Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Issue #5362 - Adding SslContextFactory.Client to Proxy's HttpClient (#5363) 

- ProxyServletTest additions for server backend TLS
 - Updating test-proxy-webapp testing
 - Better class name for test
 - More documentation on purpose of test.

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
This commit is contained in:
Joakim Erdfelt 2020-09-28 17:39:59 -05:00 committed by GitHub
parent 8a524a6bf9
commit 8b1fcf0b58
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 200 additions and 167 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
jetty-proxy/src/main/java/org/eclipse/jetty/proxy/AbstractProxyServlet.java
View File

@ -55,6 +55,7 @@ import org.eclipse.jetty.util.ProcessorUtils;
import org.eclipse.jetty.util.StringUtil;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
/**
@ -362,7 +363,8 @@ public abstract class AbstractProxyServlet extends HttpServlet
String value = getServletConfig().getInitParameter("selectors");
if (value != null)
selectors = Integer.parseInt(value);
return new HttpClient(new HttpClientTransportOverHTTP(selectors), null);
SslContextFactory.Client clientSsl = new SslContextFactory.Client();
return new HttpClient(new HttpClientTransportOverHTTP(selectors), clientSsl);
}
protected HttpClient getHttpClient()

107
jetty-proxy/src/test/java/org/eclipse/jetty/proxy/ProxyServletTest.java
View File

@ -76,17 +76,21 @@ import org.eclipse.jetty.client.util.InputStreamResponseListener;
import org.eclipse.jetty.http.HttpHeader;
import org.eclipse.jetty.http.HttpHeaderValue;
import org.eclipse.jetty.http.HttpMethod;
import org.eclipse.jetty.http.HttpScheme;
import org.eclipse.jetty.http.HttpStatus;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.servlet.FilterHolder;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
import org.eclipse.jetty.util.IO;
import org.eclipse.jetty.util.StringUtil;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Test;
@ -127,6 +131,7 @@ public class ProxyServletTest
private AbstractProxyServlet proxyServlet;
private Server server;
private ServerConnector serverConnector;
private ServerConnector tlsServerConnector;
private void startServer(HttpServlet servlet) throws Exception
{
@ -136,6 +141,16 @@ public class ProxyServletTest
serverConnector = new ServerConnector(server);
server.addConnector(serverConnector);
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
String keyStorePath = MavenTestingUtils.getTestResourceFile("server_keystore.p12").getAbsolutePath();
sslContextFactory.setKeyStorePath(keyStorePath);
sslContextFactory.setKeyStorePassword("storepwd");
tlsServerConnector = new ServerConnector(server, new SslConnectionFactory(
sslContextFactory,
HttpVersion.HTTP_1_1.asString()),
new HttpConnectionFactory());
server.addConnector(tlsServerConnector);
ServletContextHandler appCtx = new ServletContextHandler(server, "/", true, false);
ServletHolder appServletHolder = new ServletHolder(servlet);
appCtx.addServlet(appServletHolder, "/*");
@ -730,27 +745,80 @@ public class ProxyServletTest
public static Stream<Arguments> transparentImpls()
{
return Stream.of(
ProxyServlet.Transparent.class,
AsyncProxyServlet.Transparent.class,
AsyncMiddleManServlet.Transparent.class
new ProxyServlet.Transparent()
{
@Override
protected HttpClient newHttpClient()
{
return newTrustAllClient(super.newHttpClient());
}
@Override
public String toString()
{
return ProxyServlet.Transparent.class.getName();
}
},
new AsyncProxyServlet.Transparent()
{
@Override
protected HttpClient newHttpClient()
{
return newTrustAllClient(super.newHttpClient());
}
@Override
public String toString()
{
return AsyncProxyServlet.Transparent.class.getName();
}
},
new AsyncMiddleManServlet.Transparent()
{
@Override
protected HttpClient newHttpClient()
{
return newTrustAllClient(super.newHttpClient());
}
@Override
public String toString()
{
return AsyncMiddleManServlet.Transparent.class.getName();
}
}
).map(Arguments::of);
}
@ParameterizedTest
@MethodSource("transparentImpls")
public void testTransparentProxy(Class<? extends ProxyServlet> proxyServletClass) throws Exception
private static HttpClient newTrustAllClient(HttpClient client)
{
testTransparentProxyWithPrefix(proxyServletClass, "/proxy");
SslContextFactory sslContextFactory = client.getSslContextFactory();
sslContextFactory.setTrustAll(true);
return client;
}
@ParameterizedTest
@MethodSource("transparentImpls")
public void testTransparentProxyWithRootContext(Class<? extends ProxyServlet> proxyServletClass) throws Exception
public void testTransparentProxy(AbstractProxyServlet proxyServletClass) throws Exception
{
testTransparentProxyWithPrefix(proxyServletClass, "/");
testTransparentProxyWithPrefix(proxyServletClass, "http", "/proxy");
}
private void testTransparentProxyWithPrefix(Class<? extends ProxyServlet> proxyServletClass, String prefix) throws Exception
@ParameterizedTest
@MethodSource("transparentImpls")
public void testTransparentProxyTls(AbstractProxyServlet proxyServletClass) throws Exception
{
testTransparentProxyWithPrefix(proxyServletClass, "https", "/proxy");
}
@ParameterizedTest
@MethodSource("transparentImpls")
public void testTransparentProxyWithRootContext(AbstractProxyServlet proxyServletClass) throws Exception
{
testTransparentProxyWithPrefix(proxyServletClass, "http", "/");
}
private void testTransparentProxyWithPrefix(AbstractProxyServlet proxyServletClass, String scheme, String prefix) throws Exception
{
final String target = "/test";
startServer(new HttpServlet()
@ -763,7 +831,10 @@ public class ProxyServletTest
resp.setStatus(target.equals(req.getRequestURI()) ? 200 : 404);
}
});
String proxyTo = "http://localhost:" + serverConnector.getLocalPort();
int serverPort = serverConnector.getLocalPort();
if (HttpScheme.HTTPS.is(scheme))
serverPort = tlsServerConnector.getLocalPort();
String proxyTo = scheme + "://localhost:" + serverPort;
Map<String, String> params = new HashMap<>();
params.put("proxyTo", proxyTo);
params.put("prefix", prefix);
@ -781,33 +852,33 @@ public class ProxyServletTest
@ParameterizedTest
@MethodSource("transparentImpls")
public void testTransparentProxyWithQuery(Class<? extends ProxyServlet> proxyServletClass) throws Exception
public void testTransparentProxyWithQuery(AbstractProxyServlet proxyServletClass) throws Exception
{
testTransparentProxyWithQuery(proxyServletClass, "/foo", "/proxy", "/test");
}
@ParameterizedTest
@MethodSource("transparentImpls")
public void testTransparentProxyEmptyContextWithQuery(Class<? extends ProxyServlet> proxyServletClass) throws Exception
public void testTransparentProxyEmptyContextWithQuery(AbstractProxyServlet proxyServletClass) throws Exception
{
testTransparentProxyWithQuery(proxyServletClass, "", "/proxy", "/test");
}
@ParameterizedTest
@MethodSource("transparentImpls")
public void testTransparentProxyEmptyTargetWithQuery(Class<? extends ProxyServlet> proxyServletClass) throws Exception
public void testTransparentProxyEmptyTargetWithQuery(AbstractProxyServlet proxyServletClass) throws Exception
{
testTransparentProxyWithQuery(proxyServletClass, "/bar", "/proxy", "");
}
@ParameterizedTest
@MethodSource("transparentImpls")
public void testTransparentProxyEmptyContextEmptyTargetWithQuery(Class<? extends ProxyServlet> proxyServletClass) throws Exception
public void testTransparentProxyEmptyContextEmptyTargetWithQuery(AbstractProxyServlet proxyServletClass) throws Exception
{
testTransparentProxyWithQuery(proxyServletClass, "", "/proxy", "");
}
private void testTransparentProxyWithQuery(Class<? extends ProxyServlet> proxyServletClass, String proxyToContext, String prefix, String target) throws Exception
private void testTransparentProxyWithQuery(AbstractProxyServlet proxyServletClass, String proxyToContext, String prefix, String target) throws Exception
{
final String query = "a=1&b=2";
startServer(new HttpServlet()
@ -851,7 +922,7 @@ public class ProxyServletTest
@ParameterizedTest
@MethodSource("transparentImpls")
public void testTransparentProxyWithQueryWithSpaces(Class<? extends ProxyServlet> proxyServletClass) throws Exception
public void testTransparentProxyWithQueryWithSpaces(AbstractProxyServlet proxyServletClass) throws Exception
{
final String target = "/test";
final String query = "a=1&b=2&c=1234%205678&d=hello+world";
@ -893,7 +964,7 @@ public class ProxyServletTest
@ParameterizedTest
@MethodSource("transparentImpls")
public void testTransparentProxyWithoutPrefix(Class<? extends ProxyServlet> proxyServletClass) throws Exception
public void testTransparentProxyWithoutPrefix(AbstractProxyServlet proxyServletClass) throws Exception
{
final String target = "/test";
startServer(new HttpServlet()

17
tests/test-webapps/test-proxy-webapp/pom.xml
View File

@ -45,14 +45,6 @@
<artifactId>javax.servlet-api</artifactId>
<scope>provided</scope>
</dependency>
<!--
<dependency>
<groupId>org.eclipse.jetty.orbit</groupId>
<artifactId>javax.servlet</artifactId>
<scope>provided</scope>
</dependency>
-->
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-webapp</artifactId>
@ -61,13 +53,14 @@
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-jmx</artifactId>
<artifactId>jetty-client</artifactId>
<version>${project.version}</version>
<scope>test</scope>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.eclipse.jetty.toolchain</groupId>
<artifactId>jetty-test-helper</artifactId>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-jmx</artifactId>
<version>${project.version}</version>
<scope>test</scope>
</dependency>
<dependency>

3
tests/test-webapps/test-proxy-webapp/src/main/webapp/WEB-INF/web.xml
View File

@ -11,7 +11,8 @@
<param-value>https://www.eclipse.org/jetty/javadoc/</param-value>
</init-param>
<init-param>
<param-name>hostHeader</param-name><param-value>eclipse.org</param-value>
<param-name>hostHeader</param-name>
<param-value>www.eclipse.org</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
<async-supported>true</async-supported>

96
tests/test-webapps/test-proxy-webapp/src/test/java/org/eclipse/jetty/ProxyWebAppTest.java Normal file
View File

@ -0,0 +1,96 @@
//
// ========================================================================
// Copyright (c) 1995-2020 Mort Bay Consulting Pty Ltd and others.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
//
// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
//
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
//
// You may elect to redistribute this code under either of these licenses.
// ========================================================================
//
package org.eclipse.jetty;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeoutException;
import org.eclipse.jetty.client.HttpClient;
import org.eclipse.jetty.client.api.ContentResponse;
import org.eclipse.jetty.http.HttpStatus;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
import org.eclipse.jetty.util.component.LifeCycle;
import org.eclipse.jetty.webapp.WebAppContext;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.is;
/**
* Test the configuration found in WEB-INF/web.xml for purposes of the demo-base
*/
public class ProxyWebAppTest
{
private Server server;
private HttpClient client;
@BeforeEach
public void setup() throws Exception
{
server = new Server();
ServerConnector connector = new ServerConnector(server);
connector.setPort(0);
server.addConnector(connector);
WebAppContext webapp = new WebAppContext();
// This is a pieced together WebApp.
// We don't have a valid WEB-INF/lib to rely on at this point.
// So, open up server classes here, for purposes of this testcase.
webapp.getServerClasspathPattern().add("-org.eclipse.jetty.proxy.");
webapp.setWar(MavenTestingUtils.getProjectDirPath("src/main/webapp").toString());
webapp.setExtraClasspath(MavenTestingUtils.getTargetPath().resolve("classes").toString());
server.setHandler(webapp);
server.start();
client = new HttpClient();
client.start();
}
@AfterEach
public void teardown()
{
LifeCycle.stop(client);
LifeCycle.stop(server);
}
@Test
@Tag("external")
public void testProxyRequest() throws InterruptedException, ExecutionException, TimeoutException
{
ContentResponse response = client.newRequest(server.getURI().resolve("/proxy/current/"))
.followRedirects(false)
.send();
// Expecting a 200 OK (not a 302 redirect or other error)
// If we got an error here, that means our configuration in web.xml is bad / out of date.
// Such as the redirect from the eclipse website, we want all of the requests to go through
// this proxy configuration, not redirected to the actual website.
assertThat("response status", response.getStatus(), is(HttpStatus.OK_200));
// Expecting a Javadoc / APIDoc response - look for something unique for APIdoc.
assertThat("response", response.getContentAsString(), containsString("All&nbsp;Classes"));
}
}

135
tests/test-webapps/test-proxy-webapp/src/test/java/org/eclipse/jetty/TestTransparentProxyServer.java
View File

@ -1,135 +0,0 @@
//
// ========================================================================
// Copyright (c) 1995-2020 Mort Bay Consulting Pty Ltd and others.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
//
// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
//
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
//
// You may elect to redistribute this code under either of these licenses.
// ========================================================================
//
package org.eclipse.jetty;
import java.lang.management.ManagementFactory;
import org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory;
import org.eclipse.jetty.http2.HTTP2Cipher;
import org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory;
import org.eclipse.jetty.jmx.MBeanContainer;
import org.eclipse.jetty.server.ForwardedRequestCustomizer;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.server.handler.ContextHandlerCollection;
import org.eclipse.jetty.server.handler.DefaultHandler;
import org.eclipse.jetty.server.handler.HandlerCollection;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.StdErrLog;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.eclipse.jetty.webapp.WebAppContext;
import org.junit.jupiter.api.Disabled;
@Disabled("Not a test case")
public class TestTransparentProxyServer
{
public static void main(String[] args) throws Exception
{
((StdErrLog)Log.getLog()).setSource(false);
String jettyRoot = "../../..";
// Setup Threadpool
QueuedThreadPool threadPool = new QueuedThreadPool();
threadPool.setMaxThreads(100);
// Setup server
Server server = new Server(threadPool);
server.manage(threadPool);
// Setup JMX
MBeanContainer mbContainer = new MBeanContainer(ManagementFactory.getPlatformMBeanServer());
server.addBean(mbContainer);
server.addBean(Log.getLog());
// Common HTTP configuration
HttpConfiguration config = new HttpConfiguration();
config.setSecurePort(8443);
config.addCustomizer(new ForwardedRequestCustomizer());
config.setSendDateHeader(true);
config.setSendServerVersion(true);
// Http Connector
HttpConnectionFactory http = new HttpConnectionFactory(config);
ServerConnector httpConnector = new ServerConnector(server, http);
httpConnector.setPort(8080);
httpConnector.setIdleTimeout(30000);
server.addConnector(httpConnector);
// SSL configurations
SslContextFactory sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath(jettyRoot + "/jetty-server/src/main/config/etc/keystore");
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
sslContextFactory.setTrustStorePath(jettyRoot + "/jetty-server/src/main/config/etc/keystore");
sslContextFactory.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
sslContextFactory.setExcludeCipherSuites(
"SSL_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_DSS_WITH_DES_CBC_SHA",
"SSL_RSA_EXPORT_WITH_RC4_40_MD5",
"SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA");
sslContextFactory.setCipherComparator(new HTTP2Cipher.CipherComparator());
// HTTPS Configuration
HttpConfiguration httpsConfig = new HttpConfiguration(config);
httpsConfig.addCustomizer(new SecureRequestCustomizer());
// HTTP2 factory
HTTP2ServerConnectionFactory h2 = new HTTP2ServerConnectionFactory(httpsConfig);
ALPNServerConnectionFactory alpn = new ALPNServerConnectionFactory();
alpn.setDefaultProtocol(h2.getProtocol());
// SSL Factory
SslConnectionFactory ssl = new SslConnectionFactory(sslContextFactory, alpn.getProtocol());
// HTTP2 Connector
ServerConnector http2Connector =
new ServerConnector(server, ssl, alpn, h2, new HttpConnectionFactory(httpsConfig));
http2Connector.setPort(8443);
http2Connector.setIdleTimeout(15000);
server.addConnector(http2Connector);
// Handlers
HandlerCollection handlers = new HandlerCollection();
ContextHandlerCollection contexts = new ContextHandlerCollection();
handlers.setHandlers(new Handler[]
{contexts, new DefaultHandler()});
server.setHandler(handlers);
// Setup proxy webapp
WebAppContext webapp = new WebAppContext();
webapp.setResourceBase("src/main/webapp");
contexts.addHandler(webapp);
// start server
server.setStopAtShutdown(true);
server.start();
server.join();
}
}

5
tests/test-webapps/test-proxy-webapp/src/test/resources/jetty-logging.properties Normal file
View File

@ -0,0 +1,5 @@
org.eclipse.jetty.util.log.class=org.eclipse.jetty.util.log.StdErrLog
#org.eclipse.jetty.LEVEL=WARN
#org.eclipse.jetty.client.LEVEL=DEBUG
#org.eclipse.jetty.http.LEVEL=DEBUG
#org.eclipse.jetty.proxy.LEVEL=DEBUG