HTTPS: configure okhttp to accept test certificates

jknack · jknack · commit bfb6cb4415dc · 2019-11-06T11:09:08.000-03:00
diff --git a/examples/src/main/java/examples/HttpsApp.java b/examples/src/main/java/examples/HttpsApp.java
@@ -12,10 +12,10 @@
 public class HttpsApp extends Jooby {
 
   {
-    before(new SSLHandler("localhost", 8443));
+    before(new SSLHandler(true));
     setServerOptions(new ServerOptions().setSecurePort(8443));
 
-    get("/path", ctx -> {
+    get("/secure", ctx -> {
       return ctx.getScheme() + "; secure: " + ctx.isSecure();
     });
   }
diff --git a/jooby/src/main/java/io/jooby/SSLHandler.java b/jooby/src/main/java/io/jooby/SSLHandler.java
@@ -62,19 +62,16 @@ public SSLHandler(boolean useProxy) {
   @Override public void apply(@Nonnull Context ctx) {
     if (!ctx.isSecure()) {
       String host;
-      if (this.host == null) {
+        if (this.host == null) {
         String hostAndPort = ctx.getHostAndPort(useProxy);
         int i = hostAndPort.lastIndexOf(':');
         host = i > 0 ? hostAndPort.substring(0, i) : hostAndPort;
       } else {
         host = this.host;
       }
       StringBuilder buff = new StringBuilder("https://");
-      String contextPath = ctx.getContextPath();
-      if (!contextPath.equals("/")) {
-        buff.append(contextPath);
-      }
       buff.append(host);
+
       if (host.equals("localhost")) {
         int securePort = ctx.getRouter().getServerOptions().getSecurePort();
         buff.append(":").append(securePort);
@@ -83,6 +80,10 @@ public SSLHandler(boolean useProxy) {
           buff.append(":").append(port);
         }
       }
+      String contextPath = ctx.getContextPath();
+      if (!contextPath.equals("/")) {
+        buff.append(contextPath);
+      }
       buff.append(ctx.pathString());
       buff.append(ctx.queryString());
       ctx.sendRedirect(buff.toString());
diff --git a/modules/jooby-utow/src/main/java/io/jooby/internal/utow/UtowWebSocket.java b/modules/jooby-utow/src/main/java/io/jooby/internal/utow/UtowWebSocket.java
@@ -151,11 +151,11 @@ void fireConnect() {
       if (timeout > 0) {
         channel.setIdleTimeout(TimeUnit.MINUTES.toMillis(timeout));
       }
-      channel.getReceiveSetter().set(this);
-      channel.resumeReceives();
       if (onConnectCallback != null) {
         onConnectCallback.onConnect(this);
       }
+      channel.getReceiveSetter().set(this);
+      channel.resumeReceives();
     } catch (Throwable x) {
       onError(channel, x);
     }
diff --git a/tests/src/test/java/io/jooby/HttpsTest.java b/tests/src/test/java/io/jooby/HttpsTest.java
@@ -56,9 +56,9 @@ public void forceSSL() {
       app.before(new SSLHandler(true));
 
       app.get("/{path}", ctx -> ctx.pathString());
-    }).dontFollowRedirects().ready(http -> {
+    }).dontFollowRedirects().ready((http, https, server) -> {
       http.get("/path", rsp -> {
-        assertEquals("https://localhost:9443/path",
+        assertEquals("https://localhost:" + https.getPort() + "/path",
             rsp.header("Location"));
         assertEquals(302, rsp.code());
       });
diff --git a/tests/src/test/java/io/jooby/WebClient.java b/tests/src/test/java/io/jooby/WebClient.java
@@ -9,8 +9,18 @@
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
 
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
 import java.io.IOException;
 import java.net.SocketTimeoutException;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
@@ -120,12 +130,15 @@ public WebClient(String scheme, int port, boolean followRedirects) {
     try {
       this.scheme = scheme;
       this.port = port;
-      client = new OkHttpClient.Builder()
+      OkHttpClient.Builder builder = new OkHttpClient.Builder()
           .connectTimeout(5, TimeUnit.MINUTES)
           .writeTimeout(5, TimeUnit.MINUTES)
           .readTimeout(5, TimeUnit.MINUTES)
-          .followRedirects(followRedirects)
-          .build();
+          .followRedirects(followRedirects);
+      if (scheme.equalsIgnoreCase("https")) {
+        configureSelfSigned(builder);
+      }
+      this.client = builder.build();
       header("Accept",
           "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8");
     } catch (Exception x) {
@@ -261,4 +274,30 @@ public void close() {
     client.dispatcher().executorService().shutdown();
     client.connectionPool().evictAll();
   }
+
+  private static void configureSelfSigned(OkHttpClient.Builder builder)
+      throws NoSuchAlgorithmException, KeyManagementException {
+    X509TrustManager trustManager = new X509TrustManager() {
+      @Override
+      public X509Certificate[] getAcceptedIssuers() {
+        return new X509Certificate[0];
+      }
+
+      @Override
+      public void checkServerTrusted(final X509Certificate[] chain,
+          final String authType) throws CertificateException {
+      }
+
+      @Override
+      public void checkClientTrusted(final X509Certificate[] chain,
+          final String authType) throws CertificateException {
+      }
+    };
+
+    SSLContext sslContext = SSLContext.getInstance("SSL");
+
+    sslContext.init(null, new TrustManager[]{trustManager}, new java.security.SecureRandom());
+    builder.sslSocketFactory(sslContext.getSocketFactory(), trustManager);
+    builder.hostnameVerifier((hostname, session) -> true);
+  }
 }
diff --git a/tests/src/test/resources/localhost.crt b/tests/src/test/resources/localhost.crt
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICqzCCAZOgAwIBAgIJANequC4DK++VMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNVBAMTCWxvY2Fs
+aG9zdDAgFw0xODExMDUyMzM3MTVaGA85OTk5MTIzMTIzNTk1OVowFDESMBAGA1UEAxMJbG9jYWxo
+b3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjsyE1+40JMEXTeZ58ffSc5zaYPF
+32UMU7tYLubwajh4uARcEDczM8FqdiakwhUozRuW6KfTnR/awdFE099UHhW0/imd7HQrKQFlunTe
+UlfJ2ERZuN7ohIcYaTUSDAhYHEtZPv6m3rvE8xYuq2QCK7GCHhDe07FcIyIx92Gf6pWkmNDIgBlS
+EzYSbwwS8M4dm7kQATAT4MDvn9dx0Cr7UejasHRs9idlg3xwjj8UMqYC/Al+Hmk0SSgsRCEPELZu
+MqfXjZhOAXOs9Tgc+DMwfsCZM+X7X1gAoGalUxctdRLFnS13DUNoEUMh0uyDTO0btWnueDMPhttP
+kR8v5QqmzwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBbWgJjr+nbt/dd9w/MfY0Szsrz4Tscu1p+
+A+WxpWLMNjKztCWGtMo+PcUl3vNERIykefx70wDlfsaYPoOMBJU05BDCSMEkVpX8VZeV8YWaDLSp
+KG+RtWwk8PRihe/ADODZwRGVcDhQq2/wsFM28Rd1GcnD54+IvkV46WPUYwPthd0Kfj38Cx3S9tN4
+mUC2AzVcvmJl9Aj+YdAJ6BQ5MemgLaWIJwiPgCbGg8AIXFi51aq6xJNX6jFfcYgSFHD25mMuEWEz
+sbAj5kjKQUZLhXVDYoNfSCU3K5uYyDFUa7uyhvxVHjJWdlLRB8IsuPSncXgXNot4kp/0W19xaF4j
+xwtm
+-----END CERTIFICATE-----
diff --git a/tests/src/test/resources/localhost.key b/tests/src/test/resources/localhost.key
@@ -0,0 +1,24 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCqOzITX7jQkwRdN5nnx99JznNp
+g8XfZQxTu1gu5vBqOHi4BFwQNzMzwWp2JqTCFSjNG5bop9OdH9rB0UTT31QeFbT+KZ3sdCspAWW6
+dN5SV8nYRFm43uiEhxhpNRIMCFgcS1k+/qbeu8TzFi6rZAIrsYIeEN7TsVwjIjH3YZ/qlaSY0MiA
+GVITNhJvDBLwzh2buRABMBPgwO+f13HQKvtR6NqwdGz2J2WDfHCOPxQypgL8CX4eaTRJKCxEIQ8Q
+tm4yp9eNmE4Bc6z1OBz4MzB+wJkz5ftfWACgZqVTFy11EsWdLXcNQ2gRQyHS7INM7Ru1ae54Mw+G
+20+RHy/lCqbPAgMBAAECggEAc0ITPKTiCG6SVN8xmIput5VN9VIgJopPV14Qbek1PGYx7j4da2lE
+hLVfdNHjWfljn8QfYDVJhSgtQG+Fj4K1fI0r966L264oDuKAU0ePw+bmpkRZD1/1xM2HjKw/JOB9
+b+LgcVOP/lzaE9CgFrFm+th8BglcJa7/eFZNyHZUBUri/IBWuPczFlIrc5HKIlPVM8Bf4E9nLtLj
+90Gg5zuNHvmN4+gIig8kEhTbWFKL/L+8adElOO22jvJMC3cBMhrbtD5K73wQ50MbSglhHP7PY4Uq
+asR0CQu6tKhLyLni4tlWMiEAs8b7IsG7BIkeD7UUKX7PVoCay9vJLvYL9qOyMQKBgQDilmnfAK/J
+mVVWCRfj1kgkBAIgswH49c+UCz0U6EzpNFXxhkEnuP0yvMrFCKEXXOP6J8WqgDJ3bWJQHARLbhfd
+p4VzWbwHH0V+4IaoYdX8uhxoyW/PNoqvla8233REWMQcbYBVvPtlygmbswgBmNMA2t6cIGcdmxkY
+P+fTWUkNtwKBgQDAVAqHBSxd8SZ+WG9fCjJM1Yjo3908ANNCucDw7cXHs0zJOrB2DV5FZG6iZNev
+MjfKSvVx7qe55SGpJWl8aDpvJ/df6tPD1SLRLuM54IdN3c3B0bt8Vn77mMASPz3hnK8SKsJ9LFoh
+dPbbAaHJjhlVIymIjhX6+dx11CvzSBQvqQKBgQCtRH3zBHBoBfPGla+KDzsdJ1+FJ72zZiz0tV9h
+FH5zugyaY6KBQKmF2e5omz+sQOEoUq+JwPxWbPPH9JSoJajkW4zl91GcVKJs8j6mliHvX1YIHzl7
+x+ZnfFv+5wLenM5iOq3vYlMPtF6CjHXr2rRHrBacZv7TGd4nt/6LlHQTowKBgQCXt/RSDOex99Eo
+7DR3IcEKUYzeP/LzKad+RLCKntddsPjK6UxY5DTQwuhvnON0ZkYSg81Zoi2X/MPv/f5X0JUAKOQB
+O2rwWktL/xPrDU9PQsDUu9GNxWIIsbga7N6xAnws9aRVQE6dg/pUS9ZH/JvJSKK0AXofcUnTfZtq
+IBskeQKBgQCerwVey5BIjiePoeikal/BiNwLgjeOSPax6qs4/9wRDXnN/Qj3q486pXy4OohhIeXc
+G7aeI3PACO/a680Mtbzi3q/1PsHWuuWrIzin3kF0ri8X3pYrzyV2rwmJqe1HmmBKOVPEg/KtHwpW
+ORBoSiB2Hz9RmSdyBUK1grLz3GJNXQ==
+-----END PRIVATE KEY-----
diff --git a/tests/src/test/resources/localhost.p12 b/tests/src/test/resources/localhost.p12

Original file line number	Diff line number	Diff line change
`@@ -12,10 +12,10 @@`
`12`	`12`	`public class HttpsApp extends Jooby {`
`13`	`13`
`14`	`14`	`{`
`15`		`- before(new SSLHandler("localhost", 8443));`
	`15`	`+ before(new SSLHandler(true));`
`16`	`16`	`setServerOptions(new ServerOptions().setSecurePort(8443));`
`17`	`17`
`18`		`- get("/path", ctx -> {`
	`18`	`+ get("/secure", ctx -> {`
`19`	`19`	`return ctx.getScheme() + "; secure: " + ctx.isSecure();`
`20`	`20`	`});`
`21`	`21`	`}`
Original file line number	Diff line number	Diff line change
`@@ -151,11 +151,11 @@ void fireConnect() {`
`151`	`151`	`if (timeout > 0) {`
`152`	`152`	`channel.setIdleTimeout(TimeUnit.MINUTES.toMillis(timeout));`
`153`	`153`	`}`
`154`		`- channel.getReceiveSetter().set(this);`
`155`		`- channel.resumeReceives();`
`156`	`154`	`if (onConnectCallback != null) {`
`157`	`155`	`onConnectCallback.onConnect(this);`
`158`	`156`	`}`
	`157`	`+ channel.getReceiveSetter().set(this);`
	`158`	`+ channel.resumeReceives();`
`159`	`159`	`} catch (Throwable x) {`
`160`	`160`	`onError(channel, x);`
`161`	`161`	`}`