use of io.apiman.gateway.engine.IApiConnector in project apiman by apiman.
the class CAMutualAuthTest method shouldFailWhenCANotTrusted.
/**
* Scenario:
* - CA is only in API trust store, missing from gateway trust store
* - Gateway does not trust API, as it does not trust CA
* - API trusts gateway via CA
*/
@Test
public void shouldFailWhenCANotTrusted() {
// Keystore does not trust the root CA API is signed with.
config.put(TLSOptions.TLS_TRUSTSTORE, getResourcePath("2waytest/basic_mutual_auth/gateway_ts.jks"));
config.put(TLSOptions.TLS_TRUSTSTOREPASSWORD, "changeme");
config.put(TLSOptions.TLS_KEYSTORE, getResourcePath("2waytest/mutual_trust_via_ca/gateway_ks.jks"));
config.put(TLSOptions.TLS_KEYSTOREPASSWORD, "changeme");
config.put(TLSOptions.TLS_KEYPASSWORD, "changeme");
config.put(TLSOptions.TLS_ALLOWANYHOST, "true");
config.put(TLSOptions.TLS_ALLOWSELFSIGNED, "false");
HttpConnectorFactory factory = new HttpConnectorFactory(config);
IApiConnector connector = factory.createConnector(request, api, RequiredAuthType.MTLS, false, new ConnectorConfigImpl());
IApiConnection connection = connector.connect(request, new IAsyncResultHandler<IApiConnectionResponse>() {
@Override
public void handle(IAsyncResult<IApiConnectionResponse> result) {
Assert.assertTrue(result.isError());
System.out.println(result.getError());
Assert.assertTrue(result.getError() instanceof ConnectorException);
}
});
connection.end();
}
use of io.apiman.gateway.engine.IApiConnector in project apiman by apiman.
the class CipherAndProtocolSelectionTest method shouldFailWhenNoValidCipherAllowed.
/**
* Scenario:
* - Only allowed protocol is one that is disallowed by remote end
* @throws Exception any exception
*/
@Test
public void shouldFailWhenNoValidCipherAllowed() throws Exception {
String preferredCipher = getPrefferedCipher();
config.put(TLSOptions.TLS_TRUSTSTORE, getResourcePath("2waytest/mutual_trust_via_ca/common_ts.jks"));
config.put(TLSOptions.TLS_TRUSTSTOREPASSWORD, "changeme");
config.put(TLSOptions.TLS_ALLOWANYHOST, "true");
config.put(TLSOptions.TLS_ALLOWSELFSIGNED, "false");
config.put(TLSOptions.TLS_ALLOWEDCIPHERS, preferredCipher);
jettySslContextFactory.setExcludeCipherSuites(preferredCipher);
server.start();
HttpConnectorFactory factory = new HttpConnectorFactory(config);
IApiConnector connector = factory.createConnector(request, api, RequiredAuthType.DEFAULT, false, new ConnectorConfigImpl());
IApiConnection connection = connector.connect(request, new IAsyncResultHandler<IApiConnectionResponse>() {
@Override
public void handle(IAsyncResult<IApiConnectionResponse> result) {
Assert.assertTrue(result.isError());
System.out.println(result.getError());
// result.getError().printStackTrace();
Assert.assertTrue(result.getError().getCause() instanceof javax.net.ssl.SSLHandshakeException);
}
});
connection.end();
}
use of io.apiman.gateway.engine.IApiConnector in project apiman by apiman.
the class CipherAndProtocolSelectionTest method getPrefferedCipher.
private String getPrefferedCipher() throws Exception {
config.put(TLSOptions.TLS_TRUSTSTORE, getResourcePath("2waytest/mutual_trust_via_ca/common_ts.jks"));
config.put(TLSOptions.TLS_TRUSTSTOREPASSWORD, "changeme");
config.put(TLSOptions.TLS_KEYSTOREPASSWORD, "changeme");
config.put(TLSOptions.TLS_ALLOWANYHOST, "true");
config.put(TLSOptions.TLS_ALLOWSELFSIGNED, "false");
server.start();
final StringBuilder sbuff = new StringBuilder();
final CountDownLatch latch = new CountDownLatch(1);
HttpConnectorFactory factory = new HttpConnectorFactory(config);
IApiConnector connector = factory.createConnector(request, api, RequiredAuthType.DEFAULT, false, new ConnectorConfigImpl());
IApiConnection connection = connector.connect(request, new IAsyncResultHandler<IApiConnectionResponse>() {
@Override
public void handle(IAsyncResult<IApiConnectionResponse> result) {
if (result.isError())
throw new RuntimeException(result.getError());
sbuff.append(jettyRequestAttributes.get("javax.servlet.request.cipher_suite"));
latch.countDown();
}
});
connection.end();
server.stop();
latch.await();
return sbuff.toString();
}
use of io.apiman.gateway.engine.IApiConnector in project apiman by apiman.
the class CipherAndProtocolSelectionTest method shouldFailWhenRemoteProtocolsAreExcluded.
/**
* Scenario:
* - Only allowed protocol is one that is disallowed by remote end
* @throws Exception any exception
*/
@Test
public void shouldFailWhenRemoteProtocolsAreExcluded() throws Exception {
config.put(TLSOptions.TLS_TRUSTSTORE, getResourcePath("2waytest/mutual_trust_via_ca/common_ts.jks"));
config.put(TLSOptions.TLS_TRUSTSTOREPASSWORD, "changeme");
config.put(TLSOptions.TLS_ALLOWANYHOST, "true");
config.put(TLSOptions.TLS_ALLOWSELFSIGNED, "false");
config.put(TLSOptions.TLS_DISALLOWEDPROTOCOLS, "SSLv3");
jettySslContextFactory.setIncludeProtocols("SSLv3");
jettySslContextFactory.setExcludeProtocols("SSLv1", "SSLv2", "TLSv1", "TLSv2");
server.start();
HttpConnectorFactory factory = new HttpConnectorFactory(config);
IApiConnector connector = factory.createConnector(request, api, RequiredAuthType.DEFAULT, false, new ConnectorConfigImpl());
IApiConnection connection = connector.connect(request, new IAsyncResultHandler<IApiConnectionResponse>() {
@Override
public void handle(IAsyncResult<IApiConnectionResponse> result) {
Assert.assertTrue(result.isError());
System.out.println(result.getError());
Assert.assertTrue(result.getError() instanceof ConnectorException);
}
});
connection.end();
}
use of io.apiman.gateway.engine.IApiConnector in project apiman by apiman.
the class CipherAndProtocolSelectionTest method shouldFailWhenAllAvailableProtocolsExcluded.
/**
* Scenario:
* - Only allowed protocol is one that is disallowed by remote end
* @throws Exception any exception
*/
@Test
public void shouldFailWhenAllAvailableProtocolsExcluded() throws Exception {
config.put(TLSOptions.TLS_TRUSTSTORE, getResourcePath("2waytest/mutual_trust_via_ca/common_ts.jks"));
config.put(TLSOptions.TLS_TRUSTSTOREPASSWORD, "changeme");
config.put(TLSOptions.TLS_ALLOWANYHOST, "true");
config.put(TLSOptions.TLS_ALLOWSELFSIGNED, "false");
config.put(TLSOptions.TLS_ALLOWEDPROTOCOLS, "SSLv3");
jettySslContextFactory.setExcludeProtocols("SSLv3");
server.start();
HttpConnectorFactory factory = new HttpConnectorFactory(config);
IApiConnector connector = factory.createConnector(request, api, RequiredAuthType.DEFAULT, false, new ConnectorConfigImpl());
IApiConnection connection = connector.connect(request, new IAsyncResultHandler<IApiConnectionResponse>() {
@Override
public void handle(IAsyncResult<IApiConnectionResponse> result) {
Assert.assertTrue(result.isError());
System.out.println(result.getError());
Assert.assertTrue(result.getError().getCause() instanceof java.net.UnknownServiceException);
}
});
connection.end();
}
Aggregations