@Test public void testSNISubjectAltenativeNameCNMatch2PKCS12() throws Exception { X509Certificate cert = testTLS(Cert.NONE, Trust.SNI_JKS_HOST5, Cert.SNI_PKCS12, Trust.NONE) .serverSni() .clientVerifyHost(false) .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("host5.com")) .pass() .clientPeerCert(); assertEquals("host5.com", TestUtils.cnOf(cert)); }
@Test public void testSNISubjectAlternativeNameMatch1PKCS12() throws Exception { X509Certificate cert = testTLS(Cert.NONE, Trust.SNI_JKS_HOST4, Cert.SNI_PKCS12, Trust.NONE) .serverSni() .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("host4.com")) .pass() .clientPeerCert(); assertEquals("host4.com certificate", TestUtils.cnOf(cert)); }
@Test public void testSNISubjectAltenativeNameCNMatch2() throws Exception { X509Certificate cert = testTLS(Cert.NONE, Trust.SNI_JKS_HOST5, Cert.SNI_JKS, Trust.NONE) .serverSni() .clientVerifyHost(false) .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("host5.com")) .pass() .clientPeerCert(); assertEquals("host5.com", TestUtils.cnOf(cert)); }
@Test public void testSNISubjectAltenativeNameCNMatch1PEM() throws Exception { testTLS(Cert.NONE, Trust.SNI_JKS_HOST5, Cert.SNI_PEM, Trust.NONE) .serverSni() .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("host5.com")) .fail() .clientPeerCert(); }
@Test public void testSNISubjectAlternativeNameWildcardMatch() throws Exception { X509Certificate cert = testTLS(Cert.NONE, Trust.SNI_JKS_HOST5, Cert.SNI_JKS, Trust.NONE) .serverSni() .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("www.host5.com")) .pass() .clientPeerCert(); assertEquals("host5.com", TestUtils.cnOf(cert)); }
@Test public void testSNISubjectAlternativeNameMatch1PEM() throws Exception { X509Certificate cert = testTLS(Cert.NONE, Trust.SNI_JKS_HOST4, Cert.SNI_PEM, Trust.NONE) .serverSni() .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("host4.com")) .pass() .clientPeerCert(); assertEquals("host4.com certificate", TestUtils.cnOf(cert)); }
@Test // Client provides SNI and server responds with a matching certificate for the indicated server name public void testSNITrustPEM() throws Exception { X509Certificate cert = testTLS(Cert.NONE, Trust.SNI_JKS_HOST2, Cert.SNI_PEM, Trust.NONE) .serverSni() .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("host2.com")) .pass() .clientPeerCert(); assertEquals("host2.com", TestUtils.cnOf(cert)); }
private void testProxyWithSNI(ProxyType proxyType) throws Exception { startProxy(null, proxyType); X509Certificate cert = testTLS(Cert.NONE, Trust.SNI_JKS_HOST2, Cert.SNI_JKS, Trust.NONE) .serverSni() .useProxy(proxyType) .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("host2.com")) .pass() .clientPeerCert(); assertNotNull("connection didn't access the proxy", proxy.getLastUri()); assertEquals("hostname resolved but it shouldn't be", "host2.com:4043", proxy.getLastUri()); assertEquals("host2.com", TestUtils.cnOf(cert)); }
@Test public void testSNISubjectAltenativeNameCNMatch1PKCS12() throws Exception { testTLS(Cert.NONE, Trust.SNI_JKS_HOST5, Cert.SNI_PKCS12, Trust.NONE) .serverSni() .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("host5.com")) .fail() .clientPeerCert(); }
@Test public void testSNISubjectAltenativeNameCNMatch1() throws Exception { testTLS(Cert.NONE, Trust.SNI_JKS_HOST5, Cert.SNI_JKS, Trust.NONE) .serverSni() .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("host5.com")) .fail() .clientPeerCert(); }
@Test public void testSNISubjectAlternativeNameWildcardMatchPEM() throws Exception { X509Certificate cert = testTLS(Cert.NONE, Trust.SNI_JKS_HOST5, Cert.SNI_PEM, Trust.NONE) .serverSni() .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("www.host5.com")) .pass() .clientPeerCert(); assertEquals("host5.com", TestUtils.cnOf(cert)); }
@Test public void testSNISubjectAlternativeNameWildcardMatchPKCS12() throws Exception { X509Certificate cert = testTLS(Cert.NONE, Trust.SNI_JKS_HOST5, Cert.SNI_PKCS12, Trust.NONE) .serverSni() .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("www.host5.com")) .pass() .clientPeerCert(); assertEquals("host5.com", TestUtils.cnOf(cert)); }
@Test // Client provides SNI and server responds with a matching certificate for the indicated server name public void testSNITrustPKCS12() throws Exception { X509Certificate cert = testTLS(Cert.NONE, Trust.SNI_JKS_HOST2, Cert.SNI_PKCS12, Trust.NONE) .serverSni() .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("host2.com")) .pass() .clientPeerCert(); assertEquals("host2.com", TestUtils.cnOf(cert)); }
@Test public void testSNIWithOpenSSL() throws Exception { X509Certificate cert = testTLS(Cert.NONE, Trust.SNI_JKS_HOST2, Cert.SNI_JKS, Trust.NONE) .clientOpenSSL() .serverOpenSSL() .serverSni() .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("host2.com")) .pass() .clientPeerCert(); assertEquals("host2.com", TestUtils.cnOf(cert)); }
@Test public void testSNIWithALPN() throws Exception { X509Certificate cert = testTLS(Cert.NONE, Trust.SNI_JKS_HOST2, Cert.SNI_JKS, Trust.NONE) .serverSni() .clientUsesAlpn() .serverUsesAlpn() .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("host2.com")) .pass() .clientPeerCert(); assertEquals("host2.com", TestUtils.cnOf(cert)); }
@Test public void testSNISubjectAlternativeNameMatch2() throws Exception { X509Certificate cert = testTLS(Cert.NONE, Trust.SNI_JKS_HOST4, Cert.SNI_JKS, Trust.NONE) .serverSni() .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("www.host4.com")) .pass() .clientPeerCert(); assertEquals("host4.com certificate", TestUtils.cnOf(cert)); }
@Test public void testSNISubjectAlternativeNameMatch1() throws Exception { X509Certificate cert = testTLS(Cert.NONE, Trust.SNI_JKS_HOST4, Cert.SNI_JKS, Trust.NONE) .serverSni() .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("host4.com")) .pass() .clientPeerCert(); assertEquals("host4.com certificate", TestUtils.cnOf(cert)); }
@Test public void testSNISubjectAlternativeNameMatch2PEM() throws Exception { X509Certificate cert = testTLS(Cert.NONE, Trust.SNI_JKS_HOST4, Cert.SNI_PEM, Trust.NONE) .serverSni() .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("www.host4.com")) .pass() .clientPeerCert(); assertEquals("host4.com certificate", TestUtils.cnOf(cert)); }
@Test public void testSNISubjectAlternativeNameMatch2PKCS12() throws Exception { X509Certificate cert = testTLS(Cert.NONE, Trust.SNI_JKS_HOST4, Cert.SNI_PKCS12, Trust.NONE) .serverSni() .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("www.host4.com")) .pass() .clientPeerCert(); assertEquals("host4.com certificate", TestUtils.cnOf(cert)); }
@Test // Client provides SNI unknown to the server and server responds with the default certificate (first) public void testSNIUnknownServerName2() throws Exception { TLSTest test = testTLS(Cert.NONE, Trust.SERVER_JKS, Cert.SNI_JKS, Trust.NONE) .serverSni() .clientVerifyHost(false) .requestOptions(new RequestOptions().setSsl(true).setPort(4043).setHost("unknown.com")) .pass(); assertEquals("localhost", TestUtils.cnOf(test.clientPeerCert())); assertEquals("unknown.com", test.indicatedServerName); }