io.vertx.core.http.ClientAuth Java Examples

@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foobar.com " + DUMMY_FINGERPRINT));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.recordClientFingerprints(knownClientsFile, false))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}
 

public static NetServerOptions getNetServerOptions(EncryptionOptions eo) {
    if (eo == null) {
        return new NetServerOptions();
    }
    NetServerOptions options = new NetServerOptions().setSsl(true);
    options.setKeyStoreOptions(new JksOptions().setPath(eo.keystore).setPassword(eo.keystore_password));

    if (eo.truststore != null) {
        if (eo.require_client_auth) {
            options.setClientAuth(ClientAuth.REQUIRED);
        }
        options.setTrustStoreOptions(new JksOptions().setPath(eo.truststore).setPassword(eo.truststore_password));
    }

    if (eo.cipher_suites != null) {
        for (String cipherSuitee : eo.cipher_suites)
            options.addEnabledCipherSuite(cipherSuitee);
    }
    return options;
}
 

@Test
public void testbuildHttpServerOptionsRequest() {
  SSLOption option = SSLOption.buildFromYaml("rest.provider");
  SSLCustom custom = SSLCustom.createSSLCustom(option.getSslCustomClass());
  HttpServerOptions serverOptions = new HttpServerOptions();

  new MockUp<SSLOption>() {

    @Mock
    public boolean isAuthPeer() {
      return false;
    }
  };
  VertxTLSBuilder.buildNetServerOptions(option, custom, serverOptions);
  Assert.assertEquals(serverOptions.getEnabledSecureTransportProtocols().toArray().length, 1);
  Assert.assertEquals(serverOptions.getClientAuth(), ClientAuth.REQUEST);
}
 

@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foobar.com " + DUMMY_FINGERPRINT));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.trustClientOnFirstAccess(knownClientsFile))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}
 

@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foobar.com " + DUMMY_FINGERPRINT));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.recordClientFingerprints(knownClientsFile))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}
 

@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foo.com " + fooFingerprint));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.whitelistClients(knownClientsFile, false))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}
 

@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foo.com " + fooFingerprint));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.whitelistClients(knownClientsFile))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}
 

@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foobar.com " + DUMMY_FINGERPRINT));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.recordClientFingerprints(knownClientsFile, false))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}
 

@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foobar.com " + DUMMY_FINGERPRINT));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.trustClientOnFirstAccess(knownClientsFile, false))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}
 

private void testUntrustedClient(boolean useAlpn) {
    Properties properties = new Properties();
    properties.setProperty("vertx.http.client.ssl", "true");
    properties.setProperty("vertx.http.client.use-alpn", String.valueOf(useAlpn));
    properties.setProperty("vertx.http.client.protocol-version",
        useAlpn ? HttpVersion.HTTP_2.name() : HttpVersion.HTTP_1_1.name());
    properties.setProperty("vertx.http.server.ssl", "true");
    properties.setProperty("vertx.http.server.useAlpn", Boolean.toString(useAlpn));
    properties.setProperty("vertx.http.server.client-auth", ClientAuth.REQUIRED.name());
    properties.setProperty("server.ssl.key-store-type", "JKS");
    properties.setProperty("server.ssl.key-store", SERVER_KEYSTORE.getPath());
    properties.setProperty("server.ssl.key-store-password", SERVER_KEYSTORE.getPassword());

    startServerWithoutSecurity(properties, ClientStoresCustomizer.class, useAlpn ? NoopHttp2Router.class : NoopHttp11Router.class);

    try {
        getWebTestClient()
            .get()
            .exchange();
        fail("SSLHandshakeException expected");
    } catch (RuntimeException e) {
        assertThat(e.getCause()).isInstanceOf(SSLHandshakeException.class);
    }
}
 

private void testSecureRequest(boolean useAlpn) {
    Properties properties = new Properties();
    properties.setProperty("vertx.http.client.ssl", "true");
    properties.setProperty("vertx.http.client.use-alpn", String.valueOf(useAlpn));
    properties.setProperty("vertx.http.client.protocol-version",
        useAlpn ? HttpVersion.HTTP_2.name() : HttpVersion.HTTP_1_1.name());
    properties.setProperty("vertx.http.server.ssl", "true");
    properties.setProperty("vertx.http.server.useAlpn", Boolean.toString(useAlpn));
    properties.setProperty("vertx.http.server.client-auth", ClientAuth.REQUIRED.name());
    properties.setProperty("server.ssl.key-store-type", "JKS");
    properties.setProperty("server.ssl.key-store", SERVER_KEYSTORE.getPath());
    properties.setProperty("server.ssl.key-store-password", SERVER_KEYSTORE.getPassword());
    properties.setProperty("server.ssl.trust-store-type", "JKS");
    properties.setProperty("server.ssl.trust-store", SERVER_TRUSTSTORE.getPath());
    properties.setProperty("server.ssl.trust-store-password", SERVER_TRUSTSTORE.getPassword());


    startServerWithoutSecurity(properties, ClientStoresCustomizer.class, useAlpn ? NoopHttp2Router.class : NoopHttp11Router.class);

    getWebTestClient()
        .get()
        .exchange()
        .expectStatus()
        .isNoContent();
}
 

@Test
public void verifyHttpServerProperties() {
    Properties originalProperties = new Properties();
    originalProperties.setProperty("vertx.http.server.host", "localhost");
    originalProperties.setProperty("vertx.http.server.port", "8082");
    originalProperties.setProperty("vertx.http.server.client-auth", "REQUIRED");
    originalProperties.setProperty("vertx.http.server.sni", "true");
    originalProperties.setProperty("vertx.http.server.alpn-versions", "HTTP_1_1,HTTP_2");
    originalProperties.setProperty("vertx.http.server.http2-extra-settings.1", "10");
    originalProperties.setProperty("vertx.http.server.http2-extra-settings.2", "20");
    originalProperties.setProperty("vertx.http.server.idle-timeout-unit", "HOURS");
    originalProperties.setProperty("vertx.http.server.enabled-cipher-suites", "cipher1,cipher2");
    startServerWithoutSecurity(originalProperties);

    HttpServerProperties expectedProperties = getBean(HttpServerProperties.class);

    assertThat(expectedProperties.getPort()).isEqualTo(8082);
    assertThat(expectedProperties.getHost()).isEqualTo("localhost");
    assertThat(expectedProperties.getClientAuth()).isEqualTo(ClientAuth.REQUIRED);
    assertThat(expectedProperties.isSni()).isTrue();
    assertThat(expectedProperties.getAlpnVersions()).containsOnly(HttpVersion.HTTP_1_1, HttpVersion.HTTP_2);
    assertThat(expectedProperties.getHttp2ExtraSettings())
        .containsOnly(new HashMap.SimpleEntry<>(1, 10L), new HashMap.SimpleEntry<>(2, 20L));
    assertThat(expectedProperties.getIdleTimeoutUnit()).isEqualTo(TimeUnit.HOURS);
    assertThat(expectedProperties.getEnabledCipherSuites()).containsOnly("cipher1", "cipher2");
}
 

@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foobar.com " + DUMMY_FINGERPRINT));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.trustClientOnFirstAccess(knownClientsFile, false))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}
 

@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foo.com " + fooFingerprint));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.whitelistClients(knownClientsFile))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}
 

private static HttpServerOptions applyClientAuthentication(
    final HttpServerOptions input, final ClientAuthConstraints constraints) {
  final HttpServerOptions result = new HttpServerOptions(input);

  result.setClientAuth(ClientAuth.REQUIRED);
  try {
    constraints
        .getKnownClientsFile()
        .ifPresent(
            whitelistFile ->
                result.setTrustOptions(
                    VertxTrustOptions.whitelistClients(
                        whitelistFile.toPath(), constraints.isCaAuthorizedClientAllowed())));
  } catch (final IllegalArgumentException e) {
    throw new InitializationException("Illegally formatted client fingerprint file.");
  }

  return result;
}
 

@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foobar.com " + DUMMY_FINGERPRINT));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.trustClientOnFirstAccess(knownClientsFile))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}
 

@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foobar.com " + DUMMY_FINGERPRINT));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.recordClientFingerprints(knownClientsFile))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}
 

@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foo.com " + fooFingerprint));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.whitelistClients(knownClientsFile, false))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}
 

@Test
public void shouldSetNoneClientAuth() {
    given(mockSsl.getClientAuth()).willReturn(Ssl.ClientAuth.NONE);

    customizer.apply(mockHttpServerOptions);

    verify(mockHttpServerOptions).setClientAuth(ClientAuth.NONE);
}
 

private void doClientCertificateTestImpl(TestContext context, boolean supplyClientCert) throws InterruptedException,
                                                                                        ExecutionException {
  Async async = context.async();

  // Create a server that accept a connection and expects a client connection+session+receiver
  ProtonServerOptions serverOptions = new ProtonServerOptions();
  serverOptions.setSsl(true);
  serverOptions.setClientAuth(ClientAuth.REQUIRED);
  PfxOptions serverPfxOptions = new PfxOptions().setPath(KEYSTORE).setPassword(PASSWORD);
  serverOptions.setPfxKeyCertOptions(serverPfxOptions);

  PfxOptions pfxOptions = new PfxOptions().setPath(TRUSTSTORE).setPassword(PASSWORD);
  serverOptions.setPfxTrustOptions(pfxOptions);

  protonServer = createServer(serverOptions, this::handleClientConnectionSessionReceiverOpen);

  // Try to connect the client
  ProtonClientOptions clientOptions = new ProtonClientOptions();
  clientOptions.setSsl(true);
  clientOptions.setPfxTrustOptions(pfxOptions);

  if (supplyClientCert) {
    PfxOptions clientKeyPfxOptions = new PfxOptions().setPath(KEYSTORE_CLIENT).setPassword(PASSWORD);
    clientOptions.setPfxKeyCertOptions(clientKeyPfxOptions);
  }

  ProtonClient client = ProtonClient.create(vertx);
  client.connect(clientOptions, "localhost", protonServer.actualPort(), res -> {
    if (supplyClientCert) {
      // Expect connect to succeed
      context.assertTrue(res.succeeded());
    } else {
      // Expect connect to fail
      context.assertFalse(res.succeeded());
    }
    async.complete();
  });

  async.awaitSuccess();
}
 

@Before
public void before(TestContext context) {
  MqttServerOptions options = new MqttServerOptions()
    .setPort(MQTT_SERVER_TLS_PORT)
    .setKeyCertOptions(Cert.SERVER_PEM_ROOT_CA.get())
    .setTrustOptions(Trust.SERVER_PEM_ROOT_CA.get())
    .setSsl(true)
    .setClientAuth(ClientAuth.REQUEST);

  this.setUp(context, options);
}
 

/**
 * Adds TLS trust anchor configuration to a given set of server options.
 * <p>
 * The options for configuring the server side trust anchor are
 * determined by invoking the {@link #getServerTrustOptions()} method.
 * However, the trust anchor options returned by that method will only be added to the
 * given server options if its <em>ssl</em> flag is set to {@code true} and if its
 * <em>trustOptions</em> property is {@code null}.
 *
 * @param serverOptions The options to add configuration to.
 */
protected final void addTlsTrustOptions(final NetServerOptions serverOptions) {

    if (serverOptions.isSsl() && serverOptions.getTrustOptions() == null) {

        final TrustOptions trustOptions = getServerTrustOptions();
        if (trustOptions != null) {
            serverOptions.setTrustOptions(trustOptions).setClientAuth(ClientAuth.REQUEST);
            log.info("enabling client authentication using certificates [{}]", trustOptions.getClass().getName());
        }
    }
}
 

@Test
public void testbuildHttpServerOptions() {
  SSLOption option = SSLOption.buildFromYaml("rest.provider");
  SSLCustom custom = SSLCustom.createSSLCustom(option.getSslCustomClass());
  HttpServerOptions serverOptions = new HttpServerOptions();
  VertxTLSBuilder.buildNetServerOptions(option, custom, serverOptions);
  Assert.assertEquals(serverOptions.getEnabledSecureTransportProtocols().toArray().length, 1);
  Assert.assertEquals(serverOptions.getClientAuth(), ClientAuth.REQUEST);
}
 

public static NetServerOptions buildNetServerOptions(SSLOption sslOption, SSLCustom sslCustom,
    NetServerOptions netServerOptions) {
  buildTCPSSLOptions(sslOption, sslCustom, netServerOptions);
  if (sslOption.isAuthPeer()) {
    netServerOptions.setClientAuth(ClientAuth.REQUIRED);
  } else {
    netServerOptions.setClientAuth(ClientAuth.REQUEST);
  }
  return netServerOptions;
}
 

private static void setEventBusOptions(VertxConfiguration conf, VertxOptions options) {
    EventBusConfiguration eb = conf.eventbus;
    EventBusOptions opts = new EventBusOptions();
    opts.setAcceptBacklog(eb.acceptBacklog.orElse(-1));
    opts.setClientAuth(ClientAuth.valueOf(eb.clientAuth.toUpperCase()));
    opts.setConnectTimeout((int) (Math.min(Integer.MAX_VALUE, eb.connectTimeout.toMillis())));
    // todo: use timeUnit cleverly
    opts.setIdleTimeout(
            eb.idleTimeout.isPresent() ? (int) Math.max(1, Math.min(Integer.MAX_VALUE, eb.idleTimeout.get().getSeconds()))
                    : 0);
    opts.setSendBufferSize(eb.sendBufferSize.orElse(-1));
    opts.setSoLinger(eb.soLinger.orElse(-1));
    opts.setSsl(eb.ssl);
    opts.setReceiveBufferSize(eb.receiveBufferSize.orElse(-1));
    opts.setReconnectAttempts(eb.reconnectAttempts);
    opts.setReconnectInterval(eb.reconnectInterval.toMillis());
    opts.setReuseAddress(eb.reuseAddress);
    opts.setReusePort(eb.reusePort);
    opts.setTrafficClass(eb.trafficClass.orElse(-1));
    opts.setTcpKeepAlive(eb.tcpKeepAlive);
    opts.setTcpNoDelay(eb.tcpNoDelay);
    opts.setTrustAll(eb.trustAll);

    // Certificates and trust.
    configurePemKeyCertOptions(opts, eb.keyCertificatePem);
    configureJksKeyCertOptions(opts, eb.keyCertificateJks);
    configurePfxKeyCertOptions(opts, eb.keyCertificatePfx);

    configurePemTrustOptions(opts, eb.trustCertificatePem);
    configureJksKeyCertOptions(opts, eb.trustCertificateJks);
    configurePfxTrustOptions(opts, eb.trustCertificatePfx);

    options.setEventBusOptions(opts);
}
 

private void applyTlsClientAuth(
    final TlsClientAuthConfiguration clientAuthConfiguration,
    final HttpServerOptions httpServerOptions) {
  httpServerOptions.setClientAuth(ClientAuth.REQUIRED);
  clientAuthConfiguration
      .getKnownClientsFile()
      .ifPresent(
          knownClientsFile ->
              httpServerOptions.setTrustOptions(
                  whitelistClients(
                      knownClientsFile, clientAuthConfiguration.isCaClientsEnabled())));
}
 

private ClientAuth clientAuthAdapter(Ssl.ClientAuth clientAuth) {
    switch (clientAuth) {
        case WANT:
            return ClientAuth.REQUEST;
        case NEED:
            return ClientAuth.REQUIRED;
        default:
            return ClientAuth.NONE;
    }
}
 

@Test
public void shouldSetWantClientAuth() {
    given(mockSsl.getClientAuth()).willReturn(Ssl.ClientAuth.WANT);

    customizer.apply(mockHttpServerOptions);

    verify(mockHttpServerOptions).setClientAuth(ClientAuth.REQUEST);
}
 

@Test
public void shouldSetNeedClientAuth() {
    given(mockSsl.getClientAuth()).willReturn(Ssl.ClientAuth.NEED);

    customizer.apply(mockHttpServerOptions);

    verify(mockHttpServerOptions).setClientAuth(ClientAuth.REQUIRED);
}
 

private void bind(int p, Handler<AsyncResult<Void>> completion) {
    // Get port number.
    final int thePort = pickAPort(port);
    HttpServerOptions options = new HttpServerOptions();
    if (ssl) {
        options.setSsl(true);
        options.setTrustStoreOptions(SSLServerContext.getTrustStoreOption(accessor));
        options.setKeyStoreOptions(SSLServerContext.getKeyStoreOption(accessor));
        if (authentication) {
            options.setClientAuth(ClientAuth.REQUIRED);
        }
    }

    if (hasCompressionEnabled()) {
        options.setCompressionSupported(true);
    }

    if (configuration.getIntegerWithDefault("vertx.acceptBacklog", -1) != -1) {
        options.setAcceptBacklog(configuration.getInteger("vertx.acceptBacklog"));
    }
    if (configuration.getIntegerWithDefault("vertx.maxWebSocketFrameSize", -1) != -1) {
        options.setMaxWebsocketFrameSize(configuration.getInteger("vertx.maxWebSocketFrameSize"));
    }
    if (configuration.getStringArray("wisdom.websocket.subprotocols").length > 0) {
        options.setWebsocketSubProtocols(configuration.get("wisdom.websocket.subprotocols"));
    }
    if (configuration.getStringArray("vertx.websocket-subprotocols").length > 0) {
        options.setWebsocketSubProtocols(configuration.get("vertx.websocket-subprotocols"));
    }
    if (configuration.getIntegerWithDefault("vertx.receiveBufferSize", -1) != -1) {
        options.setReceiveBufferSize(configuration.getInteger("vertx.receiveBufferSize"));
    }
    if (configuration.getIntegerWithDefault("vertx.sendBufferSize", -1) != -1) {
        options.setSendBufferSize(configuration.getInteger("vertx.sendBufferSize"));
    }

    http = vertx.createHttpServer(options)
            .requestHandler(new HttpHandler(vertx, accessor, this))
            .websocketHandler(new WebSocketHandler(accessor, this));

    http.listen(thePort, host, event -> {
        if (event.succeeded()) {
            logger.info("Wisdom is going to serve HTTP requests on port {}.", thePort);
            port = thePort;
            completion.handle(Future.succeededFuture());
        } else if (port == 0) {
            logger.debug("Cannot bind on port {} (port already used probably)", thePort, event.cause());
            bind(0, completion);
        } else {
            logger.error("Cannot bind on port {} (port already used probably)", thePort, event.cause());
            completion.handle(Future.failedFuture("Cannot bind on port " + thePort));
        }
    });
}