316382: support a more strict SSL option with certificates

Converted test classes to use new SslContextFactory API.

git-svn-id: svn+ssh://dev.eclipse.org/svnroot/rt/org.eclipse.jetty/jetty/trunk@2832 7e9141cc-0065-0410-87d8-b60c137991c4
This commit is contained in:
Michael Gorovoy 2011-03-01 00:40:11 +00:00
parent 2cc4fbb5ee
commit 8f09ef1266
18 changed files with 114 additions and 85 deletions

View File

@ -19,6 +19,7 @@ import org.eclipse.jetty.ajp.Ajp13SocketConnector;
import org.eclipse.jetty.deploy.DeploymentManager;
import org.eclipse.jetty.deploy.providers.ContextProvider;
import org.eclipse.jetty.deploy.providers.WebAppProvider;
import org.eclipse.jetty.http.ssl.SslContextFactory;
import org.eclipse.jetty.jmx.MBeanContainer;
import org.eclipse.jetty.security.HashLoginService;
import org.eclipse.jetty.server.Connector;
@ -70,13 +71,13 @@ public class LikeJettyXml
SslSelectChannelConnector ssl_connector = new SslSelectChannelConnector();
ssl_connector.setPort(8443);
ssl_connector.setKeystore(jetty_home + "/etc/keystore");
ssl_connector.setPassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
ssl_connector.setKeyPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
ssl_connector.setTruststore(jetty_home + "/etc/keystore");
ssl_connector.setTrustPassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
ssl_connector.setStatsOn(true);
ssl_connector.setExcludeCipherSuites(
SslContextFactory cf = ssl_connector.getSslContextFactory();
cf.setKeyStore(jetty_home + "/etc/keystore");
cf.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
cf.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
cf.setTrustStore(jetty_home + "/etc/keystore");
cf.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
cf.setExcludeCipherSuites(
new String[] {
"SSL_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_RSA_WITH_DES_CBC_SHA",
@ -86,6 +87,7 @@ public class LikeJettyXml
"SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"
});
ssl_connector.setStatsOn(true);
server.addConnector(ssl_connector);
Ajp13SocketConnector ajp = new Ajp13SocketConnector();

View File

@ -13,6 +13,7 @@
package org.eclipse.jetty.embedded;
import org.eclipse.jetty.http.ssl.SslContextFactory;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.nio.SelectChannelConnector;
@ -45,9 +46,10 @@ public class ManyConnectors
String jetty_home = System.getProperty("jetty.home","../jetty-distribution/target/distribution");
System.setProperty("jetty.home",jetty_home);
ssl_connector.setPort(8443);
ssl_connector.setKeystore(jetty_home + "/etc/keystore");
ssl_connector.setPassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
ssl_connector.setKeyPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
SslContextFactory cf = ssl_connector.getSslContextFactory();
cf.setKeyStore(jetty_home + "/etc/keystore");
cf.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
cf.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
server.addConnector(ssl_connector);
server.setConnectors(new Connector[]

View File

@ -1,10 +1,13 @@
package org.eclipse.jetty.client;
import java.io.File;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import java.io.IOException;
import java.net.URLEncoder;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
@ -13,6 +16,7 @@ import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.http.HttpHeaders;
import org.eclipse.jetty.http.HttpMethods;
import org.eclipse.jetty.http.MimeTypes;
import org.eclipse.jetty.http.ssl.SslContextFactory;
import org.eclipse.jetty.io.ByteArrayBuffer;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.Handler;
@ -26,10 +30,6 @@ import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
import org.junit.After;
import org.junit.Test;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
public class ProxyTunnellingTest
{
private Server server;
@ -41,9 +41,10 @@ public class ProxyTunnellingTest
{
SslSelectChannelConnector connector = new SslSelectChannelConnector();
String keyStorePath = MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath();
connector.setKeystore(keyStorePath);
connector.setPassword("storepwd");
connector.setKeyPassword("keypwd");
SslContextFactory cf = connector.getSslContextFactory();
cf.setKeyStore(keyStorePath);
cf.setKeyStorePassword("storepwd");
cf.setKeyManagerPassword("keypwd");
startServer(connector, handler);
}

View File

@ -15,6 +15,7 @@ package org.eclipse.jetty.client;
import java.io.File;
import org.eclipse.jetty.http.ssl.SslContextFactory;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.handler.HandlerCollection;
@ -35,9 +36,10 @@ public class SslContentExchangeTest
SslSelectChannelConnector connector = new SslSelectChannelConnector();
File keystore = MavenTestingUtils.getTestResourceFile("keystore");
connector.setKeystore(keystore.getAbsolutePath());
connector.setPassword("storepwd");
connector.setKeyPassword("keypwd");
SslContextFactory cf = connector.getSslContextFactory();
cf.setKeyStore(keystore.getAbsolutePath());
cf.setKeyStorePassword("storepwd");
cf.setKeyManagerPassword("keypwd");
server.addConnector(connector);
Handler handler = new TestHandler(getBasePath());

View File

@ -15,6 +15,7 @@ package org.eclipse.jetty.client;
import static org.hamcrest.Matchers.*;
import org.eclipse.jetty.http.ssl.SslContextFactory;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ssl.SslSocketConnector;
@ -54,9 +55,10 @@ public class SslHttpExchangeTest extends HttpExchangeTest
String keystore = MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath();
connector.setPort(0);
connector.setKeystore(keystore);
connector.setPassword("storepwd");
connector.setKeyPassword("keypwd");
SslContextFactory cf = connector.getSslContextFactory();
cf.setKeyStore(keystore);
cf.setKeyStorePassword("storepwd");
cf.setKeyManagerPassword("keypwd");
connector.setAllowRenegotiate(true);
_server.setConnectors(new Connector[]

View File

@ -20,6 +20,7 @@ import java.util.Set;
import org.eclipse.jetty.client.security.Realm;
import org.eclipse.jetty.http.security.Constraint;
import org.eclipse.jetty.http.ssl.SslContextFactory;
import org.eclipse.jetty.security.ConstraintMapping;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.security.HashLoginService;
@ -61,9 +62,10 @@ extends ContentExchangeTest
SslSelectChannelConnector connector = new SslSelectChannelConnector();
File keystore = MavenTestingUtils.getTestResourceFile("keystore");
connector.setKeystore(keystore.getAbsolutePath());
connector.setPassword("storepwd");
connector.setKeyPassword("keypwd");
SslContextFactory cf = connector.getSslContextFactory();
cf.setKeyStore(keystore.getAbsolutePath());
cf.setKeyStorePassword("storepwd");
cf.setKeyManagerPassword("keypwd");
server.addConnector(connector);
File realmPropFile = MavenTestingUtils.getTestResourceFile("realm.properties");

View File

@ -34,6 +34,7 @@ import org.eclipse.jetty.client.security.HashRealmResolver;
import org.eclipse.jetty.client.security.Realm;
import org.eclipse.jetty.http.HttpMethods;
import org.eclipse.jetty.http.security.Constraint;
import org.eclipse.jetty.http.ssl.SslContextFactory;
import org.eclipse.jetty.io.EofException;
import org.eclipse.jetty.security.ConstraintMapping;
import org.eclipse.jetty.security.ConstraintSecurityHandler;
@ -146,9 +147,10 @@ public class SslSecurityListenerTest extends TestCase
String keystore = MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath();
connector.setPort(0);
connector.setKeystore(keystore);
connector.setPassword("storepwd");
connector.setKeyPassword("keypwd");
SslContextFactory cf = connector.getSslContextFactory();
cf.setKeyStore(keystore);
cf.setKeyStorePassword("storepwd");
cf.setKeyManagerPassword("keypwd");
_server.setConnectors(new Connector[]
{ connector });

View File

@ -61,8 +61,10 @@ public abstract class SslValidationTestBase extends SslContentExchangeTest
protected void configureClient(HttpClient client)
throws Exception
{
client.setTrustStoreLocation(_trustpath);
client.setTrustStorePassword(_password);
client.setConnectorType(__konnector);
SslContextFactory cf = client.getSslContextFactory();
cf.setTrustStore(_trustpath);
cf.setTrustStorePassword(_password);
}
}

View File

@ -24,6 +24,7 @@ import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.http.ssl.SslContextFactory;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.ssl.SslSelectChannelConnector;
import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
@ -41,9 +42,10 @@ public class ConnectHandlerConnectSSLTest extends AbstractProxyHandlerTest
SslSelectChannelConnector connector = new SslSelectChannelConnector();
String keyStorePath = MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath();
connector.setKeystore(keyStorePath);
connector.setPassword("storepwd");
connector.setKeyPassword("keypwd");
SslContextFactory cf = connector.getSslContextFactory();
cf.setKeyStore(keyStorePath);
cf.setKeyStorePassword("storepwd");
cf.setKeyManagerPassword("keypwd");
startServer(connector, new ServerHandler());
startProxy();

View File

@ -44,6 +44,7 @@ import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.http.ssl.SslContextFactory;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.Server;
@ -110,9 +111,10 @@ public class SSLEngineTest
String keystore = MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath();
connector.setPort(0);
connector.setKeystore(keystore);
connector.setPassword("storepwd");
connector.setKeyPassword("keypwd");
SslContextFactory cf = connector.getSslContextFactory();
cf.setKeyStore(keystore);
cf.setKeyStorePassword("storepwd");
cf.setKeyManagerPassword("keypwd");
connector.setRequestBufferSize(512);
connector.setRequestHeaderSize(512);

View File

@ -14,6 +14,7 @@ import java.util.concurrent.SynchronousQueue;
import java.util.concurrent.ThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicLong;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManagerFactory;
@ -21,6 +22,7 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.http.ssl.SslContextFactory;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.handler.AbstractHandler;
@ -42,11 +44,12 @@ public class SSLSelectChannelConnectorLoadTest
server.addConnector(connector);
String keystorePath = System.getProperty("basedir", ".") + "/src/test/resources/keystore";
connector.setKeystore(keystorePath);
connector.setPassword("storepwd");
connector.setKeyPassword("keypwd");
connector.setTruststore(keystorePath);
connector.setTrustPassword("storepwd");
SslContextFactory cf = connector.getSslContextFactory();
cf.setKeyStore(keystorePath);
cf.setKeyStorePassword("storepwd");
cf.setKeyManagerPassword("keypwd");
cf.setTrustStore(keystorePath);
cf.setTrustStorePassword("storepwd");
server.setHandler(new EmptyHandler());

View File

@ -12,15 +12,16 @@ import java.nio.channels.SocketChannel;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
import javax.net.ssl.SSLEngineResult.HandshakeStatus;
import javax.net.ssl.SSLProtocolException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.net.ssl.SSLEngineResult.HandshakeStatus;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.http.ssl.SslContextFactory;
import org.eclipse.jetty.io.nio.IndirectNIOBuffer;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.Request;
@ -90,10 +91,11 @@ public class SslRenegotiateTest
{
String keystore = MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath();
connector.setPort(0);
connector.setKeystore(keystore);
connector.setPassword("storepwd");
connector.setKeyPassword("keypwd");
connector.setAllowRenegotiate(reneg);
SslContextFactory cf = connector.getSslContextFactory();
cf.setKeyStore(keystore);
cf.setKeyStorePassword("storepwd");
cf.setKeyManagerPassword("keypwd");
cf.setAllowRenegotiate(reneg);
server.setConnectors(new Connector[] { connector });
server.setHandler(new HelloWorldHandler());

View File

@ -15,20 +15,14 @@ package org.eclipse.jetty.server.ssl;
import java.io.FileInputStream;
import java.net.Socket;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.eclipse.jetty.http.ssl.SslContextFactory;
import org.eclipse.jetty.server.HttpServerTestBase;
import org.junit.BeforeClass;
import org.junit.Test;
/**
* HttpServer Tester.
@ -52,11 +46,12 @@ public class SslSelectChannelServerTest extends HttpServerTestBase
{
SslSelectChannelConnector connector = new SslSelectChannelConnector();
String keystorePath = System.getProperty("basedir",".") + "/src/test/resources/keystore";
connector.setKeystore(keystorePath);
connector.setPassword("storepwd");
connector.setKeyPassword("keypwd");
connector.setTruststore(keystorePath);
connector.setTrustPassword("storepwd");
SslContextFactory cf = connector.getSslContextFactory();
cf.setKeyStore(keystorePath);
cf.setKeyStorePassword("storepwd");
cf.setKeyManagerPassword("keypwd");
cf.setTrustStore(keystorePath);
cf.setTrustStorePassword("storepwd");
connector.setUseDirectBuffers(true);
startServer(connector);

View File

@ -20,6 +20,7 @@ import java.security.KeyStore;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.eclipse.jetty.http.ssl.SslContextFactory;
import org.eclipse.jetty.server.ConnectorTimeoutTest;
import org.junit.BeforeClass;
@ -39,11 +40,12 @@ public class SslSelectChannelTimeoutTest extends ConnectorTimeoutTest
SslSelectChannelConnector connector = new SslSelectChannelConnector();
connector.setMaxIdleTime(MAX_IDLE_TIME); //250 msec max idle
String keystorePath = System.getProperty("basedir",".") + "/src/test/resources/keystore";
connector.setKeystore(keystorePath);
connector.setPassword("storepwd");
connector.setKeyPassword("keypwd");
connector.setTruststore(keystorePath);
connector.setTrustPassword("storepwd");
SslContextFactory cf = connector.getSslContextFactory();
cf.setKeyStore(keystorePath);
cf.setKeyStorePassword("storepwd");
cf.setKeyManagerPassword("keypwd");
cf.setTrustStore(keystorePath);
cf.setTrustStorePassword("storepwd");
startServer(connector);
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());

View File

@ -19,6 +19,7 @@ import java.security.KeyStore;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.eclipse.jetty.http.ssl.SslContextFactory;
import org.eclipse.jetty.server.HttpServerTestBase;
import org.junit.BeforeClass;
import org.junit.Test;
@ -45,11 +46,12 @@ public class SslSocketServerTest extends HttpServerTestBase
{
SslSocketConnector connector = new SslSocketConnector();
String keystorePath = System.getProperty("basedir",".") + "/src/test/resources/keystore";
connector.setKeystore(keystorePath);
connector.setPassword("storepwd");
connector.setKeyPassword("keypwd");
connector.setTruststore(keystorePath);
connector.setTrustPassword("storepwd");
SslContextFactory cf = connector.getSslContextFactory();
cf.setKeyStore(keystorePath);
cf.setKeyStorePassword("storepwd");
cf.setKeyManagerPassword("keypwd");
cf.setTrustStore(keystorePath);
cf.setTrustStorePassword("storepwd");
startServer(connector);

View File

@ -20,6 +20,7 @@ import java.security.KeyStore;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.eclipse.jetty.http.ssl.SslContextFactory;
import org.eclipse.jetty.server.ConnectorTimeoutTest;
import org.junit.BeforeClass;
@ -39,11 +40,12 @@ public class SslSocketTimeoutTest extends ConnectorTimeoutTest
SslSocketConnector connector = new SslSocketConnector();
connector.setMaxIdleTime(MAX_IDLE_TIME); //250 msec max idle
String keystorePath = System.getProperty("basedir",".") + "/src/test/resources/keystore";
connector.setKeystore(keystorePath);
connector.setPassword("storepwd");
connector.setKeyPassword("keypwd");
connector.setTruststore(keystorePath);
connector.setTrustPassword("storepwd");
SslContextFactory cf = connector.getSslContextFactory();
cf.setKeyStore(keystorePath);
cf.setKeyStorePassword("storepwd");
cf.setKeyManagerPassword("keypwd");
cf.setTrustStore(keystorePath);
cf.setTrustStorePassword("storepwd");
startServer(connector);

View File

@ -31,6 +31,7 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.http.ssl.SslContextFactory;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.handler.AbstractHandler;
@ -56,11 +57,12 @@ public class SslUploadTest
server.addConnector(connector);
String keystorePath = System.getProperty("basedir",".") + "/src/test/resources/keystore";
connector.setKeystore(keystorePath);
connector.setPassword("storepwd");
connector.setKeyPassword("keypwd");
connector.setTruststore(keystorePath);
connector.setTrustPassword("storepwd");
SslContextFactory cf = connector.getSslContextFactory();
cf.setKeyStore(keystorePath);
cf.setKeyStorePassword("storepwd");
cf.setKeyManagerPassword("keypwd");
cf.setTrustStore(keystorePath);
cf.setTrustStorePassword("storepwd");
server.setHandler(new EmptyHandler());

View File

@ -21,6 +21,7 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.http.ssl.SslContextFactory;
import org.eclipse.jetty.jmx.MBeanContainer;
import org.eclipse.jetty.security.HashLoginService;
import org.eclipse.jetty.server.Handler;
@ -99,11 +100,12 @@ public class TestServer
SslSelectChannelConnector ssl_connector = new SslSelectChannelConnector();
ssl_connector.setPort(8443);
ssl_connector.setKeystore(jetty_root + "/jetty-server/src/main/config/etc/keystore");
ssl_connector.setPassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
ssl_connector.setKeyPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
ssl_connector.setTruststore(jetty_root + "/jetty-server/src/main/config/etc/keystore");
ssl_connector.setTrustPassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
SslContextFactory cf = ssl_connector.getSslContextFactory();
cf.setKeyStore(jetty_root + "/jetty-server/src/main/config/etc/keystore");
cf.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
cf.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
cf.setTrustStore(jetty_root + "/jetty-server/src/main/config/etc/keystore");
cf.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
server.addConnector(ssl_connector);
HandlerCollection handlers = new HandlerCollection();