Examples with CertificateValidationContext io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext used on opensource projects

Search in sources :

Example 6 with CertificateValidationContext

use of io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext in project grpc-java by grpc.

the class SdsX509TrustManagerTest method oneIpAddressInPeerCertsMismatch.

@Test
public void oneIpAddressInPeerCertsMismatch() throws CertificateException, IOException {
    StringMatcher stringMatcher = StringMatcher.newBuilder().setExact("x.foo.com").build();
    StringMatcher stringMatcher1 = StringMatcher.newBuilder().setExact("192.168.2.3").build();
    CertificateValidationContext certContext = CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).addMatchSubjectAltNames(stringMatcher1).build();
    trustManager = new SdsX509TrustManager(certContext, mockDelegate);
    X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE));
    try {
        trustManager.verifySubjectAltNameInChain(certs);
        fail("no exception thrown");
    } catch (CertificateException expected) {
        assertThat(expected).hasMessageThat().isEqualTo("Peer certificate SAN check failed");
    }
}
Also used : StringMatcher(io.envoyproxy.envoy.type.matcher.v3.StringMatcher) CertificateException(java.security.cert.CertificateException) X509Certificate(java.security.cert.X509Certificate) CertificateValidationContext(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext) Test(org.junit.Test)

Example 7 with CertificateValidationContext

use of io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext in project grpc-java by grpc.

the class SdsX509TrustManagerTest method oneSanInPeerCertsSubstring_differentCase_expectException.

@Test
public void oneSanInPeerCertsSubstring_differentCase_expectException() throws CertificateException, IOException {
    StringMatcher stringMatcher = StringMatcher.newBuilder().setContains("zooi.Test.gooGle").setIgnoreCase(false).build();
    CertificateValidationContext certContext = CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build();
    trustManager = new SdsX509TrustManager(certContext, mockDelegate);
    X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE));
    try {
        trustManager.verifySubjectAltNameInChain(certs);
        fail("no exception thrown");
    } catch (CertificateException expected) {
        assertThat(expected).hasMessageThat().isEqualTo("Peer certificate SAN check failed");
    }
}
Also used : StringMatcher(io.envoyproxy.envoy.type.matcher.v3.StringMatcher) CertificateException(java.security.cert.CertificateException) X509Certificate(java.security.cert.X509Certificate) CertificateValidationContext(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext) Test(org.junit.Test)

Example 8 with CertificateValidationContext

use of io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext in project grpc-java by grpc.

the class SdsX509TrustManagerTest method oneSanInPeerCerts_safeRegex_ipAddress.

@Test
public void oneSanInPeerCerts_safeRegex_ipAddress() throws CertificateException, IOException {
    StringMatcher stringMatcher = StringMatcher.newBuilder().setSafeRegex(RegexMatcher.newBuilder().setRegex("([[:digit:]]{1,3}\\.){3}[[:digit:]]{1,3}")).build();
    CertificateValidationContext certContext = CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build();
    trustManager = new SdsX509TrustManager(certContext, mockDelegate);
    X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE));
    trustManager.verifySubjectAltNameInChain(certs);
}
Also used : StringMatcher(io.envoyproxy.envoy.type.matcher.v3.StringMatcher) X509Certificate(java.security.cert.X509Certificate) CertificateValidationContext(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext) Test(org.junit.Test)

Example 9 with CertificateValidationContext

use of io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext in project grpc-java by grpc.

the class SdsX509TrustManagerTest method unsupportedAltNameType.

@Test
public void unsupportedAltNameType() throws CertificateException, IOException {
    StringMatcher stringMatcher = StringMatcher.newBuilder().setExact("waterzooi.test.google.be").setIgnoreCase(false).build();
    CertificateValidationContext certContext = CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build();
    trustManager = new SdsX509TrustManager(certContext, mockDelegate);
    X509Certificate mockCert = mock(X509Certificate.class);
    when(mockCert.getSubjectAlternativeNames()).thenReturn(Collections.<List<?>>singleton(ImmutableList.of(Integer.valueOf(1), "foo")));
    X509Certificate[] certs = new X509Certificate[] { mockCert };
    try {
        trustManager.verifySubjectAltNameInChain(certs);
        fail("no exception thrown");
    } catch (CertificateException expected) {
        assertThat(expected).hasMessageThat().isEqualTo("Peer certificate SAN check failed");
    }
}
Also used : StringMatcher(io.envoyproxy.envoy.type.matcher.v3.StringMatcher) CertificateException(java.security.cert.CertificateException) X509Certificate(java.security.cert.X509Certificate) CertificateValidationContext(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext) Test(org.junit.Test)

Example 10 with CertificateValidationContext

use of io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext in project grpc-java by grpc.

the class CommonTlsContextTestsUtil method buildCommonTlsContextWithAdditionalValues.

/**
 * takes additional values and creates CombinedCertificateValidationContext as needed.
 */
@SuppressWarnings("deprecation")
static CommonTlsContext buildCommonTlsContextWithAdditionalValues(String certInstanceName, String certName, String validationContextCertInstanceName, String validationContextCertName, Iterable<StringMatcher> matchSubjectAltNames, Iterable<String> alpnNames) {
    CommonTlsContext.Builder builder = CommonTlsContext.newBuilder();
    CertificateProviderInstance certificateProviderInstance = CertificateProviderInstance.newBuilder().setInstanceName(certInstanceName).setCertificateName(certName).build();
    if (certificateProviderInstance != null) {
        builder.setTlsCertificateCertificateProviderInstance(certificateProviderInstance);
    }
    CertificateProviderInstance validationCertificateProviderInstance = CertificateProviderInstance.newBuilder().setInstanceName(validationContextCertInstanceName).setCertificateName(validationContextCertName).build();
    CertificateValidationContext certValidationContext = matchSubjectAltNames == null ? null : CertificateValidationContext.newBuilder().addAllMatchSubjectAltNames(matchSubjectAltNames).build();
    if (validationCertificateProviderInstance != null) {
        CombinedCertificateValidationContext.Builder combinedBuilder = CombinedCertificateValidationContext.newBuilder().setValidationContextCertificateProviderInstance(validationCertificateProviderInstance);
        if (certValidationContext != null) {
            combinedBuilder = combinedBuilder.setDefaultValidationContext(certValidationContext);
        }
        builder.setCombinedValidationContext(combinedBuilder);
    } else if (validationCertificateProviderInstance != null) {
        builder.setValidationContextCertificateProviderInstance(validationCertificateProviderInstance);
    } else if (certValidationContext != null) {
        builder.setValidationContext(certValidationContext);
    }
    if (alpnNames != null) {
        builder.addAllAlpnProtocols(alpnNames);
    }
    return builder.build();
}
Also used : CertificateProviderInstance(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext.CertificateProviderInstance) CommonTlsContext(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext) CombinedCertificateValidationContext(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext.CombinedCertificateValidationContext) CertificateValidationContext(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext) CombinedCertificateValidationContext(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext.CombinedCertificateValidationContext)

Aggregations

CertificateValidationContext (io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext)45 Test (org.junit.Test)40 X509Certificate (java.security.cert.X509Certificate)30 StringMatcher (io.envoyproxy.envoy.type.matcher.v3.StringMatcher)27 CertificateException (java.security.cert.CertificateException)15 Bootstrapper (io.grpc.xds.Bootstrapper)5 CommonTlsContext (io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext)3 CombinedCertificateValidationContext (io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext.CombinedCertificateValidationContext)3 UpstreamTlsContext (io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext)3 CertProviderClientSslContextProvider (io.grpc.xds.internal.certprovider.CertProviderClientSslContextProvider)3 TestCallback (io.grpc.xds.internal.sds.CommonTlsContextTestsUtil.TestCallback)3 CertificateProviderInstance (io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext.CertificateProviderInstance)2 DownstreamTlsContext (io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext)2 CertProviderServerSslContextProvider (io.grpc.xds.internal.certprovider.CertProviderServerSslContextProvider)2 VisibleForTesting (com.google.common.annotations.VisibleForTesting)1 CertificateProviderPluginInstance (io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateProviderPluginInstance)1 TlsCertificate (io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.TlsCertificate)1 ApplicationProtocolConfig (io.netty.handler.ssl.ApplicationProtocolConfig)1 SslContext (io.netty.handler.ssl.SslContext)1 SslContextBuilder (io.netty.handler.ssl.SslContextBuilder)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial