feat(http): SslContextBuilder supports system/trust-all/trust-paths modes

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-19 15:54:15 +02:00
parent 2224f7d902
commit 262ee91684
3 changed files with 153 additions and 0 deletions
--- a/cameleer-server-app/src/test/java/com/cameleer/server/app/http/SslContextBuilderTest.java
+++ b/cameleer-server-app/src/test/java/com/cameleer/server/app/http/SslContextBuilderTest.java
@@ -0,0 +1,52 @@
+package com.cameleer.server.app.http;
+
+import com.cameleer.server.core.http.OutboundHttpProperties;
+import com.cameleer.server.core.http.OutboundHttpRequestContext;
+import com.cameleer.server.core.http.TrustMode;
+import org.junit.jupiter.api.Test;
+
+import javax.net.ssl.SSLContext;
+import java.nio.file.Path;
+import java.time.Duration;
+import java.util.List;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+
+class SslContextBuilderTest {
+    private final OutboundHttpProperties systemProps =
+            new OutboundHttpProperties(false, List.of(), Duration.ofMillis(2000), Duration.ofMillis(5000),
+                                        null, null, null);
+    private final SslContextBuilder builder = new SslContextBuilder();
+
+    @Test
+    void systemDefaultUsesJdkTrustStore() throws Exception {
+        SSLContext ctx = builder.build(systemProps, OutboundHttpRequestContext.systemDefault());
+        assertThat(ctx).isNotNull();
+        assertThat(ctx.getProtocol()).isEqualTo("TLS");
+    }
+
+    @Test
+    void trustAllSkipsValidation() throws Exception {
+        SSLContext ctx = builder.build(systemProps,
+                new OutboundHttpRequestContext(TrustMode.TRUST_ALL, List.of(), null, null));
+        assertThat(ctx).isNotNull();
+    }
+
+    @Test
+    void trustPathsLoadsPemFile() throws Exception {
+        Path pem = Path.of("src/test/resources/test-ca.pem");
+        assertThat(pem).exists();
+        SSLContext ctx = builder.build(systemProps,
+                new OutboundHttpRequestContext(TrustMode.TRUST_PATHS, List.of(pem.toString()), null, null));
+        assertThat(ctx).isNotNull();
+    }
+
+    @Test
+    void trustPathsMissingFileThrows() {
+        assertThatThrownBy(() -> builder.build(systemProps,
+                new OutboundHttpRequestContext(TrustMode.TRUST_PATHS, List.of("/no/such/file.pem"), null, null)))
+                .isInstanceOf(IllegalArgumentException.class)
+                .hasMessageContaining("CA file not found");
+    }
+}
--- a/cameleer-server-app/src/test/resources/test-ca.pem
+++ b/cameleer-server-app/src/test/resources/test-ca.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDFzCCAf+gAwIBAgIUawEUnI7oAYTMsqYYJUBqGJhM8LMwDQYJKoZIhvcNAQEL
+BQAwGzEZMBcGA1UEAwwQY2FtZWxlZXItdGVzdC1jYTAeFw0yNjA0MTkxMzUzMTNa
+Fw0zNjA0MTYxMzUzMTNaMBsxGTAXBgNVBAMMEGNhbWVsZWVyLXRlc3QtY2EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCalBl0hjPSXYZjFLImDT5awayX
+nPmX7/TyduX2xSksLnGBfD1YcLYhIaOU3Bp6o+Wld8+nzNjwgMUcKdv1mWqDL8t0
+nlf0JGAntNEQWGwxFUGSLcmzgVf8/d1s0mpZ1/mS6RDzoQ8i8rNq5mYPXkWFAvgD
+G1FQpaBs71VC7vVcEgnJ4kK/8cNcQ/nvaI+T/Tk+sciu57XuMoa8AoJV/Oz/hdkc
+fIoYeUpFp36pYn71yFyZ1N+1xCTi1ruBmMekYWKNaNY6/edk2z3iTFgv4Dk4QS1O
+6GEdgUi9RQIgQwyYltQK2z+wLA8e982JK5HllsLYU0AcY6fvg+JlhEEpCsdnAgMB
+AAGjUzBRMB0GA1UdDgQWBBQYRTifnA5YLxiqjIYMDcZLgDrtUDAfBgNVHSMEGDAW
+gBQYRTifnA5YLxiqjIYMDcZLgDrtUDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
+DQEBCwUAA4IBAQBpNfv6I9dsUflmslv6el5VvDOyZ3GWQIE/Zy0p+i0NYjeWMWtX
+rFPw1mnfdhlyFMpNkP8ddyDaSoqnnFsC4pXqXibrey0NDYX7zujyVIaXixf6koU9
+2/vNIb4evnJyVT9CcophDrobkR4NwU9SrMO7KAecb/U6shrfgmjIanUnCsfGdwsP
+f85DQDbOd9UhnMfMB43I8tjn2Po155npmwGK7J4hZpWTUj/rbNt3fmy2mx6rqdkp
+p61nLY3ba61bnl7QQ7VW7nhaIC7t5sO6NFDdv06MG8Cr5kcvoJDPe93iNeVT8iLp
+Rxs85FvIVYIt58jMvr+RSEfTD8fIvXl0uRDy
+-----END CERTIFICATE-----