This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit b8ce96a346b910a1d7640771fc0b5c5e00e444a8 Author: Mark Thomas <[email protected]> AuthorDate: Wed Mar 11 22:29:47 2026 +0000 Add more OCSP tests --- .../util/net/ocsp/TestOcspSoftFailTryLater.java | 110 +++++++++++++++++++++ 1 file changed, 110 insertions(+) diff --git a/test/org/apache/tomcat/util/net/ocsp/TestOcspSoftFailTryLater.java b/test/org/apache/tomcat/util/net/ocsp/TestOcspSoftFailTryLater.java new file mode 100644 index 0000000000..23fff507b5 --- /dev/null +++ b/test/org/apache/tomcat/util/net/ocsp/TestOcspSoftFailTryLater.java @@ -0,0 +1,110 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.tomcat.util.net.ocsp; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; + +import javax.net.ssl.SSLHandshakeException; + +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.Assume; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.Parameterized; +import org.junit.runners.Parameterized.Parameter; +import org.junit.runners.Parameterized.Parameters; + +import org.apache.tomcat.util.net.ocsp.TesterOcspResponder.OcspResponse; + +@RunWith(Parameterized.class) +public class TestOcspSoftFailTryLater extends OcspBaseTest { + + private static TesterOcspResponder ocspResponder; + + @BeforeClass + public static void startOcspResponder() { + ocspResponder = new TesterOcspResponder(); + ocspResponder.setFixedResponse(OcspResponse.TRY_LATER); + try { + ocspResponder.start(); + } catch (Exception e) { + e.printStackTrace(); + } + } + + + @AfterClass + public static void stopOcspResponder() { + if (ocspResponder != null) { + ocspResponder.stop(); + ocspResponder = null; + } + } + + + @Parameters(name = "{0} with OpenSSL trust {2}: softFail {4}, clientOk {5}") + public static Collection<Object[]> parameters() { + List<Object[]> parameterSets = new ArrayList<>(); + Collection<Object[]> baseData = OcspBaseTest.parameters(); + + for (Object[] base : baseData) { + for (Boolean softFail : booleans) { + for (Boolean clientCertValid : booleans) { + Boolean handshakeFailureExpected; + + if (softFail.booleanValue()) { + handshakeFailureExpected = Boolean.FALSE; + } else { + handshakeFailureExpected = Boolean.TRUE; + } + + parameterSets.add(new Object[] { base[0], base[1], base[2], base[3], softFail, clientCertValid, + handshakeFailureExpected}); + } + } + } + return parameterSets; + } + + @Parameter(4) + public Boolean softFail; + + @Parameter(5) + public boolean clientCertValid; + + @Parameter(6) + public boolean handshakeFailureExpected; + + @Test + public void test() throws Exception { + Assume.assumeNotNull(ocspResponder); + try { + doTest(clientCertValid, true, ClientCertificateVerification.ENABLED, false, softFail); + if (handshakeFailureExpected) { + Assert.fail("Handshake did not fail when expected to do so."); + } + } catch (SSLHandshakeException e) { + if (!handshakeFailureExpected) { + Assert.fail("Handshake failed when not expected to do so."); + } + } + } +} --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
