Search in sources :

Example 11 with HeldCertificate

use of okhttp3.internal.tls.HeldCertificate in project okhttp by square.

the class ClientAuthTest method invalidClientAuthFails.

@Test
public void invalidClientAuthFails() throws Throwable {
    HeldCertificate clientCert2 = new HeldCertificate.Builder().serialNumber("4").commonName("Jethro Willis").build();
    OkHttpClient client = buildClient(clientCert2);
    SSLSocketFactory socketFactory = buildServerSslSocketFactory(ClientAuth.NEEDS);
    server.useHttps(socketFactory, false);
    Call call = client.newCall(new Request.Builder().url(server.url("/")).build());
    try {
        call.execute();
        fail();
    } catch (SSLHandshakeException expected) {
    } catch (SocketException expected) {
    // JDK 9
    }
}
Also used : Call(okhttp3.Call) SocketException(java.net.SocketException) OkHttpClient(okhttp3.OkHttpClient) Request(okhttp3.Request) DelegatingSSLSocketFactory(okhttp3.DelegatingSSLSocketFactory) SSLSocketFactory(javax.net.ssl.SSLSocketFactory) SSLHandshakeException(javax.net.ssl.SSLHandshakeException) Test(org.junit.Test)

Example 12 with HeldCertificate

use of okhttp3.internal.tls.HeldCertificate in project okhttp by square.

the class CallTest method httpsWithIpAddress.

@Test
public void httpsWithIpAddress() throws Exception {
    String localIpAddress = InetAddress.getLoopbackAddress().getHostAddress();
    // Create a certificate with an IP address in the subject alt name.
    HeldCertificate heldCertificate = new HeldCertificate.Builder().commonName("example.com").subjectAlternativeName(localIpAddress).build();
    SslClient sslClient = new SslClient.Builder().certificateChain(heldCertificate.keyPair, heldCertificate.certificate).addTrustedCertificate(heldCertificate.certificate).build();
    // Use that certificate on the server and trust it on the client.
    server.useHttps(sslClient.socketFactory, false);
    client = client.newBuilder().sslSocketFactory(sslClient.socketFactory, sslClient.trustManager).hostnameVerifier(new RecordingHostnameVerifier()).protocols(Collections.singletonList(Protocol.HTTP_1_1)).build();
    // Make a request.
    server.enqueue(new MockResponse());
    HttpUrl url = server.url("/").newBuilder().host(localIpAddress).build();
    Request request = new Request.Builder().url(url).build();
    executeSynchronously(request).assertCode(200);
    // Confirm that the IP address was used in the host header.
    RecordedRequest recordedRequest = server.takeRequest();
    assertEquals(localIpAddress + ":" + server.getPort(), recordedRequest.getHeader("Host"));
}
Also used : RecordedRequest(okhttp3.mockwebserver.RecordedRequest) MockResponse(okhttp3.mockwebserver.MockResponse) SslClient(okhttp3.internal.tls.SslClient) HeldCertificate(okhttp3.internal.tls.HeldCertificate) RecordedRequest(okhttp3.mockwebserver.RecordedRequest) Test(org.junit.Test)

Example 13 with HeldCertificate

use of okhttp3.internal.tls.HeldCertificate in project okhttp by square.

the class CertificatePinnerTest method sameKeypairSamePin.

/** Multiple certificates generated from the same keypair have the same pin. */
@Test
public void sameKeypairSamePin() throws Exception {
    HeldCertificate heldCertificateA2 = new HeldCertificate.Builder().keyPair(certA1.keyPair).serialNumber("101").build();
    String keypairACertificate2Pin = CertificatePinner.pin(heldCertificateA2.certificate);
    HeldCertificate heldCertificateB2 = new HeldCertificate.Builder().keyPair(certB1.keyPair).serialNumber("201").build();
    String keypairBCertificate2Pin = CertificatePinner.pin(heldCertificateB2.certificate);
    assertTrue(certA1Sha256Pin.equals(keypairACertificate2Pin));
    assertTrue(certB1Sha256Pin.equals(keypairBCertificate2Pin));
    assertFalse(certA1Sha256Pin.equals(certB1Sha256Pin));
}
Also used : HeldCertificate(okhttp3.internal.tls.HeldCertificate) Test(org.junit.Test)

Example 14 with HeldCertificate

use of okhttp3.internal.tls.HeldCertificate in project okhttp by square.

the class CertificateChainCleanerTest method unrelatedCertificatesAreOmitted.

@Test
public void unrelatedCertificatesAreOmitted() throws Exception {
    HeldCertificate root = new HeldCertificate.Builder().serialNumber("1").build();
    HeldCertificate certA = new HeldCertificate.Builder().serialNumber("2").issuedBy(root).build();
    HeldCertificate certB = new HeldCertificate.Builder().serialNumber("3").issuedBy(certA).build();
    HeldCertificate certUnnecessary = new HeldCertificate.Builder().serialNumber("4").build();
    CertificateChainCleaner cleaner = CertificateChainCleaner.get(root.certificate);
    assertEquals(list(certB, certA, root), cleaner.clean(list(certB, certUnnecessary, certA, root), "hostname"));
}
Also used : HeldCertificate(okhttp3.internal.tls.HeldCertificate) CertificateChainCleaner(okhttp3.internal.tls.CertificateChainCleaner) Test(org.junit.Test)

Example 15 with HeldCertificate

use of okhttp3.internal.tls.HeldCertificate in project okhttp by square.

the class CertificateChainCleanerTest method chainMaxLength.

@Test
public void chainMaxLength() throws Exception {
    List<HeldCertificate> heldCertificates = chainOfLength(10);
    List<Certificate> certificates = new ArrayList<>();
    for (HeldCertificate heldCertificate : heldCertificates) {
        certificates.add(heldCertificate.certificate);
    }
    X509Certificate root = heldCertificates.get(heldCertificates.size() - 1).certificate;
    CertificateChainCleaner cleaner = CertificateChainCleaner.get(root);
    assertEquals(certificates, cleaner.clean(certificates, "hostname"));
    assertEquals(certificates, cleaner.clean(certificates.subList(0, 9), "hostname"));
}
Also used : HeldCertificate(okhttp3.internal.tls.HeldCertificate) ArrayList(java.util.ArrayList) X509Certificate(java.security.cert.X509Certificate) CertificateChainCleaner(okhttp3.internal.tls.CertificateChainCleaner) X509Certificate(java.security.cert.X509Certificate) HeldCertificate(okhttp3.internal.tls.HeldCertificate) Certificate(java.security.cert.Certificate) Test(org.junit.Test)

Aggregations

Test (org.junit.Test)19 HeldCertificate (okhttp3.internal.tls.HeldCertificate)14 CertificateChainCleaner (okhttp3.internal.tls.CertificateChainCleaner)11 Call (okhttp3.Call)5 OkHttpClient (okhttp3.OkHttpClient)5 Request (okhttp3.Request)5 MockResponse (okhttp3.mockwebserver.MockResponse)5 SSLPeerUnverifiedException (javax.net.ssl.SSLPeerUnverifiedException)4 CertificatePinner (okhttp3.CertificatePinner)4 RecordingHostnameVerifier (okhttp3.RecordingHostnameVerifier)4 Certificate (java.security.cert.Certificate)2 X509Certificate (java.security.cert.X509Certificate)2 ArrayList (java.util.ArrayList)2 SSLHandshakeException (javax.net.ssl.SSLHandshakeException)2 Response (okhttp3.Response)2 SocketException (java.net.SocketException)1 SSLSocketFactory (javax.net.ssl.SSLSocketFactory)1 DelegatingSSLSocketFactory (okhttp3.DelegatingSSLSocketFactory)1 SslClient (okhttp3.internal.tls.SslClient)1 RecordedRequest (okhttp3.mockwebserver.RecordedRequest)1