[zookeeper] branch master updated: ZOOKEEPER-4333: QuorumSSLTest - testOCSP fails on JDK17

Wed, 28 Jul 2021 06:17:03 -0700 

This is an automated email from the ASF dual-hosted git repository.

ddiederen pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zookeeper.git


The following commit(s) were added to refs/heads/master by this push:
     new e7de1cf  ZOOKEEPER-4333: QuorumSSLTest - testOCSP fails on JDK17
e7de1cf is described below

commit e7de1cf04925b7e1d06f9add83d90760e5a7a241
Author: Enrico Olivelli <[email protected]>
AuthorDate: Wed Jul 28 13:15:22 2021 +0000

    ZOOKEEPER-4333: QuorumSSLTest - testOCSP fails on JDK17
    
    https://issues.apache.org/jira/browse/ZOOKEEPER-4333
    
    in JDK17 the OCSP request is sent in the URI and not inside the POST BODY
    
    Author: Enrico Olivelli <[email protected]>
    Author: Enrico Olivelli <[email protected]>
    
    Reviewers: Damien Diederen <[email protected]>
    
    Closes #1724 from eolivelli/fix/jdk17
---
 .../zookeeper/server/quorum/QuorumSSLTest.java     | 26 +++++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)

diff --git 
a/zookeeper-server/src/test/java/org/apache/zookeeper/server/quorum/QuorumSSLTest.java
 
b/zookeeper-server/src/test/java/org/apache/zookeeper/server/quorum/QuorumSSLTest.java
index ee7555a..ec8465c 100644
--- 
a/zookeeper-server/src/test/java/org/apache/zookeeper/server/quorum/QuorumSSLTest.java
+++ 
b/zookeeper-server/src/test/java/org/apache/zookeeper/server/quorum/QuorumSSLTest.java
@@ -34,6 +34,7 @@ import java.io.InputStream;
 import java.io.OutputStream;
 import java.math.BigInteger;
 import java.net.InetSocketAddress;
+import java.net.URLDecoder;
 import java.security.KeyPair;
 import java.security.KeyPairGenerator;
 import java.security.KeyStore;
@@ -45,6 +46,8 @@ import java.security.cert.Certificate;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Base64;
 import java.util.Calendar;
 import java.util.Date;
 import java.util.HashMap;
@@ -224,12 +227,24 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
         public void handle(com.sun.net.httpserver.HttpExchange httpExchange) 
throws IOException {
             byte[] responseBytes;
             try {
+                String uri = httpExchange.getRequestURI().toString();
+                LOG.info("OCSP request: {} {}", 
httpExchange.getRequestMethod(), uri);
+                httpExchange.getRequestHeaders().entrySet().forEach((e) -> {
+                    LOG.info("OCSP request header: {} {}", e.getKey(), 
e.getValue());
+                });
                 InputStream request = httpExchange.getRequestBody();
                 byte[] requestBytes = new byte[10000];
-                request.read(requestBytes);
+                int len = request.read(requestBytes);
+                LOG.info("OCSP request size {}", len);
 
+                if (len < 0) {
+                    String removedUriEncoding = 
URLDecoder.decode(uri.substring(1), "utf-8");
+                    LOG.info("OCSP request from URI no encoding {}", 
removedUriEncoding);
+                    requestBytes = 
Base64.getDecoder().decode(removedUriEncoding);
+                }
                 OCSPReq ocspRequest = new OCSPReq(requestBytes);
                 Req[] requestList = ocspRequest.getRequestList();
+                LOG.info("requestList {}", Arrays.toString(requestList));
 
                 DigestCalculator digestCalculator = new 
JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1);
 
@@ -243,16 +258,21 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
                     } else {
                         certificateStatus = CertificateStatus.GOOD;
                     }
-
+                    LOG.info("addResponse {} {}", certId, certificateStatus);
                     responseBuilder.addResponse(certId, certificateStatus, 
null);
                 }
 
                 X509CertificateHolder[] chain = new 
X509CertificateHolder[]{new JcaX509CertificateHolder(rootCertificate)};
                 ContentSigner signer = new 
JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(rootKeyPair.getPrivate());
                 BasicOCSPResp ocspResponse = responseBuilder.build(signer, 
chain, Calendar.getInstance().getTime());
-
+                LOG.info("response {}", ocspResponse);
                 responseBytes = new 
OCSPRespBuilder().build(OCSPRespBuilder.SUCCESSFUL, ocspResponse).getEncoded();
+                LOG.error("OCSP server response OK");
             } catch (OperatorException | CertificateEncodingException | 
OCSPException exception) {
+                LOG.error("Internal OCSP server error", exception);
+                responseBytes = new OCSPResp(new OCSPResponse(new 
OCSPResponseStatus(OCSPRespBuilder.INTERNAL_ERROR), null)).getEncoded();
+            } catch (Throwable exception) {
+                LOG.error("Internal OCSP server error", exception);
                 responseBytes = new OCSPResp(new OCSPResponse(new 
OCSPResponseStatus(OCSPRespBuilder.INTERNAL_ERROR), null)).getEncoded();
             }

Reply via email to