diff --git a/hapi-fhir-base/src/main/java/ca/uhn/fhir/context/FhirContext.java b/hapi-fhir-base/src/main/java/ca/uhn/fhir/context/FhirContext.java index 705e9a65dd7..7681a19ebbe 100644 --- a/hapi-fhir-base/src/main/java/ca/uhn/fhir/context/FhirContext.java +++ b/hapi-fhir-base/src/main/java/ca/uhn/fhir/context/FhirContext.java @@ -24,7 +24,7 @@ import ca.uhn.fhir.rest.client.api.IBasicClient; import ca.uhn.fhir.rest.client.api.IGenericClient; import ca.uhn.fhir.rest.client.api.IRestfulClient; import ca.uhn.fhir.rest.client.api.IRestfulClientFactory; -import ca.uhn.fhir.rest.https.TlsAuthentication; +import ca.uhn.fhir.tls.TlsAuthentication; import ca.uhn.fhir.util.FhirTerser; import ca.uhn.fhir.util.ReflectionUtil; import ca.uhn.fhir.util.VersionUtil; diff --git a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/client/api/IRestfulClientFactory.java b/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/client/api/IRestfulClientFactory.java index 2338d7a64e5..26d643a3bc1 100644 --- a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/client/api/IRestfulClientFactory.java +++ b/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/client/api/IRestfulClientFactory.java @@ -26,7 +26,7 @@ import java.util.Optional; import ca.uhn.fhir.context.ConfigurationException; import ca.uhn.fhir.rest.api.RequestTypeEnum; -import ca.uhn.fhir.rest.https.TlsAuthentication; +import ca.uhn.fhir.tls.TlsAuthentication; public interface IRestfulClientFactory { diff --git a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/https/KeyStoreInfo.java b/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/https/KeyStoreInfo.java deleted file mode 100644 index f46b6aeea6d..00000000000 --- a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/https/KeyStoreInfo.java +++ /dev/null @@ -1,15 +0,0 @@ -package ca.uhn.fhir.rest.https; - -public class KeyStoreInfo extends StoreInfo { - - private final char[] myKeyPass; - - public KeyStoreInfo(String theFilePath, String theStorePass, String theKeyPass, String theAlias) { - super(theFilePath, theStorePass, theAlias); - this.myKeyPass = toCharArray(theKeyPass); - } - - public char[] getKeyPass() { - return myKeyPass; - } -} diff --git a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/https/KeyStoreType.java b/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/https/KeyStoreType.java deleted file mode 100644 index 8b52daaed96..00000000000 --- a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/https/KeyStoreType.java +++ /dev/null @@ -1,31 +0,0 @@ -package ca.uhn.fhir.rest.https; - -import ca.uhn.fhir.i18n.Msg; - -import java.util.Arrays; -import java.util.List; - -public enum KeyStoreType { - - PKCS12("p12", "pfx"), - JKS("jks"); - - private List myFileExtensions; - - KeyStoreType(String... theFileExtensions){ - myFileExtensions = Arrays.asList(theFileExtensions); - } - - public List getFileExtensions() { - return myFileExtensions; - } - - public static KeyStoreType fromFileExtension(String theFileExtension) { - for(KeyStoreType type : KeyStoreType.values()){ - if(type.getFileExtensions().contains(theFileExtension.toLowerCase())){ - return type; - } - } - throw new IllegalArgumentException(Msg.code(2106)+"Invalid KeyStore Type"); - } -} diff --git a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/https/PathType.java b/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/https/PathType.java deleted file mode 100644 index c4a693f2fdd..00000000000 --- a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/https/PathType.java +++ /dev/null @@ -1,17 +0,0 @@ -package ca.uhn.fhir.rest.https; - -public enum PathType { - - FILE("file://"), - RESOURCE("classpath:"); - - private String myPrefix; - - PathType(String thePrefix) { - myPrefix = thePrefix; - } - - public String getPrefix(){ - return myPrefix; - } -} diff --git a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/https/TlsAuthentication.java b/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/https/TlsAuthentication.java deleted file mode 100644 index 793d95228ef..00000000000 --- a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/https/TlsAuthentication.java +++ /dev/null @@ -1,22 +0,0 @@ -package ca.uhn.fhir.rest.https; - -import java.util.Optional; - -public class TlsAuthentication { - - private final Optional myKeyStoreInfo; - private final Optional myTrustStoreInfo; - - public TlsAuthentication(Optional theKeyStoreInfo, Optional theTrustStoreInfo) { - myKeyStoreInfo = theKeyStoreInfo; - myTrustStoreInfo = theTrustStoreInfo; - } - - public Optional getKeyStoreInfo() { - return myKeyStoreInfo; - } - - public Optional getTrustStoreInfo() { - return myTrustStoreInfo; - } -} diff --git a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/https/TrustStoreInfo.java b/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/https/TrustStoreInfo.java deleted file mode 100644 index 5c40e7c0ba8..00000000000 --- a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/https/TrustStoreInfo.java +++ /dev/null @@ -1,9 +0,0 @@ -package ca.uhn.fhir.rest.https; - -public class TrustStoreInfo extends StoreInfo{ - - public TrustStoreInfo(String theFilePath, String theStorePass, String theAlias) { - super(theFilePath, theStorePass, theAlias); - } - -} diff --git a/hapi-fhir-base/src/main/java/ca/uhn/fhir/tls/KeyStoreInfo.java b/hapi-fhir-base/src/main/java/ca/uhn/fhir/tls/KeyStoreInfo.java new file mode 100644 index 00000000000..c43b8705c62 --- /dev/null +++ b/hapi-fhir-base/src/main/java/ca/uhn/fhir/tls/KeyStoreInfo.java @@ -0,0 +1,35 @@ +package ca.uhn.fhir.tls; + +/*- + * #%L + * HAPI FHIR - Core Library + * %% + * Copyright (C) 2014 - 2022 Smile CDR, Inc. + * %% + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * #L% + */ + +public class KeyStoreInfo extends StoreInfo { + + private final char[] myKeyPass; + + public KeyStoreInfo(String theFilePath, String theStorePass, String theKeyPass, String theAlias) { + super(theFilePath, theStorePass, theAlias); + this.myKeyPass = toCharArray(theKeyPass); + } + + public char[] getKeyPass() { + return myKeyPass; + } +} diff --git a/hapi-fhir-base/src/main/java/ca/uhn/fhir/tls/KeyStoreType.java b/hapi-fhir-base/src/main/java/ca/uhn/fhir/tls/KeyStoreType.java new file mode 100644 index 00000000000..cda8c16e250 --- /dev/null +++ b/hapi-fhir-base/src/main/java/ca/uhn/fhir/tls/KeyStoreType.java @@ -0,0 +1,51 @@ +package ca.uhn.fhir.tls; + +/*- + * #%L + * HAPI FHIR - Core Library + * %% + * Copyright (C) 2014 - 2022 Smile CDR, Inc. + * %% + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * #L% + */ + +import ca.uhn.fhir.i18n.Msg; + +import java.util.Arrays; +import java.util.List; + +public enum KeyStoreType { + + PKCS12("p12", "pfx"), + JKS("jks"); + + private List myFileExtensions; + + KeyStoreType(String... theFileExtensions){ + myFileExtensions = Arrays.asList(theFileExtensions); + } + + public List getFileExtensions() { + return myFileExtensions; + } + + public static KeyStoreType fromFileExtension(String theFileExtension) { + for(KeyStoreType type : KeyStoreType.values()){ + if(type.getFileExtensions().contains(theFileExtension.toLowerCase())){ + return type; + } + } + throw new IllegalArgumentException(Msg.code(2106)+"Invalid KeyStore Type"); + } +} diff --git a/hapi-fhir-base/src/main/java/ca/uhn/fhir/tls/PathType.java b/hapi-fhir-base/src/main/java/ca/uhn/fhir/tls/PathType.java new file mode 100644 index 00000000000..068928844fb --- /dev/null +++ b/hapi-fhir-base/src/main/java/ca/uhn/fhir/tls/PathType.java @@ -0,0 +1,37 @@ +package ca.uhn.fhir.tls; + +/*- + * #%L + * HAPI FHIR - Core Library + * %% + * Copyright (C) 2014 - 2022 Smile CDR, Inc. + * %% + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * #L% + */ + +public enum PathType { + + FILE("file://"), + RESOURCE("classpath:"); + + private String myPrefix; + + PathType(String thePrefix) { + myPrefix = thePrefix; + } + + public String getPrefix(){ + return myPrefix; + } +} diff --git a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/https/StoreInfo.java b/hapi-fhir-base/src/main/java/ca/uhn/fhir/tls/StoreInfo.java similarity index 96% rename from hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/https/StoreInfo.java rename to hapi-fhir-base/src/main/java/ca/uhn/fhir/tls/StoreInfo.java index f61ec02829a..84779ea8a6d 100644 --- a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/https/StoreInfo.java +++ b/hapi-fhir-base/src/main/java/ca/uhn/fhir/tls/StoreInfo.java @@ -1,4 +1,4 @@ -package ca.uhn.fhir.rest.https; +package ca.uhn.fhir.tls; import org.apache.commons.io.FilenameUtils; diff --git a/hapi-fhir-base/src/main/java/ca/uhn/fhir/tls/TlsAuthentication.java b/hapi-fhir-base/src/main/java/ca/uhn/fhir/tls/TlsAuthentication.java new file mode 100644 index 00000000000..bcafca9b763 --- /dev/null +++ b/hapi-fhir-base/src/main/java/ca/uhn/fhir/tls/TlsAuthentication.java @@ -0,0 +1,42 @@ +package ca.uhn.fhir.tls; + +/*- + * #%L + * HAPI FHIR - Core Library + * %% + * Copyright (C) 2014 - 2022 Smile CDR, Inc. + * %% + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * #L% + */ + +import java.util.Optional; + +public class TlsAuthentication { + + private final Optional myKeyStoreInfo; + private final Optional myTrustStoreInfo; + + public TlsAuthentication(Optional theKeyStoreInfo, Optional theTrustStoreInfo) { + myKeyStoreInfo = theKeyStoreInfo; + myTrustStoreInfo = theTrustStoreInfo; + } + + public Optional getKeyStoreInfo() { + return myKeyStoreInfo; + } + + public Optional getTrustStoreInfo() { + return myTrustStoreInfo; + } +} diff --git a/hapi-fhir-base/src/main/java/ca/uhn/fhir/tls/TrustStoreInfo.java b/hapi-fhir-base/src/main/java/ca/uhn/fhir/tls/TrustStoreInfo.java new file mode 100644 index 00000000000..10f6bdefe00 --- /dev/null +++ b/hapi-fhir-base/src/main/java/ca/uhn/fhir/tls/TrustStoreInfo.java @@ -0,0 +1,29 @@ +package ca.uhn.fhir.tls; + +/*- + * #%L + * HAPI FHIR - Core Library + * %% + * Copyright (C) 2014 - 2022 Smile CDR, Inc. + * %% + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * #L% + */ + +public class TrustStoreInfo extends StoreInfo{ + + public TrustStoreInfo(String theFilePath, String theStorePass, String theAlias) { + super(theFilePath, theStorePass, theAlias); + } + +} diff --git a/hapi-fhir-cli/hapi-fhir-cli-api/src/main/java/ca/uhn/fhir/cli/BaseCommand.java b/hapi-fhir-cli/hapi-fhir-cli-api/src/main/java/ca/uhn/fhir/cli/BaseCommand.java index 76c89a37097..9eb85dfa1a0 100644 --- a/hapi-fhir-cli/hapi-fhir-cli-api/src/main/java/ca/uhn/fhir/cli/BaseCommand.java +++ b/hapi-fhir-cli/hapi-fhir-cli-api/src/main/java/ca/uhn/fhir/cli/BaseCommand.java @@ -26,9 +26,9 @@ import ca.uhn.fhir.i18n.Msg; import ca.uhn.fhir.rest.api.Constants; import ca.uhn.fhir.rest.client.api.IGenericClient; import ca.uhn.fhir.rest.client.interceptor.SimpleRequestHeaderInterceptor; -import ca.uhn.fhir.rest.https.TlsAuthentication; -import ca.uhn.fhir.rest.https.KeyStoreInfo; -import ca.uhn.fhir.rest.https.TrustStoreInfo; +import ca.uhn.fhir.tls.TlsAuthentication; +import ca.uhn.fhir.tls.KeyStoreInfo; +import ca.uhn.fhir.tls.TrustStoreInfo; import com.google.common.base.Charsets; import com.google.common.collect.Sets; import com.google.gson.JsonObject; diff --git a/hapi-fhir-client-okhttp/src/main/java/ca/uhn/fhir/okhttp/client/OkHttpRestfulClientFactory.java b/hapi-fhir-client-okhttp/src/main/java/ca/uhn/fhir/okhttp/client/OkHttpRestfulClientFactory.java index 63e93645aa3..1de55835dfe 100644 --- a/hapi-fhir-client-okhttp/src/main/java/ca/uhn/fhir/okhttp/client/OkHttpRestfulClientFactory.java +++ b/hapi-fhir-client-okhttp/src/main/java/ca/uhn/fhir/okhttp/client/OkHttpRestfulClientFactory.java @@ -5,9 +5,9 @@ import ca.uhn.fhir.rest.api.RequestTypeEnum; import ca.uhn.fhir.rest.client.api.Header; import ca.uhn.fhir.rest.client.api.IHttpClient; import ca.uhn.fhir.rest.client.impl.RestfulClientFactory; -import ca.uhn.fhir.rest.https.TlsAuthentication; -import ca.uhn.fhir.rest.https.TlsAuthenticationSvc; -import ca.uhn.fhir.rest.https.TrustStoreInfo; +import ca.uhn.fhir.tls.TlsAuthentication; +import ca.uhn.fhir.rest.client.tls.TlsAuthenticationSvc; +import ca.uhn.fhir.tls.TrustStoreInfo; import okhttp3.Call; import okhttp3.OkHttpClient; diff --git a/hapi-fhir-client/src/main/java/ca/uhn/fhir/rest/client/apache/ApacheRestfulClientFactory.java b/hapi-fhir-client/src/main/java/ca/uhn/fhir/rest/client/apache/ApacheRestfulClientFactory.java index 6931a12dd9b..cc57121c130 100644 --- a/hapi-fhir-client/src/main/java/ca/uhn/fhir/rest/client/apache/ApacheRestfulClientFactory.java +++ b/hapi-fhir-client/src/main/java/ca/uhn/fhir/rest/client/apache/ApacheRestfulClientFactory.java @@ -25,8 +25,8 @@ import ca.uhn.fhir.rest.api.RequestTypeEnum; import ca.uhn.fhir.rest.client.api.Header; import ca.uhn.fhir.rest.client.api.IHttpClient; import ca.uhn.fhir.rest.client.impl.RestfulClientFactory; -import ca.uhn.fhir.rest.https.TlsAuthentication; -import ca.uhn.fhir.rest.https.TlsAuthenticationSvc; +import ca.uhn.fhir.tls.TlsAuthentication; +import ca.uhn.fhir.rest.client.tls.TlsAuthenticationSvc; import org.apache.http.HttpHost; import org.apache.http.auth.AuthScope; import org.apache.http.auth.UsernamePasswordCredentials; diff --git a/hapi-fhir-client/src/main/java/ca/uhn/fhir/rest/client/impl/RestfulClientFactory.java b/hapi-fhir-client/src/main/java/ca/uhn/fhir/rest/client/impl/RestfulClientFactory.java index 067ba772c9d..18b4f41c4f0 100644 --- a/hapi-fhir-client/src/main/java/ca/uhn/fhir/rest/client/impl/RestfulClientFactory.java +++ b/hapi-fhir-client/src/main/java/ca/uhn/fhir/rest/client/impl/RestfulClientFactory.java @@ -23,7 +23,7 @@ import ca.uhn.fhir.i18n.Msg; import java.lang.reflect.*; import java.util.*; -import ca.uhn.fhir.rest.https.TlsAuthentication; +import ca.uhn.fhir.tls.TlsAuthentication; import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.Validate; import org.hl7.fhir.instance.model.api.IBaseResource; diff --git a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/https/TlsAuthenticationSvc.java b/hapi-fhir-client/src/main/java/ca/uhn/fhir/rest/client/tls/TlsAuthenticationSvc.java similarity index 95% rename from hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/https/TlsAuthenticationSvc.java rename to hapi-fhir-client/src/main/java/ca/uhn/fhir/rest/client/tls/TlsAuthenticationSvc.java index 970a8c87ce8..c989b849691 100644 --- a/hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/https/TlsAuthenticationSvc.java +++ b/hapi-fhir-client/src/main/java/ca/uhn/fhir/rest/client/tls/TlsAuthenticationSvc.java @@ -1,6 +1,11 @@ -package ca.uhn.fhir.rest.https; +package ca.uhn.fhir.rest.client.tls; import ca.uhn.fhir.i18n.Msg; +import ca.uhn.fhir.tls.KeyStoreInfo; +import ca.uhn.fhir.tls.PathType; +import ca.uhn.fhir.tls.StoreInfo; +import ca.uhn.fhir.tls.TlsAuthentication; +import ca.uhn.fhir.tls.TrustStoreInfo; import org.apache.http.conn.ssl.DefaultHostnameVerifier; import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.http.conn.ssl.TrustSelfSignedStrategy; diff --git a/hapi-fhir-client/src/test/java/ca/uhn/fhir/rest/client/tls/TlsAuthenticationSvcTest.java b/hapi-fhir-client/src/test/java/ca/uhn/fhir/rest/client/tls/TlsAuthenticationSvcTest.java new file mode 100644 index 00000000000..11de622b9fa --- /dev/null +++ b/hapi-fhir-client/src/test/java/ca/uhn/fhir/rest/client/tls/TlsAuthenticationSvcTest.java @@ -0,0 +1,110 @@ +package ca.uhn.fhir.rest.client.tls; + +import ca.uhn.fhir.tls.KeyStoreInfo; +import ca.uhn.fhir.tls.TlsAuthentication; +import ca.uhn.fhir.tls.TrustStoreInfo; +import org.apache.http.conn.ssl.DefaultHostnameVerifier; +import org.apache.http.conn.ssl.NoopHostnameVerifier; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; + +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.SSLContext; +import javax.net.ssl.X509TrustManager; +import java.security.KeyStore; +import java.security.cert.Certificate; +import java.util.Optional; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.junit.jupiter.api.Assertions.assertTrue; + +public class TlsAuthenticationSvcTest { + + private KeyStoreInfo myServerKeyStoreInfo; + private TrustStoreInfo myServerTrustStoreInfo; + private TlsAuthentication myServerTlsAuthentication; + + private KeyStoreInfo myClientKeyStoreInfo; + private TrustStoreInfo myClientTrustStoreInfo; + private TlsAuthentication myClientTlsAuthentication; + + @BeforeEach + public void beforeEach(){ + myServerKeyStoreInfo = new KeyStoreInfo("classpath:/server-keystore.p12", "changeit", "changeit", "server"); + myServerTrustStoreInfo = new TrustStoreInfo("classpath:/server-truststore.p12", "changeit", "client"); + myServerTlsAuthentication = new TlsAuthentication(Optional.of(myServerKeyStoreInfo), Optional.of(myServerTrustStoreInfo)); + + myClientKeyStoreInfo = new KeyStoreInfo("classpath:/client-keystore.p12", "changeit", "changeit", "client"); + myClientTrustStoreInfo = new TrustStoreInfo("classpath:/client-truststore.p12", "changeit", "server"); + myClientTlsAuthentication = new TlsAuthentication(Optional.of(myClientKeyStoreInfo), Optional.of(myClientTrustStoreInfo)); + } + + @Test + public void testCreateSslContextEmpty(){ + Optional emptyAuthentication = Optional.empty(); + Optional result = TlsAuthenticationSvc.createSslContext(emptyAuthentication); + assertTrue(result.isEmpty()); + } + + @Test + public void testCreateSslContextPresent(){ + Optional result = TlsAuthenticationSvc.createSslContext(Optional.of(myServerTlsAuthentication)); + assertFalse(result.isEmpty()); + assertEquals("TLS", result.get().getProtocol()); + } + + @Test + public void testCreateSslContextPresentInvalid(){ + KeyStoreInfo invalidKeyStoreInfo = new KeyStoreInfo("INVALID.p12", "changeit", "changeit", "server"); + TlsAuthentication invalidTlsAuthentication = new TlsAuthentication(Optional.of(invalidKeyStoreInfo), Optional.of(myServerTrustStoreInfo)); + assertThrows(TlsAuthenticationSvc.TlsAuthenticationException.class, () -> { + TlsAuthenticationSvc.createSslContext(Optional.of(invalidTlsAuthentication)); + }); + } + + @Test + public void testCreateKeyStore() throws Exception { + KeyStore keyStore = TlsAuthenticationSvc.createKeyStore(myServerKeyStoreInfo); + assertNotNull(keyStore.getKey("server", myServerKeyStoreInfo.getKeyPass())); + } + + @Test + public void testCreateTrustStore() throws Exception { + KeyStore keyStore = TlsAuthenticationSvc.createKeyStore(myServerTrustStoreInfo); + assertNotNull(keyStore.getCertificate(myServerTrustStoreInfo.getAlias())); + } + + @Test + public void testCreateTrustManager() throws Exception{ + X509TrustManager trustManager = TlsAuthenticationSvc.createTrustManager(Optional.of(myClientTrustStoreInfo)); + KeyStore keyStore = TlsAuthenticationSvc.createKeyStore(myServerKeyStoreInfo); + Certificate serverCertificate = keyStore.getCertificate(myServerKeyStoreInfo.getAlias()); + + assertEquals(1, trustManager.getAcceptedIssuers().length); + assertEquals(serverCertificate, trustManager.getAcceptedIssuers()[0]); + } + + @Test + public void testCreateTrustManagerInvalid() throws Exception{ + TrustStoreInfo invalidKeyStoreInfo = new TrustStoreInfo("INVALID.p12", "changeit", "client"); + X509TrustManager trustManager = TlsAuthenticationSvc.createTrustManager(Optional.of(invalidKeyStoreInfo)); + assertEquals(0, trustManager.getAcceptedIssuers().length); + } + + @Test + public void testCreateHostnameVerifierEmptyTrustStoreInfo(){ + Optional trustStoreInfo = Optional.empty(); + HostnameVerifier result = TlsAuthenticationSvc.createHostnameVerifier(trustStoreInfo); + assertEquals(NoopHostnameVerifier.class, result.getClass()); + } + + @Test + public void testCreateHostnameVerifierPresentTrustStoreInfo(){ + Optional trustStoreInfo = Optional.of(myServerTrustStoreInfo); + HostnameVerifier result = TlsAuthenticationSvc.createHostnameVerifier(trustStoreInfo); + assertEquals(DefaultHostnameVerifier.class, result.getClass()); + } +} diff --git a/hapi-fhir-client/src/test/resources/client-keystore.p12 b/hapi-fhir-client/src/test/resources/client-keystore.p12 new file mode 100644 index 00000000000..c8ee5242feb Binary files /dev/null and b/hapi-fhir-client/src/test/resources/client-keystore.p12 differ diff --git a/hapi-fhir-client/src/test/resources/client-truststore.p12 b/hapi-fhir-client/src/test/resources/client-truststore.p12 new file mode 100644 index 00000000000..d12c7199708 Binary files /dev/null and b/hapi-fhir-client/src/test/resources/client-truststore.p12 differ diff --git a/hapi-fhir-client/src/test/resources/server-keystore.p12 b/hapi-fhir-client/src/test/resources/server-keystore.p12 new file mode 100644 index 00000000000..00ae45348ef Binary files /dev/null and b/hapi-fhir-client/src/test/resources/server-keystore.p12 differ diff --git a/hapi-fhir-client/src/test/resources/server-truststore.p12 b/hapi-fhir-client/src/test/resources/server-truststore.p12 new file mode 100644 index 00000000000..65575b455b6 Binary files /dev/null and b/hapi-fhir-client/src/test/resources/server-truststore.p12 differ diff --git a/hapi-fhir-jaxrsserver-base/src/main/java/ca/uhn/fhir/jaxrs/client/JaxRsRestfulClientFactory.java b/hapi-fhir-jaxrsserver-base/src/main/java/ca/uhn/fhir/jaxrs/client/JaxRsRestfulClientFactory.java index e21d3e3724c..e313ee84a3f 100644 --- a/hapi-fhir-jaxrsserver-base/src/main/java/ca/uhn/fhir/jaxrs/client/JaxRsRestfulClientFactory.java +++ b/hapi-fhir-jaxrsserver-base/src/main/java/ca/uhn/fhir/jaxrs/client/JaxRsRestfulClientFactory.java @@ -6,8 +6,8 @@ import ca.uhn.fhir.rest.api.RequestTypeEnum; import ca.uhn.fhir.rest.client.api.Header; import ca.uhn.fhir.rest.client.api.IHttpClient; import ca.uhn.fhir.rest.client.impl.RestfulClientFactory; -import ca.uhn.fhir.rest.https.TlsAuthentication; -import ca.uhn.fhir.rest.https.TlsAuthenticationSvc; +import ca.uhn.fhir.tls.TlsAuthentication; +import ca.uhn.fhir.rest.client.tls.TlsAuthenticationSvc; import javax.net.ssl.SSLContext; import javax.ws.rs.client.Client; diff --git a/hapi-fhir-test-utilities/src/main/java/ca/uhn/fhir/test/BaseFhirVersionParameterizedTest.java b/hapi-fhir-test-utilities/src/main/java/ca/uhn/fhir/test/BaseFhirVersionParameterizedTest.java index c0b49120efe..e1cc0f1ea60 100644 --- a/hapi-fhir-test-utilities/src/main/java/ca/uhn/fhir/test/BaseFhirVersionParameterizedTest.java +++ b/hapi-fhir-test-utilities/src/main/java/ca/uhn/fhir/test/BaseFhirVersionParameterizedTest.java @@ -3,7 +3,7 @@ package ca.uhn.fhir.test; import ca.uhn.fhir.context.FhirContext; import ca.uhn.fhir.context.FhirVersionEnum; import ca.uhn.fhir.i18n.Msg; -import ca.uhn.fhir.rest.https.TlsAuthentication; +import ca.uhn.fhir.tls.TlsAuthentication; import ca.uhn.fhir.test.utilities.BaseRequestGeneratingCommandTestUtil; import ca.uhn.fhir.test.utilities.BaseRestServerHelper; import ca.uhn.fhir.test.utilities.RestServerDstu3Helper; diff --git a/hapi-fhir-test-utilities/src/main/java/ca/uhn/fhir/test/utilities/BaseRequestGeneratingCommandTestUtil.java b/hapi-fhir-test-utilities/src/main/java/ca/uhn/fhir/test/utilities/BaseRequestGeneratingCommandTestUtil.java index 06ae00c25c9..33af0369576 100644 --- a/hapi-fhir-test-utilities/src/main/java/ca/uhn/fhir/test/utilities/BaseRequestGeneratingCommandTestUtil.java +++ b/hapi-fhir-test-utilities/src/main/java/ca/uhn/fhir/test/utilities/BaseRequestGeneratingCommandTestUtil.java @@ -21,9 +21,9 @@ package ca.uhn.fhir.test.utilities; */ import ca.uhn.fhir.i18n.Msg; -import ca.uhn.fhir.rest.https.KeyStoreInfo; -import ca.uhn.fhir.rest.https.TlsAuthentication; -import ca.uhn.fhir.rest.https.TrustStoreInfo; +import ca.uhn.fhir.tls.KeyStoreInfo; +import ca.uhn.fhir.tls.TlsAuthentication; +import ca.uhn.fhir.tls.TrustStoreInfo; import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.node.ObjectNode; import org.apache.commons.io.IOUtils; diff --git a/hapi-fhir-test-utilities/src/main/java/ca/uhn/fhir/test/utilities/BaseRestServerHelper.java b/hapi-fhir-test-utilities/src/main/java/ca/uhn/fhir/test/utilities/BaseRestServerHelper.java index e3007f05363..8ada95292c2 100644 --- a/hapi-fhir-test-utilities/src/main/java/ca/uhn/fhir/test/utilities/BaseRestServerHelper.java +++ b/hapi-fhir-test-utilities/src/main/java/ca/uhn/fhir/test/utilities/BaseRestServerHelper.java @@ -25,7 +25,7 @@ import ca.uhn.fhir.i18n.Msg; import ca.uhn.fhir.rest.client.api.IGenericClient; import ca.uhn.fhir.rest.client.api.ServerValidationModeEnum; import ca.uhn.fhir.rest.client.interceptor.LoggingInterceptor; -import ca.uhn.fhir.rest.https.KeyStoreType; +import ca.uhn.fhir.tls.KeyStoreType; import ca.uhn.fhir.rest.server.IResourceProvider; import org.eclipse.jetty.http.HttpVersion; import org.eclipse.jetty.server.HttpConfiguration;