| /* |
| * Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| package org.apache.catalina.manager; |
| |
| import java.io.File; |
| import java.net.InetAddress; |
| import java.util.ArrayList; |
| import java.util.Collection; |
| import java.util.List; |
| |
| import jakarta.servlet.http.HttpServletResponse; |
| |
| import org.junit.Assert; |
| import org.junit.Test; |
| import org.junit.runner.RunWith; |
| import org.junit.runners.Parameterized; |
| import org.junit.runners.Parameterized.Parameter; |
| |
| import static org.apache.catalina.startup.SimpleHttpClient.CRLF; |
| import org.apache.catalina.Context; |
| import org.apache.catalina.authenticator.TestBasicAuthParser.BasicAuthHeader; |
| import org.apache.catalina.connector.Connector; |
| import org.apache.catalina.startup.SimpleHttpClient; |
| import org.apache.catalina.startup.Tomcat; |
| import org.apache.catalina.startup.TomcatBaseTest; |
| import org.apache.tomcat.util.buf.ByteChunk; |
| import org.apache.tomcat.util.net.TesterSupport; |
| import org.apache.tomcat.websocket.server.WsContextListener; |
| |
| /** |
| * The keys and certificates used in this file are all available in svn and were generated using a test CA the files for |
| * which are in the Tomcat PMC private repository since not all of them are AL2 licensed. |
| */ |
| @RunWith(Parameterized.class) |
| public class TestManagerWebappSsl extends TomcatBaseTest { |
| |
| @Parameterized.Parameters(name = "{0}") |
| public static Collection<Object[]> parameters() { |
| List<Object[]> parameterSets = new ArrayList<>(); |
| parameterSets.add(new Object[] { "JSSE", Boolean.FALSE, "org.apache.tomcat.util.net.jsse.JSSEImplementation" }); |
| parameterSets.add( |
| new Object[] { "OpenSSL", Boolean.TRUE, "org.apache.tomcat.util.net.openssl.OpenSSLImplementation" }); |
| parameterSets.add(new Object[] { "OpenSSL-FFM", Boolean.TRUE, |
| "org.apache.tomcat.util.net.openssl.panama.OpenSSLImplementation" }); |
| |
| return parameterSets; |
| } |
| |
| @Parameter(0) |
| public String connectorName; |
| |
| @Parameter(1) |
| public boolean useOpenSSL; |
| |
| @Parameter(2) |
| public String sslImplementationName; |
| |
| |
| @Test |
| public void testConnectors() throws Exception { |
| TesterSupport.configureClientSsl(); |
| |
| Tomcat tomcat = getTomcatInstance(); |
| tomcat.addUser("admin", "sekr3t"); |
| tomcat.addRole("admin", "manager-gui"); |
| tomcat.addRole("admin", "manager-script"); |
| tomcat.addRole("admin", "manager-jmx"); |
| tomcat.addRole("admin", "manager-status"); |
| |
| File webappDir = new File(getBuildDirectory(), "webapps"); |
| |
| // Add manager webapp |
| File appDir = new File(webappDir, "manager"); |
| tomcat.addWebapp(null, "/manager", appDir.getAbsolutePath()); |
| |
| appDir = new File(webappDir, "examples"); |
| Context ctxt = tomcat.addWebapp(null, "/examples", appDir.getAbsolutePath()); |
| ctxt.addApplicationListener(WsContextListener.class.getName()); |
| |
| TesterSupport.initSsl(tomcat); |
| TesterSupport.configureSSLImplementation(tomcat, sslImplementationName, useOpenSSL); |
| |
| tomcat.start(); |
| |
| ByteChunk res = getUrl("https://localhost:" + getPort() + "/examples/servlets/servlet/HelloWorldExample"); |
| Assert.assertTrue(res.toString().indexOf("<a href=\"../helloworld.html\">") > 0); |
| |
| // Add a regular connector |
| String protocol = getProtocol(); |
| Connector connector = new Connector(protocol); |
| // Listen only on localhost |
| Assert.assertTrue(connector.setProperty("address", InetAddress.getByName("localhost").getHostAddress())); |
| // Use random free port |
| connector.setPort(0); |
| // By default, a connector failure means a failed test |
| connector.setThrowOnFailure(true); |
| tomcat.setConnector(connector); |
| |
| SimpleHttpClient client = new SimpleHttpClient() { |
| @Override |
| public boolean isResponseBodyOK() { |
| return true; |
| } |
| }; |
| client.setPort(connector.getLocalPort()); |
| String basicHeader = (new BasicAuthHeader("Basic", "admin", "sekr3t")).getHeader().toString(); |
| |
| // @formatter:off |
| client.setRequest(new String[] { |
| "GET /manager/text/sslConnectorCiphers HTTP/1.1" + CRLF + |
| "Host: localhost" + CRLF + |
| "Authorization: " + basicHeader + CRLF + |
| "Connection: Close" + CRLF + |
| CRLF |
| }); |
| // @formatter:on |
| client.connect(); |
| client.processRequest(true); |
| Assert.assertEquals(HttpServletResponse.SC_OK, client.getStatusCode()); |
| Assert.assertTrue(client.getResponseBody().contains(" -")); |
| |
| // @formatter:off |
| client.setRequest(new String[] { |
| "GET /manager/text/sslConnectorCerts HTTP/1.1" + CRLF + |
| "Host: localhost" + CRLF + |
| "Authorization: " + basicHeader + CRLF + |
| "Connection: Close" + CRLF + |
| CRLF |
| }); |
| // @formatter:on |
| client.connect(); |
| client.processRequest(true); |
| Assert.assertEquals(HttpServletResponse.SC_OK, client.getStatusCode()); |
| Assert.assertTrue(client.getResponseBody().contains("Subject: CN=localhost")); |
| |
| // @formatter:off |
| client.setRequest(new String[] { |
| "GET /manager/text/sslConnectorTrustedCerts HTTP/1.1" + CRLF + |
| "Host: localhost" + CRLF + |
| "Authorization: " + basicHeader + CRLF + |
| "Connection: Close" + CRLF + |
| CRLF |
| }); |
| // @formatter:on |
| client.connect(); |
| client.processRequest(true); |
| Assert.assertEquals(HttpServletResponse.SC_OK, client.getStatusCode()); |
| Assert.assertFalse(client.getResponseBody().contains("Subject: CN=localhost")); |
| Assert.assertTrue(client.getResponseBody().contains("Subject: CN=Apache Tomcat Test CA")); |
| |
| // @formatter:off |
| client.setRequest(new String[] { |
| "GET /manager/text/sslReload HTTP/1.1" + CRLF + |
| "Host: localhost" + CRLF + |
| "Authorization: " + basicHeader + CRLF + |
| "Connection: Close" + CRLF + |
| CRLF |
| }); |
| // @formatter:on |
| client.connect(); |
| client.processRequest(true); |
| Assert.assertEquals(HttpServletResponse.SC_OK, client.getStatusCode()); |
| Assert.assertTrue(client.getResponseBody().contains(" -")); |
| |
| // @formatter:off |
| client.setRequest(new String[] { |
| "GET /manager/text/sslConnectorCerts HTTP/1.1" + CRLF + |
| "Host: localhost" + CRLF + |
| "Authorization: " + basicHeader + CRLF + |
| "Connection: Close" + CRLF + |
| CRLF |
| }); |
| // @formatter:on |
| client.connect(); |
| client.processRequest(true); |
| Assert.assertEquals(HttpServletResponse.SC_OK, client.getStatusCode()); |
| Assert.assertTrue(client.getResponseBody().contains("Subject: CN=localhost")); |
| |
| Assert.assertTrue(res.toString().indexOf("<a href=\"../helloworld.html\">") > 0); |
| } |
| } |