use of com.amazon.dlic.util.SettingsBasedSSLConfigurator.SSLConfig in project security by opensearch-project.
the class SettingsBasedSSLConfiguratorTest method testJksWrongTrust.
@Test
public void testJksWrongTrust() throws Exception {
try (TestServer testServer = new TestServer("sslConfigurator/jks/truststore.jks", "sslConfigurator/jks/node1-keystore.jks", "secret", false)) {
Path rootCaJksPath = FileHelper.getAbsoluteFilePathFromClassPath("sslConfigurator/jks/other-root-ca.jks");
Settings settings = Settings.builder().put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_TRUSTSTORE_FILEPATH, rootCaJksPath.getFileName().toString()).put("plugins.security.ssl.transport.truststore_password", "secret").put("prefix.enable_ssl", "true").put("path.home", rootCaJksPath.getParent().toString()).build();
Path configPath = rootCaJksPath.getParent();
SettingsBasedSSLConfigurator sbsc = new SettingsBasedSSLConfigurator(settings, configPath, "prefix");
SSLConfig sslConfig = sbsc.buildSSLConfig();
try (CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslConfig.toSSLConnectionSocketFactory()).build()) {
thrown.expect(SSLHandshakeException.class);
try (CloseableHttpResponse response = httpClient.execute(new HttpGet(testServer.getUri()))) {
Assert.fail("Connection should have failed due to wrong trust");
}
}
}
}
use of com.amazon.dlic.util.SettingsBasedSSLConfigurator.SSLConfig in project security by opensearch-project.
the class SettingsBasedSSLConfiguratorTest method testPemWrongTrust.
@Test
public void testPemWrongTrust() throws Exception {
try (TestServer testServer = new TestServer("sslConfigurator/pem/truststore.jks", "sslConfigurator/pem/node1-keystore.jks", "secret", false)) {
Path rootCaPemPath = FileHelper.getAbsoluteFilePathFromClassPath("sslConfigurator/pem/other-root-ca.pem");
Settings settings = Settings.builder().put("prefix.pemtrustedcas_filepath", rootCaPemPath.getFileName().toString()).put("prefix.enable_ssl", "true").put("path.home", rootCaPemPath.getParent().toString()).build();
Path configPath = rootCaPemPath.getParent();
SettingsBasedSSLConfigurator sbsc = new SettingsBasedSSLConfigurator(settings, configPath, "prefix");
SSLConfig sslConfig = sbsc.buildSSLConfig();
try (CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslConfig.toSSLConnectionSocketFactory()).build()) {
thrown.expect(SSLHandshakeException.class);
try (CloseableHttpResponse response = httpClient.execute(new HttpGet(testServer.getUri()))) {
Assert.fail("Connection should have failed due to wrong trust");
}
}
}
}
use of com.amazon.dlic.util.SettingsBasedSSLConfigurator.SSLConfig in project security by opensearch-project.
the class SettingsBasedSSLConfiguratorTest method testPemTrust.
@Test
public void testPemTrust() throws Exception {
try (TestServer testServer = new TestServer("sslConfigurator/pem/truststore.jks", "sslConfigurator/pem/node1-keystore.jks", "secret", false)) {
Path rootCaPemPath = FileHelper.getAbsoluteFilePathFromClassPath("sslConfigurator/pem/root-ca.pem");
Assert.assertTrue(rootCaPemPath.toFile().exists());
Settings settings = Settings.builder().put("prefix.pemtrustedcas_filepath", rootCaPemPath.getFileName().toString()).put("prefix.enable_ssl", "true").put("path.home", rootCaPemPath.getParent().toString()).build();
Path configPath = rootCaPemPath.getParent();
SettingsBasedSSLConfigurator sbsc = new SettingsBasedSSLConfigurator(settings, configPath, "prefix");
SSLConfig sslConfig = sbsc.buildSSLConfig();
try (CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslConfig.toSSLConnectionSocketFactory()).build()) {
try (CloseableHttpResponse response = httpClient.execute(new HttpGet(testServer.getUri()))) {
// Success
}
}
}
}
use of com.amazon.dlic.util.SettingsBasedSSLConfigurator.SSLConfig in project security by opensearch-project.
the class SettingsBasedSSLConfiguratorTest method testTrustAll.
@Test
public void testTrustAll() throws Exception {
try (TestServer testServer = new TestServer("sslConfigurator/jks/truststore.jks", "sslConfigurator/jks/node1-keystore.jks", "secret", false)) {
Path rootCaJksPath = FileHelper.getAbsoluteFilePathFromClassPath("sslConfigurator/jks/other-root-ca.jks");
Settings settings = Settings.builder().put("prefix.enable_ssl", "true").put("prefix.trust_all", "true").put("path.home", rootCaJksPath.getParent().toString()).build();
Path configPath = rootCaJksPath.getParent();
SettingsBasedSSLConfigurator sbsc = new SettingsBasedSSLConfigurator(settings, configPath, "prefix");
SSLConfig sslConfig = sbsc.buildSSLConfig();
try (CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslConfig.toSSLConnectionSocketFactory()).build()) {
try (CloseableHttpResponse response = httpClient.execute(new HttpGet(testServer.getUri()))) {
// Success
}
}
}
}
Aggregations