use of io.apiman.gateway.platforms.servlet.connectors.HttpConnectorFactory in project apiman by apiman.
the class BasicMutualAuthTest method shouldSucceedWithValidMTLS.
/**
* Scenario:
* - no CA inherited trust
* - gateway trusts API certificate directly
* - API trusts gateway certificate directly
*/
@Test
public void shouldSucceedWithValidMTLS() {
config.put(TLSOptions.TLS_TRUSTSTORE, getResourcePath("2waytest/basic_mutual_auth/gateway_ts.jks"));
config.put(TLSOptions.TLS_TRUSTSTOREPASSWORD, "changeme");
config.put(TLSOptions.TLS_KEYSTORE, getResourcePath("2waytest/basic_mutual_auth/gateway_ks.jks"));
config.put(TLSOptions.TLS_KEYSTOREPASSWORD, "changeme");
config.put(TLSOptions.TLS_KEYPASSWORD, "changeme");
config.put(TLSOptions.TLS_ALLOWANYHOST, "true");
config.put(TLSOptions.TLS_ALLOWSELFSIGNED, "false");
HttpConnectorFactory factory = new HttpConnectorFactory(config);
IApiConnector connector = factory.createConnector(request, api, RequiredAuthType.MTLS, false, new ConnectorConfigImpl());
IApiConnection connection = connector.connect(request, (IAsyncResult<IApiConnectionResponse> result) -> {
if (result.isError())
throw new RuntimeException(result.getError());
Assert.assertTrue(result.isSuccess());
});
connection.end();
}
use of io.apiman.gateway.platforms.servlet.connectors.HttpConnectorFactory in project apiman by apiman.
the class BasicMutualAuthTest method shouldFailWithInValidKeyAlias.
/**
* Scenario:
* - Select invalid key alias (no such key).
* - Negotiation will fail
* @throws CertificateException the certificate exception
* @throws IOException the IO exception
*/
@Test
public void shouldFailWithInValidKeyAlias() throws CertificateException, IOException {
config.put(TLSOptions.TLS_TRUSTSTORE, getResourcePath("2waytest/basic_mutual_auth_2/gateway_ts.jks"));
config.put(TLSOptions.TLS_TRUSTSTOREPASSWORD, "changeme");
config.put(TLSOptions.TLS_KEYSTORE, getResourcePath("2waytest/basic_mutual_auth_2/gateway_ks.jks"));
config.put(TLSOptions.TLS_KEYSTOREPASSWORD, "changeme");
config.put(TLSOptions.TLS_KEYPASSWORD, "changeme");
config.put(TLSOptions.TLS_ALLOWANYHOST, "true");
config.put(TLSOptions.TLS_ALLOWSELFSIGNED, "false");
// No such key exists in the keystore
config.put(TLSOptions.TLS_KEYALIASES, "xxx");
HttpConnectorFactory factory = new HttpConnectorFactory(config);
IApiConnector connector = factory.createConnector(request, api, RequiredAuthType.MTLS, false, new ConnectorConfigImpl());
IApiConnection connection = connector.connect(request, (IAsyncResult<IApiConnectionResponse> result) -> {
Assert.assertTrue(result.isError());
});
connection.end();
}
use of io.apiman.gateway.platforms.servlet.connectors.HttpConnectorFactory in project apiman by apiman.
the class BasicMutualAuthTest method shouldFailWhenGatewayDoesNotTrustApi.
/**
* Scenario:
* - no CA inherited trust
* - gateway does <em>not</em> trust the API
* - API trusts gateway certificate
*/
@Test
public void shouldFailWhenGatewayDoesNotTrustApi() {
config.put(TLSOptions.TLS_TRUSTSTORE, getResourcePath("2waytest/basic_mutual_auth_2/gateway_ts.jks"));
config.put(TLSOptions.TLS_TRUSTSTOREPASSWORD, "changeme");
config.put(TLSOptions.TLS_KEYSTORE, getResourcePath("2waytest/basic_mutual_auth_2/gateway_ks.jks"));
config.put(TLSOptions.TLS_KEYSTOREPASSWORD, "changeme");
config.put(TLSOptions.TLS_KEYPASSWORD, "changeme");
config.put(TLSOptions.TLS_ALLOWANYHOST, "true");
config.put(TLSOptions.TLS_ALLOWSELFSIGNED, "false");
HttpConnectorFactory factory = new HttpConnectorFactory(config);
IApiConnector connector = factory.createConnector(request, api, RequiredAuthType.MTLS, false, new ConnectorConfigImpl());
IApiConnection connection = connector.connect(request, (IAsyncResult<IApiConnectionResponse> result) -> {
Assert.assertTrue(result.isError());
System.out.println(result.getError());
Assert.assertTrue(result.getError() instanceof ConnectorException);
// Would like to assert on SSL error, but is sun specific info
// TODO improve connector to handle this situation better
});
connection.end();
}
use of io.apiman.gateway.platforms.servlet.connectors.HttpConnectorFactory in project apiman by apiman.
the class BasicMutualAuthTest method shouldFailWithDevModeAndNoClientKeys.
/**
* Scenario:
* - Development mode TLS pass-through. Gateway accepts anything.
* - Server should still refuse on basis of requiring client auth.
*/
@Test
public void shouldFailWithDevModeAndNoClientKeys() {
config.put(TLSOptions.TLS_DEVMODE, "true");
HttpConnectorFactory factory = new HttpConnectorFactory(config);
IApiConnector connector = factory.createConnector(request, api, RequiredAuthType.DEFAULT, false, new ConnectorConfigImpl());
IApiConnection connection = connector.connect(request, (IAsyncResult<IApiConnectionResponse> result) -> {
Assert.assertTrue(result.isError());
System.out.println(result.getError());
});
connection.end();
}
use of io.apiman.gateway.platforms.servlet.connectors.HttpConnectorFactory in project apiman by apiman.
the class CipherAndProtocolSelectionTest method shouldNotUseDisallowedCipher.
/**
* Scenario:
* - Should not use a disallowed cipher in the exchange
* @throws Exception any exception
*/
@Test
public void shouldNotUseDisallowedCipher() throws Exception {
final String preferredCipher = getPrefferedCipher();
config.put(TLSOptions.TLS_TRUSTSTORE, getResourcePath("2waytest/mutual_trust_via_ca/common_ts.jks"));
config.put(TLSOptions.TLS_TRUSTSTOREPASSWORD, "changeme");
config.put(TLSOptions.TLS_ALLOWANYHOST, "true");
config.put(TLSOptions.TLS_ALLOWSELFSIGNED, "false");
config.put(TLSOptions.TLS_DISALLOWEDCIPHERS, preferredCipher);
server.start();
HttpConnectorFactory factory = new HttpConnectorFactory(config);
IApiConnector connector = factory.createConnector(request, api, RequiredAuthType.DEFAULT, false, new ConnectorConfigImpl());
IApiConnection connection = connector.connect(request, new IAsyncResultHandler<IApiConnectionResponse>() {
@Override
public void handle(IAsyncResult<IApiConnectionResponse> result) {
if (result.isError())
throw new RuntimeException(result.getError());
Assert.assertTrue(result.isSuccess());
Assert.assertFalse(jettyRequestAttributes.get("javax.servlet.request.cipher_suite").equals(""));
Assert.assertFalse(jettyRequestAttributes.get("javax.servlet.request.cipher_suite").equals(preferredCipher));
}
});
connection.end();
}
Aggregations