This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 4e7fd2e Update tests to use SSLHostConfig for TLS configuration
4e7fd2e is described below
commit 4e7fd2ef1bd582ba216b54034e123694a3a630be
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Jan 15 15:36:05 2020 +0000
Update tests to use SSLHostConfig for TLS configuration
---
test/org/apache/tomcat/util/net/TestCustomSsl.java | 35 ++++++++-------
test/org/apache/tomcat/util/net/TesterSupport.java | 51 ++++++++++------------
.../util/net/jsse/TesterBug50640SslImpl.java | 1 -
3 files changed, 41 insertions(+), 46 deletions(-)
diff --git a/test/org/apache/tomcat/util/net/TestCustomSsl.java
b/test/org/apache/tomcat/util/net/TestCustomSsl.java
index 0372ba5..c3dd280 100644
--- a/test/org/apache/tomcat/util/net/TestCustomSsl.java
+++ b/test/org/apache/tomcat/util/net/TestCustomSsl.java
@@ -32,6 +32,7 @@ import org.apache.catalina.startup.TomcatBaseTest;
import org.apache.coyote.ProtocolHandler;
import org.apache.coyote.http11.AbstractHttp11JsseProtocol;
import org.apache.tomcat.util.buf.ByteChunk;
+import org.apache.tomcat.util.net.SSLHostConfigCertificate.Type;
import org.apache.tomcat.util.net.jsse.TesterBug50640SslImpl;
import org.apache.tomcat.websocket.server.WsContextListener;
@@ -59,20 +60,22 @@ public class TestCustomSsl extends TomcatBaseTest {
Assume.assumeFalse("This test is only for JSSE based SSL connectors",
connector.getProtocolHandlerClassName().contains("Apr"));
+ SSLHostConfig sslHostConfig = new SSLHostConfig();
+ SSLHostConfigCertificate certificate = new
SSLHostConfigCertificate(sslHostConfig, Type.UNDEFINED);
+ sslHostConfig.addCertificate(certificate);
+ connector.addSslHostConfig(sslHostConfig);
+
Assert.assertTrue(connector.setProperty(
"sslImplementationName",
"org.apache.tomcat.util.net.jsse.TesterBug50640SslImpl"));
// This setting will break ssl configuration unless the custom
// implementation is used.
- Assert.assertTrue(connector.setProperty(
- TesterBug50640SslImpl.PROPERTY_NAME,
TesterBug50640SslImpl.PROPERTY_VALUE));
+ sslHostConfig.setProtocols(TesterBug50640SslImpl.PROPERTY_VALUE);
- Assert.assertTrue(connector.setProperty("sslProtocol", "tls"));
+ sslHostConfig.setSslProtocol("tls");
- File keystoreFile =
- new File(TesterSupport.LOCALHOST_RSA_JKS);
- connector.setAttribute(
- "keystoreFile", keystoreFile.getAbsolutePath());
+ File keystoreFile = new File(TesterSupport.LOCALHOST_RSA_JKS);
+ certificate.setCertificateKeystoreFile(keystoreFile.getAbsolutePath());
connector.setSecure(true);
Assert.assertTrue(connector.setProperty("SSLEnabled", "true"));
@@ -109,23 +112,25 @@ public class TestCustomSsl extends TomcatBaseTest {
Tomcat tomcat = getTomcatInstance();
Assume.assumeTrue("SSL renegotiation has to be supported for this
test",
- TesterSupport.isRenegotiationSupported(getTomcatInstance()));
+ TesterSupport.isRenegotiationSupported(tomcat));
TesterSupport.configureClientCertContext(tomcat);
+ Connector connector = tomcat.getConnector();
+
// Override the defaults
- ProtocolHandler handler = tomcat.getConnector().getProtocolHandler();
+ ProtocolHandler handler = connector.getProtocolHandler();
if (handler instanceof AbstractHttp11JsseProtocol) {
- ((AbstractHttp11JsseProtocol<?>) handler).setTruststoreFile(null);
+ connector.findSslHostConfigs()[0].setTruststoreFile(null);
} else {
// Unexpected
Assert.fail("Unexpected handler type");
}
if (trustType.equals(TrustType.ALL)) {
- tomcat.getConnector().setAttribute("trustManagerClassName",
+ connector.findSslHostConfigs()[0].setTrustManagerClassName(
"org.apache.tomcat.util.net.TesterSupport$TrustAllCerts");
} else if (trustType.equals(TrustType.CA)) {
- tomcat.getConnector().setAttribute("trustManagerClassName",
+ connector.findSslHostConfigs()[0].setTrustManagerClassName(
"org.apache.tomcat.util.net.TesterSupport$SequentialTrustManager");
}
@@ -135,16 +140,14 @@ public class TestCustomSsl extends TomcatBaseTest {
TesterSupport.configureClientSsl();
// Unprotected resource
- ByteChunk res =
- getUrl("https://localhost:"; + getPort() + "/unprotected");
+ ByteChunk res = getUrl("https://localhost:"; + getPort() +
"/unprotected");
Assert.assertEquals("OK", res.toString());
// Protected resource
res.recycle();
int rc = -1;
try {
- rc = getUrl("https://localhost:"; + getPort() + "/protected", res,
- null, null);
+ rc = getUrl("https://localhost:"; + getPort() + "/protected", res,
null, null);
} catch (SocketException se) {
if (!trustType.equals(TrustType.NONE)) {
Assert.fail(se.getMessage());
diff --git a/test/org/apache/tomcat/util/net/TesterSupport.java
b/test/org/apache/tomcat/util/net/TesterSupport.java
index d663f6b..829aa12 100644
--- a/test/org/apache/tomcat/util/net/TesterSupport.java
+++ b/test/org/apache/tomcat/util/net/TesterSupport.java
@@ -64,6 +64,7 @@ import org.apache.tomcat.util.compat.JreCompat;
import org.apache.tomcat.util.descriptor.web.LoginConfig;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
+import org.apache.tomcat.util.net.SSLHostConfigCertificate.Type;
public final class TesterSupport {
@@ -134,47 +135,39 @@ public final class TesterSupport {
protected static void initSsl(Tomcat tomcat, String keystore,
String keystorePass, String keyPass) {
+ Connector connector = tomcat.getConnector();
+ connector.setSecure(true);
+ Assert.assertTrue(connector.setProperty("SSLEnabled", "true"));
+
+ SSLHostConfig sslHostConfig = new SSLHostConfig();
+ SSLHostConfigCertificate certificate = new
SSLHostConfigCertificate(sslHostConfig, Type.UNDEFINED);
+ sslHostConfig.addCertificate(certificate);
+ connector.addSslHostConfig(sslHostConfig);
+
String protocol = tomcat.getConnector().getProtocolHandlerClassName();
if (!protocol.contains("Apr")) {
- Connector connector = tomcat.getConnector();
String sslImplementation =
System.getProperty("tomcat.test.sslImplementation");
if (sslImplementation != null &&
!"${test.sslImplementation}".equals(sslImplementation)) {
StandardServer server = (StandardServer) tomcat.getServer();
AprLifecycleListener listener = new AprLifecycleListener();
listener.setSSLRandomSeed("/dev/urandom");
server.addLifecycleListener(listener);
- tomcat.getConnector().setAttribute("sslImplementationName",
sslImplementation);
+ connector.setAttribute("sslImplementationName",
sslImplementation);
}
- Assert.assertTrue(connector.setProperty("sslProtocol", "tls"));
- File keystoreFile =
- new File(keystore);
- connector.setAttribute("keystoreFile",
- keystoreFile.getAbsolutePath());
- File truststoreFile = new File(CA_JKS);
- connector.setAttribute("truststoreFile",
- truststoreFile.getAbsolutePath());
+ sslHostConfig.setSslProtocol("tls");
+ certificate.setCertificateKeystoreFile(new
File(keystore).getAbsolutePath());
+ sslHostConfig.setTruststoreFile(new
File(CA_JKS).getAbsolutePath());
if (keystorePass != null) {
- connector.setAttribute("keystorePass", keystorePass);
+ certificate.setCertificateKeystorePassword(keystorePass);
}
if (keyPass != null) {
- connector.setAttribute("keyPass", keyPass);
+ certificate.setCertificateKeyPassword(keyPass);
}
} else {
- File keystoreFile = new File(
- LOCALHOST_RSA_CERT_PEM);
- tomcat.getConnector().setAttribute("SSLCertificateFile",
- keystoreFile.getAbsolutePath());
- keystoreFile = new File(
- LOCALHOST_RSA_KEY_PEM);
- tomcat.getConnector().setAttribute("SSLCertificateKeyFile",
- keystoreFile.getAbsolutePath());
- keystoreFile = new File(
- CA_CERT_PEM);
- tomcat.getConnector().setAttribute("SSLCACertificateFile",
- keystoreFile.getAbsolutePath());
- }
- tomcat.getConnector().setSecure(true);
- Assert.assertTrue(tomcat.getConnector().setProperty("SSLEnabled",
"true"));
+ certificate.setCertificateFile(new
File(LOCALHOST_RSA_CERT_PEM).getAbsolutePath());
+ certificate.setCertificateKeyFile(new
File(LOCALHOST_RSA_KEY_PEM).getAbsolutePath());
+ sslHostConfig.setCaCertificateFile(new
File(CA_CERT_PEM).getAbsolutePath());
+ }
}
protected static KeyManager[] getUser1KeyManagers() throws Exception {
@@ -270,9 +263,9 @@ public final class TesterSupport {
* Ensure these tests pass with all JREs from Java 7 onwards.
*/
if (JreCompat.isJre8Available()) {
-
Assert.assertTrue(tomcat.getConnector().setProperty("sslEnabledProtocols",
Constants.SSL_PROTO_TLSv1_2));
+
tomcat.getConnector().findSslHostConfigs()[0].setProtocols(Constants.SSL_PROTO_TLSv1_2);
} else {
-
Assert.assertTrue(tomcat.getConnector().setProperty("sslEnabledProtocols",
Constants.SSL_PROTO_TLSv1));
+
tomcat.getConnector().findSslHostConfigs()[0].setProtocols(Constants.SSL_PROTO_TLSv1);
}
// Need a web application with a protected and unprotected URL
diff --git a/test/org/apache/tomcat/util/net/jsse/TesterBug50640SslImpl.java
b/test/org/apache/tomcat/util/net/jsse/TesterBug50640SslImpl.java
index 738a57d..fa4ebae 100644
--- a/test/org/apache/tomcat/util/net/jsse/TesterBug50640SslImpl.java
+++ b/test/org/apache/tomcat/util/net/jsse/TesterBug50640SslImpl.java
@@ -24,7 +24,6 @@ import org.apache.tomcat.util.net.SSLUtil;
public class TesterBug50640SslImpl extends JSSEImplementation {
- public static final String PROPERTY_NAME = "sslEnabledProtocols";
public static final String PROPERTY_VALUE = "magic";
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
