/** * Copy constructor * * @param other the options to copy */ public RequestOptions(RequestOptions other) { setHost(other.host); setPort(other.port); setSsl(other.ssl); setURI(other.uri); }
@Test // Client provides SNI unknown to the server and server responds with the default certificate (first) public void testSNIUnknownServerName1() throws Exception { testTLS(Cert.NONE, Trust.SNI_JKS_HOST2, Cert.SNI_JKS, Trust.NONE) .serverSni() .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("unknown.com")).fail(); }
@Test public void testSNIWithServerNameTrust() throws Exception { testTLS(Cert.CLIENT_PEM_ROOT_CA, Trust.SNI_JKS_HOST2, Cert.SNI_JKS, Trust.SNI_SERVER_ROOT_CA_AND_OTHER_CA_1) .serverSni() .requestOptions(new RequestOptions().setSsl(true) .setPort(4043) .setHost("host2.com")) .requiresClientAuth() .pass(); }
@Test public void testSNIWithServerNameTrustFallbackFail() throws Exception { testTLS(Cert.CLIENT_PEM_ROOT_CA, Trust.SNI_JKS_HOST2, Cert.SNI_JKS, Trust.SNI_SERVER_OTHER_CA_FALLBACK) .serverSni() .requestOptions(new RequestOptions().setSsl(true) .setPort(4043) .setHost("host2.com")) .requiresClientAuth() .fail(); }
@Test // Client trusts all server certs public void testSSLClientRequestOptionsSetSSL() throws Exception { RequestOptions options = new RequestOptions().setHost(DEFAULT_HTTP_HOST).setPort(4043).setURI(DEFAULT_TEST_URI).setSsl(true); testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.NONE).clientSSL(true).requestOptions(options).pass(); }
@Test public void testSNISubjectAltenativeNameCNMatch1PEM() throws Exception { testTLS(Cert.NONE, Trust.SNI_JKS_HOST5, Cert.SNI_PEM, Trust.NONE) .serverSni() .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("host5.com")) .fail() .clientPeerCert(); }
@Test public void testSNISubjectAltenativeNameCNMatch1PKCS12() throws Exception { testTLS(Cert.NONE, Trust.SNI_JKS_HOST5, Cert.SNI_PKCS12, Trust.NONE) .serverSni() .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("host5.com")) .fail() .clientPeerCert(); }
@Test // Client trusts all server certs public void testClearClientRequestOptionsSetSSL() throws Exception { RequestOptions options = new RequestOptions().setHost(DEFAULT_HTTP_HOST).setPort(4043).setURI(DEFAULT_TEST_URI).setSsl(true); testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SERVER_JKS, Trust.NONE).clientSSL(false).requestOptions(options).pass(); }
@Test public void testSNISubjectAlternativeNameMatch2PKCS12() throws Exception { X509Certificate cert = testTLS(Cert.NONE, Trust.SNI_JKS_HOST4, Cert.SNI_PKCS12, Trust.NONE) .serverSni() .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("www.host4.com")) .pass() .clientPeerCert(); assertEquals("host4.com certificate", TestUtils.cnOf(cert)); }
@Test public void testSNISubjectAlternativeNameMatch2PEM() throws Exception { X509Certificate cert = testTLS(Cert.NONE, Trust.SNI_JKS_HOST4, Cert.SNI_PEM, Trust.NONE) .serverSni() .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("www.host4.com")) .pass() .clientPeerCert(); assertEquals("host4.com certificate", TestUtils.cnOf(cert)); }
@Test // Client provides SNI and server responds with a matching certificate for the indicated server name public void testSNITrustPEM() throws Exception { X509Certificate cert = testTLS(Cert.NONE, Trust.SNI_JKS_HOST2, Cert.SNI_PEM, Trust.NONE) .serverSni() .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("host2.com")) .pass() .clientPeerCert(); assertEquals("host2.com", TestUtils.cnOf(cert)); }
@Test public void testSNISubjectAlternativeNameMatch1PEM() throws Exception { X509Certificate cert = testTLS(Cert.NONE, Trust.SNI_JKS_HOST4, Cert.SNI_PEM, Trust.NONE) .serverSni() .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("host4.com")) .pass() .clientPeerCert(); assertEquals("host4.com certificate", TestUtils.cnOf(cert)); }
@Test public void testSNISubjectAlternativeNameWildcardMatch() throws Exception { X509Certificate cert = testTLS(Cert.NONE, Trust.SNI_JKS_HOST5, Cert.SNI_JKS, Trust.NONE) .serverSni() .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("www.host5.com")) .pass() .clientPeerCert(); assertEquals("host5.com", TestUtils.cnOf(cert)); }
@Test // Client provides SNI and server responds with a matching certificate for the indicated server name public void testSNITrustPKCS12() throws Exception { X509Certificate cert = testTLS(Cert.NONE, Trust.SNI_JKS_HOST2, Cert.SNI_PKCS12, Trust.NONE) .serverSni() .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("host2.com")) .pass() .clientPeerCert(); assertEquals("host2.com", TestUtils.cnOf(cert)); }
@Test public void testSNISubjectAlternativeNameWildcardMatchPKCS12() throws Exception { X509Certificate cert = testTLS(Cert.NONE, Trust.SNI_JKS_HOST5, Cert.SNI_PKCS12, Trust.NONE) .serverSni() .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("www.host5.com")) .pass() .clientPeerCert(); assertEquals("host5.com", TestUtils.cnOf(cert)); }
@Test public void testSNISubjectAlternativeNameWildcardMatchPEM() throws Exception { X509Certificate cert = testTLS(Cert.NONE, Trust.SNI_JKS_HOST5, Cert.SNI_PEM, Trust.NONE) .serverSni() .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("www.host5.com")) .pass() .clientPeerCert(); assertEquals("host5.com", TestUtils.cnOf(cert)); }
@Test public void testSNISubjectAltenativeNameCNMatch2() throws Exception { X509Certificate cert = testTLS(Cert.NONE, Trust.SNI_JKS_HOST5, Cert.SNI_JKS, Trust.NONE) .serverSni() .clientVerifyHost(false) .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("host5.com")) .pass() .clientPeerCert(); assertEquals("host5.com", TestUtils.cnOf(cert)); }
@Test // Client provides SNI unknown to the server and server responds with the default certificate (first) public void testSNIUnknownServerName2() throws Exception { TLSTest test = testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SNI_JKS, Trust.NONE) .serverSni() .clientVerifyHost(false) .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("unknown.com")) .pass(); assertEquals("localhost", TestUtils.cnOf(test.clientPeerCert())); assertEquals("unknown.com", test.indicatedServerName); }
private void testProxyWithSNI(ProxyType proxyType) throws Exception { startProxy(null, proxyType); X509Certificate cert = testTLS(Cert.NONE, Trust.SNI_JKS_HOST2, Cert.SNI_JKS, Trust.NONE) .serverSni() .useProxy(proxyType) .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("host2.com")) .pass() .clientPeerCert(); assertNotNull("connection didn't access the proxy", proxy.getLastUri()); assertEquals("hostname resolved but it shouldn't be", "host2.com:4043", proxy.getLastUri()); assertEquals("host2.com", TestUtils.cnOf(cert)); }
@Test public void testHttpProxyRequestOverrideClientSsl() throws Exception { startProxy(null, ProxyType.HTTP); client.close(); client = vertx.createHttpClient(new HttpClientOptions() .setSsl(true).setProxyOptions(new ProxyOptions().setType(ProxyType.HTTP).setHost("localhost").setPort(proxy.getPort()))); testHttpProxyRequest2(handler -> client.get(new RequestOptions().setSsl(false).setHost("localhost").setPort(8080), handler)); }