Fixes #2643 - Switch SslContextFactory.keystoreType from JKS to PKCS12.
Updated old keystores to new PKCS12 keystores. Removed unused keystores and truststores. Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
This commit is contained in:
Simone Bordet
parent
65d50258b7
commit
d60b4459bf
|
|
@ -100,13 +100,12 @@ public class Http2Server
|
|||
server.addConnector(http);
|
||||
|
||||
// SSL Context Factory for HTTPS and HTTP/2
|
||||
Path keystorePath = Paths.get("src/main/resources/etc/keystore").toAbsolutePath();
|
||||
Path keystorePath = Paths.get("src/main/resources/etc/keystore.p12").toAbsolutePath();
|
||||
if (!Files.exists(keystorePath))
|
||||
throw new FileNotFoundException(keystorePath.toString());
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keystorePath.toString());
|
||||
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR);
|
||||
// sslContextFactory.setProvider("Conscrypt");
|
||||
|
||||
|
|
|
|||
|
|
@ -124,15 +124,14 @@ public class LikeJettyXml
|
|||
|
||||
// === jetty-https.xml ===
|
||||
// SSL Context Factory
|
||||
Path keystorePath = Paths.get("src/main/resources/etc/keystore").toAbsolutePath();
|
||||
Path keystorePath = Paths.get("src/main/resources/etc/keystore.p12").toAbsolutePath();
|
||||
if (!Files.exists(keystorePath))
|
||||
throw new FileNotFoundException(keystorePath.toString());
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keystorePath.toString());
|
||||
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setTrustStorePath(keystorePath.toString());
|
||||
sslContextFactory.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
sslContextFactory.setTrustStorePassword("storepwd");
|
||||
|
||||
// SSL HTTP Configuration
|
||||
HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@ public class ManyConnectors
|
|||
{
|
||||
// Since this example shows off SSL configuration, we need a keystore
|
||||
// with the appropriate key.
|
||||
Path keystorePath = Paths.get("src/main/resources/etc/keystore").toAbsolutePath();
|
||||
Path keystorePath = Paths.get("src/main/resources/etc/keystore.p12").toAbsolutePath();
|
||||
if (!Files.exists(keystorePath))
|
||||
throw new FileNotFoundException(keystorePath.toString());
|
||||
|
||||
|
|
@ -81,8 +81,7 @@ public class ManyConnectors
|
|||
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keystorePath.toString());
|
||||
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
|
||||
// OPTIONAL: Un-comment the following to use Conscrypt for SSL instead of
|
||||
// the native JSSE implementation.
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
|
|
@ -1,20 +0,0 @@
|
|||
Bag Attributes
|
||||
friendlyName: jetty
|
||||
localKeyID: 54 69 6D 65 20 31 34 32 33 31 39 38 30 39 33 31 31 35
|
||||
Key Attributes: <No Attributes>
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAIPh4Q0t4xklXTzX
|
||||
N2VAb47r5n7idAupp4CTNEhhT6lS70iA+A8i4+0lSEHWAogvd9jl3H7SvScr30QM
|
||||
4ieC0JCGSOwGc8f+yqKrO56PPd5OuqW380BJ0r74jJczU9CcsuavHD7e6mRLUnmj
|
||||
xM20NSxrcicMiPUHY1mJZtN9swtxAgMBAAECgYADS9P6Jll0uXBZIu/pgfDH27GJ
|
||||
HlPULstW9VbrMDNzgfUlFMQebLrRpIrnyleJ29Xc//HA4beEkR4lb0T/w88+pEkt
|
||||
7fhYeqRLPIfpDOgzloynnsoPcd8f/PypbimQrNLmBiG1178nVcy4Yoh5lYVIJwtU
|
||||
3VriqDlvAfTLrrx8AQJBAMLWuh27Hb8xs3LRg4UD7hcv8tJejstm08Y+czRz7cO0
|
||||
RENa3aDjGFSegc+IUfdez7BP8uDw+PwE+jybmTvaliECQQCtR/anCY1WS28/bKvy
|
||||
lmIwoI15eraBdVFkN0Hfxh+9PfR3rMD5uyvukT5GgTtY/XxADyafSTaipDJiZHJI
|
||||
EitRAkBjeCBYYVjUbVlBuvi8Bb+dktsSzzdzXDGtueAy3SR7jyJyiIcxRf775Fg9
|
||||
TUkbUwoQ5yAF+sACWcAvBPj796JBAkAEZEeHEkHnxv+pztpIyrDwZJFRW9/WRh/q
|
||||
90+PGVlilXhltBYr/idt43Z9mPblGX+VrAyhitx8oMa6IauX0gYRAkEAgnyVeXrD
|
||||
jDLUZRA3P8Gu27k1k6GjbTYiUz3HKCz2/6+MZ2MK2qqwafgqocji029Q6dHdPD7a
|
||||
4QnRlvraUnyQLA==
|
||||
-----END PRIVATE KEY-----
|
||||
|
|
@ -79,11 +79,9 @@ public class ConscryptHTTP2ServerTest
|
|||
private void configureSslContextFactory(SslContextFactory sslContextFactory)
|
||||
{
|
||||
Path path = Paths.get("src", "test", "resources");
|
||||
File keys = path.resolve("keystore").toFile();
|
||||
File keys = path.resolve("keystore.p12").toFile();
|
||||
sslContextFactory.setKeyStorePath(keys.getAbsolutePath());
|
||||
sslContextFactory.setKeyManagerPassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
sslContextFactory.setTrustStorePath(keys.getAbsolutePath());
|
||||
sslContextFactory.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
sslContextFactory.setProvider("Conscrypt");
|
||||
if (JavaVersion.VERSION.getPlatform() < 9)
|
||||
{
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
|
|
@ -83,9 +83,8 @@ public class JDK9ALPNTest
|
|||
private SslContextFactory.Server newServerSslContextFactory()
|
||||
{
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
|
||||
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.p12");
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
// The mandatory HTTP/2 cipher.
|
||||
sslContextFactory.setIncludeCipherSuites("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
|
||||
return sslContextFactory;
|
||||
|
|
|
|||
|
|
@ -46,9 +46,8 @@ public class JDK9HTTP2Server
|
|||
httpsConfig.addCustomizer(new SecureRequestCustomizer());
|
||||
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
|
||||
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.p12");
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR);
|
||||
|
||||
HttpConnectionFactory http = new HttpConnectionFactory(httpsConfig);
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
|
|
@ -291,7 +291,7 @@
|
|||
</goals>
|
||||
<configuration>
|
||||
<tasks>
|
||||
<delete file="${assembly-directory}/etc/keystore" />
|
||||
<delete file="${assembly-directory}/etc/keystore.p12" />
|
||||
</tasks>
|
||||
</configuration>
|
||||
</execution>
|
||||
|
|
|
|||
|
|
@ -386,9 +386,9 @@ ____
|
|||
[source%nowrap,plain,linenums]
|
||||
----
|
||||
$ cd $JETTY_BASE
|
||||
$ keytool -list -keystore etc/keystore -storetype jks -storepass '' -v
|
||||
$ keytool -v -list -keystore etc/keystore
|
||||
|
||||
Keystore type: JKS
|
||||
Keystore type: PKCS12
|
||||
Keystore provider: SUN
|
||||
|
||||
Your keystore contains 3 entries
|
||||
|
|
|
|||
|
|
@ -37,10 +37,8 @@ public class DrupalHTTP2FastCGIProxyServer
|
|||
public static void main(String[] args) throws Exception
|
||||
{
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.p12");
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setTrustStorePath("src/test/resources/truststore.jks");
|
||||
sslContextFactory.setTrustStorePassword("storepwd");
|
||||
sslContextFactory.setCipherComparator(new HTTP2Cipher.CipherComparator());
|
||||
|
||||
Server server = new Server();
|
||||
|
|
|
|||
|
|
@ -55,7 +55,7 @@ public class TryFilesFilterTest
|
|||
server.addConnector(connector);
|
||||
|
||||
SslContextFactory.Server serverSslContextFactory = new SslContextFactory.Server();
|
||||
serverSslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
|
||||
serverSslContextFactory.setKeyStorePath("src/test/resources/keystore.p12");
|
||||
serverSslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslConnector = new ServerConnector(server, serverSslContextFactory);
|
||||
server.addConnector(sslConnector);
|
||||
|
|
@ -71,10 +71,8 @@ public class TryFilesFilterTest
|
|||
ClientConnector clientConnector = new ClientConnector();
|
||||
SslContextFactory.Client clientSslContextFactory = new SslContextFactory.Client();
|
||||
clientSslContextFactory.setEndpointIdentificationAlgorithm(null);
|
||||
clientSslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
|
||||
clientSslContextFactory.setKeyStorePath("src/test/resources/keystore.p12");
|
||||
clientSslContextFactory.setKeyStorePassword("storepwd");
|
||||
clientSslContextFactory.setTrustStorePath("src/test/resources/truststore.jks");
|
||||
clientSslContextFactory.setTrustStorePassword("storepwd");
|
||||
clientConnector.setSslContextFactory(clientSslContextFactory);
|
||||
client = new HttpClient(new HttpClientTransportOverHTTP(clientConnector));
|
||||
server.addBean(client);
|
||||
|
|
|
|||
|
|
@ -43,10 +43,8 @@ public class WordPressHTTP2FastCGIProxyServer
|
|||
int tlsPort = 8443;
|
||||
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.p12");
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setTrustStorePath("src/test/resources/truststore.jks");
|
||||
sslContextFactory.setTrustStorePassword("storepwd");
|
||||
sslContextFactory.setCipherComparator(new HTTP2Cipher.CipherComparator());
|
||||
|
||||
Server server = new Server();
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
|
@ -112,7 +112,7 @@ public class DirectHTTP2OverTLSTest
|
|||
|
||||
private void configureSslContextFactory(SslContextFactory sslContextFactory)
|
||||
{
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.p12");
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setUseCipherSuitesOrder(true);
|
||||
sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR);
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
|
|
@ -630,10 +630,9 @@ public class SocketChannelEndPointTest
|
|||
public SslScenario(NormalScenario normalScenario) throws Exception
|
||||
{
|
||||
_normalScenario = normalScenario;
|
||||
File keystore = MavenTestingUtils.getTestResourceFile("keystore");
|
||||
File keystore = MavenTestingUtils.getTestResourceFile("keystore.p12");
|
||||
_sslCtxFactory.setKeyStorePath(keystore.getAbsolutePath());
|
||||
_sslCtxFactory.setKeyStorePassword("storepwd");
|
||||
_sslCtxFactory.setKeyManagerPassword("keypwd");
|
||||
_sslCtxFactory.start();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -141,10 +141,9 @@ public class SslConnectionTest
|
|||
@BeforeEach
|
||||
public void initSSL() throws Exception
|
||||
{
|
||||
File keystore = MavenTestingUtils.getTestResourceFile("keystore");
|
||||
File keystore = MavenTestingUtils.getTestResourceFile("keystore.p12");
|
||||
_sslCtxFactory.setKeyStorePath(keystore.getAbsolutePath());
|
||||
_sslCtxFactory.setKeyStorePassword("storepwd");
|
||||
_sslCtxFactory.setKeyManagerPassword("keypwd");
|
||||
_sslCtxFactory.setRenegotiationAllowed(true);
|
||||
_sslCtxFactory.setRenegotiationLimit(-1);
|
||||
startManager();
|
||||
|
|
|
|||
|
|
@ -44,10 +44,9 @@ public class SslEngineBehaviorTest
|
|||
public static void startSsl() throws Exception
|
||||
{
|
||||
sslCtxFactory = new SslContextFactory.Server();
|
||||
File keystore = MavenTestingUtils.getTestResourceFile("keystore");
|
||||
File keystore = MavenTestingUtils.getTestResourceFile("keystore.p12");
|
||||
sslCtxFactory.setKeyStorePath(keystore.getAbsolutePath());
|
||||
sslCtxFactory.setKeyStorePassword("storepwd");
|
||||
sslCtxFactory.setKeyManagerPassword("keypwd");
|
||||
sslCtxFactory.start();
|
||||
}
|
||||
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
|
|
@ -232,7 +232,7 @@ public class ConnectorServerTest
|
|||
public void testJMXOverTLS() throws Exception
|
||||
{
|
||||
SslContextFactory sslContextFactory = new SslContextFactory.Server();
|
||||
String keyStorePath = MavenTestingUtils.getTestResourcePath("keystore.jks").toString();
|
||||
String keyStorePath = MavenTestingUtils.getTestResourcePath("keystore.p12").toString();
|
||||
String keyStorePassword = "storepwd";
|
||||
sslContextFactory.setKeyStorePath(keyStorePath);
|
||||
sslContextFactory.setKeyStorePassword(keyStorePassword);
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
|
@ -31,9 +31,9 @@
|
|||
<!-- ============================================================= -->
|
||||
<New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
|
||||
<Set name="Provider"><SystemProperty name="jetty.sslContext.provider"/></Set>
|
||||
<Set name="KeyStorePath"><Property name="jetty.base" default="."/>/<Property name="jetty.sslContext.keyStorePath" default="etc/keystore"/></Set>
|
||||
<Set name="KeyStorePath"><Property name="jetty.base" default="."/>/<Property name="jetty.sslContext.keyStorePath" default="etc/keystore.p12"/></Set>
|
||||
<Set name="KeyStorePassword"><Property name="jetty.sslContext.keyStorePassword" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>
|
||||
<Set name="TrustStorePath"><Property name="jetty.base" default="."/>/<Property name="jetty.sslContext.trustStorePath" default="etc/keystore"/></Set>
|
||||
<Set name="TrustStorePath"><Property name="jetty.base" default="."/>/<Property name="jetty.sslContext.trustStorePath" default="etc/keystore.p12"/></Set>
|
||||
<Set name="TrustStorePassword"><Property name="jetty.sslContext.trustStorePassword" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>
|
||||
<Set name="NeedClientAuth" property="jetty.sslContext.needClientAuth"/>
|
||||
<Set name="WantClientAuth" property="jetty.sslContext.wantClientAuth"/>
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
|
|
@ -135,13 +135,13 @@ public class TestJettyOSGiBootHTTP2Conscrypt
|
|||
assertNotNull(port);
|
||||
|
||||
Path path = Paths.get("src", "test", "config");
|
||||
File keys = path.resolve("etc").resolve("keystore").toFile();
|
||||
File keys = path.resolve("etc").resolve("keystore.p12").toFile();
|
||||
|
||||
ClientConnector clientConnector = new ClientConnector();
|
||||
SslContextFactory.Client sslContextFactory = new SslContextFactory.Client();
|
||||
sslContextFactory.setKeyManagerPassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
sslContextFactory.setTrustStorePath(keys.getAbsolutePath());
|
||||
sslContextFactory.setKeyStorePath(keys.getAbsolutePath());
|
||||
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
sslContextFactory.setTrustStorePath(keys.getAbsolutePath());
|
||||
sslContextFactory.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
sslContextFactory.setProvider("Conscrypt");
|
||||
sslContextFactory.setEndpointIdentificationAlgorithm(null);
|
||||
|
|
|
|||
|
|
@ -129,13 +129,13 @@ public class TestJettyOSGiBootHTTP2JDK9
|
|||
assertNotNull(port);
|
||||
|
||||
Path path = Paths.get("src", "test", "config");
|
||||
File keys = path.resolve("etc").resolve("keystore").toFile();
|
||||
File keys = path.resolve("etc").resolve("keystore.p12").toFile();
|
||||
|
||||
ClientConnector clientConnector = new ClientConnector();
|
||||
SslContextFactory.Client sslContextFactory = new SslContextFactory.Client();
|
||||
sslContextFactory.setKeyManagerPassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
sslContextFactory.setTrustStorePath(keys.getAbsolutePath());
|
||||
sslContextFactory.setKeyStorePath(keys.getAbsolutePath());
|
||||
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
sslContextFactory.setTrustStorePath(keys.getAbsolutePath());
|
||||
sslContextFactory.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
sslContextFactory.setEndpointIdentificationAlgorithm(null);
|
||||
clientConnector.setSslContextFactory(sslContextFactory);
|
||||
|
|
|
|||
|
|
@ -58,7 +58,7 @@ public class ClientCertAuthenticator extends LoginAuthenticator
|
|||
/**
|
||||
* Truststore type
|
||||
*/
|
||||
private String _trustStoreType = "JKS";
|
||||
private String _trustStoreType = "PKCS12";
|
||||
/**
|
||||
* Truststore password
|
||||
*/
|
||||
|
|
@ -251,7 +251,7 @@ public class ClientCertAuthenticator extends LoginAuthenticator
|
|||
}
|
||||
|
||||
/**
|
||||
* @return The type of the trust store (default "JKS")
|
||||
* @return The type of the trust store (default "PKCS12")
|
||||
*/
|
||||
public String getTrustStoreType()
|
||||
{
|
||||
|
|
@ -259,7 +259,7 @@ public class ClientCertAuthenticator extends LoginAuthenticator
|
|||
}
|
||||
|
||||
/**
|
||||
* @param trustStoreType The type of the trust store (default "JKS")
|
||||
* @param trustStoreType The type of the trust store
|
||||
*/
|
||||
public void setTrustStoreType(String trustStoreType)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -12,12 +12,12 @@
|
|||
|
||||
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
|
||||
<Set name="Provider" property="jetty.sslContext.provider"/>
|
||||
<Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.sslContext.keyStorePath" default="etc/keystore"/></Set>
|
||||
<Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.sslContext.keyStorePath" default="etc/keystore.p12"/></Set>
|
||||
<Set name="KeyStorePassword"><Property name="jetty.sslContext.keyStorePassword"/></Set>
|
||||
<Set name="KeyStoreType" property="jetty.sslContext.keyStoreType"/>
|
||||
<Set name="KeyStoreProvider" property="jetty.sslContext.keyStoreProvider"/>
|
||||
<Set name="KeyManagerPassword"><Property name="jetty.sslContext.keyManagerPassword"/></Set>
|
||||
<Set name="TrustStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.sslContext.trustStorePath" default="etc/keystore"/></Set>
|
||||
<Set name="TrustStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.sslContext.trustStorePath" default="etc/keystore.p12"/></Set>
|
||||
<Set name="TrustStorePassword" property="jetty.sslContext.trustStorePassword"/>
|
||||
<Set name="TrustStoreType" property="jetty.sslContext.trustStoreType"/>
|
||||
<Set name="TrustStoreProvider" property="jetty.sslContext.trustStoreProvider"/>
|
||||
|
|
|
|||
|
|
@ -79,7 +79,7 @@ etc/jetty-ssl-context.xml
|
|||
# jetty.sslContext.keyStorePassword=
|
||||
|
||||
## Keystore type and provider
|
||||
# jetty.sslContext.keyStoreType=JKS
|
||||
# jetty.sslContext.keyStoreType=PKCS12
|
||||
# jetty.sslContext.keyStoreProvider=
|
||||
|
||||
## KeyManager password
|
||||
|
|
@ -89,7 +89,7 @@ etc/jetty-ssl-context.xml
|
|||
# jetty.sslContext.trustStorePassword=
|
||||
|
||||
## Truststore type and provider
|
||||
# jetty.sslContext.trustStoreType=JKS
|
||||
# jetty.sslContext.trustStoreType=PKCS12
|
||||
# jetty.sslContext.trustStoreProvider=
|
||||
|
||||
## whether client certificate authentication is required
|
||||
|
|
|
|||
|
|
@ -9,13 +9,10 @@ ssl
|
|||
ssl
|
||||
|
||||
[files]
|
||||
basehome:modules/test-keystore/keystore|etc/test-keystore
|
||||
basehome:modules/test-keystore/keystore.p12|etc/test-keystore.p12
|
||||
|
||||
[ini]
|
||||
jetty.sslContext.keyStorePath?=etc/test-keystore
|
||||
jetty.sslContext.trustStorePath?=etc/test-keystore
|
||||
jetty.sslContext.keyStorePath?=etc/test-keystore.p12
|
||||
jetty.sslContext.trustStorePath?=etc/test-keystore.p12
|
||||
jetty.sslContext.keyStoreType?=PKCS12
|
||||
jetty.sslContext.keyStorePassword?=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
|
||||
jetty.sslContext.keyStoreType?=JKS
|
||||
jetty.sslContext.keyManagerPassword?=OBF:1u2u1wml1z7s1z7a1wnl1u2g
|
||||
jetty.sslContext.trustStorePassword?=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
|
||||
jetty.sslContext.trustStoreType?=JKS
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
|
@ -1,20 +0,0 @@
|
|||
Bag Attributes
|
||||
friendlyName: jetty
|
||||
localKeyID: 54 69 6D 65 20 31 34 32 33 31 39 38 30 39 33 31 31 35
|
||||
Key Attributes: <No Attributes>
|
||||
-----BEGIN PRIVATE KEY-----
|
||||
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAIPh4Q0t4xklXTzX
|
||||
N2VAb47r5n7idAupp4CTNEhhT6lS70iA+A8i4+0lSEHWAogvd9jl3H7SvScr30QM
|
||||
4ieC0JCGSOwGc8f+yqKrO56PPd5OuqW380BJ0r74jJczU9CcsuavHD7e6mRLUnmj
|
||||
xM20NSxrcicMiPUHY1mJZtN9swtxAgMBAAECgYADS9P6Jll0uXBZIu/pgfDH27GJ
|
||||
HlPULstW9VbrMDNzgfUlFMQebLrRpIrnyleJ29Xc//HA4beEkR4lb0T/w88+pEkt
|
||||
7fhYeqRLPIfpDOgzloynnsoPcd8f/PypbimQrNLmBiG1178nVcy4Yoh5lYVIJwtU
|
||||
3VriqDlvAfTLrrx8AQJBAMLWuh27Hb8xs3LRg4UD7hcv8tJejstm08Y+czRz7cO0
|
||||
RENa3aDjGFSegc+IUfdez7BP8uDw+PwE+jybmTvaliECQQCtR/anCY1WS28/bKvy
|
||||
lmIwoI15eraBdVFkN0Hfxh+9PfR3rMD5uyvukT5GgTtY/XxADyafSTaipDJiZHJI
|
||||
EitRAkBjeCBYYVjUbVlBuvi8Bb+dktsSzzdzXDGtueAy3SR7jyJyiIcxRf775Fg9
|
||||
TUkbUwoQ5yAF+sACWcAvBPj796JBAkAEZEeHEkHnxv+pztpIyrDwZJFRW9/WRh/q
|
||||
90+PGVlilXhltBYr/idt43Z9mPblGX+VrAyhitx8oMa6IauX0gYRAkEAgnyVeXrD
|
||||
jDLUZRA3P8Gu27k1k6GjbTYiUz3HKCz2/6+MZ2MK2qqwafgqocji029Q6dHdPD7a
|
||||
4QnRlvraUnyQLA==
|
||||
-----END PRIVATE KEY-----
|
||||
|
|
@ -170,10 +170,9 @@ public class ConnectionOpenCloseTest extends AbstractHttpTest
|
|||
public void testSSLOpenRequestClose() throws Exception
|
||||
{
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
File keystore = MavenTestingUtils.getTestResourceFile("keystore");
|
||||
File keystore = MavenTestingUtils.getTestResourceFile("keystore.p12");
|
||||
sslContextFactory.setKeyStoreResource(Resource.newResource(keystore));
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyManagerPassword("keypwd");
|
||||
server.addBean(sslContextFactory);
|
||||
|
||||
server.removeConnector(connector);
|
||||
|
|
|
|||
|
|
@ -50,11 +50,10 @@ public class OptionalSslConnectionTest
|
|||
serverThreads.setName("server");
|
||||
server = new Server(serverThreads);
|
||||
|
||||
String keystore = MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath();
|
||||
String keystore = MavenTestingUtils.getTestResourceFile("keystore.p12").getAbsolutePath();
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keystore);
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyManagerPassword("keypwd");
|
||||
|
||||
HttpConfiguration httpConfig = new HttpConfiguration();
|
||||
HttpConnectionFactory http = new HttpConnectionFactory(httpConfig);
|
||||
|
|
|
|||
|
|
@ -88,13 +88,10 @@ public class ThreadStarvationTest
|
|||
// HTTPS/SSL/TLS
|
||||
ConnectorProvider https = (server, acceptors, selectors) ->
|
||||
{
|
||||
Path keystorePath = MavenTestingUtils.getTestResourcePath("keystore");
|
||||
Path keystorePath = MavenTestingUtils.getTestResourcePath("keystore.p12");
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keystorePath.toString());
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyManagerPassword("keypwd");
|
||||
sslContextFactory.setTrustStorePath(keystorePath.toString());
|
||||
sslContextFactory.setTrustStorePassword("storepwd");
|
||||
ByteBufferPool pool = new LeakTrackingByteBufferPool(new MappedByteBufferPool.Tagged());
|
||||
|
||||
HttpConnectionFactory httpConnectionFactory = new HttpConnectionFactory();
|
||||
|
|
|
|||
|
|
@ -74,13 +74,10 @@ public class DebugHandlerTest
|
|||
httpConnector.setPort(0);
|
||||
server.addConnector(httpConnector);
|
||||
|
||||
File keystorePath = MavenTestingUtils.getTestResourceFile("keystore");
|
||||
File keystorePath = MavenTestingUtils.getTestResourceFile("keystore.p12");
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keystorePath.getAbsolutePath());
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyManagerPassword("keypwd");
|
||||
sslContextFactory.setTrustStorePath(keystorePath.getAbsolutePath());
|
||||
sslContextFactory.setTrustStorePassword("storepwd");
|
||||
ByteBufferPool pool = new LeakTrackingByteBufferPool(new MappedByteBufferPool.Tagged());
|
||||
ServerConnector sslConnector = new ServerConnector(server, null, null, pool, 1, 1,
|
||||
AbstractConnectionFactory.getFactories(sslContextFactory, new HttpConnectionFactory()));
|
||||
|
|
|
|||
|
|
@ -66,13 +66,10 @@ public class SecuredRedirectHandlerTest
|
|||
public static void startServer() throws Exception
|
||||
{
|
||||
// Setup SSL
|
||||
File keystore = MavenTestingUtils.getTestResourceFile("keystore");
|
||||
File keystore = MavenTestingUtils.getTestResourceFile("keystore.p12");
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keystore.getAbsolutePath());
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyManagerPassword("keypwd");
|
||||
sslContextFactory.setTrustStorePath(keystore.getAbsolutePath());
|
||||
sslContextFactory.setTrustStorePassword("storepwd");
|
||||
|
||||
server = new Server();
|
||||
|
||||
|
|
|
|||
|
|
@ -44,11 +44,10 @@ public class SSLCloseTest
|
|||
@Test
|
||||
public void testClose() throws Exception
|
||||
{
|
||||
File keystore = MavenTestingUtils.getTestResourceFile("keystore");
|
||||
File keystore = MavenTestingUtils.getTestResourceFile("keystore.p12");
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStoreResource(Resource.newResource(keystore));
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyManagerPassword("keypwd");
|
||||
|
||||
Server server = new Server();
|
||||
ServerConnector connector = new ServerConnector(server, sslContextFactory);
|
||||
|
|
|
|||
|
|
@ -110,11 +110,10 @@ public class SSLEngineTest
|
|||
@BeforeEach
|
||||
public void startServer() throws Exception
|
||||
{
|
||||
String keystore = MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath();
|
||||
String keystore = MavenTestingUtils.getTestResourceFile("keystore.p12").getAbsolutePath();
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keystore);
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyManagerPassword("keypwd");
|
||||
|
||||
server = new Server();
|
||||
HttpConnectionFactory http = new HttpConnectionFactory();
|
||||
|
|
|
|||
|
|
@ -52,11 +52,10 @@ public class SSLReadEOFAfterResponseTest
|
|||
@Test
|
||||
public void testReadEOFAfterResponse() throws Exception
|
||||
{
|
||||
File keystore = MavenTestingUtils.getTestResourceFile("keystore");
|
||||
File keystore = MavenTestingUtils.getTestResourceFile("keystore.p12");
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStoreResource(Resource.newResource(keystore));
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyManagerPassword("keypwd");
|
||||
|
||||
Server server = new Server();
|
||||
ServerConnector connector = new ServerConnector(server, sslContextFactory);
|
||||
|
|
|
|||
|
|
@ -61,13 +61,10 @@ public class SSLSelectChannelConnectorLoadTest
|
|||
@BeforeAll
|
||||
public static void startServer() throws Exception
|
||||
{
|
||||
String keystorePath = System.getProperty("basedir", ".") + "/src/test/resources/keystore";
|
||||
String keystorePath = System.getProperty("basedir", ".") + "/src/test/resources/keystore.p12";
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keystorePath);
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyManagerPassword("keypwd");
|
||||
sslContextFactory.setTrustStorePath(keystorePath);
|
||||
sslContextFactory.setTrustStorePassword("storepwd");
|
||||
|
||||
server = new Server();
|
||||
connector = new ServerConnector(server, sslContextFactory);
|
||||
|
|
|
|||
|
|
@ -81,13 +81,10 @@ public class SelectChannelServerSslTest extends HttpServerTestBase
|
|||
@BeforeEach
|
||||
public void init() throws Exception
|
||||
{
|
||||
String keystorePath = MavenTestingUtils.getTestResourcePath("keystore").toString();
|
||||
String keystorePath = MavenTestingUtils.getTestResourcePath("keystore.p12").toString();
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keystorePath);
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyManagerPassword("keypwd");
|
||||
sslContextFactory.setTrustStorePath(keystorePath);
|
||||
sslContextFactory.setTrustStorePassword("storepwd");
|
||||
ByteBufferPool pool = new LeakTrackingByteBufferPool(new MappedByteBufferPool.Tagged());
|
||||
|
||||
HttpConnectionFactory httpConnectionFactory = new HttpConnectionFactory();
|
||||
|
|
|
|||
|
|
@ -59,11 +59,10 @@ public class SlowClientsTest
|
|||
@Test
|
||||
public void testSlowClientsWithSmallThreadPool() throws Exception
|
||||
{
|
||||
File keystore = MavenTestingUtils.getTestResourceFile("keystore");
|
||||
File keystore = MavenTestingUtils.getTestResourceFile("keystore.p12");
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keystore.getAbsolutePath());
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyManagerPassword("keypwd");
|
||||
|
||||
int maxThreads = 6;
|
||||
int contentLength = 8 * 1024 * 1024;
|
||||
|
|
|
|||
|
|
@ -131,8 +131,7 @@ public class SniSslConnectionFactoryTest
|
|||
if (!keystoreFile.exists())
|
||||
throw new FileNotFoundException(keystoreFile.getAbsolutePath());
|
||||
|
||||
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
|
||||
ServerConnector https = _connector = new ServerConnector(_server,
|
||||
new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
|
||||
|
|
|
|||
|
|
@ -70,7 +70,7 @@ public class SslConnectionFactoryTest
|
|||
@BeforeEach
|
||||
public void before() throws Exception
|
||||
{
|
||||
String keystorePath = "src/test/resources/keystore";
|
||||
String keystorePath = "src/test/resources/keystore.p12";
|
||||
File keystoreFile = new File(keystorePath);
|
||||
if (!keystoreFile.exists())
|
||||
throw new FileNotFoundException(keystoreFile.getAbsolutePath());
|
||||
|
|
@ -86,8 +86,7 @@ public class SslConnectionFactoryTest
|
|||
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keystoreFile.getAbsolutePath());
|
||||
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
|
||||
ServerConnector https = _connector = new ServerConnector(_server,
|
||||
new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
|
||||
|
|
@ -129,7 +128,7 @@ public class SslConnectionFactoryTest
|
|||
@Test
|
||||
public void testSNIConnect() throws Exception
|
||||
{
|
||||
String response = getResponse("localhost", "localhost", "jetty.eclipse.org");
|
||||
String response = getResponse("localhost", "localhost", "localhost");
|
||||
assertThat(response, Matchers.containsString("host=localhost"));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -59,8 +59,8 @@ import static org.junit.jupiter.api.Assertions.assertNotNull;
|
|||
|
||||
public class SslContextFactoryReloadTest
|
||||
{
|
||||
public static final String KEYSTORE_1 = "src/test/resources/reload_keystore_1.jks";
|
||||
public static final String KEYSTORE_2 = "src/test/resources/reload_keystore_2.jks";
|
||||
public static final String KEYSTORE_1 = "src/test/resources/reload_keystore_1.p12";
|
||||
public static final String KEYSTORE_2 = "src/test/resources/reload_keystore_2.p12";
|
||||
|
||||
private Server server;
|
||||
private SslContextFactory.Server sslContextFactory;
|
||||
|
|
@ -73,8 +73,6 @@ public class SslContextFactoryReloadTest
|
|||
sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(KEYSTORE_1);
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyStoreType("JKS");
|
||||
sslContextFactory.setKeyStoreProvider(null);
|
||||
|
||||
HttpConfiguration httpsConfig = new HttpConfiguration();
|
||||
httpsConfig.addCustomizer(new SecureRequestCustomizer());
|
||||
|
|
|
|||
|
|
@ -43,13 +43,10 @@ public class SslSelectChannelTimeoutTest extends ConnectorTimeoutTest
|
|||
@BeforeEach
|
||||
public void init() throws Exception
|
||||
{
|
||||
String keystorePath = System.getProperty("basedir", ".") + "/src/test/resources/keystore";
|
||||
String keystorePath = System.getProperty("basedir", ".") + "/src/test/resources/keystore.p12";
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keystorePath);
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyManagerPassword("keypwd");
|
||||
sslContextFactory.setTrustStorePath(keystorePath);
|
||||
sslContextFactory.setTrustStorePassword("storepwd");
|
||||
ServerConnector connector = new ServerConnector(_server, 1, 1, sslContextFactory);
|
||||
connector.setIdleTimeout(MAX_IDLE_TIME); //250 msec max idle
|
||||
startServer(connector);
|
||||
|
|
|
|||
|
|
@ -60,14 +60,11 @@ public class SslUploadTest
|
|||
@BeforeAll
|
||||
public static void startServer() throws Exception
|
||||
{
|
||||
File keystore = MavenTestingUtils.getTestResourceFile("keystore");
|
||||
File keystore = MavenTestingUtils.getTestResourceFile("keystore.p12");
|
||||
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keystore.getAbsolutePath());
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyManagerPassword("keypwd");
|
||||
sslContextFactory.setTrustStorePath(keystore.getAbsolutePath());
|
||||
sslContextFactory.setTrustStorePassword("storepwd");
|
||||
|
||||
server = new Server();
|
||||
connector = new ServerConnector(server, sslContextFactory);
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
|
@ -218,14 +218,11 @@ public class SSLAsyncIOServletTest
|
|||
|
||||
public void start(HttpServlet servlet) throws Exception
|
||||
{
|
||||
Path keystorePath = MavenTestingUtils.getTestResourcePath("keystore.jks");
|
||||
Path truststorePath = MavenTestingUtils.getTestResourcePath("truststore.jks");
|
||||
Path keystorePath = MavenTestingUtils.getTestResourcePath("keystore.p12");
|
||||
|
||||
sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(keystorePath.toString());
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setTrustStorePath(truststorePath.toString());
|
||||
sslContextFactory.setTrustStorePassword("storepwd");
|
||||
|
||||
server = new Server();
|
||||
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
|
@ -150,7 +150,7 @@ public abstract class SslContextFactory extends AbstractLifeCycle implements Dum
|
|||
private String[] _selectedCipherSuites;
|
||||
private Resource _keyStoreResource;
|
||||
private String _keyStoreProvider;
|
||||
private String _keyStoreType = "JKS";
|
||||
private String _keyStoreType = "PKCS12";
|
||||
private String _certAlias;
|
||||
private Resource _trustStoreResource;
|
||||
private String _trustStoreProvider;
|
||||
|
|
@ -640,7 +640,7 @@ public abstract class SslContextFactory extends AbstractLifeCycle implements Dum
|
|||
}
|
||||
|
||||
/**
|
||||
* @return The type of the key store (default "JKS")
|
||||
* @return The type of the key store (default "PKCS12")
|
||||
*/
|
||||
@ManagedAttribute("The keyStore type")
|
||||
public String getKeyStoreType()
|
||||
|
|
@ -649,7 +649,7 @@ public abstract class SslContextFactory extends AbstractLifeCycle implements Dum
|
|||
}
|
||||
|
||||
/**
|
||||
* @param keyStoreType The type of the key store (default "JKS")
|
||||
* @param keyStoreType The type of the key store
|
||||
*/
|
||||
public void setKeyStoreType(String keyStoreType)
|
||||
{
|
||||
|
|
@ -1049,7 +1049,7 @@ public abstract class SslContextFactory extends AbstractLifeCycle implements Dum
|
|||
|
||||
/**
|
||||
* When set to "HTTPS" hostname verification will be enabled.
|
||||
* Deployments can be vulnerable to a man-in-the-middle attack if a EndpointIndentificationAlgorithm
|
||||
* Deployments can be vulnerable to a man-in-the-middle attack if a EndpointIdentificationAlgorithm
|
||||
* is not set.
|
||||
*
|
||||
* @param endpointIdentificationAlgorithm Set the endpointIdentificationAlgorithm
|
||||
|
|
|
|||
|
|
@ -72,7 +72,6 @@ public class SslContextFactoryTest
|
|||
public void testSLOTH() throws Exception
|
||||
{
|
||||
cf.setKeyStorePassword("storepwd");
|
||||
cf.setKeyManagerPassword("keypwd");
|
||||
|
||||
cf.start();
|
||||
|
||||
|
|
@ -93,7 +92,6 @@ public class SslContextFactoryTest
|
|||
public void testDumpIncludeTlsRsa() throws Exception
|
||||
{
|
||||
cf.setKeyStorePassword("storepwd");
|
||||
cf.setKeyManagerPassword("keypwd");
|
||||
cf.setIncludeCipherSuites("TLS_RSA_.*");
|
||||
cf.setExcludeCipherSuites("BOGUS"); // just to not exclude anything
|
||||
|
||||
|
|
@ -125,117 +123,92 @@ public class SslContextFactoryTest
|
|||
public void testNoTsFileKs() throws Exception
|
||||
{
|
||||
cf.setKeyStorePassword("storepwd");
|
||||
cf.setKeyManagerPassword("keypwd");
|
||||
|
||||
cf.start();
|
||||
|
||||
assertTrue(cf.getSslContext() != null);
|
||||
assertNotNull(cf.getSslContext());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testNoTsSetKs() throws Exception
|
||||
{
|
||||
KeyStore ks = KeyStore.getInstance("JKS");
|
||||
try (InputStream keystoreInputStream = this.getClass().getResourceAsStream("keystore"))
|
||||
KeyStore ks = KeyStore.getInstance("PKCS12");
|
||||
try (InputStream keystoreInputStream = this.getClass().getResourceAsStream("keystore.p12"))
|
||||
{
|
||||
ks.load(keystoreInputStream, "storepwd".toCharArray());
|
||||
}
|
||||
cf.setKeyStore(ks);
|
||||
cf.setKeyManagerPassword("keypwd");
|
||||
|
||||
cf.start();
|
||||
|
||||
assertTrue(cf.getSslContext() != null);
|
||||
assertNotNull(cf.getSslContext());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testNoTsNoKs() throws Exception
|
||||
{
|
||||
cf.start();
|
||||
assertTrue(cf.getSslContext() != null);
|
||||
assertNotNull(cf.getSslContext());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testTrustAll() throws Exception
|
||||
{
|
||||
cf.start();
|
||||
assertTrue(cf.getSslContext() != null);
|
||||
assertNotNull(cf.getSslContext());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testNoTsResourceKs() throws Exception
|
||||
{
|
||||
Resource keystoreResource = Resource.newSystemResource("keystore");
|
||||
Resource keystoreResource = Resource.newSystemResource("keystore.p12");
|
||||
|
||||
cf.setKeyStoreResource(keystoreResource);
|
||||
cf.setKeyStorePassword("storepwd");
|
||||
cf.setKeyManagerPassword("keypwd");
|
||||
cf.setTrustStoreResource(keystoreResource);
|
||||
cf.setTrustStorePassword(null);
|
||||
|
||||
cf.start();
|
||||
|
||||
assertTrue(cf.getSslContext() != null);
|
||||
assertNotNull(cf.getSslContext());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testResourceTsResourceKs() throws Exception
|
||||
{
|
||||
Resource keystoreResource = Resource.newSystemResource("keystore");
|
||||
Resource truststoreResource = Resource.newSystemResource("keystore");
|
||||
Resource keystoreResource = Resource.newSystemResource("keystore.p12");
|
||||
Resource truststoreResource = Resource.newSystemResource("keystore.p12");
|
||||
|
||||
cf.setKeyStoreResource(keystoreResource);
|
||||
cf.setTrustStoreResource(truststoreResource);
|
||||
cf.setKeyStorePassword("storepwd");
|
||||
cf.setKeyManagerPassword("keypwd");
|
||||
cf.setTrustStoreResource(truststoreResource);
|
||||
cf.setTrustStorePassword("storepwd");
|
||||
|
||||
cf.start();
|
||||
|
||||
assertTrue(cf.getSslContext() != null);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testResourceTsResourceKsWrongPW() throws Exception
|
||||
{
|
||||
Resource keystoreResource = Resource.newSystemResource("keystore");
|
||||
Resource truststoreResource = Resource.newSystemResource("keystore");
|
||||
|
||||
cf.setKeyStoreResource(keystoreResource);
|
||||
cf.setTrustStoreResource(truststoreResource);
|
||||
cf.setKeyStorePassword("storepwd");
|
||||
cf.setKeyManagerPassword("wrong_keypwd");
|
||||
cf.setTrustStorePassword("storepwd");
|
||||
|
||||
try (StacklessLogging ignore = new StacklessLogging(AbstractLifeCycle.class))
|
||||
{
|
||||
java.security.UnrecoverableKeyException x = assertThrows(
|
||||
java.security.UnrecoverableKeyException.class, () -> cf.start());
|
||||
assertThat(x.getMessage(), containsString("Cannot recover key"));
|
||||
}
|
||||
assertNotNull(cf.getSslContext());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testResourceTsWrongPWResourceKs() throws Exception
|
||||
{
|
||||
Resource keystoreResource = Resource.newSystemResource("keystore");
|
||||
Resource truststoreResource = Resource.newSystemResource("keystore");
|
||||
Resource keystoreResource = Resource.newSystemResource("keystore.p12");
|
||||
Resource truststoreResource = Resource.newSystemResource("keystore.p12");
|
||||
|
||||
cf.setKeyStoreResource(keystoreResource);
|
||||
cf.setTrustStoreResource(truststoreResource);
|
||||
cf.setKeyStorePassword("storepwd");
|
||||
cf.setKeyManagerPassword("keypwd");
|
||||
cf.setTrustStoreResource(truststoreResource);
|
||||
cf.setTrustStorePassword("wrong_storepwd");
|
||||
|
||||
try (StacklessLogging ignore = new StacklessLogging(AbstractLifeCycle.class))
|
||||
{
|
||||
IOException x = assertThrows(IOException.class, () -> cf.start());
|
||||
assertThat(x.getMessage(), containsString("Keystore was tampered with, or password was incorrect"));
|
||||
assertThat(x.getMessage(), containsString("password was incorrect"));
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testNoKeyConfig() throws Exception
|
||||
public void testNoKeyConfig()
|
||||
{
|
||||
try (StacklessLogging ignore = new StacklessLogging(AbstractLifeCycle.class))
|
||||
{
|
||||
|
|
@ -289,11 +262,10 @@ public class SslContextFactoryTest
|
|||
@Test
|
||||
public void testSNICertificates() throws Exception
|
||||
{
|
||||
Resource keystoreResource = Resource.newSystemResource("snikeystore");
|
||||
Resource keystoreResource = Resource.newSystemResource("snikeystore.p12");
|
||||
|
||||
cf.setKeyStoreResource(keystoreResource);
|
||||
cf.setKeyStorePassword("storepwd");
|
||||
cf.setKeyManagerPassword("keypwd");
|
||||
|
||||
cf.start();
|
||||
|
||||
|
|
@ -331,8 +303,8 @@ public class SslContextFactoryTest
|
|||
public void testNonDefaultKeyStoreTypeUsedForTrustStore() throws Exception
|
||||
{
|
||||
cf = new SslContextFactory.Server();
|
||||
cf.setKeyStoreResource(Resource.newSystemResource("keystore.p12"));
|
||||
cf.setKeyStoreType("pkcs12");
|
||||
cf.setKeyStoreResource(Resource.newSystemResource("keystore.jks"));
|
||||
cf.setKeyStoreType("jks");
|
||||
cf.setKeyStorePassword("storepwd");
|
||||
cf.start();
|
||||
cf.stop();
|
||||
|
|
|
|||
|
|
@ -134,8 +134,7 @@ public class X509Test
|
|||
SslContextFactory serverSsl = new SslContextFactory.Server();
|
||||
Path keystorePath = MavenTestingUtils.getTestResourcePathFile("keystore_sni.p12");
|
||||
serverSsl.setKeyStoreResource(new PathResource(keystorePath));
|
||||
serverSsl.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
serverSsl.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
|
||||
serverSsl.setKeyStorePassword("storepwd");
|
||||
serverSsl.start();
|
||||
}
|
||||
|
||||
|
|
@ -145,8 +144,7 @@ public class X509Test
|
|||
SslContextFactory clientSsl = new SslContextFactory.Client();
|
||||
Path keystorePath = MavenTestingUtils.getTestResourcePathFile("keystore_sni.p12");
|
||||
clientSsl.setKeyStoreResource(new PathResource(keystorePath));
|
||||
clientSsl.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
clientSsl.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
|
||||
clientSsl.setKeyStorePassword("storepwd");
|
||||
clientSsl.start();
|
||||
}
|
||||
|
||||
|
|
@ -154,10 +152,9 @@ public class X509Test
|
|||
public void testServerClassWithoutSni() throws Exception
|
||||
{
|
||||
SslContextFactory serverSsl = new SslContextFactory.Server();
|
||||
Resource keystoreResource = Resource.newSystemResource("keystore");
|
||||
Resource keystoreResource = Resource.newSystemResource("keystore.p12");
|
||||
serverSsl.setKeyStoreResource(keystoreResource);
|
||||
serverSsl.setKeyStorePassword("storepwd");
|
||||
serverSsl.setKeyManagerPassword("keypwd");
|
||||
serverSsl.start();
|
||||
}
|
||||
|
||||
|
|
@ -165,10 +162,9 @@ public class X509Test
|
|||
public void testClientClassWithoutSni() throws Exception
|
||||
{
|
||||
SslContextFactory clientSsl = new SslContextFactory.Client();
|
||||
Resource keystoreResource = Resource.newSystemResource("keystore");
|
||||
Resource keystoreResource = Resource.newSystemResource("keystore.p12");
|
||||
clientSsl.setKeyStoreResource(keystoreResource);
|
||||
clientSsl.setKeyStorePassword("storepwd");
|
||||
clientSsl.setKeyManagerPassword("keypwd");
|
||||
clientSsl.start();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
|
@ -526,7 +526,7 @@ public class WebSocketCloseTest extends WebSocketTester
|
|||
private SslContextFactory.Server createServerSslContextFactory()
|
||||
{
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.p12");
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
return sslContextFactory;
|
||||
}
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
|
|
@ -201,9 +201,8 @@ public class LocalServer extends ContainerLifeCycle implements LocalFuzzer.Provi
|
|||
httpConfig.setSendDateHeader(false);
|
||||
|
||||
sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath(MavenTestingUtils.getTestResourceFile("keystore").getAbsolutePath());
|
||||
sslContextFactory.setKeyStorePath(MavenTestingUtils.getTestResourceFile("keystore.p12").getAbsolutePath());
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setKeyManagerPassword("keypwd");
|
||||
sslContextFactory.setExcludeCipherSuites("SSL_RSA_WITH_DES_CBC_SHA", "SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_DHE_DSS_WITH_DES_CBC_SHA",
|
||||
"SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
|
||||
"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA");
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
|
@ -22,6 +22,7 @@ import java.io.IOException;
|
|||
import java.io.InputStream;
|
||||
import java.io.InterruptedIOException;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
import java.util.Random;
|
||||
import java.util.concurrent.CountDownLatch;
|
||||
import java.util.concurrent.ExecutionException;
|
||||
|
|
@ -46,6 +47,7 @@ import org.eclipse.jetty.http.HttpMethod;
|
|||
import org.eclipse.jetty.http.HttpStatus;
|
||||
import org.eclipse.jetty.http2.FlowControlStrategy;
|
||||
import org.eclipse.jetty.server.Request;
|
||||
import org.eclipse.jetty.server.ServerConnector;
|
||||
import org.eclipse.jetty.server.handler.AbstractHandler;
|
||||
import org.eclipse.jetty.util.Callback;
|
||||
import org.eclipse.jetty.util.IO;
|
||||
|
|
@ -356,7 +358,9 @@ public class HttpClientTest extends AbstractTest<TransportScenario>
|
|||
|
||||
assertThrows(ExecutionException.class, () ->
|
||||
{
|
||||
scenario.client.newRequest(scenario.newURI())
|
||||
// Use IP address since the certificate contains a host name.
|
||||
int serverPort = ((ServerConnector)scenario.connector).getLocalPort();
|
||||
scenario.client.newRequest("https://127.0.0.1:" + serverPort)
|
||||
.timeout(5, TimeUnit.SECONDS)
|
||||
.send();
|
||||
});
|
||||
|
|
|
|||
|
|
@ -190,7 +190,7 @@ public class HttpClientTransportDynamicTest
|
|||
|
||||
private void configureSslContextFactory(SslContextFactory sslContextFactory)
|
||||
{
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.p12");
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
// The mandatory HTTP/2 cipher.
|
||||
sslContextFactory.setIncludeCipherSuites("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256");
|
||||
|
|
|
|||
|
|
@ -116,7 +116,7 @@ public class ProxyWithDynamicTransportTest
|
|||
private void startServer(Handler handler) throws Exception
|
||||
{
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.p12");
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setUseCipherSuitesOrder(true);
|
||||
sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR);
|
||||
|
|
@ -147,7 +147,7 @@ public class ProxyWithDynamicTransportTest
|
|||
private void startProxy(ConnectHandler connectHandler) throws Exception
|
||||
{
|
||||
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.p12");
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setUseCipherSuitesOrder(true);
|
||||
sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR);
|
||||
|
|
|
|||
|
|
@ -365,10 +365,8 @@ public class TransportScenario
|
|||
|
||||
private void configureSslContextFactory(SslContextFactory sslContextFactory)
|
||||
{
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.jks");
|
||||
sslContextFactory.setKeyStorePath("src/test/resources/keystore.p12");
|
||||
sslContextFactory.setKeyStorePassword("storepwd");
|
||||
sslContextFactory.setTrustStorePath("src/test/resources/truststore.jks");
|
||||
sslContextFactory.setTrustStorePassword("storepwd");
|
||||
sslContextFactory.setUseCipherSuitesOrder(true);
|
||||
sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR);
|
||||
}
|
||||
|
|
|
|||
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
|
@ -104,9 +104,8 @@ public class HttpInputIntegrationTest
|
|||
// SSL Context Factory for HTTPS and HTTP/2
|
||||
String jettyDistro = System.getProperty("jetty.distro", "../../jetty-distribution/target/distribution");
|
||||
__sslContextFactory = new SslContextFactory.Server();
|
||||
__sslContextFactory.setKeyStorePath(jettyDistro + "/../../../jetty-server/src/test/config/etc/keystore");
|
||||
__sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
|
||||
__sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
|
||||
__sslContextFactory.setKeyStorePath(jettyDistro + "/../../../jetty-server/src/test/resources/keystore.p12");
|
||||
__sslContextFactory.setKeyStorePassword("storepwd");
|
||||
|
||||
// HTTPS Configuration
|
||||
__sslConfig = new HttpConfiguration(__config);
|
||||
|
|
|
|||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue