use of com.yahoo.athenz.common.utils.SSLUtils.ClientSSLContextBuilder in project athenz by yahoo.
the class SSLUtilsTest method testClientSSLContextBuilder.
@Test
public void testClientSSLContextBuilder() {
String protocol = DEFAULT_SSL_PROTOCOL;
SSLContext sslContext = new SSLUtils.ClientSSLContextBuilder(protocol).keyStorePath(DEFAULT_SERVER_KEY_STORE).keyManagerPassword(DEFAULT_CERT_PWD.toCharArray()).keyStorePassword(DEFAULT_CERT_PWD.toCharArray()).keyStoreType(DEFAULT_KEY_STORE_TYPE).trustStoreType(DEFAULT_TRUST_STORE_TYPE).keyStorePasswordAppName(KEYSTORE_PASSWORD_APP_NAME).keyManagerPasswordAppName(KEY_MANAGER_PASSWORD_APP_NAME).trustStorePasswordAppName(TRUSTSTORE_PASSWORD_APP_NAME).privateKeyStore(new FilePrivateKeyStore()).build();
assertEquals(sslContext.getProtocol(), protocol);
sslContext = new SSLUtils.ClientSSLContextBuilder(protocol).build();
Assert.assertNull(sslContext);
// key manager password is null
assertThrows(RuntimeException.class, () -> new ClientSSLContextBuilder(protocol).keyStorePath(DEFAULT_SERVER_KEY_STORE).keyManagerPassword(null).keyStorePassword(DEFAULT_CERT_PWD.toCharArray()).keyStoreType(DEFAULT_KEY_STORE_TYPE).trustStoreType(DEFAULT_TRUST_STORE_TYPE).keyStorePasswordAppName(KEYSTORE_PASSWORD_APP_NAME).keyManagerPasswordAppName(KEY_MANAGER_PASSWORD_APP_NAME).trustStorePasswordAppName(TRUSTSTORE_PASSWORD_APP_NAME).privateKeyStore(new FilePrivateKeyStore()).build());
// trust store password is null
new SSLUtils.ClientSSLContextBuilder(protocol).keyStorePath(DEFAULT_SERVER_KEY_STORE).keyManagerPassword(DEFAULT_CERT_PWD.toCharArray()).keyStorePassword(DEFAULT_CERT_PWD.toCharArray()).keyStoreType(DEFAULT_KEY_STORE_TYPE).trustStoreType(DEFAULT_TRUST_STORE_TYPE).keyStorePasswordAppName(KEYSTORE_PASSWORD_APP_NAME).keyManagerPasswordAppName(KEY_MANAGER_PASSWORD_APP_NAME).trustStorePasswordAppName(TRUSTSTORE_PASSWORD_APP_NAME).trustStorePassword(null).trustStorePath(TRUSTSTORE_PATH).privateKeyStore(new FilePrivateKeyStore()).build();
new SSLUtils.ClientSSLContextBuilder(protocol).keyStorePath("").keyManagerPassword(DEFAULT_CERT_PWD.toCharArray()).keyStorePassword(DEFAULT_CERT_PWD.toCharArray()).keyStoreType(DEFAULT_KEY_STORE_TYPE).trustStoreType(DEFAULT_TRUST_STORE_TYPE).keyStorePasswordAppName(KEYSTORE_PASSWORD_APP_NAME).keyManagerPasswordAppName(KEY_MANAGER_PASSWORD_APP_NAME).trustStorePasswordAppName(TRUSTSTORE_PASSWORD_APP_NAME).trustStorePassword(null).trustStorePath(TRUSTSTORE_PATH).privateKeyStore(new FilePrivateKeyStore()).build();
}
use of com.yahoo.athenz.common.utils.SSLUtils.ClientSSLContextBuilder in project athenz by yahoo.
the class ZTSClient method createSSLContext.
private SSLContext createSSLContext() {
// to create the SSL context we must have the keystore path
// specified. If it's not specified, then we are not going
// to create our ssl context
String keyStorePath = System.getProperty(ZTS_CLIENT_PROP_KEYSTORE_PATH);
if (isEmpty(keyStorePath)) {
return null;
}
String keyStoreType = System.getProperty(ZTS_CLIENT_PROP_KEYSTORE_TYPE);
String keyStorePwd = System.getProperty(ZTS_CLIENT_PROP_KEYSTORE_PASSWORD);
char[] keyStorePassword = null;
if (!isEmpty(keyStorePwd)) {
keyStorePassword = keyStorePwd.toCharArray();
}
String keyStorePasswordAppName = System.getProperty(ZTS_CLIENT_PROP_KEYSTORE_PWD_APP_NAME);
char[] keyManagerPassword = null;
String keyManagerPwd = System.getProperty(ZTS_CLIENT_PROP_KEY_MANAGER_PASSWORD);
if (!isEmpty(keyManagerPwd)) {
keyManagerPassword = keyManagerPwd.toCharArray();
}
String keyManagerPasswordAppName = System.getProperty(ZTS_CLIENT_PROP_KEY_MANAGER_PWD_APP_NAME);
// truststore
String trustStorePath = System.getProperty(ZTS_CLIENT_PROP_TRUSTSTORE_PATH);
String trustStoreType = System.getProperty(ZTS_CLIENT_PROP_TRUSTSTORE_TYPE);
String trustStorePwd = System.getProperty(ZTS_CLIENT_PROP_TRUSTSTORE_PASSWORD);
char[] trustStorePassword = null;
if (!isEmpty(trustStorePwd)) {
trustStorePassword = trustStorePwd.toCharArray();
}
String trustStorePasswordAppName = System.getProperty(ZTS_CLIENT_PROP_TRUSTSTORE_PWD_APP_NAME);
// alias and protocol details
String certAlias = System.getProperty(ZTS_CLIENT_PROP_CERT_ALIAS);
String clientProtocol = System.getProperty(ZTS_CLIENT_PROP_CLIENT_PROTOCOL, ZTS_CLIENT_DEFAULT_CLIENT_SSL_PROTOCOL);
ClientSSLContextBuilder builder = new SSLUtils.ClientSSLContextBuilder(clientProtocol).privateKeyStore(PRIVATE_KEY_STORE).keyStorePath(keyStorePath);
if (!isEmpty(certAlias)) {
builder.certAlias(certAlias);
}
if (!isEmpty(keyStoreType)) {
builder.keyStoreType(keyStoreType);
}
if (null != keyStorePassword) {
builder.keyStorePassword(keyStorePassword);
}
if (null != keyStorePasswordAppName) {
builder.keyStorePasswordAppName(keyStorePasswordAppName);
}
if (null != keyManagerPassword) {
builder.keyManagerPassword(keyManagerPassword);
}
if (null != keyManagerPasswordAppName) {
builder.keyManagerPasswordAppName(keyManagerPasswordAppName);
}
if (!isEmpty(trustStorePath)) {
builder.trustStorePath(trustStorePath);
}
if (!isEmpty(trustStoreType)) {
builder.trustStoreType(trustStoreType);
}
if (null != trustStorePassword) {
builder.trustStorePassword(trustStorePassword);
}
if (null != trustStorePasswordAppName) {
builder.trustStorePasswordAppName(trustStorePasswordAppName);
}
return builder.build();
}
use of com.yahoo.athenz.common.utils.SSLUtils.ClientSSLContextBuilder in project athenz by yahoo.
the class SSLUtilsTest method testSSLUtilsClient.
@Test(dataProvider = "ClientSSLContext")
public void testSSLUtilsClient(boolean clientAuth, String sslProtocol, String trustPath, String keyStorePath, String expectedFailureMessage, String alias) throws Exception {
JettyServer jettyServer = createHttpsJettyServer(clientAuth);
jettyServer.server.start();
ClientSSLContextBuilder builder = new SSLUtils.ClientSSLContextBuilder(sslProtocol).trustStorePath(trustPath).trustStorePassword(DEFAULT_CERT_PWD.toCharArray());
if (null != keyStorePath) {
builder.keyStorePath(keyStorePath).keyStorePassword(DEFAULT_CERT_PWD.toCharArray()).keyManagerPassword("test".toCharArray());
}
if (null != alias && !alias.isEmpty()) {
builder.certAlias(alias);
}
SSLContext sslContext = builder.build();
String httpsUrl = "https://localhost:" + jettyServer.port + "/";
URL url = new URL(httpsUrl);
HttpsURLConnection con = (HttpsURLConnection) url.openConnection();
con.setDoOutput(true);
con.setSSLSocketFactory(sslContext.getSocketFactory());
try {
handleInputStream(con);
if (!expectedFailureMessage.isEmpty()) {
Assert.fail("Expected failure");
}
} catch (Throwable t) {
Assert.assertFalse(expectedFailureMessage.isEmpty());
} finally {
jettyServer.server.stop();
}
}
use of com.yahoo.athenz.common.utils.SSLUtils.ClientSSLContextBuilder in project athenz by yahoo.
the class ZMSClient method createSSLContext.
SSLContext createSSLContext() {
// to create the SSL context we must have the keystore path
// specified. If it's not specified, then we are not going
// to create our ssl context
String keyStorePath = System.getProperty(ZMS_CLIENT_PROP_KEYSTORE_PATH);
if (keyStorePath == null || keyStorePath.isEmpty()) {
return null;
}
String keyStoreType = System.getProperty(ZMS_CLIENT_PROP_KEYSTORE_TYPE);
String keyStorePwd = System.getProperty(ZMS_CLIENT_PROP_KEYSTORE_PASSWORD);
char[] keyStorePassword = null;
if (null != keyStorePwd && !keyStorePwd.isEmpty()) {
keyStorePassword = keyStorePwd.toCharArray();
}
String keyStorePasswordAppName = System.getProperty(ZMS_CLIENT_PROP_KEYSTORE_PWD_APP_NAME);
char[] keyManagerPassword = null;
String keyManagerPwd = System.getProperty(ZMS_CLIENT_PROP_KEY_MANAGER_PASSWORD);
if (null != keyManagerPwd && !keyManagerPwd.isEmpty()) {
keyManagerPassword = keyManagerPwd.toCharArray();
}
String keyManagerPasswordAppName = System.getProperty(ZMS_CLIENT_PROP_KEY_MANAGER_PWD_APP_NAME);
// truststore
String trustStorePath = System.getProperty(ZMS_CLIENT_PROP_TRUSTSTORE_PATH);
String trustStoreType = System.getProperty(ZMS_CLIENT_PROP_TRUSTSTORE_TYPE);
String trustStorePwd = System.getProperty(ZMS_CLIENT_PROP_TRUSTSTORE_PASSWORD);
char[] trustStorePassword = null;
if (null != trustStorePwd && !trustStorePwd.isEmpty()) {
trustStorePassword = trustStorePwd.toCharArray();
}
String trustStorePasswordAppName = System.getProperty(ZMS_CLIENT_PROP_TRUSTSTORE_PWD_APP_NAME);
// alias and protocol details
String certAlias = System.getProperty(ZMS_CLIENT_PROP_CERT_ALIAS);
String clientProtocol = System.getProperty(ZMS_CLIENT_PROP_CLIENT_PROTOCOL, ZMS_CLIENT_DEFAULT_CLIENT_SSL_PROTOCOL);
ClientSSLContextBuilder builder = new SSLUtils.ClientSSLContextBuilder(clientProtocol).privateKeyStore(PRIVATE_KEY_STORE).keyStorePath(keyStorePath);
builder.certAlias(certAlias);
if (null != keyStoreType && !keyStoreType.isEmpty()) {
builder.keyStoreType(keyStoreType);
}
builder.keyStorePassword(keyStorePassword);
builder.keyStorePasswordAppName(keyStorePasswordAppName);
builder.keyManagerPassword(keyManagerPassword);
builder.keyManagerPasswordAppName(keyManagerPasswordAppName);
builder.trustStorePath(trustStorePath);
if (null != trustStoreType && !trustStoreType.isEmpty()) {
builder.trustStoreType(trustStoreType);
}
builder.trustStorePassword(trustStorePassword);
builder.trustStorePasswordAppName(trustStorePasswordAppName);
return builder.build();
}
Aggregations