------------------+-----------------------------+ // | 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'| 'ECDHE-RSA-AES128-SHA' | // +----------------------------------------+-----------------------------+ @@ -280,16 +276,25 @@ func (tss TransportSecurityStrategy) WithCertificateValidation( // | 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA' | | // +----------------------------------------+-----------------------------+ // | 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256'| | -// +-----------------------------------+----------------------------------+ +// +----------------------------------------+-----------------------------+ // | 'TLS_RSA_WITH_AES_128_GCM_SHA256' | | // +-----------------------------------+----------------------------------+ -// | 'TLS_RSA_WITH_AES_128_CBC_SHA256' |'TLS_RSA_WITH_AES_256_GCM_SHA384' | +// | 'TLS_RSA_WITH_AES_128_CBC_SHA256' |'TLS_RSA_WITH_AES_256_CBC_SHA256' | +// +-----------------------------------+----------------------------------+ +// | 'TLS_RSA_WITH_AES_256_CBC_SHA' | 'TLS_RSA_WITH_AES_128_CBC_SHA' | +// +-----------------------------------+----------------------------------+ +// +// Unsupported cipher suites (previously supported on older brokers): +// +-----------------------------------+----------------------------------+ +// | 'DES-CBC3-SHA' |'ECDHE-RSA-DES-CBC3-SHA' | +// +-----------------------------------+----------------------------------+ +// | 'RC4-SHA' | 'AES128' | // +-----------------------------------+----------------------------------+ -// | 'TLS_RSA_WITH_AES_256_CBC_SHA256' | 'TLS_RSA_WITH_AES_256_CBC_SHA' | +// | 'TLS_RSA_WITH_AES_256_GCM_SHA384' | 'RC4-MD5' | // +-----------------------------------+----------------------------------+ -// | 'SSL_RSA_WITH_3DES_EDE_CBC_SHA | 'TLS_RSA_WITH_AES_128_CBC_SHA' | +// | 'SSL_RSA_WITH_3DES_EDE_CBC_SHA' | 'SSL_RSA_WITH_RC4_128_SHA' | // +-----------------------------------+----------------------------------+ -// | 'SSL_RSA_WITH_RC4_128_SHA' | 'SSL_RSA_WITH_RC4_128_MD5' | +// | 'SSL_RSA_WITH_RC4_128_MD5' | | // +-----------------------------------+----------------------------------+ func (tss TransportSecurityStrategy) WithCipherSuites(cipherSuiteList string) TransportSecurityStrategy { tss.config[TransportLayerSecurityPropertyCipherSuites] = cipherSuiteList diff --git a/test/cache_test.go b/test/cache_test.go index 0e0bc2b..e3db83b 100644 --- a/test/cache_test.go +++ b/test/cache_test.go @@ -3022,7 +3022,7 @@ var _ = Describe("Cache Strategy", func() { messageReceiver solace.DirectMessageReceiver) { Expect(messagingService.Disconnect()).To(BeNil()) Expect(messagingService.IsConnected()).To(BeFalse()) - Eventually(messageReceiver.IsTerminated(), "5s").Should(BeTrue()) + Eventually(messageReceiver.IsTerminated(), "8s").Should(BeTrue()) }, configuration: func() config.ServicePropertyMap { return helpers.DefaultCacheConfiguration() @@ -3035,10 +3035,10 @@ var _ = Describe("Cache Strategy", func() { terminateFunction: func(messagingService solace.MessagingService, messageReceiver solace.DirectMessageReceiver) { var err error - Eventually(messagingService.DisconnectAsync(), "5s").Should(Receive(&err)) + Eventually(messagingService.DisconnectAsync(), "8s").Should(Receive(&err)) Expect(err).To(BeNil()) Expect(messagingService.IsConnected()).To(BeFalse()) - Eventually(messageReceiver.IsTerminated(), "5s").Should(BeTrue()) + Eventually(messageReceiver.IsTerminated(), "8s").Should(BeTrue()) }, configuration: func() config.ServicePropertyMap { return helpers.DefaultCacheConfiguration() @@ -3055,10 +3055,10 @@ var _ = Describe("Cache Strategy", func() { errorChan <- err }) var err_holder error - Eventually(errorChan, "5s").Should(Receive(&err_holder)) + Eventually(errorChan, "8s").Should(Receive(&err_holder)) Expect(err_holder).To(BeNil()) Expect(messagingService.IsConnected()).To(BeFalse()) - Eventually(messageReceiver.IsTerminated(), "5s").Should(BeTrue()) + Eventually(messageReceiver.IsTerminated(), "8s").Should(BeTrue()) }, configuration: func() config.ServicePropertyMap { return helpers.DefaultCacheConfiguration() diff --git a/test/data/compose/docker-compose.yml b/test/data/compose/docker-compose.yml index 2e21583..c98d0f4 100644 --- a/test/data/compose/docker-compose.yml +++ b/test/data/compose/docker-compose.yml @@ -28,7 +28,7 @@ services: memlock: -1 nofile: soft: 2448 - hard: 42192 + hard: 1048576 secrets: - server.pem - server_passphrase diff --git a/test/data/config/config_testcontainers.json b/test/data/config/config_testcontainers.json index c36e2ce..df261dd 100644 --- a/test/data/config/config_testcontainers.json +++ b/test/data/config/config_testcontainers.json @@ -16,7 +16,7 @@ "testcontainers": { "broker_hostname": "solbroker", "broker_container_name": "solbroker", - "broker_tag": "10.4", + "broker_tag": "10.25.0", "broker_repo": "solace/solace-pubsub", "broker_edition": "standard", "toxiproxy_hostname": "toxiproxy", diff --git a/test/helpers/cache_helpers.go b/test/helpers/cache_helpers.go index ed6797e..d391078 100644 --- a/test/helpers/cache_helpers.go +++ b/test/helpers/cache_helpers.go @@ -20,10 +20,13 @@ import ( "fmt" "strconv" "strings" + "time" + . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" "solace.dev/go/messaging" + "solace.dev/go/messaging/pkg/solace" "solace.dev/go/messaging/pkg/solace/config" "solace.dev/go/messaging/pkg/solace/message" "solace.dev/go/messaging/pkg/solace/resource" @@ -54,16 +57,19 @@ func DefaultCacheConfiguration() config.ServicePropertyMap { return config } -func SendMsgsToTopic(topic string, numMessages int) { - builder := messaging.NewMessagingServiceBuilder().FromConfigurationProvider(DefaultCacheConfiguration()) - messagingService := buildMessagingService(builder, 2) - defer func() { - err := messagingService.Disconnect() - Expect(err).To(BeNil()) - }() - err := messagingService.Connect() - Expect(err).To(BeNil()) - receiver, err := messagingService.CreateDirectMessageReceiverBuilder().WithSubscriptions(resource.TopicSubscriptionOf(topic)).Build() +func SendMsgsToTopic( + publisher solace.DirectMessagePublisher, + topic string, + messageBuilder solace.OutboundMessageBuilder, + directMsgReceiverBuilder solace.DirectMessageReceiverBuilder, + numMessages int) { + + receivedMsgs := make(chan message.InboundMessage, numMessages) + cacheMessageHandlerCallback := func(msg message.InboundMessage) { + receivedMsgs <- msg + } + + receiver, err := directMsgReceiverBuilder.WithSubscriptions(resource.TopicSubscriptionOf(topic)).Build() Expect(err).To(BeNil()) defer func() { err := receiver.Terminate(0) @@ -71,22 +77,11 @@ func SendMsgsToTopic(topic string, numMessages int) { }() err = receiver.Start() Expect(err).To(BeNil()) - publisher, err := messagingService.CreateDirectMessagePublisherBuilder().Build() - Expect(err).To(BeNil()) - defer func() { - err := publisher.Terminate(0) - Expect(err).To(BeNil()) - }() - err = publisher.Start() - Expect(err).To(BeNil()) - receivedMsgs := make(chan message.InboundMessage, numMessages) - cacheMessageHandlerCallback := func(msg message.InboundMessage) { - receivedMsgs <- msg - } + err = receiver.ReceiveAsync(cacheMessageHandlerCallback) Expect(err).To(BeNil()) + counter := 0 - messageBuilder := messagingService.MessageBuilder() for counter < numMessages { msg, err := messageBuilder.BuildWithStringPayload(fmt.Sprintf("message %d", counter)) Expect(err).To(BeNil()) @@ -94,9 +89,18 @@ func SendMsgsToTopic(topic string, numMessages int) { Expect(err).To(BeNil()) counter++ } + + // wait for 10 seconds per message to receive all messages + totalMsgWaitTime := time.Duration(10*numMessages) * time.Second + Eventually(receivedMsgs, totalMsgWaitTime).Should(HaveLen(numMessages), fmt.Sprintf("Timed out waiting to receive %d message(s)", numMessages)) // messages should have been sent + + var receivedMessage message.InboundMessage for i := 0; i < numMessages; i++ { - var receivedMessage message.InboundMessage - Eventually(receivedMsgs, "10s").Should(Receive(&receivedMessage), fmt.Sprintf("Timed out waiting to receive message %d of %d", i, numMessages)) + select { + case receivedMessage = <-receivedMsgs: + case <-time.After(2 * time.Second): + Fail("Timed out waiting to receive message %d of %d", i, numMessages) + } Expect(receivedMessage.GetDestinationName()).To(Equal(topic)) } } @@ -130,8 +134,32 @@ func InitCacheWithPreExistingMessages(cacheCluster testcontext.CacheClusterConfi topics = append(topics, fmt.Sprintf("%s%s%s", splitString[0], vpnName, splitString[1])) } } + + // Create a single messaging service to use to populate the caches + builder := messaging.NewMessagingServiceBuilder().FromConfigurationProvider(DefaultCacheConfiguration()) + messagingService := buildMessagingService(builder, 2) + defer func() { + err := messagingService.Disconnect() + Expect(err).To(BeNil()) + }() + err := messagingService.Connect() + Expect(err).To(BeNil()) + + publisher, err := messagingService.CreateDirectMessagePublisherBuilder().Build() + Expect(err).To(BeNil()) + defer func() { + err := publisher.Terminate(0) + Expect(err).To(BeNil()) + }() + err = publisher.Start() + Expect(err).To(BeNil()) + + // used to build the messages being published to the topics + messageBuilder := messagingService.MessageBuilder() + directMsgReceiverBuilder := messagingService.CreateDirectMessageReceiverBuilder() + for _, topic := range topics { - SendMsgsToTopic(topic, numMessages) + SendMsgsToTopic(publisher, topic, messageBuilder, directMsgReceiverBuilder, numMessages) } } diff --git a/test/messaging_service_test.go b/test/messaging_service_test.go index 0303fc8..7cca9a7 100644 --- a/test/messaging_service_test.go +++ b/test/messaging_service_test.go @@ -41,6 +41,10 @@ import ( ) // MessagingService Lifecycle tests test the various connect and disconnect paths validating that everything works as expected +// +// Please Note: For the TLS tests, we have disabled hostname validations. +// Relaxing the hostname validation is required for the remote docker daemon test setup to work properly +// since we are no more using localhost as the hostname and dynamically allocating the broker containers on a remote machine. var _ = Describe("MessagingService Lifecycle", func() { // Before each test, setup a builder with basic connection properties over plaintext var builder solace.MessagingServiceBuilder @@ -373,7 +377,7 @@ var _ = Describe("MessagingService Lifecycle", func() { helpers.TestConnectDisconnectMessagingService(builder) }) It("should reject untrusted certificate", func() { - builder.WithTransportSecurityStrategy(config.NewTransportSecurityStrategy().WithCertificateValidation(true, true, constants.InvalidFixturesPath, "")) + builder.WithTransportSecurityStrategy(config.NewTransportSecurityStrategy().WithCertificateValidation(true, false, constants.InvalidFixturesPath, "")) helpers.TestFailedConnectMessagingService(builder, func(err error) { helpers.ValidateNativeError(err, subcode.UntrustedCertificate) }) @@ -440,7 +444,7 @@ var _ = Describe("MessagingService Lifecycle", func() { It("fails to connect when server name validaiton is enabled", func() { builder.WithTransportSecurityStrategy(config. NewTransportSecurityStrategy(). - WithCertificateValidation(false, true, constants.ValidFixturesPath, "")) + WithCertificateValidation(false, false, constants.ValidFixturesPath, "")) helpers.TestFailedConnectMessagingService(builder, func(err error) { helpers.ValidateNativeError(err, subcode.UntrustedCertificate) }) @@ -460,7 +464,7 @@ var _ = Describe("MessagingService Lifecycle", func() { It("fails to connect when expired certificate checking is enabled", func() { builder.WithTransportSecurityStrategy(config. NewTransportSecurityStrategy(). - WithCertificateValidation(false, true, constants.ValidFixturesPath, "")) + WithCertificateValidation(false, false, constants.ValidFixturesPath, "")) helpers.TestFailedConnectMessagingService(builder, func(err error) { helpers.ValidateNativeError(err, subcode.CertificateDateInvalid) }) @@ -468,7 +472,7 @@ var _ = Describe("MessagingService Lifecycle", func() { It("can connect when expired certificate checking is disabled", func() { builder.WithTransportSecurityStrategy(config. NewTransportSecurityStrategy(). - WithCertificateValidation(true, true, constants.ValidFixturesPath, "")) + WithCertificateValidation(true, false, constants.ValidFixturesPath, "")) helpers.TestConnectDisconnectMessagingService(builder) }) }) @@ -494,15 +498,18 @@ var _ = Describe("MessagingService Lifecycle", func() { connectionDetails := testcontext.Messaging() url := fmt.Sprintf("tcps://%s:%d", connectionDetails.Host, connectionDetails.MessagingPorts.SecurePort) builder.FromConfigurationProvider(config.ServicePropertyMap{ - config.TransportLayerPropertyHost: "tc://localhost1:55443,tcps://localhost2:55443," + url, + config.TransportLayerPropertyHost: "tcps://localhost1:55443,tcps://localhost2:55443," + url, }) helpers.TestConnectDisconnectMessagingService(builder) }) It("should be able to connect with cipher suite", func() { builder.WithTransportSecurityStrategy(config.NewTransportSecurityStrategy(). - WithCipherSuites("AES128-SHA")) + WithCertificateValidation(true, false, constants.ValidFixturesPath, ""). + WithMaximumProtocol(config.TransportSecurityProtocolTLSv1_2). // cipher suite selection only available in TLSv1.2 + WithCipherSuites("ECDHE-RSA-AES128-GCM-SHA256")) helpers.TestConnectDisconnectMessagingServiceClientValidation(builder, func(client *monitor.MsgVpnClient) { - Expect(client.TlsCipherDescription).To(HavePrefix("AES128-SHA")) + Expect(client.TlsVersion).To(BeEquivalentTo(config.TransportSecurityProtocolTLSv1_2)) + Expect(client.TlsCipherDescription).To(HavePrefix("ECDHE-RSA-AES128-GCM-SHA256")) }) }) // Originally this explicitly test tls1.1 @@ -510,7 +517,7 @@ var _ = Describe("MessagingService Lifecycle", func() { // As a result this is adapted to explicitly verify tls1.2 in anticipation for tls1.3 // once openssl 1.1 support is deprecated this maybe // We need to explicitly enable TLS1.2 to test a few cases - Context("when allowing TLS1.2 connections", func() { + Context("when allowing TLS1.2 and TLS1.3 connections", func() { BeforeEach(func() { // semp configuration for tls version support // revist for enabling support for tls 1.2 in the future @@ -528,20 +535,24 @@ var _ = Describe("MessagingService Lifecycle", func() { }) It("should be able to connect with excluded protocols", func() { builder.WithTransportSecurityStrategy(config.NewTransportSecurityStrategy(). - WithExcludedProtocols(config.TransportSecurityProtocolSSLv3, config.TransportSecurityProtocolTLSv1, config.TransportSecurityProtocolTLSv1_1)) + WithCertificateValidation(true, false, constants.ValidFixturesPath, ""). + WithExcludedProtocols(config.TransportSecurityProtocolSSLv3, config.TransportSecurityProtocolTLSv1_3, config.TransportSecurityProtocolTLSv1, config.TransportSecurityProtocolTLSv1_1)) helpers.TestConnectDisconnectMessagingServiceClientValidation(builder, func(client *monitor.MsgVpnClient) { Expect(client.TlsVersion).To(BeEquivalentTo(config.TransportSecurityProtocolTLSv1_2)) }) }) It("should be able to connect with minimum protocol", func() { - builder.WithTransportSecurityStrategy(config.NewTransportSecurityStrategy(). - WithMinimumProtocol(config.TransportSecurityProtocolTLSv1_2)) + builder.WithTransportSecurityStrategy( + config.NewTransportSecurityStrategy(). + WithCertificateValidation(true, false, constants.ValidFixturesPath, ""). + WithMinimumProtocol(config.TransportSecurityProtocolTLSv1_3)) helpers.TestConnectDisconnectMessagingServiceClientValidation(builder, func(client *monitor.MsgVpnClient) { - Expect(client.TlsVersion).To(BeEquivalentTo(config.TransportSecurityProtocolTLSv1_2)) + Expect(client.TlsVersion).To(BeEquivalentTo(config.TransportSecurityProtocolTLSv1_3)) }) }) It("should be able to connect with maximum protocol", func() { builder.WithTransportSecurityStrategy(config.NewTransportSecurityStrategy(). + WithCertificateValidation(true, false, constants.ValidFixturesPath, ""). WithMaximumProtocol(config.TransportSecurityProtocolTLSv1_2)) helpers.TestConnectDisconnectMessagingServiceClientValidation(builder, func(client *monitor.MsgVpnClient) { Expect(client.TlsVersion).To(BeEquivalentTo(config.TransportSecurityProtocolTLSv1_2)) @@ -549,6 +560,7 @@ var _ = Describe("MessagingService Lifecycle", func() { }) It("fails to build with min > max", func() { tss := config.NewTransportSecurityStrategy() + tss.WithCertificateValidation(true, false, constants.ValidFixturesPath, "") tss.WithMinimumProtocol(config.TransportSecurityProtocolTLSv1_3) tss.WithMaximumProtocol(config.TransportSecurityProtocolTLSv1_2) builder.WithTransportSecurityStrategy(tss) @@ -561,9 +573,10 @@ var _ = Describe("MessagingService Lifecycle", func() { It("fails to build with mixed protocol version configs", func() { tss := config.NewTransportSecurityStrategy() + tss.WithCertificateValidation(true, false, constants.ValidFixturesPath, "") tss.WithMinimumProtocol(config.TransportSecurityProtocolTLSv1_2) tss.WithMaximumProtocol(config.TransportSecurityProtocolTLSv1_2) - tss.WithExcludedProtocols(config.TransportSecurityProtocolSSLv3, config.TransportSecurityProtocolTLSv1, config.TransportSecurityProtocolTLSv1_1) + tss.WithExcludedProtocols(config.TransportSecurityProtocolSSLv3, config.TransportSecurityProtocolTLSv1, config.TransportSecurityProtocolTLSv1, config.TransportSecurityProtocolTLSv1_1) builder.WithTransportSecurityStrategy(tss) _, err := builder.Build() Expect(err).To(HaveOccurred()) @@ -571,14 +584,15 @@ var _ = Describe("MessagingService Lifecycle", func() { Expect(err.Error()).To(ContainSubstring("Attempt to configure both deprecated and new tls version control properties.")) }) - // When we upgrade the broker, this will fail by conneccting successfully, but until then, it's useful. - // EBP-511 - It("fails to connect with TLSv1.3 because the broker is old", func() { + // This will fail on older broker versions. + It("should connect with TLSv1.3 on newer broker versions", func() { tss := config.NewTransportSecurityStrategy() + tss.WithCertificateValidation(true, false, constants.ValidFixturesPath, "") tss.WithMinimumProtocol(config.TransportSecurityProtocolTLSv1_3) builder.WithTransportSecurityStrategy(tss) - helpers.TestFailedConnectMessagingService(builder, func(err error) { - helpers.ValidateNativeError(err, subcode.CommunicationError) + + helpers.TestConnectDisconnectMessagingServiceClientValidation(builder, func(client *monitor.MsgVpnClient) { + Expect(client.TlsVersion).To(BeEquivalentTo(config.TransportSecurityProtocolTLSv1_3)) }) }) }) diff --git a/test/testcontext/test_context_testcontainers.go b/test/testcontext/test_context_testcontainers.go index 47f8195..33313f3 100644 --- a/test/testcontext/test_context_testcontainers.go +++ b/test/testcontext/test_context_testcontainers.go @@ -213,7 +213,7 @@ func (context *testContainersTestContext) Teardown() error { fmt.Println("Encountered error getting working directory for " + pubsubContainerName + " diagnostics err:" + err.Error()) } - err = context.gatherBrokerDiagnostics(path.Join(wd, "diagnostics.tgz")) + err = context.gatherBrokerDiagnostics(path.Join(wd, "diagnostics.tgz.p7m")) if err != nil { fmt.Println("Encountered error getting " + pubsubContainerName + " diagnostics err:" + err.Error()) } @@ -248,7 +248,8 @@ func (context *testContainersTestContext) gatherBrokerDiagnostics(destinationPat fmt.Println("Gathered gather-diagnostics for " + pubsubContainerName) // extract diagnostic to host // first get absolute path from container - resp, diagnosticPath, err := context.dockerExec(pubsubContainerName, []string{"/bin/bash", "-l", "-c", "ls -rt /usr/sw/jail/logs/gather-diagnostics*.tgz | tail -n 1"}) + resp, diagnosticPath, err := context.dockerExec(pubsubContainerName, []string{"/bin/bash", "-l", "-c", "ls -rt /usr/sw/jail/logs/gather-diagnostics*.tgz.p7m | tail -n 1"}) + // resp, diagnosticPath, err := context.dockerExec(pubsubContainerName, []string{"/bin/bash", "-l", "-c", "ls -rt /usr/sw/jail/logs/gather-diagnostics*.tgz | tail -n 1"}) //resp, diagnosticPath, err := context.dockerExec(pubsubHostname, []string{"/bin/bash", "-l", "-c", " realpath $(ls -rt /usr/sw/jail/logs/gather-diagnostics*.tgz | tail -n 1)"}) if err != nil { return err