Enable the https support for embedded tomcat and jetty with unit tests

git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@684186 13f79535-47bb-0310-9956-ffa450edef68
author: rfeng <rfeng@13f79535-47bb-0310-9956-ffa450edef68> 2008-08-09 06:11:54 +0000
committer: rfeng <rfeng@13f79535-47bb-0310-9956-ffa450edef68> 2008-08-09 06:11:54 +0000
commit: a49037c45192b749c045cbd27798f146192fa8d5 (patch)
tree: 84744e23c21bdf1312b3200ef270681c9a479c49 /java/sca/modules/host-tomcat
parent: f30981d7dab6a6f9992bfd512b835cada3fa2d7f (diff)
3 files changed, 91 insertions, 19 deletions
diff --git a/java/sca/modules/host-tomcat/src/main/java/org/apache/tuscany/sca/http/tomcat/TomcatServer.java b/java/sca/modules/host-tomcat/src/main/java/org/apache/tuscany/sca/http/tomcat/TomcatServer.java
index 9b28729231..5ea1701c05 100644
--- a/java/sca/modules/host-tomcat/src/main/java/org/apache/tuscany/sca/http/tomcat/TomcatServer.java
+++ b/java/sca/modules/host-tomcat/src/main/java/org/apache/tuscany/sca/http/tomcat/TomcatServer.java
@@ -25,6 +25,7 @@ import java.net.URI;
 import java.net.URL;
 import java.net.UnknownHostException;
 import java.security.AccessController;
+import java.security.KeyStore;
 import java.security.PrivilegedAction;
 import java.security.PrivilegedActionException;
 import java.security.PrivilegedExceptionAction;
@@ -217,7 +218,7 @@ public class TomcatServer implements ServletHost {
         if (scheme == null) {
             scheme = "http";
         }
-        final int portNumber = (uri.getPort() == -1 ? defaultPortNumber : uri.getPort() ); 
+        final int portNumber = (uri.getPort() == -1 ? defaultPortNumber : uri.getPort());
 
         // Get the port object associated with the given port number
         Port port = ports.get(portNumber);
@@ -226,13 +227,12 @@ public class TomcatServer implements ServletHost {
             // Create an engine
             // Allow privileged access to read properties. Requires PropertiesPermission read in
             // security policy.
-            final StandardEngine engine = 
-            AccessController.doPrivileged(new PrivilegedAction<StandardEngine>() {
+            final StandardEngine engine = AccessController.doPrivileged(new PrivilegedAction<StandardEngine>() {
                 public StandardEngine run() {
                     return new StandardEngine();
                 }
             });
-            
+
             engine.setBaseDir("");
             engine.setDefaultHost("localhost");
             engine.setName("engine/" + portNumber);
@@ -265,7 +265,7 @@ public class TomcatServer implements ServletHost {
             // Allow privileged access to read properties. Requires PropertiesPermission read in
             // security policy.
             try {
-            AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() {
+                AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() {
                     public Object run() throws LifecycleException {
                         engine.start();
                         return null;
@@ -274,20 +274,52 @@ public class TomcatServer implements ServletHost {
             } catch (PrivilegedActionException e) {
                 // throw (LifecycleException)e.getException();
                 throw new ServletMappingException(e);
-            }                
+            }
             Connector connector;
             // Allow privileged access to read properties. Requires PropertiesPermission read in
             // security policy.
             try {
+                final String protocol = scheme;
                 connector = AccessController.doPrivileged(new PrivilegedExceptionAction<CustomConnector>() {
                     public CustomConnector run() throws Exception {
-                       CustomConnector customConnector = new CustomConnector();
-                       customConnector.setPort(portNumber);
-                       customConnector.setContainer(engine);
-                       customConnector.initialize();
-                       customConnector.start();
-                       return customConnector;
-                   }
+                        CustomConnector customConnector = new CustomConnector();
+                        customConnector.setPort(portNumber);
+                        customConnector.setContainer(engine);
+
+                        if ("https".equalsIgnoreCase(protocol)) {
+                            configureSSL(customConnector);
+                            ((Http11Protocol) customConnector.getProtocolHandler()).setSSLEnabled(true);
+                        }
+                        customConnector.initialize();
+                        customConnector.start();
+                        return customConnector;
+                    }
+
+                    private void configureSSL(CustomConnector customConnector) {
+                        String trustStore = System.getProperty("javax.net.ssl.trustStore");
+                        String trustStorePass = System.getProperty("javax.net.ssl.trustStorePassword");
+                        String keyStore = System.getProperty("javax.net.ssl.keyStore");
+                        String keyStorePass = System.getProperty("javax.net.ssl.keyStorePassword");
+
+                        customConnector.setProperty("protocol", "TLS");
+
+                        customConnector.setProperty("keystore", keyStore);
+                        customConnector.setProperty("keypass", keyStorePass);
+                        String keyStoreType =
+                            System.getProperty("javax.net.ssl.keyStoreType", KeyStore.getDefaultType());
+                        String trustStoreType =
+                            System.getProperty("javax.net.ssl.trustStoreType", KeyStore.getDefaultType());
+                        customConnector.setProperty("keytype", keyStoreType);
+                        customConnector.setProperty("trusttype", trustStoreType);
+                        customConnector.setProperty("truststore", trustStore);
+                        customConnector.setProperty("trustpass", trustStorePass);
+
+                        customConnector.setProperty("clientauth", "false");
+                        customConnector.setProtocol("HTTP/1.1");
+                        customConnector.setScheme(protocol);
+                        customConnector.setProperty("backlog", "10");
+                        customConnector.setSecure(true);
+                    }
                 });
             } catch (Exception e) {
                 throw new ServletMappingException(e);
@@ -512,12 +544,12 @@ public class TomcatServer implements ServletHost {
             } catch (Exception ex) {
                 // Hack to handle destruction of Servlets without Servlet context 
             }
-            
+
             logger.info("Removed Servlet mapping: " + suri);
-            
+
             // Stop the port if there's no servlets on it anymore
             String[] contextNames = port.getConnector().getMapper().getContextNames();
-            if (contextNames == null || contextNames.length ==0) {
+            if (contextNames == null || contextNames.length == 0) {
                 try {
                     port.getConnector().stop();
                     port.getEngine().stop();
@@ -526,7 +558,7 @@ public class TomcatServer implements ServletHost {
                     throw new IllegalStateException(e);
                 }
             }
-            
+
             return servletWrapper.getServlet();
         } else {
             logger.warning("Trying to Remove servlet mapping: " + mapping + " where mapping is not registered");
diff --git a/java/sca/modules/host-tomcat/src/test/java/org/apache/tuscany/sca/http/tomcat/TomcatServerTestCase.java b/java/sca/modules/host-tomcat/src/test/java/org/apache/tuscany/sca/http/tomcat/TomcatServerTestCase.java
index 7ca5325ccb..afbec52cd9 100644
--- a/java/sca/modules/host-tomcat/src/test/java/org/apache/tuscany/sca/http/tomcat/TomcatServerTestCase.java
+++ b/java/sca/modules/host-tomcat/src/test/java/org/apache/tuscany/sca/http/tomcat/TomcatServerTestCase.java
@@ -20,10 +20,15 @@ package org.apache.tuscany.sca.http.tomcat;
 
 import java.io.BufferedReader;
 import java.io.IOException;
+import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.io.OutputStream;
 import java.net.Socket;
+import java.net.URL;
 
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLSession;
 import javax.servlet.ServletConfig;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
@@ -91,7 +96,38 @@ public class TomcatServerTestCase extends TestCase {
         service.stop();
         assertTrue(servlet.invoked);
     }
+    
+    /**
+     * Verifies requests are properly routed according to the Servlet mapping
+     */
+    public void testRegisterServletMappingSSL() throws Exception {
+        System.setProperty("javax.net.ssl.keyStore", "target/test-classes/tuscany.keyStore");
+        System.setProperty("javax.net.ssl.keyStorePassword", "apache");
+        TomcatServer service = new TomcatServer(workScheduler);
+        TestServlet servlet = new TestServlet();
+        try {
+            service.addServletMapping("https://127.0.0.1:" + HTTP_PORT + "/foo", servlet);
+        } finally {
+            System.clearProperty("javax.net.ssl.keyStore");
+            System.clearProperty("javax.net.ssl.keyStorePassword");
+        }
+        System.setProperty("javax.net.ssl.trustStore", "target/test-classes/tuscany.keyStore");
+        System.setProperty("javax.net.ssl.trustStorePassword", "apache");
+        URL url = new URL("https://127.0.0.1:8085/foo");
+        HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
+        conn.setHostnameVerifier(new HostnameVerifier() {
+            public boolean verify(String hostname, SSLSession session) {
+                return true;
+            }}
+        );
 
+        conn.connect();
+        read(conn.getInputStream());
+        
+        service.stop();
+        assertTrue(servlet.invoked);
+
+    }
     /**
      * Verifies that Servlets can be registered with multiple ports
      */
@@ -244,9 +280,14 @@ public class TomcatServerTestCase extends TestCase {
     }
 
     private static String read(Socket socket) throws IOException {
+        InputStream is = socket.getInputStream();
+        return read(is);
+    }
+
+    private static String read(InputStream is) throws IOException {
         BufferedReader reader = null;
         try {
-            reader = new BufferedReader(new InputStreamReader(socket.getInputStream()));
+            reader = new BufferedReader(new InputStreamReader(is));
             StringBuffer sb = new StringBuffer();
             String str;
             while ((str = reader.readLine()) != null) {
@@ -259,7 +300,6 @@ public class TomcatServerTestCase extends TestCase {
             }
         }
     }
-
     private class TestServlet extends HttpServlet {
         private static final long serialVersionUID = 1L;
         boolean invoked;
diff --git a/java/sca/modules/host-tomcat/src/test/resources/tuscany.keyStore b/java/sca/modules/host-tomcat/src/test/resources/tuscany.keyStore
new file mode 100644
index 0000000000..7ea23f7ff4
--- /dev/null
+++ b/java/sca/modules/host-tomcat/src/test/resources/tuscany.keyStore
author	rfeng <rfeng@13f79535-47bb-0310-9956-ffa450edef68>	2008-08-09 06:11:54 +0000
committer	rfeng <rfeng@13f79535-47bb-0310-9956-ffa450edef68>	2008-08-09 06:11:54 +0000
commit	a49037c45192b749c045cbd27798f146192fa8d5 (patch)
tree	84744e23c21bdf1312b3200ef270681c9a479c49 /java/sca/modules/host-tomcat
parent	f30981d7dab6a6f9992bfd512b835cada3fa2d7f (diff)