Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add NonBlockingSocketFactory #4832

Merged
merged 1 commit into from
Aug 23, 2024
Merged

Add NonBlockingSocketFactory #4832

merged 1 commit into from
Aug 23, 2024

Conversation

edewata
Copy link
Contributor

@edewata edewata commented Aug 21, 2024
edited
Loading

The NonBlockingSocketFactory has been added to provide a non-blocking socket factory for PKIConnection. Eventually it will replace the DefaultSocketFactory once the support for OCSP and CRL has been added into JSSTrustManager.

The test for HTTPS connector with NSS has been updated to use the non-blocking socket factory and validate the new error messages generated by JSSTrustManager. The test for HTTPS connector with PKCS #12 file will continue to use the blocking socket factory to prevent regressions.

Note: This PR depends on dogtagpki/jss#1022

@edewata edewata mentioned this pull request Aug 21, 2024
Open
@edewata edewata requested a review from fmarco76 August 21, 2024 23:01
fmarco76
fmarco76 approved these changes Aug 22, 2024
View reviewed changes
Copy link
Member

@fmarco76 fmarco76 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just a comment but feel free to merge when possible.

base/common/src/main/java/org/dogtagpki/client/NonBlockingSocketFactory.java Outdated
jssSocket.setCertFromAlias(certNickname);
}

jssSocket.getEngine().setListeners(Arrays.asList(new SSLSocketListener() {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

getEngine() is not need, possible to call setListeners()

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed.

@edewata
Add NonBlockingSocketFactory
2117466 
The NonBlockingSocketFactory has been added to provide a
non-blocking socket factory for PKIConnection. Eventually
it will replace the DefaultSocketFactory once the support
for OCSP and CRL has been added into JSSTrustManager.

The test for HTTPS connector with NSS has been updated to
use the non-blocking socket factory and validate the new
error messages generated by JSSTrustManager. The test for
HTTPS connector with PKCS dogtagpki#12 file will continue to use
the blocking socket factory to prevent regressions.
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Aug 23, 2024

Quality Gate Passed Quality Gate passed

Issues
6 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@edewata
Copy link
Contributor Author

edewata commented Aug 23, 2024

@fmarco76 Thanks! I've updated the test to match the current output (i.e. without SSL alerts) so the test will pass. Once we figure out how to fix the missing SSL alerts we can update the test again.

@edewata edewata merged commit 0fff4df into dogtagpki:master Aug 23, 2024
146 of 157 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fmarco76 fmarco76 fmarco76 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@edewata @fmarco76