Merge pull request #3480 from eclipse/jetty-9.4.x-3464-split_sslcontextfactory

Issue #3464 - Split SslContextFactory into Client and Server
This commit is contained in:
Simone Bordet 2019-04-02 12:39:37 +02:00 committed by GitHub
commit c4b2621f56
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
79 changed files with 582 additions and 416 deletions

View File

@ -22,7 +22,6 @@ package org.eclipse.jetty.embedded;
import java.io.File;
import java.io.IOException;
import java.lang.management.ManagementFactory;
import java.nio.file.Files;
import java.util.Date;
import java.util.EnumSet;
@ -101,7 +100,7 @@ public class Http2Server
String jetty_distro = System.getProperty("jetty.distro","../../jetty-distribution/target/distribution");
if (!new File(jetty_distro).exists())
jetty_distro = "jetty-distribution/target/distribution";
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath(jetty_distro + "/demo-base/etc/keystore");
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");

View File

@ -138,7 +138,7 @@ public class LikeJettyXml
// === jetty-https.xml ===
// SSL Context Factory
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath(jetty_home + "/../../../jetty-server/src/test/config/etc/keystore");
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");

View File

@ -20,9 +20,7 @@ package org.eclipse.jetty.embedded;
import java.io.File;
import java.io.FileNotFoundException;
import java.security.Security;
import org.conscrypt.OpenSSLProvider;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.HttpConfiguration;
@ -89,7 +87,7 @@ public class ManyConnectors
// including things like choosing the particular certificate out of a
// keystore to be used.
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath(keystoreFile.getAbsolutePath());
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");

View File

@ -44,7 +44,7 @@ public class ConscryptHTTP2Client
public static void main(String[] args) throws Exception
{
Security.addProvider(new OpenSSLProvider());
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Client();
sslContextFactory.setProvider("Conscrypt");
HTTP2Client client = new HTTP2Client();
client.addBean(sslContextFactory);

View File

@ -61,24 +61,35 @@ public class ConscryptHTTP2ServerTest
private Server server = new Server();
private SslContextFactory newSslContextFactory()
private SslContextFactory.Server newServerSslContextFactory()
{
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
configureSslContextFactory(sslContextFactory);
return sslContextFactory;
}
private SslContextFactory.Client newClientSslContextFactory()
{
SslContextFactory.Client sslContextFactory = new SslContextFactory.Client();
configureSslContextFactory(sslContextFactory);
sslContextFactory.setEndpointIdentificationAlgorithm(null);
return sslContextFactory;
}
private void configureSslContextFactory(SslContextFactory sslContextFactory)
{
Path path = Paths.get("src", "test", "resources");
File keys = path.resolve("keystore").toFile();
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(keys.getAbsolutePath());
sslContextFactory.setKeyManagerPassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
sslContextFactory.setTrustStorePath(keys.getAbsolutePath());
sslContextFactory.setKeyStorePath(keys.getAbsolutePath());
sslContextFactory.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
sslContextFactory.setProvider("Conscrypt");
sslContextFactory.setEndpointIdentificationAlgorithm(null);
if (JavaVersion.VERSION.getPlatform() < 9)
{
// Conscrypt enables TLSv1.3 by default but it's not supported in Java 8.
sslContextFactory.addExcludeProtocols("TLSv1.3");
}
return sslContextFactory;
}
@BeforeEach
@ -95,7 +106,7 @@ public class ConscryptHTTP2ServerTest
HTTP2ServerConnectionFactory h2 = new HTTP2ServerConnectionFactory(httpsConfig);
ALPNServerConnectionFactory alpn = new ALPNServerConnectionFactory();
alpn.setDefaultProtocol(http.getProtocol());
SslConnectionFactory ssl = new SslConnectionFactory(newSslContextFactory(), alpn.getProtocol());
SslConnectionFactory ssl = new SslConnectionFactory(newServerSslContextFactory(), alpn.getProtocol());
ServerConnector http2Connector = new ServerConnector(server, ssl, alpn, h2, http);
http2Connector.setPort(0);
@ -125,7 +136,7 @@ public class ConscryptHTTP2ServerTest
public void testSimpleRequest() throws Exception
{
HTTP2Client h2Client = new HTTP2Client();
HttpClient client = new HttpClient(new HttpClientTransportOverHTTP2(h2Client), newSslContextFactory());
HttpClient client = new HttpClient(new HttpClientTransportOverHTTP2(h2Client), newClientSslContextFactory());
client.start();
try
{

View File

@ -42,7 +42,7 @@ public class JDK9HTTP2Client
public static void main(String[] args) throws Exception
{
HTTP2Client client = new HTTP2Client();
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Client();
client.addBean(sslContextFactory);
client.start();

View File

@ -18,9 +18,6 @@
package org.eclipse.jetty.alpn.java.server;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.containsString;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
@ -47,6 +44,9 @@ import org.eclipse.jetty.server.handler.AbstractHandler;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.junit.jupiter.api.Test;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.containsString;
public class JDK9ALPNTest
{
private Server server;
@ -68,7 +68,7 @@ public class JDK9ALPNTest
private SslContextFactory newSslContextFactory()
{
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
@ -90,7 +90,7 @@ public class JDK9ALPNTest
}
});
SslContextFactory sslContextFactory = new SslContextFactory(true);
SslContextFactory sslContextFactory = new SslContextFactory.Client(true);
sslContextFactory.start();
SSLContext sslContext = sslContextFactory.getSslContext();
try (SSLSocket client = (SSLSocket)sslContext.getSocketFactory().createSocket("localhost", connector.getLocalPort()))
@ -132,7 +132,7 @@ public class JDK9ALPNTest
}
});
SslContextFactory sslContextFactory = new SslContextFactory(true);
SslContextFactory sslContextFactory = new SslContextFactory.Client(true);
sslContextFactory.start();
SSLContext sslContext = sslContextFactory.getSslContext();
try (SSLSocket client = (SSLSocket)sslContext.getSocketFactory().createSocket("localhost", connector.getLocalPort()))

View File

@ -45,7 +45,7 @@ public class JDK9HTTP2Server
httpsConfig.setSendServerVersion(true);
httpsConfig.addCustomizer(new SecureRequestCustomizer());
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");

View File

@ -42,7 +42,7 @@ public class OpenJDK8HTTP2Client
public static void main(String[] args) throws Exception
{
HTTP2Client client = new HTTP2Client();
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Client();
client.addBean(sslContextFactory);
client.start();

View File

@ -45,7 +45,7 @@ public class OpenJDK8HTTP2Server
httpsConfig.setSendServerVersion(true);
httpsConfig.addCustomizer(new SecureRequestCustomizer());
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");

View File

@ -58,7 +58,7 @@ public abstract class AbstractHttpClientServerTest
serverThreads.setName("server");
server = new Server(serverThreads);
}
connector = new ServerConnector(server, scenario.newSslContextFactory());
connector = new ServerConnector(server, scenario.newServerSslContextFactory());
connector.setPort(0);
server.addConnector(connector);
server.setHandler(handler);
@ -67,12 +67,12 @@ public abstract class AbstractHttpClientServerTest
protected void startClient(final Scenario scenario) throws Exception
{
startClient(scenario, null,null);
startClient(scenario, null, null);
}
protected void startClient(final Scenario scenario, HttpClientTransport transport, Consumer<HttpClient> config) throws Exception
{
if (transport==null)
if (transport == null)
transport = new HttpClientTransportOverHTTP(1);
QueuedThreadPool executor = new QueuedThreadPool();
@ -82,7 +82,7 @@ public abstract class AbstractHttpClientServerTest
client.setExecutor(executor);
client.setScheduler(scheduler);
client.setSocketAddressResolver(new SocketAddressResolver.Sync());
if (config!=null)
if (config != null)
config.accept(client);
client.start();
@ -90,7 +90,7 @@ public abstract class AbstractHttpClientServerTest
public HttpClient newHttpClient(Scenario scenario, HttpClientTransport transport)
{
return new HttpClient(transport, scenario.newSslContextFactory());
return new HttpClient(transport, scenario.newClientSslContextFactory());
}
@AfterEach
@ -113,9 +113,10 @@ public abstract class AbstractHttpClientServerTest
}
}
public static class ScenarioProvider implements ArgumentsProvider {
public static class ScenarioProvider implements ArgumentsProvider
{
@Override
public Stream<? extends Arguments> provideArguments(ExtensionContext context) throws Exception
public Stream<? extends Arguments> provideArguments(ExtensionContext context)
{
return Stream.of(
new NormalScenario(),
@ -125,9 +126,10 @@ public abstract class AbstractHttpClientServerTest
}
}
public static class NonSslScenarioProvider implements ArgumentsProvider {
public static class NonSslScenarioProvider implements ArgumentsProvider
{
@Override
public Stream<? extends Arguments> provideArguments(ExtensionContext context) throws Exception
public Stream<? extends Arguments> provideArguments(ExtensionContext context)
{
return Stream.of(
new NormalScenario()
@ -138,12 +140,27 @@ public abstract class AbstractHttpClientServerTest
public interface Scenario
{
default SslContextFactory newSslContextFactory() { return null; }
SslContextFactory newClientSslContextFactory();
SslContextFactory newServerSslContextFactory();
String getScheme();
}
public static class NormalScenario implements Scenario
{
@Override
public SslContextFactory newClientSslContextFactory()
{
return null;
}
@Override
public SslContextFactory newServerSslContextFactory()
{
return null;
}
@Override
public String getScheme()
{
@ -160,15 +177,27 @@ public abstract class AbstractHttpClientServerTest
public static class SslScenario implements Scenario
{
@Override
public SslContextFactory newSslContextFactory()
public SslContextFactory newClientSslContextFactory()
{
SslContextFactory.Client result = new SslContextFactory.Client();
result.setEndpointIdentificationAlgorithm(null);
configure(result);
return result;
}
@Override
public SslContextFactory newServerSslContextFactory()
{
SslContextFactory.Server result = new SslContextFactory.Server();
configure(result);
return result;
}
private void configure(SslContextFactory ssl)
{
Path keystorePath = MavenTestingUtils.getTestResourcePath("keystore.jks");
SslContextFactory ssl = new SslContextFactory();
ssl.setEndpointIdentificationAlgorithm("");
ssl.setKeyStorePath(keystorePath.toString());
ssl.setKeyStorePassword("storepwd");
return ssl;
}
@Override

View File

@ -18,10 +18,6 @@
package org.eclipse.jetty.client;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assumptions.assumeTrue;
import java.net.Socket;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
@ -36,6 +32,10 @@ import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assumptions.assumeTrue;
@Disabled
public class ExternalSiteTest
{
@ -44,7 +44,7 @@ public class ExternalSiteTest
@BeforeEach
public void prepare() throws Exception
{
client = new HttpClient(new SslContextFactory());
client = new HttpClient(new SslContextFactory.Client());
client.start();
}
@ -94,7 +94,7 @@ public class ExternalSiteTest
public void testExternalSSLSite() throws Exception
{
client.stop();
client = new HttpClient(new SslContextFactory());
client = new HttpClient(new SslContextFactory.Client());
client.start();
String host = "api-3t.paypal.com";

View File

@ -18,10 +18,6 @@
package org.eclipse.jetty.client;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.fail;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.concurrent.ExecutionException;
@ -40,11 +36,14 @@ import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.hamcrest.Matchers;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Test;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.fail;
/**
* This test class runs tests to make sure that hostname verification (http://www.ietf.org/rfc/rfc2818.txt
* section 3.1) is configurable in SslContextFactory and works as expected.
@ -52,7 +51,7 @@ import org.junit.jupiter.api.Test;
@Disabled
public class HostnameVerificationTest
{
private SslContextFactory clientSslContextFactory = new SslContextFactory();
private SslContextFactory clientSslContextFactory = new SslContextFactory.Client();
private Server server;
private HttpClient client;
private NetworkConnector connector;
@ -64,7 +63,7 @@ public class HostnameVerificationTest
serverThreads.setName("server");
server = new Server(serverThreads);
SslContextFactory serverSslContextFactory = new SslContextFactory();
SslContextFactory serverSslContextFactory = new SslContextFactory.Server();
serverSslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
serverSslContextFactory.setKeyStorePassword("storepwd");
connector = new ServerConnector(server, serverSslContextFactory);

View File

@ -89,13 +89,25 @@ public class HttpClientTLSTest
client.start();
}
private SslContextFactory createSslContextFactory()
private SslContextFactory.Server createServerSslContextFactory()
{
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
configureSslContextFactory(sslContextFactory);
return sslContextFactory;
}
private SslContextFactory.Client createClientSslContextFactory()
{
SslContextFactory.Client sslContextFactory = new SslContextFactory.Client();
configureSslContextFactory(sslContextFactory);
sslContextFactory.setEndpointIdentificationAlgorithm(null);
return sslContextFactory;
}
private void configureSslContextFactory(SslContextFactory sslContextFactory)
{
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setEndpointIdentificationAlgorithm("");
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
sslContextFactory.setKeyStorePassword("storepwd");
return sslContextFactory;
}
@AfterEach
@ -110,7 +122,7 @@ public class HttpClientTLSTest
@Test
public void testNoCommonTLSProtocol() throws Exception
{
SslContextFactory serverTLSFactory = createSslContextFactory();
SslContextFactory serverTLSFactory = createServerSslContextFactory();
serverTLSFactory.setIncludeProtocols("TLSv1.3");
startServer(serverTLSFactory, new EmptyServerHandler());
@ -124,7 +136,7 @@ public class HttpClientTLSTest
}
});
SslContextFactory clientTLSFactory = createSslContextFactory();
SslContextFactory clientTLSFactory = createClientSslContextFactory();
clientTLSFactory.setIncludeProtocols("TLSv1.2");
startClient(clientTLSFactory);
@ -151,7 +163,7 @@ public class HttpClientTLSTest
@Test
public void testNoCommonTLSCiphers() throws Exception
{
SslContextFactory serverTLSFactory = createSslContextFactory();
SslContextFactory serverTLSFactory = createServerSslContextFactory();
serverTLSFactory.setIncludeCipherSuites("TLS_RSA_WITH_AES_128_CBC_SHA");
startServer(serverTLSFactory, new EmptyServerHandler());
@ -165,7 +177,7 @@ public class HttpClientTLSTest
}
});
SslContextFactory clientTLSFactory = createSslContextFactory();
SslContextFactory clientTLSFactory = createClientSslContextFactory();
clientTLSFactory.setExcludeCipherSuites(".*_SHA$");
startClient(clientTLSFactory);
@ -192,7 +204,7 @@ public class HttpClientTLSTest
@Test
public void testMismatchBetweenTLSProtocolAndTLSCiphersOnServer() throws Exception
{
SslContextFactory serverTLSFactory = createSslContextFactory();
SslContextFactory serverTLSFactory = createServerSslContextFactory();
// TLS 1.1 protocol, but only TLS 1.2 ciphers.
serverTLSFactory.setIncludeProtocols("TLSv1.1");
serverTLSFactory.setIncludeCipherSuites("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
@ -208,7 +220,7 @@ public class HttpClientTLSTest
}
});
SslContextFactory clientTLSFactory = createSslContextFactory();
SslContextFactory clientTLSFactory = createClientSslContextFactory();
startClient(clientTLSFactory);
CountDownLatch clientLatch = new CountDownLatch(1);
@ -237,7 +249,7 @@ public class HttpClientTLSTest
@Test
public void testMismatchBetweenTLSProtocolAndTLSCiphersOnClient() throws Exception
{
SslContextFactory serverTLSFactory = createSslContextFactory();
SslContextFactory serverTLSFactory = createServerSslContextFactory();
startServer(serverTLSFactory, new EmptyServerHandler());
CountDownLatch serverLatch = new CountDownLatch(1);
@ -250,7 +262,7 @@ public class HttpClientTLSTest
}
});
SslContextFactory clientTLSFactory = createSslContextFactory();
SslContextFactory clientTLSFactory = createClientSslContextFactory();
// TLS 1.1 protocol, but only TLS 1.2 ciphers.
clientTLSFactory.setIncludeProtocols("TLSv1.1");
clientTLSFactory.setIncludeCipherSuites("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
@ -279,7 +291,7 @@ public class HttpClientTLSTest
@Test
public void testHandshakeSucceeded() throws Exception
{
SslContextFactory serverTLSFactory = createSslContextFactory();
SslContextFactory serverTLSFactory = createServerSslContextFactory();
startServer(serverTLSFactory, new EmptyServerHandler());
CountDownLatch serverLatch = new CountDownLatch(1);
@ -292,7 +304,7 @@ public class HttpClientTLSTest
}
});
SslContextFactory clientTLSFactory = createSslContextFactory();
SslContextFactory clientTLSFactory = createClientSslContextFactory();
startClient(clientTLSFactory);
CountDownLatch clientLatch = new CountDownLatch(1);
@ -318,7 +330,7 @@ public class HttpClientTLSTest
@Test
public void testHandshakeSucceededWithSessionResumption() throws Exception
{
SslContextFactory serverTLSFactory = createSslContextFactory();
SslContextFactory serverTLSFactory = createServerSslContextFactory();
startServer(serverTLSFactory, new EmptyServerHandler());
AtomicReference<byte[]> serverSession = new AtomicReference<>();
@ -331,7 +343,7 @@ public class HttpClientTLSTest
}
});
SslContextFactory clientTLSFactory = createSslContextFactory();
SslContextFactory clientTLSFactory = createClientSslContextFactory();
startClient(clientTLSFactory);
AtomicReference<byte[]> clientSession = new AtomicReference<>();
@ -398,10 +410,10 @@ public class HttpClientTLSTest
@Test
public void testClientRawCloseDoesNotInvalidateSession() throws Exception
{
SslContextFactory serverTLSFactory = createSslContextFactory();
SslContextFactory serverTLSFactory = createServerSslContextFactory();
startServer(serverTLSFactory, new EmptyServerHandler());
SslContextFactory clientTLSFactory = createSslContextFactory();
SslContextFactory clientTLSFactory = createClientSslContextFactory();
clientTLSFactory.start();
String host = "localhost";
@ -453,13 +465,13 @@ public class HttpClientTLSTest
@Test
public void testServerRawCloseDetectedByClient() throws Exception
{
SslContextFactory serverTLSFactory = createSslContextFactory();
SslContextFactory serverTLSFactory = createServerSslContextFactory();
serverTLSFactory.start();
try (ServerSocket server = new ServerSocket(0))
{
QueuedThreadPool clientThreads = new QueuedThreadPool();
clientThreads.setName("client");
client = new HttpClient(createSslContextFactory())
client = new HttpClient(createClientSslContextFactory())
{
@Override
protected ClientConnectionFactory newSslClientConnectionFactory(ClientConnectionFactory connectionFactory)
@ -523,10 +535,10 @@ public class HttpClientTLSTest
@Test
public void testHostNameVerificationFailure() throws Exception
{
SslContextFactory serverTLSFactory = createSslContextFactory();
SslContextFactory serverTLSFactory = createServerSslContextFactory();
startServer(serverTLSFactory, new EmptyServerHandler());
SslContextFactory clientTLSFactory = createSslContextFactory();
SslContextFactory clientTLSFactory = createClientSslContextFactory();
// Make sure the host name is not verified at the TLS level.
clientTLSFactory.setEndpointIdentificationAlgorithm(null);
// Add host name verification after the TLS handshake.

View File

@ -18,16 +18,6 @@
package org.eclipse.jetty.client;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.instanceOf;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
@ -106,12 +96,21 @@ import org.junit.jupiter.api.extension.ExtendWith;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.ArgumentsSource;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.instanceOf;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
@ExtendWith(WorkDirExtension.class)
public class HttpClientTest extends AbstractHttpClientServerTest
{
public WorkDir testdir;
@ParameterizedTest
@ArgumentsSource(ScenarioProvider.class)
public void testStoppingClosesConnections(Scenario scenario) throws Exception
@ -1529,7 +1528,7 @@ public class HttpClientTest extends AbstractHttpClientServerTest
}
};
}
}, scenario.newSslContextFactory());
}, scenario.newClientSslContextFactory());
client.start();
final CountDownLatch latch = new CountDownLatch(2);

View File

@ -18,8 +18,6 @@
package org.eclipse.jetty.client;
import static org.junit.jupiter.api.Assertions.assertEquals;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
@ -42,14 +40,15 @@ import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.EnumSource;
import static org.junit.jupiter.api.Assertions.assertEquals;
public class TLSServerConnectionCloseTest
{
private HttpClient client;
private void startClient() throws Exception
{
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setEndpointIdentificationAlgorithm("");
SslContextFactory sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
sslContextFactory.setKeyStorePassword("storepwd");

View File

@ -18,11 +18,6 @@
package org.eclipse.jetty.client.ssl;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertTrue;
import java.security.cert.Certificate;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
@ -43,9 +38,13 @@ import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.hamcrest.Matchers;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Test;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertTrue;
/**
* In order to work, client authentication needs a certificate
* signed by a CA that also signed the server certificate.
@ -81,10 +80,9 @@ public class NeedWantClientAuthTest
client.start();
}
private SslContextFactory createSslContextFactory()
private SslContextFactory.Server createServerSslContextFactory()
{
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setEndpointIdentificationAlgorithm("");
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
sslContextFactory.setKeyStorePassword("storepwd");
return sslContextFactory;
@ -102,11 +100,11 @@ public class NeedWantClientAuthTest
@Test
public void testWantClientAuthWithoutAuth() throws Exception
{
SslContextFactory serverSSL = createSslContextFactory();
SslContextFactory.Server serverSSL = createServerSslContextFactory();
serverSSL.setWantClientAuth(true);
startServer(serverSSL, new EmptyServerHandler());
SslContextFactory clientSSL = new SslContextFactory(true);
SslContextFactory clientSSL = new SslContextFactory.Client(true);
startClient(clientSSL);
ContentResponse response = client.newRequest("https://localhost:" + connector.getLocalPort())
@ -119,7 +117,7 @@ public class NeedWantClientAuthTest
@Test
public void testWantClientAuthWithAuth() throws Exception
{
SslContextFactory serverSSL = createSslContextFactory();
SslContextFactory.Server serverSSL = createServerSslContextFactory();
serverSSL.setWantClientAuth(true);
startServer(serverSSL, new EmptyServerHandler());
CountDownLatch handshakeLatch = new CountDownLatch(1);
@ -143,7 +141,7 @@ public class NeedWantClientAuthTest
}
});
SslContextFactory clientSSL = new SslContextFactory(true);
SslContextFactory clientSSL = new SslContextFactory.Client(true);
clientSSL.setKeyStorePath("src/test/resources/client_keystore.jks");
clientSSL.setKeyStorePassword("storepwd");
startClient(clientSSL);
@ -166,11 +164,11 @@ public class NeedWantClientAuthTest
// The server still sends bad_certificate to the client, but the client handshake has already
// completed successfully its TLS handshake.
SslContextFactory serverSSL = createSslContextFactory();
SslContextFactory.Server serverSSL = createServerSslContextFactory();
serverSSL.setNeedClientAuth(true);
startServer(serverSSL, new EmptyServerHandler());
SslContextFactory clientSSL = new SslContextFactory(true);
SslContextFactory clientSSL = new SslContextFactory.Client(true);
startClient(clientSSL);
CountDownLatch handshakeLatch = new CountDownLatch(1);
client.addBean(new SslHandshakeListener()
@ -210,7 +208,7 @@ public class NeedWantClientAuthTest
@Test
public void testNeedClientAuthWithAuth() throws Exception
{
SslContextFactory serverSSL = createSslContextFactory();
SslContextFactory.Server serverSSL = createServerSslContextFactory();
serverSSL.setNeedClientAuth(true);
startServer(serverSSL, new EmptyServerHandler());
CountDownLatch handshakeLatch = new CountDownLatch(1);
@ -234,7 +232,7 @@ public class NeedWantClientAuthTest
}
});
SslContextFactory clientSSL = new SslContextFactory(true);
SslContextFactory clientSSL = new SslContextFactory.Client(true);
clientSSL.setKeyStorePath("src/test/resources/client_keystore.jks");
clientSSL.setKeyStorePassword("storepwd");
startClient(clientSSL);

View File

@ -70,7 +70,7 @@ public class SslBytesClientTest extends SslBytesTest
{
threadPool = Executors.newCachedThreadPool();
sslContextFactory = new SslContextFactory(true);
sslContextFactory = new SslContextFactory.Client(true);
client = new HttpClient(sslContextFactory);
client.setMaxConnectionsPerDestination(1);
File keyStore = MavenTestingUtils.getTestResourceFile("keystore.jks");

View File

@ -119,7 +119,7 @@ public class SslBytesServerTest extends SslBytesTest
serverEndPoint.set(null);
File keyStore = MavenTestingUtils.getTestResourceFile("keystore.jks");
sslContextFactory = new SslContextFactory();
sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath(keyStore.getAbsolutePath());
sslContextFactory.setKeyStorePassword("storepwd");

View File

@ -18,8 +18,6 @@
package org.eclipse.jetty.client.ssl;
import static org.junit.jupiter.api.Assertions.assertThrows;
import java.io.File;
import java.nio.ByteBuffer;
@ -36,16 +34,17 @@ import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
import org.eclipse.jetty.util.BufferUtil;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.assertThrows;
public class SslConnectionTest
{
@Test
public void testSslConnectionClosedBeforeFill() throws Exception
{
File keyStore = MavenTestingUtils.getTestResourceFile("keystore.jks");
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath(keyStore.getAbsolutePath());
sslContextFactory.setKeyStorePassword("storepwd");
sslContextFactory.start();

View File

@ -290,8 +290,8 @@ Similarly, in code:
[source, java, subs="{sub-order}"]
----
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath();
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath("/path/to/keystore");
sslContextFactory.setKeyStorePassword("secret");
JMXServiceURL jmxURL = new JMXServiceURL("rmi", null, 1099, "/jndi/rmi:///jmxrmi");

View File

@ -472,7 +472,7 @@ This adds a `SecureRequestCustomizer` which adds SSL Session IDs and certificate
==== SSL Context Configuration
The SSL/TLS connectors for HTTPS and HTTP/2 require a certificate to establish a secure connection.
Jetty holds certificates in standard JVM keystores and are configured as keystore and truststores on a link:{JDURL}/org/eclipse/jetty/util/ssl/SslContextFactory.html[`SslContextFactory`] instance that is injected into an link:{JDURL}/org/eclipse/jetty/server/SslConnectionFactory.html[`SslConnectionFactory`] instance.
Jetty holds certificates in standard JVM keystores and are configured as keystore and truststores on a link:{JDURL}/org/eclipse/jetty/util/ssl/SslContextFactory.Server.html[`SslContextFactory.Server`] instance that is injected into an link:{JDURL}/org/eclipse/jetty/server/SslConnectionFactory.html[`SslConnectionFactory`] instance.
An example using the keystore distributed with Jetty (containing a self signed test certificate) is in link:{GITBROWSEURL}/jetty-server/src/main/config/etc/jetty-https.xml[`jetty-https.xml`].
Read more about SSL keystores in link:#configuring-ssl[Configuring SSL].

View File

@ -55,9 +55,8 @@ You can re-enable these by re-declaring the ciphers you want excluded in code:
[source, java, subs="{sub-order}"]
----
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setExcludeCipherSuites(
"^.*_(MD5|SHA|SHA1)$");
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setExcludeCipherSuites("^.*_(MD5|SHA|SHA1)$");
----
If, after making these changes, you still have issues using these ciphers they are likely being blocked at the JVM level.
@ -664,7 +663,7 @@ the other is `$JETTY/etc/truststore` which contains intermediary CA and root CA.
[[configuring-sslcontextfactory]]
==== Configuring the Jetty SslContextFactory
The generated SSL certificates from above are held in the key store are configured in an instance of link:{JDURL}/org/eclipse/jetty/util/ssl/SslContextFactory.html[SslContextFactory] object.
The generated SSL certificates from above are held in the key store are configured in an instance of link:{JDURL}/org/eclipse/jetty/util/ssl/SslContextFactory.Server.html[SslContextFactory.Server] object.
The `SslContextFactory` is responsible for:
@ -679,9 +678,9 @@ The `SslContextFactory` is responsible for:
* https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol[OCSP] Support
* Client Authentication Support
For Jetty Connectors, the configured `SslContextFactory` is injected into a specific ServerConnector `SslConnectionFactory`.
For Jetty Connectors, the configured `SslContextFactory.Server` is injected into a specific ServerConnector `SslConnectionFactory`.
For Jetty Clients, the various constructors support using a configured `SslContextFactory`.
For Jetty Clients, the various constructors support using a configured `SslContextFactory.Client`.
While the `SslContextFactory` can operate without a keystore (this mode is most suitable for the various Jetty Clients) it is best practice to at least configure the keystore being used.
@ -729,7 +728,7 @@ Implementing Conscrypt for the link:{GITBROWSEURL}/jetty-alpn/jetty-alpn-conscry
...
Security.addProvider(new OpenSSLProvider());
...
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath("path/to/keystore");
sslContextFactory.setKeyStorePassword("CleverKeyStorePassword");
sslContextFactory.setKeyManagerPassword("OBF:VerySecretManagerPassword");
@ -790,7 +789,7 @@ To do this, first create a new `${jetty.base}/etc/tweak-ssl.xml` file (this can
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
"http://www.eclipse.org/jetty/configure_9_3.dtd">
<!-- Tweak SsslContextFactory Includes / Excludes -->
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
<!-- Mitigate SLOTH Attack -->
<Call name="addExcludeCipherSuites">
<Arg>

View File

@ -75,13 +75,13 @@ There are several reasons for having multiple `HttpClient` instances including,
When you create a `HttpClient` instance using the parameterless constructor, you will only be able to perform plain HTTP requests and you will not be able to perform HTTPS requests.
In order to perform HTTPS requests, you should create first a link:{JDURL}/org/eclipse/jetty/util/ssl/SslContextFactory.html[`SslContextFactory`], configure it, and pass it to the `HttpClient` constructor.
In order to perform HTTPS requests, you should create first a link:{JDURL}/org/eclipse/jetty/util/ssl/SslContextFactory.Client.html[`SslContextFactory.Client`], configure it, and pass it to the `HttpClient` constructor.
When created with a `SslContextFactory`, the `HttpClient` will be able to perform both HTTP and HTTPS requests to any domain.
[source, java, subs="{sub-order}"]
----
// Instantiate and configure the SslContextFactory
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory.Client sslContextFactory = new SslContextFactory.Client();
// Instantiate HttpClient with the SslContextFactory
HttpClient httpClient = new HttpClient(sslContextFactory);

View File

@ -36,8 +36,7 @@ public class DrupalHTTP2FastCGIProxyServer
{
public static void main(String[] args) throws Exception
{
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setEndpointIdentificationAlgorithm("");
SslContextFactory sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
sslContextFactory.setKeyStorePassword("storepwd");
sslContextFactory.setTrustStorePath("src/test/resources/truststore.jks");

View File

@ -18,9 +18,6 @@
package org.eclipse.jetty.fcgi.server.proxy;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertTrue;
import java.io.IOException;
import java.util.EnumSet;
@ -41,6 +38,9 @@ import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertTrue;
public class TryFilesFilterTest
{
private Server server;
@ -55,8 +55,7 @@ public class TryFilesFilterTest
connector = new ServerConnector(server);
server.addConnector(connector);
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setEndpointIdentificationAlgorithm("");
SslContextFactory sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
sslContextFactory.setKeyStorePassword("storepwd");
sslContextFactory.setTrustStorePath("src/test/resources/truststore.jks");

View File

@ -43,8 +43,7 @@ public class WordPressHTTP2FastCGIProxyServer
{
int tlsPort = 8443;
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setEndpointIdentificationAlgorithm("");
SslContextFactory sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
sslContextFactory.setKeyStorePassword("storepwd");
sslContextFactory.setTrustStorePath("src/test/resources/truststore.jks");

View File

@ -18,11 +18,6 @@
package org.eclipse.jetty.http2.alpn.tests;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.containsString;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertTrue;
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
@ -43,13 +38,18 @@ import org.eclipse.jetty.util.BufferUtil;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.junit.jupiter.api.Test;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.containsString;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertTrue;
public class ALPNNegotiationTest extends AbstractALPNTest
{
@Test
public void testGentleCloseDuringHandshake() throws Exception
{
InetSocketAddress address = prepare();
SslContextFactory sslContextFactory = newSslContextFactory();
SslContextFactory sslContextFactory = newClientSslContextFactory();
sslContextFactory.start();
SSLEngine sslEngine = sslContextFactory.newSSLEngine(address);
sslEngine.setUseClientMode(true);
@ -113,7 +113,7 @@ public class ALPNNegotiationTest extends AbstractALPNTest
public void testAbruptCloseDuringHandshake() throws Exception
{
InetSocketAddress address = prepare();
SslContextFactory sslContextFactory = newSslContextFactory();
SslContextFactory sslContextFactory = newClientSslContextFactory();
sslContextFactory.start();
SSLEngine sslEngine = sslContextFactory.newSSLEngine(address);
sslEngine.setUseClientMode(true);
@ -175,7 +175,7 @@ public class ALPNNegotiationTest extends AbstractALPNTest
{
InetSocketAddress address = prepare();
SslContextFactory sslContextFactory = newSslContextFactory();
SslContextFactory sslContextFactory = newClientSslContextFactory();
sslContextFactory.start();
SSLContext sslContext = sslContextFactory.getSslContext();
@ -228,7 +228,7 @@ public class ALPNNegotiationTest extends AbstractALPNTest
{
InetSocketAddress address = prepare();
SslContextFactory sslContextFactory = newSslContextFactory();
SslContextFactory sslContextFactory = newClientSslContextFactory();
sslContextFactory.start();
SSLContext sslContext = sslContextFactory.getSslContext();
try (SSLSocket client = (SSLSocket)sslContext.getSocketFactory().createSocket(address.getAddress(), address.getPort()))
@ -280,7 +280,7 @@ public class ALPNNegotiationTest extends AbstractALPNTest
{
InetSocketAddress address = prepare();
SslContextFactory sslContextFactory = newSslContextFactory();
SslContextFactory sslContextFactory = newClientSslContextFactory();
sslContextFactory.start();
SSLContext sslContext = sslContextFactory.getSslContext();
try (SSLSocket client = (SSLSocket)sslContext.getSocketFactory().createSocket(address.getAddress(), address.getPort()))

View File

@ -49,7 +49,7 @@ public class AbstractALPNTest
ALPNServerConnectionFactory alpn = new ALPNServerConnectionFactory();
alpn.setDefaultProtocol(h1.getProtocol());
connector = new ServerConnector(server, newSslContextFactory(), alpn, h1, h2);
connector = new ServerConnector(server, newServerSslContextFactory(), alpn, h1, h2);
connector.setPort(0);
connector.setIdleTimeout(30000);
server.addConnector(connector);
@ -60,9 +60,22 @@ public class AbstractALPNTest
return new InetSocketAddress("localhost", connector.getLocalPort());
}
protected SslContextFactory newSslContextFactory()
protected SslContextFactory.Server newServerSslContextFactory()
{
SslContextFactory.Server result = new SslContextFactory.Server();
configureSslContextFactory(result);
return result;
}
protected SslContextFactory.Client newClientSslContextFactory()
{
SslContextFactory.Client result = new SslContextFactory.Client();
configureSslContextFactory(result);
return result;
}
private void configureSslContextFactory(SslContextFactory sslContextFactory)
{
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
sslContextFactory.setKeyStorePassword("storepwd");
sslContextFactory.setTrustStorePath("src/test/resources/truststore.jks");
@ -70,7 +83,6 @@ public class AbstractALPNTest
sslContextFactory.setIncludeProtocols("TLSv1.2");
// The mandatory HTTP/2 cipher.
sslContextFactory.setIncludeCipherSuites("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
return sslContextFactory;
}
@AfterEach

View File

@ -43,7 +43,7 @@ public class Client
public static void main(String[] args) throws Exception
{
HTTP2Client client = new HTTP2Client();
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Client();
client.addBean(sslContextFactory);
client.start();

View File

@ -68,7 +68,7 @@ public class DirectHTTP2OverTLSTest
HttpConfiguration httpsConfig = new HttpConfiguration();
httpsConfig.addCustomizer(new SecureRequestCustomizer());
ConnectionFactory h2 = new HTTP2ServerConnectionFactory(httpsConfig);
ConnectionFactory ssl = new SslConnectionFactory(newSslContextFactory(), h2.getProtocol());
ConnectionFactory ssl = new SslConnectionFactory(newServerSslContextFactory(), h2.getProtocol());
connector = new ServerConnector(server, 1, 1, ssl, h2);
server.addConnector(connector);
server.setHandler(handler);
@ -81,8 +81,7 @@ public class DirectHTTP2OverTLSTest
clientThreads.setName("client");
HttpClientTransportOverHTTP2 transport = new HttpClientTransportOverHTTP2(new HTTP2Client());
transport.setUseALPN(false);
SslContextFactory sslContextFactory = newSslContextFactory();
sslContextFactory.setEndpointIdentificationAlgorithm(null);
SslContextFactory sslContextFactory = newClientSslContextFactory();
client = new HttpClient(transport, sslContextFactory);
client.setExecutor(clientThreads);
client.start();
@ -97,14 +96,27 @@ public class DirectHTTP2OverTLSTest
server.stop();
}
private SslContextFactory newSslContextFactory()
private SslContextFactory.Server newServerSslContextFactory()
{
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
configureSslContextFactory(sslContextFactory);
return sslContextFactory;
}
private SslContextFactory.Client newClientSslContextFactory()
{
SslContextFactory.Client sslContextFactory = new SslContextFactory.Client();
configureSslContextFactory(sslContextFactory);
sslContextFactory.setEndpointIdentificationAlgorithm(null);
return sslContextFactory;
}
private void configureSslContextFactory(SslContextFactory sslContextFactory)
{
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
sslContextFactory.setKeyStorePassword("storepwd");
sslContextFactory.setUseCipherSuitesOrder(true);
sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR);
return sslContextFactory;
}
@Test

View File

@ -18,15 +18,6 @@
package org.eclipse.jetty.http2.client.http;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.greaterThanOrEqualTo;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertSame;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
@ -87,6 +78,15 @@ import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Test;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.greaterThanOrEqualTo;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertSame;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
public class HttpClientTransportOverHTTP2Test extends AbstractTest
{
@Test
@ -601,7 +601,7 @@ public class HttpClientTransportOverHTTP2Test extends AbstractTest
public void testExternalServer() throws Exception
{
HTTP2Client http2Client = new HTTP2Client();
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Client();
HttpClient httpClient = new HttpClient(new HttpClientTransportOverHTTP2(http2Client), sslContextFactory);
Executor executor = new QueuedThreadPool();
httpClient.setExecutor(executor);

View File

@ -18,15 +18,6 @@
package org.eclipse.jetty.io;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.greaterThan;
import static org.hamcrest.Matchers.greaterThanOrEqualTo;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.fail;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.File;
@ -73,6 +64,15 @@ import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.greaterThan;
import static org.hamcrest.Matchers.greaterThanOrEqualTo;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.fail;
@SuppressWarnings("Duplicates")
public class SocketChannelEndPointTest
{
@ -626,24 +626,23 @@ public class SocketChannelEndPointTest
public static class SslScenario implements Scenario
{
private final NormalScenario _normalScenario;
private final SslContextFactory __sslCtxFactory = new SslContextFactory();
private final ByteBufferPool __byteBufferPool = new MappedByteBufferPool();
private final SslContextFactory _sslCtxFactory = new SslContextFactory.Server();
private final ByteBufferPool _byteBufferPool = new MappedByteBufferPool();
public SslScenario(NormalScenario normalScenario) throws Exception
{
_normalScenario = normalScenario;
File keystore = MavenTestingUtils.getTestResourceFile("keystore");
__sslCtxFactory.setKeyStorePath(keystore.getAbsolutePath());
__sslCtxFactory.setKeyStorePassword("storepwd");
__sslCtxFactory.setKeyManagerPassword("keypwd");
__sslCtxFactory.setEndpointIdentificationAlgorithm("");
__sslCtxFactory.start();
_sslCtxFactory.setKeyStorePath(keystore.getAbsolutePath());
_sslCtxFactory.setKeyStorePassword("storepwd");
_sslCtxFactory.setKeyManagerPassword("keypwd");
_sslCtxFactory.start();
}
@Override
public Socket newClient(ServerSocketChannel connector) throws IOException
{
SSLSocket socket = __sslCtxFactory.newSslSocket();
SSLSocket socket = _sslCtxFactory.newSslSocket();
socket.connect(connector.socket().getLocalSocketAddress());
return socket;
}
@ -651,11 +650,11 @@ public class SocketChannelEndPointTest
@Override
public Connection newConnection(SelectableChannel channel, EndPoint endpoint, Executor executor, AtomicInteger blockAt, AtomicInteger writeCount)
{
SSLEngine engine = __sslCtxFactory.newSSLEngine();
SSLEngine engine = _sslCtxFactory.newSSLEngine();
engine.setUseClientMode(false);
SslConnection sslConnection = new SslConnection(__byteBufferPool, executor, endpoint, engine);
sslConnection.setRenegotiationAllowed(__sslCtxFactory.isRenegotiationAllowed());
sslConnection.setRenegotiationLimit(__sslCtxFactory.getRenegotiationLimit());
SslConnection sslConnection = new SslConnection(_byteBufferPool, executor, endpoint, engine);
sslConnection.setRenegotiationAllowed(_sslCtxFactory.isRenegotiationAllowed());
sslConnection.setRenegotiationLimit(_sslCtxFactory.getRenegotiationLimit());
Connection appConnection = _normalScenario.newConnection(channel, sslConnection.getDecryptedEndPoint(), executor, blockAt, writeCount);
sslConnection.getDecryptedEndPoint().setConnection(appConnection);
return sslConnection;

View File

@ -60,7 +60,7 @@ public class SslConnectionTest
private static final int TIMEOUT = 1000000;
private static ByteBufferPool __byteBufferPool = new LeakTrackingByteBufferPool(new MappedByteBufferPool.Tagged());
private final SslContextFactory _sslCtxFactory =new SslContextFactory();
private final SslContextFactory _sslCtxFactory = new SslContextFactory.Server();
protected volatile EndPoint _lastEndp;
private volatile boolean _testFill=true;
private volatile FutureCallback _writeCallback;
@ -92,7 +92,6 @@ public class SslConnectionTest
return sslConnection;
}
@Override
protected EndPoint newEndPoint(SelectableChannel channel, ManagedSelector selector, SelectionKey selectionKey)
{
@ -133,7 +132,6 @@ public class SslConnectionTest
}
}
@BeforeEach
public void initSSL() throws Exception
{
@ -143,7 +141,6 @@ public class SslConnectionTest
_sslCtxFactory.setKeyManagerPassword("keypwd");
_sslCtxFactory.setRenegotiationAllowed(true);
_sslCtxFactory.setRenegotiationLimit(-1);
_sslCtxFactory.setEndpointIdentificationAlgorithm(null);
startManager();
}

View File

@ -18,10 +18,6 @@
package org.eclipse.jetty.io;
import static org.hamcrest.Matchers.greaterThan;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.hamcrest.MatcherAssert.assertThat;
import java.io.File;
import java.nio.ByteBuffer;
@ -32,12 +28,15 @@ import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
import org.eclipse.jetty.util.BufferUtil;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.condition.EnabledOnJre;
import org.junit.jupiter.api.condition.JRE;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.greaterThan;
import static org.junit.jupiter.api.Assertions.assertEquals;
public class SslEngineBehaviorTest
{
private static SslContextFactory sslCtxFactory;
@ -45,12 +44,11 @@ public class SslEngineBehaviorTest
@BeforeAll
public static void startSsl() throws Exception
{
sslCtxFactory = new SslContextFactory();
sslCtxFactory = new SslContextFactory.Server();
File keystore = MavenTestingUtils.getTestResourceFile("keystore");
sslCtxFactory.setKeyStorePath(keystore.getAbsolutePath());
sslCtxFactory.setKeyStorePassword("storepwd");
sslCtxFactory.setKeyManagerPassword("keypwd");
sslCtxFactory.setEndpointIdentificationAlgorithm("");
sslCtxFactory.start();
}

View File

@ -18,10 +18,6 @@
package org.eclipse.jetty.jmx;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
import java.net.ConnectException;
import java.net.InetAddress;
import java.net.ServerSocket;
@ -40,6 +36,10 @@ import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
/**
* Running the tests of this class in the same JVM results often in
* <pre>
@ -227,7 +227,7 @@ public class ConnectorServerTest
@Test
public void testJMXOverTLS() throws Exception
{
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Server();
String keyStorePath = MavenTestingUtils.getTestResourcePath("keystore.jks").toString();
String keyStorePassword = "storepwd";
sslContextFactory.setKeyStorePath(keyStorePath);

View File

@ -29,13 +29,12 @@
<!-- ============================================================= -->
<!-- Create a TLS (SSL) Context Factory for later reuse -->
<!-- ============================================================= -->
<New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
<New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
<Set name="Provider"><SystemProperty name="jetty.sslContext.provider"/></Set>
<Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.sslContext.keyStorePath" default="etc/keystore"/></Set>
<Set name="KeyStorePassword"><Property name="jetty.sslContext.keyStorePassword" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>
<Set name="TrustStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.sslContext.trustStorePath" default="etc/keystore"/></Set>
<Set name="TrustStorePassword"><Property name="jetty.sslContext.trustStorePassword" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>
<Set name="EndpointIdentificationAlgorithm"></Set>
<Set name="NeedClientAuth"><Property name="jetty.sslContext.needClientAuth" default="false"/></Set>
<Set name="WantClientAuth"><Property name="jetty.sslContext.wantClientAuth" default="false"/></Set>
<Set name="ExcludeCipherSuites">

View File

@ -154,7 +154,7 @@ public class TestJettyOSGiBootHTTP2
//set up client to do http2
http2Client = new HTTP2Client();
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Client();
sslContextFactory.setKeyManagerPassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
sslContextFactory.setTrustStorePath(keys.getAbsolutePath());
sslContextFactory.setKeyStorePath(keys.getAbsolutePath());

View File

@ -139,7 +139,7 @@ public class TestJettyOSGiBootHTTP2Conscrypt
File keys = path.resolve("etc").resolve("keystore").toFile();
HTTP2Client http2Client = new HTTP2Client();
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Client();
sslContextFactory.setKeyManagerPassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
sslContextFactory.setTrustStorePath(keys.getAbsolutePath());
sslContextFactory.setKeyStorePath(keys.getAbsolutePath());

View File

@ -133,7 +133,7 @@ public class TestJettyOSGiBootHTTP2JDK9
//set up client to do http2
http2Client = new HTTP2Client();
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Client();
sslContextFactory.setKeyManagerPassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
sslContextFactory.setTrustStorePath(keys.getAbsolutePath());
sslContextFactory.setKeyStorePath(keys.getAbsolutePath());

View File

@ -24,6 +24,7 @@ import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
@ -273,10 +274,10 @@ public class TestOSGiUtil
return bundleContext.getAllServiceReferences(service, null);
}
protected static SslContextFactory newSslContextFactory()
protected static SslContextFactory newClientSslContextFactory()
{
SslContextFactory sslContextFactory = new SslContextFactory(true);
sslContextFactory.setEndpointIdentificationAlgorithm("");
SslContextFactory sslContextFactory = new SslContextFactory.Client(true);
sslContextFactory.setEndpointIdentificationAlgorithm(null);
return sslContextFactory;
}
@ -306,7 +307,7 @@ public class TestOSGiUtil
}, null, null);
// now test the servlet
HttpClient client = protocol.equals("https") ? new HttpClient(newSslContextFactory()) : new HttpClient();
HttpClient client = protocol.equals("https") ? new HttpClient(newClientSslContextFactory()) : new HttpClient();
try
{
client.start();

View File

@ -18,8 +18,6 @@
package org.eclipse.jetty.proxy;
import static org.junit.jupiter.api.Assertions.assertEquals;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
@ -43,10 +41,11 @@ import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.handler.AbstractHandler;
import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.assertEquals;
public class ConnectHandlerSSLTest extends AbstractConnectHandlerTest
{
private SslContextFactory sslContextFactory;
@ -54,7 +53,7 @@ public class ConnectHandlerSSLTest extends AbstractConnectHandlerTest
@BeforeEach
public void prepare() throws Exception
{
sslContextFactory = new SslContextFactory();
sslContextFactory = new SslContextFactory.Server();
String keyStorePath = MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath();
sslContextFactory.setKeyStorePath(keyStorePath);
sslContextFactory.setKeyStorePassword("storepwd");

View File

@ -62,7 +62,7 @@ public class ForwardProxyServerTest
// no server SSL
SslContextFactory scenario1 = null;
// basic server SSL
SslContextFactory scenario2 = new SslContextFactory();
SslContextFactory scenario2 = new SslContextFactory.Server();
scenario2.setKeyStorePath(keyStorePath);
scenario2.setKeyStorePassword("storepwd");
scenario2.setKeyManagerPassword("keypwd");
@ -203,7 +203,7 @@ public class ForwardProxyServerTest
startProxy();
String keyStorePath = MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath();
SslContextFactory clientSsl = new SslContextFactory();
SslContextFactory clientSsl = new SslContextFactory.Client();
clientSsl.setKeyStorePath(keyStorePath);
clientSsl.setKeyStorePassword("storepwd");
clientSsl.setKeyManagerPassword("keypwd");

View File

@ -82,7 +82,7 @@ public class ForwardProxyTLSServerTest
// no server SSL
SslContextFactory scenario1 = null;
// basic server SSL
SslContextFactory scenario2 = new SslContextFactory();
SslContextFactory scenario2 = new SslContextFactory.Server();
scenario2.setKeyStorePath(keyStorePath);
scenario2.setKeyStorePassword("storepwd");
scenario2.setKeyManagerPassword("keypwd");
@ -139,22 +139,27 @@ public class ForwardProxyTLSServerTest
private static SslContextFactory newServerSslContextFactory()
{
SslContextFactory sslContextFactory = new SslContextFactory();
String keyStorePath = MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath();
sslContextFactory.setKeyStorePath(keyStorePath);
sslContextFactory.setKeyStorePassword("storepwd");
sslContextFactory.setKeyManagerPassword("keypwd");
SslContextFactory sslContextFactory = new SslContextFactory.Server();
configureSslContextFactory(sslContextFactory);
return sslContextFactory;
}
private static SslContextFactory newClientSslContextFactory()
{
SslContextFactory sslContextFactory = newServerSslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Client();
configureSslContextFactory(sslContextFactory);
sslContextFactory.setEndpointIdentificationAlgorithm(null);
return sslContextFactory;
}
private static void configureSslContextFactory(SslContextFactory sslContextFactory)
{
String keyStorePath = MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath();
sslContextFactory.setKeyStorePath(keyStorePath);
sslContextFactory.setKeyStorePassword("storepwd");
sslContextFactory.setKeyManagerPassword("keypwd");
}
@AfterEach
public void stop() throws Exception
{
@ -629,9 +634,6 @@ public class ForwardProxyTLSServerTest
assumeTrue(false, "Environment not able to connect to proxy service");
}
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.start();
HttpClient httpClient = new HttpClient(newClientSslContextFactory());
httpClient.getProxyConfiguration().getProxies().add(new HttpProxy(proxyHost, proxyPort));
httpClient.start();

View File

@ -10,7 +10,7 @@
https://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory-cipherSuites
-->
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
<Set name="Provider"><Property name="jetty.sslContext.provider"/></Set>
<Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.sslContext.keyStorePath" deprecated="jetty.keystore" default="etc/keystore"/></Set>
<Set name="KeyStorePassword"><Property name="jetty.sslContext.keyStorePassword" deprecated="jetty.keystore.password" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>

View File

@ -53,8 +53,8 @@ public class SslConnectionFactory extends AbstractConnectionFactory
public SslConnectionFactory(@Name("sslContextFactory") SslContextFactory factory, @Name("next") String nextProtocol)
{
super("SSL");
_sslContextFactory=factory==null?new SslContextFactory():factory;
_nextProtocol=nextProtocol;
_sslContextFactory = factory == null ? new SslContextFactory.Server() : factory;
_nextProtocol = nextProtocol;
addBean(_sslContextFactory);
}

View File

@ -18,11 +18,6 @@
package org.eclipse.jetty.server;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.is;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertTrue;
import java.io.File;
import java.io.InputStream;
import java.io.OutputStream;
@ -49,6 +44,11 @@ import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.condition.DisabledIfSystemProperty;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.is;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertTrue;
public class ConnectionOpenCloseTest extends AbstractHttpTest
{
@Test
@ -170,7 +170,7 @@ public class ConnectionOpenCloseTest extends AbstractHttpTest
@DisabledIfSystemProperty(named = "env", matches = "ci") // TODO: SLOW, needs review
public void testSSLOpenRequestClose() throws Exception
{
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Server();
File keystore = MavenTestingUtils.getTestResourceFile("keystore");
sslContextFactory.setKeyStoreResource(Resource.newResource(keystore));
sslContextFactory.setKeyStorePassword("storepwd");

View File

@ -52,7 +52,7 @@ public class OptionalSslConnectionTest
server = new Server(serverThreads);
String keystore = MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath();
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath(keystore);
sslContextFactory.setKeyStorePassword("storepwd");
sslContextFactory.setKeyManagerPassword("keypwd");
@ -113,7 +113,7 @@ public class OptionalSslConnectionTest
}
// Then try a SSL connection.
SslContextFactory sslContextFactory = new SslContextFactory(true);
SslContextFactory sslContextFactory = new SslContextFactory.Client(true);
sslContextFactory.start();
try (Socket ssl = sslContextFactory.newSslSocket())
{

View File

@ -18,11 +18,6 @@
package org.eclipse.jetty.server;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.is;
import static org.junit.jupiter.api.Assertions.assertEquals;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
@ -62,6 +57,11 @@ import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.is;
import static org.junit.jupiter.api.Assertions.assertEquals;
public class ThreadStarvationTest
{
final static int BUFFER_SIZE=1024*1024;
@ -89,7 +89,7 @@ public class ThreadStarvationTest
// HTTPS/SSL/TLS
ConnectorProvider https = (server, acceptors, selectors) -> {
Path keystorePath = MavenTestingUtils.getTestResourcePath("keystore");
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath(keystorePath.toString());
sslContextFactory.setKeyStorePassword("storepwd");
sslContextFactory.setKeyManagerPassword("keypwd");

View File

@ -18,11 +18,6 @@
package org.eclipse.jetty.server.handler;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.not;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
@ -58,6 +53,11 @@ import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.not;
public class DebugHandlerTest
{
public final static HostnameVerifier __hostnameverifier = new HostnameVerifier()
@ -89,7 +89,7 @@ public class DebugHandlerTest
server.addConnector(httpConnector);
File keystorePath = MavenTestingUtils.getTestResourceFile("keystore");
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath(keystorePath.getAbsolutePath());
sslContextFactory.setKeyStorePassword("storepwd");
sslContextFactory.setKeyManagerPassword("keypwd");

View File

@ -18,10 +18,6 @@
package org.eclipse.jetty.server.handler;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.MatcherAssert.assertThat;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
@ -55,6 +51,10 @@ import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.is;
public class SecuredRedirectHandlerTest
{
private static Server server;
@ -68,7 +68,7 @@ public class SecuredRedirectHandlerTest
{
// Setup SSL
File keystore = MavenTestingUtils.getTestResourceFile("keystore");
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath(keystore.getAbsolutePath());
sslContextFactory.setKeyStorePassword("storepwd");
sslContextFactory.setKeyManagerPassword("keypwd");

View File

@ -27,7 +27,6 @@ import java.net.Socket;
import java.nio.charset.StandardCharsets;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@ -37,7 +36,6 @@ import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.handler.AbstractHandler;
import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
import org.eclipse.jetty.util.TypeUtil;
import org.eclipse.jetty.util.resource.Resource;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.junit.jupiter.api.Test;
@ -48,7 +46,7 @@ public class SSLCloseTest
public void testClose() throws Exception
{
File keystore = MavenTestingUtils.getTestResourceFile("keystore");
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStoreResource(Resource.newResource(keystore));
sslContextFactory.setKeyStorePassword("storepwd");
sslContextFactory.setKeyManagerPassword("keypwd");

View File

@ -23,12 +23,6 @@
package org.eclipse.jetty.server.ssl;
import static org.hamcrest.Matchers.greaterThan;
import static org.hamcrest.Matchers.is;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.hamcrest.MatcherAssert.assertThat;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
@ -63,6 +57,12 @@ import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.greaterThan;
import static org.hamcrest.Matchers.is;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
/**
*
*/
@ -109,7 +109,7 @@ public class SSLEngineTest
public void startServer() throws Exception
{
String keystore = MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath();
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath(keystore);
sslContextFactory.setKeyStorePassword("storepwd");
sslContextFactory.setKeyManagerPassword("keypwd");

View File

@ -18,9 +18,6 @@
package org.eclipse.jetty.server.ssl;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.jupiter.api.Assertions.assertEquals;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
@ -46,6 +43,9 @@ import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.condition.DisabledOnJre;
import org.junit.jupiter.api.condition.JRE;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.jupiter.api.Assertions.assertEquals;
// Only in JDK 11 is possible to use SSLSocket.shutdownOutput().
@DisabledOnJre({JRE.JAVA_8, JRE.JAVA_9, JRE.JAVA_10})
public class SSLReadEOFAfterResponseTest
@ -54,7 +54,7 @@ public class SSLReadEOFAfterResponseTest
public void testReadEOFAfterResponse() throws Exception
{
File keystore = MavenTestingUtils.getTestResourceFile("keystore");
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStoreResource(Resource.newResource(keystore));
sslContextFactory.setKeyStorePassword("storepwd");
sslContextFactory.setKeyManagerPassword("keypwd");

View File

@ -18,9 +18,6 @@
package org.eclipse.jetty.server.ssl;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.MatcherAssert.assertThat;
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.IOException;
@ -53,6 +50,9 @@ import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.is;
public class SSLSelectChannelConnectorLoadTest
{
private static Server server;
@ -63,7 +63,7 @@ public class SSLSelectChannelConnectorLoadTest
public static void startServer() throws Exception
{
String keystorePath = System.getProperty("basedir", ".") + "/src/test/resources/keystore";
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath(keystorePath);
sslContextFactory.setKeyStorePassword("storepwd");
sslContextFactory.setKeyManagerPassword("keypwd");

View File

@ -18,14 +18,6 @@
package org.eclipse.jetty.server.ssl;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.isEmptyOrNullString;
import static org.hamcrest.Matchers.not;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.jupiter.api.condition.OS.WINDOWS;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
@ -62,11 +54,19 @@ import org.eclipse.jetty.toolchain.test.MavenTestingUtils;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.hamcrest.Matchers;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.condition.DisabledOnOs;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.isEmptyOrNullString;
import static org.hamcrest.Matchers.not;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.condition.OS.WINDOWS;
/**
* HttpServer Tester.
*/
@ -83,7 +83,7 @@ public class SelectChannelServerSslTest extends HttpServerTestBase
public void init() throws Exception
{
String keystorePath = MavenTestingUtils.getTestResourcePath("keystore").toString();
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath(keystorePath);
sslContextFactory.setKeyStorePassword("storepwd");
sslContextFactory.setKeyManagerPassword("keypwd");

View File

@ -18,8 +18,6 @@
package org.eclipse.jetty.server.ssl;
import static java.time.Duration.ofSeconds;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
@ -51,6 +49,8 @@ import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;
import static java.time.Duration.ofSeconds;
@Tag("Unstable")
@Disabled
public class SlowClientsTest
@ -61,7 +61,7 @@ public class SlowClientsTest
public void testSlowClientsWithSmallThreadPool() throws Exception
{
File keystore = MavenTestingUtils.getTestResourceFile("keystore");
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath(keystore.getAbsolutePath());
sslContextFactory.setKeyStorePassword("storepwd");
sslContextFactory.setKeyManagerPassword("keypwd");

View File

@ -18,12 +18,6 @@
package org.eclipse.jetty.server.ssl;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.startsWith;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertTrue;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
@ -70,6 +64,12 @@ import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.startsWith;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertTrue;
public class SniSslConnectionFactoryTest
{
private Server _server;
@ -118,7 +118,7 @@ public class SniSslConnectionFactoryTest
if (!keystoreFile.exists())
throw new FileNotFoundException(keystoreFile.getAbsolutePath());
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath(keystoreFile.getAbsolutePath());
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
@ -224,7 +224,7 @@ public class SniSslConnectionFactoryTest
{
start("src/test/resources/keystore_sni.p12");
SslContextFactory clientContextFactory = new SslContextFactory(true);
SslContextFactory clientContextFactory = new SslContextFactory.Client(true);
clientContextFactory.start();
SSLSocketFactory factory = clientContextFactory.getSslContext().getSocketFactory();
try (SSLSocket sslSocket = (SSLSocket)factory.createSocket("127.0.0.1", _port))
@ -282,7 +282,7 @@ public class SniSslConnectionFactoryTest
{
start("src/test/resources/keystore_sni.p12");
SslContextFactory clientContextFactory = new SslContextFactory(true);
SslContextFactory clientContextFactory = new SslContextFactory.Client(true);
clientContextFactory.start();
SSLSocketFactory factory = clientContextFactory.getSslContext().getSocketFactory();
try (SSLSocket sslSocket = (SSLSocket)factory.createSocket("127.0.0.1", _port))
@ -360,7 +360,7 @@ public class SniSslConnectionFactoryTest
private String getResponse(String sniHost, String reqHost, String cn) throws Exception
{
SslContextFactory clientContextFactory = new SslContextFactory(true);
SslContextFactory clientContextFactory = new SslContextFactory.Client(true);
clientContextFactory.start();
SSLSocketFactory factory = clientContextFactory.getSslContext().getSocketFactory();
try (SSLSocket sslSocket = (SSLSocket)factory.createSocket("127.0.0.1", _port))

View File

@ -18,11 +18,6 @@
package org.eclipse.jetty.server.ssl;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
@ -59,10 +54,14 @@ import org.eclipse.jetty.util.IO;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.hamcrest.Matchers;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
public class SslConnectionFactoryTest
{
private Server _server;
@ -87,7 +86,7 @@ public class SslConnectionFactoryTest
https_config.addCustomizer(new SecureRequestCustomizer());
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath(keystoreFile.getAbsolutePath());
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
@ -210,7 +209,7 @@ public class SslConnectionFactoryTest
private String getResponse(String sniHost, String reqHost, String cn) throws Exception
{
SslContextFactory clientContextFactory = new SslContextFactory(true);
SslContextFactory clientContextFactory = new SslContextFactory.Client(true);
clientContextFactory.start();
SSLSocketFactory factory = clientContextFactory.getSslContext().getSocketFactory();

View File

@ -18,10 +18,6 @@
package org.eclipse.jetty.server.ssl;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
@ -56,9 +52,12 @@ import org.eclipse.jetty.util.thread.ScheduledExecutorScheduler;
import org.eclipse.jetty.util.thread.Scheduler;
import org.hamcrest.Matchers;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Test;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
public class SslContextFactoryReloadTest
{
public static final String KEYSTORE_1 = "src/test/resources/reload_keystore_1.jks";
@ -72,7 +71,7 @@ public class SslContextFactoryReloadTest
{
server = new Server();
sslContextFactory = new SslContextFactory();
sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath(KEYSTORE_1);
sslContextFactory.setKeyStorePassword("storepwd");
sslContextFactory.setKeyStoreType("JKS");

View File

@ -45,7 +45,7 @@ public class SslSelectChannelTimeoutTest extends ConnectorTimeoutTest
public void init() throws Exception
{
String keystorePath = System.getProperty("basedir",".") + "/src/test/resources/keystore";
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath(keystorePath);
sslContextFactory.setKeyStorePassword("storepwd");
sslContextFactory.setKeyManagerPassword("keypwd");
@ -64,7 +64,5 @@ public class SslSelectChannelTimeoutTest extends ConnectorTimeoutTest
trustManagerFactory.init(keystore);
__sslContext = SSLContext.getInstance("SSL");
__sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
}
}

View File

@ -18,9 +18,6 @@
package org.eclipse.jetty.server.ssl;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertTrue;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
@ -49,6 +46,9 @@ import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertTrue;
/**
*/
public class SslUploadTest
@ -62,7 +62,7 @@ public class SslUploadTest
{
File keystore = MavenTestingUtils.getTestResourceFile("keystore");
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath(keystore.getAbsolutePath());
sslContextFactory.setKeyStorePassword("storepwd");
sslContextFactory.setKeyManagerPassword("keypwd");

View File

@ -18,9 +18,6 @@
package org.eclipse.jetty.servlet;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertEquals;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
@ -48,6 +45,9 @@ import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
import org.junit.jupiter.params.provider.MethodSource;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertEquals;
public class SSLAsyncIOServletTest
{
public static Stream<Arguments> scenarios()
@ -221,8 +221,7 @@ public class SSLAsyncIOServletTest
Path keystorePath = MavenTestingUtils.getTestResourcePath("keystore.jks");
Path truststorePath = MavenTestingUtils.getTestResourcePath("truststore.jks");
sslContextFactory = new SslContextFactory();
sslContextFactory.setEndpointIdentificationAlgorithm("");
sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath(keystorePath.toString());
sslContextFactory.setKeyStorePassword("storepwd");
sslContextFactory.setTrustStorePath(truststorePath.toString());

View File

@ -86,10 +86,10 @@ import org.eclipse.jetty.util.security.CertificateValidator;
import org.eclipse.jetty.util.security.Password;
/**
* SslContextFactory is used to configure SSL connectors
* as well as HttpClient. It holds all SSL parameters and
* creates SSL context based on these parameters to be
* used by the SSL connectors.
* <p>SslContextFactory is used to configure SSL parameters
* to be used by server and client connectors.</p>
* <p>Use {@link Server} to configure server-side connectors,
* and {@link Client} to configure HTTP or WebSocket clients.</p>
*/
@ManagedObject
public class SslContextFactory extends AbstractLifeCycle implements Dumpable
@ -198,9 +198,11 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
private HostnameVerifier _hostnameVerifier;
/**
* Construct an instance of SslContextFactory
* Default constructor for use in XmlConfiguration files
* Construct an instance of SslContextFactory with the default configuration.
*
* @deprecated use {@link Client#Client()} or {@link Server#Server()} instead
*/
@Deprecated
public SslContextFactory()
{
this(false);
@ -212,7 +214,9 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
*
* @param trustAll whether to blindly trust all certificates
* @see #setTrustAll(boolean)
* @deprecated use {@link Client#Client(boolean)} instead
*/
@Deprecated
public SslContextFactory(boolean trustAll)
{
this(trustAll, null);
@ -222,7 +226,9 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
* Construct an instance of SslContextFactory
*
* @param keyStorePath default keystore location
* @deprecated use {@link #setKeyStorePath(String)} instead
*/
@Deprecated
public SslContextFactory(String keyStorePath)
{
this(false, keyStorePath);
@ -249,21 +255,33 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
{
load();
}
secureConfigurationCheck();
checkConfiguration();
}
protected void secureConfigurationCheck()
protected void checkConfiguration()
{
if (isTrustAll())
LOG_CONFIG.warn("Trusting all certificates configured for {}",this);
if (getEndpointIdentificationAlgorithm()==null)
LOG_CONFIG.warn("No Client EndPointIdentificationAlgorithm configured for {}",this);
SSLEngine engine = _factory._context.createSSLEngine();
customize(engine);
SSLParameters supported = engine.getSSLParameters();
checkProtocols(supported);
checkCiphers(supported);
}
protected void checkTrustAll()
{
if (isTrustAll())
LOG_CONFIG.warn("Trusting all certificates configured for {}", this);
}
protected void checkEndPointIdentificationAlgorithm()
{
if (getEndpointIdentificationAlgorithm() == null)
LOG_CONFIG.warn("No Client EndPointIdentificationAlgorithm configured for {}", this);
}
protected void checkProtocols(SSLParameters supported)
{
for (String protocol : supported.getProtocols())
{
for (String excluded : DEFAULT_EXCLUDED_PROTOCOLS)
@ -272,7 +290,10 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
LOG_CONFIG.warn("Protocol {} not excluded for {}", protocol, this);
}
}
}
protected void checkCiphers(SSLParameters supported)
{
for (String suite : supported.getCipherSuites())
{
for (String excludedSuiteRegex : DEFAULT_EXCLUDED_CIPHER_SUITES)
@ -417,9 +438,9 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
getExcludeCipherSuites(),
getIncludeCipherSuites()));
}
catch (NoSuchAlgorithmException ignore)
catch (NoSuchAlgorithmException x)
{
LOG.ignore(ignore);
LOG.ignore(x);
}
}
@ -754,8 +775,10 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
/**
* @return True if SSL needs client authentication.
* @see SSLEngine#getNeedClientAuth()
* @deprecated use {@link Server#getNeedClientAuth()} instead
*/
@ManagedAttribute("Whether client authentication is needed")
@Deprecated
public boolean getNeedClientAuth()
{
return _needClientAuth;
@ -764,7 +787,9 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
/**
* @param needClientAuth True if SSL needs client authentication.
* @see SSLEngine#getNeedClientAuth()
* @deprecated use {@link Server#setNeedClientAuth(boolean)} instead
*/
@Deprecated
public void setNeedClientAuth(boolean needClientAuth)
{
_needClientAuth = needClientAuth;
@ -773,8 +798,10 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
/**
* @return True if SSL wants client authentication.
* @see SSLEngine#getWantClientAuth()
* @deprecated use {@link Server#getWantClientAuth()} instead
*/
@ManagedAttribute("Whether client authentication is wanted")
@Deprecated
public boolean getWantClientAuth()
{
return _wantClientAuth;
@ -783,7 +810,9 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
/**
* @param wantClientAuth True if SSL wants client authentication.
* @see SSLEngine#getWantClientAuth()
* @deprecated use {@link Server#setWantClientAuth(boolean)} instead
*/
@Deprecated
public void setWantClientAuth(boolean wantClientAuth)
{
_wantClientAuth = wantClientAuth;
@ -1110,6 +1139,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
* Deployments can be vulnerable to a man-in-the-middle attack if a EndpointIndentificationAlgorithm
* is not set.
* @param endpointIdentificationAlgorithm Set the endpointIdentificationAlgorithm
* @see #setHostnameVerifier(HostnameVerifier)
*/
public void setEndpointIdentificationAlgorithm(String endpointIdentificationAlgorithm)
{
@ -1198,7 +1228,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
}
// Is SNI needed to select a certificate?
if (!_certWilds.isEmpty() || _certHosts.size()>1 || _certHosts.size()==1 && _aliasX509.size()>1)
if (!_certWilds.isEmpty() || _certHosts.size()>1 || (_certHosts.size()==1 && _aliasX509.size()>1))
{
for (int idx = 0; idx < managers.length; idx++)
{
@ -1761,10 +1791,14 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
sslParams.setCipherSuites(_selectedCipherSuites);
if (_selectedProtocols != null)
sslParams.setProtocols(_selectedProtocols);
if (getWantClientAuth())
if (this instanceof Server)
{
Server server = (Server)this;
if (server.getWantClientAuth())
sslParams.setWantClientAuth(true);
if (getNeedClientAuth())
if (server.getNeedClientAuth())
sslParams.setNeedClientAuth(true);
}
return sslParams;
}
@ -1792,7 +1826,7 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance("X.509");
for (int i = 0; i < length; i++)
{
byte bytes[] = javaxCerts[i].getEncoded();
byte[] bytes = javaxCerts[i].getEncoded();
ByteArrayInputStream stream = new ByteArrayInputStream(bytes);
javaCerts[i] = (X509Certificate)cf.generateCertificate(stream);
}
@ -1953,4 +1987,56 @@ public class SslContextFactory extends AbstractLifeCycle implements Dumpable
return _x509;
}
}
public static class Client extends SslContextFactory
{
public Client()
{
this(false);
}
public Client(boolean trustAll)
{
super(trustAll);
}
@Override
protected void checkConfiguration()
{
checkTrustAll();
checkEndPointIdentificationAlgorithm();
super.checkConfiguration();
}
}
public static class Server extends SslContextFactory
{
public Server()
{
setEndpointIdentificationAlgorithm(null);
}
@Override
public boolean getWantClientAuth()
{
return super.getWantClientAuth();
}
public void setWantClientAuth(boolean wantClientAuth)
{
super.setWantClientAuth(wantClientAuth);
}
@Override
public boolean getNeedClientAuth()
{
return super.getNeedClientAuth();
}
@Override
public void setNeedClientAuth(boolean needClientAuth)
{
super.setNeedClientAuth(needClientAuth);
}
}
}

View File

@ -18,21 +18,6 @@
package org.eclipse.jetty.util.ssl;
import static org.eclipse.jetty.toolchain.test.matchers.RegexMatcher.matchesPattern;
import static org.hamcrest.Matchers.containsInAnyOrder;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.greaterThan;
import static org.hamcrest.Matchers.hasItem;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.not;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
@ -50,6 +35,22 @@ import org.eclipse.jetty.util.resource.Resource;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import static org.eclipse.jetty.toolchain.test.matchers.RegexMatcher.matchesPattern;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.containsInAnyOrder;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.greaterThan;
import static org.hamcrest.Matchers.hasItem;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.not;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
public class SslContextFactoryTest
{
private SslContextFactory cf;
@ -57,7 +58,7 @@ public class SslContextFactoryTest
@BeforeEach
public void setUp() throws Exception
{
cf = new SslContextFactory();
cf = new SslContextFactory.Server();
java.security.cert.CertPathBuilder certPathBuilder = java.security.cert.CertPathBuilder.getInstance("PKIX");
java.security.cert.PKIXRevocationChecker revocationChecker = (java.security.cert.PKIXRevocationChecker)certPathBuilder.getRevocationChecker();
@ -325,18 +326,36 @@ public class SslContextFactoryTest
@Test
public void testNonDefaultKeyStoreTypeUsedForTrustStore() throws Exception
{
cf = new SslContextFactory();
cf = new SslContextFactory.Server();
cf.setKeyStoreResource(Resource.newSystemResource("keystore.p12"));
cf.setKeyStoreType("pkcs12");
cf.setKeyStorePassword("storepwd");
cf.start();
cf.stop();
cf = new SslContextFactory();
cf = new SslContextFactory.Server();
cf.setKeyStoreResource(Resource.newSystemResource("keystore.jce"));
cf.setKeyStoreType("jceks");
cf.setKeyStorePassword("storepwd");
cf.start();
cf.stop();
}
@Test
public void testClientSslContextFactory() throws Exception
{
cf = new SslContextFactory.Client();
cf.start();
assertEquals("HTTPS", cf.getEndpointIdentificationAlgorithm());
}
@Test
public void testServerSslContextFactory() throws Exception
{
cf = new SslContextFactory.Server();
cf.start();
assertNull(cf.getEndpointIdentificationAlgorithm());
}
}

View File

@ -44,7 +44,7 @@ class DefaultHttpClientProvider
if (sslContextFactory == null)
{
sslContextFactory = new SslContextFactory();
sslContextFactory = new SslContextFactory.Client();
sslContextFactory.setTrustAll(false);
sslContextFactory.setEndpointIdentificationAlgorithm("HTTPS");
}

View File

@ -3,7 +3,7 @@
<Configure class="org.eclipse.jetty.client.HttpClient">
<Arg>
<New class="org.eclipse.jetty.util.ssl.SslContextFactory">
<New class="org.eclipse.jetty.util.ssl.SslContextFactory$Client">
<Set name="trustAll" type="java.lang.Boolean">false</Set>
<Call name="addExcludeProtocols">
<Arg>

View File

@ -48,8 +48,7 @@ public class SimpleContainerScope extends ContainerLifeCycle implements WebSocke
public SimpleContainerScope(WebSocketPolicy policy)
{
this(policy, new MappedByteBufferPool(), new DecoratedObjectFactory());
this.sslContextFactory = new SslContextFactory();
this(policy, new MappedByteBufferPool());
}
public SimpleContainerScope(WebSocketPolicy policy, ByteBufferPool bufferPool)
@ -59,7 +58,7 @@ public class SimpleContainerScope extends ContainerLifeCycle implements WebSocke
public SimpleContainerScope(WebSocketPolicy policy, ByteBufferPool bufferPool, DecoratedObjectFactory objectFactory)
{
this(policy, bufferPool, (Executor) null, objectFactory);
this(policy, bufferPool, null, objectFactory);
}
public SimpleContainerScope(WebSocketPolicy policy, ByteBufferPool bufferPool, Executor executor, DecoratedObjectFactory objectFactory)
@ -83,9 +82,9 @@ public class SimpleContainerScope extends ContainerLifeCycle implements WebSocke
this.objectFactory = objectFactory;
}
if(ssl == null)
if (ssl == null)
{
this.sslContextFactory = new SslContextFactory();
this.sslContextFactory = new SslContextFactory.Server();
}
else
{

View File

@ -18,10 +18,6 @@
package org.eclipse.jetty.websocket.server;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.notNullValue;
import java.net.URI;
import java.util.concurrent.Future;
@ -48,6 +44,10 @@ import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Test;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.notNullValue;
public class RedirectWebSocketClientTest
{
public static Server server;
@ -114,7 +114,7 @@ public class RedirectWebSocketClientTest
private static SslContextFactory newSslContextFactory()
{
SslContextFactory ssl = new SslContextFactory();
SslContextFactory ssl = new SslContextFactory.Server();
ssl.setKeyStorePath(MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath());
ssl.setKeyStorePassword("storepwd");
ssl.setKeyManagerPassword("keypwd");
@ -124,7 +124,10 @@ public class RedirectWebSocketClientTest
@Test
public void testRedirect() throws Exception
{
SslContextFactory ssl = newSslContextFactory();
SslContextFactory ssl = new SslContextFactory.Client();
ssl.setKeyStorePath(MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath());
ssl.setKeyStorePassword("storepwd");
ssl.setKeyManagerPassword("keypwd");
ssl.setTrustAll(false);
ssl.setEndpointIdentificationAlgorithm(null);
HttpClient httpClient = new HttpClient(ssl);
@ -149,7 +152,7 @@ public class RedirectWebSocketClientTest
}
@WebSocket
public static class EmptyWebSocket {
public static class EmptyWebSocket
{
}
}

View File

@ -19,6 +19,7 @@
package org.eclipse.jetty.websocket.server;
import java.net.URI;
import javax.servlet.http.HttpServlet;
import org.eclipse.jetty.http.HttpVersion;
@ -87,11 +88,10 @@ public class SimpleServletServer
http_config.setSendServerVersion(true);
http_config.setSendDateHeader(false);
sslContextFactory = new SslContextFactory();
sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath(MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath());
sslContextFactory.setKeyStorePassword("storepwd");
sslContextFactory.setKeyManagerPassword("keypwd");
sslContextFactory.setEndpointIdentificationAlgorithm(null);
// SSL HTTP Configuration
HttpConfiguration https_config = new HttpConfiguration(http_config);

View File

@ -65,7 +65,7 @@ public class HttpChannelAssociationTest extends AbstractTest<TransportScenario>
init(transport);
scenario.startServer(new EmptyServerHandler());
scenario.client = new HttpClient(newHttpClientTransport(scenario, exchange -> false), scenario.sslContextFactory);
scenario.client = new HttpClient(newHttpClientTransport(scenario, exchange -> false), scenario.newClientSslContextFactory());
QueuedThreadPool clientThreads = new QueuedThreadPool();
clientThreads.setName("client");
scenario.client.setExecutor(clientThreads);
@ -90,8 +90,7 @@ public class HttpChannelAssociationTest extends AbstractTest<TransportScenario>
scenario.startServer(new EmptyServerHandler());
long idleTimeout = 1000;
SslContextFactory sslContextFactory = scenario.newSslContextFactory();
sslContextFactory.setEndpointIdentificationAlgorithm(null);
SslContextFactory sslContextFactory = scenario.newClientSslContextFactory();
scenario.client = new HttpClient(newHttpClientTransport(scenario, exchange ->
{
// We idle timeout just before the association,

View File

@ -18,15 +18,6 @@
package org.eclipse.jetty.http.client;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.containsString;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.fail;
import java.io.IOException;
import java.io.InputStream;
import java.io.InterruptedIOException;
@ -63,6 +54,15 @@ import org.junit.jupiter.api.Assumptions;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.ArgumentsSource;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.containsString;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.fail;
public class HttpClientTest extends AbstractTest<TransportScenario>
{
@Override
@ -343,7 +343,9 @@ public class HttpClientTest extends AbstractTest<TransportScenario>
scenario.startServer(new EmptyServerHandler());
// Use a default SslContextFactory, requests should fail because the server certificate is unknown.
scenario.client = scenario.newHttpClient(scenario.provideClientTransport(), new SslContextFactory());
SslContextFactory.Client clientTLS = scenario.newClientSslContextFactory();
clientTLS.setEndpointIdentificationAlgorithm("HTTPS");
scenario.client = scenario.newHttpClient(scenario.provideClientTransport(), clientTLS);
QueuedThreadPool clientThreads = new QueuedThreadPool();
clientThreads.setName("client");
scenario.client.setExecutor(clientThreads);

View File

@ -251,8 +251,7 @@ public class HttpClientTimeoutTest extends AbstractTest<TransportScenario>
scenario.startServer(new TimeoutHandler(2 * timeout));
AtomicBoolean sslIdle = new AtomicBoolean();
SslContextFactory sslContextFactory = scenario.newSslContextFactory();
sslContextFactory.setEndpointIdentificationAlgorithm(null);
SslContextFactory sslContextFactory = scenario.newClientSslContextFactory();
scenario.client = new HttpClient(scenario.provideClientTransport(), sslContextFactory)
{
@Override

View File

@ -298,8 +298,7 @@ public class TransportScenario
QueuedThreadPool clientThreads = new QueuedThreadPool();
clientThreads.setName("client");
clientThreads.setDetailedDump(true);
SslContextFactory sslContextFactory = newSslContextFactory();
sslContextFactory.setEndpointIdentificationAlgorithm(null);
SslContextFactory sslContextFactory = newClientSslContextFactory();
client = newHttpClient(provideClientTransport(transport), sslContextFactory);
client.setExecutor(clientThreads);
client.setSocketAddressResolver(new SocketAddressResolver.Sync());
@ -324,7 +323,7 @@ public class TransportScenario
public void startServer(Handler handler) throws Exception
{
sslContextFactory = newSslContextFactory();
sslContextFactory = newServerSslContextFactory();
QueuedThreadPool serverThreads = new QueuedThreadPool();
serverThreads.setName("server");
serverThreads.setDetailedDump(true);
@ -352,16 +351,29 @@ public class TransportScenario
}
}
protected SslContextFactory newSslContextFactory()
protected SslContextFactory.Server newServerSslContextFactory()
{
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
configureSslContextFactory(sslContextFactory);
return sslContextFactory;
}
protected SslContextFactory.Client newClientSslContextFactory()
{
SslContextFactory.Client sslContextFactory = new SslContextFactory.Client();
configureSslContextFactory(sslContextFactory);
sslContextFactory.setEndpointIdentificationAlgorithm(null);
return sslContextFactory;
}
private void configureSslContextFactory(SslContextFactory sslContextFactory)
{
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
sslContextFactory.setKeyStorePassword("storepwd");
sslContextFactory.setTrustStorePath("src/test/resources/truststore.jks");
sslContextFactory.setTrustStorePassword("storepwd");
sslContextFactory.setUseCipherSuitesOrder(true);
sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR);
return sslContextFactory;
}
public void stopClient() throws Exception

View File

@ -101,11 +101,10 @@ public class HttpInputIntegrationTest
// SSL Context Factory for HTTPS and HTTP/2
String jetty_distro = System.getProperty("jetty.distro","../../jetty-distribution/target/distribution");
__sslContextFactory = new SslContextFactory();
__sslContextFactory = new SslContextFactory.Server();
__sslContextFactory.setKeyStorePath(jetty_distro + "/../../../jetty-server/src/test/config/etc/keystore");
__sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
__sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
__sslContextFactory.setEndpointIdentificationAlgorithm(null);
// HTTPS Configuration
__sslConfig = new HttpConfiguration(__config);

View File

@ -1,10 +1,9 @@
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
<Set name="KeyStorePath"><Property name="jetty.home" default="." />/<Property name="jetty.sslContext.keyStorePath" default="keystore"/></Set>
<Set name="KeyStorePassword"><Property name="jetty.sslContext.keyStorePassword" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>
<Set name="KeyManagerPassword"><Property name="jetty.sslContext.keyManagerPassword" default="OBF:1u2u1wml1z7s1z7a1wnl1u2g"/></Set>
<Set name="TrustStorePath"><Property name="jetty.home" default="." />/<Property name="jetty.sslContext.trustStorePath" default="keystore"/></Set>
<Set name="TrustStorePassword"><Property name="jetty.sslContext.trustStorePassword" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>
<Set name="EndpointIdentificationAlgorithm"></Set>
<Set name="ExcludeCipherSuites">
<Array type="String">
<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>

View File

@ -54,7 +54,7 @@ public class HTTP1Servlet extends HttpServlet
{
try
{
sslContextFactory = new SslContextFactory(true);
sslContextFactory = new SslContextFactory.Client(true);
http2Client = new HTTP2Client();
http2Client.addBean(sslContextFactory);
http2Client.start();

View File

@ -18,8 +18,6 @@
package org.eclipse.jetty.test.webapp;
import static org.junit.jupiter.api.Assertions.assertEquals;
import java.util.concurrent.TimeUnit;
import org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory;
@ -36,9 +34,10 @@ import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.webapp.WebAppContext;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.assertEquals;
public class HTTP2FromWebAppIT
{
@Test
@ -46,7 +45,7 @@ public class HTTP2FromWebAppIT
{
Server server = new Server();
SslContextFactory serverTLS = new SslContextFactory();
SslContextFactory serverTLS = new SslContextFactory.Server();
serverTLS.setKeyStorePath("src/test/resources/keystore.jks");
serverTLS.setKeyStorePassword("storepwd");
serverTLS.setCipherComparator(new HTTP2Cipher.CipherComparator());
@ -71,7 +70,7 @@ public class HTTP2FromWebAppIT
try
{
SslContextFactory clientTLS = new SslContextFactory(true);
SslContextFactory clientTLS = new SslContextFactory.Client(true);
HttpClient client = new HttpClient(clientTLS);
client.start();

View File

@ -82,7 +82,7 @@ public class TestTransparentProxyServer
// SSL configurations
SslContextFactory sslContextFactory = new SslContextFactory();
SslContextFactory sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setKeyStorePath(jetty_root + "/jetty-server/src/main/config/etc/keystore");
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
@ -136,5 +136,4 @@ public class TestTransparentProxyServer
server.start();
server.join();
}
}