testing mutual authentication

Author: DanielePalaia

.ci/conf/rabbitmq.conf

@@ -5,3 +5,5 @@ ssl_options.certfile = /etc/rabbitmq/certs/server_certificate.pem
 ssl_options.keyfile = /etc/rabbitmq/certs/server_key.pem
 listeners.ssl.default = 5671
 stream.listeners.ssl.default = 5551
+ssl_options.verify               = verify_peer
+ssl_options.fail_if_no_peer_cert = false

examples/getting_started/main.py

@@ -10,7 +10,7 @@
     ExchangeSpecification,
     Message,
     QuorumQueueSpecification,
-    SSlConfigurationContext,
+    # SslConfigurationContext,
 )
 
 
@@ -60,15 +60,15 @@ def on_link_closed(self, event: Event) -> None:
 
 
 def create_connection() -> Connection:
-    # connection = Connection("amqps://guest:guest@localhost:5672/")
+    connection = Connection("amqps://guest:guest@localhost:5672/")
     # in case of SSL
-    ca_cert_file = (
-        "/Users/dpalaia/projects/rabbitmq-stream-go-client/.ci/certs/ca_certificate.pem"
-    )
-    connection = Connection(
-        "amqps://guest:guest@localhost:5671/",
-        ssl_context=SSlConfigurationContext(ca_cert=ca_cert_file),
-    )
+    # ca_cert_file = (
+    #    "/Users/dpalaia/projects/rabbitmq-stream-go-client/.ci/certs/ca_certificate.pem"
+    # )
+    # connection = Connection(
+    #    "amqps://guest:guest@localhost:5671/",
+    #    ssl_context=SSlConfigurationContext(ca_cert=ca_cert_file),
+    # )
     connection.dial()
 
     return connection

rabbitmq_amqp_python_client/__init__.py

@@ -22,7 +22,10 @@
     QuorumQueueSpecification,
     StreamSpecification,
 )
-from .ssl_configuration import SSlConfigurationContext
+from .ssl_configuration import (
+    ClientCert,
+    SslConfigurationContext,
+)
 
 try:
     __version__ = metadata.version(__package__)
@@ -53,5 +56,6 @@
     "AddressHelper",
     "AMQPMessagingHandler",
     "ArgumentOutOfRangeException",
-    "SSlConfigurationContext",
+    "SslConfigurationContext",
+    "ClientCert",
 ]

rabbitmq_amqp_python_client/connection.py

@@ -9,19 +9,19 @@
 from .qpid.proton._handlers import MessagingHandler
 from .qpid.proton._transport import SSLDomain
 from .qpid.proton.utils import BlockingConnection
-from .ssl_configuration import SSlConfigurationContext
+from .ssl_configuration import SslConfigurationContext
 
 logger = logging.getLogger(__name__)
 
 
 class Connection:
     def __init__(
-        self, addr: str, ssl_context: Optional[SSlConfigurationContext] = None
+        self, addr: str, ssl_context: Optional[SslConfigurationContext] = None
     ):
         self._addr: str = addr
         self._conn: BlockingConnection
         self._management: Management
-        self._conf_ssl_context: Optional[SSlConfigurationContext] = ssl_context
+        self._conf_ssl_context: Optional[SslConfigurationContext] = ssl_context
         self._ssl_domain = None
 
     def dial(self) -> None:

rabbitmq_amqp_python_client/ssl_configuration.py

@@ -10,6 +10,6 @@ class ClientCert:
 
 
 @dataclass
-class SSlConfigurationContext:
+class SslConfigurationContext:
     ca_cert: str
     client_cert: Optional[ClientCert] = None

tests/conftest.py

@@ -3,9 +3,10 @@
 from rabbitmq_amqp_python_client import (
     AddressHelper,
     AMQPMessagingHandler,
+    ClientCert,
     Connection,
     Event,
-    SSlConfigurationContext,
+    SslConfigurationContext,
     symbol,
 )
 
@@ -23,9 +24,15 @@ def connection(pytestconfig):
 
 @pytest.fixture()
 def connection_ssl(pytestconfig):
+    ca_cert_file = ".ci/certs/ca_certificate.pem"
+    client_cert = ".ci/certs/client_certificate.pem"
+    client_key = ".ci/certs/client_key.pem"
     connection = Connection(
         "amqps://guest:guest@localhost:5671/",
-        ssl_context=SSlConfigurationContext(ca_cert=".ci/certs/ca_certificate.pem"),
+        ssl_context=SslConfigurationContext(
+            ca_cert=ca_cert_file,
+            client_cert=ClientCert(client_cert=client_cert, client_key=client_key),
+        ),
     )
     connection.dial()
     try:

tests/test_connection.py

@@ -1,7 +1,25 @@
-from rabbitmq_amqp_python_client import Connection
+from rabbitmq_amqp_python_client import (
+    ClientCert,
+    Connection,
+    SslConfigurationContext,
+)
 
 
 def test_connection() -> None:
     connection = Connection("amqp://guest:guest@localhost:5672/")
     connection.dial()
     connection.close()
+
+
+def test_connection_ssl() -> None:
+    ca_cert_file = ".ci/certs/ca_certificate.pem"
+    client_cert = ".ci/certs/client_certificate.pem"
+    client_key = ".ci/certs/client_key.pem"
+    connection = Connection(
+        "amqps://guest:guest@localhost:5671/",
+        ssl_context=SslConfigurationContext(
+            ca_cert=ca_cert_file,
+            client_cert=ClientCert(client_cert=client_cert, client_key=client_key),
+        ),
+    )
+    connection.dial()