Examples with StringMatcher - io.envoyproxy.envoy.type.matcher.v3.StringMatcher

Example 11 with StringMatcher

use of io.envoyproxy.envoy.type.matcher.v3.StringMatcher in project grpc-java by grpc.

the class SdsX509TrustManagerTest method missingPeerCerts.

@Test
public void missingPeerCerts() {
    StringMatcher stringMatcher = StringMatcher.newBuilder().setExact("foo.com").build();
    CertificateValidationContext certContext = CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build();
    trustManager = new SdsX509TrustManager(certContext, mockDelegate);
    try {
        trustManager.verifySubjectAltNameInChain(null);
        fail("no exception thrown");
    } catch (CertificateException expected) {
        assertThat(expected).hasMessageThat().isEqualTo("Peer certificate(s) missing");
    }
}

Also used : StringMatcher(io.envoyproxy.envoy.type.matcher.v3.StringMatcher) CertificateException(java.security.cert.CertificateException) CertificateValidationContext(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext) Test(org.junit.Test)

Example 12 with StringMatcher

use of io.envoyproxy.envoy.type.matcher.v3.StringMatcher in project grpc-java by grpc.

the class SdsX509TrustManagerTest method noSansInPeerCerts.

@Test
public void noSansInPeerCerts() throws CertificateException, IOException {
    StringMatcher stringMatcher = StringMatcher.newBuilder().setExact("foo.com").build();
    CertificateValidationContext certContext = CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build();
    trustManager = new SdsX509TrustManager(certContext, mockDelegate);
    X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(CLIENT_PEM_FILE));
    try {
        trustManager.verifySubjectAltNameInChain(certs);
        fail("no exception thrown");
    } catch (CertificateException expected) {
        assertThat(expected).hasMessageThat().isEqualTo("Peer certificate SAN check failed");
    }
}

Also used : StringMatcher(io.envoyproxy.envoy.type.matcher.v3.StringMatcher) CertificateException(java.security.cert.CertificateException) X509Certificate(java.security.cert.X509Certificate) CertificateValidationContext(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext) Test(org.junit.Test)

Example 13 with StringMatcher

use of io.envoyproxy.envoy.type.matcher.v3.StringMatcher in project grpc-java by grpc.

the class SdsX509TrustManagerTest method emptyArrayPeerCerts.

@Test
public void emptyArrayPeerCerts() {
    StringMatcher stringMatcher = StringMatcher.newBuilder().setExact("foo.com").build();
    CertificateValidationContext certContext = CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build();
    trustManager = new SdsX509TrustManager(certContext, mockDelegate);
    try {
        trustManager.verifySubjectAltNameInChain(new X509Certificate[0]);
        fail("no exception thrown");
    } catch (CertificateException expected) {
        assertThat(expected).hasMessageThat().isEqualTo("Peer certificate(s) missing");
    }
}

Example 14 with StringMatcher

use of io.envoyproxy.envoy.type.matcher.v3.StringMatcher in project grpc-java by grpc.

the class SdsX509TrustManagerTest method oneSanInPeerCertsVerifies.

@Test
public void oneSanInPeerCertsVerifies() throws CertificateException, IOException {
    StringMatcher stringMatcher = StringMatcher.newBuilder().setExact("waterzooi.test.google.be").setIgnoreCase(false).build();
    CertificateValidationContext certContext = CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build();
    trustManager = new SdsX509TrustManager(certContext, mockDelegate);
    X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE));
    trustManager.verifySubjectAltNameInChain(certs);
}

Also used : StringMatcher(io.envoyproxy.envoy.type.matcher.v3.StringMatcher) X509Certificate(java.security.cert.X509Certificate) CertificateValidationContext(io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext) Test(org.junit.Test)

Example 15 with StringMatcher

use of io.envoyproxy.envoy.type.matcher.v3.StringMatcher in project grpc-java by grpc.

the class SdsX509TrustManagerTest method oneSanInPeerCertsVerifiesMultipleVerifySans.

@Test
public void oneSanInPeerCertsVerifiesMultipleVerifySans() throws CertificateException, IOException {
    StringMatcher stringMatcher = StringMatcher.newBuilder().setExact("x.foo.com").build();
    StringMatcher stringMatcher1 = StringMatcher.newBuilder().setExact("waterzooi.test.google.be").build();
    CertificateValidationContext certContext = CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).addMatchSubjectAltNames(stringMatcher1).build();
    trustManager = new SdsX509TrustManager(certContext, mockDelegate);
    X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE));
    trustManager.verifySubjectAltNameInChain(certs);
}

Aggregations

CertificateValidationContext (io.envoyproxy.envoy.extensions.transport_sockets.tls.v3.CertificateValidationContext)27 StringMatcher (io.envoyproxy.envoy.type.matcher.v3.StringMatcher)27 Test (org.junit.Test)27 X509Certificate (java.security.cert.X509Certificate)25 CertificateException (java.security.cert.CertificateException)12