Author: rjung
Date: Sun Aug 13 14:37:06 2017
New Revision: 1804917
URL: http://svn.apache.org/viewvc?rev=1804917&view=rev
Log:
Improve some existing test cases with a check,
whether client certificates from the right CA
was demanded during the TLS handshake.
Especially detect, if no CA was announced during
the handshake.
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java
tomcat/trunk/test/org/apache/tomcat/util/net/TestCustomSsl.java
tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java
Modified: tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java?rev=1804917&r1=1804916&r2=1804917&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java Sun Aug 13
14:37:06 2017
@@ -19,6 +19,7 @@ package org.apache.tomcat.util.net;
import java.util.Arrays;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
import org.junit.Assume;
import org.junit.Test;
@@ -62,6 +63,18 @@ public class TestClientCert extends Tomc
// Unprotected resource
ByteChunk res =
getUrl("https://localhost:"; + getPort() + "/unprotected");
+
+ if (log.isDebugEnabled()) {
+ int count = TesterSupport.getLastClientAuthRequestedIssuerCount();
+ log.debug("Last client KeyManager usage: " +
TesterSupport.getLastClientAuthKeyManagerUsage() +
+ ", " + count + " requested Issuers, first one: " +
+ (count > 0 ?
TesterSupport.getLastClientAuthRequestedIssuer(0).getName() : "NONE"));
+ log.debug("Expected requested Issuer: " +
TesterSupport.getClientAuthExpectedIssuer());
+ }
+ assertTrue("Checking requested client issuer against " +
+ TesterSupport.getClientAuthExpectedIssuer(),
+ TesterSupport.checkLastClientAuthRequestedIssuers());
+
if (preemptive) {
assertEquals("OK-" + TesterSupport.ROLE, res.toString());
} else {
@@ -70,6 +83,18 @@ public class TestClientCert extends Tomc
// Protected resource
res = getUrl("https://localhost:"; + getPort() + "/protected");
+
+ if (log.isDebugEnabled()) {
+ int count = TesterSupport.getLastClientAuthRequestedIssuerCount();
+ log.debug("Last client KeyManager usage: " +
TesterSupport.getLastClientAuthKeyManagerUsage() +
+ ", " + count + " requested Issuers, first one: " +
+ (count > 0 ?
TesterSupport.getLastClientAuthRequestedIssuer(0).getName() : "NONE"));
+ log.debug("Expected requested Issuer: " +
TesterSupport.getClientAuthExpectedIssuer());
+ }
+ assertTrue("Checking requested client issuer against " +
+ TesterSupport.getClientAuthExpectedIssuer(),
+ TesterSupport.checkLastClientAuthRequestedIssuers());
+
assertEquals("OK-" + TesterSupport.ROLE, res.toString());
}
@@ -107,12 +132,36 @@ public class TestClientCert extends Tomc
// Unprotected resource
ByteChunk res = postUrl(body,
"https://localhost:"; + getPort() + "/unprotected");
+
+ if (log.isDebugEnabled()) {
+ int count = TesterSupport.getLastClientAuthRequestedIssuerCount();
+ log.debug("Last client KeyManager usage: " +
TesterSupport.getLastClientAuthKeyManagerUsage() +
+ ", " + count + " requested Issuers, first one: " +
+ (count > 0 ?
TesterSupport.getLastClientAuthRequestedIssuer(0).getName() : "NONE"));
+ log.debug("Expected requested Issuer: " +
TesterSupport.getClientAuthExpectedIssuer());
+ }
+ assertTrue("Checking requested client issuer against " +
+ TesterSupport.getClientAuthExpectedIssuer(),
+ TesterSupport.checkLastClientAuthRequestedIssuers());
+
assertEquals("OK-" + bodySize, res.toString());
// Protected resource
res.recycle();
int rc = postUrl(body, "https://localhost:"; + getPort() + "/protected",
res, null);
+
+ if (log.isDebugEnabled()) {
+ int count = TesterSupport.getLastClientAuthRequestedIssuerCount();
+ log.debug("Last client KeyManager usage: " +
TesterSupport.getLastClientAuthKeyManagerUsage() +
+ ", " + count + " requested Issuers, first one: " +
+ (count > 0 ?
TesterSupport.getLastClientAuthRequestedIssuer(0).getName() : "NONE"));
+ log.debug("Expected requested Issuer: " +
TesterSupport.getClientAuthExpectedIssuer());
+ }
+ assertTrue("Checking requested client issuer against " +
+ TesterSupport.getClientAuthExpectedIssuer(),
+ TesterSupport.checkLastClientAuthRequestedIssuers());
+
if (expectProtectedFail) {
assertEquals(401, rc);
} else {
Modified: tomcat/trunk/test/org/apache/tomcat/util/net/TestCustomSsl.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TestCustomSsl.java?rev=1804917&r1=1804916&r2=1804917&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/TestCustomSsl.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/TestCustomSsl.java Sun Aug 13
14:37:06 2017
@@ -159,6 +159,20 @@ public class TestCustomSsl extends Tomca
he.printStackTrace();
}
}
+
+ if (trustType.equals(TrustType.CA)) {
+ if (log.isDebugEnabled()) {
+ int count =
TesterSupport.getLastClientAuthRequestedIssuerCount();
+ log.debug("Last client KeyManager usage: " +
TesterSupport.getLastClientAuthKeyManagerUsage() +
+ ", " + count + " requested Issuers, first one: " +
+ (count > 0 ?
TesterSupport.getLastClientAuthRequestedIssuer(0).getName() : "NONE"));
+ log.debug("Expected requested Issuer: " +
TesterSupport.getClientAuthExpectedIssuer());
+ }
+ assertTrue("Checking requested client issuer against " +
+ TesterSupport.getClientAuthExpectedIssuer(),
+ TesterSupport.checkLastClientAuthRequestedIssuers());
+ }
+
if (trustType.equals(TrustType.NONE)) {
assertTrue(rc != 200);
assertEquals("", res.toString());
Modified: tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java?rev=1804917&r1=1804916&r2=1804917&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java Sun Aug 13
14:37:06 2017
@@ -67,6 +67,8 @@ public class TestSsl extends TomcatBaseT
ByteChunk res = getUrl("https://localhost:"; + getPort() +
"/examples/servlets/servlet/HelloWorldExample");
assertTrue(res.toString().indexOf("<a href=\"../helloworld.html\">") >
0);
+ assertTrue("Checking no client issuer has been requested",
+ TesterSupport.getLastClientAuthRequestedIssuerCount() == 0);
}
@Test
@@ -87,6 +89,8 @@ public class TestSsl extends TomcatBaseT
ByteChunk res = getUrl("https://localhost:"; + getPort() +
"/examples/servlets/servlet/HelloWorldExample");
assertTrue(res.toString().indexOf("<a href=\"../helloworld.html\">") >
0);
+ assertTrue("Checking no client issuer has been requested",
+ TesterSupport.getLastClientAuthRequestedIssuerCount() == 0);
}
@@ -118,6 +122,8 @@ public class TestSsl extends TomcatBaseT
Reader r = new InputStreamReader(is);
doRequest(os, r);
+ assertTrue("Checking no client issuer has been requested",
+ TesterSupport.getLastClientAuthRequestedIssuerCount() == 0);
TesterHandshakeListener listener = new TesterHandshakeListener();
socket.addHandshakeCompletedListener(listener);
@@ -131,6 +137,8 @@ public class TestSsl extends TomcatBaseT
while (requestCount < 10) {
requestCount++;
doRequest(os, r);
+ assertTrue("Checking no client issuer has been requested",
+
TesterSupport.getLastClientAuthRequestedIssuerCount() == 0);
if (listener.isComplete() && listenerComplete == 0) {
listenerComplete = requestCount;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
