diff options
Diffstat (limited to 'sonar-application')
3 files changed, 76 insertions, 2 deletions
diff --git a/sonar-application/src/main/assembly/conf/sonar.properties b/sonar-application/src/main/assembly/conf/sonar.properties index ba9e406d732..07fb50c7c18 100644 --- a/sonar-application/src/main/assembly/conf/sonar.properties +++ b/sonar-application/src/main/assembly/conf/sonar.properties @@ -116,6 +116,29 @@ sonar.jdbc.timeBetweenEvictionRunsMillis=30000 # and the first provider that supports the keystore type is used (see sonar.web.https.keystoreType). #sonar.web.https.keystoreProvider= +# HTTPS - the pathname of the truststore file which contains trusted certificate authorities. +# By default, this would be the cacerts file in your JRE. +# If truststoreFile doesn't need a file use empty value. +#sonar.web.https.truststoreFile= + +# HTTPS - the password used to access the specified truststore file. +#sonar.web.https.truststorePass= + +# HTTPS - the type of truststore file to be used. +# The default value is JKS (Java KeyStore). +#sonar.web.https.truststoreType=JKS + +# HTTPS - the name of the truststore provider to be used for the server certificate. +# If not specified, the list of registered providers is traversed in preference order +# and the first provider that supports the truststore type is used (see sonar.web.https.truststoreType). +#sonar.web.https.truststoreProvider= + +# HTTPS - whether to enable client certificate authentication. +# The default is false (client certificates disabled). +# Other possible values are 'want' (certificates will be requested, but not required), +# and 'true' (certificates are required). +#sonar.web.https.clientAuth=false + # The maximum number of connections that the server will accept and process at any given time. # When this number has been reached, the server will not accept any more connections until # the number of connections falls below this value. The operating system may still accept connections diff --git a/sonar-application/src/main/java/org/sonar/application/Connectors.java b/sonar-application/src/main/java/org/sonar/application/Connectors.java index 5b60362a0dc..3011fc00f80 100644 --- a/sonar-application/src/main/java/org/sonar/application/Connectors.java +++ b/sonar-application/src/main/java/org/sonar/application/Connectors.java @@ -102,7 +102,11 @@ class Connectors { setConnectorAttribute(connector, "keystoreFile", props.of("sonar.web.https.keystoreFile")); setConnectorAttribute(connector, "keystoreType", props.of("sonar.web.https.keystoreType", "JKS")); setConnectorAttribute(connector, "keystoreProvider", props.of("sonar.web.https.keystoreProvider")); - setConnectorAttribute(connector, "clientAuth", false); + setConnectorAttribute(connector, "truststorePass", props.of("sonar.web.https.truststorePass", "changeit")); + setConnectorAttribute(connector, "truststoreFile", props.of("sonar.web.https.truststoreFile")); + setConnectorAttribute(connector, "truststoreType", props.of("sonar.web.https.truststoreType", "JKS")); + setConnectorAttribute(connector, "truststoreProvider", props.of("sonar.web.https.truststoreProvider")); + setConnectorAttribute(connector, "clientAuth", props.of("sonar.web.https.clientAuth", "false")); setConnectorAttribute(connector, "sslProtocol", "TLS"); setConnectorAttribute(connector, "SSLEnabled", true); info("HTTPS connector is enabled on port " + port); diff --git a/sonar-application/src/test/java/org/sonar/application/ConnectorsTest.java b/sonar-application/src/test/java/org/sonar/application/ConnectorsTest.java index b207e98441e..c2ac054a808 100644 --- a/sonar-application/src/test/java/org/sonar/application/ConnectorsTest.java +++ b/sonar-application/src/test/java/org/sonar/application/ConnectorsTest.java @@ -124,7 +124,8 @@ public class ConnectorsTest { @Override public boolean matches(Object o) { Connector c = (Connector) o; - return c.getScheme().equals("https") && c.getPort() == 9443; + return c.getScheme().equals("https") && c.getPort() == 9443 + && c.getProperty("clientAuth").equals("false"); } })); } @@ -256,6 +257,52 @@ public class ConnectorsTest { verify(tomcat.getServer(), never()).setShutdown(anyString()); } + @Test + public void enable_client_auth() throws Exception { + + Properties p = new Properties(); + + p.setProperty("sonar.web.port", "-1"); + p.setProperty("sonar.web.https.port", "9443"); + p.setProperty("sonar.web.https.clientAuth", "want"); + + Props props = new Props(p); + + Connectors.configure(tomcat, props); + + verify(tomcat).setConnector(argThat(new ArgumentMatcher<Connector>() { + @Override + public boolean matches(Object o) { + Connector c = (Connector) o; + return c.getScheme().equals("https") && c.getProperty("clientAuth").equals("want"); + } + })); + } + + @Test + public void require_client_auth() throws Exception { + + Properties p = new Properties(); + + p.setProperty("sonar.web.port", "-1"); + p.setProperty("sonar.web.https.port", "9443"); + p.setProperty("sonar.web.https.clientAuth", "true"); + + Props props = new Props(p); + + Connectors.configure(tomcat, props); + + verify(tomcat).setConnector(argThat(new ArgumentMatcher<Connector>() { + @Override + public boolean matches(Object o) { + Connector c = (Connector) o; + return c.getScheme().equals("https") && c.getProperty("clientAuth").equals("true"); + } + })); + } + + + private static class PropertiesMatcher extends ArgumentMatcher<Connector> { private final Map<String, Object> expected; |