[arquillian-issues] [JBoss JIRA] (ARQ-1370) Warp: support SSL for CommandService using untrusted communication

Lukáš Fryč (JIRA) jira-events at lists.jboss.org
Thu Jul 18 03:07:26 EDT 2013 

    [ https://issues.jboss.org/browse/ARQ-1370?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12790592#comment-12790592 ] 

Lukáš Fryč edited comment on ARQ-1370 at 7/18/13 3:06 AM:
----------------------------------------------------------

There are two concerns we had to verify:

* CommandService need to communicate with server no matter what is server's sevlets/filter configuration
* proxy need to be able to handle HTTPS requests (as you reported it should be able already)
* client needs to use HTTPS (I'n not sure whether the communication does not currently look like:

{code}
client --HTTP--> proxy --HTTPS with flag--> server
{code}

(so that proxy actually handles SSL handshake, overtaking the responsibility from the client - let's simply check whether the browser uses HTTPS or HTTP)

----

I would try to run and modify CommandService tests [1] ([TestClientToContainerChannel, TestContainerToClientChannel|https://github.com/arquillian/arquillian-extension-warp/tree/master/ftest/src/test/java/org/jboss/arquillian/warp/ftest/commandBus]) to pass on the container configured as you have described:



There is a service we are testing: [https://github.com/arquillian/arquillian-extension-warp/blob/master/impl/src/main/java/org/jboss/arquillian/warp/impl/client/commandBus/CommandServiceOnClient.java|CommandServiceOnClient]

which communicates through bus: [https://github.com/arquillian/arquillian-extension-warp/blob/master/impl/src/main/java/org/jboss/arquillian/warp/impl/client/commandBus/CommandBusOnClient.java#L162|CommandBusOnClient]

as you can see, we are using [HttpURLConnection|https://github.com/arquillian/arquillian-extension-warp/blob/master/impl/src/main/java/org/jboss/arquillian/warp/impl/client/commandBus/CommandBusOnClient.java#L183] to establish a connection to [WarpFilter|https://github.com/arquillian/arquillian-extension-warp/blob/master/impl/src/main/java/org/jboss/arquillian/warp/impl/server/execution/WarpFilter.java#L114] which can handle the CommandService request (it delegates the request to a [CommandBusOnServer|https://github.com/arquillian/arquillian-extension-warp/blob/master/impl/src/main/java/org/jboss/arquillian/warp/impl/server/commandBus/CommandBusOnServer.java#L67].
                
      was (Author: lfryc):
    There are two concerns we had to verify:

* CommandService need to communicate with server no matter what is server's sevlets/filter configuration
* proxy need to be able to handle HTTPS requests (as you reported it should be able already)
* client needs to use HTTPS (I'n not sure whether the communication does not currently look like:

{code}
client --HTTP--> proxy --HTTPS with flag--> server
{code}

(so that proxy actually handles SSL handshake, overtaking the responsibility from the client - let's simply check whether the browser uses HTTPS or HTTP)

----

I would try to run and modify CommandService tests [1] (TestClientToContainerChannel, TestContainerToClientChannel) to pass on the container configured as you have described:

https://github.com/arquillian/arquillian-extension-warp/tree/master/ftest/src/test/java/org/jboss/arquillian/warp/ftest/commandBus

There is a service we are testing: [https://github.com/arquillian/arquillian-extension-warp/blob/master/impl/src/main/java/org/jboss/arquillian/warp/impl/client/commandBus/CommandServiceOnClient.java|CommandServiceOnClient]

which communicates through bus: [https://github.com/arquillian/arquillian-extension-warp/blob/master/impl/src/main/java/org/jboss/arquillian/warp/impl/client/commandBus/CommandBusOnClient.java#L162|CommandBusOnClient]

as you can see, we are using [HttpURLConnection|https://github.com/arquillian/arquillian-extension-warp/blob/master/impl/src/main/java/org/jboss/arquillian/warp/impl/client/commandBus/CommandBusOnClient.java#L183] to establish a connection to [WarpFilter|https://github.com/arquillian/arquillian-extension-warp/blob/master/impl/src/main/java/org/jboss/arquillian/warp/impl/server/execution/WarpFilter.java#L114] which can handle the CommandService request (it delegates the request to a [CommandBusOnServer|https://github.com/arquillian/arquillian-extension-warp/blob/master/impl/src/main/java/org/jboss/arquillian/warp/impl/server/commandBus/CommandBusOnServer.java#L67].
                  
> Warp: support SSL for CommandService using untrusted communication
> ------------------------------------------------------------------
>
>                 Key: ARQ-1370
>                 URL: https://issues.jboss.org/browse/ARQ-1370
>             Project: Arquillian
>          Issue Type: Enhancement
>      Security Level: Public(Everyone can see) 
>          Components: Extension - Warp
>    Affects Versions: warp_1.0.0.Alpha3
>            Reporter: Lukáš Fryč
>             Fix For: warp_1.next
>
>
> We can make use of HTTP client which will automatically trust SSL endpoint.
> http://stackoverflow.com/questions/2703161/how-to-ignore-ssl-certificate-errors-in-apache-httpclient-4-0

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the arquillian-issues mailing list