2 * Copyright (C) The Arvados Authors. All rights reserved.
4 * SPDX-License-Identifier: AGPL-3.0 OR Apache-2.0
8 package org.arvados.client.api.client.factory;
10 import okhttp3.OkHttpClient;
11 import okhttp3.Request;
12 import okhttp3.Response;
13 import okhttp3.mockwebserver.MockResponse;
14 import org.arvados.client.test.utils.ArvadosClientMockedWebServerTest;
15 import org.junit.Assert;
16 import org.junit.Test;
17 import org.junit.runner.RunWith;
18 import org.mockito.junit.MockitoJUnitRunner;
20 import javax.net.ssl.KeyManagerFactory;
21 import javax.net.ssl.SSLContext;
22 import javax.net.ssl.SSLSocketFactory;
23 import javax.net.ssl.TrustManagerFactory;
24 import java.io.FileInputStream;
25 import java.security.KeyStore;
28 @RunWith(MockitoJUnitRunner.class)
29 public class OkHttpClientFactoryTest extends ArvadosClientMockedWebServerTest {
31 @Test(expected = javax.net.ssl.SSLHandshakeException.class)
32 public void secureOkHttpClientIsCreated() throws Exception {
35 OkHttpClientFactory factory = OkHttpClientFactory.builder().build();
36 // * configure HTTPS server
37 SSLSocketFactory sf = getSSLSocketFactoryWithSelfSignedCertificate();
38 server.useHttps(sf, false);
39 server.enqueue(new MockResponse().setBody("OK"));
40 // * prepare client HTTP request
41 Request request = new Request.Builder()
42 .url("https://localhost:9000/")
45 // when - then (SSL certificate is verified)
46 OkHttpClient actual = factory.create(false);
47 Response response = actual.newCall(request).execute();
51 public void insecureOkHttpClientIsCreated() throws Exception {
53 OkHttpClientFactory factory = OkHttpClientFactory.builder().build();
54 // * configure HTTPS server
55 SSLSocketFactory sf = getSSLSocketFactoryWithSelfSignedCertificate();
56 server.useHttps(sf, false);
57 server.enqueue(new MockResponse().setBody("OK"));
58 // * prepare client HTTP request
59 Request request = new Request.Builder()
60 .url("https://localhost:9000/")
63 // when (SSL certificate is not verified)
64 OkHttpClient actual = factory.create(true);
65 Response response = actual.newCall(request).execute();
68 Assert.assertEquals(response.body().string(),"OK");
73 This ugly boilerplate is needed to enable self signed certificate.
75 It requires selfsigned.keystore.jks file. It was generated with:
76 keytool -genkey -v -keystore mystore.keystore.jks -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
78 public SSLSocketFactory getSSLSocketFactoryWithSelfSignedCertificate() throws Exception {
80 FileInputStream stream = new FileInputStream("src/test/resources/selfsigned.keystore.jks");
81 char[] serverKeyStorePassword = "123456".toCharArray();
82 KeyStore serverKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
83 serverKeyStore.load(stream, serverKeyStorePassword);
85 String kmfAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
86 KeyManagerFactory kmf = KeyManagerFactory.getInstance(kmfAlgorithm);
87 kmf.init(serverKeyStore, serverKeyStorePassword);
89 TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(kmfAlgorithm);
90 trustManagerFactory.init(serverKeyStore);
92 SSLContext sslContext = SSLContext.getInstance("SSL");
93 sslContext.init(kmf.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
94 return sslContext.getSocketFactory();