Merged branch 'jetty-9.4.x' into 'jetty-10.0.x'.
This commit is contained in:
Simone Bordet
commit
783f3b49b0
|
|
@ -19,6 +19,7 @@
|
|||
package org.eclipse.jetty.client;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.InetSocketAddress;
|
||||
import java.net.URI;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
|
@ -34,6 +35,7 @@ import org.eclipse.jetty.http.HttpMethod;
|
|||
import org.eclipse.jetty.http.HttpScheme;
|
||||
import org.eclipse.jetty.http.HttpStatus;
|
||||
import org.eclipse.jetty.io.ClientConnectionFactory;
|
||||
import org.eclipse.jetty.io.ClientConnector;
|
||||
import org.eclipse.jetty.io.EndPoint;
|
||||
import org.eclipse.jetty.util.Promise;
|
||||
import org.eclipse.jetty.util.log.Log;
|
||||
|
|
@ -206,7 +208,12 @@ public class HttpProxy extends ProxyConfiguration.Proxy
|
|||
HttpDestination destination = (HttpDestination)context.get(HttpClientTransport.HTTP_DESTINATION_CONTEXT_KEY);
|
||||
ClientConnectionFactory connectionFactory = this.connectionFactory;
|
||||
if (destination.isSecure())
|
||||
{
|
||||
// Don't want to do DNS resolution here.
|
||||
InetSocketAddress address = InetSocketAddress.createUnresolved(destination.getHost(), destination.getPort());
|
||||
context.put(ClientConnector.REMOTE_SOCKET_ADDRESS_CONTEXT_KEY, address);
|
||||
connectionFactory = destination.newSslClientConnectionFactory(connectionFactory);
|
||||
}
|
||||
var oldConnection = endPoint.getConnection();
|
||||
var newConnection = connectionFactory.newConnection(endPoint, context);
|
||||
endPoint.upgrade(newConnection);
|
||||
|
|
|
|||
|
|
@ -53,10 +53,9 @@ public class ConnectHandlerSSLTest extends AbstractConnectHandlerTest
|
|||
public void prepare() throws Exception
|
||||
{
|
||||
sslContextFactory = new SslContextFactory.Server();
|
||||
String keyStorePath = MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath();
|
||||
String keyStorePath = MavenTestingUtils.getTestResourceFile("server_keystore.p12").getAbsolutePath();
|
||||
sslContextFactory.setKeyStorePath(keyStorePath);
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyManagerPassword("keypwd");
|
||||
server = new Server();
|
||||
serverConnector = new ServerConnector(server, sslContextFactory);
|
||||
server.addConnector(serverConnector);
|
||||
|
|
|
|||
|
|
@ -47,7 +47,6 @@ import org.eclipse.jetty.util.thread.QueuedThreadPool;
|
|||
import org.hamcrest.Matchers;
|
||||
import org.junit.jupiter.api.AfterEach;
|
||||
import org.junit.jupiter.params.ParameterizedTest;
|
||||
import org.junit.jupiter.params.provider.Arguments;
|
||||
import org.junit.jupiter.params.provider.MethodSource;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
|
|
@ -56,36 +55,29 @@ import static org.junit.jupiter.api.Assertions.assertFalse;
|
|||
|
||||
public class ForwardProxyServerTest
|
||||
{
|
||||
@SuppressWarnings("Duplicates")
|
||||
public static Stream<Arguments> scenarios()
|
||||
public static Stream<SslContextFactory.Server> serverTLS()
|
||||
{
|
||||
String keyStorePath = MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath();
|
||||
|
||||
// no server SSL
|
||||
SslContextFactory.Server scenario1 = null;
|
||||
// basic server SSL
|
||||
SslContextFactory.Server scenario2 = new SslContextFactory.Server();
|
||||
scenario2.setKeyStorePath(keyStorePath);
|
||||
scenario2.setKeyStorePassword("storepwd");
|
||||
scenario2.setKeyManagerPassword("keypwd");
|
||||
// TODO: add more SslContextFactory configurations/scenarios?
|
||||
|
||||
return Stream.of(scenario1, scenario2).map(Arguments::of);
|
||||
return Stream.of(null, newServerSslContextFactory());
|
||||
}
|
||||
|
||||
private SslContextFactory.Server serverSslContextFactory;
|
||||
private Server server;
|
||||
private ServerConnector serverConnector;
|
||||
private SslContextFactory.Server serverSslContextFactory;
|
||||
private Server proxy;
|
||||
private ServerConnector proxyConnector;
|
||||
|
||||
public void init(SslContextFactory.Server scenario)
|
||||
private static SslContextFactory.Server newServerSslContextFactory()
|
||||
{
|
||||
serverSslContextFactory = scenario;
|
||||
SslContextFactory.Server proxyTLS = new SslContextFactory.Server();
|
||||
String keyStorePath = MavenTestingUtils.getTestResourceFile("server_keystore.p12").getAbsolutePath();
|
||||
proxyTLS.setKeyStorePath(keyStorePath);
|
||||
proxyTLS.setKeyStorePassword("storepwd");
|
||||
return proxyTLS;
|
||||
}
|
||||
|
||||
protected void startServer(ConnectionFactory connectionFactory) throws Exception
|
||||
protected void startServer(SslContextFactory.Server serverTLS, ConnectionFactory connectionFactory) throws Exception
|
||||
{
|
||||
serverSslContextFactory = serverTLS;
|
||||
QueuedThreadPool serverThreads = new QueuedThreadPool();
|
||||
serverThreads.setName("server");
|
||||
server = new Server(serverThreads);
|
||||
|
|
@ -128,28 +120,20 @@ public class ForwardProxyServerTest
|
|||
protected void stopServer() throws Exception
|
||||
{
|
||||
if (server != null)
|
||||
{
|
||||
server.stop();
|
||||
server.join();
|
||||
}
|
||||
}
|
||||
|
||||
protected void stopProxy() throws Exception
|
||||
{
|
||||
if (proxy != null)
|
||||
{
|
||||
proxy.stop();
|
||||
proxy.join();
|
||||
}
|
||||
}
|
||||
|
||||
@ParameterizedTest
|
||||
@MethodSource("scenarios")
|
||||
public void testRequestTarget(SslContextFactory.Server scenario) throws Exception
|
||||
@MethodSource("serverTLS")
|
||||
public void testRequestTarget(SslContextFactory.Server serverTLS) throws Exception
|
||||
{
|
||||
init(scenario);
|
||||
|
||||
startServer(new AbstractConnectionFactory("http/1.1")
|
||||
startServer(serverTLS, new AbstractConnectionFactory("http/1.1")
|
||||
{
|
||||
@Override
|
||||
public Connection newConnection(Connector connector, EndPoint endPoint)
|
||||
|
|
@ -206,15 +190,9 @@ public class ForwardProxyServerTest
|
|||
});
|
||||
startProxy();
|
||||
|
||||
SslContextFactory.Client clientTLS = new SslContextFactory.Client(true);
|
||||
ClientConnector clientConnector = new ClientConnector();
|
||||
String keyStorePath = MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath();
|
||||
SslContextFactory.Client clientSsl = new SslContextFactory.Client();
|
||||
clientSsl.setKeyStorePath(keyStorePath);
|
||||
clientSsl.setKeyStorePassword("storepwd");
|
||||
clientSsl.setKeyManagerPassword("keypwd");
|
||||
clientSsl.setEndpointIdentificationAlgorithm(null);
|
||||
clientConnector.setSslContextFactory(clientSsl);
|
||||
|
||||
clientConnector.setSslContextFactory(clientTLS);
|
||||
HttpClient httpClient = new HttpClient(new HttpClientTransportOverHTTP(clientConnector));
|
||||
httpClient.getProxyConfiguration().getProxies().add(newHttpProxy());
|
||||
httpClient.start();
|
||||
|
|
|
|||
|
|
@ -24,11 +24,16 @@ import java.net.Socket;
|
|||
import java.net.URI;
|
||||
import java.net.URLEncoder;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.security.KeyStore;
|
||||
import java.security.Principal;
|
||||
import java.util.concurrent.CountDownLatch;
|
||||
import java.util.concurrent.ExecutionException;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
import java.util.concurrent.atomic.AtomicReference;
|
||||
import java.util.stream.Stream;
|
||||
import javax.net.ssl.KeyManager;
|
||||
import javax.net.ssl.SSLEngine;
|
||||
import javax.net.ssl.X509ExtendedKeyManager;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.ServletOutputStream;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
|
@ -64,8 +69,8 @@ import org.hamcrest.Matchers;
|
|||
import org.junit.jupiter.api.AfterEach;
|
||||
import org.junit.jupiter.api.Disabled;
|
||||
import org.junit.jupiter.api.Tag;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.params.ParameterizedTest;
|
||||
import org.junit.jupiter.params.provider.Arguments;
|
||||
import org.junit.jupiter.params.provider.MethodSource;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
|
|
@ -76,56 +81,46 @@ import static org.junit.jupiter.api.Assumptions.assumeTrue;
|
|||
|
||||
public class ForwardProxyTLSServerTest
|
||||
{
|
||||
@SuppressWarnings("Duplicates")
|
||||
public static Stream<Arguments> scenarios()
|
||||
public static Stream<SslContextFactory.Server> proxyTLS()
|
||||
{
|
||||
String keyStorePath = MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath();
|
||||
|
||||
// no server SSL
|
||||
SslContextFactory.Server scenario1 = null;
|
||||
// basic server SSL
|
||||
SslContextFactory.Server scenario2 = new SslContextFactory.Server();
|
||||
scenario2.setKeyStorePath(keyStorePath);
|
||||
scenario2.setKeyStorePassword("storepwd");
|
||||
scenario2.setKeyManagerPassword("keypwd");
|
||||
// TODO: add more SslContextFactory configurations/scenarios?
|
||||
|
||||
return Stream.of(scenario1, scenario2).map(Arguments::of);
|
||||
return Stream.of(null, newProxySslContextFactory());
|
||||
}
|
||||
|
||||
private SslContextFactory.Server proxySslContextFactory;
|
||||
private Server server;
|
||||
private ServerConnector serverConnector;
|
||||
private Server proxy;
|
||||
private ServerConnector proxyConnector;
|
||||
|
||||
public void init(SslContextFactory.Server scenario)
|
||||
{
|
||||
proxySslContextFactory = scenario;
|
||||
}
|
||||
private SslContextFactory.Server proxySslContextFactory;
|
||||
|
||||
protected void startTLSServer(Handler handler) throws Exception
|
||||
{
|
||||
SslContextFactory.Server sslContextFactory = newServerSslContextFactory();
|
||||
startTLSServer(sslContextFactory, handler);
|
||||
}
|
||||
|
||||
protected void startTLSServer(SslContextFactory.Server sslContextFactory, Handler handler) throws Exception
|
||||
{
|
||||
QueuedThreadPool serverThreads = new QueuedThreadPool();
|
||||
serverThreads.setName("server");
|
||||
server = new Server(serverThreads);
|
||||
serverConnector = new ServerConnector(server, newServerSslContextFactory());
|
||||
serverConnector = new ServerConnector(server, sslContextFactory);
|
||||
server.addConnector(serverConnector);
|
||||
server.setHandler(handler);
|
||||
server.start();
|
||||
}
|
||||
|
||||
protected void startProxy() throws Exception
|
||||
protected void startProxy(SslContextFactory.Server proxyTLS) throws Exception
|
||||
{
|
||||
startProxy(new ConnectHandler());
|
||||
startProxy(proxyTLS, new ConnectHandler());
|
||||
}
|
||||
|
||||
protected void startProxy(ConnectHandler connectHandler) throws Exception
|
||||
protected void startProxy(SslContextFactory.Server proxyTLS, ConnectHandler connectHandler) throws Exception
|
||||
{
|
||||
proxySslContextFactory = proxyTLS;
|
||||
QueuedThreadPool proxyThreads = new QueuedThreadPool();
|
||||
proxyThreads.setName("proxy");
|
||||
proxy = new Server(proxyThreads);
|
||||
proxyConnector = new ServerConnector(proxy, proxySslContextFactory);
|
||||
proxyConnector = new ServerConnector(proxy, proxyTLS);
|
||||
proxy.addConnector(proxyConnector);
|
||||
// Under Windows, it takes a while to detect that a connection
|
||||
// attempt fails, so use an explicit timeout
|
||||
|
|
@ -150,24 +145,24 @@ public class ForwardProxyTLSServerTest
|
|||
private static SslContextFactory.Server newServerSslContextFactory()
|
||||
{
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
configureSslContextFactory(sslContextFactory);
|
||||
String keyStorePath = MavenTestingUtils.getTestResourceFile("server_keystore.p12").getAbsolutePath();
|
||||
sslContextFactory.setKeyStorePath(keyStorePath);
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
return sslContextFactory;
|
||||
}
|
||||
|
||||
private static SslContextFactory.Server newProxySslContextFactory()
|
||||
{
|
||||
SslContextFactory.Server proxyTLS = new SslContextFactory.Server();
|
||||
String keyStorePath = MavenTestingUtils.getTestResourceFile("proxy_keystore.p12").getAbsolutePath();
|
||||
proxyTLS.setKeyStorePath(keyStorePath);
|
||||
proxyTLS.setKeyStorePassword("storepwd");
|
||||
return proxyTLS;
|
||||
}
|
||||
|
||||
private static SslContextFactory.Client newClientSslContextFactory()
|
||||
{
|
||||
SslContextFactory.Client sslContextFactory = new SslContextFactory.Client();
|
||||
configureSslContextFactory(sslContextFactory);
|
||||
sslContextFactory.setEndpointIdentificationAlgorithm(null);
|
||||
return sslContextFactory;
|
||||
}
|
||||
|
||||
private static void configureSslContextFactory(SslContextFactory sslContextFactory)
|
||||
{
|
||||
String keyStorePath = MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath();
|
||||
sslContextFactory.setKeyStorePath(keyStorePath);
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyManagerPassword("keypwd");
|
||||
return new SslContextFactory.Client(true);
|
||||
}
|
||||
|
||||
@AfterEach
|
||||
|
|
@ -196,12 +191,11 @@ public class ForwardProxyTLSServerTest
|
|||
}
|
||||
|
||||
@ParameterizedTest
|
||||
@MethodSource("scenarios")
|
||||
public void testOneExchange(SslContextFactory.Server scenario) throws Exception
|
||||
@MethodSource("proxyTLS")
|
||||
public void testOneExchange(SslContextFactory.Server proxyTLS) throws Exception
|
||||
{
|
||||
init(scenario);
|
||||
startTLSServer(new ServerHandler());
|
||||
startProxy();
|
||||
startProxy(proxyTLS);
|
||||
|
||||
HttpClient httpClient = newHttpClient();
|
||||
httpClient.getProxyConfiguration().getProxies().add(newHttpProxy());
|
||||
|
|
@ -232,12 +226,11 @@ public class ForwardProxyTLSServerTest
|
|||
}
|
||||
|
||||
@ParameterizedTest
|
||||
@MethodSource("scenarios")
|
||||
public void testTwoExchanges(SslContextFactory.Server scenario) throws Exception
|
||||
@MethodSource("proxyTLS")
|
||||
public void testTwoExchanges(SslContextFactory.Server proxyTLS) throws Exception
|
||||
{
|
||||
init(scenario);
|
||||
startTLSServer(new ServerHandler());
|
||||
startProxy();
|
||||
startProxy(proxyTLS);
|
||||
|
||||
HttpClient httpClient = newHttpClient();
|
||||
httpClient.getProxyConfiguration().getProxies().add(newHttpProxy());
|
||||
|
|
@ -279,12 +272,11 @@ public class ForwardProxyTLSServerTest
|
|||
}
|
||||
|
||||
@ParameterizedTest
|
||||
@MethodSource("scenarios")
|
||||
public void testTwoConcurrentExchanges(SslContextFactory.Server scenario) throws Exception
|
||||
@MethodSource("proxyTLS")
|
||||
public void testTwoConcurrentExchanges(SslContextFactory.Server proxyTLS) throws Exception
|
||||
{
|
||||
init(scenario);
|
||||
startTLSServer(new ServerHandler());
|
||||
startProxy();
|
||||
startProxy(proxyTLS);
|
||||
|
||||
HttpClient httpClient = newHttpClient();
|
||||
httpClient.getProxyConfiguration().getProxies().add(newHttpProxy());
|
||||
|
|
@ -346,15 +338,14 @@ public class ForwardProxyTLSServerTest
|
|||
}
|
||||
|
||||
@ParameterizedTest
|
||||
@MethodSource("scenarios")
|
||||
public void testShortIdleTimeoutOverriddenByRequest(SslContextFactory.Server scenario) throws Exception
|
||||
@MethodSource("proxyTLS")
|
||||
public void testShortIdleTimeoutOverriddenByRequest(SslContextFactory.Server proxyTLS) throws Exception
|
||||
{
|
||||
init(scenario);
|
||||
// Short idle timeout for HttpClient.
|
||||
long idleTimeout = 500;
|
||||
|
||||
startTLSServer(new ServerHandler());
|
||||
startProxy(new ConnectHandler()
|
||||
startProxy(proxyTLS, new ConnectHandler()
|
||||
{
|
||||
@Override
|
||||
protected void handleConnect(Request baseRequest, HttpServletRequest request, HttpServletResponse response, String serverAddress)
|
||||
|
|
@ -402,12 +393,11 @@ public class ForwardProxyTLSServerTest
|
|||
}
|
||||
|
||||
@ParameterizedTest
|
||||
@MethodSource("scenarios")
|
||||
public void testProxyDown(SslContextFactory.Server scenario) throws Exception
|
||||
@MethodSource("proxyTLS")
|
||||
public void testProxyDown(SslContextFactory.Server proxyTLS) throws Exception
|
||||
{
|
||||
init(scenario);
|
||||
startTLSServer(new ServerHandler());
|
||||
startProxy();
|
||||
startProxy(proxyTLS);
|
||||
int proxyPort = proxyConnector.getLocalPort();
|
||||
stopProxy();
|
||||
|
||||
|
|
@ -431,14 +421,13 @@ public class ForwardProxyTLSServerTest
|
|||
}
|
||||
|
||||
@ParameterizedTest
|
||||
@MethodSource("scenarios")
|
||||
public void testServerDown(SslContextFactory.Server scenario) throws Exception
|
||||
@MethodSource("proxyTLS")
|
||||
public void testServerDown(SslContextFactory.Server proxyTLS) throws Exception
|
||||
{
|
||||
init(scenario);
|
||||
startTLSServer(new ServerHandler());
|
||||
int serverPort = serverConnector.getLocalPort();
|
||||
stopServer();
|
||||
startProxy();
|
||||
startProxy(proxyTLS);
|
||||
|
||||
HttpClient httpClient = newHttpClient();
|
||||
httpClient.getProxyConfiguration().getProxies().add(newHttpProxy());
|
||||
|
|
@ -459,12 +448,11 @@ public class ForwardProxyTLSServerTest
|
|||
}
|
||||
|
||||
@ParameterizedTest
|
||||
@MethodSource("scenarios")
|
||||
public void testProxyClosesConnection(SslContextFactory.Server scenario) throws Exception
|
||||
@MethodSource("proxyTLS")
|
||||
public void testProxyClosesConnection(SslContextFactory.Server proxyTLS) throws Exception
|
||||
{
|
||||
init(scenario);
|
||||
startTLSServer(new ServerHandler());
|
||||
startProxy(new ConnectHandler()
|
||||
startProxy(proxyTLS, new ConnectHandler()
|
||||
{
|
||||
@Override
|
||||
protected void handleConnect(Request baseRequest, HttpServletRequest request, HttpServletResponse response, String serverAddress)
|
||||
|
|
@ -487,12 +475,11 @@ public class ForwardProxyTLSServerTest
|
|||
}
|
||||
|
||||
@ParameterizedTest
|
||||
@MethodSource("scenarios")
|
||||
public void testProxyAuthentication(SslContextFactory.Server scenario) throws Exception
|
||||
@MethodSource("proxyTLS")
|
||||
public void testProxyAuthentication(SslContextFactory.Server proxyTLS) throws Exception
|
||||
{
|
||||
init(scenario);
|
||||
String realm = "test-realm";
|
||||
testProxyAuthentication(realm, new ConnectHandler()
|
||||
testProxyAuthentication(proxyTLS, new ConnectHandler()
|
||||
{
|
||||
@Override
|
||||
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
|
||||
|
|
@ -507,16 +494,15 @@ public class ForwardProxyTLSServerTest
|
|||
}
|
||||
super.handle(target, baseRequest, request, response);
|
||||
}
|
||||
});
|
||||
}, realm);
|
||||
}
|
||||
|
||||
@ParameterizedTest
|
||||
@MethodSource("scenarios")
|
||||
public void testProxyAuthenticationWithResponseContent(SslContextFactory.Server scenario) throws Exception
|
||||
@MethodSource("proxyTLS")
|
||||
public void testProxyAuthenticationWithResponseContent(SslContextFactory.Server proxyTLS) throws Exception
|
||||
{
|
||||
init(scenario);
|
||||
String realm = "test-realm";
|
||||
testProxyAuthentication(realm, new ConnectHandler()
|
||||
testProxyAuthentication(proxyTLS, new ConnectHandler()
|
||||
{
|
||||
@Override
|
||||
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
|
||||
|
|
@ -532,16 +518,15 @@ public class ForwardProxyTLSServerTest
|
|||
}
|
||||
super.handle(target, baseRequest, request, response);
|
||||
}
|
||||
});
|
||||
}, realm);
|
||||
}
|
||||
|
||||
@ParameterizedTest
|
||||
@MethodSource("scenarios")
|
||||
public void testProxyAuthenticationWithIncludedAddressWithResponseContent(SslContextFactory.Server scenario) throws Exception
|
||||
@MethodSource("proxyTLS")
|
||||
public void testProxyAuthenticationWithIncludedAddressWithResponseContent(SslContextFactory.Server proxyTLS) throws Exception
|
||||
{
|
||||
init(scenario);
|
||||
String realm = "test-realm";
|
||||
testProxyAuthentication(realm, new ConnectHandler()
|
||||
testProxyAuthentication(proxyTLS, new ConnectHandler()
|
||||
{
|
||||
@Override
|
||||
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
|
||||
|
|
@ -557,16 +542,15 @@ public class ForwardProxyTLSServerTest
|
|||
}
|
||||
super.handle(target, baseRequest, request, response);
|
||||
}
|
||||
}, true);
|
||||
}, realm, true);
|
||||
}
|
||||
|
||||
@ParameterizedTest
|
||||
@MethodSource("scenarios")
|
||||
public void testProxyAuthenticationClosesConnection(SslContextFactory.Server scenario) throws Exception
|
||||
@MethodSource("proxyTLS")
|
||||
public void testProxyAuthenticationClosesConnection(SslContextFactory.Server proxyTLS) throws Exception
|
||||
{
|
||||
init(scenario);
|
||||
String realm = "test-realm";
|
||||
testProxyAuthentication(realm, new ConnectHandler()
|
||||
testProxyAuthentication(proxyTLS, new ConnectHandler()
|
||||
{
|
||||
@Override
|
||||
protected boolean handleAuthentication(HttpServletRequest request, HttpServletResponse response, String address)
|
||||
|
|
@ -583,18 +567,18 @@ public class ForwardProxyTLSServerTest
|
|||
return true;
|
||||
}
|
||||
}
|
||||
});
|
||||
}, realm);
|
||||
}
|
||||
|
||||
private void testProxyAuthentication(String realm, ConnectHandler connectHandler) throws Exception
|
||||
private void testProxyAuthentication(SslContextFactory.Server proxyTLS, ConnectHandler connectHandler, String realm) throws Exception
|
||||
{
|
||||
testProxyAuthentication(realm, connectHandler, false);
|
||||
testProxyAuthentication(proxyTLS, connectHandler, realm, false);
|
||||
}
|
||||
|
||||
private void testProxyAuthentication(String realm, ConnectHandler connectHandler, boolean includeAddress) throws Exception
|
||||
private void testProxyAuthentication(SslContextFactory.Server proxyTLS, ConnectHandler connectHandler, String realm, boolean includeAddress) throws Exception
|
||||
{
|
||||
startTLSServer(new ServerHandler());
|
||||
startProxy(connectHandler);
|
||||
startProxy(proxyTLS, connectHandler);
|
||||
|
||||
HttpClient httpClient = newHttpClient();
|
||||
HttpProxy httpProxy = newHttpProxy();
|
||||
|
|
@ -626,13 +610,104 @@ public class ForwardProxyTLSServerTest
|
|||
}
|
||||
}
|
||||
|
||||
@ParameterizedTest
|
||||
@MethodSource("scenarios")
|
||||
@Test
|
||||
public void testBothProxyAndServerNeedClientAuth() throws Exception
|
||||
{
|
||||
// Keystore server_keystore.p12 contains:
|
||||
// - alias "mykey": self-signed certificate with private key.
|
||||
// - alias "client_root": certificate from client_keystore.p12 under the "server" alias.
|
||||
// Keystore proxy_keystore.p12 contains:
|
||||
// - alias "mykey": self-signed certificate with private key.
|
||||
// - alias "client_root": certificate from client_keystore.p12 under the "proxy" alias.
|
||||
// Keystore client_keystore.p12 contains:
|
||||
// - alias "proxy": self-signed certificate with private key to send to the proxy.
|
||||
// - alias "server": self-signed certificate with private key to send to the server.
|
||||
// - alias "proxy_root": certificate from proxy_keystore under the "mykey" alias.
|
||||
// - alias "server_root": certificate from server_keystore under the "mykey" alias.
|
||||
|
||||
// We want setEndpointIdentificationAlgorithm(null) for all 3 SslContextFactory
|
||||
// because the certificate common names do not match the host names.
|
||||
|
||||
SslContextFactory.Server serverTLS = newServerSslContextFactory();
|
||||
serverTLS.setEndpointIdentificationAlgorithm(null);
|
||||
serverTLS.setNeedClientAuth(true);
|
||||
startTLSServer(serverTLS, new ServerHandler());
|
||||
int serverPort = serverConnector.getLocalPort();
|
||||
String serverAlias = "server";
|
||||
|
||||
SslContextFactory.Server proxyTLS = newProxySslContextFactory();
|
||||
proxyTLS.setEndpointIdentificationAlgorithm(null);
|
||||
proxyTLS.setNeedClientAuth(true);
|
||||
startProxy(proxyTLS);
|
||||
int proxyPort = proxyConnector.getLocalPort();
|
||||
String proxyAlias = "proxy";
|
||||
|
||||
SslContextFactory.Client clientSslContextFactory = new SslContextFactory.Client()
|
||||
{
|
||||
@Override
|
||||
protected KeyManager[] getKeyManagers(KeyStore keyStore) throws Exception
|
||||
{
|
||||
KeyManager[] keyManagers = super.getKeyManagers(keyStore);
|
||||
for (int i = 0; i < keyManagers.length; i++)
|
||||
{
|
||||
KeyManager keyManager = keyManagers[i];
|
||||
if (keyManager instanceof X509ExtendedKeyManager)
|
||||
{
|
||||
X509ExtendedKeyManager extKeyManager = (X509ExtendedKeyManager)keyManager;
|
||||
keyManagers[i] = new X509ExtendedKeyManagerWrapper(extKeyManager)
|
||||
{
|
||||
@Override
|
||||
public String chooseEngineClientAlias(String[] keyType, Principal[] issuers, SSLEngine engine)
|
||||
{
|
||||
int port = engine.getPeerPort();
|
||||
if (port == serverPort)
|
||||
return serverAlias;
|
||||
else if (port == proxyPort)
|
||||
return proxyAlias;
|
||||
else
|
||||
return super.chooseEngineClientAlias(keyType, issuers, engine);
|
||||
}
|
||||
};
|
||||
}
|
||||
}
|
||||
return keyManagers;
|
||||
}
|
||||
};
|
||||
clientSslContextFactory.setKeyStorePath(MavenTestingUtils.getTestResourceFile("client_keystore.p12").getAbsolutePath());
|
||||
clientSslContextFactory.setKeyStorePassword("storepwd");
|
||||
clientSslContextFactory.setEndpointIdentificationAlgorithm(null);
|
||||
ClientConnector clientConnector = new ClientConnector();
|
||||
clientConnector.setSelectors(1);
|
||||
clientConnector.setSslContextFactory(clientSslContextFactory);
|
||||
HttpClient httpClient = new HttpClient(new HttpClientTransportOverHTTP(clientConnector));
|
||||
httpClient.getProxyConfiguration().getProxies().add(newHttpProxy());
|
||||
httpClient.start();
|
||||
|
||||
try
|
||||
{
|
||||
String body = "BODY";
|
||||
ContentResponse response = httpClient.newRequest("localhost", serverConnector.getLocalPort())
|
||||
.scheme(HttpScheme.HTTPS.asString())
|
||||
.method(HttpMethod.GET)
|
||||
.path("/echo?body=" + URLEncoder.encode(body, StandardCharsets.UTF_8))
|
||||
.timeout(5, TimeUnit.SECONDS)
|
||||
.send();
|
||||
|
||||
assertEquals(HttpStatus.OK_200, response.getStatus());
|
||||
String content = response.getContentAsString();
|
||||
assertEquals(body, content);
|
||||
}
|
||||
finally
|
||||
{
|
||||
httpClient.stop();
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
@Tag("external")
|
||||
@Disabled
|
||||
public void testExternalProxy(SslContextFactory.Server scenario) throws Exception
|
||||
public void testExternalProxy() throws Exception
|
||||
{
|
||||
init(scenario);
|
||||
// Free proxy server obtained from http://hidemyass.com/proxy-list/
|
||||
String proxyHost = "81.208.25.53";
|
||||
int proxyPort = 3128;
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
|
@ -626,6 +626,9 @@ public class GzipHandler extends HandlerWrapper implements GzipFactory
|
|||
|
||||
if (inflate)
|
||||
{
|
||||
if (LOG.isDebugEnabled())
|
||||
LOG.debug("{} inflate {}", this, request);
|
||||
|
||||
baseRequest.getHttpInput().addInterceptor(new GzipHttpInputInterceptor(baseRequest.getHttpChannel().getByteBufferPool(), _inflateBufferSize));
|
||||
|
||||
for (ListIterator<HttpField> i = baseRequest.getHttpFields().listIterator(); i.hasNext(); )
|
||||
|
|
@ -952,4 +955,10 @@ public class GzipHandler extends HandlerWrapper implements GzipFactory
|
|||
{
|
||||
return new DeflaterPool(capacity, Deflater.DEFAULT_COMPRESSION, true);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString()
|
||||
{
|
||||
return String.format("%s@%x{%s,min=%s,inflate=%s}", getClass().getSimpleName(), hashCode(), getState(), _minGzipSize, _inflateBufferSize);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -884,7 +884,7 @@ public class SessionHandler extends ScopedHandler
|
|||
* @param id The session ID stripped of any worker name.
|
||||
* @return A Session or null if none exists.
|
||||
*/
|
||||
protected Session getSession(String id)
|
||||
public Session getSession(String id)
|
||||
{
|
||||
try
|
||||
{
|
||||
|
|
|
|||
|
|
@ -35,7 +35,6 @@ import java.util.Arrays;
|
|||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.EventListener;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.Iterator;
|
||||
import java.util.LinkedHashMap;
|
||||
|
|
@ -43,6 +42,7 @@ import java.util.List;
|
|||
import java.util.Locale;
|
||||
import java.util.Map;
|
||||
import java.util.Scanner;
|
||||
import java.util.concurrent.ConcurrentHashMap;
|
||||
import java.util.concurrent.CopyOnWriteArrayList;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
import java.util.function.Predicate;
|
||||
|
|
@ -740,7 +740,7 @@ public class PathWatcher extends AbstractLifeCycle implements Runnable
|
|||
private boolean nativeWatchService;
|
||||
|
||||
private final List<Config> configs = new ArrayList<>();
|
||||
private final Map<WatchKey, Config> keys = new HashMap<>();
|
||||
private final Map<WatchKey, Config> keys = new ConcurrentHashMap<>();
|
||||
private final List<EventListener> listeners = new CopyOnWriteArrayList<>(); //a listener may modify the listener list directly or by stopping the PathWatcher
|
||||
|
||||
private final Map<Path, PathWatchEvent> pending = new LinkedHashMap<>(32, (float)0.75, false);
|
||||
|
|
|
|||
|
|
@ -26,6 +26,8 @@ import java.net.Socket;
|
|||
import java.security.InvalidAlgorithmParameterException;
|
||||
import java.security.KeyStore;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.Principal;
|
||||
import java.security.PrivateKey;
|
||||
import java.security.SecureRandom;
|
||||
import java.security.Security;
|
||||
import java.security.cert.CRL;
|
||||
|
|
@ -99,69 +101,24 @@ import org.eclipse.jetty.util.security.Password;
|
|||
@ManagedObject
|
||||
public abstract class SslContextFactory extends AbstractLifeCycle implements Dumpable
|
||||
{
|
||||
public static final TrustManager[] TRUST_ALL_CERTS = new X509TrustManager[]{
|
||||
new X509ExtendedTrustManager()
|
||||
{
|
||||
@Override
|
||||
public X509Certificate[] getAcceptedIssuers()
|
||||
{
|
||||
return new X509Certificate[0];
|
||||
}
|
||||
|
||||
@Override
|
||||
public void checkClientTrusted(X509Certificate[] certs, String authType)
|
||||
{
|
||||
}
|
||||
|
||||
@Override
|
||||
public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket)
|
||||
{
|
||||
}
|
||||
|
||||
@Override
|
||||
public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine)
|
||||
{
|
||||
}
|
||||
|
||||
@Override
|
||||
public void checkServerTrusted(X509Certificate[] certs, String authType)
|
||||
{
|
||||
}
|
||||
|
||||
@Override
|
||||
public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket)
|
||||
{
|
||||
}
|
||||
|
||||
@Override
|
||||
public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine)
|
||||
{
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
private static final Logger LOG = Log.getLogger(SslContextFactory.class);
|
||||
private static final Logger LOG_CONFIG = LOG.getLogger("SslContextFactoryConfig");
|
||||
|
||||
public static final TrustManager[] TRUST_ALL_CERTS = new X509TrustManager[]{new X509ExtendedTrustManagerWrapper(null)};
|
||||
public static final String DEFAULT_KEYMANAGERFACTORY_ALGORITHM = KeyManagerFactory.getDefaultAlgorithm();
|
||||
|
||||
public static final String DEFAULT_TRUSTMANAGERFACTORY_ALGORITHM = TrustManagerFactory.getDefaultAlgorithm();
|
||||
|
||||
/**
|
||||
* String name of key password property.
|
||||
*/
|
||||
public static final String KEYPASSWORD_PROPERTY = "org.eclipse.jetty.ssl.keypassword";
|
||||
|
||||
/**
|
||||
* String name of keystore password property.
|
||||
*/
|
||||
public static final String PASSWORD_PROPERTY = "org.eclipse.jetty.ssl.password";
|
||||
|
||||
private static final Logger LOG = Log.getLogger(SslContextFactory.class);
|
||||
private static final Logger LOG_CONFIG = LOG.getLogger("config");
|
||||
/**
|
||||
* Default Excluded Protocols List
|
||||
*/
|
||||
private static final String[] DEFAULT_EXCLUDED_PROTOCOLS = {"SSL", "SSLv2", "SSLv2Hello", "SSLv3"};
|
||||
|
||||
/**
|
||||
* Default Excluded Cipher Suite List
|
||||
*/
|
||||
|
|
@ -2037,15 +1994,14 @@ public abstract class SslContextFactory extends AbstractLifeCycle implements Dum
|
|||
_trustStoreResource);
|
||||
}
|
||||
|
||||
class Factory
|
||||
private static class Factory
|
||||
{
|
||||
private final KeyStore _keyStore;
|
||||
private final KeyStore _trustStore;
|
||||
private final SSLContext _context;
|
||||
|
||||
Factory(KeyStore keyStore, KeyStore trustStore, SSLContext context)
|
||||
private Factory(KeyStore keyStore, KeyStore trustStore, SSLContext context)
|
||||
{
|
||||
super();
|
||||
_keyStore = keyStore;
|
||||
_trustStore = trustStore;
|
||||
_context = context;
|
||||
|
|
@ -2188,4 +2144,126 @@ public abstract class SslContextFactory extends AbstractLifeCycle implements Dum
|
|||
_wantClientAuth = wantClientAuth;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* <p>A wrapper that delegates to another (if not {@code null}) X509ExtendedKeyManager.</p>
|
||||
*/
|
||||
public static class X509ExtendedKeyManagerWrapper extends X509ExtendedKeyManager
|
||||
{
|
||||
private final X509ExtendedKeyManager keyManager;
|
||||
|
||||
public X509ExtendedKeyManagerWrapper(X509ExtendedKeyManager keyManager)
|
||||
{
|
||||
this.keyManager = keyManager;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String[] getClientAliases(String keyType, Principal[] issuers)
|
||||
{
|
||||
return keyManager == null ? null : keyManager.getClientAliases(keyType, issuers);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket)
|
||||
{
|
||||
return keyManager == null ? null : keyManager.chooseClientAlias(keyType, issuers, socket);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String chooseEngineClientAlias(String[] keyType, Principal[] issuers, SSLEngine engine)
|
||||
{
|
||||
return keyManager == null ? null : keyManager.chooseEngineClientAlias(keyType, issuers, engine);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String[] getServerAliases(String keyType, Principal[] issuers)
|
||||
{
|
||||
return keyManager == null ? null : keyManager.getServerAliases(keyType, issuers);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket)
|
||||
{
|
||||
return keyManager == null ? null : keyManager.chooseServerAlias(keyType, issuers, socket);
|
||||
}
|
||||
|
||||
@Override
|
||||
public String chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine)
|
||||
{
|
||||
return keyManager == null ? null : keyManager.chooseEngineServerAlias(keyType, issuers, engine);
|
||||
}
|
||||
|
||||
@Override
|
||||
public X509Certificate[] getCertificateChain(String alias)
|
||||
{
|
||||
return keyManager == null ? null : keyManager.getCertificateChain(alias);
|
||||
}
|
||||
|
||||
@Override
|
||||
public PrivateKey getPrivateKey(String alias)
|
||||
{
|
||||
return keyManager == null ? null : keyManager.getPrivateKey(alias);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* <p>A wrapper that delegates to another (if not {@code null}) X509ExtendedTrustManager.</p>
|
||||
*/
|
||||
public static class X509ExtendedTrustManagerWrapper extends X509ExtendedTrustManager
|
||||
{
|
||||
private final X509ExtendedTrustManager trustManager;
|
||||
|
||||
public X509ExtendedTrustManagerWrapper(X509ExtendedTrustManager trustManager)
|
||||
{
|
||||
this.trustManager = trustManager;
|
||||
}
|
||||
|
||||
@Override
|
||||
public X509Certificate[] getAcceptedIssuers()
|
||||
{
|
||||
return trustManager == null ? new X509Certificate[0] : trustManager.getAcceptedIssuers();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException
|
||||
{
|
||||
if (trustManager != null)
|
||||
trustManager.checkClientTrusted(certs, authType);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void checkClientTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException
|
||||
{
|
||||
if (trustManager != null)
|
||||
trustManager.checkClientTrusted(chain, authType, socket);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void checkClientTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException
|
||||
{
|
||||
if (trustManager != null)
|
||||
trustManager.checkClientTrusted(chain, authType, engine);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException
|
||||
{
|
||||
if (trustManager != null)
|
||||
trustManager.checkServerTrusted(certs, authType);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void checkServerTrusted(X509Certificate[] chain, String authType, Socket socket) throws CertificateException
|
||||
{
|
||||
if (trustManager != null)
|
||||
trustManager.checkServerTrusted(chain, authType, socket);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void checkServerTrusted(X509Certificate[] chain, String authType, SSLEngine engine) throws CertificateException
|
||||
{
|
||||
if (trustManager != null)
|
||||
trustManager.checkServerTrusted(chain, authType, engine);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue