Update to netty-tcnative 2.0.31.Final and make SslErrorTest more robust (#10392)
Motivation: There was a new netty-tcnative release which we should use. Beside this the SSLErrorTest was quite fragile and so should be adjusted. Modifications: Update netty-tcnative and adjust test Result: Use latest netty-tcnative release
This commit is contained in:
Norman Maurer
parent
f7fa9fce72
commit
0c79863db5
@ -54,6 +54,7 @@ import java.security.cert.CertificateNotYetValidException;
|
|||||||
import java.security.cert.CertificateRevokedException;
|
import java.security.cert.CertificateRevokedException;
|
||||||
import java.security.cert.X509Certificate;
|
import java.security.cert.X509Certificate;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
|
import java.util.Arrays;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
@ -255,28 +256,20 @@ public class SslErrorTest {
|
|||||||
CertPathValidatorException.Reason reason =
|
CertPathValidatorException.Reason reason =
|
||||||
((CertPathValidatorException) exception.getCause()).getReason();
|
((CertPathValidatorException) exception.getCause()).getReason();
|
||||||
if (reason == CertPathValidatorException.BasicReason.EXPIRED) {
|
if (reason == CertPathValidatorException.BasicReason.EXPIRED) {
|
||||||
verifyException(unwrappedCause, "expired", promise);
|
verifyException(unwrappedCause, promise, "expired");
|
||||||
} else if (reason == CertPathValidatorException.BasicReason.NOT_YET_VALID) {
|
} else if (reason == CertPathValidatorException.BasicReason.NOT_YET_VALID) {
|
||||||
// BoringSSL uses "expired" in this case while others use "bad"
|
// BoringSSL may use "expired" in this case while others use "bad"
|
||||||
if (OpenSsl.isBoringSSL()) {
|
verifyException(unwrappedCause, promise, "expired", "bad");
|
||||||
verifyException(unwrappedCause, "expired", promise);
|
|
||||||
} else {
|
|
||||||
verifyException(unwrappedCause, "bad", promise);
|
|
||||||
}
|
|
||||||
} else if (reason == CertPathValidatorException.BasicReason.REVOKED) {
|
} else if (reason == CertPathValidatorException.BasicReason.REVOKED) {
|
||||||
verifyException(unwrappedCause, "revoked", promise);
|
verifyException(unwrappedCause, promise, "revoked");
|
||||||
}
|
}
|
||||||
} else if (exception instanceof CertificateExpiredException) {
|
} else if (exception instanceof CertificateExpiredException) {
|
||||||
verifyException(unwrappedCause, "expired", promise);
|
verifyException(unwrappedCause, promise, "expired");
|
||||||
} else if (exception instanceof CertificateNotYetValidException) {
|
} else if (exception instanceof CertificateNotYetValidException) {
|
||||||
// BoringSSL uses "expired" in this case while others use "bad"
|
// BoringSSL may use "expired" in this case while others use "bad"
|
||||||
if (OpenSsl.isBoringSSL()) {
|
verifyException(unwrappedCause, promise, "expired", "bad");
|
||||||
verifyException(unwrappedCause, "expired", promise);
|
|
||||||
} else {
|
|
||||||
verifyException(unwrappedCause, "bad", promise);
|
|
||||||
}
|
|
||||||
} else if (exception instanceof CertificateRevokedException) {
|
} else if (exception instanceof CertificateRevokedException) {
|
||||||
verifyException(unwrappedCause, "revoked", promise);
|
verifyException(unwrappedCause, promise, "revoked");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -284,20 +277,27 @@ public class SslErrorTest {
|
|||||||
|
|
||||||
// Its a bit hacky to verify against the message that is part of the exception but there is no other way
|
// Its a bit hacky to verify against the message that is part of the exception but there is no other way
|
||||||
// at the moment as there are no different exceptions for the different alerts.
|
// at the moment as there are no different exceptions for the different alerts.
|
||||||
private void verifyException(Throwable cause, String messagePart, Promise<Void> promise) {
|
private void verifyException(Throwable cause, Promise<Void> promise, String... messageParts) {
|
||||||
String message = cause.getMessage();
|
String message = cause.getMessage();
|
||||||
if (message.toLowerCase(Locale.UK).contains(messagePart.toLowerCase(Locale.UK)) ||
|
|
||||||
// When the error is produced on the client side and the client side uses JDK as provider it will always
|
// When the error is produced on the client side and the client side uses JDK as provider it will always
|
||||||
// use "certificate unknown".
|
// use "certificate unknown".
|
||||||
!serverProduceError && clientProvider == SslProvider.JDK &&
|
if (!serverProduceError && clientProvider == SslProvider.JDK &&
|
||||||
message.toLowerCase(Locale.UK).contains("unknown")) {
|
message.toLowerCase(Locale.UK).contains("unknown")) {
|
||||||
promise.setSuccess(null);
|
promise.setSuccess(null);
|
||||||
} else {
|
return;
|
||||||
Throwable error = new AssertionError("message not contains '" + messagePart + "': " + message);
|
}
|
||||||
|
|
||||||
|
for (String m: messageParts) {
|
||||||
|
if (message.toLowerCase(Locale.UK).contains(m.toLowerCase(Locale.UK))) {
|
||||||
|
promise.setSuccess(null);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Throwable error = new AssertionError("message not contains any of '"
|
||||||
|
+ Arrays.toString(messageParts) + "': " + message);
|
||||||
error.initCause(cause);
|
error.initCause(cause);
|
||||||
promise.setFailure(error);
|
promise.setFailure(error);
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
private static final class TestCertificateException extends CertificateException {
|
private static final class TestCertificateException extends CertificateException {
|
||||||
private static final long serialVersionUID = -5816338303868751410L;
|
private static final long serialVersionUID = -5816338303868751410L;
|
||||||
|
|||||||
2
pom.xml
2
pom.xml
@ -346,7 +346,7 @@
|
|||||||
<!-- keep in sync with PlatformDependent#ALLOWED_LINUX_OS_CLASSIFIERS -->
|
<!-- keep in sync with PlatformDependent#ALLOWED_LINUX_OS_CLASSIFIERS -->
|
||||||
<os.detection.classifierWithLikes>fedora,suse,arch</os.detection.classifierWithLikes>
|
<os.detection.classifierWithLikes>fedora,suse,arch</os.detection.classifierWithLikes>
|
||||||
<tcnative.artifactId>netty-tcnative</tcnative.artifactId>
|
<tcnative.artifactId>netty-tcnative</tcnative.artifactId>
|
||||||
<tcnative.version>2.0.29.Final</tcnative.version>
|
<tcnative.version>2.0.31.Final</tcnative.version>
|
||||||
<tcnative.classifier>${os.detected.classifier}</tcnative.classifier>
|
<tcnative.classifier>${os.detected.classifier}</tcnative.classifier>
|
||||||
<conscrypt.groupId>org.conscrypt</conscrypt.groupId>
|
<conscrypt.groupId>org.conscrypt</conscrypt.groupId>
|
||||||
<conscrypt.artifactId>conscrypt-openjdk-uber</conscrypt.artifactId>
|
<conscrypt.artifactId>conscrypt-openjdk-uber</conscrypt.artifactId>
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user