You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zookeeper.apache.org by dd...@apache.org on 2021/07/28 13:17:43 UTC
[zookeeper] branch branch-3.7 updated: ZOOKEEPER-4333:
QuorumSSLTest - testOCSP fails on JDK17
This is an automated email from the ASF dual-hosted git repository.
ddiederen pushed a commit to branch branch-3.7
in repository https://gitbox.apache.org/repos/asf/zookeeper.git
The following commit(s) were added to refs/heads/branch-3.7 by this push:
new 2f68294 ZOOKEEPER-4333: QuorumSSLTest - testOCSP fails on JDK17
2f68294 is described below
commit 2f68294f9ea5859c84a470b8f737f4651aae3e98
Author: Enrico Olivelli <eo...@apache.org>
AuthorDate: Wed Jul 28 13:15:22 2021 +0000
ZOOKEEPER-4333: QuorumSSLTest - testOCSP fails on JDK17
https://issues.apache.org/jira/browse/ZOOKEEPER-4333
in JDK17 the OCSP request is sent in the URI and not inside the POST BODY
Author: Enrico Olivelli <eo...@apache.org>
Author: Enrico Olivelli <eo...@gmail.com>
Reviewers: Damien Diederen <dd...@apache.org>
Closes #1724 from eolivelli/fix/jdk17
(cherry picked from commit e7de1cf04925b7e1d06f9add83d90760e5a7a241)
Signed-off-by: Damien Diederen <dd...@apache.org>
---
.../zookeeper/server/quorum/QuorumSSLTest.java | 26 +++++++++++++++++++---
1 file changed, 23 insertions(+), 3 deletions(-)
diff --git a/zookeeper-server/src/test/java/org/apache/zookeeper/server/quorum/QuorumSSLTest.java b/zookeeper-server/src/test/java/org/apache/zookeeper/server/quorum/QuorumSSLTest.java
index ee7555a..ec8465c 100644
--- a/zookeeper-server/src/test/java/org/apache/zookeeper/server/quorum/QuorumSSLTest.java
+++ b/zookeeper-server/src/test/java/org/apache/zookeeper/server/quorum/QuorumSSLTest.java
@@ -34,6 +34,7 @@ import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.InetSocketAddress;
+import java.net.URLDecoder;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
@@ -45,6 +46,8 @@ import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Base64;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
@@ -224,12 +227,24 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
public void handle(com.sun.net.httpserver.HttpExchange httpExchange) throws IOException {
byte[] responseBytes;
try {
+ String uri = httpExchange.getRequestURI().toString();
+ LOG.info("OCSP request: {} {}", httpExchange.getRequestMethod(), uri);
+ httpExchange.getRequestHeaders().entrySet().forEach((e) -> {
+ LOG.info("OCSP request header: {} {}", e.getKey(), e.getValue());
+ });
InputStream request = httpExchange.getRequestBody();
byte[] requestBytes = new byte[10000];
- request.read(requestBytes);
+ int len = request.read(requestBytes);
+ LOG.info("OCSP request size {}", len);
+ if (len < 0) {
+ String removedUriEncoding = URLDecoder.decode(uri.substring(1), "utf-8");
+ LOG.info("OCSP request from URI no encoding {}", removedUriEncoding);
+ requestBytes = Base64.getDecoder().decode(removedUriEncoding);
+ }
OCSPReq ocspRequest = new OCSPReq(requestBytes);
Req[] requestList = ocspRequest.getRequestList();
+ LOG.info("requestList {}", Arrays.toString(requestList));
DigestCalculator digestCalculator = new JcaDigestCalculatorProviderBuilder().build().get(CertificateID.HASH_SHA1);
@@ -243,16 +258,21 @@ public class QuorumSSLTest extends QuorumPeerTestBase {
} else {
certificateStatus = CertificateStatus.GOOD;
}
-
+ LOG.info("addResponse {} {}", certId, certificateStatus);
responseBuilder.addResponse(certId, certificateStatus, null);
}
X509CertificateHolder[] chain = new X509CertificateHolder[]{new JcaX509CertificateHolder(rootCertificate)};
ContentSigner signer = new JcaContentSignerBuilder("SHA1withRSA").setProvider("BC").build(rootKeyPair.getPrivate());
BasicOCSPResp ocspResponse = responseBuilder.build(signer, chain, Calendar.getInstance().getTime());
-
+ LOG.info("response {}", ocspResponse);
responseBytes = new OCSPRespBuilder().build(OCSPRespBuilder.SUCCESSFUL, ocspResponse).getEncoded();
+ LOG.error("OCSP server response OK");
} catch (OperatorException | CertificateEncodingException | OCSPException exception) {
+ LOG.error("Internal OCSP server error", exception);
+ responseBytes = new OCSPResp(new OCSPResponse(new OCSPResponseStatus(OCSPRespBuilder.INTERNAL_ERROR), null)).getEncoded();
+ } catch (Throwable exception) {
+ LOG.error("Internal OCSP server error", exception);
responseBytes = new OCSPResp(new OCSPResponse(new OCSPResponseStatus(OCSPRespBuilder.INTERNAL_ERROR), null)).getEncoded();
}