Author: markt
Date: Wed Mar 2 12:03:05 2011
New Revision: 1076182
URL: http://svn.apache.org/viewvc?rev=1076182&view=rev
Log:
Correct issues in the SSL renegotiation tests
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java
tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java
tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java
Modified: tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java?rev=1076182&r1=1076181&r2=1076182&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/TestClientCert.java Wed Mar 2
12:03:05 2011
@@ -44,6 +44,10 @@ public class TestClientCert extends Tomc
public static final byte DATA = (byte)33;
public void testClientCertGet() throws Exception {
+ if (!TesterSupport.isRenegotiationSupported(getTomcatInstance())) {
+ return;
+ }
+
// Unprotected resource
ByteChunk res =
getUrl("https://localhost:"; + getPort() + "/unprotected");
@@ -74,6 +78,9 @@ public class TestClientCert extends Tomc
public void doTestClientCertPost(int bodySize, boolean expectProtectedFail)
throws Exception {
+ if (!TesterSupport.isRenegotiationSupported(getTomcatInstance())) {
+ return;
+ }
byte[] body = new byte[bodySize];
Arrays.fill(body, DATA);
@@ -105,11 +112,6 @@ public class TestClientCert extends Tomc
Tomcat tomcat = getTomcatInstance();
- String protocol = tomcat.getConnector().getProtocolHandlerClassName();
- if (protocol.indexOf("Apr") != -1) {
- return; // Disabled by default in 1.1.20 windows binary
(2010-07-27)
- }
-
TesterSupport.initSsl(tomcat);
// Need a web application with a protected and unprotected URL
Modified: tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java?rev=1076182&r1=1076181&r2=1076182&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java Wed Mar 2
12:03:05 2011
@@ -16,10 +16,13 @@
*/
package org.apache.tomcat.util.net;
+import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
+import java.io.InputStreamReader;
import java.io.OutputStream;
+import java.io.Reader;
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
@@ -97,101 +100,77 @@ public class TestSsl extends TomcatBaseT
// Make sure the NIO connector has read the request before the
handshake
Thread.sleep(100);
+
socket.startHandshake();
- handshakeDone = false;
- byte[] b = new byte[0];
- int maxTries = 5; // 5 sec should be enough - in NIO we'll timeout
- socket.setSoTimeout(1000);
- for (int i = 0; i < maxTries; i++) {
- try {
- is.read(b);
- } catch (IOException e) {
- // timeout
- }
- if (handshakeDone) {
- break;
- }
- }
+
os = socket.getOutputStream();
- if (!handshakeDone) {
- // success - we timedout without handshake
- return;
- }
+
try {
os.write("Host: localhost\n\n".getBytes());
} catch (IOException ex) {
- // success - connection closed
+ ex.printStackTrace();
+ fail("Re-negotiation failed");
+ }
+ Reader r = new InputStreamReader(is);
+ BufferedReader br = new BufferedReader(r);
+ String line = br.readLine();
+ while (line != null) {
+ // For testing System.out.println(line);
+ line = br.readLine();
+ }
+
+ if (!handshakeDone) {
+ // success - we timed-out without handshake
return;
}
fail("Re-negotiation worked");
-
}
public void testRenegotiateWorks() throws Exception {
Tomcat tomcat = getTomcatInstance();
+ if (!TesterSupport.isRenegotiationSupported(tomcat)) {
+ return;
+ }
+
File appDir = new File(getBuildDirectory(), "webapps/examples");
// app dir is relative to server home
tomcat.addWebapp(null, "/examples", appDir.getAbsolutePath());
TesterSupport.initSsl(tomcat);
- // Enable MITM attack
- tomcat.getConnector().setAttribute("allowUnsafeLegacyRenegotiation",
"true");
-
tomcat.start();
- String protocol = tomcat.getConnector().getProtocolHandlerClassName();
- if (protocol.indexOf("Nio") != -1) {
- return; // Not supported yet (2010-07-22)
- }
- if (protocol.indexOf("Apr") != -1) {
- return; // Disabled by default in 1.1.20 windows binary
(2010-07-27)
- }
-
SSLContext sslCtx = SSLContext.getInstance("TLS");
sslCtx.init(null, TesterSupport.getTrustManagers(),
new java.security.SecureRandom());
SSLSocketFactory socketFactory = sslCtx.getSocketFactory();
- SSLSocket socket = (SSLSocket) socketFactory.createSocket("localhost",
getPort());
+ SSLSocket socket = (SSLSocket) socketFactory.createSocket("localhost",
+ getPort());
- socket.addHandshakeCompletedListener(new HandshakeCompletedListener() {
- @Override
- public void handshakeCompleted(HandshakeCompletedEvent event) {
- handshakeDone = true;
- }
- });
-
OutputStream os = socket.getOutputStream();
- os.write("GET /examples/servlets/servlet/HelloWorldExample
HTTP/1.0\n".getBytes());
- os.flush();
- InputStream is = socket.getInputStream();
+ os.write("GET /examples/servlets/servlet/HelloWorldExample
HTTP/1.1\n".getBytes());
+ os.flush();
socket.startHandshake();
- handshakeDone = false;
- byte[] b = new byte[0];
- int maxTries = 5;
- socket.setSoTimeout(1000);
- for (int i = 0; i < maxTries; i++) {
- try {
- is.read(b);
- } catch (IOException e) {
- // timeout
- }
- if (handshakeDone) {
- break;
- }
- }
- os = socket.getOutputStream();
-
+
try {
os.write("Host: localhost\n\n".getBytes());
} catch (IOException ex) {
+ ex.printStackTrace();
fail("Re-negotiation failed");
}
-
+
+ InputStream is = socket.getInputStream();
+ Reader r = new InputStreamReader(is);
+ BufferedReader br = new BufferedReader(r);
+ String line = br.readLine();
+ while (line != null) {
+ // For testing System.out.println(line);
+ line = br.readLine();
+ }
}
@Override
Modified: tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java?rev=1076182&r1=1076181&r2=1076182&view=diff
==============================================================================
--- tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java (original)
+++ tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java Wed Mar 2
12:03:05 2011
@@ -133,4 +133,13 @@ public final class TesterSupport {
}
return ks;
}
+
+ protected static boolean isRenegotiationSupported(Tomcat tomcat) {
+ String protocol = tomcat.getConnector().getProtocolHandlerClassName();
+ if (protocol.contains("Apr")) {
+ // Disabled by default in 1.1.20 windows binary (2010-07-27)
+ return false;
+ }
+ return true;
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
