Skip to content

Commit

Permalink
Issue jetty#12428 - ALPN Processor for Bouncy Castle FIPS - Fix test
Browse files Browse the repository at this point in the history
  • Loading branch information
Luca Rota committed Dec 19, 2024
1 parent 5a52e7f commit 0673aef
Show file tree
Hide file tree
Showing 11 changed files with 59 additions and 46 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
<parent>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-alpn</artifactId>
<version>12.0.16-SNAPSHOT</version>
<version>12.0.17-SNAPSHOT</version>
</parent>
<artifactId>jetty-alpn-bouncycastle-client</artifactId>
<name>Core :: ALPN :: Bouncy Castle Client</name>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,16 @@
// ========================================================================
//

import org.eclipse.jetty.alpn.bouncycastle.client.BouncyCastleClientALPNProcessor;

module org.eclipse.jetty.alpn.bouncycastle.client
{
requires org.slf4j;

requires transitive org.eclipse.jetty.alpn.client;
requires org.bouncycastle.fips.core;
requires org.bouncycastle.fips.tls;

provides org.eclipse.jetty.io.ssl.ALPNProcessor.Client with
org.eclipse.jetty.alpn.bouncycastle.client.BouncycastleClientALPNProcessor;
BouncyCastleClientALPNProcessor;
}
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@
import java.util.List;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;

import org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider;
import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
import org.eclipse.jetty.alpn.client.ALPNClientConnection;
import org.eclipse.jetty.io.Connection;
Expand All @@ -26,14 +28,21 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class BouncycastleClientALPNProcessor implements ALPNProcessor.Client
public class BouncyCastleClientALPNProcessor implements ALPNProcessor.Client
{
private static final Logger LOG = LoggerFactory.getLogger(BouncycastleClientALPNProcessor.class);
private static final Logger LOG = LoggerFactory.getLogger(BouncyCastleClientALPNProcessor.class);

@Override
public void init()
{
if (Security.getProvider("BCJSSE") == null)
/* Required to instantiate a DEFAULT SecureRandom */
if (Security.getProvider(BouncyCastleFipsProvider.PROVIDER_NAME) == null)
{
Security.addProvider(new BouncyCastleFipsProvider());
if (LOG.isDebugEnabled())
LOG.debug("Added BouncyCastle FIPS provider");
}
if (Security.getProvider(BouncyCastleJsseProvider.PROVIDER_NAME) == null)
{
Security.addProvider(new BouncyCastleJsseProvider());
if (LOG.isDebugEnabled())
Expand Down Expand Up @@ -92,7 +101,7 @@ public void handshakeSucceeded(Event event)
}
catch (Throwable e)
{
LOG.warn("Unable to process Bouncycastle ApplicationProtocol for {}", alpnConnection, e);
LOG.warn("Unable to process BouncyCastle ApplicationProtocol for {}", alpnConnection, e);
alpnConnection.selected(null);
}
}
Expand Down
Original file line number Diff line number Diff line change
@@ -1 +1 @@
org.eclipse.jetty.alpn.bouncycastle.client.BouncycastleClientALPNProcessor
org.eclipse.jetty.alpn.bouncycastle.client.BouncyCastleClientALPNProcessor
Original file line number Diff line number Diff line change
Expand Up @@ -11,15 +11,15 @@
// ========================================================================
//

package org.eclipse.jetty.alpn.java.client;

import static org.junit.jupiter.api.Assertions.assertTrue;
package org.eclipse.jetty.alpn.bouncycastle.client;

import java.net.InetSocketAddress;
import java.net.Socket;
import java.security.Security;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;

import org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider;
import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
import org.eclipse.jetty.http.HttpFields;
import org.eclipse.jetty.http.HttpURI;
Expand All @@ -37,20 +37,24 @@
import org.junit.jupiter.api.Tag;
import org.junit.jupiter.api.Test;

public class BouncycastleHTTP2ClientTest
import static org.junit.jupiter.api.Assertions.assertTrue;

public class BouncyCastleHTTP2ClientTest
{
@Tag("external")
@Test
public void testBouncycastleHTTP2Client() throws Exception
public void testBouncyCastleHTTP2Client() throws Exception
{
String host = "webtide.com";
int port = 443;

Assumptions.assumeTrue(canConnectTo(host, port));

Security.insertProviderAt(new BouncyCastleJsseProvider(), 1);
/* Required to instantiate a DEFAULT SecureRandom */
Security.insertProviderAt(new BouncyCastleFipsProvider(), 1);
Security.insertProviderAt(new BouncyCastleJsseProvider(), 2);
SslContextFactory.Client sslContextFactory = new SslContextFactory.Client();
sslContextFactory.setProvider("BCJSSE");
sslContextFactory.setProvider(BouncyCastleJsseProvider.PROVIDER_NAME);

try (HTTP2Client client = new HTTP2Client())
{
Expand Down
4 changes: 2 additions & 2 deletions jetty-core/jetty-alpn/jetty-alpn-bouncycastle-server/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
<parent>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-alpn</artifactId>
<version>12.0.16-SNAPSHOT</version>
<version>12.0.17-SNAPSHOT</version>
</parent>
<artifactId>jetty-alpn-bouncycastle-server</artifactId>
<name>Core :: ALPN :: Bouncy Castle Server</name>
Expand Down Expand Up @@ -33,7 +33,7 @@
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-alpn-conscrypt-client</artifactId>
<artifactId>jetty-alpn-bouncycastle-client</artifactId>
<scope>test</scope>
</dependency>
<dependency>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,15 +11,16 @@
// ========================================================================
//

import org.eclipse.jetty.alpn.bouncycastle.server.BouncycastleServerALPNProcessor;
import org.eclipse.jetty.alpn.bouncycastle.server.BouncyCastleServerALPNProcessor;

module org.eclipse.jetty.alpn.conscrypt.server
module org.eclipse.jetty.alpn.bouncycastle.server
{
requires org.slf4j;

requires transitive org.eclipse.jetty.alpn.server;
requires org.bouncycastle.fips.core;
requires org.bouncycastle.fips.tls;

provides org.eclipse.jetty.io.ssl.ALPNProcessor.Server with
BouncycastleServerALPNProcessor;
BouncyCastleServerALPNProcessor;
}
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
import java.util.List;
import java.util.function.BiFunction;
import javax.net.ssl.SSLEngine;

import org.eclipse.jetty.alpn.server.ALPNServerConnection;
import org.eclipse.jetty.io.Connection;
import org.eclipse.jetty.io.ssl.ALPNProcessor;
Expand All @@ -24,9 +25,9 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class BouncycastleServerALPNProcessor implements ALPNProcessor.Server
public class BouncyCastleServerALPNProcessor implements ALPNProcessor.Server
{
private static final Logger LOG = LoggerFactory.getLogger(BouncycastleServerALPNProcessor.class);
private static final Logger LOG = LoggerFactory.getLogger(BouncyCastleServerALPNProcessor.class);

@Override
public boolean appliesTo(SSLEngine sslEngine)
Expand Down
Original file line number Diff line number Diff line change
@@ -1 +1 @@
org.eclipse.jetty.alpn.bouncycastle.server.BouncycastleServerALPNProcessor
org.eclipse.jetty.alpn.bouncycastle.server.BouncyCastleServerALPNProcessor
Original file line number Diff line number Diff line change
Expand Up @@ -11,14 +11,15 @@
// ========================================================================
//

package org.eclipse.jetty.alpn.conscrypt.server;
package org.eclipse.jetty.alpn.bouncycastle.server;

import java.io.File;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.Security;

import org.conscrypt.OpenSSLProvider;
import org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider;
import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
import org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory;
import org.eclipse.jetty.client.ContentResponse;
import org.eclipse.jetty.client.HttpClient;
Expand All @@ -36,24 +37,20 @@
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.util.Callback;
import org.eclipse.jetty.util.JavaVersion;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.condition.DisabledOnOs;

import static org.junit.jupiter.api.Assertions.assertEquals;

/**
* Test server that verifies that the Conscrypt ALPN mechanism works for both server and client side
*/
@DisabledOnOs(architectures = "aarch64", disabledReason = "Conscrypt does not provide aarch64 native libs as of version 2.5.2")
public class ConscryptHTTP2ServerTest
public class BouncyCastleHTTP2ServerTest
{
static
{
Security.addProvider(new OpenSSLProvider());
/* Required to instantiate a DEFAULT SecureRandom */
Security.insertProviderAt(new BouncyCastleFipsProvider(), 1);
Security.insertProviderAt(new BouncyCastleJsseProvider(), 2);
}

private final HttpConfiguration httpsConfig = new HttpConfiguration();
Expand All @@ -80,12 +77,7 @@ private void configureSslContextFactory(SslContextFactory sslContextFactory)
File keys = path.resolve("keystore.p12").toFile();
sslContextFactory.setKeyStorePath(keys.getAbsolutePath());
sslContextFactory.setKeyStorePassword("storepwd");
sslContextFactory.setProvider("Conscrypt");
if (JavaVersion.VERSION.getPlatform() < 9)
{
// Conscrypt enables TLSv1.3 by default but it's not supported in Java 8.
sslContextFactory.addExcludeProtocols("TLSv1.3");
}
sslContextFactory.setProvider(BouncyCastleJsseProvider.PROVIDER_NAME);
}

@BeforeEach
Expand All @@ -94,7 +86,7 @@ public void startServer() throws Exception
httpsConfig.setSecureScheme("https");
httpsConfig.setSendXPoweredBy(true);
httpsConfig.setSendServerVersion(true);
httpsConfig.addCustomizer(new SecureRequestCustomizer());
httpsConfig.addCustomizer(new SecureRequestCustomizer(false));

HttpConnectionFactory http = new HttpConnectionFactory(httpsConfig);
HTTP2ServerConnectionFactory h2 = new HTTP2ServerConnectionFactory(httpsConfig);
Expand Down Expand Up @@ -140,11 +132,4 @@ public void testSimpleRequest() throws Exception
}
}

@Test
public void testSNIRequired() throws Exception
{
// The KeyStore contains 1 certificate with two DNS names.
httpsConfig.getCustomizer(SecureRequestCustomizer.class).setSniRequired(true);
testSimpleRequest();
}
}
10 changes: 10 additions & 0 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -645,6 +645,16 @@
<artifactId>ecj</artifactId>
<version>${eclipse.jdt.ecj.version}</version>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-alpn-bouncycastle-client</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-alpn-bouncycastle-server</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-alpn-client</artifactId>
Expand Down

0 comments on commit 0673aef

Please sign in to comment.