Fail the build if we can't load the OpenSSL library (#11269)

Motivation:

We should better fail the build if we can't load the OpenSSL library to ensure we not introduce a regression at some point related to native library loading

Modifications:

Remove usages of assumeTrue and let the tests fail if we cant load the native lib

Result:

Ensure we not regress
This commit is contained in:
Norman Maurer 2021-05-19 08:19:15 +02:00 committed by GitHub
parent 1a67c1feb8
commit 08dbd72758
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 55 additions and 42 deletions

View File

@ -25,11 +25,11 @@ services:
build-leak: build-leak:
<<: *common <<: *common
command: /bin/bash -cl "./mvnw -Pleak clean install -Dio.netty.testsuite.badHost=netty.io" command: /bin/bash -cl "./mvnw -Pleak clean install -Dio.netty.testsuite.badHost=netty.io -Dtcnative.classifier=linux-x86_64-fedora"
build: build:
<<: *common <<: *common
command: /bin/bash -cl "./mvnw clean install -Dio.netty.testsuite.badHost=netty.io" command: /bin/bash -cl "./mvnw clean install -Dio.netty.testsuite.badHost=netty.io -Dtcnative.classifier=linux-x86_64-fedora"
deploy: deploy:
<<: *common <<: *common
@ -52,7 +52,7 @@ services:
- ~/.m2:/root/.m2 - ~/.m2:/root/.m2
- ~/local-staging:/root/local-staging - ~/local-staging:/root/local-staging
- ..:/code - ..:/code
command: /bin/bash -cl "cat <(echo -e \"${GPG_PRIVATE_KEY}\") | gpg --batch --import && ./mvnw clean javadoc:jar package gpg:sign org.sonatype.plugins:nexus-staging-maven-plugin:deploy -DnexusUrl=https://oss.sonatype.org -DserverId=sonatype-nexus-staging -DaltStagingDirectory=/root/local-staging -DskipRemoteStaging=true -DskipTests=true -Dgpg.passphrase=${GPG_PASSPHRASE} -Dgpg.keyname=${GPG_KEYNAME}" command: /bin/bash -cl "cat <(echo -e \"${GPG_PRIVATE_KEY}\") | gpg --batch --import && ./mvnw clean javadoc:jar package gpg:sign org.sonatype.plugins:nexus-staging-maven-plugin:deploy -DnexusUrl=https://oss.sonatype.org -DserverId=sonatype-nexus-staging -DaltStagingDirectory=/root/local-staging -DskipRemoteStaging=true -DskipTests=true -Dgpg.passphrase=${GPG_PASSPHRASE} -Dgpg.keyname=${GPG_KEYNAME} -Dtcnative.classifier=linux-x86_64-fedora"
build-boringssl-static: build-boringssl-static:
<<: *common <<: *common

View File

@ -58,7 +58,7 @@ public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest {
@BeforeClass @BeforeClass
public static void checkOpenssl() { public static void checkOpenssl() {
assumeTrue(OpenSsl.isAvailable()); OpenSsl.ensureAvailability();
} }
@Override @Override

View File

@ -63,7 +63,7 @@ public class JdkOpenSslEngineInteroptTest extends SSLEngineTest {
@BeforeClass @BeforeClass
public static void checkOpenSsl() { public static void checkOpenSsl() {
assumeTrue(OpenSsl.isAvailable()); OpenSsl.ensureAvailability();
} }
@Override @Override

View File

@ -17,16 +17,20 @@ package io.netty.handler.ssl;
import io.netty.internal.tcnative.CertificateVerifier; import io.netty.internal.tcnative.CertificateVerifier;
import org.junit.Assert; import org.junit.Assert;
import org.junit.Assume; import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;
import java.lang.reflect.Field; import java.lang.reflect.Field;
public class OpenSslCertificateExceptionTest { public class OpenSslCertificateExceptionTest {
@BeforeClass
public static void ensureOpenSsl() {
OpenSsl.ensureAvailability();
}
@Test @Test
public void testValidErrorCode() throws Exception { public void testValidErrorCode() throws Exception {
Assume.assumeTrue(OpenSsl.isAvailable());
Field[] fields = CertificateVerifier.class.getFields(); Field[] fields = CertificateVerifier.class.getFields();
for (Field field : fields) { for (Field field : fields) {
if (field.isAccessible()) { if (field.isAccessible()) {
@ -39,13 +43,11 @@ public class OpenSslCertificateExceptionTest {
@Test(expected = IllegalArgumentException.class) @Test(expected = IllegalArgumentException.class)
public void testNonValidErrorCode() { public void testNonValidErrorCode() {
Assume.assumeTrue(OpenSsl.isAvailable());
new OpenSslCertificateException(Integer.MIN_VALUE); new OpenSslCertificateException(Integer.MIN_VALUE);
} }
@Test @Test
public void testCanBeInstancedWhenOpenSslIsNotAvailable() { public void testCanBeInstancedWhenOpenSslIsNotAvailable() {
Assume.assumeFalse(OpenSsl.isAvailable());
new OpenSslCertificateException(0); new OpenSslCertificateException(0);
} }
} }

View File

@ -21,13 +21,11 @@ import org.junit.BeforeClass;
import javax.net.ssl.SSLException; import javax.net.ssl.SSLException;
import java.io.File; import java.io.File;
import static org.junit.Assume.assumeTrue;
public class OpenSslClientContextTest extends SslContextTest { public class OpenSslClientContextTest extends SslContextTest {
@BeforeClass @BeforeClass
public static void checkOpenSsl() { public static void checkOpenSsl() {
assumeTrue(OpenSsl.isAvailable()); OpenSsl.ensureAvailability();
} }
@Override @Override

View File

@ -57,7 +57,7 @@ public class OpenSslConscryptSslEngineInteropTest extends ConscryptSslEngineTest
@BeforeClass @BeforeClass
public static void checkOpenssl() { public static void checkOpenssl() {
assumeTrue(OpenSsl.isAvailable()); OpenSsl.ensureAvailability();
} }
@Override @Override

View File

@ -110,7 +110,7 @@ public class OpenSslEngineTest extends SSLEngineTest {
@BeforeClass @BeforeClass
public static void checkOpenSsl() { public static void checkOpenSsl() {
assumeTrue(OpenSsl.isAvailable()); OpenSsl.ensureAvailability();
} }
@Override @Override
@ -1321,6 +1321,7 @@ public class OpenSslEngineTest extends SSLEngineTest {
@Test(expected = SSLException.class) @Test(expected = SSLException.class)
public void testNoKeyFound() throws Exception { public void testNoKeyFound() throws Exception {
checkShouldUseKeyManagerFactory();
clientSslCtx = wrapContext(SslContextBuilder clientSslCtx = wrapContext(SslContextBuilder
.forClient() .forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE)

View File

@ -33,7 +33,7 @@ public class OpenSslKeyMaterialManagerTest {
@Test @Test
public void testChooseClientAliasReturnsNull() throws SSLException { public void testChooseClientAliasReturnsNull() throws SSLException {
Assume.assumeTrue(OpenSsl.isAvailable()); OpenSsl.ensureAvailability();
X509ExtendedKeyManager keyManager = new X509ExtendedKeyManager() { X509ExtendedKeyManager keyManager = new X509ExtendedKeyManager() {
@Override @Override

View File

@ -42,7 +42,7 @@ public class OpenSslKeyMaterialProviderTest {
@BeforeClass @BeforeClass
public static void checkOpenSsl() { public static void checkOpenSsl() {
assumeTrue(OpenSsl.isAvailable()); OpenSsl.ensureAvailability();
} }
protected KeyManagerFactory newKeyManagerFactory() throws Exception { protected KeyManagerFactory newKeyManagerFactory() throws Exception {

View File

@ -30,7 +30,7 @@ public class OpenSslRenegotiateTest extends RenegotiateTest {
@BeforeClass @BeforeClass
public static void checkOpenSsl() { public static void checkOpenSsl() {
assumeTrue(OpenSsl.isAvailable()); OpenSsl.ensureAvailability();
} }
@Override @Override

View File

@ -28,12 +28,11 @@ public class OpenSslServerContextTest extends SslContextTest {
@BeforeClass @BeforeClass
public static void checkOpenSsl() { public static void checkOpenSsl() {
assumeTrue(OpenSsl.isAvailable()); OpenSsl.ensureAvailability();
} }
@Override @Override
protected SslContext newSslContext(File crtFile, File keyFile, String pass) throws SSLException { protected SslContext newSslContext(File crtFile, File keyFile, String pass) throws SSLException {
Assume.assumeTrue(OpenSsl.isAvailable());
return new OpenSslServerContext(crtFile, keyFile, pass); return new OpenSslServerContext(crtFile, keyFile, pass);
} }
} }

View File

@ -45,7 +45,7 @@ public class PemEncodedTest {
} }
private static void testPemEncoded(SslProvider provider) throws Exception { private static void testPemEncoded(SslProvider provider) throws Exception {
assumeTrue(OpenSsl.isAvailable()); OpenSsl.ensureAvailability();
assumeFalse(OpenSsl.useKeyManagerFactory()); assumeFalse(OpenSsl.useKeyManagerFactory());
PemPrivateKey pemKey; PemPrivateKey pemKey;
PemX509Certificate pemCert; PemX509Certificate pemCert;

View File

@ -48,7 +48,7 @@ public class ReferenceCountedOpenSslEngineTest extends OpenSslEngineTest {
@Override @Override
protected void cleanupClientSslEngine(SSLEngine engine) { protected void cleanupClientSslEngine(SSLEngine engine) {
ReferenceCountUtil.release(engine); ReferenceCountUtil.release(unwrapEngine(engine));
} }
@Override @Override
@ -58,7 +58,7 @@ public class ReferenceCountedOpenSslEngineTest extends OpenSslEngineTest {
@Override @Override
protected void cleanupServerSslEngine(SSLEngine engine) { protected void cleanupServerSslEngine(SSLEngine engine) {
ReferenceCountUtil.release(engine); ReferenceCountUtil.release(unwrapEngine(engine));
} }
@Test(expected = NullPointerException.class) @Test(expected = NullPointerException.class)

View File

@ -47,7 +47,7 @@ public class SslContextBuilderTest {
@Test @Test
public void testClientContextFromFileOpenssl() throws Exception { public void testClientContextFromFileOpenssl() throws Exception {
Assume.assumeTrue(OpenSsl.isAvailable()); OpenSsl.ensureAvailability();
testClientContextFromFile(SslProvider.OPENSSL); testClientContextFromFile(SslProvider.OPENSSL);
} }
@ -58,7 +58,7 @@ public class SslContextBuilderTest {
@Test @Test
public void testClientContextOpenssl() throws Exception { public void testClientContextOpenssl() throws Exception {
Assume.assumeTrue(OpenSsl.isAvailable()); OpenSsl.ensureAvailability();
testClientContext(SslProvider.OPENSSL); testClientContext(SslProvider.OPENSSL);
} }
@ -69,7 +69,7 @@ public class SslContextBuilderTest {
@Test @Test
public void testKeyStoreTypeOpenssl() throws Exception { public void testKeyStoreTypeOpenssl() throws Exception {
Assume.assumeTrue(OpenSsl.isAvailable()); OpenSsl.ensureAvailability();
testKeyStoreType(SslProvider.OPENSSL); testKeyStoreType(SslProvider.OPENSSL);
} }
@ -80,7 +80,7 @@ public class SslContextBuilderTest {
@Test @Test
public void testServerContextFromFileOpenssl() throws Exception { public void testServerContextFromFileOpenssl() throws Exception {
Assume.assumeTrue(OpenSsl.isAvailable()); OpenSsl.ensureAvailability();
testServerContextFromFile(SslProvider.OPENSSL); testServerContextFromFile(SslProvider.OPENSSL);
} }
@ -91,7 +91,7 @@ public class SslContextBuilderTest {
@Test @Test
public void testServerContextOpenssl() throws Exception { public void testServerContextOpenssl() throws Exception {
Assume.assumeTrue(OpenSsl.isAvailable()); OpenSsl.ensureAvailability();
testServerContext(SslProvider.OPENSSL); testServerContext(SslProvider.OPENSSL);
} }
@ -102,7 +102,7 @@ public class SslContextBuilderTest {
@Test @Test
public void testContextFromManagersOpenssl() throws Exception { public void testContextFromManagersOpenssl() throws Exception {
Assume.assumeTrue(OpenSsl.isAvailable()); OpenSsl.ensureAvailability();
Assume.assumeTrue(OpenSsl.useKeyManagerFactory()); Assume.assumeTrue(OpenSsl.useKeyManagerFactory());
testContextFromManagers(SslProvider.OPENSSL); testContextFromManagers(SslProvider.OPENSSL);
} }
@ -155,13 +155,13 @@ public class SslContextBuilderTest {
@Test(expected = IllegalArgumentException.class) @Test(expected = IllegalArgumentException.class)
public void testInvalidCipherJdk() throws Exception { public void testInvalidCipherJdk() throws Exception {
Assume.assumeTrue(OpenSsl.isAvailable()); OpenSsl.ensureAvailability();
testInvalidCipher(SslProvider.JDK); testInvalidCipher(SslProvider.JDK);
} }
@Test @Test
public void testInvalidCipherOpenSSL() throws Exception { public void testInvalidCipherOpenSSL() throws Exception {
Assume.assumeTrue(OpenSsl.isAvailable()); OpenSsl.ensureAvailability();
try { try {
// This may fail or not depending on the OpenSSL version used // This may fail or not depending on the OpenSSL version used
// See https://github.com/openssl/openssl/issues/7196 // See https://github.com/openssl/openssl/issues/7196

View File

@ -127,7 +127,7 @@ public class SslErrorTest {
public void testCorrectAlert() throws Exception { public void testCorrectAlert() throws Exception {
// As this only works correctly at the moment when OpenSslEngine is used on the server-side there is // As this only works correctly at the moment when OpenSslEngine is used on the server-side there is
// no need to run it if there is no openssl is available at all. // no need to run it if there is no openssl is available at all.
Assume.assumeTrue(OpenSsl.isAvailable()); OpenSsl.ensureAvailability();
SelfSignedCertificate ssc = new SelfSignedCertificate(); SelfSignedCertificate ssc = new SelfSignedCertificate();

View File

@ -367,7 +367,7 @@ public class SslHandlerTest {
@Test @Test
public void testReleaseSslEngine() throws Exception { public void testReleaseSslEngine() throws Exception {
assumeTrue(OpenSsl.isAvailable()); OpenSsl.ensureAvailability();
SelfSignedCertificate cert = new SelfSignedCertificate(); SelfSignedCertificate cert = new SelfSignedCertificate();
try { try {
@ -1136,7 +1136,7 @@ public class SslHandlerTest {
} }
private static void testSessionTickets(SslProvider provider, String protocol, boolean withKey) throws Throwable { private static void testSessionTickets(SslProvider provider, String protocol, boolean withKey) throws Throwable {
assumeTrue(OpenSsl.isAvailable()); OpenSsl.ensureAvailability();
final SslContext sslClientCtx = SslContextBuilder.forClient() final SslContext sslClientCtx = SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE) .trustManager(InsecureTrustManagerFactory.INSTANCE)
.sslProvider(provider) .sslProvider(provider)
@ -1418,13 +1418,13 @@ public class SslHandlerTest {
@Test @Test
public void testHandshakeFailureCipherMissmatchTLSv12OpenSsl() throws Exception { public void testHandshakeFailureCipherMissmatchTLSv12OpenSsl() throws Exception {
Assume.assumeTrue(OpenSsl.isAvailable()); OpenSsl.ensureAvailability();
testHandshakeFailureCipherMissmatch(SslProvider.OPENSSL, false); testHandshakeFailureCipherMissmatch(SslProvider.OPENSSL, false);
} }
@Test @Test
public void testHandshakeFailureCipherMissmatchTLSv13OpenSsl() throws Exception { public void testHandshakeFailureCipherMissmatchTLSv13OpenSsl() throws Exception {
Assume.assumeTrue(OpenSsl.isAvailable()); OpenSsl.ensureAvailability();
Assume.assumeTrue(SslProvider.isTlsv13Supported(SslProvider.OPENSSL)); Assume.assumeTrue(SslProvider.isTlsv13Supported(SslProvider.OPENSSL));
Assume.assumeFalse("BoringSSL does not support setting ciphers for TLSv1.3 explicit", OpenSsl.isBoringSSL()); Assume.assumeFalse("BoringSSL does not support setting ciphers for TLSv1.3 explicit", OpenSsl.isBoringSSL());
testHandshakeFailureCipherMissmatch(SslProvider.OPENSSL, true); testHandshakeFailureCipherMissmatch(SslProvider.OPENSSL, true);
@ -1537,7 +1537,7 @@ public class SslHandlerTest {
@Test @Test
public void testHandshakeEventsTls12Openssl() throws Exception { public void testHandshakeEventsTls12Openssl() throws Exception {
assumeTrue(OpenSsl.isAvailable()); OpenSsl.ensureAvailability();
testHandshakeEvents(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_2); testHandshakeEvents(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_2);
} }
@ -1549,7 +1549,7 @@ public class SslHandlerTest {
@Test @Test
public void testHandshakeEventsTls13Openssl() throws Exception { public void testHandshakeEventsTls13Openssl() throws Exception {
assumeTrue(OpenSsl.isAvailable()); OpenSsl.ensureAvailability();
assumeTrue(SslProvider.isTlsv13Supported(SslProvider.OPENSSL)); assumeTrue(SslProvider.isTlsv13Supported(SslProvider.OPENSSL));
testHandshakeEvents(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_3); testHandshakeEvents(SslProvider.OPENSSL, SslUtils.PROTOCOL_TLS_V1_3);
} }

View File

@ -240,14 +240,25 @@ public class NettyBlockHoundIntegrationTest {
} }
@Test @Test
public void testTrustManagerVerify() throws Exception { public void testTrustManagerVerifyJDK() throws Exception {
testTrustManagerVerify("TLSv1.2"); testTrustManagerVerify(SslProvider.JDK, "TLSv1.2");
} }
@Test @Test
public void testTrustManagerVerifyTLSv13() throws Exception { public void testTrustManagerVerifyTLSv13JDK() throws Exception {
assumeTrue(SslProvider.isTlsv13Supported(SslProvider.JDK)); assumeTrue(SslProvider.isTlsv13Supported(SslProvider.JDK));
testTrustManagerVerify("TLSv1.3"); testTrustManagerVerify(SslProvider.JDK, "TLSv1.3");
}
@Test
public void testTrustManagerVerifyOpenSSL() throws Exception {
testTrustManagerVerify(SslProvider.OPENSSL, "TLSv1.2");
}
@Test
public void testTrustManagerVerifyTLSv13OpenSSL() throws Exception {
assumeTrue(SslProvider.isTlsv13Supported(SslProvider.OPENSSL));
testTrustManagerVerify(SslProvider.OPENSSL, "TLSv1.3");
} }
@Test @Test
@ -378,9 +389,10 @@ public class NettyBlockHoundIntegrationTest {
} }
} }
private static void testTrustManagerVerify(String tlsVersion) throws Exception { private static void testTrustManagerVerify(SslProvider provider, String tlsVersion) throws Exception {
final SslContext sslClientCtx = final SslContext sslClientCtx =
SslContextBuilder.forClient() SslContextBuilder.forClient()
.sslProvider(provider)
.protocols(tlsVersion) .protocols(tlsVersion)
.trustManager(ResourcesUtil.getFile( .trustManager(ResourcesUtil.getFile(
NettyBlockHoundIntegrationTest.class, "mutual_auth_ca.pem")) NettyBlockHoundIntegrationTest.class, "mutual_auth_ca.pem"))
@ -392,6 +404,7 @@ public class NettyBlockHoundIntegrationTest {
ResourcesUtil.getFile( ResourcesUtil.getFile(
NettyBlockHoundIntegrationTest.class, "localhost_server.key"), NettyBlockHoundIntegrationTest.class, "localhost_server.key"),
null) null)
.sslProvider(provider)
.protocols(tlsVersion) .protocols(tlsVersion)
.build(); .build();