From d233142006490a667d0d5b83e768fd27172e5122 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Wed, 27 Mar 2024 14:33:10 +0100
Subject: fix(http): allow SSL host-certificate validation in any case

Before, it was only supported in case of SSL client authentication
---
 .../eaaf/core/test/http/HttpClientFactoryTest.java | 69 ++++++++++++++++++++++
 1 file changed, 69 insertions(+)

(limited to 'eaaf_core_utils/src/test')

diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java
index 269c516e..493d966b 100644
--- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/http/HttpClientFactoryTest.java
@@ -1,6 +1,7 @@
 package at.gv.egiz.eaaf.core.test.http;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
@@ -17,6 +18,8 @@ import java.security.Provider;
 import java.security.UnrecoverableKeyException;
 import java.security.cert.X509Certificate;
 
+import javax.net.ssl.SSLHandshakeException;
+
 import org.apache.commons.lang3.RandomStringUtils;
 import org.apache.hc.client5.http.ClientProtocolException;
 import org.apache.hc.client5.http.classic.methods.HttpGet;
@@ -213,6 +216,72 @@ public class HttpClientFactoryTest {
 
   }
 
+  @Test
+  public void getCustomClientBasicAuthWithSslTrustAll() throws EaafException, ClientProtocolException,
+      IOException, KeyStoreException {
+    final HttpClientConfiguration config = new HttpClientConfiguration("jUnit");
+    config.setEnablePreEmptiveHttpBasicAuth(false);
+    config.setAuthMode("password");
+    config.setUsername("jUnit");
+    config.setPassword("password");
+    config.setDisableTlsHostCertificateValidation(true);
+
+    final CloseableHttpClient client = httpClientFactory.getHttpClient(config);
+    Assert.assertNotNull("httpClient", client);
+
+    // set-up mock-up web-server with SSL client authentication
+    final String localhost = InetAddress.getByName("localhost").getCanonicalHostName();
+    final HeldCertificate localhostCertificate = new HeldCertificate.Builder()
+        .addSubjectAlternativeName(localhost)
+        .build();
+    final HandshakeCertificates serverCertificates = new HandshakeCertificates.Builder()
+        .heldCertificate(localhostCertificate)
+        .build();
+    mockWebServer = new MockWebServer();
+    mockWebServer.useHttps(serverCertificates.sslSocketFactory(), false);
+    mockWebServer.enqueue(new MockResponse().setResponseCode(200)
+        .setBody("Successful auth!"));
+    mockServerUrl = mockWebServer.url("/sp/junit");
+
+    // perform test request
+    final HttpUriRequest httpGet2 = new HttpGet(mockServerUrl.url().toString());
+    final CloseableHttpResponse httpResp2 = client.execute(httpGet2);
+    Assert.assertEquals("http statusCode", 200, httpResp2.getCode());
+
+  }
+
+  @Test
+  public void getCustomClientBasicAuthWithSsl() throws EaafException, ClientProtocolException,
+      IOException, KeyStoreException {
+    final HttpClientConfiguration config = new HttpClientConfiguration("jUnit");
+    config.setEnablePreEmptiveHttpBasicAuth(false);
+    config.setAuthMode("password");
+    config.setUsername("jUnit");
+    config.setPassword("password");
+
+    final CloseableHttpClient client = httpClientFactory.getHttpClient(config);
+    Assert.assertNotNull("httpClient", client);
+
+    // set-up mock-up web-server with SSL client authentication
+    final String localhost = InetAddress.getByName("localhost").getCanonicalHostName();
+    final HeldCertificate localhostCertificate = new HeldCertificate.Builder()
+        .addSubjectAlternativeName(localhost)
+        .build();
+    final HandshakeCertificates serverCertificates = new HandshakeCertificates.Builder()
+        .heldCertificate(localhostCertificate)
+        .build();
+    mockWebServer = new MockWebServer();
+    mockWebServer.useHttps(serverCertificates.sslSocketFactory(), false);
+    mockWebServer.enqueue(new MockResponse().setResponseCode(200)
+        .setBody("Successful auth!"));
+    mockServerUrl = mockWebServer.url("/sp/junit");
+
+    // perform test request
+    final HttpUriRequest httpGet2 = new HttpGet(mockServerUrl.url().toString());
+    assertThrows(SSLHandshakeException.class, () -> client.execute(httpGet2));
+
+  }
+
   @Test
   public void getCustomClientBasicAuthWithPreEmptive() throws EaafException, ClientProtocolException,
       IOException, InterruptedException {
-- 
cgit v1.2.3