Merge pull request #3480 from eclipse/jetty-9.4.x-3464-split_sslcontextfactory
Issue #3464 - Split SslContextFactory into Client and Server
This commit is contained in:
commit
c4b2621f56
|
@ -22,7 +22,6 @@ package org.eclipse.jetty.embedded;
|
|||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
import java.lang.management.ManagementFactory;
|
||||
import java.nio.file.Files;
|
||||
import java.util.Date;
|
||||
import java.util.EnumSet;
|
||||
|
||||
|
@ -101,7 +100,7 @@ public class Http2Server
|
|||
String jetty_distro = System.getProperty("jetty.distro","../../jetty-distribution/target/distribution");
|
||||
if (!new File(jetty_distro).exists())
|
||||
jetty_distro = "jetty-distribution/target/distribution";
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(jetty_distro + "/demo-base/etc/keystore");
|
||||
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
|
||||
|
|
|
@ -138,7 +138,7 @@ public class LikeJettyXml
|
|||
|
||||
// === jetty-https.xml ===
|
||||
// SSL Context Factory
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(jetty_home + "/../../../jetty-server/src/test/config/etc/keystore");
|
||||
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
|
||||
|
|
|
@ -20,9 +20,7 @@ package org.eclipse.jetty.embedded;
|
|||
|
||||
import java.io.File;
|
||||
import java.io.FileNotFoundException;
|
||||
import java.security.Security;
|
||||
|
||||
import org.conscrypt.OpenSSLProvider;
|
||||
import org.eclipse.jetty.http.HttpVersion;
|
||||
import org.eclipse.jetty.server.Connector;
|
||||
import org.eclipse.jetty.server.HttpConfiguration;
|
||||
|
@ -89,7 +87,7 @@ public class ManyConnectors
|
|||
// including things like choosing the particular certificate out of a
|
||||
// keystore to be used.
|
||||
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keystoreFile.getAbsolutePath());
|
||||
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
|
||||
|
|
|
@ -44,7 +44,7 @@ public class ConscryptHTTP2Client
|
|||
public static void main(String[] args) throws Exception
|
||||
{
|
||||
Security.addProvider(new OpenSSLProvider());
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Client();
|
||||
sslContextFactory.setProvider("Conscrypt");
|
||||
HTTP2Client client = new HTTP2Client();
|
||||
client.addBean(sslContextFactory);
|
||||
|
|
|
@ -61,24 +61,35 @@ public class ConscryptHTTP2ServerTest
|
|||
|
||||
private Server server = new Server();
|
||||
|
||||
private SslContextFactory newSslContextFactory()
|
||||
private SslContextFactory.Server newServerSslContextFactory()
|
||||
{
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
configureSslContextFactory(sslContextFactory);
|
||||
return sslContextFactory;
|
||||
}
|
||||
|
||||
private SslContextFactory.Client newClientSslContextFactory()
|
||||
{
|
||||
SslContextFactory.Client sslContextFactory = new SslContextFactory.Client();
|
||||
configureSslContextFactory(sslContextFactory);
|
||||
sslContextFactory.setEndpointIdentificationAlgorithm(null);
|
||||
return sslContextFactory;
|
||||
}
|
||||
|
||||
private void configureSslContextFactory(SslContextFactory sslContextFactory)
|
||||
{
|
||||
Path path = Paths.get("src", "test", "resources");
|
||||
File keys = path.resolve("keystore").toFile();
|
||||
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
sslContextFactory.setKeyStorePath(keys.getAbsolutePath());
|
||||
sslContextFactory.setKeyManagerPassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
sslContextFactory.setTrustStorePath(keys.getAbsolutePath());
|
||||
sslContextFactory.setKeyStorePath(keys.getAbsolutePath());
|
||||
sslContextFactory.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
sslContextFactory.setProvider("Conscrypt");
|
||||
sslContextFactory.setEndpointIdentificationAlgorithm(null);
|
||||
if (JavaVersion.VERSION.getPlatform() < 9)
|
||||
{
|
||||
// Conscrypt enables TLSv1.3 by default but it's not supported in Java 8.
|
||||
sslContextFactory.addExcludeProtocols("TLSv1.3");
|
||||
}
|
||||
return sslContextFactory;
|
||||
}
|
||||
|
||||
@BeforeEach
|
||||
|
@ -95,7 +106,7 @@ public class ConscryptHTTP2ServerTest
|
|||
HTTP2ServerConnectionFactory h2 = new HTTP2ServerConnectionFactory(httpsConfig);
|
||||
ALPNServerConnectionFactory alpn = new ALPNServerConnectionFactory();
|
||||
alpn.setDefaultProtocol(http.getProtocol());
|
||||
SslConnectionFactory ssl = new SslConnectionFactory(newSslContextFactory(), alpn.getProtocol());
|
||||
SslConnectionFactory ssl = new SslConnectionFactory(newServerSslContextFactory(), alpn.getProtocol());
|
||||
|
||||
ServerConnector http2Connector = new ServerConnector(server, ssl, alpn, h2, http);
|
||||
http2Connector.setPort(0);
|
||||
|
@ -125,7 +136,7 @@ public class ConscryptHTTP2ServerTest
|
|||
public void testSimpleRequest() throws Exception
|
||||
{
|
||||
HTTP2Client h2Client = new HTTP2Client();
|
||||
HttpClient client = new HttpClient(new HttpClientTransportOverHTTP2(h2Client), newSslContextFactory());
|
||||
HttpClient client = new HttpClient(new HttpClientTransportOverHTTP2(h2Client), newClientSslContextFactory());
|
||||
client.start();
|
||||
try
|
||||
{
|
||||
|
|
|
@ -42,7 +42,7 @@ public class JDK9HTTP2Client
|
|||
public static void main(String[] args) throws Exception
|
||||
{
|
||||
HTTP2Client client = new HTTP2Client();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Client();
|
||||
client.addBean(sslContextFactory);
|
||||
client.start();
|
||||
|
||||
|
|
|
@ -18,9 +18,6 @@
|
|||
|
||||
package org.eclipse.jetty.alpn.java.server;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
|
||||
import java.io.BufferedReader;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
|
@ -47,6 +44,9 @@ import org.eclipse.jetty.server.handler.AbstractHandler;
|
|||
import org.eclipse.jetty.util.ssl.SslContextFactory;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
|
||||
public class JDK9ALPNTest
|
||||
{
|
||||
private Server server;
|
||||
|
@ -68,7 +68,7 @@ public class JDK9ALPNTest
|
|||
|
||||
private SslContextFactory newSslContextFactory()
|
||||
{
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
|
||||
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
|
||||
|
@ -90,7 +90,7 @@ public class JDK9ALPNTest
|
|||
}
|
||||
});
|
||||
|
||||
SslContextFactory sslContextFactory = new SslContextFactory(true);
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Client(true);
|
||||
sslContextFactory.start();
|
||||
SSLContext sslContext = sslContextFactory.getSslContext();
|
||||
try (SSLSocket client = (SSLSocket)sslContext.getSocketFactory().createSocket("localhost", connector.getLocalPort()))
|
||||
|
@ -132,7 +132,7 @@ public class JDK9ALPNTest
|
|||
}
|
||||
});
|
||||
|
||||
SslContextFactory sslContextFactory = new SslContextFactory(true);
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Client(true);
|
||||
sslContextFactory.start();
|
||||
SSLContext sslContext = sslContextFactory.getSslContext();
|
||||
try (SSLSocket client = (SSLSocket)sslContext.getSocketFactory().createSocket("localhost", connector.getLocalPort()))
|
||||
|
|
|
@ -45,7 +45,7 @@ public class JDK9HTTP2Server
|
|||
httpsConfig.setSendServerVersion(true);
|
||||
httpsConfig.addCustomizer(new SecureRequestCustomizer());
|
||||
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
|
||||
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
|
||||
|
|
|
@ -42,7 +42,7 @@ public class OpenJDK8HTTP2Client
|
|||
public static void main(String[] args) throws Exception
|
||||
{
|
||||
HTTP2Client client = new HTTP2Client();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Client();
|
||||
client.addBean(sslContextFactory);
|
||||
client.start();
|
||||
|
||||
|
|
|
@ -45,7 +45,7 @@ public class OpenJDK8HTTP2Server
|
|||
httpsConfig.setSendServerVersion(true);
|
||||
httpsConfig.addCustomizer(new SecureRequestCustomizer());
|
||||
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
|
||||
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
|
||||
|
|
|
@ -58,7 +58,7 @@ public abstract class AbstractHttpClientServerTest
|
|||
serverThreads.setName("server");
|
||||
server = new Server(serverThreads);
|
||||
}
|
||||
connector = new ServerConnector(server, scenario.newSslContextFactory());
|
||||
connector = new ServerConnector(server, scenario.newServerSslContextFactory());
|
||||
connector.setPort(0);
|
||||
server.addConnector(connector);
|
||||
server.setHandler(handler);
|
||||
|
@ -67,12 +67,12 @@ public abstract class AbstractHttpClientServerTest
|
|||
|
||||
protected void startClient(final Scenario scenario) throws Exception
|
||||
{
|
||||
startClient(scenario, null,null);
|
||||
startClient(scenario, null, null);
|
||||
}
|
||||
|
||||
protected void startClient(final Scenario scenario, HttpClientTransport transport, Consumer<HttpClient> config) throws Exception
|
||||
{
|
||||
if (transport==null)
|
||||
if (transport == null)
|
||||
transport = new HttpClientTransportOverHTTP(1);
|
||||
|
||||
QueuedThreadPool executor = new QueuedThreadPool();
|
||||
|
@ -82,7 +82,7 @@ public abstract class AbstractHttpClientServerTest
|
|||
client.setExecutor(executor);
|
||||
client.setScheduler(scheduler);
|
||||
client.setSocketAddressResolver(new SocketAddressResolver.Sync());
|
||||
if (config!=null)
|
||||
if (config != null)
|
||||
config.accept(client);
|
||||
|
||||
client.start();
|
||||
|
@ -90,7 +90,7 @@ public abstract class AbstractHttpClientServerTest
|
|||
|
||||
public HttpClient newHttpClient(Scenario scenario, HttpClientTransport transport)
|
||||
{
|
||||
return new HttpClient(transport, scenario.newSslContextFactory());
|
||||
return new HttpClient(transport, scenario.newClientSslContextFactory());
|
||||
}
|
||||
|
||||
@AfterEach
|
||||
|
@ -113,9 +113,10 @@ public abstract class AbstractHttpClientServerTest
|
|||
}
|
||||
}
|
||||
|
||||
public static class ScenarioProvider implements ArgumentsProvider {
|
||||
public static class ScenarioProvider implements ArgumentsProvider
|
||||
{
|
||||
@Override
|
||||
public Stream<? extends Arguments> provideArguments(ExtensionContext context) throws Exception
|
||||
public Stream<? extends Arguments> provideArguments(ExtensionContext context)
|
||||
{
|
||||
return Stream.of(
|
||||
new NormalScenario(),
|
||||
|
@ -125,9 +126,10 @@ public abstract class AbstractHttpClientServerTest
|
|||
}
|
||||
}
|
||||
|
||||
public static class NonSslScenarioProvider implements ArgumentsProvider {
|
||||
public static class NonSslScenarioProvider implements ArgumentsProvider
|
||||
{
|
||||
@Override
|
||||
public Stream<? extends Arguments> provideArguments(ExtensionContext context) throws Exception
|
||||
public Stream<? extends Arguments> provideArguments(ExtensionContext context)
|
||||
{
|
||||
return Stream.of(
|
||||
new NormalScenario()
|
||||
|
@ -138,12 +140,27 @@ public abstract class AbstractHttpClientServerTest
|
|||
|
||||
public interface Scenario
|
||||
{
|
||||
default SslContextFactory newSslContextFactory() { return null; }
|
||||
SslContextFactory newClientSslContextFactory();
|
||||
|
||||
SslContextFactory newServerSslContextFactory();
|
||||
|
||||
String getScheme();
|
||||
}
|
||||
|
||||
public static class NormalScenario implements Scenario
|
||||
{
|
||||
@Override
|
||||
public SslContextFactory newClientSslContextFactory()
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public SslContextFactory newServerSslContextFactory()
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getScheme()
|
||||
{
|
||||
|
@ -160,15 +177,27 @@ public abstract class AbstractHttpClientServerTest
|
|||
public static class SslScenario implements Scenario
|
||||
{
|
||||
@Override
|
||||
public SslContextFactory newSslContextFactory()
|
||||
public SslContextFactory newClientSslContextFactory()
|
||||
{
|
||||
SslContextFactory.Client result = new SslContextFactory.Client();
|
||||
result.setEndpointIdentificationAlgorithm(null);
|
||||
configure(result);
|
||||
return result;
|
||||
}
|
||||
|
||||
@Override
|
||||
public SslContextFactory newServerSslContextFactory()
|
||||
{
|
||||
SslContextFactory.Server result = new SslContextFactory.Server();
|
||||
configure(result);
|
||||
return result;
|
||||
}
|
||||
|
||||
private void configure(SslContextFactory ssl)
|
||||
{
|
||||
Path keystorePath = MavenTestingUtils.getTestResourcePath("keystore.jks");
|
||||
|
||||
SslContextFactory ssl = new SslContextFactory();
|
||||
ssl.setEndpointIdentificationAlgorithm("");
|
||||
ssl.setKeyStorePath(keystorePath.toString());
|
||||
ssl.setKeyStorePassword("storepwd");
|
||||
return ssl;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -18,10 +18,6 @@
|
|||
|
||||
package org.eclipse.jetty.client;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
import static org.junit.jupiter.api.Assumptions.assumeTrue;
|
||||
|
||||
import java.net.Socket;
|
||||
import java.util.concurrent.CountDownLatch;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
@ -36,6 +32,10 @@ import org.junit.jupiter.api.BeforeEach;
|
|||
import org.junit.jupiter.api.Disabled;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
import static org.junit.jupiter.api.Assumptions.assumeTrue;
|
||||
|
||||
@Disabled
|
||||
public class ExternalSiteTest
|
||||
{
|
||||
|
@ -44,7 +44,7 @@ public class ExternalSiteTest
|
|||
@BeforeEach
|
||||
public void prepare() throws Exception
|
||||
{
|
||||
client = new HttpClient(new SslContextFactory());
|
||||
client = new HttpClient(new SslContextFactory.Client());
|
||||
client.start();
|
||||
}
|
||||
|
||||
|
@ -94,7 +94,7 @@ public class ExternalSiteTest
|
|||
public void testExternalSSLSite() throws Exception
|
||||
{
|
||||
client.stop();
|
||||
client = new HttpClient(new SslContextFactory());
|
||||
client = new HttpClient(new SslContextFactory.Client());
|
||||
client.start();
|
||||
|
||||
String host = "api-3t.paypal.com";
|
||||
|
|
|
@ -18,10 +18,6 @@
|
|||
|
||||
package org.eclipse.jetty.client;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
import static org.junit.jupiter.api.Assertions.fail;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.util.concurrent.ExecutionException;
|
||||
|
@ -40,11 +36,14 @@ import org.eclipse.jetty.util.ssl.SslContextFactory;
|
|||
import org.eclipse.jetty.util.thread.QueuedThreadPool;
|
||||
import org.hamcrest.Matchers;
|
||||
import org.junit.jupiter.api.AfterEach;
|
||||
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Disabled;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
import static org.junit.jupiter.api.Assertions.fail;
|
||||
|
||||
/**
|
||||
* This test class runs tests to make sure that hostname verification (http://www.ietf.org/rfc/rfc2818.txt
|
||||
* section 3.1) is configurable in SslContextFactory and works as expected.
|
||||
|
@ -52,7 +51,7 @@ import org.junit.jupiter.api.Test;
|
|||
@Disabled
|
||||
public class HostnameVerificationTest
|
||||
{
|
||||
private SslContextFactory clientSslContextFactory = new SslContextFactory();
|
||||
private SslContextFactory clientSslContextFactory = new SslContextFactory.Client();
|
||||
private Server server;
|
||||
private HttpClient client;
|
||||
private NetworkConnector connector;
|
||||
|
@ -64,7 +63,7 @@ public class HostnameVerificationTest
|
|||
serverThreads.setName("server");
|
||||
server = new Server(serverThreads);
|
||||
|
||||
SslContextFactory serverSslContextFactory = new SslContextFactory();
|
||||
SslContextFactory serverSslContextFactory = new SslContextFactory.Server();
|
||||
serverSslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
|
||||
serverSslContextFactory.setKeyStorePassword("storepwd");
|
||||
connector = new ServerConnector(server, serverSslContextFactory);
|
||||
|
|
|
@ -89,13 +89,25 @@ public class HttpClientTLSTest
|
|||
client.start();
|
||||
}
|
||||
|
||||
private SslContextFactory createSslContextFactory()
|
||||
private SslContextFactory.Server createServerSslContextFactory()
|
||||
{
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
configureSslContextFactory(sslContextFactory);
|
||||
return sslContextFactory;
|
||||
}
|
||||
|
||||
private SslContextFactory.Client createClientSslContextFactory()
|
||||
{
|
||||
SslContextFactory.Client sslContextFactory = new SslContextFactory.Client();
|
||||
configureSslContextFactory(sslContextFactory);
|
||||
sslContextFactory.setEndpointIdentificationAlgorithm(null);
|
||||
return sslContextFactory;
|
||||
}
|
||||
|
||||
private void configureSslContextFactory(SslContextFactory sslContextFactory)
|
||||
{
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
sslContextFactory.setEndpointIdentificationAlgorithm("");
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
return sslContextFactory;
|
||||
}
|
||||
|
||||
@AfterEach
|
||||
|
@ -110,7 +122,7 @@ public class HttpClientTLSTest
|
|||
@Test
|
||||
public void testNoCommonTLSProtocol() throws Exception
|
||||
{
|
||||
SslContextFactory serverTLSFactory = createSslContextFactory();
|
||||
SslContextFactory serverTLSFactory = createServerSslContextFactory();
|
||||
serverTLSFactory.setIncludeProtocols("TLSv1.3");
|
||||
startServer(serverTLSFactory, new EmptyServerHandler());
|
||||
|
||||
|
@ -124,7 +136,7 @@ public class HttpClientTLSTest
|
|||
}
|
||||
});
|
||||
|
||||
SslContextFactory clientTLSFactory = createSslContextFactory();
|
||||
SslContextFactory clientTLSFactory = createClientSslContextFactory();
|
||||
clientTLSFactory.setIncludeProtocols("TLSv1.2");
|
||||
startClient(clientTLSFactory);
|
||||
|
||||
|
@ -151,7 +163,7 @@ public class HttpClientTLSTest
|
|||
@Test
|
||||
public void testNoCommonTLSCiphers() throws Exception
|
||||
{
|
||||
SslContextFactory serverTLSFactory = createSslContextFactory();
|
||||
SslContextFactory serverTLSFactory = createServerSslContextFactory();
|
||||
serverTLSFactory.setIncludeCipherSuites("TLS_RSA_WITH_AES_128_CBC_SHA");
|
||||
startServer(serverTLSFactory, new EmptyServerHandler());
|
||||
|
||||
|
@ -165,7 +177,7 @@ public class HttpClientTLSTest
|
|||
}
|
||||
});
|
||||
|
||||
SslContextFactory clientTLSFactory = createSslContextFactory();
|
||||
SslContextFactory clientTLSFactory = createClientSslContextFactory();
|
||||
clientTLSFactory.setExcludeCipherSuites(".*_SHA$");
|
||||
startClient(clientTLSFactory);
|
||||
|
||||
|
@ -192,7 +204,7 @@ public class HttpClientTLSTest
|
|||
@Test
|
||||
public void testMismatchBetweenTLSProtocolAndTLSCiphersOnServer() throws Exception
|
||||
{
|
||||
SslContextFactory serverTLSFactory = createSslContextFactory();
|
||||
SslContextFactory serverTLSFactory = createServerSslContextFactory();
|
||||
// TLS 1.1 protocol, but only TLS 1.2 ciphers.
|
||||
serverTLSFactory.setIncludeProtocols("TLSv1.1");
|
||||
serverTLSFactory.setIncludeCipherSuites("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
|
||||
|
@ -208,7 +220,7 @@ public class HttpClientTLSTest
|
|||
}
|
||||
});
|
||||
|
||||
SslContextFactory clientTLSFactory = createSslContextFactory();
|
||||
SslContextFactory clientTLSFactory = createClientSslContextFactory();
|
||||
startClient(clientTLSFactory);
|
||||
|
||||
CountDownLatch clientLatch = new CountDownLatch(1);
|
||||
|
@ -237,7 +249,7 @@ public class HttpClientTLSTest
|
|||
@Test
|
||||
public void testMismatchBetweenTLSProtocolAndTLSCiphersOnClient() throws Exception
|
||||
{
|
||||
SslContextFactory serverTLSFactory = createSslContextFactory();
|
||||
SslContextFactory serverTLSFactory = createServerSslContextFactory();
|
||||
startServer(serverTLSFactory, new EmptyServerHandler());
|
||||
|
||||
CountDownLatch serverLatch = new CountDownLatch(1);
|
||||
|
@ -250,7 +262,7 @@ public class HttpClientTLSTest
|
|||
}
|
||||
});
|
||||
|
||||
SslContextFactory clientTLSFactory = createSslContextFactory();
|
||||
SslContextFactory clientTLSFactory = createClientSslContextFactory();
|
||||
// TLS 1.1 protocol, but only TLS 1.2 ciphers.
|
||||
clientTLSFactory.setIncludeProtocols("TLSv1.1");
|
||||
clientTLSFactory.setIncludeCipherSuites("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
|
||||
|
@ -279,7 +291,7 @@ public class HttpClientTLSTest
|
|||
@Test
|
||||
public void testHandshakeSucceeded() throws Exception
|
||||
{
|
||||
SslContextFactory serverTLSFactory = createSslContextFactory();
|
||||
SslContextFactory serverTLSFactory = createServerSslContextFactory();
|
||||
startServer(serverTLSFactory, new EmptyServerHandler());
|
||||
|
||||
CountDownLatch serverLatch = new CountDownLatch(1);
|
||||
|
@ -292,7 +304,7 @@ public class HttpClientTLSTest
|
|||
}
|
||||
});
|
||||
|
||||
SslContextFactory clientTLSFactory = createSslContextFactory();
|
||||
SslContextFactory clientTLSFactory = createClientSslContextFactory();
|
||||
startClient(clientTLSFactory);
|
||||
|
||||
CountDownLatch clientLatch = new CountDownLatch(1);
|
||||
|
@ -318,7 +330,7 @@ public class HttpClientTLSTest
|
|||
@Test
|
||||
public void testHandshakeSucceededWithSessionResumption() throws Exception
|
||||
{
|
||||
SslContextFactory serverTLSFactory = createSslContextFactory();
|
||||
SslContextFactory serverTLSFactory = createServerSslContextFactory();
|
||||
startServer(serverTLSFactory, new EmptyServerHandler());
|
||||
|
||||
AtomicReference<byte[]> serverSession = new AtomicReference<>();
|
||||
|
@ -331,7 +343,7 @@ public class HttpClientTLSTest
|
|||
}
|
||||
});
|
||||
|
||||
SslContextFactory clientTLSFactory = createSslContextFactory();
|
||||
SslContextFactory clientTLSFactory = createClientSslContextFactory();
|
||||
startClient(clientTLSFactory);
|
||||
|
||||
AtomicReference<byte[]> clientSession = new AtomicReference<>();
|
||||
|
@ -398,10 +410,10 @@ public class HttpClientTLSTest
|
|||
@Test
|
||||
public void testClientRawCloseDoesNotInvalidateSession() throws Exception
|
||||
{
|
||||
SslContextFactory serverTLSFactory = createSslContextFactory();
|
||||
SslContextFactory serverTLSFactory = createServerSslContextFactory();
|
||||
startServer(serverTLSFactory, new EmptyServerHandler());
|
||||
|
||||
SslContextFactory clientTLSFactory = createSslContextFactory();
|
||||
SslContextFactory clientTLSFactory = createClientSslContextFactory();
|
||||
clientTLSFactory.start();
|
||||
|
||||
String host = "localhost";
|
||||
|
@ -453,13 +465,13 @@ public class HttpClientTLSTest
|
|||
@Test
|
||||
public void testServerRawCloseDetectedByClient() throws Exception
|
||||
{
|
||||
SslContextFactory serverTLSFactory = createSslContextFactory();
|
||||
SslContextFactory serverTLSFactory = createServerSslContextFactory();
|
||||
serverTLSFactory.start();
|
||||
try (ServerSocket server = new ServerSocket(0))
|
||||
{
|
||||
QueuedThreadPool clientThreads = new QueuedThreadPool();
|
||||
clientThreads.setName("client");
|
||||
client = new HttpClient(createSslContextFactory())
|
||||
client = new HttpClient(createClientSslContextFactory())
|
||||
{
|
||||
@Override
|
||||
protected ClientConnectionFactory newSslClientConnectionFactory(ClientConnectionFactory connectionFactory)
|
||||
|
@ -523,10 +535,10 @@ public class HttpClientTLSTest
|
|||
@Test
|
||||
public void testHostNameVerificationFailure() throws Exception
|
||||
{
|
||||
SslContextFactory serverTLSFactory = createSslContextFactory();
|
||||
SslContextFactory serverTLSFactory = createServerSslContextFactory();
|
||||
startServer(serverTLSFactory, new EmptyServerHandler());
|
||||
|
||||
SslContextFactory clientTLSFactory = createSslContextFactory();
|
||||
SslContextFactory clientTLSFactory = createClientSslContextFactory();
|
||||
// Make sure the host name is not verified at the TLS level.
|
||||
clientTLSFactory.setEndpointIdentificationAlgorithm(null);
|
||||
// Add host name verification after the TLS handshake.
|
||||
|
|
|
@ -18,16 +18,6 @@
|
|||
|
||||
package org.eclipse.jetty.client;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
import static org.hamcrest.Matchers.instanceOf;
|
||||
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertFalse;
|
||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.OutputStream;
|
||||
|
@ -106,12 +96,21 @@ import org.junit.jupiter.api.extension.ExtendWith;
|
|||
import org.junit.jupiter.params.ParameterizedTest;
|
||||
import org.junit.jupiter.params.provider.ArgumentsSource;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
import static org.hamcrest.Matchers.instanceOf;
|
||||
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertFalse;
|
||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
|
||||
@ExtendWith(WorkDirExtension.class)
|
||||
public class HttpClientTest extends AbstractHttpClientServerTest
|
||||
{
|
||||
public WorkDir testdir;
|
||||
|
||||
|
||||
@ParameterizedTest
|
||||
@ArgumentsSource(ScenarioProvider.class)
|
||||
public void testStoppingClosesConnections(Scenario scenario) throws Exception
|
||||
|
@ -1529,7 +1528,7 @@ public class HttpClientTest extends AbstractHttpClientServerTest
|
|||
}
|
||||
};
|
||||
}
|
||||
}, scenario.newSslContextFactory());
|
||||
}, scenario.newClientSslContextFactory());
|
||||
client.start();
|
||||
|
||||
final CountDownLatch latch = new CountDownLatch(2);
|
||||
|
|
|
@ -18,8 +18,6 @@
|
|||
|
||||
package org.eclipse.jetty.client;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.OutputStream;
|
||||
|
@ -42,14 +40,15 @@ import org.junit.jupiter.api.AfterEach;
|
|||
import org.junit.jupiter.params.ParameterizedTest;
|
||||
import org.junit.jupiter.params.provider.EnumSource;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
|
||||
public class TLSServerConnectionCloseTest
|
||||
{
|
||||
private HttpClient client;
|
||||
|
||||
private void startClient() throws Exception
|
||||
{
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
sslContextFactory.setEndpointIdentificationAlgorithm("");
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
|
||||
|
|
|
@ -18,11 +18,6 @@
|
|||
|
||||
package org.eclipse.jetty.client.ssl;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
|
||||
import java.security.cert.Certificate;
|
||||
import java.util.concurrent.CountDownLatch;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
@ -43,9 +38,13 @@ import org.eclipse.jetty.util.ssl.SslContextFactory;
|
|||
import org.eclipse.jetty.util.thread.QueuedThreadPool;
|
||||
import org.hamcrest.Matchers;
|
||||
import org.junit.jupiter.api.AfterEach;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
|
||||
/**
|
||||
* In order to work, client authentication needs a certificate
|
||||
* signed by a CA that also signed the server certificate.
|
||||
|
@ -81,10 +80,9 @@ public class NeedWantClientAuthTest
|
|||
client.start();
|
||||
}
|
||||
|
||||
private SslContextFactory createSslContextFactory()
|
||||
private SslContextFactory.Server createServerSslContextFactory()
|
||||
{
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
sslContextFactory.setEndpointIdentificationAlgorithm("");
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
return sslContextFactory;
|
||||
|
@ -102,11 +100,11 @@ public class NeedWantClientAuthTest
|
|||
@Test
|
||||
public void testWantClientAuthWithoutAuth() throws Exception
|
||||
{
|
||||
SslContextFactory serverSSL = createSslContextFactory();
|
||||
SslContextFactory.Server serverSSL = createServerSslContextFactory();
|
||||
serverSSL.setWantClientAuth(true);
|
||||
startServer(serverSSL, new EmptyServerHandler());
|
||||
|
||||
SslContextFactory clientSSL = new SslContextFactory(true);
|
||||
SslContextFactory clientSSL = new SslContextFactory.Client(true);
|
||||
startClient(clientSSL);
|
||||
|
||||
ContentResponse response = client.newRequest("https://localhost:" + connector.getLocalPort())
|
||||
|
@ -119,7 +117,7 @@ public class NeedWantClientAuthTest
|
|||
@Test
|
||||
public void testWantClientAuthWithAuth() throws Exception
|
||||
{
|
||||
SslContextFactory serverSSL = createSslContextFactory();
|
||||
SslContextFactory.Server serverSSL = createServerSslContextFactory();
|
||||
serverSSL.setWantClientAuth(true);
|
||||
startServer(serverSSL, new EmptyServerHandler());
|
||||
CountDownLatch handshakeLatch = new CountDownLatch(1);
|
||||
|
@ -143,7 +141,7 @@ public class NeedWantClientAuthTest
|
|||
}
|
||||
});
|
||||
|
||||
SslContextFactory clientSSL = new SslContextFactory(true);
|
||||
SslContextFactory clientSSL = new SslContextFactory.Client(true);
|
||||
clientSSL.setKeyStorePath("src/test/resources/client_keystore.jks");
|
||||
clientSSL.setKeyStorePassword("storepwd");
|
||||
startClient(clientSSL);
|
||||
|
@ -166,11 +164,11 @@ public class NeedWantClientAuthTest
|
|||
// The server still sends bad_certificate to the client, but the client handshake has already
|
||||
// completed successfully its TLS handshake.
|
||||
|
||||
SslContextFactory serverSSL = createSslContextFactory();
|
||||
SslContextFactory.Server serverSSL = createServerSslContextFactory();
|
||||
serverSSL.setNeedClientAuth(true);
|
||||
startServer(serverSSL, new EmptyServerHandler());
|
||||
|
||||
SslContextFactory clientSSL = new SslContextFactory(true);
|
||||
SslContextFactory clientSSL = new SslContextFactory.Client(true);
|
||||
startClient(clientSSL);
|
||||
CountDownLatch handshakeLatch = new CountDownLatch(1);
|
||||
client.addBean(new SslHandshakeListener()
|
||||
|
@ -210,7 +208,7 @@ public class NeedWantClientAuthTest
|
|||
@Test
|
||||
public void testNeedClientAuthWithAuth() throws Exception
|
||||
{
|
||||
SslContextFactory serverSSL = createSslContextFactory();
|
||||
SslContextFactory.Server serverSSL = createServerSslContextFactory();
|
||||
serverSSL.setNeedClientAuth(true);
|
||||
startServer(serverSSL, new EmptyServerHandler());
|
||||
CountDownLatch handshakeLatch = new CountDownLatch(1);
|
||||
|
@ -234,7 +232,7 @@ public class NeedWantClientAuthTest
|
|||
}
|
||||
});
|
||||
|
||||
SslContextFactory clientSSL = new SslContextFactory(true);
|
||||
SslContextFactory clientSSL = new SslContextFactory.Client(true);
|
||||
clientSSL.setKeyStorePath("src/test/resources/client_keystore.jks");
|
||||
clientSSL.setKeyStorePassword("storepwd");
|
||||
startClient(clientSSL);
|
||||
|
|
|
@ -70,7 +70,7 @@ public class SslBytesClientTest extends SslBytesTest
|
|||
{
|
||||
threadPool = Executors.newCachedThreadPool();
|
||||
|
||||
sslContextFactory = new SslContextFactory(true);
|
||||
sslContextFactory = new SslContextFactory.Client(true);
|
||||
client = new HttpClient(sslContextFactory);
|
||||
client.setMaxConnectionsPerDestination(1);
|
||||
File keyStore = MavenTestingUtils.getTestResourceFile("keystore.jks");
|
||||
|
|
|
@ -119,7 +119,7 @@ public class SslBytesServerTest extends SslBytesTest
|
|||
serverEndPoint.set(null);
|
||||
|
||||
File keyStore = MavenTestingUtils.getTestResourceFile("keystore.jks");
|
||||
sslContextFactory = new SslContextFactory();
|
||||
sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keyStore.getAbsolutePath());
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
|
||||
|
|
|
@ -18,8 +18,6 @@
|
|||
|
||||
package org.eclipse.jetty.client.ssl;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
|
||||
import java.io.File;
|
||||
import java.nio.ByteBuffer;
|
||||
|
||||
|
@ -36,16 +34,17 @@ import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
|
|||
import org.eclipse.jetty.util.BufferUtil;
|
||||
import org.eclipse.jetty.util.ssl.SslContextFactory;
|
||||
import org.eclipse.jetty.util.thread.QueuedThreadPool;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
|
||||
public class SslConnectionTest
|
||||
{
|
||||
@Test
|
||||
public void testSslConnectionClosedBeforeFill() throws Exception
|
||||
{
|
||||
File keyStore = MavenTestingUtils.getTestResourceFile("keystore.jks");
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keyStore.getAbsolutePath());
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.start();
|
||||
|
|
|
@ -290,8 +290,8 @@ Similarly, in code:
|
|||
|
||||
[source, java, subs="{sub-order}"]
|
||||
----
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
sslContextFactory.setKeyStorePath();
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath("/path/to/keystore");
|
||||
sslContextFactory.setKeyStorePassword("secret");
|
||||
|
||||
JMXServiceURL jmxURL = new JMXServiceURL("rmi", null, 1099, "/jndi/rmi:///jmxrmi");
|
||||
|
|
|
@ -472,7 +472,7 @@ This adds a `SecureRequestCustomizer` which adds SSL Session IDs and certificate
|
|||
==== SSL Context Configuration
|
||||
|
||||
The SSL/TLS connectors for HTTPS and HTTP/2 require a certificate to establish a secure connection.
|
||||
Jetty holds certificates in standard JVM keystores and are configured as keystore and truststores on a link:{JDURL}/org/eclipse/jetty/util/ssl/SslContextFactory.html[`SslContextFactory`] instance that is injected into an link:{JDURL}/org/eclipse/jetty/server/SslConnectionFactory.html[`SslConnectionFactory`] instance.
|
||||
Jetty holds certificates in standard JVM keystores and are configured as keystore and truststores on a link:{JDURL}/org/eclipse/jetty/util/ssl/SslContextFactory.Server.html[`SslContextFactory.Server`] instance that is injected into an link:{JDURL}/org/eclipse/jetty/server/SslConnectionFactory.html[`SslConnectionFactory`] instance.
|
||||
An example using the keystore distributed with Jetty (containing a self signed test certificate) is in link:{GITBROWSEURL}/jetty-server/src/main/config/etc/jetty-https.xml[`jetty-https.xml`].
|
||||
Read more about SSL keystores in link:#configuring-ssl[Configuring SSL].
|
||||
|
||||
|
|
|
@ -55,9 +55,8 @@ You can re-enable these by re-declaring the ciphers you want excluded in code:
|
|||
|
||||
[source, java, subs="{sub-order}"]
|
||||
----
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
sslContextFactory.setExcludeCipherSuites(
|
||||
"^.*_(MD5|SHA|SHA1)$");
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setExcludeCipherSuites("^.*_(MD5|SHA|SHA1)$");
|
||||
----
|
||||
|
||||
If, after making these changes, you still have issues using these ciphers they are likely being blocked at the JVM level.
|
||||
|
@ -664,7 +663,7 @@ the other is `$JETTY/etc/truststore` which contains intermediary CA and root CA.
|
|||
[[configuring-sslcontextfactory]]
|
||||
==== Configuring the Jetty SslContextFactory
|
||||
|
||||
The generated SSL certificates from above are held in the key store are configured in an instance of link:{JDURL}/org/eclipse/jetty/util/ssl/SslContextFactory.html[SslContextFactory] object.
|
||||
The generated SSL certificates from above are held in the key store are configured in an instance of link:{JDURL}/org/eclipse/jetty/util/ssl/SslContextFactory.Server.html[SslContextFactory.Server] object.
|
||||
|
||||
The `SslContextFactory` is responsible for:
|
||||
|
||||
|
@ -679,9 +678,9 @@ The `SslContextFactory` is responsible for:
|
|||
* https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol[OCSP] Support
|
||||
* Client Authentication Support
|
||||
|
||||
For Jetty Connectors, the configured `SslContextFactory` is injected into a specific ServerConnector `SslConnectionFactory`.
|
||||
For Jetty Connectors, the configured `SslContextFactory.Server` is injected into a specific ServerConnector `SslConnectionFactory`.
|
||||
|
||||
For Jetty Clients, the various constructors support using a configured `SslContextFactory`.
|
||||
For Jetty Clients, the various constructors support using a configured `SslContextFactory.Client`.
|
||||
|
||||
While the `SslContextFactory` can operate without a keystore (this mode is most suitable for the various Jetty Clients) it is best practice to at least configure the keystore being used.
|
||||
|
||||
|
@ -729,7 +728,7 @@ Implementing Conscrypt for the link:{GITBROWSEURL}/jetty-alpn/jetty-alpn-conscry
|
|||
...
|
||||
Security.addProvider(new OpenSSLProvider());
|
||||
...
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath("path/to/keystore");
|
||||
sslContextFactory.setKeyStorePassword("CleverKeyStorePassword");
|
||||
sslContextFactory.setKeyManagerPassword("OBF:VerySecretManagerPassword");
|
||||
|
@ -790,7 +789,7 @@ To do this, first create a new `${jetty.base}/etc/tweak-ssl.xml` file (this can
|
|||
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
|
||||
"http://www.eclipse.org/jetty/configure_9_3.dtd">
|
||||
<!-- Tweak SsslContextFactory Includes / Excludes -->
|
||||
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
|
||||
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
|
||||
<!-- Mitigate SLOTH Attack -->
|
||||
<Call name="addExcludeCipherSuites">
|
||||
<Arg>
|
||||
|
|
|
@ -75,13 +75,13 @@ There are several reasons for having multiple `HttpClient` instances including,
|
|||
|
||||
When you create a `HttpClient` instance using the parameterless constructor, you will only be able to perform plain HTTP requests and you will not be able to perform HTTPS requests.
|
||||
|
||||
In order to perform HTTPS requests, you should create first a link:{JDURL}/org/eclipse/jetty/util/ssl/SslContextFactory.html[`SslContextFactory`], configure it, and pass it to the `HttpClient` constructor.
|
||||
In order to perform HTTPS requests, you should create first a link:{JDURL}/org/eclipse/jetty/util/ssl/SslContextFactory.Client.html[`SslContextFactory.Client`], configure it, and pass it to the `HttpClient` constructor.
|
||||
When created with a `SslContextFactory`, the `HttpClient` will be able to perform both HTTP and HTTPS requests to any domain.
|
||||
|
||||
[source, java, subs="{sub-order}"]
|
||||
----
|
||||
// Instantiate and configure the SslContextFactory
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory.Client sslContextFactory = new SslContextFactory.Client();
|
||||
|
||||
// Instantiate HttpClient with the SslContextFactory
|
||||
HttpClient httpClient = new HttpClient(sslContextFactory);
|
||||
|
|
|
@ -36,8 +36,7 @@ public class DrupalHTTP2FastCGIProxyServer
|
|||
{
|
||||
public static void main(String[] args) throws Exception
|
||||
{
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
sslContextFactory.setEndpointIdentificationAlgorithm("");
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setTrustStorePath("src/test/resources/truststore.jks");
|
||||
|
|
|
@ -18,9 +18,6 @@
|
|||
|
||||
package org.eclipse.jetty.fcgi.server.proxy;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.EnumSet;
|
||||
|
||||
|
@ -41,6 +38,9 @@ import org.eclipse.jetty.util.ssl.SslContextFactory;
|
|||
import org.junit.jupiter.api.AfterEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
|
||||
public class TryFilesFilterTest
|
||||
{
|
||||
private Server server;
|
||||
|
@ -55,8 +55,7 @@ public class TryFilesFilterTest
|
|||
connector = new ServerConnector(server);
|
||||
server.addConnector(connector);
|
||||
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
sslContextFactory.setEndpointIdentificationAlgorithm("");
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setTrustStorePath("src/test/resources/truststore.jks");
|
||||
|
|
|
@ -43,8 +43,7 @@ public class WordPressHTTP2FastCGIProxyServer
|
|||
{
|
||||
int tlsPort = 8443;
|
||||
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
sslContextFactory.setEndpointIdentificationAlgorithm("");
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setTrustStorePath("src/test/resources/truststore.jks");
|
||||
|
|
|
@ -18,11 +18,6 @@
|
|||
|
||||
package org.eclipse.jetty.http2.alpn.tests;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
|
||||
import java.io.BufferedReader;
|
||||
import java.io.InputStream;
|
||||
import java.io.InputStreamReader;
|
||||
|
@ -43,13 +38,18 @@ import org.eclipse.jetty.util.BufferUtil;
|
|||
import org.eclipse.jetty.util.ssl.SslContextFactory;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
|
||||
public class ALPNNegotiationTest extends AbstractALPNTest
|
||||
{
|
||||
@Test
|
||||
public void testGentleCloseDuringHandshake() throws Exception
|
||||
{
|
||||
InetSocketAddress address = prepare();
|
||||
SslContextFactory sslContextFactory = newSslContextFactory();
|
||||
SslContextFactory sslContextFactory = newClientSslContextFactory();
|
||||
sslContextFactory.start();
|
||||
SSLEngine sslEngine = sslContextFactory.newSSLEngine(address);
|
||||
sslEngine.setUseClientMode(true);
|
||||
|
@ -113,7 +113,7 @@ public class ALPNNegotiationTest extends AbstractALPNTest
|
|||
public void testAbruptCloseDuringHandshake() throws Exception
|
||||
{
|
||||
InetSocketAddress address = prepare();
|
||||
SslContextFactory sslContextFactory = newSslContextFactory();
|
||||
SslContextFactory sslContextFactory = newClientSslContextFactory();
|
||||
sslContextFactory.start();
|
||||
SSLEngine sslEngine = sslContextFactory.newSSLEngine(address);
|
||||
sslEngine.setUseClientMode(true);
|
||||
|
@ -175,7 +175,7 @@ public class ALPNNegotiationTest extends AbstractALPNTest
|
|||
{
|
||||
InetSocketAddress address = prepare();
|
||||
|
||||
SslContextFactory sslContextFactory = newSslContextFactory();
|
||||
SslContextFactory sslContextFactory = newClientSslContextFactory();
|
||||
sslContextFactory.start();
|
||||
SSLContext sslContext = sslContextFactory.getSslContext();
|
||||
|
||||
|
@ -228,7 +228,7 @@ public class ALPNNegotiationTest extends AbstractALPNTest
|
|||
{
|
||||
InetSocketAddress address = prepare();
|
||||
|
||||
SslContextFactory sslContextFactory = newSslContextFactory();
|
||||
SslContextFactory sslContextFactory = newClientSslContextFactory();
|
||||
sslContextFactory.start();
|
||||
SSLContext sslContext = sslContextFactory.getSslContext();
|
||||
try (SSLSocket client = (SSLSocket)sslContext.getSocketFactory().createSocket(address.getAddress(), address.getPort()))
|
||||
|
@ -280,7 +280,7 @@ public class ALPNNegotiationTest extends AbstractALPNTest
|
|||
{
|
||||
InetSocketAddress address = prepare();
|
||||
|
||||
SslContextFactory sslContextFactory = newSslContextFactory();
|
||||
SslContextFactory sslContextFactory = newClientSslContextFactory();
|
||||
sslContextFactory.start();
|
||||
SSLContext sslContext = sslContextFactory.getSslContext();
|
||||
try (SSLSocket client = (SSLSocket)sslContext.getSocketFactory().createSocket(address.getAddress(), address.getPort()))
|
||||
|
|
|
@ -49,7 +49,7 @@ public class AbstractALPNTest
|
|||
ALPNServerConnectionFactory alpn = new ALPNServerConnectionFactory();
|
||||
alpn.setDefaultProtocol(h1.getProtocol());
|
||||
|
||||
connector = new ServerConnector(server, newSslContextFactory(), alpn, h1, h2);
|
||||
connector = new ServerConnector(server, newServerSslContextFactory(), alpn, h1, h2);
|
||||
connector.setPort(0);
|
||||
connector.setIdleTimeout(30000);
|
||||
server.addConnector(connector);
|
||||
|
@ -60,9 +60,22 @@ public class AbstractALPNTest
|
|||
return new InetSocketAddress("localhost", connector.getLocalPort());
|
||||
}
|
||||
|
||||
protected SslContextFactory newSslContextFactory()
|
||||
protected SslContextFactory.Server newServerSslContextFactory()
|
||||
{
|
||||
SslContextFactory.Server result = new SslContextFactory.Server();
|
||||
configureSslContextFactory(result);
|
||||
return result;
|
||||
}
|
||||
|
||||
protected SslContextFactory.Client newClientSslContextFactory()
|
||||
{
|
||||
SslContextFactory.Client result = new SslContextFactory.Client();
|
||||
configureSslContextFactory(result);
|
||||
return result;
|
||||
}
|
||||
|
||||
private void configureSslContextFactory(SslContextFactory sslContextFactory)
|
||||
{
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setTrustStorePath("src/test/resources/truststore.jks");
|
||||
|
@ -70,7 +83,6 @@ public class AbstractALPNTest
|
|||
sslContextFactory.setIncludeProtocols("TLSv1.2");
|
||||
// The mandatory HTTP/2 cipher.
|
||||
sslContextFactory.setIncludeCipherSuites("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
|
||||
return sslContextFactory;
|
||||
}
|
||||
|
||||
@AfterEach
|
||||
|
|
|
@ -43,7 +43,7 @@ public class Client
|
|||
public static void main(String[] args) throws Exception
|
||||
{
|
||||
HTTP2Client client = new HTTP2Client();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Client();
|
||||
client.addBean(sslContextFactory);
|
||||
client.start();
|
||||
|
||||
|
|
|
@ -68,7 +68,7 @@ public class DirectHTTP2OverTLSTest
|
|||
HttpConfiguration httpsConfig = new HttpConfiguration();
|
||||
httpsConfig.addCustomizer(new SecureRequestCustomizer());
|
||||
ConnectionFactory h2 = new HTTP2ServerConnectionFactory(httpsConfig);
|
||||
ConnectionFactory ssl = new SslConnectionFactory(newSslContextFactory(), h2.getProtocol());
|
||||
ConnectionFactory ssl = new SslConnectionFactory(newServerSslContextFactory(), h2.getProtocol());
|
||||
connector = new ServerConnector(server, 1, 1, ssl, h2);
|
||||
server.addConnector(connector);
|
||||
server.setHandler(handler);
|
||||
|
@ -81,8 +81,7 @@ public class DirectHTTP2OverTLSTest
|
|||
clientThreads.setName("client");
|
||||
HttpClientTransportOverHTTP2 transport = new HttpClientTransportOverHTTP2(new HTTP2Client());
|
||||
transport.setUseALPN(false);
|
||||
SslContextFactory sslContextFactory = newSslContextFactory();
|
||||
sslContextFactory.setEndpointIdentificationAlgorithm(null);
|
||||
SslContextFactory sslContextFactory = newClientSslContextFactory();
|
||||
client = new HttpClient(transport, sslContextFactory);
|
||||
client.setExecutor(clientThreads);
|
||||
client.start();
|
||||
|
@ -97,14 +96,27 @@ public class DirectHTTP2OverTLSTest
|
|||
server.stop();
|
||||
}
|
||||
|
||||
private SslContextFactory newSslContextFactory()
|
||||
private SslContextFactory.Server newServerSslContextFactory()
|
||||
{
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
configureSslContextFactory(sslContextFactory);
|
||||
return sslContextFactory;
|
||||
}
|
||||
|
||||
private SslContextFactory.Client newClientSslContextFactory()
|
||||
{
|
||||
SslContextFactory.Client sslContextFactory = new SslContextFactory.Client();
|
||||
configureSslContextFactory(sslContextFactory);
|
||||
sslContextFactory.setEndpointIdentificationAlgorithm(null);
|
||||
return sslContextFactory;
|
||||
}
|
||||
|
||||
private void configureSslContextFactory(SslContextFactory sslContextFactory)
|
||||
{
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setUseCipherSuitesOrder(true);
|
||||
sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR);
|
||||
return sslContextFactory;
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
@ -18,15 +18,6 @@
|
|||
|
||||
package org.eclipse.jetty.http2.client.http;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.greaterThanOrEqualTo;
|
||||
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||
import static org.junit.jupiter.api.Assertions.assertSame;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.OutputStream;
|
||||
|
@ -87,6 +78,15 @@ import org.eclipse.jetty.util.thread.QueuedThreadPool;
|
|||
import org.junit.jupiter.api.Disabled;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.greaterThanOrEqualTo;
|
||||
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||
import static org.junit.jupiter.api.Assertions.assertSame;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
|
||||
public class HttpClientTransportOverHTTP2Test extends AbstractTest
|
||||
{
|
||||
@Test
|
||||
|
@ -601,7 +601,7 @@ public class HttpClientTransportOverHTTP2Test extends AbstractTest
|
|||
public void testExternalServer() throws Exception
|
||||
{
|
||||
HTTP2Client http2Client = new HTTP2Client();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Client();
|
||||
HttpClient httpClient = new HttpClient(new HttpClientTransportOverHTTP2(http2Client), sslContextFactory);
|
||||
Executor executor = new QueuedThreadPool();
|
||||
httpClient.setExecutor(executor);
|
||||
|
|
|
@ -18,15 +18,6 @@
|
|||
|
||||
package org.eclipse.jetty.io;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.greaterThan;
|
||||
import static org.hamcrest.Matchers.greaterThanOrEqualTo;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertFalse;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
import static org.junit.jupiter.api.Assertions.fail;
|
||||
|
||||
import java.io.BufferedInputStream;
|
||||
import java.io.BufferedOutputStream;
|
||||
import java.io.File;
|
||||
|
@ -73,6 +64,15 @@ import org.junit.jupiter.params.ParameterizedTest;
|
|||
import org.junit.jupiter.params.provider.Arguments;
|
||||
import org.junit.jupiter.params.provider.MethodSource;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.greaterThan;
|
||||
import static org.hamcrest.Matchers.greaterThanOrEqualTo;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertFalse;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
import static org.junit.jupiter.api.Assertions.fail;
|
||||
|
||||
@SuppressWarnings("Duplicates")
|
||||
public class SocketChannelEndPointTest
|
||||
{
|
||||
|
@ -626,24 +626,23 @@ public class SocketChannelEndPointTest
|
|||
public static class SslScenario implements Scenario
|
||||
{
|
||||
private final NormalScenario _normalScenario;
|
||||
private final SslContextFactory __sslCtxFactory = new SslContextFactory();
|
||||
private final ByteBufferPool __byteBufferPool = new MappedByteBufferPool();
|
||||
private final SslContextFactory _sslCtxFactory = new SslContextFactory.Server();
|
||||
private final ByteBufferPool _byteBufferPool = new MappedByteBufferPool();
|
||||
|
||||
public SslScenario(NormalScenario normalScenario) throws Exception
|
||||
{
|
||||
_normalScenario = normalScenario;
|
||||
File keystore = MavenTestingUtils.getTestResourceFile("keystore");
|
||||
__sslCtxFactory.setKeyStorePath(keystore.getAbsolutePath());
|
||||
__sslCtxFactory.setKeyStorePassword("storepwd");
|
||||
__sslCtxFactory.setKeyManagerPassword("keypwd");
|
||||
__sslCtxFactory.setEndpointIdentificationAlgorithm("");
|
||||
__sslCtxFactory.start();
|
||||
_sslCtxFactory.setKeyStorePath(keystore.getAbsolutePath());
|
||||
_sslCtxFactory.setKeyStorePassword("storepwd");
|
||||
_sslCtxFactory.setKeyManagerPassword("keypwd");
|
||||
_sslCtxFactory.start();
|
||||
}
|
||||
|
||||
@Override
|
||||
public Socket newClient(ServerSocketChannel connector) throws IOException
|
||||
{
|
||||
SSLSocket socket = __sslCtxFactory.newSslSocket();
|
||||
SSLSocket socket = _sslCtxFactory.newSslSocket();
|
||||
socket.connect(connector.socket().getLocalSocketAddress());
|
||||
return socket;
|
||||
}
|
||||
|
@ -651,11 +650,11 @@ public class SocketChannelEndPointTest
|
|||
@Override
|
||||
public Connection newConnection(SelectableChannel channel, EndPoint endpoint, Executor executor, AtomicInteger blockAt, AtomicInteger writeCount)
|
||||
{
|
||||
SSLEngine engine = __sslCtxFactory.newSSLEngine();
|
||||
SSLEngine engine = _sslCtxFactory.newSSLEngine();
|
||||
engine.setUseClientMode(false);
|
||||
SslConnection sslConnection = new SslConnection(__byteBufferPool, executor, endpoint, engine);
|
||||
sslConnection.setRenegotiationAllowed(__sslCtxFactory.isRenegotiationAllowed());
|
||||
sslConnection.setRenegotiationLimit(__sslCtxFactory.getRenegotiationLimit());
|
||||
SslConnection sslConnection = new SslConnection(_byteBufferPool, executor, endpoint, engine);
|
||||
sslConnection.setRenegotiationAllowed(_sslCtxFactory.isRenegotiationAllowed());
|
||||
sslConnection.setRenegotiationLimit(_sslCtxFactory.getRenegotiationLimit());
|
||||
Connection appConnection = _normalScenario.newConnection(channel, sslConnection.getDecryptedEndPoint(), executor, blockAt, writeCount);
|
||||
sslConnection.getDecryptedEndPoint().setConnection(appConnection);
|
||||
return sslConnection;
|
||||
|
|
|
@ -60,7 +60,7 @@ public class SslConnectionTest
|
|||
private static final int TIMEOUT = 1000000;
|
||||
private static ByteBufferPool __byteBufferPool = new LeakTrackingByteBufferPool(new MappedByteBufferPool.Tagged());
|
||||
|
||||
private final SslContextFactory _sslCtxFactory =new SslContextFactory();
|
||||
private final SslContextFactory _sslCtxFactory = new SslContextFactory.Server();
|
||||
protected volatile EndPoint _lastEndp;
|
||||
private volatile boolean _testFill=true;
|
||||
private volatile FutureCallback _writeCallback;
|
||||
|
@ -92,7 +92,6 @@ public class SslConnectionTest
|
|||
return sslConnection;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
protected EndPoint newEndPoint(SelectableChannel channel, ManagedSelector selector, SelectionKey selectionKey)
|
||||
{
|
||||
|
@ -133,7 +132,6 @@ public class SslConnectionTest
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
@BeforeEach
|
||||
public void initSSL() throws Exception
|
||||
{
|
||||
|
@ -143,7 +141,6 @@ public class SslConnectionTest
|
|||
_sslCtxFactory.setKeyManagerPassword("keypwd");
|
||||
_sslCtxFactory.setRenegotiationAllowed(true);
|
||||
_sslCtxFactory.setRenegotiationLimit(-1);
|
||||
_sslCtxFactory.setEndpointIdentificationAlgorithm(null);
|
||||
startManager();
|
||||
}
|
||||
|
||||
|
|
|
@ -18,10 +18,6 @@
|
|||
|
||||
package org.eclipse.jetty.io;
|
||||
|
||||
import static org.hamcrest.Matchers.greaterThan;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
|
||||
import java.io.File;
|
||||
import java.nio.ByteBuffer;
|
||||
|
||||
|
@ -32,12 +28,15 @@ import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
|
|||
import org.eclipse.jetty.util.BufferUtil;
|
||||
import org.eclipse.jetty.util.ssl.SslContextFactory;
|
||||
import org.junit.jupiter.api.AfterAll;
|
||||
|
||||
import org.junit.jupiter.api.BeforeAll;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.condition.EnabledOnJre;
|
||||
import org.junit.jupiter.api.condition.JRE;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.greaterThan;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
|
||||
public class SslEngineBehaviorTest
|
||||
{
|
||||
private static SslContextFactory sslCtxFactory;
|
||||
|
@ -45,12 +44,11 @@ public class SslEngineBehaviorTest
|
|||
@BeforeAll
|
||||
public static void startSsl() throws Exception
|
||||
{
|
||||
sslCtxFactory = new SslContextFactory();
|
||||
sslCtxFactory = new SslContextFactory.Server();
|
||||
File keystore = MavenTestingUtils.getTestResourceFile("keystore");
|
||||
sslCtxFactory.setKeyStorePath(keystore.getAbsolutePath());
|
||||
sslCtxFactory.setKeyStorePassword("storepwd");
|
||||
sslCtxFactory.setKeyManagerPassword("keypwd");
|
||||
sslCtxFactory.setEndpointIdentificationAlgorithm("");
|
||||
sslCtxFactory.start();
|
||||
}
|
||||
|
||||
|
|
|
@ -18,10 +18,6 @@
|
|||
|
||||
package org.eclipse.jetty.jmx;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
|
||||
import java.net.ConnectException;
|
||||
import java.net.InetAddress;
|
||||
import java.net.ServerSocket;
|
||||
|
@ -40,6 +36,10 @@ import org.junit.jupiter.api.AfterEach;
|
|||
import org.junit.jupiter.api.Disabled;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
|
||||
/**
|
||||
* Running the tests of this class in the same JVM results often in
|
||||
* <pre>
|
||||
|
@ -227,7 +227,7 @@ public class ConnectorServerTest
|
|||
@Test
|
||||
public void testJMXOverTLS() throws Exception
|
||||
{
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
String keyStorePath = MavenTestingUtils.getTestResourcePath("keystore.jks").toString();
|
||||
String keyStorePassword = "storepwd";
|
||||
sslContextFactory.setKeyStorePath(keyStorePath);
|
||||
|
|
|
@ -29,13 +29,12 @@
|
|||
<!-- ============================================================= -->
|
||||
<!-- Create a TLS (SSL) Context Factory for later reuse -->
|
||||
<!-- ============================================================= -->
|
||||
<New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
|
||||
<New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
|
||||
<Set name="Provider"><SystemProperty name="jetty.sslContext.provider"/></Set>
|
||||
<Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.sslContext.keyStorePath" default="etc/keystore"/></Set>
|
||||
<Set name="KeyStorePassword"><Property name="jetty.sslContext.keyStorePassword" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>
|
||||
<Set name="TrustStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.sslContext.trustStorePath" default="etc/keystore"/></Set>
|
||||
<Set name="TrustStorePassword"><Property name="jetty.sslContext.trustStorePassword" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>
|
||||
<Set name="EndpointIdentificationAlgorithm"></Set>
|
||||
<Set name="NeedClientAuth"><Property name="jetty.sslContext.needClientAuth" default="false"/></Set>
|
||||
<Set name="WantClientAuth"><Property name="jetty.sslContext.wantClientAuth" default="false"/></Set>
|
||||
<Set name="ExcludeCipherSuites">
|
||||
|
|
|
@ -154,7 +154,7 @@ public class TestJettyOSGiBootHTTP2
|
|||
|
||||
//set up client to do http2
|
||||
http2Client = new HTTP2Client();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Client();
|
||||
sslContextFactory.setKeyManagerPassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
sslContextFactory.setTrustStorePath(keys.getAbsolutePath());
|
||||
sslContextFactory.setKeyStorePath(keys.getAbsolutePath());
|
||||
|
|
|
@ -139,7 +139,7 @@ public class TestJettyOSGiBootHTTP2Conscrypt
|
|||
File keys = path.resolve("etc").resolve("keystore").toFile();
|
||||
|
||||
HTTP2Client http2Client = new HTTP2Client();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Client();
|
||||
sslContextFactory.setKeyManagerPassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
sslContextFactory.setTrustStorePath(keys.getAbsolutePath());
|
||||
sslContextFactory.setKeyStorePath(keys.getAbsolutePath());
|
||||
|
|
|
@ -133,7 +133,7 @@ public class TestJettyOSGiBootHTTP2JDK9
|
|||
|
||||
//set up client to do http2
|
||||
http2Client = new HTTP2Client();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Client();
|
||||
sslContextFactory.setKeyManagerPassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
sslContextFactory.setTrustStorePath(keys.getAbsolutePath());
|
||||
sslContextFactory.setKeyStorePath(keys.getAbsolutePath());
|
||||
|
|
|
@ -24,6 +24,7 @@ import java.util.ArrayList;
|
|||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServlet;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
@ -273,10 +274,10 @@ public class TestOSGiUtil
|
|||
return bundleContext.getAllServiceReferences(service, null);
|
||||
}
|
||||
|
||||
protected static SslContextFactory newSslContextFactory()
|
||||
protected static SslContextFactory newClientSslContextFactory()
|
||||
{
|
||||
SslContextFactory sslContextFactory = new SslContextFactory(true);
|
||||
sslContextFactory.setEndpointIdentificationAlgorithm("");
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Client(true);
|
||||
sslContextFactory.setEndpointIdentificationAlgorithm(null);
|
||||
return sslContextFactory;
|
||||
}
|
||||
|
||||
|
@ -306,7 +307,7 @@ public class TestOSGiUtil
|
|||
}, null, null);
|
||||
|
||||
// now test the servlet
|
||||
HttpClient client = protocol.equals("https") ? new HttpClient(newSslContextFactory()) : new HttpClient();
|
||||
HttpClient client = protocol.equals("https") ? new HttpClient(newClientSslContextFactory()) : new HttpClient();
|
||||
try
|
||||
{
|
||||
client.start();
|
||||
|
|
|
@ -18,8 +18,6 @@
|
|||
|
||||
package org.eclipse.jetty.proxy;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
|
@ -43,10 +41,11 @@ import org.eclipse.jetty.server.ServerConnector;
|
|||
import org.eclipse.jetty.server.handler.AbstractHandler;
|
||||
import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
|
||||
import org.eclipse.jetty.util.ssl.SslContextFactory;
|
||||
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
|
||||
public class ConnectHandlerSSLTest extends AbstractConnectHandlerTest
|
||||
{
|
||||
private SslContextFactory sslContextFactory;
|
||||
|
@ -54,7 +53,7 @@ public class ConnectHandlerSSLTest extends AbstractConnectHandlerTest
|
|||
@BeforeEach
|
||||
public void prepare() throws Exception
|
||||
{
|
||||
sslContextFactory = new SslContextFactory();
|
||||
sslContextFactory = new SslContextFactory.Server();
|
||||
String keyStorePath = MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath();
|
||||
sslContextFactory.setKeyStorePath(keyStorePath);
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
|
|
|
@ -62,7 +62,7 @@ public class ForwardProxyServerTest
|
|||
// no server SSL
|
||||
SslContextFactory scenario1 = null;
|
||||
// basic server SSL
|
||||
SslContextFactory scenario2 = new SslContextFactory();
|
||||
SslContextFactory scenario2 = new SslContextFactory.Server();
|
||||
scenario2.setKeyStorePath(keyStorePath);
|
||||
scenario2.setKeyStorePassword("storepwd");
|
||||
scenario2.setKeyManagerPassword("keypwd");
|
||||
|
@ -203,7 +203,7 @@ public class ForwardProxyServerTest
|
|||
startProxy();
|
||||
|
||||
String keyStorePath = MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath();
|
||||
SslContextFactory clientSsl = new SslContextFactory();
|
||||
SslContextFactory clientSsl = new SslContextFactory.Client();
|
||||
clientSsl.setKeyStorePath(keyStorePath);
|
||||
clientSsl.setKeyStorePassword("storepwd");
|
||||
clientSsl.setKeyManagerPassword("keypwd");
|
||||
|
|
|
@ -82,7 +82,7 @@ public class ForwardProxyTLSServerTest
|
|||
// no server SSL
|
||||
SslContextFactory scenario1 = null;
|
||||
// basic server SSL
|
||||
SslContextFactory scenario2 = new SslContextFactory();
|
||||
SslContextFactory scenario2 = new SslContextFactory.Server();
|
||||
scenario2.setKeyStorePath(keyStorePath);
|
||||
scenario2.setKeyStorePassword("storepwd");
|
||||
scenario2.setKeyManagerPassword("keypwd");
|
||||
|
@ -139,22 +139,27 @@ public class ForwardProxyTLSServerTest
|
|||
|
||||
private static SslContextFactory newServerSslContextFactory()
|
||||
{
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
String keyStorePath = MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath();
|
||||
sslContextFactory.setKeyStorePath(keyStorePath);
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyManagerPassword("keypwd");
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
configureSslContextFactory(sslContextFactory);
|
||||
return sslContextFactory;
|
||||
|
||||
}
|
||||
|
||||
private static SslContextFactory newClientSslContextFactory()
|
||||
{
|
||||
SslContextFactory sslContextFactory = newServerSslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Client();
|
||||
configureSslContextFactory(sslContextFactory);
|
||||
sslContextFactory.setEndpointIdentificationAlgorithm(null);
|
||||
return sslContextFactory;
|
||||
}
|
||||
|
||||
private static void configureSslContextFactory(SslContextFactory sslContextFactory)
|
||||
{
|
||||
String keyStorePath = MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath();
|
||||
sslContextFactory.setKeyStorePath(keyStorePath);
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyManagerPassword("keypwd");
|
||||
}
|
||||
|
||||
@AfterEach
|
||||
public void stop() throws Exception
|
||||
{
|
||||
|
@ -629,9 +634,6 @@ public class ForwardProxyTLSServerTest
|
|||
assumeTrue(false, "Environment not able to connect to proxy service");
|
||||
}
|
||||
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
sslContextFactory.start();
|
||||
|
||||
HttpClient httpClient = new HttpClient(newClientSslContextFactory());
|
||||
httpClient.getProxyConfiguration().getProxies().add(new HttpProxy(proxyHost, proxyPort));
|
||||
httpClient.start();
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory-cipherSuites
|
||||
-->
|
||||
|
||||
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
|
||||
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
|
||||
<Set name="Provider"><Property name="jetty.sslContext.provider"/></Set>
|
||||
<Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.sslContext.keyStorePath" deprecated="jetty.keystore" default="etc/keystore"/></Set>
|
||||
<Set name="KeyStorePassword"><Property name="jetty.sslContext.keyStorePassword" deprecated="jetty.keystore.password" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>
|
||||
|
|
|
@ -53,8 +53,8 @@ public class SslConnectionFactory extends AbstractConnectionFactory
|
|||
public SslConnectionFactory(@Name("sslContextFactory") SslContextFactory factory, @Name("next") String nextProtocol)
|
||||
{
|
||||
super("SSL");
|
||||
_sslContextFactory=factory==null?new SslContextFactory():factory;
|
||||
_nextProtocol=nextProtocol;
|
||||
_sslContextFactory = factory == null ? new SslContextFactory.Server() : factory;
|
||||
_nextProtocol = nextProtocol;
|
||||
addBean(_sslContextFactory);
|
||||
}
|
||||
|
||||
|
|
|
@ -18,11 +18,6 @@
|
|||
|
||||
package org.eclipse.jetty.server;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.InputStream;
|
||||
import java.io.OutputStream;
|
||||
|
@ -49,6 +44,11 @@ import org.junit.jupiter.api.Tag;
|
|||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.condition.DisabledIfSystemProperty;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
|
||||
public class ConnectionOpenCloseTest extends AbstractHttpTest
|
||||
{
|
||||
@Test
|
||||
|
@ -170,7 +170,7 @@ public class ConnectionOpenCloseTest extends AbstractHttpTest
|
|||
@DisabledIfSystemProperty(named = "env", matches = "ci") // TODO: SLOW, needs review
|
||||
public void testSSLOpenRequestClose() throws Exception
|
||||
{
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
File keystore = MavenTestingUtils.getTestResourceFile("keystore");
|
||||
sslContextFactory.setKeyStoreResource(Resource.newResource(keystore));
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
|
|
|
@ -52,7 +52,7 @@ public class OptionalSslConnectionTest
|
|||
server = new Server(serverThreads);
|
||||
|
||||
String keystore = MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keystore);
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyManagerPassword("keypwd");
|
||||
|
@ -113,7 +113,7 @@ public class OptionalSslConnectionTest
|
|||
}
|
||||
|
||||
// Then try a SSL connection.
|
||||
SslContextFactory sslContextFactory = new SslContextFactory(true);
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Client(true);
|
||||
sslContextFactory.start();
|
||||
try (Socket ssl = sslContextFactory.newSslSocket())
|
||||
{
|
||||
|
|
|
@ -18,11 +18,6 @@
|
|||
|
||||
package org.eclipse.jetty.server;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.OutputStream;
|
||||
|
@ -62,6 +57,11 @@ import org.junit.jupiter.params.ParameterizedTest;
|
|||
import org.junit.jupiter.params.provider.Arguments;
|
||||
import org.junit.jupiter.params.provider.MethodSource;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
|
||||
public class ThreadStarvationTest
|
||||
{
|
||||
final static int BUFFER_SIZE=1024*1024;
|
||||
|
@ -89,7 +89,7 @@ public class ThreadStarvationTest
|
|||
// HTTPS/SSL/TLS
|
||||
ConnectorProvider https = (server, acceptors, selectors) -> {
|
||||
Path keystorePath = MavenTestingUtils.getTestResourcePath("keystore");
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keystorePath.toString());
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyManagerPassword("keypwd");
|
||||
|
|
|
@ -18,11 +18,6 @@
|
|||
|
||||
package org.eclipse.jetty.server.handler;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.hamcrest.Matchers.not;
|
||||
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
|
@ -58,6 +53,11 @@ import org.junit.jupiter.api.AfterEach;
|
|||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.hamcrest.Matchers.not;
|
||||
|
||||
public class DebugHandlerTest
|
||||
{
|
||||
public final static HostnameVerifier __hostnameverifier = new HostnameVerifier()
|
||||
|
@ -89,7 +89,7 @@ public class DebugHandlerTest
|
|||
server.addConnector(httpConnector);
|
||||
|
||||
File keystorePath = MavenTestingUtils.getTestResourceFile("keystore");
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keystorePath.getAbsolutePath());
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyManagerPassword("keypwd");
|
||||
|
|
|
@ -18,10 +18,6 @@
|
|||
|
||||
package org.eclipse.jetty.server.handler;
|
||||
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
|
@ -55,6 +51,10 @@ import org.junit.jupiter.api.AfterAll;
|
|||
import org.junit.jupiter.api.BeforeAll;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
|
||||
public class SecuredRedirectHandlerTest
|
||||
{
|
||||
private static Server server;
|
||||
|
@ -68,7 +68,7 @@ public class SecuredRedirectHandlerTest
|
|||
{
|
||||
// Setup SSL
|
||||
File keystore = MavenTestingUtils.getTestResourceFile("keystore");
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keystore.getAbsolutePath());
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyManagerPassword("keypwd");
|
||||
|
|
|
@ -27,7 +27,6 @@ import java.net.Socket;
|
|||
import java.nio.charset.StandardCharsets;
|
||||
|
||||
import javax.net.ssl.SSLContext;
|
||||
import javax.net.ssl.SSLEngine;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
@ -37,7 +36,6 @@ import org.eclipse.jetty.server.Server;
|
|||
import org.eclipse.jetty.server.ServerConnector;
|
||||
import org.eclipse.jetty.server.handler.AbstractHandler;
|
||||
import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
|
||||
import org.eclipse.jetty.util.TypeUtil;
|
||||
import org.eclipse.jetty.util.resource.Resource;
|
||||
import org.eclipse.jetty.util.ssl.SslContextFactory;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
@ -48,7 +46,7 @@ public class SSLCloseTest
|
|||
public void testClose() throws Exception
|
||||
{
|
||||
File keystore = MavenTestingUtils.getTestResourceFile("keystore");
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStoreResource(Resource.newResource(keystore));
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyManagerPassword("keypwd");
|
||||
|
|
|
@ -23,12 +23,6 @@
|
|||
|
||||
package org.eclipse.jetty.server.ssl;
|
||||
|
||||
import static org.hamcrest.Matchers.greaterThan;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
|
||||
import java.io.BufferedReader;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
|
@ -63,6 +57,12 @@ import org.junit.jupiter.api.AfterEach;
|
|||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.greaterThan;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
|
@ -109,7 +109,7 @@ public class SSLEngineTest
|
|||
public void startServer() throws Exception
|
||||
{
|
||||
String keystore = MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keystore);
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyManagerPassword("keypwd");
|
||||
|
|
|
@ -18,9 +18,6 @@
|
|||
|
||||
package org.eclipse.jetty.server.ssl;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
|
@ -46,6 +43,9 @@ import org.junit.jupiter.api.Test;
|
|||
import org.junit.jupiter.api.condition.DisabledOnJre;
|
||||
import org.junit.jupiter.api.condition.JRE;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
|
||||
// Only in JDK 11 is possible to use SSLSocket.shutdownOutput().
|
||||
@DisabledOnJre({JRE.JAVA_8, JRE.JAVA_9, JRE.JAVA_10})
|
||||
public class SSLReadEOFAfterResponseTest
|
||||
|
@ -54,7 +54,7 @@ public class SSLReadEOFAfterResponseTest
|
|||
public void testReadEOFAfterResponse() throws Exception
|
||||
{
|
||||
File keystore = MavenTestingUtils.getTestResourceFile("keystore");
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStoreResource(Resource.newResource(keystore));
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyManagerPassword("keypwd");
|
||||
|
|
|
@ -18,9 +18,6 @@
|
|||
|
||||
package org.eclipse.jetty.server.ssl;
|
||||
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
|
||||
import java.io.BufferedReader;
|
||||
import java.io.FileInputStream;
|
||||
import java.io.IOException;
|
||||
|
@ -53,6 +50,9 @@ import org.junit.jupiter.api.AfterAll;
|
|||
import org.junit.jupiter.api.BeforeAll;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
|
||||
public class SSLSelectChannelConnectorLoadTest
|
||||
{
|
||||
private static Server server;
|
||||
|
@ -63,7 +63,7 @@ public class SSLSelectChannelConnectorLoadTest
|
|||
public static void startServer() throws Exception
|
||||
{
|
||||
String keystorePath = System.getProperty("basedir", ".") + "/src/test/resources/keystore";
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keystorePath);
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyManagerPassword("keypwd");
|
||||
|
|
|
@ -18,14 +18,6 @@
|
|||
|
||||
package org.eclipse.jetty.server.ssl;
|
||||
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.hamcrest.Matchers.isEmptyOrNullString;
|
||||
import static org.hamcrest.Matchers.not;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.junit.jupiter.api.condition.OS.WINDOWS;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.OutputStream;
|
||||
|
@ -62,11 +54,19 @@ import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
|
|||
import org.eclipse.jetty.util.log.Log;
|
||||
import org.eclipse.jetty.util.ssl.SslContextFactory;
|
||||
import org.hamcrest.Matchers;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Disabled;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.condition.DisabledOnOs;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.hamcrest.Matchers.isEmptyOrNullString;
|
||||
import static org.hamcrest.Matchers.not;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.condition.OS.WINDOWS;
|
||||
|
||||
/**
|
||||
* HttpServer Tester.
|
||||
*/
|
||||
|
@ -83,7 +83,7 @@ public class SelectChannelServerSslTest extends HttpServerTestBase
|
|||
public void init() throws Exception
|
||||
{
|
||||
String keystorePath = MavenTestingUtils.getTestResourcePath("keystore").toString();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keystorePath);
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyManagerPassword("keypwd");
|
||||
|
|
|
@ -18,8 +18,6 @@
|
|||
|
||||
package org.eclipse.jetty.server.ssl;
|
||||
|
||||
import static java.time.Duration.ofSeconds;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
|
@ -51,6 +49,8 @@ import org.junit.jupiter.api.Disabled;
|
|||
import org.junit.jupiter.api.Tag;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import static java.time.Duration.ofSeconds;
|
||||
|
||||
@Tag("Unstable")
|
||||
@Disabled
|
||||
public class SlowClientsTest
|
||||
|
@ -61,7 +61,7 @@ public class SlowClientsTest
|
|||
public void testSlowClientsWithSmallThreadPool() throws Exception
|
||||
{
|
||||
File keystore = MavenTestingUtils.getTestResourceFile("keystore");
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keystore.getAbsolutePath());
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyManagerPassword("keypwd");
|
||||
|
|
|
@ -18,12 +18,6 @@
|
|||
|
||||
package org.eclipse.jetty.server.ssl;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
import static org.hamcrest.Matchers.startsWith;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.FileNotFoundException;
|
||||
import java.io.IOException;
|
||||
|
@ -70,6 +64,12 @@ import org.junit.jupiter.api.AfterEach;
|
|||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
import static org.hamcrest.Matchers.startsWith;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
|
||||
public class SniSslConnectionFactoryTest
|
||||
{
|
||||
private Server _server;
|
||||
|
@ -118,7 +118,7 @@ public class SniSslConnectionFactoryTest
|
|||
if (!keystoreFile.exists())
|
||||
throw new FileNotFoundException(keystoreFile.getAbsolutePath());
|
||||
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keystoreFile.getAbsolutePath());
|
||||
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
|
||||
|
@ -224,7 +224,7 @@ public class SniSslConnectionFactoryTest
|
|||
{
|
||||
start("src/test/resources/keystore_sni.p12");
|
||||
|
||||
SslContextFactory clientContextFactory = new SslContextFactory(true);
|
||||
SslContextFactory clientContextFactory = new SslContextFactory.Client(true);
|
||||
clientContextFactory.start();
|
||||
SSLSocketFactory factory = clientContextFactory.getSslContext().getSocketFactory();
|
||||
try (SSLSocket sslSocket = (SSLSocket)factory.createSocket("127.0.0.1", _port))
|
||||
|
@ -282,7 +282,7 @@ public class SniSslConnectionFactoryTest
|
|||
{
|
||||
start("src/test/resources/keystore_sni.p12");
|
||||
|
||||
SslContextFactory clientContextFactory = new SslContextFactory(true);
|
||||
SslContextFactory clientContextFactory = new SslContextFactory.Client(true);
|
||||
clientContextFactory.start();
|
||||
SSLSocketFactory factory = clientContextFactory.getSslContext().getSocketFactory();
|
||||
try (SSLSocket sslSocket = (SSLSocket)factory.createSocket("127.0.0.1", _port))
|
||||
|
@ -360,7 +360,7 @@ public class SniSslConnectionFactoryTest
|
|||
|
||||
private String getResponse(String sniHost, String reqHost, String cn) throws Exception
|
||||
{
|
||||
SslContextFactory clientContextFactory = new SslContextFactory(true);
|
||||
SslContextFactory clientContextFactory = new SslContextFactory.Client(true);
|
||||
clientContextFactory.start();
|
||||
SSLSocketFactory factory = clientContextFactory.getSslContext().getSocketFactory();
|
||||
try (SSLSocket sslSocket = (SSLSocket)factory.createSocket("127.0.0.1", _port))
|
||||
|
|
|
@ -18,11 +18,6 @@
|
|||
|
||||
package org.eclipse.jetty.server.ssl;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.FileNotFoundException;
|
||||
import java.io.IOException;
|
||||
|
@ -59,10 +54,14 @@ import org.eclipse.jetty.util.IO;
|
|||
import org.eclipse.jetty.util.ssl.SslContextFactory;
|
||||
import org.hamcrest.Matchers;
|
||||
import org.junit.jupiter.api.AfterEach;
|
||||
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
|
||||
public class SslConnectionFactoryTest
|
||||
{
|
||||
private Server _server;
|
||||
|
@ -87,7 +86,7 @@ public class SslConnectionFactoryTest
|
|||
https_config.addCustomizer(new SecureRequestCustomizer());
|
||||
|
||||
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keystoreFile.getAbsolutePath());
|
||||
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
|
||||
|
@ -210,7 +209,7 @@ public class SslConnectionFactoryTest
|
|||
|
||||
private String getResponse(String sniHost, String reqHost, String cn) throws Exception
|
||||
{
|
||||
SslContextFactory clientContextFactory = new SslContextFactory(true);
|
||||
SslContextFactory clientContextFactory = new SslContextFactory.Client(true);
|
||||
clientContextFactory.start();
|
||||
SSLSocketFactory factory = clientContextFactory.getSslContext().getSocketFactory();
|
||||
|
||||
|
|
|
@ -18,10 +18,6 @@
|
|||
|
||||
package org.eclipse.jetty.server.ssl;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.OutputStream;
|
||||
|
@ -56,9 +52,12 @@ import org.eclipse.jetty.util.thread.ScheduledExecutorScheduler;
|
|||
import org.eclipse.jetty.util.thread.Scheduler;
|
||||
import org.hamcrest.Matchers;
|
||||
import org.junit.jupiter.api.AfterEach;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||
|
||||
public class SslContextFactoryReloadTest
|
||||
{
|
||||
public static final String KEYSTORE_1 = "src/test/resources/reload_keystore_1.jks";
|
||||
|
@ -72,7 +71,7 @@ public class SslContextFactoryReloadTest
|
|||
{
|
||||
server = new Server();
|
||||
|
||||
sslContextFactory = new SslContextFactory();
|
||||
sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(KEYSTORE_1);
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyStoreType("JKS");
|
||||
|
|
|
@ -45,7 +45,7 @@ public class SslSelectChannelTimeoutTest extends ConnectorTimeoutTest
|
|||
public void init() throws Exception
|
||||
{
|
||||
String keystorePath = System.getProperty("basedir",".") + "/src/test/resources/keystore";
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keystorePath);
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyManagerPassword("keypwd");
|
||||
|
@ -64,7 +64,5 @@ public class SslSelectChannelTimeoutTest extends ConnectorTimeoutTest
|
|||
trustManagerFactory.init(keystore);
|
||||
__sslContext = SSLContext.getInstance("SSL");
|
||||
__sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -18,9 +18,6 @@
|
|||
|
||||
package org.eclipse.jetty.server.ssl;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.FileInputStream;
|
||||
import java.io.IOException;
|
||||
|
@ -49,6 +46,9 @@ import org.junit.jupiter.api.BeforeAll;
|
|||
import org.junit.jupiter.api.Disabled;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
|
||||
/**
|
||||
*/
|
||||
public class SslUploadTest
|
||||
|
@ -62,7 +62,7 @@ public class SslUploadTest
|
|||
{
|
||||
File keystore = MavenTestingUtils.getTestResourceFile("keystore");
|
||||
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keystore.getAbsolutePath());
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyManagerPassword("keypwd");
|
||||
|
|
|
@ -18,9 +18,6 @@
|
|||
|
||||
package org.eclipse.jetty.servlet;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.OutputStream;
|
||||
|
@ -48,6 +45,9 @@ import org.junit.jupiter.params.ParameterizedTest;
|
|||
import org.junit.jupiter.params.provider.Arguments;
|
||||
import org.junit.jupiter.params.provider.MethodSource;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
|
||||
public class SSLAsyncIOServletTest
|
||||
{
|
||||
public static Stream<Arguments> scenarios()
|
||||
|
@ -221,8 +221,7 @@ public class SSLAsyncIOServletTest
|
|||
Path keystorePath = MavenTestingUtils.getTestResourcePath("keystore.jks");
|
||||
Path truststorePath = MavenTestingUtils.getTestResourcePath("truststore.jks");
|
||||
|
||||
sslContextFactory = new SslContextFactory();
|
||||
sslContextFactory.setEndpointIdentificationAlgorithm("");
|
||||
sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keystorePath.toString());
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setTrustStorePath(truststorePath.toString());
|
||||
|
|
|
@ -86,10 +86,10 @@ import org.eclipse.jetty.util.security.CertificateValidator;
|
|||
import org.eclipse.jetty.util.security.Password;
|
||||
|
||||
/**
|
||||
* SslContextFactory is used to configure SSL connectors
|
||||
* as well as HttpClient. It holds all SSL parameters and
|
||||
* creates SSL context based on these parameters to be
|
||||
* used by the SSL connectors.
|
||||
* <p>SslContextFactory is used to configure SSL parameters
|
||||
* to be used by server and client connectors.</p>
|
||||
* <p>Use {@link Server} to configure server-side connectors,
|
||||
* and {@link Client} to configure HTTP or WebSocket clients.</p>
|
||||
*/
|
||||
@ManagedObject
|
||||
public class SslContextFactory extends AbstractLifeCycle implements Dumpable
|
||||
|
@ -198,9 +198,11 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
|
|||
private HostnameVerifier _hostnameVerifier;
|
||||
|
||||
/**
|
||||
* Construct an instance of SslContextFactory
|
||||
* Default constructor for use in XmlConfiguration files
|
||||
* Construct an instance of SslContextFactory with the default configuration.
|
||||
*
|
||||
* @deprecated use {@link Client#Client()} or {@link Server#Server()} instead
|
||||
*/
|
||||
@Deprecated
|
||||
public SslContextFactory()
|
||||
{
|
||||
this(false);
|
||||
|
@ -212,7 +214,9 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
|
|||
*
|
||||
* @param trustAll whether to blindly trust all certificates
|
||||
* @see #setTrustAll(boolean)
|
||||
* @deprecated use {@link Client#Client(boolean)} instead
|
||||
*/
|
||||
@Deprecated
|
||||
public SslContextFactory(boolean trustAll)
|
||||
{
|
||||
this(trustAll, null);
|
||||
|
@ -222,7 +226,9 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
|
|||
* Construct an instance of SslContextFactory
|
||||
*
|
||||
* @param keyStorePath default keystore location
|
||||
* @deprecated use {@link #setKeyStorePath(String)} instead
|
||||
*/
|
||||
@Deprecated
|
||||
public SslContextFactory(String keyStorePath)
|
||||
{
|
||||
this(false, keyStorePath);
|
||||
|
@ -249,21 +255,33 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
|
|||
{
|
||||
load();
|
||||
}
|
||||
|
||||
secureConfigurationCheck();
|
||||
checkConfiguration();
|
||||
}
|
||||
|
||||
protected void secureConfigurationCheck()
|
||||
protected void checkConfiguration()
|
||||
{
|
||||
if (isTrustAll())
|
||||
LOG_CONFIG.warn("Trusting all certificates configured for {}",this);
|
||||
if (getEndpointIdentificationAlgorithm()==null)
|
||||
LOG_CONFIG.warn("No Client EndPointIdentificationAlgorithm configured for {}",this);
|
||||
|
||||
SSLEngine engine = _factory._context.createSSLEngine();
|
||||
customize(engine);
|
||||
SSLParameters supported = engine.getSSLParameters();
|
||||
|
||||
checkProtocols(supported);
|
||||
checkCiphers(supported);
|
||||
}
|
||||
|
||||
protected void checkTrustAll()
|
||||
{
|
||||
if (isTrustAll())
|
||||
LOG_CONFIG.warn("Trusting all certificates configured for {}", this);
|
||||
}
|
||||
|
||||
protected void checkEndPointIdentificationAlgorithm()
|
||||
{
|
||||
if (getEndpointIdentificationAlgorithm() == null)
|
||||
LOG_CONFIG.warn("No Client EndPointIdentificationAlgorithm configured for {}", this);
|
||||
}
|
||||
|
||||
protected void checkProtocols(SSLParameters supported)
|
||||
{
|
||||
for (String protocol : supported.getProtocols())
|
||||
{
|
||||
for (String excluded : DEFAULT_EXCLUDED_PROTOCOLS)
|
||||
|
@ -272,7 +290,10 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
|
|||
LOG_CONFIG.warn("Protocol {} not excluded for {}", protocol, this);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
protected void checkCiphers(SSLParameters supported)
|
||||
{
|
||||
for (String suite : supported.getCipherSuites())
|
||||
{
|
||||
for (String excludedSuiteRegex : DEFAULT_EXCLUDED_CIPHER_SUITES)
|
||||
|
@ -417,9 +438,9 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
|
|||
getExcludeCipherSuites(),
|
||||
getIncludeCipherSuites()));
|
||||
}
|
||||
catch (NoSuchAlgorithmException ignore)
|
||||
catch (NoSuchAlgorithmException x)
|
||||
{
|
||||
LOG.ignore(ignore);
|
||||
LOG.ignore(x);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -754,8 +775,10 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
|
|||
/**
|
||||
* @return True if SSL needs client authentication.
|
||||
* @see SSLEngine#getNeedClientAuth()
|
||||
* @deprecated use {@link Server#getNeedClientAuth()} instead
|
||||
*/
|
||||
@ManagedAttribute("Whether client authentication is needed")
|
||||
@Deprecated
|
||||
public boolean getNeedClientAuth()
|
||||
{
|
||||
return _needClientAuth;
|
||||
|
@ -764,7 +787,9 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
|
|||
/**
|
||||
* @param needClientAuth True if SSL needs client authentication.
|
||||
* @see SSLEngine#getNeedClientAuth()
|
||||
* @deprecated use {@link Server#setNeedClientAuth(boolean)} instead
|
||||
*/
|
||||
@Deprecated
|
||||
public void setNeedClientAuth(boolean needClientAuth)
|
||||
{
|
||||
_needClientAuth = needClientAuth;
|
||||
|
@ -773,8 +798,10 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
|
|||
/**
|
||||
* @return True if SSL wants client authentication.
|
||||
* @see SSLEngine#getWantClientAuth()
|
||||
* @deprecated use {@link Server#getWantClientAuth()} instead
|
||||
*/
|
||||
@ManagedAttribute("Whether client authentication is wanted")
|
||||
@Deprecated
|
||||
public boolean getWantClientAuth()
|
||||
{
|
||||
return _wantClientAuth;
|
||||
|
@ -783,7 +810,9 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
|
|||
/**
|
||||
* @param wantClientAuth True if SSL wants client authentication.
|
||||
* @see SSLEngine#getWantClientAuth()
|
||||
* @deprecated use {@link Server#setWantClientAuth(boolean)} instead
|
||||
*/
|
||||
@Deprecated
|
||||
public void setWantClientAuth(boolean wantClientAuth)
|
||||
{
|
||||
_wantClientAuth = wantClientAuth;
|
||||
|
@ -1110,6 +1139,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
|
|||
* Deployments can be vulnerable to a man-in-the-middle attack if a EndpointIndentificationAlgorithm
|
||||
* is not set.
|
||||
* @param endpointIdentificationAlgorithm Set the endpointIdentificationAlgorithm
|
||||
* @see #setHostnameVerifier(HostnameVerifier)
|
||||
*/
|
||||
public void setEndpointIdentificationAlgorithm(String endpointIdentificationAlgorithm)
|
||||
{
|
||||
|
@ -1198,7 +1228,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
|
|||
}
|
||||
|
||||
// Is SNI needed to select a certificate?
|
||||
if (!_certWilds.isEmpty() || _certHosts.size()>1 || _certHosts.size()==1 && _aliasX509.size()>1)
|
||||
if (!_certWilds.isEmpty() || _certHosts.size()>1 || (_certHosts.size()==1 && _aliasX509.size()>1))
|
||||
{
|
||||
for (int idx = 0; idx < managers.length; idx++)
|
||||
{
|
||||
|
@ -1761,10 +1791,14 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
|
|||
sslParams.setCipherSuites(_selectedCipherSuites);
|
||||
if (_selectedProtocols != null)
|
||||
sslParams.setProtocols(_selectedProtocols);
|
||||
if (getWantClientAuth())
|
||||
if (this instanceof Server)
|
||||
{
|
||||
Server server = (Server)this;
|
||||
if (server.getWantClientAuth())
|
||||
sslParams.setWantClientAuth(true);
|
||||
if (getNeedClientAuth())
|
||||
if (server.getNeedClientAuth())
|
||||
sslParams.setNeedClientAuth(true);
|
||||
}
|
||||
return sslParams;
|
||||
}
|
||||
|
||||
|
@ -1792,7 +1826,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
|
|||
java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509");
|
||||
for (int i = 0; i < length; i++)
|
||||
{
|
||||
byte bytes[] = javaxCerts[i].getEncoded();
|
||||
byte[] bytes = javaxCerts[i].getEncoded();
|
||||
ByteArrayInputStream stream = new ByteArrayInputStream(bytes);
|
||||
javaCerts[i] = (X509Certificate)cf.generateCertificate(stream);
|
||||
}
|
||||
|
@ -1953,4 +1987,56 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
|
|||
return _x509;
|
||||
}
|
||||
}
|
||||
|
||||
public static class Client extends SslContextFactory
|
||||
{
|
||||
public Client()
|
||||
{
|
||||
this(false);
|
||||
}
|
||||
|
||||
public Client(boolean trustAll)
|
||||
{
|
||||
super(trustAll);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void checkConfiguration()
|
||||
{
|
||||
checkTrustAll();
|
||||
checkEndPointIdentificationAlgorithm();
|
||||
super.checkConfiguration();
|
||||
}
|
||||
}
|
||||
|
||||
public static class Server extends SslContextFactory
|
||||
{
|
||||
public Server()
|
||||
{
|
||||
setEndpointIdentificationAlgorithm(null);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean getWantClientAuth()
|
||||
{
|
||||
return super.getWantClientAuth();
|
||||
}
|
||||
|
||||
public void setWantClientAuth(boolean wantClientAuth)
|
||||
{
|
||||
super.setWantClientAuth(wantClientAuth);
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean getNeedClientAuth()
|
||||
{
|
||||
return super.getNeedClientAuth();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setNeedClientAuth(boolean needClientAuth)
|
||||
{
|
||||
super.setNeedClientAuth(needClientAuth);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -18,21 +18,6 @@
|
|||
|
||||
package org.eclipse.jetty.util.ssl;
|
||||
|
||||
import static org.eclipse.jetty.toolchain.test.matchers.RegexMatcher.matchesPattern;
|
||||
import static org.hamcrest.Matchers.containsInAnyOrder;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
import static org.hamcrest.Matchers.equalTo;
|
||||
import static org.hamcrest.Matchers.greaterThan;
|
||||
import static org.hamcrest.Matchers.hasItem;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.hamcrest.Matchers.not;
|
||||
import static org.junit.jupiter.api.Assertions.assertFalse;
|
||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.security.KeyStore;
|
||||
|
@ -50,6 +35,22 @@ import org.eclipse.jetty.util.resource.Resource;
|
|||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import static org.eclipse.jetty.toolchain.test.matchers.RegexMatcher.matchesPattern;
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.containsInAnyOrder;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
import static org.hamcrest.Matchers.equalTo;
|
||||
import static org.hamcrest.Matchers.greaterThan;
|
||||
import static org.hamcrest.Matchers.hasItem;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.hamcrest.Matchers.not;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertFalse;
|
||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||
import static org.junit.jupiter.api.Assertions.assertNull;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
|
||||
public class SslContextFactoryTest
|
||||
{
|
||||
private SslContextFactory cf;
|
||||
|
@ -57,7 +58,7 @@ public class SslContextFactoryTest
|
|||
@BeforeEach
|
||||
public void setUp() throws Exception
|
||||
{
|
||||
cf = new SslContextFactory();
|
||||
cf = new SslContextFactory.Server();
|
||||
|
||||
java.security.cert.CertPathBuilder certPathBuilder = java.security.cert.CertPathBuilder.getInstance("PKIX");
|
||||
java.security.cert.PKIXRevocationChecker revocationChecker = (java.security.cert.PKIXRevocationChecker)certPathBuilder.getRevocationChecker();
|
||||
|
@ -325,18 +326,36 @@ public class SslContextFactoryTest
|
|||
@Test
|
||||
public void testNonDefaultKeyStoreTypeUsedForTrustStore() throws Exception
|
||||
{
|
||||
cf = new SslContextFactory();
|
||||
cf = new SslContextFactory.Server();
|
||||
cf.setKeyStoreResource(Resource.newSystemResource("keystore.p12"));
|
||||
cf.setKeyStoreType("pkcs12");
|
||||
cf.setKeyStorePassword("storepwd");
|
||||
cf.start();
|
||||
cf.stop();
|
||||
|
||||
cf = new SslContextFactory();
|
||||
cf = new SslContextFactory.Server();
|
||||
cf.setKeyStoreResource(Resource.newSystemResource("keystore.jce"));
|
||||
cf.setKeyStoreType("jceks");
|
||||
cf.setKeyStorePassword("storepwd");
|
||||
cf.start();
|
||||
cf.stop();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testClientSslContextFactory() throws Exception
|
||||
{
|
||||
cf = new SslContextFactory.Client();
|
||||
cf.start();
|
||||
|
||||
assertEquals("HTTPS", cf.getEndpointIdentificationAlgorithm());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testServerSslContextFactory() throws Exception
|
||||
{
|
||||
cf = new SslContextFactory.Server();
|
||||
cf.start();
|
||||
|
||||
assertNull(cf.getEndpointIdentificationAlgorithm());
|
||||
}
|
||||
}
|
||||
|
|
|
@ -44,7 +44,7 @@ class DefaultHttpClientProvider
|
|||
|
||||
if (sslContextFactory == null)
|
||||
{
|
||||
sslContextFactory = new SslContextFactory();
|
||||
sslContextFactory = new SslContextFactory.Client();
|
||||
sslContextFactory.setTrustAll(false);
|
||||
sslContextFactory.setEndpointIdentificationAlgorithm("HTTPS");
|
||||
}
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
<Configure class="org.eclipse.jetty.client.HttpClient">
|
||||
<Arg>
|
||||
<New class="org.eclipse.jetty.util.ssl.SslContextFactory">
|
||||
<New class="org.eclipse.jetty.util.ssl.SslContextFactory$Client">
|
||||
<Set name="trustAll" type="java.lang.Boolean">false</Set>
|
||||
<Call name="addExcludeProtocols">
|
||||
<Arg>
|
||||
|
|
|
@ -48,8 +48,7 @@ public class SimpleContainerScope extends ContainerLifeCycle implements WebSocke
|
|||
|
||||
public SimpleContainerScope(WebSocketPolicy policy)
|
||||
{
|
||||
this(policy, new MappedByteBufferPool(), new DecoratedObjectFactory());
|
||||
this.sslContextFactory = new SslContextFactory();
|
||||
this(policy, new MappedByteBufferPool());
|
||||
}
|
||||
|
||||
public SimpleContainerScope(WebSocketPolicy policy, ByteBufferPool bufferPool)
|
||||
|
@ -59,7 +58,7 @@ public class SimpleContainerScope extends ContainerLifeCycle implements WebSocke
|
|||
|
||||
public SimpleContainerScope(WebSocketPolicy policy, ByteBufferPool bufferPool, DecoratedObjectFactory objectFactory)
|
||||
{
|
||||
this(policy, bufferPool, (Executor) null, objectFactory);
|
||||
this(policy, bufferPool, null, objectFactory);
|
||||
}
|
||||
|
||||
public SimpleContainerScope(WebSocketPolicy policy, ByteBufferPool bufferPool, Executor executor, DecoratedObjectFactory objectFactory)
|
||||
|
@ -83,9 +82,9 @@ public class SimpleContainerScope extends ContainerLifeCycle implements WebSocke
|
|||
this.objectFactory = objectFactory;
|
||||
}
|
||||
|
||||
if(ssl == null)
|
||||
if (ssl == null)
|
||||
{
|
||||
this.sslContextFactory = new SslContextFactory();
|
||||
this.sslContextFactory = new SslContextFactory.Server();
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
|
@ -18,10 +18,6 @@
|
|||
|
||||
package org.eclipse.jetty.websocket.server;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.hamcrest.Matchers.notNullValue;
|
||||
|
||||
import java.net.URI;
|
||||
import java.util.concurrent.Future;
|
||||
|
||||
|
@ -48,6 +44,10 @@ import org.junit.jupiter.api.AfterAll;
|
|||
import org.junit.jupiter.api.BeforeAll;
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.hamcrest.Matchers.notNullValue;
|
||||
|
||||
public class RedirectWebSocketClientTest
|
||||
{
|
||||
public static Server server;
|
||||
|
@ -114,7 +114,7 @@ public class RedirectWebSocketClientTest
|
|||
|
||||
private static SslContextFactory newSslContextFactory()
|
||||
{
|
||||
SslContextFactory ssl = new SslContextFactory();
|
||||
SslContextFactory ssl = new SslContextFactory.Server();
|
||||
ssl.setKeyStorePath(MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath());
|
||||
ssl.setKeyStorePassword("storepwd");
|
||||
ssl.setKeyManagerPassword("keypwd");
|
||||
|
@ -124,7 +124,10 @@ public class RedirectWebSocketClientTest
|
|||
@Test
|
||||
public void testRedirect() throws Exception
|
||||
{
|
||||
SslContextFactory ssl = newSslContextFactory();
|
||||
SslContextFactory ssl = new SslContextFactory.Client();
|
||||
ssl.setKeyStorePath(MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath());
|
||||
ssl.setKeyStorePassword("storepwd");
|
||||
ssl.setKeyManagerPassword("keypwd");
|
||||
ssl.setTrustAll(false);
|
||||
ssl.setEndpointIdentificationAlgorithm(null);
|
||||
HttpClient httpClient = new HttpClient(ssl);
|
||||
|
@ -149,7 +152,7 @@ public class RedirectWebSocketClientTest
|
|||
}
|
||||
|
||||
@WebSocket
|
||||
public static class EmptyWebSocket {
|
||||
|
||||
public static class EmptyWebSocket
|
||||
{
|
||||
}
|
||||
}
|
||||
|
|
|
@ -19,6 +19,7 @@
|
|||
package org.eclipse.jetty.websocket.server;
|
||||
|
||||
import java.net.URI;
|
||||
|
||||
import javax.servlet.http.HttpServlet;
|
||||
|
||||
import org.eclipse.jetty.http.HttpVersion;
|
||||
|
@ -87,11 +88,10 @@ public class SimpleServletServer
|
|||
http_config.setSendServerVersion(true);
|
||||
http_config.setSendDateHeader(false);
|
||||
|
||||
sslContextFactory = new SslContextFactory();
|
||||
sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath());
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyManagerPassword("keypwd");
|
||||
sslContextFactory.setEndpointIdentificationAlgorithm(null);
|
||||
|
||||
// SSL HTTP Configuration
|
||||
HttpConfiguration https_config = new HttpConfiguration(http_config);
|
||||
|
|
|
@ -65,7 +65,7 @@ public class HttpChannelAssociationTest extends AbstractTest<TransportScenario>
|
|||
init(transport);
|
||||
scenario.startServer(new EmptyServerHandler());
|
||||
|
||||
scenario.client = new HttpClient(newHttpClientTransport(scenario, exchange -> false), scenario.sslContextFactory);
|
||||
scenario.client = new HttpClient(newHttpClientTransport(scenario, exchange -> false), scenario.newClientSslContextFactory());
|
||||
QueuedThreadPool clientThreads = new QueuedThreadPool();
|
||||
clientThreads.setName("client");
|
||||
scenario.client.setExecutor(clientThreads);
|
||||
|
@ -90,8 +90,7 @@ public class HttpChannelAssociationTest extends AbstractTest<TransportScenario>
|
|||
scenario.startServer(new EmptyServerHandler());
|
||||
|
||||
long idleTimeout = 1000;
|
||||
SslContextFactory sslContextFactory = scenario.newSslContextFactory();
|
||||
sslContextFactory.setEndpointIdentificationAlgorithm(null);
|
||||
SslContextFactory sslContextFactory = scenario.newClientSslContextFactory();
|
||||
scenario.client = new HttpClient(newHttpClientTransport(scenario, exchange ->
|
||||
{
|
||||
// We idle timeout just before the association,
|
||||
|
|
|
@ -18,15 +18,6 @@
|
|||
|
||||
package org.eclipse.jetty.http.client;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertFalse;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
import static org.junit.jupiter.api.Assertions.fail;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.InterruptedIOException;
|
||||
|
@ -63,6 +54,15 @@ import org.junit.jupiter.api.Assumptions;
|
|||
import org.junit.jupiter.params.ParameterizedTest;
|
||||
import org.junit.jupiter.params.provider.ArgumentsSource;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.containsString;
|
||||
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertFalse;
|
||||
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||
import static org.junit.jupiter.api.Assertions.fail;
|
||||
|
||||
public class HttpClientTest extends AbstractTest<TransportScenario>
|
||||
{
|
||||
@Override
|
||||
|
@ -343,7 +343,9 @@ public class HttpClientTest extends AbstractTest<TransportScenario>
|
|||
scenario.startServer(new EmptyServerHandler());
|
||||
|
||||
// Use a default SslContextFactory, requests should fail because the server certificate is unknown.
|
||||
scenario.client = scenario.newHttpClient(scenario.provideClientTransport(), new SslContextFactory());
|
||||
SslContextFactory.Client clientTLS = scenario.newClientSslContextFactory();
|
||||
clientTLS.setEndpointIdentificationAlgorithm("HTTPS");
|
||||
scenario.client = scenario.newHttpClient(scenario.provideClientTransport(), clientTLS);
|
||||
QueuedThreadPool clientThreads = new QueuedThreadPool();
|
||||
clientThreads.setName("client");
|
||||
scenario.client.setExecutor(clientThreads);
|
||||
|
|
|
@ -251,8 +251,7 @@ public class HttpClientTimeoutTest extends AbstractTest<TransportScenario>
|
|||
scenario.startServer(new TimeoutHandler(2 * timeout));
|
||||
|
||||
AtomicBoolean sslIdle = new AtomicBoolean();
|
||||
SslContextFactory sslContextFactory = scenario.newSslContextFactory();
|
||||
sslContextFactory.setEndpointIdentificationAlgorithm(null);
|
||||
SslContextFactory sslContextFactory = scenario.newClientSslContextFactory();
|
||||
scenario.client = new HttpClient(scenario.provideClientTransport(), sslContextFactory)
|
||||
{
|
||||
@Override
|
||||
|
|
|
@ -298,8 +298,7 @@ public class TransportScenario
|
|||
QueuedThreadPool clientThreads = new QueuedThreadPool();
|
||||
clientThreads.setName("client");
|
||||
clientThreads.setDetailedDump(true);
|
||||
SslContextFactory sslContextFactory = newSslContextFactory();
|
||||
sslContextFactory.setEndpointIdentificationAlgorithm(null);
|
||||
SslContextFactory sslContextFactory = newClientSslContextFactory();
|
||||
client = newHttpClient(provideClientTransport(transport), sslContextFactory);
|
||||
client.setExecutor(clientThreads);
|
||||
client.setSocketAddressResolver(new SocketAddressResolver.Sync());
|
||||
|
@ -324,7 +323,7 @@ public class TransportScenario
|
|||
|
||||
public void startServer(Handler handler) throws Exception
|
||||
{
|
||||
sslContextFactory = newSslContextFactory();
|
||||
sslContextFactory = newServerSslContextFactory();
|
||||
QueuedThreadPool serverThreads = new QueuedThreadPool();
|
||||
serverThreads.setName("server");
|
||||
serverThreads.setDetailedDump(true);
|
||||
|
@ -352,16 +351,29 @@ public class TransportScenario
|
|||
}
|
||||
}
|
||||
|
||||
protected SslContextFactory newSslContextFactory()
|
||||
protected SslContextFactory.Server newServerSslContextFactory()
|
||||
{
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
configureSslContextFactory(sslContextFactory);
|
||||
return sslContextFactory;
|
||||
}
|
||||
|
||||
protected SslContextFactory.Client newClientSslContextFactory()
|
||||
{
|
||||
SslContextFactory.Client sslContextFactory = new SslContextFactory.Client();
|
||||
configureSslContextFactory(sslContextFactory);
|
||||
sslContextFactory.setEndpointIdentificationAlgorithm(null);
|
||||
return sslContextFactory;
|
||||
}
|
||||
|
||||
private void configureSslContextFactory(SslContextFactory sslContextFactory)
|
||||
{
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setTrustStorePath("src/test/resources/truststore.jks");
|
||||
sslContextFactory.setTrustStorePassword("storepwd");
|
||||
sslContextFactory.setUseCipherSuitesOrder(true);
|
||||
sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR);
|
||||
return sslContextFactory;
|
||||
}
|
||||
|
||||
public void stopClient() throws Exception
|
||||
|
|
|
@ -101,11 +101,10 @@ public class HttpInputIntegrationTest
|
|||
|
||||
// SSL Context Factory for HTTPS and HTTP/2
|
||||
String jetty_distro = System.getProperty("jetty.distro","../../jetty-distribution/target/distribution");
|
||||
__sslContextFactory = new SslContextFactory();
|
||||
__sslContextFactory = new SslContextFactory.Server();
|
||||
__sslContextFactory.setKeyStorePath(jetty_distro + "/../../../jetty-server/src/test/config/etc/keystore");
|
||||
__sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
__sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
|
||||
__sslContextFactory.setEndpointIdentificationAlgorithm(null);
|
||||
|
||||
// HTTPS Configuration
|
||||
__sslConfig = new HttpConfiguration(__config);
|
||||
|
|
|
@ -1,10 +1,9 @@
|
|||
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
|
||||
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
|
||||
<Set name="KeyStorePath"><Property name="jetty.home" default="." />/<Property name="jetty.sslContext.keyStorePath" default="keystore"/></Set>
|
||||
<Set name="KeyStorePassword"><Property name="jetty.sslContext.keyStorePassword" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>
|
||||
<Set name="KeyManagerPassword"><Property name="jetty.sslContext.keyManagerPassword" default="OBF:1u2u1wml1z7s1z7a1wnl1u2g"/></Set>
|
||||
<Set name="TrustStorePath"><Property name="jetty.home" default="." />/<Property name="jetty.sslContext.trustStorePath" default="keystore"/></Set>
|
||||
<Set name="TrustStorePassword"><Property name="jetty.sslContext.trustStorePassword" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>
|
||||
<Set name="EndpointIdentificationAlgorithm"></Set>
|
||||
<Set name="ExcludeCipherSuites">
|
||||
<Array type="String">
|
||||
<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
|
||||
|
|
|
@ -54,7 +54,7 @@ public class HTTP1Servlet extends HttpServlet
|
|||
{
|
||||
try
|
||||
{
|
||||
sslContextFactory = new SslContextFactory(true);
|
||||
sslContextFactory = new SslContextFactory.Client(true);
|
||||
http2Client = new HTTP2Client();
|
||||
http2Client.addBean(sslContextFactory);
|
||||
http2Client.start();
|
||||
|
|
|
@ -18,8 +18,6 @@
|
|||
|
||||
package org.eclipse.jetty.test.webapp;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory;
|
||||
|
@ -36,9 +34,10 @@ import org.eclipse.jetty.server.ServerConnector;
|
|||
import org.eclipse.jetty.server.SslConnectionFactory;
|
||||
import org.eclipse.jetty.util.ssl.SslContextFactory;
|
||||
import org.eclipse.jetty.webapp.WebAppContext;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
|
||||
public class HTTP2FromWebAppIT
|
||||
{
|
||||
@Test
|
||||
|
@ -46,7 +45,7 @@ public class HTTP2FromWebAppIT
|
|||
{
|
||||
Server server = new Server();
|
||||
|
||||
SslContextFactory serverTLS = new SslContextFactory();
|
||||
SslContextFactory serverTLS = new SslContextFactory.Server();
|
||||
serverTLS.setKeyStorePath("src/test/resources/keystore.jks");
|
||||
serverTLS.setKeyStorePassword("storepwd");
|
||||
serverTLS.setCipherComparator(new HTTP2Cipher.CipherComparator());
|
||||
|
@ -71,7 +70,7 @@ public class HTTP2FromWebAppIT
|
|||
|
||||
try
|
||||
{
|
||||
SslContextFactory clientTLS = new SslContextFactory(true);
|
||||
SslContextFactory clientTLS = new SslContextFactory.Client(true);
|
||||
HttpClient client = new HttpClient(clientTLS);
|
||||
client.start();
|
||||
|
||||
|
|
|
@ -82,7 +82,7 @@ public class TestTransparentProxyServer
|
|||
|
||||
|
||||
// SSL configurations
|
||||
SslContextFactory sslContextFactory = new SslContextFactory();
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(jetty_root + "/jetty-server/src/main/config/etc/keystore");
|
||||
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
|
||||
|
@ -136,5 +136,4 @@ public class TestTransparentProxyServer
|
|||
server.start();
|
||||
server.join();
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue