Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merged branch 'jetty-9.3.x' into 'jetty-9.4.x'.

This commit is contained in:
Simone Bordet 2016-10-17 19:24:37 +02:00
parent d282fc67d2 be93a1ff31
commit dc5edcac74
3 changed files with 99 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
jetty-server/src/main/java/org/eclipse/jetty/server/AbstractConnector.java
View File

@ -258,6 +258,14 @@ public abstract class AbstractConnector extends ContainerLifeCycle implements Co
_defaultConnectionFactory = getConnectionFactory(_defaultProtocol);
if(_defaultConnectionFactory==null)
throw new IllegalStateException("No protocol factory for default protocol '"+_defaultProtocol+"' in "+this);
SslConnectionFactory ssl = getConnectionFactory(SslConnectionFactory.class);
if (ssl != null)
{
String next = ssl.getNextProtocol();
ConnectionFactory cf = getConnectionFactory(next);
if (cf == null)
throw new IllegalStateException("No protocol factory for SSL next protocol: '" + next + "' in " + this);
}
super.doStart();

5
jetty-server/src/main/java/org/eclipse/jetty/server/SslConnectionFactory.java
View File

@ -61,6 +61,11 @@ public class SslConnectionFactory extends AbstractConnectionFactory
return _sslContextFactory;
}
public String getNextProtocol()
{
return _nextProtocol;
}
@Override
protected void doStart() throws Exception
{

173
jetty-server/src/test/java/org/eclipse/jetty/server/ssl/SslConnectionFactoryTest.java
View File

@ -59,20 +59,18 @@ import org.junit.Before;
import org.junit.Test;
public class SslConnectionFactoryTest
{
Server _server;
ServerConnector _connector;
int _port;
{
private Server _server;
private ServerConnector _connector;
private int _port;
@Before
public void before() throws Exception
{
String keystorePath = "src/test/resources/keystore";
File keystoreFile = new File(keystorePath);
if (!keystoreFile.exists())
{
throw new FileNotFoundException(keystoreFile.getAbsolutePath());
}
_server = new Server();
@ -83,117 +81,69 @@ public class SslConnectionFactoryTest
HttpConfiguration https_config = new HttpConfiguration(http_config);
https_config.addCustomizer(new SecureRequestCustomizer());
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(keystoreFile.getAbsolutePath());
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
ServerConnector https = _connector = new ServerConnector(_server,
new SslConnectionFactory(sslContextFactory,HttpVersion.HTTP_1_1.asString()),
new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
new HttpConnectionFactory(https_config));
https.setPort(0);
https.setIdleTimeout(30000);
_server.addConnector(https);
_server.setHandler(new AbstractHandler()
{
@Override
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
{
response.setStatus(200);
response.getWriter().write("url="+request.getRequestURI()+"\nhost="+request.getServerName());
response.getWriter().write("url=" + request.getRequestURI() + "\nhost=" + request.getServerName());
response.flushBuffer();
}
});
_server.start();
_port=https.getLocalPort();
_port = https.getLocalPort();
}
@After
public void after() throws Exception
{
_server.stop();
_server=null;
_server = null;
}
@Test
public void testConnect() throws Exception
{
String response= getResponse("127.0.0.1",null);
Assert.assertThat(response,Matchers.containsString("host=127.0.0.1"));
String response = getResponse("127.0.0.1", null);
Assert.assertThat(response, Matchers.containsString("host=127.0.0.1"));
}
@Test
public void testSNIConnect() throws Exception
{
String response;
response= getResponse("localhost","localhost","jetty.eclipse.org");
Assert.assertThat(response,Matchers.containsString("host=localhost"));
}
private String getResponse(String host,String cn) throws Exception
{
String response = getResponse(host,host,cn);
Assert.assertThat(response,Matchers.startsWith("HTTP/1.1 200 OK"));
Assert.assertThat(response,Matchers.containsString("url=/ctx/path"));
return response;
String response = getResponse("localhost", "localhost", "jetty.eclipse.org");
Assert.assertThat(response, Matchers.containsString("host=localhost"));
}
@Test
public void testBadHandshake() throws Exception
{
try(Socket socket=new Socket("127.0.0.1", _port); OutputStream out = socket.getOutputStream())
try (Socket socket = new Socket("127.0.0.1", _port); OutputStream out = socket.getOutputStream())
{
out.write("Rubbish".getBytes());
out.flush();
socket.setSoTimeout(1000);
// Expect TLS message type == 21: Alert
Assert.assertThat(socket.getInputStream().read(),Matchers.equalTo(21));
Assert.assertThat(socket.getInputStream().read(), Matchers.equalTo(21));
}
}
private String getResponse(String sniHost,String reqHost, String cn) throws Exception
{
SslContextFactory clientContextFactory = new SslContextFactory(true);
clientContextFactory.start();
SSLSocketFactory factory = clientContextFactory.getSslContext().getSocketFactory();
SSLSocket sslSocket = (SSLSocket)factory.createSocket("127.0.0.1", _port);
if (cn!=null)
{
SNIHostName serverName = new SNIHostName(sniHost);
List<SNIServerName> serverNames = new ArrayList<>();
serverNames.add(serverName);
SSLParameters params = sslSocket.getSSLParameters();
params.setServerNames(serverNames);
sslSocket.setSSLParameters(params);
}
sslSocket.startHandshake();
if (cn!=null)
{
X509Certificate cert = ((X509Certificate)sslSocket.getSession().getPeerCertificates()[0]);
Assert.assertThat(cert.getSubjectX500Principal().getName("CANONICAL"), Matchers.startsWith("cn="+cn));
}
sslSocket.getOutputStream().write(("GET /ctx/path HTTP/1.0\r\nHost: "+reqHost+":"+_port+"\r\n\r\n").getBytes(StandardCharsets.ISO_8859_1));
String response = IO.toString(sslSocket.getInputStream());
sslSocket.close();
clientContextFactory.stop();
return response;
}
@Test
public void testSocketCustomization() throws Exception
@ -205,8 +155,8 @@ public class SslConnectionFactoryTest
@Override
protected void customize(Socket socket, Class<? extends Connection> connection, boolean ssl)
{
history.add("customize connector "+connection+","+ssl);
}
history.add("customize connector " + connection + "," + ssl);
}
});
_connector.getBean(SslConnectionFactory.class).addBean(new SocketCustomizationListener()
@ -214,27 +164,76 @@ public class SslConnectionFactoryTest
@Override
protected void customize(Socket socket, Class<? extends Connection> connection, boolean ssl)
{
history.add("customize ssl "+connection+","+ssl);
}
history.add("customize ssl " + connection + "," + ssl);
}
});
_connector.getBean(HttpConnectionFactory.class).addBean(new SocketCustomizationListener()
{
@Override
protected void customize(Socket socket, Class<? extends Connection> connection, boolean ssl)
{
history.add("customize http "+connection+","+ssl);
}
history.add("customize http " + connection + "," + ssl);
}
});
String response= getResponse("127.0.0.1",null);
Assert.assertThat(response,Matchers.containsString("host=127.0.0.1"));
Assert.assertEquals("customize connector class org.eclipse.jetty.io.ssl.SslConnection,false",history.poll());
Assert.assertEquals("customize ssl class org.eclipse.jetty.io.ssl.SslConnection,false",history.poll());
Assert.assertEquals("customize connector class org.eclipse.jetty.server.HttpConnection,true",history.poll());
Assert.assertEquals("customize http class org.eclipse.jetty.server.HttpConnection,true",history.poll());
Assert.assertEquals(0,history.size());
String response = getResponse("127.0.0.1", null);
Assert.assertThat(response, Matchers.containsString("host=127.0.0.1"));
Assert.assertEquals("customize connector class org.eclipse.jetty.io.ssl.SslConnection,false", history.poll());
Assert.assertEquals("customize ssl class org.eclipse.jetty.io.ssl.SslConnection,false", history.poll());
Assert.assertEquals("customize connector class org.eclipse.jetty.server.HttpConnection,true", history.poll());
Assert.assertEquals("customize http class org.eclipse.jetty.server.HttpConnection,true", history.poll());
Assert.assertEquals(0, history.size());
}
@Test(expected = IllegalStateException.class)
public void testServerWithoutHttpConnectionFactory() throws Exception
{
_server.stop();
Assert.assertNotNull(_connector.removeConnectionFactory(HttpVersion.HTTP_1_1.asString()));
_server.start();
}
private String getResponse(String host, String cn) throws Exception
{
String response = getResponse(host, host, cn);
Assert.assertThat(response, Matchers.startsWith("HTTP/1.1 200 OK"));
Assert.assertThat(response, Matchers.containsString("url=/ctx/path"));
return response;
}
private String getResponse(String sniHost, String reqHost, String cn) throws Exception
{
SslContextFactory clientContextFactory = new SslContextFactory(true);
clientContextFactory.start();
SSLSocketFactory factory = clientContextFactory.getSslContext().getSocketFactory();
SSLSocket sslSocket = (SSLSocket)factory.createSocket("127.0.0.1", _port);
if (cn != null)
{
SNIHostName serverName = new SNIHostName(sniHost);
List<SNIServerName> serverNames = new ArrayList<>();
serverNames.add(serverName);
SSLParameters params = sslSocket.getSSLParameters();
params.setServerNames(serverNames);
sslSocket.setSSLParameters(params);
}
sslSocket.startHandshake();
if (cn != null)
{
X509Certificate cert = ((X509Certificate)sslSocket.getSession().getPeerCertificates()[0]);
Assert.assertThat(cert.getSubjectX500Principal().getName("CANONICAL"), Matchers.startsWith("cn=" + cn));
}
sslSocket.getOutputStream().write(("GET /ctx/path HTTP/1.0\r\nHost: " + reqHost + ":" + _port + "\r\n\r\n").getBytes(StandardCharsets.ISO_8859_1));
String response = IO.toString(sslSocket.getInputStream());
sslSocket.close();
clientContextFactory.stop();
return response;
}
}