Add client auth config validation

tommysitu · tommysitu · commit eec30059e9b4 · 2020-06-04T22:17:43.000+01:00
diff --git a/src/main/java/io/specto/hoverfly/junit/core/config/HoverflyConfigValidator.java b/src/main/java/io/specto/hoverfly/junit/core/config/HoverflyConfigValidator.java
@@ -45,8 +45,16 @@ HoverflyConfiguration validate(HoverflyConfiguration hoverflyConfig) {
             boolean isKeyBlank = StringUtils.isBlank(hoverflyConfig.getSslKeyPath());
             boolean isCertBlank = StringUtils.isBlank(hoverflyConfig.getSslCertificatePath());
             if (isKeyBlank && !isCertBlank || !isKeyBlank && isCertBlank) {
-                throw new IllegalArgumentException("Both SSL key and certificate files are required to override the default Hoverfly SSL.");
+                throw new IllegalArgumentException("Both ca cert and key files are required to override the default Hoverfly ca cert.");
             }
+
+            // Validate client auth cert and key
+            boolean isClientKeyBlank = StringUtils.isBlank(hoverflyConfig.getClientKeyPath());
+            boolean isClientCertBlank = StringUtils.isBlank(hoverflyConfig.getClientCertPath());
+            if (isClientKeyBlank && !isClientCertBlank || !isClientKeyBlank && isClientCertBlank) {
+                throw new IllegalArgumentException("Both client cert and key files are required to enable mutual TLS authentication.");
+            }
+
             // Validate proxy port
             if (hoverflyConfig.getProxyPort() == 0) {
                 hoverflyConfig.setProxyPort(findUnusedPort());
diff --git a/src/test/java/io/specto/hoverfly/junit/core/config/HoverflyConfigValidatorTest.java b/src/test/java/io/specto/hoverfly/junit/core/config/HoverflyConfigValidatorTest.java
@@ -42,18 +42,34 @@ public void shouldAssignPortForLocalHoverflyInstanceIfNotConfigured() {
     @Test
     public void shouldThrowExceptionIfOnlySslKeyIsConfigured() {
 
-        assertThatThrownBy(() -> localConfigs().sslKeyPath("ssl/ca.key").build())
+        assertThatThrownBy(() -> localConfigs().caCert("", "ssl/ca.key").build())
                 .isInstanceOf(IllegalArgumentException.class)
-                .hasMessageContaining("Both SSL key and certificate files are required to override the default Hoverfly SSL");
+                .hasMessageContaining("Both ca cert and key files are required to override the default Hoverfly ca cert.");
     }
 
     @Test
     public void shouldThrowExceptionIfOnlySslCertIsConfigured() {
 
-        assertThatThrownBy(() -> localConfigs().sslCertificatePath("ssl/ca.crt").build())
+        assertThatThrownBy(() -> localConfigs().caCert("ssl/ca.crt", "").build())
                 .isInstanceOf(IllegalArgumentException.class)
-                .hasMessageContaining("Both SSL key and certificate files are required to override the default Hoverfly SSL");
+                .hasMessageContaining("Both ca cert and key files are required to override the default Hoverfly ca cert.");
+    }
+
+
+    @Test
+    public void shouldThrowExceptionIfOnlyClientKeyIsConfigured() {
+
+        assertThatThrownBy(() -> localConfigs().clientAuth("", "ssl/ca.key").build())
+            .isInstanceOf(IllegalArgumentException.class)
+            .hasMessageContaining("Both client cert and key files are required to enable mutual TLS authentication.");
+    }
 
+    @Test
+    public void shouldThrowExceptionIfOnlyClientCertIsConfigured() {
+
+        assertThatThrownBy(() -> localConfigs().clientAuth("ssl/ca.crt", "").build())
+            .isInstanceOf(IllegalArgumentException.class)
+            .hasMessageContaining("Both client cert and key files are required to enable mutual TLS authentication.");
     }
 
     @Test
