Fixes #11892 - mtls not working with http/3. (#11900)

The client certificate is now exposed in QuicheConnection, so that it can be returned by QuicStreamEndPoint.getSslSessionData(). Not much else is exposed by Quiche, so not much else that we can provide to applications, for example no TLS session id, no cipher suite, etc. Fixed --enable-native-access command line option to run tests, as the foreign dependency is in the class-path. Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
jetty · Jun 19, 2024 · 4a31e66 · 4a31e66
1 parent c88e8a4
commit 4a31e66
Show file tree

Hide file tree

Showing 3 changed files with 69 additions and 1 deletion.
diff --git a/jetty-ee11/jetty-ee11-tests/jetty-ee11-test-client-transports/pom.xml b/jetty-ee11/jetty-ee11-tests/jetty-ee11-test-client-transports/pom.xml
@@ -112,7 +112,7 @@
             <configuration>
               <argLine>@{argLine}
                 ${jetty.surefire.argLine}
-                --enable-native-access org.eclipse.jetty.quic.quiche.foreign</argLine>
+                --enable-native-access=ALL-UNNAMED</argLine>
             </configuration>
           </plugin>
         </plugins>

diff --git a/...t-transports/src/test/java/org/eclipse/jetty/ee11/test/client/transport/AbstractTest.java b/...t-transports/src/test/java/org/eclipse/jetty/ee11/test/client/transport/AbstractTest.java
@@ -102,6 +102,14 @@ public static Collection<Transport> transportsWithPushSupport()
         return transports;
     }
 
+    public static Collection<Transport> transportsSecure()
+    {
+        EnumSet<Transport> transports = EnumSet.of(Transport.HTTPS, Transport.H2, Transport.H3);
+        if ("ci".equals(System.getProperty("env")))
+            transports.remove(Transport.H3);
+        return transports;
+    }
+
     @BeforeEach
     public void prepare()
     {

diff --git a/...sports/src/test/java/org/eclipse/jetty/ee11/test/client/transport/NeedClientAuthTest.java b/...sports/src/test/java/org/eclipse/jetty/ee11/test/client/transport/NeedClientAuthTest.java
@@ -0,0 +1,60 @@
+//
+// ========================================================================
+// Copyright (c) 1995 Mort Bay Consulting Pty Ltd and others.
+//
+// This program and the accompanying materials are made available under the
+// terms of the Eclipse Public License v. 2.0 which is available at
+// https://www.eclipse.org/legal/epl-2.0, or the Apache License, Version 2.0
+// which is available at https://www.apache.org/licenses/LICENSE-2.0.
+//
+// SPDX-License-Identifier: EPL-2.0 OR Apache-2.0
+// ========================================================================
+//
+
+package org.eclipse.jetty.ee11.test.client.transport;
+
+import jakarta.servlet.http.HttpServlet;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.eclipse.jetty.client.ContentResponse;
+import org.eclipse.jetty.ee11.servlet.ServletContextRequest;
+import org.eclipse.jetty.http.HttpStatus;
+import org.eclipse.jetty.util.ssl.SslContextFactory;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.MethodSource;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+
+public class NeedClientAuthTest extends AbstractTest
+{
+    @ParameterizedTest
+    @MethodSource("transportsSecure")
+    public void testNeedClientAuth(Transport transport) throws Exception
+    {
+        prepareServer(transport, new HttpServlet()
+        {
+            @Override
+            protected void service(HttpServletRequest request, HttpServletResponse response)
+            {
+                // Verify that the request attribute is present.
+                assertNotNull(request.getAttribute(ServletContextRequest.PEER_CERTIFICATES));
+            }
+        });
+        sslContextFactoryServer.setNeedClientAuth(true);
+        server.start();
+
+        startClient(transport, httpClient ->
+        {
+            // Configure the SslContextFactory to send a certificate to the server.
+            SslContextFactory.Client clientSSL = httpClient.getSslContextFactory();
+            clientSSL.setKeyStorePath("src/test/resources/keystore.p12");
+            clientSSL.setKeyStorePassword("storepwd");
+            clientSSL.setCertAlias("mykey");
+        });
+
+        ContentResponse response = client.newRequest(newURI(transport)).send();
+
+        assertEquals(HttpStatus.OK_200, response.getStatus());
+    }
+}