From: markt <markt@13f79535-47bb-0310-9956-ffa450edef68>
Date: Wed, 2 Mar 2011 12:03:05 +0000 (+0000)
Subject: Correct issues in the SSL renegotiation tests
X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=1e5c1dab3b2f4fef5234419a9a3421c5692d5791;p=tomcat7.0

Correct issues in the SSL renegotiation tests

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1076182 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/test/org/apache/tomcat/util/net/TestClientCert.java b/test/org/apache/tomcat/util/net/TestClientCert.java
index 459c8c245..d2c07e399 100644
--- a/test/org/apache/tomcat/util/net/TestClientCert.java
+++ b/test/org/apache/tomcat/util/net/TestClientCert.java
@@ -44,6 +44,10 @@ public class TestClientCert extends TomcatBaseTest {
     public static final byte DATA = (byte)33;
     
     public void testClientCertGet() throws Exception {
+        if (!TesterSupport.isRenegotiationSupported(getTomcatInstance())) {
+            return;
+        }
+
         // Unprotected resource
         ByteChunk res =
                 getUrl("https://localhost:" + getPort() + "/unprotected");
@@ -74,6 +78,9 @@ public class TestClientCert extends TomcatBaseTest {
 
     public void doTestClientCertPost(int bodySize, boolean expectProtectedFail)
             throws Exception {
+        if (!TesterSupport.isRenegotiationSupported(getTomcatInstance())) {
+            return;
+        }
 
         byte[] body = new byte[bodySize];
         Arrays.fill(body, DATA);
@@ -105,11 +112,6 @@ public class TestClientCert extends TomcatBaseTest {
 
         Tomcat tomcat = getTomcatInstance();
 
-        String protocol = tomcat.getConnector().getProtocolHandlerClassName();
-        if (protocol.indexOf("Apr") != -1) {
-            return; // Disabled by default in 1.1.20 windows binary (2010-07-27)
-        }
-
         TesterSupport.initSsl(tomcat);
         
         // Need a web application with a protected and unprotected URL
diff --git a/test/org/apache/tomcat/util/net/TestSsl.java b/test/org/apache/tomcat/util/net/TestSsl.java
index 8074ff3fa..ee5850541 100644
--- a/test/org/apache/tomcat/util/net/TestSsl.java
+++ b/test/org/apache/tomcat/util/net/TestSsl.java
@@ -16,10 +16,13 @@
  */
 package org.apache.tomcat.util.net;
 
+import java.io.BufferedReader;
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
+import java.io.InputStreamReader;
 import java.io.OutputStream;
+import java.io.Reader;
 
 import javax.net.ssl.HandshakeCompletedEvent;
 import javax.net.ssl.HandshakeCompletedListener;
@@ -97,101 +100,77 @@ public class TestSsl extends TomcatBaseTest {
 
         // Make sure the NIO connector has read the request before the handshake
         Thread.sleep(100);
+
         socket.startHandshake();
-        handshakeDone = false;
-        byte[] b = new byte[0];
-        int maxTries = 5;  // 5 sec should be enough - in NIO we'll timeout
-        socket.setSoTimeout(1000);
-        for (int i = 0; i < maxTries; i++) {
-            try {
-                is.read(b);
-            } catch (IOException e) {
-                // timeout
-            }
-            if (handshakeDone) {
-                break;
-            }
-        }
+
         os = socket.getOutputStream();
-        if (!handshakeDone) {
-            // success - we timedout without handshake
-            return;
-        }
+        
         try {
             os.write("Host: localhost\n\n".getBytes());
         } catch (IOException ex) {
-            // success - connection closed
+            ex.printStackTrace();
+            fail("Re-negotiation failed");
+        }
+        Reader r = new InputStreamReader(is);
+        BufferedReader br = new BufferedReader(r);
+        String line = br.readLine();
+        while (line != null) {
+            // For testing System.out.println(line);
+            line = br.readLine();
+        }
+
+        if (!handshakeDone) {
+            // success - we timed-out without handshake
             return;
         }
         
         fail("Re-negotiation worked");
-        
     }
     
     public void testRenegotiateWorks() throws Exception {
         Tomcat tomcat = getTomcatInstance();
 
+        if (!TesterSupport.isRenegotiationSupported(tomcat)) {
+            return;
+        }
+
         File appDir = new File(getBuildDirectory(), "webapps/examples");
         // app dir is relative to server home
         tomcat.addWebapp(null, "/examples", appDir.getAbsolutePath());
 
         TesterSupport.initSsl(tomcat);
         
-        // Enable MITM attack
-        tomcat.getConnector().setAttribute("allowUnsafeLegacyRenegotiation", "true");
-
         tomcat.start();
 
-        String protocol = tomcat.getConnector().getProtocolHandlerClassName();
-        if (protocol.indexOf("Nio") != -1) {
-            return; // Not supported yet (2010-07-22)
-        }
-        if (protocol.indexOf("Apr") != -1) {
-            return; // Disabled by default in 1.1.20 windows binary (2010-07-27)
-        }
-
         SSLContext sslCtx = SSLContext.getInstance("TLS");
         sslCtx.init(null, TesterSupport.getTrustManagers(),
                 new java.security.SecureRandom());
         SSLSocketFactory socketFactory = sslCtx.getSocketFactory();
-        SSLSocket socket = (SSLSocket) socketFactory.createSocket("localhost", getPort());
+        SSLSocket socket = (SSLSocket) socketFactory.createSocket("localhost",
+                getPort());
 
-        socket.addHandshakeCompletedListener(new HandshakeCompletedListener() {
-            @Override
-            public void handshakeCompleted(HandshakeCompletedEvent event) {
-                handshakeDone = true;
-            }
-        });
-        
         OutputStream os = socket.getOutputStream();
-        os.write("GET /examples/servlets/servlet/HelloWorldExample HTTP/1.0\n".getBytes());
-        os.flush();
 
-        InputStream is = socket.getInputStream();
+        os.write("GET /examples/servlets/servlet/HelloWorldExample HTTP/1.1\n".getBytes());
+        os.flush();
 
         socket.startHandshake();
-        handshakeDone = false;
-        byte[] b = new byte[0];
-        int maxTries = 5; 
-        socket.setSoTimeout(1000);
-        for (int i = 0; i < maxTries; i++) {
-            try {
-                is.read(b);
-            } catch (IOException e) {
-                // timeout
-            }
-            if (handshakeDone) {
-                break;
-            }
-        }
-        os = socket.getOutputStream();
-        
+
         try {
             os.write("Host: localhost\n\n".getBytes());
         } catch (IOException ex) {
+            ex.printStackTrace();
             fail("Re-negotiation failed");
         }
-        
+
+        InputStream is = socket.getInputStream();
+        Reader r = new InputStreamReader(is);
+        BufferedReader br = new BufferedReader(r);
+        String line = br.readLine();
+        while (line != null) {
+            // For testing System.out.println(line);
+            line = br.readLine();
+        }
     }
 
     @Override
diff --git a/test/org/apache/tomcat/util/net/TesterSupport.java b/test/org/apache/tomcat/util/net/TesterSupport.java
index 2e277efdd..90f13d0ad 100644
--- a/test/org/apache/tomcat/util/net/TesterSupport.java
+++ b/test/org/apache/tomcat/util/net/TesterSupport.java
@@ -133,4 +133,13 @@ public final class TesterSupport {
         }
         return ks;
     }
+    
+    protected static boolean isRenegotiationSupported(Tomcat tomcat) {
+        String protocol = tomcat.getConnector().getProtocolHandlerClassName();
+        if (protocol.contains("Apr")) {
+            // Disabled by default in 1.1.20 windows binary (2010-07-27)
+            return false; 
+        }
+        return true;
+    }
 }