Skip to content

Commit

Permalink
accept defaultGroupKey in Http2Client.SSL - networknt#423 (networknt#424
Browse files Browse the repository at this point in the history
)
  • Loading branch information
dz-1 authored and stevehu committed Mar 15, 2019
1 parent 505ba70 commit a2200e4
Show file tree
Hide file tree
Showing 4 changed files with 23 additions and 4 deletions.
4 changes: 3 additions & 1 deletion client/src/main/java/com/networknt/client/Http2Client.java
Original file line number Diff line number Diff line change
Expand Up @@ -461,7 +461,9 @@ private static KeyStore loadKeyStore(final String name, final char[] password) t
* @throws IOException
*/
public static SSLContext createSSLContext() throws IOException {
return createSSLContext(null);
Map<String, Object> tlsMap = (Map<String, Object>)config.get(TLS);

return null==tlsMap?null:createSSLContext((String)tlsMap.get(TLSConfig.DEFAULT_GROUP_KEY));
}

/**
Expand Down
7 changes: 6 additions & 1 deletion client/src/main/java/com/networknt/client/ssl/TLSConfig.java
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,13 @@
public class TLSConfig {
private static final Logger logger = LoggerFactory.getLogger(TLSConfig.class);
private static final Map<String, TLSConfig> memcache = new ConcurrentHashMap<>();

// config item that specifies whether hostname verification should be enabled or not
public static final String VERIFY_HOSTNAME="verifyHostname";
// config item that specifies the default trustedNames group used to created default SSL context.
// This is used to create Http2Client.SSL if set.
public static final String DEFAULT_GROUP_KEY="defaultGroupKey";
//trusted hostnames, service names, service Ids, and so on.
// Note: localhost and 127.0.0.1 are not trustable hostname/ip in general. So, these values should not be used as trusted names in production.
public static final String TRUSTED_NAMES="trustedNames";
public static final String CONFIG_LEVEL_DELIMITER = "\\.";

Expand Down
12 changes: 11 additions & 1 deletion client/src/test/java/com/networknt/client/Http2ClientTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -827,7 +827,7 @@ public void standard_https_hostname_check_kicks_in_if_trustednames_are_empty() t
@Test(expected=ClosedChannelException.class)
public void standard_https_hostname_check_kicks_in_if_trustednames_are_not_used_or_not_provided() throws Exception{
final Http2Client client = createClient();
SSLContext context = Http2Client.createSSLContext();
SSLContext context = Http2Client.createSSLContext(null);
XnioSsl ssl = new UndertowXnioSsl(worker.getXnio(), OptionMap.EMPTY, Http2Client.BUFFER_POOL, context);

client.connect(new URI("https://127.0.0.1:7778"), worker, ssl, Http2Client.BUFFER_POOL, OptionMap.create(UndertowOptions.ENABLE_HTTP2, true)).get();
Expand All @@ -836,6 +836,16 @@ public void standard_https_hostname_check_kicks_in_if_trustednames_are_not_used_
fail();
}

@Test
public void default_group_key_is_used_in_Http2Client_SSL() throws Exception{
final Http2Client client = createClient();
final ClientConnection connection = client.connect(new URI("https://localhost:7778"), worker, Http2Client.SSL, Http2Client.BUFFER_POOL, OptionMap.create(UndertowOptions.ENABLE_HTTP2, true)).get();

assertTrue(connection.isOpen());

IoUtils.safeClose(connection);
}

@Test
public void invalid_hostname_is_accepted_if_verifyhostname_is_disabled() throws Exception{
final Http2Client client = createClient();
Expand Down
4 changes: 3 additions & 1 deletion client/src/test/resources/config/client.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,9 @@
tls:
# if the server is using self-signed certificate, this need to be false.
verifyHostname: true
# trused hostnames, service names, service Ids, and so on.
# The default trustedNames group used to created default SSL context. This is used to create Http2Client.SSL if set.
defaultGroupKey: trustedNames.local
# trusted hostnames, service names, service Ids, and so on.
# Note: localhost and 127.0.0.1 are not trustable hostname/ip in general. So, these values should not be used as trusted names in production.
trustedNames:
local: localhost
Expand Down

0 comments on commit a2200e4

Please sign in to comment.