io.vertx.core.net.SelfSignedCertificate Java Examples
The following examples show how to use
io.vertx.core.net.SelfSignedCertificate.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: ServerCaOrWhitelistTest.java From cava with Apache License 2.0 | 6 votes |
|
@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
knownClientsFile = tempDir.resolve("known-clients.txt");
Files.write(knownClientsFile, Arrays.asList("#First line", "foo.com " + fooFingerprint));
SelfSignedCertificate serverCert = SelfSignedCertificate.create();
HttpServerOptions options = new HttpServerOptions();
options
.setSsl(true)
.setClientAuth(ClientAuth.REQUIRED)
.setPemKeyCertOptions(serverCert.keyCertOptions())
.setTrustOptions(VertxTrustOptions.whitelistClients(knownClientsFile))
.setIdleTimeout(1500)
.setReuseAddress(true)
.setReusePort(true);
httpServer = vertx.createHttpServer(options);
SecurityTestUtils.configureAndStartTestServer(httpServer);
}
Example #2
| Source File: ServerCaOrRecordTest.java From incubator-tuweni with Apache License 2.0 | 6 votes |
|
@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
knownClientsFile = tempDir.resolve("known-clients.txt");
Files.write(knownClientsFile, Arrays.asList("#First line", "foobar.com " + DUMMY_FINGERPRINT));
SelfSignedCertificate serverCert = SelfSignedCertificate.create();
HttpServerOptions options = new HttpServerOptions();
options
.setSsl(true)
.setClientAuth(ClientAuth.REQUIRED)
.setPemKeyCertOptions(serverCert.keyCertOptions())
.setTrustOptions(VertxTrustOptions.recordClientFingerprints(knownClientsFile))
.setIdleTimeout(1500)
.setReuseAddress(true)
.setReusePort(true);
httpServer = vertx.createHttpServer(options);
SecurityTestUtils.configureAndStartTestServer(httpServer);
}
Example #3
| Source File: ServerCaOrTofaTest.java From incubator-tuweni with Apache License 2.0 | 6 votes |
|
@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
knownClientsFile = tempDir.resolve("known-clients.txt");
Files.write(knownClientsFile, Arrays.asList("#First line", "foobar.com " + DUMMY_FINGERPRINT));
SelfSignedCertificate serverCert = SelfSignedCertificate.create();
HttpServerOptions options = new HttpServerOptions();
options
.setSsl(true)
.setClientAuth(ClientAuth.REQUIRED)
.setPemKeyCertOptions(serverCert.keyCertOptions())
.setTrustOptions(VertxTrustOptions.trustClientOnFirstAccess(knownClientsFile))
.setIdleTimeout(1500)
.setReuseAddress(true)
.setReusePort(true);
httpServer = vertx.createHttpServer(options);
SecurityTestUtils.configureAndStartTestServer(httpServer);
}
Example #4
| Source File: MqttTestBase.java From hono with Eclipse Public License 2.0 | 6 votes |
|
/**
* Opens a connection to the MQTT adapter using an X.509 client certificate.
*
* @param cert The client certificate to use for authentication.
* @return A future that will be completed with the CONNACK packet received
* from the adapter or failed with a {@link MqttConnectionException}
* if the connection could not be established.
*/
protected final Future<MqttConnAckMessage> connectToAdapter(
final SelfSignedCertificate cert) {
final Promise<MqttConnAckMessage> result = Promise.promise();
VERTX.runOnContext(connect -> {
final MqttClientOptions options = new MqttClientOptions()
.setTrustOptions(new PemTrustOptions().addCertPath(IntegrationTestSupport.TRUST_STORE_PATH))
.setKeyCertOptions(cert.keyCertOptions())
.setSsl(true);
options.setHostnameVerificationAlgorithm("");
mqttClient = MqttClient.create(VERTX, options);
mqttClient.connect(IntegrationTestSupport.MQTTS_PORT, IntegrationTestSupport.MQTT_HOST, result);
});
return result.future().map(conAck -> {
LOGGER.debug(
"MQTTS connection to adapter [host: {}, port: {}] established",
IntegrationTestSupport.MQTT_HOST, IntegrationTestSupport.MQTTS_PORT);
this.context = Vertx.currentContext();
return conAck;
});
}
Example #5
| Source File: ClientCaOrWhitelistTest.java From incubator-tuweni with Apache License 2.0 | 6 votes |
|
@BeforeAll
static void startServers(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
SelfSignedCertificate caSignedCert = SelfSignedCertificate.create("localhost");
SecurityTestUtils.configureJDKTrustStore(tempDir, caSignedCert);
caValidServer = vertx
.createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(caSignedCert.keyCertOptions()))
.requestHandler(context -> context.response().end("OK"));
startServer(caValidServer);
SelfSignedCertificate fooCert = SelfSignedCertificate.create("foo.com");
fooFingerprint = certificateHexFingerprint(Paths.get(fooCert.keyCertOptions().getCertPath()));
fooServer = vertx
.createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(fooCert.keyCertOptions()))
.requestHandler(context -> context.response().end("OK"));
startServer(fooServer);
SelfSignedCertificate barCert = SelfSignedCertificate.create("bar.com");
barFingerprint = certificateHexFingerprint(Paths.get(barCert.keyCertOptions().getCertPath()));
barServer = vertx
.createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(barCert.keyCertOptions()))
.requestHandler(context -> context.response().end("OK"));
startServer(barServer);
}
Example #6
| Source File: ClientWhitelistTest.java From incubator-tuweni with Apache License 2.0 | 6 votes |
|
@BeforeAll
static void startServers(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
SelfSignedCertificate caSignedCert = SelfSignedCertificate.create("localhost");
caValidFingerprint = certificateHexFingerprint(Paths.get(caSignedCert.keyCertOptions().getCertPath()));
SecurityTestUtils.configureJDKTrustStore(tempDir, caSignedCert);
caValidServer = vertx
.createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(caSignedCert.keyCertOptions()))
.requestHandler(context -> context.response().end("OK"));
startServer(caValidServer);
SelfSignedCertificate fooCert = SelfSignedCertificate.create("foo.com");
fooFingerprint = certificateHexFingerprint(Paths.get(fooCert.keyCertOptions().getCertPath()));
fooServer = vertx
.createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(fooCert.keyCertOptions()))
.requestHandler(context -> context.response().end("OK"));
startServer(fooServer);
SelfSignedCertificate barCert = SelfSignedCertificate.create("bar.com");
barFingerprint = certificateHexFingerprint(Paths.get(barCert.keyCertOptions().getCertPath()));
barServer = vertx
.createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(barCert.keyCertOptions()))
.requestHandler(context -> context.response().end("OK"));
startServer(barServer);
}
Example #7
| Source File: ClientCaOrTofuTest.java From incubator-tuweni with Apache License 2.0 | 6 votes |
|
@BeforeAll
static void startServers(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
SelfSignedCertificate caSignedCert = SelfSignedCertificate.create("localhost");
SecurityTestUtils.configureJDKTrustStore(tempDir, caSignedCert);
caValidFingerprint = certificateHexFingerprint(Paths.get(caSignedCert.keyCertOptions().getCertPath()));
caValidServer = vertx
.createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(caSignedCert.keyCertOptions()))
.requestHandler(context -> context.response().end("OK"));
startServer(caValidServer);
SelfSignedCertificate fooCert = SelfSignedCertificate.create("foo.com");
fooFingerprint = certificateHexFingerprint(Paths.get(fooCert.keyCertOptions().getCertPath()));
fooServer = vertx
.createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(fooCert.keyCertOptions()))
.requestHandler(context -> context.response().end("OK"));
startServer(fooServer);
SelfSignedCertificate foobarCert = SelfSignedCertificate.create("foobar.com");
foobarFingerprint = certificateHexFingerprint(Paths.get(foobarCert.keyCertOptions().getCertPath()));
foobarServer = vertx
.createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(foobarCert.keyCertOptions()))
.requestHandler(context -> context.response().end("OK"));
startServer(foobarServer);
}
Example #8
| Source File: ServerWhitelistTest.java From incubator-tuweni with Apache License 2.0 | 6 votes |
|
@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
knownClientsFile = tempDir.resolve("known-clients.txt");
Files.write(knownClientsFile, Arrays.asList("#First line", "foo.com " + fooFingerprint));
SelfSignedCertificate serverCert = SelfSignedCertificate.create();
HttpServerOptions options = new HttpServerOptions();
options
.setSsl(true)
.setClientAuth(ClientAuth.REQUIRED)
.setPemKeyCertOptions(serverCert.keyCertOptions())
.setTrustOptions(VertxTrustOptions.whitelistClients(knownClientsFile, false))
.setIdleTimeout(1500)
.setReuseAddress(true)
.setReusePort(true);
httpServer = vertx.createHttpServer(options);
SecurityTestUtils.configureAndStartTestServer(httpServer);
}
Example #9
| Source File: ServerCaOrWhitelistTest.java From incubator-tuweni with Apache License 2.0 | 6 votes |
|
@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
knownClientsFile = tempDir.resolve("known-clients.txt");
Files.write(knownClientsFile, Arrays.asList("#First line", "foo.com " + fooFingerprint));
SelfSignedCertificate serverCert = SelfSignedCertificate.create();
HttpServerOptions options = new HttpServerOptions();
options
.setSsl(true)
.setClientAuth(ClientAuth.REQUIRED)
.setPemKeyCertOptions(serverCert.keyCertOptions())
.setTrustOptions(VertxTrustOptions.whitelistClients(knownClientsFile))
.setIdleTimeout(1500)
.setReuseAddress(true)
.setReusePort(true);
httpServer = vertx.createHttpServer(options);
SecurityTestUtils.configureAndStartTestServer(httpServer);
}
Example #10
| Source File: ServerRecordTest.java From incubator-tuweni with Apache License 2.0 | 6 votes |
|
@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
knownClientsFile = tempDir.resolve("known-clients.txt");
Files.write(knownClientsFile, Arrays.asList("#First line", "foobar.com " + DUMMY_FINGERPRINT));
SelfSignedCertificate serverCert = SelfSignedCertificate.create();
HttpServerOptions options = new HttpServerOptions();
options
.setSsl(true)
.setClientAuth(ClientAuth.REQUIRED)
.setPemKeyCertOptions(serverCert.keyCertOptions())
.setTrustOptions(VertxTrustOptions.recordClientFingerprints(knownClientsFile, false))
.setIdleTimeout(1500)
.setReuseAddress(true)
.setReusePort(true);
httpServer = vertx.createHttpServer(options);
SecurityTestUtils.configureAndStartTestServer(httpServer);
}
Example #11
| Source File: ServerTofaTest.java From incubator-tuweni with Apache License 2.0 | 6 votes |
|
@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
knownClientsFile = tempDir.resolve("known-clients.txt");
Files.write(knownClientsFile, Arrays.asList("#First line", "foobar.com " + DUMMY_FINGERPRINT));
SelfSignedCertificate serverCert = SelfSignedCertificate.create();
HttpServerOptions options = new HttpServerOptions();
options
.setSsl(true)
.setClientAuth(ClientAuth.REQUIRED)
.setPemKeyCertOptions(serverCert.keyCertOptions())
.setTrustOptions(VertxTrustOptions.trustClientOnFirstAccess(knownClientsFile, false))
.setIdleTimeout(1500)
.setReuseAddress(true)
.setReusePort(true);
httpServer = vertx.createHttpServer(options);
SecurityTestUtils.configureAndStartTestServer(httpServer);
}
Example #12
| Source File: ClientTofuTest.java From incubator-tuweni with Apache License 2.0 | 6 votes |
|
@BeforeAll
static void startServers(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
SelfSignedCertificate caSignedCert = SelfSignedCertificate.create("localhost");
SecurityTestUtils.configureJDKTrustStore(tempDir, caSignedCert);
caValidFingerprint = certificateHexFingerprint(Paths.get(caSignedCert.keyCertOptions().getCertPath()));
caValidServer = vertx
.createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(caSignedCert.keyCertOptions()))
.requestHandler(context -> context.response().end("OK"));
startServer(caValidServer);
SelfSignedCertificate fooCert = SelfSignedCertificate.create("foo.com");
fooFingerprint = certificateHexFingerprint(Paths.get(fooCert.keyCertOptions().getCertPath()));
fooServer = vertx
.createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(fooCert.keyCertOptions()))
.requestHandler(context -> context.response().end("OK"));
startServer(fooServer);
SelfSignedCertificate foobarCert = SelfSignedCertificate.create("foobar.com");
foobarFingerprint = certificateHexFingerprint(Paths.get(foobarCert.keyCertOptions().getCertPath()));
foobarServer = vertx
.createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(foobarCert.keyCertOptions()))
.requestHandler(context -> context.response().end("OK"));
startServer(foobarServer);
}
Example #13
| Source File: AmqpConnectionIT.java From hono with Eclipse Public License 2.0 | 6 votes |
|
/**
* Verifies that the adapter rejects connection attempts from an unknown device for which auto-provisioning is
* disabled.
*
* @param ctx The test context
*/
@Test
public void testConnectFailsIfAutoProvisioningIsDisabled(final VertxTestContext ctx) {
final String tenantId = helper.getRandomTenantId();
final SelfSignedCertificate deviceCert = SelfSignedCertificate.create(UUID.randomUUID().toString());
// GIVEN a tenant configured with a trust anchor that does not allow auto-provisioning
helper.getCertificate(deviceCert.certificatePath())
.compose(cert -> {
final var tenant = Tenants.createTenantForTrustAnchor(cert);
tenant.getTrustedCertificateAuthorities().get(0).setAutoProvisioningEnabled(false);
return helper.registry.addTenant(tenantId, tenant);
})
// WHEN a unknown device tries to connect to the adapter
// using a client certificate with the trust anchor
// registered for the device's tenant
.compose(ok -> connectToAdapter(deviceCert))
.onComplete(ctx.failing(t -> {
// THEN the connection is refused
ctx.verify(() -> assertThat(t).isInstanceOf(SaslException.class));
ctx.completeNow();
}));
}
Example #14
| Source File: ServerTofaTest.java From cava with Apache License 2.0 | 6 votes |
|
@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
knownClientsFile = tempDir.resolve("known-clients.txt");
Files.write(knownClientsFile, Arrays.asList("#First line", "foobar.com " + DUMMY_FINGERPRINT));
SelfSignedCertificate serverCert = SelfSignedCertificate.create();
HttpServerOptions options = new HttpServerOptions();
options
.setSsl(true)
.setClientAuth(ClientAuth.REQUIRED)
.setPemKeyCertOptions(serverCert.keyCertOptions())
.setTrustOptions(VertxTrustOptions.trustClientOnFirstAccess(knownClientsFile, false))
.setIdleTimeout(1500)
.setReuseAddress(true)
.setReusePort(true);
httpServer = vertx.createHttpServer(options);
SecurityTestUtils.configureAndStartTestServer(httpServer);
}
Example #15
| Source File: ServerRecordTest.java From cava with Apache License 2.0 | 6 votes |
|
@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
knownClientsFile = tempDir.resolve("known-clients.txt");
Files.write(knownClientsFile, Arrays.asList("#First line", "foobar.com " + DUMMY_FINGERPRINT));
SelfSignedCertificate serverCert = SelfSignedCertificate.create();
HttpServerOptions options = new HttpServerOptions();
options
.setSsl(true)
.setClientAuth(ClientAuth.REQUIRED)
.setPemKeyCertOptions(serverCert.keyCertOptions())
.setTrustOptions(VertxTrustOptions.recordClientFingerprints(knownClientsFile, false))
.setIdleTimeout(1500)
.setReuseAddress(true)
.setReusePort(true);
httpServer = vertx.createHttpServer(options);
SecurityTestUtils.configureAndStartTestServer(httpServer);
}
Example #16
| Source File: AmqpAdapterTestBase.java From hono with Eclipse Public License 2.0 | 6 votes |
|
/**
* Connects to the AMQP protocol adapter using a client certificate.
*
* @param clientCertificate The certificate to use for authentication.
* @return A succeeded future containing the established connection.
*/
protected Future<ProtonConnection> connectToAdapter(final SelfSignedCertificate clientCertificate) {
final Promise<ProtonConnection> result = Promise.promise();
final ProtonClient client = ProtonClient.create(VERTX);
final ProtonClientOptions secureOptions = new ProtonClientOptions(defaultOptions);
secureOptions.setKeyCertOptions(clientCertificate.keyCertOptions());
secureOptions.addEnabledSaslMechanism(ProtonSaslExternalImpl.MECH_NAME);
client.connect(
secureOptions,
IntegrationTestSupport.AMQP_HOST,
IntegrationTestSupport.AMQPS_PORT,
result);
return result.future().compose(this::handleConnectAttempt);
}
Example #17
| Source File: ServerWhitelistTest.java From cava with Apache License 2.0 | 6 votes |
|
@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
knownClientsFile = tempDir.resolve("known-clients.txt");
Files.write(knownClientsFile, Arrays.asList("#First line", "foo.com " + fooFingerprint));
SelfSignedCertificate serverCert = SelfSignedCertificate.create();
HttpServerOptions options = new HttpServerOptions();
options
.setSsl(true)
.setClientAuth(ClientAuth.REQUIRED)
.setPemKeyCertOptions(serverCert.keyCertOptions())
.setTrustOptions(VertxTrustOptions.whitelistClients(knownClientsFile, false))
.setIdleTimeout(1500)
.setReuseAddress(true)
.setReusePort(true);
httpServer = vertx.createHttpServer(options);
SecurityTestUtils.configureAndStartTestServer(httpServer);
}
Example #18
| Source File: ClientTofuTest.java From cava with Apache License 2.0 | 6 votes |
|
@BeforeAll
static void startServers(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
SelfSignedCertificate caSignedCert = SelfSignedCertificate.create("localhost");
SecurityTestUtils.configureJDKTrustStore(tempDir, caSignedCert);
caValidFingerprint = certificateHexFingerprint(Paths.get(caSignedCert.keyCertOptions().getCertPath()));
caValidServer = vertx
.createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(caSignedCert.keyCertOptions()))
.requestHandler(context -> context.response().end("OK"));
startServer(caValidServer);
SelfSignedCertificate fooCert = SelfSignedCertificate.create("foo.com");
fooFingerprint = certificateHexFingerprint(Paths.get(fooCert.keyCertOptions().getCertPath()));
fooServer = vertx
.createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(fooCert.keyCertOptions()))
.requestHandler(context -> context.response().end("OK"));
startServer(fooServer);
SelfSignedCertificate foobarCert = SelfSignedCertificate.create("foobar.com");
foobarFingerprint = certificateHexFingerprint(Paths.get(foobarCert.keyCertOptions().getCertPath()));
foobarServer = vertx
.createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(foobarCert.keyCertOptions()))
.requestHandler(context -> context.response().end("OK"));
startServer(foobarServer);
}
Example #19
| Source File: ClientCaOrTofuTest.java From cava with Apache License 2.0 | 6 votes |
|
@BeforeAll
static void startServers(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
SelfSignedCertificate caSignedCert = SelfSignedCertificate.create("localhost");
SecurityTestUtils.configureJDKTrustStore(tempDir, caSignedCert);
caValidFingerprint = certificateHexFingerprint(Paths.get(caSignedCert.keyCertOptions().getCertPath()));
caValidServer = vertx
.createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(caSignedCert.keyCertOptions()))
.requestHandler(context -> context.response().end("OK"));
startServer(caValidServer);
SelfSignedCertificate fooCert = SelfSignedCertificate.create("foo.com");
fooFingerprint = certificateHexFingerprint(Paths.get(fooCert.keyCertOptions().getCertPath()));
fooServer = vertx
.createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(fooCert.keyCertOptions()))
.requestHandler(context -> context.response().end("OK"));
startServer(fooServer);
SelfSignedCertificate foobarCert = SelfSignedCertificate.create("foobar.com");
foobarFingerprint = certificateHexFingerprint(Paths.get(foobarCert.keyCertOptions().getCertPath()));
foobarServer = vertx
.createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(foobarCert.keyCertOptions()))
.requestHandler(context -> context.response().end("OK"));
startServer(foobarServer);
}
Example #20
| Source File: ClientWhitelistTest.java From cava with Apache License 2.0 | 6 votes |
|
@BeforeAll
static void startServers(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
SelfSignedCertificate caSignedCert = SelfSignedCertificate.create("localhost");
caValidFingerprint = certificateHexFingerprint(Paths.get(caSignedCert.keyCertOptions().getCertPath()));
SecurityTestUtils.configureJDKTrustStore(tempDir, caSignedCert);
caValidServer = vertx
.createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(caSignedCert.keyCertOptions()))
.requestHandler(context -> context.response().end("OK"));
startServer(caValidServer);
SelfSignedCertificate fooCert = SelfSignedCertificate.create("foo.com");
fooFingerprint = certificateHexFingerprint(Paths.get(fooCert.keyCertOptions().getCertPath()));
fooServer = vertx
.createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(fooCert.keyCertOptions()))
.requestHandler(context -> context.response().end("OK"));
startServer(fooServer);
SelfSignedCertificate barCert = SelfSignedCertificate.create("bar.com");
barFingerprint = certificateHexFingerprint(Paths.get(barCert.keyCertOptions().getCertPath()));
barServer = vertx
.createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(barCert.keyCertOptions()))
.requestHandler(context -> context.response().end("OK"));
startServer(barServer);
}
Example #21
| Source File: ClientCaOrWhitelistTest.java From cava with Apache License 2.0 | 6 votes |
|
@BeforeAll
static void startServers(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
SelfSignedCertificate caSignedCert = SelfSignedCertificate.create("localhost");
SecurityTestUtils.configureJDKTrustStore(tempDir, caSignedCert);
caValidServer = vertx
.createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(caSignedCert.keyCertOptions()))
.requestHandler(context -> context.response().end("OK"));
startServer(caValidServer);
SelfSignedCertificate fooCert = SelfSignedCertificate.create("foo.com");
fooFingerprint = certificateHexFingerprint(Paths.get(fooCert.keyCertOptions().getCertPath()));
fooServer = vertx
.createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(fooCert.keyCertOptions()))
.requestHandler(context -> context.response().end("OK"));
startServer(fooServer);
SelfSignedCertificate barCert = SelfSignedCertificate.create("bar.com");
barFingerprint = certificateHexFingerprint(Paths.get(barCert.keyCertOptions().getCertPath()));
barServer = vertx
.createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(barCert.keyCertOptions()))
.requestHandler(context -> context.response().end("OK"));
startServer(barServer);
}
Example #22
| Source File: HttpTestBase.java From hono with Eclipse Public License 2.0 | 6 votes |
|
/**
* Sets up the fixture.
*
* @param testInfo Meta info about the test being run.
*/
@BeforeEach
public void setUp(final TestInfo testInfo) {
testStartTimeMillis = System.currentTimeMillis();
logger.info("running {}", testInfo.getDisplayName());
logger.info("using HTTP adapter [host: {}, http port: {}, https port: {}]",
IntegrationTestSupport.HTTP_HOST,
IntegrationTestSupport.HTTP_PORT,
IntegrationTestSupport.HTTPS_PORT);
deviceCert = SelfSignedCertificate.create(UUID.randomUUID().toString());
httpClient = new CrudHttpClient(VERTX, new HttpClientOptions(defaultOptions));
httpClientWithClientCert = new CrudHttpClient(VERTX, new HttpClientOptions(defaultOptions)
.setKeyCertOptions(deviceCert.keyCertOptions()));
tenantId = helper.getRandomTenantId();
deviceId = helper.getRandomDeviceId(tenantId);
authorization = getBasicAuth(tenantId, deviceId, PWD);
}
Example #23
| Source File: ServerCaOrRecordTest.java From cava with Apache License 2.0 | 6 votes |
|
@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
knownClientsFile = tempDir.resolve("known-clients.txt");
Files.write(knownClientsFile, Arrays.asList("#First line", "foobar.com " + DUMMY_FINGERPRINT));
SelfSignedCertificate serverCert = SelfSignedCertificate.create();
HttpServerOptions options = new HttpServerOptions();
options
.setSsl(true)
.setClientAuth(ClientAuth.REQUIRED)
.setPemKeyCertOptions(serverCert.keyCertOptions())
.setTrustOptions(VertxTrustOptions.recordClientFingerprints(knownClientsFile))
.setIdleTimeout(1500)
.setReuseAddress(true)
.setReusePort(true);
httpServer = vertx.createHttpServer(options);
SecurityTestUtils.configureAndStartTestServer(httpServer);
}
Example #24
| Source File: SecurityTestUtils.java From cava with Apache License 2.0 | 6 votes |
|
static void configureJDKTrustStore(Path workDir, SelfSignedCertificate clientCert) throws Exception {
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, null);
KeyFactory kf = KeyFactory.getInstance("RSA");
PKCS8EncodedKeySpec keysp = new PKCS8EncodedKeySpec(readPemFile(new File(clientCert.privateKeyPath()).toPath()));
PrivateKey clientPrivateKey = kf.generatePrivate(keysp);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate certificate = cf.generateCertificate(
new ByteArrayInputStream(Files.readAllBytes(new File(clientCert.certificatePath()).toPath())));
ks.setCertificateEntry("clientCert", certificate);
ks.setKeyEntry("client", clientPrivateKey, "changeit".toCharArray(), new Certificate[] {certificate});
Path tempKeystore = Files.createTempFile(workDir, "keystore", ".jks");
try (FileOutputStream output = new FileOutputStream(tempKeystore.toFile());) {
ks.store(output, "changeit".toCharArray());
}
System.setProperty("javax.net.ssl.trustStore", tempKeystore.toString());
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
}
Example #25
| Source File: ServerCaOrTofaTest.java From cava with Apache License 2.0 | 6 votes |
|
@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
knownClientsFile = tempDir.resolve("known-clients.txt");
Files.write(knownClientsFile, Arrays.asList("#First line", "foobar.com " + DUMMY_FINGERPRINT));
SelfSignedCertificate serverCert = SelfSignedCertificate.create();
HttpServerOptions options = new HttpServerOptions();
options
.setSsl(true)
.setClientAuth(ClientAuth.REQUIRED)
.setPemKeyCertOptions(serverCert.keyCertOptions())
.setTrustOptions(VertxTrustOptions.trustClientOnFirstAccess(knownClientsFile))
.setIdleTimeout(1500)
.setReuseAddress(true)
.setReusePort(true);
httpServer = vertx.createHttpServer(options);
SecurityTestUtils.configureAndStartTestServer(httpServer);
}
Example #26
| Source File: CAOrTofuSecurityTest.java From orion with Apache License 2.0 | 6 votes |
|
@BeforeAll
static void setUp(@TempDirectory final Path tempDir) throws Exception {
final SelfSignedCertificate serverCertificate = SelfSignedCertificate.create("localhost");
config = generateAndLoadConfiguration(tempDir, writer -> {
writer.write("tlsservertrust='" + TRUST_MODE + "'\n");
writer.write("clientconnectiontls='strict'\n");
writer.write("clientconnectiontlsservertrust='" + TRUST_MODE + "'\n");
writeServerCertToConfig(writer, serverCertificate);
writeClientConnectionServerCertToConfig(writer, serverCertificate);
});
final SelfSignedCertificate nonCAClientCertificate = SelfSignedCertificate.create("example.com");
exampleComFingerprint = certificateHexFingerprint(Paths.get(nonCAClientCertificate.keyCertOptions().getCertPath()));
nonCAhttpClient = vertx.createHttpClient(
new HttpClientOptions().setSsl(true).setTrustAll(true).setKeyCertOptions(
nonCAClientCertificate.keyCertOptions()));
final SelfSignedCertificate clientCert = SelfSignedCertificate.create("other.com");
configureJDKTrustStore(clientCert, tempDir);
httpClient = vertx.createHttpClient(
new HttpClientOptions().setSsl(true).setTrustAll(true).setKeyCertOptions(clientCert.keyCertOptions()));
orion = new Orion(vertx);
orion.run(config, false);
}
Example #27
| Source File: InsecureSecurityTest.java From orion with Apache License 2.0 | 6 votes |
|
@BeforeAll
static void setUp(@TempDirectory final Path tempDir) throws Exception {
final SelfSignedCertificate serverCertificate = SelfSignedCertificate.create("localhost");
config = generateAndLoadConfiguration(tempDir, writer -> {
writer.write("tlsservertrust='" + TRUST_MODE + "'\n");
writer.write("clientconnectiontls='strict'\n");
writer.write("clientconnectiontlsservertrust='" + TRUST_MODE + "'\n");
writeServerCertToConfig(writer, serverCertificate);
writeClientConnectionServerCertToConfig(writer, serverCertificate);
});
configureJDKTrustStore(serverCertificate, tempDir);
final SelfSignedCertificate clientCertificate = SelfSignedCertificate.create("example.com");
exampleComFingerprint = certificateHexFingerprint(Paths.get(clientCertificate.keyCertOptions().getCertPath()));
httpClient = vertx
.createHttpClient(new HttpClientOptions().setSsl(true).setKeyCertOptions(clientCertificate.keyCertOptions()));
orion = new Orion(vertx);
orion.run(config, false);
}
Example #28
| Source File: TofuNodeClientTest.java From orion with Apache License 2.0 | 6 votes |
|
@BeforeEach
void setUp() throws Exception {
final SelfSignedCertificate serverCert = SelfSignedCertificate.create("foo.com");
fooFingerprint = certificateHexFingerprint(Paths.get(serverCert.keyCertOptions().getCertPath()));
Files.write(knownServersFile, Collections.singletonList("#First line"));
final Router dummyRouter = Router.router(vertx);
final ReadOnlyNetworkNodes payload =
new ReadOnlyNetworkNodes(URI.create("http://www.example.com"), Collections.emptyMap());
dummyRouter.post("/partyinfo").handler(routingContext -> {
routingContext.response().end(Buffer.buffer(Serializer.serialize(HttpContentType.CBOR, payload)));
});
client = NodeHttpClientBuilder.build(vertx, config, 100);
tofuServer = vertx
.createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(serverCert.keyCertOptions()))
.requestHandler(dummyRouter::accept);
startServer(tofuServer);
}
Example #29
| Source File: TestUtils.java From orion with Apache License 2.0 | 6 votes |
|
public static void configureJDKTrustStore(final SelfSignedCertificate clientCert, final Path tempDir)
throws Exception {
final KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, null);
final KeyFactory kf = KeyFactory.getInstance("RSA");
final PKCS8EncodedKeySpec keysp = new PKCS8EncodedKeySpec(readPemFile(Paths.get(clientCert.privateKeyPath())));
final PrivateKey clientPrivateKey = kf.generatePrivate(keysp);
final CertificateFactory cf = CertificateFactory.getInstance("X.509");
final Certificate certificate = cf.generateCertificate(
new ByteArrayInputStream(Files.readAllBytes(new File(clientCert.certificatePath()).toPath())));
ks.setCertificateEntry("clientCert", certificate);
ks.setKeyEntry("client", clientPrivateKey, "changeit".toCharArray(), new Certificate[] {certificate});
final Path tempKeystore = tempDir.resolve("keystore.jks");
try (final FileOutputStream output = new FileOutputStream(tempKeystore.toFile())) {
ks.store(output, "changeit".toCharArray());
}
System.setProperty("javax.net.ssl.trustStore", tempKeystore.toString());
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
}
Example #30
| Source File: CertificateAuthoritySecurityTest.java From orion with Apache License 2.0 | 6 votes |
|
@BeforeAll
static void setUp(@TempDirectory final Path tempDir) throws Exception {
final SelfSignedCertificate serverCertificate = SelfSignedCertificate.create("localhost");
config = generateAndLoadConfiguration(tempDir, writer -> {
writer.write("tlsservertrust='" + TRUST_MODE + "'\n");
writer.write("clientconnectiontls='strict'\n");
writer.write("clientconnectiontlsservertrust='" + TRUST_MODE + "'\n");
writeServerCertToConfig(writer, serverCertificate);
writeClientConnectionServerCertToConfig(writer, serverCertificate);
});
final SelfSignedCertificate clientCert = SelfSignedCertificate.create("example.com");
TestUtils.configureJDKTrustStore(clientCert, tempDir);
httpClient = vertx.createHttpClient(
new HttpClientOptions().setSsl(true).setTrustAll(true).setKeyCertOptions(clientCert.keyCertOptions()));
orion = new Orion(vertx);
orion.run(config, false);
}
