java source code of ClientCaOrTofuTest

cava-master
- .circleci
  - config.yml
- crypto
  - src
    - main
      - java
        net
        consensys
        cava
        crypto
        Hash.java
        SECP256K1.java
        package-info.java
        InvalidSEC256K1SecretKeyStoreException.java
        mikuli
        G1Point.java
        AtePairing.java
        Scalar.java
        G2Point.java
        SignatureAndPublicKey.java
        BLS12381.java
        package-info.java
        KeyPair.java
        SecretKey.java
        GTPoint.java
        PublicKey.java
        Signature.java
        Group.java
        sodium
        SHA256Hash.java
        SecretEncryptionStream.java
        DetachedEncryptionResult.java
        XChaCha20Poly1305.java
        AES256GCM.java
        HMACSHA512256.java
        HMACSHA256.java
        SodiumException.java
        KeyDerivation.java
        SecretBox.java
        DiffieHelman.java
        SecretDecryptionStream.java
        KeyExchange.java
        HMACSHA512.java
        LibSodium.java
        PasswordHash.java
        Auth.java
        package-info.java
        DefaultDetachedEncryptionResult.java
        Allocated.java
        GenericHash.java
        Sodium.java
        SodiumVersion.java
        Box.java
        Signature.java
        Concatenate.java
    - test
      - java
        net
        consensys
        cava
        crypto
        SECP256K1Test.java
        HashTest.java
        mikuli
        SignatureTest.java
        sodium
        HMACSHA512Test.java
        AES256GCMTest.java
        AllocatedTest.java
        BoxTest.java
        PasswordHashTest.java
        KeyDerivationTest.java
        SHA256HashTest.java
        SecretBoxTest.java
        HMACSHA512256Test.java
        GenericHashTest.java
        HMACSHA256Test.java
        XChaCha20Poly1305Test.java
        SignatureTest.java
        ConcatenateTest.java
        SodiumTest.java
        AuthTest.java
        DiffieHelmanTest.java
  - build.gradle
- eth-reference-tests
  - src
    - test
      - resources
        eth2.0-tests
        tests
      - java
        net
        consensys
        cava
        eth
        reference
        RLPReferenceTestSuite.java
        SSZTestSuite.java
        MerkleTrieTestSuite.java
        TransactionTestSuite.java
        BlockRLPTestSuite.java
  - build.gradle
- ssz
  - src
    - main
      - kotlin
        net
        consensys
        cava
        ssz
        experimental
        BytesSSZReader.kt
        BytesSSZWriter.kt
        SSZReader.kt
        SSZ.kt
        SSZWriter.kt
      - java
        net
        consensys
        cava
        ssz
        InvalidSSZTypeException.java
        EndOfSSZException.java
        ByteBufferSSZWriter.java
        SSZReader.java
        package-info.java
        SSZWriter.java
        BytesSSZWriter.java
        SSZException.java
        SSZ.java
        BytesSSZReader.java
    - test
      - kotlin
        net
        consensys
        cava
        ssz
        experimental
        SSZTest.kt
      - java
        net
        consensys
        cava
        ssz
        ByteBufferWriterTest.java
        BytesSSZWriterTest.java
        HashTreeRootTest.java
        BytesSSZReaderTest.java
  - build.gradle
- gradle.properties
- gradle
  - wrapper
    - gradle-wrapper.properties
    - gradle-wrapper.jar
  - check-licenses.gradle
  - eclipse-java-consensys-style.xml
  - spotless.license.java
  - greclipse-gradle-consensys-style.properties
- eth-repository
  - src
    - main
      - kotlin
        net
        consensys
        cava
        eth
        repository
        BlockchainRepository.kt
        BlockHeaderFields.kt
        BlockchainIndex.kt
        TransactionReceiptFields.kt
    - test
      - kotlin
        net
        consensys
        cava
        eth
        repository
        BlockchainRepositoryTest.kt
        BlockchainIndexTest.kt
  - build.gradle
- kv
  - src
    - main
      - kotlin
        net
        consensys
        cava
        kv
        MapKeyValueStore.kt
        KeyValueStore.kt
        InfinispanKeyValueStore.kt
        SQLKeyValueStore.kt
        RocksDBKeyValueStore.kt
        LevelDBKeyValueStore.kt
        MapDBKeyValueStore.kt
        RedisKeyValueStore.kt
      - java
        net
        consensys
        cava
        kv
        package-info.java
        RedisBytesCodec.java
    - test
      - kotlin
        net
        consensys
        cava
        kv
        KeyValueStoreSpec.kt
      - java
        net
        consensys
        cava
        kv
        KeyValueStoreTest.java
        RedisKeyValueStoreTest.java
  - build.gradle
- bytes
  - src
    - main
      - java
        net
        consensys
        cava
        bytes
        MutableByteBufWrappingBytes.java
        MutableBufferWrappingBytes.java
        AbstractBytes.java
        ArrayWrappingBytes.java
        ConcatenatedBytes.java
        BytesValues.java
        ByteBufferWrappingBytes.java
        ArrayWrappingBytes48.java
        Bytes.java
        MutableBytes48.java
        MutableArrayWrappingBytes.java
        Bytes32.java
        MutableByteBufferWrappingBytes.java
        MutableArrayWrappingBytes32.java
        BufferWrappingBytes.java
        DelegatingBytes32.java
        DelegatingMutableBytes48.java
        package-info.java
        DelegatingMutableBytes32.java
        ByteBufWrappingBytes.java
        MutableBytes32.java
        MutableBytes.java
        MutableArrayWrappingBytes48.java
        DelegatingBytes48.java
        Bytes48.java
        ArrayWrappingBytes32.java
    - test
      - java
        net
        consensys
        cava
        bytes
        BytesTest.java
        ConcatenatedBytesTest.java
        Bytes32Test.java
        ByteBufferBytesTest.java
        ByteBufBytesTest.java
        Bytes48Test.java
        BufferBytesTest.java
        CommonBytesTests.java
  - build.gradle
- eth
  - src
    - main
      - java
        net
        consensys
        cava
        eth
        Hash.java
        BlockBody.java
        BlockHeader.java
        Transaction.java
        Address.java
        Log.java
        Block.java
        TransactionReceipt.java
        package-info.java
        LogsBloomFilter.java
    - test
      - java
        net
        consensys
        cava
        eth
        TransactionTest.java
        BlockHeaderTest.java
        LogsBloomFilterTest.java
        BlockTest.java
        TransactionReceiptTest.java
        LogTest.java
        BlockBodyTest.java
  - build.gradle
- les
  - src
    - main
      - kotlin
        net
        consensys
        cava
        les
        GetReceiptsMessage.kt
        LESSubprotocol.kt
        ReceiptsMessage.kt
        BlockBodiesMessage.kt
        LESPeerState.kt
        LESSubProtocolHandler.kt
        BlockHeadersMessage.kt
        LightClient.kt
        GetBlockHeadersMessage.kt
        StatusMessage.kt
        GetBlockBodiesMessage.kt
    - test
      - kotlin
        net
        consensys
        cava
        les
        LESSubProtocolHandlerTest.kt
        MessagesTest.kt
        LESSubprotocolTest.kt
  - build.gradle
- merkle-trie
  - src
    - main
      - kotlin
        net
        consensys
        cava
        trie
        MerkleTrie.kt
        LeafNode.kt
        PutVisitor.kt
        NodeVisitor.kt
        NullNode.kt
        GetVisitor.kt
        MerkleStorageException.kt
        StoredNodeFactory.kt
        StoredNode.kt
        RemoveVisitor.kt
        BranchNode.kt
        MerkleStorage.kt
        ExtensionNode.kt
        Node.kt
        MerklePatriciaTrie.kt
        StoredMerklePatriciaTrie.kt
        NodeFactory.kt
        DefaultNodeFactory.kt
      - java
        net
        consensys
        cava
        trie
        CompactEncoding.java
        package-info.java
    - test
      - kotlin
        net
        consensys
        cava
        trie
        StoredMerklePatriciaTrieKotlinTest.kt
        MerklePatriciaTrieKotlinTest.kt
      - java
        net
        consensys
        cava
        trie
        CompactEncodingTest.java
        MerklePatriciaTriePerformanceTest.java
        MerklePatriciaTrieJavaTest.java
        StoredMerklePatriciaTrieJavaTest.java
  - build.gradle
- .gitmodules
- net
  - src
    - main
      - java
        net
        consensys
        cava
        net
        package-info.java
        tls
        SingleTrustManagerFactory.java
        VertxTrustOptions.java
        DelegatingTrustManagerFactory.java
        ClientFingerprintTrustManager.java
        TrustManagerFactories.java
        TLS.java
        FileBackedFingerprintRepository.java
        package-info.java
        TLSEnvironmentException.java
        TrustManagerFactoryWrapper.java
        ServerFingerprintTrustManager.java
        FingerprintRepository.java
    - test
      - java
        net
        consensys
        cava
        net
        tls
        ClientRecordTest.java
        ServerCaOrTofaTest.java
        InsecureTrustOptions.java
        ClientTofuTest.java
        FileBackedFingerprintRepositoryTest.java
        ServerRecordTest.java
        ClientCaOrWhitelistTest.java
        ClientWhitelistTest.java
        ServerTofaTest.java
        ServerWhitelistTest.java
        ClientCaOrRecordTest.java
        SecurityTestUtils.java
        TLSTest.java
        ServerCaOrWhitelistTest.java
        ClientCaOrTofuTest.java
        ServerCaOrRecordTest.java
  - build.gradle
- gradlew.bat
- LICENSE
- gradlew
- scuttlebutt
  - src
    - main
      - java
        net
        consensys
        cava
        scuttlebutt
        Identity.java
        SECP256K1PublicKeyIdentity.java
        Ed25519KeyPairIdentity.java
        Invite.java
        Ed25519PublicKeyIdentity.java
        package-info.java
        SECP256K1KeyPairIdentity.java
    - test
      - java
        net
        consensys
        cava
        scuttlebutt
        IdentityTest.java
        InviteTest.java
  - build.gradle
- units
  - src
    - main
      - java
        net
        consensys
        cava
        units
        ethereum
        package-info.java
        Gas.java
        Wei.java
        package-info.java
        bigints
        BaseUInt64Value.java
        UInt64Domain.java
        BaseUInt256Value.java
        UInt256Value.java
        BaseUInt384Value.java
        UInt256ValueDomain.java
        UInt64Value.java
        UInt64ValueDomain.java
        UInt384.java
        UInt256.java
        package-info.java
        UInt256Domain.java
        UInt64s.java
        UInt256s.java
        UInt384Domain.java
        UInt64.java
        UInt384Value.java
        UInt384ValueDomain.java
        UInt384s.java
    - test
      - java
        net
        consensys
        cava
        units
        ethereum
        WeiTest.java
        GasTest.java
        bigints
        BaseUInt64ValueTest.java
        BaseUInt384ValueTest.java
        BaseUInt256ValueTest.java
        UInt256Test.java
        UInt384Test.java
        UInt64Test.java
  - build.gradle
- net-coroutines
  - src
    - main
      - kotlin
        net
        consensys
        cava
        net
        coroutines
        CoroutineSelector.kt
        CoroutineChannelGroup.kt
        CoroutineByteChannel.kt
        CoroutineNetworkChannel.kt
        CoroutineSocketChannel.kt
        CoroutineServerSocketChannel.kt
        CoroutineDatagramChannel.kt
    - test
      - kotlin
        net
        consensys
        cava
        net
        coroutines
        CoroutineDatagramChannelTest.kt
        CoroutineSelectorTest.kt
        CoroutineChannelGroupTest.kt
        CoroutineSocketChannelTest.kt
      - java
        net
        consensys
        cava
        net
        coroutines
        SelectorTest.java
  - build.gradle
- devp2p
  - src
    - main
      - kotlin
        net
        consensys
        cava
        devp2p
        Packet.kt
        PeerRoutingTable.kt
        EnodeUri.kt
        PeerRepository.kt
        Peer.kt
        PacketType.kt
        Endpoint.kt
        Node.kt
        DiscoveryService.kt
        AtomicLongProperty.kt
    - test
      - kotlin
        net
        consensys
        cava
        devp2p
        PingPacketTest.kt
        PongPacketTest.kt
        FindNodePacketTest.kt
        NeighborsPacketTest.kt
        EndpointTest.kt
        DiscoveryServiceTest.kt
        EphemeralPeerRepositoryTest.kt
      - java
        net
        consensys
        cava
        devp2p
        DiscoveryServiceJavaTest.java
  - build.gradle
- CONTRIBUTING.md
- dependency-versions.gradle
- rlpx
  - src
    - main
      - java
        net
        consensys
        cava
        rlpx
        vertx
        VertxRLPxService.java
        package-info.java
        ResponderHandshakeMessage.java
        RLPxMessage.java
        wire
        PingMessage.java
        DisconnectReason.java
        HelloMessage.java
        WireConnection.java
        DefaultSubProtocolIdentifier.java
        package-info.java
        SubProtocolHandler.java
        SubProtocolIdentifier.java
        WireProtocolMessage.java
        SubProtocol.java
        DisconnectMessage.java
        Capability.java
        PongMessage.java
        DefaultWireConnection.java
        EthereumIESEncryptionEngine.java
        InvalidMACException.java
        RLPxConnection.java
        MemoryWireConnectionsRepository.java
        package-info.java
        InitiatorHandshakeMessage.java
        RLPxConnectionFactory.java
        RLPxService.java
        HandshakeMessage.java
        WireConnectionRepository.java
    - test
      - java
        net
        consensys
        cava
        rlpx
        vertx
        VertxAcceptanceTest.java
        VertxRLPxServiceTest.java
        wire
        HelloMessageTest.java
        DisconnectMessageTest.java
        DefaultWireConnectionTest.java
        RLPxConnectionMessageExchangeTest.java
        PingPongTest.java
        RLPxConnectionFactoryTest.java
  - build.gradle
- .editorconfig
- .gitattributes
- config
  - src
    - main
      - java
        net
        consensys
        cava
        config
        SchemaBuilder.java
        PropertyValidator.java
        Configuration.java
        InvalidConfigurationPropertyTypeException.java
        Schema.java
        TomlSerializer.java
        EmptyConfiguration.java
        ConfigurationErrors.java
        package-info.java
        PropertyValidators.java
        ConfigurationError.java
        ConfigurationValidator.java
        TomlBackedConfiguration.java
        DocumentPosition.java
        NoConfigurationPropertyException.java
    - test
      - java
        net
        consensys
        cava
        config
        TomlBackedConfigurationTest.java
        SchemaBuilderTest.java
        PropertyValidatorTest.java
  - build.gradle
- concurrent-coroutines
  - src
    - main
      - kotlin
        net
        consensys
        cava
        concurrent
        coroutines
        CoroutineLatch.kt
        AsyncResult.kt
        Retryable.kt
        AsyncCompletion.kt
    - test
      - kotlin
        net
        consensys
        cava
        concurrent
        coroutines
        CoroutineLatchTest.kt
        RetryableTest.kt
  - build.gradle
- build.gradle
- plumtree
  - src
    - main
      - java
        net
        consensys
        cava
        plumtree
        vertx
        VertxGossipServer.java
        SocketPeer.java
        PeerRepository.java
        EphemeralPeerRepository.java
        State.java
        Peer.java
        MessageHashing.java
        package-info.java
        MessageSender.java
        MessageValidator.java
    - test
      - java
        net
        consensys
        cava
        plumtree
        vertx
        VertxGossipServerTest.java
        StateTest.java
  - build.gradle
- toml
  - src
    - main
      - java
        net
        consensys
        cava
        toml
        TomlType.java
        TomlVersion.java
        TokenName.java
        Parser.java
        ZoneOffsetVisitor.java
        AccumulatingErrorListener.java
        TomlParseResult.java
        MutableTomlArray.java
        TomlPosition.java
        ErrorReporter.java
        LocalTimeVisitor.java
        MutableTomlTable.java
        TomlArray.java
        QuotedStringVisitor.java
        TomlTable.java
        package-info.java
        JsonSerializer.java
        InlineTableVisitor.java
        TomlInvalidTypeException.java
        ValueVisitor.java
        TomlParseError.java
        KeyVisitor.java
        ArrayVisitor.java
        LocalDateVisitor.java
        Toml.java
        LineVisitor.java
      - antlr
        net
        consensys
        cava
        toml
        internal
        TomlParser.g4
        TomlLexer.g4
    - test
      - resources
        net
        consensys
        cava
        toml
        hard_example_unicode.toml
        toml-v0.5.0-spec-example.toml
        example-v0.4.0.toml
        hard_example.toml
      - java
        net
        consensys
        cava
        toml
        TomlTest.java
        MutableTomlTableTest.java
        TokenNameTest.java
        MutableTomlArrayTest.java
  - build.gradle
  - README.md
- io
  - src
    - main
      - java
        net
        consensys
        cava
        io
        Resources.java
        Base64.java
        file
        Files.java
        package-info.java
        package-info.java
        NullOutputStream.java
        IOConsumer.java
        Streams.java
    - test
      - resources
        resourceresolver-test.jar
        net
        consensys
        cava
        io
        file
        resourceresolver
        subdir
        test3.yaml
        test2.txt
        test1.txt
        test.txt
      - java
        net
        consensys
        cava
        io
        ResourcesTest.java
        Base64Test.java
        file
        FilesTest.java
        StreamsTest.java
  - build.gradle
- README.md
- scuttlebutt-discovery
  - src
    - main
      - java
        net
        consensys
        cava
        scuttlebutt
        discovery
        ScuttlebuttLocalDiscoveryService.java
        LocalIdentity.java
        package-info.java
    - test
      - java
        net
        consensys
        cava
        scuttlebutt
        discovery
        LocalIdentityTest.java
        ScuttlebuttLocalDiscoveryServiceTest.java
  - build.gradle
- scuttlebutt-handshake
  - src
    - main
      - java
        net
        consensys
        cava
        scuttlebutt
        handshake
        vertx
        ServerHandlerFactory.java
        SecureScuttlebuttVertxClient.java
        ServerHandler.java
        SecureScuttlebuttVertxServer.java
        ClientHandler.java
        package-info.java
        ClientHandlerFactory.java
        SecureScuttlebuttStreamClient.java
        SecureScuttlebuttHandshakeClient.java
        SecureScuttlebuttHandshakeServer.java
        SecureScuttlebuttStream.java
        StreamException.java
        package-info.java
        HandshakeException.java
        SecureScuttlebuttStreamServer.java
    - test
      - java
        net
        consensys
        cava
        scuttlebutt
        handshake
        SecureScuttlebuttStreamTest.java
        vertx
        VertxIntegrationTest.java
        SecureScuttlebuttHandshakeClientTest.java
  - build.gradle
- rlp
  - src
    - main
      - java
        net
        consensys
        cava
        rlp
        DelegatingRLPWriter.java
        BytesRLPReader.java
        RLPWriter.java
        AccumulatingRLPWriter.java
        EndOfRLPException.java
        RLP.java
        package-info.java
        RLPException.java
        BytesRLPWriter.java
        ByteBufferRLPWriter.java
        InvalidRLPTypeException.java
        InvalidRLPEncodingException.java
        RLPReader.java
    - test
      - java
        net
        consensys
        cava
        rlp
        BytesRLPWriterTest.java
        ByteBufferWriterTest.java
        BytesRLPReaderTest.java
  - build.gradle
- PACKAGES.md
- concurrent
  - src
    - main
      - java
        net
        consensys
        cava
        concurrent
        CompletableAsyncResult.java
        CompletableAsyncCompletion.java
        AsyncResult.java
        AtomicSlotMap.java
        ExpiringMap.java
        package-info.java
        ExpiringSet.java
        DefaultCompletableAsyncCompletion.java
        DefaultCompletableAsyncResult.java
        AsyncCompletion.java
    - test
      - java
        net
        consensys
        cava
        concurrent
        ExpiringMapTest.java
        DefaultCompletableAsyncCompletionTest.java
        DefaultCompletableAsyncResultTest.java
        AtomicSlotMapTest.java
        ExpiringSetTest.java
  - build.gradle
- scuttlebutt-rpc
  - src
    - main
      - java
        net
        consensys
        cava
        scuttlebutt
        rpc
        RPCFunction.java
        RPCRequestBody.java
        RPCMessage.java
        RPCStreamRequest.java
        mux
        RPCHandler.java
        Multiplexer.java
        ScuttlebuttStreamHandler.java
        exceptions
        ConnectionClosedException.java
        RPCRequestFailedException.java
        RPCResponse.java
        RPCErrorBody.java
        RPCFlag.java
        RPCCodec.java
        RPCAsyncRequest.java
        RPCRequestType.java
    - test
      - java
        net
        consensys
        cava
        scuttlebutt
        rpc
        RPCEncodingTest.java
        mux
        PatchworkIntegrationTest.java
        PatchworkIntegrationTest.java
        RPCFlagTest.java
  - build.gradle
- junit
  - src
    - main
      - java
        net
        consensys
        cava
        junit
        VertxInstance.java
        RedisPort.java
        BouncyCastleExtension.java
        LuceneIndexWriterExtension.java
        VertxExtension.java
        RedisServerExtension.java
        TempDirectoryExtension.java
        TempDirectory.java
        package-info.java
        LuceneIndexWriter.java
        LuceneIndex.java
    - test
      - java
        net
        consensys
        cava
        junit
        RedisServerExtensionTest.java
        LuceneIndexWriterExtensionTest.java
        TempDirectoryExtensionTest.java
  - build.gradle
- .idea
  - codeStyles
    - codeStyleConfig.xml
    - Project.xml
- settings.gradle
- .gitignore
- kademlia
  - src
    - main
      - kotlin
        net
        consensys
        cava
        kademlia
        KademliaRoutingTable.kt
    - test
      - kotlin
        net
        consensys
        cava
        kademlia
        KademliaRoutingTableTest.kt
        LogarithmicDistanceTest.kt
        OrderedInsertTest.kt
  - build.gradle

/*
 * Copyright 2018 ConsenSys AG.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
 * the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
 * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations under the License.
 */
package net.consensys.cava.net.tls;

import static net.consensys.cava.net.tls.SecurityTestUtils.DUMMY_FINGERPRINT;
import static net.consensys.cava.net.tls.SecurityTestUtils.startServer;
import static net.consensys.cava.net.tls.TLS.certificateHexFingerprint;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;

import net.consensys.cava.junit.TempDirectory;
import net.consensys.cava.junit.TempDirectoryExtension;
import net.consensys.cava.junit.VertxExtension;
import net.consensys.cava.junit.VertxInstance;

import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.List;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionException;
import javax.net.ssl.SSLException;

import io.vertx.core.Vertx;
import io.vertx.core.http.HttpClient;
import io.vertx.core.http.HttpClientOptions;
import io.vertx.core.http.HttpServer;
import io.vertx.core.http.HttpServerOptions;
import io.vertx.core.net.SelfSignedCertificate;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;

@ExtendWith(TempDirectoryExtension.class)
@ExtendWith(VertxExtension.class)
class ClientCaOrTofuTest {

  private static String caValidFingerprint;
  private static HttpServer caValidServer;
  private static String fooFingerprint;
  private static HttpServer fooServer;
  private static String foobarFingerprint;
  private static HttpServer foobarServer;

  private Path knownServersFile;
  private HttpClient client;

  @BeforeAll
  static void startServers(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
    SelfSignedCertificate caSignedCert = SelfSignedCertificate.create("localhost");
    SecurityTestUtils.configureJDKTrustStore(tempDir, caSignedCert);
    caValidFingerprint = certificateHexFingerprint(Paths.get(caSignedCert.keyCertOptions().getCertPath()));
    caValidServer = vertx
        .createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(caSignedCert.keyCertOptions()))
        .requestHandler(context -> context.response().end("OK"));
    startServer(caValidServer);

    SelfSignedCertificate fooCert = SelfSignedCertificate.create("foo.com");
    fooFingerprint = certificateHexFingerprint(Paths.get(fooCert.keyCertOptions().getCertPath()));
    fooServer = vertx
        .createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(fooCert.keyCertOptions()))
        .requestHandler(context -> context.response().end("OK"));
    startServer(fooServer);

    SelfSignedCertificate foobarCert = SelfSignedCertificate.create("foobar.com");
    foobarFingerprint = certificateHexFingerprint(Paths.get(foobarCert.keyCertOptions().getCertPath()));
    foobarServer = vertx
        .createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(foobarCert.keyCertOptions()))
        .requestHandler(context -> context.response().end("OK"));
    startServer(foobarServer);
  }

  @BeforeEach
  void setupClient(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
    knownServersFile = tempDir.resolve("known-hosts.txt");
    Files.write(
        knownServersFile,
        Arrays.asList("#First line", "localhost:" + foobarServer.actualPort() + " " + DUMMY_FINGERPRINT));

    HttpClientOptions options = new HttpClientOptions();
    options
        .setSsl(true)
        .setTrustOptions(VertxTrustOptions.trustServerOnFirstUse(knownServersFile))
        .setConnectTimeout(1500)
        .setReuseAddress(true)
        .setReusePort(true);
    client = vertx.createHttpClient(options);
  }

  @AfterEach
  void cleanupClient() {
    client.close();
  }

  @AfterAll
  static void stopServers() {
    caValidServer.close();
    fooServer.close();
    foobarServer.close();
    System.clearProperty("javax.net.ssl.trustStore");
    System.clearProperty("javax.net.ssl.trustStorePassword");
  }

  @Test
  void shouldValidateUsingCertificate() throws Exception {
    CompletableFuture<Integer> statusCode = new CompletableFuture<>();
    client
        .post(
            caValidServer.actualPort(),
            "localhost",
            "/sample",
            response -> statusCode.complete(response.statusCode()))
        .exceptionHandler(statusCode::completeExceptionally)
        .end();
    assertEquals((Integer) 200, statusCode.join());

    List<String> knownServers = Files.readAllLines(knownServersFile);
    assertEquals(2, knownServers.size(), "Host was verified via TOFU and not CA");
    assertEquals("#First line", knownServers.get(0));
    assertEquals("localhost:" + foobarServer.actualPort() + " " + DUMMY_FINGERPRINT, knownServers.get(1));
  }

  @Test
  void shouldFallbackToTOFUForInvalidName() throws Exception {
    CompletableFuture<Integer> statusCode = new CompletableFuture<>();
    client
        .post(
            caValidServer.actualPort(),
            "127.0.0.1",
            "/sample",
            response -> statusCode.complete(response.statusCode()))
        .exceptionHandler(statusCode::completeExceptionally)
        .end();
    assertEquals((Integer) 200, statusCode.join());

    List<String> knownServers = Files.readAllLines(knownServersFile);
    assertEquals(3, knownServers.size());
    assertEquals("#First line", knownServers.get(0));
    assertEquals("localhost:" + foobarServer.actualPort() + " " + DUMMY_FINGERPRINT, knownServers.get(1));
    assertEquals("127.0.0.1:" + caValidServer.actualPort() + " " + caValidFingerprint, knownServers.get(2));
  }

  @Test
  void shouldValidateOnFirstUse() throws Exception {
    CompletableFuture<Integer> statusCode = new CompletableFuture<>();
    client
        .post(fooServer.actualPort(), "localhost", "/sample", response -> statusCode.complete(response.statusCode()))
        .exceptionHandler(statusCode::completeExceptionally)
        .end();
    assertEquals((Integer) 200, statusCode.join());

    List<String> knownServers = Files.readAllLines(knownServersFile);
    assertEquals(3, knownServers.size());
    assertEquals("#First line", knownServers.get(0));
    assertEquals("localhost:" + foobarServer.actualPort() + " " + DUMMY_FINGERPRINT, knownServers.get(1));
    assertEquals("localhost:" + fooServer.actualPort() + " " + fooFingerprint, knownServers.get(2));
  }

  @Test
  void shouldRejectDifferentCertificate() {
    CompletableFuture<Integer> statusCode = new CompletableFuture<>();
    client
        .post(foobarServer.actualPort(), "localhost", "/sample", response -> statusCode.complete(response.statusCode()))
        .exceptionHandler(statusCode::completeExceptionally)
        .end();
    Throwable e = assertThrows(CompletionException.class, statusCode::join);
    e = e.getCause();
    while (!(e instanceof CertificateException)) {
      assertTrue(e instanceof SSLException, "Expected SSLException, but got " + e.getClass());
      e = e.getCause();
    }
    assertTrue(e.getMessage().contains("Remote host identification has changed!!"), e.getMessage());
    assertTrue(e.getMessage().contains("has fingerprint " + foobarFingerprint));
  }
}