Author: markt
Date: Tue Mar 1 10:16:36 2011
New Revision: 1075762
URL: http://svn.apache.org/viewvc?rev=1075762&view=rev
Log:
Extract the client-cert tests into a separate test
Check maxPostSize works as expected with client-cert
Added:
tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java (with
props)
Modified:
tomcat/trunk/test/org/apache/catalina/startup/TomcatBaseTest.java
tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java
tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java
Modified: tomcat/trunk/test/org/apache/catalina/startup/TomcatBaseTest.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/startup/TomcatBaseTest.java?rev=1075762&r1=1075761&r2=1075762&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/catalina/startup/TomcatBaseTest.java (original)
+++ tomcat/trunk/test/org/apache/catalina/startup/TomcatBaseTest.java Tue Mar
1 10:16:36 2011
@@ -20,6 +20,7 @@ import java.io.BufferedInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
+import java.io.OutputStream;
import java.io.PrintWriter;
import java.net.HttpURLConnection;
import java.net.URL;
@@ -215,4 +216,65 @@ public abstract class TomcatBaseTest ext
}
return rc;
}
+
+ public static ByteChunk postUrl(byte[] body, String path)
+ throws IOException {
+ ByteChunk out = new ByteChunk();
+ postUrl(body, path, out, null);
+ return out;
+ }
+
+ public static int postUrl(byte[] body, String path, ByteChunk out,
+ Map<String, List<String>> resHead) throws IOException {
+
+ URL url = new URL(path);
+ HttpURLConnection connection =
+ (HttpURLConnection) url.openConnection();
+ connection.setDoOutput(true);
+ connection.setReadTimeout(1000000);
+ connection.connect();
+
+ // Write the request body
+ OutputStream os = null;
+ try {
+ os = connection.getOutputStream();
+ os.write(body, 0, body.length);
+ } finally {
+ if (os != null) {
+ try {
+ os.close();
+ } catch (IOException ioe) {
+ // Ignore
+ }
+ }
+ }
+
+ int rc = connection.getResponseCode();
+ if (resHead != null) {
+ Map<String, List<String>> head = connection.getHeaderFields();
+ resHead.putAll(head);
+ }
+ if (rc == HttpServletResponse.SC_OK) {
+ InputStream is = connection.getInputStream();
+ BufferedInputStream bis = null;
+ try {
+ bis = new BufferedInputStream(is);
+ byte[] buf = new byte[2048];
+ int rd = 0;
+ while((rd = bis.read(buf)) > 0) {
+ out.append(buf, 0, rd);
+ }
+ } finally {
+ if (bis != null) {
+ try {
+ bis.close();
+ } catch (IOException e) {
+ // Ignore
+ }
+ }
+ }
+ }
+ return rc;
+ }
+
}
Added: tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java?rev=1075762&view=auto
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java (added)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java Tue Mar 1
10:16:36 2011
@@ -0,0 +1,181 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.util.net;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.authenticator.SSLAuthenticator;
+import org.apache.catalina.deploy.LoginConfig;
+import org.apache.catalina.deploy.SecurityCollection;
+import org.apache.catalina.deploy.SecurityConstraint;
+import org.apache.catalina.startup.TestTomcat.MapRealm;
+import org.apache.catalina.startup.Tomcat;
+import org.apache.catalina.startup.TomcatBaseTest;
+import org.apache.tomcat.util.buf.ByteChunk;
+
+/**
+ * The keys and certificates used in this file are all available in svn and
were
+ * generated using a test CA the files for which are in the Tomcat PMC private
+ * repository since not all of them are AL2 licensed.
+ */
+public class TestClientCert extends TomcatBaseTest {
+
+ public void testClientCertGet() throws Exception {
+ // Unprotected resource
+ ByteChunk res =
+ getUrl("https://localhost:"; + getPort() + "/unprotected");
+ assertEquals("OK", res.toString());
+
+ // Protected resource
+ res = getUrl("https://localhost:"; + getPort() + "/protected");
+ assertEquals("OK", res.toString());
+ }
+
+ public void testClientCertPostSmaller() throws Exception {
+ Tomcat tomcat = getTomcatInstance();
+ int bodySize = tomcat.getConnector().getMaxSavePostSize() / 2;
+ doTestClientCertPost(bodySize, false);
+ }
+
+ public void testClientCertPostSame() throws Exception {
+ Tomcat tomcat = getTomcatInstance();
+ int bodySize = tomcat.getConnector().getMaxSavePostSize();
+ doTestClientCertPost(bodySize, false);
+ }
+
+ public void testClientCertPostLarger() throws Exception {
+ Tomcat tomcat = getTomcatInstance();
+ int bodySize = tomcat.getConnector().getMaxSavePostSize() * 2;
+ doTestClientCertPost(bodySize, true);
+ }
+
+ public void doTestClientCertPost(int bodySize, boolean expectProtectedFail)
+ throws Exception {
+
+ byte[] body = new byte[bodySize];
+
+ // Unprotected resource
+ ByteChunk res = postUrl(body,
+ "https://localhost:"; + getPort() + "/unprotected");
+ assertEquals("OK-" + bodySize, res.toString());
+
+ // Protected resource
+ res.recycle();
+ int rc = postUrl(body, "https://localhost:"; + getPort() + "/protected",
+ res, null);
+ if (expectProtectedFail) {
+ assertEquals(401, rc);
+ } else {
+ assertEquals("OK-" + bodySize, res.toString());
+ }
+ }
+
+ @Override
+ public void setUp() throws Exception {
+ if (!TesterSupport.RFC_5746_SUPPORTED) {
+ // Make sure SSL renegotiation is not disabled in the JVM
+ System.setProperty("sun.security.ssl.allowUnsafeRenegotiation",
"true");
+ }
+
+ super.setUp();
+
+ Tomcat tomcat = getTomcatInstance();
+
+ String protocol = tomcat.getConnector().getProtocolHandlerClassName();
+ if (protocol.indexOf("Nio") != -1) {
+ return; // Not supported yet (2011-03-01)
+ }
+ if (protocol.indexOf("Apr") != -1) {
+ return; // Disabled by default in 1.1.20 windows binary
(2010-07-27)
+ }
+
+ TesterSupport.initSsl(tomcat);
+
+ // Need a web application with a protected and unprotected URL
+ // Must have a real docBase - just use temp
+ Context ctx =
+ tomcat.addContext("", System.getProperty("java.io.tmpdir"));
+
+ Tomcat.addServlet(ctx, "simple", new SimpleServlet());
+ ctx.addServletMapping("/unprotected", "simple");
+ ctx.addServletMapping("/protected", "simple");
+
+ // Security constraints
+ SecurityCollection collection = new SecurityCollection();
+ collection.addPattern("/protected");
+ SecurityConstraint sc = new SecurityConstraint();
+ sc.addAuthRole("testrole");
+ sc.addCollection(collection);
+ ctx.addConstraint(sc);
+
+ // Configure the Realm
+ MapRealm realm = new MapRealm();
+ realm.addUser("CN=user1, C=US", "not used");
+ realm.addUserRole("CN=user1, C=US", "testrole");
+ ctx.setRealm(realm);
+
+ // Configure the authenticator
+ LoginConfig lc = new LoginConfig();
+ lc.setAuthMethod("CLIENT-CERT");
+ ctx.setLoginConfig(lc);
+ ctx.getPipeline().addValve(new SSLAuthenticator());
+
+ // Start Tomcat
+ tomcat.start();
+
+ TesterSupport.configureClientSsl();
+ }
+
+ public static class SimpleServlet extends HttpServlet {
+
+ private static final long serialVersionUID = 1L;
+
+ @Override
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ resp.setContentType("text/plain");
+ resp.getWriter().print("OK");
+ }
+
+ @Override
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ // Swallow any request body
+ int read = 0;
+ int len = 0;
+ byte[] buffer = new byte[4096];
+ InputStream is = req.getInputStream();
+ while (len > -1) {
+ len = is.read(buffer);
+ read = read + len;
+ }
+ // len will have been -1 on last iteration
+ read++;
+
+ // Report the number of bytes read
+ resp.setContentType("text/plain");
+ resp.getWriter().print("OK-" + read);
+ }
+ }
+}
Propchange: tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java?rev=1075762&r1=1075761&r2=1075762&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java Tue Mar 1
10:16:36 2011
@@ -26,17 +26,7 @@ import javax.net.ssl.HandshakeCompletedL
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.catalina.Context;
-import org.apache.catalina.authenticator.SSLAuthenticator;
-import org.apache.catalina.deploy.LoginConfig;
-import org.apache.catalina.deploy.SecurityCollection;
-import org.apache.catalina.deploy.SecurityConstraint;
-import org.apache.catalina.startup.TestTomcat.MapRealm;
+
import org.apache.catalina.startup.Tomcat;
import org.apache.catalina.startup.TomcatBaseTest;
import org.apache.tomcat.util.buf.ByteChunk;
@@ -49,7 +39,7 @@ import org.apache.tomcat.util.buf.ByteCh
public class TestSsl extends TomcatBaseTest {
public void testSimpleSsl() throws Exception {
- configureClientSsl();
+ TesterSupport.configureClientSsl();
Tomcat tomcat = getTomcatInstance();
@@ -204,64 +194,6 @@ public class TestSsl extends TomcatBaseT
}
- public void testClientCert() throws Exception {
-
- Tomcat tomcat = getTomcatInstance();
-
- String protocol = tomcat.getConnector().getProtocolHandlerClassName();
- if (protocol.indexOf("Nio") != -1) {
- return; // Not supported yet (2011-03-01)
- }
- if (protocol.indexOf("Apr") != -1) {
- return; // Disabled by default in 1.1.20 windows binary
(2010-07-27)
- }
-
- TesterSupport.initSsl(tomcat);
-
- // Need a web application with a protected and unprotected URL
- // Must have a real docBase - just use temp
- Context ctx =
- tomcat.addContext("", System.getProperty("java.io.tmpdir"));
-
- Tomcat.addServlet(ctx, "simple", new SimpleServlet());
- ctx.addServletMapping("/unprotected", "simple");
- ctx.addServletMapping("/protected", "simple");
-
- // Security constraints
- SecurityCollection collection = new SecurityCollection();
- collection.addPattern("/protected");
- SecurityConstraint sc = new SecurityConstraint();
- sc.addAuthRole("testrole");
- sc.addCollection(collection);
- ctx.addConstraint(sc);
-
- // Configure the Realm
- MapRealm realm = new MapRealm();
- realm.addUser("CN=user1, C=US", "not used");
- realm.addUserRole("CN=user1, C=US", "testrole");
- ctx.setRealm(realm);
-
- // Configure the authenticator
- LoginConfig lc = new LoginConfig();
- lc.setAuthMethod("CLIENT-CERT");
- ctx.setLoginConfig(lc);
- ctx.getPipeline().addValve(new SSLAuthenticator());
-
- // Start Tomcat
- tomcat.start();
-
- configureClientSsl();
-
- // Get the unprotected resource
- ByteChunk res =
- getUrl("https://localhost:"; + getPort() + "/unprotected");
- assertEquals("OK", res.toString());
-
- // Get the protected resource
- res = getUrl("https://localhost:"; + getPort() + "/protected");
- assertEquals("OK", res.toString());
- }
-
@Override
public void setUp() throws Exception {
if (!TesterSupport.RFC_5746_SUPPORTED) {
@@ -270,29 +202,4 @@ public class TestSsl extends TomcatBaseT
}
super.setUp();
}
-
- private void configureClientSsl() {
- try {
- SSLContext sc = SSLContext.getInstance("SSL");
- sc.init(TesterSupport.getUser1KeyManagers(),
- TesterSupport.getTrustManagers(),
- new java.security.SecureRandom());
- javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(
- sc.getSocketFactory());
- } catch (Exception e) {
- e.printStackTrace();
- }
- }
-
- public static class SimpleServlet extends HttpServlet {
-
- private static final long serialVersionUID = 1L;
-
- @Override
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
- resp.setContentType("text/plain");
- resp.getWriter().print("OK");
- }
- }
}
Modified: tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java?rev=1075762&r1=1075761&r2=1075762&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java Tue Mar 1
10:16:36 2011
@@ -101,6 +101,20 @@ public final class TesterSupport {
return tmf.getTrustManagers();
}
+
+ protected static void configureClientSsl() {
+ try {
+ SSLContext sc = SSLContext.getInstance("SSL");
+ sc.init(TesterSupport.getUser1KeyManagers(),
+ TesterSupport.getTrustManagers(),
+ new java.security.SecureRandom());
+ javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(
+ sc.getSocketFactory());
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
private static KeyStore getKeyStore(String keystore) throws Exception {
File keystoreFile = new File(keystore);
KeyStore ks = KeyStore.getInstance("JKS");
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
