Search in sources :

Example 6 with SSLConfig

use of com.amazon.dlic.util.SettingsBasedSSLConfigurator.SSLConfig in project security by opensearch-project.

the class SettingsBasedSSLConfiguratorTest method testJksWrongTrust.

@Test
public void testJksWrongTrust() throws Exception {
    try (TestServer testServer = new TestServer("sslConfigurator/jks/truststore.jks", "sslConfigurator/jks/node1-keystore.jks", "secret", false)) {
        Path rootCaJksPath = FileHelper.getAbsoluteFilePathFromClassPath("sslConfigurator/jks/other-root-ca.jks");
        Settings settings = Settings.builder().put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_TRUSTSTORE_FILEPATH, rootCaJksPath.getFileName().toString()).put("plugins.security.ssl.transport.truststore_password", "secret").put("prefix.enable_ssl", "true").put("path.home", rootCaJksPath.getParent().toString()).build();
        Path configPath = rootCaJksPath.getParent();
        SettingsBasedSSLConfigurator sbsc = new SettingsBasedSSLConfigurator(settings, configPath, "prefix");
        SSLConfig sslConfig = sbsc.buildSSLConfig();
        try (CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslConfig.toSSLConnectionSocketFactory()).build()) {
            thrown.expect(SSLHandshakeException.class);
            try (CloseableHttpResponse response = httpClient.execute(new HttpGet(testServer.getUri()))) {
                Assert.fail("Connection should have failed due to wrong trust");
            }
        }
    }
}
Also used : Path(java.nio.file.Path) SSLConfig(com.amazon.dlic.util.SettingsBasedSSLConfigurator.SSLConfig) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) HttpGet(org.apache.http.client.methods.HttpGet) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) SettingsBasedSSLConfigurator(com.amazon.dlic.util.SettingsBasedSSLConfigurator) Settings(org.opensearch.common.settings.Settings) Test(org.junit.Test)

Example 7 with SSLConfig

use of com.amazon.dlic.util.SettingsBasedSSLConfigurator.SSLConfig in project security by opensearch-project.

the class SettingsBasedSSLConfiguratorTest method testPemWrongTrust.

@Test
public void testPemWrongTrust() throws Exception {
    try (TestServer testServer = new TestServer("sslConfigurator/pem/truststore.jks", "sslConfigurator/pem/node1-keystore.jks", "secret", false)) {
        Path rootCaPemPath = FileHelper.getAbsoluteFilePathFromClassPath("sslConfigurator/pem/other-root-ca.pem");
        Settings settings = Settings.builder().put("prefix.pemtrustedcas_filepath", rootCaPemPath.getFileName().toString()).put("prefix.enable_ssl", "true").put("path.home", rootCaPemPath.getParent().toString()).build();
        Path configPath = rootCaPemPath.getParent();
        SettingsBasedSSLConfigurator sbsc = new SettingsBasedSSLConfigurator(settings, configPath, "prefix");
        SSLConfig sslConfig = sbsc.buildSSLConfig();
        try (CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslConfig.toSSLConnectionSocketFactory()).build()) {
            thrown.expect(SSLHandshakeException.class);
            try (CloseableHttpResponse response = httpClient.execute(new HttpGet(testServer.getUri()))) {
                Assert.fail("Connection should have failed due to wrong trust");
            }
        }
    }
}
Also used : Path(java.nio.file.Path) SSLConfig(com.amazon.dlic.util.SettingsBasedSSLConfigurator.SSLConfig) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) HttpGet(org.apache.http.client.methods.HttpGet) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) SettingsBasedSSLConfigurator(com.amazon.dlic.util.SettingsBasedSSLConfigurator) Settings(org.opensearch.common.settings.Settings) Test(org.junit.Test)

Example 8 with SSLConfig

use of com.amazon.dlic.util.SettingsBasedSSLConfigurator.SSLConfig in project security by opensearch-project.

the class SettingsBasedSSLConfiguratorTest method testPemTrust.

@Test
public void testPemTrust() throws Exception {
    try (TestServer testServer = new TestServer("sslConfigurator/pem/truststore.jks", "sslConfigurator/pem/node1-keystore.jks", "secret", false)) {
        Path rootCaPemPath = FileHelper.getAbsoluteFilePathFromClassPath("sslConfigurator/pem/root-ca.pem");
        Assert.assertTrue(rootCaPemPath.toFile().exists());
        Settings settings = Settings.builder().put("prefix.pemtrustedcas_filepath", rootCaPemPath.getFileName().toString()).put("prefix.enable_ssl", "true").put("path.home", rootCaPemPath.getParent().toString()).build();
        Path configPath = rootCaPemPath.getParent();
        SettingsBasedSSLConfigurator sbsc = new SettingsBasedSSLConfigurator(settings, configPath, "prefix");
        SSLConfig sslConfig = sbsc.buildSSLConfig();
        try (CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslConfig.toSSLConnectionSocketFactory()).build()) {
            try (CloseableHttpResponse response = httpClient.execute(new HttpGet(testServer.getUri()))) {
            // Success
            }
        }
    }
}
Also used : Path(java.nio.file.Path) SSLConfig(com.amazon.dlic.util.SettingsBasedSSLConfigurator.SSLConfig) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) HttpGet(org.apache.http.client.methods.HttpGet) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) SettingsBasedSSLConfigurator(com.amazon.dlic.util.SettingsBasedSSLConfigurator) Settings(org.opensearch.common.settings.Settings) Test(org.junit.Test)

Example 9 with SSLConfig

use of com.amazon.dlic.util.SettingsBasedSSLConfigurator.SSLConfig in project security by opensearch-project.

the class SettingsBasedSSLConfiguratorTest method testTrustAll.

@Test
public void testTrustAll() throws Exception {
    try (TestServer testServer = new TestServer("sslConfigurator/jks/truststore.jks", "sslConfigurator/jks/node1-keystore.jks", "secret", false)) {
        Path rootCaJksPath = FileHelper.getAbsoluteFilePathFromClassPath("sslConfigurator/jks/other-root-ca.jks");
        Settings settings = Settings.builder().put("prefix.enable_ssl", "true").put("prefix.trust_all", "true").put("path.home", rootCaJksPath.getParent().toString()).build();
        Path configPath = rootCaJksPath.getParent();
        SettingsBasedSSLConfigurator sbsc = new SettingsBasedSSLConfigurator(settings, configPath, "prefix");
        SSLConfig sslConfig = sbsc.buildSSLConfig();
        try (CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslConfig.toSSLConnectionSocketFactory()).build()) {
            try (CloseableHttpResponse response = httpClient.execute(new HttpGet(testServer.getUri()))) {
            // Success
            }
        }
    }
}
Also used : Path(java.nio.file.Path) SSLConfig(com.amazon.dlic.util.SettingsBasedSSLConfigurator.SSLConfig) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) HttpGet(org.apache.http.client.methods.HttpGet) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) SettingsBasedSSLConfigurator(com.amazon.dlic.util.SettingsBasedSSLConfigurator) Settings(org.opensearch.common.settings.Settings) Test(org.junit.Test)

Aggregations

SettingsBasedSSLConfigurator (com.amazon.dlic.util.SettingsBasedSSLConfigurator)9 SSLConfig (com.amazon.dlic.util.SettingsBasedSSLConfigurator.SSLConfig)9 Path (java.nio.file.Path)9 CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)9 HttpGet (org.apache.http.client.methods.HttpGet)9 CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)9 Test (org.junit.Test)9 Settings (org.opensearch.common.settings.Settings)9 SSLHandshakeException (javax.net.ssl.SSLHandshakeException)1