From 181312496300184d073fca25fd4d87e13118366d Mon Sep 17 00:00:00 2001 From: afelisatti Date: Mon, 23 Nov 2015 17:00:58 -0300 Subject: [PATCH] MULE-8958: Allow insecure HTTPS connections --- .../api/security/tls/TlsConfiguration.java | 10 ++- .../request/DefaultHttpRequesterConfig.java | 1 + .../request/grizzly/GrizzlyHttpClient.java | 11 ++- .../GrizzlyHttpClientConfiguration.java | 18 +++- .../HttpListenerTlsInsecureTestCase.java | 64 ++++++++++++++ .../HttpRequestTlsInsecureTestCase.java | 83 +++++++++++++++++++ .../http-listener-insecure-config.xml | 51 ++++++++++++ ...tp-request-insecure-certificate-config.xml | 43 ++++++++++ .../http-request-insecure-hostname-config.xml | 41 +++++++++ .../ssl/DefaultTlsContextFactory.java | 53 +++++++++++- .../api/TlsContextKeyStoreConfiguration.java | 2 +- .../ssl/api/TlsContextStoreConfiguration.java | 35 ++++++++ .../TlsContextTrustStoreConfiguration.java | 22 +---- .../TrustStoreTlsContextDefinitionParser.java | 1 + .../src/main/resources/META-INF/mule-tls.xsd | 7 ++ .../ssl/TlsNamespaceHandlerTestCase.java | 3 + .../test/resources/tls-namespace-config.xml | 2 +- 17 files changed, 420 insertions(+), 27 deletions(-) create mode 100644 modules/http/src/test/java/org/mule/module/http/functional/listener/HttpListenerTlsInsecureTestCase.java create mode 100644 modules/http/src/test/java/org/mule/module/http/functional/requester/HttpRequestTlsInsecureTestCase.java create mode 100644 modules/http/src/test/resources/http-listener-insecure-config.xml create mode 100644 modules/http/src/test/resources/http-request-insecure-certificate-config.xml create mode 100644 modules/http/src/test/resources/http-request-insecure-hostname-config.xml create mode 100644 transports/ssl/src/main/java/org/mule/transport/ssl/api/TlsContextStoreConfiguration.java diff --git a/core/src/main/java/org/mule/api/security/tls/TlsConfiguration.java b/core/src/main/java/org/mule/api/security/tls/TlsConfiguration.java index 0699aae5e12a..88502ebc80c0 100644 --- a/core/src/main/java/org/mule/api/security/tls/TlsConfiguration.java +++ b/core/src/main/java/org/mule/api/security/tls/TlsConfiguration.java @@ -383,11 +383,17 @@ public String[] getEnabledProtocols() public SSLContext getSslContext() throws NoSuchAlgorithmException, KeyManagementException { - KeyManager[] keyManagers = - null == getKeyManagerFactory() ? null : getKeyManagerFactory().getKeyManagers(); TrustManager[] trustManagers = null == getTrustManagerFactory() ? null : getTrustManagerFactory().getTrustManagers(); + return getSslContext(trustManagers); + } + + public SSLContext getSslContext(TrustManager[] trustManagers) throws NoSuchAlgorithmException, KeyManagementException + { + KeyManager[] keyManagers = + null == getKeyManagerFactory() ? null : getKeyManagerFactory().getKeyManagers(); + SSLContext context = SSLContext.getInstance(getSslType()); // TODO - nice to have a configurable random number source set here context.init(keyManagers, trustManagers, null); diff --git a/modules/http/src/main/java/org/mule/module/http/internal/request/DefaultHttpRequesterConfig.java b/modules/http/src/main/java/org/mule/module/http/internal/request/DefaultHttpRequesterConfig.java index 7fd6b35e1abb..6919c8535dd7 100644 --- a/modules/http/src/main/java/org/mule/module/http/internal/request/DefaultHttpRequesterConfig.java +++ b/modules/http/src/main/java/org/mule/module/http/internal/request/DefaultHttpRequesterConfig.java @@ -108,6 +108,7 @@ public void initialise() throws InitialisationException .setUsePersistentConnections(usePersistentConnections) .setConnectionIdleTimeout(connectionIdleTimeout) .setThreadNamePrefix(threadNamePrefix) + .setOwnerName(name) .build(); httpClient = new GrizzlyHttpClient(configuration); diff --git a/modules/http/src/main/java/org/mule/module/http/internal/request/grizzly/GrizzlyHttpClient.java b/modules/http/src/main/java/org/mule/module/http/internal/request/grizzly/GrizzlyHttpClient.java index efe29b706a78..88a73a7b0b43 100644 --- a/modules/http/src/main/java/org/mule/module/http/internal/request/grizzly/GrizzlyHttpClient.java +++ b/modules/http/src/main/java/org/mule/module/http/internal/request/grizzly/GrizzlyHttpClient.java @@ -29,6 +29,7 @@ import org.mule.module.http.internal.request.HttpClient; import org.mule.module.http.internal.request.NtlmProxyConfig; import org.mule.transport.ssl.api.TlsContextFactory; +import org.mule.transport.ssl.api.TlsContextTrustStoreConfiguration; import org.mule.transport.tcp.TcpClientSocketProperties; import org.mule.util.IOUtils; import org.mule.util.StringUtils; @@ -73,6 +74,7 @@ public class GrizzlyHttpClient implements HttpClient private boolean usePersistentConnections; private int connectionIdleTimeout; private String threadNamePrefix; + private String ownerName; private AsyncHttpClient asyncHttpClient; private SSLContext sslContext; @@ -86,6 +88,7 @@ public GrizzlyHttpClient(GrizzlyHttpClientConfiguration config) this.usePersistentConnections = config.isUsePersistentConnections(); this.connectionIdleTimeout = config.getConnectionIdleTimeout(); this.threadNamePrefix = config.getThreadNamePrefix(); + this.ownerName = config.getOwnerName(); } @Override @@ -131,7 +134,13 @@ private void configureTlsContext(AsyncHttpClientConfig.Builder builder) throws I { builder.setEnabledProtocols(tlsContextFactory.getEnabledProtocols()); } - + TlsContextTrustStoreConfiguration trustStoreConfiguration = tlsContextFactory.getTrustStoreConfiguration(); + if(trustStoreConfiguration != null && trustStoreConfiguration.isInsecure()) + { + logger.warn(String.format("TLS configuration for requester %s has been set to use an insecure trust store. This means no certificate validations will be performed, rendering connections vulnerable to attacks. Use at own risk.", ownerName)); + //This disables hostname verification + builder.setAcceptAnyCertificate(true); + } } } diff --git a/modules/http/src/main/java/org/mule/module/http/internal/request/grizzly/GrizzlyHttpClientConfiguration.java b/modules/http/src/main/java/org/mule/module/http/internal/request/grizzly/GrizzlyHttpClientConfiguration.java index b79c4db84e30..220b61e4f7f7 100644 --- a/modules/http/src/main/java/org/mule/module/http/internal/request/grizzly/GrizzlyHttpClientConfiguration.java +++ b/modules/http/src/main/java/org/mule/module/http/internal/request/grizzly/GrizzlyHttpClientConfiguration.java @@ -20,9 +20,10 @@ public class GrizzlyHttpClientConfiguration private final boolean usePersistentConnections; private final int connectionIdleTimeout; private final String threadNamePrefix; + private final String ownerName; private GrizzlyHttpClientConfiguration(TlsContextFactory tlsContextFactory, ProxyConfig proxyConfig, TcpClientSocketProperties clientSocketProperties, - int maxConnections, boolean usePersistentConnections, int connectionIdleTimeout, String threadNamePrefix) + int maxConnections, boolean usePersistentConnections, int connectionIdleTimeout, String threadNamePrefix, String ownerName) { this.tlsContextFactory = tlsContextFactory; this.proxyConfig = proxyConfig; @@ -31,6 +32,7 @@ private GrizzlyHttpClientConfiguration(TlsContextFactory tlsContextFactory, Prox this.usePersistentConnections = usePersistentConnections; this.connectionIdleTimeout = connectionIdleTimeout; this.threadNamePrefix = threadNamePrefix; + this.ownerName = ownerName; } public TlsContextFactory getTlsContextFactory() @@ -68,6 +70,11 @@ public String getThreadNamePrefix() return threadNamePrefix; } + public String getOwnerName() + { + return ownerName; + } + public static class Builder { private TlsContextFactory tlsContextFactory; @@ -77,6 +84,7 @@ public static class Builder private boolean usePersistentConnections; private int connectionIdleTimeout; private String threadNamePrefix; + private String ownerName; public Builder setTlsContextFactory(TlsContextFactory tlsContextFactory) { @@ -120,10 +128,16 @@ public Builder setThreadNamePrefix(String threadNamePrefix) return this; } + public Builder setOwnerName(String ownerName) + { + this.ownerName = ownerName; + return this; + } + public GrizzlyHttpClientConfiguration build() { return new GrizzlyHttpClientConfiguration(tlsContextFactory, proxyConfig, clientSocketProperties, maxConnections, - usePersistentConnections, connectionIdleTimeout, threadNamePrefix); + usePersistentConnections, connectionIdleTimeout, threadNamePrefix, ownerName); } } } diff --git a/modules/http/src/test/java/org/mule/module/http/functional/listener/HttpListenerTlsInsecureTestCase.java b/modules/http/src/test/java/org/mule/module/http/functional/listener/HttpListenerTlsInsecureTestCase.java new file mode 100644 index 000000000000..0af6dcfeff26 --- /dev/null +++ b/modules/http/src/test/java/org/mule/module/http/functional/listener/HttpListenerTlsInsecureTestCase.java @@ -0,0 +1,64 @@ +/* + * Copyright (c) MuleSoft, Inc. All rights reserved. http://www.mulesoft.com + * The software in this package is published under the terms of the CPAL v1.0 + * license, a copy of which has been included with this distribution in the + * LICENSE.txt file. + */ +package org.mule.module.http.functional.listener; + +import static org.hamcrest.Matchers.containsString; +import static org.hamcrest.Matchers.isA; +import static org.hamcrest.core.Is.is; +import static org.junit.Assert.assertThat; +import static org.junit.internal.matchers.ThrowableMessageMatcher.hasMessage; +import static org.junit.rules.ExpectedException.none; +import org.mule.api.MessagingException; +import org.mule.api.MuleEvent; +import org.mule.construct.Flow; +import org.mule.tck.junit4.FunctionalTestCase; +import org.mule.tck.junit4.rule.DynamicPort; + +import java.io.IOException; + +import org.junit.Rule; +import org.junit.Test; +import org.junit.rules.ExpectedException; + +/** + * Sets up two HTTPS servers with regular trust-stores, except one is insecure. + * Verifies that a request using a certificate not present in the trust-store + * only works for the insecure server. + */ +public class HttpListenerTlsInsecureTestCase extends FunctionalTestCase +{ + @Rule + public DynamicPort port1 = new DynamicPort("port1"); + @Rule + public DynamicPort port2 = new DynamicPort("port2"); + @Rule + public ExpectedException expectedException = none(); + + @Override + protected String getConfigFile() + { + return "http-listener-insecure-config.xml"; + } + + @Test + public void acceptsInvalidCertificateIfInsecure() throws Exception + { + Flow flow = (Flow) getFlowConstruct("testRequestToInsecure"); + final MuleEvent res = flow.process(getTestEvent(TEST_PAYLOAD)); + assertThat(res.getMessage().getPayloadAsString(), is(TEST_PAYLOAD)); + } + + @Test + public void rejectsInvalidCertificateIfSecure() throws Exception + { + Flow flow = (Flow) getFlowConstruct("testRequestToSecure"); + expectedException.expect(MessagingException.class); + expectedException.expectCause(isA(IOException.class)); + expectedException.expectCause(hasMessage(containsString("Remotely close"))); + flow.process(getTestEvent("data")); + } +} diff --git a/modules/http/src/test/java/org/mule/module/http/functional/requester/HttpRequestTlsInsecureTestCase.java b/modules/http/src/test/java/org/mule/module/http/functional/requester/HttpRequestTlsInsecureTestCase.java new file mode 100644 index 000000000000..669d1db4e721 --- /dev/null +++ b/modules/http/src/test/java/org/mule/module/http/functional/requester/HttpRequestTlsInsecureTestCase.java @@ -0,0 +1,83 @@ +/* + * Copyright (c) MuleSoft, Inc. All rights reserved. http://www.mulesoft.com + * The software in this package is published under the terms of the CPAL v1.0 + * license, a copy of which has been included with this distribution in the + * LICENSE.txt file. + */ +package org.mule.module.http.functional.requester; + +import static org.hamcrest.Matchers.containsString; +import static org.hamcrest.Matchers.isA; +import static org.hamcrest.core.Is.is; +import static org.junit.Assert.assertThat; +import static org.junit.internal.matchers.ThrowableMessageMatcher.hasMessage; +import static org.junit.rules.ExpectedException.none; +import org.mule.api.MessagingException; +import org.mule.api.MuleEvent; +import org.mule.construct.Flow; +import org.mule.tck.junit4.FunctionalTestCase; +import org.mule.tck.junit4.rule.DynamicPort; +import org.mule.tck.junit4.rule.SystemProperty; + +import java.io.IOException; +import java.util.Arrays; +import java.util.Collection; + +import org.junit.Rule; +import org.junit.Test; +import org.junit.rules.ExpectedException; +import org.junit.runner.RunWith; +import org.junit.runners.Parameterized; + +/** + * Sets up two HTTPS clients using a regular trust-store, but one of them insecure. + * Then two HTTPS servers: one will return a certificate present in the trust-store + * but with an invalid SAN extension, the other will return a certificate that's not in the trust-store. + * Verifies that only the insecure client is successful. + */ +@RunWith(Parameterized.class) +public class HttpRequestTlsInsecureTestCase extends FunctionalTestCase +{ + @Parameterized.Parameter + public String config; + + @Rule + public DynamicPort port1 = new DynamicPort("port1"); + @Rule + public SystemProperty insecure = new SystemProperty("insecure", "true"); + @Rule + public ExpectedException expectedException = none(); + + @Override + protected String getConfigFile() + { + return config; + } + + @Parameterized.Parameters + public static Collection parameters() + { + return Arrays.asList(new Object[][] { + {"http-request-insecure-hostname-config.xml"}, + {"http-request-insecure-certificate-config.xml"}}); + } + + @Test + public void insecureRequest() throws Exception + { + Flow flow = (Flow) getFlowConstruct("testInsecureRequest"); + final MuleEvent res = flow.process(getTestEvent(TEST_PAYLOAD)); + assertThat(res.getMessage().getPayloadAsString(), is(TEST_PAYLOAD)); + } + + @Test + public void secureRequest() throws Exception + { + Flow flow = (Flow) getFlowConstruct("testSecureRequest"); + expectedException.expect(MessagingException.class); + expectedException.expectCause(isA(IOException.class)); + expectedException.expectCause(hasMessage(containsString("General SSLEngine problem"))); + flow.process(getTestEvent(TEST_PAYLOAD)); + } + +} \ No newline at end of file diff --git a/modules/http/src/test/resources/http-listener-insecure-config.xml b/modules/http/src/test/resources/http-listener-insecure-config.xml new file mode 100644 index 000000000000..819c374137cd --- /dev/null +++ b/modules/http/src/test/resources/http-listener-insecure-config.xml @@ -0,0 +1,51 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/modules/http/src/test/resources/http-request-insecure-certificate-config.xml b/modules/http/src/test/resources/http-request-insecure-certificate-config.xml new file mode 100644 index 000000000000..eb1997ac3d31 --- /dev/null +++ b/modules/http/src/test/resources/http-request-insecure-certificate-config.xml @@ -0,0 +1,43 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/modules/http/src/test/resources/http-request-insecure-hostname-config.xml b/modules/http/src/test/resources/http-request-insecure-hostname-config.xml new file mode 100644 index 000000000000..f60dfd41e82c --- /dev/null +++ b/modules/http/src/test/resources/http-request-insecure-hostname-config.xml @@ -0,0 +1,41 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/transports/ssl/src/main/java/org/mule/transport/ssl/DefaultTlsContextFactory.java b/transports/ssl/src/main/java/org/mule/transport/ssl/DefaultTlsContextFactory.java index caab1e1588b9..31520723e9d7 100644 --- a/transports/ssl/src/main/java/org/mule/transport/ssl/DefaultTlsContextFactory.java +++ b/transports/ssl/src/main/java/org/mule/transport/ssl/DefaultTlsContextFactory.java @@ -13,12 +13,18 @@ import org.mule.transport.ssl.api.TlsContextKeyStoreConfiguration; import org.mule.transport.ssl.api.TlsContextTrustStoreConfiguration; import org.mule.util.FileUtils; +import org.mule.util.StringUtils; import java.io.IOException; import java.security.KeyManagementException; import java.security.NoSuchAlgorithmException; import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * Default implementation of the {@code TlsContextFactory} interface, which delegates all its operations to a @@ -26,12 +32,14 @@ */ public class DefaultTlsContextFactory implements TlsContextFactory { + private static final Logger logger = LoggerFactory.getLogger(DefaultTlsContextFactory.class); private String name; private TlsConfiguration tlsConfiguration = new TlsConfiguration(null); private boolean initialized = false; + private boolean trustStoreInsecure = false; public String getName() { @@ -148,6 +156,20 @@ public void setTrustManagerAlgorithm(String trustManagerAlgorithm) tlsConfiguration.setTrustManagerAlgorithm(trustManagerAlgorithm); } + public boolean isTrustStoreInsecure() + { + return trustStoreInsecure; + } + + public void setTrustStoreInsecure(boolean insecure) + { + if (insecure) + { + logger.warn(String.format("TLS context %s trust store set as insecure. No certificate validations will be performed, rendering connections vulnerable to attacks. Use at own risk.", name == null ? StringUtils.EMPTY : name)); + } + this.trustStoreInsecure = insecure; + } + @Override public SSLContext createSslContext() throws KeyManagementException, NoSuchAlgorithmException, CreateException @@ -160,7 +182,16 @@ public SSLContext createSslContext() throws KeyManagementException, NoSuchAlgori initialized = true; } } - return tlsConfiguration.getSslContext(); + SSLContext sslContext; + if (trustStoreInsecure) + { + sslContext = tlsConfiguration.getSslContext(new TrustManager[]{new InsecureTrustManager()}); + } + else + { + sslContext = tlsConfiguration.getSslContext(); + } + return sslContext; } @Override @@ -258,6 +289,12 @@ public String getAlgorithm() { return getTrustManagerAlgorithm(); } + + @Override + public boolean isInsecure() + { + return isTrustStoreInsecure(); + } }; } @@ -288,4 +325,18 @@ public int hashCode() { return tlsConfiguration.hashCode(); } + + private static class InsecureTrustManager implements X509TrustManager + { + + public java.security.cert.X509Certificate[] getAcceptedIssuers() { + return new java.security.cert.X509Certificate[0]; + } + + public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) { + } + + public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) { + } + } } diff --git a/transports/ssl/src/main/java/org/mule/transport/ssl/api/TlsContextKeyStoreConfiguration.java b/transports/ssl/src/main/java/org/mule/transport/ssl/api/TlsContextKeyStoreConfiguration.java index 416db9157fd5..051e9e5fa5cc 100644 --- a/transports/ssl/src/main/java/org/mule/transport/ssl/api/TlsContextKeyStoreConfiguration.java +++ b/transports/ssl/src/main/java/org/mule/transport/ssl/api/TlsContextKeyStoreConfiguration.java @@ -9,7 +9,7 @@ /** * Provides methods to access the configuration of a key store. */ -public interface TlsContextKeyStoreConfiguration extends TlsContextTrustStoreConfiguration +public interface TlsContextKeyStoreConfiguration extends TlsContextStoreConfiguration { /** diff --git a/transports/ssl/src/main/java/org/mule/transport/ssl/api/TlsContextStoreConfiguration.java b/transports/ssl/src/main/java/org/mule/transport/ssl/api/TlsContextStoreConfiguration.java new file mode 100644 index 000000000000..db52577098f2 --- /dev/null +++ b/transports/ssl/src/main/java/org/mule/transport/ssl/api/TlsContextStoreConfiguration.java @@ -0,0 +1,35 @@ +/* + * Copyright (c) MuleSoft, Inc. All rights reserved. http://www.mulesoft.com + * The software in this package is published under the terms of the CPAL v1.0 + * license, a copy of which has been included with this distribution in the + * LICENSE.txt file. + */ +package org.mule.transport.ssl.api; + +/** + * Provides methods to access the configuration of a store. + */ +public interface TlsContextStoreConfiguration +{ + + /** + * @return The location of the store. + */ + public String getPath(); + + /** + * @return The password to access the store. + */ + public String getPassword(); + + /** + * @return The type of store ("jks", "pkcs12", "jceks", or any other). + */ + public String getType(); + + /** + * @return The algorithm used by the store. + */ + public String getAlgorithm(); + +} diff --git a/transports/ssl/src/main/java/org/mule/transport/ssl/api/TlsContextTrustStoreConfiguration.java b/transports/ssl/src/main/java/org/mule/transport/ssl/api/TlsContextTrustStoreConfiguration.java index 5399f4c123a3..cab27a8970c1 100644 --- a/transports/ssl/src/main/java/org/mule/transport/ssl/api/TlsContextTrustStoreConfiguration.java +++ b/transports/ssl/src/main/java/org/mule/transport/ssl/api/TlsContextTrustStoreConfiguration.java @@ -9,27 +9,11 @@ /** * Provides methods to access the configuration of a trust store. */ -public interface TlsContextTrustStoreConfiguration +public interface TlsContextTrustStoreConfiguration extends TlsContextStoreConfiguration { - - /** - * @return The location of the store. - */ - public String getPath(); - - /** - * @return The password to access the store. - */ - public String getPassword(); - - /** - * @return The type of store ("jks", "pkcs12", "jceks", or any other). - */ - public String getType(); - /** - * @return The algorithm used by the store. + * @return true if the trust store was configured and set as insecure, meaning no validations will be performed. */ - public String getAlgorithm(); + boolean isInsecure(); } diff --git a/transports/ssl/src/main/java/org/mule/transport/ssl/config/TrustStoreTlsContextDefinitionParser.java b/transports/ssl/src/main/java/org/mule/transport/ssl/config/TrustStoreTlsContextDefinitionParser.java index e130c467d721..c66c7d8c0323 100644 --- a/transports/ssl/src/main/java/org/mule/transport/ssl/config/TrustStoreTlsContextDefinitionParser.java +++ b/transports/ssl/src/main/java/org/mule/transport/ssl/config/TrustStoreTlsContextDefinitionParser.java @@ -18,6 +18,7 @@ public TrustStoreTlsContextDefinitionParser() addAlias("password", "trustStorePassword"); addAlias("type", "trustStoreType"); addAlias("algorithm", "trustManagerAlgorithm"); + addAlias("insecure", "trustStoreInsecure"); } } diff --git a/transports/ssl/src/main/resources/META-INF/mule-tls.xsd b/transports/ssl/src/main/resources/META-INF/mule-tls.xsd index bb2be1460cd0..d3ed6182808f 100644 --- a/transports/ssl/src/main/resources/META-INF/mule-tls.xsd +++ b/transports/ssl/src/main/resources/META-INF/mule-tls.xsd @@ -195,6 +195,13 @@ + + + + If true, no certificate validations will be performed. + + + diff --git a/transports/ssl/src/test/java/org/mule/transport/ssl/TlsNamespaceHandlerTestCase.java b/transports/ssl/src/test/java/org/mule/transport/ssl/TlsNamespaceHandlerTestCase.java index 6ab73a5bc0de..fc3997533eba 100644 --- a/transports/ssl/src/test/java/org/mule/transport/ssl/TlsNamespaceHandlerTestCase.java +++ b/transports/ssl/src/test/java/org/mule/transport/ssl/TlsNamespaceHandlerTestCase.java @@ -8,6 +8,7 @@ import static org.hamcrest.CoreMatchers.endsWith; import static org.hamcrest.CoreMatchers.equalTo; +import static org.hamcrest.Matchers.is; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertThat; @@ -66,6 +67,7 @@ public void testTlsContextProperties() throws Exception assertThat(tlsContextFactory.getKeyManagerPassword(), equalTo("testKeyPassword")); assertThat(tlsContextFactory.getKeyManagerAlgorithm(), equalTo("testKeyStoreAlgorithm")); assertThat(tlsContextFactory.getKeyAlias(), equalTo("testKeyStoreAlias")); + assertThat(tlsContextFactory.isTrustStoreInsecure(), is(false)); } @Test @@ -92,6 +94,7 @@ public void testTlsContextTrustStoreProperties() throws Exception assertThat(trustStoreConfig.getPassword(), equalTo("testTrustStorePassword")); assertThat(trustStoreConfig.getType(), equalTo("testTrustStoreType")); assertThat(trustStoreConfig.getAlgorithm(), equalTo("testTrustStoreAlgorithm")); + assertThat(trustStoreConfig.isInsecure(), equalTo(false)); } diff --git a/transports/ssl/src/test/resources/tls-namespace-config.xml b/transports/ssl/src/test/resources/tls-namespace-config.xml index d9c345624f5b..6b1913a74d0c 100644 --- a/transports/ssl/src/test/resources/tls-namespace-config.xml +++ b/transports/ssl/src/test/resources/tls-namespace-config.xml @@ -28,7 +28,7 @@ + type="testTrustStoreType" algorithm="testTrustStoreAlgorithm" insecure="false"/>