com.netflix.niws.client.http.SecureAcceptAllGetTest.java Source code

Java tutorial

Introduction

Here is the source code for com.netflix.niws.client.http.SecureAcceptAllGetTest.java

Source

/*
*
* Copyright 2013 Netflix, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package com.netflix.niws.client.http;

import com.netflix.client.ClientFactory;
import com.netflix.client.config.CommonClientConfigKey;
import com.netflix.client.http.HttpRequest;
import com.netflix.client.http.HttpResponse;
import com.netflix.client.testutil.SimpleSSLTestServer;
import com.netflix.config.ConfigurationManager;
import com.sun.jersey.core.util.Base64;
import org.apache.commons.configuration.AbstractConfiguration;
import org.junit.*;

import javax.net.ssl.SSLPeerUnverifiedException;
import java.io.File;
import java.io.FileOutputStream;

import java.net.URI;
import java.util.Random;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;

/**
 *
 * Test that the AcceptAllSocketFactory works against a dumbed down TLS server, except when it shouldn't...
 *
 * @author jzarfoss
 *
 */
public class SecureAcceptAllGetTest {

    private static int TEST_PORT;
    private static String TEST_SERVICE_URI;

    private static File TEST_FILE_KS;
    private static File TEST_FILE_TS;

    private static SimpleSSLTestServer TEST_SERVER;

    @BeforeClass
    public static void init() throws Exception {

        // setup server 1, will use first keystore/truststore with client auth
        TEST_PORT = new Random().nextInt(1000) + 4000;
        TEST_SERVICE_URI = "https://127.0.0.1:" + TEST_PORT + "/";

        // jks format
        byte[] sampleTruststore1 = Base64.decode(SecureGetTest.TEST_TS1);
        byte[] sampleKeystore1 = Base64.decode(SecureGetTest.TEST_KS1);

        TEST_FILE_KS = File.createTempFile("SecureAcceptAllGetTest", ".keystore");
        TEST_FILE_TS = File.createTempFile("SecureAcceptAllGetTest", ".truststore");

        FileOutputStream keystoreFileOut = new FileOutputStream(TEST_FILE_KS);
        try {
            keystoreFileOut.write(sampleKeystore1);
        } finally {
            keystoreFileOut.close();
        }

        FileOutputStream truststoreFileOut = new FileOutputStream(TEST_FILE_TS);
        try {
            truststoreFileOut.write(sampleTruststore1);
        } finally {
            truststoreFileOut.close();
        }

        try {
            TEST_SERVER = new SimpleSSLTestServer(TEST_FILE_TS, SecureGetTest.PASSWORD, TEST_FILE_KS,
                    SecureGetTest.PASSWORD, TEST_PORT, false);
        } catch (Exception e) {
            e.printStackTrace();
            fail(e.getMessage());
        }

    }

    @AfterClass
    public static void shutDown() {

        try {
            TEST_SERVER.close();
        } catch (Exception e) {
            e.printStackTrace();
        }

    }

    @Test
    public void testPositiveAcceptAllSSLSocketFactory() throws Exception {

        // test connection succeeds connecting to a random SSL endpoint with allow all SSL factory

        AbstractConfiguration cm = ConfigurationManager.getConfigInstance();

        String name = "GetPostSecureTest" + ".testPositiveAcceptAllSSLSocketFactory";

        String configPrefix = name + "." + "ribbon";

        cm.setProperty(configPrefix + "." + CommonClientConfigKey.CustomSSLSocketFactoryClassName,
                "com.netflix.http4.ssl.AcceptAllSocketFactory");

        RestClient rc = (RestClient) ClientFactory.getNamedClient(name);

        TEST_SERVER.accept();

        URI getUri = new URI(TEST_SERVICE_URI + "test/");
        HttpRequest request = HttpRequest.newBuilder().uri(getUri).queryParams("name", "test").build();
        HttpResponse response = rc.execute(request);
        assertEquals(200, response.getStatus());
    }

    @Test
    public void testNegativeAcceptAllSSLSocketFactoryCannotWorkWithTrustStore() throws Exception {

        // test config exception happens before we even try to connect to anything

        AbstractConfiguration cm = ConfigurationManager.getConfigInstance();

        String name = "GetPostSecureTest" + ".testNegativeAcceptAllSSLSocketFactoryCannotWorkWithTrustStore";

        String configPrefix = name + "." + "ribbon";

        cm.setProperty(configPrefix + "." + CommonClientConfigKey.CustomSSLSocketFactoryClassName,
                "com.netflix.http4.ssl.AcceptAllSocketFactory");
        cm.setProperty(configPrefix + "." + CommonClientConfigKey.TrustStore, TEST_FILE_TS.getAbsolutePath());
        cm.setProperty(configPrefix + "." + CommonClientConfigKey.TrustStorePassword, SecureGetTest.PASSWORD);

        boolean foundCause = false;

        try {

            ClientFactory.getNamedClient(name);

        } catch (Throwable t) {

            while (t != null && !foundCause) {

                if (t instanceof IllegalArgumentException && t.getMessage()
                        .startsWith("Invalid value associated with property:CustomSSLSocketFactoryClassName")) {
                    foundCause = true;
                    break;
                }

                t = t.getCause();
            }
        }

        assertTrue(foundCause);

    }

    @Test
    public void testNegativeAcceptAllSSLSocketFactory() throws Exception {

        // test exception is thrown connecting to a random SSL endpoint without explicitly setting factory to allow all

        String name = "GetPostSecureTest" + ".testNegativeAcceptAllSSLSocketFactory";

        // don't set any interesting properties -- really we're just setting the defaults

        RestClient rc = (RestClient) ClientFactory.getNamedClient(name);

        TEST_SERVER.accept();

        URI getUri = new URI(TEST_SERVICE_URI + "test/");
        HttpRequest request = HttpRequest.newBuilder().uri(getUri).queryParams("name", "test").build();

        boolean foundCause = false;

        try {

            rc.execute(request);

        } catch (Throwable t) {

            while (t != null && !foundCause) {

                if (t instanceof SSLPeerUnverifiedException
                        && t.getMessage().startsWith("peer not authenticated")) {
                    foundCause = true;
                    break;
                }

                t = t.getCause();
            }
        }

        assertTrue(foundCause);

    }

}