Examples with DefaultTestCerts io.servicetalk.test.resources.DefaultTestCerts used on opensource projects

Example 16 with DefaultTestCerts

use of io.servicetalk.test.resources.DefaultTestCerts in project servicetalk by apple.

the class Tls13Test method requiredCipher.

@ParameterizedTest
@MethodSource("sslProviders")
void requiredCipher(SslProvider serverSslProvider, SslProvider clientSslProvider, @Nullable String cipher) throws Exception {
    ServerSslConfigBuilder serverSslBuilder = new ServerSslConfigBuilder(DefaultTestCerts::loadServerPem, DefaultTestCerts::loadServerKey).sslProtocols(TLS1_3).provider(serverSslProvider);
    if (cipher != null) {
        serverSslBuilder.ciphers(singletonList(cipher));
    }
    try (ServerContext serverContext = forAddress(localAddress(0)).ioExecutor(SERVER_CTX.ioExecutor()).executor(SERVER_CTX.executor()).executionStrategy(defaultStrategy()).enableWireLogging("servicetalk-tests-wire-logger", TRACE, () -> false).sslConfig(serverSslBuilder.build()).listenBlockingAndAwait((ctx, request, responseFactory) -> {
        assertThat(request.payloadBody(textSerializerUtf8()), equalTo("request-payload-body"));
        SSLSession sslSession = ctx.sslSession();
        assertThat(sslSession, is(notNullValue()));
        return responseFactory.ok().payloadBody(sslSession.getProtocol(), textSerializerUtf8());
    })) {
        ClientSslConfigBuilder clientSslBuilder = new ClientSslConfigBuilder(DefaultTestCerts::loadServerCAPem).sslProtocols(TLS1_3).peerHost(serverPemHostname()).provider(clientSslProvider);
        if (cipher != null) {
            clientSslBuilder.ciphers(singletonList(cipher));
        }
        try (BlockingHttpClient client = HttpClients.forSingleAddress(serverHostAndPort(serverContext)).ioExecutor(CLIENT_CTX.ioExecutor()).executor(CLIENT_CTX.executor()).executionStrategy(defaultStrategy()).enableWireLogging("servicetalk-tests-wire-logger", TRACE, Boolean.FALSE::booleanValue).sslConfig(clientSslBuilder.build()).buildBlocking();
            BlockingHttpConnection connection = client.reserveConnection(client.get("/"))) {
            SSLSession sslSession = connection.connectionContext().sslSession();
            assertThat(sslSession, is(notNullValue()));
            assertThat(sslSession.getProtocol(), equalTo(TLS1_3));
            if (cipher != null) {
                assertThat(sslSession.getCipherSuite(), equalTo(cipher));
            }
            HttpResponse response = client.request(client.post("/").payloadBody("request-payload-body", textSerializerUtf8()));
            assertThat(response.status(), is(OK));
            assertThat(response.headers().get(CONTENT_TYPE), is(TEXT_PLAIN_UTF_8));
            assertThat(response.payloadBody(textSerializerUtf8()), equalTo(TLS1_3));
        }
    }
}

Example 17 with DefaultTestCerts

use of io.servicetalk.test.resources.DefaultTestCerts in project servicetalk by apple.

the class ManualRedirectClient method main.

public static void main(String... args) throws Exception {
    try (HttpClient secureClient = HttpClients.forSingleAddress("localhost", SECURE_SERVER_PORT).sslConfig(new ClientSslConfigBuilder(DefaultTestCerts::loadServerCAPem).build()).build()) {
        try (HttpClient client = HttpClients.forSingleAddress("localhost", NON_SECURE_SERVER_PORT).build()) {
            System.out.println("- Redirect of a GET request with a custom header:");
            HttpRequest originalGet = client.get("/non-relative").addHeader(CUSTOM_HEADER, "value");
            client.request(originalGet).flatMap(response -> {
                if (response.status().statusClass() == REDIRECTION_3XX) {
                    CharSequence location = response.headers().get(LOCATION);
                    HttpClient redirectClient = lookupClient(location, client, secureClient);
                    return redirectClient.request(redirectClient.newRequest(originalGet.method(), location.toString()).addHeader(CUSTOM_HEADER, originalGet.headers().get(CUSTOM_HEADER)));
                }
                // Decided not to follow redirect, return the original response or an error:
                return succeeded(response);
            }).whenOnSuccess(resp -> {
                System.out.println(resp.toString((name, value) -> value));
                System.out.println(resp.payloadBody(textSerializerAscii()));
                System.out.println();
            }).toFuture().get();
            System.out.println("- Redirect of a POST request with a payload body:");
            HttpRequest originalPost = client.post("/non-relative").payloadBody(client.executionContext().bufferAllocator().fromAscii("some_content"));
            client.request(originalPost).flatMap(response -> {
                if (response.status().statusClass() == REDIRECTION_3XX) {
                    CharSequence location = response.headers().get(LOCATION);
                    HttpClient redirectClient = lookupClient(location, client, secureClient);
                    return redirectClient.request(redirectClient.newRequest(originalPost.method(), location.toString()).payloadBody(originalPost.payloadBody()));
                }
                // Decided not to follow redirect, return the original response or an error:
                return succeeded(response);
            }).whenOnSuccess(resp -> {
                System.out.println(resp.toString((name, value) -> value));
                System.out.println(resp.payloadBody(textSerializerAscii()));
            }).toFuture().get();
        }
    }
}

Example 18 with DefaultTestCerts

use of io.servicetalk.test.resources.DefaultTestCerts in project servicetalk by apple.

the class AbstractNettyHttpServerTest method startServer.

private void startServer() throws Exception {
    final InetSocketAddress bindAddress = localAddress(0);
    service(new TestServiceStreaming(publisherSupplier));
    // A small SNDBUF is needed to test that the server defers closing the connection until writes are complete.
    // However, if it is too small, tests that expect certain chunks of data will see those chunks broken up
    // differently.
    final HttpServerBuilder serverBuilder = HttpServers.forAddress(bindAddress).executor(serverExecutor).socketOption(StandardSocketOptions.SO_SNDBUF, 100).protocols(protocol).transportObserver(serverTransportObserver).enableWireLogging("servicetalk-tests-wire-logger", TRACE, () -> true);
    configureServerBuilder(serverBuilder);
    if (sslEnabled) {
        serverBuilder.sslConfig(new ServerSslConfigBuilder(DefaultTestCerts::loadServerPem, DefaultTestCerts::loadServerKey).build());
    }
    if (nonOffloadingServiceFilterFactory != null) {
        serverBuilder.appendNonOffloadingServiceFilter(nonOffloadingServiceFilterFactory);
    }
    if (serviceFilterFactory != null) {
        serverBuilder.appendServiceFilter(serviceFilterFactory);
    }
    if (serverLifecycleObserver != NoopHttpLifecycleObserver.INSTANCE) {
        serverBuilder.lifecycleObserver(serverLifecycleObserver);
    }
    serverContext = awaitIndefinitelyNonNull(listen(serverBuilder.ioExecutor(serverIoExecutor).appendConnectionAcceptorFilter(original -> new DelegatingConnectionAcceptor(connectionAcceptor))).beforeOnSuccess(ctx -> LOGGER.debug("Server started on {}.", ctx.listenAddress())).beforeOnError(throwable -> LOGGER.debug("Failed starting server on {}.", bindAddress)));
    final SingleAddressHttpClientBuilder<HostAndPort, InetSocketAddress> clientBuilder = newClientBuilder();
    if (sslEnabled) {
        clientBuilder.sslConfig(new ClientSslConfigBuilder(DefaultTestCerts::loadServerCAPem).peerHost(serverPemHostname()).build());
    }
    if (connectionFactoryFilter != null) {
        clientBuilder.appendConnectionFactoryFilter(connectionFactoryFilter);
    }
    if (connectionFilterFactory != null) {
        clientBuilder.appendConnectionFilter(connectionFilterFactory);
    }
    if (clientTransportObserver != NoopTransportObserver.INSTANCE) {
        clientBuilder.appendConnectionFactoryFilter(new TransportObserverConnectionFactoryFilter<>(clientTransportObserver));
    }
    if (clientLifecycleObserver != NoopHttpLifecycleObserver.INSTANCE) {
        clientBuilder.appendClientFilter(new HttpLifecycleObserverRequesterFilter(clientLifecycleObserver));
    }
    if (clientFilterFactory != null) {
        clientBuilder.appendClientFilter(clientFilterFactory);
    }
    httpClient = clientBuilder.ioExecutor(clientIoExecutor).executor(clientExecutor).executionStrategy(defaultStrategy()).protocols(protocol).enableWireLogging("servicetalk-tests-wire-logger", TRACE, Boolean.TRUE::booleanValue).buildStreaming();
    httpConnection = httpClient.reserveConnection(httpClient.get("/")).toFuture().get();
}

Example 19 with DefaultTestCerts

use of io.servicetalk.test.resources.DefaultTestCerts in project servicetalk by apple.

the class DefaultSingleAddressHttpClientBuilderTest method hostToCharSequenceFunction.

private static void hostToCharSequenceFunction(String hostNamePrefix, String hostName, String hostNameSuffix, @Nullable Integer port) throws Exception {
    try (ServerContext serverCtx = HttpServers.forAddress(localAddress(0)).sslConfig(new ServerSslConfigBuilder(DefaultTestCerts::loadServerPem, DefaultTestCerts::loadServerKey).build()).listenBlockingAndAwait((ctx, request, responseFactory) -> responseFactory.ok());
        BlockingHttpClient client = forResolvedAddress(hostNamePrefix + hostName + hostNameSuffix + (port == null ? "" : port), u -> serverCtx.listenAddress()).sslConfig(new ClientSslConfigBuilder(DefaultTestCerts::loadServerCAPem).hostnameVerificationAlgorithm("").build()).buildBlocking()) {
        ReservedBlockingHttpConnection conn = client.reserveConnection(client.get("/"));
        try {
            SSLSession sslSession = conn.connectionContext().sslSession();
            assertNotNull(sslSession);
            assertThat(sslSession.getPeerHost(), startsWith(hostName));
            InetSocketAddress socketAddress = (InetSocketAddress) conn.connectionContext().remoteAddress();
            assertEquals(socketAddress.getPort(), sslSession.getPeerPort());
        } finally {
            conn.release();
        }
    }
}

Example 20 with DefaultTestCerts

use of io.servicetalk.test.resources.DefaultTestCerts in project servicetalk by apple.

the class GrpcSslAndNonSslConnectionsTest method noSniClientDefaultServerFallbackSuccess.

@Test
void noSniClientDefaultServerFallbackSuccess() throws Exception {
    try (ServerContext serverContext = GrpcServers.forAddress(localAddress(0)).initializeHttp(builder -> builder.sslConfig(trustedServerConfig(), singletonMap(getLoopbackAddress().getHostName(), untrustedServerConfig()))).listenAndAwait(serviceFactory());
        BlockingTesterClient client = GrpcClients.forAddress(getLoopbackAddress().getHostName(), serverHostAndPort(serverContext).port()).initializeHttp(builder -> builder.sslConfig(new ClientSslConfigBuilder(DefaultTestCerts::loadServerCAPem).build()).inferPeerHost(false).inferSniHostname(false)).buildBlocking(clientFactory())) {
        final TesterProto.TestResponse response = client.test(REQUEST);
        assertThat(response, is(notNullValue()));
        assertThat(response.getMessage(), is(notNullValue()));
    }
}