use of okhttp3.internal.tls.HeldCertificate in project okhttp by square.
the class ClientAuthTest method invalidClientAuthFails.
@Test
public void invalidClientAuthFails() throws Throwable {
HeldCertificate clientCert2 = new HeldCertificate.Builder().serialNumber("4").commonName("Jethro Willis").build();
OkHttpClient client = buildClient(clientCert2);
SSLSocketFactory socketFactory = buildServerSslSocketFactory(ClientAuth.NEEDS);
server.useHttps(socketFactory, false);
Call call = client.newCall(new Request.Builder().url(server.url("/")).build());
try {
call.execute();
fail();
} catch (SSLHandshakeException expected) {
} catch (SocketException expected) {
// JDK 9
}
}
use of okhttp3.internal.tls.HeldCertificate in project okhttp by square.
the class CallTest method httpsWithIpAddress.
@Test
public void httpsWithIpAddress() throws Exception {
String localIpAddress = InetAddress.getLoopbackAddress().getHostAddress();
// Create a certificate with an IP address in the subject alt name.
HeldCertificate heldCertificate = new HeldCertificate.Builder().commonName("example.com").subjectAlternativeName(localIpAddress).build();
SslClient sslClient = new SslClient.Builder().certificateChain(heldCertificate.keyPair, heldCertificate.certificate).addTrustedCertificate(heldCertificate.certificate).build();
// Use that certificate on the server and trust it on the client.
server.useHttps(sslClient.socketFactory, false);
client = client.newBuilder().sslSocketFactory(sslClient.socketFactory, sslClient.trustManager).hostnameVerifier(new RecordingHostnameVerifier()).protocols(Collections.singletonList(Protocol.HTTP_1_1)).build();
// Make a request.
server.enqueue(new MockResponse());
HttpUrl url = server.url("/").newBuilder().host(localIpAddress).build();
Request request = new Request.Builder().url(url).build();
executeSynchronously(request).assertCode(200);
// Confirm that the IP address was used in the host header.
RecordedRequest recordedRequest = server.takeRequest();
assertEquals(localIpAddress + ":" + server.getPort(), recordedRequest.getHeader("Host"));
}
use of okhttp3.internal.tls.HeldCertificate in project okhttp by square.
the class CertificatePinnerTest method sameKeypairSamePin.
/** Multiple certificates generated from the same keypair have the same pin. */
@Test
public void sameKeypairSamePin() throws Exception {
HeldCertificate heldCertificateA2 = new HeldCertificate.Builder().keyPair(certA1.keyPair).serialNumber("101").build();
String keypairACertificate2Pin = CertificatePinner.pin(heldCertificateA2.certificate);
HeldCertificate heldCertificateB2 = new HeldCertificate.Builder().keyPair(certB1.keyPair).serialNumber("201").build();
String keypairBCertificate2Pin = CertificatePinner.pin(heldCertificateB2.certificate);
assertTrue(certA1Sha256Pin.equals(keypairACertificate2Pin));
assertTrue(certB1Sha256Pin.equals(keypairBCertificate2Pin));
assertFalse(certA1Sha256Pin.equals(certB1Sha256Pin));
}
use of okhttp3.internal.tls.HeldCertificate in project okhttp by square.
the class CertificateChainCleanerTest method unrelatedCertificatesAreOmitted.
@Test
public void unrelatedCertificatesAreOmitted() throws Exception {
HeldCertificate root = new HeldCertificate.Builder().serialNumber("1").build();
HeldCertificate certA = new HeldCertificate.Builder().serialNumber("2").issuedBy(root).build();
HeldCertificate certB = new HeldCertificate.Builder().serialNumber("3").issuedBy(certA).build();
HeldCertificate certUnnecessary = new HeldCertificate.Builder().serialNumber("4").build();
CertificateChainCleaner cleaner = CertificateChainCleaner.get(root.certificate);
assertEquals(list(certB, certA, root), cleaner.clean(list(certB, certUnnecessary, certA, root), "hostname"));
}
use of okhttp3.internal.tls.HeldCertificate in project okhttp by square.
the class CertificateChainCleanerTest method chainMaxLength.
@Test
public void chainMaxLength() throws Exception {
List<HeldCertificate> heldCertificates = chainOfLength(10);
List<Certificate> certificates = new ArrayList<>();
for (HeldCertificate heldCertificate : heldCertificates) {
certificates.add(heldCertificate.certificate);
}
X509Certificate root = heldCertificates.get(heldCertificates.size() - 1).certificate;
CertificateChainCleaner cleaner = CertificateChainCleaner.get(root);
assertEquals(certificates, cleaner.clean(certificates, "hostname"));
assertEquals(certificates, cleaner.clean(certificates.subList(0, 9), "hostname"));
}
Aggregations