mirror of https://github.com/apache/nifi.git
NIFI-7730 Added regression tests for multiple certificate keystores.
Cleaned up JettyServer code. Changed test logging severity to include debug statements. Added test resources. This closes #4498. Co-authored-by: Kotaro Terada <kotarot@apache.org>
This commit is contained in:
parent
1e6619b91f
commit
c3cab48325
|
@ -453,7 +453,7 @@ public class TestHttpClient {
|
|||
final ServletHandler wrongPathServletHandler = new ServletHandler();
|
||||
wrongPathContextHandler.insertHandler(wrongPathServletHandler);
|
||||
|
||||
final SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
final SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/certs/keystore.jks");
|
||||
sslContextFactory.setKeyStorePassword("passwordpassword");
|
||||
sslContextFactory.setKeyStoreType("JKS");
|
||||
|
|
|
@ -975,19 +975,13 @@ public class JettyServer implements NiFiServer, ExtensionUiLoader {
|
|||
}
|
||||
|
||||
private SslContextFactory createSslContextFactory() {
|
||||
final SslContextFactory contextFactory = new SslContextFactory();
|
||||
configureSslContextFactory(contextFactory, props);
|
||||
return contextFactory;
|
||||
final SslContextFactory.Server serverContextFactory = new SslContextFactory.Server();
|
||||
configureSslContextFactory(serverContextFactory, props);
|
||||
return serverContextFactory;
|
||||
}
|
||||
|
||||
protected static void configureSslContextFactory(SslContextFactory contextFactory, NiFiProperties props) {
|
||||
// Need to set SslContextFactory's endpointIdentificationAlgorithm to null; this is a server,
|
||||
// not a client. Server does not need to perform hostname verification on the client.
|
||||
// Previous to Jetty 9.4.15.v20190215, this defaulted to null, and now defaults to "HTTPS".
|
||||
contextFactory.setEndpointIdentificationAlgorithm(null);
|
||||
|
||||
protected static void configureSslContextFactory(SslContextFactory.Server contextFactory, NiFiProperties props) {
|
||||
// Explicitly exclude legacy TLS protocol versions
|
||||
// contextFactory.setProtocol(CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
|
||||
contextFactory.setIncludeProtocols(CertificateUtils.getCurrentSupportedTlsProtocolVersions());
|
||||
contextFactory.setExcludeProtocols("TLS", "TLSv1", "TLSv1.1", "SSL", "SSLv2", "SSLv2Hello", "SSLv3");
|
||||
|
||||
|
|
|
@ -19,6 +19,9 @@ package org.apache.nifi.web.server
|
|||
import org.apache.log4j.AppenderSkeleton
|
||||
import org.apache.log4j.spi.LoggingEvent
|
||||
import org.apache.nifi.bundle.Bundle
|
||||
import org.apache.nifi.nar.ExtensionManagerHolder
|
||||
import org.apache.nifi.nar.ExtensionMapping
|
||||
import org.apache.nifi.nar.SystemBundle
|
||||
import org.apache.nifi.processor.DataUnit
|
||||
import org.apache.nifi.properties.StandardNiFiProperties
|
||||
import org.apache.nifi.security.util.CertificateUtils
|
||||
|
@ -121,6 +124,8 @@ class JettyServerGroovyTest extends GroovyTestCase {
|
|||
|
||||
@After
|
||||
void tearDown() throws Exception {
|
||||
// Cleans up the EMH so it can be reinitialized when a new Jetty server starts
|
||||
ExtensionManagerHolder.INSTANCE = null
|
||||
TestAppender.reset()
|
||||
}
|
||||
|
||||
|
@ -196,10 +201,9 @@ class JettyServerGroovyTest extends GroovyTestCase {
|
|||
assert !bothConfigsPresentForHttp
|
||||
assert !bothConfigsPresentForHttps
|
||||
|
||||
// Verifies that the warning was not logged
|
||||
assert log.size() == 2
|
||||
assert log.first() == "Both configs present for HTTP properties: false"
|
||||
assert log.last() == "Both configs present for HTTPS properties: false"
|
||||
// Verifies that the warning was not logged (messages are duplicated because of log4j.properties settings)
|
||||
assert log.size() == 4
|
||||
assert log.every { it =~ "Both configs present for HTTPS? properties: false" }
|
||||
}
|
||||
|
||||
@Test
|
||||
|
@ -242,10 +246,84 @@ class JettyServerGroovyTest extends GroovyTestCase {
|
|||
// Assertions defined above
|
||||
}
|
||||
|
||||
/**
|
||||
* Regression test added after NiFi 1.12.0 because Jetty upgrade to 9.4.26 no longer works
|
||||
* with multiple certificate keystores.
|
||||
*/
|
||||
@Test
|
||||
void testShouldStartWithMultipleCertificatePKCS12Keystore() {
|
||||
// Arrange
|
||||
final String externalHostname = "localhost"
|
||||
|
||||
NiFiProperties httpsProps = new StandardNiFiProperties(rawProperties: new Properties([
|
||||
(NiFiProperties.WEB_HTTPS_PORT): HTTPS_PORT as String,
|
||||
(NiFiProperties.WEB_HTTPS_HOST): externalHostname,
|
||||
(NiFiProperties.SECURITY_KEYSTORE): "src/test/resources/multiple_cert_keystore.p12",
|
||||
(NiFiProperties.SECURITY_KEYSTORE_PASSWD): "passwordpassword",
|
||||
(NiFiProperties.SECURITY_KEYSTORE_TYPE): "PKCS12",
|
||||
(NiFiProperties.NAR_LIBRARY_DIRECTORY): "target/"
|
||||
]))
|
||||
|
||||
JettyServer jetty = createJettyServer(httpsProps)
|
||||
Server internalServer = jetty.server
|
||||
List<Connector> connectors = Arrays.asList(internalServer.connectors)
|
||||
|
||||
// Act
|
||||
jetty.start()
|
||||
|
||||
// Assert
|
||||
assertServerConnector(connectors, "TLS", CURRENT_TLS_PROTOCOL_VERSIONS, CURRENT_TLS_PROTOCOL_VERSIONS, externalHostname, HTTPS_PORT)
|
||||
|
||||
// Clean up
|
||||
jetty.stop()
|
||||
}
|
||||
|
||||
/**
|
||||
* Regression test added after NiFi 1.12.0 because Jetty upgrade to 9.4.26 no longer works
|
||||
* with multiple certificate keystores.
|
||||
*/
|
||||
@Test
|
||||
void testShouldStartWithMultipleCertificateJKSKeystore() {
|
||||
// Arrange
|
||||
final String externalHostname = "localhost"
|
||||
|
||||
NiFiProperties httpsProps = new StandardNiFiProperties(rawProperties: new Properties([
|
||||
(NiFiProperties.WEB_HTTPS_PORT): HTTPS_PORT as String,
|
||||
(NiFiProperties.WEB_HTTPS_HOST): externalHostname,
|
||||
(NiFiProperties.SECURITY_KEYSTORE): "src/test/resources/multiple_cert_keystore.jks",
|
||||
(NiFiProperties.SECURITY_KEYSTORE_PASSWD): "passwordpassword",
|
||||
(NiFiProperties.SECURITY_KEYSTORE_TYPE): "JKS",
|
||||
(NiFiProperties.NAR_LIBRARY_DIRECTORY): "target/"
|
||||
]))
|
||||
|
||||
JettyServer jetty = createJettyServer(httpsProps)
|
||||
Server internalServer = jetty.server
|
||||
List<Connector> connectors = Arrays.asList(internalServer.connectors)
|
||||
|
||||
// Act
|
||||
jetty.start()
|
||||
|
||||
// Assert
|
||||
assertServerConnector(connectors, "TLS", CURRENT_TLS_PROTOCOL_VERSIONS, CURRENT_TLS_PROTOCOL_VERSIONS, externalHostname, HTTPS_PORT)
|
||||
|
||||
// Clean up
|
||||
jetty.stop()
|
||||
}
|
||||
|
||||
private static JettyServer createJettyServer(StandardNiFiProperties httpsProps) {
|
||||
Server internalServer = new Server()
|
||||
JettyServer jetty = new JettyServer(internalServer, httpsProps)
|
||||
jetty.systemBundle = SystemBundle.create(httpsProps)
|
||||
jetty.bundles = [] as Set<Bundle>
|
||||
jetty.extensionMapping = [size: { -> 0 }] as ExtensionMapping
|
||||
jetty.configureHttpsConnector(internalServer, new HttpConfiguration())
|
||||
jetty
|
||||
}
|
||||
|
||||
@Test
|
||||
void testShouldConfigureHTTPSConnector() {
|
||||
// Arrange
|
||||
final String externalHostname = "secure.host.com"
|
||||
final String externalHostname = "localhost"
|
||||
|
||||
NiFiProperties httpsProps = new StandardNiFiProperties(rawProperties: new Properties([
|
||||
(NiFiProperties.WEB_HTTPS_PORT): HTTPS_PORT as String,
|
||||
|
@ -260,9 +338,7 @@ class JettyServerGroovyTest extends GroovyTestCase {
|
|||
List<Connector> connectors = Arrays.asList(internalServer.connectors)
|
||||
|
||||
// Assert
|
||||
|
||||
// Set the expected TLS protocols to null because no actual keystore/truststore is loaded here
|
||||
assertServerConnector(connectors, "TLS", null, null, externalHostname, HTTPS_PORT)
|
||||
assertServerConnector(connectors, "TLS", CURRENT_TLS_PROTOCOL_VERSIONS, CURRENT_TLS_PROTOCOL_VERSIONS, externalHostname, HTTPS_PORT)
|
||||
}
|
||||
|
||||
@Test
|
||||
|
@ -411,16 +487,13 @@ class JettyServerGroovyTest extends GroovyTestCase {
|
|||
assert connector.port == EXPECTED_PORT
|
||||
assert connector.getProtocols() == ['ssl', 'http/1.1']
|
||||
|
||||
// This kind of testing is not ideal as it breaks encapsulation, but is necessary to enforce verification of the TLS protocol versions specified
|
||||
SslConnectionFactory connectionFactory = connector.getConnectionFactory("ssl") as SslConnectionFactory
|
||||
SslContextFactory sslContextFactory = connectionFactory._sslContextFactory as SslContextFactory
|
||||
SslContextFactory sslContextFactory = connectionFactory.getSslContextFactory()
|
||||
logger.debug("SSL Context Factory: ${sslContextFactory.dump()}")
|
||||
|
||||
// Using the getters is subject to NPE due to blind array copies
|
||||
assert sslContextFactory._sslProtocol == EXPECTED_TLS_PROTOCOL
|
||||
assert sslContextFactory._includeProtocols.containsAll(EXPECTED_INCLUDED_PROTOCOLS ?: Collections.emptySet())
|
||||
assert (sslContextFactory._excludeProtocols as List<String>).containsAll(LEGACY_TLS_PROTOCOLS)
|
||||
assert sslContextFactory._selectedProtocols == EXPECTED_SELECTED_PROTOCOLS as String[]
|
||||
assert sslContextFactory.getProtocol() == EXPECTED_TLS_PROTOCOL
|
||||
assert Arrays.asList(sslContextFactory.getIncludeProtocols()).containsAll(EXPECTED_INCLUDED_PROTOCOLS ?: Collections.emptySet())
|
||||
assert (sslContextFactory.getExcludeProtocols() as List<String>).containsAll(LEGACY_TLS_PROTOCOLS)
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
@ -43,12 +43,12 @@ public class JettyServerTest {
|
|||
addProps.put(NiFiProperties.SECURITY_KEYSTORE_PASSWD, testKeystorePassword);
|
||||
addProps.put(NiFiProperties.SECURITY_KEY_PASSWD, testKeyPassword);
|
||||
NiFiProperties nifiProperties = NiFiProperties.createBasicNiFiProperties(null, addProps);
|
||||
SslContextFactory contextFactory = mock(SslContextFactory.class);
|
||||
SslContextFactory.Server mockSCF = mock(SslContextFactory.Server.class);
|
||||
|
||||
JettyServer.configureSslContextFactory(contextFactory, nifiProperties);
|
||||
JettyServer.configureSslContextFactory(mockSCF, nifiProperties);
|
||||
|
||||
verify(contextFactory).setKeyStorePassword(testKeystorePassword);
|
||||
verify(contextFactory).setKeyManagerPassword(testKeyPassword);
|
||||
verify(mockSCF).setKeyStorePassword(testKeystorePassword);
|
||||
verify(mockSCF).setKeyManagerPassword(testKeyPassword);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
@ -59,12 +59,12 @@ public class JettyServerTest {
|
|||
final Map<String, String> addProps = new HashMap<>();
|
||||
addProps.put(NiFiProperties.SECURITY_KEY_PASSWD, testKeyPassword);
|
||||
NiFiProperties nifiProperties = NiFiProperties.createBasicNiFiProperties(null, addProps);
|
||||
SslContextFactory contextFactory = mock(SslContextFactory.class);
|
||||
SslContextFactory.Server mockSCF = mock(SslContextFactory.Server.class);
|
||||
|
||||
JettyServer.configureSslContextFactory(contextFactory, nifiProperties);
|
||||
JettyServer.configureSslContextFactory(mockSCF, nifiProperties);
|
||||
|
||||
verify(contextFactory).setKeyManagerPassword(testKeyPassword);
|
||||
verify(contextFactory, never()).setKeyStorePassword(anyString());
|
||||
verify(mockSCF).setKeyManagerPassword(testKeyPassword);
|
||||
verify(mockSCF, never()).setKeyStorePassword(anyString());
|
||||
}
|
||||
|
||||
@Test
|
||||
|
@ -75,12 +75,12 @@ public class JettyServerTest {
|
|||
final Map<String, String> addProps = new HashMap<>();
|
||||
addProps.put(NiFiProperties.SECURITY_KEYSTORE_PASSWD, testKeystorePassword);
|
||||
NiFiProperties nifiProperties = NiFiProperties.createBasicNiFiProperties(null, addProps);
|
||||
SslContextFactory contextFactory = mock(SslContextFactory.class);
|
||||
SslContextFactory.Server mockSCF = mock(SslContextFactory.Server.class);
|
||||
|
||||
JettyServer.configureSslContextFactory(contextFactory, nifiProperties);
|
||||
JettyServer.configureSslContextFactory(mockSCF, nifiProperties);
|
||||
|
||||
verify(contextFactory).setKeyStorePassword(testKeystorePassword);
|
||||
verify(contextFactory).setKeyManagerPassword(testKeystorePassword);
|
||||
verify(mockSCF).setKeyStorePassword(testKeystorePassword);
|
||||
verify(mockSCF).setKeyManagerPassword(testKeystorePassword);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
@ -90,12 +90,12 @@ public class JettyServerTest {
|
|||
String keyStoreType = KeystoreType.JKS.toString();
|
||||
addProps.put(NiFiProperties.SECURITY_KEYSTORE_TYPE, keyStoreType);
|
||||
NiFiProperties nifiProperties = NiFiProperties.createBasicNiFiProperties(null, addProps);
|
||||
SslContextFactory contextFactory = mock(SslContextFactory.class);
|
||||
SslContextFactory.Server mockSCF = mock(SslContextFactory.Server.class);
|
||||
|
||||
JettyServer.configureSslContextFactory(contextFactory, nifiProperties);
|
||||
JettyServer.configureSslContextFactory(mockSCF, nifiProperties);
|
||||
|
||||
verify(contextFactory).setKeyStoreType(keyStoreType);
|
||||
verify(contextFactory).setKeyStoreProvider(SUN_PROVIDER_NAME);
|
||||
verify(mockSCF).setKeyStoreType(keyStoreType);
|
||||
verify(mockSCF).setKeyStoreProvider(SUN_PROVIDER_NAME);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
@ -105,12 +105,12 @@ public class JettyServerTest {
|
|||
String keyStoreType = KeystoreType.PKCS12.toString();
|
||||
addProps.put(NiFiProperties.SECURITY_KEYSTORE_TYPE, keyStoreType);
|
||||
NiFiProperties nifiProperties = NiFiProperties.createBasicNiFiProperties(null, addProps);
|
||||
SslContextFactory contextFactory = mock(SslContextFactory.class);
|
||||
SslContextFactory.Server mockSCF = mock(SslContextFactory.Server.class);
|
||||
|
||||
JettyServer.configureSslContextFactory(contextFactory, nifiProperties);
|
||||
JettyServer.configureSslContextFactory(mockSCF, nifiProperties);
|
||||
|
||||
verify(contextFactory).setKeyStoreType(keyStoreType);
|
||||
verify(contextFactory).setKeyStoreProvider(BouncyCastleProvider.PROVIDER_NAME);
|
||||
verify(mockSCF).setKeyStoreType(keyStoreType);
|
||||
verify(mockSCF).setKeyStoreProvider(BouncyCastleProvider.PROVIDER_NAME);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
@ -120,12 +120,12 @@ public class JettyServerTest {
|
|||
String trustStoreType = KeystoreType.JKS.toString();
|
||||
addProps.put(NiFiProperties.SECURITY_TRUSTSTORE_TYPE, trustStoreType);
|
||||
NiFiProperties nifiProperties = NiFiProperties.createBasicNiFiProperties(null, addProps);
|
||||
SslContextFactory contextFactory = mock(SslContextFactory.class);
|
||||
SslContextFactory.Server mockSCF = mock(SslContextFactory.Server.class);
|
||||
|
||||
JettyServer.configureSslContextFactory(contextFactory, nifiProperties);
|
||||
JettyServer.configureSslContextFactory(mockSCF, nifiProperties);
|
||||
|
||||
verify(contextFactory).setTrustStoreType(trustStoreType);
|
||||
verify(contextFactory).setTrustStoreProvider(SUN_PROVIDER_NAME);
|
||||
verify(mockSCF).setTrustStoreType(trustStoreType);
|
||||
verify(mockSCF).setTrustStoreProvider(SUN_PROVIDER_NAME);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
@ -135,11 +135,11 @@ public class JettyServerTest {
|
|||
String trustStoreType = KeystoreType.PKCS12.toString();
|
||||
addProps.put(NiFiProperties.SECURITY_TRUSTSTORE_TYPE, trustStoreType);
|
||||
NiFiProperties nifiProperties = NiFiProperties.createBasicNiFiProperties(null, addProps);
|
||||
SslContextFactory contextFactory = mock(SslContextFactory.class);
|
||||
SslContextFactory.Server mockSCF = mock(SslContextFactory.Server.class);
|
||||
|
||||
JettyServer.configureSslContextFactory(contextFactory, nifiProperties);
|
||||
JettyServer.configureSslContextFactory(mockSCF, nifiProperties);
|
||||
|
||||
verify(contextFactory).setTrustStoreType(trustStoreType);
|
||||
verify(contextFactory).setTrustStoreProvider(BouncyCastleProvider.PROVIDER_NAME);
|
||||
verify(mockSCF).setTrustStoreType(trustStoreType);
|
||||
verify(mockSCF).setTrustStoreProvider(BouncyCastleProvider.PROVIDER_NAME);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -16,6 +16,7 @@
|
|||
#
|
||||
|
||||
log4j.rootLogger=INFO,console,test
|
||||
log4j.logger.org.apache.nifi.web=DEBUG,console,test
|
||||
|
||||
log4j.appender.console=org.apache.log4j.ConsoleAppender
|
||||
log4j.appender.console.Target=System.err
|
||||
|
|
Binary file not shown.
Binary file not shown.
|
@ -77,12 +77,7 @@ public class NiFiTestServer {
|
|||
|
||||
// TODO: Refactor this method to use proper factory methods
|
||||
private void createSecureConnector() {
|
||||
org.eclipse.jetty.util.ssl.SslContextFactory contextFactory = new org.eclipse.jetty.util.ssl.SslContextFactory();
|
||||
|
||||
// Need to set SslContextFactory's endpointIdentificationAlgorithm to null; this is a server,
|
||||
// not a client. Server does not need to perform hostname verification on the client.
|
||||
// Previous to Jetty 9.4.15.v20190215, this defaulted to null, and now defaults to "HTTPS".
|
||||
contextFactory.setEndpointIdentificationAlgorithm(null);
|
||||
org.eclipse.jetty.util.ssl.SslContextFactory contextFactory = new org.eclipse.jetty.util.ssl.SslContextFactory.Server();
|
||||
|
||||
// require client auth when not supporting login or anonymous access
|
||||
if (StringUtils.isBlank(properties.getProperty(NiFiProperties.SECURITY_USER_LOGIN_IDENTITY_PROVIDER))) {
|
||||
|
|
|
@ -113,7 +113,7 @@ public class PrometheusServer {
|
|||
}
|
||||
|
||||
private SslContextFactory createSslFactory(final SSLContextService sslService, boolean needClientAuth, boolean wantClientAuth) {
|
||||
SslContextFactory sslFactory = new SslContextFactory();
|
||||
SslContextFactory sslFactory = new SslContextFactory.Server();
|
||||
|
||||
sslFactory.setNeedClientAuth(needClientAuth);
|
||||
sslFactory.setWantClientAuth(wantClientAuth);
|
||||
|
|
|
@ -520,18 +520,13 @@ public class HandleHttpRequest extends AbstractProcessor {
|
|||
}
|
||||
|
||||
private SslContextFactory createSslFactory(final SSLContextService sslService, final boolean needClientAuth, final boolean wantClientAuth) {
|
||||
final SslContextFactory sslFactory = new SslContextFactory();
|
||||
final SslContextFactory sslFactory = new SslContextFactory.Server();
|
||||
|
||||
sslFactory.setNeedClientAuth(needClientAuth);
|
||||
sslFactory.setWantClientAuth(wantClientAuth);
|
||||
|
||||
sslFactory.setProtocol(sslService.getSslAlgorithm());
|
||||
|
||||
// Need to set SslContextFactory's endpointIdentificationAlgorithm to null; this is a server,
|
||||
// not a client. Server does not need to perform hostname verification on the client.
|
||||
// Previous to Jetty 9.4.15.v20190215, this defaulted to null.
|
||||
sslFactory.setEndpointIdentificationAlgorithm(null);
|
||||
|
||||
if (sslService.isKeyStoreConfigured()) {
|
||||
sslFactory.setKeyStorePath(sslService.getKeyStoreFile());
|
||||
sslFactory.setKeyStorePassword(sslService.getKeyStorePassword());
|
||||
|
|
|
@ -256,14 +256,9 @@ public class ListenHTTP extends AbstractSessionFactoryProcessor {
|
|||
|
||||
final boolean needClientAuth = sslContextService != null && sslContextService.getTrustStoreFile() != null;
|
||||
|
||||
final SslContextFactory contextFactory = new SslContextFactory();
|
||||
final SslContextFactory contextFactory = new SslContextFactory.Server();
|
||||
contextFactory.setNeedClientAuth(needClientAuth);
|
||||
|
||||
// Need to set SslContextFactory's endpointIdentificationAlgorithm to null; this is a server,
|
||||
// not a client. Server does not need to perform hostname verification on the client.
|
||||
// Previous to Jetty 9.4.15.v20190215, this defaulted to null, and now defaults to "HTTPS".
|
||||
contextFactory.setEndpointIdentificationAlgorithm(null);
|
||||
|
||||
if (needClientAuth) {
|
||||
contextFactory.setTrustStorePath(sslContextService.getTrustStoreFile());
|
||||
contextFactory.setTrustStoreType(sslContextService.getTrustStoreType());
|
||||
|
|
|
@ -141,7 +141,7 @@ class TestGetHTTPGroovy extends GroovyTestCase {
|
|||
|
||||
private
|
||||
static SslContextFactory createSslContextFactory(List supportedProtocols = DEFAULT_PROTOCOLS, List supportedCipherSuites = DEFAULT_CIPHER_SUITES) {
|
||||
final SslContextFactory contextFactory = new SslContextFactory()
|
||||
final SslContextFactory contextFactory = new SslContextFactory.Server()
|
||||
contextFactory.needClientAuth = false
|
||||
contextFactory.wantClientAuth = false
|
||||
|
||||
|
|
|
@ -133,7 +133,7 @@ class TestPostHTTPGroovy extends GroovyTestCase {
|
|||
|
||||
private
|
||||
static SslContextFactory createSslContextFactory(List supportedProtocols = DEFAULT_PROTOCOLS, List supportedCipherSuites = DEFAULT_CIPHER_SUITES) {
|
||||
final SslContextFactory contextFactory = new SslContextFactory()
|
||||
final SslContextFactory contextFactory = new SslContextFactory.Server()
|
||||
contextFactory.needClientAuth = false
|
||||
contextFactory.wantClientAuth = false
|
||||
|
||||
|
|
|
@ -76,7 +76,7 @@ public class TestServer {
|
|||
}
|
||||
|
||||
private void createSecureConnector(final Map<String, String> sslProperties) {
|
||||
SslContextFactory ssl = new SslContextFactory();
|
||||
SslContextFactory ssl = new SslContextFactory.Server();
|
||||
|
||||
if (sslProperties.get(StandardSSLContextService.KEYSTORE.getName()) != null) {
|
||||
ssl.setKeyStorePath(sslProperties.get(StandardSSLContextService.KEYSTORE.getName()));
|
||||
|
@ -97,11 +97,6 @@ public class TestServer {
|
|||
ssl.setNeedClientAuth(Boolean.parseBoolean(clientAuth));
|
||||
}
|
||||
|
||||
// Need to set SslContextFactory's endpointIdentificationAlgorithm to null; this is a server,
|
||||
// not a client. Server does not need to perform hostname verification on the client.
|
||||
// Previous to Jetty 9.4.15.v20190215, this defaulted to null, and now defaults to "HTTPS".
|
||||
ssl.setEndpointIdentificationAlgorithm(null);
|
||||
|
||||
// build the connector
|
||||
final ServerConnector https = new ServerConnector(jetty, ssl);
|
||||
|
||||
|
|
|
@ -67,7 +67,7 @@ public abstract class AbstractJettyWebSocketService extends AbstractWebSocketSer
|
|||
|
||||
|
||||
protected SslContextFactory createSslFactory(final SSLContextService sslService, final boolean needClientAuth, final boolean wantClientAuth, final String endpointIdentificationAlgorithm) {
|
||||
final SslContextFactory sslFactory = new SslContextFactory();
|
||||
final SslContextFactory sslFactory = new SslContextFactory.Server();
|
||||
|
||||
sslFactory.setNeedClientAuth(needClientAuth);
|
||||
sslFactory.setWantClientAuth(wantClientAuth);
|
||||
|
|
|
@ -46,7 +46,7 @@ public class WebSocketClientExample {
|
|||
String destUri = "wss://localhost:50010/test";
|
||||
|
||||
final CountDownLatch replyLatch = new CountDownLatch(1);
|
||||
final SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
final SslContextFactory sslContextFactory = new SslContextFactory.Client();
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/certs/keystore.jks");
|
||||
sslContextFactory.setKeyStorePassword("passwordpassword");
|
||||
sslContextFactory.setKeyStoreType("JKS");
|
||||
|
|
|
@ -152,16 +152,11 @@ public class WebSocketServerExample {
|
|||
httpConnector = new ServerConnector(server);
|
||||
httpConnector.setPort(50010);
|
||||
|
||||
final SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
final SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/certs/keystore.jks");
|
||||
sslContextFactory.setKeyStorePassword("passwordpassword");
|
||||
sslContextFactory.setKeyStoreType("JKS");
|
||||
|
||||
// Need to set SslContextFactory's endpointIdentificationAlgorithm to null; this is a server,
|
||||
// not a client. Server does not need to perform hostname verification on the client.
|
||||
// Previous to Jetty 9.4.15.v20190215, this defaulted to null, and now defaults to "HTTPS".
|
||||
sslContextFactory.setEndpointIdentificationAlgorithm(null);
|
||||
|
||||
final HttpConfiguration https = new HttpConfiguration();
|
||||
https.addCustomizer(new SecureRequestCustomizer());
|
||||
sslConnector = new ServerConnector(server,
|
||||
|
|
|
@ -62,16 +62,11 @@ public class TlsCertificateAuthorityService {
|
|||
private static Server createServer(Handler handler, int port, KeyStore keyStore, String keyPassword) throws Exception {
|
||||
Server server = new Server();
|
||||
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setIncludeProtocols(CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
|
||||
sslContextFactory.setKeyStore(keyStore);
|
||||
sslContextFactory.setKeyManagerPassword(keyPassword);
|
||||
|
||||
// Need to set SslContextFactory's endpointIdentificationAlgorithm to null; this is a server,
|
||||
// not a client. Server does not need to perform hostname verification on the client.
|
||||
// Previous to Jetty 9.4.15.v20190215, this defaulted to null, and now defaults to "HTTPS".
|
||||
sslContextFactory.setEndpointIdentificationAlgorithm(null);
|
||||
|
||||
HttpConfiguration httpsConfig = new HttpConfiguration();
|
||||
httpsConfig.addCustomizer(new SecureRequestCustomizer());
|
||||
|
||||
|
|
Loading…
Reference in New Issue