use of okhttp3.tls.HeldCertificate in project okhttp by square.
the class CertificateChainCleanerTest method equalsFromCertificate.
@Test
public void equalsFromCertificate() {
HeldCertificate rootA = new HeldCertificate.Builder().serialNumber(1L).build();
HeldCertificate rootB = new HeldCertificate.Builder().serialNumber(2L).build();
assertThat(CertificateChainCleaner.Companion.get(rootB.certificate(), rootA.certificate())).isEqualTo(CertificateChainCleaner.Companion.get(rootA.certificate(), rootB.certificate()));
}
use of okhttp3.tls.HeldCertificate in project okhttp by square.
the class CertificateChainCleanerTest method normalizeUnknownSelfSignedCertificate.
@Test
public void normalizeUnknownSelfSignedCertificate() {
HeldCertificate root = new HeldCertificate.Builder().serialNumber(1L).build();
CertificateChainCleaner cleaner = CertificateChainCleaner.Companion.get();
try {
cleaner.clean(list(root), "hostname");
fail();
} catch (SSLPeerUnverifiedException expected) {
}
}
use of okhttp3.tls.HeldCertificate in project okhttp by square.
the class ConnectionCoalescingTest method setUp.
@BeforeEach
public void setUp(MockWebServer server) throws Exception {
this.server = server;
platform.assumeHttp2Support();
platform.assumeNotBouncyCastle();
rootCa = new HeldCertificate.Builder().serialNumber(1L).certificateAuthority(0).commonName("root").build();
certificate = new HeldCertificate.Builder().signedBy(rootCa).serialNumber(2L).commonName(server.getHostName()).addSubjectAlternativeName(server.getHostName()).addSubjectAlternativeName("san.com").addSubjectAlternativeName("*.wildcard.com").addSubjectAlternativeName("differentdns.com").build();
serverIps = Dns.SYSTEM.lookup(server.getHostName());
dns.set(server.getHostName(), serverIps);
dns.set("san.com", serverIps);
dns.set("nonsan.com", serverIps);
dns.set("www.wildcard.com", serverIps);
dns.set("differentdns.com", Collections.emptyList());
HandshakeCertificates handshakeCertificates = new HandshakeCertificates.Builder().addTrustedCertificate(rootCa.certificate()).build();
client = clientTestRule.newClientBuilder().fastFallback(// Avoid data races.
false).dns(dns).sslSocketFactory(handshakeCertificates.sslSocketFactory(), handshakeCertificates.trustManager()).build();
HandshakeCertificates serverHandshakeCertificates = new HandshakeCertificates.Builder().heldCertificate(certificate).build();
server.useHttps(serverHandshakeCertificates.sslSocketFactory(), false);
url = server.url("/robots.txt");
}
use of okhttp3.tls.HeldCertificate in project okhttp by square.
the class MockWebServerTest method httpsWithClientAuth.
@Test
public void httpsWithClientAuth() throws Exception {
assumeFalse(getPlatform().equals("conscrypt"));
HeldCertificate clientCa = new HeldCertificate.Builder().certificateAuthority(0).build();
HeldCertificate serverCa = new HeldCertificate.Builder().certificateAuthority(0).build();
HeldCertificate serverCertificate = new HeldCertificate.Builder().signedBy(serverCa).addSubjectAlternativeName(server.getHostName()).build();
HandshakeCertificates serverHandshakeCertificates = new HandshakeCertificates.Builder().addTrustedCertificate(clientCa.certificate()).heldCertificate(serverCertificate).build();
server.useHttps(serverHandshakeCertificates.sslSocketFactory(), false);
server.enqueue(new MockResponse().setBody("abc"));
server.requestClientAuth();
HeldCertificate clientCertificate = new HeldCertificate.Builder().signedBy(clientCa).build();
HandshakeCertificates clientHandshakeCertificates = new HandshakeCertificates.Builder().addTrustedCertificate(serverCa.certificate()).heldCertificate(clientCertificate).build();
HttpUrl url = server.url("/");
HttpsURLConnection connection = (HttpsURLConnection) url.url().openConnection();
connection.setSSLSocketFactory(clientHandshakeCertificates.sslSocketFactory());
connection.setHostnameVerifier(new RecordingHostnameVerifier());
assertThat(connection.getResponseCode()).isEqualTo(HttpURLConnection.HTTP_OK);
BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream(), UTF_8));
assertThat(reader.readLine()).isEqualTo("abc");
RecordedRequest request = server.takeRequest();
assertThat(request.getRequestUrl().scheme()).isEqualTo("https");
Handshake handshake = request.getHandshake();
assertThat(handshake.tlsVersion()).isNotNull();
assertThat(handshake.cipherSuite()).isNotNull();
assertThat(handshake.localPrincipal()).isNotNull();
assertThat(handshake.localCertificates().size()).isEqualTo(1);
assertThat(handshake.peerPrincipal()).isNotNull();
assertThat(handshake.peerCertificates().size()).isEqualTo(1);
}
use of okhttp3.tls.HeldCertificate in project okhttp by square.
the class CertificatePinnerChainValidationTest method pinIntermediatePresentInChain.
/**
* The pinner should accept an intermediate from the server's chain.
*/
@Test
public void pinIntermediatePresentInChain() throws Exception {
// Fails on 11.0.1 https://github.com/square/okhttp/issues/4703
HeldCertificate rootCa = new HeldCertificate.Builder().serialNumber(1L).certificateAuthority(1).commonName("root").build();
HeldCertificate intermediateCa = new HeldCertificate.Builder().signedBy(rootCa).certificateAuthority(0).serialNumber(2L).commonName("intermediate_ca").build();
HeldCertificate certificate = new HeldCertificate.Builder().signedBy(intermediateCa).serialNumber(3L).commonName(server.getHostName()).build();
CertificatePinner certificatePinner = new CertificatePinner.Builder().add(server.getHostName(), CertificatePinner.pin(intermediateCa.certificate())).build();
HandshakeCertificates handshakeCertificates = new HandshakeCertificates.Builder().addTrustedCertificate(rootCa.certificate()).build();
OkHttpClient client = clientTestRule.newClientBuilder().sslSocketFactory(handshakeCertificates.sslSocketFactory(), handshakeCertificates.trustManager()).hostnameVerifier(new RecordingHostnameVerifier()).certificatePinner(certificatePinner).build();
HandshakeCertificates serverHandshakeCertificates = new HandshakeCertificates.Builder().heldCertificate(certificate, intermediateCa.certificate()).build();
server.useHttps(serverHandshakeCertificates.sslSocketFactory(), false);
// The request should complete successfully.
server.enqueue(new MockResponse().setBody("abc").setSocketPolicy(SocketPolicy.DISCONNECT_AT_END));
Call call1 = client.newCall(new Request.Builder().url(server.url("/")).build());
Response response1 = call1.execute();
assertThat(response1.body().string()).isEqualTo("abc");
response1.close();
// Force a fresh connection for the next request.
client.connectionPool().evictAll();
// Confirm that a second request also succeeds. This should detect caching problems.
server.enqueue(new MockResponse().setBody("def").setSocketPolicy(SocketPolicy.DISCONNECT_AT_END));
Call call2 = client.newCall(new Request.Builder().url(server.url("/")).build());
Response response2 = call2.execute();
assertThat(response2.body().string()).isEqualTo("def");
response2.close();
}
Aggregations