use of org.mockserver.mappers.JDKCertificateToMockServerX509Certificate in project mockserver by mock-server.
the class MTLSAuthenticationHandlerTest method shouldValidateCertificateWithPeerCertificatesMatchingFirst.
@Test
public void shouldValidateCertificateWithPeerCertificatesMatchingFirst() {
// given
AuthenticationHandler authenticationHandler = new MTLSAuthenticationHandler(mockServerLogger, PEMToFile.x509ChainFromPEMFile("org/mockserver/authentication/mtls/ca.pem").toArray(new X509Certificate[0]));
List<X509Certificate> clientCertificates = new ArrayList<>();
clientCertificates.addAll(PEMToFile.x509ChainFromPEMFile("org/mockserver/authentication/mtls/leaf-cert.pem"));
clientCertificates.addAll(PEMToFile.x509ChainFromPEMFile("org/mockserver/authentication/mtls/separateca/leaf-cert.pem"));
clientCertificates.addAll(PEMToFile.x509ChainFromPEMFile("org/mockserver/authentication/mtls/separateca/ca.pem"));
HttpRequest request = new JDKCertificateToMockServerX509Certificate(mockServerLogger).setClientCertificates(request(), clientCertificates.toArray(new X509Certificate[0]));
// when
assertThat(authenticationHandler.controlPlaneRequestAuthenticated(request), equalTo(true));
}
use of org.mockserver.mappers.JDKCertificateToMockServerX509Certificate in project mockserver by mock-server.
the class MTLSAuthenticationHandlerTest method shouldValidateCertificateWithMultipleCAsMatchingFirst.
@Test
public void shouldValidateCertificateWithMultipleCAsMatchingFirst() {
// given
List<X509Certificate> controlPlaneTLSMutualAuthenticationCAChain = new ArrayList<>();
controlPlaneTLSMutualAuthenticationCAChain.addAll(PEMToFile.x509ChainFromPEMFile("org/mockserver/authentication/mtls/ca.pem"));
controlPlaneTLSMutualAuthenticationCAChain.addAll(PEMToFile.x509ChainFromPEMFile("org/mockserver/authentication/mtls/separateca/ca.pem"));
AuthenticationHandler authenticationHandler = new MTLSAuthenticationHandler(mockServerLogger, controlPlaneTLSMutualAuthenticationCAChain.toArray(new X509Certificate[0]));
HttpRequest request = new JDKCertificateToMockServerX509Certificate(mockServerLogger).setClientCertificates(request(), PEMToFile.x509ChainFromPEMFile("org/mockserver/authentication/mtls/leaf-cert.pem").toArray(new X509Certificate[0]));
// when
assertThat(authenticationHandler.controlPlaneRequestAuthenticated(request), equalTo(true));
}
use of org.mockserver.mappers.JDKCertificateToMockServerX509Certificate in project mockserver by mock-server.
the class MTLSAuthenticationHandlerTest method shouldNotValidateEmptyCACertificates.
@Test
public void shouldNotValidateEmptyCACertificates() {
// given
AuthenticationHandler authenticationHandler = new MTLSAuthenticationHandler(mockServerLogger, new X509Certificate[0]);
List<X509Certificate> clientCertificates = new ArrayList<>();
clientCertificates.addAll(PEMToFile.x509ChainFromPEMFile("org/mockserver/authentication/mtls/leaf-cert.pem"));
clientCertificates.addAll(PEMToFile.x509ChainFromPEMFile("org/mockserver/authentication/mtls/ca.pem"));
HttpRequest request = new JDKCertificateToMockServerX509Certificate(mockServerLogger).setClientCertificates(request(), clientCertificates.toArray(new X509Certificate[0]));
// when
AuthenticationException authenticationException = assertThrows(AuthenticationException.class, () -> authenticationHandler.controlPlaneRequestAuthenticated(request));
assertThat(authenticationException.getMessage(), equalTo("control plane request failed authentication no control plane CA specified"));
}
use of org.mockserver.mappers.JDKCertificateToMockServerX509Certificate in project mockserver by mock-server.
the class MTLSAuthenticationHandlerTest method shouldNotValidateEmptyClientCertifcates.
@Test
public void shouldNotValidateEmptyClientCertifcates() {
// given
AuthenticationHandler authenticationHandler = new MTLSAuthenticationHandler(mockServerLogger, PEMToFile.x509ChainFromPEMFile("org/mockserver/authentication/mtls/separateca/ca.pem").toArray(new X509Certificate[0]));
HttpRequest request = new JDKCertificateToMockServerX509Certificate(mockServerLogger).setClientCertificates(request(), new X509Certificate[0]);
// when
AuthenticationException authenticationException = assertThrows(AuthenticationException.class, () -> authenticationHandler.controlPlaneRequestAuthenticated(request));
assertThat(authenticationException.getMessage(), equalTo("control plane request failed authentication no client certificates found"));
}
use of org.mockserver.mappers.JDKCertificateToMockServerX509Certificate in project mockserver by mock-server.
the class MTLSAuthenticationHandlerTest method shouldValidateCertificateWithMultipleCAsMatchingSecond.
@Test
public void shouldValidateCertificateWithMultipleCAsMatchingSecond() {
// given
List<X509Certificate> controlPlaneTLSMutualAuthenticationCAChain = new ArrayList<>();
controlPlaneTLSMutualAuthenticationCAChain.addAll(PEMToFile.x509ChainFromPEMFile("org/mockserver/authentication/mtls/separateca/ca.pem"));
controlPlaneTLSMutualAuthenticationCAChain.addAll(PEMToFile.x509ChainFromPEMFile("org/mockserver/authentication/mtls/ca.pem"));
AuthenticationHandler authenticationHandler = new MTLSAuthenticationHandler(mockServerLogger, controlPlaneTLSMutualAuthenticationCAChain.toArray(new X509Certificate[0]));
HttpRequest request = new JDKCertificateToMockServerX509Certificate(mockServerLogger).setClientCertificates(request(), PEMToFile.x509ChainFromPEMFile("org/mockserver/authentication/mtls/leaf-cert.pem").toArray(new X509Certificate[0]));
// when
assertThat(authenticationHandler.controlPlaneRequestAuthenticated(request), equalTo(true));
}
Aggregations