This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 06bc7da4d0 Add support for a fixed response to the OCSP test responder
06bc7da4d0 is described below
commit 06bc7da4d0adae834d2c7fc0606294a234b62501
Author: Mark Thomas <[email protected]>
AuthorDate: Wed Mar 11 22:28:22 2026 +0000
Add support for a fixed response to the OCSP test responder
---
.../tomcat/util/net/ocsp/TesterOcspResponder.java | 19 ++++++-
.../util/net/ocsp/TesterOcspResponderServlet.java | 63 ++++++++++++++++------
2 files changed, 65 insertions(+), 17 deletions(-)
diff --git a/test/org/apache/tomcat/util/net/ocsp/TesterOcspResponder.java
b/test/org/apache/tomcat/util/net/ocsp/TesterOcspResponder.java
index ac069c3052..cc97773d52 100644
--- a/test/org/apache/tomcat/util/net/ocsp/TesterOcspResponder.java
+++ b/test/org/apache/tomcat/util/net/ocsp/TesterOcspResponder.java
@@ -23,15 +23,22 @@ import java.nio.file.Path;
import org.apache.catalina.Context;
import org.apache.catalina.LifecycleException;
+import org.apache.catalina.Wrapper;
import org.apache.catalina.connector.Connector;
import org.apache.catalina.startup.ExpandWar;
import org.apache.catalina.startup.Tomcat;
public class TesterOcspResponder {
+ private OcspResponse fixedResponse;
+
private File catalinaBase;
private Tomcat ocspResponder;
+ public void setFixedResponse(OcspResponse fixedResponse) {
+ this.fixedResponse = fixedResponse;
+ }
+
public void start() throws Exception {
ocspResponder = new Tomcat();
@@ -65,8 +72,11 @@ public class TesterOcspResponder {
// Configure the ROOT web application
// No file system docBase required
Context ctx = ocspResponder.addContext("", null);
- Tomcat.addServlet(ctx, "responder", new TesterOcspResponderServlet());
+ Wrapper w = Tomcat.addServlet(ctx, "responder", new
TesterOcspResponderServlet());
ctx.addServletMappingDecoded("/", "responder");
+ if (fixedResponse != null) {
+ w.addInitParameter(TesterOcspResponderServlet.INIT_FIXED_RESPONSE,
fixedResponse.toString());
+ }
// Start the responder
ocspResponder.start();
@@ -91,4 +101,11 @@ public class TesterOcspResponder {
ExpandWar.deleteDir(catalinaBase);
}
}
+
+ public enum OcspResponse {
+ OK,
+ REVOKED,
+ UNKNOWN,
+ TRY_LATER
+ }
}
diff --git
a/test/org/apache/tomcat/util/net/ocsp/TesterOcspResponderServlet.java
b/test/org/apache/tomcat/util/net/ocsp/TesterOcspResponderServlet.java
index e796743f9d..2652839ca2 100644
--- a/test/org/apache/tomcat/util/net/ocsp/TesterOcspResponderServlet.java
+++ b/test/org/apache/tomcat/util/net/ocsp/TesterOcspResponderServlet.java
@@ -73,6 +73,11 @@ public class TesterOcspResponderServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
+ // Config
+ public static final String INIT_FIXED_RESPONSE = "fixedResponse";
+ private TesterOcspResponder.OcspResponse fixedResponse;
+
+ // Cached OCSP processing components
private DigestCalculatorProvider digestCalculatorProvider;
private X509CertificateHolder[] responderCertificateChain;
private RespID responderID;
@@ -81,6 +86,11 @@ public class TesterOcspResponderServlet extends HttpServlet {
@Override
public void init(ServletConfig config) throws ServletException {
+ String value = config.getInitParameter(INIT_FIXED_RESPONSE);
+ if (value != null) {
+ fixedResponse = TesterOcspResponder.OcspResponse.valueOf(value);
+ }
+
// Enable the Bouncy Castle Provider
Provider provider = new BouncyCastleProvider();
Security.addProvider(provider);
@@ -206,21 +216,38 @@ public class TesterOcspResponderServlet extends
HttpServlet {
Req[] requests = ocspReq.getRequestList();
for (Req request : requests) {
CertificateID certificateID = request.getCertID();
- switch (certificateID.getSerialNumber().intValue()) {
- // TODO read index.db rather than hard-code certificate serial
numbers
- case 4096:
- case 4098:
- case 4100:
- case 4101:
- responseBuilder.addResponse(certificateID,
CertificateStatus.GOOD);
- break;
- case 4097:
- case 4099:
- case 4102:
- responseBuilder.addResponse(certificateID, new
RevokedStatus(new Date(0)));
- break;
- default:
- responseBuilder.addResponse(certificateID, new
UnknownStatus());
+ if (fixedResponse == null) {
+ switch (certificateID.getSerialNumber().intValue()) {
+ // TODO read index.db rather than hard-code certificate
serial numbers
+ case 4096:
+ case 4098:
+ case 4100:
+ case 4101:
+ responseBuilder.addResponse(certificateID,
CertificateStatus.GOOD);
+ break;
+ case 4097:
+ case 4099:
+ case 4102:
+ responseBuilder.addResponse(certificateID, new
RevokedStatus(new Date(0)));
+ break;
+ default:
+ responseBuilder.addResponse(certificateID, new
UnknownStatus());
+ }
+ } else {
+ switch (fixedResponse) {
+ case OK:
+ responseBuilder.addResponse(certificateID,
CertificateStatus.GOOD);
+ break;
+ case REVOKED:
+ responseBuilder.addResponse(certificateID, new
RevokedStatus(new Date(0)));
+ break;
+ case TRY_LATER:
+ // NO-OP
+ break;
+ case UNKNOWN:
+ responseBuilder.addResponse(certificateID, new
UnknownStatus());
+ break;
+ }
}
}
@@ -228,7 +255,11 @@ public class TesterOcspResponderServlet extends
HttpServlet {
OCSPResp ocspResponse;
try {
BasicOCSPResp basicResponse = responseBuilder.build(contentSigner,
responderCertificateChain, new Date());
- ocspResponse = new
OCSPRespBuilder().build(OCSPRespBuilder.SUCCESSFUL, basicResponse);
+ if (fixedResponse == TesterOcspResponder.OcspResponse.TRY_LATER) {
+ ocspResponse = new
OCSPRespBuilder().build(OCSPRespBuilder.TRY_LATER, null);
+ } else {
+ ocspResponse = new
OCSPRespBuilder().build(OCSPRespBuilder.SUCCESSFUL, basicResponse);
+ }
} catch (OCSPException e) {
throw new ServletException(e);
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
