first cut at rest tls

cckim · cckim · commit 603145daa502 · 2025-11-19T09:40:58.000-08:00
diff --git a/rest/tls/config.yaml b/rest/tls/config.yaml
@@ -0,0 +1,9 @@
+configurationset:
+  - configuration:
+      name: selfsign
+      ca: STEPZEN_SERVER_CRT
+  - configuration:
+      name: selfsignedmtls
+      ca: STEPZEN_SERVER_CRT
+      cert: STEPZEN_CLIENT_CRT
+      key: STEPZEN_CLIENT_KEY
diff --git a/rest/tls/index.graphql b/rest/tls/index.graphql
@@ -0,0 +1,4 @@
+schema @sdl(files: ["tls.graphql"]) {
+  query: Query
+}
+
diff --git a/rest/tls/operations.graphql b/rest/tls/operations.graphql
@@ -0,0 +1,4 @@
+query run {
+  rest_self
+  rest_self_mtls
+}
diff --git a/rest/tls/stepzen.config.json b/rest/tls/stepzen.config.json
@@ -0,0 +1,3 @@
+{
+  "endpoint": "api/miscellaneous"
+}
diff --git a/rest/tls/tests/Makefile b/rest/tls/tests/Makefile
@@ -0,0 +1,35 @@
+# Makefile to build and validate a pair of *example* self-signed certificates for *simple* tests
+
+# enable to debug ssl server
+# DEBUG:=-debug
+all: client.crt server.crt env
+
+#  server.crt client.key server.key
+client.crt:
+	openssl req -x509 -newkey rsa:4096 -keyout client.key -out client.crt -sha256 -days 7650  \
+           -subj "/C=US/ST=Florida/L=Jacksonville/O=LOCALCLIENT/OU=Com/CN=localhost" -nodes \
+           -addext "subjectAltName = DNS:localhost, DNS:myalt, DNS:host.docker.internal"
+
+server.crt:
+	openssl req -x509 -newkey rsa:4096 -keyout server.key -out server.crt -sha256 -days 7650 \
+           -subj "/C=US/ST=California/L=San Jose/O=LOCALSERVER/OU=Com/CN=localhost" -nodes \
+           -addext "subjectAltName = DNS:localhost, DNS:host.docker.internal"
+
+run_validation_server_self_sign_mtls: server.crt client.crt
+	openssl s_server -accept 9443 -cert server.crt -key server.key -Verify 2 -CAfile client.crt $(DEBUG) -www
+
+run_validation_client_self_sign_mtls: client.crt
+	curl  --cert client.crt  --key client.key --cacert server.crt https://localhost:9443 -debug
+
+run_validation_server_self_sign: server.crt
+	openssl s_server -accept 8443 -cert server.crt -key server.key $(DEBUG) -www 
+
+clean:
+	rm -f server.crt server.key client.crt client.key
+
+env:	../.env
+
+../.env: client.crt server.crt
+	( echo STEPZEN_CLIENT_CRT=\""`cat client.crt`"\"; \
+	  echo STEPZEN_CLIENT_KEY=\""`cat client.key`"\"; \
+	   echo STEPZEN_SERVER_CRT=\""`cat server.crt`"\") > ../.env
diff --git a/rest/tls/tls.graphql b/rest/tls/tls.graphql
@@ -0,0 +1,27 @@
+type Query {
+  """
+  will contact localhost using host.docker.internal and 8443 and selfsign configuration
+  the ecmascript is used to repackage any content coming back (openssl s_server returns html)
+  """
+  rest_self: JSON
+    @rest(
+      endpoint: "https://host.docker.internal:8443/"
+      tls: "selfsign"
+      ecmascript: """
+      function transformREST(s) { return JSON.stringify({data100: s.length>100,  accept_8443: s.includes("-accept 8443")})}
+      """
+    )
+
+  """
+  will contact localhost using host.docker.internal and 9443 and mtls configuration
+  the ecmascript is used to repackage any content coming back (openssl s_server returns html)
+  """
+  rest_self_mtls: JSON
+    @rest(
+      endpoint: "https://host.docker.internal:9443/"
+      tls: "selfsignedmtls"
+      ecmascript: """
+      function transformREST(s) { return JSON.stringify({data100: s.length>100,  accept_9443: s.includes("-accept 9443")})}
+      """
+    )
+}

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +schema @sdl(files: ["tls.graphql"]) {
 +  query: Query
 +}
++
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+{`
	`2`	`+ "endpoint": "api/miscellaneous"`
	`3`	`+}`