Support SSLContext configured with only CA cert
This commit is contained in:
parent
f9168c55d3
commit
cc3633b428
5 changed files with 72 additions and 2 deletions
|
@ -8,7 +8,7 @@
|
|||
|
||||
:dependencies [[org.clojure/clojure "1.5.1"]
|
||||
[http-kit "2.1.16"]
|
||||
[puppetlabs/certificate-authority "0.1.3"]
|
||||
[puppetlabs/certificate-authority "0.1.4"]
|
||||
[org.clojure/tools.logging "0.2.6"]
|
||||
[org.slf4j/slf4j-api "1.7.6"]]
|
||||
|
||||
|
|
|
@ -28,6 +28,13 @@
|
|||
(:ssl-ca-cert req)))
|
||||
(dissoc :ssl-cert :ssl-key :ssl-ca-cert)))
|
||||
|
||||
(defn- initialize-ssl-context-from-ca-pem
|
||||
[req]
|
||||
(-> req
|
||||
(assoc :ssl-context (ssl/ca-cert-pem->ssl-context
|
||||
(:ssl-ca-cert req)))
|
||||
(dissoc :ssl-ca-cert)))
|
||||
|
||||
(defn- configure-ssl-from-context
|
||||
"Configures an SSLEngine in the request starting from an SSLContext"
|
||||
[req]
|
||||
|
@ -42,6 +49,13 @@
|
|||
initialize-ssl-context-from-pems
|
||||
configure-ssl-from-context))
|
||||
|
||||
(defn- configure-ssl-from-ca-pem
|
||||
"Configures an SSLEngine in the request starting from a CA PEM file"
|
||||
[req]
|
||||
(-> req
|
||||
initialize-ssl-context-from-ca-pem
|
||||
configure-ssl-from-context))
|
||||
|
||||
(defn configure-ssl
|
||||
"Configures a request map to have an SSLEngine. It will use an existing one
|
||||
if already present, , then use an SSLContext (stored in :ssl-context) if
|
||||
|
@ -53,6 +67,7 @@
|
|||
(:sslengine req) req
|
||||
(:ssl-context req) (configure-ssl-from-context req)
|
||||
(every? (partial req) [:ssl-cert :ssl-key :ssl-ca-cert]) (configure-ssl-from-pems req)
|
||||
(:ssl-ca-cert req) (configure-ssl-from-ca-pem req)
|
||||
:else req))
|
||||
|
||||
(defn- check-url! [url]
|
||||
|
|
|
@ -68,6 +68,27 @@ public class SyncHttpClient {
|
|||
return configureSslFromContext(options);
|
||||
}
|
||||
|
||||
if (options.getSslCaCert() != null) {
|
||||
try {
|
||||
options.setSslContext(
|
||||
CertificateAuthority.caCertPemToSSLContext(
|
||||
new FileReader(options.getSslCaCert()))
|
||||
);
|
||||
} catch (KeyStoreException e) {
|
||||
logAndRethrow("Error while configuring SSL", e);
|
||||
} catch (CertificateException e) {
|
||||
logAndRethrow("Error while configuring SSL", e);
|
||||
} catch (IOException e) {
|
||||
logAndRethrow("Error while configuring SSL", e);
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
logAndRethrow("Error while configuring SSL", e);
|
||||
} catch (KeyManagementException e) {
|
||||
logAndRethrow("Error while configuring SSL", e);
|
||||
}
|
||||
options.setSslCaCert(null);
|
||||
return configureSslFromContext(options);
|
||||
}
|
||||
|
||||
return options;
|
||||
}
|
||||
|
||||
|
|
|
@ -21,6 +21,18 @@
|
|||
(is (not (:ssl-key configured-req)))
|
||||
(is (not (:ssl-ca-cert configured-req))))))
|
||||
|
||||
(deftest ssl-config-with-ca-file
|
||||
(let [req {:url "http://localhost"
|
||||
:method :get
|
||||
:ssl-ca-cert (resource "ssl/ca.pem")}
|
||||
configured-req (http/configure-ssl req)]
|
||||
|
||||
(testing "configure-ssl sets up an SSLEngine when given ca-cert"
|
||||
(is (instance? SSLEngine (:sslengine configured-req))))
|
||||
|
||||
(testing "removes ssl-ca-cert"
|
||||
(is (not (:ssl-ca-cert configured-req))))))
|
||||
|
||||
(deftest ssl-config-without-ssl-params
|
||||
(let [req {:url "http://localhost"
|
||||
:method :get}
|
||||
|
|
|
@ -18,7 +18,7 @@
|
|||
(add-ring-handler app "/hello")
|
||||
context))
|
||||
|
||||
(deftest sync-client-test
|
||||
(deftest sync-client-test-from-pems
|
||||
(testlogging/with-test-logging
|
||||
(testutils/with-app-with-config app
|
||||
[jetty9/jetty9-service test-web-service]
|
||||
|
@ -42,3 +42,25 @@
|
|||
:ssl-ca-cert "./dev-resources/ssl/ca.pem"})]
|
||||
(is (= 200 (:status response)))
|
||||
(is (= "Hello, World!" (slurp (:body response)))))))))
|
||||
|
||||
(deftest sync-client-test-from-ca-cert
|
||||
(testlogging/with-test-logging
|
||||
(testutils/with-app-with-config app
|
||||
[jetty9/jetty9-service test-web-service]
|
||||
{:webserver {:ssl-host "0.0.0.0"
|
||||
:ssl-port 10080
|
||||
:ssl-ca-cert "./dev-resources/ssl/ca.pem"
|
||||
:ssl-cert "./dev-resources/ssl/cert.pem"
|
||||
:ssl-key "./dev-resources/ssl/key.pem"
|
||||
:client-auth "want"}}
|
||||
(testing "java sync client"
|
||||
(let [options (.. (RequestOptions. "https://localhost:10080/hello/")
|
||||
(setSslCaCert "./dev-resources/ssl/ca.pem"))
|
||||
response (SyncHttpClient/get options)]
|
||||
(is (= 200 (.getStatus response)))
|
||||
(is (= "Hello, World!" (slurp (.getBody response))))))
|
||||
(testing "clojure sync client"
|
||||
(let [response (sync/get "https://localhost:10080/hello/"
|
||||
{:ssl-ca-cert "./dev-resources/ssl/ca.pem"})]
|
||||
(is (= 200 (:status response)))
|
||||
(is (= "Hello, World!" (slurp (:body response)))))))))
|
||||
|
|
Loading…
Reference in a new issue