Example 1 with ConfigurationStore
use of org.carapaceproxy.configstore.ConfigurationStore in project carapaceproxy by diennea.
the class CertificatesTest method testUploadTypedCertificatesWithDaysBeforeRenewal.
@Test
@Parameters({ "acme", "manual" })
public void testUploadTypedCertificatesWithDaysBeforeRenewal(String type) throws Exception {
configureAndStartServer();
int port = server.getLocalPort();
DynamicCertificatesManager dynCertsMan = server.getDynamicCertificatesManager();
KeyPair endUserKeyPair = KeyPairUtils.createKeyPair(DEFAULT_KEYPAIRS_SIZE);
Certificate[] chain = generateSampleChain(endUserKeyPair, false);
byte[] chainData = createKeystore(chain, endUserKeyPair.getPrivate());
try (RawHttpClient client = new RawHttpClient("localhost", DEFAULT_ADMIN_PORT)) {
// Create
HttpResponse resp = uploadCertificate("localhost2", "type=" + type + "&daysbeforerenewal=10", chainData, client, credentials);
if (type.equals("manual")) {
assertTrue(resp.getBodyString().contains("ERROR: param 'daysbeforerenewal' available for type 'acme' only"));
} else {
CertificateData data = dynCertsMan.getCertificateDataForDomain("localhost2");
assertNotNull(data);
assertEquals(10, data.getDaysBeforeRenewal());
}
// negative value
resp = uploadCertificate("localhost-negative", "type=" + type + "&daysbeforerenewal=-10", chainData, client, credentials);
if (type.equals("manual")) {
assertTrue(resp.getBodyString().contains("ERROR: param 'daysbeforerenewal' available for type 'acme' only"));
} else {
assertTrue(resp.getBodyString().contains("ERROR: param 'daysbeforerenewal' has to be a positive number"));
}
// default value
uploadCertificate("localhost-default", "type=" + type, chainData, client, credentials);
CertificateData data = dynCertsMan.getCertificateDataForDomain("localhost-default");
assertNotNull(data);
assertEquals(type.equals("manual") ? 0 : DEFAULT_DAYS_BEFORE_RENEWAL, data.getDaysBeforeRenewal());
// Update
uploadCertificate("localhost2", "type=" + type + "&daysbeforerenewal=45", chainData, client, credentials);
if (type.equals("manual")) {
assertTrue(resp.getBodyString().contains("ERROR: param 'daysbeforerenewal' available for type 'acme' only"));
} else {
data = dynCertsMan.getCertificateDataForDomain("localhost2");
assertNotNull(data);
assertEquals(45, data.getDaysBeforeRenewal());
}
// negative value
resp = uploadCertificate("localhost2", "type=" + type + "&daysbeforerenewal=-10", chainData, client, credentials);
if (type.equals("manual")) {
assertTrue(resp.getBodyString().contains("ERROR: param 'daysbeforerenewal' available for type 'acme' only"));
} else {
assertTrue(resp.getBodyString().contains("ERROR: param 'daysbeforerenewal' has to be a positive number"));
}
// default value
uploadCertificate("localhost2", "type=" + type, chainData, client, credentials);
data = dynCertsMan.getCertificateDataForDomain("localhost2");
assertNotNull(data);
assertEquals(type.equals("manual") ? 0 : DEFAULT_DAYS_BEFORE_RENEWAL, data.getDaysBeforeRenewal());
// changing the type (acme <-> manual)
String other = type.equals("manual") ? "acme" : "manual";
uploadCertificate("localhost2", "type=" + other, chainData, client, credentials);
data = dynCertsMan.getCertificateDataForDomain("localhost2");
assertNotNull(data);
assertEquals(other.equals("manual") ? 0 : DEFAULT_DAYS_BEFORE_RENEWAL, data.getDaysBeforeRenewal());
SSLCertificateConfiguration config = server.getCurrentConfiguration().getCertificates().get("localhost2");
assertEquals(other.equals("manual") ? 0 : DEFAULT_DAYS_BEFORE_RENEWAL, config.getDaysBeforeRenewal());
// checking for "certificate.X.daysbeforerenewal" property delete
ConfigurationStore store = server.getDynamicConfigurationStore();
assertEquals(other.equals("acme"), store.anyPropertyMatches((k, v) -> {
if (k.matches("certificate\\.[0-9]+\\.hostname") && v.equals("localhost2")) {
return store.getProperty(k.replace("hostname", "daysbeforerenewal"), null) != null;
}
return false;
}));
}
}
Also used :
RawHttpClient(org.carapaceproxy.utils.RawHttpClient)
X509Certificate(java.security.cert.X509Certificate)
KeyPair(java.security.KeyPair)
Arrays(java.util.Arrays)
OcspStaplingManager(org.carapaceproxy.server.certificates.ocsp.OcspStaplingManager)
SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)
Date(java.util.Date)
ConfigurationStore(org.carapaceproxy.configstore.ConfigurationStore)
CertificatesUtils.createKeystore(org.carapaceproxy.utils.CertificatesUtils.createKeystore)
Order(org.shredzone.acme4j.Order)
UseAdminServer(org.carapaceproxy.api.UseAdminServer)
JUnitParamsRunner(junitparams.JUnitParamsRunner)
WireMock.aResponse(com.github.tomakehurst.wiremock.client.WireMock.aResponse)
RawHttpClient(org.carapaceproxy.utils.RawHttpClient)
BasicOCSPRespBuilder(org.bouncycastle.cert.ocsp.BasicOCSPRespBuilder)
List(java.util.List)
Base64(java.util.Base64)
Certificate(java.security.cert.Certificate)
JcaX509CertificateHolder(org.bouncycastle.cert.jcajce.JcaX509CertificateHolder)
Assert.assertFalse(org.junit.Assert.assertFalse)
OCSPRespBuilder(org.bouncycastle.cert.ocsp.OCSPRespBuilder)
Login(org.shredzone.acme4j.Login)
ExtendedSSLSession(javax.net.ssl.ExtendedSSLSession)
Mockito.mock(org.mockito.Mockito.mock)
Parameters(junitparams.Parameters)
KeyPairUtils(org.shredzone.acme4j.util.KeyPairUtils)
ArgumentMatchers.any(org.mockito.ArgumentMatchers.any)
Whitebox(org.powermock.reflect.Whitebox)
X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder)
HttpResponse(org.carapaceproxy.utils.RawHttpClient.HttpResponse)
CertificatesUtils(org.carapaceproxy.utils.CertificatesUtils)
CertificatesTestUtils.uploadCertificate(org.carapaceproxy.utils.CertificatesTestUtils.uploadCertificate)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
RunWith(org.junit.runner.RunWith)
BcDigestCalculatorProvider(org.bouncycastle.operator.bc.BcDigestCalculatorProvider)
WireMockRule(com.github.tomakehurst.wiremock.junit.WireMockRule)
CertificateID(org.bouncycastle.cert.ocsp.CertificateID)
DEFAULT_KEYPAIRS_SIZE(org.carapaceproxy.server.certificates.DynamicCertificatesManager.DEFAULT_KEYPAIRS_SIZE)
CertificateData(org.carapaceproxy.configstore.CertificateData)
CertificatesTestUtils.generateSampleChain(org.carapaceproxy.utils.CertificatesTestUtils.generateSampleChain)
HttpTestUtils(org.carapaceproxy.utils.HttpTestUtils)
SSLCertificateConfiguration(org.carapaceproxy.server.config.SSLCertificateConfiguration)
WireMock.get(com.github.tomakehurst.wiremock.client.WireMock.get)
Properties(java.util.Properties)
CertificateStatus(org.bouncycastle.cert.ocsp.CertificateStatus)
TestUtils(org.carapaceproxy.utils.TestUtils)
Assert.assertNotNull(org.junit.Assert.assertNotNull)
VALID(org.shredzone.acme4j.Status.VALID)
OCSPResp(org.bouncycastle.cert.ocsp.OCSPResp)
Assert.assertTrue(org.junit.Assert.assertTrue)
DEFAULT_ADMIN_PORT(org.carapaceproxy.api.UseAdminServer.DEFAULT_ADMIN_PORT)
Test(org.junit.Test)
Mockito.when(org.mockito.Mockito.when)
CertificateException(java.security.cert.CertificateException)
BasicOCSPResp(org.bouncycastle.cert.ocsp.BasicOCSPResp)
Rule(org.junit.Rule)
DigestCalculatorProvider(org.bouncycastle.operator.DigestCalculatorProvider)
WireMock.stubFor(com.github.tomakehurst.wiremock.client.WireMock.stubFor)
WireMock.urlEqualTo(com.github.tomakehurst.wiremock.client.WireMock.urlEqualTo)
DEFAULT_DAYS_BEFORE_RENEWAL(org.carapaceproxy.server.certificates.DynamicCertificatesManager.DEFAULT_DAYS_BEFORE_RENEWAL)
Assert.assertEquals(org.junit.Assert.assertEquals)
KeyPair(java.security.KeyPair)
ConfigurationStore(org.carapaceproxy.configstore.ConfigurationStore)
HttpResponse(org.carapaceproxy.utils.RawHttpClient.HttpResponse)
SSLCertificateConfiguration(org.carapaceproxy.server.config.SSLCertificateConfiguration)
CertificateData(org.carapaceproxy.configstore.CertificateData)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
CertificatesTestUtils.uploadCertificate(org.carapaceproxy.utils.CertificatesTestUtils.uploadCertificate)
Parameters(junitparams.Parameters)
Test(org.junit.Test)
Example 2 with ConfigurationStore
use of org.carapaceproxy.configstore.ConfigurationStore in project carapaceproxy by diennea.
the class DynamicCertificatesManagerTest method testWidlcardCertificateStateManagement.
@Test
// E) challenge failed -> record deleted
@Parameters({ "challenge_creation_failed", "challenge_check_limit_expired", "challenge_ready", "challenge_verified", "challenge_failed" })
public void testWidlcardCertificateStateManagement(String runCase) throws Exception {
System.setProperty("carapace.acme.dnschallengereachabilitycheck.limit", "2");
// ACME mocking
ACMEClient ac = mock(ACMEClient.class);
Order o = mock(Order.class);
when(o.getLocation()).thenReturn(new URL("https://localhost/index"));
Login login = mock(Login.class);
when(login.bindOrder(any())).thenReturn(o);
when(ac.getLogin()).thenReturn(login);
when(ac.createOrderForDomain(any())).thenReturn(o);
Session session = mock(Session.class);
Connection conn = mock(Connection.class);
when(conn.readJsonResponse()).thenReturn(JSON.parse("{\"url\": \"https://localhost/index\", \"type\": \"dns-01\"}"));
when(session.connect()).thenReturn(conn);
when(login.getSession()).thenReturn(session);
when(login.getKeyPair()).thenReturn(KeyPairUtils.createKeyPair(DEFAULT_KEYPAIRS_SIZE));
Dns01Challenge c = mock(Dns01Challenge.class);
when(c.getDigest()).thenReturn("");
when(c.getJSON()).thenReturn(JSON.parse("{\"url\": \"https://localhost/index\", \"type\": \"dns-01\", \"token\": \"mytoken\"}"));
when(ac.getChallengeForOrder(any(), eq(true))).thenReturn(c);
when(ac.checkResponseForChallenge(any())).thenReturn(runCase.equals("challenge_failed") ? INVALID : VALID);
KeyPair keyPair = KeyPairUtils.createKeyPair(DEFAULT_KEYPAIRS_SIZE);
Certificate cert = mock(Certificate.class);
X509Certificate _cert = (X509Certificate) generateSampleChain(keyPair, false)[0];
when(cert.getCertificateChain()).thenReturn(Arrays.asList(_cert));
when(ac.fetchCertificateForOrder(any())).thenReturn(cert);
HttpProxyServer parent = mock(HttpProxyServer.class);
when(parent.getListeners()).thenReturn(mock(Listeners.class));
DynamicCertificatesManager man = new DynamicCertificatesManager(parent);
man.attachGroupMembershipHandler(new NullGroupMembershipHandler());
Whitebox.setInternalState(man, ac);
// Route53Cliente mocking
man.initAWSClient("access", "secret");
Route53Client r53Client = mock(Route53Client.class);
when(r53Client.createDnsChallengeForDomain(any(), any())).thenReturn(!runCase.startsWith("challenge_creation_failed"));
when(r53Client.isDnsChallengeForDomainAvailable(any(), any())).thenReturn(!(runCase.equals("challenge_creation_failed_n_reboot") || runCase.equals("challenge_check_limit_expired")));
Whitebox.setInternalState(man, r53Client);
// Store mocking
ConfigurationStore store = mock(ConfigurationStore.class);
when(store.loadKeyPairForDomain(anyString())).thenReturn(keyPair);
// certificate to order
String domain = "*.localhost";
CertificateData cd1 = new CertificateData(domain, "", "", WAITING, "", "");
when(store.loadCertificateForDomain(eq(domain))).thenReturn(cd1);
man.setConfigurationStore(store);
// Manager setup
Properties props = new Properties();
props.setProperty("certificate.1.hostname", domain);
props.setProperty("certificate.1.mode", "acme");
props.setProperty("certificate.1.daysbeforerenewal", "0");
props.setProperty("dynamiccertificatesmanager.domainschecker.ipaddresses", "127.0.0.1, 0:0:0:0:0:0:0:1");
ConfigurationStore configStore = new PropertiesConfigurationStore(props);
RuntimeServerConfiguration conf = new RuntimeServerConfiguration();
conf.configure(configStore);
man.reloadConfiguration(conf);
CertificateData certData = man.getCertificateDataForDomain(domain);
assertThat(certData.isWildcard(), is(true));
// at every run the certificate has to be saved to the db (whether not AVAILABLE).
int saveCounter = 0;
// WAITING
assertCertificateState(domain, WAITING, man);
man.run();
verify(store, times(++saveCounter)).saveCertificate(any());
if (runCase.equals("challenge_creation_failed")) {
// WAITING
assertCertificateState(domain, WAITING, man);
} else {
// DNS_CHALLENGE_WAIT
assertCertificateState(domain, DNS_CHALLENGE_WAIT, man);
man.run();
verify(store, times(++saveCounter)).saveCertificate(any());
if (runCase.equals("challenge_check_limit_expired")) {
assertCertificateState(domain, DNS_CHALLENGE_WAIT, man);
man.run();
verify(store, times(++saveCounter)).saveCertificate(any());
assertCertificateState(domain, REQUEST_FAILED, man);
// check dns-challenge-record deleted
verify(r53Client, times(1)).deleteDnsChallengeForDomain(any(), any());
} else {
// VERIFYING
assertCertificateState(domain, VERIFYING, man);
man.run();
verify(store, times(++saveCounter)).saveCertificate(any());
if (runCase.equals("challenge_failed")) {
// REQUEST_FAILED
assertCertificateState(domain, REQUEST_FAILED, man);
// check dns-challenge-record deleted
verify(r53Client, times(1)).deleteDnsChallengeForDomain(any(), any());
} else if (runCase.equals("challenge_verified")) {
// VERIFIED
assertCertificateState(domain, VERIFIED, man);
// check dns-challenge-record deleted
verify(r53Client, times(1)).deleteDnsChallengeForDomain(any(), any());
}
}
}
}
Also used :
Order(org.shredzone.acme4j.Order)
KeyPair(java.security.KeyPair)
HttpProxyServer(org.carapaceproxy.core.HttpProxyServer)
PropertiesConfigurationStore(org.carapaceproxy.configstore.PropertiesConfigurationStore)
ConfigurationStore(org.carapaceproxy.configstore.ConfigurationStore)
PropertiesConfigurationStore(org.carapaceproxy.configstore.PropertiesConfigurationStore)
RuntimeServerConfiguration(org.carapaceproxy.core.RuntimeServerConfiguration)
Connection(org.shredzone.acme4j.connector.Connection)
Login(org.shredzone.acme4j.Login)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
Properties(java.util.Properties)
URL(java.net.URL)
X509Certificate(java.security.cert.X509Certificate)
Listeners(org.carapaceproxy.core.Listeners)
CertificateData(org.carapaceproxy.configstore.CertificateData)
Dns01Challenge(org.shredzone.acme4j.challenge.Dns01Challenge)
NullGroupMembershipHandler(org.carapaceproxy.cluster.impl.NullGroupMembershipHandler)
Session(org.shredzone.acme4j.Session)
X509Certificate(java.security.cert.X509Certificate)
Certificate(org.shredzone.acme4j.Certificate)
Parameters(junitparams.Parameters)
Test(org.junit.Test)
Example 3 with ConfigurationStore
use of org.carapaceproxy.configstore.ConfigurationStore in project carapaceproxy by diennea.
the class StartAPIServerTest method testCertificates.
@Test
public void testCertificates() throws Exception {
final String dynDomain = "dynamic.test.tld";
Properties properties = new Properties(HTTP_ADMIN_SERVER_CONFIG);
KeyPair endUserKeyPair = KeyPairUtils.createKeyPair(DEFAULT_KEYPAIRS_SIZE);
Certificate[] originalChain = generateSampleChain(endUserKeyPair, false);
X509Certificate certificate = (X509Certificate) originalChain[0];
String serialNumber1 = certificate.getSerialNumber().toString(16).toUpperCase();
String expiringDate1 = certificate.getNotAfter().toString();
byte[] keystoreData = createKeystore(originalChain, endUserKeyPair.getPrivate());
File mock1 = tmpFolder.newFile("mock1.p12");
Files.write(mock1.toPath(), keystoreData);
properties.put("certificate.1.hostname", "localhost");
properties.put("certificate.1.file", mock1.getAbsolutePath());
properties.put("certificate.1.password", KEYSTORE_PW);
endUserKeyPair = KeyPairUtils.createKeyPair(DEFAULT_KEYPAIRS_SIZE);
originalChain = generateSampleChain(endUserKeyPair, true);
certificate = (X509Certificate) originalChain[0];
String serialNumber2 = certificate.getSerialNumber().toString(16).toUpperCase();
String expiringDate2 = certificate.getNotAfter().toString();
keystoreData = createKeystore(originalChain, endUserKeyPair.getPrivate());
File mock2 = tmpFolder.newFile("mock2.p12");
Files.write(mock2.toPath(), keystoreData);
properties.put("certificate.2.hostname", "127.0.0.1");
properties.put("certificate.2.file", mock2.getAbsolutePath());
properties.put("certificate.2.password", KEYSTORE_PW);
// Acme certificate
properties.put("certificate.3.hostname", dynDomain);
properties.put("certificate.3.mode", "acme");
startServer(properties);
DynamicCertificatesManager man = server.getDynamicCertificatesManager();
// need to explicitly add 'cause DynamicCertificatesManager never run
ConfigurationStore store = server.getDynamicConfigurationStore();
endUserKeyPair = KeyPairUtils.createKeyPair(DEFAULT_KEYPAIRS_SIZE);
originalChain = generateSampleChain(endUserKeyPair, false);
certificate = (X509Certificate) originalChain[0];
String serialNumber = certificate.getSerialNumber().toString(16).toUpperCase();
String expiringDate = certificate.getNotAfter().toString();
String dynChain = Base64.getEncoder().encodeToString(createKeystore(originalChain, endUserKeyPair.getPrivate()));
store.saveCertificate(new CertificateData(dynDomain, "", dynChain, WAITING, "", ""));
// this reloads certificates from the store
man.setStateOfCertificate(dynDomain, WAITING);
// Static certificates
try (RawHttpClient client = new RawHttpClient("localhost", 8761)) {
// full list request
RawHttpClient.HttpResponse response = client.get("/api/certificates", credentials);
String json = response.getBodyString();
assertThat(json, containsString("localhost"));
assertThat(json, containsString("\"mode\":\"static\""));
assertThat(json, containsString("\"dynamic\":false"));
assertThat(json, containsString("\"status\":\"available\""));
assertThat(json, containsString("\"sslCertificateFile\":\"" + mock1.getAbsolutePath() + "\""));
assertThat(json, containsString("\"serialNumber\":\"" + serialNumber1 + "\""));
assertThat(json, containsString("\"expiringDate\":\"" + expiringDate1 + "\""));
assertThat(json, containsString("127.0.0.1"));
assertThat(json, containsString("\"mode\":\"static\""));
assertThat(json, containsString("\"dynamic\":false"));
assertThat(json, containsString("\"status\":\"expired\""));
assertThat(json, containsString("\"sslCertificateFile\":\"" + mock2.getAbsolutePath() + "\""));
assertThat(json, containsString("\"serialNumber\":\"" + serialNumber2 + "\""));
assertThat(json, containsString("\"expiringDate\":\"" + expiringDate2 + "\""));
// single cert request to /{certId}
response = client.get("/api/certificates/127.0.0.1", credentials);
json = response.getBodyString();
assertThat(json, not(containsString("localhost")));
assertThat(json, containsString("\"mode\":\"static\""));
assertThat(json, containsString("\"dynamic\":false"));
assertThat(json, containsString("\"status\":\"expired\""));
assertThat(json, containsString("\"sslCertificateFile\":\"" + mock2.getAbsolutePath() + "\""));
assertThat(json, containsString("\"serialNumber\":\"" + serialNumber2 + "\""));
assertThat(json, containsString("\"expiringDate\":\"" + expiringDate2 + "\""));
}
// Acme certificate
try (RawHttpClient client = new RawHttpClient("localhost", 8761)) {
// full list request
RawHttpClient.HttpResponse response = client.get("/api/certificates", credentials);
String json = response.getBodyString();
assertThat(json, containsString(dynDomain));
assertThat(json, containsString("\"mode\":\"acme\""));
assertThat(json, containsString("\"dynamic\":true"));
assertThat(json, containsString("\"status\":\"waiting\""));
assertThat(json, containsString("\"serialNumber\":\"" + serialNumber + "\""));
assertThat(json, containsString("\"expiringDate\":\"" + expiringDate + "\""));
// single cert request to /{certId}
response = client.get("/api/certificates/" + dynDomain, credentials);
json = response.getBodyString();
assertThat(json, containsString(dynDomain));
assertThat(json, containsString("\"mode\":\"acme\""));
assertThat(json, containsString("\"dynamic\":true"));
assertThat(json, containsString("\"status\":\"waiting\""));
assertThat(json, containsString("\"serialNumber\":\"" + serialNumber + "\""));
assertThat(json, containsString("\"expiringDate\":\"" + expiringDate + "\""));
// Changing dynamic certificate state
for (DynamicCertificateState state : DynamicCertificateState.values()) {
man.setStateOfCertificate(dynDomain, state);
response = client.get("/api/certificates", credentials);
json = response.getBodyString();
assertThat(json, containsString(dynDomain));
assertThat(json, containsString("\"mode\":\"acme\""));
assertThat(json, containsString("\"dynamic\":true"));
assertThat(json, containsString("\"status\":\"" + certificateStateToString(state) + "\""));
response = client.get("/api/certificates/" + dynDomain, credentials);
json = response.getBodyString();
assertThat(json, containsString(dynDomain));
assertThat(json, containsString("\"mode\":\"acme\""));
assertThat(json, containsString("\"dynamic\":true"));
assertThat(json, containsString("\"status\":\"" + certificateStateToString(state) + "\""));
}
// Downloading
CertificateData cert = store.loadCertificateForDomain(dynDomain);
byte[] newKeystore = createKeystore(generateSampleChain(endUserKeyPair, false), KeyPairUtils.createKeyPair(DEFAULT_KEYPAIRS_SIZE).getPrivate());
cert.setChain(Base64.getEncoder().encodeToString(newKeystore));
store.saveCertificate(cert);
man.setStateOfCertificate(dynDomain, DynamicCertificateState.AVAILABLE);
response = client.get("/api/certificates/" + dynDomain + "/download", credentials);
assertTrue(Arrays.equals(newKeystore, response.getBody()));
}
// Manual certificate
try (RawHttpClient client = new RawHttpClient("localhost", 8761)) {
String manualDomain = "manual.test.tld";
int certsCount = server.getCurrentConfiguration().getCertificates().size();
// Uploading trash-stuff
RawHttpClient.HttpResponse resp = uploadCertificate(manualDomain, null, "fake-chain".getBytes(), client, credentials);
String s = resp.getBodyString();
assertTrue(s.contains("ERROR"));
// Uploading real certificate
endUserKeyPair = KeyPairUtils.createKeyPair(DEFAULT_KEYPAIRS_SIZE);
originalChain = generateSampleChain(endUserKeyPair, false);
certificate = (X509Certificate) originalChain[0];
serialNumber = certificate.getSerialNumber().toString(16).toUpperCase();
expiringDate = certificate.getNotAfter().toString();
byte[] chain1 = createKeystore(originalChain, endUserKeyPair.getPrivate());
resp = uploadCertificate(manualDomain, null, chain1, client, credentials);
s = resp.getBodyString();
assertTrue(s.contains("SUCCESS"));
int certsCount2 = server.getCurrentConfiguration().getCertificates().size();
assertEquals(certsCount + 1, certsCount2);
// full list request
RawHttpClient.HttpResponse response = client.get("/api/certificates", credentials);
String json = response.getBodyString();
assertThat(json, containsString(manualDomain));
assertThat(json, containsString("\"mode\":\"manual\""));
assertThat(json, containsString("\"dynamic\":true"));
assertThat(json, containsString("\"status\":\"available\""));
assertThat(json, containsString("\"serialNumber\":\"" + serialNumber + "\""));
assertThat(json, containsString("\"expiringDate\":\"" + expiringDate + "\""));
// single cert request to /{certId}
response = client.get("/api/certificates/" + manualDomain, credentials);
json = response.getBodyString();
assertThat(json, containsString(manualDomain));
assertThat(json, containsString("\"mode\":\"manual\""));
assertThat(json, containsString("\"dynamic\":true"));
assertThat(json, containsString("\"status\":\"available\""));
assertThat(json, containsString("\"serialNumber\":\"" + serialNumber + "\""));
assertThat(json, containsString("\"expiringDate\":\"" + expiringDate + "\""));
// Downloading
response = client.get("/api/certificates/" + manualDomain + "/download", credentials);
assertTrue(Arrays.equals(chain1, response.getBody()));
// Certificate updating
// Uploading
endUserKeyPair = KeyPairUtils.createKeyPair(DEFAULT_KEYPAIRS_SIZE);
originalChain = generateSampleChain(endUserKeyPair, true);
certificate = (X509Certificate) originalChain[0];
serialNumber = certificate.getSerialNumber().toString(16).toUpperCase();
expiringDate = certificate.getNotAfter().toString();
byte[] chain2 = createKeystore(originalChain, endUserKeyPair.getPrivate());
assertFalse(Arrays.equals(chain1, chain2));
resp = uploadCertificate(manualDomain, null, chain2, client, credentials);
s = resp.getBodyString();
assertTrue(s.contains("SUCCESS"));
// check properties (certificate) not duplicated
int certsCount3 = server.getCurrentConfiguration().getCertificates().size();
assertEquals(certsCount2, certsCount3);
// full list request
response = client.get("/api/certificates", credentials);
json = response.getBodyString();
assertThat(json, containsString(manualDomain));
assertThat(json, containsString("\"mode\":\"manual\""));
assertThat(json, containsString("\"dynamic\":true"));
assertThat(json, containsString("\"status\":\"expired\""));
assertThat(json, containsString("\"serialNumber\":\"" + serialNumber + "\""));
assertThat(json, containsString("\"expiringDate\":\"" + expiringDate + "\""));
// single cert request to /{certId}
response = client.get("/api/certificates/" + manualDomain, credentials);
json = response.getBodyString();
assertThat(json, containsString(manualDomain));
assertThat(json, containsString("\"mode\":\"manual\""));
assertThat(json, containsString("\"dynamic\":true"));
assertThat(json, containsString("\"status\":\"expired\""));
assertThat(json, containsString("\"serialNumber\":\"" + serialNumber + "\""));
assertThat(json, containsString("\"expiringDate\":\"" + expiringDate + "\""));
// Downloading
response = client.get("/api/certificates/" + manualDomain + "/download", credentials);
assertTrue(Arrays.equals(chain2, response.getBody()));
}
}
Also used :
RawHttpClient(org.carapaceproxy.utils.RawHttpClient)
DynamicCertificateState(org.carapaceproxy.server.certificates.DynamicCertificateState)
KeyPair(java.security.KeyPair)
DynamicCertificatesManager(org.carapaceproxy.server.certificates.DynamicCertificatesManager)
ConfigurationStore(org.carapaceproxy.configstore.ConfigurationStore)
CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString)
APIUtils.certificateStateToString(org.carapaceproxy.utils.APIUtils.certificateStateToString)
Properties(java.util.Properties)
X509Certificate(java.security.cert.X509Certificate)
CertificateData(org.carapaceproxy.configstore.CertificateData)
File(java.io.File)
X509Certificate(java.security.cert.X509Certificate)
CertificatesTestUtils.uploadCertificate(org.carapaceproxy.utils.CertificatesTestUtils.uploadCertificate)
Certificate(java.security.cert.Certificate)
Test(org.junit.Test)
Example 4 with ConfigurationStore
use of org.carapaceproxy.configstore.ConfigurationStore in project carapaceproxy by diennea.
the class ServerMain method main.
public static void main(String... args) {
try {
Properties configuration = new Properties();
File basePath = new File(System.getProperty("user.dir", "."));
boolean configFileFromParameter = false;
for (String arg : args) {
if (!arg.isEmpty()) {
File configFile = new File(arg).getAbsoluteFile();
LOG.log(Level.SEVERE, "Reading configuration from {0}", configFile);
try (InputStreamReader reader = new InputStreamReader(new FileInputStream(configFile), StandardCharsets.UTF_8)) {
configuration.load(reader);
}
basePath = configFile.getParentFile().getParentFile();
configFileFromParameter = true;
}
}
if (!configFileFromParameter) {
File configFile = new File("conf/server.properties").getAbsoluteFile();
System.out.println("Reading configuration from " + configFile);
if (configFile.isFile()) {
try (InputStreamReader reader = new InputStreamReader(new FileInputStream(configFile), StandardCharsets.UTF_8)) {
configuration.load(reader);
}
basePath = configFile.getParentFile().getParentFile();
}
}
LogManager.getLogManager().readConfiguration();
Thread.setDefaultUncaughtExceptionHandler((Thread arg0, Throwable arg1) -> {
LOG.log(Level.SEVERE, "Uncaught error, thread " + arg0, arg1);
});
Runtime.getRuntime().addShutdownHook(new Thread("ctrlc-hook") {
@Override
public void run() {
System.out.println("Ctrl-C trapped. Shutting down");
ServerMain _brokerMain = runningInstance;
if (_brokerMain != null) {
_brokerMain.close();
}
}
});
ConfigurationStore configurationStore = new PropertiesConfigurationStore(configuration);
runningInstance = new ServerMain(configurationStore, basePath);
runningInstance.start();
runningInstance.join();
} catch (Exception t) {
System.exit(1);
}
}
Also used :
PropertiesConfigurationStore(org.carapaceproxy.configstore.PropertiesConfigurationStore)
ConfigurationStore(org.carapaceproxy.configstore.ConfigurationStore)
PropertiesConfigurationStore(org.carapaceproxy.configstore.PropertiesConfigurationStore)
InputStreamReader(java.io.InputStreamReader)
Properties(java.util.Properties)
FileInputStream(java.io.FileInputStream)
File(java.io.File)
Example 5 with ConfigurationStore
use of org.carapaceproxy.configstore.ConfigurationStore in project carapaceproxy by diennea.
the class HttpProxyServer method applyDynamicConfiguration.
private void applyDynamicConfiguration(ConfigurationStore newConfigurationStore, boolean atBoot) throws InterruptedException, ConfigurationChangeInProgressException {
if (atBoot && newConfigurationStore != null) {
throw new IllegalStateException();
}
if (!atBoot && newConfigurationStore == null) {
throw new IllegalStateException();
}
// at boot we are constructing a configuration from the database
// if the system is already "up" we have to only apply the new config
ConfigurationStore storeWithConfig = atBoot ? dynamicConfigurationStore : newConfigurationStore;
if (!configurationLock.tryLock()) {
throw new ConfigurationChangeInProgressException();
}
try {
RuntimeServerConfiguration newConfiguration = buildValidConfiguration(storeWithConfig);
EndpointMapper newMapper = buildMapper(newConfiguration.getMapperClassname(), storeWithConfig);
newMapper.setParent(this);
UserRealm newRealm = buildRealm(userRealmClassname, storeWithConfig);
this.filters = buildFilters(newConfiguration);
this.backendHealthManager.reloadConfiguration(newConfiguration, newMapper);
this.dynamicCertificatesManager.reloadConfiguration(newConfiguration);
this.ocspStaplingManager.reloadConfiguration(newConfiguration);
this.listeners.reloadConfiguration(newConfiguration);
this.cache.reloadConfiguration(newConfiguration);
this.requestsLogger.reloadConfiguration(newConfiguration);
this.realm = newRealm;
Map<String, BackendConfiguration> currentBackends = mapper != null ? mapper.getBackends() : Collections.emptyMap();
Map<String, BackendConfiguration> newBackends = newMapper.getBackends();
this.mapper = newMapper;
if (atBoot || !newBackends.equals(currentBackends) || isConnectionsConfigurationChanged(newConfiguration)) {
prometheusRegistry.clear();
Metrics.globalRegistry.clear();
proxyRequestsManager.reloadConfiguration(newConfiguration, newBackends.values());
}
if (!atBoot) {
dynamicConfigurationStore.commitConfiguration(newConfigurationStore);
}
this.currentConfiguration = newConfiguration;
} catch (ConfigurationNotValidException err) {
// impossible to have a non valid configuration here
throw new IllegalStateException(err);
} finally {
configurationLock.unlock();
}
}
Also used :
ConfigurationNotValidException(org.carapaceproxy.server.config.ConfigurationNotValidException)
PropertiesConfigurationStore(org.carapaceproxy.configstore.PropertiesConfigurationStore)
ConfigurationStore(org.carapaceproxy.configstore.ConfigurationStore)
HerdDBConfigurationStore(org.carapaceproxy.configstore.HerdDBConfigurationStore)
EndpointMapper(org.carapaceproxy.server.mapper.EndpointMapper)
UserRealm(org.carapaceproxy.user.UserRealm)
SimpleUserRealm(org.carapaceproxy.user.SimpleUserRealm)
ConfigurationChangeInProgressException(org.carapaceproxy.server.config.ConfigurationChangeInProgressException)
BackendConfiguration(org.carapaceproxy.server.config.BackendConfiguration)
Aggregations
ConfigurationStore (org.carapaceproxy.configstore.ConfigurationStore)13
Properties (java.util.Properties)10
PropertiesConfigurationStore (org.carapaceproxy.configstore.PropertiesConfigurationStore)10
Test (org.junit.Test)9
HttpProxyServer (org.carapaceproxy.core.HttpProxyServer)7
File (java.io.File)6
KeyPair (java.security.KeyPair)6
X509Certificate (java.security.cert.X509Certificate)6
CertificateData (org.carapaceproxy.configstore.CertificateData)6
Login (org.shredzone.acme4j.Login)5
Order (org.shredzone.acme4j.Order)5
Parameters (junitparams.Parameters)4
URL (java.net.URL)3
Certificate (java.security.cert.Certificate)3
FileUserRealm (org.carapaceproxy.user.FileUserRealm)3
UserRealm (org.carapaceproxy.user.UserRealm)3
CertificatesTestUtils.uploadCertificate (org.carapaceproxy.utils.CertificatesTestUtils.uploadCertificate)3
RawHttpClient (org.carapaceproxy.utils.RawHttpClient)3
TestEndpointMapper (org.carapaceproxy.utils.TestEndpointMapper)3
FileInputStream (java.io.FileInputStream)2
