private void testProxy(ProxyType proxyType) throws Exception { startProxy(null, proxyType); testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.NONE).useProxy(proxyType).pass(); assertNotNull("connection didn't access the proxy", proxy.getLastUri()); assertEquals("hostname resolved but it shouldn't be", "localhost:4043", proxy.getLastUri()); }
try { server.listen(); fail("Was expecting a failure"); } catch (VertxException e) { Throwable cause = e.getCause(); fail("Was expecting <" + cause.getMessage() + "> to be equals to one of " + expectedPossiblePrefixes); fail("Was expecting e.getCause().getMessage() to be prefixed by one of " + expectedPossiblePrefixes); assertTrue(cause.getMessage().endsWith(expectedSuffix));
private void testInvalidKeyStore(KeyCertOptions options, List<String> expectedPossiblePrefixes, String expectedSuffix) { HttpServerOptions serverOptions = new HttpServerOptions(); setOptions(serverOptions, options); testStore(serverOptions, expectedPossiblePrefixes, expectedSuffix); }
@Test // Access https server via connect proxy public void testHttpsProxy() throws Exception { testProxy(ProxyType.HTTP); assertEquals("Host header doesn't contain target host", "localhost:4043", proxy.getLastRequestHeaders().get("Host")); assertEquals("Host header doesn't contain target host", HttpMethod.CONNECT, proxy.getLastMethod()); }
@Test // Client provides SNI and server responds with a matching certificate for the indicated server name public void testSNITrust() throws Exception { TLSTest test = testTLS(Cert.NONE, Trust.SNI_JKS_HOST2, Cert.SNI_JKS, Trust.NONE) .serverSni() .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("host2.com")) .pass(); assertEquals("host2.com", TestUtils.cnOf(test.clientPeerCert())); assertEquals("host2.com", test.indicatedServerName); }
@Test public void testNoKeyCert() { testInvalidKeyStore(null, "Key/certificate is mandatory for SSL", null); }
@Test public void testCrlInvalidPath() throws Exception { HttpClientOptions clientOptions = new HttpClientOptions(); clientOptions.setTrustOptions(Trust.SERVER_PEM_ROOT_CA.get()); clientOptions.setSsl(true); clientOptions.addCrlPath("/invalid.pem"); try { vertx.createHttpClient(clientOptions); fail("Was expecting a failure"); } catch (VertxException e) { assertNotNull(e.getCause()); assertEquals(NoSuchFileException.class, e.getCause().getCause().getClass()); } }
@Test // Check that proxy auth fails if it is missing public void testHttpsProxyAuthFail() throws Exception { startProxy("username", ProxyType.HTTP); testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.NONE).useProxy(ProxyType.HTTP).fail(); }
@Test // Access https server via connect proxy public void testHttpsProxyWithSNI() throws Exception { testProxyWithSNI(ProxyType.HTTP); assertEquals("Host header doesn't contain target host", "host2.com:4043", proxy.getLastRequestHeaders().get("Host")); assertEquals("Host header doesn't contain target host", HttpMethod.CONNECT, proxy.getLastMethod()); }
client = createHttpClient(options); HttpServerOptions serverOptions = new HttpServerOptions(); serverOptions.setTrustOptions(serverTrust); serverOptions.addEnabledSecureTransportProtocol(protocol); server = createHttpServer(serverOptions.setPort(4043)); server.connectionHandler(conn -> complete()); AtomicInteger count = new AtomicInteger();
@Test public void testCaInvalidPem() throws IOException { String[] contents = { "", "-----BEGIN CERTIFICATE-----", "-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----", "-----BEGIN CERTIFICATE-----\n*\n-----END CERTIFICATE-----" }; String[] messages = { "Missing -----BEGIN CERTIFICATE----- delimiter", "Missing -----END CERTIFICATE----- delimiter", "Empty pem file", "Input byte[] should at least have 2 bytes for base64 bytes" }; for (int i = 0;i < contents.length;i++) { Path file = testFolder.newFile("vertx" + UUID.randomUUID().toString() + ".pem").toPath(); Files.write(file, Collections.singleton(contents[i])); String expectedMessage = messages[i]; testInvalidTrustStore(new PemTrustOptions().addCertPath(file.toString()), expectedMessage, null); } }
@Test // Client provides SNI matched on the server by a wildcard certificate public void testSNIWildcardMatch() throws Exception { TLSTest test = testTLS(Cert.NONE, Trust.SNI_JKS_HOST3, Cert.SNI_JKS, Trust.NONE) .serverSni() .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("sub.host3.com")) .pass(); assertEquals("*.host3.com", TestUtils.cnOf(test.clientPeerCert())); assertEquals("sub.host3.com", test.indicatedServerName); }
@Test public void testPKCS12InvalidPassword() { testInvalidKeyStore(Cert.SERVER_PKCS12.get().setPassword("wrongpassword"), Arrays.asList( "failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded", "keystore password was incorrect"), null); }
@Test public void testCrlInvalidPath() throws Exception { HttpClientOptions clientOptions = new HttpClientOptions(); clientOptions.setTrustOptions(Trust.SERVER_PEM_ROOT_CA.get()); clientOptions.setSsl(true); clientOptions.addCrlPath("/invalid.pem"); try { vertx.createHttpClient(clientOptions); fail("Was expecting a failure"); } catch (VertxException e) { assertNotNull(e.getCause()); assertEquals(NoSuchFileException.class, e.getCause().getCause().getClass()); } }
@Test // Check that proxy auth fails if it is missing public void testHttpsProxyAuthFail() throws Exception { startProxy("username", ProxyType.HTTP); testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.NONE).useProxy(ProxyType.HTTP).fail(); }
@Test // Access https server via connect proxy public void testHttpsProxy() throws Exception { testProxy(ProxyType.HTTP); assertEquals("Host header doesn't contain target host", "localhost:4043", proxy.getLastRequestHeaders().get("Host")); assertEquals("Host header doesn't contain target host", HttpMethod.CONNECT, proxy.getLastMethod()); }
@Test // Access https server via connect proxy public void testHttpsProxyWithSNI() throws Exception { testProxyWithSNI(ProxyType.HTTP); assertEquals("Host header doesn't contain target host", "host2.com:4043", proxy.getLastRequestHeaders().get("Host")); assertEquals("Host header doesn't contain target host", HttpMethod.CONNECT, proxy.getLastMethod()); }
client = createHttpClient(options); HttpServerOptions serverOptions = new HttpServerOptions(); serverOptions.setTrustOptions(serverTrust); serverOptions.addEnabledSecureTransportProtocol(protocol); server = createHttpServer(serverOptions.setPort(4043)); server.connectionHandler(conn -> complete()); AtomicInteger count = new AtomicInteger();
@Test public void testCaInvalidPath() { testInvalidTrustStore(new PemTrustOptions().addCertPath("/invalid.pem"), "java.nio.file.NoSuchFileException: ", "invalid.pem"); }
@Test // Access https server via connect proxy with proxy auth required public void testHttpsProxyAuth() throws Exception { startProxy("username", ProxyType.HTTP); testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.NONE).useProxy(ProxyType.HTTP).useProxyAuth().pass(); assertNotNull("connection didn't access the proxy", proxy.getLastUri()); assertEquals("hostname resolved but it shouldn't be", "localhost:4043", proxy.getLastUri()); assertEquals("Host header doesn't contain target host", "localhost:4043", proxy.getLastRequestHeaders().get("Host")); assertEquals("Host header doesn't contain target host", HttpMethod.CONNECT, proxy.getLastMethod()); }