Example 6 with SettingsBasedSSLConfigurator
use of com.amazon.dlic.util.SettingsBasedSSLConfigurator in project security by opensearch-project.
the class SettingsBasedSSLConfiguratorTest method testJksWrongTrust.
@Test
public void testJksWrongTrust() throws Exception {
try (TestServer testServer = new TestServer("sslConfigurator/jks/truststore.jks", "sslConfigurator/jks/node1-keystore.jks", "secret", false)) {
Path rootCaJksPath = FileHelper.getAbsoluteFilePathFromClassPath("sslConfigurator/jks/other-root-ca.jks");
Settings settings = Settings.builder().put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_TRUSTSTORE_FILEPATH, rootCaJksPath.getFileName().toString()).put("plugins.security.ssl.transport.truststore_password", "secret").put("prefix.enable_ssl", "true").put("path.home", rootCaJksPath.getParent().toString()).build();
Path configPath = rootCaJksPath.getParent();
SettingsBasedSSLConfigurator sbsc = new SettingsBasedSSLConfigurator(settings, configPath, "prefix");
SSLConfig sslConfig = sbsc.buildSSLConfig();
try (CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslConfig.toSSLConnectionSocketFactory()).build()) {
thrown.expect(SSLHandshakeException.class);
try (CloseableHttpResponse response = httpClient.execute(new HttpGet(testServer.getUri()))) {
Assert.fail("Connection should have failed due to wrong trust");
}
}
}
}
Also used :
Path(java.nio.file.Path)
SSLConfig(com.amazon.dlic.util.SettingsBasedSSLConfigurator.SSLConfig)
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
HttpGet(org.apache.http.client.methods.HttpGet)
CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse)
SettingsBasedSSLConfigurator(com.amazon.dlic.util.SettingsBasedSSLConfigurator)
Settings(org.opensearch.common.settings.Settings)
Test(org.junit.Test)
Example 7 with SettingsBasedSSLConfigurator
use of com.amazon.dlic.util.SettingsBasedSSLConfigurator in project security by opensearch-project.
the class SettingsBasedSSLConfiguratorTest method testPemWrongTrust.
@Test
public void testPemWrongTrust() throws Exception {
try (TestServer testServer = new TestServer("sslConfigurator/pem/truststore.jks", "sslConfigurator/pem/node1-keystore.jks", "secret", false)) {
Path rootCaPemPath = FileHelper.getAbsoluteFilePathFromClassPath("sslConfigurator/pem/other-root-ca.pem");
Settings settings = Settings.builder().put("prefix.pemtrustedcas_filepath", rootCaPemPath.getFileName().toString()).put("prefix.enable_ssl", "true").put("path.home", rootCaPemPath.getParent().toString()).build();
Path configPath = rootCaPemPath.getParent();
SettingsBasedSSLConfigurator sbsc = new SettingsBasedSSLConfigurator(settings, configPath, "prefix");
SSLConfig sslConfig = sbsc.buildSSLConfig();
try (CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslConfig.toSSLConnectionSocketFactory()).build()) {
thrown.expect(SSLHandshakeException.class);
try (CloseableHttpResponse response = httpClient.execute(new HttpGet(testServer.getUri()))) {
Assert.fail("Connection should have failed due to wrong trust");
}
}
}
}
Also used :
Path(java.nio.file.Path)
SSLConfig(com.amazon.dlic.util.SettingsBasedSSLConfigurator.SSLConfig)
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
HttpGet(org.apache.http.client.methods.HttpGet)
CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse)
SettingsBasedSSLConfigurator(com.amazon.dlic.util.SettingsBasedSSLConfigurator)
Settings(org.opensearch.common.settings.Settings)
Test(org.junit.Test)
Example 8 with SettingsBasedSSLConfigurator
use of com.amazon.dlic.util.SettingsBasedSSLConfigurator in project security by opensearch-project.
the class SettingsBasedSSLConfiguratorTest method testPemTrust.
@Test
public void testPemTrust() throws Exception {
try (TestServer testServer = new TestServer("sslConfigurator/pem/truststore.jks", "sslConfigurator/pem/node1-keystore.jks", "secret", false)) {
Path rootCaPemPath = FileHelper.getAbsoluteFilePathFromClassPath("sslConfigurator/pem/root-ca.pem");
Assert.assertTrue(rootCaPemPath.toFile().exists());
Settings settings = Settings.builder().put("prefix.pemtrustedcas_filepath", rootCaPemPath.getFileName().toString()).put("prefix.enable_ssl", "true").put("path.home", rootCaPemPath.getParent().toString()).build();
Path configPath = rootCaPemPath.getParent();
SettingsBasedSSLConfigurator sbsc = new SettingsBasedSSLConfigurator(settings, configPath, "prefix");
SSLConfig sslConfig = sbsc.buildSSLConfig();
try (CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslConfig.toSSLConnectionSocketFactory()).build()) {
try (CloseableHttpResponse response = httpClient.execute(new HttpGet(testServer.getUri()))) {
// Success
}
}
}
}
Also used :
Path(java.nio.file.Path)
SSLConfig(com.amazon.dlic.util.SettingsBasedSSLConfigurator.SSLConfig)
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
HttpGet(org.apache.http.client.methods.HttpGet)
CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse)
SettingsBasedSSLConfigurator(com.amazon.dlic.util.SettingsBasedSSLConfigurator)
Settings(org.opensearch.common.settings.Settings)
Test(org.junit.Test)
Example 9 with SettingsBasedSSLConfigurator
use of com.amazon.dlic.util.SettingsBasedSSLConfigurator in project security by opensearch-project.
the class SettingsBasedSSLConfiguratorTest method testTrustAll.
@Test
public void testTrustAll() throws Exception {
try (TestServer testServer = new TestServer("sslConfigurator/jks/truststore.jks", "sslConfigurator/jks/node1-keystore.jks", "secret", false)) {
Path rootCaJksPath = FileHelper.getAbsoluteFilePathFromClassPath("sslConfigurator/jks/other-root-ca.jks");
Settings settings = Settings.builder().put("prefix.enable_ssl", "true").put("prefix.trust_all", "true").put("path.home", rootCaJksPath.getParent().toString()).build();
Path configPath = rootCaJksPath.getParent();
SettingsBasedSSLConfigurator sbsc = new SettingsBasedSSLConfigurator(settings, configPath, "prefix");
SSLConfig sslConfig = sbsc.buildSSLConfig();
try (CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslConfig.toSSLConnectionSocketFactory()).build()) {
try (CloseableHttpResponse response = httpClient.execute(new HttpGet(testServer.getUri()))) {
// Success
}
}
}
}
Also used :
Path(java.nio.file.Path)
SSLConfig(com.amazon.dlic.util.SettingsBasedSSLConfigurator.SSLConfig)
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
HttpGet(org.apache.http.client.methods.HttpGet)
CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse)
SettingsBasedSSLConfigurator(com.amazon.dlic.util.SettingsBasedSSLConfigurator)
Settings(org.opensearch.common.settings.Settings)
Test(org.junit.Test)
Aggregations
SettingsBasedSSLConfigurator (com.amazon.dlic.util.SettingsBasedSSLConfigurator)9
SSLConfig (com.amazon.dlic.util.SettingsBasedSSLConfigurator.SSLConfig)9
Path (java.nio.file.Path)9
CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)9
HttpGet (org.apache.http.client.methods.HttpGet)9
CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)9
Test (org.junit.Test)9
Settings (org.opensearch.common.settings.Settings)9
SSLHandshakeException (javax.net.ssl.SSLHandshakeException)1
