use of tech.pegasys.web3signer.dsl.tls.ClientTlsConfig in project web3signer by ConsenSys.
the class ServerSideTlsAcceptanceTest method clientMissingFromAllowedListCannotConnectToEthSigner.
@ParameterizedTest
@ValueSource(booleans = { true, false })
void clientMissingFromAllowedListCannotConnectToEthSigner(final boolean useConfigFile) {
signer = createTlsSigner(cert1, cert1, cert1, cert1, 0, useConfigFile);
signer.start();
signer.awaitStartupCompletion();
final ClientTlsConfig clientTlsConfig = new ClientTlsConfig(cert1, cert2);
Runnable request = () -> given().spec(createRequestSpecification(Optional.of(clientTlsConfig))).baseUri(signer.getUrl()).when().get("/upcheck").then().assertThat().statusCode(200).body(equalToIgnoringCase("OK"));
assertThatThrownBy(request::run).isInstanceOf(IOException.class);
}
use of tech.pegasys.web3signer.dsl.tls.ClientTlsConfig in project web3signer by ConsenSys.
the class ServerSideTlsCaClientAcceptanceTest method clientNotInCaFailedToConnectToWeb3Signer.
@ParameterizedTest
@ValueSource(booleans = { true, false })
void clientNotInCaFailedToConnectToWeb3Signer(final boolean useConfigFile, @TempDir final Path tempDir) throws Exception {
signer = createSigner(clientCert, tempDir, useConfigFile);
signer.start();
signer.awaitStartupCompletion();
// Create a client which presents the server cert (not in CA) - it should fail to connect.
final ClientTlsConfig clientTlsConfig = new ClientTlsConfig(serverCert, serverCert);
Runnable request = () -> given().spec(createRequestSpecification(Optional.of(clientTlsConfig))).baseUri(signer.getUrl()).when().get("/upcheck").then().assertThat().statusCode(200).body(equalToIgnoringCase("OK"));
assertThatThrownBy(request::run).isInstanceOf(SSLException.class);
}
use of tech.pegasys.web3signer.dsl.tls.ClientTlsConfig in project web3signer by ConsenSys.
the class ServerSideTlsCaClientAcceptanceTest method createSigner.
private Signer createSigner(final TlsCertificateDefinition certInCa, final Path testDir, final boolean useConfigFile) throws Exception {
final Path passwordPath = testDir.resolve("keystore.passwd");
writeString(passwordPath, serverCert.getPassword());
final TlsOptions serverOptions = new BasicTlsOptions(serverCert.getPkcs12File(), passwordPath.toFile(), Optional.of(BasicClientAuthConstraints.caOnly()));
final SignerConfigurationBuilder configBuilder = new SignerConfigurationBuilder().withServerTlsOptions(serverOptions).withOverriddenCA(certInCa).withUseConfigFile(useConfigFile).withMode("eth2");
final ClientTlsConfig clientTlsConfig = new ClientTlsConfig(serverCert, clientCert);
return new Signer(configBuilder.build(), clientTlsConfig);
}
use of tech.pegasys.web3signer.dsl.tls.ClientTlsConfig in project web3signer by ConsenSys.
the class ServerSideTlsAcceptanceTest method clientCannotConnectIfExpectedServerCertDoesntMatchServerSuppliedCert.
@ParameterizedTest
@ValueSource(booleans = { true, false })
void clientCannotConnectIfExpectedServerCertDoesntMatchServerSuppliedCert(final boolean useConfigFile) {
signer = createTlsSigner(cert1, cert1, null, null, 0, useConfigFile);
signer.start();
signer.awaitStartupCompletion();
final ClientTlsConfig clientTlsConfig = new ClientTlsConfig(cert2, null);
Runnable request = () -> given().spec(createRequestSpecification(Optional.of(clientTlsConfig))).baseUri(signer.getUrl()).when().get("/upcheck").then().assertThat().statusCode(200).body(equalToIgnoringCase("OK"));
assertThatThrownBy(request::run).isInstanceOf(SSLHandshakeException.class);
}
use of tech.pegasys.web3signer.dsl.tls.ClientTlsConfig in project web3signer by ConsenSys.
the class ServerSideTlsAcceptanceTest method createTlsSigner.
private Signer createTlsSigner(final TlsCertificateDefinition serverPresentedCerts, final TlsCertificateDefinition clientExpectedCert, final TlsCertificateDefinition clientCertInServerWhitelist, final TlsCertificateDefinition clientToPresent, final int fixedListenPort, final boolean useConfigFile) {
try {
final SignerConfigurationBuilder configBuilder = new SignerConfigurationBuilder().withHttpPort(fixedListenPort).withUseConfigFile(useConfigFile).withMode("eth1");
final ClientAuthConstraints clientAuthConstraints;
if (clientCertInServerWhitelist != null) {
final Path fingerPrintFilePath = dataPath.resolve("known_clients");
populateFingerprintFile(fingerPrintFilePath, clientCertInServerWhitelist, Optional.empty());
clientAuthConstraints = BasicClientAuthConstraints.fromFile(fingerPrintFilePath.toFile());
} else {
clientAuthConstraints = null;
}
final Path passwordPath = dataPath.resolve("keystore.passwd");
if (serverPresentedCerts.getPassword() != null) {
writeString(passwordPath, serverPresentedCerts.getPassword());
}
final TlsOptions serverOptions = new BasicTlsOptions(serverPresentedCerts.getPkcs12File(), passwordPath.toFile(), Optional.ofNullable(clientAuthConstraints));
configBuilder.withServerTlsOptions(serverOptions);
final ClientTlsConfig clientTlsConfig;
if (clientExpectedCert != null) {
clientTlsConfig = new ClientTlsConfig(clientExpectedCert, clientToPresent);
} else {
clientTlsConfig = null;
}
return new Signer(configBuilder.build(), clientTlsConfig);
} catch (final Exception e) {
fail("Failed to create EthSigner.", e);
return null;
}
}
Aggregations