+++ /dev/null
-/*
- * Copyright (C) The Arvados Authors. All rights reserved.
- *
- * SPDX-License-Identifier: AGPL-3.0 OR Apache-2.0
- *
- */
-
-package org.arvados.client.api.client.factory;
-
-import okhttp3.OkHttpClient;
-import okhttp3.Request;
-import okhttp3.Response;
-import okhttp3.mockwebserver.MockResponse;
-import org.arvados.client.test.utils.ArvadosClientMockedWebServerTest;
-import org.junit.Assert;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.mockito.junit.MockitoJUnitRunner;
-
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSocketFactory;
-import javax.net.ssl.TrustManagerFactory;
-import java.io.FileInputStream;
-import java.security.KeyStore;
-
-
-@RunWith(MockitoJUnitRunner.class)
-public class OkHttpClientFactoryTest extends ArvadosClientMockedWebServerTest {
-
- @Test(expected = javax.net.ssl.SSLHandshakeException.class)
- public void secureOkHttpClientIsCreated() throws Exception {
-
- // given
- OkHttpClientFactory factory = OkHttpClientFactory.builder().build();
- // * configure HTTPS server
- SSLSocketFactory sf = getSSLSocketFactoryWithSelfSignedCertificate();
- server.useHttps(sf, false);
- server.enqueue(new MockResponse().setBody("OK"));
- // * prepare client HTTP request
- Request request = new Request.Builder()
- .url("https://localhost:9000/")
- .build();
-
- // when - then (SSL certificate is verified)
- OkHttpClient actual = factory.create(false);
- Response response = actual.newCall(request).execute();
- }
-
- @Test
- public void insecureOkHttpClientIsCreated() throws Exception {
- // given
- OkHttpClientFactory factory = OkHttpClientFactory.builder().build();
- // * configure HTTPS server
- SSLSocketFactory sf = getSSLSocketFactoryWithSelfSignedCertificate();
- server.useHttps(sf, false);
- server.enqueue(new MockResponse().setBody("OK"));
- // * prepare client HTTP request
- Request request = new Request.Builder()
- .url("https://localhost:9000/")
- .build();
-
- // when (SSL certificate is not verified)
- OkHttpClient actual = factory.create(true);
- Response response = actual.newCall(request).execute();
-
- // then
- Assert.assertEquals(response.body().string(),"OK");
- }
-
-
- /*
- This ugly boilerplate is needed to enable self signed certificate.
-
- It requires selfsigned.keystore.jks file. It was generated with:
- keytool -genkey -v -keystore mystore.keystore.jks -alias alias_name -keyalg RSA -keysize 2048 -validity 10000
- */
- public SSLSocketFactory getSSLSocketFactoryWithSelfSignedCertificate() throws Exception {
-
- FileInputStream stream = new FileInputStream("src/test/resources/selfsigned.keystore.jks");
- char[] serverKeyStorePassword = "123456".toCharArray();
- KeyStore serverKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
- serverKeyStore.load(stream, serverKeyStorePassword);
-
- String kmfAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
- KeyManagerFactory kmf = KeyManagerFactory.getInstance(kmfAlgorithm);
- kmf.init(serverKeyStore, serverKeyStorePassword);
-
- TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(kmfAlgorithm);
- trustManagerFactory.init(serverKeyStore);
-
- SSLContext sslContext = SSLContext.getInstance("SSL");
- sslContext.init(kmf.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
- return sslContext.getSocketFactory();
- }
-}
projects / arvados.git / blobdiff