Search in sources :

Example 1 with HttpConnectorFactory

use of io.apiman.gateway.platforms.servlet.connectors.HttpConnectorFactory in project apiman by apiman.

the class BasicMutualAuthTest method shouldSucceedWithValidMTLS.

/**
 * Scenario:
 *   - no CA inherited trust
 *   - gateway trusts API certificate directly
 *   - API trusts gateway certificate directly
 */
@Test
public void shouldSucceedWithValidMTLS() {
    config.put(TLSOptions.TLS_TRUSTSTORE, getResourcePath("2waytest/basic_mutual_auth/gateway_ts.jks"));
    config.put(TLSOptions.TLS_TRUSTSTOREPASSWORD, "changeme");
    config.put(TLSOptions.TLS_KEYSTORE, getResourcePath("2waytest/basic_mutual_auth/gateway_ks.jks"));
    config.put(TLSOptions.TLS_KEYSTOREPASSWORD, "changeme");
    config.put(TLSOptions.TLS_KEYPASSWORD, "changeme");
    config.put(TLSOptions.TLS_ALLOWANYHOST, "true");
    config.put(TLSOptions.TLS_ALLOWSELFSIGNED, "false");
    HttpConnectorFactory factory = new HttpConnectorFactory(config);
    IApiConnector connector = factory.createConnector(request, api, RequiredAuthType.MTLS, false, new ConnectorConfigImpl());
    IApiConnection connection = connector.connect(request, (IAsyncResult<IApiConnectionResponse> result) -> {
        if (result.isError())
            throw new RuntimeException(result.getError());
        Assert.assertTrue(result.isSuccess());
    });
    connection.end();
}
Also used : IApiConnection(io.apiman.gateway.engine.IApiConnection) HttpConnectorFactory(io.apiman.gateway.platforms.servlet.connectors.HttpConnectorFactory) ConnectorConfigImpl(io.apiman.gateway.platforms.servlet.connectors.ConnectorConfigImpl) IAsyncResult(io.apiman.gateway.engine.async.IAsyncResult) IApiConnector(io.apiman.gateway.engine.IApiConnector) Test(org.junit.Test)

Example 2 with HttpConnectorFactory

use of io.apiman.gateway.platforms.servlet.connectors.HttpConnectorFactory in project apiman by apiman.

the class BasicMutualAuthTest method shouldFailWithInValidKeyAlias.

/**
 * Scenario:
 *   - Select invalid key alias (no such key).
 *   - Negotiation will fail
 * @throws CertificateException the certificate exception
 * @throws IOException the IO exception
 */
@Test
public void shouldFailWithInValidKeyAlias() throws CertificateException, IOException {
    config.put(TLSOptions.TLS_TRUSTSTORE, getResourcePath("2waytest/basic_mutual_auth_2/gateway_ts.jks"));
    config.put(TLSOptions.TLS_TRUSTSTOREPASSWORD, "changeme");
    config.put(TLSOptions.TLS_KEYSTORE, getResourcePath("2waytest/basic_mutual_auth_2/gateway_ks.jks"));
    config.put(TLSOptions.TLS_KEYSTOREPASSWORD, "changeme");
    config.put(TLSOptions.TLS_KEYPASSWORD, "changeme");
    config.put(TLSOptions.TLS_ALLOWANYHOST, "true");
    config.put(TLSOptions.TLS_ALLOWSELFSIGNED, "false");
    // No such key exists in the keystore
    config.put(TLSOptions.TLS_KEYALIASES, "xxx");
    HttpConnectorFactory factory = new HttpConnectorFactory(config);
    IApiConnector connector = factory.createConnector(request, api, RequiredAuthType.MTLS, false, new ConnectorConfigImpl());
    IApiConnection connection = connector.connect(request, (IAsyncResult<IApiConnectionResponse> result) -> {
        Assert.assertTrue(result.isError());
    });
    connection.end();
}
Also used : IApiConnection(io.apiman.gateway.engine.IApiConnection) HttpConnectorFactory(io.apiman.gateway.platforms.servlet.connectors.HttpConnectorFactory) ConnectorConfigImpl(io.apiman.gateway.platforms.servlet.connectors.ConnectorConfigImpl) IAsyncResult(io.apiman.gateway.engine.async.IAsyncResult) IApiConnector(io.apiman.gateway.engine.IApiConnector) Test(org.junit.Test)

Example 3 with HttpConnectorFactory

use of io.apiman.gateway.platforms.servlet.connectors.HttpConnectorFactory in project apiman by apiman.

the class BasicMutualAuthTest method shouldFailWhenGatewayDoesNotTrustApi.

/**
 * Scenario:
 *   - no CA inherited trust
 *   - gateway does <em>not</em> trust the API
 *   - API trusts gateway certificate
 */
@Test
public void shouldFailWhenGatewayDoesNotTrustApi() {
    config.put(TLSOptions.TLS_TRUSTSTORE, getResourcePath("2waytest/basic_mutual_auth_2/gateway_ts.jks"));
    config.put(TLSOptions.TLS_TRUSTSTOREPASSWORD, "changeme");
    config.put(TLSOptions.TLS_KEYSTORE, getResourcePath("2waytest/basic_mutual_auth_2/gateway_ks.jks"));
    config.put(TLSOptions.TLS_KEYSTOREPASSWORD, "changeme");
    config.put(TLSOptions.TLS_KEYPASSWORD, "changeme");
    config.put(TLSOptions.TLS_ALLOWANYHOST, "true");
    config.put(TLSOptions.TLS_ALLOWSELFSIGNED, "false");
    HttpConnectorFactory factory = new HttpConnectorFactory(config);
    IApiConnector connector = factory.createConnector(request, api, RequiredAuthType.MTLS, false, new ConnectorConfigImpl());
    IApiConnection connection = connector.connect(request, (IAsyncResult<IApiConnectionResponse> result) -> {
        Assert.assertTrue(result.isError());
        System.out.println(result.getError());
        Assert.assertTrue(result.getError() instanceof ConnectorException);
    // Would like to assert on SSL error, but is sun specific info
    // TODO improve connector to handle this situation better
    });
    connection.end();
}
Also used : IApiConnection(io.apiman.gateway.engine.IApiConnection) HttpConnectorFactory(io.apiman.gateway.platforms.servlet.connectors.HttpConnectorFactory) ConnectorException(io.apiman.gateway.engine.beans.exceptions.ConnectorException) ConnectorConfigImpl(io.apiman.gateway.platforms.servlet.connectors.ConnectorConfigImpl) IAsyncResult(io.apiman.gateway.engine.async.IAsyncResult) IApiConnector(io.apiman.gateway.engine.IApiConnector) Test(org.junit.Test)

Example 4 with HttpConnectorFactory

use of io.apiman.gateway.platforms.servlet.connectors.HttpConnectorFactory in project apiman by apiman.

the class BasicMutualAuthTest method shouldFailWithDevModeAndNoClientKeys.

/**
 * Scenario:
 *   - Development mode TLS pass-through. Gateway accepts anything.
 *   - Server should still refuse on basis of requiring client auth.
 */
@Test
public void shouldFailWithDevModeAndNoClientKeys() {
    config.put(TLSOptions.TLS_DEVMODE, "true");
    HttpConnectorFactory factory = new HttpConnectorFactory(config);
    IApiConnector connector = factory.createConnector(request, api, RequiredAuthType.DEFAULT, false, new ConnectorConfigImpl());
    IApiConnection connection = connector.connect(request, (IAsyncResult<IApiConnectionResponse> result) -> {
        Assert.assertTrue(result.isError());
        System.out.println(result.getError());
    });
    connection.end();
}
Also used : IApiConnection(io.apiman.gateway.engine.IApiConnection) HttpConnectorFactory(io.apiman.gateway.platforms.servlet.connectors.HttpConnectorFactory) ConnectorConfigImpl(io.apiman.gateway.platforms.servlet.connectors.ConnectorConfigImpl) IAsyncResult(io.apiman.gateway.engine.async.IAsyncResult) IApiConnector(io.apiman.gateway.engine.IApiConnector) Test(org.junit.Test)

Example 5 with HttpConnectorFactory

use of io.apiman.gateway.platforms.servlet.connectors.HttpConnectorFactory in project apiman by apiman.

the class CipherAndProtocolSelectionTest method shouldNotUseDisallowedCipher.

/**
 * Scenario:
 *   - Should not use a disallowed cipher in the exchange
 * @throws Exception any exception
 */
@Test
public void shouldNotUseDisallowedCipher() throws Exception {
    final String preferredCipher = getPrefferedCipher();
    config.put(TLSOptions.TLS_TRUSTSTORE, getResourcePath("2waytest/mutual_trust_via_ca/common_ts.jks"));
    config.put(TLSOptions.TLS_TRUSTSTOREPASSWORD, "changeme");
    config.put(TLSOptions.TLS_ALLOWANYHOST, "true");
    config.put(TLSOptions.TLS_ALLOWSELFSIGNED, "false");
    config.put(TLSOptions.TLS_DISALLOWEDCIPHERS, preferredCipher);
    server.start();
    HttpConnectorFactory factory = new HttpConnectorFactory(config);
    IApiConnector connector = factory.createConnector(request, api, RequiredAuthType.DEFAULT, false, new ConnectorConfigImpl());
    IApiConnection connection = connector.connect(request, new IAsyncResultHandler<IApiConnectionResponse>() {

        @Override
        public void handle(IAsyncResult<IApiConnectionResponse> result) {
            if (result.isError())
                throw new RuntimeException(result.getError());
            Assert.assertTrue(result.isSuccess());
            Assert.assertFalse(jettyRequestAttributes.get("javax.servlet.request.cipher_suite").equals(""));
            Assert.assertFalse(jettyRequestAttributes.get("javax.servlet.request.cipher_suite").equals(preferredCipher));
        }
    });
    connection.end();
}
Also used : IApiConnection(io.apiman.gateway.engine.IApiConnection) HttpConnectorFactory(io.apiman.gateway.platforms.servlet.connectors.HttpConnectorFactory) ConnectorConfigImpl(io.apiman.gateway.platforms.servlet.connectors.ConnectorConfigImpl) IApiConnectionResponse(io.apiman.gateway.engine.IApiConnectionResponse) IApiConnector(io.apiman.gateway.engine.IApiConnector) Test(org.junit.Test)

Aggregations

IApiConnection (io.apiman.gateway.engine.IApiConnection)26 IApiConnector (io.apiman.gateway.engine.IApiConnector)26 ConnectorConfigImpl (io.apiman.gateway.platforms.servlet.connectors.ConnectorConfigImpl)26 HttpConnectorFactory (io.apiman.gateway.platforms.servlet.connectors.HttpConnectorFactory)26 Test (org.junit.Test)25 IApiConnectionResponse (io.apiman.gateway.engine.IApiConnectionResponse)18 IAsyncResult (io.apiman.gateway.engine.async.IAsyncResult)8 ConnectorException (io.apiman.gateway.engine.beans.exceptions.ConnectorException)6 FileInputStream (java.io.FileInputStream)2 InputStream (java.io.InputStream)2 X509Certificate (java.security.cert.X509Certificate)2 CountDownLatch (java.util.concurrent.CountDownLatch)1