forked from quarkusio/quarkus
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Rewrite TLS test for the rest-client and reactive-rest-client
- Remove the trust store maven plugin which has not be super reliable recently on CI - Use the cert generator instead - Make sure the tests are not tainted with a quarkus.tls.trust-all=true - did not use the certificate annotation as the certificates are required to start the test resources, and it would require annotating all the test cases (as the order is undefined)
- Loading branch information
1 parent
a5a8046
commit 92301aa
Showing
22 changed files
with
281 additions
and
168 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
58 changes: 58 additions & 0 deletions
58
...ive/src/test/java/io/quarkus/it/rest/client/selfsigned/SelfSignedServiceTestResource.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
package io.quarkus.it.rest.client.selfsigned; | ||
|
||
import java.io.File; | ||
import java.time.Duration; | ||
import java.util.Map; | ||
|
||
import io.quarkus.test.common.QuarkusTestResourceLifecycleManager; | ||
import io.smallrye.certs.CertificateGenerator; | ||
import io.smallrye.certs.CertificateRequest; | ||
import io.smallrye.certs.Format; | ||
import io.vertx.core.Vertx; | ||
import io.vertx.core.http.HttpServerOptions; | ||
import io.vertx.core.net.PfxOptions; | ||
|
||
public class SelfSignedServiceTestResource implements QuarkusTestResourceLifecycleManager { | ||
|
||
Vertx vertx = Vertx.vertx(); | ||
|
||
@Override | ||
public Map<String, String> start() { | ||
File file = new File("target/certs"); | ||
file.mkdirs(); | ||
// Generate self-signed certificate | ||
// We do not use the junit 5 plugin to avoid having to annotate all the tests to make sure the certs are | ||
// generated before the tests are run | ||
CertificateGenerator generator = new CertificateGenerator(file.toPath(), false); | ||
CertificateRequest cr = new CertificateRequest() | ||
.withName("self-signed") | ||
.withFormat(Format.PKCS12) | ||
.withPassword("changeit") | ||
.withDuration(Duration.ofDays(2)) | ||
.withCN("localhost"); | ||
try { | ||
generator.generate(cr); | ||
} catch (Exception e) { | ||
throw new RuntimeException(e); | ||
} | ||
|
||
HttpServerOptions options = new HttpServerOptions() | ||
.setSsl(true) | ||
.setKeyCertOptions(new PfxOptions() | ||
.setPath("target/certs/self-signed-keystore.p12") | ||
.setPassword("changeit")); | ||
var server = vertx.createHttpServer(options) | ||
.requestHandler(req -> req.response().end("OK")) | ||
.listen(-2).toCompletionStage().toCompletableFuture().join(); | ||
|
||
return Map.of( | ||
"quarkus.rest-client.self-signed.url", "https://localhost:" + server.actualPort() + "/", | ||
"quarkus.rest-client.self-signed.trust-store", "target/certs/self-signed-truststore.p12", | ||
"quarkus.rest-client.self-signed.trust-store-password", "changeit"); | ||
} | ||
|
||
@Override | ||
public void stop() { | ||
vertx.close().toCompletionStage().toCompletableFuture().join(); | ||
} | ||
} |
68 changes: 68 additions & 0 deletions
68
...eactive/src/test/java/io/quarkus/it/rest/client/wronghost/BadHostServiceTestResource.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
package io.quarkus.it.rest.client.wronghost; | ||
|
||
import java.io.File; | ||
import java.time.Duration; | ||
import java.util.Map; | ||
|
||
import io.quarkus.test.common.QuarkusTestResourceLifecycleManager; | ||
import io.smallrye.certs.CertificateGenerator; | ||
import io.smallrye.certs.CertificateRequest; | ||
import io.smallrye.certs.Format; | ||
import io.vertx.core.Vertx; | ||
import io.vertx.core.http.HttpServerOptions; | ||
import io.vertx.core.net.PfxOptions; | ||
|
||
public class BadHostServiceTestResource implements QuarkusTestResourceLifecycleManager { | ||
|
||
Vertx vertx = Vertx.vertx(); | ||
|
||
@Override | ||
public Map<String, String> start() { | ||
File file = new File("target/certs"); | ||
file.mkdirs(); | ||
// Generate self-signed certificate | ||
// We do not use the junit 5 plugin to avoid having to annotate all the tests to make sure the certs are | ||
// generated before the tests are run | ||
CertificateGenerator generator = new CertificateGenerator(file.toPath(), false); | ||
CertificateRequest cr = new CertificateRequest() | ||
.withName("bad-host") | ||
.withFormat(Format.PKCS12) | ||
.withPassword("changeit") | ||
.withDuration(Duration.ofDays(2)) | ||
.withCN("bad-host.com") | ||
.withSubjectAlternativeName("DNS:bad-host.com"); | ||
try { | ||
generator.generate(cr); | ||
} catch (Exception e) { | ||
throw new RuntimeException(e); | ||
} | ||
|
||
File f = new File("target/certs/bad-host-keystore.p12"); | ||
System.out.println(f.getAbsolutePath() + " / " + f.exists()); | ||
HttpServerOptions options = new HttpServerOptions() | ||
.setSsl(true) | ||
.setKeyCertOptions(new PfxOptions() | ||
.setPath("target/certs/bad-host-keystore.p12") | ||
.setPassword("changeit")); | ||
var server = vertx.createHttpServer(options) | ||
.requestHandler(req -> req.response().end("OK")) | ||
.listen(-1).toCompletionStage().toCompletableFuture().join(); | ||
|
||
return Map.of( | ||
// Wrong Host client (connection accepted, as host verification is turned off) | ||
"quarkus.rest-client.wrong-host.url", "https://localhost:" + server.actualPort() + "/", | ||
"quarkus.rest-client.wrong-host.trust-store", "target/certs/bad-host-truststore.p12", | ||
"quarkus.rest-client.wrong-host.trust-store-password", "changeit", | ||
"quarkus.rest-client.wrong-host.verify-host", "false", | ||
|
||
// Wrong Host client verified (connection rejected, as host verification is turned on by default) | ||
"quarkus.rest-client.wrong-host-rejected.url", "https://localhost:" + server.actualPort() + "/", | ||
"quarkus.rest-client.wrong-host-rejected.trust-store", "target/certs/bad-host-truststore.p12", | ||
"quarkus.rest-client.wrong-host-rejected.trust-store-password", "changeit"); | ||
} | ||
|
||
@Override | ||
public void stop() { | ||
vertx.close().toCompletionStage().toCompletableFuture().join(); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.