Skip to content

Commit

Permalink
The test must fail on transport, not network level.
Browse files Browse the repository at this point in the history
  • Loading branch information
Karm committed Jul 26, 2024
1 parent 089a116 commit 22fc800
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 10 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -4,5 +4,4 @@ quarkus.http.ssl.certificate.trust-store-file=server-truststore.p12
quarkus.http.ssl.certificate.trust-store-password=password
quarkus.http.ssl.client-auth=REQUIRED
quarkus.http.auth.certificate-role-properties=cn-role-mappings.txt
quarkus.native.additional-build-args=-H:IncludeResources=.*\\.p12,-H:IncludeResources=.*\\.txt

quarkus.native.resources.includes=*.p12,*.txt
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,10 @@
import static org.hamcrest.Matchers.equalTo;
import static org.junit.jupiter.api.Assertions.assertThrows;

import java.net.ConnectException;
import java.net.URL;

import javax.net.ssl.SSLHandshakeException;

import org.junit.jupiter.api.Test;

import io.quarkus.test.common.http.TestHTTPResource;
Expand Down Expand Up @@ -44,19 +45,25 @@ public void testAuthorizedAdmin() {

@Test
public void testNoClientCertificate() {
assertThrows(ConnectException.class,
() -> given().get("/protected/authenticated"),
// javax.net.ssl.SSLHandshakeException
// Indicates that the client and server could not negotiate the desired level of security.
// The connection is no longer usable.
final RequestSpecification rs = new RequestSpecBuilder()
.setBaseUri(String.format("%s://%s", url.getProtocol(), url.getHost()))
.setPort(url.getPort()).build();
assertThrows(SSLHandshakeException.class,
() -> given().spec(rs).get("/protected/authenticated"),
"Insecure requests must fail at the transport level");
assertThrows(ConnectException.class,
() -> given().get("/protected/authorized-user"),
assertThrows(SSLHandshakeException.class,
() -> given().spec(rs).get("/protected/authorized-user"),
"Insecure requests must fail at the transport level");
assertThrows(ConnectException.class,
() -> given().get("/protected/authorized-admin"),
assertThrows(SSLHandshakeException.class,
() -> given().spec(rs).get("/protected/authorized-admin"),
"Insecure requests must fail at the transport level");
}

protected RequestSpecification getMtlsRequestSpec(String clientKeyStore) {
var builder = new RequestSpecBuilder()
final RequestSpecBuilder builder = new RequestSpecBuilder()
.setBaseUri(String.format("%s://%s", url.getProtocol(), url.getHost()))
.setPort(url.getPort());
withKeyStore(builder, clientKeyStore);
Expand Down

0 comments on commit 22fc800

Please sign in to comment.