Example 1 with CustomCheckX509TrustManager
use of org.apache.druid.server.security.CustomCheckX509TrustManager in project druid by druid-io.
the class JettyTest method testCustomCheckX509TrustManagerSetEndpointIdentificationAlgorithmToNullWithValidateServerHostnamesSetToFalse.
@Test
public void testCustomCheckX509TrustManagerSetEndpointIdentificationAlgorithmToNullWithValidateServerHostnamesSetToFalse() throws Exception {
SslContextFactory.Server server = injector.getInstance(SslContextFactory.Server.class);
server.setEndpointIdentificationAlgorithm("HTTPS");
server.start();
SSLEngine sslEngine = server.newSSLEngine();
X509ExtendedTrustManager mockX509ExtendedTrustManager = Mockito.mock(X509ExtendedTrustManager.class);
TLSCertificateChecker mockTLSCertificateChecker = Mockito.mock(TLSCertificateChecker.class);
X509Certificate mockX509Certificate = Mockito.mock(X509Certificate.class);
String authType = "testAuthType";
X509Certificate[] chain = new X509Certificate[] { mockX509Certificate };
// The EndpointIdentificationAlgorithm should not be null as we set it to HTTPS earlier
Assert.assertNotNull(sslEngine.getSSLParameters().getEndpointIdentificationAlgorithm());
CustomCheckX509TrustManager customCheckX509TrustManager = new CustomCheckX509TrustManager(mockX509ExtendedTrustManager, mockTLSCertificateChecker, false);
customCheckX509TrustManager.checkServerTrusted(chain, authType, sslEngine);
ArgumentCaptor<SSLEngine> captor = ArgumentCaptor.forClass(SSLEngine.class);
Mockito.verify(mockTLSCertificateChecker).checkServer(ArgumentMatchers.eq(chain), ArgumentMatchers.eq(authType), captor.capture(), ArgumentMatchers.eq(mockX509ExtendedTrustManager));
SSLEngine transformedSSLEngine = captor.getValue();
// The EndpointIdentificationAlgorithm should be null or empty Stringas the CustomCheckX509TrustManager
// has validateServerHostnames set to false
String endpointIdentificationAlgorithm = transformedSSLEngine.getSSLParameters().getEndpointIdentificationAlgorithm();
Assert.assertTrue(endpointIdentificationAlgorithm == null || endpointIdentificationAlgorithm.isEmpty());
}
Also used :
SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory)
X509ExtendedTrustManager(javax.net.ssl.X509ExtendedTrustManager)
TLSCertificateChecker(org.apache.druid.server.security.TLSCertificateChecker)
SSLEngine(javax.net.ssl.SSLEngine)
CustomCheckX509TrustManager(org.apache.druid.server.security.CustomCheckX509TrustManager)
X509Certificate(java.security.cert.X509Certificate)
Test(org.junit.Test)
Aggregations
X509Certificate (java.security.cert.X509Certificate)1
SSLEngine (javax.net.ssl.SSLEngine)1
X509ExtendedTrustManager (javax.net.ssl.X509ExtendedTrustManager)1
CustomCheckX509TrustManager (org.apache.druid.server.security.CustomCheckX509TrustManager)1
TLSCertificateChecker (org.apache.druid.server.security.TLSCertificateChecker)1
SslContextFactory (org.eclipse.jetty.util.ssl.SslContextFactory)1
Test (org.junit.Test)1
