From 666ee4ef600da97706a0b8cc6097951389e48391 Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Mon, 2 Dec 2019 10:57:15 -0600 Subject: [PATCH 1/6] Issue #4385 - Remove UnsupportedOperationException in SslContextFactory Signed-off-by: Joakim Erdfelt --- .../org/eclipse/jetty/util/ssl/SslContextFactory.java | 10 +++++++++- .../java/org/eclipse/jetty/util/ssl/X509Test.java | 11 +++++------ 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java index c81236f9b26f..e75b1486bd32 100644 --- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java +++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java @@ -1270,7 +1270,8 @@ protected KeyManager[] getKeyManagers(KeyStore keyStore) throws Exception @Deprecated protected X509ExtendedKeyManager newSniX509ExtendedKeyManager(X509ExtendedKeyManager keyManager) { - throw new UnsupportedOperationException("X509ExtendedKeyManager only supported on Server"); + LOG.warn("Using Deprecated SslContextFactory implementation, SNI does not work in this context, use SslContextFactory.Server instead."); + return null; } protected TrustManager[] getTrustManagers(KeyStore trustStore, Collection crls) throws Exception @@ -2178,6 +2179,13 @@ protected void checkConfiguration() checkEndPointIdentificationAlgorithm(); super.checkConfiguration(); } + + @Deprecated + protected X509ExtendedKeyManager newSniX509ExtendedKeyManager(X509ExtendedKeyManager keyManager) + { + // Overriding base implementation, as this context should have no WARN message. + return null; + } } @ManagedObject diff --git a/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/X509Test.java b/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/X509Test.java index 2445a7618316..8a0a25e03f31 100644 --- a/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/X509Test.java +++ b/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/X509Test.java @@ -26,10 +26,9 @@ import org.junit.jupiter.api.Test; import static org.hamcrest.MatcherAssert.assertThat; -import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.notNullValue; -import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.hamcrest.Matchers.nullValue; public class X509Test { @@ -161,8 +160,8 @@ public void testSniX509ExtendedKeyManager_BaseClass() throws Exception { SslContextFactory baseSsl = new SslContextFactory(); X509ExtendedKeyManager x509ExtendedKeyManager = getX509ExtendedKeyManager(baseSsl); - UnsupportedOperationException npe = assertThrows(UnsupportedOperationException.class, () -> baseSsl.newSniX509ExtendedKeyManager(x509ExtendedKeyManager)); - assertThat("UnsupportedOperationException.message", npe.getMessage(), containsString("X509ExtendedKeyManager only supported on Server")); + X509ExtendedKeyManager sniX509ExtendedKeyManager = baseSsl.newSniX509ExtendedKeyManager(x509ExtendedKeyManager); + assertThat("SNI X509 ExtendedKeyManager is undefined in this context", sniX509ExtendedKeyManager, nullValue()); } @Test @@ -170,8 +169,8 @@ public void testSniX509ExtendedKeyManager_ClientClass() throws Exception { SslContextFactory clientSsl = new SslContextFactory.Client(); X509ExtendedKeyManager x509ExtendedKeyManager = getX509ExtendedKeyManager(clientSsl); - UnsupportedOperationException re = assertThrows(UnsupportedOperationException.class, () -> clientSsl.newSniX509ExtendedKeyManager(x509ExtendedKeyManager)); - assertThat("UnsupportedOperationException.message", re.getMessage(), containsString("X509ExtendedKeyManager only supported on Server")); + X509ExtendedKeyManager sniX509ExtendedKeyManager = clientSsl.newSniX509ExtendedKeyManager(x509ExtendedKeyManager); + assertThat("SNI X509 ExtendedKeyManager is undefined in this context", sniX509ExtendedKeyManager, nullValue()); } @Test From e1d64af578a7270ac30dbd6eade1ca57aa79a1b5 Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Mon, 2 Dec 2019 12:00:21 -0600 Subject: [PATCH 2/6] Issue #4385 - Minimize impact of deprecated SNI mode on base class Signed-off-by: Joakim Erdfelt --- .../java/org/eclipse/jetty/util/ssl/SslContextFactory.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java index e75b1486bd32..f707b050bd33 100644 --- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java +++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java @@ -1271,7 +1271,7 @@ protected KeyManager[] getKeyManagers(KeyStore keyStore) throws Exception protected X509ExtendedKeyManager newSniX509ExtendedKeyManager(X509ExtendedKeyManager keyManager) { LOG.warn("Using Deprecated SslContextFactory implementation, SNI does not work in this context, use SslContextFactory.Server instead."); - return null; + return keyManager; } protected TrustManager[] getTrustManagers(KeyStore trustStore, Collection crls) throws Exception @@ -2184,7 +2184,7 @@ protected void checkConfiguration() protected X509ExtendedKeyManager newSniX509ExtendedKeyManager(X509ExtendedKeyManager keyManager) { // Overriding base implementation, as this context should have no WARN message. - return null; + return keyManager; } } From 816e34bddf137464ea0e6433315f49121d9d10d2 Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Mon, 2 Dec 2019 12:13:13 -0600 Subject: [PATCH 3/6] Issue #4385 - Base Class usage now is a WARN logging event in SNI usage Signed-off-by: Joakim Erdfelt --- .../jetty/util/ssl/SslContextFactory.java | 16 ++++++++---- .../org/eclipse/jetty/util/ssl/X509Test.java | 23 +++++++++++++++--- .../src/test/resources/keystore_sni.p12 | Bin 0 -> 7412 bytes 3 files changed, 30 insertions(+), 9 deletions(-) create mode 100644 jetty-util/src/test/resources/keystore_sni.p12 diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java index f707b050bd33..e16018b27c76 100644 --- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java +++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java @@ -1249,10 +1249,17 @@ protected KeyManager[] getKeyManagers(KeyStore keyStore) throws Exception // Is SNI needed to select a certificate? if (!_certWilds.isEmpty() || _certHosts.size() > 1 || (_certHosts.size() == 1 && _aliasX509.size() > 1)) { - for (int idx = 0; idx < managers.length; idx++) + if (this instanceof SslContextFactory.Server) { - if (managers[idx] instanceof X509ExtendedKeyManager) - managers[idx] = newSniX509ExtendedKeyManager((X509ExtendedKeyManager)managers[idx]); + for (int idx = 0; idx < managers.length; idx++) + { + if (managers[idx] instanceof X509ExtendedKeyManager) + managers[idx] = newSniX509ExtendedKeyManager((X509ExtendedKeyManager)managers[idx]); + } + } + else + { + LOG.warn("Unable to support SNI on {} (expecting {})", this.getClass().getName(), SslContextFactory.Server.class.getName()); } } } @@ -1270,8 +1277,7 @@ protected KeyManager[] getKeyManagers(KeyStore keyStore) throws Exception @Deprecated protected X509ExtendedKeyManager newSniX509ExtendedKeyManager(X509ExtendedKeyManager keyManager) { - LOG.warn("Using Deprecated SslContextFactory implementation, SNI does not work in this context, use SslContextFactory.Server instead."); - return keyManager; + throw new UnsupportedOperationException("X509ExtendedKeyManager only supported on " + SslContextFactory.Server.class.getName()); } protected TrustManager[] getTrustManagers(KeyStore trustStore, Collection crls) throws Exception diff --git a/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/X509Test.java b/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/X509Test.java index 8a0a25e03f31..0faf28eb38d6 100644 --- a/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/X509Test.java +++ b/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/X509Test.java @@ -18,17 +18,21 @@ package org.eclipse.jetty.util.ssl; +import java.nio.file.Path; import java.security.cert.X509Certificate; import javax.net.ssl.KeyManager; import javax.net.ssl.X509ExtendedKeyManager; +import org.eclipse.jetty.toolchain.test.MavenTestingUtils; +import org.eclipse.jetty.util.resource.PathResource; import org.eclipse.jetty.util.resource.Resource; import org.junit.jupiter.api.Test; import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.notNullValue; -import static org.hamcrest.Matchers.nullValue; +import static org.junit.jupiter.api.Assertions.assertThrows; public class X509Test { @@ -160,8 +164,19 @@ public void testSniX509ExtendedKeyManager_BaseClass() throws Exception { SslContextFactory baseSsl = new SslContextFactory(); X509ExtendedKeyManager x509ExtendedKeyManager = getX509ExtendedKeyManager(baseSsl); - X509ExtendedKeyManager sniX509ExtendedKeyManager = baseSsl.newSniX509ExtendedKeyManager(x509ExtendedKeyManager); - assertThat("SNI X509 ExtendedKeyManager is undefined in this context", sniX509ExtendedKeyManager, nullValue()); + UnsupportedOperationException npe = assertThrows(UnsupportedOperationException.class, () -> baseSsl.newSniX509ExtendedKeyManager(x509ExtendedKeyManager)); + assertThat("UnsupportedOperationException.message", npe.getMessage(), containsString("X509ExtendedKeyManager only supported on " + SslContextFactory.Server.class.getName())); + } + + @Test + public void testSniX509ExtendedKeyManager_BaseClass_Start() throws Exception + { + SslContextFactory baseSsl = new SslContextFactory(); + Path keystorePath = MavenTestingUtils.getTestResourcePathFile("keystore_sni.p12"); + baseSsl.setKeyStoreResource(new PathResource(keystorePath)); + baseSsl.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"); + baseSsl.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g"); + baseSsl.start(); // should not throw an exception } @Test @@ -170,7 +185,7 @@ public void testSniX509ExtendedKeyManager_ClientClass() throws Exception SslContextFactory clientSsl = new SslContextFactory.Client(); X509ExtendedKeyManager x509ExtendedKeyManager = getX509ExtendedKeyManager(clientSsl); X509ExtendedKeyManager sniX509ExtendedKeyManager = clientSsl.newSniX509ExtendedKeyManager(x509ExtendedKeyManager); - assertThat("SNI X509 ExtendedKeyManager is undefined in this context", sniX509ExtendedKeyManager, nullValue()); + assertThat("SNI X509 ExtendedKeyManager is undefined in Client mode", sniX509ExtendedKeyManager, is(x509ExtendedKeyManager)); } @Test diff --git a/jetty-util/src/test/resources/keystore_sni.p12 b/jetty-util/src/test/resources/keystore_sni.p12 new file mode 100644 index 0000000000000000000000000000000000000000..fab22bd8eb807b6d8899e039c0d3e1a146391913 GIT binary patch literal 7412 zcmd6LXH-+sx-AI_0YqA)2|_@6O{fXd1f&Zp2m;ax5PAs+NJlzIQE5t(4uXIfnpA0m zAksuYIttReAms+jJs$5F=Z*V*yz`RmvG=#u-Xm+THNW}IHIG-0R|p6QfcOK9KL7+^ zC#((H6@R6nPqgw4-%|q*0=|Tk6Or-}0YCs=AQb=rCIAHivuFix^72Tt!|%G%o|s;h zqd6vSigJX+8FC^XyG0q@@I#NYdkk;cg0z-M7q~xJK1h^L8Z6uEY1BMS;PYbKyZ2^4 zeLoT&K`X%*tG~va&RmU36UvI=;WXZCqu_Ktj z-`WF?pqw)fmw9AvZQ}*J)(tDdjJ2OcA?Lw4c2}#4O75m%F`dJshYKH@>&cv%+`TDV z3_VroU#R&-Lc(;R51rEa_gc-&Q#r}r-)FQ*aHU&`TnL`?e8sG2^9*<#A2Ib|m7OUd zpywR6`HL8%{YFP3-TZ)e--Po?S+DUPKnG(su2C#JdpS=%DQU!+^5Sa3rhds`?-%XRACOEqVyzEP&!CR(Bwcn^$=$aj930RI{T5|J9e@sfShYU1*Cg1M7&Y|rpCdlAJI zMMBdgb*hgQX|uEb#tqtM7=@m)pGo3MviJ8qIiVy|FmBW zP-kb@loG|7Y)7`!%SDqgDwA%zu4{qiwsubo)8|A)So+7P#9vta#PcmdF*pj3;~+ea z{op}>FPVfu01ya5>)jHBpCuyU4OI!oc8n%LMX+ZJ9h-pKU)PYoE+fH zbY~G_a1mh%xG(~RKpFf9#f8Owh5wN;1!nv?Gx&Tb42&Uw2Sxw`0|^>5eQ#%mPcBJx z>Mq!r7-R^y0ru`TKQJp8#f4f4FTn)d*v^{L)b^w;%U^hFD4DvNVE4q&|8nw86E5AZ z&)_ocrs*NcYmW5`>IR}qPZbZBsJr%ISse>=9d*jhgUh`uS8r{|n-AL0^nF^nnv5I% z>X?1b8i!hdQpRWP&efxUga86SHY=P3egQwD7sx@hpmSS2peZ|yFx;L&#e+kN({zhr zj`Ghpz^^SKe(1#hEK&w_ZuBcHTOq9{o7G5b8sfe9qC%R+ePz=(TXE`(+SO?;_fw8C zKi-}I2+zVe{m!e^pGTT-zcuI3j9hrLlD~&LxxddO@XSd#NWHurxbmnEqUG_O^_yVV zxr*@4p~=k@2CF1tRD|6P+w2bA;{~nv-2|_SJL)0cnfIV!eJ6tj1G3Fl+I^ z#Qh6`eF_H22UnS|B(j1`t3PMI9(#&e=D5AbP>=&GS@t#`>J-G$8nPy-uca_WtSJf7 zM)})@JE>@~8ftN_mUw>TW+R({s)aWJm7IE4Tgxas-yrPVRGG8S^Wya| z_IJIuLXO*qmr`$HFgnJYQfqzM{35=p*_|aP@d+}m=zPft=ZmjN)kLBPCa|#^7|W0G zZEljdE#h_JCsyIj1>r&W$4f8OaZ9;tU`PgX=?3XSOfW6|Dl}VJ@%wC7-*N{ktdEp$ zX}!YIo)3#PbT4}@O~lk5e$LKjqR}g$Ol33coz2Sdafk`BYA+=sCH4D678CX;g+zZ6 zQ|*5>p@Z&GUvGloVTMjqnkgZ6*h=bWF2&y;Z1!7@)=N+UH z)|ql8#H?Z+rF2NdOY=S)Aq4++6lBinzhP=at*z5XsOr*Z!+xFEs}SYc)%49hf_R{? zr*$WIZwrs!Q^oL`VMFmi#1-mfr+MJ400BG$#2SL7eZwA-8Af)v?Q`|Z=pOgEKMJQi%o0DB z{<+gCj@X=NRFlst=e)?jV%Z%8pX>4+X&apcsZZ*8$JSN{g^&MQ-&2;QBRhFTy-<6% zco*>T3;g!l=E%N$_|g!LcC^1a-2Qra{#J99#aKHy&ZomFQ9PpCM~K-&bIv)8hoBUS z>vvsiEyTRLrbeK{RoS98*VZv=K7SHcSRnn;H`TXsCpb~2k~$72Z_e1ApeBAsMB_6% zNG-3q(M-!QA-gKrTYJ6^4@w{b#M;Ty%+m4)&ra^XtNw44625^45w_uxTJjU60D`|> z0Uj8PI0Gj+#S#$|cvJf~VDSRrvMa{h$vJ>n_C+vok6Bed`cEw_>FcxN5H0-iF*2c*dgY|+5 zz?6kgAqz+0zX| z?$t-RER0;A?6~~ov1?(?m7%WO;6wgiCzX+jAlm5uAf zogdYQ(9O&dUxm=tRj>y99+nUu1UjADzjmvjB?D3?lVSka%**^8;DXatcZD8mx+i@B zwQZgH^cEPykR>M@lZJP>nSBYhMEkc!84@~}=Prr7r3<;!EA(nUHy(0^Yl1Jdy-vm< zU{@)lMAOq&yw>pK+4{TbO02rLXX(%@d!!BhvVP%HZT4EvV|dh3X+(t;MV4S>w&KZ* zddP#&_c100=@Nw&3|i%%URZGIU9Nphg!Bw?YkiT57FDmSf`NB$Fitrr7tZuu;n~!$ zA=%cnlATng$AX2>)eDN*^RoTTK2<^{QZRr1VpkgW1KN>!eOIw~Q&^&lP+l#_L~P}p zWHV6A#hj1~VXIN!p+$w1>=9ZYE?3X4eTBUKh>y;YPApN~bozxCim3PpwhTx;0I{aRGS^ykM!`duAEYHboM0!<8Jsyj8LnXf16H2xu=a zq~%_(O!2<9MttN3o$_yY@drGEvOY|dcSkZfgpLJq5v4$xy0-7=iLG4e{vO{4i+Rs% z<|DSf>TaV+UW4|9JFFIexG`w?jr@|?1^&kkXwwbJzbYngMi0Kw7t?3*e@2_YxL}y zWT$Ko(lLPyZU(<<6UtD0B>I@Rkb2I-8nyH|Ll9*Yz!kd`4lpP-+6QM0y>|5K4&Q(B zfmCb$RhjBMSUFlOO;*;Mzasfl9qMlD!AEg7~^e%9nI1}P`^-D zNb6Nfv*fv}5It?B;=>!L2TGM=`7lP#?AV#tZQ{X_%~N*S2~SsMbGzr%YY1yo$40 zsqQ6;i#YaS>ehR~Z4bZK$Z@Vw26sdzdJSgGAs#(_LAO*CZHW#9Oq=cyhC0j<8y2=) z{eE5L%-C+~`i0m^Dgr~gKEBO~pnto17D^SepxS=~=$A%Q%vWmEV=ROg5|JndN*pZRV;=xcKa?XVg+&x*%?i z!X7?1ahE445*(&SY-GCM24eJ#D?5btvmu(1A2&bQ8z;m9dtiziF9>5pC7s=dJUWRW ze#ri%@jcqQb!mBzN*|P*cnXB$zOORR({LzDlE&%vpG>Yg)rmWKUuJ$|ThBpits zGvZ=+=L0Wogik~GukiozX#P(UCS=*8E62r%#iQgYcVjkF0qkD+k-|$Sua2UJzUw@} zB+WP1RjR*a(~|{RX^nF;*dwE4xf*)vViB3x9=Wi(`WA3D)^J13g*Qp&>=i)vjR$ zS5hkTYQ}3J_wB>n99;Kp9Nl2e6B42Y1)qtvU+5`Afh^#{x^`medkTfFe9}xhMgDho zj20BoRfCiENc-}>?z;Vf{`$euuxoiq3b2T+%E~LWHlXpRgi(ac|DjO0jHkCsuAe=yMUGQEQ8{uUJU$75vz{s( zDiB@=2c0=Jx$sMVDuIJY9DZN^1-l<2#wD+elZ;}5>^RibRF%+3;hC3<#eHjITW;v? z7Q~xdQx4|T2kSo&>`)N)3oJT3!dXf3?`#QYs``IVk#3R`EoAIKUDl4?=zc)rs|nJ1 z$gE{#cQ1`59(#Xl5u5Oi>utH2kqBzJQhj&RT}SI>6qVP!tXnL|;=#3JmOkS=$~*1{ zU!{g=t_+~*?_4=buE`-aHxVl^<9iG=UzEEZmq{YW zJs4RNmcw9pw)6V24s&wIW>EB`R(9H!JH_XkittDB-8&#xxb5&kVE*i+$tSI0qoR^W zoz@Wq!}_8$mb;YM72Bj!UbtW-6k?&w=*{X0u&Et5{S|DEMg_u@gC zD@nvKSP!b8KUUu;J;&tV$NIgDWdL{Ieo=_M;OjWsSFR5QDVZ`99FmfhIXm*VPTKS; zW)~%ScT?F>gUX0*G}w|uK4Cg+d5cuH6)Z5QX6&QfM)WA6iz|FWDkF^?t+P*ko)!fO zdagGp_M%1P3$g5#MTlOyBlHw_;sdZ^Lpg;!MD~3>|8%^ru9tM4FA*~fXzhu8{ zkeY^DbTlNl*cWO#P+heEa0KUh6OYNck@6NITeOc68~ldnyhfGCtQloZC030VaEIS# z>EtS8KA=bDuz}vB=`qK)zBMlA-k|e7+60cc(alHV_ERZvY$2KIG5#&}xhh`;R;wr< zs}R4U8l#KOD_L_RmYqm9WNg}x#cf0-x#F6a%}7r5UB%Y` zQSMOmwkwWWvndsP{&Uj2^I7}kyjnx}ImV6S^HIVBqXN$d9%-er^EJIBZHS$*yv;>n zmi#bTLh7iUoElEi?88gZ`VINY-hfY+eC*9cee98({?3K_jJ{&=%Pe9!0j8hS{b(o} zGc~+Jv-ub3R5W0r6G1Y0^C?9srEPiuTI*;Fr62 zxz$BvPaJjh+>bf>66!WnsnexPc&lq`WKgVcEP^GHzmU1F+j97w{ioss48Rv2AN+1` z{#WtQ-H5#Q7Yo2${x6HqAC}NBll@oAAGSLU9QvaGk&*EVS~@wHVSZ53FF!~Wj^9m- zAmQ*|evk%^TW;TA*0R4BEkv1Zd;*PiXPv%3meY}Z`M@>Ddbo~A#CWB!#H^piwmN__1DUtnnB7%ay3e*7@`BdF>i4N`dfjA0Y3S?+)*3_HJ5n}=%UH0 zRgGZ<_(Jtp@fto;SIOIQ?_WFe QCJTR literal 0 HcmV?d00001 From 5b1f9d5f159b385f3ca60f0ab47df165114f6d78 Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Mon, 2 Dec 2019 12:15:02 -0600 Subject: [PATCH 4/6] Issue #4385 - Client no longer needs override. Signed-off-by: Joakim Erdfelt --- .../java/org/eclipse/jetty/util/ssl/SslContextFactory.java | 7 ------- 1 file changed, 7 deletions(-) diff --git a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java index e16018b27c76..f141b846bec8 100644 --- a/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java +++ b/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java @@ -2185,13 +2185,6 @@ protected void checkConfiguration() checkEndPointIdentificationAlgorithm(); super.checkConfiguration(); } - - @Deprecated - protected X509ExtendedKeyManager newSniX509ExtendedKeyManager(X509ExtendedKeyManager keyManager) - { - // Overriding base implementation, as this context should have no WARN message. - return keyManager; - } } @ManagedObject From 65738e770fefc7a0bf2214a6c2a59dc01456c0ff Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Mon, 2 Dec 2019 16:00:37 -0600 Subject: [PATCH 5/6] Issue #4385 - Fixing client testcase assertion Signed-off-by: Joakim Erdfelt --- .../src/test/java/org/eclipse/jetty/util/ssl/X509Test.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/X509Test.java b/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/X509Test.java index 0faf28eb38d6..f5e649eb0a6a 100644 --- a/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/X509Test.java +++ b/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/X509Test.java @@ -184,8 +184,8 @@ public void testSniX509ExtendedKeyManager_ClientClass() throws Exception { SslContextFactory clientSsl = new SslContextFactory.Client(); X509ExtendedKeyManager x509ExtendedKeyManager = getX509ExtendedKeyManager(clientSsl); - X509ExtendedKeyManager sniX509ExtendedKeyManager = clientSsl.newSniX509ExtendedKeyManager(x509ExtendedKeyManager); - assertThat("SNI X509 ExtendedKeyManager is undefined in Client mode", sniX509ExtendedKeyManager, is(x509ExtendedKeyManager)); + UnsupportedOperationException npe = assertThrows(UnsupportedOperationException.class, () -> clientSsl.newSniX509ExtendedKeyManager(x509ExtendedKeyManager)); + assertThat("SNI X509 ExtendedKeyManager is unsupported in Client mode", npe.getMessage(), containsString("X509ExtendedKeyManager only supported on " + SslContextFactory.Server.class.getName())); } @Test From d1376c71ebb4d5fcd4d56b65b8851ede9b8ac7e9 Mon Sep 17 00:00:00 2001 From: Joakim Erdfelt Date: Mon, 2 Dec 2019 16:02:18 -0600 Subject: [PATCH 6/6] Issue #4385 - Correcting exception variable name. Signed-off-by: Joakim Erdfelt --- .../test/java/org/eclipse/jetty/util/ssl/X509Test.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/X509Test.java b/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/X509Test.java index f5e649eb0a6a..a893be2d9ebe 100644 --- a/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/X509Test.java +++ b/jetty-util/src/test/java/org/eclipse/jetty/util/ssl/X509Test.java @@ -164,8 +164,8 @@ public void testSniX509ExtendedKeyManager_BaseClass() throws Exception { SslContextFactory baseSsl = new SslContextFactory(); X509ExtendedKeyManager x509ExtendedKeyManager = getX509ExtendedKeyManager(baseSsl); - UnsupportedOperationException npe = assertThrows(UnsupportedOperationException.class, () -> baseSsl.newSniX509ExtendedKeyManager(x509ExtendedKeyManager)); - assertThat("UnsupportedOperationException.message", npe.getMessage(), containsString("X509ExtendedKeyManager only supported on " + SslContextFactory.Server.class.getName())); + UnsupportedOperationException ex = assertThrows(UnsupportedOperationException.class, () -> baseSsl.newSniX509ExtendedKeyManager(x509ExtendedKeyManager)); + assertThat("UnsupportedOperationException.message", ex.getMessage(), containsString("X509ExtendedKeyManager only supported on " + SslContextFactory.Server.class.getName())); } @Test @@ -184,8 +184,8 @@ public void testSniX509ExtendedKeyManager_ClientClass() throws Exception { SslContextFactory clientSsl = new SslContextFactory.Client(); X509ExtendedKeyManager x509ExtendedKeyManager = getX509ExtendedKeyManager(clientSsl); - UnsupportedOperationException npe = assertThrows(UnsupportedOperationException.class, () -> clientSsl.newSniX509ExtendedKeyManager(x509ExtendedKeyManager)); - assertThat("SNI X509 ExtendedKeyManager is unsupported in Client mode", npe.getMessage(), containsString("X509ExtendedKeyManager only supported on " + SslContextFactory.Server.class.getName())); + UnsupportedOperationException ex = assertThrows(UnsupportedOperationException.class, () -> clientSsl.newSniX509ExtendedKeyManager(x509ExtendedKeyManager)); + assertThat("SNI X509 ExtendedKeyManager is unsupported in Client mode", ex.getMessage(), containsString("X509ExtendedKeyManager only supported on " + SslContextFactory.Server.class.getName())); } @Test