Examples with SslContextFactory org.eclipse.jetty.util.ssl.SslContextFactory used on opensource projects

Example 31 with SslContextFactory

use of org.eclipse.jetty.util.ssl.SslContextFactory in project jetty.project by eclipse.

the class ForwardProxyTLSServerTest method testExternalProxy.

@Test
@Ignore("External Proxy Server no longer stable enough for testing")
public void testExternalProxy() throws Exception {
    // Free proxy server obtained from http://hidemyass.com/proxy-list/
    String proxyHost = "81.208.25.53";
    int proxyPort = 3128;
    try {
        new Socket(proxyHost, proxyPort).close();
    } catch (Throwable x) {
        Assume.assumeNoException(x);
    }
    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.start();
    HttpClient httpClient = new HttpClient(newSslContextFactory());
    httpClient.getProxyConfiguration().getProxies().add(new HttpProxy(proxyHost, proxyPort));
    httpClient.start();
    try {
        ContentResponse response = httpClient.newRequest("https://www.google.com").timeout(20, TimeUnit.SECONDS).send();
        Assert.assertEquals(HttpStatus.OK_200, response.getStatus());
    } finally {
        httpClient.stop();
    }
}

Example 32 with SslContextFactory

use of org.eclipse.jetty.util.ssl.SslContextFactory in project jetty.project by eclipse.

the class SslConnectionFactoryTest method before.

@Before
public void before() throws Exception {
    String keystorePath = "src/test/resources/keystore";
    File keystoreFile = new File(keystorePath);
    if (!keystoreFile.exists())
        throw new FileNotFoundException(keystoreFile.getAbsolutePath());
    _server = new Server();
    HttpConfiguration http_config = new HttpConfiguration();
    http_config.setSecureScheme("https");
    http_config.setSecurePort(8443);
    http_config.setOutputBufferSize(32768);
    HttpConfiguration https_config = new HttpConfiguration(http_config);
    https_config.addCustomizer(new SecureRequestCustomizer());
    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setKeyStorePath(keystoreFile.getAbsolutePath());
    sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
    sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
    ServerConnector https = _connector = new ServerConnector(_server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(https_config));
    https.setPort(0);
    https.setIdleTimeout(30000);
    _server.addConnector(https);
    _server.setHandler(new AbstractHandler() {

        @Override
        public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
            response.setStatus(200);
            response.getWriter().write("url=" + request.getRequestURI() + "\nhost=" + request.getServerName());
            response.flushBuffer();
        }
    });
    _server.start();
    _port = https.getLocalPort();
}

Example 33 with SslContextFactory

use of org.eclipse.jetty.util.ssl.SslContextFactory in project jetty.project by eclipse.

the class SslContextFactoryReloadTest method testReloadWhileServing.

@Test
public void testReloadWhileServing() throws Exception {
    start(new EchoHandler());
    Scheduler scheduler = new ScheduledExecutorScheduler();
    scheduler.start();
    try {
        SSLContext ctx = SSLContext.getInstance("TLSv1.2");
        ctx.init(null, SslContextFactory.TRUST_ALL_CERTS, null);
        SSLSocketFactory socketFactory = ctx.getSocketFactory();
        // Perform 4 reloads while connections are being served.
        AtomicInteger reloads = new AtomicInteger(4);
        long reloadPeriod = 500;
        AtomicBoolean running = new AtomicBoolean(true);
        scheduler.schedule(new Runnable() {

            @Override
            public void run() {
                if (reloads.decrementAndGet() == 0) {
                    running.set(false);
                } else {
                    try {
                        sslContextFactory.reload(sslContextFactory -> {
                            if (sslContextFactory.getKeyStorePath().endsWith(KEYSTORE_1))
                                sslContextFactory.setKeyStorePath(KEYSTORE_2);
                            else
                                sslContextFactory.setKeyStorePath(KEYSTORE_1);
                        });
                        scheduler.schedule(this, reloadPeriod, TimeUnit.MILLISECONDS);
                    } catch (Exception x) {
                        running.set(false);
                        reloads.set(-1);
                    }
                }
            }
        }, reloadPeriod, TimeUnit.MILLISECONDS);
        byte[] content = new byte[16 * 1024];
        while (running.get()) {
            try (SSLSocket client = (SSLSocket) socketFactory.createSocket("localhost", connector.getLocalPort())) {
                // We need to invalidate the session every time we open a new SSLSocket.
                // This is because when the client uses session resumption, it caches
                // the server certificates and then checks that it is the same during
                // a new TLS handshake. If the SslContextFactory is reloaded during the
                // TLS handshake, the client will see the new certificate and blow up.
                // Note that browsers can handle this case better: they will just not
                // use session resumption and fallback to the normal TLS handshake.
                client.getSession().invalidate();
                String request1 = "" + "POST / HTTP/1.1\r\n" + "Host: localhost\r\n" + "Content-Length: " + content.length + "\r\n" + "\r\n";
                OutputStream outputStream = client.getOutputStream();
                outputStream.write(request1.getBytes(StandardCharsets.UTF_8));
                outputStream.write(content);
                outputStream.flush();
                InputStream inputStream = client.getInputStream();
                HttpTester.Response response1 = HttpTester.parseResponse(HttpTester.from(inputStream));
                Assert.assertNotNull(response1);
                Assert.assertThat(response1.getStatus(), Matchers.equalTo(HttpStatus.OK_200));
                String request2 = "" + "GET / HTTP/1.1\r\n" + "Host: localhost\r\n" + "Connection: close\r\n" + "\r\n";
                outputStream.write(request2.getBytes(StandardCharsets.UTF_8));
                outputStream.flush();
                HttpTester.Response response2 = HttpTester.parseResponse(HttpTester.from(inputStream));
                Assert.assertNotNull(response2);
                Assert.assertThat(response2.getStatus(), Matchers.equalTo(HttpStatus.OK_200));
            }
        }
        Assert.assertEquals(0, reloads.get());
    } finally {
        scheduler.stop();
    }
}

Example 34 with SslContextFactory

use of org.eclipse.jetty.util.ssl.SslContextFactory in project jetty.project by eclipse.

the class SslSelectChannelTimeoutTest method init.

@Before
public void init() throws Exception {
    String keystorePath = System.getProperty("basedir", ".") + "/src/test/resources/keystore";
    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setKeyStorePath(keystorePath);
    sslContextFactory.setKeyStorePassword("storepwd");
    sslContextFactory.setKeyManagerPassword("keypwd");
    sslContextFactory.setTrustStorePath(keystorePath);
    sslContextFactory.setTrustStorePassword("storepwd");
    ServerConnector connector = new ServerConnector(_server, 1, 1, sslContextFactory);
    //250 msec max idle
    connector.setIdleTimeout(MAX_IDLE_TIME);
    startServer(connector);
    KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
    try (InputStream stream = new FileInputStream(keystorePath)) {
        keystore.load(stream, "storepwd".toCharArray());
    }
    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustManagerFactory.init(keystore);
    __sslContext = SSLContext.getInstance("SSL");
    __sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
}

Example 35 with SslContextFactory

use of org.eclipse.jetty.util.ssl.SslContextFactory in project jetty.project by eclipse.

the class SslUploadTest method test.

@Test
@Ignore
public void test() throws Exception {
    KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
    SslContextFactory ctx = connector.getConnectionFactory(SslConnectionFactory.class).getSslContextFactory();
    try (InputStream stream = new FileInputStream(ctx.getKeyStorePath())) {
        keystore.load(stream, "storepwd".toCharArray());
    }
    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustManagerFactory.init(keystore);
    SSLContext sslContext = SSLContext.getInstance("SSL");
    sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
    final SSLSocket socket = (SSLSocket) sslContext.getSocketFactory().createSocket("localhost", connector.getLocalPort());
    // Simulate async close
    /*
        new Thread()
        {
            @Override
            public void run()
            {
                try
                {
                    sleep(100);
                    socket.close();
                }
                catch (IOException x)
                {
                    x.printStackTrace();
                }
                catch (InterruptedException x)
                {
                    Thread.currentThread().interrupt();
                }
            }
        }.start();
        */
    long start = System.nanoTime();
    OutputStream out = socket.getOutputStream();
    out.write("POST / HTTP/1.1\r\n".getBytes());
    out.write("Host: localhost\r\n".getBytes());
    out.write("Content-Length: 16777216\r\n".getBytes());
    out.write("Content-Type: bytes\r\n".getBytes());
    out.write("Connection: close\r\n".getBytes());
    out.write("\r\n".getBytes());
    out.flush();
    byte[] requestContent = new byte[16777216];
    Arrays.fill(requestContent, (byte) 120);
    out.write(requestContent);
    out.flush();
    InputStream in = socket.getInputStream();
    String response = IO.toString(in);
    assertTrue(response.indexOf("200") > 0);
    // System.err.println(response);
    // long end = System.nanoTime();
    // System.out.println("upload time: " + TimeUnit.NANOSECONDS.toMillis(end - start));
    assertEquals(requestContent.length, total);
}