Skip to content

Renamed some things in SSL tests to improve clarity #1611

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Oct 24, 2023
Merged

Renamed some things in SSL tests to improve clarity #1611

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 3 additions & 2 deletions marklogic-client-api/src/test/java/com/marklogic/client/test/junit5/RequireSSLExtension.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,9 +61,10 @@ public void afterAll(ExtensionContext context) {

/**
* @return a trust manager that accepts the public certificate associated with the certificate template created
* by this class.
* by this class. "secure" is meant to imply that this provides some level of security by only accepting the
* one issuer, as opposed to a "trust everything" approach.
*/
public static X509TrustManager newTrustManager() {
public static X509TrustManager newSecureTrustManager() {
return new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) {
Expand Down
19 changes: 11 additions & 8 deletions ...ient/test/ssl/CheckSSLConnectionTest.java → ...klogic/client/test/ssl/OneWaySSLTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,16 @@
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;

import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;

import static org.junit.jupiter.api.Assertions.*;

/**
* Verifies scenarios for "one-way SSL" - i.e. the MarkLogic app server is configured with a certificate template to
* require an SSL connection, but the client only needs to trust the server - the client does not present its own
* certificate. See TwoWaySSLTest for scenarios where the client presents its own certificate which the server must
* trust.
*/
@ExtendWith(RequireSSLExtension.class)
class CheckSSLConnectionTest {
class OneWaySSLTest {

/**
* Simple check for ensuring that an SSL connection can be made when the app server requires SSL to be used. This
Expand Down Expand Up @@ -59,14 +62,14 @@ void trustAllManager() throws Exception {
* with the certificate template created via RequireSSLExtension.
*/
@Test
void customTrustManager() {
void trustManagerThatOnlyTrustsTheCertificateFromTheCertificateTemplate() {
if (Common.USE_REVERSE_PROXY_SERVER) {
return;
}

DatabaseClient client = Common.newClientBuilder()
.withSSLProtocol("TLSv1.2")
.withTrustManager(RequireSSLExtension.newTrustManager())
.withTrustManager(RequireSSLExtension.newSecureTrustManager())
.withSSLHostnameVerifier(DatabaseClientFactory.SSLHostnameVerifier.ANY)
.build();

Expand Down
10 changes: 5 additions & 5 deletions marklogic-client-api/src/test/java/com/marklogic/client/test/ssl/TwoWaySSLTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@ void digestAuthentication() throws Exception {
DatabaseClient clientWithCert = Common.newClientBuilder()
.withSSLHostnameVerifier(DatabaseClientFactory.SSLHostnameVerifier.ANY)
.withSSLContext(createSSLContextWithClientCertificate(keyStoreFile))
.withTrustManager(RequireSSLExtension.newTrustManager())
.withTrustManager(RequireSSLExtension.newSecureTrustManager())
.build();

verifyTestDocumentCanBeRead(clientWithCert);
Expand All @@ -114,7 +114,7 @@ void digestAuthentication() throws Exception {
DatabaseClient clientWithoutCert = Common.newClientBuilder()
.withSSLHostnameVerifier(DatabaseClientFactory.SSLHostnameVerifier.ANY)
.withSSLProtocol("TLSv1.2")
.withTrustManager(RequireSSLExtension.newTrustManager())
.withTrustManager(RequireSSLExtension.newSecureTrustManager())
.build();

// The type of SSL failure varies across Java versions, so not asserting on a particular error message.
Expand Down Expand Up @@ -142,7 +142,7 @@ void certificateAuthenticationWithSSLContext() throws Exception {
try {
SSLContext sslContext = createSSLContextWithClientCertificate(keyStoreFile);
DatabaseClient client = Common.newClientBuilder()
.withCertificateAuth(sslContext, RequireSSLExtension.newTrustManager())
.withCertificateAuth(sslContext, RequireSSLExtension.newSecureTrustManager())
.withSSLHostnameVerifier(DatabaseClientFactory.SSLHostnameVerifier.ANY)
.build();

Expand All @@ -166,7 +166,7 @@ void certificateAuthenticationWithCertificateFileAndPassword() {
try {
DatabaseClient client = Common.newClientBuilder()
.withCertificateAuth(p12File.getAbsolutePath(), KEYSTORE_PASSWORD)
.withTrustManager(RequireSSLExtension.newTrustManager())
.withTrustManager(RequireSSLExtension.newSecureTrustManager())
.withSSLHostnameVerifier(DatabaseClientFactory.SSLHostnameVerifier.ANY)
.build();

Expand Down Expand Up @@ -200,7 +200,7 @@ private SSLContext createSSLContextWithClientCertificate(File keystoreFile) thro
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(
keyManagerFactory.getKeyManagers(),
new X509TrustManager[]{RequireSSLExtension.newTrustManager()},
new X509TrustManager[]{RequireSSLExtension.newSecureTrustManager()},
null);
return sslContext;
}
Expand Down