chore: support ssl in mqtt3 integ tests (#161)

pom.xml

@@ -74,7 +74,7 @@
         <dependency>
             <groupId>io.moquette</groupId>
             <artifactId>moquette-broker</artifactId>
-            <version>0.15</version>
+            <version>0.17</version>
             <scope>test</scope>
         </dependency>
         <!-- for running hivemq -->

src/integrationtests/java/com/aws/greengrass/integrationtests/KeystoreTest.java

@@ -18,6 +18,7 @@
 import com.aws.greengrass.mqtt.bridge.BridgeConfig;
 import com.aws.greengrass.mqtt.bridge.MQTTBridge;
 import com.aws.greengrass.mqtt.bridge.auth.MQTTClientKeyStore;
+import com.aws.greengrass.mqtt.bridge.model.MqttVersion;
 import com.aws.greengrass.util.Pair;
 import lombok.Builder;
 import lombok.Setter;
@@ -75,6 +76,13 @@ void GIVEN_mqtt5_bridge_WHEN_client_cert_changes_THEN_local_client_restarts() th
         assertTrue(testContext.getLocalV5Client().getClient().getIsConnected());
     }
 
+    @BridgeIntegrationTest(
+            withConfig = "mqtt3_config_ssl.yaml",
+            withBrokers = Broker.MQTT3, // TODO hivemq doesn't play nicely with v3 paho client for some reason
+            withLocalClientVersions = MqttVersion.MQTT3)
+    void GIVEN_bridge_with_ssl_WHEN_bridge_starts_THEN_client_connects_over_ssl() {
+    }
+
     @BridgeIntegrationTest(
             withConfig = "mqtt5_config_ssl.yaml",
             withBrokers = Broker.MQTT5)

src/integrationtests/java/com/aws/greengrass/integrationtests/LifecycleTest.java

@@ -26,7 +26,6 @@
 import com.aws.greengrass.testcommons.testutilities.GGExtension;
 import com.aws.greengrass.testcommons.testutilities.UniqueRootPathExtension;
 import com.aws.greengrass.util.Pair;
-import io.moquette.BrokerConstants;
 import io.moquette.broker.Server;
 import io.moquette.broker.config.IConfig;
 import io.moquette.broker.config.MemoryConfig;
@@ -127,7 +126,8 @@ private static void launchKernel(Kernel kernel, ExtensionContext extensionContex
 
     private static Server startMoquette() throws IOException {
         IConfig brokerConf = new MemoryConfig(new Properties());
-        brokerConf.setProperty(BrokerConstants.PORT_PROPERTY_NAME, String.valueOf(8883));
+        brokerConf.setProperty(IConfig.PORT_PROPERTY_NAME, String.valueOf(8883));
+        brokerConf.setProperty(IConfig.ENABLE_TELEMETRY_NAME, "false");
         Server moquette = new Server();
         moquette.startServer(brokerConf);
         return moquette;

src/integrationtests/java/com/aws/greengrass/integrationtests/extensions/BridgeIntegrationTestContext.java

@@ -51,7 +51,7 @@ public IoTCoreClient getIotCoreClient() {
     public MQTTClient getLocalV3Client() {
         MessageClient<MqttMessage> client = getFromContext(MQTTBridge.class).getLocalMqttClient();
         if (!(client instanceof MQTTClient)) {
-            throw new RuntimeException("Excepted " + MQTTClient.class.getSimpleName()
+            throw new RuntimeException("Expected " + MQTTClient.class.getSimpleName()
                     + " but got " + client.getClass().getSimpleName());
         }
         return (MQTTClient) client;
@@ -60,7 +60,7 @@ public MQTTClient getLocalV3Client() {
     public LocalMqtt5Client getLocalV5Client() {
         MessageClient<MqttMessage> client = getFromContext(MQTTBridge.class).getLocalMqttClient();
         if (!(client instanceof LocalMqtt5Client)) {
-            throw new RuntimeException("Excepted " + MQTTClient.class.getSimpleName()
+            throw new RuntimeException("Expected " + LocalMqtt5Client.class.getSimpleName()
                     + " but got " + client.getClass().getSimpleName());
         }
         return (LocalMqtt5Client) client;

src/integrationtests/java/com/aws/greengrass/integrationtests/extensions/BridgeIntegrationTestExtension.java

@@ -19,10 +19,11 @@
 import com.aws.greengrass.mqtt.bridge.BridgeConfig;
 import com.aws.greengrass.mqtt.bridge.MQTTBridge;
 import com.aws.greengrass.mqtt.bridge.auth.MQTTClientKeyStore;
+import com.aws.greengrass.mqtt.bridge.clients.LocalMqtt5Client;
+import com.aws.greengrass.mqtt.bridge.clients.MQTTClient;
 import com.aws.greengrass.mqtt.bridge.clients.MockMqttClient;
 import com.aws.greengrass.mqtt.bridge.model.MqttVersion;
 import com.aws.greengrass.mqttclient.MqttClient;
-import io.moquette.BrokerConstants;
 import io.moquette.broker.Server;
 import io.moquette.broker.config.IConfig;
 import io.moquette.broker.config.MemoryConfig;
@@ -73,10 +74,14 @@
 import static com.aws.greengrass.componentmanager.KernelConfigResolver.CONFIGURATION_CONFIG_KEY;
 import static com.aws.greengrass.testcommons.testutilities.ExceptionLogProtector.ignoreExceptionOfType;
 import static com.aws.greengrass.testcommons.testutilities.ExceptionLogProtector.ignoreExceptionUltimateCauseOfType;
+import static com.github.grantwest.eventually.EventuallyLambdaMatcher.eventuallyEval;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.is;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 import static org.junit.jupiter.api.Assertions.fail;
 import static org.mockito.Mockito.mock;
 
+@SuppressWarnings("PMD.CouplingBetweenObjects")
 public class BridgeIntegrationTestExtension implements AfterTestExecutionCallback, InvocationInterceptor, TestTemplateInvocationContextProvider {
 
     private static final Logger logger = LogManager.getLogger(BridgeIntegrationTestExtension.class);
@@ -89,7 +94,7 @@ public class BridgeIntegrationTestExtension implements AfterTestExecutionCallbac
 
     Server v3Broker;
 
-    MQTTClientKeyStore clientKeyStore = new InitOnceMqttClientKeyStore();
+    MQTTClientKeyStore clientKeyStore;
 
     @Override
     public boolean supportsTestTemplate(ExtensionContext context) {
@@ -118,6 +123,9 @@ public Stream<TestTemplateInvocationContext> provideTestTemplateInvocationContex
         } else {
             for (Broker brokerParam : brokerParams) {
                 for (MqttVersion versionParam : versionParams) {
+                    if (versionParam == MqttVersion.MQTT5 && brokerParam == Broker.MQTT3) {
+                        continue;
+                    }
                     contexts.add(new BridgeIntegrationTestInvocationContext(brokerParam, versionParam, configFile));
                 }
             }
@@ -150,12 +158,10 @@ public String getDisplayName(int invocationIndex) {
             // initialize the context for parameterized test, regardless if
             // BridgeIntegrationTestContext is a param of the test itself.
             // there didn't appear to be a better place to put this...
-            if (context == null) {
-                context = new BridgeIntegrationTestContext();
-                context.broker = broker;
-                context.clientVersion = clientVersion;
-                context.configFile = configFile;
-            }
+            context = new BridgeIntegrationTestContext();
+            context.broker = broker;
+            context.clientVersion = clientVersion;
+            context.configFile = configFile;
             return new BridgeIntegrationTestDisplayNameFormatter(broker, clientVersion, configFile).format();
         }
 
@@ -190,6 +196,7 @@ public void interceptTestTemplateMethod(Invocation<Void> invocation,
                                             ReflectiveInvocationContext<Method> invocationContext,
                                             ExtensionContext extensionContext) throws Throwable {
         initializeContext(extensionContext);
+        configureCertificates();
 
         if (context.broker == Broker.MQTT3) {
             configureContextForMqtt3Broker();
@@ -246,6 +253,16 @@ public void interceptTestTemplateMethod(Invocation<Void> invocation,
         invocation.proceed();
     }
 
+    private Certs configureCertificates() throws KeyStoreException {
+        Path serverKeystorePath = context.getRootDir().resolve("hivemq.jks");
+        Path serverTruststorePath = context.getRootDir().resolve("truststore.jks");
+        clientKeyStore = new InitOnceMqttClientKeyStore();
+        Certs certs = new Certs(clientKeyStore, serverKeystorePath, serverTruststorePath);
+        certs.initialize();
+        context.certs = certs;
+        return certs;
+    }
+
     @Override
     public void afterTestExecution(ExtensionContext extensionContext) {
         if (kernel != null) {
@@ -293,14 +310,22 @@ private void customizeKernelContext(Kernel kernel) {
     }
 
     private void configureContextForMqtt3Broker() {
-        int brokerPort = 8883;
-        IConfig brokerConf = new MemoryConfig(new Properties());
-        brokerConf.setProperty(BrokerConstants.PORT_PROPERTY_NAME, String.valueOf(brokerPort));
+        int sslPort = 8883;
+        int tcpPort = 1883;
         v3Broker = new Server();
         context.setBrokerHost("localhost");
-        context.setBrokerTCPPort(brokerPort);
+        context.setBrokerSSLPort(sslPort);
+        context.setBrokerTCPPort(tcpPort);
         context.startBroker = () -> {
             try {
+                IConfig brokerConf = new MemoryConfig(new Properties());
+                brokerConf.setProperty(IConfig.SSL_PORT_PROPERTY_NAME, String.valueOf(sslPort));
+                brokerConf.setProperty(IConfig.PORT_PROPERTY_NAME, String.valueOf(tcpPort));
+                brokerConf.setProperty(IConfig.JKS_PATH_PROPERTY_NAME, context.certs.getKeystorePath().toAbsolutePath().toString());
+                brokerConf.setProperty(IConfig.KEY_STORE_PASSWORD_PROPERTY_NAME, context.certs.getServerKeystorePassword());
+                brokerConf.setProperty(IConfig.KEY_MANAGER_PASSWORD_PROPERTY_NAME, context.certs.getServerKeystorePassword());
+                brokerConf.setProperty(IConfig.ENABLE_TELEMETRY_NAME, "false");
+                brokerConf.setProperty(IConfig.PERSISTENCE_ENABLED_PROPERTY_NAME, "false");
                 v3Broker.startServer(brokerConf);
             } catch (IOException e) {
                 fail(e);
@@ -309,20 +334,13 @@ private void configureContextForMqtt3Broker() {
         context.stopBroker = v3Broker::stopServer;
     }
 
-    private void configureContextForMqtt5Broker() throws KeyStoreException {
-        Path serverKeystorePath = context.getRootDir().resolve("hivemq.jks");
-        Path serverTruststorePath = context.getRootDir().resolve("truststore.jks");
-
-        Certs certs = new Certs(clientKeyStore, serverKeystorePath, serverTruststorePath);
-        certs.initialize();
-        context.certs = certs;
-
+    private void configureContextForMqtt5Broker() {
         v5Broker = new HiveMQContainer(
                 DockerImageName.parse("hivemq/hivemq-ce").withTag("2023.2"))
-                .withFileSystemBind(serverKeystorePath.toAbsolutePath().toString(), "/opt/hivemq/hivemq.jks", BindMode.READ_ONLY)
-                .withFileSystemBind(serverTruststorePath.toAbsolutePath().toString(), "/opt/hivemq/truststore.jks", BindMode.READ_ONLY)
+                .withFileSystemBind(context.certs.getKeystorePath().toAbsolutePath().toString(), "/opt/hivemq/hivemq.jks", BindMode.READ_ONLY)
+                .withFileSystemBind(context.certs.getTrustorePath().toAbsolutePath().toString(), "/opt/hivemq/truststore.jks", BindMode.READ_ONLY)
                 .withHiveMQConfig(MountableFile.forClasspathResource("hivemq/config.xml"))
-                .withEnv("SERVER_JKS_PASSWORD", certs.getServerKeystorePassword())
+                .withEnv("SERVER_JKS_PASSWORD", context.certs.getServerKeystorePassword())
                 .withExposedPorts(8883, 1883)
                 .withLogLevel(Level.DEBUG);
         context.startBroker = () -> {
@@ -376,6 +394,12 @@ private void overrideLocalClientVersion() throws ServiceLoadException {
                     .getConfig()
                     .lookup(CONFIGURATION_CONFIG_KEY, BridgeConfig.KEY_MQTT, BridgeConfig.KEY_VERSION)
                     .withValue(context.clientVersion.name());
+            Class<?> expectedMessageClient = context.clientVersion == MqttVersion.MQTT5
+                    ? LocalMqtt5Client.class : MQTTClient.class;
+            assertThat("local client version switched",
+                    () -> context.getFromContext(MQTTBridge.class).getLocalMqttClient().getClass()
+                            .isAssignableFrom(expectedMessageClient),
+                    eventuallyEval(is(true)));
         }
     }
 

src/integrationtests/java/com/aws/greengrass/integrationtests/extensions/Certs.java

@@ -49,7 +49,9 @@ public class Certs {
     private KeyStore serverKeyStore;
     private KeyStore serverTrustStore;
     private final MQTTClientKeyStore clientKeyStore;
+    @Getter
     private final Path keystorePath;
+    @Getter
     private final Path trustorePath;
 
     public Certs(MQTTClientKeyStore clientKeyStore,

src/integrationtests/resources/com/aws/greengrass/integrationtests/config.yaml

@@ -5,7 +5,7 @@ services:
                 level: "DEBUG"
     aws.greengrass.clientdevices.mqtt.Bridge:
         configuration:
-            brokerUri: 'tcp://localhost:8883'
+            brokerUri: 'tcp://localhost:1883'
     main:
         dependencies:
             - aws.greengrass.clientdevices.mqtt.Bridge

src/integrationtests/resources/com/aws/greengrass/integrationtests/config_with_mapping.yaml

@@ -1,7 +1,7 @@
 services:
   aws.greengrass.clientdevices.mqtt.Bridge:
     configuration:
-      brokerUri: 'tcp://localhost:8883'
+      brokerUri: 'tcp://localhost:1883'
       mqtt5RouteOptions:
         mapping1:
           noLocal: true

src/integrationtests/resources/com/aws/greengrass/integrationtests/extensions/config.yaml

@@ -1,7 +1,7 @@
 services:
     aws.greengrass.clientdevices.mqtt.Bridge:
         configuration:
-            brokerUri: 'tcp://localhost:8883'
+            brokerUri: 'tcp://localhost:1883'
     main:
         dependencies:
             - aws.greengrass.clientdevices.mqtt.Bridge

src/integrationtests/resources/com/aws/greengrass/integrationtests/mqtt3_config_ssl.yaml

@@ -0,0 +1,11 @@
+services:
+    aws.greengrass.Nucleus:
+        configuration:
+            logging:
+                level: "DEBUG"
+    aws.greengrass.clientdevices.mqtt.Bridge:
+        configuration:
+            brokerUri: 'ssl://localhost:8883'
+    main:
+        dependencies:
+            - aws.greengrass.clientdevices.mqtt.Bridge

src/integrationtests/resources/com/aws/greengrass/integrationtests/mqtt3_local_and_iotcore.yaml

@@ -1,7 +1,7 @@
 services:
   aws.greengrass.clientdevices.mqtt.Bridge:
     configuration:
-      brokerUri: 'tcp://localhost:8883'
+      brokerUri: 'tcp://localhost:1883'
       mqttTopicMapping:
         toIotCore:
           topic: topic/toIotCore

src/integrationtests/resources/com/aws/greengrass/integrationtests/mqtt5_connect_options.yaml

@@ -1,7 +1,7 @@
 services:
   aws.greengrass.clientdevices.mqtt.Bridge:
     configuration:
-      brokerUri: 'tcp://localhost:8883'
+      brokerUri: 'tcp://localhost:1883'
       mqttTopicMapping:
         toLocal:
           topic: topic/toLocal

src/integrationtests/resources/com/aws/greengrass/integrationtests/mqtt5_local_and_iotcore.yaml

@@ -1,7 +1,7 @@
 services:
   aws.greengrass.clientdevices.mqtt.Bridge:
     configuration:
-      brokerUri: 'tcp://localhost:8883'
+      brokerUri: 'tcp://localhost:1883'
       mqttTopicMapping:
         toIotCore:
           topic: topic/toIotCore

src/integrationtests/resources/com/aws/greengrass/integrationtests/mqtt5_local_to_iotcore_nolocal.yaml

@@ -1,7 +1,7 @@
 services:
   aws.greengrass.clientdevices.mqtt.Bridge:
     configuration:
-      brokerUri: 'tcp://localhost:8883'
+      brokerUri: 'tcp://localhost:1883'
       mqtt5RouteOptions:
         toIotCore:
           noLocal: true

src/integrationtests/resources/com/aws/greengrass/integrationtests/mqtt5_local_to_iotcore_retain_as_published.yaml

@@ -1,7 +1,7 @@
 services:
   aws.greengrass.clientdevices.mqtt.Bridge:
     configuration:
-      brokerUri: 'tcp://localhost:8883'
+      brokerUri: 'tcp://localhost:1883'
       mqtt5RouteOptions:
         toIotCore:
           retainAsPublished: true