测试网站支持使用 Java 的相互 SSL
Testing a website supports mutual SSL using Java
我需要编写一个 Cucumber 测试用例来验证网站是否支持 Java 中的 2-way SSL。在无数次阅读不同的文章和答案后,我不确定该怎么做。我已经为测试用例的客户端生成了一个自签名证书,并将其添加到请求中,但我不确定如何准确验证我正在访问的网站是否支持双向 SSL。到目前为止,这是我通过使用不同的答案和在线文章获得的代码。
org.apache.log4j.BasicConfigurator.configure();
try {
String CERT_PASSWORD = "somePass";
KeyStore identityKeyStore = KeyStore.getInstance("jks");
FileInputStream identityKeyStoreFile = new FileInputStream(new File(System.getProperty("user.dir") + "/src/main/resources/files-for-testcases/ultimate.jks"));
identityKeyStore.load(identityKeyStoreFile, CERT_PASSWORD.toCharArray());
SSLContext sslContext = SSLContexts.custom()
// load identity keystore
.loadKeyMaterial(identityKeyStore, CERT_PASSWORD.toCharArray(), (aliases, socket) -> "bddsecurity")
.build();
SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContext,
new String[]{"TLSv1.2", "TLSv1.1"},
null,
SSLConnectionSocketFactory.getDefaultHostnameVerifier());
CloseableHttpClient client = HttpClients.custom()
.setSSLSocketFactory(sslConnectionSocketFactory)
.build();
// Call a SSL-endpoint
return callEndPoint (client, url);
} catch (Exception ex) {
System.out.println("Boom, we failed: " + ex);
ex.printStackTrace();
}
return 404;
}
private static int callEndPoint (CloseableHttpClient aHTTPClient, String aEndPointURL) {
try {
HttpGet httpGet = new HttpGet(aEndPointURL);
LOG.info("**GET** request Url: " + httpGet.getURI());
HttpResponse response = aHTTPClient.execute(httpGet);
int responseCode = response.getStatusLine().getStatusCode();
LOG.info("Response Code: " + responseCode);
return responseCode;
} catch (Exception ex) {
System.out.println("Boom, we failed: " + ex);
ex.printStackTrace();
}
return 404;
}
所以只是为了更新,问题是我的服务器没有证书的连接没问题。不是,然后我的应用程序抛出了一个错误,但诊断很简单,现在一切都很好。
我需要编写一个 Cucumber 测试用例来验证网站是否支持 Java 中的 2-way SSL。在无数次阅读不同的文章和答案后,我不确定该怎么做。我已经为测试用例的客户端生成了一个自签名证书,并将其添加到请求中,但我不确定如何准确验证我正在访问的网站是否支持双向 SSL。到目前为止,这是我通过使用不同的答案和在线文章获得的代码。
org.apache.log4j.BasicConfigurator.configure();
try {
String CERT_PASSWORD = "somePass";
KeyStore identityKeyStore = KeyStore.getInstance("jks");
FileInputStream identityKeyStoreFile = new FileInputStream(new File(System.getProperty("user.dir") + "/src/main/resources/files-for-testcases/ultimate.jks"));
identityKeyStore.load(identityKeyStoreFile, CERT_PASSWORD.toCharArray());
SSLContext sslContext = SSLContexts.custom()
// load identity keystore
.loadKeyMaterial(identityKeyStore, CERT_PASSWORD.toCharArray(), (aliases, socket) -> "bddsecurity")
.build();
SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContext,
new String[]{"TLSv1.2", "TLSv1.1"},
null,
SSLConnectionSocketFactory.getDefaultHostnameVerifier());
CloseableHttpClient client = HttpClients.custom()
.setSSLSocketFactory(sslConnectionSocketFactory)
.build();
// Call a SSL-endpoint
return callEndPoint (client, url);
} catch (Exception ex) {
System.out.println("Boom, we failed: " + ex);
ex.printStackTrace();
}
return 404;
}
private static int callEndPoint (CloseableHttpClient aHTTPClient, String aEndPointURL) {
try {
HttpGet httpGet = new HttpGet(aEndPointURL);
LOG.info("**GET** request Url: " + httpGet.getURI());
HttpResponse response = aHTTPClient.execute(httpGet);
int responseCode = response.getStatusLine().getStatusCode();
LOG.info("Response Code: " + responseCode);
return responseCode;
} catch (Exception ex) {
System.out.println("Boom, we failed: " + ex);
ex.printStackTrace();
}
return 404;
}
所以只是为了更新,问题是我的服务器没有证书的连接没问题。不是,然后我的应用程序抛出了一个错误,但诊断很简单,现在一切都很好。