use of okhttp3.Dns in project okhttp by square.
the class CallTest method recoverFromTlsHandshakeFailure_tlsFallbackScsvEnabled.
@Test
public void recoverFromTlsHandshakeFailure_tlsFallbackScsvEnabled() throws Exception {
final String tlsFallbackScsv = "TLS_FALLBACK_SCSV";
List<String> supportedCiphers = Arrays.asList(sslClient.socketFactory.getSupportedCipherSuites());
if (!supportedCiphers.contains(tlsFallbackScsv)) {
// This only works if the client socket supports TLS_FALLBACK_SCSV.
return;
}
server.useHttps(sslClient.socketFactory, false);
server.enqueue(new MockResponse().setSocketPolicy(SocketPolicy.FAIL_HANDSHAKE));
RecordingSSLSocketFactory clientSocketFactory = new RecordingSSLSocketFactory(sslClient.socketFactory);
client = client.newBuilder().sslSocketFactory(clientSocketFactory, sslClient.trustManager).connectionSpecs(Arrays.asList(ConnectionSpec.MODERN_TLS, ConnectionSpec.COMPATIBLE_TLS)).hostnameVerifier(new RecordingHostnameVerifier()).dns(new SingleInetAddressDns()).build();
Request request = new Request.Builder().url(server.url("/")).build();
try {
client.newCall(request).execute();
fail();
} catch (SSLHandshakeException expected) {
}
List<SSLSocket> clientSockets = clientSocketFactory.getSocketsCreated();
SSLSocket firstSocket = clientSockets.get(0);
assertFalse(Arrays.asList(firstSocket.getEnabledCipherSuites()).contains(tlsFallbackScsv));
SSLSocket secondSocket = clientSockets.get(1);
assertTrue(Arrays.asList(secondSocket.getEnabledCipherSuites()).contains(tlsFallbackScsv));
}
use of okhttp3.Dns in project okhttp by square.
the class HostnameVerifierTest method subjectAltNameWithWildcard.
@Test
public void subjectAltNameWithWildcard() throws Exception {
// $ cat ./cert.cnf
// [req]
// distinguished_name=distinguished_name
// req_extensions=req_extensions
// x509_extensions=x509_extensions
// [distinguished_name]
// [req_extensions]
// [x509_extensions]
// subjectAltName=DNS:bar.com,DNS:*.baz.com
//
// $ openssl req -x509 -nodes -days 36500 -subj '/CN=foo.com' -config ./cert.cnf \
// -newkey rsa:512 -out cert.pem
SSLSession session = session("" + "-----BEGIN CERTIFICATE-----\n" + "MIIBPzCB6qADAgECAgkAnv/7Jv5r7pMwDQYJKoZIhvcNAQEFBQAwEjEQMA4GA1UE\n" + "AxMHZm9vLmNvbTAgFw0xMDEyMjAxODQ2MDFaGA8yMTEwMTEyNjE4NDYwMVowEjEQ\n" + "MA4GA1UEAxMHZm9vLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDAz2YXnyog\n" + "YdYLSFr/OEgSumtwqtZKJTB4wqTW/eKbBCEzxnyUMxWZIqUGu353PzwfOuWp2re3\n" + "nvVV+QDYQlh9AgMBAAGjITAfMB0GA1UdEQQWMBSCB2Jhci5jb22CCSouYmF6LmNv\n" + "bTANBgkqhkiG9w0BAQUFAANBAB8yrSl8zqy07i0SNYx2B/FnvQY734pxioaqFWfO\n" + "Bqo1ZZl/9aPHEWIwBrxYNVB0SGu/kkbt/vxqOjzzrkXukmI=\n" + "-----END CERTIFICATE-----");
assertFalse(verifier.verify("foo.com", session));
assertTrue(verifier.verify("bar.com", session));
assertTrue(verifier.verify("a.baz.com", session));
assertFalse(verifier.verify("baz.com", session));
assertFalse(verifier.verify("a.foo.com", session));
assertFalse(verifier.verify("a.bar.com", session));
assertFalse(verifier.verify("quux.com", session));
}
use of okhttp3.Dns in project okhttp by square.
the class EventListenerTest method noSecureConnectsOnPooledConnection.
@Test
public void noSecureConnectsOnPooledConnection() throws IOException {
enableTlsWithTunnel(false);
server.enqueue(new MockResponse());
server.enqueue(new MockResponse());
client = client.newBuilder().dns(new DoubleInetAddressDns()).build();
// Seed the pool.
Call call1 = client.newCall(new Request.Builder().url(server.url("/")).build());
Response response1 = call1.execute();
assertThat(response1.code()).isEqualTo(200);
response1.body().close();
listener.clearAllEvents();
Call call2 = client.newCall(new Request.Builder().url(server.url("/")).build());
Response response2 = call2.execute();
assertThat(response2.code()).isEqualTo(200);
response2.body().close();
List<String> recordedEvents = listener.recordedEventTypes();
assertThat(recordedEvents).doesNotContain("SecureConnectStart");
assertThat(recordedEvents).doesNotContain("SecureConnectEnd");
}
use of okhttp3.Dns in project okhttp by square.
the class EventListenerTest method failedDnsLookup.
@Test
public void failedDnsLookup() {
client = client.newBuilder().dns(new FakeDns()).build();
Call call = client.newCall(new Request.Builder().url("http://fakeurl/").build());
try {
call.execute();
fail();
} catch (IOException expected) {
}
listener.removeUpToEvent(DnsStart.class);
CallFailed callFailed = listener.removeUpToEvent(CallFailed.class);
assertThat(callFailed.getCall()).isSameAs(call);
assertThat(callFailed.getIoe()).isInstanceOf(UnknownHostException.class);
}
use of okhttp3.Dns in project okhttp by square.
the class ConnectionCoalescingTest method setUp.
@BeforeEach
public void setUp(MockWebServer server) throws Exception {
this.server = server;
platform.assumeHttp2Support();
platform.assumeNotBouncyCastle();
rootCa = new HeldCertificate.Builder().serialNumber(1L).certificateAuthority(0).commonName("root").build();
certificate = new HeldCertificate.Builder().signedBy(rootCa).serialNumber(2L).commonName(server.getHostName()).addSubjectAlternativeName(server.getHostName()).addSubjectAlternativeName("san.com").addSubjectAlternativeName("*.wildcard.com").addSubjectAlternativeName("differentdns.com").build();
serverIps = Dns.SYSTEM.lookup(server.getHostName());
dns.set(server.getHostName(), serverIps);
dns.set("san.com", serverIps);
dns.set("nonsan.com", serverIps);
dns.set("www.wildcard.com", serverIps);
dns.set("differentdns.com", Collections.emptyList());
HandshakeCertificates handshakeCertificates = new HandshakeCertificates.Builder().addTrustedCertificate(rootCa.certificate()).build();
client = clientTestRule.newClientBuilder().fastFallback(// Avoid data races.
false).dns(dns).sslSocketFactory(handshakeCertificates.sslSocketFactory(), handshakeCertificates.trustManager()).build();
HandshakeCertificates serverHandshakeCertificates = new HandshakeCertificates.Builder().heldCertificate(certificate).build();
server.useHttps(serverHandshakeCertificates.sslSocketFactory(), false);
url = server.url("/robots.txt");
}
Aggregations