This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 8059007157971b4a1e4ad87a91c0f94b509bfde0 Author: Mark Thomas <[email protected]> AuthorDate: Wed Mar 11 22:28:22 2026 +0000 Add support for a fixed response to the OCSP test responder --- .../tomcat/util/net/ocsp/TesterOcspResponder.java | 19 ++++++- .../util/net/ocsp/TesterOcspResponderServlet.java | 63 ++++++++++++++++------ 2 files changed, 65 insertions(+), 17 deletions(-) diff --git a/test/org/apache/tomcat/util/net/ocsp/TesterOcspResponder.java b/test/org/apache/tomcat/util/net/ocsp/TesterOcspResponder.java index ac069c3052..cc97773d52 100644 --- a/test/org/apache/tomcat/util/net/ocsp/TesterOcspResponder.java +++ b/test/org/apache/tomcat/util/net/ocsp/TesterOcspResponder.java @@ -23,15 +23,22 @@ import java.nio.file.Path; import org.apache.catalina.Context; import org.apache.catalina.LifecycleException; +import org.apache.catalina.Wrapper; import org.apache.catalina.connector.Connector; import org.apache.catalina.startup.ExpandWar; import org.apache.catalina.startup.Tomcat; public class TesterOcspResponder { + private OcspResponse fixedResponse; + private File catalinaBase; private Tomcat ocspResponder; + public void setFixedResponse(OcspResponse fixedResponse) { + this.fixedResponse = fixedResponse; + } + public void start() throws Exception { ocspResponder = new Tomcat(); @@ -65,8 +72,11 @@ public class TesterOcspResponder { // Configure the ROOT web application // No file system docBase required Context ctx = ocspResponder.addContext("", null); - Tomcat.addServlet(ctx, "responder", new TesterOcspResponderServlet()); + Wrapper w = Tomcat.addServlet(ctx, "responder", new TesterOcspResponderServlet()); ctx.addServletMappingDecoded("/", "responder"); + if (fixedResponse != null) { + w.addInitParameter(TesterOcspResponderServlet.INIT_FIXED_RESPONSE, fixedResponse.toString()); + } // Start the responder ocspResponder.start(); @@ -91,4 +101,11 @@ public class TesterOcspResponder { ExpandWar.deleteDir(catalinaBase); } } + + public enum OcspResponse { + OK, + REVOKED, + UNKNOWN, + TRY_LATER + } } diff --git a/test/org/apache/tomcat/util/net/ocsp/TesterOcspResponderServlet.java b/test/org/apache/tomcat/util/net/ocsp/TesterOcspResponderServlet.java index a61de5210b..e97639133e 100644 --- a/test/org/apache/tomcat/util/net/ocsp/TesterOcspResponderServlet.java +++ b/test/org/apache/tomcat/util/net/ocsp/TesterOcspResponderServlet.java @@ -73,6 +73,11 @@ public class TesterOcspResponderServlet extends HttpServlet { private static final long serialVersionUID = 1L; + // Config + public static final String INIT_FIXED_RESPONSE = "fixedResponse"; + private TesterOcspResponder.OcspResponse fixedResponse; + + // Cached OCSP processing components private DigestCalculatorProvider digestCalculatorProvider; private X509CertificateHolder[] responderCertificateChain; private RespID responderID; @@ -81,6 +86,11 @@ public class TesterOcspResponderServlet extends HttpServlet { @Override public void init(ServletConfig config) throws ServletException { + String value = config.getInitParameter(INIT_FIXED_RESPONSE); + if (value != null) { + fixedResponse = TesterOcspResponder.OcspResponse.valueOf(value); + } + // Enable the Bouncy Castle Provider Provider provider = new BouncyCastleProvider(); Security.addProvider(provider); @@ -206,21 +216,38 @@ public class TesterOcspResponderServlet extends HttpServlet { Req[] requests = ocspReq.getRequestList(); for (Req request : requests) { CertificateID certificateID = request.getCertID(); - switch (certificateID.getSerialNumber().intValue()) { - // TODO read index.db rather than hard-code certificate serial numbers - case 4096: - case 4098: - case 4100: - case 4101: - responseBuilder.addResponse(certificateID, CertificateStatus.GOOD); - break; - case 4097: - case 4099: - case 4102: - responseBuilder.addResponse(certificateID, new RevokedStatus(new Date(0))); - break; - default: - responseBuilder.addResponse(certificateID, new UnknownStatus()); + if (fixedResponse == null) { + switch (certificateID.getSerialNumber().intValue()) { + // TODO read index.db rather than hard-code certificate serial numbers + case 4096: + case 4098: + case 4100: + case 4101: + responseBuilder.addResponse(certificateID, CertificateStatus.GOOD); + break; + case 4097: + case 4099: + case 4102: + responseBuilder.addResponse(certificateID, new RevokedStatus(new Date(0))); + break; + default: + responseBuilder.addResponse(certificateID, new UnknownStatus()); + } + } else { + switch (fixedResponse) { + case OK: + responseBuilder.addResponse(certificateID, CertificateStatus.GOOD); + break; + case REVOKED: + responseBuilder.addResponse(certificateID, new RevokedStatus(new Date(0))); + break; + case TRY_LATER: + // NO-OP + break; + case UNKNOWN: + responseBuilder.addResponse(certificateID, new UnknownStatus()); + break; + } } } @@ -228,7 +255,11 @@ public class TesterOcspResponderServlet extends HttpServlet { OCSPResp ocspResponse; try { BasicOCSPResp basicResponse = responseBuilder.build(contentSigner, responderCertificateChain, new Date()); - ocspResponse = new OCSPRespBuilder().build(OCSPRespBuilder.SUCCESSFUL, basicResponse); + if (fixedResponse == TesterOcspResponder.OcspResponse.TRY_LATER) { + ocspResponse = new OCSPRespBuilder().build(OCSPRespBuilder.TRY_LATER, null); + } else { + ocspResponse = new OCSPRespBuilder().build(OCSPRespBuilder.SUCCESSFUL, basicResponse); + } } catch (OCSPException e) { throw new ServletException(e); } --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
