Search in sources :

Example 1 with CustomCheckX509TrustManager

use of org.apache.druid.server.security.CustomCheckX509TrustManager in project druid by druid-io.

the class JettyTest method testCustomCheckX509TrustManagerSetEndpointIdentificationAlgorithmToNullWithValidateServerHostnamesSetToFalse.

@Test
public void testCustomCheckX509TrustManagerSetEndpointIdentificationAlgorithmToNullWithValidateServerHostnamesSetToFalse() throws Exception {
    SslContextFactory.Server server = injector.getInstance(SslContextFactory.Server.class);
    server.setEndpointIdentificationAlgorithm("HTTPS");
    server.start();
    SSLEngine sslEngine = server.newSSLEngine();
    X509ExtendedTrustManager mockX509ExtendedTrustManager = Mockito.mock(X509ExtendedTrustManager.class);
    TLSCertificateChecker mockTLSCertificateChecker = Mockito.mock(TLSCertificateChecker.class);
    X509Certificate mockX509Certificate = Mockito.mock(X509Certificate.class);
    String authType = "testAuthType";
    X509Certificate[] chain = new X509Certificate[] { mockX509Certificate };
    // The EndpointIdentificationAlgorithm should not be null as we set it to HTTPS earlier
    Assert.assertNotNull(sslEngine.getSSLParameters().getEndpointIdentificationAlgorithm());
    CustomCheckX509TrustManager customCheckX509TrustManager = new CustomCheckX509TrustManager(mockX509ExtendedTrustManager, mockTLSCertificateChecker, false);
    customCheckX509TrustManager.checkServerTrusted(chain, authType, sslEngine);
    ArgumentCaptor<SSLEngine> captor = ArgumentCaptor.forClass(SSLEngine.class);
    Mockito.verify(mockTLSCertificateChecker).checkServer(ArgumentMatchers.eq(chain), ArgumentMatchers.eq(authType), captor.capture(), ArgumentMatchers.eq(mockX509ExtendedTrustManager));
    SSLEngine transformedSSLEngine = captor.getValue();
    // The EndpointIdentificationAlgorithm should be null or empty Stringas the CustomCheckX509TrustManager
    // has validateServerHostnames set to false
    String endpointIdentificationAlgorithm = transformedSSLEngine.getSSLParameters().getEndpointIdentificationAlgorithm();
    Assert.assertTrue(endpointIdentificationAlgorithm == null || endpointIdentificationAlgorithm.isEmpty());
}
Also used : SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) X509ExtendedTrustManager(javax.net.ssl.X509ExtendedTrustManager) TLSCertificateChecker(org.apache.druid.server.security.TLSCertificateChecker) SSLEngine(javax.net.ssl.SSLEngine) CustomCheckX509TrustManager(org.apache.druid.server.security.CustomCheckX509TrustManager) X509Certificate(java.security.cert.X509Certificate) Test(org.junit.Test)

Aggregations

X509Certificate (java.security.cert.X509Certificate)1 SSLEngine (javax.net.ssl.SSLEngine)1 X509ExtendedTrustManager (javax.net.ssl.X509ExtendedTrustManager)1 CustomCheckX509TrustManager (org.apache.druid.server.security.CustomCheckX509TrustManager)1 TLSCertificateChecker (org.apache.druid.server.security.TLSCertificateChecker)1 SslContextFactory (org.eclipse.jetty.util.ssl.SslContextFactory)1 Test (org.junit.Test)1