use of io.servicetalk.transport.api.ServerSslConfigBuilder in project servicetalk by apple.
the class AbstractNettyHttpServerTest method startServer.
private void startServer() throws Exception {
final InetSocketAddress bindAddress = localAddress(0);
service(new TestServiceStreaming(publisherSupplier));
// A small SNDBUF is needed to test that the server defers closing the connection until writes are complete.
// However, if it is too small, tests that expect certain chunks of data will see those chunks broken up
// differently.
final HttpServerBuilder serverBuilder = HttpServers.forAddress(bindAddress).executor(serverExecutor).socketOption(StandardSocketOptions.SO_SNDBUF, 100).protocols(protocol).transportObserver(serverTransportObserver).enableWireLogging("servicetalk-tests-wire-logger", TRACE, () -> true);
configureServerBuilder(serverBuilder);
if (sslEnabled) {
serverBuilder.sslConfig(new ServerSslConfigBuilder(DefaultTestCerts::loadServerPem, DefaultTestCerts::loadServerKey).build());
}
if (nonOffloadingServiceFilterFactory != null) {
serverBuilder.appendNonOffloadingServiceFilter(nonOffloadingServiceFilterFactory);
}
if (serviceFilterFactory != null) {
serverBuilder.appendServiceFilter(serviceFilterFactory);
}
if (serverLifecycleObserver != NoopHttpLifecycleObserver.INSTANCE) {
serverBuilder.lifecycleObserver(serverLifecycleObserver);
}
serverContext = awaitIndefinitelyNonNull(listen(serverBuilder.ioExecutor(serverIoExecutor).appendConnectionAcceptorFilter(original -> new DelegatingConnectionAcceptor(connectionAcceptor))).beforeOnSuccess(ctx -> LOGGER.debug("Server started on {}.", ctx.listenAddress())).beforeOnError(throwable -> LOGGER.debug("Failed starting server on {}.", bindAddress)));
final SingleAddressHttpClientBuilder<HostAndPort, InetSocketAddress> clientBuilder = newClientBuilder();
if (sslEnabled) {
clientBuilder.sslConfig(new ClientSslConfigBuilder(DefaultTestCerts::loadServerCAPem).peerHost(serverPemHostname()).build());
}
if (connectionFactoryFilter != null) {
clientBuilder.appendConnectionFactoryFilter(connectionFactoryFilter);
}
if (connectionFilterFactory != null) {
clientBuilder.appendConnectionFilter(connectionFilterFactory);
}
if (clientTransportObserver != NoopTransportObserver.INSTANCE) {
clientBuilder.appendConnectionFactoryFilter(new TransportObserverConnectionFactoryFilter<>(clientTransportObserver));
}
if (clientLifecycleObserver != NoopHttpLifecycleObserver.INSTANCE) {
clientBuilder.appendClientFilter(new HttpLifecycleObserverRequesterFilter(clientLifecycleObserver));
}
if (clientFilterFactory != null) {
clientBuilder.appendClientFilter(clientFilterFactory);
}
httpClient = clientBuilder.ioExecutor(clientIoExecutor).executor(clientExecutor).executionStrategy(defaultStrategy()).protocols(protocol).enableWireLogging("servicetalk-tests-wire-logger", TRACE, Boolean.TRUE::booleanValue).buildStreaming();
httpConnection = httpClient.reserveConnection(httpClient.get("/")).toFuture().get();
}
use of io.servicetalk.transport.api.ServerSslConfigBuilder in project servicetalk by apple.
the class SecurityHandshakeObserverTest method verifyHandshakeObserved.
private void verifyHandshakeObserved(Function<SocketAddress, HttpServerBuilder> serverBuilderFactory, Function<HostAndPort, SingleAddressHttpClientBuilder<HostAndPort, InetSocketAddress>> clientBuilderFactory) throws Exception {
try (ServerContext serverContext = serverBuilderFactory.apply(localAddress(0)).ioExecutor(SERVER_CTX.ioExecutor()).executor(SERVER_CTX.executor()).executionStrategy(defaultStrategy()).sslConfig(new ServerSslConfigBuilder(DefaultTestCerts::loadServerPem, DefaultTestCerts::loadServerKey).build()).transportObserver(serverTransportObserver).listenStreamingAndAwait(new TestServiceStreaming());
BlockingHttpClient client = clientBuilderFactory.apply(serverHostAndPort(serverContext)).ioExecutor(CLIENT_CTX.ioExecutor()).executor(CLIENT_CTX.executor()).executionStrategy(defaultStrategy()).sslConfig(new ClientSslConfigBuilder(DefaultTestCerts::loadServerCAPem).peerHost(serverPemHostname()).build()).appendConnectionFactoryFilter(new TransportObserverConnectionFactoryFilter<>(clientTransportObserver)).buildBlocking()) {
String content = "payload_body";
HttpResponse response = client.request(client.post(SVC_ECHO).payloadBody(content, textSerializerUtf8()));
assertThat(response.status(), is(OK));
assertThat(response.payloadBody(textSerializerUtf8()), equalTo(content));
verify(clientConnectionObserver).onSecurityHandshake();
verify(clientSecurityHandshakeObserver).handshakeComplete(any(SSLSession.class));
verify(serverConnectionObserver).onSecurityHandshake();
verify(serverSecurityHandshakeObserver).handshakeComplete(any(SSLSession.class));
}
}
use of io.servicetalk.transport.api.ServerSslConfigBuilder in project servicetalk by apple.
the class SslAndNonSslConnectionsTest method beforeClass.
@BeforeAll
static void beforeClass() throws Exception {
final HttpHeaders httpHeaders = DefaultHttpHeadersFactory.INSTANCE.newHeaders().set(CONTENT_LENGTH, ZERO);
// Configure HTTP server
when(STREAMING_HTTP_SERVICE.handle(any(), any(), any())).thenAnswer((Answer<Single<StreamingHttpResponse>>) invocation -> {
StreamingHttpResponseFactory factory = invocation.getArgument(2);
StreamingHttpResponse resp = factory.ok();
resp.headers().set(httpHeaders);
return succeeded(resp);
});
when(STREAMING_HTTP_SERVICE.closeAsync()).thenReturn(completed());
when(STREAMING_HTTP_SERVICE.closeAsyncGracefully()).thenReturn(completed());
when(STREAMING_HTTP_SERVICE.requiredOffloads()).thenCallRealMethod();
serverCtx = HttpServers.forAddress(localAddress(0)).executionStrategy(offloadNone()).listenStreamingAndAwait(STREAMING_HTTP_SERVICE);
final String serverHostHeader = hostHeader(serverHostAndPort(serverCtx));
requestTarget = "http://" + serverHostHeader + "/";
// Configure HTTPS server
when(SECURE_STREAMING_HTTP_SERVICE.handle(any(), any(), any())).thenAnswer(invocation -> {
StreamingHttpResponseFactory factory = invocation.getArgument(2);
StreamingHttpResponse resp = factory.ok();
resp.headers().set(httpHeaders);
return succeeded(resp);
});
when(SECURE_STREAMING_HTTP_SERVICE.closeAsync()).thenReturn(completed());
when(SECURE_STREAMING_HTTP_SERVICE.closeAsyncGracefully()).thenReturn(completed());
when(SECURE_STREAMING_HTTP_SERVICE.requiredOffloads()).thenCallRealMethod();
secureServerCtx = HttpServers.forAddress(localAddress(0)).sslConfig(new ServerSslConfigBuilder(DefaultTestCerts::loadServerPem, DefaultTestCerts::loadServerKey).build()).executionStrategy(offloadNone()).listenStreamingAndAwait(SECURE_STREAMING_HTTP_SERVICE);
final String secureServerHostHeader = hostHeader(serverHostAndPort(secureServerCtx));
secureRequestTarget = "https://" + secureServerHostHeader + "/";
}
use of io.servicetalk.transport.api.ServerSslConfigBuilder in project servicetalk by apple.
the class SslProvidersTest method setUp.
private void setUp(SslProvider serverSslProvider, SslProvider clientSslProvider, int payloadLength) throws Exception {
payloadBody = randomString(payloadLength);
serverContext = HttpServers.forAddress(localAddress(0)).sslConfig(new ServerSslConfigBuilder(DefaultTestCerts::loadServerPem, DefaultTestCerts::loadServerKey).provider(serverSslProvider).build()).listenBlockingAndAwait((ctx, request, responseFactory) -> {
assertThat(ctx.sslSession(), is(notNullValue()));
assertThat(request.path(), is("/path"));
assertThat(request.headers().get(CONTENT_TYPE), is(TEXT_PLAIN_UTF_8));
assertThat(request.payloadBody(textSerializerUtf8()), is("request-payload-body-" + payloadBody));
return responseFactory.ok().payloadBody("response-payload-body-" + payloadBody, textSerializerUtf8());
});
client = HttpClients.forSingleAddress(serverHostAndPort(serverContext)).ioExecutor(NettyIoExecutors.createIoExecutor("client-io")).sslConfig(new ClientSslConfigBuilder(DefaultTestCerts::loadServerCAPem).peerHost(serverPemHostname()).provider(clientSslProvider).build()).buildBlocking();
}
use of io.servicetalk.transport.api.ServerSslConfigBuilder in project servicetalk by apple.
the class TcpFastOpenTest method requestSucceedsEvenIfTcpFastOpenNotEnabledOrSupported.
@ParameterizedTest(name = "{displayName} [{index}] protocols={0}, secure={1}, serverListenOptions={2}, clientOptions={3}")
@MethodSource("sslProviders")
void requestSucceedsEvenIfTcpFastOpenNotEnabledOrSupported(final Collection<HttpProtocol> protocols, final boolean secure, @SuppressWarnings("rawtypes") final Map<SocketOption, Object> serverListenOptions, @SuppressWarnings("rawtypes") final Map<SocketOption, Object> clientOptions) throws Exception {
assumeTcpFastOpen(clientOptions);
HttpServerBuilder serverBuilder = HttpServers.forAddress(localAddress(0)).protocols(toConfigs(protocols));
if (secure) {
serverBuilder.sslConfig(new ServerSslConfigBuilder(DefaultTestCerts::loadServerPem, DefaultTestCerts::loadServerKey).build());
}
for (@SuppressWarnings("rawtypes") Entry<SocketOption, Object> entry : serverListenOptions.entrySet()) {
@SuppressWarnings("unchecked") SocketOption<Object> option = entry.getKey();
serverBuilder.listenSocketOption(option, entry.getValue());
}
try (ServerContext serverContext = serverBuilder.listenBlockingAndAwait((ctx, request, responseFactory) -> responseFactory.ok());
BlockingHttpClient client = newClient(serverContext, protocols, secure, clientOptions)) {
assertEquals(HttpResponseStatus.OK, client.request(client.get("/")).status());
}
}
Aggregations