forked from quarkusio/quarkus
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request quarkusio#43850 from jmartisk/smallrye-graphql-2.11
SmallRye GraphQL 2.11
- Loading branch information
Showing
21 changed files
with
1,134 additions
and
46 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
58 changes: 58 additions & 0 deletions
58
...ment/src/test/java/io/quarkus/smallrye/graphql/client/deployment/ssl/SSLTestingTools.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
package io.quarkus.smallrye.graphql.client.deployment.ssl; | ||
|
||
import java.security.KeyStore; | ||
import java.util.concurrent.ExecutionException; | ||
import java.util.concurrent.TimeUnit; | ||
import java.util.concurrent.TimeoutException; | ||
|
||
import io.smallrye.graphql.client.vertx.ssl.SSLTools; | ||
import io.vertx.core.Vertx; | ||
import io.vertx.core.http.ClientAuth; | ||
import io.vertx.core.http.HttpServer; | ||
import io.vertx.core.http.HttpServerOptions; | ||
import io.vertx.core.net.PfxOptions; | ||
|
||
public class SSLTestingTools { | ||
private Vertx vertx; | ||
|
||
public HttpServer runServer(String keystorePath, String keystorePassword, | ||
String truststorePath, String truststorePassword) | ||
throws InterruptedException, ExecutionException, TimeoutException { | ||
vertx = Vertx.vertx(); | ||
HttpServerOptions options = new HttpServerOptions(); | ||
options.setSsl(true); | ||
options.setHost("localhost"); | ||
|
||
if (keystorePath != null) { | ||
PfxOptions keystoreOptions = new PfxOptions(); | ||
KeyStore keyStore = SSLTools.createKeyStore(keystorePath, "PKCS12", keystorePassword); | ||
keystoreOptions.setValue(SSLTools.asBuffer(keyStore, keystorePassword.toCharArray())); | ||
keystoreOptions.setPassword(keystorePassword); | ||
options.setKeyCertOptions(keystoreOptions); | ||
} | ||
|
||
if (truststorePath != null) { | ||
options.setClientAuth(ClientAuth.REQUIRED); | ||
PfxOptions truststoreOptions = new PfxOptions(); | ||
KeyStore trustStore = SSLTools.createKeyStore(truststorePath, "PKCS12", truststorePassword); | ||
truststoreOptions.setValue(SSLTools.asBuffer(trustStore, truststorePassword.toCharArray())); | ||
truststoreOptions.setPassword(truststorePassword); | ||
options.setTrustOptions(truststoreOptions); | ||
} | ||
|
||
HttpServer server = vertx.createHttpServer(options); | ||
server.requestHandler(request -> { | ||
request.response().send("{\n" + | ||
" \"data\": {\n" + | ||
" \"result\": \"HelloWorld\"\n" + | ||
" }\n" + | ||
"}"); | ||
}); | ||
|
||
return server.listen(63805).toCompletionStage().toCompletableFuture().get(10, TimeUnit.SECONDS); | ||
} | ||
|
||
public void close() { | ||
vertx.close().toCompletionStage().toCompletableFuture().join(); | ||
} | ||
} |
90 changes: 90 additions & 0 deletions
90
...aphql/client/deployment/ssl/TypesafeGraphQLClientClientAuthenticationBadKeystoreTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,90 @@ | ||
package io.quarkus.smallrye.graphql.client.deployment.ssl; | ||
|
||
import jakarta.inject.Inject; | ||
|
||
import org.eclipse.microprofile.graphql.Query; | ||
import org.jboss.shrinkwrap.api.asset.EmptyAsset; | ||
import org.jboss.shrinkwrap.api.asset.StringAsset; | ||
import org.junit.jupiter.api.AfterAll; | ||
import org.junit.jupiter.api.Assertions; | ||
import org.junit.jupiter.api.BeforeAll; | ||
import org.junit.jupiter.api.Test; | ||
import org.junit.jupiter.api.extension.RegisterExtension; | ||
|
||
import io.quarkus.test.QuarkusUnitTest; | ||
import io.smallrye.certs.Format; | ||
import io.smallrye.certs.junit5.Certificate; | ||
import io.smallrye.certs.junit5.Certificates; | ||
import io.smallrye.graphql.client.typesafe.api.GraphQLClientApi; | ||
import io.vertx.core.http.HttpServer; | ||
|
||
@Certificates(baseDir = "target/certs", certificates = { | ||
@Certificate(name = "graphql", password = "password", formats = { Format.PKCS12 }, client = true), | ||
@Certificate(name = "wrong-graphql", password = "wrong-password", formats = { Format.PKCS12 }, client = true) | ||
}) | ||
public class TypesafeGraphQLClientClientAuthenticationBadKeystoreTest { | ||
|
||
private static final int PORT = 63805; | ||
private static final SSLTestingTools TOOLS = new SSLTestingTools(); | ||
private static HttpServer server; | ||
|
||
private static final String CONFIGURATION = """ | ||
quarkus.smallrye-graphql-client.my-client.tls-configuration-name=my-tls-client | ||
quarkus.tls.my-tls-client.key-store.p12.path=target/certs/wrong-graphql-client-keystore.p12 | ||
quarkus.tls.my-tls-client.key-store.p12.password=wrong-password | ||
quarkus.smallrye-graphql-client.my-client.url=https://127.0.0.1:%d/ | ||
quarkus.tls.my-tls-client.trust-all=true | ||
""".formatted(PORT); | ||
|
||
@RegisterExtension | ||
static QuarkusUnitTest test = new QuarkusUnitTest() | ||
.withApplicationRoot((jar) -> jar | ||
.addClasses(MyApi.class, SSLTestingTools.class) | ||
.addAsResource(new StringAsset(CONFIGURATION), | ||
"application.properties") | ||
.addAsManifestResource(EmptyAsset.INSTANCE, "beans.xml")); | ||
|
||
@GraphQLClientApi(configKey = "my-client") | ||
private interface MyApi { | ||
@Query | ||
String getResult(); | ||
} | ||
|
||
@Inject | ||
MyApi myApi; | ||
|
||
@BeforeAll | ||
static void setupServer() throws Exception { | ||
server = TOOLS.runServer("target/certs/graphql-keystore.p12", | ||
"password", "target/certs/graphql-server-truststore.p12", "password"); | ||
} | ||
|
||
@Test | ||
void clientAuthentication_badKeystore() { | ||
try { | ||
myApi.getResult(); | ||
Assertions.fail("Should not be able to connect"); | ||
} catch (Exception e) { | ||
// verify that the server rejected the client's certificate | ||
assertHasCauseContainingMessage(e, "Received fatal alert: certificate_unknown"); | ||
} | ||
} | ||
|
||
@AfterAll | ||
static void closeServer() { | ||
server.close(); | ||
TOOLS.close(); | ||
} | ||
|
||
private void assertHasCauseContainingMessage(Throwable t, String message) { | ||
Throwable throwable = t; | ||
while (throwable.getCause() != null) { | ||
throwable = throwable.getCause(); | ||
if (throwable.getMessage().contains(message)) { | ||
t.printStackTrace(); | ||
return; | ||
} | ||
} | ||
throw new RuntimeException("Unexpected exception", t); | ||
} | ||
} |
Oops, something went wrong.