Example 11 with Dns
use of okhttp3.Dns in project okhttp by square.
the class CallTest method recoverFromTlsHandshakeFailure_tlsFallbackScsvEnabled.
@Test
public void recoverFromTlsHandshakeFailure_tlsFallbackScsvEnabled() throws Exception {
final String tlsFallbackScsv = "TLS_FALLBACK_SCSV";
List<String> supportedCiphers = Arrays.asList(sslClient.socketFactory.getSupportedCipherSuites());
if (!supportedCiphers.contains(tlsFallbackScsv)) {
// This only works if the client socket supports TLS_FALLBACK_SCSV.
return;
}
server.useHttps(sslClient.socketFactory, false);
server.enqueue(new MockResponse().setSocketPolicy(SocketPolicy.FAIL_HANDSHAKE));
RecordingSSLSocketFactory clientSocketFactory = new RecordingSSLSocketFactory(sslClient.socketFactory);
client = client.newBuilder().sslSocketFactory(clientSocketFactory, sslClient.trustManager).connectionSpecs(Arrays.asList(ConnectionSpec.MODERN_TLS, ConnectionSpec.COMPATIBLE_TLS)).hostnameVerifier(new RecordingHostnameVerifier()).dns(new SingleInetAddressDns()).build();
Request request = new Request.Builder().url(server.url("/")).build();
try {
client.newCall(request).execute();
fail();
} catch (SSLHandshakeException expected) {
}
List<SSLSocket> clientSockets = clientSocketFactory.getSocketsCreated();
SSLSocket firstSocket = clientSockets.get(0);
assertFalse(Arrays.asList(firstSocket.getEnabledCipherSuites()).contains(tlsFallbackScsv));
SSLSocket secondSocket = clientSockets.get(1);
assertTrue(Arrays.asList(secondSocket.getEnabledCipherSuites()).contains(tlsFallbackScsv));
}
Also used :
MockResponse(okhttp3.mockwebserver.MockResponse)
SSLSocket(javax.net.ssl.SSLSocket)
RecordedRequest(okhttp3.mockwebserver.RecordedRequest)
SingleInetAddressDns(okhttp3.internal.SingleInetAddressDns)
SSLHandshakeException(javax.net.ssl.SSLHandshakeException)
Test(org.junit.Test)
Example 12 with Dns
use of okhttp3.Dns in project okhttp by square.
the class HostnameVerifierTest method subjectAltNameWithWildcard.
@Test
public void subjectAltNameWithWildcard() throws Exception {
// $ cat ./cert.cnf
// [req]
// distinguished_name=distinguished_name
// req_extensions=req_extensions
// x509_extensions=x509_extensions
// [distinguished_name]
// [req_extensions]
// [x509_extensions]
// subjectAltName=DNS:bar.com,DNS:*.baz.com
//
// $ openssl req -x509 -nodes -days 36500 -subj '/CN=foo.com' -config ./cert.cnf \
// -newkey rsa:512 -out cert.pem
SSLSession session = session("" + "-----BEGIN CERTIFICATE-----\n" + "MIIBPzCB6qADAgECAgkAnv/7Jv5r7pMwDQYJKoZIhvcNAQEFBQAwEjEQMA4GA1UE\n" + "AxMHZm9vLmNvbTAgFw0xMDEyMjAxODQ2MDFaGA8yMTEwMTEyNjE4NDYwMVowEjEQ\n" + "MA4GA1UEAxMHZm9vLmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDAz2YXnyog\n" + "YdYLSFr/OEgSumtwqtZKJTB4wqTW/eKbBCEzxnyUMxWZIqUGu353PzwfOuWp2re3\n" + "nvVV+QDYQlh9AgMBAAGjITAfMB0GA1UdEQQWMBSCB2Jhci5jb22CCSouYmF6LmNv\n" + "bTANBgkqhkiG9w0BAQUFAANBAB8yrSl8zqy07i0SNYx2B/FnvQY734pxioaqFWfO\n" + "Bqo1ZZl/9aPHEWIwBrxYNVB0SGu/kkbt/vxqOjzzrkXukmI=\n" + "-----END CERTIFICATE-----");
assertFalse(verifier.verify("foo.com", session));
assertTrue(verifier.verify("bar.com", session));
assertTrue(verifier.verify("a.baz.com", session));
assertFalse(verifier.verify("baz.com", session));
assertFalse(verifier.verify("a.foo.com", session));
assertFalse(verifier.verify("a.bar.com", session));
assertFalse(verifier.verify("quux.com", session));
}
Also used :
SSLSession(javax.net.ssl.SSLSession)
FakeSSLSession(okhttp3.FakeSSLSession)
Test(org.junit.Test)
Example 13 with Dns
use of okhttp3.Dns in project okhttp by square.
the class EventListenerTest method noSecureConnectsOnPooledConnection.
@Test
public void noSecureConnectsOnPooledConnection() throws IOException {
enableTlsWithTunnel(false);
server.enqueue(new MockResponse());
server.enqueue(new MockResponse());
client = client.newBuilder().dns(new DoubleInetAddressDns()).build();
// Seed the pool.
Call call1 = client.newCall(new Request.Builder().url(server.url("/")).build());
Response response1 = call1.execute();
assertThat(response1.code()).isEqualTo(200);
response1.body().close();
listener.clearAllEvents();
Call call2 = client.newCall(new Request.Builder().url(server.url("/")).build());
Response response2 = call2.execute();
assertThat(response2.code()).isEqualTo(200);
response2.body().close();
List<String> recordedEvents = listener.recordedEventTypes();
assertThat(recordedEvents).doesNotContain("SecureConnectStart");
assertThat(recordedEvents).doesNotContain("SecureConnectEnd");
}
Also used :
MockResponse(mockwebserver3.MockResponse)
MockResponse(mockwebserver3.MockResponse)
DoubleInetAddressDns(okhttp3.internal.DoubleInetAddressDns)
Test(org.junit.jupiter.api.Test)
Example 14 with Dns
use of okhttp3.Dns in project okhttp by square.
the class EventListenerTest method failedDnsLookup.
@Test
public void failedDnsLookup() {
client = client.newBuilder().dns(new FakeDns()).build();
Call call = client.newCall(new Request.Builder().url("http://fakeurl/").build());
try {
call.execute();
fail();
} catch (IOException expected) {
}
listener.removeUpToEvent(DnsStart.class);
CallFailed callFailed = listener.removeUpToEvent(CallFailed.class);
assertThat(callFailed.getCall()).isSameAs(call);
assertThat(callFailed.getIoe()).isInstanceOf(UnknownHostException.class);
}
Also used :
CallFailed(okhttp3.CallEvent.CallFailed)
InterruptedIOException(java.io.InterruptedIOException)
IOException(java.io.IOException)
Test(org.junit.jupiter.api.Test)
Example 15 with Dns
use of okhttp3.Dns in project okhttp by square.
the class ConnectionCoalescingTest method setUp.
@BeforeEach
public void setUp(MockWebServer server) throws Exception {
this.server = server;
platform.assumeHttp2Support();
platform.assumeNotBouncyCastle();
rootCa = new HeldCertificate.Builder().serialNumber(1L).certificateAuthority(0).commonName("root").build();
certificate = new HeldCertificate.Builder().signedBy(rootCa).serialNumber(2L).commonName(server.getHostName()).addSubjectAlternativeName(server.getHostName()).addSubjectAlternativeName("san.com").addSubjectAlternativeName("*.wildcard.com").addSubjectAlternativeName("differentdns.com").build();
serverIps = Dns.SYSTEM.lookup(server.getHostName());
dns.set(server.getHostName(), serverIps);
dns.set("san.com", serverIps);
dns.set("nonsan.com", serverIps);
dns.set("www.wildcard.com", serverIps);
dns.set("differentdns.com", Collections.emptyList());
HandshakeCertificates handshakeCertificates = new HandshakeCertificates.Builder().addTrustedCertificate(rootCa.certificate()).build();
client = clientTestRule.newClientBuilder().fastFallback(// Avoid data races.
false).dns(dns).sslSocketFactory(handshakeCertificates.sslSocketFactory(), handshakeCertificates.trustManager()).build();
HandshakeCertificates serverHandshakeCertificates = new HandshakeCertificates.Builder().heldCertificate(certificate).build();
server.useHttps(serverHandshakeCertificates.sslSocketFactory(), false);
url = server.url("/robots.txt");
}
Also used :
HandshakeCertificates(okhttp3.tls.HandshakeCertificates)
HeldCertificate(okhttp3.tls.HeldCertificate)
BeforeEach(org.junit.jupiter.api.BeforeEach)
Aggregations
Test (org.junit.Test)23
MockResponse (okhttp3.mockwebserver.MockResponse)13
OkHttpClient (okhttp3.OkHttpClient)12
DoubleInetAddressDns (okhttp3.internal.DoubleInetAddressDns)10
Test (org.junit.jupiter.api.Test)9
IOException (java.io.IOException)8
Request (okhttp3.Request)8
SingleInetAddressDns (okhttp3.internal.SingleInetAddressDns)8
InetAddress (java.net.InetAddress)7
RecordedRequest (okhttp3.mockwebserver.RecordedRequest)7
MockResponse (mockwebserver3.MockResponse)6
Response (okhttp3.Response)6
HttpURLConnection (java.net.HttpURLConnection)5
InetSocketAddress (java.net.InetSocketAddress)5
UnknownHostException (java.net.UnknownHostException)5
List (java.util.List)4
X509TrustManager (javax.net.ssl.X509TrustManager)4
Dns (okhttp3.Dns)4
Interceptor (okhttp3.Interceptor)4
HandshakeCertificates (okhttp3.tls.HandshakeCertificates)4
