Adds HTTPS support via new SecureClientDriverRule

Author: EBichel

rest-client-driver/src/main/java/com/github/restdriver/clientdriver/SecureClientDriver.java

@@ -0,0 +1,80 @@
+package com.github.restdriver.clientdriver;
+
+import java.security.KeyStore;
+
+import org.eclipse.jetty.util.ssl.SslContextFactory;
+
+import com.github.restdriver.clientdriver.jetty.ClientDriverJettyHandler;
+
+/**
+ * Secure client driver extends the {@link ClientDriver} to use secure
+ * connections via HTTPS with a provided certificate.
+ */
+public class SecureClientDriver extends ClientDriver {
+
+    KeyStore keyStore;
+    String password;
+    String certificateAlias;
+
+    /**
+     * Constructor which uses the given port to bind to. The server is started
+     * during construction.
+     * 
+     * @param handler
+     *            the {@link ClientDriverJettyHandler} to use.
+     * @param port
+     *            the port to bind to.
+     * @param keyStore
+     *            the key store to use for the certificate.
+     * @param password
+     *            the password for the certificate.
+     * @param certificateAlias
+     *            the alias of the certificate.
+     */
+    public SecureClientDriver(ClientDriverJettyHandler handler, int port, KeyStore keyStore, String password,
+            String certificateAlias) {
+        super();
+        this.keyStore = keyStore;
+        this.password = password;
+        this.certificateAlias = certificateAlias;
+
+        this.handler = handler;
+        this.jettyServer = createAndStartJetty(port);
+    }
+
+    /**
+     * Constructor which uses a free port to bind to. The server is started
+     * during construction.
+     * 
+     * @param handler
+     *            the {@link ClientDriverJettyHandler} to use.
+     * @param keyStore
+     *            the key store to use for the certificate.
+     * @param password
+     *            the password for the certificate.
+     * @param certificateAlias
+     *            the alias of the certificate.
+     */
+    public SecureClientDriver(ClientDriverJettyHandler handler, KeyStore keyStore, String password,
+            String certificateAlias) {
+        this(handler, 0, keyStore, password, certificateAlias);
+    }
+
+    @Override
+    protected SslContextFactory getSslContextFactory() {
+        SslContextFactory sslContextFactoryFactory = new SslContextFactory();
+        sslContextFactoryFactory.setKeyStore(keyStore);
+        sslContextFactoryFactory.setCertAlias(certificateAlias);
+        sslContextFactoryFactory.setKeyStorePassword(password);
+        sslContextFactoryFactory.setKeyManagerPassword(password);
+        sslContextFactoryFactory.checkKeyStore();
+
+        return sslContextFactoryFactory;
+    }
+
+    @Override
+    public String getBaseUrl() {
+        return "https://localhost:" + getPort();
+    }
+
+}

rest-client-driver/src/main/java/com/github/restdriver/clientdriver/SecureClientDriverFactory.java

@@ -0,0 +1,126 @@
+package com.github.restdriver.clientdriver;
+
+import java.security.KeyStore;
+
+import org.apache.commons.lang.Validate;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.github.restdriver.clientdriver.jetty.DefaultClientDriverJettyHandler;
+
+/**
+ * Factory to create a {@link ClientDriver} object which supports SSL. To
+ * arrange that a key store has to be provided. The required password has to be
+ * the password of the certificate's private key as well as of the key store.
+ * This is usually the case if the certificate is exported via OpenSSL e.g. as
+ * PKCS#12 format.
+ * 
+ * An example to create a certificate with keytool provided in the JDK:
+ * 
+ * <pre>
+ * {@code $ keytool -genkey -keyalg RSA -dname "cn=SecureClientDriver" \ 
+ *  -alias certificate -keystore keystore.jks -keypass password \ 
+ *  -storepass password -validity 360 -keysize 2048}
+ * </pre>
+ */
+public class SecureClientDriverFactory {
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(ClientDriverFactory.class);
+
+    private int port = 0;
+    private String password;
+    private String certAlias;
+    private KeyStore keyStore;
+
+    /**
+     * Factory method to create and start ClientDriver. The port will be chosen
+     * automatically.
+     * 
+     * @param keyStore
+     *            The {@link KeyStore} that contains the necessary certificate.
+     * @param password
+     *            The password for the certificate private key & the container.
+     * @param certAlias
+     *            the alias of the certificate in the key store
+     * @return a ClientDriver object
+     */
+    public SecureClientDriver createClientDriver(KeyStore keyStore, String password, String certAlias) {
+        this.password = password;
+        this.certAlias = certAlias;
+        this.keyStore = keyStore;
+        return this.build();
+    }
+
+    /**
+     * Factory method to create and start a ClientDriver on a specific port. The
+     * port can be set, the following arguments are to setup SSL.
+     * 
+     * @param port
+     *            The port that should be used.
+     * @param keyStore
+     *            The {@link KeyStore} that contains the necessary certificate.
+     * @param password
+     *            The password for the certificate private key & the container.
+     * @param certAlias
+     *            the alias of the certificate in the key store
+     * @return a ClientDriver object
+     */
+    public SecureClientDriver createClientDriver(int port, KeyStore keyStore, String password, String certAlias) {
+        this.port = port;
+        this.password = password;
+        this.certAlias = certAlias;
+        this.keyStore = keyStore;
+        return this.build();
+    }
+
+    /**
+     * Sets the port. By default the port is set to 0, which results in a freely
+     * chosen port.
+     * 
+     * @param port
+     *            the port
+     * @return the factory object
+     */
+    public SecureClientDriverFactory port(int port) {
+        this.port = port;
+        return this;
+    }
+
+    /**
+     * Sets the password. Password may not be null or empty when building. 
+     * 
+     * @param port
+     *            the port
+     * @return the factory object
+     */
+    public SecureClientDriverFactory password(String password) {
+        this.password = password;
+        return this;
+    }
+
+    public SecureClientDriverFactory certAlias(String certAlias) {
+        this.certAlias = certAlias;
+        return this;
+    }
+
+    public SecureClientDriverFactory keyStore(KeyStore keyStore) {
+        this.keyStore = keyStore;
+        return this;
+    }
+
+    /**
+     * Create SecureClientDriver with the given configuration.
+     * 
+     * @return
+     */
+    public SecureClientDriver build() {
+        Validate.notEmpty(certAlias, "Certificate alias is not set.");
+        Validate.notEmpty(password, "Password not set.");
+        Validate.notNull(keyStore, "Key store is not set.");
+        SecureClientDriver clientDriver = new SecureClientDriver(
+                new DefaultClientDriverJettyHandler(new DefaultRequestMatcher()), port, keyStore, password, certAlias);
+        LOGGER.debug("ClientDriver created at '" + clientDriver.getBaseUrl() + "'.");
+        return clientDriver;
+    }
+
+}

rest-client-driver/src/main/java/com/github/restdriver/clientdriver/SecureClientDriverRule.java

@@ -0,0 +1,38 @@
+package com.github.restdriver.clientdriver;
+
+import java.security.KeyStore;
+
+/**
+ * The SecureClientDriverRule allows a user to specify expectations on the HTTPS
+ * requests that are made against it.
+ */
+public class SecureClientDriverRule extends ClientDriverRule {
+
+	/**
+	 * Creates a new rule which binds the driver to a free port.
+	 * 
+	 * @param keyStore
+	 *            the key store with the certificate
+	 * @param password
+	 *            the certificate's password
+	 * @param certAlias
+	 *            the alias of the certificate
+	 */
+	public SecureClientDriverRule(KeyStore keyStore, String password, String certAlias) {
+		clientDriver = new SecureClientDriverFactory().createClientDriver(keyStore, password, certAlias);
+	}
+
+	/**
+	 * Creates a new rule which binds the driver to a free port.
+	 * 
+	 * @param keyStore
+	 *            the key store with the certificate
+	 * @param password
+	 *            the certificate's password
+	 * @param certAlias
+	 *            the alias of the certificate
+	 */
+	public SecureClientDriverRule(int port, KeyStore keyStore, String password, String certAlias) {
+		clientDriver = new SecureClientDriverFactory().createClientDriver(port, keyStore, password, certAlias);
+	}
+}

rest-client-driver/src/test/java/com/github/restdriver/clientdriver/integration/SecureClientDriverRuleTest.java

@@ -0,0 +1,103 @@
+package com.github.restdriver.clientdriver.integration;
+
+import static com.github.restdriver.clientdriver.RestClientDriver.giveEmptyResponse;
+import static com.github.restdriver.clientdriver.RestClientDriver.onRequestTo;
+import static org.junit.Assert.*;
+
+import java.io.ByteArrayInputStream;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+
+import javax.net.ssl.SSLContext;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.HttpClient;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.ssl.SSLContexts;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+
+import com.github.restdriver.clientdriver.SecureClientDriverRule;
+import com.github.restdriver.clientdriver.exception.ClientDriverFailedExpectationException;
+import com.github.restdriver.clientdriver.exception.ClientDriverSetupException;
+
+public class SecureClientDriverRuleTest {
+
+	@Rule
+	public SecureClientDriverRule rule = new SecureClientDriverRule(getKeystore(), "password", "certificate");
+    @Rule
+    public ExpectedException thrown = ExpectedException.none();
+
+	@Test
+	public void usageOfRuleWithMatchingCallSucceeds() throws Exception {
+
+		// Arrange
+		rule.addExpectation(onRequestTo("/test"), giveEmptyResponse());
+
+		HttpClient client = getClient();
+		HttpGet getter = new HttpGet(rule.getBaseUrl() + "/test");
+
+		// Act
+		HttpResponse response = client.execute(getter);
+
+		// Assert
+		assertEquals(204, response.getStatusLine().getStatusCode());
+	}
+
+	@Test
+	public void usageOfRuleWithNotMatchingCallFails() throws Exception {
+
+		// Arrange
+		rule.addExpectation(onRequestTo("/test"), giveEmptyResponse());
+
+		HttpClient client = getClient();
+		HttpGet getter = new HttpGet(rule.getBaseUrl() + "/wrong");
+		// Act
+		client.execute(getter);
+		// Assert
+		thrown.expect(ClientDriverFailedExpectationException.class);
+	}
+
+	@Test
+	public void usageOfRuleWithNotCallFails() throws Exception {
+
+		// Arrange
+		rule.addExpectation(onRequestTo("/test"), giveEmptyResponse());
+
+		// Act
+
+		// Assert
+		thrown.expect(ClientDriverFailedExpectationException.class);
+	}
+
+	private static KeyStore getKeystore() {
+		try {
+			ClassLoader loader = SecureClientDriverTest.class.getClassLoader();
+			byte[] binaryContent = IOUtils.toByteArray(loader.getResourceAsStream("keystore.jks"));
+			KeyStore keyStore = KeyStore.getInstance("JKS");
+			keyStore.load(new ByteArrayInputStream(binaryContent), "password".toCharArray());
+			return keyStore;
+		} catch (Exception e) {
+			throw new ClientDriverSetupException("Key store could not be loaded.", e);
+		}
+	}
+
+	private HttpClient getClient() throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException {
+		try {
+			// set the test certificate as trusted
+			SSLContext context = SSLContexts.custom().loadTrustMaterial(getKeystore(), TrustSelfSignedStrategy.INSTANCE)
+					.build();
+			return HttpClients.custom().setSSLHostnameVerifier(new NoopHostnameVerifier()).setSSLContext(context)
+					.build();
+		} catch (Exception e) {
+			throw new ClientDriverSetupException("Client could not be created.", e);
+		}
+	}
+}