Configure mqtt client with tls key and cert

Author: MarcialRosales

selenium/bin/suite_template

@@ -336,6 +336,7 @@ _test() {
     --env NODE_EXTRA_CA_CERTS=/nodejs/ca.pem \
     -v ${MOUNT_NODE_EXTRA_CA_CERTS}:/nodejs/ca.pem \
     -v ${TEST_DIR}:/code/test \
+    -v ${SCRIPT}/../../../${RABBITMQ_LOCAL_CERTS}:${RABBITMQ_CERTS} \
     -v ${SCREENS}:/screens \
     -v ${ENV_FILE}:/code/.env \
     mocha-test:${mocha_test_tag} test /code/test${TEST_CASES_PATH}
@@ -417,6 +418,9 @@ do_generate-ca-server-client-kpi() {
   cp $ROOT/tls-gen/basic/result/server_${NAME}_certificate.pem $FOLDER
   cp $ROOT/tls-gen/basic/result/server_${NAME}_key.pem $FOLDER
   cp $ROOT/tls-gen/basic/result/server_${NAME}.p12 $FOLDER
+  cp $ROOT/tls-gen/basic/result/client_${NAME}_certificate.pem $FOLDER
+  cp $ROOT/tls-gen/basic/result/client_${NAME}_key.pem $FOLDER
+  cp $ROOT/tls-gen/basic/result/client_${NAME}.p12 $FOLDER
   end "SSL Certificates generated for $NAME under $FOLDER"
 }
 

selenium/test/authnz-msg-protocols/env.docker

@@ -1,2 +1,3 @@
 export IMPORT_DIR=/var/rabbitmq/imports
 export RABBITMQ_CERTS=/etc/rabbitmq/certs
+export RABBITMQ_LOCAL_CERTS=selenium/test/authnz-msg-protocols/certs

selenium/test/authnz-msg-protocols/env.local

@@ -1,2 +1,3 @@
 export IMPORT_DIR=selenium/test/authnz-msg-protocols/imports
-export RABBITMQ_CERTS=selenium/test/authnz-msg-protocols/certs
+export RABBITMQ_LOCAL_CERTS=selenium/test/authnz-msg-protocols/certs
+export RABBITMQ_CERTS=$RABBITMQ_LOCAL_CERTS

selenium/test/authnz-msg-protocols/env.tls

@@ -0,0 +1,2 @@
+MQTT_PROTOCOL=mqtts
+RABBITMQ_MQTT_URL=mqtts://rabbitmq:8883

selenium/test/authnz-msg-protocols/mqtt.js

@@ -1,3 +1,4 @@
+const fs = require('fs')
 const assert = require('assert')
 const { tokenFor, openIdConfiguration } = require('../utils')
 const { reset, expectUser, expectVhost, expectResource, allow, verifyAll } = require('../mock_http_backend')
@@ -14,13 +15,14 @@ for (const element of profiles.split(" ")) {
 describe('Having MQTT protocol enbled and the following auth_backends: ' + backends, function () {
   let mqttOptions
   let expectations = []
+  let mqttProtocol = process.env.MQTT_PROTOCOL || 'mqtt'
   let rabbit = process.env.RABBITMQ_HOSTNAME || 'localhost'
   let mqttUrl = process.env.RABBITMQ_MQTT_URL || "mqtt://" + rabbit + ":1883"
   let username = process.env.RABBITMQ_AMQP_USERNAME
   let password = process.env.RABBITMQ_AMQP_PASSWORD
   let client_id = process.env.RABBITMQ_AMQP_CLIENT_ID || 'selenium-client'
 
-  console.log("RABBITMQ_TEST_DIR : " + process.env.RABBITMQ_TEST_DIR)
+  console.log("RABBITMQ_CERTS : " + process.env.RABBITMQ_CERTS)
 
   before(function () {
     if (backends.includes("http") && username.includes("http")) {
@@ -39,13 +41,19 @@ describe('Having MQTT protocol enbled and the following auth_backends: ' + backe
     mqttOptions = {
       clientId: client_id,
       protocolId: 'MQTT',
+      protocol: mqttProtocol,
       protocolVersion: 4,
       keepalive: 10000,
       clean: false,
       reconnectPeriod: '1000',
       username: username,
       password: password
     }
+    if (mqttProtocol == 'mqtts') {
+      mqttOptions["ca"] = [fs.readFileSync(process.env.RABBITMQ_CERTS + "/ca_rabbitmq_certificate.pem")]
+      mqttOptions["cert"] = fs.readFileSync(process.env.RABBITMQ_CERTS + "/client_rabbitmq_certificate.pem")
+      mqttOptions["key"] = fs.readFileSync(process.env.RABBITMQ_CERTS + "/client_rabbitmq_key.pem")
+    }
   })
 
   it('can open an MQTT connection', function () {

selenium/test/authnz-msg-protocols/rabbitmq.tls.conf

@@ -11,3 +11,5 @@ management.ssl.port = 15671
 management.ssl.cacertfile = ${RABBITMQ_CERTS}/ca_rabbitmq_certificate.pem
 management.ssl.certfile   = ${RABBITMQ_CERTS}/server_rabbitmq_certificate.pem
 management.ssl.keyfile    = ${RABBITMQ_CERTS}/server_rabbitmq_key.pem
+
+mqtt.listeners.ssl.default = 8883