Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merged branch 'jetty-9.3.x' into 'jetty-9.4.x'.

This commit is contained in:
Simone Bordet 2016-11-25 09:05:07 +01:00
parent 76b7686bc7 dd76ed2449
commit f70c6f790c
4 changed files with 338 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

114
jetty-server/src/test/java/org/eclipse/jetty/server/ProxyProtocolTest.java Normal file
View File

@ -0,0 +1,114 @@
//
// ========================================================================
// Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
//
// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
//
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
//
// You may elect to redistribute this code under either of these licenses.
// ========================================================================
//
package org.eclipse.jetty.server;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.Socket;
import java.nio.charset.StandardCharsets;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.server.handler.AbstractHandler;
import org.junit.After;
import org.junit.Assert;
import org.junit.Test;
public class ProxyProtocolTest
{
private Server server;
private ServerConnector connector;
private void start(Handler handler) throws Exception
{
server = new Server();
connector = new ServerConnector(server, new ProxyConnectionFactory(), new HttpConnectionFactory());
server.addConnector(connector);
server.setHandler(handler);
server.start();
}
@After
public void destroy() throws Exception
{
if (server != null)
server.stop();
}
@Test
public void testProxyProtocol() throws Exception
{
final String remoteAddr = "192.168.0.0";
final int remotePort = 12345;
start(new AbstractHandler()
{
@Override
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
{
if (remoteAddr.equals(request.getRemoteAddr()) &&
remotePort == request.getRemotePort())
baseRequest.setHandled(true);
}
});
try (Socket socket = new Socket("localhost", connector.getLocalPort()))
{
String request1 = "" +
"PROXY TCP4 " + remoteAddr + " 127.0.0.0 " + remotePort + " 8080\r\n" +
"GET /1 HTTP/1.1\r\n" +
"Host: localhost\r\n" +
"\r\n";
OutputStream output = socket.getOutputStream();
output.write(request1.getBytes(StandardCharsets.UTF_8));
output.flush();
InputStream input = socket.getInputStream();
BufferedReader reader = new BufferedReader(new InputStreamReader(input, StandardCharsets.UTF_8));
String response1 = reader.readLine();
Assert.assertTrue(response1.startsWith("HTTP/1.1 200 "));
while (true)
{
if (reader.readLine().isEmpty())
break;
}
// Send a second request to verify that the proxied IP is retained.
String request2 = "" +
"GET /2 HTTP/1.1\r\n" +
"Host: localhost\r\n" +
"Connection: close\r\n" +
"\r\n";
output.write(request2.getBytes(StandardCharsets.UTF_8));
output.flush();
String response2 = reader.readLine();
Assert.assertTrue(response2.startsWith("HTTP/1.1 200 "));
while (true)
{
if (reader.readLine() == null)
break;
}
}
}
}

50
jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
View File

@ -23,6 +23,7 @@ import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CRL;
@ -71,6 +72,8 @@ import javax.net.ssl.X509TrustManager;
import org.eclipse.jetty.util.StringUtil;
import org.eclipse.jetty.util.component.AbstractLifeCycle;
import org.eclipse.jetty.util.component.ContainerLifeCycle;
import org.eclipse.jetty.util.component.Dumpable;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
import org.eclipse.jetty.util.resource.Resource;
@ -84,7 +87,7 @@ import org.eclipse.jetty.util.security.Password;
* creates SSL context based on these parameters to be
* used by the SSL connectors.
*/
public class SslContextFactory extends AbstractLifeCycle
public class SslContextFactory extends AbstractLifeCycle implements Dumpable
{
public final static TrustManager[] TRUST_ALL_CERTS = new X509TrustManager[]{new X509TrustManager()
{
@ -326,7 +329,50 @@ public class SslContextFactory extends AbstractLifeCycle
LOG.debug("Selected Ciphers {} of {}", Arrays.asList(_selectedCipherSuites), Arrays.asList(supported.getCipherSuites()));
}
}
@Override
public String dump()
{
return ContainerLifeCycle.dump(this);
}
@Override
public void dump(Appendable out, String indent) throws IOException
{
out.append(String.valueOf(this)).append(" trustAll=").append(Boolean.toString(_trustAll)).append(System.lineSeparator());
try
{
/* Use a pristine SSLEngine (not one from this SslContextFactory).
* This will allow for proper detection and identification
* of JRE/lib/security/java.security level disabled features
*/
SSLEngine sslEngine = SSLContext.getDefault().createSSLEngine();
List<Object> selections = new ArrayList<>();
// protocols
selections.add(new SslSelectionDump("Protocol",
sslEngine.getSupportedProtocols(),
sslEngine.getEnabledProtocols(),
getExcludeProtocols(),
getIncludeProtocols()));
// ciphers
selections.add(new SslSelectionDump("Cipher Suite",
sslEngine.getSupportedCipherSuites(),
sslEngine.getEnabledCipherSuites(),
getExcludeCipherSuites(),
getIncludeCipherSuites()));
ContainerLifeCycle.dump(out, indent, selections);
}
catch (NoSuchAlgorithmException ignore)
{
LOG.ignore(ignore);
}
}
@Override
protected void doStop() throws Exception
{

174
jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslSelectionDump.java Normal file
View File

@ -0,0 +1,174 @@
//
// ========================================================================
// Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
//
// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
//
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
//
// You may elect to redistribute this code under either of these licenses.
// ========================================================================
//
package org.eclipse.jetty.util.ssl;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Comparator;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.eclipse.jetty.util.component.ContainerLifeCycle;
import org.eclipse.jetty.util.component.Dumpable;
public class SslSelectionDump extends ContainerLifeCycle implements Dumpable
{
private static class CaptionedList extends ArrayList<String> implements Dumpable
{
private final String caption;
public CaptionedList(String caption)
{
this.caption = caption;
}
@Override
public String dump()
{
return ContainerLifeCycle.dump(SslSelectionDump.CaptionedList.this);
}
@Override
public void dump(Appendable out, String indent) throws IOException
{
out.append(caption);
out.append(" (size=").append(Integer.toString(size())).append(")");
out.append(System.lineSeparator());
ContainerLifeCycle.dump(out, indent, this);
}
}
private final String type;
private SslSelectionDump.CaptionedList enabled = new SslSelectionDump.CaptionedList("Enabled");
private SslSelectionDump.CaptionedList disabled = new SslSelectionDump.CaptionedList("Disabled");
public SslSelectionDump(String type,
String[] supportedByJVM,
String[] enabledByJVM,
String[] excludedByConfig,
String[] includedByConfig)
{
this.type = type;
addBean(enabled);
addBean(disabled);
List<String> jvmEnabled = Arrays.asList(enabledByJVM);
List<Pattern> excludedPatterns = Arrays.stream(excludedByConfig)
.map((entry) -> Pattern.compile(entry))
.collect(Collectors.toList());
List<Pattern> includedPatterns = Arrays.stream(includedByConfig)
.map((entry) -> Pattern.compile(entry))
.collect(Collectors.toList());
Arrays.stream(supportedByJVM)
.sorted(Comparator.naturalOrder())
.forEach((entry) ->
{
boolean isPresent = true;
StringBuilder s = new StringBuilder();
s.append(entry);
if (!jvmEnabled.contains(entry))
{
if (isPresent)
{
s.append(" -");
isPresent = false;
}
s.append(" JreDisabled:java.security");
}
for (Pattern pattern : excludedPatterns)
{
Matcher m = pattern.matcher(entry);
if (m.matches())
{
if (isPresent)
{
s.append(" -");
isPresent = false;
}
else
{
s.append(",");
}
s.append(" ConfigExcluded:'").append(pattern.pattern()).append('\'');
}
}
if (!includedPatterns.isEmpty())
{
boolean isIncluded = false;
for (Pattern pattern : includedPatterns)
{
Matcher m = pattern.matcher(entry);
if (m.matches())
{
isIncluded = true;
break;
}
}
if (!isIncluded)
{
if (isPresent)
{
s.append(" -");
isPresent = false;
}
else
{
s.append(",");
}
s.append(" ConfigIncluded:NotSpecified");
}
}
if (isPresent)
{
enabled.add(s.toString());
}
else
{
disabled.add(s.toString());
}
});
}
@Override
public String dump()
{
return ContainerLifeCycle.dump(this);
}
@Override
public void dump(Appendable out, String indent) throws IOException
{
dumpBeans(out, indent);
}
@Override
protected void dumpThis(Appendable out) throws IOException
{
out.append(type).append(" Selections").append(System.lineSeparator());
}
}

8
jetty-util/src/test/java/org/eclipse/jetty/util/ssl/SslContextFactoryTest.java
View File

@ -29,7 +29,6 @@ import static org.junit.Assert.assertTrue;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.util.Arrays;
import javax.net.ssl.SSLEngine;
@ -62,11 +61,8 @@ public class SslContextFactoryTest
cf.setKeyManagerPassword("keypwd");
cf.start();
System.err.println(Arrays.asList(cf.getSelectedProtocols()));
for (String cipher : cf.getSelectedCipherSuites())
System.err.println(cipher);
cf.dump(System.out, "");
}
@Test