forked from quarkusio/quarkus
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added implementation of TLS-registry for GraphQL Client
- Loading branch information
Showing
14 changed files
with
877 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
52 changes: 52 additions & 0 deletions
52
...ment/src/test/java/io/quarkus/smallrye/graphql/client/deployment/ssl/SSLTestingTools.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
package io.quarkus.smallrye.graphql.client.deployment.ssl; | ||
|
||
import java.security.KeyStore; | ||
import java.util.concurrent.ExecutionException; | ||
import java.util.concurrent.TimeUnit; | ||
import java.util.concurrent.TimeoutException; | ||
|
||
import io.smallrye.graphql.client.vertx.ssl.SSLTools; | ||
import io.vertx.core.Vertx; | ||
import io.vertx.core.http.ClientAuth; | ||
import io.vertx.core.http.HttpServer; | ||
import io.vertx.core.http.HttpServerOptions; | ||
import io.vertx.core.net.JksOptions; | ||
|
||
public class SSLTestingTools { | ||
static Vertx vertx = Vertx.vertx(); | ||
|
||
public HttpServer runServer(String keystorePath, String keystorePassword, | ||
String truststorePath, String truststorePassword) | ||
throws InterruptedException, ExecutionException, TimeoutException { | ||
HttpServerOptions options = new HttpServerOptions(); | ||
options.setSsl(true); | ||
options.setHost("localhost"); | ||
|
||
if (keystorePath != null) { | ||
JksOptions keystoreOptions = new JksOptions(); | ||
KeyStore keyStore = SSLTools.createKeyStore(keystorePath, "PKCS12", keystorePassword); | ||
keystoreOptions.setValue(SSLTools.asBuffer(keyStore, keystorePassword.toCharArray())); | ||
keystoreOptions.setPassword(keystorePassword); | ||
options.setKeyStoreOptions(keystoreOptions); | ||
} | ||
if (truststorePath != null) { | ||
options.setClientAuth(ClientAuth.REQUIRED); | ||
JksOptions truststoreOptions = new JksOptions(); | ||
KeyStore trustStore = SSLTools.createKeyStore(truststorePath, "PKCS12", truststorePassword); | ||
truststoreOptions.setValue(SSLTools.asBuffer(trustStore, truststorePassword.toCharArray())); | ||
truststoreOptions.setPassword(truststorePassword); | ||
options.setTrustStoreOptions(truststoreOptions); | ||
} | ||
|
||
HttpServer server = vertx.createHttpServer(options); | ||
server.requestHandler(request -> { | ||
request.response().send("{\n" + | ||
" \"data\": {\n" + | ||
" \"result\": \"HelloWorld\"\n" + | ||
" }\n" + | ||
"}"); | ||
}); | ||
|
||
return server.listen(63805).toCompletionStage().toCompletableFuture().get(10, TimeUnit.SECONDS); | ||
} | ||
} |
89 changes: 89 additions & 0 deletions
89
...aphql/client/deployment/ssl/TypesafeGraphQLClientClientAuthenticationBadKeystoreTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
package io.quarkus.smallrye.graphql.client.deployment.ssl; | ||
|
||
import jakarta.inject.Inject; | ||
|
||
import org.eclipse.microprofile.graphql.Query; | ||
import org.jboss.shrinkwrap.api.asset.EmptyAsset; | ||
import org.jboss.shrinkwrap.api.asset.StringAsset; | ||
import org.junit.jupiter.api.AfterAll; | ||
import org.junit.jupiter.api.Assertions; | ||
import org.junit.jupiter.api.BeforeAll; | ||
import org.junit.jupiter.api.Test; | ||
import org.junit.jupiter.api.extension.RegisterExtension; | ||
|
||
import io.quarkus.test.QuarkusUnitTest; | ||
import io.smallrye.certs.Format; | ||
import io.smallrye.certs.junit5.Certificate; | ||
import io.smallrye.certs.junit5.Certificates; | ||
import io.smallrye.graphql.client.typesafe.api.GraphQLClientApi; | ||
import io.vertx.core.http.HttpServer; | ||
|
||
@Certificates(baseDir = "target/certs", certificates = { | ||
@Certificate(name = "graphql", password = "password", formats = { Format.PKCS12 }, client = true), | ||
@Certificate(name = "wrong-graphql", password = "wrong-password", formats = { Format.PKCS12 }, client = true) | ||
}) | ||
public class TypesafeGraphQLClientClientAuthenticationBadKeystoreTest { | ||
|
||
private static final int PORT = 63805; | ||
private static final SSLTestingTools TOOLS = new SSLTestingTools(); | ||
private static HttpServer server; | ||
|
||
private static final String CONFIGURATION = """ | ||
quarkus.smallrye-graphql-client.my-client.tls-bucket-name=my-tls-client | ||
quarkus.tls.my-tls-client.key-store.p12.path=target/certs/wrong-graphql-client-keystore.p12 | ||
quarkus.tls.my-tls-client.key-store.p12.password=wrong-password | ||
quarkus.smallrye-graphql-client.my-client.url=https://127.0.0.1:%d/ | ||
quarkus.tls.my-tls-client.trust-all=true | ||
""".formatted(PORT); | ||
|
||
@RegisterExtension | ||
static QuarkusUnitTest test = new QuarkusUnitTest() | ||
.withApplicationRoot((jar) -> jar | ||
.addClasses(MyApi.class, SSLTestingTools.class) | ||
.addAsResource(new StringAsset(CONFIGURATION), | ||
"application.properties") | ||
.addAsManifestResource(EmptyAsset.INSTANCE, "beans.xml")); | ||
|
||
@GraphQLClientApi(configKey = "my-client") | ||
private interface MyApi { | ||
@Query | ||
String getResult(); | ||
} | ||
|
||
@Inject | ||
MyApi myApi; | ||
|
||
@BeforeAll | ||
static void setupServer() throws Exception { | ||
server = TOOLS.runServer("target/certs/graphql-keystore.p12", | ||
"password", "target/certs/graphql-server-truststore.p12", "password"); | ||
} | ||
|
||
@Test | ||
void clientAuthentication_badKeystore() { | ||
try { | ||
myApi.getResult(); | ||
Assertions.fail("Should not be able to connect"); | ||
} catch (Exception e) { | ||
// verify that the server rejected the client's certificate | ||
assertHasCauseContainingMessage(e, "Received fatal alert: certificate_unknown"); | ||
} | ||
} | ||
|
||
@AfterAll | ||
static void closeServer() { | ||
server.close(); | ||
} | ||
|
||
private void assertHasCauseContainingMessage(Throwable t, String message) { | ||
Throwable throwable = t; | ||
while (throwable.getCause() != null) { | ||
throwable = throwable.getCause(); | ||
if (throwable.getMessage().contains(message)) { | ||
t.printStackTrace(); | ||
return; | ||
} | ||
} | ||
throw new RuntimeException("Unexpected exception", t); | ||
} | ||
} |
71 changes: 71 additions & 0 deletions
71
...l/client/deployment/ssl/TypesafeGraphQLClientClientAuthenticationCorrectKeystoreTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
package io.quarkus.smallrye.graphql.client.deployment.ssl; | ||
|
||
import static org.assertj.core.api.AssertionsForClassTypes.assertThat; | ||
|
||
import jakarta.inject.Inject; | ||
|
||
import org.eclipse.microprofile.graphql.Query; | ||
import org.jboss.shrinkwrap.api.asset.EmptyAsset; | ||
import org.jboss.shrinkwrap.api.asset.StringAsset; | ||
import org.junit.jupiter.api.AfterAll; | ||
import org.junit.jupiter.api.BeforeAll; | ||
import org.junit.jupiter.api.Test; | ||
import org.junit.jupiter.api.extension.RegisterExtension; | ||
|
||
import io.quarkus.test.QuarkusUnitTest; | ||
import io.smallrye.certs.Format; | ||
import io.smallrye.certs.junit5.Certificate; | ||
import io.smallrye.certs.junit5.Certificates; | ||
import io.smallrye.graphql.client.typesafe.api.GraphQLClientApi; | ||
import io.vertx.core.http.HttpServer; | ||
|
||
@Certificates(baseDir = "target/certs", certificates = @Certificate(name = "graphql", password = "password", formats = { | ||
Format.PKCS12 }, client = true)) | ||
public class TypesafeGraphQLClientClientAuthenticationCorrectKeystoreTest { | ||
|
||
private static final int PORT = 63805; | ||
private static final SSLTestingTools TOOLS = new SSLTestingTools(); | ||
private static final String EXPECTED_RESPONSE = "HelloWorld"; | ||
private static HttpServer server; | ||
|
||
private static final String CONFIGURATION = """ | ||
quarkus.smallrye-graphql-client.my-client.tls-bucket-name=my-tls-client | ||
quarkus.tls.my-tls-client.key-store.p12.path=target/certs/graphql-client-keystore.p12 | ||
quarkus.tls.my-tls-client.key-store.p12.password=password | ||
quarkus.smallrye-graphql-client.my-client.url=https://127.0.0.1:%d/ | ||
quarkus.tls.my-tls-client.trust-all=true | ||
""".formatted(PORT); | ||
|
||
@RegisterExtension | ||
static QuarkusUnitTest test = new QuarkusUnitTest() | ||
.withApplicationRoot((jar) -> jar | ||
.addClasses(MyApi.class, SSLTestingTools.class) | ||
.addAsResource(new StringAsset(CONFIGURATION), | ||
"application.properties") | ||
.addAsManifestResource(EmptyAsset.INSTANCE, "beans.xml")); | ||
|
||
@GraphQLClientApi(configKey = "my-client") | ||
private interface MyApi { | ||
@Query | ||
String getResult(); | ||
} | ||
|
||
@Inject | ||
MyApi myApi; | ||
|
||
@BeforeAll | ||
static void setupServer() throws Exception { | ||
server = TOOLS.runServer("target/certs/graphql-keystore.p12", | ||
"password", "target/certs/graphql-server-truststore.p12", "password"); | ||
} | ||
|
||
@Test | ||
void clientAuthentication_correctKeystore() { | ||
assertThat(myApi.getResult()).isEqualTo(EXPECTED_RESPONSE); | ||
} | ||
|
||
@AfterAll | ||
static void closeServer() { | ||
server.close(); | ||
} | ||
} |
Oops, something went wrong.