forked from quarkus-qe/quarkus-test-suite
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Test TLS Registry integration with gRPC
1 parent
bcc3d14
commit b840c77
Showing
11 changed files
with
218 additions
and
78 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
79 changes: 79 additions & 0 deletions
79
http/grpc/src/test/java/io/quarkus/ts/http/grpc/GrpcMutualTlsSeparateServerIT.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
package io.quarkus.ts.http.grpc; | ||
|
||
import static io.quarkus.test.security.certificate.CertificateBuilder.INSTANCE_KEY; | ||
import static io.quarkus.test.services.Certificate.Format.PEM; | ||
|
||
import org.junit.jupiter.api.Tag; | ||
import org.junit.jupiter.api.condition.OS; | ||
|
||
import io.quarkus.test.bootstrap.CloseableManagedChannel; | ||
import io.quarkus.test.bootstrap.GrpcService; | ||
import io.quarkus.test.scenarios.QuarkusScenario; | ||
import io.quarkus.test.security.certificate.CertificateBuilder; | ||
import io.quarkus.test.security.certificate.PemClientCertificate; | ||
import io.quarkus.test.services.Certificate; | ||
import io.quarkus.test.services.Certificate.ClientCertificate; | ||
import io.quarkus.test.services.QuarkusApplication; | ||
import io.vertx.mutiny.ext.web.client.WebClient; | ||
|
||
@Tag("QUARKUS-4592") | ||
@QuarkusScenario | ||
public class GrpcMutualTlsSeparateServerIT implements GRPCIT, StreamingHttpIT, ReflectionHttpIT { | ||
|
||
private static final String CERT_PREFIX = "grpc-mtls-separate-server"; | ||
private static final String CLIENT_CN_NAME = "mtls-client-name"; | ||
private static WebClient webClient = null; | ||
|
||
@QuarkusApplication(grpc = true, ssl = true, certificates = @Certificate(prefix = CERT_PREFIX, clientCertificates = { | ||
@ClientCertificate(cnAttribute = CLIENT_CN_NAME) | ||
}, format = PEM, configureKeystore = true, configureTruststore = true, tlsConfigName = "mtls-server", configureHttpServer = true)) | ||
static final GrpcService app = (GrpcService) new GrpcService() | ||
.withProperty("quarkus.http.ssl.client-auth", "required") | ||
.withProperty("quarkus.profile", "mtls") | ||
.withProperty("grpc.client.crt", GrpcMutualTlsSeparateServerIT::getClientCert) | ||
.withProperty("grpc.client.ca-crt", GrpcMutualTlsSeparateServerIT::getClientCaCert) | ||
.withProperty("grpc.client.key", GrpcMutualTlsSeparateServerIT::getClientKey); | ||
|
||
public CloseableManagedChannel getChannel() { | ||
return app.securedGrpcChannel(); | ||
} | ||
|
||
@Override | ||
public WebClient getWebClient() { | ||
if (webClient == null) { | ||
// HINT: we don't need to close HTTPS client as FW takes care of it | ||
webClient = app.mutinyHttps(CLIENT_CN_NAME); | ||
} | ||
return webClient; | ||
} | ||
|
||
private static String getClientCert() { | ||
return addEscapes(getClientCertificate().certPath()); | ||
} | ||
|
||
private static String getClientCaCert() { | ||
return addEscapes(getClientCertificate().truststorePath()); | ||
} | ||
|
||
private static String getClientKey() { | ||
return addEscapes(getClientCertificate().keyPath()); | ||
} | ||
|
||
private static CertificateBuilder getCertificateBuilder() { | ||
return app.getPropertyFromContext(CertificateBuilder.INSTANCE_KEY); | ||
} | ||
|
||
private static PemClientCertificate getClientCertificate() { | ||
return (PemClientCertificate) getCertificateBuilder().findCertificateByPrefix(CERT_PREFIX) | ||
.getClientCertificateByCn(CLIENT_CN_NAME); | ||
} | ||
|
||
static String addEscapes(String path) { | ||
if (OS.WINDOWS.isCurrentOs()) { | ||
// TODO: move this to the FW | ||
// back-slashes have special meaning in Cygwin etc. | ||
return path.replace("\\", "\\\\"); | ||
} | ||
return path; | ||
} | ||
} |
48 changes: 30 additions & 18 deletions
48
http/grpc/src/test/java/io/quarkus/ts/http/grpc/GrpcTlsSeparateServerIT.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,56 +1,68 @@ | ||
package io.quarkus.ts.http.grpc; | ||
|
||
import static io.quarkus.test.services.Certificate.Format.PEM; | ||
import static io.quarkus.ts.http.grpc.GrpcMutualTlsSeparateServerIT.addEscapes; | ||
|
||
import org.junit.jupiter.api.AfterAll; | ||
|
||
import io.quarkus.test.bootstrap.CloseableManagedChannel; | ||
import io.quarkus.test.bootstrap.GrpcService; | ||
import io.quarkus.test.bootstrap.RestService; | ||
import io.quarkus.test.scenarios.QuarkusScenario; | ||
import io.quarkus.test.security.certificate.Certificate.PemCertificate; | ||
import io.quarkus.test.security.certificate.CertificateBuilder; | ||
import io.quarkus.test.services.Certificate; | ||
import io.quarkus.test.services.QuarkusApplication; | ||
import io.restassured.specification.RequestSpecification; | ||
import io.vertx.mutiny.ext.web.client.WebClient; | ||
|
||
@QuarkusScenario | ||
public class GrpcTlsSeparateServerIT implements GRPCIT, StreamingHttpIT, ReflectionHttpIT { | ||
|
||
private static final String CERT_PREFIX = "grpc-tls-separate-server"; | ||
private static WebClient webClient = null; | ||
|
||
@QuarkusApplication(grpc = true, ssl = true, certificates = @Certificate(prefix = CERT_PREFIX, format = PEM, configureKeystore = true, configureTruststore = true)) | ||
static final GrpcService app = (GrpcService) new GrpcService() | ||
.withProperty("quarkus.profile", "ssl") | ||
.withProperty("grpc.client.ca-cert", CertificateBuilder.INSTANCE_KEY, GrpcTlsSeparateServerIT::getClientCaCert) | ||
.withProperty("grpc.server.cert", CertificateBuilder.INSTANCE_KEY, GrpcTlsSeparateServerIT::getServerCert) | ||
.withProperty("grpc.server.key", CertificateBuilder.INSTANCE_KEY, GrpcTlsSeparateServerIT::getServerKey); | ||
.withProperty("grpc.client.ca-cert", GrpcTlsSeparateServerIT::getClientCaCert) | ||
.withProperty("grpc.server.cert", GrpcTlsSeparateServerIT::getServerCert) | ||
.withProperty("grpc.server.key", GrpcTlsSeparateServerIT::getServerKey); | ||
|
||
public CloseableManagedChannel getChannel() { | ||
return app.securedGrpcChannel(); | ||
} | ||
|
||
@Override | ||
public RestService app() { | ||
return app; | ||
public WebClient getWebClient() { | ||
if (webClient == null) { | ||
webClient = app.mutiny(); | ||
} | ||
return webClient; | ||
} | ||
|
||
@Override | ||
public RequestSpecification given() { | ||
return app().relaxedHttps().given(); | ||
@AfterAll | ||
static void afterAll() { | ||
if (webClient != null) { | ||
webClient.close(); | ||
} | ||
} | ||
|
||
private static String getClientCaCert() { | ||
return addEscapes(getPemCertificate().truststorePath()); | ||
} | ||
|
||
private static String getClientCaCert(CertificateBuilder certificateBuilder) { | ||
return getPemCertificate(certificateBuilder).truststorePath(); | ||
private static String getServerCert() { | ||
return addEscapes(getPemCertificate().certPath()); | ||
} | ||
|
||
private static String getServerCert(CertificateBuilder certificateBuilder) { | ||
return getPemCertificate(certificateBuilder).certPath(); | ||
private static String getServerKey() { | ||
return addEscapes(getPemCertificate().keyPath()); | ||
} | ||
|
||
private static String getServerKey(CertificateBuilder certificateBuilder) { | ||
return getPemCertificate(certificateBuilder).keyPath(); | ||
private static PemCertificate getPemCertificate() { | ||
return (PemCertificate) getCertificateBuilder().findCertificateByPrefix(CERT_PREFIX); | ||
} | ||
|
||
private static PemCertificate getPemCertificate(CertificateBuilder certificateBuilder) { | ||
return (PemCertificate) certificateBuilder.findCertificateByPrefix(CERT_PREFIX); | ||
private static CertificateBuilder getCertificateBuilder() { | ||
return app.getPropertyFromContext(CertificateBuilder.INSTANCE_KEY); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters