Merge branch 'master' of github.com:jdigweed/sonar into jdigweed-master

3 files changed, 76 insertions, 2 deletions

diff --git a/sonar-application/src/main/assembly/conf/sonar.properties b/sonar-application/src/main/assembly/conf/sonar.properties
index ba9e406d732..07fb50c7c18 100644
--- a/sonar-application/src/main/assembly/conf/sonar.properties
+++ b/sonar-application/src/main/assembly/conf/sonar.properties
@@ -116,6 +116,29 @@ sonar.jdbc.timeBetweenEvictionRunsMillis=30000
 # and the first provider that supports the keystore type is used (see sonar.web.https.keystoreType).
 #sonar.web.https.keystoreProvider=
 
+# HTTPS - the pathname of the truststore file which contains trusted certificate authorities.
+# By default, this would be the cacerts file in your JRE.
+# If truststoreFile doesn't need a file use empty value.
+#sonar.web.https.truststoreFile=
+
+# HTTPS - the password used to access the specified truststore file. 
+#sonar.web.https.truststorePass=
+
+# HTTPS - the type of truststore file to be used.
+# The default value is JKS (Java KeyStore).
+#sonar.web.https.truststoreType=JKS
+
+# HTTPS - the name of the truststore provider to be used for the server certificate.
+# If not specified, the list of registered providers is traversed in preference order
+# and the first provider that supports the truststore type is used (see sonar.web.https.truststoreType).
+#sonar.web.https.truststoreProvider=
+
+# HTTPS - whether to enable client certificate authentication.
+# The default is false (client certificates disabled).
+# Other possible values are 'want' (certificates will be requested, but not required),
+# and 'true' (certificates are required).
+#sonar.web.https.clientAuth=false
+
 # The maximum number of connections that the server will accept and process at any given time.
 # When this number has been reached, the server will not accept any more connections until
 # the number of connections falls below this value. The operating system may still accept connections
diff --git a/sonar-application/src/main/java/org/sonar/application/Connectors.java b/sonar-application/src/main/java/org/sonar/application/Connectors.java
index 5b60362a0dc..3011fc00f80 100644
--- a/sonar-application/src/main/java/org/sonar/application/Connectors.java
+++ b/sonar-application/src/main/java/org/sonar/application/Connectors.java
@@ -102,7 +102,11 @@ class Connectors {
       setConnectorAttribute(connector, "keystoreFile", props.of("sonar.web.https.keystoreFile"));
       setConnectorAttribute(connector, "keystoreType", props.of("sonar.web.https.keystoreType", "JKS"));
       setConnectorAttribute(connector, "keystoreProvider", props.of("sonar.web.https.keystoreProvider"));
-      setConnectorAttribute(connector, "clientAuth", false);
+      setConnectorAttribute(connector, "truststorePass", props.of("sonar.web.https.truststorePass", "changeit"));
+      setConnectorAttribute(connector, "truststoreFile", props.of("sonar.web.https.truststoreFile"));
+      setConnectorAttribute(connector, "truststoreType", props.of("sonar.web.https.truststoreType", "JKS"));
+      setConnectorAttribute(connector, "truststoreProvider", props.of("sonar.web.https.truststoreProvider"));
+      setConnectorAttribute(connector, "clientAuth", props.of("sonar.web.https.clientAuth", "false"));
       setConnectorAttribute(connector, "sslProtocol", "TLS");
       setConnectorAttribute(connector, "SSLEnabled", true);
       info("HTTPS connector is enabled on port " + port);
diff --git a/sonar-application/src/test/java/org/sonar/application/ConnectorsTest.java b/sonar-application/src/test/java/org/sonar/application/ConnectorsTest.java
index b207e98441e..c2ac054a808 100644
--- a/sonar-application/src/test/java/org/sonar/application/ConnectorsTest.java
+++ b/sonar-application/src/test/java/org/sonar/application/ConnectorsTest.java
@@ -124,7 +124,8 @@ public class ConnectorsTest {
       @Override
       public boolean matches(Object o) {
         Connector c = (Connector) o;
-        return c.getScheme().equals("https") && c.getPort() == 9443;
+        return c.getScheme().equals("https") && c.getPort() == 9443
+        		&& c.getProperty("clientAuth").equals("false");
       }
     }));
   }
@@ -256,6 +257,52 @@ public class ConnectorsTest {
     verify(tomcat.getServer(), never()).setShutdown(anyString());
   }
 
+  @Test
+  public void enable_client_auth() throws Exception {
+	  
+    Properties p = new Properties();
+
+    p.setProperty("sonar.web.port", "-1");
+    p.setProperty("sonar.web.https.port", "9443");
+    p.setProperty("sonar.web.https.clientAuth", "want");
+    
+    Props props = new Props(p);
+
+    Connectors.configure(tomcat, props);
+
+    verify(tomcat).setConnector(argThat(new ArgumentMatcher<Connector>() {
+        @Override
+        public boolean matches(Object o) {
+          Connector c = (Connector) o;
+          return c.getScheme().equals("https") && c.getProperty("clientAuth").equals("want");
+        }
+      }));
+  }
+
+  @Test
+  public void require_client_auth() throws Exception {
+	  
+    Properties p = new Properties();
+
+    p.setProperty("sonar.web.port", "-1");
+    p.setProperty("sonar.web.https.port", "9443");
+    p.setProperty("sonar.web.https.clientAuth", "true");
+    
+    Props props = new Props(p);
+
+    Connectors.configure(tomcat, props);
+
+    verify(tomcat).setConnector(argThat(new ArgumentMatcher<Connector>() {
+        @Override
+        public boolean matches(Object o) {
+          Connector c = (Connector) o;
+          return c.getScheme().equals("https") && c.getProperty("clientAuth").equals("true");
+        }
+      }));
+  }
+ 
+  
+
   private static class PropertiesMatcher extends ArgumentMatcher<Connector> {
     private final Map<String, Object> expected;