Search in sources :

Example 21 with IApiConnector

use of io.apiman.gateway.engine.IApiConnector in project apiman by apiman.

the class CAMutualAuthTest method shouldFailWhenCANotTrusted.

/**
 * Scenario:
 *   - CA is only in API trust store, missing from gateway trust store
 *   - Gateway does not trust API, as it does not trust CA
 *   - API trusts gateway via CA
 */
@Test
public void shouldFailWhenCANotTrusted() {
    // Keystore does not trust the root CA API is signed with.
    config.put(TLSOptions.TLS_TRUSTSTORE, getResourcePath("2waytest/basic_mutual_auth/gateway_ts.jks"));
    config.put(TLSOptions.TLS_TRUSTSTOREPASSWORD, "changeme");
    config.put(TLSOptions.TLS_KEYSTORE, getResourcePath("2waytest/mutual_trust_via_ca/gateway_ks.jks"));
    config.put(TLSOptions.TLS_KEYSTOREPASSWORD, "changeme");
    config.put(TLSOptions.TLS_KEYPASSWORD, "changeme");
    config.put(TLSOptions.TLS_ALLOWANYHOST, "true");
    config.put(TLSOptions.TLS_ALLOWSELFSIGNED, "false");
    HttpConnectorFactory factory = new HttpConnectorFactory(config);
    IApiConnector connector = factory.createConnector(request, api, RequiredAuthType.MTLS, false, new ConnectorConfigImpl());
    IApiConnection connection = connector.connect(request, new IAsyncResultHandler<IApiConnectionResponse>() {

        @Override
        public void handle(IAsyncResult<IApiConnectionResponse> result) {
            Assert.assertTrue(result.isError());
            System.out.println(result.getError());
            Assert.assertTrue(result.getError() instanceof ConnectorException);
        }
    });
    connection.end();
}
Also used : IApiConnection(io.apiman.gateway.engine.IApiConnection) HttpConnectorFactory(io.apiman.gateway.platforms.servlet.connectors.HttpConnectorFactory) ConnectorException(io.apiman.gateway.engine.beans.exceptions.ConnectorException) ConnectorConfigImpl(io.apiman.gateway.platforms.servlet.connectors.ConnectorConfigImpl) IApiConnectionResponse(io.apiman.gateway.engine.IApiConnectionResponse) IApiConnector(io.apiman.gateway.engine.IApiConnector) Test(org.junit.Test)

Example 22 with IApiConnector

use of io.apiman.gateway.engine.IApiConnector in project apiman by apiman.

the class CipherAndProtocolSelectionTest method shouldFailWhenNoValidCipherAllowed.

/**
 * Scenario:
 *   - Only allowed protocol is one that is disallowed by remote end
 * @throws Exception any exception
 */
@Test
public void shouldFailWhenNoValidCipherAllowed() throws Exception {
    String preferredCipher = getPrefferedCipher();
    config.put(TLSOptions.TLS_TRUSTSTORE, getResourcePath("2waytest/mutual_trust_via_ca/common_ts.jks"));
    config.put(TLSOptions.TLS_TRUSTSTOREPASSWORD, "changeme");
    config.put(TLSOptions.TLS_ALLOWANYHOST, "true");
    config.put(TLSOptions.TLS_ALLOWSELFSIGNED, "false");
    config.put(TLSOptions.TLS_ALLOWEDCIPHERS, preferredCipher);
    jettySslContextFactory.setExcludeCipherSuites(preferredCipher);
    server.start();
    HttpConnectorFactory factory = new HttpConnectorFactory(config);
    IApiConnector connector = factory.createConnector(request, api, RequiredAuthType.DEFAULT, false, new ConnectorConfigImpl());
    IApiConnection connection = connector.connect(request, new IAsyncResultHandler<IApiConnectionResponse>() {

        @Override
        public void handle(IAsyncResult<IApiConnectionResponse> result) {
            Assert.assertTrue(result.isError());
            System.out.println(result.getError());
            // result.getError().printStackTrace();
            Assert.assertTrue(result.getError().getCause() instanceof javax.net.ssl.SSLHandshakeException);
        }
    });
    connection.end();
}
Also used : IApiConnection(io.apiman.gateway.engine.IApiConnection) HttpConnectorFactory(io.apiman.gateway.platforms.servlet.connectors.HttpConnectorFactory) ConnectorConfigImpl(io.apiman.gateway.platforms.servlet.connectors.ConnectorConfigImpl) IApiConnectionResponse(io.apiman.gateway.engine.IApiConnectionResponse) IApiConnector(io.apiman.gateway.engine.IApiConnector) Test(org.junit.Test)

Example 23 with IApiConnector

use of io.apiman.gateway.engine.IApiConnector in project apiman by apiman.

the class CipherAndProtocolSelectionTest method getPrefferedCipher.

private String getPrefferedCipher() throws Exception {
    config.put(TLSOptions.TLS_TRUSTSTORE, getResourcePath("2waytest/mutual_trust_via_ca/common_ts.jks"));
    config.put(TLSOptions.TLS_TRUSTSTOREPASSWORD, "changeme");
    config.put(TLSOptions.TLS_KEYSTOREPASSWORD, "changeme");
    config.put(TLSOptions.TLS_ALLOWANYHOST, "true");
    config.put(TLSOptions.TLS_ALLOWSELFSIGNED, "false");
    server.start();
    final StringBuilder sbuff = new StringBuilder();
    final CountDownLatch latch = new CountDownLatch(1);
    HttpConnectorFactory factory = new HttpConnectorFactory(config);
    IApiConnector connector = factory.createConnector(request, api, RequiredAuthType.DEFAULT, false, new ConnectorConfigImpl());
    IApiConnection connection = connector.connect(request, new IAsyncResultHandler<IApiConnectionResponse>() {

        @Override
        public void handle(IAsyncResult<IApiConnectionResponse> result) {
            if (result.isError())
                throw new RuntimeException(result.getError());
            sbuff.append(jettyRequestAttributes.get("javax.servlet.request.cipher_suite"));
            latch.countDown();
        }
    });
    connection.end();
    server.stop();
    latch.await();
    return sbuff.toString();
}
Also used : IApiConnection(io.apiman.gateway.engine.IApiConnection) HttpConnectorFactory(io.apiman.gateway.platforms.servlet.connectors.HttpConnectorFactory) CountDownLatch(java.util.concurrent.CountDownLatch) ConnectorConfigImpl(io.apiman.gateway.platforms.servlet.connectors.ConnectorConfigImpl) IApiConnectionResponse(io.apiman.gateway.engine.IApiConnectionResponse) IApiConnector(io.apiman.gateway.engine.IApiConnector)

Example 24 with IApiConnector

use of io.apiman.gateway.engine.IApiConnector in project apiman by apiman.

the class CipherAndProtocolSelectionTest method shouldFailWhenRemoteProtocolsAreExcluded.

/**
 * Scenario:
 *   - Only allowed protocol is one that is disallowed by remote end
 * @throws Exception any exception
 */
@Test
public void shouldFailWhenRemoteProtocolsAreExcluded() throws Exception {
    config.put(TLSOptions.TLS_TRUSTSTORE, getResourcePath("2waytest/mutual_trust_via_ca/common_ts.jks"));
    config.put(TLSOptions.TLS_TRUSTSTOREPASSWORD, "changeme");
    config.put(TLSOptions.TLS_ALLOWANYHOST, "true");
    config.put(TLSOptions.TLS_ALLOWSELFSIGNED, "false");
    config.put(TLSOptions.TLS_DISALLOWEDPROTOCOLS, "SSLv3");
    jettySslContextFactory.setIncludeProtocols("SSLv3");
    jettySslContextFactory.setExcludeProtocols("SSLv1", "SSLv2", "TLSv1", "TLSv2");
    server.start();
    HttpConnectorFactory factory = new HttpConnectorFactory(config);
    IApiConnector connector = factory.createConnector(request, api, RequiredAuthType.DEFAULT, false, new ConnectorConfigImpl());
    IApiConnection connection = connector.connect(request, new IAsyncResultHandler<IApiConnectionResponse>() {

        @Override
        public void handle(IAsyncResult<IApiConnectionResponse> result) {
            Assert.assertTrue(result.isError());
            System.out.println(result.getError());
            Assert.assertTrue(result.getError() instanceof ConnectorException);
        }
    });
    connection.end();
}
Also used : IApiConnection(io.apiman.gateway.engine.IApiConnection) HttpConnectorFactory(io.apiman.gateway.platforms.servlet.connectors.HttpConnectorFactory) ConnectorException(io.apiman.gateway.engine.beans.exceptions.ConnectorException) ConnectorConfigImpl(io.apiman.gateway.platforms.servlet.connectors.ConnectorConfigImpl) IApiConnectionResponse(io.apiman.gateway.engine.IApiConnectionResponse) IApiConnector(io.apiman.gateway.engine.IApiConnector) Test(org.junit.Test)

Example 25 with IApiConnector

use of io.apiman.gateway.engine.IApiConnector in project apiman by apiman.

the class CipherAndProtocolSelectionTest method shouldFailWhenAllAvailableProtocolsExcluded.

/**
 * Scenario:
 *   - Only allowed protocol is one that is disallowed by remote end
 * @throws Exception any exception
 */
@Test
public void shouldFailWhenAllAvailableProtocolsExcluded() throws Exception {
    config.put(TLSOptions.TLS_TRUSTSTORE, getResourcePath("2waytest/mutual_trust_via_ca/common_ts.jks"));
    config.put(TLSOptions.TLS_TRUSTSTOREPASSWORD, "changeme");
    config.put(TLSOptions.TLS_ALLOWANYHOST, "true");
    config.put(TLSOptions.TLS_ALLOWSELFSIGNED, "false");
    config.put(TLSOptions.TLS_ALLOWEDPROTOCOLS, "SSLv3");
    jettySslContextFactory.setExcludeProtocols("SSLv3");
    server.start();
    HttpConnectorFactory factory = new HttpConnectorFactory(config);
    IApiConnector connector = factory.createConnector(request, api, RequiredAuthType.DEFAULT, false, new ConnectorConfigImpl());
    IApiConnection connection = connector.connect(request, new IAsyncResultHandler<IApiConnectionResponse>() {

        @Override
        public void handle(IAsyncResult<IApiConnectionResponse> result) {
            Assert.assertTrue(result.isError());
            System.out.println(result.getError());
            Assert.assertTrue(result.getError().getCause() instanceof java.net.UnknownServiceException);
        }
    });
    connection.end();
}
Also used : IApiConnection(io.apiman.gateway.engine.IApiConnection) HttpConnectorFactory(io.apiman.gateway.platforms.servlet.connectors.HttpConnectorFactory) ConnectorConfigImpl(io.apiman.gateway.platforms.servlet.connectors.ConnectorConfigImpl) IApiConnectionResponse(io.apiman.gateway.engine.IApiConnectionResponse) IApiConnector(io.apiman.gateway.engine.IApiConnector) Test(org.junit.Test)

Aggregations

IApiConnector (io.apiman.gateway.engine.IApiConnector)29 IApiConnection (io.apiman.gateway.engine.IApiConnection)26 ConnectorConfigImpl (io.apiman.gateway.platforms.servlet.connectors.ConnectorConfigImpl)26 HttpConnectorFactory (io.apiman.gateway.platforms.servlet.connectors.HttpConnectorFactory)26 Test (org.junit.Test)26 IApiConnectionResponse (io.apiman.gateway.engine.IApiConnectionResponse)19 IAsyncResult (io.apiman.gateway.engine.async.IAsyncResult)9 ConnectorException (io.apiman.gateway.engine.beans.exceptions.ConnectorException)6 IConnectorConfig (io.apiman.gateway.engine.IConnectorConfig)2 IEngineResult (io.apiman.gateway.engine.IEngineResult)2 IAsyncResultHandler (io.apiman.gateway.engine.async.IAsyncResultHandler)2 ApiRequest (io.apiman.gateway.engine.beans.ApiRequest)2 IApimanBuffer (io.apiman.gateway.engine.io.IApimanBuffer)2 ISignalWriteStream (io.apiman.gateway.engine.io.ISignalWriteStream)2 IConnectorInterceptor (io.apiman.gateway.engine.policy.IConnectorInterceptor)2 FileInputStream (java.io.FileInputStream)2 InputStream (java.io.InputStream)2 X509Certificate (java.security.cert.X509Certificate)2 IApiRequestExecutor (io.apiman.gateway.engine.IApiRequestExecutor)1 IConnectorFactory (io.apiman.gateway.engine.IConnectorFactory)1