use of io.vertx.core.net.PfxOptions in project vert.x by eclipse.
the class KeyStoreHelper method create.
public static KeyStoreHelper create(VertxInternal vertx, KeyCertOptions options) {
if (options instanceof JksOptions) {
JksOptions jks = (JksOptions) options;
Supplier<Buffer> value;
if (jks.getPath() != null) {
value = () -> vertx.fileSystem().readFileBlocking(vertx.resolveFile(jks.getPath()).getAbsolutePath());
} else if (jks.getValue() != null) {
value = jks::getValue;
} else {
return null;
}
return new JKSOrPKCS12("JKS", jks.getPassword(), value);
} else if (options instanceof PfxOptions) {
PfxOptions pkcs12 = (PfxOptions) options;
Supplier<Buffer> value;
if (pkcs12.getPath() != null) {
value = () -> vertx.fileSystem().readFileBlocking(vertx.resolveFile(pkcs12.getPath()).getAbsolutePath());
} else if (pkcs12.getValue() != null) {
value = pkcs12::getValue;
} else {
return null;
}
return new JKSOrPKCS12("PKCS12", pkcs12.getPassword(), value);
} else if (options instanceof PemKeyCertOptions) {
PemKeyCertOptions keyCert = (PemKeyCertOptions) options;
Supplier<Buffer> key = () -> {
if (keyCert.getKeyPath() != null) {
return vertx.fileSystem().readFileBlocking(vertx.resolveFile(keyCert.getKeyPath()).getAbsolutePath());
} else if (keyCert.getKeyValue() != null) {
return keyCert.getKeyValue();
} else {
throw new RuntimeException("Missing private key");
}
};
Supplier<Buffer> cert = () -> {
if (keyCert.getCertPath() != null) {
return vertx.fileSystem().readFileBlocking(vertx.resolveFile(keyCert.getCertPath()).getAbsolutePath());
} else if (keyCert.getCertValue() != null) {
return keyCert.getCertValue();
} else {
throw new RuntimeException("Missing X.509 certificate");
}
};
return new KeyCert(DUMMY_PASSWORD, key, cert);
} else {
return null;
}
}
use of io.vertx.core.net.PfxOptions in project vertx-proton by vert-x3.
the class ProtonClientSslTest method testConnectWithSslToNonSslServerFails.
@Test(timeout = 20000)
public void testConnectWithSslToNonSslServerFails(TestContext context) throws Exception {
Async async = context.async();
// Create a server that doesn't use ssl
ProtonServerOptions serverOptions = new ProtonServerOptions();
serverOptions.setSsl(false);
protonServer = createServer(serverOptions, this::handleClientConnectionSessionReceiverOpen);
// Try to connect the client and expect it to fail
ProtonClientOptions clientOptions = new ProtonClientOptions();
clientOptions.setSsl(true);
PfxOptions pfxOptions = new PfxOptions().setPath(TRUSTSTORE).setPassword(PASSWORD);
clientOptions.setPfxTrustOptions(pfxOptions);
ProtonClient client = ProtonClient.create(vertx);
client.connect(clientOptions, "localhost", protonServer.actualPort(), res -> {
// Expect connect to fail due to remote peer not doing SSL
context.assertFalse(res.succeeded());
async.complete();
});
async.awaitSuccess();
}
use of io.vertx.core.net.PfxOptions in project vertx-proton by vert-x3.
the class ProtonClientSslTest method doHostnameVerificationTestImpl.
private void doHostnameVerificationTestImpl(TestContext context, boolean verifyHost) throws Exception {
Async async = context.async();
// Create a server that accept a connection and expects a client connection+session+receiver
ProtonServerOptions serverOptions = new ProtonServerOptions();
serverOptions.setSsl(true);
PfxOptions serverPfxOptions = new PfxOptions().setPath(WRONG_HOST_KEYSTORE).setPassword(PASSWORD);
serverOptions.setPfxKeyCertOptions(serverPfxOptions);
protonServer = createServer(serverOptions, this::handleClientConnectionSessionReceiverOpen);
// Connect the client and open a receiver to verify the connection works
ProtonClientOptions clientOptions = new ProtonClientOptions();
clientOptions.setSsl(true);
PfxOptions clientPfxOptions = new PfxOptions().setPath(TRUSTSTORE).setPassword(PASSWORD);
clientOptions.setPfxTrustOptions(clientPfxOptions);
// Verify/update the hostname verification settings
context.assertEquals(VERIFY_HTTPS, clientOptions.getHostnameVerificationAlgorithm(), "expected host verification to be on by default");
if (!verifyHost) {
clientOptions.setHostnameVerificationAlgorithm(NO_VERIFY);
}
ProtonClient client = ProtonClient.create(vertx);
client.connect(clientOptions, "localhost", protonServer.actualPort(), res -> {
if (verifyHost) {
// Expect connect to fail as server cert hostname doesn't match.
context.assertFalse(res.succeeded(), "expected connect to fail");
LOG.trace("Connect failed");
async.complete();
} else {
// Expect connect to succeed as verification is disabled
context.assertTrue(res.succeeded(), "expected connect to succeed");
LOG.trace("Connect succeeded");
ProtonConnection connection = res.result();
connection.open();
ProtonReceiver receiver = connection.createReceiver("some-address");
receiver.openHandler(recvResult -> {
context.assertTrue(recvResult.succeeded());
LOG.trace("Client receiver open");
async.complete();
}).open();
}
});
async.awaitSuccess();
}
use of io.vertx.core.net.PfxOptions in project vertx-proton by vert-x3.
the class ProtonClientSslTest method doClientCertificateTestImpl.
private void doClientCertificateTestImpl(TestContext context, boolean supplyClientCert) throws InterruptedException, ExecutionException {
Async async = context.async();
// Create a server that accept a connection and expects a client connection+session+receiver
ProtonServerOptions serverOptions = new ProtonServerOptions();
serverOptions.setSsl(true);
serverOptions.setClientAuth(ClientAuth.REQUIRED);
PfxOptions serverPfxOptions = new PfxOptions().setPath(KEYSTORE).setPassword(PASSWORD);
serverOptions.setPfxKeyCertOptions(serverPfxOptions);
PfxOptions pfxOptions = new PfxOptions().setPath(TRUSTSTORE).setPassword(PASSWORD);
serverOptions.setPfxTrustOptions(pfxOptions);
protonServer = createServer(serverOptions, this::handleClientConnectionSessionReceiverOpen);
// Try to connect the client
ProtonClientOptions clientOptions = new ProtonClientOptions();
clientOptions.setSsl(true);
clientOptions.setPfxTrustOptions(pfxOptions);
if (supplyClientCert) {
PfxOptions clientKeyPfxOptions = new PfxOptions().setPath(KEYSTORE_CLIENT).setPassword(PASSWORD);
clientOptions.setPfxKeyCertOptions(clientKeyPfxOptions);
}
ProtonClient client = ProtonClient.create(vertx);
client.connect(clientOptions, "localhost", protonServer.actualPort(), res -> {
if (supplyClientCert) {
// Expect connect to succeed
context.assertTrue(res.succeeded());
} else {
// Expect connect to fail
context.assertFalse(res.succeeded());
}
async.complete();
});
async.awaitSuccess();
}
use of io.vertx.core.net.PfxOptions in project vertx-proton by vert-x3.
the class ProtonClientSslTest method testConnectWithSslToServerWithUntrustedKeyFails.
@Test(timeout = 20000)
public void testConnectWithSslToServerWithUntrustedKeyFails(TestContext context) throws Exception {
Async async = context.async();
// Create a server that accept a connection and expects a client connection+session+receiver
ProtonServerOptions serverOptions = new ProtonServerOptions();
serverOptions.setSsl(true);
PfxOptions serverPfxOptions = new PfxOptions().setPath(KEYSTORE).setPassword(PASSWORD);
serverOptions.setPfxKeyCertOptions(serverPfxOptions);
protonServer = createServer(serverOptions, this::handleClientConnectionSessionReceiverOpen);
// Try to connect the client and expect it to fail due to us not trusting the server
ProtonClientOptions clientOptions = new ProtonClientOptions();
clientOptions.setSsl(true);
PfxOptions pfxOptions = new PfxOptions().setPath(OTHER_CA_TRUSTSTORE).setPassword(PASSWORD);
clientOptions.setPfxTrustOptions(pfxOptions);
ProtonClient client = ProtonClient.create(vertx);
client.connect(clientOptions, "localhost", protonServer.actualPort(), res -> {
// Expect connect to fail due to remote peer not doing SSL
context.assertFalse(res.succeeded());
async.complete();
});
async.awaitSuccess();
}
Aggregations