Skip to content

Commit

Permalink
Merge pull request #4 from chromy96/3-fetching-crl-hangs-forever
Browse files Browse the repository at this point in the history 
Introduce default connection timeouts for crl fetcher
  • Loading branch information
@aaron-kumar
aaron-kumar authored Aug 15, 2024
2 parents e792a24 + f0af17c commit cf742fc
Show file tree
Hide file tree
Showing 2 changed files with 68 additions and 1 deletion.
8 changes: 7 additions & 1 deletion src/main/java/network/oxalis/commons/certvalidator/util/SimpleCachingCrlFetcher.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,9 @@
import network.oxalis.commons.certvalidator.api.CrlFetcher;

import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.net.URLConnection;
import java.security.cert.CRLException;
import java.security.cert.X509CRL;

Expand Down Expand Up @@ -51,7 +53,11 @@ protected X509CRL download(String url) throws CertificateValidationException {

protected X509CRL httpDownload(String url) throws CertificateValidationException {
try {
return CrlUtils.load(URI.create(url).toURL().openStream());
URLConnection urlConnection = URI.create(url).toURL().openConnection();
urlConnection.setConnectTimeout(30000);
urlConnection.setReadTimeout(30000);
InputStream inputStream = urlConnection.getInputStream();
return CrlUtils.load(inputStream);
} catch (IOException | CRLException e) {
throw new CertificateValidationException(String.format("Failed to download CRL '%s' (%s)", url, e.getMessage()), e);
}
Expand Down
61 changes: 61 additions & 0 deletions src/test/java/network/oxalis/commons/certvalidator/util/SimpleCachingCrlFetcherTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,17 @@
import org.testng.Assert;
import org.testng.annotations.Test;

import java.net.ServerSocket;
import java.security.cert.X509CRL;
import java.util.Date;

import com.sun.net.httpserver.HttpServer;
import com.sun.net.httpserver.HttpHandler;
import com.sun.net.httpserver.HttpExchange;

import java.io.IOException;
import java.net.InetSocketAddress;

public class SimpleCachingCrlFetcherTest {

@Test
Expand Down Expand Up @@ -54,4 +62,57 @@ public void triggerExceptionWithoutMessage() throws Exception {

crlFetcher.get(null);
}

@Test(enabled = false, expectedExceptions = CertificateValidationException.class)
public void testNonAccessibleHttpCert() throws Exception {
try {
NoResponseHttpServer.start();
CrlFetcher crlFetcher = new SimpleCachingCrlFetcher(new SimpleCrlCache());
crlFetcher.get("http://127.0.0.1:" + NoResponseHttpServer.getPort() + "/idontexist");
} finally {
NoResponseHttpServer.stop();
}
}

static class NoResponseHttpServer {

private static HttpServer server;

public static void start() throws IOException {
int port = getRandomAvailablePort();
server = HttpServer.create(new InetSocketAddress(port), 0);
server.createContext("/", new NoResponseHandler());
server.start();
}

public static void stop() {
if (server != null) {
server.stop(0);
}
}

public static int getPort() {
if (server == null) {
return -1;
}
return server.getAddress().getPort();
}

private static int getRandomAvailablePort() {
try (ServerSocket socket = new ServerSocket(0)) {
socket.setReuseAddress(true);
return socket.getLocalPort();
} catch (IOException e) {
throw new RuntimeException("Failed to find a random available port", e);
}
}

static class NoResponseHandler implements HttpHandler {
@Override
public void handle(HttpExchange exchange) throws IOException {
// Do nothing, effectively not sending a response
}
}
}

}

0 comments on commit cf742fc

Please sign in to comment.