svn commit: r834290 - in /tomcat/trunk/test/org/apache/catalina/startup: TestTomcatSSL.java test.keystore

Mon, 09 Nov 2009 17:04:41 -0800 

Author: costin
Date: Tue Nov 10 01:04:13 2009
New Revision: 834290

URL: http://svn.apache.org/viewvc?rev=834290&view=rev
Log:
Test case for the MITM/ssl re-negotiation, also a unit test for a simple ssl 
request 
( to check the fix didn't broke anything and ssl still works )


Added:
    tomcat/trunk/test/org/apache/catalina/startup/TestTomcatSSL.java   (with 
props)
    tomcat/trunk/test/org/apache/catalina/startup/test.keystore   (with props)

Added: tomcat/trunk/test/org/apache/catalina/startup/TestTomcatSSL.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/startup/TestTomcatSSL.java?rev=834290&view=auto
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/startup/TestTomcatSSL.java (added)
+++ tomcat/trunk/test/org/apache/catalina/startup/TestTomcatSSL.java Tue Nov 10 
01:04:13 2009
@@ -0,0 +1,153 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.catalina.startup;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+
+import javax.net.ssl.HandshakeCompletedEvent;
+import javax.net.ssl.HandshakeCompletedListener;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+
+import org.apache.tomcat.util.buf.ByteChunk;
+
+/**
+ * Requires test.keystore (checked in), generated with:
+ *  keytool -genkey -alias tomcat -keyalg RSA
+ *  pass: changeit 
+ *  CN: localhost ( for hostname validation )
+ */
+public class TestTomcatSSL extends TomcatBaseTest {
+    static TrustManager[] trustAllCerts = new TrustManager[] { 
+        new X509TrustManager() { 
+            public java.security.cert.X509Certificate[] getAcceptedIssuers() { 
+                return null;
+            }
+            public void 
checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) 
{
+            }
+            public void 
checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) 
{
+            }
+        }
+    };
+
+    private void initSsl(Tomcat tomcat) {
+        tomcat.getConnector().setSecure(true);
+        tomcat.getConnector().setProperty("SSLEnabled", "true");
+        tomcat.getConnector().setProperty("sslProtocol",
+            "tls");
+        // test runs in output/tmp
+        tomcat.getConnector().setAttribute("keystore", 
+            "../../test/org/apache/catalina/startup/test.keystore");
+    }
+    
+
+    public void testSimpleSsl() throws Exception {
+        //  Install the all-trusting trust manager so https:// works 
+        // with unsigned certs. 
+
+        // TODO: cleanup ? 
+        try {
+            SSLContext sc = SSLContext.getInstance("SSL");
+            sc.init(null, trustAllCerts, new java.security.SecureRandom());
+            javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(
+                    sc.getSocketFactory());
+        } catch (Exception e) {
+            e.printStackTrace();
+        } 
+        
+        Tomcat tomcat = getTomcatInstance();
+
+        File appDir = 
+            new File("output/build/webapps/examples");
+        tomcat.addWebapp(null, "/examples", appDir.getAbsolutePath());
+        initSsl(tomcat);
+
+        tomcat.start();
+        ByteChunk res = getUrl("https://localhost:"; + getPort() +
+            "/examples/servlets/servlet/HelloWorldExample");
+        assertTrue(res.toString().indexOf("<h1>Hello World!</h1>") > 0);
+    }
+
+    boolean handshakeDone = false;
+    
+    public void testReHandshake() throws Exception {
+        Tomcat tomcat = getTomcatInstance();
+
+        File appDir = 
+            new File("output/build/webapps/examples");
+        // app dir is relative to server home
+        tomcat.addWebapp(null, "/examples", appDir.getAbsolutePath());
+
+        initSsl(tomcat);
+
+        tomcat.start();
+        SSLContext sslCtx = SSLContext.getInstance("TLS");
+        sslCtx.init(null, trustAllCerts, new java.security.SecureRandom());
+        SSLSocketFactory socketFactory = sslCtx.getSocketFactory();
+        SSLSocket socket = (SSLSocket) socketFactory.createSocket("localhost", 
getPort());
+
+        socket.addHandshakeCompletedListener(new HandshakeCompletedListener() {
+            @Override
+            public void handshakeCompleted(HandshakeCompletedEvent event) {
+                handshakeDone = true;
+            }
+        });
+        
+        OutputStream os = socket.getOutputStream();
+        os.write("GET /examples/servlets/servlet/HelloWorldExample 
HTTP/1.0\n".getBytes());
+        os.flush();
+
+        InputStream is = socket.getInputStream();
+
+        // Doesn't seem to work..
+        socket.getSession().invalidate();
+        socket.startHandshake();
+        handshakeDone = false;
+        byte[] b = new byte[0];
+        int maxTries = 60; // 60 * 1000 = example 1 minute time out
+        socket.setSoTimeout(1000);
+        for (int i = 0; i < maxTries; i++) {
+            try {
+                is.read(b);
+            } catch (IOException e) {
+                // timeout
+            }
+            if (handshakeDone) {
+                break;
+            }
+        }
+        SSLSession session = socket.getSession();
+        os = socket.getOutputStream();
+        
+        try {
+            os.write("Host: localhost\n\n".getBytes());
+        } catch (IOException ex) {
+            // success - connection closed
+            return;
+        }
+        
+        fail("Re-negotiation worked");
+        
+    }
+}

Propchange: tomcat/trunk/test/org/apache/catalina/startup/TestTomcatSSL.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: tomcat/trunk/test/org/apache/catalina/startup/test.keystore
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/startup/test.keystore?rev=834290&view=auto
==============================================================================
Binary file - no diff available.

Propchange: tomcat/trunk/test/org/apache/catalina/startup/test.keystore
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to