io.vertx.core.net.SelfSignedCertificate Java Exaples

Source File: ServerCaOrWhitelistTest.java From cava with Apache License 2.0

6 votes

@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foo.com " + fooFingerprint));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.whitelistClients(knownClientsFile))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}

Source File: ServerCaOrRecordTest.java From incubator-tuweni with Apache License 2.0

6 votes

@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foobar.com " + DUMMY_FINGERPRINT));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.recordClientFingerprints(knownClientsFile))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}

Source File: ServerCaOrTofaTest.java From incubator-tuweni with Apache License 2.0

6 votes

@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foobar.com " + DUMMY_FINGERPRINT));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.trustClientOnFirstAccess(knownClientsFile))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}

Source File: MqttTestBase.java From hono with Eclipse Public License 2.0

6 votes

/**
 * Opens a connection to the MQTT adapter using an X.509 client certificate.
 *
 * @param cert The client certificate to use for authentication.
 * @return A future that will be completed with the CONNACK packet received
 *         from the adapter or failed with a {@link MqttConnectionException}
 *         if the connection could not be established.
 */
protected final Future<MqttConnAckMessage> connectToAdapter(
        final SelfSignedCertificate cert) {

    final Promise<MqttConnAckMessage> result = Promise.promise();
    VERTX.runOnContext(connect -> {
        final MqttClientOptions options = new MqttClientOptions()
                .setTrustOptions(new PemTrustOptions().addCertPath(IntegrationTestSupport.TRUST_STORE_PATH))
                .setKeyCertOptions(cert.keyCertOptions())
                .setSsl(true);
        options.setHostnameVerificationAlgorithm("");
        mqttClient = MqttClient.create(VERTX, options);
        mqttClient.connect(IntegrationTestSupport.MQTTS_PORT, IntegrationTestSupport.MQTT_HOST, result);
    });
    return result.future().map(conAck -> {
        LOGGER.debug(
                "MQTTS connection to adapter [host: {}, port: {}] established",
                IntegrationTestSupport.MQTT_HOST, IntegrationTestSupport.MQTTS_PORT);
        this.context = Vertx.currentContext();
        return conAck;
    });
}

Source File: ClientCaOrWhitelistTest.java From incubator-tuweni with Apache License 2.0

6 votes

@BeforeAll
static void startServers(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  SelfSignedCertificate caSignedCert = SelfSignedCertificate.create("localhost");
  SecurityTestUtils.configureJDKTrustStore(tempDir, caSignedCert);
  caValidServer = vertx
      .createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(caSignedCert.keyCertOptions()))
      .requestHandler(context -> context.response().end("OK"));
  startServer(caValidServer);

  SelfSignedCertificate fooCert = SelfSignedCertificate.create("foo.com");
  fooFingerprint = certificateHexFingerprint(Paths.get(fooCert.keyCertOptions().getCertPath()));
  fooServer = vertx
      .createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(fooCert.keyCertOptions()))
      .requestHandler(context -> context.response().end("OK"));
  startServer(fooServer);

  SelfSignedCertificate barCert = SelfSignedCertificate.create("bar.com");
  barFingerprint = certificateHexFingerprint(Paths.get(barCert.keyCertOptions().getCertPath()));
  barServer = vertx
      .createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(barCert.keyCertOptions()))
      .requestHandler(context -> context.response().end("OK"));
  startServer(barServer);
}

Source File: ClientWhitelistTest.java From incubator-tuweni with Apache License 2.0

6 votes

@BeforeAll
static void startServers(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  SelfSignedCertificate caSignedCert = SelfSignedCertificate.create("localhost");
  caValidFingerprint = certificateHexFingerprint(Paths.get(caSignedCert.keyCertOptions().getCertPath()));
  SecurityTestUtils.configureJDKTrustStore(tempDir, caSignedCert);
  caValidServer = vertx
      .createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(caSignedCert.keyCertOptions()))
      .requestHandler(context -> context.response().end("OK"));
  startServer(caValidServer);

  SelfSignedCertificate fooCert = SelfSignedCertificate.create("foo.com");
  fooFingerprint = certificateHexFingerprint(Paths.get(fooCert.keyCertOptions().getCertPath()));
  fooServer = vertx
      .createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(fooCert.keyCertOptions()))
      .requestHandler(context -> context.response().end("OK"));
  startServer(fooServer);

  SelfSignedCertificate barCert = SelfSignedCertificate.create("bar.com");
  barFingerprint = certificateHexFingerprint(Paths.get(barCert.keyCertOptions().getCertPath()));
  barServer = vertx
      .createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(barCert.keyCertOptions()))
      .requestHandler(context -> context.response().end("OK"));
  startServer(barServer);
}

Source File: ClientCaOrTofuTest.java From incubator-tuweni with Apache License 2.0

6 votes

@BeforeAll
static void startServers(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  SelfSignedCertificate caSignedCert = SelfSignedCertificate.create("localhost");
  SecurityTestUtils.configureJDKTrustStore(tempDir, caSignedCert);
  caValidFingerprint = certificateHexFingerprint(Paths.get(caSignedCert.keyCertOptions().getCertPath()));
  caValidServer = vertx
      .createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(caSignedCert.keyCertOptions()))
      .requestHandler(context -> context.response().end("OK"));
  startServer(caValidServer);

  SelfSignedCertificate fooCert = SelfSignedCertificate.create("foo.com");
  fooFingerprint = certificateHexFingerprint(Paths.get(fooCert.keyCertOptions().getCertPath()));
  fooServer = vertx
      .createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(fooCert.keyCertOptions()))
      .requestHandler(context -> context.response().end("OK"));
  startServer(fooServer);

  SelfSignedCertificate foobarCert = SelfSignedCertificate.create("foobar.com");
  foobarFingerprint = certificateHexFingerprint(Paths.get(foobarCert.keyCertOptions().getCertPath()));
  foobarServer = vertx
      .createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(foobarCert.keyCertOptions()))
      .requestHandler(context -> context.response().end("OK"));
  startServer(foobarServer);
}

Source File: ServerWhitelistTest.java From incubator-tuweni with Apache License 2.0

6 votes

@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foo.com " + fooFingerprint));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.whitelistClients(knownClientsFile, false))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}

Source File: ServerCaOrWhitelistTest.java From incubator-tuweni with Apache License 2.0

6 votes

@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foo.com " + fooFingerprint));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.whitelistClients(knownClientsFile))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}

Source File: ServerRecordTest.java From incubator-tuweni with Apache License 2.0

6 votes

@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foobar.com " + DUMMY_FINGERPRINT));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.recordClientFingerprints(knownClientsFile, false))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}

Source File: ServerTofaTest.java From incubator-tuweni with Apache License 2.0

6 votes

@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foobar.com " + DUMMY_FINGERPRINT));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.trustClientOnFirstAccess(knownClientsFile, false))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}

Source File: ClientTofuTest.java From incubator-tuweni with Apache License 2.0

6 votes

@BeforeAll
static void startServers(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  SelfSignedCertificate caSignedCert = SelfSignedCertificate.create("localhost");
  SecurityTestUtils.configureJDKTrustStore(tempDir, caSignedCert);
  caValidFingerprint = certificateHexFingerprint(Paths.get(caSignedCert.keyCertOptions().getCertPath()));
  caValidServer = vertx
      .createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(caSignedCert.keyCertOptions()))
      .requestHandler(context -> context.response().end("OK"));
  startServer(caValidServer);

  SelfSignedCertificate fooCert = SelfSignedCertificate.create("foo.com");
  fooFingerprint = certificateHexFingerprint(Paths.get(fooCert.keyCertOptions().getCertPath()));
  fooServer = vertx
      .createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(fooCert.keyCertOptions()))
      .requestHandler(context -> context.response().end("OK"));
  startServer(fooServer);

  SelfSignedCertificate foobarCert = SelfSignedCertificate.create("foobar.com");
  foobarFingerprint = certificateHexFingerprint(Paths.get(foobarCert.keyCertOptions().getCertPath()));
  foobarServer = vertx
      .createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(foobarCert.keyCertOptions()))
      .requestHandler(context -> context.response().end("OK"));
  startServer(foobarServer);
}

Source File: AmqpConnectionIT.java From hono with Eclipse Public License 2.0

6 votes

/**
 * Verifies that the adapter rejects connection attempts from an unknown device for which auto-provisioning is
 * disabled.
 *
 * @param ctx The test context
 */
@Test
public void testConnectFailsIfAutoProvisioningIsDisabled(final VertxTestContext ctx) {
    final String tenantId = helper.getRandomTenantId();
    final SelfSignedCertificate deviceCert = SelfSignedCertificate.create(UUID.randomUUID().toString());

    // GIVEN a tenant configured with a trust anchor that does not allow auto-provisioning
    helper.getCertificate(deviceCert.certificatePath())
            .compose(cert -> {
                final var tenant = Tenants.createTenantForTrustAnchor(cert);
                tenant.getTrustedCertificateAuthorities().get(0).setAutoProvisioningEnabled(false);
                return helper.registry.addTenant(tenantId, tenant);
            })
            // WHEN a unknown device tries to connect to the adapter
            // using a client certificate with the trust anchor 
            // registered for the device's tenant
            .compose(ok -> connectToAdapter(deviceCert))
            .onComplete(ctx.failing(t -> {
                // THEN the connection is refused
                ctx.verify(() -> assertThat(t).isInstanceOf(SaslException.class));
                ctx.completeNow();
            }));
}

Source File: ServerTofaTest.java From cava with Apache License 2.0

6 votes

@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foobar.com " + DUMMY_FINGERPRINT));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.trustClientOnFirstAccess(knownClientsFile, false))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}

Source File: ServerRecordTest.java From cava with Apache License 2.0

6 votes

@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foobar.com " + DUMMY_FINGERPRINT));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.recordClientFingerprints(knownClientsFile, false))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}

Source File: AmqpAdapterTestBase.java From hono with Eclipse Public License 2.0

6 votes

/**
 * Connects to the AMQP protocol adapter using a client certificate.
 *
 * @param clientCertificate The certificate to use for authentication.
 * @return A succeeded future containing the established connection.
 */
protected Future<ProtonConnection> connectToAdapter(final SelfSignedCertificate clientCertificate) {

    final Promise<ProtonConnection> result = Promise.promise();
    final ProtonClient client = ProtonClient.create(VERTX);

    final ProtonClientOptions secureOptions = new ProtonClientOptions(defaultOptions);
    secureOptions.setKeyCertOptions(clientCertificate.keyCertOptions());
    secureOptions.addEnabledSaslMechanism(ProtonSaslExternalImpl.MECH_NAME);
    client.connect(
            secureOptions,
            IntegrationTestSupport.AMQP_HOST,
            IntegrationTestSupport.AMQPS_PORT,
            result);
    return result.future().compose(this::handleConnectAttempt);
}

Source File: ServerWhitelistTest.java From cava with Apache License 2.0

6 votes

@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foo.com " + fooFingerprint));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.whitelistClients(knownClientsFile, false))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}

Source File: ClientTofuTest.java From cava with Apache License 2.0

6 votes

@BeforeAll
static void startServers(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  SelfSignedCertificate caSignedCert = SelfSignedCertificate.create("localhost");
  SecurityTestUtils.configureJDKTrustStore(tempDir, caSignedCert);
  caValidFingerprint = certificateHexFingerprint(Paths.get(caSignedCert.keyCertOptions().getCertPath()));
  caValidServer = vertx
      .createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(caSignedCert.keyCertOptions()))
      .requestHandler(context -> context.response().end("OK"));
  startServer(caValidServer);

  SelfSignedCertificate fooCert = SelfSignedCertificate.create("foo.com");
  fooFingerprint = certificateHexFingerprint(Paths.get(fooCert.keyCertOptions().getCertPath()));
  fooServer = vertx
      .createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(fooCert.keyCertOptions()))
      .requestHandler(context -> context.response().end("OK"));
  startServer(fooServer);

  SelfSignedCertificate foobarCert = SelfSignedCertificate.create("foobar.com");
  foobarFingerprint = certificateHexFingerprint(Paths.get(foobarCert.keyCertOptions().getCertPath()));
  foobarServer = vertx
      .createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(foobarCert.keyCertOptions()))
      .requestHandler(context -> context.response().end("OK"));
  startServer(foobarServer);
}

Source File: ClientCaOrTofuTest.java From cava with Apache License 2.0

6 votes

@BeforeAll
static void startServers(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  SelfSignedCertificate caSignedCert = SelfSignedCertificate.create("localhost");
  SecurityTestUtils.configureJDKTrustStore(tempDir, caSignedCert);
  caValidFingerprint = certificateHexFingerprint(Paths.get(caSignedCert.keyCertOptions().getCertPath()));
  caValidServer = vertx
      .createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(caSignedCert.keyCertOptions()))
      .requestHandler(context -> context.response().end("OK"));
  startServer(caValidServer);

  SelfSignedCertificate fooCert = SelfSignedCertificate.create("foo.com");
  fooFingerprint = certificateHexFingerprint(Paths.get(fooCert.keyCertOptions().getCertPath()));
  fooServer = vertx
      .createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(fooCert.keyCertOptions()))
      .requestHandler(context -> context.response().end("OK"));
  startServer(fooServer);

  SelfSignedCertificate foobarCert = SelfSignedCertificate.create("foobar.com");
  foobarFingerprint = certificateHexFingerprint(Paths.get(foobarCert.keyCertOptions().getCertPath()));
  foobarServer = vertx
      .createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(foobarCert.keyCertOptions()))
      .requestHandler(context -> context.response().end("OK"));
  startServer(foobarServer);
}

Source File: ClientWhitelistTest.java From cava with Apache License 2.0

6 votes

@BeforeAll
static void startServers(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  SelfSignedCertificate caSignedCert = SelfSignedCertificate.create("localhost");
  caValidFingerprint = certificateHexFingerprint(Paths.get(caSignedCert.keyCertOptions().getCertPath()));
  SecurityTestUtils.configureJDKTrustStore(tempDir, caSignedCert);
  caValidServer = vertx
      .createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(caSignedCert.keyCertOptions()))
      .requestHandler(context -> context.response().end("OK"));
  startServer(caValidServer);

  SelfSignedCertificate fooCert = SelfSignedCertificate.create("foo.com");
  fooFingerprint = certificateHexFingerprint(Paths.get(fooCert.keyCertOptions().getCertPath()));
  fooServer = vertx
      .createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(fooCert.keyCertOptions()))
      .requestHandler(context -> context.response().end("OK"));
  startServer(fooServer);

  SelfSignedCertificate barCert = SelfSignedCertificate.create("bar.com");
  barFingerprint = certificateHexFingerprint(Paths.get(barCert.keyCertOptions().getCertPath()));
  barServer = vertx
      .createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(barCert.keyCertOptions()))
      .requestHandler(context -> context.response().end("OK"));
  startServer(barServer);
}

Source File: ClientCaOrWhitelistTest.java From cava with Apache License 2.0

6 votes

@BeforeAll
static void startServers(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  SelfSignedCertificate caSignedCert = SelfSignedCertificate.create("localhost");
  SecurityTestUtils.configureJDKTrustStore(tempDir, caSignedCert);
  caValidServer = vertx
      .createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(caSignedCert.keyCertOptions()))
      .requestHandler(context -> context.response().end("OK"));
  startServer(caValidServer);

  SelfSignedCertificate fooCert = SelfSignedCertificate.create("foo.com");
  fooFingerprint = certificateHexFingerprint(Paths.get(fooCert.keyCertOptions().getCertPath()));
  fooServer = vertx
      .createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(fooCert.keyCertOptions()))
      .requestHandler(context -> context.response().end("OK"));
  startServer(fooServer);

  SelfSignedCertificate barCert = SelfSignedCertificate.create("bar.com");
  barFingerprint = certificateHexFingerprint(Paths.get(barCert.keyCertOptions().getCertPath()));
  barServer = vertx
      .createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(barCert.keyCertOptions()))
      .requestHandler(context -> context.response().end("OK"));
  startServer(barServer);
}

Source File: HttpTestBase.java From hono with Eclipse Public License 2.0

6 votes

/**
 * Sets up the fixture.
 *
 * @param testInfo Meta info about the test being run.
 */
@BeforeEach
public void setUp(final TestInfo testInfo) {

    testStartTimeMillis = System.currentTimeMillis();
    logger.info("running {}", testInfo.getDisplayName());
    logger.info("using HTTP adapter [host: {}, http port: {}, https port: {}]",
            IntegrationTestSupport.HTTP_HOST,
            IntegrationTestSupport.HTTP_PORT,
            IntegrationTestSupport.HTTPS_PORT);

    deviceCert = SelfSignedCertificate.create(UUID.randomUUID().toString());
    httpClient = new CrudHttpClient(VERTX, new HttpClientOptions(defaultOptions));
    httpClientWithClientCert = new CrudHttpClient(VERTX, new HttpClientOptions(defaultOptions)
            .setKeyCertOptions(deviceCert.keyCertOptions()));

    tenantId = helper.getRandomTenantId();
    deviceId = helper.getRandomDeviceId(tenantId);
    authorization = getBasicAuth(tenantId, deviceId, PWD);
}

Source File: ServerCaOrRecordTest.java From cava with Apache License 2.0

6 votes

@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foobar.com " + DUMMY_FINGERPRINT));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.recordClientFingerprints(knownClientsFile))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}

Source File: SecurityTestUtils.java From cava with Apache License 2.0

6 votes

static void configureJDKTrustStore(Path workDir, SelfSignedCertificate clientCert) throws Exception {
  KeyStore ks = KeyStore.getInstance("JKS");
  ks.load(null, null);

  KeyFactory kf = KeyFactory.getInstance("RSA");
  PKCS8EncodedKeySpec keysp = new PKCS8EncodedKeySpec(readPemFile(new File(clientCert.privateKeyPath()).toPath()));
  PrivateKey clientPrivateKey = kf.generatePrivate(keysp);
  CertificateFactory cf = CertificateFactory.getInstance("X.509");
  Certificate certificate = cf.generateCertificate(
      new ByteArrayInputStream(Files.readAllBytes(new File(clientCert.certificatePath()).toPath())));
  ks.setCertificateEntry("clientCert", certificate);
  ks.setKeyEntry("client", clientPrivateKey, "changeit".toCharArray(), new Certificate[] {certificate});
  Path tempKeystore = Files.createTempFile(workDir, "keystore", ".jks");
  try (FileOutputStream output = new FileOutputStream(tempKeystore.toFile());) {
    ks.store(output, "changeit".toCharArray());
  }
  System.setProperty("javax.net.ssl.trustStore", tempKeystore.toString());
  System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
}

Source File: ServerCaOrTofaTest.java From cava with Apache License 2.0

6 votes

@BeforeEach
void startServer(@TempDirectory Path tempDir, @VertxInstance Vertx vertx) throws Exception {
  knownClientsFile = tempDir.resolve("known-clients.txt");
  Files.write(knownClientsFile, Arrays.asList("#First line", "foobar.com " + DUMMY_FINGERPRINT));

  SelfSignedCertificate serverCert = SelfSignedCertificate.create();
  HttpServerOptions options = new HttpServerOptions();
  options
      .setSsl(true)
      .setClientAuth(ClientAuth.REQUIRED)
      .setPemKeyCertOptions(serverCert.keyCertOptions())
      .setTrustOptions(VertxTrustOptions.trustClientOnFirstAccess(knownClientsFile))
      .setIdleTimeout(1500)
      .setReuseAddress(true)
      .setReusePort(true);
  httpServer = vertx.createHttpServer(options);
  SecurityTestUtils.configureAndStartTestServer(httpServer);
}

Source File: CAOrTofuSecurityTest.java From orion with Apache License 2.0

6 votes

@BeforeAll
static void setUp(@TempDirectory final Path tempDir) throws Exception {
  final SelfSignedCertificate serverCertificate = SelfSignedCertificate.create("localhost");
  config = generateAndLoadConfiguration(tempDir, writer -> {
    writer.write("tlsservertrust='" + TRUST_MODE + "'\n");
    writer.write("clientconnectiontls='strict'\n");
    writer.write("clientconnectiontlsservertrust='" + TRUST_MODE + "'\n");
    writeServerCertToConfig(writer, serverCertificate);
    writeClientConnectionServerCertToConfig(writer, serverCertificate);
  });

  final SelfSignedCertificate nonCAClientCertificate = SelfSignedCertificate.create("example.com");
  exampleComFingerprint = certificateHexFingerprint(Paths.get(nonCAClientCertificate.keyCertOptions().getCertPath()));
  nonCAhttpClient = vertx.createHttpClient(
      new HttpClientOptions().setSsl(true).setTrustAll(true).setKeyCertOptions(
          nonCAClientCertificate.keyCertOptions()));

  final SelfSignedCertificate clientCert = SelfSignedCertificate.create("other.com");
  configureJDKTrustStore(clientCert, tempDir);
  httpClient = vertx.createHttpClient(
      new HttpClientOptions().setSsl(true).setTrustAll(true).setKeyCertOptions(clientCert.keyCertOptions()));

  orion = new Orion(vertx);
  orion.run(config, false);
}

Source File: InsecureSecurityTest.java From orion with Apache License 2.0

6 votes

@BeforeAll
static void setUp(@TempDirectory final Path tempDir) throws Exception {
  final SelfSignedCertificate serverCertificate = SelfSignedCertificate.create("localhost");
  config = generateAndLoadConfiguration(tempDir, writer -> {
    writer.write("tlsservertrust='" + TRUST_MODE + "'\n");
    writer.write("clientconnectiontls='strict'\n");
    writer.write("clientconnectiontlsservertrust='" + TRUST_MODE + "'\n");
    writeServerCertToConfig(writer, serverCertificate);
    writeClientConnectionServerCertToConfig(writer, serverCertificate);
  });

  configureJDKTrustStore(serverCertificate, tempDir);

  final SelfSignedCertificate clientCertificate = SelfSignedCertificate.create("example.com");
  exampleComFingerprint = certificateHexFingerprint(Paths.get(clientCertificate.keyCertOptions().getCertPath()));
  httpClient = vertx
      .createHttpClient(new HttpClientOptions().setSsl(true).setKeyCertOptions(clientCertificate.keyCertOptions()));

  orion = new Orion(vertx);
  orion.run(config, false);
}

Source File: TofuNodeClientTest.java From orion with Apache License 2.0

6 votes

@BeforeEach
void setUp() throws Exception {
  final SelfSignedCertificate serverCert = SelfSignedCertificate.create("foo.com");
  fooFingerprint = certificateHexFingerprint(Paths.get(serverCert.keyCertOptions().getCertPath()));
  Files.write(knownServersFile, Collections.singletonList("#First line"));

  final Router dummyRouter = Router.router(vertx);
  final ReadOnlyNetworkNodes payload =
      new ReadOnlyNetworkNodes(URI.create("http://www.example.com"), Collections.emptyMap());
  dummyRouter.post("/partyinfo").handler(routingContext -> {
    routingContext.response().end(Buffer.buffer(Serializer.serialize(HttpContentType.CBOR, payload)));
  });
  client = NodeHttpClientBuilder.build(vertx, config, 100);
  tofuServer = vertx
      .createHttpServer(new HttpServerOptions().setSsl(true).setPemKeyCertOptions(serverCert.keyCertOptions()))
      .requestHandler(dummyRouter::accept);
  startServer(tofuServer);
}

Source File: TestUtils.java From orion with Apache License 2.0

6 votes

public static void configureJDKTrustStore(final SelfSignedCertificate clientCert, final Path tempDir)
    throws Exception {
  final KeyStore ks = KeyStore.getInstance("JKS");
  ks.load(null, null);

  final KeyFactory kf = KeyFactory.getInstance("RSA");
  final PKCS8EncodedKeySpec keysp = new PKCS8EncodedKeySpec(readPemFile(Paths.get(clientCert.privateKeyPath())));
  final PrivateKey clientPrivateKey = kf.generatePrivate(keysp);
  final CertificateFactory cf = CertificateFactory.getInstance("X.509");
  final Certificate certificate = cf.generateCertificate(
      new ByteArrayInputStream(Files.readAllBytes(new File(clientCert.certificatePath()).toPath())));
  ks.setCertificateEntry("clientCert", certificate);
  ks.setKeyEntry("client", clientPrivateKey, "changeit".toCharArray(), new Certificate[] {certificate});
  final Path tempKeystore = tempDir.resolve("keystore.jks");
  try (final FileOutputStream output = new FileOutputStream(tempKeystore.toFile())) {
    ks.store(output, "changeit".toCharArray());
  }
  System.setProperty("javax.net.ssl.trustStore", tempKeystore.toString());
  System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
}

Source File: CertificateAuthoritySecurityTest.java From orion with Apache License 2.0

6 votes

@BeforeAll
static void setUp(@TempDirectory final Path tempDir) throws Exception {
  final SelfSignedCertificate serverCertificate = SelfSignedCertificate.create("localhost");
  config = generateAndLoadConfiguration(tempDir, writer -> {
    writer.write("tlsservertrust='" + TRUST_MODE + "'\n");
    writer.write("clientconnectiontls='strict'\n");
    writer.write("clientconnectiontlsservertrust='" + TRUST_MODE + "'\n");
    writeServerCertToConfig(writer, serverCertificate);
    writeClientConnectionServerCertToConfig(writer, serverCertificate);
  });

  final SelfSignedCertificate clientCert = SelfSignedCertificate.create("example.com");
  TestUtils.configureJDKTrustStore(clientCert, tempDir);
  httpClient = vertx.createHttpClient(
      new HttpClientOptions().setSsl(true).setTrustAll(true).setKeyCertOptions(clientCert.keyCertOptions()));

  orion = new Orion(vertx);
  orion.run(config, false);
}

io.vertx.core.net.SelfSignedCertificate Java Examples