/
MutualSslAuthSpec.scala
54 lines (43 loc) · 2.16 KB
/
MutualSslAuthSpec.scala
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
package io.shaka.http
import java.io.IOException
import io.shaka.http.Https.{DoNotUseKeyStore, HttpsConfig, TrustServersByTrustStore, UseKeyStore}
import io.shaka.http.Request.GET
import io.shaka.http.Response.respond
import io.shaka.http.Status.OK
import io.shaka.http.TestCerts.{keyStoreWithClientCert, keyStoreWithServerCert, trustStoreWithClientCert, trustStoreWithServerCert}
import org.scalatest.{BeforeAndAfterAll, FunSuite}
class MutualSslAuthSpec extends FunSuite with BeforeAndAfterAll {
var server: HttpServer = _
test("Client can connect to server doing mutual SSL auth") {
val response = Http.http(GET(s"https://127.0.0.1:${server.port}/foo"))(httpsConfig = Some(HttpsConfig(
TrustServersByTrustStore(trustStoreWithServerCert.path, trustStoreWithServerCert.password),
UseKeyStore(keyStoreWithClientCert.path, keyStoreWithClientCert.password)
)))
assert(statusAndBody(response) === (OK, Some("Hello world")))
}
test("Client cannot connect to server doing mutual SSL auth without specifying client certificate"){
intercept[IOException]{
Http.http(GET(s"https://127.0.0.1:${server.port}/foo"))(httpsConfig = Some(HttpsConfig(
TrustServersByTrustStore(trustStoreWithServerCert.path, trustStoreWithServerCert.password),
DoNotUseKeyStore
)))
}
}
test("Client cannot connect to server that doesn't trust client certificate"){
intercept[IOException]{
Http.http(GET(s"https://127.0.0.1:${server.port}/foo"))(httpsConfig = Some(HttpsConfig(
TrustServersByTrustStore(trustStoreWithServerCert.path, trustStoreWithServerCert.password),
DoNotUseKeyStore
)))
}
}
override protected def beforeAll() = {
server = HttpServer.httpsMutualAuth(
keyStoreConfig = PathAndPassword(keyStoreWithServerCert.path, keyStoreWithServerCert.password),
trustStoreConfig = PathAndPassword(trustStoreWithClientCert.path, trustStoreWithClientCert.password)).handler(_ => respond("Hello world")).start()
}
override protected def afterAll() = {
server.stop()
}
private def statusAndBody(response: Response): (Status, Option[String]) = (response.status, response.entity.map(_.toString))
}