Examples with CertificateValidationContext io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext used on opensource projects

Search in sources :

Example 11 with CertificateValidationContext

use of io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext in project grpc-java by grpc.

the class SdsTrustManagerFactoryTest method constructorRootCert_checkClientTrusted_throwsException.

@Test
public void constructorRootCert_checkClientTrusted_throwsException() throws CertificateException, IOException, CertStoreException {
    X509Certificate x509Cert = TestUtils.loadX509Cert(CA_PEM_FILE);
    CertificateValidationContext staticValidationContext = buildStaticValidationContext("san1", "san2");
    SdsTrustManagerFactory factory = new SdsTrustManagerFactory(new X509Certificate[] { x509Cert }, staticValidationContext);
    SdsX509TrustManager sdsX509TrustManager = (SdsX509TrustManager) factory.getTrustManagers()[0];
    X509Certificate[] clientChain = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE));
    try {
        sdsX509TrustManager.checkClientTrusted(clientChain, "RSA");
        Assert.fail("no exception thrown");
    } catch (CertificateException expected) {
        assertThat(expected).hasMessageThat().contains("Peer certificate SAN check failed");
    }
}
Also used : CertificateException(java.security.cert.CertificateException) X509Certificate(java.security.cert.X509Certificate) CertificateValidationContext(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext) Test(org.junit.Test)

Example 12 with CertificateValidationContext

use of io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext in project grpc-java by grpc.

the class ServerSslContextProviderFactoryTest method createNewCertProviderServerSslContextProvider_withSans.

@Test
public void createNewCertProviderServerSslContextProvider_withSans() throws XdsInitializationException {
    final CertificateProvider.DistributorWatcher[] watcherCaptor = new CertificateProvider.DistributorWatcher[2];
    createAndRegisterProviderProvider(certificateProviderRegistry, watcherCaptor, "testca", 0);
    createAndRegisterProviderProvider(certificateProviderRegistry, watcherCaptor, "file_watcher", 1);
    CertificateValidationContext staticCertValidationContext = CertificateValidationContext.newBuilder().addAllMatchSubjectAltNames(ImmutableSet.of(StringMatcher.newBuilder().setExact("foo").build(), StringMatcher.newBuilder().setExact("bar").build())).build();
    DownstreamTlsContext downstreamTlsContext = CommonTlsContextTestsUtil.buildNewDownstreamTlsContextForCertProviderInstance("gcp_id", "cert-default", "file_provider", "root-default", /* alpnProtocols= */
    null, staticCertValidationContext, /* requireClientCert= */
    true);
    Bootstrapper.BootstrapInfo bootstrapInfo = CommonBootstrapperTestUtils.getTestBootstrapInfo();
    serverSslContextProviderFactory = new ServerSslContextProviderFactory(bootstrapInfo, certProviderServerSslContextProviderFactory);
    SslContextProvider sslContextProvider = serverSslContextProviderFactory.create(downstreamTlsContext);
    assertThat(sslContextProvider).isInstanceOf(CertProviderServerSslContextProvider.class);
    verifyWatcher(sslContextProvider, watcherCaptor[0]);
    verifyWatcher(sslContextProvider, watcherCaptor[1]);
}
Also used : Bootstrapper(io.grpc.xds.Bootstrapper) DownstreamTlsContext(io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext) CertProviderServerSslContextProvider(io.grpc.xds.internal.certprovider.CertProviderServerSslContextProvider) CertificateValidationContext(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext) Test(org.junit.Test)

Example 13 with CertificateValidationContext

use of io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext in project grpc-java by grpc.

the class ServerSslContextProviderFactoryTest method createCertProviderServerSslContextProvider_withStaticContext.

@Test
public void createCertProviderServerSslContextProvider_withStaticContext() throws XdsInitializationException {
    final CertificateProvider.DistributorWatcher[] watcherCaptor = new CertificateProvider.DistributorWatcher[1];
    createAndRegisterProviderProvider(certificateProviderRegistry, watcherCaptor, "testca", 0);
    CertificateValidationContext staticCertValidationContext = CertificateValidationContext.newBuilder().addAllMatchSubjectAltNames(ImmutableSet.of(StringMatcher.newBuilder().setExact("foo").build(), StringMatcher.newBuilder().setExact("bar").build())).build();
    DownstreamTlsContext downstreamTlsContext = CommonTlsContextTestsUtil.buildDownstreamTlsContextForCertProviderInstance("gcp_id", "cert-default", "gcp_id", "root-default", /* alpnProtocols= */
    null, staticCertValidationContext, /* requireClientCert= */
    true);
    Bootstrapper.BootstrapInfo bootstrapInfo = CommonBootstrapperTestUtils.getTestBootstrapInfo();
    serverSslContextProviderFactory = new ServerSslContextProviderFactory(bootstrapInfo, certProviderServerSslContextProviderFactory);
    SslContextProvider sslContextProvider = serverSslContextProviderFactory.create(downstreamTlsContext);
    assertThat(sslContextProvider).isInstanceOf(CertProviderServerSslContextProvider.class);
    verifyWatcher(sslContextProvider, watcherCaptor[0]);
}
Also used : Bootstrapper(io.grpc.xds.Bootstrapper) DownstreamTlsContext(io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext) CertProviderServerSslContextProvider(io.grpc.xds.internal.certprovider.CertProviderServerSslContextProvider) CertificateValidationContext(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext) Test(org.junit.Test)

Example 14 with CertificateValidationContext

use of io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext in project grpc-java by grpc.

the class SdsX509TrustManagerTest method emptySanListContextTest.

@Test
public void emptySanListContextTest() throws CertificateException, IOException {
    CertificateValidationContext certContext = CertificateValidationContext.getDefaultInstance();
    trustManager = new SdsX509TrustManager(certContext, mockDelegate);
    X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE));
    trustManager.verifySubjectAltNameInChain(certs);
}
Also used : X509Certificate(java.security.cert.X509Certificate) CertificateValidationContext(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext) Test(org.junit.Test)

Example 15 with CertificateValidationContext

use of io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext in project grpc-java by grpc.

the class SdsX509TrustManagerTest method wildcardSanInPeerCertsSubdomainMismatch.

@Test
public void wildcardSanInPeerCertsSubdomainMismatch() throws CertificateException, IOException {
    // 2. Asterisk (*) cannot match across domain name labels.
    // For example, *.example.com matches test.example.com but does not match
    // sub.test.example.com.
    StringMatcher stringMatcher = StringMatcher.newBuilder().setExact("sub.abc.test.youtube.com").build();
    CertificateValidationContext certContext = CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build();
    trustManager = new SdsX509TrustManager(certContext, mockDelegate);
    X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE));
    try {
        trustManager.verifySubjectAltNameInChain(certs);
        fail("no exception thrown");
    } catch (CertificateException expected) {
        assertThat(expected).hasMessageThat().isEqualTo("Peer certificate SAN check failed");
    }
}
Also used : StringMatcher(io.envoyproxy.envoy.type.matcher.v3.StringMatcher) CertificateException(java.security.cert.CertificateException) X509Certificate(java.security.cert.X509Certificate) CertificateValidationContext(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext) Test(org.junit.Test)

Aggregations

CertificateValidationContext (io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext)45 Test (org.junit.Test)40 X509Certificate (java.security.cert.X509Certificate)30 StringMatcher (io.envoyproxy.envoy.type.matcher.v3.StringMatcher)27 CertificateException (java.security.cert.CertificateException)15 Bootstrapper (io.grpc.xds.Bootstrapper)5 CommonTlsContext (io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext)3 CombinedCertificateValidationContext (io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext.CombinedCertificateValidationContext)3 UpstreamTlsContext (io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext)3 CertProviderClientSslContextProvider (io.grpc.xds.internal.certprovider.CertProviderClientSslContextProvider)3 TestCallback (io.grpc.xds.internal.sds.CommonTlsContextTestsUtil.TestCallback)3 CertificateProviderInstance (io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CommonTlsContext.CertificateProviderInstance)2 DownstreamTlsContext (io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext)2 CertProviderServerSslContextProvider (io.grpc.xds.internal.certprovider.CertProviderServerSslContextProvider)2 VisibleForTesting (com.google.common.annotations.VisibleForTesting)1 CertificateProviderPluginInstance (io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateProviderPluginInstance)1 TlsCertificate (io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.TlsCertificate)1 ApplicationProtocolConfig (io.netty.handler.ssl.ApplicationProtocolConfig)1 SslContext (io.netty.handler.ssl.SslContext)1 SslContextBuilder (io.netty.handler.ssl.SslContextBuilder)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial