andreacavalli/netty5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Migrate the rest of the ssl package to junit5 (#11483)

Browse Source 
Motivation:

We should use junit5 everywhere.

Modifications:

- Refactor rest of tests to use junit5

Result:

Part of https://github.com/netty/netty/issues/10757
This commit is contained in:
Norman Maurer 2021-07-15 08:50:24 +02:00
parent d5ddd8b680
commit 23bf55206c
22 changed files with 1584 additions and 1508 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
handler/src/test/java/io/netty/handler/ssl/AmazonCorrettoSslEngineTest.java
View File

@ -17,48 +17,28 @@ package io.netty.handler.ssl;
import com.amazon.corretto.crypto.provider.AmazonCorrettoCryptoProvider;
import com.amazon.corretto.crypto.provider.SelfTestStatus;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.condition.DisabledIf;
import javax.crypto.Cipher;
import java.security.Security;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import static org.junit.Assume.assumeTrue;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNull;
@RunWith(Parameterized.class)
@DisabledIf("checkIfAccpIsDisabled")
public class AmazonCorrettoSslEngineTest extends SSLEngineTest {
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}")
public static Collection<Object[]> data() {
List<Object[]> params = new ArrayList<Object[]>();
for (BufferType type: BufferType.values()) {
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true });
if (SslProvider.isTlsv13Supported(SslProvider.JDK)) {
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false });
}
}
return params;
static boolean checkIfAccpIsDisabled() {
return AmazonCorrettoCryptoProvider.INSTANCE.getLoadingError() != null ||
!AmazonCorrettoCryptoProvider.INSTANCE.runSelfTests().equals(SelfTestStatus.PASSED);
}
public AmazonCorrettoSslEngineTest(BufferType type, ProtocolCipherCombo combo, boolean delegate) {
super(type, combo, delegate);
}
@BeforeClass
public static void checkAccp() {
assumeTrue(AmazonCorrettoCryptoProvider.INSTANCE.getLoadingError() == null &&
AmazonCorrettoCryptoProvider.INSTANCE.runSelfTests().equals(SelfTestStatus.PASSED));
public AmazonCorrettoSslEngineTest() {
super(SslProvider.isTlsv13Supported(SslProvider.JDK));
}
@Override
@ -71,7 +51,7 @@ public class AmazonCorrettoSslEngineTest extends SSLEngineTest {
return SslProvider.JDK;
}
@Before
@BeforeEach
@Override
public void setup() {
// See https://github.com/corretto/amazon-corretto-crypto-provider/blob/develop/README.md#code
@ -81,7 +61,7 @@ public class AmazonCorrettoSslEngineTest extends SSLEngineTest {
try {
AmazonCorrettoCryptoProvider.INSTANCE.assertHealthy();
String providerName = Cipher.getInstance("AES/GCM/NoPadding").getProvider().getName();
Assert.assertEquals(AmazonCorrettoCryptoProvider.PROVIDER_NAME, providerName);
assertEquals(AmazonCorrettoCryptoProvider.PROVIDER_NAME, providerName);
} catch (Throwable e) {
Security.removeProvider(AmazonCorrettoCryptoProvider.PROVIDER_NAME);
throw new AssertionError(e);
@ -89,24 +69,24 @@ public class AmazonCorrettoSslEngineTest extends SSLEngineTest {
super.setup();
}
@After
@AfterEach
@Override
public void tearDown() throws InterruptedException {
super.tearDown();
// Remove the provider again and verify that it was removed
Security.removeProvider(AmazonCorrettoCryptoProvider.PROVIDER_NAME);
Assert.assertNull(Security.getProvider(AmazonCorrettoCryptoProvider.PROVIDER_NAME));
assertNull(Security.getProvider(AmazonCorrettoCryptoProvider.PROVIDER_NAME));
}
@Ignore /* Does the JDK support a "max certificate chain length"? */
@Disabled /* Does the JDK support a "max certificate chain length"? */
@Override
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() {
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param) {
}
@Ignore /* Does the JDK support a "max certificate chain length"? */
@Disabled /* Does the JDK support a "max certificate chain length"? */
@Override
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() {
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param) {
}
@Override

41
handler/src/test/java/io/netty/handler/ssl/ConscryptJdkSslEngineInteropTest.java
View File

@ -16,39 +16,22 @@
package io.netty.handler.ssl;
import java.security.Provider;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.condition.DisabledIf;
import javax.net.ssl.SSLSessionContext;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import static org.junit.Assume.assumeTrue;
@RunWith(Parameterized.class)
@DisabledIf("checkConscryptDisabled")
public class ConscryptJdkSslEngineInteropTest extends SSLEngineTest {
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}")
public static Collection<Object[]> data() {
List<Object[]> params = new ArrayList<>();
for (BufferType type: BufferType.values()) {
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true });
}
return params;
public ConscryptJdkSslEngineInteropTest() {
super(false);
}
public ConscryptJdkSslEngineInteropTest(BufferType type, ProtocolCipherCombo combo, boolean delegate) {
super(type, combo, delegate);
}
@BeforeClass
public static void checkConscrypt() {
assumeTrue(Conscrypt.isAvailable());
static boolean checkConscryptDisabled() {
return !Conscrypt.isAvailable();
}
@Override
@ -66,14 +49,16 @@ public class ConscryptJdkSslEngineInteropTest extends SSLEngineTest {
return Java8SslTestUtils.conscryptProvider();
}
@Ignore /* Does the JDK support a "max certificate chain length"? */
@Disabled /* Does the JDK support a "max certificate chain length"? */
@Override
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception {
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param)
throws Exception {
}
@Ignore /* Does the JDK support a "max certificate chain length"? */
@Disabled /* Does the JDK support a "max certificate chain length"? */
@Override
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception {
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param)
throws Exception {
}
@Override

118
handler/src/test/java/io/netty/handler/ssl/ConscryptOpenSslEngineInteropTest.java
View File

@ -15,48 +15,35 @@
*/
package io.netty.handler.ssl;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.condition.DisabledIf;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSessionContext;
import java.security.Provider;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory;
import static org.junit.Assume.assumeTrue;
import static org.junit.jupiter.api.Assumptions.assumeTrue;
@RunWith(Parameterized.class)
@DisabledIf("checkConscryptDisabled")
public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest {
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}, useTasks = {3}")
public static Collection<Object[]> data() {
List<Object[]> params = new ArrayList<Object[]>();
for (BufferType type: BufferType.values()) {
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, true });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, true });
@Override
protected List<SSLEngineTestParam> newTestParams() {
List<SSLEngineTestParam> params = super.newTestParams();
List<SSLEngineTestParam> testParams = new ArrayList<SSLEngineTestParam>();
for (SSLEngineTestParam param: params) {
testParams.add(new OpenSslEngineTestParam(true, param));
testParams.add(new OpenSslEngineTestParam(false, param));
}
return params;
return testParams;
}
private final boolean useTasks;
public ConscryptOpenSslEngineInteropTest(BufferType type, ProtocolCipherCombo combo,
boolean delegate, boolean useTasks) {
super(type, combo, delegate);
this.useTasks = useTasks;
}
@BeforeClass
@BeforeAll
public static void checkOpenssl() {
OpenSsl.ensureAvailability();
}
@ -77,17 +64,15 @@ public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest {
}
@Override
@Test
@Ignore("TODO: Make this work with Conscrypt")
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() {
super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth();
@Disabled("TODO: Make this work with Conscrypt")
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param) {
super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(param);
}
@Override
@Test
@Ignore("TODO: Make this work with Conscrypt")
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() {
super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth();
@Disabled("TODO: Make this work with Conscrypt")
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param) {
super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(param);
}
@Override
@ -97,45 +82,42 @@ public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest {
}
@Override
@Test
public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth() throws Exception {
public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(SSLEngineTestParam param)
throws Exception {
checkShouldUseKeyManagerFactory();
super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth();
super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(param);
}
@Override
@Test
public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth() throws Exception {
public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(SSLEngineTestParam param)
throws Exception {
checkShouldUseKeyManagerFactory();
super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth();
super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(param);
}
@Override
@Test
public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth() throws Exception {
public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(SSLEngineTestParam param)
throws Exception {
checkShouldUseKeyManagerFactory();
super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth();
super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(param);
}
@Override
@Test
public void testSessionAfterHandshakeKeyManagerFactory() throws Exception {
public void testSessionAfterHandshakeKeyManagerFactory(SSLEngineTestParam param) throws Exception {
checkShouldUseKeyManagerFactory();
super.testSessionAfterHandshakeKeyManagerFactory();
super.testSessionAfterHandshakeKeyManagerFactory(param);
}
@Override
@Test
public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth() throws Exception {
public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth(SSLEngineTestParam param) throws Exception {
checkShouldUseKeyManagerFactory();
super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth();
super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth(param);
}
@Override
@Test
public void testSupportedSignatureAlgorithms() throws Exception {
public void testSupportedSignatureAlgorithms(SSLEngineTestParam param) throws Exception {
checkShouldUseKeyManagerFactory();
super.testSupportedSignatureAlgorithms();
super.testSupportedSignatureAlgorithms(param);
}
@Override
@ -145,18 +127,17 @@ public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest {
}
@Override
@Test
public void testSessionLocalWhenNonMutualWithKeyManager() throws Exception {
public void testSessionLocalWhenNonMutualWithKeyManager(SSLEngineTestParam param) throws Exception {
checkShouldUseKeyManagerFactory();
super.testSessionLocalWhenNonMutualWithKeyManager();
super.testSessionLocalWhenNonMutualWithKeyManager(param);
}
@Override
public void testSessionLocalWhenNonMutualWithoutKeyManager() throws Exception {
public void testSessionLocalWhenNonMutualWithoutKeyManager(SSLEngineTestParam param) throws Exception {
// This only really works when the KeyManagerFactory is supported as otherwise we not really know when
// we need to provide a cert.
assumeTrue(OpenSsl.supportsKeyManagerFactory());
super.testSessionLocalWhenNonMutualWithoutKeyManager();
super.testSessionLocalWhenNonMutualWithoutKeyManager(param);
}
@Override
@ -165,24 +146,21 @@ public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest {
}
@Override
@Test
public void testSessionCache() throws Exception {
public void testSessionCache(SSLEngineTestParam param) throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCache();
super.testSessionCache(param);
}
@Override
@Test
public void testSessionCacheTimeout() throws Exception {
public void testSessionCacheTimeout(SSLEngineTestParam param) throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCacheTimeout();
super.testSessionCacheTimeout(param);
}
@Override
@Test
public void testSessionCacheSize() throws Exception {
public void testSessionCacheSize(SSLEngineTestParam param) throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCacheSize();
super.testSessionCacheSize(param);
}
@Override
@ -192,9 +170,11 @@ public class ConscryptOpenSslEngineInteropTest extends ConscryptSslEngineTest {
@SuppressWarnings("deprecation")
@Override
protected SslContext wrapContext(SslContext context) {
protected SslContext wrapContext(SSLEngineTestParam param, SslContext context) {
if (context instanceof OpenSslContext) {
((OpenSslContext) context).setUseTasks(useTasks);
if (param instanceof OpenSslEngineTestParam) {
((OpenSslContext) context).setUseTasks(((OpenSslEngineTestParam) param).useTasks);
}
// Explicit enable the session cache as its disabled by default on the client side.
((OpenSslContext) context).sessionContext().setSessionCacheEnabled(true);
}

45
handler/src/test/java/io/netty/handler/ssl/ConscryptSslEngineTest.java
View File

@ -15,39 +15,22 @@
*/
package io.netty.handler.ssl;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.condition.DisabledIf;
import javax.net.ssl.SSLSessionContext;
import java.security.Provider;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import static org.junit.Assume.assumeTrue;
@RunWith(Parameterized.class)
@DisabledIf("checkConscryptDisabled")
public class ConscryptSslEngineTest extends SSLEngineTest {
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}")
public static Collection<Object[]> data() {
List<Object[]> params = new ArrayList<>();
for (BufferType type: BufferType.values()) {
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true });
}
return params;
static boolean checkConscryptDisabled() {
return !Conscrypt.isAvailable();
}
public ConscryptSslEngineTest(BufferType type, ProtocolCipherCombo combo, boolean delegate) {
super(type, combo, delegate);
}
@BeforeClass
public static void checkConscrypt() {
assumeTrue(Conscrypt.isAvailable());
public ConscryptSslEngineTest() {
super(false);
}
@Override
@ -70,14 +53,14 @@ public class ConscryptSslEngineTest extends SSLEngineTest {
return Java8SslTestUtils.conscryptProvider();
}
@Ignore /* Does the JDK support a "max certificate chain length"? */
@Disabled /* Does the JDK support a "max certificate chain length"? */
@Override
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() {
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param) {
}
@Ignore /* Does the JDK support a "max certificate chain length"? */
@Disabled /* Does the JDK support a "max certificate chain length"? */
@Override
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() {
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param) {
}
@Override
@ -85,8 +68,8 @@ public class ConscryptSslEngineTest extends SSLEngineTest {
// Not supported by conscrypt
}
@Ignore("Possible Conscrypt bug")
public void testSessionCacheTimeout() throws Exception {
@Disabled("Possible Conscrypt bug")
public void testSessionCacheTimeout(SSLEngineTestParam param) throws Exception {
// Skip
// https://github.com/google/conscrypt/issues/851
}

4
handler/src/test/java/io/netty/handler/ssl/Java8SslTestUtils.java
View File

@ -29,7 +29,7 @@ import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import static org.junit.Assert.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertNotNull;
public final class Java8SslTestUtils {
@ -70,7 +70,7 @@ public final class Java8SslTestUtils {
InputStream is = null;
try {
is = SslContextTest.class.getResourceAsStream(resourceName);
assertNotNull("Cannot find " + resourceName, is);
assertNotNull(is, "Cannot find " + resourceName);
certCollection[i] = (X509Certificate) certFactory
.generateCertificate(is);
} finally {

57
handler/src/test/java/io/netty/handler/ssl/JdkConscryptSslEngineInteropTest.java
View File

@ -17,39 +17,20 @@ package io.netty.handler.ssl;
import java.security.Provider;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.condition.DisabledIf;
import javax.net.ssl.SSLSessionContext;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import static org.junit.Assume.assumeTrue;
@RunWith(Parameterized.class)
@DisabledIf("checkConscryptDisabled")
public class JdkConscryptSslEngineInteropTest extends SSLEngineTest {
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}")
public static Collection<Object[]> data() {
List<Object[]> params = new ArrayList<>();
for (BufferType type: BufferType.values()) {
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true });
}
return params;
static boolean checkConscryptDisabled() {
return !Conscrypt.isAvailable();
}
public JdkConscryptSslEngineInteropTest(BufferType type, ProtocolCipherCombo combo, boolean delegate) {
super(type, combo, delegate);
}
@BeforeClass
public static void checkConscrypt() {
assumeTrue(Conscrypt.isAvailable());
public JdkConscryptSslEngineInteropTest() {
super(false);
}
@Override
@ -68,17 +49,17 @@ public class JdkConscryptSslEngineInteropTest extends SSLEngineTest {
}
@Override
@Test
@Ignore("TODO: Make this work with Conscrypt")
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception {
super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth();
@Disabled("TODO: Make this work with Conscrypt")
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param)
throws Exception {
super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(param);
}
@Override
@Test
@Ignore("TODO: Make this work with Conscrypt")
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception {
super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth();
@Disabled("TODO: Make this work with Conscrypt")
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param)
throws Exception {
super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(param);
}
@Override
@ -87,9 +68,9 @@ public class JdkConscryptSslEngineInteropTest extends SSLEngineTest {
return super.mySetupMutualAuthServerIsValidClientException(cause) || causedBySSLException(cause);
}
@Ignore("Ignore due bug in Conscrypt")
@Disabled("Ignore due bug in Conscrypt")
@Override
public void testHandshakeSession() throws Exception {
public void testHandshakeSession(SSLEngineTestParam param) throws Exception {
// Ignore as Conscrypt does not correctly return the local certificates while the TrustManager is invoked.
// See https://github.com/google/conscrypt/issues/634
}
@ -99,8 +80,8 @@ public class JdkConscryptSslEngineInteropTest extends SSLEngineTest {
// Not supported by conscrypt
}
@Ignore("Possible Conscrypt bug")
public void testSessionCacheTimeout() {
@Disabled("Possible Conscrypt bug")
public void testSessionCacheTimeout(SSLEngineTestParam param) {
// Skip
// https://github.com/google/conscrypt/issues/851
}

143
handler/src/test/java/io/netty/handler/ssl/JdkOpenSslEngineInteroptTest.java
View File

@ -15,54 +15,36 @@
*/
package io.netty.handler.ssl;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Disabled;
import javax.net.ssl.SSLEngine;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory;
import static io.netty.internal.tcnative.SSL.SSL_CVERIFY_IGNORED;
import static org.junit.Assume.assumeTrue;
import static org.junit.jupiter.api.Assumptions.assumeTrue;
@RunWith(Parameterized.class)
public class JdkOpenSslEngineInteroptTest extends SSLEngineTest {
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}, useTasks = {3}")
public static Collection<Object[]> data() {
List<Object[]> params = new ArrayList<>();
for (BufferType type: BufferType.values()) {
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, true });
public JdkOpenSslEngineInteroptTest() {
super(SslProvider.isTlsv13Supported(SslProvider.JDK) &&
SslProvider.isTlsv13Supported(SslProvider.OPENSSL));
}
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, true });
if (SslProvider.isTlsv13Supported(SslProvider.JDK) && SslProvider.isTlsv13Supported(SslProvider.OPENSSL)) {
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false, false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false, true });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true, false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true, true });
}
@Override
protected List<SSLEngineTestParam> newTestParams() {
List<SSLEngineTestParam> params = super.newTestParams();
List<SSLEngineTestParam> testParams = new ArrayList<SSLEngineTestParam>();
for (SSLEngineTestParam param: params) {
testParams.add(new OpenSslEngineTestParam(true, param));
testParams.add(new OpenSslEngineTestParam(false, param));
}
return params;
return testParams;
}
private final boolean useTasks;
public JdkOpenSslEngineInteroptTest(BufferType type, ProtocolCipherCombo protocolCipherCombo,
boolean delegate, boolean useTasks) {
super(type, protocolCipherCombo, delegate);
this.useTasks = useTasks;
}
@BeforeClass
@BeforeAll
public static void checkOpenSsl() {
OpenSsl.ensureAvailability();
}
@ -78,59 +60,55 @@ public class JdkOpenSslEngineInteroptTest extends SSLEngineTest {
}
@Override
@Test
@Ignore("Disable until figured out why this sometimes fail on the CI")
public void testMutualAuthSameCerts() throws Throwable {
super.testMutualAuthSameCerts();
@Disabled("Disable until figured out why this sometimes fail on the CI")
public void testMutualAuthSameCerts(SSLEngineTestParam param) throws Throwable {
super.testMutualAuthSameCerts(param);
}
public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(SSLEngineTestParam param)
throws Exception {
checkShouldUseKeyManagerFactory();
super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(param);
}
@Override
@Test
public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth() throws Exception {
public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(SSLEngineTestParam param)
throws Exception {
checkShouldUseKeyManagerFactory();
super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth();
super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(param);
}
@Override
@Test
public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth() throws Exception {
public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(SSLEngineTestParam param)
throws Exception {
checkShouldUseKeyManagerFactory();
super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth();
super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(param);
}
@Override
@Test
public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth() throws Exception {
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param)
throws Exception {
checkShouldUseKeyManagerFactory();
super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth();
super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(param);
}
@Override
@Test
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception {
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param)
throws Exception {
checkShouldUseKeyManagerFactory();
super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth();
super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(param);
}
@Override
@Test
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception {
public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth(SSLEngineTestParam param) throws Exception {
checkShouldUseKeyManagerFactory();
super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth();
super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth(param);
}
@Override
@Test
public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth() throws Exception {
public void testSessionAfterHandshakeKeyManagerFactory(SSLEngineTestParam param) throws Exception {
checkShouldUseKeyManagerFactory();
super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth();
}
@Override
@Test
public void testSessionAfterHandshakeKeyManagerFactory() throws Exception {
checkShouldUseKeyManagerFactory();
super.testSessionAfterHandshakeKeyManagerFactory();
super.testSessionAfterHandshakeKeyManagerFactory(param);
}
@Override
@ -146,52 +124,47 @@ public class JdkOpenSslEngineInteroptTest extends SSLEngineTest {
}
@Override
public void testHandshakeSession() throws Exception {
public void testHandshakeSession(SSLEngineTestParam param) throws Exception {
checkShouldUseKeyManagerFactory();
super.testHandshakeSession();
super.testHandshakeSession(param);
}
@Override
@Test
public void testSupportedSignatureAlgorithms() throws Exception {
public void testSupportedSignatureAlgorithms(SSLEngineTestParam param) throws Exception {
checkShouldUseKeyManagerFactory();
super.testSupportedSignatureAlgorithms();
super.testSupportedSignatureAlgorithms(param);
}
@Override
@Test
public void testSessionLocalWhenNonMutualWithKeyManager() throws Exception {
public void testSessionLocalWhenNonMutualWithKeyManager(SSLEngineTestParam param) throws Exception {
checkShouldUseKeyManagerFactory();
super.testSessionLocalWhenNonMutualWithKeyManager();
super.testSessionLocalWhenNonMutualWithKeyManager(param);
}
@Override
public void testSessionLocalWhenNonMutualWithoutKeyManager() throws Exception {
public void testSessionLocalWhenNonMutualWithoutKeyManager(SSLEngineTestParam param) throws Exception {
// This only really works when the KeyManagerFactory is supported as otherwise we not really know when
// we need to provide a cert.
assumeTrue(OpenSsl.supportsKeyManagerFactory());
super.testSessionLocalWhenNonMutualWithoutKeyManager();
super.testSessionLocalWhenNonMutualWithoutKeyManager(param);
}
@Override
@Test
public void testSessionCache() throws Exception {
public void testSessionCache(SSLEngineTestParam param) throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCache();
super.testSessionCache(param);
}
@Override
@Test
public void testSessionCacheTimeout() throws Exception {
public void testSessionCacheTimeout(SSLEngineTestParam param) throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCacheTimeout();
super.testSessionCacheTimeout(param);
}
@Override
@Test
public void testSessionCacheSize() throws Exception {
public void testSessionCacheSize(SSLEngineTestParam param) throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCacheSize();
super.testSessionCacheSize(param);
}
@Override
@ -201,9 +174,9 @@ public class JdkOpenSslEngineInteroptTest extends SSLEngineTest {
@SuppressWarnings("deprecation")
@Override
protected SslContext wrapContext(SslContext context) {
if (context instanceof OpenSslContext) {
((OpenSslContext) context).setUseTasks(useTasks);
protected SslContext wrapContext(SSLEngineTestParam param, SslContext context) {
if (context instanceof OpenSslContext && param instanceof OpenSslEngineTestParam) {
((OpenSslContext) context).setUseTasks(((OpenSslEngineTestParam) param).useTasks);
// Explicit enable the session cache as its disabled by default on the client side.
((OpenSslContext) context).sessionContext().setSessionCacheEnabled(true);
}

184
handler/src/test/java/io/netty/handler/ssl/JdkSslEngineTest.java
View File

@ -22,25 +22,22 @@ import io.netty.handler.ssl.JdkApplicationProtocolNegotiator.ProtocolSelector;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import io.netty.handler.ssl.util.SelfSignedCertificate;
import java.security.Provider;
import java.util.ArrayList;
import java.util.Collection;
import io.netty.util.internal.EmptyArrays;
import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.junit.AssumptionViolatedException;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.MethodSource;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLHandshakeException;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assume.assumeNoException;
import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertTrue;
@RunWith(Parameterized.class)
public class JdkSslEngineTest extends SSLEngineTest {
public enum ProviderType {
NPN_JETTY {
@ -139,75 +136,88 @@ public class JdkSslEngineTest extends SSLEngineTest {
private static final String FALLBACK_APPLICATION_LEVEL_PROTOCOL = "my-protocol-http1_1";
private static final String APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE = "my-protocol-FOO";
@Parameterized.Parameters(name = "{index}: providerType = {0}, bufferType = {1}, combo = {2}, delegate = {3}")
public static Collection<Object[]> data() {
List<Object[]> params = new ArrayList<>();
for (ProviderType providerType : ProviderType.values()) {
for (BufferType bufferType : BufferType.values()) {
params.add(new Object[]{ providerType, bufferType, ProtocolCipherCombo.tlsv12(), true });
params.add(new Object[]{ providerType, bufferType, ProtocolCipherCombo.tlsv12(), false });
if (SslProvider.isTlsv13Supported(SslProvider.JDK)) {
params.add(new Object[] { providerType, bufferType, ProtocolCipherCombo.tlsv13(), true });
params.add(new Object[] { providerType, bufferType, ProtocolCipherCombo.tlsv13(), false });
}
}
}
return params;
}
private final ProviderType providerType;
private Provider provider;
public JdkSslEngineTest(ProviderType providerType, BufferType bufferType,
ProtocolCipherCombo protocolCipherCombo, boolean delegate) {
super(bufferType, protocolCipherCombo, delegate);
this.providerType = providerType;
public JdkSslEngineTest() {
super(SslProvider.isTlsv13Supported(SslProvider.JDK));
}
@Test
public void testTlsExtension() throws Exception {
List<JdkSSLEngineTestParam> newJdkParams() {
List<SSLEngineTestParam> params = newTestParams();
List<JdkSSLEngineTestParam> jdkParams = new ArrayList<JdkSSLEngineTestParam>();
for (ProviderType providerType: ProviderType.values()) {
for (SSLEngineTestParam param: params) {
jdkParams.add(new JdkSSLEngineTestParam(providerType, param));
}
}
return jdkParams;
}
private static final class JdkSSLEngineTestParam extends SSLEngineTestParam {
final ProviderType providerType;
JdkSSLEngineTestParam(ProviderType providerType, SSLEngineTestParam param) {
super(param.type(), param.combo(), param.delegate());
this.providerType = providerType;
}
@Override
public String toString() {
return "JdkSSLEngineTestParam{" +
"type=" + type() +
", protocolCipherCombo=" + combo() +
", delegate=" + delegate() +
", providerType=" + providerType +
'}';
}
}
@MethodSource("newJdkParams")
@ParameterizedTest
public void testTlsExtension(JdkSSLEngineTestParam param) throws Exception {
try {
providerType.activate(this);
ApplicationProtocolConfig apn = failingNegotiator(providerType.protocol(),
param.providerType.activate(this);
ApplicationProtocolConfig apn = failingNegotiator(param.providerType.protocol(),
PREFERRED_APPLICATION_LEVEL_PROTOCOL);
setupHandlers(apn);
setupHandlers(param, apn);
runTest();
} catch (SkipTestException e) {
// ALPN availability is dependent on the java version. If ALPN is not available because of
// java version incompatibility don't fail the test, but instead just skip the test
assumeNoException(e);
throw new AssumptionViolatedException("Not expected", e);
}
}
@Test
public void testTlsExtensionNoCompatibleProtocolsNoHandshakeFailure() throws Exception {
@MethodSource("newJdkParams")
@ParameterizedTest
public void testTlsExtensionNoCompatibleProtocolsNoHandshakeFailure(JdkSSLEngineTestParam param) throws Exception {
try {
providerType.activate(this);
ApplicationProtocolConfig clientApn = acceptingNegotiator(providerType.protocol(),
param.providerType.activate(this);
ApplicationProtocolConfig clientApn = acceptingNegotiator(param.providerType.protocol(),
PREFERRED_APPLICATION_LEVEL_PROTOCOL);
ApplicationProtocolConfig serverApn = acceptingNegotiator(providerType.protocol(),
ApplicationProtocolConfig serverApn = acceptingNegotiator(param.providerType.protocol(),
APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE);
setupHandlers(serverApn, clientApn);
setupHandlers(param, serverApn, clientApn);
runTest(null);
} catch (SkipTestException e) {
// ALPN availability is dependent on the java version. If ALPN is not available because of
// java version incompatibility don't fail the test, but instead just skip the test
assumeNoException(e);
throw new AssumptionViolatedException("Not expected", e);
}
}
@Test
public void testTlsExtensionNoCompatibleProtocolsClientHandshakeFailure() throws Exception {
@MethodSource("newJdkParams")
@ParameterizedTest
public void testTlsExtensionNoCompatibleProtocolsClientHandshakeFailure(JdkSSLEngineTestParam param)
throws Exception {
try {
providerType.activate(this);
if (providerType == ProviderType.NPN_JETTY) {
ApplicationProtocolConfig clientApn = failingNegotiator(providerType.protocol(),
param.providerType.activate(this);
if (param.providerType == ProviderType.NPN_JETTY) {
ApplicationProtocolConfig clientApn = failingNegotiator(param.providerType.protocol(),
PREFERRED_APPLICATION_LEVEL_PROTOCOL);
ApplicationProtocolConfig serverApn = acceptingNegotiator(providerType.protocol(),
ApplicationProtocolConfig serverApn = acceptingNegotiator(param.providerType.protocol(),
APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE);
setupHandlers(serverApn, clientApn);
setupHandlers(param, serverApn, clientApn);
assertTrue(clientLatch.await(2, TimeUnit.SECONDS));
assertTrue(clientException instanceof SSLHandshakeException);
} else {
@ -228,14 +238,15 @@ public class JdkSslEngineTest extends SSLEngineTest {
}, JdkBaseApplicationProtocolNegotiator.FAIL_SELECTION_LISTENER_FACTORY,
APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE);
SslContext serverSslCtx = new JdkSslServerContext(providerType.provider(),
SslContext serverSslCtx = new JdkSslServerContext(param.providerType.provider(),
ssc.certificate(), ssc.privateKey(), null, null,
IdentityCipherSuiteFilter.INSTANCE, serverApn, 0, 0);
SslContext clientSslCtx = new JdkSslClientContext(providerType.provider(), null,
SslContext clientSslCtx = new JdkSslClientContext(param.providerType.provider(), null,
InsecureTrustManagerFactory.INSTANCE, null,
IdentityCipherSuiteFilter.INSTANCE, clientApn, 0, 0);
setupHandlers(new TestDelegatingSslContext(serverSslCtx), new TestDelegatingSslContext(clientSslCtx));
setupHandlers(param.type(), param.delegate(), new TestDelegatingSslContext(param, serverSslCtx),
new TestDelegatingSslContext(param, clientSslCtx));
assertTrue(clientLatch.await(2, TimeUnit.SECONDS));
// When using TLSv1.3 the handshake is NOT sent in an extra round trip which means there will be
// no exception reported in this case but just the channel will be closed.
@ -244,35 +255,38 @@ public class JdkSslEngineTest extends SSLEngineTest {
} catch (SkipTestException e) {
// ALPN availability is dependent on the java version. If ALPN is not available because of
// java version incompatibility don't fail the test, but instead just skip the test
assumeNoException(e);
throw new AssumptionViolatedException("Not expected", e);
}
}
@Test
public void testTlsExtensionNoCompatibleProtocolsServerHandshakeFailure() throws Exception {
@MethodSource("newJdkParams")
@ParameterizedTest
public void testTlsExtensionNoCompatibleProtocolsServerHandshakeFailure(JdkSSLEngineTestParam param)
throws Exception {
try {
providerType.activate(this);
ApplicationProtocolConfig clientApn = acceptingNegotiator(providerType.protocol(),
param.providerType.activate(this);
ApplicationProtocolConfig clientApn = acceptingNegotiator(param.providerType.protocol(),
PREFERRED_APPLICATION_LEVEL_PROTOCOL);
ApplicationProtocolConfig serverApn = failingNegotiator(providerType.protocol(),
ApplicationProtocolConfig serverApn = failingNegotiator(param.providerType.protocol(),
APPLICATION_LEVEL_PROTOCOL_NOT_COMPATIBLE);
setupHandlers(serverApn, clientApn);
setupHandlers(param, serverApn, clientApn);
assertTrue(serverLatch.await(2, TimeUnit.SECONDS));
assertTrue(serverException instanceof SSLHandshakeException);
} catch (SkipTestException e) {
// ALPN availability is dependent on the java version. If ALPN is not available because of
// java version incompatibility don't fail the test, but instead just skip the test
assumeNoException(e);
throw new AssumptionViolatedException("Not expected", e);
}
}
@Test
public void testAlpnCompatibleProtocolsDifferentClientOrder() throws Exception {
@MethodSource("newJdkParams")
@ParameterizedTest
public void testAlpnCompatibleProtocolsDifferentClientOrder(JdkSSLEngineTestParam param) throws Exception {
try {
providerType.activate(this);
if (providerType == ProviderType.NPN_JETTY) {
param.providerType.activate(this);
if (param.providerType == ProviderType.NPN_JETTY) {
// This test only applies to ALPN.
throw tlsExtensionNotFound(providerType.protocol());
throw tlsExtensionNotFound(param.providerType.protocol());
}
// Even the preferred application protocol appears second in the client's list, it will be picked
// because it's the first one on server's list.
@ -280,29 +294,32 @@ public class JdkSslEngineTest extends SSLEngineTest {
FALLBACK_APPLICATION_LEVEL_PROTOCOL, PREFERRED_APPLICATION_LEVEL_PROTOCOL);
ApplicationProtocolConfig serverApn = failingNegotiator(Protocol.ALPN,
PREFERRED_APPLICATION_LEVEL_PROTOCOL, FALLBACK_APPLICATION_LEVEL_PROTOCOL);
setupHandlers(serverApn, clientApn);
setupHandlers(param, serverApn, clientApn);
assertNull(serverException);
runTest(PREFERRED_APPLICATION_LEVEL_PROTOCOL);
} catch (SkipTestException e) {
// ALPN availability is dependent on the java version. If ALPN is not available because of
// java version incompatibility don't fail the test, but instead just skip the test
assumeNoException(e);
throw new AssumptionViolatedException("Not expected", e);
}
}
@Test
public void testEnablingAnAlreadyDisabledSslProtocol() throws Exception {
testEnablingAnAlreadyDisabledSslProtocol(new String[]{}, new String[]{ SslProtocols.TLS_v1_2 });
@MethodSource("newTestParams")
@ParameterizedTest
public void testEnablingAnAlreadyDisabledSslProtocol(SSLEngineTestParam param) throws Exception {
testEnablingAnAlreadyDisabledSslProtocol(param, new String[]{}, new String[]{ SslProtocols.TLS_v1_2 });
}
@Ignore /* Does the JDK support a "max certificate chain length"? */
@Disabled /* Does the JDK support a "max certificate chain length"? */
@Override
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception {
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param)
throws Exception {
}
@Ignore /* Does the JDK support a "max certificate chain length"? */
@Disabled /* Does the JDK support a "max certificate chain length"? */
@Override
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception {
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param)
throws Exception {
}
@Override
@ -361,15 +378,18 @@ public class JdkSslEngineTest extends SSLEngineTest {
}
}
private final class TestDelegatingSslContext extends DelegatingSslContext {
TestDelegatingSslContext(SslContext ctx) {
private static final class TestDelegatingSslContext extends DelegatingSslContext {
private final SSLEngineTestParam param;
TestDelegatingSslContext(SSLEngineTestParam param, SslContext ctx) {
super(ctx);
this.param = param;
}
@Override
protected void initEngine(SSLEngine engine) {
engine.setEnabledProtocols(protocols());
engine.setEnabledCipherSuites(ciphers().toArray(EmptyArrays.EMPTY_STRINGS));
engine.setEnabledProtocols(param.protocols().toArray(EmptyArrays.EMPTY_STRINGS));
engine.setEnabledCipherSuites(param.ciphers().toArray(EmptyArrays.EMPTY_STRINGS));
}
}
}

4
handler/src/test/java/io/netty/handler/ssl/OpenSslClientContextTest.java
View File

@ -16,14 +16,14 @@
package io.netty.handler.ssl;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import org.junit.BeforeClass;
import org.junit.jupiter.api.BeforeAll;
import javax.net.ssl.SSLException;
import java.io.File;
public class OpenSslClientContextTest extends SslContextTest {
@BeforeClass
@BeforeAll
public static void checkOpenSsl() {
OpenSsl.ensureAvailability();
}

110
handler/src/test/java/io/netty/handler/ssl/OpenSslConscryptSslEngineInteropTest.java
View File

@ -15,47 +15,33 @@
*/
package io.netty.handler.ssl;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.condition.DisabledIf;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSessionContext;
import java.security.Provider;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory;
import static org.junit.Assume.assumeTrue;
import static org.junit.jupiter.api.Assumptions.assumeTrue;
@RunWith(Parameterized.class)
@DisabledIf("checkConscryptDisabled")
public class OpenSslConscryptSslEngineInteropTest extends ConscryptSslEngineTest {
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}, useTasks = {3}")
public static Collection<Object[]> data() {
List<Object[]> params = new ArrayList<Object[]>();
for (BufferType type: BufferType.values()) {
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, true });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, true });
@Override
protected List<SSLEngineTestParam> newTestParams() {
List<SSLEngineTestParam> params = super.newTestParams();
List<SSLEngineTestParam> testParams = new ArrayList<SSLEngineTestParam>();
for (SSLEngineTestParam param: params) {
testParams.add(new OpenSslEngineTestParam(true, param));
testParams.add(new OpenSslEngineTestParam(false, param));
}
return params;
return testParams;
}
private final boolean useTasks;
public OpenSslConscryptSslEngineInteropTest(BufferType type, ProtocolCipherCombo combo,
boolean delegate, boolean useTasks) {
super(type, combo, delegate);
this.useTasks = useTasks;
}
@BeforeClass
@BeforeAll
public static void checkOpenssl() {
OpenSsl.ensureAvailability();
}
@ -76,17 +62,15 @@ public class OpenSslConscryptSslEngineInteropTest extends ConscryptSslEngineTest
}
@Override
@Test
@Ignore("TODO: Make this work with Conscrypt")
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() {
super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth();
@Disabled("TODO: Make this work with Conscrypt")
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param) {
super.testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(param);
}
@Override
@Test
@Ignore("TODO: Make this work with Conscrypt")
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() {
super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth();
@Disabled("TODO: Make this work with Conscrypt")
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param) {
super.testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(param);
}
@Override
@ -96,38 +80,36 @@ public class OpenSslConscryptSslEngineInteropTest extends ConscryptSslEngineTest
}
@Override
@Test
public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth() throws Exception {
public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(SSLEngineTestParam param)
throws Exception {
checkShouldUseKeyManagerFactory();
super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth();
super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(param);
}
@Override
@Test
public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth() throws Exception {
public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(SSLEngineTestParam param)
throws Exception {
checkShouldUseKeyManagerFactory();
super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth();
super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(param);
}
@Override
@Test
public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth() throws Exception {
public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(SSLEngineTestParam param)
throws Exception {
checkShouldUseKeyManagerFactory();
super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth();
super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(param);
}
@Override
@Test
public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth() throws Exception {
public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth(SSLEngineTestParam param) throws Exception {
checkShouldUseKeyManagerFactory();
super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth();
super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth(param);
}
@Override
@Test
public void testSupportedSignatureAlgorithms() throws Exception {
public void testSupportedSignatureAlgorithms(SSLEngineTestParam param) throws Exception {
checkShouldUseKeyManagerFactory();
super.testSupportedSignatureAlgorithms();
super.testSupportedSignatureAlgorithms(param);
}
@Override
@ -137,31 +119,27 @@ public class OpenSslConscryptSslEngineInteropTest extends ConscryptSslEngineTest
}
@Override
@Test
public void testSessionLocalWhenNonMutualWithKeyManager() throws Exception {
public void testSessionLocalWhenNonMutualWithKeyManager(SSLEngineTestParam param) throws Exception {
checkShouldUseKeyManagerFactory();
super.testSessionLocalWhenNonMutualWithKeyManager();
super.testSessionLocalWhenNonMutualWithKeyManager(param);
}
@Override
@Test
public void testSessionCache() throws Exception {
public void testSessionCache(SSLEngineTestParam param) throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCache();
super.testSessionCache(param);
}
@Override
@Test
public void testSessionCacheTimeout() throws Exception {
public void testSessionCacheTimeout(SSLEngineTestParam param) throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCacheTimeout();
super.testSessionCacheTimeout(param);
}
@Override
@Test
public void testSessionCacheSize() throws Exception {
public void testSessionCacheSize(SSLEngineTestParam param) throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCacheSize();
super.testSessionCacheSize(param);
}
@Override
@ -176,9 +154,11 @@ public class OpenSslConscryptSslEngineInteropTest extends ConscryptSslEngineTest
@SuppressWarnings("deprecation")
@Override
protected SslContext wrapContext(SslContext context) {
protected SslContext wrapContext(SSLEngineTestParam param, SslContext context) {
if (context instanceof OpenSslContext) {
((OpenSslContext) context).setUseTasks(useTasks);
if (param instanceof OpenSslEngineTestParam) {
((OpenSslContext) context).setUseTasks(((OpenSslEngineTestParam) param).useTasks);
}
// Explicit enable the session cache as its disabled by default on the client side.
((OpenSslContext) context).sessionContext().setSessionCacheEnabled(true);
}

855
handler/src/test/java/io/netty/handler/ssl/OpenSslEngineTest.java
View File

File diff suppressed because it is too large Load Diff

34
handler/src/test/java/io/netty/handler/ssl/OpenSslEngineTestParam.java Normal file
View File

@ -0,0 +1,34 @@
/*
* Copyright 2021 The Netty Project
*
* The Netty Project licenses this file to you under the Apache License,
* version 2.0 (the "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at:
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*/
package io.netty.handler.ssl;
final class OpenSslEngineTestParam extends SSLEngineTest.SSLEngineTestParam {
final boolean useTasks;
OpenSslEngineTestParam(boolean useTasks, SSLEngineTest.SSLEngineTestParam param) {
super(param.type(), param.combo(), param.delegate());
this.useTasks = useTasks;
}
@Override
public String toString() {
return "OpenSslEngineTestParam{" +
"type=" + type() +
", protocolCipherCombo=" + combo() +
", delegate=" + delegate() +
", useTasks=" + useTasks +
'}';
}
}

5
handler/src/test/java/io/netty/handler/ssl/OpenSslErrorStackAssertSSLEngine.java
View File

@ -18,7 +18,6 @@ package io.netty.handler.ssl;
import io.netty.internal.tcnative.SSL;
import io.netty.util.ReferenceCounted;
import io.netty.util.internal.PlatformDependent;
import org.junit.Assert;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
@ -29,6 +28,8 @@ import java.nio.ByteBuffer;
import java.util.List;
import java.util.function.BiFunction;
import static org.junit.jupiter.api.Assertions.assertEquals;
/**
* Special {@link SSLEngine} which allows to wrap a {@link ReferenceCountedOpenSslEngine} and verify that that
* Error stack is empty after each method call.
@ -436,6 +437,6 @@ final class OpenSslErrorStackAssertSSLEngine extends JdkSslEngine implements Ref
private static void assertErrorStackEmpty() {
long error = SSL.getLastErrorNumber();
Assert.assertEquals("SSL error stack non-empty: " + SSL.getErrorString(error), 0, error);
assertEquals(0, error, "SSL error stack non-empty: " + SSL.getErrorString(error));
}
}

125
handler/src/test/java/io/netty/handler/ssl/OpenSslJdkSslEngineInteroptTest.java
View File

@ -15,57 +15,38 @@
*/
package io.netty.handler.ssl;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;
import org.junit.jupiter.api.BeforeAll;
import org.junit.jupiter.api.Disabled;
import javax.net.ssl.SSLEngine;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import static io.netty.handler.ssl.OpenSslTestUtils.checkShouldUseKeyManagerFactory;
import static org.junit.Assume.assumeTrue;
import static org.junit.jupiter.api.Assumptions.assumeTrue;
@RunWith(Parameterized.class)
public class OpenSslJdkSslEngineInteroptTest extends SSLEngineTest {
@Parameterized.Parameters(name = "{index}: bufferType = {0}, combo = {1}, delegate = {2}, useTasks = {3}")
public static Collection<Object[]> data() {
List<Object[]> params = new ArrayList<>();
for (BufferType type: BufferType.values()) {
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), false, true });
public OpenSslJdkSslEngineInteroptTest() {
super(SslProvider.isTlsv13Supported(SslProvider.JDK) &&
SslProvider.isTlsv13Supported(SslProvider.OPENSSL));
}
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, false});
params.add(new Object[] { type, ProtocolCipherCombo.tlsv12(), true, true });
if (SslProvider.isTlsv13Supported(SslProvider.JDK) && SslProvider.isTlsv13Supported(SslProvider.OPENSSL)) {
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false, false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), false, true });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true, false });
params.add(new Object[] { type, ProtocolCipherCombo.tlsv13(), true, true });
}
@Override
protected List<SSLEngineTestParam> newTestParams() {
List<SSLEngineTestParam> params = super.newTestParams();
List<SSLEngineTestParam> testParams = new ArrayList<SSLEngineTestParam>();
for (SSLEngineTestParam param: params) {
testParams.add(new OpenSslEngineTestParam(true, param));
testParams.add(new OpenSslEngineTestParam(false, param));
}
return params;
return testParams;
}
private final boolean useTasks;
public OpenSslJdkSslEngineInteroptTest(BufferType type, ProtocolCipherCombo combo,
boolean delegate, boolean useTasks) {
super(type, combo, delegate);
this.useTasks = useTasks;
}
@BeforeClass
@BeforeAll
public static void checkOpenSsl() {
assumeTrue(OpenSsl.isAvailable());
OpenSsl.ensureAvailability();
}
@Override
@ -78,42 +59,43 @@ public class OpenSslJdkSslEngineInteroptTest extends SSLEngineTest {
return SslProvider.JDK;
}
@Ignore /* Does the JDK support a "max certificate chain length"? */
@Disabled /* Does the JDK support a "max certificate chain length"? */
@Override
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth() throws Exception {
public void testMutualAuthValidClientCertChainTooLongFailOptionalClientAuth(SSLEngineTestParam param)
throws Exception {
}
@Ignore /* Does the JDK support a "max certificate chain length"? */
@Disabled /* Does the JDK support a "max certificate chain length"? */
@Override
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth() throws Exception {
public void testMutualAuthValidClientCertChainTooLongFailRequireClientAuth(SSLEngineTestParam param)
throws Exception {
}
@Override
@Test
public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth() throws Exception {
public void testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(SSLEngineTestParam param)
throws Exception {
checkShouldUseKeyManagerFactory();
super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth();
super.testMutualAuthInvalidIntermediateCASucceedWithOptionalClientAuth(param);
}
@Override
@Test
public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth() throws Exception {
public void testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(SSLEngineTestParam param)
throws Exception {
checkShouldUseKeyManagerFactory();
super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth();
super.testMutualAuthInvalidIntermediateCAFailWithOptionalClientAuth(param);
}
@Override
@Test
public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth() throws Exception {
public void testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(SSLEngineTestParam param)
throws Exception {
checkShouldUseKeyManagerFactory();
super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth();
super.testMutualAuthInvalidIntermediateCAFailWithRequiredClientAuth(param);
}
@Override
@Test
public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth() throws Exception {
public void testSessionAfterHandshakeKeyManagerFactoryMutualAuth(SSLEngineTestParam param) throws Exception {
checkShouldUseKeyManagerFactory();
super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth();
super.testSessionAfterHandshakeKeyManagerFactoryMutualAuth(param);
}
@Override
@ -123,52 +105,47 @@ public class OpenSslJdkSslEngineInteroptTest extends SSLEngineTest {
}
@Override
public void testHandshakeSession() throws Exception {
public void testHandshakeSession(SSLEngineTestParam param) throws Exception {
checkShouldUseKeyManagerFactory();
super.testHandshakeSession();
super.testHandshakeSession(param);
}
@Override
@Test
public void testSupportedSignatureAlgorithms() throws Exception {
public void testSupportedSignatureAlgorithms(SSLEngineTestParam param) throws Exception {
checkShouldUseKeyManagerFactory();
super.testSupportedSignatureAlgorithms();
super.testSupportedSignatureAlgorithms(param);
}
@Override
@Test
public void testSessionLocalWhenNonMutualWithKeyManager() throws Exception {
public void testSessionLocalWhenNonMutualWithKeyManager(SSLEngineTestParam param) throws Exception {
checkShouldUseKeyManagerFactory();
super.testSessionLocalWhenNonMutualWithKeyManager();
super.testSessionLocalWhenNonMutualWithKeyManager(param);
}
@Override
public void testSessionLocalWhenNonMutualWithoutKeyManager() throws Exception {
public void testSessionLocalWhenNonMutualWithoutKeyManager(SSLEngineTestParam param) throws Exception {
// This only really works when the KeyManagerFactory is supported as otherwise we not really know when
// we need to provide a cert.
assumeTrue(OpenSsl.supportsKeyManagerFactory());
super.testSessionLocalWhenNonMutualWithoutKeyManager();
super.testSessionLocalWhenNonMutualWithoutKeyManager(param);
}
@Override
@Test
public void testSessionCache() throws Exception {
public void testSessionCache(SSLEngineTestParam param) throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCache();
super.testSessionCache(param);
}
@Override
@Test
public void testSessionCacheTimeout() throws Exception {
public void testSessionCacheTimeout(SSLEngineTestParam param) throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCacheTimeout();
super.testSessionCacheTimeout(param);
}
@Override
@Test
public void testSessionCacheSize() throws Exception {
public void testSessionCacheSize(SSLEngineTestParam param) throws Exception {
assumeTrue(OpenSsl.isSessionCacheSupported());
super.testSessionCacheSize();
super.testSessionCacheSize(param);
}
@Override
@ -178,9 +155,9 @@ public class OpenSslJdkSslEngineInteroptTest extends SSLEngineTest {
@SuppressWarnings("deprecation")
@Override
protected SslContext wrapContext(SslContext context) {
if (context instanceof OpenSslContext) {
((OpenSslContext) context).setUseTasks(useTasks);
protected SslContext wrapContext(SSLEngineTestParam param, SslContext context) {
if (context instanceof OpenSslContext && param instanceof OpenSslEngineTestParam) {
((OpenSslContext) context).setUseTasks(((OpenSslEngineTestParam) param).useTasks);
// Explicit enable the session cache as its disabled by default on the client side.
((OpenSslContext) context).sessionContext().setSessionCacheEnabled(true);
}

5
handler/src/test/java/io/netty/handler/ssl/OpenSslRenegotiateTest.java
View File

@ -15,7 +15,7 @@
*/
package io.netty.handler.ssl;
import org.junit.BeforeClass;
import org.junit.jupiter.api.BeforeAll;
import java.util.concurrent.atomic.AtomicReference;
@ -24,11 +24,10 @@ import javax.net.ssl.SSLException;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.instanceOf;
import static org.hamcrest.Matchers.is;
import static org.junit.Assume.assumeTrue;
public class OpenSslRenegotiateTest extends RenegotiateTest {
@BeforeClass
@BeforeAll
public static void checkOpenSsl() {
OpenSsl.ensureAvailability();
}

4
handler/src/test/java/io/netty/handler/ssl/OpenSslServerContextTest.java
View File

@ -15,14 +15,14 @@
*/
package io.netty.handler.ssl;
import org.junit.BeforeClass;
import org.junit.jupiter.api.BeforeAll;
import javax.net.ssl.SSLException;
import java.io.File;
public class OpenSslServerContextTest extends SslContextTest {
@BeforeClass
@BeforeAll
public static void checkOpenSsl() {
OpenSsl.ensureAvailability();
}

49
handler/src/test/java/io/netty/handler/ssl/ReferenceCountedOpenSslEngineTest.java
View File

@ -18,19 +18,17 @@ package io.netty.handler.ssl;
import io.netty.buffer.UnpooledByteBufAllocator;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import io.netty.util.ReferenceCountUtil;
import org.junit.Test;
import org.junit.jupiter.api.function.Executable;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.MethodSource;
import javax.net.ssl.SSLEngine;
import static junit.framework.TestCase.*;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertThrows;
public class ReferenceCountedOpenSslEngineTest extends OpenSslEngineTest {
public ReferenceCountedOpenSslEngineTest(BufferType type, ProtocolCipherCombo combo, boolean delegate,
boolean useTasks) {
super(type, combo, delegate, useTasks);
}
@Override
protected SslProvider sslClientProvider() {
return SslProvider.OPENSSL_REFCNT;
@ -61,37 +59,46 @@ public class ReferenceCountedOpenSslEngineTest extends OpenSslEngineTest {
ReferenceCountUtil.release(unwrapEngine(engine));
}
@Test(expected = NullPointerException.class)
public void testNotLeakOnException() throws Exception {
clientSslCtx = wrapContext(SslContextBuilder.forClient()
@MethodSource("newTestParams")
@ParameterizedTest
public void testNotLeakOnException(SSLEngineTestParam param) throws Exception {
clientSslCtx = wrapContext(param, SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE)
.sslProvider(sslClientProvider())
.protocols(protocols())
.ciphers(ciphers())
.protocols(param.protocols())
.ciphers(param.ciphers())
.build());
clientSslCtx.newEngine(null);
assertThrows(NullPointerException.class, new Executable() {
@Override
public void execute() throws Throwable {
clientSslCtx.newEngine(null);
}
});
}
@SuppressWarnings("deprecation")
@Override
protected SslContext wrapContext(SslContext context) {
protected SslContext wrapContext(SSLEngineTestParam param, SslContext context) {
if (context instanceof ReferenceCountedOpenSslContext) {
((ReferenceCountedOpenSslContext) context).setUseTasks(useTasks);
if (param instanceof OpenSslEngineTestParam) {
((ReferenceCountedOpenSslContext) context).setUseTasks(((OpenSslEngineTestParam) param).useTasks);
}
// Explicit enable the session cache as its disabled by default on the client side.
((ReferenceCountedOpenSslContext) context).sessionContext().setSessionCacheEnabled(true);
}
return context;
}
@Test
public void parentContextIsRetainedByChildEngines() throws Exception {
SslContext clientSslCtx = SslContextBuilder.forClient()
@MethodSource("newTestParams")
@ParameterizedTest
public void parentContextIsRetainedByChildEngines(SSLEngineTestParam param) throws Exception {
SslContext clientSslCtx = wrapContext(param, SslContextBuilder.forClient()
.trustManager(InsecureTrustManagerFactory.INSTANCE)
.sslProvider(sslClientProvider())
.protocols(protocols())
.ciphers(ciphers())
.build();
.protocols(param.protocols())
.ciphers(param.ciphers())
.build());
SSLEngine engine = clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT);
assertEquals(ReferenceCountUtil.refCnt(clientSslCtx), 2);

1212
handler/src/test/java/io/netty/handler/ssl/SSLEngineTest.java
View File

File diff suppressed because it is too large Load Diff

28
handler/src/test/java/io/netty/handler/ssl/SniClientJava8TestUtil.java
View File

@ -35,7 +35,6 @@ import io.netty.util.ReferenceCountUtil;
import io.netty.util.concurrent.Promise;
import io.netty.util.internal.EmptyArrays;
import io.netty.util.internal.ThrowableUtil;
import org.junit.Assert;
import javax.net.ssl.ExtendedSSLSession;
import javax.net.ssl.KeyManager;
@ -69,6 +68,11 @@ import java.util.Collections;
import java.util.List;
import java.util.concurrent.CompletionException;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.fail;
/**
* In extra class to be able to run tests with java7 without trying to load classes that not exists in java7.
*/
@ -175,17 +179,17 @@ final class SniClientJava8TestUtil {
}
private static void assertSSLSession(boolean clientSide, SSLSession session, SNIServerName name) {
Assert.assertNotNull(session);
assertNotNull(session);
if (session instanceof ExtendedSSLSession) {
ExtendedSSLSession extendedSSLSession = (ExtendedSSLSession) session;
List<SNIServerName> names = extendedSSLSession.getRequestedServerNames();
Assert.assertEquals(1, names.size());
Assert.assertEquals(name, names.get(0));
Assert.assertTrue(extendedSSLSession.getLocalSupportedSignatureAlgorithms().length > 0);
assertEquals(1, names.size());
assertEquals(name, names.get(0));
assertTrue(extendedSSLSession.getLocalSupportedSignatureAlgorithms().length > 0);
if (clientSide) {
Assert.assertEquals(0, extendedSSLSession.getPeerSupportedSignatureAlgorithms().length);
assertEquals(0, extendedSSLSession.getPeerSupportedSignatureAlgorithms().length);
} else {
Assert.assertTrue(extendedSSLSession.getPeerSupportedSignatureAlgorithms().length >= 0);
assertTrue(extendedSSLSession.getPeerSupportedSignatureAlgorithms().length >= 0);
}
}
}
@ -218,19 +222,19 @@ final class SniClientJava8TestUtil {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s, Socket socket)
throws CertificateException {
Assert.fail();
fail();
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s, Socket socket)
throws CertificateException {
Assert.fail();
fail();
}
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine)
throws CertificateException {
Assert.fail();
fail();
}
@Override
@ -242,13 +246,13 @@ final class SniClientJava8TestUtil {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s)
throws CertificateException {
Assert.fail();
fail();
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s)
throws CertificateException {
Assert.fail();
fail();
}
@Override

2
handler/src/test/java/io/netty/handler/ssl/SniHandlerTest.java
View File

@ -74,7 +74,7 @@ import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.CoreMatchers.nullValue;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.Assume.assumeTrue;
import static org.junit.jupiter.api.Assumptions.assumeTrue;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNotNull;

4
handler/src/test/java/io/netty/handler/ssl/SslContextTest.java
View File

@ -31,7 +31,7 @@ import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import static org.junit.Assume.assumeNotNull;
import static org.junit.jupiter.api.Assumptions.assumeTrue;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
@ -124,7 +124,7 @@ public abstract class SslContextTest {
} catch (IllegalArgumentException e) {
exception = e;
}
assumeNotNull(exception);
assumeTrue(exception != null);
File keyFile = ResourcesUtil.getFile(getClass(), "test_unencrypted.pem");
File crtFile = ResourcesUtil.getFile(getClass(), "test.crt");

1
handler/src/test/java/io/netty/handler/ssl/SslHandlerTest.java
View File

@ -104,7 +104,6 @@ import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertSame;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.fail;
import static org.junit.jupiter.api.Assumptions.assumeFalse;
import static org.junit.jupiter.api.Assumptions.assumeTrue;