use of io.servicetalk.transport.api.ClientSslConfigBuilder in project servicetalk by apple.
the class GrpcSslAndNonSslConnectionsTest method secureClientToSecureServerWithoutPeerHostSucceeds.
@Test
void secureClientToSecureServerWithoutPeerHostSucceeds() throws Exception {
try (ServerContext serverContext = secureGrpcServer();
BlockingTesterClient client = secureGrpcClient(serverContext, new ClientSslConfigBuilder(DefaultTestCerts::loadServerCAPem).peerHost(null).hostnameVerificationAlgorithm(""), false).buildBlocking(clientFactory())) {
final TesterProto.TestResponse response = client.test(REQUEST);
assertThat(response, is(notNullValue()));
assertThat(response.getMessage(), is(notNullValue()));
}
}
use of io.servicetalk.transport.api.ClientSslConfigBuilder in project servicetalk by apple.
the class SslAndNonSslConnectionsTest method multiAddressClientToSecureServerThenToNonSecureServer.
@Test
void multiAddressClientToSecureServerThenToNonSecureServer() throws Exception {
try (BlockingHttpClient client = HttpClients.forMultiAddressUrl().initializer((scheme, address, builder) -> {
if (scheme.equalsIgnoreCase("https")) {
builder.sslConfig(new ClientSslConfigBuilder(DefaultTestCerts::loadServerCAPem).peerHost(serverPemHostname()).build());
}
}).buildBlocking()) {
testRequestResponse(client, secureRequestTarget, true);
resetMocks();
testRequestResponse(client, requestTarget, false);
}
}
use of io.servicetalk.transport.api.ClientSslConfigBuilder in project servicetalk by apple.
the class SslAndNonSslConnectionsTest method hostNameVerificationIsEnabledByDefault.
@Test
void hostNameVerificationIsEnabledByDefault() throws Exception {
assert secureServerCtx != null;
try (BlockingHttpClient client = HttpClients.forSingleAddress(serverHostAndPort(secureServerCtx)).sslConfig(new ClientSslConfigBuilder(DefaultTestCerts::loadServerCAPem).build()).buildBlocking()) {
// Hostname verification failure
SSLHandshakeException e = assertThrows(SSLHandshakeException.class, () -> testRequestResponse(client, "/", true));
assertThat(e.getCause(), instanceOf(CertificateException.class));
}
}
use of io.servicetalk.transport.api.ClientSslConfigBuilder in project servicetalk by apple.
the class SslAndNonSslConnectionsTest method multiAddressClientToNonSecureServerThenToSecureServer.
@Test
void multiAddressClientToNonSecureServerThenToSecureServer() throws Exception {
try (BlockingHttpClient client = HttpClients.forMultiAddressUrl().initializer((scheme, address, builder) -> {
if (scheme.equalsIgnoreCase("https")) {
builder.sslConfig(new ClientSslConfigBuilder(DefaultTestCerts::loadServerCAPem).peerHost(serverPemHostname()).build());
}
}).buildBlocking()) {
testRequestResponse(client, requestTarget, false);
resetMocks();
testRequestResponse(client, secureRequestTarget, true);
}
}
use of io.servicetalk.transport.api.ClientSslConfigBuilder in project servicetalk by apple.
the class AbstractTcpServerTest method getTcpClientConfig.
// Visible for overriding.
TcpClientConfig getTcpClientConfig() {
TcpClientConfig tcpClientConfig = new TcpClientConfig();
if (sslEnabled) {
HostAndPort serverHostAndPort = serverHostAndPort(serverContext);
tcpClientConfig.sslConfig(new ClientSslConfigBuilder(DefaultTestCerts::loadServerCAPem).peerHost(serverPemHostname()).peerPort(serverHostAndPort.port()).build());
}
tcpClientConfig.enableWireLogging("servicetalk-tests-wire-logger", TRACE, () -> true);
return tcpClientConfig;
}
Aggregations