Search in sources :

Example 6 with ClientSslConfigBuilder

use of io.servicetalk.transport.api.ClientSslConfigBuilder in project servicetalk by apple.

the class GrpcSslAndNonSslConnectionsTest method secureClientToSecureServerWithoutPeerHostSucceeds.

@Test
void secureClientToSecureServerWithoutPeerHostSucceeds() throws Exception {
    try (ServerContext serverContext = secureGrpcServer();
        BlockingTesterClient client = secureGrpcClient(serverContext, new ClientSslConfigBuilder(DefaultTestCerts::loadServerCAPem).peerHost(null).hostnameVerificationAlgorithm(""), false).buildBlocking(clientFactory())) {
        final TesterProto.TestResponse response = client.test(REQUEST);
        assertThat(response, is(notNullValue()));
        assertThat(response.getMessage(), is(notNullValue()));
    }
}
Also used : ServerContext(io.servicetalk.transport.api.ServerContext) DefaultTestCerts(io.servicetalk.test.resources.DefaultTestCerts) ClientSslConfigBuilder(io.servicetalk.transport.api.ClientSslConfigBuilder) BlockingTesterClient(io.servicetalk.grpc.netty.TesterProto.Tester.BlockingTesterClient) Test(org.junit.jupiter.api.Test)

Example 7 with ClientSslConfigBuilder

use of io.servicetalk.transport.api.ClientSslConfigBuilder in project servicetalk by apple.

the class SslAndNonSslConnectionsTest method multiAddressClientToSecureServerThenToNonSecureServer.

@Test
void multiAddressClientToSecureServerThenToNonSecureServer() throws Exception {
    try (BlockingHttpClient client = HttpClients.forMultiAddressUrl().initializer((scheme, address, builder) -> {
        if (scheme.equalsIgnoreCase("https")) {
            builder.sslConfig(new ClientSslConfigBuilder(DefaultTestCerts::loadServerCAPem).peerHost(serverPemHostname()).build());
        }
    }).buildBlocking()) {
        testRequestResponse(client, secureRequestTarget, true);
        resetMocks();
        testRequestResponse(client, requestTarget, false);
    }
}
Also used : Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) StreamingHttpResponse(io.servicetalk.http.api.StreamingHttpResponse) ServerSslConfigBuilder(io.servicetalk.transport.api.ServerSslConfigBuilder) HttpHeaders(io.servicetalk.http.api.HttpHeaders) AfterAll(org.junit.jupiter.api.AfterAll) InetAddress(java.net.InetAddress) Answer(org.mockito.stubbing.Answer) ZERO(io.servicetalk.http.api.HttpHeaderValues.ZERO) BeforeAll(org.junit.jupiter.api.BeforeAll) Single.succeeded(io.servicetalk.concurrent.api.Single.succeeded) AddressUtils.hostHeader(io.servicetalk.transport.netty.internal.AddressUtils.hostHeader) AddressUtils.serverHostAndPort(io.servicetalk.transport.netty.internal.AddressUtils.serverHostAndPort) DefaultTestCerts(io.servicetalk.test.resources.DefaultTestCerts) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) Nullable(javax.annotation.Nullable) BlockingHttpClient(io.servicetalk.http.api.BlockingHttpClient) AddressUtils.localAddress(io.servicetalk.transport.netty.internal.AddressUtils.localAddress) ServerContext(io.servicetalk.transport.api.ServerContext) Mockito.clearInvocations(org.mockito.Mockito.clearInvocations) ClosedChannelException(java.nio.channels.ClosedChannelException) SSLHandshakeException(javax.net.ssl.SSLHandshakeException) Single(io.servicetalk.concurrent.api.Single) HttpResponse(io.servicetalk.http.api.HttpResponse) Mockito.times(org.mockito.Mockito.times) CertificateException(java.security.cert.CertificateException) Mockito.when(org.mockito.Mockito.when) CONTENT_LENGTH(io.servicetalk.http.api.HttpHeaderNames.CONTENT_LENGTH) OK(io.servicetalk.http.api.HttpResponseStatus.OK) DefaultTestCerts.serverPemHostname(io.servicetalk.test.resources.DefaultTestCerts.serverPemHostname) Mockito.verify(org.mockito.Mockito.verify) DefaultHttpHeadersFactory(io.servicetalk.http.api.DefaultHttpHeadersFactory) Test(org.junit.jupiter.api.Test) Matchers.instanceOf(org.hamcrest.Matchers.instanceOf) AfterEach(org.junit.jupiter.api.AfterEach) Mockito.never(org.mockito.Mockito.never) StreamingHttpService(io.servicetalk.http.api.StreamingHttpService) Completable.completed(io.servicetalk.concurrent.api.Completable.completed) StreamingHttpResponseFactory(io.servicetalk.http.api.StreamingHttpResponseFactory) ClientSslConfigBuilder(io.servicetalk.transport.api.ClientSslConfigBuilder) Matchers.is(org.hamcrest.Matchers.is) HostAndPort(io.servicetalk.transport.api.HostAndPort) HttpExecutionStrategies.offloadNever(io.servicetalk.http.api.HttpExecutionStrategies.offloadNever) Mockito.mock(org.mockito.Mockito.mock) BlockingHttpClient(io.servicetalk.http.api.BlockingHttpClient) DefaultTestCerts(io.servicetalk.test.resources.DefaultTestCerts) ClientSslConfigBuilder(io.servicetalk.transport.api.ClientSslConfigBuilder) Test(org.junit.jupiter.api.Test)

Example 8 with ClientSslConfigBuilder

use of io.servicetalk.transport.api.ClientSslConfigBuilder in project servicetalk by apple.

the class SslAndNonSslConnectionsTest method hostNameVerificationIsEnabledByDefault.

@Test
void hostNameVerificationIsEnabledByDefault() throws Exception {
    assert secureServerCtx != null;
    try (BlockingHttpClient client = HttpClients.forSingleAddress(serverHostAndPort(secureServerCtx)).sslConfig(new ClientSslConfigBuilder(DefaultTestCerts::loadServerCAPem).build()).buildBlocking()) {
        // Hostname verification failure
        SSLHandshakeException e = assertThrows(SSLHandshakeException.class, () -> testRequestResponse(client, "/", true));
        assertThat(e.getCause(), instanceOf(CertificateException.class));
    }
}
Also used : BlockingHttpClient(io.servicetalk.http.api.BlockingHttpClient) CertificateException(java.security.cert.CertificateException) ClientSslConfigBuilder(io.servicetalk.transport.api.ClientSslConfigBuilder) SSLHandshakeException(javax.net.ssl.SSLHandshakeException) Test(org.junit.jupiter.api.Test)

Example 9 with ClientSslConfigBuilder

use of io.servicetalk.transport.api.ClientSslConfigBuilder in project servicetalk by apple.

the class SslAndNonSslConnectionsTest method multiAddressClientToNonSecureServerThenToSecureServer.

@Test
void multiAddressClientToNonSecureServerThenToSecureServer() throws Exception {
    try (BlockingHttpClient client = HttpClients.forMultiAddressUrl().initializer((scheme, address, builder) -> {
        if (scheme.equalsIgnoreCase("https")) {
            builder.sslConfig(new ClientSslConfigBuilder(DefaultTestCerts::loadServerCAPem).peerHost(serverPemHostname()).build());
        }
    }).buildBlocking()) {
        testRequestResponse(client, requestTarget, false);
        resetMocks();
        testRequestResponse(client, secureRequestTarget, true);
    }
}
Also used : Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) StreamingHttpResponse(io.servicetalk.http.api.StreamingHttpResponse) ServerSslConfigBuilder(io.servicetalk.transport.api.ServerSslConfigBuilder) HttpHeaders(io.servicetalk.http.api.HttpHeaders) AfterAll(org.junit.jupiter.api.AfterAll) InetAddress(java.net.InetAddress) Answer(org.mockito.stubbing.Answer) ZERO(io.servicetalk.http.api.HttpHeaderValues.ZERO) BeforeAll(org.junit.jupiter.api.BeforeAll) Single.succeeded(io.servicetalk.concurrent.api.Single.succeeded) AddressUtils.hostHeader(io.servicetalk.transport.netty.internal.AddressUtils.hostHeader) AddressUtils.serverHostAndPort(io.servicetalk.transport.netty.internal.AddressUtils.serverHostAndPort) DefaultTestCerts(io.servicetalk.test.resources.DefaultTestCerts) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) Nullable(javax.annotation.Nullable) BlockingHttpClient(io.servicetalk.http.api.BlockingHttpClient) AddressUtils.localAddress(io.servicetalk.transport.netty.internal.AddressUtils.localAddress) ServerContext(io.servicetalk.transport.api.ServerContext) Mockito.clearInvocations(org.mockito.Mockito.clearInvocations) ClosedChannelException(java.nio.channels.ClosedChannelException) SSLHandshakeException(javax.net.ssl.SSLHandshakeException) Single(io.servicetalk.concurrent.api.Single) HttpResponse(io.servicetalk.http.api.HttpResponse) Mockito.times(org.mockito.Mockito.times) CertificateException(java.security.cert.CertificateException) Mockito.when(org.mockito.Mockito.when) CONTENT_LENGTH(io.servicetalk.http.api.HttpHeaderNames.CONTENT_LENGTH) OK(io.servicetalk.http.api.HttpResponseStatus.OK) DefaultTestCerts.serverPemHostname(io.servicetalk.test.resources.DefaultTestCerts.serverPemHostname) Mockito.verify(org.mockito.Mockito.verify) DefaultHttpHeadersFactory(io.servicetalk.http.api.DefaultHttpHeadersFactory) Test(org.junit.jupiter.api.Test) Matchers.instanceOf(org.hamcrest.Matchers.instanceOf) AfterEach(org.junit.jupiter.api.AfterEach) Mockito.never(org.mockito.Mockito.never) StreamingHttpService(io.servicetalk.http.api.StreamingHttpService) Completable.completed(io.servicetalk.concurrent.api.Completable.completed) StreamingHttpResponseFactory(io.servicetalk.http.api.StreamingHttpResponseFactory) ClientSslConfigBuilder(io.servicetalk.transport.api.ClientSslConfigBuilder) Matchers.is(org.hamcrest.Matchers.is) HostAndPort(io.servicetalk.transport.api.HostAndPort) HttpExecutionStrategies.offloadNever(io.servicetalk.http.api.HttpExecutionStrategies.offloadNever) Mockito.mock(org.mockito.Mockito.mock) BlockingHttpClient(io.servicetalk.http.api.BlockingHttpClient) DefaultTestCerts(io.servicetalk.test.resources.DefaultTestCerts) ClientSslConfigBuilder(io.servicetalk.transport.api.ClientSslConfigBuilder) Test(org.junit.jupiter.api.Test)

Example 10 with ClientSslConfigBuilder

use of io.servicetalk.transport.api.ClientSslConfigBuilder in project servicetalk by apple.

the class AbstractTcpServerTest method getTcpClientConfig.

// Visible for overriding.
TcpClientConfig getTcpClientConfig() {
    TcpClientConfig tcpClientConfig = new TcpClientConfig();
    if (sslEnabled) {
        HostAndPort serverHostAndPort = serverHostAndPort(serverContext);
        tcpClientConfig.sslConfig(new ClientSslConfigBuilder(DefaultTestCerts::loadServerCAPem).peerHost(serverPemHostname()).peerPort(serverHostAndPort.port()).build());
    }
    tcpClientConfig.enableWireLogging("servicetalk-tests-wire-logger", TRACE, () -> true);
    return tcpClientConfig;
}
Also used : AddressUtils.serverHostAndPort(io.servicetalk.transport.netty.internal.AddressUtils.serverHostAndPort) HostAndPort(io.servicetalk.transport.api.HostAndPort) DefaultTestCerts(io.servicetalk.test.resources.DefaultTestCerts) ClientSslConfigBuilder(io.servicetalk.transport.api.ClientSslConfigBuilder)

Aggregations

ClientSslConfigBuilder (io.servicetalk.transport.api.ClientSslConfigBuilder)23 DefaultTestCerts (io.servicetalk.test.resources.DefaultTestCerts)19 ServerContext (io.servicetalk.transport.api.ServerContext)15 ServerSslConfigBuilder (io.servicetalk.transport.api.ServerSslConfigBuilder)12 BlockingHttpClient (io.servicetalk.http.api.BlockingHttpClient)11 HostAndPort (io.servicetalk.transport.api.HostAndPort)9 AddressUtils.serverHostAndPort (io.servicetalk.transport.netty.internal.AddressUtils.serverHostAndPort)9 Test (org.junit.jupiter.api.Test)8 HttpResponse (io.servicetalk.http.api.HttpResponse)7 DefaultTestCerts.serverPemHostname (io.servicetalk.test.resources.DefaultTestCerts.serverPemHostname)7 AddressUtils.localAddress (io.servicetalk.transport.netty.internal.AddressUtils.localAddress)7 MatcherAssert.assertThat (org.hamcrest.MatcherAssert.assertThat)7 Matchers.is (org.hamcrest.Matchers.is)7 SSLHandshakeException (javax.net.ssl.SSLHandshakeException)6 InetSocketAddress (java.net.InetSocketAddress)5 Nullable (javax.annotation.Nullable)5 Matchers.instanceOf (org.hamcrest.Matchers.instanceOf)5 AfterEach (org.junit.jupiter.api.AfterEach)5 Assertions.assertThrows (org.junit.jupiter.api.Assertions.assertThrows)5 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)5