static void fromJson(Iterable<java.util.Map.Entry<String, Object>> json, PfxOptions obj) { for (java.util.Map.Entry<String, Object> member : json) { switch (member.getKey()) { case "password": if (member.getValue() instanceof String) { obj.setPassword((String)member.getValue()); } break; case "path": if (member.getValue() instanceof String) { obj.setPath((String)member.getValue()); } break; case "value": if (member.getValue() instanceof String) { obj.setValue(io.vertx.core.buffer.Buffer.buffer(java.util.Base64.getDecoder().decode((String)member.getValue()))); } break; } } }
@Test public void testPKCS12InvalidPath() { testInvalidKeyStore(Cert.SERVER_PKCS12.get().setPath("/invalid.p12"), "java.nio.file.NoSuchFileException: ", "invalid.p12"); }
@Test public void testPKCS12Value() throws Exception { PfxOptions options = Cert.SERVER_PKCS12.get(); Buffer store = vertx.fileSystem().readFileBlocking(options.getPath()); options.setPath(null).setValue(store); testKeyStore(options); }
@Test public void testPKCS12Options() throws Exception { PfxOptions options = new PfxOptions(); assertNull(options.getPath()); String randString = TestUtils.randomAlphaString(100); assertEquals(options, options.setPath(randString)); assertEquals(randString, options.getPath()); assertNull(options.getPassword()); randString = TestUtils.randomAlphaString(100); assertEquals(options, options.setPassword(randString)); assertEquals(randString, options.getPassword()); }
@Test public void testCopyPKCS12Options() throws Exception { PfxOptions options = new PfxOptions(); String password = TestUtils.randomAlphaString(100); String path = TestUtils.randomAlphaString(100); Buffer value = Buffer.buffer(TestUtils.randomAlphaString(100)); options.setPassword(password); options.setPath(path); options.setValue(value); options = new PfxOptions(options); assertEquals(password, options.getPassword()); assertEquals(path, options.getPath()); assertEquals(value, options.getValue()); options = new PfxOptions(options.toJson()); assertEquals(password, options.getPassword()); assertEquals(path, options.getPath()); assertEquals(value, options.getValue()); }
static void fromJson(Iterable<java.util.Map.Entry<String, Object>> json, PfxOptions obj) { for (java.util.Map.Entry<String, Object> member : json) { switch (member.getKey()) { case "password": if (member.getValue() instanceof String) { obj.setPassword((String)member.getValue()); } break; case "path": if (member.getValue() instanceof String) { obj.setPath((String)member.getValue()); } break; case "value": if (member.getValue() instanceof String) { obj.setValue(io.vertx.core.buffer.Buffer.buffer(java.util.Base64.getDecoder().decode((String)member.getValue()))); } break; } } }
@Test public void testPKCS12InvalidPath() { testInvalidKeyStore(Cert.SERVER_PKCS12.get().setPath("/invalid.p12"), "java.nio.file.NoSuchFileException: ", "invalid.p12"); }
if (STORE_PKCS12.equalsIgnoreCase(sslOption.getKeyStoreType())) { PfxOptions keyPfxOptions = new PfxOptions(); keyPfxOptions.setPath(sslCustom.getFullPath(sslOption.getKeyStore())); keyPfxOptions.setPassword(new String(sslCustom.decode(sslOption.getKeyStoreValue().toCharArray()))); tcpClientOptions.setPfxKeyCertOptions(keyPfxOptions); if (STORE_PKCS12.equalsIgnoreCase(sslOption.getTrustStoreType())) { PfxOptions trustPfxOptions = new PfxOptions(); trustPfxOptions.setPath(sslCustom.getFullPath(sslOption.getTrustStore())); trustPfxOptions .setPassword(new String(sslCustom.decode(sslOption.getTrustStoreValue().toCharArray())));
@Test public void testPKCS12Value() throws Exception { PfxOptions options = Cert.SERVER_PKCS12.get(); Buffer store = vertx.fileSystem().readFileBlocking(options.getPath()); options.setPath(null).setValue(store); testKeyStore(options); }
pfxOptions.setPassword(pkcs12TrustStore.getPassword()); if (pkcs12TrustStore.getPath() != null && !pkcs12TrustStore.getPath().isEmpty()) { pfxOptions.setPath(pkcs12TrustStore.getPath()); } else { pfxOptions.setValue(io.vertx.core.buffer.Buffer.buffer(pkcs12TrustStore.getContent())); pfxOptions.setPassword(pkcs12KeyStore.getPassword()); if (pkcs12KeyStore.getPath() != null && !pkcs12KeyStore.getPath().isEmpty()) { pfxOptions.setPath(pkcs12KeyStore.getPath()); } else if (pkcs12KeyStore.getContent() != null && !pkcs12KeyStore.getContent().isEmpty()) { pfxOptions.setValue(io.vertx.core.buffer.Buffer.buffer(pkcs12KeyStore.getContent()));
pfxOptions.setPassword(pkcs12TrustStore.getPassword()); if (pkcs12TrustStore.getPath() != null && !pkcs12TrustStore.getPath().isEmpty()) { pfxOptions.setPath(pkcs12TrustStore.getPath()); } else { pfxOptions.setValue(io.vertx.core.buffer.Buffer.buffer(pkcs12TrustStore.getContent())); pfxOptions.setPassword(pkcs12KeyStore.getPassword()); if (pkcs12KeyStore.getPath() != null && !pkcs12KeyStore.getPath().isEmpty()) { pfxOptions.setPath(pkcs12KeyStore.getPath()); } else if (pkcs12KeyStore.getContent() != null && !pkcs12KeyStore.getContent().isEmpty()) { pfxOptions.setValue(io.vertx.core.buffer.Buffer.buffer(pkcs12KeyStore.getContent()));
@Test public void testPKCS12Options() throws Exception { PfxOptions options = new PfxOptions(); assertNull(options.getPath()); String randString = TestUtils.randomAlphaString(100); assertEquals(options, options.setPath(randString)); assertEquals(randString, options.getPath()); assertNull(options.getPassword()); randString = TestUtils.randomAlphaString(100); assertEquals(options, options.setPassword(randString)); assertEquals(randString, options.getPassword()); }
@Test public void testCopyPKCS12Options() throws Exception { PfxOptions options = new PfxOptions(); String password = TestUtils.randomAlphaString(100); String path = TestUtils.randomAlphaString(100); Buffer value = Buffer.buffer(TestUtils.randomAlphaString(100)); options.setPassword(password); options.setPath(path); options.setValue(value); options = new PfxOptions(options); assertEquals(password, options.getPassword()); assertEquals(path, options.getPath()); assertEquals(value, options.getValue()); options = new PfxOptions(options.toJson()); assertEquals(password, options.getPassword()); assertEquals(path, options.getPath()); assertEquals(value, options.getValue()); }
private void initializeTLSParameters(NetClientOptions options) { String keyStoreType = System.getProperty(JAVAX_NET_SSL_KEYSTORE_TYPE, KeyStore.getDefaultType()); if ("JKS".equalsIgnoreCase(keyStoreType)) { options.setKeyStoreOptions(new JksOptions() .setPath(System.getProperty(JAVAX_NET_SSL_KEYSTORE)) .setPassword(System.getProperty(JAVAX_NET_SSL_KEYSTORE_PASSWORD))); } else { options.setPfxKeyCertOptions(new PfxOptions() .setPath(System.getProperty(JAVAX_NET_SSL_KEYSTORE)) .setPassword(System.getProperty(JAVAX_NET_SSL_KEYSTORE_PASSWORD))); } String trustStoreType = System.getProperty(JAVAX_NET_SSL_TRUSTSTORE_TYPE, KeyStore.getDefaultType()); if ("JKS".equalsIgnoreCase(trustStoreType)) { options.setTrustStoreOptions(new JksOptions() .setPath(System.getProperty(JAVAX_NET_SSL_TRUSTSTORE)) .setPassword(System.getProperty(JAVAX_NET_SSL_TRUSTSTORE_PASSWORD))); } else { options.setPfxTrustOptions(new PfxOptions() .setPath(System.getProperty(JAVAX_NET_SSL_TRUSTSTORE)) .setPassword(System.getProperty(JAVAX_NET_SSL_TRUSTSTORE_PASSWORD))); } String allowedProtocols = System.getProperty(JDK_TLS_CLIENT_PROTOCOLS, "TLSv1.2"); Stream.of(allowedProtocols.split("\\s*,\\s*")) .forEach(options::addEnabledSecureTransportProtocol); String allowedCiphers = System.getProperty(HTTPS_CIPHERSUITES); if (allowedCiphers != null) { Stream.of(allowedCiphers.split("\\s*,\\s*")) .forEach(options::addEnabledCipherSuite); } }
serverOptions.setSsl(true); serverOptions.setClientAuth(ClientAuth.REQUIRED); PfxOptions serverPfxOptions = new PfxOptions().setPath(KEYSTORE).setPassword(PASSWORD); serverOptions.setPfxKeyCertOptions(serverPfxOptions); PfxOptions pfxOptions = new PfxOptions().setPath(TRUSTSTORE).setPassword(PASSWORD); serverOptions.setPfxTrustOptions(pfxOptions); PfxOptions clientKeyPfxOptions = new PfxOptions().setPath(KEYSTORE_CLIENT).setPassword(PASSWORD); bridgeOptions.setPfxKeyCertOptions(clientKeyPfxOptions);
@Test(timeout = 20000) public void testConnectWithSslToServerWithUntrustedKeyFails(TestContext context) throws Exception { Async async = context.async(); ProtonServerOptions serverOptions = new ProtonServerOptions(); serverOptions.setSsl(true); PfxOptions serverPfxOptions = new PfxOptions().setPath(KEYSTORE).setPassword(PASSWORD); serverOptions.setPfxKeyCertOptions(serverPfxOptions); mockServer = new MockServer(vertx, conn -> { handleBridgeStartupProcess(conn, context); }, serverOptions); // Try to start the bridge and expect it to fail due to not trusting the server AmqpBridgeOptions bridgeOptions = new AmqpBridgeOptions(); bridgeOptions.setSsl(true); PfxOptions pfxOptions = new PfxOptions().setPath(OTHER_CA_TRUSTSTORE).setPassword(PASSWORD); bridgeOptions.setPfxTrustOptions(pfxOptions); AmqpBridge bridge = AmqpBridge.create(vertx, bridgeOptions); bridge.start("localhost", mockServer.actualPort(), res -> { // Expect start to fail due to remote peer not being trusted context.assertFalse(res.succeeded(), "expected start to fail due to untrusted server"); async.complete(); }); async.awaitSuccess(); }
@Test(timeout = 20000) public void testConnectWithSslSucceeds(TestContext context) throws Exception { Async async = context.async(); ProtonServerOptions serverOptions = new ProtonServerOptions(); serverOptions.setSsl(true); PfxOptions serverPfxOptions = new PfxOptions().setPath(KEYSTORE).setPassword(PASSWORD); serverOptions.setPfxKeyCertOptions(serverPfxOptions); mockServer = new MockServer(vertx, conn -> { handleBridgeStartupProcess(conn, context); }, serverOptions); // Start the bridge and verify is succeeds AmqpBridgeOptions bridgeOptions = new AmqpBridgeOptions(); bridgeOptions.setSsl(true); PfxOptions clientPfxOptions = new PfxOptions().setPath(TRUSTSTORE).setPassword(PASSWORD); bridgeOptions.setPfxTrustOptions(clientPfxOptions); AmqpBridge bridge = AmqpBridge.create(vertx, bridgeOptions); bridge.start("localhost", mockServer.actualPort(), res -> { // Expect start to succeed context.assertTrue(res.succeeded(), "expected start to suceed"); async.complete(); }); async.awaitSuccess(); }
@Test(timeout = 20000) public void testConnectWithSslToNonSslServerFails(TestContext context) throws Exception { Async async = context.async(); // Create a server that doesn't use ssl ProtonServerOptions serverOptions = new ProtonServerOptions(); serverOptions.setSsl(false); mockServer = new MockServer(vertx, conn -> { handleBridgeStartupProcess(conn, context); }, serverOptions); // Try to start the bridge and expect it to fail AmqpBridgeOptions bridgeOptions = new AmqpBridgeOptions(); bridgeOptions.setSsl(true); PfxOptions pfxOptions = new PfxOptions().setPath(TRUSTSTORE).setPassword(PASSWORD); bridgeOptions.setPfxTrustOptions(pfxOptions); AmqpBridge bridge = AmqpBridge.create(vertx, bridgeOptions); bridge.start("localhost", mockServer.actualPort(), res -> { // Expect start to fail due to remote peer not doing SSL context.assertFalse(res.succeeded(), "expected start to fail due to server not using secure transport"); async.complete(); }); async.awaitSuccess(); }
@Test(timeout = 20000) public void testConnectWithSslToServerWhileUsingTrustAll(TestContext context) throws Exception { Async async = context.async(); ProtonServerOptions serverOptions = new ProtonServerOptions(); serverOptions.setSsl(true); PfxOptions serverPfxOptions = new PfxOptions().setPath(KEYSTORE).setPassword(PASSWORD); serverOptions.setPfxKeyCertOptions(serverPfxOptions); mockServer = new MockServer(vertx, conn -> { handleBridgeStartupProcess(conn, context); }, serverOptions); // Try to start the bridge and expect it to succeed due to trusting all certs AmqpBridgeOptions bridgeOptions = new AmqpBridgeOptions(); bridgeOptions.setSsl(true); bridgeOptions.setTrustAll(true); AmqpBridge bridge = AmqpBridge.create(vertx, bridgeOptions); bridge.start("localhost", mockServer.actualPort(), res -> { // Expect start to succeed context.assertTrue(res.succeeded(), "expected start to suceed due to trusting all certs"); async.complete(); }); async.awaitSuccess(); }