use of io.servicetalk.transport.api.ClientSslConfigBuilder in project servicetalk by apple.
the class Tls13Test method requiredCipher.
@ParameterizedTest
@MethodSource("sslProviders")
void requiredCipher(SslProvider serverSslProvider, SslProvider clientSslProvider, @Nullable String cipher) throws Exception {
ServerSslConfigBuilder serverSslBuilder = new ServerSslConfigBuilder(DefaultTestCerts::loadServerPem, DefaultTestCerts::loadServerKey).sslProtocols(TLS1_3).provider(serverSslProvider);
if (cipher != null) {
serverSslBuilder.ciphers(singletonList(cipher));
}
try (ServerContext serverContext = forAddress(localAddress(0)).ioExecutor(SERVER_CTX.ioExecutor()).executor(SERVER_CTX.executor()).executionStrategy(defaultStrategy()).enableWireLogging("servicetalk-tests-wire-logger", TRACE, () -> false).sslConfig(serverSslBuilder.build()).listenBlockingAndAwait((ctx, request, responseFactory) -> {
assertThat(request.payloadBody(textSerializerUtf8()), equalTo("request-payload-body"));
SSLSession sslSession = ctx.sslSession();
assertThat(sslSession, is(notNullValue()));
return responseFactory.ok().payloadBody(sslSession.getProtocol(), textSerializerUtf8());
})) {
ClientSslConfigBuilder clientSslBuilder = new ClientSslConfigBuilder(DefaultTestCerts::loadServerCAPem).sslProtocols(TLS1_3).peerHost(serverPemHostname()).provider(clientSslProvider);
if (cipher != null) {
clientSslBuilder.ciphers(singletonList(cipher));
}
try (BlockingHttpClient client = HttpClients.forSingleAddress(serverHostAndPort(serverContext)).ioExecutor(CLIENT_CTX.ioExecutor()).executor(CLIENT_CTX.executor()).executionStrategy(defaultStrategy()).enableWireLogging("servicetalk-tests-wire-logger", TRACE, Boolean.FALSE::booleanValue).sslConfig(clientSslBuilder.build()).buildBlocking();
BlockingHttpConnection connection = client.reserveConnection(client.get("/"))) {
SSLSession sslSession = connection.connectionContext().sslSession();
assertThat(sslSession, is(notNullValue()));
assertThat(sslSession.getProtocol(), equalTo(TLS1_3));
if (cipher != null) {
assertThat(sslSession.getCipherSuite(), equalTo(cipher));
}
HttpResponse response = client.request(client.post("/").payloadBody("request-payload-body", textSerializerUtf8()));
assertThat(response.status(), is(OK));
assertThat(response.headers().get(CONTENT_TYPE), is(TEXT_PLAIN_UTF_8));
assertThat(response.payloadBody(textSerializerUtf8()), equalTo(TLS1_3));
}
}
}
use of io.servicetalk.transport.api.ClientSslConfigBuilder in project servicetalk by apple.
the class ManualRedirectClient method main.
public static void main(String... args) throws Exception {
try (HttpClient secureClient = HttpClients.forSingleAddress("localhost", SECURE_SERVER_PORT).sslConfig(new ClientSslConfigBuilder(DefaultTestCerts::loadServerCAPem).build()).build()) {
try (HttpClient client = HttpClients.forSingleAddress("localhost", NON_SECURE_SERVER_PORT).build()) {
System.out.println("- Redirect of a GET request with a custom header:");
HttpRequest originalGet = client.get("/non-relative").addHeader(CUSTOM_HEADER, "value");
client.request(originalGet).flatMap(response -> {
if (response.status().statusClass() == REDIRECTION_3XX) {
CharSequence location = response.headers().get(LOCATION);
HttpClient redirectClient = lookupClient(location, client, secureClient);
return redirectClient.request(redirectClient.newRequest(originalGet.method(), location.toString()).addHeader(CUSTOM_HEADER, originalGet.headers().get(CUSTOM_HEADER)));
}
// Decided not to follow redirect, return the original response or an error:
return succeeded(response);
}).whenOnSuccess(resp -> {
System.out.println(resp.toString((name, value) -> value));
System.out.println(resp.payloadBody(textSerializerAscii()));
System.out.println();
}).toFuture().get();
System.out.println("- Redirect of a POST request with a payload body:");
HttpRequest originalPost = client.post("/non-relative").payloadBody(client.executionContext().bufferAllocator().fromAscii("some_content"));
client.request(originalPost).flatMap(response -> {
if (response.status().statusClass() == REDIRECTION_3XX) {
CharSequence location = response.headers().get(LOCATION);
HttpClient redirectClient = lookupClient(location, client, secureClient);
return redirectClient.request(redirectClient.newRequest(originalPost.method(), location.toString()).payloadBody(originalPost.payloadBody()));
}
// Decided not to follow redirect, return the original response or an error:
return succeeded(response);
}).whenOnSuccess(resp -> {
System.out.println(resp.toString((name, value) -> value));
System.out.println(resp.payloadBody(textSerializerAscii()));
}).toFuture().get();
}
}
}
use of io.servicetalk.transport.api.ClientSslConfigBuilder in project servicetalk by apple.
the class AbstractNettyHttpServerTest method startServer.
private void startServer() throws Exception {
final InetSocketAddress bindAddress = localAddress(0);
service(new TestServiceStreaming(publisherSupplier));
// A small SNDBUF is needed to test that the server defers closing the connection until writes are complete.
// However, if it is too small, tests that expect certain chunks of data will see those chunks broken up
// differently.
final HttpServerBuilder serverBuilder = HttpServers.forAddress(bindAddress).executor(serverExecutor).socketOption(StandardSocketOptions.SO_SNDBUF, 100).protocols(protocol).transportObserver(serverTransportObserver).enableWireLogging("servicetalk-tests-wire-logger", TRACE, () -> true);
configureServerBuilder(serverBuilder);
if (sslEnabled) {
serverBuilder.sslConfig(new ServerSslConfigBuilder(DefaultTestCerts::loadServerPem, DefaultTestCerts::loadServerKey).build());
}
if (nonOffloadingServiceFilterFactory != null) {
serverBuilder.appendNonOffloadingServiceFilter(nonOffloadingServiceFilterFactory);
}
if (serviceFilterFactory != null) {
serverBuilder.appendServiceFilter(serviceFilterFactory);
}
if (serverLifecycleObserver != NoopHttpLifecycleObserver.INSTANCE) {
serverBuilder.lifecycleObserver(serverLifecycleObserver);
}
serverContext = awaitIndefinitelyNonNull(listen(serverBuilder.ioExecutor(serverIoExecutor).appendConnectionAcceptorFilter(original -> new DelegatingConnectionAcceptor(connectionAcceptor))).beforeOnSuccess(ctx -> LOGGER.debug("Server started on {}.", ctx.listenAddress())).beforeOnError(throwable -> LOGGER.debug("Failed starting server on {}.", bindAddress)));
final SingleAddressHttpClientBuilder<HostAndPort, InetSocketAddress> clientBuilder = newClientBuilder();
if (sslEnabled) {
clientBuilder.sslConfig(new ClientSslConfigBuilder(DefaultTestCerts::loadServerCAPem).peerHost(serverPemHostname()).build());
}
if (connectionFactoryFilter != null) {
clientBuilder.appendConnectionFactoryFilter(connectionFactoryFilter);
}
if (connectionFilterFactory != null) {
clientBuilder.appendConnectionFilter(connectionFilterFactory);
}
if (clientTransportObserver != NoopTransportObserver.INSTANCE) {
clientBuilder.appendConnectionFactoryFilter(new TransportObserverConnectionFactoryFilter<>(clientTransportObserver));
}
if (clientLifecycleObserver != NoopHttpLifecycleObserver.INSTANCE) {
clientBuilder.appendClientFilter(new HttpLifecycleObserverRequesterFilter(clientLifecycleObserver));
}
if (clientFilterFactory != null) {
clientBuilder.appendClientFilter(clientFilterFactory);
}
httpClient = clientBuilder.ioExecutor(clientIoExecutor).executor(clientExecutor).executionStrategy(defaultStrategy()).protocols(protocol).enableWireLogging("servicetalk-tests-wire-logger", TRACE, Boolean.TRUE::booleanValue).buildStreaming();
httpConnection = httpClient.reserveConnection(httpClient.get("/")).toFuture().get();
}
use of io.servicetalk.transport.api.ClientSslConfigBuilder in project servicetalk by apple.
the class DefaultSingleAddressHttpClientBuilderTest method hostToCharSequenceFunction.
private static void hostToCharSequenceFunction(String hostNamePrefix, String hostName, String hostNameSuffix, @Nullable Integer port) throws Exception {
try (ServerContext serverCtx = HttpServers.forAddress(localAddress(0)).sslConfig(new ServerSslConfigBuilder(DefaultTestCerts::loadServerPem, DefaultTestCerts::loadServerKey).build()).listenBlockingAndAwait((ctx, request, responseFactory) -> responseFactory.ok());
BlockingHttpClient client = forResolvedAddress(hostNamePrefix + hostName + hostNameSuffix + (port == null ? "" : port), u -> serverCtx.listenAddress()).sslConfig(new ClientSslConfigBuilder(DefaultTestCerts::loadServerCAPem).hostnameVerificationAlgorithm("").build()).buildBlocking()) {
ReservedBlockingHttpConnection conn = client.reserveConnection(client.get("/"));
try {
SSLSession sslSession = conn.connectionContext().sslSession();
assertNotNull(sslSession);
assertThat(sslSession.getPeerHost(), startsWith(hostName));
InetSocketAddress socketAddress = (InetSocketAddress) conn.connectionContext().remoteAddress();
assertEquals(socketAddress.getPort(), sslSession.getPeerPort());
} finally {
conn.release();
}
}
}
use of io.servicetalk.transport.api.ClientSslConfigBuilder in project servicetalk by apple.
the class GrpcSslAndNonSslConnectionsTest method connectingToSecureServerWithSecureClient.
@Test
void connectingToSecureServerWithSecureClient() throws Exception {
try (ServerContext serverContext = secureGrpcServer();
BlockingTesterClient client = secureGrpcClient(serverContext, new ClientSslConfigBuilder(DefaultTestCerts::loadServerCAPem).peerHost(serverPemHostname())).buildBlocking(clientFactory())) {
final TesterProto.TestResponse response = client.test(REQUEST);
assertThat(response, is(notNullValue()));
assertThat(response.getMessage(), is(notNullValue()));
}
}
Aggregations