This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 878c2b71c9 Align with the other TLS tests
878c2b71c9 is described below
commit 878c2b71c9c0776df7481c8aebca5d5177b6d6e0
Author: remm <[email protected]>
AuthorDate: Fri Oct 10 11:57:20 2025 +0200
Align with the other TLS tests
---
.../tomcat/util/net/ocsp/TestOcspIntegration.java | 58 +++++++++++-----------
1 file changed, 30 insertions(+), 28 deletions(-)
diff --git a/test/org/apache/tomcat/util/net/ocsp/TestOcspIntegration.java
b/test/org/apache/tomcat/util/net/ocsp/TestOcspIntegration.java
index 8b8d0e62d6..418b1a1a1c 100644
--- a/test/org/apache/tomcat/util/net/ocsp/TestOcspIntegration.java
+++ b/test/org/apache/tomcat/util/net/ocsp/TestOcspIntegration.java
@@ -61,21 +61,19 @@ import javax.servlet.http.HttpServletResponse;
import org.junit.Assert;
import org.junit.Assume;
-import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameter;
import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.catalina.startup.Tomcat;
import org.apache.catalina.startup.TomcatBaseTest;
-import org.apache.tomcat.util.compat.JreCompat;
import org.apache.tomcat.util.net.Constants;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.apache.tomcat.util.net.TesterSupport;
-import org.apache.tomcat.util.net.openssl.OpenSSLImplementation;
import com.sun.net.httpserver.Headers;
import com.sun.net.httpserver.HttpServer;
@@ -95,41 +93,46 @@ public class TestOcspIntegration extends TomcatBaseTest {
private static final String CLIENT_KEYSTORE_PASS = "client-password";
private static final String OCSP_CLIENT_CERT_GOOD_RESPONSE =
"ocsp-client-good.der";
private static final String OCSP_CLIENT_CERT_REVOKED_RESPONSE =
"ocsp-client-revoked.der";
- @Parameterized.Parameters(name = "useFFM: {0}")
+
+ @Parameterized.Parameters(name = "{0}")
public static Collection<Object[]> parameters() {
List<Object[]> parameterSets = new ArrayList<>();
- parameterSets.add(new Object[] { Boolean.FALSE });
- parameterSets.add(new Object[] { Boolean.TRUE });
+ parameterSets.add(new Object[] {
+ "OpenSSL", Boolean.TRUE,
"org.apache.tomcat.util.net.openssl.OpenSSLImplementation"});
+ parameterSets.add(new Object[] {
+ "OpenSSL-FFM", Boolean.TRUE,
"org.apache.tomcat.util.net.openssl.panama.OpenSSLImplementation"});
+
return parameterSets;
}
- @Parameterized.Parameter
- public boolean ffm;
- @Before
- public void runtimeCheck() {
- if (ffm) {
- Assume.assumeTrue("FFM is not available.",
JreCompat.isJre22Available());
- }
- }
+ @Parameter(0)
+ public String connectorName;
+
+ @Parameter(1)
+ public boolean useOpenSSL;
+
+ @Parameter(2)
+ public String sslImplementationName;
+
@Test
public void testOcspGood_ClientVerifiesServerCertificateOnly() throws
Exception {
- Assert.assertEquals(HttpServletResponse.SC_OK,
testOCSP(OCSP_SERVER_CERT_GOOD_RESPONSE, false, true, ffm));
+ Assert.assertEquals(HttpServletResponse.SC_OK,
testOCSP(OCSP_SERVER_CERT_GOOD_RESPONSE, false, true));
}
@Test
public void testOcspGood_Mutual() throws Exception {
testOCSPWithClientResponder(OCSP_CLIENT_CERT_GOOD_RESPONSE,
- () -> Assert.assertEquals(HttpServletResponse.SC_OK,
testOCSP(OCSP_SERVER_CERT_GOOD_RESPONSE, true, true, ffm)));
+ () -> Assert.assertEquals(HttpServletResponse.SC_OK,
testOCSP(OCSP_SERVER_CERT_GOOD_RESPONSE, true, true)));
}
@Test
public void testOcspGood_ServerVerifiesClientCertificateOnly() throws
Exception {
testOCSPWithClientResponder(OCSP_CLIENT_CERT_GOOD_RESPONSE,
- () -> Assert.assertEquals(HttpServletResponse.SC_OK,
testOCSP(OCSP_SERVER_CERT_REVOKED_RESPONSE, true, false, ffm)));
+ () -> Assert.assertEquals(HttpServletResponse.SC_OK,
testOCSP(OCSP_SERVER_CERT_REVOKED_RESPONSE, true, false)));
}
@Test(expected = CertificateRevokedException.class)
public void testOcspRevoked_ClientVerifiesServerCertificateOnly() throws
Exception {
try {
- testOCSP(OCSP_SERVER_CERT_REVOKED_RESPONSE, false, true, ffm);
+ testOCSP(OCSP_SERVER_CERT_REVOKED_RESPONSE, false, true);
}catch (SSLHandshakeException sslHandshakeException) {
handleExceptionWhenRevoked(sslHandshakeException);
}
@@ -138,7 +141,7 @@ public class TestOcspIntegration extends TomcatBaseTest {
public void testOcspRevoked_Mutual() throws Exception {
try {
// The exception is thrown before server side verification, while
client does OCSP verification.
- testOCSP(OCSP_SERVER_CERT_REVOKED_RESPONSE, true, true, ffm);
+ testOCSP(OCSP_SERVER_CERT_REVOKED_RESPONSE, true, true);
}catch (SSLHandshakeException sslHandshakeException) {
handleExceptionWhenRevoked(sslHandshakeException);
}
@@ -146,18 +149,18 @@ public class TestOcspIntegration extends TomcatBaseTest {
@Test(expected = SSLHandshakeException.class)
public void testOcspRevoked_ServerVerifiesClientCertificateOnly() throws
Exception {
testOCSPWithClientResponder(OCSP_CLIENT_CERT_REVOKED_RESPONSE,
- () -> testOCSP(OCSP_SERVER_CERT_GOOD_RESPONSE, true, false,
ffm));
+ () -> testOCSP(OCSP_SERVER_CERT_GOOD_RESPONSE, true, false));
}
@Test
public void testOcsp_NoVerification() throws Exception {
testOCSPWithClientResponder(OCSP_CLIENT_CERT_REVOKED_RESPONSE,
- () -> Assert.assertEquals(HttpServletResponse.SC_OK,
testOCSP(OCSP_SERVER_CERT_REVOKED_RESPONSE, false, false, ffm)));
+ () -> Assert.assertEquals(HttpServletResponse.SC_OK,
testOCSP(OCSP_SERVER_CERT_REVOKED_RESPONSE, false, false)));
}
@Test
public void testOcspResponderUrlDiscoveryViaCertificateAIA() throws
Exception {
final int ocspPort = 8888;
Assume.assumeTrue("Port " + ocspPort + " is not available.",
isPortAvailable(ocspPort));
- Assert.assertEquals(HttpServletResponse.SC_OK,
testOCSP(OCSP_SERVER_CERT_GOOD_RESPONSE, false, true, ffm,
+ Assert.assertEquals(HttpServletResponse.SC_OK,
testOCSP(OCSP_SERVER_CERT_GOOD_RESPONSE, false, true,
true, ocspPort));
}
@FunctionalInterface
@@ -172,20 +175,19 @@ public class TestOcspIntegration extends TomcatBaseTest {
testOCSPAction.execute();
}
}
- private int testOCSP(String pathToOcspResponse, boolean
serverSideVerificationEnabled, boolean clientSideOcspVerificationEnabled,
boolean ffm) throws Exception {
- return testOCSP(pathToOcspResponse, serverSideVerificationEnabled,
clientSideOcspVerificationEnabled, ffm,
+ private int testOCSP(String pathToOcspResponse, boolean
serverSideVerificationEnabled, boolean clientSideOcspVerificationEnabled)
throws Exception {
+ return testOCSP(pathToOcspResponse, serverSideVerificationEnabled,
clientSideOcspVerificationEnabled,
false, 0);
}
- private int testOCSP(String pathToOcspResponse, boolean
serverSideVerificationEnabled, boolean clientSideOcspVerificationEnabled,
boolean ffm,
+ private int testOCSP(String pathToOcspResponse, boolean
serverSideVerificationEnabled, boolean clientSideOcspVerificationEnabled,
boolean clientDiscoversResponderFromAIA, int
ocspResponderPort) throws Exception {
File certificateFile = new File(getPath(SERVER_CERTIFICATE_PATH));
File certificateKeyFile = new
File(getPath(SERVER_CERTIFICATE_KEY_PATH));
File certificateChainFile = new File(getPath(CA_CERTIFICATE_PATH));
Tomcat tomcat = getTomcatInstance();
initSsl(tomcat, serverSideVerificationEnabled, certificateFile,
certificateKeyFile, certificateChainFile);
- TesterSupport.configureSSLImplementation(tomcat,
- ffm ?
"org.apache.tomcat.util.net.openssl.panama.OpenSSLImplementation" :
OpenSSLImplementation.class.getName(),
- true);
+
+ TesterSupport.configureSSLImplementation(tomcat,
sslImplementationName, useOpenSSL);
Context context = tomcat.addContext("", null);
Tomcat.addServlet(context, "simple", new
TesterSupport.SimpleServlet());
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
