Search in sources :

Example 1 with ClientSSLContextBuilder

use of com.yahoo.athenz.common.utils.SSLUtils.ClientSSLContextBuilder in project athenz by yahoo.

the class SSLUtilsTest method testClientSSLContextBuilder.

@Test
public void testClientSSLContextBuilder() {
    String protocol = DEFAULT_SSL_PROTOCOL;
    SSLContext sslContext = new SSLUtils.ClientSSLContextBuilder(protocol).keyStorePath(DEFAULT_SERVER_KEY_STORE).keyManagerPassword(DEFAULT_CERT_PWD.toCharArray()).keyStorePassword(DEFAULT_CERT_PWD.toCharArray()).keyStoreType(DEFAULT_KEY_STORE_TYPE).trustStoreType(DEFAULT_TRUST_STORE_TYPE).keyStorePasswordAppName(KEYSTORE_PASSWORD_APP_NAME).keyManagerPasswordAppName(KEY_MANAGER_PASSWORD_APP_NAME).trustStorePasswordAppName(TRUSTSTORE_PASSWORD_APP_NAME).privateKeyStore(new FilePrivateKeyStore()).build();
    assertEquals(sslContext.getProtocol(), protocol);
    sslContext = new SSLUtils.ClientSSLContextBuilder(protocol).build();
    Assert.assertNull(sslContext);
    // key manager password is null
    assertThrows(RuntimeException.class, () -> new ClientSSLContextBuilder(protocol).keyStorePath(DEFAULT_SERVER_KEY_STORE).keyManagerPassword(null).keyStorePassword(DEFAULT_CERT_PWD.toCharArray()).keyStoreType(DEFAULT_KEY_STORE_TYPE).trustStoreType(DEFAULT_TRUST_STORE_TYPE).keyStorePasswordAppName(KEYSTORE_PASSWORD_APP_NAME).keyManagerPasswordAppName(KEY_MANAGER_PASSWORD_APP_NAME).trustStorePasswordAppName(TRUSTSTORE_PASSWORD_APP_NAME).privateKeyStore(new FilePrivateKeyStore()).build());
    // trust store password is null
    new SSLUtils.ClientSSLContextBuilder(protocol).keyStorePath(DEFAULT_SERVER_KEY_STORE).keyManagerPassword(DEFAULT_CERT_PWD.toCharArray()).keyStorePassword(DEFAULT_CERT_PWD.toCharArray()).keyStoreType(DEFAULT_KEY_STORE_TYPE).trustStoreType(DEFAULT_TRUST_STORE_TYPE).keyStorePasswordAppName(KEYSTORE_PASSWORD_APP_NAME).keyManagerPasswordAppName(KEY_MANAGER_PASSWORD_APP_NAME).trustStorePasswordAppName(TRUSTSTORE_PASSWORD_APP_NAME).trustStorePassword(null).trustStorePath(TRUSTSTORE_PATH).privateKeyStore(new FilePrivateKeyStore()).build();
    new SSLUtils.ClientSSLContextBuilder(protocol).keyStorePath("").keyManagerPassword(DEFAULT_CERT_PWD.toCharArray()).keyStorePassword(DEFAULT_CERT_PWD.toCharArray()).keyStoreType(DEFAULT_KEY_STORE_TYPE).trustStoreType(DEFAULT_TRUST_STORE_TYPE).keyStorePasswordAppName(KEYSTORE_PASSWORD_APP_NAME).keyManagerPasswordAppName(KEY_MANAGER_PASSWORD_APP_NAME).trustStorePasswordAppName(TRUSTSTORE_PASSWORD_APP_NAME).trustStorePassword(null).trustStorePath(TRUSTSTORE_PATH).privateKeyStore(new FilePrivateKeyStore()).build();
}
Also used : ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) SSLContext(javax.net.ssl.SSLContext) ClientSSLContextBuilder(com.yahoo.athenz.common.utils.SSLUtils.ClientSSLContextBuilder) FilePrivateKeyStore(com.yahoo.athenz.auth.impl.FilePrivateKeyStore) Test(org.testng.annotations.Test)

Example 2 with ClientSSLContextBuilder

use of com.yahoo.athenz.common.utils.SSLUtils.ClientSSLContextBuilder in project athenz by yahoo.

the class ZTSClient method createSSLContext.

private SSLContext createSSLContext() {
    // to create the SSL context we must have the keystore path
    // specified. If it's not specified, then we are not going
    // to create our ssl context
    String keyStorePath = System.getProperty(ZTS_CLIENT_PROP_KEYSTORE_PATH);
    if (isEmpty(keyStorePath)) {
        return null;
    }
    String keyStoreType = System.getProperty(ZTS_CLIENT_PROP_KEYSTORE_TYPE);
    String keyStorePwd = System.getProperty(ZTS_CLIENT_PROP_KEYSTORE_PASSWORD);
    char[] keyStorePassword = null;
    if (!isEmpty(keyStorePwd)) {
        keyStorePassword = keyStorePwd.toCharArray();
    }
    String keyStorePasswordAppName = System.getProperty(ZTS_CLIENT_PROP_KEYSTORE_PWD_APP_NAME);
    char[] keyManagerPassword = null;
    String keyManagerPwd = System.getProperty(ZTS_CLIENT_PROP_KEY_MANAGER_PASSWORD);
    if (!isEmpty(keyManagerPwd)) {
        keyManagerPassword = keyManagerPwd.toCharArray();
    }
    String keyManagerPasswordAppName = System.getProperty(ZTS_CLIENT_PROP_KEY_MANAGER_PWD_APP_NAME);
    // truststore
    String trustStorePath = System.getProperty(ZTS_CLIENT_PROP_TRUSTSTORE_PATH);
    String trustStoreType = System.getProperty(ZTS_CLIENT_PROP_TRUSTSTORE_TYPE);
    String trustStorePwd = System.getProperty(ZTS_CLIENT_PROP_TRUSTSTORE_PASSWORD);
    char[] trustStorePassword = null;
    if (!isEmpty(trustStorePwd)) {
        trustStorePassword = trustStorePwd.toCharArray();
    }
    String trustStorePasswordAppName = System.getProperty(ZTS_CLIENT_PROP_TRUSTSTORE_PWD_APP_NAME);
    // alias and protocol details
    String certAlias = System.getProperty(ZTS_CLIENT_PROP_CERT_ALIAS);
    String clientProtocol = System.getProperty(ZTS_CLIENT_PROP_CLIENT_PROTOCOL, ZTS_CLIENT_DEFAULT_CLIENT_SSL_PROTOCOL);
    ClientSSLContextBuilder builder = new SSLUtils.ClientSSLContextBuilder(clientProtocol).privateKeyStore(PRIVATE_KEY_STORE).keyStorePath(keyStorePath);
    if (!isEmpty(certAlias)) {
        builder.certAlias(certAlias);
    }
    if (!isEmpty(keyStoreType)) {
        builder.keyStoreType(keyStoreType);
    }
    if (null != keyStorePassword) {
        builder.keyStorePassword(keyStorePassword);
    }
    if (null != keyStorePasswordAppName) {
        builder.keyStorePasswordAppName(keyStorePasswordAppName);
    }
    if (null != keyManagerPassword) {
        builder.keyManagerPassword(keyManagerPassword);
    }
    if (null != keyManagerPasswordAppName) {
        builder.keyManagerPasswordAppName(keyManagerPasswordAppName);
    }
    if (!isEmpty(trustStorePath)) {
        builder.trustStorePath(trustStorePath);
    }
    if (!isEmpty(trustStoreType)) {
        builder.trustStoreType(trustStoreType);
    }
    if (null != trustStorePassword) {
        builder.trustStorePassword(trustStorePassword);
    }
    if (null != trustStorePasswordAppName) {
        builder.trustStorePasswordAppName(trustStorePasswordAppName);
    }
    return builder.build();
}
Also used : DERIA5String(org.bouncycastle.asn1.DERIA5String) ClientSSLContextBuilder(com.yahoo.athenz.common.utils.SSLUtils.ClientSSLContextBuilder)

Example 3 with ClientSSLContextBuilder

use of com.yahoo.athenz.common.utils.SSLUtils.ClientSSLContextBuilder in project athenz by yahoo.

the class SSLUtilsTest method testSSLUtilsClient.

@Test(dataProvider = "ClientSSLContext")
public void testSSLUtilsClient(boolean clientAuth, String sslProtocol, String trustPath, String keyStorePath, String expectedFailureMessage, String alias) throws Exception {
    JettyServer jettyServer = createHttpsJettyServer(clientAuth);
    jettyServer.server.start();
    ClientSSLContextBuilder builder = new SSLUtils.ClientSSLContextBuilder(sslProtocol).trustStorePath(trustPath).trustStorePassword(DEFAULT_CERT_PWD.toCharArray());
    if (null != keyStorePath) {
        builder.keyStorePath(keyStorePath).keyStorePassword(DEFAULT_CERT_PWD.toCharArray()).keyManagerPassword("test".toCharArray());
    }
    if (null != alias && !alias.isEmpty()) {
        builder.certAlias(alias);
    }
    SSLContext sslContext = builder.build();
    String httpsUrl = "https://localhost:" + jettyServer.port + "/";
    URL url = new URL(httpsUrl);
    HttpsURLConnection con = (HttpsURLConnection) url.openConnection();
    con.setDoOutput(true);
    con.setSSLSocketFactory(sslContext.getSocketFactory());
    try {
        handleInputStream(con);
        if (!expectedFailureMessage.isEmpty()) {
            Assert.fail("Expected failure");
        }
    } catch (Throwable t) {
        Assert.assertFalse(expectedFailureMessage.isEmpty());
    } finally {
        jettyServer.server.stop();
    }
}
Also used : SSLContext(javax.net.ssl.SSLContext) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) URL(java.net.URL) HttpsURLConnection(javax.net.ssl.HttpsURLConnection) ClientSSLContextBuilder(com.yahoo.athenz.common.utils.SSLUtils.ClientSSLContextBuilder) Test(org.testng.annotations.Test)

Example 4 with ClientSSLContextBuilder

use of com.yahoo.athenz.common.utils.SSLUtils.ClientSSLContextBuilder in project athenz by yahoo.

the class ZMSClient method createSSLContext.

SSLContext createSSLContext() {
    // to create the SSL context we must have the keystore path
    // specified. If it's not specified, then we are not going
    // to create our ssl context
    String keyStorePath = System.getProperty(ZMS_CLIENT_PROP_KEYSTORE_PATH);
    if (keyStorePath == null || keyStorePath.isEmpty()) {
        return null;
    }
    String keyStoreType = System.getProperty(ZMS_CLIENT_PROP_KEYSTORE_TYPE);
    String keyStorePwd = System.getProperty(ZMS_CLIENT_PROP_KEYSTORE_PASSWORD);
    char[] keyStorePassword = null;
    if (null != keyStorePwd && !keyStorePwd.isEmpty()) {
        keyStorePassword = keyStorePwd.toCharArray();
    }
    String keyStorePasswordAppName = System.getProperty(ZMS_CLIENT_PROP_KEYSTORE_PWD_APP_NAME);
    char[] keyManagerPassword = null;
    String keyManagerPwd = System.getProperty(ZMS_CLIENT_PROP_KEY_MANAGER_PASSWORD);
    if (null != keyManagerPwd && !keyManagerPwd.isEmpty()) {
        keyManagerPassword = keyManagerPwd.toCharArray();
    }
    String keyManagerPasswordAppName = System.getProperty(ZMS_CLIENT_PROP_KEY_MANAGER_PWD_APP_NAME);
    // truststore
    String trustStorePath = System.getProperty(ZMS_CLIENT_PROP_TRUSTSTORE_PATH);
    String trustStoreType = System.getProperty(ZMS_CLIENT_PROP_TRUSTSTORE_TYPE);
    String trustStorePwd = System.getProperty(ZMS_CLIENT_PROP_TRUSTSTORE_PASSWORD);
    char[] trustStorePassword = null;
    if (null != trustStorePwd && !trustStorePwd.isEmpty()) {
        trustStorePassword = trustStorePwd.toCharArray();
    }
    String trustStorePasswordAppName = System.getProperty(ZMS_CLIENT_PROP_TRUSTSTORE_PWD_APP_NAME);
    // alias and protocol details
    String certAlias = System.getProperty(ZMS_CLIENT_PROP_CERT_ALIAS);
    String clientProtocol = System.getProperty(ZMS_CLIENT_PROP_CLIENT_PROTOCOL, ZMS_CLIENT_DEFAULT_CLIENT_SSL_PROTOCOL);
    ClientSSLContextBuilder builder = new SSLUtils.ClientSSLContextBuilder(clientProtocol).privateKeyStore(PRIVATE_KEY_STORE).keyStorePath(keyStorePath);
    builder.certAlias(certAlias);
    if (null != keyStoreType && !keyStoreType.isEmpty()) {
        builder.keyStoreType(keyStoreType);
    }
    builder.keyStorePassword(keyStorePassword);
    builder.keyStorePasswordAppName(keyStorePasswordAppName);
    builder.keyManagerPassword(keyManagerPassword);
    builder.keyManagerPasswordAppName(keyManagerPasswordAppName);
    builder.trustStorePath(trustStorePath);
    if (null != trustStoreType && !trustStoreType.isEmpty()) {
        builder.trustStoreType(trustStoreType);
    }
    builder.trustStorePassword(trustStorePassword);
    builder.trustStorePasswordAppName(trustStorePasswordAppName);
    return builder.build();
}
Also used : ClientSSLContextBuilder(com.yahoo.athenz.common.utils.SSLUtils.ClientSSLContextBuilder)

Aggregations

ClientSSLContextBuilder (com.yahoo.athenz.common.utils.SSLUtils.ClientSSLContextBuilder)4 SSLContext (javax.net.ssl.SSLContext)2 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)2 Test (org.testng.annotations.Test)2 FilePrivateKeyStore (com.yahoo.athenz.auth.impl.FilePrivateKeyStore)1 URL (java.net.URL)1 HttpsURLConnection (javax.net.ssl.HttpsURLConnection)1 DERIA5String (org.bouncycastle.asn1.DERIA5String)1