Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

#10705 improve error message when no valid keystore can be found during startup 

Signed-off-by: Ludovic Orban <lorban@bitronix.be>
This commit is contained in:
Ludovic Orban 2023-10-11 11:07:28 +02:00
parent 58a19b33c6
commit f0060d9523
2 changed files with 117 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

116
jetty-http3/http3-tests/src/test/java/org/eclipse/jetty/http3/tests/HTTP3ServerConnectorTest.java Normal file
View File

@ -0,0 +1,116 @@
//
// ========================================================================
// Copyright (c) 1995 Mort Bay Consulting Pty Ltd and others.
//
// This program and the accompanying materials are made available under the
// terms of the Eclipse Public License v. 2.0 which is available at
// https://www.eclipse.org/legal/epl-2.0, or the Apache License, Version 2.0
// which is available at https://www.apache.org/licenses/LICENSE-2.0.
//
// SPDX-License-Identifier: EPL-2.0 OR Apache-2.0
// ========================================================================
//
package org.eclipse.jetty.http3.tests;
import java.io.InputStream;
import java.security.KeyStore;
import javax.net.ssl.SSLContext;
import org.eclipse.jetty.http3.server.HTTP3ServerConnectionFactory;
import org.eclipse.jetty.http3.server.HTTP3ServerConnector;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.toolchain.test.jupiter.WorkDir;
import org.eclipse.jetty.toolchain.test.jupiter.WorkDirExtension;
import org.eclipse.jetty.util.component.LifeCycle;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import static org.junit.jupiter.api.Assertions.assertThrows;
@ExtendWith(WorkDirExtension.class)
public class HTTP3ServerConnectorTest
{
public WorkDir workDir;
@Test
public void testStartHTTP3ServerConnectorWithoutKeyStore()
{
Server server = new Server();
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
HTTP3ServerConnector connector = new HTTP3ServerConnector(server, sslContextFactory, new HTTP3ServerConnectionFactory(new HttpConfiguration()));
connector.getQuicConfiguration().setPemWorkDirectory(workDir.getEmptyPathDir());
server.addConnector(connector);
assertThrows(IllegalStateException.class, server::start);
}
@Test
public void testStartHTTP3ServerConnectorWithoutKeyStoreWithSSLContext() throws Exception
{
Server server = new Server();
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
sslContextFactory.setSslContext(SSLContext.getDefault());
HTTP3ServerConnector connector = new HTTP3ServerConnector(server, sslContextFactory, new HTTP3ServerConnectionFactory(new HttpConfiguration()));
connector.getQuicConfiguration().setPemWorkDirectory(workDir.getEmptyPathDir());
server.addConnector(connector);
assertThrows(IllegalStateException.class, server::start);
}
@Test
public void testStartHTTP3ServerConnectorWithEmptyKeyStoreInstance() throws Exception
{
Server server = new Server();
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(null, null);
sslContextFactory.setKeyStore(keyStore);
HTTP3ServerConnector connector = new HTTP3ServerConnector(server, sslContextFactory, new HTTP3ServerConnectionFactory(new HttpConfiguration()));
connector.getQuicConfiguration().setPemWorkDirectory(workDir.getEmptyPathDir());
server.addConnector(connector);
assertThrows(IllegalStateException.class, server::start);
}
@Test
public void testStartHTTP3ServerConnectorWithValidKeyStoreInstanceWithoutPemWorkDir() throws Exception
{
Server server = new Server();
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
KeyStore keyStore = KeyStore.getInstance("PKCS12");
try (InputStream is = getClass().getResourceAsStream("/keystore.p12"))
{
keyStore.load(is, "storepwd".toCharArray());
}
sslContextFactory.setKeyStore(keyStore);
sslContextFactory.setKeyManagerPassword("storepwd");
HTTP3ServerConnector connector = new HTTP3ServerConnector(server, sslContextFactory, new HTTP3ServerConnectionFactory(new HttpConfiguration()));
server.addConnector(connector);
assertThrows(IllegalStateException.class, server::start);
}
@Test
public void testStartHTTP3ServerConnectorWithValidKeyStoreInstance() throws Exception
{
Server server = new Server();
SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
KeyStore keyStore = KeyStore.getInstance("PKCS12");
try (InputStream is = getClass().getResourceAsStream("/keystore.p12"))
{
keyStore.load(is, "storepwd".toCharArray());
}
sslContextFactory.setKeyStore(keyStore);
sslContextFactory.setKeyManagerPassword("storepwd");
HTTP3ServerConnector connector = new HTTP3ServerConnector(server, sslContextFactory, new HTTP3ServerConnectionFactory(new HttpConfiguration()));
connector.getQuicConfiguration().setPemWorkDirectory(workDir.getEmptyPathDir());
server.addConnector(connector);
try
{
server.start();
}
finally
{
LifeCycle.stop(server);
}
}
}

2
jetty-quic/quic-server/src/main/java/org/eclipse/jetty/quic/server/QuicServerConnector.java
View File

@ -161,7 +161,7 @@ public class QuicServerConnector extends AbstractNetworkConnector
Set<String> aliases = sslContextFactory.getAliases();
if (aliases.isEmpty())
throw new IllegalStateException("Invalid KeyStore: no aliases");
throw new IllegalStateException("Missing or invalid KeyStore: a SslContextFactory configured with a valid, non-empty KeyStore is required");
String alias = sslContextFactory.getCertAlias();
if (alias == null)
alias = aliases.stream().findFirst().orElseThrow();