Merge pull request #640 from marle3003/develop

Develop

Author: marle3003

acceptance/mail/config.yml

@@ -5,6 +5,12 @@ servers:
   smtps:
     host: localhost:8025
     protocol: smtps
+  customImaps:
+    host: mail.mokapi.local:8993
+    protocol: imaps
+  dynamicImaps:
+    host: imap.mokapi.local:8994
+    protocol: imaps
 rules:
   allowSender:
     sender: .*@foo.bar

acceptance/mail/mail.mokapi.local.pem

@@ -0,0 +1,47 @@
+-----BEGIN CERTIFICATE-----
+MIIDGTCCAgGgAwIBAgIUPA/srixlfc1AdBYDnnbzFP6qt4EwDQYJKoZIhvcNAQEL
+BQAwHDEaMBgGA1UEAwwRbWFpbC5tb2thcGkubG9jYWwwHhcNMjUwODEwMTA1ODE1
+WhcNMjYwODEwMTA1ODE1WjAcMRowGAYDVQQDDBFtYWlsLm1va2FwaS5sb2NhbDCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJsLN8dxH41tNdwEOcQiL6SM
+Rtsx1vB852YhSGZ2Vbe3jGVFJLEG2O8VxrC1FF5qD5deCWwJ1c+E2i85TdvuqOpD
+r6+LWxkwSxYFhHzfALQNwj/70arTjSZ/QqOU5vPAs6GrsBKmGMmhKoEBuem/OQ7m
+Vt8HcW2z0mvt6ZsJlev1i6ry2pqoJYe2b97XTa+93XmuIDXQnQoAW4iXinXWgN37
+2t8ihw66vYlLk9l05PX8jnT+G2JqkxUaBqatE9wr1nQAbUfFjJl+OuniUMNZ6aBZ
+mAoVoAW9w/YrKnYDsrwnuByyoxSkpzWdUO5gUIMmp8zbBkUserchIiPusG6juocC
+AwEAAaNTMFEwHQYDVR0OBBYEFLbkG5lNinmCae1AxQQbZqs/8nGzMB8GA1UdIwQY
+MBaAFLbkG5lNinmCae1AxQQbZqs/8nGzMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBAHNjC037c9jeODLFGBK+/M43NU4EbU0b1omY25C5jjdMZeV6
+WRJNfC/EgOPzjZbykAJre5nKaT+jR1ITWtz8zb2sziAan3Ce9zcjwHBiFmblK2EW
+yiqorhW/xyYrk3b59dAypIvQIRAvZ53cflOiL1erGiD5WxIjSDouKfxkjkIF9yOQ
+VheX0KCIB7KqXkP3gb/LWXbZspRa9LgWZbo/+Rc/X4VISyTVOvNHVS9HQVLBXy59
+Qo8zxcCYPBw29TPdawhc7iR2J3FZKOZrq0ZY6UuWDuGiOI2AJ/Qnqp9cF/vmVjF5
+cTrB0VcoyMXCcUwTCSY7IpVWt9OJU7SqbdnWJdM=
+-----END CERTIFICATE-----
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCbCzfHcR+NbTXc
+BDnEIi+kjEbbMdbwfOdmIUhmdlW3t4xlRSSxBtjvFcawtRReag+XXglsCdXPhNov
+OU3b7qjqQ6+vi1sZMEsWBYR83wC0DcI/+9Gq040mf0KjlObzwLOhq7ASphjJoSqB
+AbnpvzkO5lbfB3Fts9Jr7embCZXr9Yuq8tqaqCWHtm/e102vvd15riA10J0KAFuI
+l4p11oDd+9rfIocOur2JS5PZdOT1/I50/htiapMVGgamrRPcK9Z0AG1HxYyZfjrp
+4lDDWemgWZgKFaAFvcP2Kyp2A7K8J7gcsqMUpKc1nVDuYFCDJqfM2wZFLHq3ISIj
+7rBuo7qHAgMBAAECggEABFvf4RUOmIjJ+1oJD7kQUtV4xn/TtaYlUUs9QFgyV7xq
+z4wOmIWDQtF/aQdmP7NGpfBIXoe2QaPQCITZagX/LLrjbRGDaaVgbwmPrH0OhYFf
+hTH8totFDCCGzJeKmK7BvhlYFWYjC0QjMEZOpkIwhfk21wVcDIQCNfOV3jx6QQx2
+f5W/Sjjv4HY2rRvNVI01DfucOvP1Ekovh3iD+n1A+LkhUP+7UnWMnW/+Z01oUW93
+3yaVZjBUbCIC3eoMG3H9RiNXXTdIwQnjKcIX/MeF5sZ6DA0abi5jQ8FUHLGche4w
+xG6xU0zlz02xQ7fsVmqKfCoNlsDQsmhDK6+OoqVNqQKBgQDOn2FuU/LaYE491xUd
+/65Hgp5MDpdIoPYwVjl0wudgEy9Vm03+cR9FqPoL3PKkmXweYeSTLVTI2Qj8HBA1
+Ak3JJ8CcUDASmhJXXhVgXbBuohpnKGq6Aq2/8dgC+/4mRBaL8zstJd9IDmkAK67j
+LQbTjw9CewFgRUaBTv9hXTePeQKBgQDAGGLTTj+8MnC4nri/KlMG97vPErQ4YRWW
+TI1DM6Gapa/2aj2q+ikKHTqyh+S+isyI/4PijRKl+d6+jPyZLD8SfY68HjBmkg4B
+d8Hb671BJud5VfDbsNWZJqFllJkTGQBVRYnVqhpRt6JHQWG8fGttU5rAsMFgKZwp
+xBdZUlEZ/wKBgDdQsdvAe658w9WIZC3gyj54uHoyGcwm02HDY6RfnWO6Hxzy8+Ff
+VXjnsPFGGGt6b6EOogvIwf73I5Giza/zSvHEQ6tVSFlih/B9zok668XifeEKD/B2
+UR+m1iaOYc7KwaJ73mbK0cjPmsqh5zMIVeCDVxl8JrUoNqTdij79nqc5AoGBAIrN
+VCNxSBZ5r/+HGOFw+LtxKHDRCA4xAIMw32Xumdf/3uzECblQt3TKeA5mqT+RVYes
+caSy4QWzTmMLxr37Pbvjo86EVd7XrG0dFqQNbBv2u41uLvLfjQfz5O1ceVtWVmpH
+K/iKyCfB8+1e7ftfP9Soc4rGbYRJrMB1I5X0KAwLAoGAIkAohY5unXmUw+ueSUtm
+M7mN6/apNQzmXCk/aBOscz6HbQoFzVm2vNaXjT5ZfCoJI+1KMocMfD52CK568ode
+wRF/gG1/Z8fUH219z/VyS9UZ8MwQj0ZGdZpKCpt5Ce+ijSdRzoJmZ4A4p/l2fzPA
+Vg7m4v6VowVMbbBjczJT8ws=
+-----END PRIVATE KEY-----

acceptance/mail_test.go

@@ -1,20 +1,30 @@
 package acceptance
 
 import (
+	"crypto/tls"
 	"encoding/json"
 	"github.com/stretchr/testify/require"
 	"mokapi/config/static"
 	"mokapi/server/cert"
 	"mokapi/smtp/smtptest"
 	"mokapi/try"
+	"net"
+	"os"
+	"path"
 	"testing"
 )
 
 type MailSuite struct{ BaseSuite }
 
 func (suite *MailSuite) SetupSuite() {
 	cfg := static.NewConfig()
+	wd, err := os.Getwd()
+	require.NoError(suite.T(), err)
+	cfg.ConfigFile = path.Join(wd, "mokapi.yaml")
 	cfg.Providers.File.Directories = []string{"./mail"}
+	cfg.Certificates.Static = []static.Certificate{
+		{Cert: "./mail/mail.mokapi.local.pem"},
+	}
 	suite.initCmd(cfg)
 }
 
@@ -238,3 +248,52 @@ It can be any text data.
 		}),
 	)
 }
+
+func (suite *MailSuite) TestCustomServerCertificate() {
+	conn, err := net.Dial("tcp", "localhost:8993")
+	require.NoError(suite.T(), err)
+	defer func() { _ = conn.Close() }()
+
+	// Upgrade to TLS
+	tlsConn := tls.Client(conn, &tls.Config{
+		// triggers hostname verification
+		ServerName:         "mail.mokapi.local",
+		InsecureSkipVerify: true,
+	})
+	defer func() { _ = tlsConn.Close() }()
+
+	err = tlsConn.Handshake()
+	require.NoError(suite.T(), err)
+
+	// Get server certificate
+	state := tlsConn.ConnectionState()
+	require.Len(suite.T(), state.PeerCertificates, 1)
+	c := state.PeerCertificates[0]
+
+	require.Equal(suite.T(), "mail.mokapi.local", c.Subject.CommonName)
+}
+
+func (suite *MailSuite) TestDynamicServerCertificate() {
+	conn, err := net.Dial("tcp", "localhost:8994")
+	require.NoError(suite.T(), err)
+	defer func() { _ = conn.Close() }()
+
+	// Upgrade to TLS
+	tlsConn := tls.Client(conn, &tls.Config{
+		// triggers hostname verification
+		ServerName:         "imap.mokapi.local",
+		InsecureSkipVerify: true,
+	})
+	defer func() { _ = tlsConn.Close() }()
+
+	err = tlsConn.Handshake()
+	require.NoError(suite.T(), err)
+
+	// Get server certificate
+	state := tlsConn.ConnectionState()
+	// root CA is included
+	require.Greater(suite.T(), len(state.PeerCertificates), 1)
+	c := state.PeerCertificates[0]
+
+	require.Equal(suite.T(), "imap.mokapi.local", c.Subject.CommonName)
+}

acceptance/petstore_test.go

@@ -187,6 +187,14 @@ func (suite *PetStoreSuite) TestGetOrderById() {
 		try.HasBody(`{"id":12545,"petId":20895,"quantity":16,"shipDate":"2027-11-26T16:57:16Z","status":"approved","complete":true}`))
 }
 
+func (suite *PetStoreSuite) TestTls() {
+	try.GetRequest(suite.T(), "https://localhost:18443/store/order/10",
+		map[string]string{"Accept": "application/json"},
+		try.HasStatusCode(http.StatusOK),
+		try.IsTls("localhost"),
+	)
+}
+
 func (suite *PetStoreSuite) TestKafka_TopicConfig() {
 	c := kafkatest.NewClient("127.0.0.1:19092", "test")
 	defer c.Close()

bruno/mail/mailbox messages.bru

@@ -5,14 +5,19 @@ meta {
 }
 
 get {
-  url: {{baseUrl}}/services/mail/{{mailServerName}}/mailboxes/:mailbox/folders/:folder
+  url: {{baseUrl}}/services/mail/{{mailServerName}}/mailboxes/:mailbox/messages
   body: none
   auth: inherit
 }
 
+params:query {
+  ~folder: 
+  ~index: 
+  ~limit: 
+}
+
 params:path {
-  folder: INBOX
-  mailbox: [email protected]
+  mailbox: [email protected]
 }
 
 settings {

cmd/mokapi/main_test.go

@@ -69,6 +69,8 @@ event:
     store:
         default:
             size: 100
+certificates:
+    static: []
 `, out)
 			},
 		},

config/dynamic/mokapi/config.go

@@ -24,6 +24,7 @@ type Config struct {
 	Features         []string          `json:"-" yaml:"-" explode:"feature"`
 	Version          bool              `json:"-" yaml:"-" aliases:"v"`
 	Event            Event             `json:"event" yaml:"event"`
+	Certificates     CertificateStore  `json:"certificates" yaml:"certificates"`
 	Args             []string          `json:"args" yaml:"-" aliases:"args"` // positional arguments
 }
 
@@ -167,6 +168,15 @@ type Store struct {
 
 type Configs []string
 
+type CertificateStore struct {
+	Static []Certificate
+}
+
+type Certificate struct {
+	Cert tls.FileOrContent `yaml:"cert" json:"cert"`
+	Key  tls.FileOrContent `yaml:"key" json:"key"`
+}
+
 func (c *Configs) UnmarshalJSON(b []byte) error {
 	dec := json.NewDecoder(bytes.NewReader(b))
 	token, err := dec.Token()

config/static/static_config.go

@@ -35,6 +35,7 @@
         "index": "guides/mail/overview.md",
         "items": {
           "Quick Start": "guides/mail/quick-start.md",
+          "Client": "guides/mail/client.md",
           "Rules": "guides/mail/rules.md"
         }
       }

docs/config.json

@@ -1,38 +1,83 @@
 ---
 title: HTTPS, TLS and Certificates
-description: Mokapi is able to mock the behaviour of multiple hostnames and present a valid X.509 Certificate for them. This guide shows you how to configure TLS.
+description: Mokapi can mock the behaviour of multiple hostnames and present valid X.509 certificates for them. This guide explains how to configure TLS in Mokapi.
 ---
 # HTTPS, TLS and Certificates
-Mokapi is able to mock the behaviour of multiple hostnames and present a valid X.509 Certificate
-for them. This guide shows you how to configure TLS.
+Mokapi can simulate multiple hostnames and present a valid X.509 certificate for each of
+them, making it possible to test HTTPS endpoints with realistic TLS behavior. 
+This guide explains how TLS works in Mokapi and how you can configure certificates to suit 
+your needs.
+
+## Example: Mocking HTTPS Endpoints
+
+When defining your API, you can specify HTTPS URLs in the `servers` section. Mokapi will
+automatically generate certificates for these hostnames at runtime if none are provided.
 
 ```yaml
 openapi: 3.0.0
-info: {}
+info:
+  title: Petstore
+  version: "1"
 servers:
   - url: https://demo
   - url: https://demo:8443
 paths: {}
 ```
 
-## Certificate Authority
-By default, Mokapi signs all generated certificate with its own CA certificate in the [git repo](https://github.com/marle3003/mokapi/tree/master/assets).
+In this example:
+- Mokapi will respond over HTTPS for https://demo and https://demo:8443.
+- If no certificate is provided, Mokapi will generate one signed by its own Certificate Authority.
 
-This example demonstrates how to reference a custom CA certificate as an environment variable.
+## Certificate Authority (CA)
+By default, Mokapi uses its own built-in Certificate Authority to sign any certificates it
+generates. The Root CA certificate and key are stored in the [Mokapi GitHub repository](https://github.com/marle3003/mokapi/tree/master/assets).
+
+If you want to use your own CA for signing, you can specify it, for example, by setting environment variables.
 ```yaml
 MOKAPI_RootCaCert: /path/to/caCert.pem
 MOKAPI_RootCaKey: /path/to/caKey.pem
 ```
 
-## Server Certificate
-You can set your custom server certificate or let Mokapi generate it on runtime. Mokapi
-generates a new certificate at first request, if you not provide a suitable certificate.
+Why use your own CA?
+- To avoid browser or client certificate warnings (if your CA is trusted by the OS or application). 
+- To align with an existing internal PKI (Public Key Infrastructure). 
+- To test certificate chains with your organization’s security policies.
+
+## Server Certificates
+
+Mokapi supports two ways of providing server certificates:
+
+### Option A — Let Mokapi Generate Certificates
+
+If you do not supply a certificate for a hostname, Mokapi will generate one dynamically the first
+time that hostname is requested. The certificate will be valid for the requested hostname and 
+signed by the configured CA (Mokapi’s default or your custom CA).
+
+### Option B — Provide Your Own Certificates
+
+If you already have certificates, you can configure Mokapi to use them instead of generating new ones.
+Add them to the static configuration:
 
 ```yaml
-mokapi: 1.0
 certificates:
-  - certFile: ./domainCert.pem
-    keyFile: ./domainKey.pem
-  - certFile: /path/to/other-domain.cert
-    keyFile: /path/to/other-domain.key
-```
+  static:
+    - cert: ./domainCert.pem
+      key: ./domainKey.pem
+    - cert: /path/to/other-domain.cert
+      key: /path/to/other-domain.key
+```
+
+You can list multiple certificate/key pairs to support multiple hostnames.
+
+## Tips for Working with Certificates
+
+- **Trust the CA** — If you use Mokapi’s default CA, importing its root certificate into your OS or browser’s trust store will prevent certificate warnings. 
+- **Match Hostnames** — The certificate’s Common Name (CN) or Subject Alternative Name (SAN) must match the hostname in your API definition (servers list). 
+- **Use Custom Domains** — For local testing, you can map custom domains in your /etc/hosts file or Windows hosts file to 127.0.0.1 so the hostname matches the certificate.
+
+## Summary
+
+- Mokapi can generate certificates dynamically or use certificates you provide. 
+- Certificates are signed by Mokapi’s default CA unless you specify a custom one. 
+- You can configure both the CA and the server certificates via environment variables or the static configuration. 
+- Trusting the CA in your OS avoids browser or client security warnings.