[rfc][icedtea-web] https server for reproducers

Jiri Vanek jvanek at redhat.com
Mon Aug 27 06:56:17 PDT 2012 

Hi!

This patch is adding possibility of https testing in reproducers. However it have two disadvantages:
1) I have not found possibility how to import "server's" test-certificate to opera before actual 
tests begin:(. For other there is possibility to import certificate by certutil. (done in makefile)
2) I was not able to reproduce the behaviour  - https://bugzilla.redhat.com/show_bug.cgi?id=846763 - 
which was my initial motivation (both 6 & 7).
I assume my https server is not enforcing - I will make some more tries but any KnowledgeBase 
welcomed before/during review. Here is info of my current sockets:

https running
port: 57633
dir: /home/jvanek/Desktop/icedtea-web/tests.build/jnlp_test_server
Keystore: /home/jvanek/Desktop/icedtea-web/teststore.ks
Server socket class: class sun.security.ssl.SSLServerSocketImpl
    Socker address = 0.0.0.0/0.0.0.0
    Socker port = 57633
    Need client authentication = false
    Want client authentication = false
    Use client mode = false
Socket class: class sun.security.ssl.SSLSocketImpl
    Remote address = /127.0.0.1
    Remote port = 33157
    Local socket address = /127.0.0.1:57633
    Local address = /127.0.0.1
    Local port = 57633
    Need client authentication = false
    Cipher suite = SSL_NULL_WITH_NULL_NULL
    Protocol = NONE

I suspect    Need client authentication = false or   Want client authentication = false a bit....

How it works:
During make export-certs-to-public  are certificates exported also to firefox and chrome/ium 
databases (depends which browsers from firefox, chrome and chromium -  will be used - to both, to 
one or to none. Midori and epihany are ignoring those)
For testcase itself there is new apy runJavawsHttps, runBrowserHttps.... and theirs overloaded 
variants.... Simple :)
(I was thinkina lso  about @Protocol(http/https(/ftp?...)) with similar handling as @Browser has 
but...hmhhm, looked not-so-transaprent to me.)
When some of those *https* variants is executed, then https singleton is used. To create https 
server is used clasical SSLServerSocket with above used certificate.
The response to client is then handled by same class as for Http :)
There is possibility to create several https servers each with diffferent certificate.


Patch itself is not so big as it looks like - new api methods are mostly copypasted old ones just 
with different target (https) and some tests for them. The only real work is HttpsServerLauncher 
class and Makefile.am


As I'm not able to reproduce the issue,I'm hesitating with adding this stuff right now.... But those 
few new tests can help catch some issue in future....

J.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: httpsTests.diff
Type: text/x-patch
Size: 103727 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20120827/467b793a/httpsTests.diff

More information about the distro-pkg-dev mailing list