clj-http-client/test/puppetlabs/http/client/sync_ssl_test.clj

(ns puppetlabs.http.client.sync-ssl-test
  (:import (com.puppetlabs.http.client SyncHttpClient RequestOptions
                                       HttpClientException)
           (javax.net.ssl SSLHandshakeException))
  (:require [clojure.test :refer :all]
            [puppetlabs.trapperkeeper.core :as tk]
            [puppetlabs.trapperkeeper.testutils.bootstrap :as testutils]
            [puppetlabs.trapperkeeper.testutils.logging :as testlogging]
            [puppetlabs.trapperkeeper.services.webserver.jetty9-service :as jetty9]
            [puppetlabs.http.client.sync :as sync]
            [schema.test :as schema-test]))

(use-fixtures :once schema-test/validate-schemas)

(defn app
  [req]
  {:status 200
   :body "Hello, World!"})

(tk/defservice test-web-service
  [[:WebserverService add-ring-handler]]
  (init [this context]
        (add-ring-handler app "/hello")
        context))

(deftest sync-client-test-from-pems
  (testlogging/with-test-logging
    (testutils/with-app-with-config app
      [jetty9/jetty9-service test-web-service]
      {:webserver {:ssl-host    "0.0.0.0"
                   :ssl-port    10080
                   :ssl-ca-cert "./dev-resources/ssl/ca.pem"
                   :ssl-cert    "./dev-resources/ssl/cert.pem"
                   :ssl-key     "./dev-resources/ssl/key.pem"}}
      (testing "java sync client"
        (let [options (.. (RequestOptions. "https://localhost:10080/hello/")
                          (setSslCert "./dev-resources/ssl/cert.pem")
                          (setSslKey "./dev-resources/ssl/key.pem")
                          (setSslCaCert "./dev-resources/ssl/ca.pem"))
              response (SyncHttpClient/get options)]
          (is (= 200 (.getStatus response)))
          (is (= "Hello, World!" (slurp (.getBody response))))))
      (testing "clojure sync client"
        (let [response (sync/get "https://localhost:10080/hello/"
                                 {:ssl-cert "./dev-resources/ssl/cert.pem"
                                  :ssl-key "./dev-resources/ssl/key.pem"
                                  :ssl-ca-cert "./dev-resources/ssl/ca.pem"})]
          (is (= 200 (:status response)))
          (is (= "Hello, World!" (slurp (:body response)))))))))

(deftest sync-client-test-from-ca-cert
  (testlogging/with-test-logging
    (testutils/with-app-with-config app
      [jetty9/jetty9-service test-web-service]
      {:webserver {:ssl-host    "0.0.0.0"
                   :ssl-port    10080
                   :ssl-ca-cert "./dev-resources/ssl/ca.pem"
                   :ssl-cert    "./dev-resources/ssl/cert.pem"
                   :ssl-key     "./dev-resources/ssl/key.pem"
                   :client-auth "want"}}
      (testing "java sync client"
        (let [options (.. (RequestOptions. "https://localhost:10080/hello/")
                          (setSslCaCert "./dev-resources/ssl/ca.pem"))
              response (SyncHttpClient/get options)]
          (is (= 200 (.getStatus response)))
          (is (= "Hello, World!" (slurp (.getBody response))))))
      (testing "clojure sync client"
        (let [response (sync/get "https://localhost:10080/hello/"
                                 {:ssl-ca-cert "./dev-resources/ssl/ca.pem"})]
          (is (= 200 (:status response)))
          (is (= "Hello, World!" (slurp (:body response)))))))))

(deftest sync-client-test-with-invalid-ca-cert
  (testlogging/with-test-logging
    (testutils/with-app-with-config app
      [jetty9/jetty9-service test-web-service]
      {:webserver {:ssl-host    "0.0.0.0"
                   :ssl-port    10081
                   :ssl-ca-cert "./dev-resources/ssl/ca.pem"
                   :ssl-cert    "./dev-resources/ssl/cert.pem"
                   :ssl-key     "./dev-resources/ssl/key.pem"
                   :client-auth "want"}}
      (testing "java sync client"
        (let [options (.. (RequestOptions. "https://localhost:10081/hello/")
                          (setSslCaCert "./dev-resources/ssl/alternate-ca.pem"))]
          (try
            (SyncHttpClient/get options)
            ; fail if we don't get an exception
            (is (not true) "expected HttpClientException")
            (catch HttpClientException e
              (is (instance? SSLHandshakeException (.getCause e)))))))
      (testing "clojure sync client"
        (is (thrown? SSLHandshakeException
                     (sync/get "https://localhost:10081/hello/"
                               {:ssl-ca-cert "./dev-resources/ssl/alternate-ca.pem"})))))))
(TK-23) Port to apache HttpAsyncClient * Ports the code over to use the Apache HttpAsyncClient library instead of http-kit, as we were getting some weird and inconsistent SSL errors from http-kit, and * Simplify the API (by eliminating a lot of the supported configuration options). Some of these options we'll eventually want to add back in, but for now, getting rid of them makes the API less cluttered and also gives us the opportunity to do a better job writing tests for new options when we do add support for them. For now it only supports constructing a new client on every request. I intend to add API for creating a client explicitly, and a protocol for how to interact with the client. This will allow users to re-use an existing client as they see fit... but this hasn't been implemented yet. 2014-07-03 15:58:46 +00:00			`(ns puppetlabs.http.client.sync-ssl-test`
Cleanup and additional test based on PR feedback 2014-04-11 20:56:09 +00:00			`(:import (com.puppetlabs.http.client SyncHttpClient RequestOptions`
			`HttpClientException)`
			`(javax.net.ssl SSLHandshakeException))`
Add integration tests for sync clients Prior to this commit, we didn't actually have any tests that started a real web server and made a real request. This commit adds tests that do this for the clojure and Java synchronous clients, using SSL. 2014-03-29 00:33:27 +00:00			`(:require [clojure.test :refer :all]`
			`[puppetlabs.trapperkeeper.core :as tk]`
			`[puppetlabs.trapperkeeper.testutils.bootstrap :as testutils]`
			`[puppetlabs.trapperkeeper.testutils.logging :as testlogging]`
			`[puppetlabs.trapperkeeper.services.webserver.jetty9-service :as jetty9]`
(TK-23) Port to apache HttpAsyncClient * Ports the code over to use the Apache HttpAsyncClient library instead of http-kit, as we were getting some weird and inconsistent SSL errors from http-kit, and * Simplify the API (by eliminating a lot of the supported configuration options). Some of these options we'll eventually want to add back in, but for now, getting rid of them makes the API less cluttered and also gives us the opportunity to do a better job writing tests for new options when we do add support for them. For now it only supports constructing a new client on every request. I intend to add API for creating a client explicitly, and a protocol for how to interact with the client. This will allow users to re-use an existing client as they see fit... but this hasn't been implemented yet. 2014-07-03 15:58:46 +00:00			`[puppetlabs.http.client.sync :as sync]`
			`[schema.test :as schema-test]))`

			`(use-fixtures :once schema-test/validate-schemas)`
Add integration tests for sync clients Prior to this commit, we didn't actually have any tests that started a real web server and made a real request. This commit adds tests that do this for the clojure and Java synchronous clients, using SSL. 2014-03-29 00:33:27 +00:00
			`(defn app`
			`[req]`
			`{:status 200`
			`:body "Hello, World!"})`

			`(tk/defservice test-web-service`
			`[[:WebserverService add-ring-handler]]`
			`(init [this context]`
			`(add-ring-handler app "/hello")`
			`context))`

Support SSLContext configured with only CA cert 2014-04-06 03:04:03 +00:00			`(deftest sync-client-test-from-pems`
Add integration tests for sync clients Prior to this commit, we didn't actually have any tests that started a real web server and made a real request. This commit adds tests that do this for the clojure and Java synchronous clients, using SSL. 2014-03-29 00:33:27 +00:00			`(testlogging/with-test-logging`
			`(testutils/with-app-with-config app`
			`[jetty9/jetty9-service test-web-service]`
			`{:webserver {:ssl-host "0.0.0.0"`
			`:ssl-port 10080`
			`:ssl-ca-cert "./dev-resources/ssl/ca.pem"`
			`:ssl-cert "./dev-resources/ssl/cert.pem"`
			`:ssl-key "./dev-resources/ssl/key.pem"}}`
			`(testing "java sync client"`
			`(let [options (.. (RequestOptions. "https://localhost:10080/hello/")`
			`(setSslCert "./dev-resources/ssl/cert.pem")`
			`(setSslKey "./dev-resources/ssl/key.pem")`
			`(setSslCaCert "./dev-resources/ssl/ca.pem"))`
			`response (SyncHttpClient/get options)]`
			`(is (= 200 (.getStatus response)))`
			`(is (= "Hello, World!" (slurp (.getBody response))))))`
			`(testing "clojure sync client"`
			`(let [response (sync/get "https://localhost:10080/hello/"`
			`{:ssl-cert "./dev-resources/ssl/cert.pem"`
			`:ssl-key "./dev-resources/ssl/key.pem"`
			`:ssl-ca-cert "./dev-resources/ssl/ca.pem"})]`
			`(is (= 200 (:status response)))`
			`(is (= "Hello, World!" (slurp (:body response)))))))))`
Support SSLContext configured with only CA cert 2014-04-06 03:04:03 +00:00
			`(deftest sync-client-test-from-ca-cert`
			`(testlogging/with-test-logging`
			`(testutils/with-app-with-config app`
			`[jetty9/jetty9-service test-web-service]`
			`{:webserver {:ssl-host "0.0.0.0"`
			`:ssl-port 10080`
			`:ssl-ca-cert "./dev-resources/ssl/ca.pem"`
			`:ssl-cert "./dev-resources/ssl/cert.pem"`
			`:ssl-key "./dev-resources/ssl/key.pem"`
			`:client-auth "want"}}`
			`(testing "java sync client"`
			`(let [options (.. (RequestOptions. "https://localhost:10080/hello/")`
			`(setSslCaCert "./dev-resources/ssl/ca.pem"))`
			`response (SyncHttpClient/get options)]`
			`(is (= 200 (.getStatus response)))`
			`(is (= "Hello, World!" (slurp (.getBody response))))))`
			`(testing "clojure sync client"`
			`(let [response (sync/get "https://localhost:10080/hello/"`
			`{:ssl-ca-cert "./dev-resources/ssl/ca.pem"})]`
			`(is (= 200 (:status response)))`
			`(is (= "Hello, World!" (slurp (:body response)))))))))`
Cleanup and additional test based on PR feedback 2014-04-11 20:56:09 +00:00
			`(deftest sync-client-test-with-invalid-ca-cert`
			`(testlogging/with-test-logging`
			`(testutils/with-app-with-config app`
			`[jetty9/jetty9-service test-web-service]`
			`{:webserver {:ssl-host "0.0.0.0"`
			`:ssl-port 10081`
			`:ssl-ca-cert "./dev-resources/ssl/ca.pem"`
			`:ssl-cert "./dev-resources/ssl/cert.pem"`
			`:ssl-key "./dev-resources/ssl/key.pem"`
			`:client-auth "want"}}`
			`(testing "java sync client"`
			`(let [options (.. (RequestOptions. "https://localhost:10081/hello/")`
			`(setSslCaCert "./dev-resources/ssl/alternate-ca.pem"))]`
			`(try`
			`(SyncHttpClient/get options)`
			`; fail if we don't get an exception`
			`(is (not true) "expected HttpClientException")`
			`(catch HttpClientException e`
			`(is (instance? SSLHandshakeException (.getCause e)))))))`
			`(testing "clojure sync client"`
			`(is (thrown? SSLHandshakeException`
			`(sync/get "https://localhost:10081/hello/"`
			`{:ssl-ca-cert "./dev-resources/ssl/alternate-ca.pem"})))))))`