From 22fc800cf4e2ada73f45aab0340c38ce1eabfc59 Mon Sep 17 00:00:00 2001 From: Michal Karm Babacek Date: Fri, 26 Jul 2024 09:39:21 +0200 Subject: [PATCH] The test must fail on transport, not network level. --- .../src/main/resources/application.properties | 3 +-- .../AbstractCertificateRoleMappingTest.java | 23 ++++++++++++------- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/integration-tests/mtls-certificates/src/main/resources/application.properties b/integration-tests/mtls-certificates/src/main/resources/application.properties index 59c1458397d74..0e1988f08819b 100644 --- a/integration-tests/mtls-certificates/src/main/resources/application.properties +++ b/integration-tests/mtls-certificates/src/main/resources/application.properties @@ -4,5 +4,4 @@ quarkus.http.ssl.certificate.trust-store-file=server-truststore.p12 quarkus.http.ssl.certificate.trust-store-password=password quarkus.http.ssl.client-auth=REQUIRED quarkus.http.auth.certificate-role-properties=cn-role-mappings.txt -quarkus.native.additional-build-args=-H:IncludeResources=.*\\.p12,-H:IncludeResources=.*\\.txt - +quarkus.native.resources.includes=*.p12,*.txt diff --git a/integration-tests/mtls-certificates/src/test/java/io/quarkus/it/vertx/AbstractCertificateRoleMappingTest.java b/integration-tests/mtls-certificates/src/test/java/io/quarkus/it/vertx/AbstractCertificateRoleMappingTest.java index 2150419bf4f30..14a03fb700018 100644 --- a/integration-tests/mtls-certificates/src/test/java/io/quarkus/it/vertx/AbstractCertificateRoleMappingTest.java +++ b/integration-tests/mtls-certificates/src/test/java/io/quarkus/it/vertx/AbstractCertificateRoleMappingTest.java @@ -4,9 +4,10 @@ import static org.hamcrest.Matchers.equalTo; import static org.junit.jupiter.api.Assertions.assertThrows; -import java.net.ConnectException; import java.net.URL; +import javax.net.ssl.SSLHandshakeException; + import org.junit.jupiter.api.Test; import io.quarkus.test.common.http.TestHTTPResource; @@ -44,19 +45,25 @@ public void testAuthorizedAdmin() { @Test public void testNoClientCertificate() { - assertThrows(ConnectException.class, - () -> given().get("/protected/authenticated"), + // javax.net.ssl.SSLHandshakeException + // Indicates that the client and server could not negotiate the desired level of security. + // The connection is no longer usable. + final RequestSpecification rs = new RequestSpecBuilder() + .setBaseUri(String.format("%s://%s", url.getProtocol(), url.getHost())) + .setPort(url.getPort()).build(); + assertThrows(SSLHandshakeException.class, + () -> given().spec(rs).get("/protected/authenticated"), "Insecure requests must fail at the transport level"); - assertThrows(ConnectException.class, - () -> given().get("/protected/authorized-user"), + assertThrows(SSLHandshakeException.class, + () -> given().spec(rs).get("/protected/authorized-user"), "Insecure requests must fail at the transport level"); - assertThrows(ConnectException.class, - () -> given().get("/protected/authorized-admin"), + assertThrows(SSLHandshakeException.class, + () -> given().spec(rs).get("/protected/authorized-admin"), "Insecure requests must fail at the transport level"); } protected RequestSpecification getMtlsRequestSpec(String clientKeyStore) { - var builder = new RequestSpecBuilder() + final RequestSpecBuilder builder = new RequestSpecBuilder() .setBaseUri(String.format("%s://%s", url.getProtocol(), url.getHost())) .setPort(url.getPort()); withKeyStore(builder, clientKeyStore);