Java tutorial
/* * * Copyright 2013 Netflix, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * */ package com.netflix.niws.client.http; import com.netflix.client.ClientFactory; import com.netflix.client.config.CommonClientConfigKey; import com.netflix.client.http.HttpRequest; import com.netflix.client.http.HttpResponse; import com.netflix.client.testutil.SimpleSSLTestServer; import com.netflix.config.ConfigurationManager; import com.sun.jersey.core.util.Base64; import org.apache.commons.configuration.AbstractConfiguration; import org.junit.*; import javax.net.ssl.SSLPeerUnverifiedException; import java.io.File; import java.io.FileOutputStream; import java.net.URI; import java.util.Random; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; /** * * Test that the AcceptAllSocketFactory works against a dumbed down TLS server, except when it shouldn't... * * @author jzarfoss * */ public class SecureAcceptAllGetTest { private static int TEST_PORT; private static String TEST_SERVICE_URI; private static File TEST_FILE_KS; private static File TEST_FILE_TS; private static SimpleSSLTestServer TEST_SERVER; @BeforeClass public static void init() throws Exception { // setup server 1, will use first keystore/truststore with client auth TEST_PORT = new Random().nextInt(1000) + 4000; TEST_SERVICE_URI = "https://127.0.0.1:" + TEST_PORT + "/"; // jks format byte[] sampleTruststore1 = Base64.decode(SecureGetTest.TEST_TS1); byte[] sampleKeystore1 = Base64.decode(SecureGetTest.TEST_KS1); TEST_FILE_KS = File.createTempFile("SecureAcceptAllGetTest", ".keystore"); TEST_FILE_TS = File.createTempFile("SecureAcceptAllGetTest", ".truststore"); FileOutputStream keystoreFileOut = new FileOutputStream(TEST_FILE_KS); try { keystoreFileOut.write(sampleKeystore1); } finally { keystoreFileOut.close(); } FileOutputStream truststoreFileOut = new FileOutputStream(TEST_FILE_TS); try { truststoreFileOut.write(sampleTruststore1); } finally { truststoreFileOut.close(); } try { TEST_SERVER = new SimpleSSLTestServer(TEST_FILE_TS, SecureGetTest.PASSWORD, TEST_FILE_KS, SecureGetTest.PASSWORD, TEST_PORT, false); } catch (Exception e) { e.printStackTrace(); fail(e.getMessage()); } } @AfterClass public static void shutDown() { try { TEST_SERVER.close(); } catch (Exception e) { e.printStackTrace(); } } @Test public void testPositiveAcceptAllSSLSocketFactory() throws Exception { // test connection succeeds connecting to a random SSL endpoint with allow all SSL factory AbstractConfiguration cm = ConfigurationManager.getConfigInstance(); String name = "GetPostSecureTest" + ".testPositiveAcceptAllSSLSocketFactory"; String configPrefix = name + "." + "ribbon"; cm.setProperty(configPrefix + "." + CommonClientConfigKey.CustomSSLSocketFactoryClassName, "com.netflix.http4.ssl.AcceptAllSocketFactory"); RestClient rc = (RestClient) ClientFactory.getNamedClient(name); TEST_SERVER.accept(); URI getUri = new URI(TEST_SERVICE_URI + "test/"); HttpRequest request = HttpRequest.newBuilder().uri(getUri).queryParams("name", "test").build(); HttpResponse response = rc.execute(request); assertEquals(200, response.getStatus()); } @Test public void testNegativeAcceptAllSSLSocketFactoryCannotWorkWithTrustStore() throws Exception { // test config exception happens before we even try to connect to anything AbstractConfiguration cm = ConfigurationManager.getConfigInstance(); String name = "GetPostSecureTest" + ".testNegativeAcceptAllSSLSocketFactoryCannotWorkWithTrustStore"; String configPrefix = name + "." + "ribbon"; cm.setProperty(configPrefix + "." + CommonClientConfigKey.CustomSSLSocketFactoryClassName, "com.netflix.http4.ssl.AcceptAllSocketFactory"); cm.setProperty(configPrefix + "." + CommonClientConfigKey.TrustStore, TEST_FILE_TS.getAbsolutePath()); cm.setProperty(configPrefix + "." + CommonClientConfigKey.TrustStorePassword, SecureGetTest.PASSWORD); boolean foundCause = false; try { ClientFactory.getNamedClient(name); } catch (Throwable t) { while (t != null && !foundCause) { if (t instanceof IllegalArgumentException && t.getMessage() .startsWith("Invalid value associated with property:CustomSSLSocketFactoryClassName")) { foundCause = true; break; } t = t.getCause(); } } assertTrue(foundCause); } @Test public void testNegativeAcceptAllSSLSocketFactory() throws Exception { // test exception is thrown connecting to a random SSL endpoint without explicitly setting factory to allow all String name = "GetPostSecureTest" + ".testNegativeAcceptAllSSLSocketFactory"; // don't set any interesting properties -- really we're just setting the defaults RestClient rc = (RestClient) ClientFactory.getNamedClient(name); TEST_SERVER.accept(); URI getUri = new URI(TEST_SERVICE_URI + "test/"); HttpRequest request = HttpRequest.newBuilder().uri(getUri).queryParams("name", "test").build(); boolean foundCause = false; try { rc.execute(request); } catch (Throwable t) { while (t != null && !foundCause) { if (t instanceof SSLPeerUnverifiedException && t.getMessage().startsWith("peer not authenticated")) { foundCause = true; break; } t = t.getCause(); } } assertTrue(foundCause); } }