-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Configurable certificate validation #122
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good, I haven't found any issues. IntelliJ has few ideas related to exceptions :-)
@@ -113,13 +160,13 @@ private void startTomcatAndDoHttpsRequest(HttpsConfig httpsConfig) throws IOExce | |||
|
|||
private HttpsConfig.HttpsConfigBuilder correctHttpsKeyStoreSettings() throws IOException { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IOException is never thrown
@@ -103,9 +109,9 @@ public static void main(String[] args) throws LifecycleException, ClientProtocol | |||
|
|||
HttpsConfig httpsConfig = HttpsConfig.builder() | |||
.keyStore(new File("keystore/localhost/localhost.keystore.p12").getCanonicalPath()) | |||
.keyStorePassword("password").keyPassword("password") | |||
.keyStorePassword(STORE_PASSWORD).keyPassword(STORE_PASSWORD) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ClientProtocolException is never thrown because of more general exception
@@ -41,7 +41,8 @@ | |||
|
|||
@Slf4j | |||
public class TomcatServerFactory { | |||
private final static String SERVLET_NAME = "hello"; | |||
private static final String SERVLET_NAME = "hello"; | |||
private static final String STORE_PASSWORD = "password"; // NOSONAR | |||
|
|||
public Tomcat startTomcat(HttpsConfig httpsConfig) throws IOException { | |||
Tomcat tomcat = new Tomcat(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ServletException is never thrown
Resolves #79.
This PR brings a possibility to use and register services that do not have trusted certificate to the APIML.
The functionality is covered by some "unit" tests in TomcatHttpsTests but it was also tested manually with a real service:
localhost2.keystore.p12
) has been used inconfig/local/discoverable-client.yml
--apiml.security.verifySslCertificatesOfServices=false
was set inpackage.json
fo GW, DS, and ACThis is documented in the documentation for developers (inside api-layer repository) on purpose because certificate validation is recommended for other users.