aboutsummaryrefslogtreecommitdiffstats
path: root/sonar-application
diff options
context:
space:
mode:
Diffstat (limited to 'sonar-application')
-rw-r--r--sonar-application/src/main/assembly/conf/sonar.properties23
-rw-r--r--sonar-application/src/main/java/org/sonar/application/Connectors.java6
-rw-r--r--sonar-application/src/test/java/org/sonar/application/ConnectorsTest.java49
3 files changed, 76 insertions, 2 deletions
diff --git a/sonar-application/src/main/assembly/conf/sonar.properties b/sonar-application/src/main/assembly/conf/sonar.properties
index ba9e406d732..07fb50c7c18 100644
--- a/sonar-application/src/main/assembly/conf/sonar.properties
+++ b/sonar-application/src/main/assembly/conf/sonar.properties
@@ -116,6 +116,29 @@ sonar.jdbc.timeBetweenEvictionRunsMillis=30000
# and the first provider that supports the keystore type is used (see sonar.web.https.keystoreType).
#sonar.web.https.keystoreProvider=
+# HTTPS - the pathname of the truststore file which contains trusted certificate authorities.
+# By default, this would be the cacerts file in your JRE.
+# If truststoreFile doesn't need a file use empty value.
+#sonar.web.https.truststoreFile=
+
+# HTTPS - the password used to access the specified truststore file.
+#sonar.web.https.truststorePass=
+
+# HTTPS - the type of truststore file to be used.
+# The default value is JKS (Java KeyStore).
+#sonar.web.https.truststoreType=JKS
+
+# HTTPS - the name of the truststore provider to be used for the server certificate.
+# If not specified, the list of registered providers is traversed in preference order
+# and the first provider that supports the truststore type is used (see sonar.web.https.truststoreType).
+#sonar.web.https.truststoreProvider=
+
+# HTTPS - whether to enable client certificate authentication.
+# The default is false (client certificates disabled).
+# Other possible values are 'want' (certificates will be requested, but not required),
+# and 'true' (certificates are required).
+#sonar.web.https.clientAuth=false
+
# The maximum number of connections that the server will accept and process at any given time.
# When this number has been reached, the server will not accept any more connections until
# the number of connections falls below this value. The operating system may still accept connections
diff --git a/sonar-application/src/main/java/org/sonar/application/Connectors.java b/sonar-application/src/main/java/org/sonar/application/Connectors.java
index 5b60362a0dc..3011fc00f80 100644
--- a/sonar-application/src/main/java/org/sonar/application/Connectors.java
+++ b/sonar-application/src/main/java/org/sonar/application/Connectors.java
@@ -102,7 +102,11 @@ class Connectors {
setConnectorAttribute(connector, "keystoreFile", props.of("sonar.web.https.keystoreFile"));
setConnectorAttribute(connector, "keystoreType", props.of("sonar.web.https.keystoreType", "JKS"));
setConnectorAttribute(connector, "keystoreProvider", props.of("sonar.web.https.keystoreProvider"));
- setConnectorAttribute(connector, "clientAuth", false);
+ setConnectorAttribute(connector, "truststorePass", props.of("sonar.web.https.truststorePass", "changeit"));
+ setConnectorAttribute(connector, "truststoreFile", props.of("sonar.web.https.truststoreFile"));
+ setConnectorAttribute(connector, "truststoreType", props.of("sonar.web.https.truststoreType", "JKS"));
+ setConnectorAttribute(connector, "truststoreProvider", props.of("sonar.web.https.truststoreProvider"));
+ setConnectorAttribute(connector, "clientAuth", props.of("sonar.web.https.clientAuth", "false"));
setConnectorAttribute(connector, "sslProtocol", "TLS");
setConnectorAttribute(connector, "SSLEnabled", true);
info("HTTPS connector is enabled on port " + port);
diff --git a/sonar-application/src/test/java/org/sonar/application/ConnectorsTest.java b/sonar-application/src/test/java/org/sonar/application/ConnectorsTest.java
index b207e98441e..c2ac054a808 100644
--- a/sonar-application/src/test/java/org/sonar/application/ConnectorsTest.java
+++ b/sonar-application/src/test/java/org/sonar/application/ConnectorsTest.java
@@ -124,7 +124,8 @@ public class ConnectorsTest {
@Override
public boolean matches(Object o) {
Connector c = (Connector) o;
- return c.getScheme().equals("https") && c.getPort() == 9443;
+ return c.getScheme().equals("https") && c.getPort() == 9443
+ && c.getProperty("clientAuth").equals("false");
}
}));
}
@@ -256,6 +257,52 @@ public class ConnectorsTest {
verify(tomcat.getServer(), never()).setShutdown(anyString());
}
+ @Test
+ public void enable_client_auth() throws Exception {
+
+ Properties p = new Properties();
+
+ p.setProperty("sonar.web.port", "-1");
+ p.setProperty("sonar.web.https.port", "9443");
+ p.setProperty("sonar.web.https.clientAuth", "want");
+
+ Props props = new Props(p);
+
+ Connectors.configure(tomcat, props);
+
+ verify(tomcat).setConnector(argThat(new ArgumentMatcher<Connector>() {
+ @Override
+ public boolean matches(Object o) {
+ Connector c = (Connector) o;
+ return c.getScheme().equals("https") && c.getProperty("clientAuth").equals("want");
+ }
+ }));
+ }
+
+ @Test
+ public void require_client_auth() throws Exception {
+
+ Properties p = new Properties();
+
+ p.setProperty("sonar.web.port", "-1");
+ p.setProperty("sonar.web.https.port", "9443");
+ p.setProperty("sonar.web.https.clientAuth", "true");
+
+ Props props = new Props(p);
+
+ Connectors.configure(tomcat, props);
+
+ verify(tomcat).setConnector(argThat(new ArgumentMatcher<Connector>() {
+ @Override
+ public boolean matches(Object o) {
+ Connector c = (Connector) o;
+ return c.getScheme().equals("https") && c.getProperty("clientAuth").equals("true");
+ }
+ }));
+ }
+
+
+
private static class PropertiesMatcher extends ArgumentMatcher<Connector> {
private final Map<String, Object> expected;